Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

No Task Manager or desktop- Internet jumps to random pages- cannot upd

Started by ehloco , Sep 11 2011 04:24 PM

Please log in to reply

#1
ehloco

Posted 11 September 2011 - 04:24 PM

New Member

Member
4 posts

My mother was surfing the web last night, when she turned the computer on this morning, it was rendered useless. The desktop does not appear - just a gray background. I see the task bar and I am able to use start - go to my computer, but no files available. Cannot run any anti virus or antimalware. As if the computer has been wiped clean.

I was unable to pull up task mananger at first because it was blocked by "administrator" - this is supposed to be the administrator for the computer. I found some help online, by copy pasting this into "run" - "REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 0 /f"

task manager now works- I quit explorer.exe and ran it. But again nothing appears on desktop. I can use 'run' to access the internet. every couple of searches or clicks I make to pages - a random page comes up instead - sorry I did not take note on which one. I recall one of them being those fake security ones - will edit once I get another.

I downloaded OTL and have the logs, as per instructions on cleaning guide - here it is. I will be using my computer to check up, talk with anyone willing to help, while working on this one.

EDIT- Safe mode has the same problem - Also attempted to system restore the PC, but it will simply freeze one I click "next".
EDIT2- I managed to run Malwarebytes (using task manager, Run MBAM) and It found the programs messing with the desktop, and the task manager, and deleted them. I can now see the desktop icons, althought most of them appear to be grayed out but I am able to access them. I can't seem to update Malwarebytes (says it is 120 days old) it starts to download and then something interrupts it.
I still would appreciate help in removing these malwares as much as possible.

OTL.txt

OTL logfile created on: 9/11/2011 6:14:53 PM - Run 1
OTL by OldTimer - Version 3.2.27.0 Folder = C:\Documents and Settings\Miriam Nunez\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.13 Gb Available Physical Memory | 56.63% Memory free
3.85 Gb Paging File | 3.11 Gb Available in Paging File | 80.75% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 105.78 Gb Total Space | 52.69 Gb Free Space | 49.81% Space Free | Partition Type: NTFS

Computer Name: F52F2867C1364CC | User Name: Miriam Nunez | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/09/11 18:08:58 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Miriam Nunez\Desktop\OTL.exe
PRC - [2011/08/09 17:02:04 | 001,176,064 | -H-- | M] (W3i, LLC) -- C:\Program Files\W3i\InstallIQUpdater\InstallIQUpdater.exe
PRC - [2011/03/16 16:05:14 | 000,656,736 | -H-- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgchsvx.exe
PRC - [2011/02/08 05:33:20 | 000,658,784 | -H-- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgrsx.exe
PRC - [2010/01/24 16:59:58 | 000,117,640 | RH-- | M] (Symantec Corporation) -- C:\Program Files\Norton Security Suite\Engine\3.8.0.41\ccSvcHst.exe
PRC - [2008/04/13 20:12:22 | 000,015,360 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/01/11 18:50:16 | 000,030,312 | -H-- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
PRC - [2006/06/13 13:22:20 | 000,217,088 | -H-- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
PRC - [2006/04/13 16:36:36 | 000,176,128 | -H-- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
PRC - [2006/04/04 17:55:18 | 000,274,432 | -H-- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
PRC - [2006/02/28 17:29:54 | 000,569,413 | -H-- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
PRC - [2006/02/28 17:25:48 | 000,602,182 | -H-- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
PRC - [2006/02/28 17:22:50 | 000,397,381 | -H-- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
PRC - [2006/02/14 15:11:46 | 000,176,128 | -H-- | M] (Sony Corporation) -- C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
PRC - [2005/12/27 16:58:10 | 000,069,632 | -H-- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe
PRC - [2005/11/28 16:39:30 | 000,131,072 | -H-- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
PRC - [2004/11/17 23:47:16 | 000,118,784 | -H-- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\Apoint.exe
PRC - [2004/08/19 12:40:08 | 000,045,056 | -H-- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\ApntEx.exe

========== Modules (No Company Name) ==========

MOD - [2009/11/05 08:39:40 | 000,087,552 | -H-- | M] () -- C:\WINDOWS\system32\cpwmon2k.dll
MOD - [2008/03/25 00:50:40 | 000,355,112 | -H-- | M] () -- C:\WINDOWS\system32\msjetoledb40.dll
MOD - [2007/07/16 14:19:57 | 000,051,716 | -H-- | M] () -- C:\WINDOWS\system32\pdf995mon.dll
MOD - [2006/06/20 20:45:00 | 000,098,304 | -H-- | M] () -- C:\WINDOWS\system32\nvapi.dll
MOD - [2006/06/09 14:37:54 | 000,034,304 | -H-- | M] () -- C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
MOD - [2006/06/09 14:37:42 | 000,064,000 | -H-- | M] () -- C:\Program Files\Canon\Easy-WebPrint\EWPCore.dll
MOD - [2006/02/28 17:39:02 | 000,876,544 | -H-- | M] () -- C:\Program Files\Intel\Wireless\Bin\Libeay32.dll
MOD - [2006/02/28 17:39:02 | 000,208,965 | -H-- | M] () -- C:\Program Files\Intel\Wireless\Bin\iWMSProv.dll
MOD - [2006/02/28 17:39:02 | 000,053,322 | -H-- | M] () -- C:\Program Files\Intel\Wireless\Bin\IntStngs.dll
MOD - [2006/02/13 17:15:04 | 000,970,862 | -H-- | M] () -- C:\Program Files\Intel\Wireless\Bin\acAuth.dll
MOD - [2005/11/28 19:45:50 | 000,040,960 | -H-- | M] () -- C:\Program Files\Sony\VAIO Camera Utility\VCULib.dll
MOD - [2005/05/20 20:42:20 | 000,010,752 | -H-- | M] () -- C:\Program Files\Sony\VAIO Event Service\VESBasePS.dll
MOD - [2004/07/20 20:04:00 | 000,094,208 | -H-- | M] () -- C:\WINDOWS\system32\TosBtHcrpAPI.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2011/04/22 13:56:50 | 000,984,392 | -H-- | M] () [Disabled | Stopped] -- C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2011/04/18 17:39:42 | 007,398,752 | -H-- | M] (AVG Technologies CZ, s.r.o.) [Disabled | Stopped] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/02/08 05:33:42 | 000,269,520 | -H-- | M] (AVG Technologies CZ, s.r.o.) [Disabled | Stopped] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2010/01/24 16:59:58 | 000,117,640 | RH-- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton Security Suite\Engine\3.8.0.41\ccSvcHst.exe -- (N360)
SRV - [2009/11/13 11:28:04 | 000,110,592 | -H-- | M] (WDC) [Disabled | Stopped] -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe -- (WDDMService)
SRV - [2009/06/16 08:58:08 | 000,020,480 | -H-- | M] (Memeo) [Disabled | Stopped] -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe -- (WDSmartWareBackgroundService)
SRV - [2009/01/27 14:26:42 | 000,398,336 | -H-- | M] (Ares Development Group) [On_Demand | Stopped] -- C:\Program Files\Ares\chatServer.exe -- (AresChatServer)
SRV - [2008/11/09 16:48:14 | 000,602,392 | -H-- | M] (Yahoo! Inc.) [Disabled | Stopped] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/04/13 20:12:22 | 000,015,360 | -H-- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (W3SVC)
SRV - [2008/04/13 20:12:22 | 000,015,360 | -H-- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (SMTPSVC) Simple Mail Transfer Protocol (SMTP)
SRV - [2008/04/13 20:12:22 | 000,015,360 | -H-- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (IISADMIN)
SRV - [2008/01/11 18:50:16 | 000,030,312 | -H-- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2006/06/13 11:03:42 | 002,084,864 | -H-- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe -- (VAIOMediaPlatform-IntegratedServer-AppServer)
SRV - [2006/06/07 12:51:50 | 000,155,648 | -H-- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe -- (VAIOMediaPlatform-Mobile-Gateway)
SRV - [2006/05/18 13:22:26 | 000,770,048 | -H-- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe -- (VAIOMediaPlatform-IntegratedServer-UPnP) VAIO Media Integrated Server (UPnP)
SRV - [2006/05/18 13:22:26 | 000,057,344 | -H-- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe -- (VAIOMediaPlatform-IntegratedServer-HTTP) VAIO Media Integrated Server (HTTP)
SRV - [2006/05/08 07:24:54 | 000,069,632 | -H-- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe -- (SSScsiSV)
SRV - [2006/04/27 20:35:16 | 000,053,337 | -H-- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV)
SRV - [2006/04/27 20:27:06 | 000,049,241 | -H-- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR)
SRV - [2006/04/27 20:16:28 | 000,069,718 | -H-- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)
SRV - [2006/04/13 16:36:36 | 000,176,128 | -H-- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)
SRV - [2006/04/04 17:55:18 | 000,274,432 | -H-- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe -- (Vcsw)
SRV - [2005/11/28 16:39:32 | 000,118,784 | -H-- | M] (Sony Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe -- (VzFw)
SRV - [2005/11/28 16:39:30 | 000,131,072 | -H-- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe -- (VzCdbSvc)
SRV - [2005/11/25 16:08:54 | 000,073,728 | -H-- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe -- (VAIO Entertainment TV Device Arbitration Service)
SRV - [2005/07/14 22:10:16 | 000,032,768 | -H-- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\Image Converter 2\IcVzMon.exe -- (Image Converter video recording monitor for VAIO Entertainment)

========== Driver Services (SafeList) ==========

DRV - [2011/04/14 21:28:42 | 000,134,480 | -H-- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2011/04/05 00:59:56 | 000,297,168 | -H-- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/03/16 16:03:20 | 000,032,592 | -H-- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/03/01 14:25:18 | 000,034,896 | -H-- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/02/22 08:13:02 | 000,022,992 | -H-- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2011/02/10 07:53:54 | 000,027,216 | -H-- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/02/10 07:53:52 | 000,024,144 | -H-- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/01/07 06:41:46 | 000,248,656 | -H-- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2010/10/19 16:36:22 | 000,341,880 | -H-- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20101119.001\IDSXpx86.sys -- (IDSxpx86)
DRV - [2010/05/26 04:00:00 | 000,371,248 | -H-- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2010/01/24 17:00:22 | 000,124,976 | -H-- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2010/01/24 17:00:04 | 000,217,136 | -H-- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\N360\0308000.029\SYMTDI.SYS -- (SYMTDI)
DRV - [2010/01/24 17:00:04 | 000,089,904 | -H-- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\N360\0308000.029\SYMFW.SYS -- (SYMFW)
DRV - [2010/01/24 17:00:04 | 000,036,400 | RH-- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SymIM.sys -- (SymIMMP)
DRV - [2010/01/24 17:00:04 | 000,036,400 | RH-- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SymIM.sys -- (SymIM)
DRV - [2010/01/24 17:00:04 | 000,036,400 | -H-- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\N360\0308000.029\SYMNDIS.SYS -- (SYMNDIS)
DRV - [2010/01/24 17:00:04 | 000,033,072 | -H-- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\N360\0308000.029\SYMIDS.SYS -- (SYMIDS)
DRV - [2010/01/24 17:00:03 | 000,482,432 | -H-- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\N360\0308000.029\ccHPx86.sys -- (ccHP)
DRV - [2010/01/24 17:00:03 | 000,310,320 | -H-- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\N360\0308000.029\SYMEFA.SYS -- (SymEFA)
DRV - [2010/01/24 17:00:03 | 000,308,272 | -H-- | M] (Symantec Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\N360\0308000.029\SRTSP.SYS -- (SRTSP)
DRV - [2010/01/24 17:00:03 | 000,259,632 | -H-- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\N360\0308000.029\BHDrvx86.sys -- (BHDrvx86)
DRV - [2010/01/24 17:00:03 | 000,043,696 | -H-- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0308000.029\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2009/09/10 15:55:52 | 000,102,528 | -H-- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2009/08/05 22:48:42 | 000,054,752 | -H-- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2009/07/24 19:33:24 | 000,100,736 | -H-- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbdev.sys -- (hwusbdev)
DRV - [2009/02/13 11:02:52 | 000,011,520 | -H-- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2008/07/10 02:49:14 | 000,242,712 | -H-- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\RsFx0102.sys -- (RsFx0102)
DRV - [2007/11/22 11:09:54 | 000,083,288 | -H-- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2007/06/18 21:18:26 | 000,023,680 | -H-- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motmodem.sys -- (motmodem)
DRV - [2007/04/05 11:55:16 | 000,046,112 | -H-- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2006/12/20 15:31:34 | 000,049,904 | RH-- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2006/05/26 10:59:12 | 001,177,032 | -H-- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2006/04/13 23:00:00 | 000,108,928 | -H-- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosrfbd.sys -- (Tosrfbd)
DRV - [2006/03/16 13:45:00 | 000,037,632 | -H-- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosrfbnp.sys -- (Tosrfbnp)
DRV - [2006/03/15 13:52:00 | 000,052,864 | -H-- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfsnd.sys -- (TosRfSnd) Bluetooth Audio Device (WDM)
DRV - [2006/03/06 22:39:00 | 000,030,080 | -H-- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SonyImgF.sys -- (SonyImgF)
DRV - [2006/02/28 18:35:56 | 000,013,568 | -H-- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2006/02/26 07:43:00 | 001,428,480 | -H-- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w39n51.sys -- (w39n51) Intel®
DRV - [2006/02/24 04:37:00 | 000,040,192 | -H-- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosrfusb.sys -- (Tosrfusb)
DRV - [2006/02/22 21:13:12 | 000,013,440 | -H-- | M] (UPEK Inc.) [File_System | Auto | Running] -- C:\Program Files\Common Files\Protector Suite QL\Drivers\FdRedir.sys -- (FdRedir)
DRV - [2006/02/22 21:13:04 | 000,033,024 | -H-- | M] (UPEK Inc.) [Kernel | Auto | Running] -- C:\Program Files\Common Files\Protector Suite QL\Drivers\filedisk.sys -- (FileDisk2)
DRV - [2006/02/21 22:32:32 | 000,226,304 | -H-- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ti21sony.sys -- (ti21sony)
DRV - [2006/02/10 14:17:00 | 000,047,488 | -H-- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosporte.sys -- (tosporte)
DRV - [2006/02/08 20:33:00 | 000,062,848 | -H-- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosrfhid.sys -- (Tosrfhid)
DRV - [2005/12/29 03:28:08 | 000,055,680 | -H-- | M] (Micro Vision Co.,Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Mvc25U870.sys -- (Mvc25U870_VID_1262&PID_25FD)
DRV - [2005/11/21 18:06:02 | 000,009,216 | -H-- | M] (Sony Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\shpf.sys -- (shpf)
DRV - [2005/10/21 15:19:34 | 000,036,352 | -H-- | M] (Infineon Technologies AG) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ifxtpm.sys -- (IFXTPM)
DRV - [2005/10/18 20:53:24 | 000,998,656 | -H-- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2005/10/18 20:52:34 | 000,202,112 | -H-- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2005/10/18 20:52:30 | 000,721,280 | -H-- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2005/10/17 12:43:00 | 000,241,408 | -H-- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)
DRV - [2005/08/01 19:45:00 | 000,064,896 | -H-- | M] (TOSHIBA Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tosrfcom.sys -- (Tosrfcom)
DRV - [2005/07/11 21:58:00 | 000,003,712 | -H-- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\toshidpt.sys -- (toshidpt)
DRV - [2005/01/06 16:42:00 | 000,018,612 | -H-- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosrfnds.sys -- (tosrfnds)
DRV - [2004/11/22 16:31:10 | 000,108,767 | -H-- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2003/06/18 20:12:50 | 000,071,961 | -H-- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SonyPI.sys -- (SPI)
DRV - [2000/12/05 19:18:02 | 000,003,952 | -H-- | M] (Sony Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\DMICall.sys -- (DMICall)
DRV - [2000/11/09 23:15:08 | 000,048,896 | -H-- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SonyNC.sys -- (SNC)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoo...earchTerms}&f=4

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F8 59 8D C7 AE 38 CA 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60310.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\Miriam Nunez\Application Data\Move Networks\plugins\npqmp071505000011.dll (Move Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\Miriam Nunez\Application Data\Move Networks\plugins\npqmp071505000011.dll (Move Networks)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Miriam Nunez\Local Settings\Application Data\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Miriam Nunez\Local Settings\Application Data\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\ [2010/12/26 18:47:17 | 000,000,000 | -H-D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG10\Firefox\ [2011/05/14 19:20:13 | 000,000,000 | -H-D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2011/05/14 19:23:13 | 000,000,000 | -H-D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Documents and Settings\Miriam Nunez\Application Data\Move Networks [2009/11/18 23:49:04 | 000,000,000 | -H-D | M]

[2007/07/21 19:01:43 | 000,000,000 | -H-D | M] (No name found) -- C:\Documents and Settings\Miriam Nunez\Application Data\Mozilla\Firefox\Profiles\tvaaec3n.default\extensions
[2011/04/05 00:02:24 | 000,000,000 | -H-D | M] (Facemoods) -- C:\Documents and Settings\Miriam Nunez\Application Data\Mozilla\Firefox\Profiles\tvaaec3n.default\extensions\[email protected]
[2009/08/13 09:12:11 | 000,000,000 | -H-D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/04/05 00:02:28 | 000,002,049 | -H-- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fcmdSrch.xml

O1 HOSTS File: ([2006/02/28 08:00:00 | 000,000,734 | -H-- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (no name) - {02c6442b-e4ca-4f3e-a2c5-6f11a97cb657} - File not found
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Security Suite\Engine\3.8.0.41\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (EWPBrowseObject Class) - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll ()
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Security Suite\Engine\3.8.0.41\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\3.8.0.41\CoIEPlg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\ShellBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\3.8.0.41\CoIEPlg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\3.8.0.41\CoIEPlg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [EOUApp] C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation)
O4 - HKLM..\Run: [LogMeIn GUI] File not found
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [SonyPowerCfg] C:\Program Files\Sony\VAIO Power Management\SPMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [Switcher.exe] C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe (Sony Corporation)
O4 - HKLM..\Run: [VAIO Recovery] C:\WINDOWS\SONYSYS\VAIO Recovery\PartSeal.exe (Sony Electronics Inc)
O4 - HKLM..\Run: [VAIOCameraUtility] C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe (Sony Corporation)
O4 - HKLM..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios)
O4 - HKCU..\Run: [InstallIQUpdater] C:\Program Files\W3i\InstallIQUpdater\InstallIQUpdater.exe (W3i, LLC)
O4 - HKCU..\Run: [QuickPhrase] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 1
O8 - Extra context menu item: Easy-WebPrint Add To Print List - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O8 - Extra context menu item: Easy-WebPrint High Speed Print - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O8 - Extra context menu item: Easy-WebPrint Preview - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O8 - Extra context menu item: Easy-WebPrint Print - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O8 - Extra context menu item: Transfer by Image Converter 2 Plus - C:\Program Files\Sony\Image Converter 2\menu.htm ()
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {02CF1781-EA91-4FA5-A200-646E8241987C} http://esupport.sony.com/VaioInfo.CAB (VaioInfo.CMClass)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://photo2.walgre...eensActivia.cab (Snapfish Activia)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1250185377500 (WUWebControl Class)
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} http://nunezmiriam.s...ad/MsnPUpld.cab (Windows Live Photo Upload Control)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {85AC0EFC-2CA1-4C1C-82AE-5C31184A13EF} http://70.155.16.76:...in/h263ctrl.cab (VAMCtrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {8FEED82A-42A6-4117-A803-7EC3EB9339E0} http://70.155.16.76:...ugin/client.cab (ClientControl Class)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://freetrial.we...bex/ieatgpc.cab (GpcContainer Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{16626FDF-A52A-48B7-835B-D38EA58EEADF}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files\Norton Security Suite\Engine\3.8.0.41\CoIEPlg.dll (Symantec Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LMIinit: DllName - LMIinit.dll - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O20 - Winlogon\Notify\psfus: DllName - fusstub.dll - C:\WINDOWS\System32\fusstub.dll (UPEK Inc.)
O20 - Winlogon\Notify\VESWinlogon: DllName - VESWinlogon.dll - C:\WINDOWS\System32\VESWinlogon.dll (Sony Corporation)
O24 - Desktop Components:0 () - file:///C:/DOCUME~1/MIRIAM~1/LOCALS~1/Temp/msohtmlclip1/01/clip_image001.jpg
O24 - Desktop Components:1 (My Current Home Page) - About:Home
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/07/22 14:47:29 | 000,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{2f555b8a-4bcd-11df-8b11-0016fe9a9d68}\Shell - "" = AutoRun
O33 - MountPoints2\{2f555b8a-4bcd-11df-8b11-0016fe9a9d68}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{2f555b8a-4bcd-11df-8b11-0016fe9a9d68}\Shell\AutoRun\command - "" = "G:\WD SmartWare.exe" autoplay=true
O33 - MountPoints2\{3f1dabf5-3fda-11dd-87c6-0016fe9a9d68}\Shell - "" = AutoRun
O33 - MountPoints2\{3f1dabf5-3fda-11dd-87c6-0016fe9a9d68}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{3f1dabf5-3fda-11dd-87c6-0016fe9a9d68}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\{40160ccb-06db-11e0-8c08-0016fe9a9d68}\Shell\AutoRun\command - "" = C:\WINDOWS\System32\setup.exe -- [2008/04/13 20:12:34 | 000,023,040 | -H-- | M] (Microsoft Corporation)
O33 - MountPoints2\{5a171fb2-361d-11e0-8c52-0016fe9a9d68}\Shell\AutoRun\command - "" = F:\urDrive.exe
O33 - MountPoints2\{98ebf2ce-354d-11e0-8c4e-0016fe9a9d68}\Shell - "" = AutoRun
O33 - MountPoints2\{98ebf2ce-354d-11e0-8c4e-0016fe9a9d68}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{98ebf2ce-354d-11e0-8c4e-0016fe9a9d68}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{98ebf2d0-354d-11e0-8c4e-0016fe9a9d68}\Shell - "" = AutoRun
O33 - MountPoints2\{98ebf2d0-354d-11e0-8c4e-0016fe9a9d68}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{98ebf2d0-354d-11e0-8c4e-0016fe9a9d68}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{98ebf2d3-354d-11e0-8c4e-0016fe9a9d68}\Shell - "" = AutoRun
O33 - MountPoints2\{98ebf2d3-354d-11e0-8c4e-0016fe9a9d68}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{98ebf2d3-354d-11e0-8c4e-0016fe9a9d68}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{98ebf2d5-354d-11e0-8c4e-0016fe9a9d68}\Shell - "" = AutoRun
O33 - MountPoints2\{98ebf2d5-354d-11e0-8c4e-0016fe9a9d68}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{98ebf2d5-354d-11e0-8c4e-0016fe9a9d68}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{c1b3c814-2c90-11e0-8c36-0016fe9a9d68}\Shell\AutoRun\command - "" = F:\urDrive.exe
O33 - MountPoints2\{c1b3c816-2c90-11e0-8c36-0016fe9a9d68}\Shell\AutoRun\command - "" = F:\urDrive.exe
O33 - MountPoints2\{e781f473-41c5-11e0-8c5e-0016fe9a9d68}\Shell - "" = AutoRun
O33 - MountPoints2\{e781f473-41c5-11e0-8c5e-0016fe9a9d68}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{e781f473-41c5-11e0-8c5e-0016fe9a9d68}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- Reg Error: Value error. File not found

========== Files/Folders - Created Within 30 Days ==========

[2011/09/11 18:09:11 | 000,581,120 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Miriam Nunez\Desktop\OTL.exe
[2011/09/11 17:38:30 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Miriam Nunez\Recent
[2011/09/10 21:10:46 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Miriam Nunez\Start Menu\Programs\System Recovery
[2011/09/10 21:09:59 | 000,336,896 | -H-- | C] (RealVNC Ltd.) -- C:\Documents and Settings\All Users\Application Data\P1kAlMiG2Kb7Fz.exe
[2011/09/10 21:00:40 | 000,422,400 | -H-- | C] (RealVNC Ltd.) -- C:\Documents and Settings\All Users\Application Data\uJfauDLHaGxJo.exe
[2011/09/09 01:19:17 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Miriam Nunez\Start Menu\Programs\Dropbox
[2011/09/09 01:18:49 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Miriam Nunez\Application Data\Dropbox
[2011/09/05 21:17:46 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2011/09/05 21:16:53 | 000,000,000 | -H-D | C] -- C:\Program Files\iPod
[2011/09/05 21:16:50 | 000,000,000 | -H-D | C] -- C:\Program Files\iTunes
[2011/09/05 21:13:47 | 000,000,000 | -H-D | C] -- C:\Program Files\Bonjour
[2011/09/05 21:12:20 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime
[2011/09/05 21:12:01 | 000,000,000 | -H-D | C] -- C:\Program Files\QuickTime
[2011/08/17 15:54:39 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Miriam Nunez\Desktop\Debora MDC
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/09/11 18:08:58 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Miriam Nunez\Desktop\OTL.exe
[2011/09/11 17:56:41 | 000,001,158 | -H-- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/09/11 17:56:40 | 000,000,896 | -H-- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/09/11 17:56:32 | 000,002,048 | -H-- | M] () -- C:\WINDOWS\bootstat.dat
[2011/09/11 17:56:28 | 2145,419,264 | -HS- | M] () -- C:\hiberfil.sys
[2011/09/11 17:28:02 | 000,000,438 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{FC40E001-0D68-4346-9C53-D4918F78A902}.job
[2011/09/11 17:26:04 | 000,001,010 | -H-- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-566061850-2639588935-750215043-1006UA.job
[2011/09/11 17:25:18 | 000,000,900 | -H-- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/09/10 21:31:21 | 000,000,859 | -H-- | M] () -- C:\Documents and Settings\Miriam Nunez\Application Data\Microsoft\Internet Explorer\Quick Launch\System Recovery.lnk
[2011/09/10 21:18:33 | 000,050,868 | -H-- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2011/09/10 21:11:37 | 000,000,440 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\P1kAlMiG2Kb7Fz
[2011/09/10 21:10:47 | 000,000,224 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\~P1kAlMiG2Kb7Fz
[2011/09/10 21:10:47 | 000,000,168 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\~P1kAlMiG2Kb7Fzr
[2011/09/10 21:10:46 | 000,000,841 | -H-- | M] () -- C:\Documents and Settings\Miriam Nunez\Desktop\System Recovery.lnk
[2011/09/10 21:09:59 | 000,336,896 | -H-- | M] (RealVNC Ltd.) -- C:\Documents and Settings\All Users\Application Data\P1kAlMiG2Kb7Fz.exe
[2011/09/10 21:00:21 | 000,422,400 | -H-- | M] (RealVNC Ltd.) -- C:\Documents and Settings\All Users\Application Data\uJfauDLHaGxJo.exe
[2011/09/09 20:00:00 | 000,000,638 | -H-- | M] () -- C:\WINDOWS\tasks\Norton Internet Security - Run Full System Scan - Miriam Nunez.job
[2011/09/09 09:26:00 | 000,000,958 | -H-- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-566061850-2639588935-750215043-1006Core.job
[2011/09/09 02:02:35 | 000,026,357 | -H-- | M] () -- C:\Documents and Settings\Miriam Nunez\Desktop\PARA MOYUGBAR A LOS SANTOS.pdf
[2011/09/09 02:01:32 | 001,239,745 | -H-- | M] () -- C:\Documents and Settings\Miriam Nunez\Desktop\MANUAL DEL ORIARTE RELIGION LUCUMI.pdf
[2011/09/09 02:00:56 | 000,073,869 | -H-- | M] () -- C:\Documents and Settings\Miriam Nunez\Desktop\OYA SANTERIA CUBANA.pdf
[2011/09/09 02:00:18 | 000,087,147 | -H-- | M] () -- C:\Documents and Settings\Miriam Nunez\Desktop\CUANDO SHANGO LLEGO EMPEZO A CANTAR.pdf
[2011/09/09 01:57:13 | 000,054,717 | -H-- | M] () -- C:\Documents and Settings\Miriam Nunez\Desktop\ENSERES PARA LA CORONACION DE OGUN.pdf
[2011/09/09 01:56:51 | 000,308,123 | -H-- | M] () -- C:\Documents and Settings\Miriam Nunez\Desktop\ENSERES PARA INICIACION DE OSHUN.pdf
[2011/09/09 01:56:16 | 000,053,656 | -H-- | M] () -- C:\Documents and Settings\Miriam Nunez\Desktop\ENSERES NECESARIOS PARA LA CORONACION DE YEMANYA.pdf
[2011/09/09 01:55:51 | 000,308,126 | -H-- | M] () -- C:\Documents and Settings\Miriam Nunez\Desktop\ENSERES INICIACION OSHUN.pdf
[2011/09/09 01:55:15 | 000,220,229 | -H-- | M] () -- C:\Documents and Settings\Miriam Nunez\Desktop\Enseres Necesarios PARA LA INICIACION DE SHANGO.pdf
[2011/09/09 01:54:41 | 000,500,812 | -H-- | M] () -- C:\Documents and Settings\Miriam Nunez\Desktop\ENSERES OBATALA.pdf
[2011/09/09 01:01:19 | 008,484,660 | -H-- | M] () -- C:\Documents and Settings\Miriam Nunez\Desktop\Pomba Gira Reyna da praia.mp4
[2011/09/08 22:21:59 | 000,000,746 | -H-- | M] () -- C:\Documents and Settings\Miriam Nunez\Desktop\Windows Live Call.lnk
[2011/09/08 20:02:17 | 000,763,444 | -H-- | M] () -- C:\Documents and Settings\Miriam Nunez\Desktop\20110908172327759.pdf
[2011/09/06 22:36:10 | 000,127,140 | -H-- | M] () -- C:\Documents and Settings\Miriam Nunez\Desktop\3dPartyDisclosureAuthorization.pdf
[2011/09/06 14:28:26 | 000,128,454 | -H-- | M] () -- C:\Documents and Settings\Miriam Nunez\Desktop\Collins Av Release.pdf
[2011/09/05 20:54:01 | 000,000,284 | -H-- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/09/05 18:18:51 | 000,467,942 | -H-- | M] () -- C:\Documents and Settings\Miriam Nunez\Desktop\SUSPENSION DE LICENCIA 002.jpg
[2011/09/03 15:27:03 | 000,002,344 | -H-- | M] () -- C:\Documents and Settings\Miriam Nunez\Desktop\Google Chrome.lnk
[2011/08/27 16:21:46 | 004,156,094 | -H-- | M] () -- C:\Documents and Settings\Miriam Nunez\Desktop\DEBORA ROS LEASE.pdf
[2011/08/18 18:07:46 | 000,001,028 | -H-- | M] () -- C:\Documents and Settings\Miriam Nunez\Desktop\magicJack.lnk
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/09/11 17:25:12 | 2145,419,264 | -HS- | C] () -- C:\hiberfil.sys
[2011/09/10 21:31:21 | 000,000,859 | -H-- | C] () -- C:\Documents and Settings\Miriam Nunez\Application Data\Microsoft\Internet Explorer\Quick Launch\System Recovery.lnk
[2011/09/10 21:10:47 | 000,000,224 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\~P1kAlMiG2Kb7Fz
[2011/09/10 21:10:47 | 000,000,168 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\~P1kAlMiG2Kb7Fzr
[2011/09/10 21:10:46 | 000,000,841 | -H-- | C] () -- C:\Documents and Settings\Miriam Nunez\Desktop\System Recovery.lnk
[2011/09/10 21:10:30 | 000,000,440 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\P1kAlMiG2Kb7Fz
[2011/09/09 02:02:35 | 000,026,357 | -H-- | C] () -- C:\Documents and Settings\Miriam Nunez\Desktop\PARA MOYUGBAR A LOS SANTOS.pdf
[2011/09/09 02:01:32 | 001,239,745 | -H-- | C] () -- C:\Documents and Settings\Miriam Nunez\Desktop\MANUAL DEL ORIARTE RELIGION LUCUMI.pdf
[2011/09/09 02:00:56 | 000,073,869 | -H-- | C] () -- C:\Documents and Settings\Miriam Nunez\Desktop\OYA SANTERIA CUBANA.pdf
[2011/09/09 02:00:18 | 000,087,147 | -H-- | C] () -- C:\Documents and Settings\Miriam Nunez\Desktop\CUANDO SHANGO LLEGO EMPEZO A CANTAR.pdf
[2011/09/09 01:57:13 | 000,054,717 | -H-- | C] () -- C:\Documents and Settings\Miriam Nunez\Desktop\ENSERES PARA LA CORONACION DE OGUN.pdf
[2011/09/09 01:56:51 | 000,308,123 | -H-- | C] () -- C:\Documents and Settings\Miriam Nunez\Desktop\ENSERES PARA INICIACION DE OSHUN.pdf
[2011/09/09 01:56:16 | 000,053,656 | -H-- | C] () -- C:\Documents and Settings\Miriam Nunez\Desktop\ENSERES NECESARIOS PARA LA CORONACION DE YEMANYA.pdf
[2011/09/09 01:55:51 | 000,308,126 | -H-- | C] () -- C:\Documents and Settings\Miriam Nunez\Desktop\ENSERES INICIACION OSHUN.pdf
[2011/09/09 01:55:15 | 000,220,229 | -H-- | C] () -- C:\Documents and Settings\Miriam Nunez\Desktop\Enseres Necesarios PARA LA INICIACION DE SHANGO.pdf
[2011/09/09 01:54:41 | 000,500,812 | -H-- | C] () -- C:\Documents and Settings\Miriam Nunez\Desktop\ENSERES OBATALA.pdf
[2011/09/09 01:01:04 | 008,484,660 | -H-- | C] () -- C:\Documents and Settings\Miriam Nunez\Desktop\Pomba Gira Reyna da praia.mp4
[2011/09/08 22:21:59 | 000,000,746 | -H-- | C] () -- C:\Documents and Settings\Miriam Nunez\Desktop\Windows Live Call.lnk
[2011/09/08 19:56:30 | 000,763,444 | -H-- | C] () -- C:\Documents and Settings\Miriam Nunez\Desktop\20110908172327759.pdf
[2011/09/06 14:28:26 | 000,128,454 | -H-- | C] () -- C:\Documents and Settings\Miriam Nunez\Desktop\Collins Av Release.pdf
[2011/09/06 14:25:09 | 000,127,140 | -H-- | C] () -- C:\Documents and Settings\Miriam Nunez\Desktop\3dPartyDisclosureAuthorization.pdf
[2011/09/05 18:18:27 | 000,467,942 | -H-- | C] () -- C:\Documents and Settings\Miriam Nunez\Desktop\SUSPENSION DE LICENCIA 002.jpg
[2011/08/27 16:21:46 | 004,156,094 | -H-- | C] () -- C:\Documents and Settings\Miriam Nunez\Desktop\DEBORA ROS LEASE.pdf
[2011/07/04 16:32:01 | 000,004,608 | -H-- | C] () -- C:\Documents and Settings\Miriam Nunez\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/14 17:40:47 | 000,015,596 | -HS- | C] () -- C:\Documents and Settings\Miriam Nunez\Local Settings\Application Data\qw0j6rj2eh126b41tbg4561cs4qy0b8ai286q3u8rph5
[2011/05/14 17:40:47 | 000,015,596 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\qw0j6rj2eh126b41tbg4561cs4qy0b8ai286q3u8rph5
[2011/04/05 00:02:31 | 000,098,304 | -H-- | C] () -- C:\WINDOWS\System32\redmonnt.dll
[2011/03/09 21:04:28 | 000,631,808 | -H-- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2011/03/09 21:04:28 | 000,243,200 | -H-- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2011/01/25 23:17:52 | 000,218,456 | -H-- | C] () -- C:\WINDOWS\RM.exe
[2010/12/06 17:16:20 | 000,087,552 | -H-- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2010/08/22 19:07:58 | 000,000,600 | -H-- | C] () -- C:\Documents and Settings\Miriam Nunez\Application Data\winscp.rnd
[2010/08/12 12:46:10 | 000,058,468 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/04/09 17:02:37 | 000,000,024 | -H-- | C] () -- C:\Documents and Settings\Miriam Nunez\Application Data\MyPhrases.dta
[2009/08/03 15:07:42 | 000,403,816 | -H-- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | -H-- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2009/07/22 11:10:08 | 000,075,776 | -H-- | C] () -- C:\WINDOWS\cadkasdeinst01e.exe
[2008/11/26 09:24:54 | 001,590,555 | -HS- | C] () -- C:\WINDOWS\System32\ipiwomof.ini
[2008/11/25 09:20:04 | 001,601,271 | -HS- | C] () -- C:\WINDOWS\System32\edubezin.ini
[2008/11/24 09:12:45 | 001,583,637 | -HS- | C] () -- C:\WINDOWS\System32\olivebim.ini
[2008/11/22 23:06:25 | 001,583,621 | -HS- | C] () -- C:\WINDOWS\System32\oyirewof.ini
[2008/11/22 11:06:37 | 001,583,621 | -HS- | C] () -- C:\WINDOWS\System32\avagesiw.ini
[2008/11/21 09:50:09 | 001,581,272 | -HS- | C] () -- C:\WINDOWS\System32\etopitib.ini
[2008/11/20 21:50:01 | 001,576,077 | -HS- | C] () -- C:\WINDOWS\System32\onidimaf.ini
[2008/11/20 09:49:52 | 001,504,826 | -HS- | C] () -- C:\WINDOWS\System32\irahayaz.ini
[2008/11/19 21:49:36 | 001,496,331 | -HS- | C] () -- C:\WINDOWS\System32\ivuwojek.ini
[2008/11/19 09:49:53 | 001,477,511 | -HS- | C] () -- C:\WINDOWS\System32\ifuyihil.ini
[2008/11/17 18:43:58 | 000,000,028 | -H-- | C] () -- C:\WINDOWS\pdf995.ini
[2008/09/09 11:06:21 | 000,024,576 | -H-- | C] () -- C:\WINDOWS\SvcCon.exe
[2008/01/18 12:51:21 | 000,021,791 | -H-- | C] () -- C:\WINDOWS\System32\smtpctrs.ini
[2008/01/18 12:51:20 | 000,001,037 | -H-- | C] () -- C:\WINDOWS\System32\ntfsdrct.ini
[2008/01/18 12:50:56 | 000,038,576 | -H-- | C] () -- C:\WINDOWS\System32\w3ctrs.ini
[2008/01/18 12:50:55 | 000,010,225 | -H-- | C] () -- C:\WINDOWS\System32\axperf.ini
[2008/01/18 12:50:54 | 000,011,435 | -H-- | C] () -- C:\WINDOWS\System32\infoctrs.ini
[2007/12/25 14:38:27 | 000,000,096 | -H-- | C] () -- C:\WINDOWS\WirelessFTP.INI
[2007/11/19 20:52:35 | 000,000,412 | -H-- | C] () -- C:\WINDOWS\MAXLINK.INI
[2007/10/10 10:56:18 | 000,011,776 | -H-- | C] () -- C:\WINDOWS\System32\pmsbfn32.dll
[2007/09/23 17:22:28 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\OpPrintServer.INI
[2007/07/21 19:02:47 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\nsreg.dat
[2007/07/16 14:33:43 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\Pro1099.INI
[2007/07/16 14:32:43 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\ProTrust.INI
[2007/07/16 14:30:40 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\ProForm.INI
[2007/07/11 15:54:42 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\pFwin.INI
[2007/07/11 15:54:04 | 000,000,092 | -H-- | C] () -- C:\WINDOWS\FORMSET.INI
[2007/07/11 15:53:06 | 000,000,105 | -H-- | C] () -- C:\WINDOWS\wpd99.drv
[2007/07/11 15:52:52 | 000,118,784 | -H-- | C] () -- C:\WINDOWS\System32\pdfmona.dll
[2007/07/11 15:52:52 | 000,051,716 | -H-- | C] () -- C:\WINDOWS\System32\pdf995mon.dll
[2007/07/11 15:52:30 | 000,000,172 | -H-- | C] () -- C:\WINDOWS\SoftPro.ini
[2007/07/11 15:51:21 | 000,032,768 | -H-- | C] () -- C:\WINDOWS\System32\SpFuncsUtil.dll
[2007/07/11 15:51:10 | 000,000,790 | -H-- | C] () -- C:\WINDOWS\System32\Ssce.ini
[2007/07/11 15:46:46 | 000,413,696 | -H-- | C] () -- C:\WINDOWS\System32\PegasusImaging.Resources.ImagXpress8.dll
[2007/07/11 15:37:22 | 000,051,304 | -H-- | C] () -- C:\WINDOWS\System32\drivers\atnt40k.sys
[2007/05/13 20:48:41 | 000,003,564 | -H-- | C] () -- C:\Documents and Settings\Miriam Nunez\Application Data\wklnhst.dat
[2007/05/12 16:53:54 | 000,007,680 | -H-- | C] () -- C:\WINDOWS\System32\CNMVS71.DLL
[2007/05/11 14:25:37 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\tosOBEX.INI
[2007/05/11 14:21:04 | 000,000,136 | -H-- | C] () -- C:\Documents and Settings\Miriam Nunez\Local Settings\Application Data\fusioncache.dat
[2007/04/03 23:09:03 | 000,204,800 | -H-- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2007/04/03 23:09:03 | 000,200,704 | -H-- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2007/04/03 23:09:03 | 000,192,512 | -H-- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2007/04/03 23:09:03 | 000,192,512 | -H-- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2007/04/03 23:09:03 | 000,188,416 | -H-- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2007/04/03 23:09:03 | 000,020,480 | -H-- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2007/04/03 23:07:54 | 000,002,154 | -H-- | C] () -- C:\WINDOWS\System32\tmmute.ini
[2007/04/03 23:00:32 | 000,019,968 | -H-- | C] () -- C:\WINDOWS\System32\Cpuinf32.dll
[2007/04/03 22:59:27 | 000,000,074 | -H-- | C] () -- C:\WINDOWS\QUICKEN.INI
[2007/04/03 22:59:07 | 000,000,004 | -H-- | C] () -- C:\WINDOWS\Pix11.dat
[2007/04/03 22:50:20 | 000,000,376 | -H-- | C] () -- C:\WINDOWS\ODBC.INI
[2007/04/03 22:43:59 | 000,520,192 | -H-- | C] () -- C:\WINDOWS\System32\CddbPlaylist2Sony.dll
[2006/10/19 16:37:58 | 000,015,852 | -H-- | C] () -- C:\WINDOWS\System32\SETUP.INI
[2006/07/22 17:08:38 | 000,610,304 | -H-- | C] () -- C:\WINDOWS\System32\lpykrp.exe
[2006/07/22 16:51:38 | 000,000,061 | -H-- | C] () -- C:\WINDOWS\smscfg.ini
[2006/07/22 16:32:31 | 000,000,059 | -H-- | C] () -- C:\WINDOWS\WININIT.INI
[2006/07/22 16:26:16 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\VAIOUpdt.INI
[2006/07/22 15:25:27 | 000,111,552 | -H-- | C] () -- C:\WINDOWS\setup.exe
[2006/07/22 15:21:32 | 000,000,031 | -H-- | C] () -- C:\WINDOWS\System32\elcric.dat
[2006/07/22 14:53:19 | 000,000,811 | -H-- | C] () -- C:\WINDOWS\orun32.ini
[2006/07/22 14:50:03 | 000,002,048 | -H-- | C] () -- C:\WINDOWS\bootstat.dat
[2006/07/22 14:45:12 | 000,021,640 | -H-- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2006/07/22 14:31:32 | 000,098,304 | -H-- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2006/07/22 14:31:22 | 000,000,760 | -H-- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2006/07/22 14:31:17 | 000,755,200 | -H-- | C] () -- C:\WINDOWS\System32\ir50_32.dll
[2006/07/22 14:31:17 | 000,338,432 | -H-- | C] () -- C:\WINDOWS\System32\ir41_qcx.dll
[2006/07/22 14:31:17 | 000,200,192 | -H-- | C] () -- C:\WINDOWS\System32\ir50_qc.dll
[2006/07/22 14:31:17 | 000,183,808 | -H-- | C] () -- C:\WINDOWS\System32\ir50_qcx.dll
[2006/07/22 14:31:17 | 000,120,320 | -H-- | C] () -- C:\WINDOWS\System32\ir41_qc.dll
[2006/07/22 14:31:10 | 000,004,569 | -H-- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006/07/22 14:31:08 | 000,643,572 | -H-- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2006/07/22 14:31:08 | 000,272,128 | -H-- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2006/07/22 14:31:08 | 000,148,748 | -H-- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2006/07/22 14:31:08 | 000,028,626 | -H-- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2006/07/22 14:31:07 | 013,107,200 | -H-- | C] () -- C:\WINDOWS\System32\oembios.bin
[2006/07/22 14:31:07 | 000,004,569 | -H-- | C] () -- C:\WINDOWS\System32\oembios.dat
[2006/07/22 14:31:06 | 000,000,741 | -H-- | C] () -- C:\WINDOWS\System32\noise.dat
[2006/07/22 14:31:04 | 000,673,088 | -H-- | C] () -- C:\WINDOWS\System32\mlang.dat
[2006/07/22 14:31:04 | 000,046,258 | -H-- | C] () -- C:\WINDOWS\System32\mib.bin
[2006/07/22 14:30:59 | 000,218,003 | -H-- | C] () -- C:\WINDOWS\System32\dssec.dat
[2006/07/22 14:30:56 | 000,001,804 | -H-- | C] () -- C:\WINDOWS\System32\dcache.bin
[2006/07/22 07:38:18 | 000,004,161 | -H-- | C] () -- C:\WINDOWS\ODBCINST.INI
[2006/07/22 07:37:32 | 000,276,560 | -H-- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2006/01/24 10:33:16 | 000,221,184 | -H-- | C] () -- C:\WINDOWS\System32\ExpLoansFromGenesis.dll
[2005/12/21 16:57:36 | 000,139,264 | -H-- | C] () -- C:\WINDOWS\System32\nsldap32v50.dll
[2005/12/21 16:57:04 | 000,024,576 | -H-- | C] () -- C:\WINDOWS\System32\nsldappr32v50.dll
[2005/12/21 16:54:34 | 000,040,960 | -H-- | C] () -- C:\WINDOWS\System32\nsldapssl32v50.dll
[2005/11/01 21:53:38 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\px.ini
[2005/09/02 17:44:00 | 000,110,592 | -H-- | C] () -- C:\WINDOWS\System32\TosBtAcc.dll
[2005/07/23 00:30:00 | 000,065,536 | -H-- | C] () -- C:\WINDOWS\System32\TosCommAPI.dll
[2005/03/24 04:58:36 | 000,053,315 | -H-- | C] () -- C:\WINDOWS\System32\Sswiadrv.dll
[2005/02/01 21:39:32 | 000,081,920 | -H-- | C] () -- C:\WINDOWS\System32\WIAEH.dll
[2004/11/17 02:16:16 | 000,077,824 | -H-- | C] () -- C:\WINDOWS\System32\WIAIPH.dll
[2004/10/15 02:09:28 | 000,049,152 | -H-- | C] () -- C:\WINDOWS\System32\WIASTIIO.dll
[2004/07/20 20:04:00 | 000,094,208 | -H-- | C] () -- C:\WINDOWS\System32\TosBtHcrpAPI.dll
[2004/01/15 17:43:00 | 000,114,688 | -H-- | C] () -- C:\WINDOWS\System32\TBTMonUI.dll
[2003/11/12 12:16:58 | 000,061,440 | -H-- | C] () -- C:\WINDOWS\System32\GNetParserX.dll
[2000/02/17 16:57:02 | 000,225,280 | -H-- | C] () -- C:\WINDOWS\System32\Gn32.dll
[1999/10/13 17:59:48 | 000,028,672 | -H-- | C] () -- C:\WINDOWS\System32\Gns2kzip.dll

========== LOP Check ==========

[2011/05/14 19:24:30 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2011/05/14 19:24:21 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2007/10/10 10:46:05 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2011/05/14 19:44:10 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2007/06/10 18:02:22 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Digital Interactive Systems Corporation
[2007/12/17 15:58:50 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\eFax Messenger 4.3 Output
[2007/12/17 15:58:36 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\eFax Messenger 4.3 Setup
[2010/12/18 16:06:19 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\magicJack
[2011/05/14 19:44:10 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2007/05/12 19:46:17 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Napster
[2010/01/24 16:23:18 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\PCSettings
[2011/03/04 21:22:40 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\pdf995
[2007/11/19 20:52:29 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2008/01/20 10:50:16 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\SecTaskMan
[2010/08/22 19:07:45 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\W3i
[2010/08/15 19:16:50 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Walgreens
[2010/04/19 22:14:17 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\WD_SmartWareCommon
[2010/04/19 22:12:25 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Western Digital
[2011/06/17 19:57:42 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/08/20 18:41:30 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Miriam Nunez\Application Data\Amazon
[2011/05/14 19:43:37 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Miriam Nunez\Application Data\AVG10
[2011/04/04 23:22:25 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Miriam Nunez\Application Data\CAD-KAS
[2008/03/23 12:53:03 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Miriam Nunez\Application Data\Canon
[2011/09/09 08:16:06 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Miriam Nunez\Application Data\Dropbox
[2007/05/14 16:19:30 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Miriam Nunez\Application Data\eFax Messenger
[2007/05/17 12:39:39 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Miriam Nunez\Application Data\Encompass
[2008/09/25 15:07:23 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Miriam Nunez\Application Data\ePASS
[2011/04/05 00:05:57 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Miriam Nunez\Application Data\facemoods.com
[2007/07/21 19:34:20 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Miriam Nunez\Application Data\InterVideo
[2009/02/05 15:40:41 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Miriam Nunez\Application Data\Juniper Networks
[2007/12/02 11:44:15 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Miriam Nunez\Application Data\Leadertech
[2009/01/16 22:49:15 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Miriam Nunez\Application Data\LimeWire
[2011/08/18 18:07:52 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Miriam Nunez\Application Data\mjusbsp
[2007/12/23 20:55:56 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Miriam Nunez\Application Data\NewSoft
[2008/11/17 18:43:58 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Miriam Nunez\Application Data\pdf995
[2009/01/28 18:00:51 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Miriam Nunez\Application Data\Photo! 3D Album
[2007/05/11 14:22:00 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Miriam Nunez\Application Data\Protector Suite
[2007/11/19 20:52:31 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Miriam Nunez\Application Data\ScanSoft
[2007/12/21 22:16:50 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Miriam Nunez\Application Data\Snapfish
[2007/05/13 20:48:43 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Miriam Nunez\Application Data\Template
[2010/04/08 16:32:16 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Miriam Nunez\Application Data\TypingMaster7
[2010/07/24 18:37:13 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Miriam Nunez\Application Data\Uniblue
[2009/02/10 18:34:03 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Miriam Nunez\Application Data\VersionTracker Pro
[2010/08/15 19:23:38 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Miriam Nunez\Application Data\W Photo Studio
[2010/08/15 19:23:30 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Miriam Nunez\Application Data\W Photo Studio Viewer
[2010/08/15 19:16:49 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Miriam Nunez\Application Data\Walgreens
[2009/07/17 11:38:17 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Miriam Nunez\Application Data\webex
[2010/04/19 22:12:30 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Miriam Nunez\Application Data\Western Digital
[2009/04/22 17:31:04 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Miriam Nunez\Application Data\Windows Search
[2009/08/14 17:19:30 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Miriam Nunez\Application Data\WinPatrol
[2011/09/11 17:28:02 | 000,000,438 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{FC40E001-0D68-4346-9C53-D4918F78A902}.job

========== Purity Check ==========

< End of report >

Was not wether I should post extra.txt so I will wait.
Thanks in advance
-Jon

Edited by ehloco, 11 September 2011 - 09:23 PM.

#2
RKinner

Posted 11 September 2011 - 11:59 PM

Malware Expert

Expert
24,625 posts

You are running two anti-viruses, AVG & Symantec. You need to remove one since they fight each other. I'd remove Symantec then run the Norton Removal tool:
Download and save the norton removal tool
ftp://ftp.symantec.com/public/english_us_canada/removal_tools/Norton_Removal_Tool.exe

Copy the text in the code box by highlighting and Ctrl + c


:processes
killallprocesses

:OTL
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (no name) - {02c6442b-e4ca-4f3e-a2c5-6f11a97cb657} - File not found
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O4 - HKCU..\Run: [QuickPhrase] File not found
O33 - MountPoints2\{2f555b8a-4bcd-11df-8b11-0016fe9a9d68}\Shell - "" = AutoRun
O33 - MountPoints2\{2f555b8a-4bcd-11df-8b11-0016fe9a9d68}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{2f555b8a-4bcd-11df-8b11-0016fe9a9d68}\Shell\AutoRun\command - "" = "G:\WD SmartWare.exe" autoplay=true
O33 - MountPoints2\{3f1dabf5-3fda-11dd-87c6-0016fe9a9d68}\Shell - "" = AutoRun
O33 - MountPoints2\{3f1dabf5-3fda-11dd-87c6-0016fe9a9d68}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{3f1dabf5-3fda-11dd-87c6-0016fe9a9d68}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\{40160ccb-06db-11e0-8c08-0016fe9a9d68}\Shell\AutoRun\command - "" = C:\WINDOWS\System32\setup.exe -- [2008/04/13 20:12:34 | 000,023,040 | -H-- | M] (Microsoft Corporation)
O33 - MountPoints2\{5a171fb2-361d-11e0-8c52-0016fe9a9d68}\Shell\AutoRun\command - "" = F:\urDrive.exe
O33 - MountPoints2\{98ebf2ce-354d-11e0-8c4e-0016fe9a9d68}\Shell - "" = AutoRun
O33 - MountPoints2\{98ebf2ce-354d-11e0-8c4e-0016fe9a9d68}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{98ebf2ce-354d-11e0-8c4e-0016fe9a9d68}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{98ebf2d0-354d-11e0-8c4e-0016fe9a9d68}\Shell - "" = AutoRun
O33 - MountPoints2\{98ebf2d0-354d-11e0-8c4e-0016fe9a9d68}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{98ebf2d0-354d-11e0-8c4e-0016fe9a9d68}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{98ebf2d3-354d-11e0-8c4e-0016fe9a9d68}\Shell - "" = AutoRun
O33 - MountPoints2\{98ebf2d3-354d-11e0-8c4e-0016fe9a9d68}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{98ebf2d3-354d-11e0-8c4e-0016fe9a9d68}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{98ebf2d5-354d-11e0-8c4e-0016fe9a9d68}\Shell - "" = AutoRun
O33 - MountPoints2\{98ebf2d5-354d-11e0-8c4e-0016fe9a9d68}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{98ebf2d5-354d-11e0-8c4e-0016fe9a9d68}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{c1b3c814-2c90-11e0-8c36-0016fe9a9d68}\Shell\AutoRun\command - "" = F:\urDrive.exe
O33 - MountPoints2\{c1b3c816-2c90-11e0-8c36-0016fe9a9d68}\Shell\AutoRun\command - "" = F:\urDrive.exe
O33 - MountPoints2\{e781f473-41c5-11e0-8c5e-0016fe9a9d68}\Shell - "" = AutoRun
O33 - MountPoints2\{e781f473-41c5-11e0-8c5e-0016fe9a9d68}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{e781f473-41c5-11e0-8c5e-0016fe9a9d68}\Shell\AutoRun\command - "" = F:\AutoRun.exe
[2011/09/10 21:09:59 | 000,336,896 | -H-- | C] (RealVNC Ltd.) -- C:\Documents and Settings\All Users\Application Data\P1kAlMiG2Kb7Fz.exe
[2011/09/10 21:00:40 | 000,422,400 | -H-- | C] (RealVNC Ltd.) -- C:\Documents and Settings\All Users\Application Data\uJfauDLHaGxJo.exe
[2011/09/10 21:11:37 | 000,000,440 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\P1kAlMiG2Kb7Fz
[2011/09/10 21:10:47 | 000,000,224 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\~P1kAlMiG2Kb7Fz
[2011/09/10 21:10:47 | 000,000,168 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\~P1kAlMiG2Kb7Fzr
[2011/09/10 21:10:46 | 000,000,841 | -H-- | M] () -- C:\Documents and Settings\Miriam Nunez\Desktop\System Recovery.lnk
[2011/09/10 21:09:59 | 000,336,896 | -H-- | M] (RealVNC Ltd.) -- C:\Documents and Settings\All Users\Application Data\P1kAlMiG2Kb7Fz.exe
[2011/09/10 21:00:21 | 000,422,400 | -H-- | M] (RealVNC Ltd.) -- C:\Documents and Settings\All Users\Application Data\uJfauDLHaGxJo.exe
[2011/09/10 21:31:21 | 000,000,859 | -H-- | C] () -- C:\Documents and Settings\Miriam Nunez\Application Data\Microsoft\Internet Explorer\Quick Launch\System Recovery.lnk
[2011/09/10 21:10:47 | 000,000,224 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\~P1kAlMiG2Kb7Fz
[2011/09/10 21:10:47 | 000,000,168 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\~P1kAlMiG2Kb7Fzr
[2011/09/10 21:10:46 | 000,000,841 | -H-- | C] () -- C:\Documents and Settings\Miriam Nunez\Desktop\System Recovery.lnk
[2011/09/10 21:10:30 | 000,000,440 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\P1kAlMiG2Kb7Fz
[2011/05/14 17:40:47 | 000,015,596 | -HS- | C] () -- C:\Documents and Settings\Miriam Nunez\Local Settings\Application Data\qw0j6rj2eh126b41tbg4561cs4qy0b8ai286q3u8rph5
[2011/05/14 17:40:47 | 000,015,596 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\qw0j6rj2eh126b41tbg4561cs4qy0b8ai286q3u8rph5
[2008/11/26 09:24:54 | 001,590,555 | -HS- | C] () -- C:\WINDOWS\System32\ipiwomof.ini
[2008/11/25 09:20:04 | 001,601,271 | -HS- | C] () -- C:\WINDOWS\System32\edubezin.ini
[2008/11/24 09:12:45 | 001,583,637 | -HS- | C] () -- C:\WINDOWS\System32\olivebim.ini
[2008/11/22 23:06:25 | 001,583,621 | -HS- | C] () -- C:\WINDOWS\System32\oyirewof.ini
[2008/11/22 11:06:37 | 001,583,621 | -HS- | C] () -- C:\WINDOWS\System32\avagesiw.ini
[2008/11/21 09:50:09 | 001,581,272 | -HS- | C] () -- C:\WINDOWS\System32\etopitib.ini
[2008/11/20 21:50:01 | 001,576,077 | -HS- | C] () -- C:\WINDOWS\System32\onidimaf.ini
[2008/11/20 09:49:52 | 001,504,826 | -HS- | C] () -- C:\WINDOWS\System32\irahayaz.ini
[2008/11/19 21:49:36 | 001,496,331 | -HS- | C] () -- C:\WINDOWS\System32\ivuwojek.ini
[2008/11/19 09:49:53 | 001,477,511 | -HS- | C] () -- C:\WINDOWS\System32\ifuyihil.ini

:files
xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C
xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C
xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C
xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C
   
:Commands
[RESETHOSTS]
[purity]
[Reboot]

then run OTL and Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the Run Fix button at the top. Let the program run unhindered, OTL will reboot the PC when it is done. Save the log and copy and paste it to a reply.

Download, Save and Run unhide.exe from

http://download.blee...nler/unhide.exe

Malwarebytes' Anti-Malware
:!: If you have a previous version of MalwareBytes', remove it via Add or Remove Programs and download a fresh copy. :!:

http://www.malwarebytes.org/mbam.php

SAVE Malwarebytes' Anti-Malware to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.

* Be sure that everything is checked, and click Remove Selected.

* When completed, a log will open in Notepad. Please save it to a convenient location.
* The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
* Post that log back here.

ComboFix
:!: If you have a previous version of Combofix.exe, delete it and download a fresh copy. :!:

:!: It must be saved to your desktop, do not run it :!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html

Download and Save this file -- to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Doubleclick on ComboFix to start the program.

* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.

* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix. Allow it to install the Recovery Console then Continue. When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.

A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.

Download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it
change the a-v scan to None.
uncheck trace disk IO calls
Click the "Scan" button to start scan
On completion of the scan (Note if the Fix button is enabled (not the FixMBR button) and tell me) click save log, save it to your desktop and post in your next reply

Download TDSSKiller:
http://support.kaspe.../tdsskiller.exe
Save it to your desktop then run it.
Double click on TDSSKiller.exe
If TDSSKiller alerts you that the system needs to reboot, please consent.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.

Ron

#3
ehloco

Posted 12 September 2011 - 03:53 PM

New Member

Topic Starter
Member
4 posts

Hello,

First of all thanks for the reply, I followed all the steps. I hope I get the order of this right, this desktop is a mess.

I attached the MBAM files, the one with the 2 at the end, is the second scan I ran, the other is the first before I read your post.

OTL log:

========== PROCESSES ==========
All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02c6442b-e4ca-4f3e-a2c5-6f11a97cb657}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02c6442b-e4ca-4f3e-a2c5-6f11a97cb657}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\ deleted successfully.
C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ deleted successfully.
File C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\QuickPhrase deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2f555b8a-4bcd-11df-8b11-0016fe9a9d68}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2f555b8a-4bcd-11df-8b11-0016fe9a9d68}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2f555b8a-4bcd-11df-8b11-0016fe9a9d68}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2f555b8a-4bcd-11df-8b11-0016fe9a9d68}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2f555b8a-4bcd-11df-8b11-0016fe9a9d68}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2f555b8a-4bcd-11df-8b11-0016fe9a9d68}\ not found.
File "G:\WD SmartWare.exe" autoplay=true not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3f1dabf5-3fda-11dd-87c6-0016fe9a9d68}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3f1dabf5-3fda-11dd-87c6-0016fe9a9d68}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3f1dabf5-3fda-11dd-87c6-0016fe9a9d68}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3f1dabf5-3fda-11dd-87c6-0016fe9a9d68}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3f1dabf5-3fda-11dd-87c6-0016fe9a9d68}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3f1dabf5-3fda-11dd-87c6-0016fe9a9d68}\ not found.
File F:\LaunchU3.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{40160ccb-06db-11e0-8c08-0016fe9a9d68}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{40160ccb-06db-11e0-8c08-0016fe9a9d68}\ not found.
C:\WINDOWS\system32\setup.exe moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5a171fb2-361d-11e0-8c52-0016fe9a9d68}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5a171fb2-361d-11e0-8c52-0016fe9a9d68}\ not found.
File F:\urDrive.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{98ebf2ce-354d-11e0-8c4e-0016fe9a9d68}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{98ebf2ce-354d-11e0-8c4e-0016fe9a9d68}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{98ebf2ce-354d-11e0-8c4e-0016fe9a9d68}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{98ebf2ce-354d-11e0-8c4e-0016fe9a9d68}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{98ebf2ce-354d-11e0-8c4e-0016fe9a9d68}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{98ebf2ce-354d-11e0-8c4e-0016fe9a9d68}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{98ebf2d0-354d-11e0-8c4e-0016fe9a9d68}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{98ebf2d0-354d-11e0-8c4e-0016fe9a9d68}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{98ebf2d0-354d-11e0-8c4e-0016fe9a9d68}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{98ebf2d0-354d-11e0-8c4e-0016fe9a9d68}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{98ebf2d0-354d-11e0-8c4e-0016fe9a9d68}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{98ebf2d0-354d-11e0-8c4e-0016fe9a9d68}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{98ebf2d3-354d-11e0-8c4e-0016fe9a9d68}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{98ebf2d3-354d-11e0-8c4e-0016fe9a9d68}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{98ebf2d3-354d-11e0-8c4e-0016fe9a9d68}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{98ebf2d3-354d-11e0-8c4e-0016fe9a9d68}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{98ebf2d3-354d-11e0-8c4e-0016fe9a9d68}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{98ebf2d3-354d-11e0-8c4e-0016fe9a9d68}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{98ebf2d5-354d-11e0-8c4e-0016fe9a9d68}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{98ebf2d5-354d-11e0-8c4e-0016fe9a9d68}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{98ebf2d5-354d-11e0-8c4e-0016fe9a9d68}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{98ebf2d5-354d-11e0-8c4e-0016fe9a9d68}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{98ebf2d5-354d-11e0-8c4e-0016fe9a9d68}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{98ebf2d5-354d-11e0-8c4e-0016fe9a9d68}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c1b3c814-2c90-11e0-8c36-0016fe9a9d68}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c1b3c814-2c90-11e0-8c36-0016fe9a9d68}\ not found.
File F:\urDrive.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c1b3c816-2c90-11e0-8c36-0016fe9a9d68}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c1b3c816-2c90-11e0-8c36-0016fe9a9d68}\ not found.
File F:\urDrive.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e781f473-41c5-11e0-8c5e-0016fe9a9d68}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e781f473-41c5-11e0-8c5e-0016fe9a9d68}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e781f473-41c5-11e0-8c5e-0016fe9a9d68}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e781f473-41c5-11e0-8c5e-0016fe9a9d68}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e781f473-41c5-11e0-8c5e-0016fe9a9d68}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e781f473-41c5-11e0-8c5e-0016fe9a9d68}\ not found.
File F:\AutoRun.exe not found.
C:\Documents and Settings\All Users\Application Data\P1kAlMiG2Kb7Fz.exe moved successfully.
C:\Documents and Settings\All Users\Application Data\uJfauDLHaGxJo.exe moved successfully.
C:\Documents and Settings\All Users\Application Data\P1kAlMiG2Kb7Fz moved successfully.
C:\Documents and Settings\All Users\Application Data\~P1kAlMiG2Kb7Fz moved successfully.
C:\Documents and Settings\All Users\Application Data\~P1kAlMiG2Kb7Fzr moved successfully.
File C:\Documents and Settings\Miriam Nunez\Desktop\System Recovery.lnk not found.
File C:\Documents and Settings\All Users\Application Data\P1kAlMiG2Kb7Fz.exe not found.
File C:\Documents and Settings\All Users\Application Data\uJfauDLHaGxJo.exe not found.
File C:\Documents and Settings\Miriam Nunez\Application Data\Microsoft\Internet Explorer\Quick Launch\System Recovery.lnk not found.
File C:\Documents and Settings\All Users\Application Data\~P1kAlMiG2Kb7Fz not found.
File C:\Documents and Settings\All Users\Application Data\~P1kAlMiG2Kb7Fzr not found.
File C:\Documents and Settings\Miriam Nunez\Desktop\System Recovery.lnk not found.
File C:\Documents and Settings\All Users\Application Data\P1kAlMiG2Kb7Fz not found.
File C:\Documents and Settings\Miriam Nunez\Local Settings\Application Data\qw0j6rj2eh126b41tbg4561cs4qy0b8ai286q3u8rph5 not found.
C:\Documents and Settings\All Users\Application Data\qw0j6rj2eh126b41tbg4561cs4qy0b8ai286q3u8rph5 moved successfully.
C:\WINDOWS\system32\ipiwomof.ini moved successfully.
C:\WINDOWS\system32\edubezin.ini moved successfully.
C:\WINDOWS\system32\olivebim.ini moved successfully.
C:\WINDOWS\system32\oyirewof.ini moved successfully.
C:\WINDOWS\system32\avagesiw.ini moved successfully.
C:\WINDOWS\system32\etopitib.ini moved successfully.
C:\WINDOWS\system32\onidimaf.ini moved successfully.
C:\WINDOWS\system32\irahayaz.ini moved successfully.
C:\WINDOWS\system32\ivuwojek.ini moved successfully.
C:\WINDOWS\system32\ifuyihil.ini moved successfully.
========== FILES ==========
< xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C >
C:\DOCUME~1\MIRIAM~1\LOCALS~1\Temp\smtmp\1\desktop.ini
C:\DOCUME~1\MIRIAM~1\LOCALS~1\Temp\smtmp\1\Set Program Access and Defaults.lnk
C:\DOCUME~1\MIRIAM~1\LOCALS~1\Temp\smtmp\1\VAIO Backup Utility.lnk
C:\DOCUME~1\MIRIAM~1\LOCALS~1\Temp\smtmp\1\VAIO Security Center.lnk
C:\DOCUME~1\MIRIAM~1\LOCALS~1\Temp\smtmp\1\Windows Catalog.lnk
C:\DOCUME~1\MIRIAM~1\LOCALS~1\Temp\smtmp\1\Windows Update.lnk
C:\DOCUME~1\MIRIAM~1\LOCALS~1\Temp\smtmp\1\Programs\Adobe Reader 8.lnk
C:\DOCUME~1\MIRIAM~1\LOCALS~1\Temp\smtmp\1\Programs\Adobe Reader X.lnk
C:\DOCUME~1\MIRIAM~1\LOCALS~1\Temp\smtmp\1\Programs\Apple Software Update.lnk
C:\DOCUME~1\MIRIAM~1\LOCALS~1\Temp\smtmp\1\Programs\desktop.ini
C:\DOCUME~1\MIRIAM~1\LOCALS~1\Temp\smtmp\1\Programs\LogMeIn.lnk
C:\DOCUME~1\MIRIAM~1\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Office PowerPoint Viewer 2003.lnk
C:\DOCUME~1\MIRIAM~1\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Visual Web Developer 2008 Express Edition.lnk
C:\DOCUME~1\MIRIAM~1\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Works Task Launcher.lnk
C:\DOCUME~1\MIRIAM~1\LOCALS~1\Temp\smtmp\1\Programs\MovieLink.lnk
C:\DOCUME~1\MIRIAM~1\LOCALS~1\Temp\smtmp\1\Programs\Photo Story 3 for Windows.lnk
C:\DOCUME~1\MIRIAM~1\LOCALS~1\Temp\smtmp\1\Programs\Safari.lnk
C:\DOCUME~1\MIRIAM~1\LOCALS~1\Temp\smtmp\1\Programs\TurboTax Online.lnk
C:\DOCUME~1\MIRIAM~1\LOCALS~1\Temp\smtmp\1\Programs\VAIO Backup Utility.lnk
C:\DOCUME~1\MIRIAM~1\LOCALS~1\Temp\smtmp\1\Programs\VAIO Central.lnk
C:\DOCUME~1\MIRIAM~1\LOCALS~1\Temp\smtmp\1\Programs\Windows Movie Maker.lnk
C:\DOCUME~1\MIRIAM~1\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Calculator.lnk
C:\DOCUME~1\MIRIAM~1\LOCALS~1\Temp\smtmp\1\Programs\Accessories\desktop.ini
C:\DOCUME~1\MIRIAM~1\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Paint.lnk
C:\DOCUME~1\MIRIAM~1\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Remote Desktop Connection.lnk
C:\DOCUME~1\MIRIAM~1\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Scanner and Camera Wizard.lnk
C:\DOCUME~1\MIRIAM~1\LOCALS~1\Temp\smtmp\1\Programs\Accessories\WordPad.lnk
C:\DOCUME~1\MIRIAM~1\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Accessibility\Accessibility Wizard.lnk
C:\DOCUME~1\MIRIAM~1\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Accessibility\desktop.ini
C:\DOCUME~1\MIRIAM~1\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Communications\desktop.ini
C:\DOCUME~1\MIRIAM~1\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Communications\HyperTerminal.lnk
C:\DOCUME~1\MIRIAM~1\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Communications\Network Connections.lnk
C:\DOCUME~1\MIRIAM~1\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Communications\Network Setup Wizard.lnk
C:\DOCUME~1\MIRIAM~1\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Communications\New Connection Wizard.lnk
C:\DOCUME~1\MIRIAM~1\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Communications\Wireless Network Setup Wizard.lnk
C:\DOCUME~1\MIRIAM~1\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Entertainment\desktop.ini
C:\DOCUME~1\MIRIAM~1\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Entertainment\Sound Recorder.lnk
C:\DOCUME~1\MIRIAM~1\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Entertainment\Volume Control.lnk
C:\DOCUME~1\MIRIAM~1\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Entertainment\Windows Movie Maker.lnk
C:\DOCUME~1\MIRIAM~1\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Microsoft Interactive Training\Microsoft Interactive Training Help.lnk
C:\DOCUME~1\MIRIAM~1\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Microsoft Interactive Training\Microsoft Interactive Training.lnk
C:\DOCUME~1\MIRIAM~1\LOCALS~1\Temp\smtmp\1\Programs\Accessories\System Tools\Backup.lnk
C:\DOCUME~1\MIRIAM~1\LOCALS~1\Temp\smtmp\1\Programs\Accessories\System Tools\Character Map.lnk
C:\DOCUME~1\MIRIAM~1\LOCALS~1\Temp\smtmp\1\Programs\Accessories\System Tools\desktop.ini
C:\DOCUME~1\MIRIAM~1\LOCALS~1\Temp\smtmp\1\Programs\Accessories\System Tools\Disk Cleanup.lnk
C:\DOCUME~1\MIRIAM~1\LOCALS~1\Temp\smtmp\1\Programs\Accessories\System Tools\Disk Defragmenter.lnk
C:\DOCUME~1\MIRIAM~1\LOCALS~1\Temp\smtmp\1\Programs\Accessories\System Tools\Files and Settings Transfer Wizard.lnk
C:\DOCUME~1\MIRIAM~1\LOCALS~1\Temp\smtmp\1\Programs\Accessories\System Tools\Scheduled Tasks.lnk
C:\DOCUME~1\MIRIAM~1\LOCALS~1\Temp\smtmp\1\Programs\Accessories\System Tools\System Information.lnk
C:\DOCUME~1\MIRIAM~1\LOCALS~1\Temp\smtmp\1\Programs\Accessories\System Tools\System Restore.lnk
C:\DOCUME~1\MIRIAM~1\LOCALS~1\Temp\smtmp\1\Programs\Administrative Tools\Component Services.lnk
C:\DOCUME~1\MIRIAM~1\LOCALS~1\Temp\smtmp\1\Programs\Administrative Tools\Computer Management.lnk
C:\DOCUME~1\MIRIAM~1\LOCALS~1\Temp\smtmp\1\Programs\Administrative Tools\Data Sources (ODBC).lnk
C:\DOCUME~1\MIRIAM~1\LOCALS~1\Temp\smtmp\1\Programs\Administrative Tools\desktop.ini
C:\DOCUME~1\MIRIAM~1\LOCALS~1\Temp\smtmp\1\Programs\Administrative Tools\Event Viewer.lnk
C:\DOCUME~1\MIRIAM~1\LOCALS~1\Temp\smtmp\1\Programs\Administrative Tools\Internet Information Services.lnk
C:\DOCUME~1\MIRIAM~1\LOCALS~1\Temp\smtmp\1\Programs\Administrative Tools\Local Security Policy.lnk
C:\DOCUME~1\MIRIAM~1\LOCALS~1\Temp\smtmp\1\Programs\Administrative Tools\Microsoft .NET Framework 1.1 Configuration.lnk
C:\DOCUME~1\MIRIAM~1\LOCALS~1\Temp\smtmp\1\Programs\Administrative Tools\Microsoft .NET Framework 1.1 Wizards.lnk
C:\DOCUME~1\MIRIAM~1\LOCALS~1\Temp\smtmp\1\Programs\Administrative Tools\Performance.lnk
C:\DOCUME~1\MIRIAM~1\LOCALS~1\Temp\smtmp\1\Programs\Administrative Tools\Services.lnk
C:\DOCUME~1\MIRIAM~1\LOCALS~1\Temp\smtmp\1\Programs\Amazon\Amazon MP3 Downloader\Amazon MP3 Downloader.lnk
C:\DOCUME~1\MIRIAM~1\LOCALS~1\Temp\smtmp\1\Programs\Amazon\Amazon MP3 Downloader\Uninstall Amazon MP3 Downloader.lnk
C:\DOCUME~1\MIRIAM~1\LOCALS~1\Temp\smtmp\1\Programs\AVG 2011\AVG Tray Icon.lnk
C:\DOCUME~1\MIRIAM~1\LOCALS~1\Temp\smtmp\1\Programs\AVG 2011\AVG User Interface.lnk
C:\DOCUME~1\MIRIAM~1\LOCALS~1\Temp\smtmp\1\Programs\AVG 2011\Uninstall AVG.lnk
C:\DOCUME~1\MIRIAM~1\LOCALS~1\Temp\smtmp\1\Programs\Bluetooth\Bluetooth Information Exchanger.lnk
C:\DOCUME~1\MIRIAM~1\LOCALS~1\Temp\smtmp\1\Programs\Bluetooth\Bluetooth Settings.lnk
C:\DOCUME~1\MIRIAM~1\LOCALS~1\Temp\smtmp\1\Programs\Bluetooth\Remote Camera.lnk
C:\DOCUME~1\MIRIAM~1\LOCALS~1\Temp\smtmp\1\Programs\Bluetooth\User's Guide.lnk
C:\DOCUME~1\MIRIAM~1\LOCALS~1\Temp\smtmp\1\Programs\Bluetooth\Wireless File Transfer.lnk
C:\DOCUME~1\MIRIAM~1\LOCALS~1\Temp\smtmp\1\Programs\Canon iP90\Guide.lnk
C:\DOCUME~1\MIRIAM~1\LOCALS~1\Temp\smtmp\1\Programs\Canon iP90\Readme.lnk
C:\DOCUME~1\MIRIAM~1\LOCALS~1\Temp\smtmp\1\Programs\Canon iP90\Uninstall.lnk
C:\DOCUME~1\MIRIAM~1\LOCALS~1\Temp\smtmp\1\Programs\Canon iP90 Manual\iP90 Bluetooth User's Guide.lnk
C:\DOCUME~1\MIRIAM~1\LOCALS~1\Temp\smtmp\1\Programs\Canon iP90 Manual\iP90 Photo Application Guide.lnk
C:\DOCUME~1\MIRIAM~1\LOCALS~1\Temp\smtmp\1\Programs\Canon iP90 Manual\iP90 User's Guide.lnk
C:\DOCUME~1\MIRIAM~1\LOCALS~1\Temp\smtmp\1\Programs\Canon iP90 Manual\Uninstall.lnk
C:\DOCUME~1\MIRIAM~1\LOCALS~1\Temp\smtmp\1\Programs\Canon iP90 series Manual\iP90 series On-screen Manual.lnk
C:\DOCUME~1\MIRIAM~1\LOCALS~1\Temp\smtmp\1\Programs\Canon iP90 series Manual\Uninstall.lnk
C:\DOCUME~1\MIRIAM~1\LOCALS~1\Temp\smtmp\1\Programs\Canon MX310 series\Readme.lnk
C:\DOCUME~1\MIRIAM~1\LOCALS~1\Temp\smtmp\1\Programs\Canon MX310 series\Uninstall.lnk
C:\DOCUME~1\MIRIAM~1\LOCALS~1\Temp\smtmp\1\Programs\Canon MX310 series Manual\MX310 series On-screen Manual.lnk
C:\DOCUME~1\MIRIAM~1\LOCALS~1\Temp\smtmp\1\Programs\Canon MX310 series Manual\Uninstall.lnk
C:\DOCUME~1\MIRIAM~1\LOCALS~1\Temp\smtmp\1\Programs\Canon MX310 series User Registration\User Registration Uninstall.LNK
C:\DOCUME~1\MIRIAM~1\LOCALS~1\Temp\smtmp\1\Programs\Canon MX310 series User Registration\User Registration.LNK
C:\DOCUME~1\MIRIAM~1\LOCALS~1\Temp\smtmp\1\Programs\Canon PhotoRecord\PhotoRecord README.lnk
C:\DOCUME~1\MIRIAM~1\LOCALS~1\Temp\smtmp\1\Programs\Canon PhotoRecord\PhotoRecord Uninstall.lnk
C:\DOCUME~1\MIRIAM~1\LOCALS~1\Temp\smtmp\1\Programs\Canon PhotoRecord\PhotoRecord.lnk
C:\DOCUME~1\MIRIAM~1\LOCALS~1\Temp\smtmp\1\Programs\Canon Utilities\Canon iP90 Setup Utility\Canon iP90 Setup Utility.lnk
C:\DOCUME~1\MIRIAM~1\LOCALS~1\Temp\smtmp\1\Programs\Canon Utilities\Canon iP90 Setup Utility\Readme.lnk
C:\DOCUME~1\MIRIAM~1\LOCALS~1\Temp\smtmp\1\Programs\Canon Utilities\Canon iP90 Setup Utility\Uninstall.lnk
C:\DOCUME~1\MIRIAM~1\LOCALS~1\Temp\smtmp\1\Programs\Canon Utilities\Easy-PhotoPrint\Easy-PhotoPrint Readme.lnk
C:\DOCUME~1\MIRIAM~1\LOCALS~1\Temp\smtmp\1\Programs\Canon Utilities\Easy-PhotoPrint\Easy-PhotoPrint Uninstall.lnk
C:\DOCUME~1\MIRIAM~1\LOCALS~1\Temp\smtmp\1\Programs\Canon Utilities\Easy-PhotoPrint\Easy-PhotoPrint.lnk
C:\DOCUME~1\MIRIAM~1\LOCALS~1\Temp\smtmp\1\Programs\Canon Utilities\MP Navigator EX 1.0\MP Navigator EX 1.0.lnk
C:\DOCUME~1\MIRIAM~1\LOCALS~1\Temp\smtmp\1\Programs\Canon Utilities\MP Navigator EX 1.0\MP Navigator EX Readme.lnk
C:\DOCUME~1\MIRIAM~1\LOCALS~1\Temp\smtmp\1\Programs\Canon Utilities\MP Navigator EX 1.0\MP Navigator EX Uninstall.lnk
C:\DOCUME~1\MIRIAM~1\LOCALS~1\Temp\smtmp\1\Programs\Canon Utilities\My Printer\My Printer Readme.lnk
C:\DOCUME~1\MIRIAM~1\LOCALS~1\Temp\smtmp\1\Programs\Canon Utilities\My Printer\My Printer Uninstall.lnk
C:\DOCUME~1\MIRIAM~1\LOCALS~1\Temp\smtmp\1\Programs\Canon Utilities\My Printer\My Printer.lnk
C:\DOCUME~1\MIRIAM~1\LOCALS~1\Temp\smtmp\1\Programs\Canon Utilities\Solution Menu\Solution Menu Readme.lnk
C:\DOCUME~1\MIRIAM~1\LOCALS~1\Temp\smtmp\1\Programs\Canon Utilities\Solution Menu\Solution Menu Uninstall.lnk
C:\DOCUME~1\MIRIAM~1\LOCALS~1\Temp\smtmp\1\Programs\Canon Utilities\Solution Menu\Solution Menu.lnk
C:\DOCUME~1\MIRIAM~1\LOCALS~1\Temp\smtmp\1\Programs\Claro Internet\Claro Internet.lnk
C:\DOCUME~1\MIRIAM~1\LOCALS~1\Temp\smtmp\1\Programs\Claro Internet\Uninstall.lnk
C:\DOCUME~1\MIRIAM~1\LOCALS~1\Temp\smtmp\1\Programs\Click to DVD\Click to DVD Automatic Mode Launcher.lnk
C:\DOCUME~1\MIRIAM~1\LOCALS~1\Temp\smtmp\1\Programs\Click to DVD\Click to DVD Help.lnk
C:\DOCUME~1\MIRIAM~1\LOCALS~1\Temp\smtmp\1\Programs\Click to DVD\Click to DVD Readme.lnk
C:\DOCUME~1\MIRIAM~1\LOCALS~1\Temp\smtmp\1\Programs\Click to DVD\Click to DVD.lnk
C:\DOCUME~1\MIRIAM~1\LOCALS~1\Temp\smtmp\1\Programs\CutePDF\PDF Writer\Readme.lnk
C:\DOCUME~1\MIRIAM~1\LOCALS~1\Temp\smtmp\1\Programs\CutePDF\PDF Writer\Uninstall CutePDF Writer.lnk
C:\DOCUME~1\MIRIAM~1\LOCALS~1\Temp\smtmp\1\Programs\Dell\Dell Printers\Dell Laser MFP 1600n\Dell MFP Software Uninstall.lnk
C:\DOCUME~1\MIRIAM~1\LOCALS~1\Temp\smtmp\1\Programs\Dell\Dell Printers\Dell Laser MFP 1600n\Dell Toner Reorder Program.lnk
C:\DOCUME~1\MIRIAM~1\LOCALS~1\Temp\smtmp\1\Programs\Dell\Dell Printers\Dell Laser MFP 1600n\Printer Settings Utility.lnk
C:\DOCUME~1\MIRIAM~1\LOCALS~1\Temp\smtmp\1\Programs\Dell\Dell Printers\Dell Laser MFP 1600n\User's Guide.lnk
C:\DOCUME~1\MIRIAM~1\LOCALS~1\Temp\smtmp\1\Programs\Digital Photo Navigator\Digital Photo Navigator 1.5.lnk
C:\DOCUME~1\MIRIAM~1\LOCALS~1\Temp\smtmp\1\Programs\DVgate Plus\DVgate Plus Help.lnk
C:\DOCUME~1\MIRIAM~1\LOCALS~1\Temp\smtmp\1\Programs\DVgate Plus\DVgate Plus.lnk
C:\DOCUME~1\MIRIAM~1\LOCALS~1\Temp\smtmp\1\Programs\DVgate Plus\Readme.lnk
C:\DOCUME~1\MIRIAM~1\LOCALS~1\Temp\smtmp\1\Programs\Ellie Mae Encompass\Admin Tools.lnk
C:\DOCUME~1\MIRIAM~1\LOCALS~1\Temp\smtmp\1\Programs\Ellie Mae Encompass\Encompass.lnk
C:\DOCUME~1\MIRIAM~1\LOCALS~1\Temp\smtmp\1\Programs\Ellie Mae Encompass\Getting Started Guide.lnk
C:\DOCUME~1\MIRIAM~1\LOCALS~1\Temp\smtmp\1\Programs\Ellie Mae Encompass\Getting Started with ePASS.lnk
C:\DOCUME~1\MIRIAM~1\LOCALS~1\Temp\smtmp\1\Programs\Ellie Mae Encompass\Installation and Admin Guide.lnk
C:\DOCUME~1\MIRIAM~1\LOCALS~1\Temp\smtmp\1\Programs\Games\desktop.ini
C:\DOCUME~1\MIRIAM~1\LOCALS~1\Temp\smtmp\1\Programs\Games\Freecell.lnk
C:\DOCUME~1\MIRIAM~1\LOCALS~1\Temp\smtmp\1\Programs\Games\Hearts.lnk
C:\DOCUME~1\MIRIAM~1\LOCALS~1\Temp\smtmp\1\Programs\Games\Internet Backgammon.lnk
C:\DOCUME~1\MIRIAM~1\LOCALS~1\Temp\smtmp\1\Programs\Games\Internet Checkers.lnk
C:\DOCUME~1\MIRIAM~1\LOCALS~1\Temp\smtmp\1\Programs\Games\Internet Hearts.lnk
C:\DOCUME~1\MIRIAM~1\LOCALS~1\Temp\smtmp\1\Programs\Games\Internet Reversi.lnk
C:\DOCUME~1\MIRIAM~1\LOCALS~1\Temp\smtmp\1\Programs\Games\Internet Spades.lnk
C:\DOCUME~1\MIRIAM~1\LOCALS~1\Temp\smtmp\1\Programs\Games\Minesweeper.lnk
C:\DOCUME~1\MIRIAM~1\LOCALS~1\Temp\smtmp\1\Programs\Games\Pinball.lnk
C:\DOCUME~1\MIRIAM~1\LOCALS~1\Temp\smtmp\1\Programs\Games\Solitaire.lnk
C:\DOCUME~1\MIRIAM~1\LOCALS~1\Temp\smtmp\1\Programs\Games\Spider Solitaire.lnk
C:\DOCUME~1\MIRIAM~1\LOCALS~1\Temp\smtmp\1\Programs\Google Earth\Uninstall Google Earth Plug-in.lnk
C:\DOCUME~1\MIRIAM~1\LOCALS~1\Temp\smtmp\1\Programs\Image Converter 2 Plus\Image Converter 2 Plus Help.lnk
C:\DOCUME~1\MIRIAM~1\LOCALS~1\Temp\smtmp\1\Programs\Image Converter 2 Plus\Image Converter 2 Plus.lnk
C:\DOCUME~1\MIRIAM~1\LOCALS~1\Temp\smtmp\1\Programs\Image Converter 2 Plus\Readme.lnk
C:\DOCUME~1\MIRIAM~1\LOCALS~1\Temp\smtmp\1\Programs\InstallIQ Updater\InstallIQ Updater.lnk
C:\DOCUME~1\MIRIAM~1\LOCALS~1\Temp\smtmp\1\Programs\InstallIQ Updater\Privacy Policy.url
C:\DOCUME~1\MIRIAM~1\LOCALS~1\Temp\smtmp\1\Programs\InstallIQ Updater\Terms & Conditions.url
C:\DOCUME~1\MIRIAM~1\LOCALS~1\Temp\smtmp\1\Programs\InstallIQ Updater\Uninstall InstallIQ Updater.lnk
C:\DOCUME~1\MIRIAM~1\LOCALS~1\Temp\smtmp\1\Programs\Intel PROSet Wireless\Intel PROSet Wireless.lnk
C:\DOCUME~1\MIRIAM~1\LOCALS~1\Temp\smtmp\1\Programs\InterVideo WinDVD\InterVideo WinDVD for VAIO.lnk
C:\DOCUME~1\MIRIAM~1\LOCALS~1\Temp\smtmp\1\Programs\iTunes\About iTunes.lnk
C:\DOCUME~1\MIRIAM~1\LOCALS~1\Temp\smtmp\1\Programs\iTunes\iTunes.lnk
C:\DOCUME~1\MIRIAM~1\LOCALS~1\Temp\smtmp\1\Programs\KeePass Password Safe\Help.lnk
C:\DOCUME~1\MIRIAM~1\LOCALS~1\Temp\smtmp\1\Programs\KeePass Password Safe\KeePass on the Web.lnk
C:\DOCUME~1\MIRIAM~1\LOCALS~1\Temp\smtmp\1\Programs\KeePass Password Safe\KeePass.lnk
C:\DOCUME~1\MIRIAM~1\LOCALS~1\Temp\smtmp\1\Programs\KeePass Password Safe\Uninstall KeePass.lnk
C:\DOCUME~1\MIRIAM~1\LOCALS~1\Temp\smtmp\1\Programs\LAN Setting Utility\LAN Setting Utility Help.lnk
C:\DOCUME~1\MIRIAM~1\LOCALS~1\Temp\smtmp\1\Programs\LAN Setting Utility\LAN Setting Utility.lnk
C:\DOCUME~1\MIRIAM~1\LOCALS~1\Temp\smtmp\1\Programs\Malwarebytes' Anti-Malware\Malwarebytes' Anti-Malware Help.lnk
C:\DOCUME~1\MIRIAM~1\LOCALS~1\Temp\smtmp\1\Programs\Malwarebytes' Anti-Malware\Malwarebytes' Anti-Malware.lnk
C:\DOCUME~1\MIRIAM~1\LOCALS~1\Temp\smtmp\1\Programs\Malwarebytes' Anti-Malware\Uninstall Malwarebytes' Anti-Malware.lnk
C:\DOCUME~1\MIRIAM~1\LOCALS~1\Temp\smtmp\1\Programs\Memory Stick Utility\Memory Stick Formatter Help.lnk
C:\DOCUME~1\MIRIAM~1\LOCALS~1\Temp\smtmp\1\Programs\Memory Stick Utility\Memory Stick Formatter.lnk
C:\DOCUME~1\MIRIAM~1\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Digital Image Starter Edition 2006\Microsoft Digital Image Starter Edition 2006 Editor.lnk
C:\DOCUME~1\MIRIAM~1\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Digital Image Starter Edition 2006\Microsoft Digital Image Starter Edition 2006 Library.lnk
C:\DOCUME~1\MIRIAM~1\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Digital Image Starter Edition 2006\Microsoft Photo Story 3.1.lnk
C:\DOCUME~1\MIRIAM~1\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office Excel 2007.lnk
C:\DOCUME~1\MIRIAM~1\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office PowerPoint 2007.lnk
C:\DOCUME~1\MIRIAM~1\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office Publisher 2007.lnk
C:\DOCUME~1\MIRIAM~1\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office Word 2007.lnk
C:\DOCUME~1\MIRIAM~1\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office Tools\Digital Certificate for VBA Projects.lnk
C:\DOCUME~1\MIRIAM~1\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office Tools\Microsoft Clip Organizer.lnk
C:\DOCUME~1\MIRIAM~1\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office Tools\Microsoft Office 2007 Language Settings.lnk
C:\DOCUME~1\MIRIAM~1\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office Tools\Microsoft Office Diagnostics.lnk
C:\DOCUME~1\MIRIAM~1\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office Tools\Microsoft Office Picture Manager.lnk
C:\DOCUME~1\MIRIAM~1\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Office Live Add-in\Office Live Add-in Help.lnk
C:\DOCUME~1\MIRIAM~1\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Office Live Add-in\Office Live Workspace.lnk
C:\DOCUME~1\MIRIAM~1\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Silverlight\Microsoft Silverlight.lnk
C:\DOCUME~1\MIRIAM~1\LOCALS~1\Temp\smtmp\1\Programs\Microsoft SQL Server 2005\Configuration Tools\SQL Server Configuration Manager.lnk
C:\DOCUME~1\MIRIAM~1\LOCALS~1\Temp\smtmp\1\Programs\Microsoft SQL Server 2005\Configuration Tools\SQL Server Error and Usage Reporting.lnk
C:\DOCUME~1\MIRIAM~1\LOCALS~1\Temp\smtmp\1\Programs\Microsoft SQL Server 2005\Configuration Tools\SQL Server Surface Area Configuration.lnk
C:\DOCUME~1\MIRIAM~1\LOCALS~1\Temp\smtmp\1\Programs\Microsoft SQL Server 2008\Import and Export Data (32-bit).lnk
C:\DOCUME~1\MIRIAM~1\LOCALS~1\Temp\smtmp\1\Programs\Microsoft SQL Server 2008\Configuration Tools\SQL Server Configuration Manager.lnk
C:\DOCUME~1\MIRIAM~1\LOCALS~1\Temp\smtmp\1\Programs\Microsoft SQL Server 2008\Configuration Tools\SQL Server Error and Usage Reporting.lnk
C:\DOCUME~1\MIRIAM~1\LOCALS~1\Temp\smtmp\1\Programs\Microsoft SQL Server 2008\Configuration Tools\SQL Server Installation Center.lnk
C:\DOCUME~1\MIRIAM~1\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Works\Getting Started.lnk
C:\DOCUME~1\MIRIAM~1\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Works\Microsoft Works Calendar.lnk
C:\DOCUME~1\MIRIAM~1\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Works\Microsoft Works Database.lnk
C:\DOCUME~1\MIRIAM~1\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Works\Microsoft Works Portfolio.lnk
C:\DOCUME~1\MIRIAM~1\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Works\Microsoft Works Spreadsheet.lnk
C:\DOCUME~1\MIRIAM~1\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Works\Microsoft Works Task Launcher.lnk
C:\DOCUME~1\MIRIAM~1\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Works\Microsoft Works Word Processor.lnk
C:\DOCUME~1\MIRIAM~1\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Works\Windows Address Book.lnk
C:\DOCUME~1\MIRIAM~1\LOCALS~1\Temp\smtmp\1\Programs\Norton Security Suite\LiveUpdate.LNK
C:\DOCUME~1\MIRIAM~1\LOCALS~1\Temp\smtmp\1\Programs\Norton Security Suite\Norton Security Suite.LNK
C:\DOCUME~1\MIRIAM~1\LOCALS~1\Temp\smtmp\1\Programs\Norton Security Suite\Support.LNK
C:\DOCUME~1\MIRIAM~1\LOCALS~1\Temp\smtmp\1\Programs\Norton Security Suite\Uninstall Norton Security Suite.LNK
C:\DOCUME~1\MIRIAM~1\LOCALS~1\Temp\smtmp\1\Programs\Photo!\Photo! 3D Album\Configure screen saver.lnk
C:\DOCUME~1\MIRIAM~1\LOCALS~1\Temp\smtmp\1\Programs\Photo!\Photo! 3D Album\Photo! 3D Album on the Web.url
C:\DOCUME~1\MIRIAM~1\LOCALS~1\Temp\smtmp\1\Programs\Photo!\Photo! 3D Album\Photo! 3D Album.lnk
C:\DOCUME~1\MIRIAM~1\LOCALS~1\Temp\smtmp\1\Programs\Photo!\Photo! 3D Album\Photo! 3D ScreenSaver Help.lnk
C:\DOCUME~1\MIRIAM~1\LOCALS~1\Temp\smtmp\1\Programs\Photo!\Photo! 3D Album\Photo! 3D ScreenSaver on the Web.url
C:\DOCUME~1\MIRIAM~1\LOCALS~1\Temp\smtmp\1\Programs\Photo!\Photo! 3D Album\Run screen saver.lnk
C:\DOCUME~1\MIRIAM~1\LOCALS~1\Temp\smtmp\1\Programs\Photo!\Photo! 3D Album\Uninstall Photo! 3D Album.lnk
C:\DOCUME~1\MIRIAM~1\LOCALS~1\Temp\smtmp\1\Programs\Protector Suite QL\Fingerprint Tutorial.lnk
C:\DOCUME~1\MIRIAM~1\LOCALS~1\Temp\smtmp\1\Programs\Protector Suite QL\Help.lnk
C:\DOCUME~1\MIRIAM~1\LOCALS~1\Temp\smtmp\1\Programs\Protector Suite QL\My Safe.lnk
C:\DOCUME~1\MIRIAM~1\LOCALS~1\Temp\smtmp\1\Programs\Protector Suite QL\Welcome.lnk
C:\DOCUME~1\MIRIAM~1\LOCALS~1\Temp\smtmp\1\Programs\Quicken 2006\Billminder.lnk
C:\DOCUME~1\MIRIAM~1\LOCALS~1\Temp\smtmp\1\Programs\Quicken 2006\Quicken 2006.lnk
C:\DOCUME~1\MIRIAM~1\LOCALS~1\Temp\smtmp\1\Programs\Quicken 2006\TurboTax Online.lnk
C:\DOCUME~1\MIRIAM~1\LOCALS~1\Temp\smtmp\1\Programs\Quicken 2006\What's New In Quicken 2006.lnk
C:\DOCUME~1\MIRIAM~1\LOCALS~1\Temp\smtmp\1\Programs\QuickTime\About QuickTime.lnk
C:\DOCUME~1\MIRIAM~1\LOCALS~1\Temp\smtmp\1\Programs\QuickTime\PictureViewer.lnk
C:\DOCUME~1\MIRIAM~1\LOCALS~1\Temp\smtmp\1\Programs\QuickTime\QuickTime Player.lnk
C:\DOCUME~1\MIRIAM~1\LOCALS~1\Temp\smtmp\1\Programs\QuickTime\Uninstall QuickTime.lnk
C:\DOCUME~1\MIRIAM~1\LOCALS~1\Temp\smtmp\1\Programs\Roxio\DigitalMedia Home.lnk
C:\DOCUME~1\MIRIAM~1\LOCALS~1\Temp\smtmp\1\Programs\ScanSoft OmniPage SE 4\OmniPage SE 4.lnk
C:\DOCUME~1\MIRIAM~1\LOCALS~1\Temp\smtmp\1\Programs\ScanSoft OmniPage SE 4\Scanner Setup Wizard.lnk
C:\DOCUME~1\MIRIAM~1\LOCALS~1\Temp\smtmp\1\Programs\ScanSoft OmniPage SE 4\Guide\User's Guide.lnk
C:\DOCUME~1\MIRIAM~1\LOCALS~1\Temp\smtmp\1\Programs\Security Task Manager\Help.lnk
C:\DOCUME~1\MIRIAM~1\LOCALS~1\Temp\smtmp\1\Programs\Security Task Manager\Manual.lnk
C:\DOCUME~1\MIRIAM~1\LOCALS~1\Temp\smtmp\1\Programs\Security Task Manager\Purchase Security Task Manager Now!.lnk
C:\DOCUME~1\MIRIAM~1\LOCALS~1\Temp\smtmp\1\Programs\Security Task Manager\Security Task Manager.lnk
C:\DOCUME~1\MIRIAM~1\LOCALS~1\Temp\smtmp\1\Programs\Security Task Manager\Spy Protector.lnk
C:\DOCUME~1\MIRIAM~1\LOCALS~1\Temp\smtmp\1\Programs\Security Task Manager\Uninstall.lnk
C:\DOCUME~1\MIRIAM~1\LOCALS~1\Temp\smtmp\1\Programs\SoftPro\Pro1099.lnk
C:\DOCUME~1\MIRIAM~1\LOCALS~1\Temp\smtmp\1\Programs\SoftPro\ProDesign.lnk
C:\DOCUME~1\MIRIAM~1\LOCALS~1\Temp\smtmp\1\Programs\SoftPro\ProForm.lnk
C:\DOCUME~1\MIRIAM~1\LOCALS~1\Temp\smtmp\1\Programs\SoftPro\ProIndx.lnk
C:\DOCUME~1\MIRIAM~1\LOCALS~1\Temp\smtmp\1\Programs\SoftPro\ProMort.lnk
C:\DOCUME~1\MIRIAM~1\LOCALS~1\Temp\smtmp\1\Programs\SoftPro\ProScheduler.lnk
C:\DOCUME~1\MIRIAM~1\LOCALS~1\Temp\smtmp\1\Programs\SoftPro\ProTrust.lnk
C:\DOCUME~1\MIRIAM~1\LOCALS~1\Temp\smtmp\1\Programs\SoftPro\SPImage.lnk
C:\DOCUME~1\MIRIAM~1\LOCALS~1\Temp\smtmp\1\Programs\SoftPro\Tools\eProRemit.lnk
C:\DOCUME~1\MIRIAM~1\LOCALS~1\Temp\smtmp\1\Programs\SoftPro\Tools\PositivePay.lnk
C:\DOCUME~1\MIRIAM~1\LOCALS~1\Temp\smtmp\1\Programs\SoftPro\Tools\ProClear.lnk
C:\DOCUME~1\MIRIAM~1\LOCALS~1\Temp\smtmp\1\Programs\SoftPro\Tools\ProForm Data Collector.lnk
C:\DOCUME~1\MIRIAM~1\LOCALS~1\Temp\smtmp\1\Programs\SoftPro\Tools\SoftPro Admin.lnk
C:\DOCUME~1\MIRIAM~1\LOCALS~1\Temp\smtmp\1\Programs\Software995\Pdf995 Readme.lnk
C:\DOCUME~1\MIRIAM~1\LOCALS~1\Temp\smtmp\1\Programs\Software995\pdfedit995.lnk
C:\DOCUME~1\MIRIAM~1\LOCALS~1\Temp\smtmp\1\Programs\Software995\Software995.com.lnk
C:\DOCUME~1\MIRIAM~1\LOCALS~1\Temp\smtmp\1\Programs\SonicStage\SonicStage Backup Tool.lnk
C:\DOCUME~1\MIRIAM~1\LOCALS~1\Temp\smtmp\1\Programs\SonicStage\SonicStage File Conversion Tool.lnk
C:\DOCUME~1\MIRIAM~1\LOCALS~1\Temp\smtmp\1\Programs\SonicStage\SonicStage Help.lnk
C:\DOCUME~1\MIRIAM~1\LOCALS~1\Temp\smtmp\1\Programs\SonicStage\SonicStage Readme.lnk
C:\DOCUME~1\MIRIAM~1\LOCALS~1\Temp\smtmp\1\Programs\SonicStage\SonicStage.lnk
C:\DOCUME~1\MIRIAM~1\LOCALS~1\Temp\smtmp\1\Programs\SonicStage Mastering Studio\Audio Filter Help.lnk
C:\DOCUME~1\MIRIAM~1\LOCALS~1\Temp\smtmp\1\Programs\SonicStage Mastering Studio\Audio Filter Readme.lnk
C:\DOCUME~1\MIRIAM~1\LOCALS~1\Temp\smtmp\1\Programs\SonicStage Mastering Studio\Audio Filter.lnk
C:\DOCUME~1\MIRIAM~1\LOCALS~1\Temp\smtmp\1\Programs\SonicStage Mastering Studio\DSD Direct Help.lnk
C:\DOCUME~1\MIRIAM~1\LOCALS~1\Temp\smtmp\1\Programs\SonicStage Mastering Studio\DSD Direct.lnk
C:\DOCUME~1\MIRIAM~1\LOCALS~1\Temp\smtmp\1\Programs\SonicStage Mastering Studio\DSD Playback Plug-in Readme.lnk
C:\DOCUME~1\MIRIAM~1\LOCALS~1\Temp\smtmp\1\Programs\SonicStage Mastering Studio\SonicStage Mastering Studio Help.lnk
C:\DOCUME~1\MIRIAM~1\LOCALS~1\Temp\smtmp\1\Programs\SonicStage Mastering Studio\SonicStage Mastering Studio Readme.lnk
C:\DOCUME~1\MIRIAM~1\LOCALS~1\Temp\smtmp\1\Programs\SonicStage Mastering Studio\SonicStage Mastering Studio.lnk
C:\DOCUME~1\MIRIAM~1\LOCALS~1\Temp\smtmp\1\Programs\Sony Pictures Games\Visit Sony Pictures Games.url
C:\DOCUME~1\MIRIAM~1\LOCALS~1\Temp\smtmp\1\Programs\Startup\desktop.ini
C:\DOCUME~1\MIRIAM~1\LOCALS~1\Temp\smtmp\1\Programs\Suite Multimedia de NEXTEL\Centro de Fotos Video de NEXTEL.lnk
C:\DOCUME~1\MIRIAM~1\LOCALS~1\Temp\smtmp\1\Programs\Suite Multimedia de NEXTEL\Centro de Musica de NEXTEL.lnk
C:\DOCUME~1\MIRIAM~1\LOCALS~1\Temp\smtmp\1\Programs\Suite Multimedia de NEXTEL\Desinstalar Suite Multimedia de NEXTEL.lnk
C:\DOCUME~1\MIRIAM~1\LOCALS~1\Temp\smtmp\1\Programs\Suite Multimedia de NEXTEL\Suite Multimedia de NEXTEL.lnk
C:\DOCUME~1\MIRIAM~1\LOCALS~1\Temp\smtmp\1\Programs\TestGen\TestGen Plug-in\Test the plug-in in IE.lnk
C:\DOCUME~1\MIRIAM~1\LOCALS~1\Temp\smtmp\1\Programs\VAIO Hardware Diagnostics\VAIO Hardware Diagnostics Help.lnk
C:\DOCUME~1\MIRIAM~1\LOCALS~1\Temp\smtmp\1\Programs\VAIO Hardware Diagnostics\VAIO Hardware Diagnostics.lnk
C:\DOCUME~1\MIRIAM~1\LOCALS~1\Temp\smtmp\1\Programs\VAIO Media\Help.lnk
C:\DOCUME~1\MIRIAM~1\LOCALS~1\Temp\smtmp\1\Programs\VAIO Media\Install VAIO Media on other VAIO PCs.lnk
C:\DOCUME~1\MIRIAM~1\LOCALS~1\Temp\smtmp\1\Programs\VAIO Media\Register to VAIO Servers.lnk
C:\DOCUME~1\MIRIAM~1\LOCALS~1\Temp\smtmp\1\Programs\VAIO Media\VAIO Media Readme.lnk
C:\DOCUME~1\MIRIAM~1\LOCALS~1\Temp\smtmp\1\Programs\VAIO Media\VAIO Media Setup.lnk
C:\DOCUME~1\MIRIAM~1\LOCALS~1\Temp\smtmp\1\Programs\VAIO Media\VAIO Media.lnk
C:\DOCUME~1\MIRIAM~1\LOCALS~1\Temp\smtmp\1\Programs\VAIO Media\Server Administration\VAIO Media Console Help.lnk
C:\DOCUME~1\MIRIAM~1\LOCALS~1\Temp\smtmp\1\Programs\VAIO Media\Server Administration\VAIO Media Console.lnk
C:\DOCUME~1\MIRIAM~1\LOCALS~1\Temp\smtmp\1\Programs\VAIO Media\Server Administration\VAIO Media Integrated Server Readme.lnk
C:\DOCUME~1\MIRIAM~1\LOCALS~1\Temp\smtmp\1\Programs\VAIO Power Management\Optimize Battery Use.lnk
C:\DOCUME~1\MIRIAM~1\LOCALS~1\Temp\smtmp\1\Programs\VAIO Power Management\VAIO Power Management Help.lnk
C:\DOCUME~1\MIRIAM~1\LOCALS~1\Temp\smtmp\1\Programs\VAIO Power Management\VAIO Power Management Viewer.lnk
C:\DOCUME~1\MIRIAM~1\LOCALS~1\Temp\smtmp\1\Programs\VAIO Wireless LAN Setup Utility\VAIO Wireless LAN Setup Utility.lnk
C:\DOCUME~1\MIRIAM~1\LOCALS~1\Temp\smtmp\1\Programs\Walgreens\Uninstall W Photo Studio.lnk
C:\DOCUME~1\MIRIAM~1\LOCALS~1\Temp\smtmp\1\Programs\Walgreens\W Photo Studio.lnk
C:\DOCUME~1\MIRIAM~1\LOCALS~1\Temp\smtmp\1\Programs\Windows Live\Windows Live Call.lnk
C:\DOCUME~1\MIRIAM~1\LOCALS~1\Temp\smtmp\1\Programs\Windows Live\Windows Live Family Safety.lnk
C:\DOCUME~1\MIRIAM~1\LOCALS~1\Temp\smtmp\1\Programs\Windows Live\Windows Live Home.lnk
C:\DOCUME~1\MIRIAM~1\LOCALS~1\Temp\smtmp\1\Programs\Windows Live\Windows Live Mail.lnk
C:\DOCUME~1\MIRIAM~1\LOCALS~1\Temp\smtmp\1\Programs\Windows Live\Windows Live Messenger .lnk
C:\DOCUME~1\MIRIAM~1\LOCALS~1\Temp\smtmp\1\Programs\Windows Live\Windows Live Photo Gallery.lnk
C:\DOCUME~1\MIRIAM~1\LOCALS~1\Temp\smtmp\1\Programs\Windows Live\Windows Live Writer.lnk
C:\DOCUME~1\MIRIAM~1\LOCALS~1\Temp\smtmp\1\Programs\WinPatrol\Uninstall WinPatrol.lnk
C:\DOCUME~1\MIRIAM~1\LOCALS~1\Temp\smtmp\1\Programs\WinPatrol\WinPatrol Explorer.lnk
C:\DOCUME~1\MIRIAM~1\LOCALS~1\Temp\smtmp\1\Programs\WinPatrol\WinPatrol Help.lnk
C:\DOCUME~1\MIRIAM~1\LOCALS~1\Temp\smtmp\1\Programs\WinPatrol\WinPatrol.lnk
C:\DOCUME~1\MIRIAM~1\LOCALS~1\Temp\smtmp\1\Programs\WinRAR\Console RAR manual.lnk
C:\DOCUME~1\MIRIAM~1\LOCALS~1\Temp\smtmp\1\Programs\WinRAR\WinRAR help.lnk
C:\DOCUME~1\MIRIAM~1\LOCALS~1\Temp\smtmp\1\Programs\WinRAR\WinRAR.lnk
C:\DOCUME~1\MIRIAM~1\LOCALS~1\Temp\smtmp\1\Programs\WinSCP\WinSCP.lnk
C:\DOCUME~1\MIRIAM~1\LOCALS~1\Temp\smtmp\1\Programs\WinSCP\Key tools\Pageant Manual.lnk
C:\DOCUME~1\MIRIAM~1\LOCALS~1\Temp\smtmp\1\Programs\WinSCP\Key tools\Pageant.lnk
C:\DOCUME~1\MIRIAM~1\LOCALS~1\Temp\smtmp\1\Programs\WinSCP\Key tools\PuTTYgen Manual.lnk
C:\DOCUME~1\MIRIAM~1\LOCALS~1\Temp\smtmp\1\Programs\WinSCP\Key tools\PuTTYgen.lnk
C:\DOCUME~1\MIRIAM~1\LOCALS~1\Temp\smtmp\1\Programs\Xvid\Check for Updates.lnk
C:\DOCUME~1\MIRIAM~1\LOCALS~1\Temp\smtmp\1\Programs\Xvid\Configure Decoder.lnk
C:\DOCUME~1\MIRIAM~1\LOCALS~1\Temp\smtmp\1\Programs\Xvid\Configure Encoder.lnk
C:\DOCUME~1\MIRIAM~1\LOCALS~1\Temp\smtmp\1\Programs\Xvid\Nic's FourCC Changer.lnk
C:\DOCUME~1\MIRIAM~1\LOCALS~1\Temp\smtmp\1\Programs\Xvid\Quantization Matrices.lnk
C:\DOCUME~1\MIRIAM~1\LOCALS~1\Temp\smtmp\1\Programs\Xvid\Release Notes.lnk
C:\DOCUME~1\MIRIAM~1\LOCALS~1\Temp\smtmp\1\Programs\Xvid\Some Quantization Matrices.lnk
C:\DOCUME~1\MIRIAM~1\LOCALS~1\Temp\smtmp\1\Programs\Xvid\StatsReader 2.1.lnk
C:\DOCUME~1\MIRIAM~1\LOCALS~1\Temp\smtmp\1\Programs\Xvid\StatsReader Notes.lnk
C:\DOCUME~1\MIRIAM~1\LOCALS~1\Temp\smtmp\1\Programs\Xvid\Uninstall Xvid Video Codec.lnk
C:\DOCUME~1\MIRIAM~1\LOCALS~1\Temp\smtmp\1\Programs\Xvid\Uninstall Xvid.lnk
C:\DOCUME~1\MIRIAM~1\LOCALS~1\Temp\smtmp\1\Programs\Xvid\VIDC Cleaner.lnk
C:\DOCUME~1\MIRIAM~1\LOCALS~1\Temp\smtmp\1\Programs\Xvid\Xvid Homepage.url
C:\DOCUME~1\MIRIAM~1\LOCALS~1\Temp\smtmp\1\Programs\Xvid\Web Links\Doom10.lnk
C:\DOCUME~1\MIRIAM~1\LOCALS~1\Temp\smtmp\1\Programs\Xvid\Web Links\Doom9.lnk
C:\DOCUME~1\MIRIAM~1\LOCALS~1\Temp\smtmp\1\Programs\Xvid\Web Links\ffdshow Homepage.lnk
C:\DOCUME~1\MIRIAM~1\LOCALS~1\Temp\smtmp\1\Programs\Xvid\Web Links\Jawor's Homepage.lnk
C:\DOCUME~1\MIRIAM~1\LOCALS~1\Temp\smtmp\1\Programs\Xvid\Web Links\VideoAudio.PL.lnk
C:\DOCUME~1\MIRIAM~1\LOCALS~1\Temp\smtmp\1\Programs\Xvid\Web Links\Xvid Homepage.lnk
C:\DOCUME~1\MIRIAM~1\LOCALS~1\Temp\smtmp\1\VAIO Recovery\VAIO Recovery.lnk
C:\DOCUME~1\MIRIAM~1\LOCALS~1\Temp\smtmp\1\VAIO Recovery\VAIO Recovery Tools\Create Recovery Discs.lnk
C:\DOCUME~1\MIRIAM~1\LOCALS~1\Temp\smtmp\1\VAIO Recovery\VAIO Recovery Tools\Reinstall Applications or Drivers.lnk
C:\DOCUME~1\MIRIAM~1\LOCALS~1\Temp\smtmp\1\VAIO Recovery\VAIO Recovery Tools\Restore C Drive.lnk
C:\DOCUME~1\MIRIAM~1\LOCALS~1\Temp\smtmp\1\VAIO Recovery\VAIO Recovery Tools\Restore Complete System.lnk
C:\DOCUME~1\MIRIAM~1\LOCALS~1\Temp\smtmp\1\VAIO Recovery\VAIO Recovery Tools\Restore Windows Only.lnk
321 File(s) copied
C:\Documents and Settings\Miriam Nunez\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Miriam Nunez\Desktop\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C >
C:\DOCUME~1\MIRIAM~1\LOCALS~1\Temp\smtmp\2\Apple Safari.lnk
C:\DOCUME~1\MIRIAM~1\LOCALS~1\Temp\smtmp\2\desktop.ini
C:\DOCUME~1\MIRIAM~1\LOCALS~1\Temp\smtmp\2\Google Chrome.lnk
C:\DOCUME~1\MIRIAM~1\LOCALS~1\Temp\smtmp\2\KeePass.lnk
C:\DOCUME~1\MIRIAM~1\LOCALS~1\Temp\smtmp\2\Launch Internet Explorer Browser.lnk
C:\DOCUME~1\MIRIAM~1\LOCALS~1\Temp\smtmp\2\Microsoft Office Outlook.lnk
C:\DOCUME~1\MIRIAM~1\LOCALS~1\Temp\smtmp\2\Show Desktop.scf
C:\DOCUME~1\MIRIAM~1\LOCALS~1\Temp\smtmp\2\System Recovery.lnk
C:\DOCUME~1\MIRIAM~1\LOCALS~1\Temp\smtmp\2\Windows Media Player.lnk
9 File(s) copied
C:\Documents and Settings\Miriam Nunez\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Miriam Nunez\Desktop\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C >
0 File(s) copied
C:\Documents and Settings\Miriam Nunez\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Miriam Nunez\Desktop\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C >
C:\DOCUME~1\MIRIAM~1\LOCALS~1\Temp\smtmp\4\Adobe Reader X.lnk
C:\DOCUME~1\MIRIAM~1\LOCALS~1\Temp\smtmp\4\AVG 2011.lnk
C:\DOCUME~1\MIRIAM~1\LOCALS~1\Temp\smtmp\4\Claro Internet.lnk
C:\DOCUME~1\MIRIAM~1\LOCALS~1\Temp\smtmp\4\iTunes.lnk
C:\DOCUME~1\MIRIAM~1\LOCALS~1\Temp\smtmp\4\Malwarebytes' Anti-Malware.lnk
C:\DOCUME~1\MIRIAM~1\LOCALS~1\Temp\smtmp\4\Motorola_i1.lnk
C:\DOCUME~1\MIRIAM~1\LOCALS~1\Temp\smtmp\4\QuickTime Player.lnk
C:\DOCUME~1\MIRIAM~1\LOCALS~1\Temp\smtmp\4\Safari.lnk
C:\DOCUME~1\MIRIAM~1\LOCALS~1\Temp\smtmp\4\Suite Multimedia de NEXTEL.lnk
C:\DOCUME~1\MIRIAM~1\LOCALS~1\Temp\smtmp\4\www.RouterLogin.com.url
10 File(s) copied
C:\Documents and Settings\Miriam Nunez\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Miriam Nunez\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.27.0 log created on 09122011_083325

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

__________________________________________________________________________________________________________________________________

ComboFix 11-09-12.03 - Miriam Nunez 09/12/2011 17:06:54.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1267 [GMT -4:00]
Running from: c:\documents and settings\Miriam Nunez\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory
c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory\DiscStreamHub.exe.fddeaf63.ini.inuse
c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory\MsiExec.exe.8cb23528.ini.inuse
c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory\ngen.exe.2c05686e.ini
c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory\SL3C.tmp.d00684d9.ini
c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory\VSC.exe.fc8fbd43.ini
c:\documents and settings\LogMeInRemoteUser\Local Settings\Application Data\ApplicationHistory
c:\documents and settings\LogMeInRemoteUser\Local Settings\Application Data\ApplicationHistory\DiscStreamHub.exe.fddeaf63.ini.inuse
c:\documents and settings\LogMeInRemoteUser\Local Settings\Application Data\ApplicationHistory\MsiExec.exe.8cb23528.ini.inuse
c:\documents and settings\LogMeInRemoteUser\Local Settings\Application Data\ApplicationHistory\ngen.exe.2c05686e.ini
c:\documents and settings\LogMeInRemoteUser\Local Settings\Application Data\ApplicationHistory\SL3C.tmp.d00684d9.ini
c:\documents and settings\LogMeInRemoteUser\Local Settings\Application Data\ApplicationHistory\VSC.exe.fc8fbd43.ini
c:\documents and settings\Miriam Nunez\Application Data\facemoods.com
c:\documents and settings\Miriam Nunez\Application Data\Microsoft\Internet Explorer\Quick Launch\System Recovery.lnk
c:\documents and settings\Miriam Nunez\Desktop\System Recovery.lnk
c:\documents and settings\Miriam Nunez\Local Settings\Application Data\ApplicationHistory
c:\documents and settings\Miriam Nunez\Local Settings\Application Data\ApplicationHistory\AdminTools.exe.1d9e1e09.ini
c:\documents and settings\Miriam Nunez\Local Settings\Application Data\ApplicationHistory\DISCoverSA.exe.77f932e2.ini
c:\documents and settings\Miriam Nunez\Local Settings\Application Data\ApplicationHistory\DiscStreamHub.exe.fddeaf63.ini.inuse
c:\documents and settings\Miriam Nunez\Local Settings\Application Data\ApplicationHistory\Encompass.exe.59519314.ini
c:\documents and settings\Miriam Nunez\Local Settings\Application Data\ApplicationHistory\INSTAL~1.EXE.39d1ca0a.ini
c:\documents and settings\Miriam Nunez\Local Settings\Application Data\ApplicationHistory\MSI56.tmp.579f421b.ini
c:\documents and settings\Miriam Nunez\Local Settings\Application Data\ApplicationHistory\MsiExec.exe.8cb23528.ini.inuse
c:\documents and settings\Miriam Nunez\Local Settings\Application Data\ApplicationHistory\myFTP.exe.c6bc28d9.ini
c:\documents and settings\Miriam Nunez\Local Settings\Application Data\ApplicationHistory\ngen.exe.2c05686e.ini
c:\documents and settings\Miriam Nunez\Local Settings\Application Data\ApplicationHistory\ngen.exe.e0eabba6.ini
c:\documents and settings\Miriam Nunez\Local Settings\Application Data\ApplicationHistory\PERMIS~1.EXE.10b4f3a7.ini
c:\documents and settings\Miriam Nunez\Local Settings\Application Data\ApplicationHistory\RegAsm.exe.9ef1114b.ini
c:\documents and settings\Miriam Nunez\Local Settings\Application Data\ApplicationHistory\SERVER~1.EXE.417da470.ini
c:\documents and settings\Miriam Nunez\Local Settings\Application Data\ApplicationHistory\SL3C.tmp.d00684d9.ini
c:\documents and settings\Miriam Nunez\Local Settings\Application Data\ApplicationHistory\VBU.exe.d6a8a77f.ini
c:\documents and settings\Miriam Nunez\Local Settings\Application Data\ApplicationHistory\VERSIO~2.EXE.3d357d24.ini
c:\documents and settings\Miriam Nunez\Local Settings\Application Data\ApplicationHistory\VersionControl.exe.978b8762.ini
c:\documents and settings\Miriam Nunez\Local Settings\Application Data\ApplicationHistory\VSC.exe.7b5a1892.ini
c:\documents and settings\Miriam Nunez\Local Settings\Application Data\ApplicationHistory\VSC.exe.fc8fbd43.ini
c:\documents and settings\Miriam Nunez\Local Settings\Application Data\ApplicationHistory\WiseCustomCalla21.exe.65b0527b.ini
c:\documents and settings\Miriam Nunez\Local Settings\Application Data\ApplicationHistory\WiseCustomCalla21.exe.8c42811c.ini
c:\documents and settings\Miriam Nunez\Local Settings\Application Data\ApplicationHistory\WiseCustomCalla21.exe.c39e4ac5.ini
c:\documents and settings\Miriam Nunez\Local Settings\Application Data\ApplicationHistory\WiseCustomCalla21.exe.dc293c67.ini
c:\documents and settings\Miriam Nunez\Local Settings\Application Data\ApplicationHistory\WiseCustomCalla29.exe.aba57924.ini
c:\documents and settings\Miriam Nunez\Local Settings\Application Data\ApplicationHistory\WiseCustomCalla29.exe.e30142cd.ini
c:\documents and settings\Miriam Nunez\Local Settings\Application Data\ApplicationHistory\WiseCustomCalla31.exe.a26ee25b.ini
c:\documents and settings\Miriam Nunez\Local Settings\Application Data\ApplicationHistory\WiseCustomCalla31.exe.d9caac04.ini
c:\documents and settings\Miriam Nunez\Start Menu\Programs\System Recovery
c:\documents and settings\Miriam Nunez\Start Menu\Programs\System Recovery\System Recovery.lnk
c:\documents and settings\Miriam Nunez\Start Menu\Programs\System Recovery\Uninstall System Recovery.lnk
c:\documents and settings\Miriam Nunez\WINDOWS
c:\program files\facemoods.com
c:\program files\facemoods.com\facemoods\1.4.17.6\bh\facemoods.dll
c:\program files\facemoods.com\facemoods\1.4.17.6\facemoods.crx
c:\program files\facemoods.com\facemoods\1.4.17.6\facemoods.png
c:\program files\facemoods.com\facemoods\1.4.17.6\facemoodsApp.dll
c:\program files\facemoods.com\facemoods\1.4.17.6\facemoodsEng.dll
c:\program files\facemoods.com\facemoods\1.4.17.6\facemoodssrv.exe
c:\program files\facemoods.com\facemoods\1.4.17.6\facemoodsTlbr.dll
c:\program files\facemoods.com\facemoods\1.4.17.6\uninstall.exe
c:\program files\facemoods.com\sqlite3.dll
c:\windows\dasetup.log
c:\windows\kb835221.exe
c:\windows\setup.exe
c:\windows\system32\Cache
c:\windows\system32\comct332.ocx
c:\windows\system32\config\systemprofile\Local Settings\Application Data\ApplicationHistory
c:\windows\system32\config\systemprofile\Local Settings\Application Data\ApplicationHistory\DiscStreamHub.exe.fddeaf63.ini.inuse
c:\windows\system32\config\systemprofile\Local Settings\Application Data\ApplicationHistory\MsiExec.exe.8cb23528.ini.inuse
c:\windows\system32\config\systemprofile\Local Settings\Application Data\ApplicationHistory\ngen.exe.2c05686e.ini
c:\windows\system32\config\systemprofile\Local Settings\Application Data\ApplicationHistory\SL3C.tmp.d00684d9.ini
c:\windows\system32\config\systemprofile\Local Settings\Application Data\ApplicationHistory\VSC.exe.fc8fbd43.ini
c:\windows\system32\setup.ini
c:\windows\system32\Thumbs.db
c:\windows\windows-kb870669-x86-enu.exe
c:\windows\windowsinstaller-kb893803-v2-x86.exe
c:\windows\windowsmedia-kb911564-x86-enu.exe
c:\windows\windowsmedia10-kb917734-x86-enu.exe
c:\windows\windowsxp-kb307154-x86-enu.exe
c:\windows\windowsxp-kb873339-x86-enu.exe
c:\windows\windowsxp-kb884018-x86-enu.exe
c:\windows\windowsxp-kb884575-x86-enu.exe
c:\windows\windowsxp-kb885250-x86-enu.exe
c:\windows\windowsxp-kb885835-x86-enu.exe
c:\windows\windowsxp-kb885836-x86-enu.exe
c:\windows\windowsxp-kb886185-x86-enu.exe
c:\windows\windowsxp-kb887472-x86-enu.exe
c:\windows\windowsxp-kb887742-x86-enu.exe
c:\windows\windowsxp-kb888113-x86-enu.exe
c:\windows\windowsxp-kb888239-x86-enu.exe
c:\windows\windowsxp-kb888302-x86-enu.exe
c:\windows\windowsxp-kb888402-x86-enu.exe
c:\windows\windowsxp-kb890046-x86-enu.exe
c:\windows\windowsxp-kb890859-x86-enu.exe
c:\windows\windowsxp-kb891781-x86-enu.exe
c:\windows\windowsxp-kb892130-enu-x86.exe
c:\windows\WindowsXP-KB893056-x86-ENU.exe
c:\windows\windowsxp-kb893066-v2-x86-enu.exe
c:\windows\windowsxp-kb893357-v2-x86-enu.exe
c:\windows\windowsxp-kb893756-x86-enu.exe
c:\windows\windowsxp-kb894391-x86-enu.exe
c:\windows\windowsxp-kb896358-x86-enu.exe
c:\windows\windowsxp-kb896422-x86-enu.exe
c:\windows\windowsxp-kb896423-x86-enu.exe
c:\windows\windowsxp-kb896424-x86-enu.exe
c:\windows\windowsxp-kb896428-x86-enu.exe
c:\windows\windowsxp-kb896688-x86-enu.exe
c:\windows\windowsxp-kb896727-x86-enu.exe
c:\windows\windowsxp-kb899587-x86-enu.exe
c:\windows\windowsxp-kb899588-x86-enu.exe
c:\windows\windowsxp-kb899589-x86-enu.exe
c:\windows\windowsxp-kb899591-x86-enu.exe
c:\windows\windowsxp-kb900466-x86-enu.exe
c:\windows\windowsxp-kb900485-v2-x86-enu.exe
c:\windows\windowsxp-kb900725-x86-enu.exe
c:\windows\windowsxp-kb901017-x86-enu.exe
c:\windows\windowsxp-kb901214-x86-enu.exe
c:\windows\windowsxp-kb902400-x86-enu.exe
c:\windows\windowsxp-kb903235-x86-enu.exe
c:\windows\windowsxp-kb904706-x86-enu.exe
c:\windows\windowsxp-kb905414-x86-enu.exe
c:\windows\windowsxp-kb905749-x86-enu.exe
c:\windows\windowsxp-kb905915-x86-enu.exe
c:\windows\windowsxp-kb908519-x86-enu.exe
c:\windows\windowsxp-kb908531-x86-enu.exe
c:\windows\windowsxp-kb909667-x86-enu.exe
c:\windows\windowsxp-kb910728-x86-enu.exe
c:\windows\windowsxp-kb911280-x86-enu.exe
c:\windows\windowsxp-kb911562-x86-enu.exe
c:\windows\windowsxp-kb911567-x86-enu.exe
c:\windows\windowsxp-kb911927-x86-enu.exe
c:\windows\windowsxp-kb912812-x86-enu.exe
c:\windows\windowsxp-kb912919-x86-enu.exe
c:\windows\windowsxp-kb912945-x86-enu.exe
c:\windows\windowsxp-kb914389-x86-enu.exe
c:\windows\windowsxp-kb916281-x86-enu.exe
c:\windows\windowsxp-kb917344-x86-enu.exe
c:\windows\windowsxp-kb917953-x86-enu.exe
c:\windows\windowsxp-kb918439-x86-enu.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-08-12 to 2011-09-12 )))))))))))))))))))))))))))))))
.
.
2011-09-12 12:41 . 2011-07-06 23:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-09-12 12:41 . 2011-09-12 12:41 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-09-12 12:41 . 2011-07-06 23:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-09-12 12:33 . 2011-09-12 12:33 -------- d-----w- C:\_OTL
2011-09-12 11:56 . 2011-09-12 12:27 -------- d-----w- c:\windows\system32\drivers\N360\0305020.00B
2011-09-09 05:18 . 2011-09-09 12:16 -------- d-----w- c:\documents and settings\Miriam Nunez\Application Data\Dropbox
2011-09-06 01:16 . 2011-09-06 01:16 -------- d-----w- c:\program files\iPod
2011-09-06 01:16 . 2011-09-06 01:17 -------- d-----w- c:\program files\iTunes
2011-09-06 01:13 . 2011-09-06 01:13 -------- d-----w- c:\program files\Bonjour
2011-09-06 01:12 . 2011-09-06 01:12 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin7.dll
2011-09-06 01:12 . 2011-09-06 01:12 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin6.dll
2011-09-06 01:12 . 2011-09-06 01:12 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
2011-09-06 01:12 . 2011-09-06 01:12 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
2011-09-06 01:12 . 2011-09-06 01:12 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
2011-09-06 01:12 . 2011-09-06 01:12 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
2011-09-06 01:12 . 2011-09-06 01:12 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll
2011-09-06 01:12 . 2011-09-06 01:12 -------- d-----w- c:\program files\QuickTime
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-12 11:57 . 2008-12-27 23:13 26600 ----a-r- c:\windows\system32\drivers\GEARAspiWDM.sys
2011-09-12 11:57 . 2008-12-27 23:13 107368 ----a-r- c:\windows\system32\GEARAspi.dll
2011-08-15 12:37 . 2011-05-14 11:40 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-12 15:20 . 2011-07-12 15:20 83816 ----a-w- c:\windows\system32\dns-sd.exe
2011-07-12 15:20 . 2011-07-12 15:20 73064 ----a-w- c:\windows\system32\dnssd.dll
2011-07-12 15:20 . 2011-07-12 15:20 178536 ----a-w- c:\windows\system32\dnssdX.dll
2011-07-05 22:37 . 2011-07-05 22:37 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-07-05 22:37 . 2011-07-05 22:37 69632 ----a-w- c:\windows\system32\QuickTime.qts
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Miriam Nunez\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Miriam Nunez\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Miriam Nunez\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Miriam Nunez\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"cdloader"="c:\documents and settings\Miriam Nunez\Application Data\mjusbsp\cdloader2.exe" [2011-05-16 50592]
"InstallIQUpdater"="c:\program files\W3i\InstallIQUpdater\InstallIQUpdater.exe" [2011-08-09 1176064]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Switcher.exe"="c:\program files\Sony\Wireless Switch Setting Utility\Switcher.exe" [2006-02-14 176128]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-02-28 667718]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-02-28 602182]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-12-17 98304]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-12-17 118784]
"EOUApp"="c:\program files\Intel\Wireless\Bin\EOUWiz.exe" [2006-02-28 569413]
"VAIOCameraUtility"="c:\program files\Sony\VAIO Camera Utility\VCUServe.exe" [2005-12-27 69632]
"VAIO Recovery"="c:\windows\Sonysys\VAIO Recovery\PartSeal.exe" [2003-04-20 28672]
"SonyPowerCfg"="c:\program files\Sony\VAIO Power Management\SPMgr.exe" [2006-06-13 217088]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2004-11-18 118784]
"WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2009-07-27 341312]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-12-17 77824]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-06-21 7561216]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-06-06 35736]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-05 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-08-19 421736]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2007-11-22 15:09 87352 ------w- c:\windows\system32\LMIinit.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2006-02-23 01:11 39936 ------w- c:\windows\system32\fusstub.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2006-03-09 21:51 73728 ------w- c:\windows\system32\VESWinlogon.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart
.
[HKLM\~\startupfolder\C:^Documents and Settings^Miriam Nunez^Start Menu^Programs^Startup^VersionTrackerPro.lnk]
path=c:\documents and settings\Miriam Nunez\Start Menu\Programs\Startup\VersionTrackerPro.lnk
backup=c:\windows\pss\VersionTrackerPro.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Sony\\VAIO Event Service\\VESMgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Documents and Settings\\Miriam Nunez\\Application Data\\mjusbsp\\magicJack.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2/22/2011 8:13 AM 22992]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [3/16/2011 4:03 PM 32592]
R0 shpf;Sony HDD Protection Filter Driver;c:\windows\system32\drivers\shpf.sys [7/22/2006 2:31 PM 9216]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [1/7/2011 6:41 AM 248656]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [4/5/2011 12:59 AM 297168]
R2 FdRedir;FdRedir;c:\program files\Common Files\Protector Suite QL\Drivers\FdRedir.sys [2/22/2006 9:13 PM 13440]
R2 FileDisk2;FileDisk Protector Kernel Driver;c:\program files\Common Files\Protector Suite QL\Drivers\filedisk.sys [2/22/2006 9:13 PM 33024]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [7/22/2006 2:31 PM 36352]
R3 SonyImgF;Sony Image Conversion Filter Driver;c:\windows\system32\drivers\SonyImgF.sys [7/22/2006 2:31 PM 30080]
R3 SPI;Sony Programmable I/O Control Device;c:\windows\system32\drivers\SonyPI.sys [7/22/2006 2:31 PM 71961]
R3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [7/22/2006 2:31 PM 226304]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/5/2011 5:01 PM 136176]
S2 LMIInfo;LogMeIn Kernel Information Provider;\??\c:\program files\LogMeIn\x86\RaInfo.sys --> c:\program files\LogMeIn\x86\RaInfo.sys [?]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [4/14/2011 9:28 PM 134480]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2/10/2011 7:53 AM 24144]
S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2/10/2011 7:53 AM 27216]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2/5/2011 5:01 PM 136176]
S3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\drivers\ewusbdev.sys [2/26/2011 12:37 PM 100736]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [9/12/2011 8:41 AM 41272]
S3 MSSQL$EMMSDE;MSSQL$EMMSDE;c:\program files\Microsoft SQL Server\MSSQL$EMMSDE\Binn\sqlservr.exe -sEMMSDE --> c:\program files\Microsoft SQL Server\MSSQL$EMMSDE\Binn\sqlservr.exe -sEMMSDE [?]
S3 SQLAgent$EMMSDE;SQLAgent$EMMSDE;c:\program files\Microsoft SQL Server\MSSQL$EMMSDE\Binn\sqlagent.EXE -i EMMSDE --> c:\program files\Microsoft SQL Server\MSSQL$EMMSDE\Binn\sqlagent.EXE -i EMMSDE [?]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [5/6/2008 4:06 PM 11520]
S4 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG10\Toolbar\ToolbarBroker.exe [5/14/2011 7:23 PM 984392]
S4 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [4/18/2011 5:39 PM 7398752]
S4 avgwd;AVG WatchDog;c:\program files\AVG\AVG10\avgwdsvc.exe [2/8/2011 5:33 AM 269520]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\sqladhlp.exe [7/10/2008 8:28 PM 47128]
S4 RsFx0102;RsFx0102 Driver;c:\windows\system32\drivers\RsFx0102.sys [7/10/2008 2:49 AM 242712]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [7/10/2008 8:28 PM 369688]
S4 WDDMService;WD SmartWare Drive Manager;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [11/13/2009 11:28 AM 110592]
S4 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [6/16/2009 8:58 AM 20480]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WUAUSERV
.
Contents of the 'Scheduled Tasks' folder
.
2011-09-06 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57]
.
2011-09-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-05 13:03]
.
2011-09-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-05 13:03]
.
2011-09-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-566061850-2639588935-750215043-1006Core.job
- c:\documents and settings\Miriam Nunez\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-29 12:11]
.
2011-09-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-566061850-2639588935-750215043-1006UA.job
- c:\documents and settings\Miriam Nunez\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-29 12:11]
.
2011-09-12 c:\windows\Tasks\User_Feed_Synchronization-{FC40E001-0D68-4346-9C53-D4918F78A902}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 08:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
uSearch Page = hxxp://www.google.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = hxxp://www.sony.com/vaiopeople
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
IE: Transfer by Image Converter 2 Plus - c:\program files\Sony\Image Converter 2\menu.htm
TCP: DhcpNameServer = 192.168.1.254
DPF: {85AC0EFC-2CA1-4C1C-82AE-5C31184A13EF} - hxxp://70.155.16.76:82/plugin/h263ctrl.cab
DPF: {8FEED82A-42A6-4117-A803-7EC3EB9339E0} - hxxp://70.155.16.76:82/plugin/client.cab
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-LogMeIn GUI - c:\program files\LogMeIn\x86\LogMeInSystray.exe
AddRemove-facemoods - c:\program files\facemoods.com\facemoods\1.4.17.6\uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-09-12 17:18
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1344)
c:\windows\system32\LMIinit.dll
c:\windows\system32\fusstub.dll
c:\program files\Protector Suite QL\infra.dll
c:\program files\Protector Suite QL\homefus.dll
c:\windows\system32\biologon.dll
c:\program files\Protector Suite QL\homepass.dll
c:\program files\Protector Suite QL\passport.dll
c:\program files\Protector Suite QL\BhTcAll.dll
c:\program files\Protector Suite QL\BhDevTfm.dll
c:\program files\Protector Suite QL\AlgVer.dll
c:\program files\Protector Suite QL\TCBioLib.dll
c:\program files\Protector Suite QL\remote.dll
c:\windows\system32\VESWinlogon.dll
c:\windows\system32\LMIRfsClientNP.dll
.
- - - - - - - > 'explorer.exe'(1012)
c:\windows\system32\WININET.dll
c:\documents and settings\Miriam Nunez\Application Data\Dropbox\bin\DropboxExt.14.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\LMIRfsClientNP.dll
.
------------------------ Other Running Processes ------------------------
.
c:\progra~1\AVG\AVG10\avgchsvx.exe
c:\progra~1\AVG\AVG10\avgrsx.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\inetsrv\inetinfo.exe
c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\System32\snmp.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\Sony\VAIO Event Service\VESMgr.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
c:\program files\Windows Media Player\WMPNetwk.exe
c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\program files\Apoint\Apntex.exe
c:\progra~1\Intel\Wireless\Bin\Dot1XCfg.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2011-09-12 17:27:40 - machine was rebooted
ComboFix-quarantined-files.txt 2011-09-12 21:27
.
Pre-Run: 56,243,040,256 bytes free
Post-Run: 56,479,887,360 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 8F148530F9233A36983AE272F8B5A395

_______________________________________________________________________________________________________________

aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-09-12 17:34:07
-----------------------------
17:34:07.687 OS Version: Windows 5.1.2600 Service Pack 3
17:34:07.687 Number of processors: 2 586 0xF06
17:34:07.687 ComputerName: F52F2867C1364CC UserName: Miriam Nunez
17:34:08.890 Initialize success
17:35:19.437 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e
17:35:19.437 Disk 0 Vendor: ST9120821AS 3.14 Size: 114473MB BusType: 3
17:35:19.437 Disk 1 \Device\Harddisk1\DR3 -> \Device\000000a3
17:35:19.437 Disk 1 Vendor: ( Size: 114473MB BusType: 0
17:35:21.437 Disk 0 MBR read successfully
17:35:21.437 Disk 0 MBR scan
17:35:21.437 Disk 0 Windows XP default MBR code
17:35:21.437 Disk 0 scanning sectors +234436545
17:35:21.531 Disk 0 scanning C:\WINDOWS\system32\drivers
17:35:29.406 Service scanning
17:35:30.593 Modules scanning
17:35:35.531 Scan finished successfully
17:35:48.531 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Miriam Nunez\Desktop\MBR.dat"
17:35:48.531 The log file has been saved successfully to "C:\Documents and Settings\Miriam Nunez\Desktop\aswMBR.txt"

_________________________________________________________________________________________________________________

2011/09/11 20:27:22.0890 4060 TDSS rootkit removing tool 2.5.21.0 Sep 10 2011 21:07:05
2011/09/11 20:27:23.0328 4060 ================================================================================
2011/09/11 20:27:23.0328 4060 SystemInfo:
2011/09/11 20:27:23.0328 4060
2011/09/11 20:27:23.0328 4060 OS Version: 5.1.2600 ServicePack: 3.0
2011/09/11 20:27:23.0328 4060 Product type: Workstation
2011/09/11 20:27:23.0328 4060 ComputerName: F52F2867C1364CC
2011/09/11 20:27:23.0328 4060 UserName: Miriam Nunez
2011/09/11 20:27:23.0328 4060 Windows directory: C:\WINDOWS
2011/09/11 20:27:23.0328 4060 System windows directory: C:\WINDOWS
2011/09/11 20:27:23.0328 4060 Processor architecture: Intel x86
2011/09/11 20:27:23.0328 4060 Number of processors: 2
2011/09/11 20:27:23.0328 4060 Page size: 0x1000
2011/09/11 20:27:23.0328 4060 Boot type: Normal boot
2011/09/11 20:27:23.0328 4060 ================================================================================
2011/09/11 20:27:24.0609 4060 Initialize success
2011/09/11 20:27:26.0234 3928 ================================================================================
2011/09/11 20:27:26.0234 3928 Scan started
2011/09/11 20:27:26.0234 3928 Mode: Manual;
2011/09/11 20:27:26.0234 3928 ================================================================================
2011/09/11 20:27:27.0890 3928 61883 (914a9709fc3bf419ad2f85547f2a4832) C:\WINDOWS\system32\DRIVERS\61883.sys
2011/09/11 20:27:27.0968 3928 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/09/11 20:27:28.0031 3928 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
2011/09/11 20:27:28.0062 3928 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/09/11 20:27:28.0109 3928 AegisP (91f3df93f40a74d222cd166fe95db633) C:\WINDOWS\system32\DRIVERS\AegisP.sys
2011/09/11 20:27:28.0156 3928 AFD (7618d5218f2a614672ec61a80d854a37) C:\WINDOWS\System32\drivers\afd.sys
2011/09/11 20:27:28.0281 3928 ApfiltrService (b21fcbc58cb13bac70f74b5ac5da7409) C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
2011/09/11 20:27:28.0343 3928 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/09/11 20:27:28.0437 3928 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/09/11 20:27:28.0484 3928 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/09/11 20:27:28.0546 3928 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/09/11 20:27:28.0593 3928 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/09/11 20:27:28.0625 3928 Avc (f8e6956a614f15a0860474c5e2a7de6b) C:\WINDOWS\system32\DRIVERS\avc.sys
2011/09/11 20:27:28.0671 3928 AVGIDSDriver (c403e7f715bb0a851a9dfae16ec4ae42) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys
2011/09/11 20:27:28.0718 3928 AVGIDSEH (1af676db3f3d4cc709cfab2571cf5fc3) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys
2011/09/11 20:27:28.0765 3928 AVGIDSFilter (4c51e233c87f9ec7598551de554bc99d) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys
2011/09/11 20:27:28.0796 3928 AVGIDSShim (c3fc426e54f55c1cc3219e415b88e10c) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys
2011/09/11 20:27:28.0859 3928 Avgldx86 (4e796d3d2c3182b13b3e3b5a2ad4ef0a) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
2011/09/11 20:27:28.0875 3928 Avgmfx86 (5639de66b37d02bd22df4cf3155fba60) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
2011/09/11 20:27:28.0906 3928 Avgrkx86 (d1baf652eda0ae70896276a1fb32c2d4) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
2011/09/11 20:27:28.0953 3928 Avgtdix (aaf0ebcad95f2164cffb544e00392498) C:\WINDOWS\system32\DRIVERS\avgtdix.sys
2011/09/11 20:27:29.0015 3928 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/09/11 20:27:29.0359 3928 BHDrvx86 (76154fa6a742c613b44bb636b1a7c057) C:\WINDOWS\System32\Drivers\N360\0308000.029\BHDrvx86.sys
2011/09/11 20:27:29.0687 3928 BVRPMPR5 (a0b1aeb65397adcae5a199bd152c107d) C:\WINDOWS\system32\drivers\BVRPMPR5.SYS
2011/09/11 20:27:29.0750 3928 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/09/11 20:27:29.0796 3928 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/09/11 20:27:29.0843 3928 ccHP (8973ff34b83572d867b5b928905ad5ac) C:\WINDOWS\System32\Drivers\N360\0308000.029\ccHPx86.sys
2011/09/11 20:27:29.0890 3928 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/09/11 20:27:29.0921 3928 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/09/11 20:27:29.0937 3928 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/09/11 20:27:30.0000 3928 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2011/09/11 20:27:30.0078 3928 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2011/09/11 20:27:30.0171 3928 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/09/11 20:27:30.0234 3928 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/09/11 20:27:30.0359 3928 DMICall (526192bf7696f72e29777bf4a180513a) C:\WINDOWS\system32\DRIVERS\DMICall.sys
2011/09/11 20:27:30.0390 3928 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/09/11 20:27:30.0437 3928 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/09/11 20:27:30.0453 3928 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/09/11 20:27:30.0531 3928 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/09/11 20:27:30.0640 3928 eeCtrl (089296aedb9b72b4916ac959752bdc89) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
2011/09/11 20:27:30.0703 3928 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/09/11 20:27:30.0765 3928 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
2011/09/11 20:27:30.0828 3928 FdRedir (59558c6547d0362afb639ac682a9fcc3) C:\Program Files\Common Files\Protector Suite QL\Drivers\FdRedir.sys
2011/09/11 20:27:30.0828 3928 FileDisk2 (30967822edd32fb37f8209500724ae6c) C:\Program Files\Common Files\Protector Suite QL\Drivers\filedisk.sys
2011/09/11 20:27:30.0859 3928 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/09/11 20:27:30.0875 3928 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2011/09/11 20:27:30.0921 3928 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/09/11 20:27:30.0968 3928 fssfltr (c6ee3a87fe609d3e1db9dbd072a248de) C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys
2011/09/11 20:27:31.0015 3928 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/09/11 20:27:31.0046 3928 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/09/11 20:27:31.0078 3928 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2011/09/11 20:27:31.0125 3928 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/09/11 20:27:31.0171 3928 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/09/11 20:27:31.0218 3928 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/09/11 20:27:31.0281 3928 HSFHWAZL (acc46dda7fece95a253ae88cea172e12) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
2011/09/11 20:27:31.0328 3928 HSF_DPV (c9f4e7da78a02623abf78a4a34ce79b1) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
2011/09/11 20:27:31.0437 3928 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/09/11 20:27:31.0500 3928 hwdatacard (20330198554b7ddb44403af21d6ae179) C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys
2011/09/11 20:27:31.0546 3928 hwusbdev (60726cb5f063fb25f8b6b71df34fa1d8) C:\WINDOWS\system32\DRIVERS\ewusbdev.sys
2011/09/11 20:27:31.0625 3928 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/09/11 20:27:31.0703 3928 ialm (bc1f1ff8d5800398937966cdb0a97fdc) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
2011/09/11 20:27:31.0937 3928 IDSxpx86 (74e8463447101ecf0165ddc7e5168b7e) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20101119.001\IDSxpx86.sys
2011/09/11 20:27:32.0031 3928 IFXTPM (0a359837e021bc04a04a6fd189492c65) C:\WINDOWS\system32\DRIVERS\IFXTPM.SYS
2011/09/11 20:27:32.0093 3928 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/09/11 20:27:32.0171 3928 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/09/11 20:27:32.0203 3928 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/09/11 20:27:32.0250 3928 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/09/11 20:27:32.0296 3928 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/09/11 20:27:32.0343 3928 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/09/11 20:27:32.0390 3928 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/09/11 20:27:32.0421 3928 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/09/11 20:27:32.0453 3928 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/09/11 20:27:32.0468 3928 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/09/11 20:27:32.0500 3928 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/09/11 20:27:32.0546 3928 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/09/11 20:27:32.0671 3928 lmimirr (4477689e2d8ae6b78ba34c9af4cc1ed1) C:\WINDOWS\system32\DRIVERS\lmimirr.sys
2011/09/11 20:27:32.0703 3928 LMIRfsDriver (74701f9e50292543e7c2867cdbf4c4a5) C:\WINDOWS\system32\drivers\LMIRfsDriver.sys
2011/09/11 20:27:32.0750 3928 mdmxsdk (e246a32c445056996074a397da56e815) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
2011/09/11 20:27:32.0781 3928 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/09/11 20:27:32.0812 3928 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/09/11 20:27:32.0859 3928 motmodem (fe80c18ba448ddd76b7bead9eb203d37) C:\WINDOWS\system32\DRIVERS\motmodem.sys
2011/09/11 20:27:32.0921 3928 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/09/11 20:27:32.0968 3928 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/09/11 20:27:32.0984 3928 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/09/11 20:27:33.0015 3928 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/09/11 20:27:33.0093 3928 MRxSmb (0ea4d8ed179b75f8afa7998ba22285ca) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/09/11 20:27:33.0140 3928 MSDV (1477849772712bac69c144dcf2c9ce81) C:\WINDOWS\system32\DRIVERS\msdv.sys
2011/09/11 20:27:33.0171 3928 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/09/11 20:27:33.0203 3928 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/09/11 20:27:33.0234 3928 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/09/11 20:27:33.0250 3928 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/09/11 20:27:33.0296 3928 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/09/11 20:27:33.0343 3928 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/09/11 20:27:33.0375 3928 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/09/11 20:27:33.0421 3928 Mvc25U870_VID_1262&PID_25FD (e88e7e9aa0ab34b6c664a4a43cea6316) C:\WINDOWS\system32\Drivers\Mvc25U870.sys
2011/09/11 20:27:33.0453 3928 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/09/11 20:27:33.0734 3928 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/09/11 20:27:33.0796 3928 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/09/11 20:27:33.0828 3928 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/09/11 20:27:33.0859 3928 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/09/11 20:27:33.0906 3928 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/09/11 20:27:33.0953 3928 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/09/11 20:27:33.0984 3928 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/09/11 20:27:34.0031 3928 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/09/11 20:27:34.0093 3928 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2011/09/11 20:27:34.0125 3928 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/09/11 20:27:34.0171 3928 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/09/11 20:27:34.0234 3928 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/09/11 20:27:34.0390 3928 nv (6866504ee1570ef783309abfb56f87e5) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/09/11 20:27:34.0562 3928 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/09/11 20:27:34.0578 3928 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/09/11 20:27:34.0656 3928 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2011/09/11 20:27:34.0687 3928 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
2011/09/11 20:27:34.0718 3928 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/09/11 20:27:34.0750 3928 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/09/11 20:27:34.0781 3928 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/09/11 20:27:34.0812 3928 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/09/11 20:27:34.0843 3928 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
2011/09/11 20:27:34.0984 3928 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/09/11 20:27:35.0000 3928 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/09/11 20:27:35.0046 3928 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/09/11 20:27:35.0078 3928 PxHelp20 (1ffd5f718638fbea6c1eaad3349d479e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/09/11 20:27:35.0203 3928 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/09/11 20:27:35.0250 3928 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/09/11 20:27:35.0265 3928 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/09/11 20:27:35.0312 3928 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/09/11 20:27:35.0343 3928 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/09/11 20:27:35.0390 3928 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/09/11 20:27:35.0453 3928 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/09/11 20:27:35.0515 3928 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/09/11 20:27:35.0546 3928 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/09/11 20:27:35.0593 3928 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
2011/09/11 20:27:35.0656 3928 RsFx0102 (fedd2710b75be3ecf078adace790c423) C:\WINDOWS\system32\DRIVERS\RsFx0102.sys
2011/09/11 20:27:35.0703 3928 s24trans (078eba5670fdaa041552cd86b984f2de) C:\WINDOWS\system32\DRIVERS\s24trans.sys
2011/09/11 20:27:35.0765 3928 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/09/11 20:27:35.0828 3928 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
2011/09/11 20:27:35.0843 3928 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys
2011/09/11 20:27:35.0890 3928 shpf (b8e1ac2cdad522572bfc73781d0e37e2) C:\WINDOWS\system32\DRIVERS\shpf.sys
2011/09/11 20:27:35.0937 3928 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/09/11 20:27:35.0984 3928 SNC (be6038e0a7d2e2fe69107e41a0265831) C:\WINDOWS\system32\Drivers\SonyNC.sys
2011/09/11 20:27:36.0031 3928 SonyImgF (c483fc0add8b074286600b9620ef2c16) C:\WINDOWS\system32\DRIVERS\SonyImgF.sys
2011/09/11 20:27:36.0093 3928 SPI (ad9436c46c10222b8f03405628a8cd86) C:\WINDOWS\system32\DRIVERS\SonyPI.sys
2011/09/11 20:27:36.0140 3928 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/09/11 20:27:36.0203 3928 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/09/11 20:27:36.0296 3928 SRTSP (e81f6caeab9ad5732e94c07c97866aa2) C:\WINDOWS\System32\Drivers\N360\0308000.029\SRTSP.SYS
2011/09/11 20:27:36.0343 3928 SRTSPX (e28de499d942b08058bffac69d4122b6) C:\WINDOWS\system32\drivers\N360\0308000.029\SRTSPX.SYS
2011/09/11 20:27:36.0390 3928 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/09/11 20:27:36.0484 3928 STHDA (784b73bd9d1c0fba6ca96e8976f4b0e6) C:\WINDOWS\system32\drivers\sthda.sys
2011/09/11 20:27:36.0531 3928 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/09/11 20:27:36.0562 3928 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/09/11 20:27:36.0593 3928 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/09/11 20:27:36.0718 3928 SymEFA (d0885f6e24259a6c65e68d6ad749910a) C:\WINDOWS\system32\drivers\N360\0308000.029\SYMEFA.SYS
2011/09/11 20:27:36.0765 3928 SymEvent (a54ff04bd6e75dc4d8cb6f3e352635e0) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
2011/09/11 20:27:36.0796 3928 SYMFW (1e825026436c4eac3e1a11d1e9c33f2c) C:\WINDOWS\System32\Drivers\N360\0308000.029\SYMFW.SYS
2011/09/11 20:27:36.0812 3928 SYMIDS (7a20b7d774ef0f16cf81b898bfeca772) C:\WINDOWS\System32\Drivers\N360\0308000.029\SYMIDS.SYS
2011/09/11 20:27:36.0843 3928 SymIM (c6db9f873b09c63f5cb1de10c08bf6f9) C:\WINDOWS\system32\DRIVERS\SymIM.sys
2011/09/11 20:27:36.0843 3928 SymIMMP (c6db9f873b09c63f5cb1de10c08bf6f9) C:\WINDOWS\system32\DRIVERS\SymIM.sys
2011/09/11 20:27:36.0921 3928 SYMNDIS (5ab7d00ea6b7a6fcd5067c632ec6f039) C:\WINDOWS\System32\Drivers\N360\0308000.029\SYMNDIS.SYS
2011/09/11 20:27:36.0953 3928 SYMTDI (e4fa8bbb96e314e9508865de1a767538) C:\WINDOWS\System32\Drivers\N360\0308000.029\SYMTDI.SYS
2011/09/11 20:27:37.0031 3928 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/09/11 20:27:37.0078 3928 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/09/11 20:27:37.0140 3928 TcUsb (fc6fe02f400308606a911640e72326b5) C:\WINDOWS\system32\Drivers\tcusb.sys
2011/09/11 20:27:37.0187 3928 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/09/11 20:27:37.0203 3928 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/09/11 20:27:37.0234 3928 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/09/11 20:27:37.0281 3928 ti21sony (26587ce8e6c6f16b8b4e7e2c16fa00bf) C:\WINDOWS\system32\drivers\ti21sony.sys
2011/09/11 20:27:37.0328 3928 toshidpt (e362d54fd394999c4178936396664e57) C:\WINDOWS\system32\drivers\Toshidpt.sys
2011/09/11 20:27:37.0359 3928 tosporte (b2842672056ca33f0a4aab3e5cbbf181) C:\WINDOWS\system32\DRIVERS\tosporte.sys
2011/09/11 20:27:37.0390 3928 Tosrfbd (926ca0b7fd2fa62d82c33b3117936070) C:\WINDOWS\system32\Drivers\tosrfbd.sys
2011/09/11 20:27:37.0406 3928 Tosrfbnp (1ae2ba74b2a4f5a358b13fcd35258c30) C:\WINDOWS\system32\Drivers\tosrfbnp.sys
2011/09/11 20:27:37.0453 3928 Tosrfcom (5ba1ca3b3cddb1ddc67df473f05d1ec2) C:\WINDOWS\system32\Drivers\tosrfcom.sys
2011/09/11 20:27:37.0468 3928 Tosrfhid (5dbf390aab62dd0d4d43a9278614e001) C:\WINDOWS\system32\DRIVERS\Tosrfhid.sys
2011/09/11 20:27:37.0500 3928 tosrfnds (c52fd27b9adf3a1f22cb90e6bcf9b0cb) C:\WINDOWS\system32\DRIVERS\tosrfnds.sys
2011/09/11 20:27:37.0531 3928 TosRfSnd (ab6fd13d7efa2634fa6bdf84c7ef0696) C:\WINDOWS\system32\drivers\TosRfSnd.sys
2011/09/11 20:27:37.0562 3928 Tosrfusb (d870fd6ce9060b73289f47e88630ee0e) C:\WINDOWS\system32\Drivers\tosrfusb.sys
2011/09/11 20:27:37.0609 3928 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/09/11 20:27:37.0671 3928 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/09/11 20:27:37.0734 3928 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys
2011/09/11 20:27:37.0796 3928 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
2011/09/11 20:27:37.0843 3928 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/09/11 20:27:37.0875 3928 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/09/11 20:27:37.0906 3928 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/09/11 20:27:37.0937 3928 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/09/11 20:27:37.0968 3928 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/09/11 20:27:38.0000 3928 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/09/11 20:27:38.0031 3928 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/09/11 20:27:38.0078 3928 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/09/11 20:27:38.0125 3928 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/09/11 20:27:38.0218 3928 w39n51 (4e7b07653f4f9937cf62ad2869fba520) C:\WINDOWS\system32\DRIVERS\w39n51.sys
2011/09/11 20:27:38.0312 3928 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/09/11 20:27:38.0359 3928 WDC_SAM (d6efaf429fd30c5df613d220e344cce7) C:\WINDOWS\system32\DRIVERS\wdcsam.sys
2011/09/11 20:27:38.0453 3928 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
2011/09/11 20:27:38.0531 3928 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/09/11 20:27:38.0593 3928 winachsf (c1d5cbd8aa0d674da1ba1bb189696396) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
2011/09/11 20:27:38.0718 3928 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/09/11 20:27:38.0765 3928 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/09/11 20:27:38.0828 3928 yukonwxp (96982cb3611bd4db9ed7a5ff2c29219f) C:\WINDOWS\system32\DRIVERS\yk51x86.sys
2011/09/11 20:27:38.0875 3928 MBR (0x1B8) (6f9a1d528242bc09104b85e0becf5554) \Device\Harddisk0\DR0
2011/09/11 20:27:38.0890 3928 \Device\Harddisk0\DR0 - detected Rootkit.Boot.SST.a (0)
2011/09/11 20:27:38.0906 3928 Boot (0x1200) (033139012b62b315fa68e609adf5da79) \Device\Harddisk0\DR0\Partition0
2011/09/11 20:27:38.0906 3928 ================================================================================
2011/09/11 20:27:38.0906 3928 Scan finished
2011/09/11 20:27:38.0906 3928 ================================================================================
2011/09/11 20:27:38.0906 4696 Detected object count: 1
2011/09/11 20:27:38.0906 4696 Actual detected object count: 1
2011/09/11 20:27:53.0984 4696 \Device\Harddisk0\DR0 (Rootkit.Boot.SST.a) - will be cured after reboot
2011/09/11 20:27:53.0984 4696 \Device\Harddisk0\DR0 - ok
2011/09/11 20:27:53.0984 4696 Rootkit.Boot.SST.a(\Device\Harddisk0\DR0) - User select action: Cure
2011/09/11 20:28:02.0609 4404 Deinitialize success

There are all the logs I believe, the MBAM's are attached.

mbam-log-2011-09-12 (09-11-47).txt -- was done before reading your post (needed update)

mbam-log-2011-09-12 (09-11-47)2.txt -- was done per your request. (notice the 2)

Attached Files

mbam-log-2011-09-12 (09-11-47)2.txt 1.02KB 72 downloads
mbam-log-2011-09-12 (09-11-47).txt 1.02KB 72 downloads

#4
RKinner

Posted 12 September 2011 - 07:16 PM

Malware Expert

Expert
24,625 posts

Looks like we got back your shortcuts. TDSSKiller found a rootkit so please run it one more time and let's see if it stays away. Also run MBAM one more time. It shouldn't detect the same problem this time.

How's the laptop looking now?

Ron

#5
ehloco

Posted 13 September 2011 - 06:31 AM

New Member

Topic Starter
Member
4 posts

Hello Ron,

I ran both TDSSKiller and Mbam. None of them detected anything. Aside from the sluggish speeds this computer exhibits, It would appear that the computer is cleaned (

). Also a window keeps coming about about googleeart.exe error, I'm assuming it's nothing.

On a final note, what do you think of the program scotty, win patrol?

I thank you and my Mother thanks you for your help I am considering applying for the class this site offers, hopefully I can find some hours a week to do it.

Thanks again,
Jon

#6
RKinner

Posted 13 September 2011 - 08:11 AM

Malware Expert

Expert
24,625 posts

It shouldn't be slow.

1. Double-click My Computer, and then right-click the hard disk that you want to check. C:
2. Click Properties, and then click Tools.
3. Under Error-checking, click Check Now. A dialog box that shows the Check disk options is displayed,
4. Check both boxes and then click Start.
You will receive the following message:
The disk check could not be performed because the disk check utility needs exclusive access to some Windows files on the disk. These files can be accessed by restarting Windows. Do you want to schedule the disk check to occur the next time you restart the computer?
Click Yes to schedule the disk check, but don't restart yet.

Start, Run, eventvwr.msc, OK to bring up the Event Viewer. Right click on System and Clear All Events, No (we don't want to save the old log), OK. Repeat for Application. Reboot. The disk check will run and will probably take an hour or more to finish.

Start, Run, sfc /scannow, OK

SPACE after sfc. This will check your critical system files. If it asks for a CD and you don't have one or it doesn't like your CD, try pointing it to C:\windows if that doesn't work then just tell it to SKIP.

Start, Run, sigverif, OK

Press Start. This will check your drivers. If you just get a few when it finishes tell me what they are. If you get a lot just look for those with newish dates (since about the time the problem started.)

1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Double-click VEW.exe
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning

Then use the 'Number of events' as follows:

1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.

Please post the Output log in your next reply then repeat but select Application.

Get Process Explorer

http://live.sysinter...com/procexp.exe

Save it to your desktop then run it (Vista or Win7 - right click and Run As Administrator). Click once or twice on the CPU column header to sort things by CPU usage with the big hitters at the top. Wait a minute for things to settle then File, Save As, Save. Open the file Procexp.txt on your desktop and copy and paste the text to a reply.

Get the free version of Speccy:

http://www.filehippo...download_speccy (Look in the upper right for the Download
Latest Version button) Download, Save and Install it. Run Speccy. When it finishes (the little icon in the bottom left will stop moving), File, Save as Text File, (to your desktop) note the name it gives. OK. Open the file in notepad and delete the line that gives the serial number of your Operating System. (It will be near the top about 10 lines down.) Attach the file to your next post.

Ron