trojan.win32.buzus.eglu

Page 1 of 2 1, 2  Next

View previous topic View next topic Go down

trojan.win32.buzus.eglu

Post by Tazzy on Tue 03 Aug 2010, 3:54 am

Hi i got a message from my antivirus software F-Secure saying:

Malicious code found in file c:\system volume\_restore{057EF1DB-699E-460E-A182-554DABF78B4D}-\RP355\A0076825.0xe

Infection: trojan.win32.buzus.eglu

action: failed

can you help me get rid of this i don't have a clue

Thanks Tazzy

Tazzy

Newbie Surfer
Newbie Surfer

Posts : 26
Joined : 2010-08-03
Operating System : windows xp

View user profile

Back to top Go down

Re: trojan.win32.buzus.eglu

Post by Belahzur on Tue 03 Aug 2010, 5:24 am

Hello.

Download OTL by OldTimer to your Desktop.

  • Close all windows and double click OTL.exe
  • Click Run Scan and let the program run uninterrupted
  • It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
  • You may need to use two posts to get it all.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: trojan.win32.buzus.eglu

Post by Tazzy on Tue 03 Aug 2010, 4:05 pm

Running now thanks will get back with logs

Tazzy

Newbie Surfer
Newbie Surfer

Posts : 26
Joined : 2010-08-03
Operating System : windows xp

View user profile

Back to top Go down

Re: trojan.win32.buzus.eglu

Post by Tazzy on Tue 03 Aug 2010, 4:20 pm

OTL logfile created on: 03/08/2010 06:06:08 - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\Tania Wood\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 47.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 76.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 40.65 Gb Total Space | 6.71 Gb Free Space | 16.50% Space Free | Partition Type: NTFS
Drive D: | 65.87 Gb Total Space | 3.13 Gb Free Space | 4.76% Space Free | Partition Type: NTFS
Drive E: | 5.56 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
F: Drive not present or media not loaded
G: Drive not present or media not loaded
Drive H: | 970.13 Mb Total Space | 393.44 Mb Free Space | 40.56% Space Free | Partition Type: FAT
I: Drive not present or media not loaded

Computer Name: TANIA-82363
Current User Name: Tania Wood
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/08/03 00:04:44 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Tania Wood\Desktop\OTL.exe
PRC - [2010/07/22 23:02:16 | 000,945,720 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Tania Wood\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2010/03/18 15:59:36 | 000,057,344 | R--- | M] (iS3, Inc.) -- C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
PRC - [2010/01/28 13:48:00 | 010,035,448 | ---- | M] (3Connect) -- C:\Program Files\3 Mobile Broadband\3Connect\Wilog.exe
PRC - [2010/01/28 13:47:44 | 001,737,464 | ---- | M] () -- C:\Program Files\3 Mobile Broadband\3Connect\BecHelperService.exe
PRC - [2009/09/02 18:30:28 | 000,078,104 | ---- | M] (iWin Inc.) -- C:\Program Files\iWin Games\iWinTrusted.exe
PRC - [2009/06/29 09:02:55 | 000,551,424 | ---- | M] (F-Secure Corp.) -- C:\Program Files\F-Secure Internet Security\Anti-Virus\fssm32.exe
PRC - [2009/06/29 09:02:55 | 000,434,176 | ---- | M] (F-Secure Corp.) -- C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32.exe
PRC - [2008/12/29 19:47:06 | 000,339,968 | ---- | M] (Western Digital Technologies, Inc.) -- C:\WINDOWS\system32\WDBtnMgr.exe
PRC - [2008/10/20 22:18:26 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe
PRC - [2008/04/14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/04/09 12:39:08 | 003,068,352 | ---- | M] () -- C:\Program Files\Kontiki\KService.exe
PRC - [2007/11/07 19:26:44 | 001,945,688 | ---- | M] (Acronis) -- C:\Program Files\Acronis\TrueImage\TimounterMonitor.exe
PRC - [2007/11/07 19:18:28 | 000,148,760 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
PRC - [2007/11/07 19:18:22 | 000,406,808 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
PRC - [2007/11/07 19:14:04 | 001,165,120 | ---- | M] (Acronis) -- C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe
PRC - [2007/08/24 11:24:00 | 000,174,960 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure Internet Security\FSAUA\program\fsus.exe
PRC - [2007/05/25 14:13:52 | 000,596,848 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure Internet Security\FSPC\fspc.exe
PRC - [2007/05/25 14:13:04 | 000,232,360 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure Internet Security\Common\FSMB32.EXE
PRC - [2007/05/25 14:12:54 | 000,113,576 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE
PRC - [2007/05/25 14:12:38 | 000,125,864 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure Internet Security\Common\FCH32.EXE
PRC - [2007/05/25 14:12:36 | 000,392,048 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure Internet Security\Common\FAMEH32.EXE
PRC - [2007/05/25 14:10:08 | 000,453,488 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure Internet Security\FWES\program\fsdfwd.exe
PRC - [2007/05/25 14:08:28 | 000,043,952 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure Internet Security\Anti-Virus\fsqh.exe
PRC - [2007/05/25 14:08:20 | 000,048,072 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
PRC - [2007/05/25 14:07:58 | 000,319,856 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure Internet Security\Anti-Virus\fsav32.exe
PRC - [2007/05/25 14:07:06 | 000,457,584 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure Internet Security\FSAUA\program\fsaua.exe
PRC - [2007/05/11 10:06:50 | 000,143,360 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
PRC - [2007/04/26 11:49:34 | 000,495,616 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\DDWMon.exe
PRC - [2007/04/18 13:34:40 | 000,299,008 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TPSMain.exe
PRC - [2007/04/18 13:34:26 | 000,040,960 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TPSBattM.exe
PRC - [2007/04/09 23:01:02 | 000,166,680 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxext.exe
PRC - [2007/04/02 10:34:36 | 000,562,744 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\ThpSrv.exe
PRC - [2007/02/25 21:55:18 | 000,125,048 | ---- | M] (TOSHIBA CORPORATION) -- c:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosBtSrv.exe
PRC - [2007/02/16 20:40:50 | 000,069,632 | ---- | M] (OLYMPUS IMAGING CORP.) -- C:\Program Files\Olympus\DeviceDetector\DM1Service.exe
PRC - [2007/02/12 13:38:04 | 000,355,096 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2007/02/12 13:37:58 | 000,174,872 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2006/10/05 20:10:12 | 000,009,216 | ---- | M] (Agere Systems) -- C:\WINDOWS\system32\agrsmsvc.exe
PRC - [2006/09/11 18:32:12 | 000,094,208 | ---- | M] (EMC Corporation) -- C:\Program Files\Retrospect\Retrospect Express HD 2.0\retrorun.exe
PRC - [2006/08/07 12:58:10 | 000,253,952 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\00THotkey.exe
PRC - [2006/05/25 18:30:16 | 000,114,688 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TODDSrv.exe
PRC - [2006/04/11 02:14:52 | 000,622,592 | ---- | M] (TOSHIBA Corp.) -- C:\WINDOWS\system32\TFNF5.exe
PRC - [2006/03/06 16:30:58 | 000,114,688 | ---- | M] (TOSHIBA) -- C:\Program Files\TOSHIBA\TME3\TMESRV31.exe
PRC - [2005/08/31 14:46:04 | 000,102,400 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TouchED\TouchED.exe
PRC - [2005/08/05 15:54:58 | 000,155,648 | ---- | M] (TOSHIBA) -- C:\Program Files\TOSHIBA\DualPointUtility\TEDTray.exe
PRC - [2005/05/17 11:42:02 | 000,049,152 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe
PRC - [2005/04/11 11:26:06 | 000,065,536 | ---- | M] (TOSHIBA) -- C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
PRC - [2005/01/18 00:38:38 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe


========== Modules (SafeList) ==========

MOD - [2010/08/03 00:04:44 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Tania Wood\Desktop\OTL.exe
MOD - [1999/12/07 21:00:00 | 000,106,547 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Texthelp Systems\Read And Write 8\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2010/03/18 15:59:36 | 000,057,344 | R--- | M] (iS3, Inc.) [Auto | Running] -- C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe -- (szserver)
SRV - [2010/01/28 13:47:44 | 001,737,464 | ---- | M] () [Auto | Running] -- C:\Program Files\3 Mobile Broadband\3Connect\BecHelperService.exe -- (BecHelperService)
SRV - [2009/09/02 18:30:28 | 000,078,104 | ---- | M] (iWin Inc.) [Auto | Running] -- C:\Program Files\iWin Games\iWinTrusted.exe -- (iWinTrusted)
SRV - [2008/10/20 22:18:26 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU)
SRV - [2008/10/09 14:47:42 | 001,079,176 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService)
SRV - [2008/06/13 17:29:14 | 000,356,920 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService)
SRV - [2008/04/09 12:39:08 | 003,068,352 | ---- | M] () [Auto | Running] -- C:\Program Files\Kontiki\KService.exe -- (KService)
SRV - [2007/11/07 19:18:22 | 000,406,808 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2007/11/07 09:58:18 | 003,004,416 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x86\msvsmon.exe -- (msvsmon90)
SRV - [2007/05/31 17:30:53 | 001,174,664 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2007/05/25 14:12:54 | 000,113,576 | ---- | M] (F-Secure Corporation) [Auto | Running] -- C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE -- (FSMA)
SRV - [2007/05/25 14:10:08 | 000,453,488 | ---- | M] (F-Secure Corporation) [On_Demand | Running] -- C:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe -- (FSDFWD)
SRV - [2007/05/25 14:08:20 | 000,048,072 | ---- | M] (F-Secure Corporation) [Auto | Running] -- C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe -- (F-Secure Gatekeeper Handler Starter)
SRV - [2007/05/25 14:07:06 | 000,457,584 | ---- | M] (F-Secure Corporation) [On_Demand | Running] -- C:\Program Files\F-Secure Internet Security\FSAUA\program\fsaua.exe -- (FSAUA)
SRV - [2007/04/02 10:34:36 | 000,562,744 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\WINDOWS\system32\ThpSrv.exe -- (Thpsrv)
SRV - [2007/02/25 21:55:18 | 000,125,048 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- c:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
SRV - [2007/02/16 20:40:50 | 000,069,632 | ---- | M] (OLYMPUS IMAGING CORP.) [Auto | Running] -- C:\Program Files\Olympus\DeviceDetector\DM1Service.exe -- (DM1Service)
SRV - [2007/02/12 13:38:04 | 000,355,096 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2007/02/10 06:29:56 | 000,089,968 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2006/10/05 20:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\WINDOWS\system32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2006/09/11 18:32:12 | 000,094,208 | ---- | M] (EMC Corporation) [Auto | Running] -- C:\Program Files\Retrospect\Retrospect Express HD 2.0\retrorun.exe -- (RetroExpLauncher)
SRV - [2006/05/25 18:30:16 | 000,114,688 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\WINDOWS\system32\TODDSrv.exe -- (TODDSrv)
SRV - [2006/03/06 16:30:58 | 000,114,688 | ---- | M] (TOSHIBA) [Auto | Running] -- C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe -- (Tmesrv)
SRV - [2005/01/18 00:38:38 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (CFSvcs)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\DRIVERS\nielprt.sys -- (nielprt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\nielgfx.sys -- (NielGfx)
DRV - [2010/02/24 15:06:36 | 000,173,328 | R--- | M] (iS3, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\szkgfs.sys -- (szkgfs)
DRV - [2010/01/28 13:35:24 | 000,010,240 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\mdvrmng.sys -- (mdvrmng)
DRV - [2010/01/19 12:49:50 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - [2010/01/19 12:49:50 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - [2010/01/19 12:49:50 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - [2010/01/19 12:49:50 | 000,009,216 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\massfilter.sys -- (massfilter)
DRV - [2009/12/07 17:59:32 | 000,061,328 | R--- | M] (iS3 Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\szkg.sys -- (szkg5)
DRV - [2009/12/07 17:59:32 | 000,061,328 | R--- | M] (iS3 Inc.) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\drivers\is3srv.sys -- (is3srv)
DRV - [2009/06/29 09:02:56 | 000,077,824 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\F-Secure Internet Security\Anti-Virus\minifilter\fsgk.sys -- (F-Secure Gatekeeper)
DRV - [2008/12/05 07:58:48 | 000,241,296 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e1e5132.sys -- (e1express) Intel(R)
DRV - [2008/11/22 15:15:24 | 000,051,072 | ---- | M] (F-Secure Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\fsdfw.sys -- (FSFW)
DRV - [2008/11/22 15:15:16 | 000,041,184 | ---- | M] () [Kernel | System | Running] -- C:\Program Files\F-Secure Internet Security\HIPS\fshs.sys -- (F-Secure HIPS)
DRV - [2008/11/17 16:23:16 | 003,636,864 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw5x32.sys -- (NETw5x32) Intel(R)
DRV - [2008/08/25 13:36:30 | 000,081,288 | ---- | M] (PCTools Research Pty Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\iksyssec.sys -- (IKSysSec)
DRV - [2008/08/25 13:36:28 | 000,066,952 | ---- | M] (PCTools Research Pty Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\iksysflt.sys -- (IKSysFlt)
DRV - [2008/08/25 13:36:28 | 000,040,840 | ---- | M] (PCTools Research Pty Ltd.) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ikfilesec.sys -- (IKFileSec)
DRV - [2008/04/13 19:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/13 17:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007/12/07 14:39:21 | 000,400,864 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\timntr.sys -- (timounter)
DRV - [2007/12/07 14:39:21 | 000,040,064 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\tifsfilt.sys -- (tifsfilter)
DRV - [2007/12/07 14:39:18 | 000,120,992 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\snapman.sys -- (snapman)
DRV - [2007/08/08 11:12:40 | 000,101,120 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2007/05/25 14:09:16 | 000,025,456 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Program Files\F-Secure Internet Security\Anti-Virus\win2k\fsrec.sys -- (F-Secure Recognizer)
DRV - [2007/05/25 14:09:10 | 000,040,048 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Program Files\F-Secure Internet Security\Anti-Virus\win2k\fsfilter.sys -- (F-Secure Filter)
DRV - [2007/04/05 07:19:20 | 000,546,112 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ar5211.sys -- (AR5211)
DRV - [2007/03/30 22:34:14 | 005,704,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)
DRV - [2007/03/30 17:19:08 | 000,041,856 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfusb.sys -- (tosrfusb)
DRV - [2007/03/26 12:22:18 | 000,105,856 | ---- | M] (TOSHIBA Corporation) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\tdudf.sys -- (tdudf)
DRV - [2007/03/22 13:07:00 | 000,020,992 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\thpdrv.sys -- (Thpdrv)
DRV - [2007/03/13 03:32:40 | 004,486,144 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007/03/09 15:23:18 | 000,006,528 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Thpevm.SYS -- (Thpevm)
DRV - [2007/03/01 16:53:12 | 000,073,728 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Tosrfhid.sys -- (Tosrfhid)
DRV - [2007/02/25 14:05:24 | 002,203,520 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NETw4x32.sys -- (NETw4x32) Intel(R)
DRV - [2007/02/22 19:56:24 | 000,113,920 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfbd.sys -- (tosrfbd)
DRV - [2007/02/22 15:10:30 | 000,016,128 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV - [2007/02/21 18:20:36 | 000,435,072 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\TEchoCan.sys -- (TEchoCan)
DRV - [2007/02/19 12:15:32 | 000,134,016 | ---- | M] (TOSHIBA Corporation) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\trudf.sys -- (trudf)
DRV - [2007/02/15 16:44:06 | 000,016,768 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\TVALZ.SYS -- (TVALZ)
DRV - [2007/02/12 13:36:54 | 000,277,784 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\iaStor.sys -- (iaStor)
DRV - [2007/01/24 22:44:06 | 000,290,304 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21)
DRV - [2007/01/22 10:43:26 | 000,053,376 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TosRfSnd.sys -- (TosRfSnd)
DRV - [2006/11/28 23:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006/11/20 17:55:16 | 000,036,480 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfbnp.sys -- (tosrfbnp)
DRV - [2006/10/23 16:32:20 | 000,009,216 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosrfec.sys -- (tosrfec)
DRV - [2006/10/10 19:33:00 | 000,041,600 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosporte.sys -- (tosporte)
DRV - [2006/05/05 18:00:02 | 000,013,568 | ---- | M] (UPEK Inc.) [File_System | Auto | Running] -- C:\Program Files\Common Files\Protector Suite QL\Drivers\FdRedir.sys -- (FdRedir)
DRV - [2006/05/05 17:59:52 | 000,033,024 | ---- | M] (UPEK Inc.) [Kernel | Auto | Running] -- C:\Program Files\Common Files\Protector Suite QL\Drivers\filedisk.sys -- (FileDisk2)
DRV - [2006/05/05 17:43:38 | 000,028,800 | ---- | M] (UPEK Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tcusb.sys -- (TcUsb)
DRV - [2006/05/05 17:33:04 | 000,003,456 | ---- | M] (UPEK Inc.) [Kernel | Auto | Running] -- C:\Program Files\Protector Suite QL\smihlp.sys -- (smihlp)
DRV - [2005/08/01 16:45:00 | 000,064,896 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tosrfcom.sys -- (Tosrfcom)
DRV - [2005/06/10 21:26:00 | 000,035,968 | ---- | M] (Infineon Technologies AG) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ifxtpm.sys -- (IFXTPM)
DRV - [2005/01/06 13:42:00 | 000,018,612 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfnds.sys -- (tosrfnds)
DRV - [2004/06/16 11:08:48 | 000,005,888 | ---- | M] (Toshiba Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TMEI3E.sys -- (TMEI3E)
DRV - [2004/05/09 04:38:06 | 000,101,833 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2003/07/16 15:27:40 | 000,043,264 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ser2pl.sys -- (Ser2pl)
DRV - [2003/01/29 22:35:00 | 000,012,032 | ---- | M] (TOSHIBA Corporation.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\Netdevio.sys -- (Netdevio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,FirstHomePage = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [You must be registered and logged in to see this link.] [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\..\URLSearchHook: {00A6FAF6-072E-44cf-8957-5838F569A31D} - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files\myBabylon_English\tbmyB1.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.defaulturl: "http://search.babylon.com/web/{searchTerms}?babsrc=browsersearch"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.selectedEngine: "Search the web (Babylon)"
FF - prefs.js..browser.startup.homepage: "http://www.theprizeday.com/today.php|http://www.google.co.uk/"
FF - prefs.js..extensions.enabledItems: {8141440E-08F0-4339-9959-5C31C6A69F23}:5.7.0.7330
FF - prefs.js..extensions.enabledItems: {AA1ACB70-B5F1-4037-909E-1F725B04D2A8}:1.7.0.3990
FF - prefs.js..extensions.enabledItems: {E889F097-B0BE-471B-89AD-B86B6F04B506}:4.7.0.2910
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.0
FF - prefs.js..extensions.enabledItems: {5909FC3D-7F8B-415d-A5D1-7C7E941E536E}:2.7.0.4370
FF - prefs.js..extensions.enabledItems: {E63605FC-D583-4C81-867F-9457BDB3EA1B}:4.7.0.2940
FF - prefs.js..extensions.enabledItems: {7b13ec3e-999a-4b70-b9cb-2617b8323822}:2.5.6.0

FF - HKLM\software\mozilla\Firefox\extensions\\{E63605FC-D583-4C81-867F-9457BDB3EA1B}: C:\Program Files\Web Content Searcher\4.7.0.2940\FF [2010/06/04 13:24:35 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{8141440E-08F0-4339-9959-5C31C6A69F23}: C:\Program Files\Computerized Content Operator\5.7.0.7330\FF [2010/06/04 13:24:45 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{E889F097-B0BE-471B-89AD-B86B6F04B506}: C:\Program Files\Customized Platform Services\4.7.0.2910\FF [2010/06/04 13:25:06 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{AA1ACB70-B5F1-4037-909E-1F725B04D2A8}: C:\Program Files\Contextual Content Manager\1.7.0.3990\FF [2010/06/04 13:25:42 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{5909FC3D-7F8B-415d-A5D1-7C7E941E536E}: C:\Program Files\Textual Content Enhancer\2.7.0.4370\FF [2010/06/04 13:26:00 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\m3ffxtbr@mywebsearch.com: C:\Program Files\MyWebSearch\bar\1.bin [2010/07/27 22:46:21 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/07/30 22:25:00 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/07/30 22:25:00 | 000,000,000 | ---D | M]

[2010/02/21 06:36:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tania Wood\Application Data\Mozilla\Extensions
[2010/02/21 06:36:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tania Wood\Application Data\Mozilla\Extensions\IMVUClientXUL@imvu.com
[2010/08/02 16:25:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tania Wood\Application Data\Mozilla\Firefox\Profiles\os6m0tqw.default\extensions
[2009/09/03 15:34:42 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Tania Wood\Application Data\Mozilla\Firefox\Profiles\os6m0tqw.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/02/08 18:21:43 | 000,000,000 | ---D | M] (Zynga Toolbar) -- C:\Documents and Settings\Tania Wood\Application Data\Mozilla\Firefox\Profiles\os6m0tqw.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
[2009/07/04 16:57:19 | 000,000,000 | ---D | M] (BitComet Video Downloader) -- C:\Documents and Settings\Tania Wood\Application Data\Mozilla\Firefox\Profiles\os6m0tqw.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}
[2009/09/29 12:28:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tania Wood\Application Data\Mozilla\Firefox\Profiles\os6m0tqw.default\extensions\foxmarks@kei.com
[2009/09/29 12:28:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tania Wood\Application Data\Mozilla\Firefox\Profiles\os6m0tqw.default\extensions\isreaditlater@ideashower.com
[2009/09/29 12:28:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tania Wood\Application Data\Mozilla\Firefox\Profiles\os6m0tqw.default\extensions\smarterwiki@wikiatic.com
[2010/08/02 16:25:08 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/05/25 14:58:40 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2008/11/11 08:38:54 | 000,663,552 | ---- | M] (BitComet) -- C:\Program Files\Mozilla Firefox\plugins\npBitCometAgent.dll
[2010/04/12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2006/09/26 13:03:14 | 000,098,304 | ---- | M] (Zylom) -- C:\Program Files\Mozilla Firefox\plugins\npzylomgamesplayer.dll

O1 HOSTS File: ([2009/07/04 17:27:01 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (txthlpBHO Class) - {060235DC-6D84-47BD-95D7-A4EF5099A59D} - C:\Program Files\Texthelp Systems\Read And Write 8\texthelpbho.dll ()
O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.3.3.2.dll (BitComet)
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (IEHlprObj Class) - {8CA5ED52-F3FB-4414-A105-2E3491156990} - C:\Program Files\iWin Games\iWinGamesHookIE.dll (iWin Inc.)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - No CLSID value found.
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (no name) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - No CLSID value found.
O2 - BHO: (myBabylon English Toolbar) - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files\myBabylon_English\tbmyB1.dll (Conduit Ltd.)
O2 - BHO: (no name) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - No CLSID value found.
O2 - BHO: (STOPzilla Browser Helper Object) - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\Program Files\STOPzilla!\SZIEBHO.dll (iS3, Inc.)
O3 - HKLM\..\Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKLM\..\Toolbar: (myBabylon English Toolbar) - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files\myBabylon_English\tbmyB1.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (myBabylon English Toolbar) - {B2E293EE-FD7E-4C71-A714-5F4750D8D7B7} - C:\Program Files\myBabylon_English\tbmyB1.dll (Conduit Ltd.)
O4 - HKLM..\Run: [000StTHK] C:\WINDOWS\System32\000StTHK.exe ()
O4 - HKLM..\Run: [00THotkey] C:\WINDOWS\system32\00THotkey.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImage\TimounterMonitor.exe (Acronis)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [DDWMon] C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe ()
O4 - HKLM..\Run: [DpUtil] C:\Program Files\TOSHIBA\DualPointUtility\TEDTray.exe (TOSHIBA)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TFNF5] C:\WINDOWS\System32\TFNF5.exe (TOSHIBA Corp.)
O4 - HKLM..\Run: [TOSDCR] C:\WINDOWS\System32\TOSDCR.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TosHKCW.exe] C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TPSMain] C:\WINDOWS\System32\TPSMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TPSODDCtl] C:\WINDOWS\System32\TPSODDCtl.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe (Acronis)
O4 - HKLM..\Run: [WD Button Manager] C:\WINDOWS\System32\WDBtnMgr.exe (Western Digital Technologies, Inc.)
O4 - HKCU..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth Manager.lnk = C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)
O4 - Startup: C:\Documents and Settings\Tania Wood\Start Menu\Programs\Startup\BBC iPlayer Desktop.lnk = C:\Program Files\BBC iPlayer Desktop\BBC iPlayer Desktop.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &D&ownload &with BitComet - C:\Program Files\BitComet\BitComet.exe ([You must be registered and logged in to see this link.]
O8 - Extra context menu item: &D&ownload all video with BitComet - C:\Program Files\BitComet\BitComet.exe ([You must be registered and logged in to see this link.]
O8 - Extra context menu item: &D&ownload all with BitComet - C:\Program Files\BitComet\BitComet.exe ([You must be registered and logged in to see this link.]
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll (F-Secure Corporation)
O9 - Extra 'Tools' menuitem : Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll (F-Secure Corporation)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - C:\Program Files\BitComet\tools\BitCometBHO_1.3.3.2.dll (BitComet)
O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Tania Wood\Start Menu\Programs\IMVU\Run IMVU.lnk File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\F-Secure Internet Security\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\F-Secure Internet Security\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\F-Secure Internet Security\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\F-Secure Internet Security\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} [You must be registered and logged in to see this link.] (Office Genuine Advantage Validation Tool)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} [You must be registered and logged in to see this link.] (Facebook Photo Uploader 5 Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} [You must be registered and logged in to see this link.] (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} [You must be registered and logged in to see this link.] (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_20)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} [You must be registered and logged in to see this link.] (Office Update Installation Engine)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\x-sdch {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - Reg Error: Key error. File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\psfus: DllName - psqlpwd.dll - C:\WINDOWS\System32\psqlpwd.dll (UPEK Inc.)
O20 - Winlogon\Notify\TosBtNP: DllName - TosBtNP.dll - C:\WINDOWS\System32\TosBtNP.dll (TOSHIBA CORPORATION)
O24 - Desktop WallPaper: C:\Documents and Settings\Tania Wood\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Tania Wood\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (relog_ap) - C:\WINDOWS\System32\relog_ap.dll (Acronis)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/05/30 10:22:24 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/04/30 03:57:32 | 000,054,544 | R--- | M] (Electronic Arts) - E:\Autorun.exe -- [ UDF ]
O32 - AutoRun File - [2008/10/22 00:48:37 | 000,000,045 | R--- | M] () - E:\Autorun.inf -- [ UDF ]
O33 - MountPoints2\{1e411122-d5d6-11dd-906a-001cbf139729}\Shell\AutoRun\command - "" = G:\wd_windows_tools\WDSetup.exe -- File not found
O33 - MountPoints2\{1e411124-d5d6-11dd-906a-001cbf139729}\Shell\AutoRun\command - "" = F:\wd_windows_tools\WDSetup.exe -- File not found
O33 - MountPoints2\{52b27ae2-8006-11de-90a9-001cbf139729}\Shell - "" = AutoRun
O33 - MountPoints2\{52b27ae2-8006-11de-90a9-001cbf139729}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{52b27ae2-8006-11de-90a9-001cbf139729}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found
O33 - MountPoints2\{52b27ae3-8006-11de-90a9-001cbf139729}\Shell - "" = AutoRun
O33 - MountPoints2\{52b27ae3-8006-11de-90a9-001cbf139729}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{52b27ae3-8006-11de-90a9-001cbf139729}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found
O33 - MountPoints2\{72760b32-a4ef-11dc-9049-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{72760b32-a4ef-11dc-9049-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{72760b32-a4ef-11dc-9049-806d6172696f}\Shell\AutoRun\command - "" = E:\Autorun.exe -- [2009/04/30 03:57:32 | 000,054,544 | R--- | M] (Electronic Arts)
O33 - MountPoints2\{cc98c5d5-9e41-11df-90fe-001cbf139729}\Shell - "" = AutoRun
O33 - MountPoints2\{cc98c5d5-9e41-11df-90fe-001cbf139729}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{cc98c5d5-9e41-11df-90fe-001cbf139729}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O33 - MountPoints2\{daa2dd9e-7454-11de-90a6-001cbf139729}\Shell - "" = AutoRun
O33 - MountPoints2\{daa2dd9e-7454-11de-90a6-001cbf139729}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{daa2dd9e-7454-11de-90a6-001cbf139729}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O33 - MountPoints2\{daa2dda0-7454-11de-90a6-001cbf139729}\Shell - "" = AutoRun
O33 - MountPoints2\{daa2dda0-7454-11de-90a6-001cbf139729}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{daa2dda0-7454-11de-90a6-001cbf139729}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found
O33 - MountPoints2\{dfc261ac-7da5-11dc-9a6c-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{dfc261ac-7da5-11dc-9a6c-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{dfc261ac-7da5-11dc-9a6c-806d6172696f}\Shell\AutoRun\command - "" = E:\bootcd\wintools\autorun.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 30 Days ==========

[2010/08/03 00:08:05 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Tania Wood\Desktop\OTL.exe
[2010/08/02 20:27:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2010/08/02 15:27:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tania Wood\Application Data\Birdstep Technology
[2010/08/02 15:27:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Birdstep Technology
[2010/08/02 15:27:01 | 000,105,088 | ---- | C] (ZTE Incorporated) -- C:\WINDOWS\System32\drivers\ZTEusbser6k.sys
[2010/08/02 15:27:01 | 000,105,088 | ---- | C] (ZTE Incorporated) -- C:\WINDOWS\System32\drivers\ZTEusbnmea.sys
[2010/08/02 15:27:00 | 000,105,088 | ---- | C] (ZTE Incorporated) -- C:\WINDOWS\System32\drivers\ZTEusbmdm6k.sys
[2010/08/02 15:27:00 | 000,009,216 | ---- | C] (ZTE Incorporated) -- C:\WINDOWS\System32\drivers\massfilter.sys
[2010/08/02 15:26:57 | 000,000,000 | ---D | C] -- C:\Program Files\ZTE_1.2059.0.8
[2010/08/02 15:26:30 | 000,000,000 | ---D | C] -- C:\Program Files\3 Mobile Broadband
[2010/08/01 17:39:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2010/07/29 01:07:06 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Tania Wood\Recent
[2010/07/27 22:44:34 | 000,000,000 | ---D | C] -- C:\Program Files\FunWebProducts
[2010/07/20 19:51:33 | 000,000,000 | R-SD | C] -- D:\My Documents\My Safe
[2010/07/20 19:11:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SITEguard
[2010/07/20 19:10:35 | 000,000,000 | ---D | C] -- C:\Program Files\STOPzilla!
[2010/07/20 19:10:24 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\iS3
[2010/07/20 19:10:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!
[2010/07/14 12:21:48 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\helpsvc.exe
[2010/07/09 14:39:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tania Wood\Desktop\fp10_archive
[1996/11/18 22:15:46 | 000,018,944 | ---- | C] ( ) -- C:\WINDOWS\System32\implode.dll
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/08/03 06:02:00 | 000,000,996 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3605395860-2466649076-873052810-1008UA.job
[2010/08/03 01:00:43 | 000,000,526 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled scanning task.job
[2010/08/03 00:14:57 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2010/08/03 00:04:44 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Tania Wood\Desktop\OTL.exe
[2010/08/02 17:26:49 | 012,058,624 | -H-- | M] () -- C:\Documents and Settings\Tania Wood\NTUSER.DAT
[2010/08/02 15:48:38 | 000,000,474 | ---- | M] () -- C:\WINDOWS\tasks\SDMsgUpdate (TE).job
[2010/08/02 15:41:56 | 000,000,744 | ---- | M] () -- C:\WINDOWS\System32\drivers\kgpcpy.cfg
[2010/08/02 15:39:06 | 000,000,752 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Start Menu\Programs\Startup\BBC iPlayer Desktop.lnk
[2010/08/02 15:39:00 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/08/02 15:37:01 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/08/02 15:36:59 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/08/02 15:36:56 | 2137,821,184 | -HS- | M] () -- C:\hiberfil.sys
[2010/08/02 15:32:39 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Tania Wood\ntuser.ini
[2010/08/02 15:27:10 | 000,001,740 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\3Connect.lnk
[2010/08/02 15:27:10 | 000,001,668 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Application Data\Microsoft\Internet Explorer\Quick Launch\3Connect.lnk
[2010/08/01 08:02:00 | 000,000,944 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3605395860-2466649076-873052810-1008Core.job
[2010/08/01 07:48:21 | 000,211,819 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\quattro rooms.JPG
[2010/07/30 20:01:13 | 000,200,659 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\paint now.JPG
[2010/07/29 19:39:03 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/07/28 12:03:12 | 000,002,323 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\Google Chrome.lnk
[2010/07/28 12:03:12 | 000,002,301 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/07/27 22:23:16 | 000,223,868 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\painting sea.JPG
[2010/07/27 15:25:39 | 000,179,252 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\painting of sand.JPG
[2010/07/27 15:23:58 | 000,207,469 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\waves paint.JPG
[2010/07/27 07:30:35 | 008,462,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shell32.dll
[2010/07/21 05:46:22 | 000,147,751 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\paint4.JPG
[2010/07/21 05:40:36 | 000,140,198 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\paint3.JPG
[2010/07/21 05:38:45 | 000,205,694 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\paint2.JPG
[2010/07/21 05:37:40 | 000,200,521 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\paint.JPG
[2010/07/20 19:16:13 | 000,237,568 | -H-- | M] () -- C:\SZKGFS.dat
[2010/07/20 00:19:16 | 006,401,826 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\17 Carry Me (Like a Fire in Your Heart).mp3
[2010/07/17 02:40:19 | 000,163,865 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\paint1.JPG
[2010/07/16 15:01:13 | 000,064,439 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\SmallWorlds - Receipt,cloak.pdf
[2010/07/14 14:34:16 | 000,003,068 | ---- | M] () -- D:\My Documents\cc_20100714_143412.reg
[2010/07/07 16:50:52 | 000,090,112 | ---- | M] () -- D:\My Documents\artMission.doc
[2010/07/07 12:16:31 | 000,002,473 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Office Excel 2007.lnk
[2010/07/07 02:30:49 | 000,028,160 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\ARTIST MISSIONS.doc
[2010/07/06 17:10:46 | 000,065,964 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\SmallWorlds - Receipt1.pdf
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/08/02 15:41:46 | 000,000,744 | ---- | C] () -- C:\WINDOWS\System32\drivers\kgpcpy.cfg
[2010/08/02 15:27:10 | 000,001,740 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\3Connect.lnk
[2010/08/02 15:27:10 | 000,001,668 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Application Data\Microsoft\Internet Explorer\Quick Launch\3Connect.lnk
[2010/08/02 15:26:50 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\drivers\mdvrmng.sys
[2010/08/01 07:48:21 | 000,211,819 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\quattro rooms.JPG
[2010/07/30 20:01:13 | 000,200,659 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\paint now.JPG
[2010/07/27 22:23:16 | 000,223,868 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\painting sea.JPG
[2010/07/27 15:25:38 | 000,179,252 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\painting of sand.JPG
[2010/07/27 15:23:58 | 000,207,469 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\waves paint.JPG
[2010/07/21 05:46:22 | 000,147,751 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\paint4.JPG
[2010/07/21 05:40:36 | 000,140,198 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\paint3.JPG
[2010/07/21 05:38:44 | 000,205,694 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\paint2.JPG
[2010/07/21 05:37:40 | 000,200,521 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\paint.JPG
[2010/07/20 19:16:13 | 000,237,568 | -H-- | C] () -- C:\SZKGFS.dat
[2010/07/20 00:59:22 | 006,401,826 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\17 Carry Me (Like a Fire in Your Heart).mp3
[2010/07/17 02:40:18 | 000,163,865 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\paint1.JPG
[2010/07/16 15:01:13 | 000,064,439 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\SmallWorlds - Receipt,cloak.pdf
[2010/07/14 14:34:14 | 000,003,068 | ---- | C] () -- D:\My Documents\cc_20100714_143412.reg
[2010/07/07 16:50:52 | 000,090,112 | ---- | C] () -- D:\My Documents\artMission.doc
[2010/07/07 02:30:46 | 000,028,160 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\ARTIST MISSIONS.doc
[2010/07/06 17:10:45 | 000,065,964 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\SmallWorlds - Receipt1.pdf
[2010/01/19 12:49:54 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\RemoveDevice.dll
[2009/12/14 18:14:17 | 000,000,098 | ---- | C] () -- C:\WINDOWS\WirelessFTP.INI
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/06/01 19:42:52 | 000,000,000 | ---- | C] () -- C:\WINDOWS\tosOBEX.INI
[2009/04/18 00:42:23 | 000,000,041 | ---- | C] () -- C:\WINDOWS\crw.ini
[2009/01/19 18:40:54 | 000,000,520 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/12/07 13:40:43 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\DM1USBAPIVB.dll
[2007/09/27 11:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 11:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 11:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2007/08/09 11:49:09 | 000,000,440 | ---- | C] () -- C:\WINDOWS\yahoo.ini
[2007/06/01 09:29:31 | 000,000,562 | ---- | C] () -- C:\WINDOWS\TBTdetect.ini
[2007/05/31 16:04:12 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2007/05/31 16:04:12 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2007/05/31 16:04:12 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2007/05/31 16:04:12 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2007/05/31 16:04:12 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2007/05/31 16:04:12 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2007/05/30 16:26:19 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NDSTray.INI
[2007/05/30 14:00:12 | 000,128,113 | ---- | C] () -- C:\WINDOWS\System32\csellang.ini
[2007/05/30 14:00:12 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\csellang.dll
[2007/05/30 14:00:12 | 000,010,150 | ---- | C] () -- C:\WINDOWS\System32\tosmreg.ini
[2007/05/30 14:00:12 | 000,007,671 | ---- | C] () -- C:\WINDOWS\System32\cseltbl.ini
[2007/05/30 12:44:07 | 000,910,304 | ---- | C] () -- C:\WINDOWS\System32\igmedkrn.dll
[2007/05/30 12:44:07 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4814.dll
[2007/05/30 11:20:26 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2007/05/30 10:25:22 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2007/05/30 09:13:38 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\ToshBIOS.dll
[2007/05/30 09:13:37 | 000,000,083 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2006/12/05 13:05:06 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\TosBtAcc.dll
[2005/07/22 21:30:20 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\TosCommAPI.dll
[1998/05/31 00:00:00 | 000,748,160 | ---- | C] () -- C:\WINDOWS\System32\CO2C40EN.DLL
[1996/11/18 22:15:52 | 000,131,072 | ---- | C] () -- C:\WINDOWS\System32\p2sodbc.dll
[1996/11/18 22:15:50 | 000,054,272 | ---- | C] () -- C:\WINDOWS\System32\p2irdao.dll
[1996/11/18 22:15:50 | 000,050,176 | ---- | C] () -- C:\WINDOWS\System32\p2ctdao.dll
[1996/11/18 22:15:50 | 000,036,352 | ---- | C] () -- C:\WINDOWS\System32\p2bbnd.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 146 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1FEDA220
@Alternate Data Stream - 144 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:79108DDD
@Alternate Data Stream - 144 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6EB5B3D3
@Alternate Data Stream - 143 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C4B264B5
@Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:755BD5CD
@Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BA37E1F6
@Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DCE8F703
@Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B9B2111D
@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:362B7440
@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EBFD4E6F
@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:29058F8B
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4BD41AB7
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2F8DACDA
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9CD3B6D1
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C462DAE
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C8FE79B
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:ADE16379
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:385BC52C
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:94124B85
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E36F5B57
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:67518200
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A61A6FCC
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3D0C4F47
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EFD52482
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EB3AF287
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:30ECA2C2
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5BB2BD38
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D66B5EAE
< End of report >

Tazzy

Newbie Surfer
Newbie Surfer

Posts : 26
Joined : 2010-08-03
Operating System : windows xp

View user profile

Back to top Go down

Re: trojan.win32.buzus.eglu

Post by Tazzy on Tue 03 Aug 2010, 4:21 pm

OTL Extras logfile created on: 03/08/2010 06:06:08 - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\Tania Wood\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 47.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 76.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 40.65 Gb Total Space | 6.71 Gb Free Space | 16.50% Space Free | Partition Type: NTFS
Drive D: | 65.87 Gb Total Space | 3.13 Gb Free Space | 4.76% Space Free | Partition Type: NTFS
Drive E: | 5.56 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
F: Drive not present or media not loaded
G: Drive not present or media not loaded
Drive H: | 970.13 Mb Total Space | 393.44 Mb Free Space | 40.56% Space Free | Partition Type: FAT
I: Drive not present or media not loaded

Computer Name: TANIA-82363
Current User Name: Tania Wood
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.exe [@ = exefile] -- Reg Error: Key error. File not found
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"50000:TCP" = 50000:TCP:*:Enabled:BitComet 50000 TCP
"50000:UDP" = 50000:UDP:*:Enabled:BitComet 50000 UDP
"7375:TCP" = 7375:TCP:*:Enabled:BitComet 7375 TCP
"7375:UDP" = 7375:UDP:*:Enabled:BitComet 7375 UDP
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\BitComet\BitComet.exe" = C:\Program Files\BitComet\BitComet.exe:*:Enabled:BitComet.exe -- ([You must be registered and logged in to see this link.]
"C:\Program Files\iWin Games\iWinGames.exe" = C:\Program Files\iWin Games\iWinGames.exe:*:Enabled:iWin Games application. -- (iWin Inc.)
"C:\Program Files\iWin Games\WebUpdater.exe" = C:\Program Files\iWin Games\WebUpdater.exe:*:Enabled:iWin Games updater. -- ()
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
"C:\Program Files\Google\Google Talk\googletalk.exe" = C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk -- (Google)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Kontiki\KService.exe" = C:\Program Files\Kontiki\KService.exe:*:Enabled:Delivery Manager Service -- ()


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0456ebd7-5f67-4ab6-852e-63781e3f389c}" = Macromedia Flash Player
"{0577A2AA-DEA0-4D40-8372-4211102D43E4}" = TOSHIBA Mic Effect
"{05EC21B8-4593-3037-A781-A6B5AFFCB19D}" = Microsoft Windows SDK for Visual Studio 2008 .NET Framework Tools
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}" = WD Diagnostics
"{0F4F4815-76AD-4B26-8763-72F3344041C2}" = TOSHIBA Manuals
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP210_series" = Canon MP210 series
"{11D3D948-2789-2E3D-03D7-282B537D8C01}" = BBC iPlayer Desktop
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{17B66E83-1BC9-11D5-A54A-0090278A1BB8}" = Microsoft FrontPage Client - English
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1CB92574-96F2-467B-B793-5CEB35C40C29}" = Image Resizer Powertoy for Windows XP
"{1E63ACB5-D45E-4856-8FC9-78F4B0D7BB80}" = TOSHIBA Security Assist
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{2254E64C-D2B1-4478-BD7E-37457D09FF39}" = QuickLink Desktop
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
"{2290A680-4083-410A-ADCC-7092C67FC052}" = Toshiba Online Product Information
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{241F2BF7-69EB-42A4-9156-96B2426C7504}" = Microsoft SQL Server Compact 3.5 for Devices ENU
"{24300A63-DD78-4AA5-A914-4D582C41D33A}" = TOSHIBA TouchPad On/Off Utility V2.5.1.0
"{26A24AE4-039D-4CA4-87B4-2F83216010FF}" = Java(TM) 6 Update 20
"{291B3A3B-F808-45B8-8113-DF232FCB6C82}" = Microsoft .NET Compact Framework 3.5
"{2C38F661-26B7-445D-B87D-B53FE2D3BD42}" = TOSHIBA PC Diagnostic Tool
"{2E5C075E-11AB-4BDD-918C-7B9A68953FF8}" = Microsoft SQL Server Compact 3.5 Design Tools ENU
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java(TM) SE Runtime Environment 6
"{32A3A4F4-B792-11D6-A78A-00B0D0160100}" = Java(TM) SE Development Kit 6 Update 10
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3B8D9FA4-745C-47C9-962D-4ABE6ACE136B}" = TOSHIBA Mobile Extension3
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{400830CA-F056-4BBE-80A3-9DF9CA4FB889}" = TOSHIBA Direct Disc Writer
"{4323A3CF-D66F-46BC-AD16-B94D7BF05CF1}" = TOSHIBA Dual Pointing Device Utility
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C2E5A82-DA8B-4c72-91A6-EBB4E0463537}_is1" = V Stuff Backup v1.6.2.16478
"{503C0372-6161-4B3E-B4A6-AC0A15C44CBC}" = PL-2303 USB-to-Serial
"{50AD75E8-547E-4998-8C06-BF5CEEF30813}" = Acronis True Image
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{56190F69-01D3-46CA-9861-43377C5E9B87}" = TOSHIBA Utilities
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{5D652EC3-8AC0-41E7-B337-162BC7B01148}" = Retrospect Express HD 2.0
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{64212898-097F-4F3F-AECA-6D34A7EF82DF}" = TOSHIBA Zooming Utility
"{64c5b887-b5ee-42b8-8596-78905a6b5f1f}" = Microsoft Windows SDK for Visual Studio 2008 SDK Reference Assemblies and IntelliSense
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6753B40C-0FBD-3BED-8A9D-0ACAC2DCD85D}" = Microsoft Document Explorer 2008
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6C9F6D23-E9AD-43C9-B43A-011562AAF876}" = Windows Mobile 5.0 SDK R2 for Pocket PC
"{6DE13770-01B7-4366-8DA6-48237793F445}" = VoiceOver Kit
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{737629F4-4111-4FD4-9071-29873B7C6426}" = Protector Suite 5.4
"{76E6BBAA-25E6-4BFC-9613-75A5CACE2940}" = Olympus DSS Player
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7862BAD8-A379-4128-8AA1-EFD5A9603C53}" = Wireless Hotkey
"{79756522-09EE-4CD9-9B66-308E7A8954C0}" = The Best Quiz Night In The World
"{7B569268-AB31-4156-BAA7-1330C6227217}" = Sequence Diagram Editor
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{842FAF7C-50EF-4463-9B8F-6222E1384D7D}" = Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8FB53850-246A-3507-8ADE-0060093FFEA6}" = Visual Studio Tools for the Office system 3.0 Runtime
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_STANDARDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_STANDARDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_STANDARDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_STANDARDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_STANDARDR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_STANDARDR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_STANDARDR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0021-0000-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer 2007
"{90120000-0021-0000-0000-0000000FF1CE}_VisualWebDeveloper_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0021-0409-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer MUI (English) 2007
"{90120000-0021-0409-0000-0000000FF1CE}_VisualWebDeveloper_{E1044ED2-E4AD-4B39-B500-31109750F6B4}" = Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_STANDARDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}_VisualWebDeveloper_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00B2-0409-0000-0000000FF1CE}" = Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_STANDARDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}_VisualWebDeveloper_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
"{91120000-0012-0000-0000-0000000FF1CE}" = Microsoft Office Standard 2007
"{91120000-0012-0000-0000-0000000FF1CE}_STANDARDR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0012-0000-0000-0000000FF1CE}_STANDARDR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD for TOSHIBA
"{94A90C69-71C1-470A-88F5-AA47ECC96B40}" = TOSHIBA HDD Protection
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95120000-0122-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{9656F3AC-6BA9-43F0-ABED-F214B5DAB27B}" = Windows Mobile 5.0 SDK R2 for Smartphone
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{998D6972-F58E-479D-9248-8F179E55AE38}" = Java DB 10.4.1.3
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A33B83D-FFC4-44CF-BEEF-632DECEF2FCD}" = Microsoft SQL Server Database Publishing Wizard 1.2
"{9A9EB5FC-1155-497B-9AF9-D1AB20382B10}" = STOPzilla
"{9ACBDDE2-DD2D-4103-8ECE-D1A9F7F03D1A}" = TOSHIBA Power Saver
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{A10DA03B-9048-48B4-00A2-A71153C3F886}" = The Sims™ Pet Stories
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A59BB15D-51B7-F12B-4548-8C0368243441}" = EA Download Manager UI
"{A6690C0E-B96E-4F0F-A8EB-D5B332454AC6}" = TOSHIBA Controls
"{A6FDF86A-F541-4E7B-AEA0-8849A2A700D5}" = iTunes
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A899DA1F-D626-401C-8651-F2921E3B4CB3}" = 3Connect
"{AA467959-A1D6-4F45-90CD-11DC57733F32}" = Crystal Reports Basic for Visual Studio 2008
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1.3
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B268E9A1-04A9-40D0-9866-846BE2B74BA7}" = Microsoft Windows SDK for Visual Studio 2008 Win32 Tools
"{B32E7732-B2FB-3FD0-81AC-6025B1104C66}" = Microsoft Device Emulator version 3.0 - ENU
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BBF5493A-05FB-4449-90DE-84A61EB78154}" = TOSHIBA SD Memory Boot Utility
"{BCC899FE-2DAA-460C-A5FB-60291E73D9C3}" = Microsoft SQL Server Compact 3.5 ENU
"{BDD83DC9-BEE9-4654-A5DA-CC46C250088D}" = TOSHIBA ConfigFree
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C0FC3B56-E345-40CD-A5CB-7EB791CE3E74}" = TOSHIBA Password Utility
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{CAA376AF-0DE8-4FCA-942E-C6AC579B94B3}" = Microsoft Windows SDK for Visual Studio 2008 Tools
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CB9EBE84-1EA9-3053-8E3C-13BE147B36E2}" = Native x86 Runtime for Visual C++ 2008 Feature Pack (v.9.0.30411)
"{CB9EBE84-1EA9-3053-8E3C-13BE147B36E2}.vc_x86runtime_30411_00" = Visual C++ 2008 Feature Pack - x86 - v9.0.30411.00
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D4D24FE5-FAB3-4FE2-AFFC-623955F4DF3A}" = Visual Studio.NET Baseline - English
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{D7DAD1E4-45F4-3B2B-899A-EA728167EC4F}" = Microsoft Visual Studio 2008 Professional Edition - ENU
"{DB780B85-B4B5-4864-A49C-9B706B169C93}" = TIPCI
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E9F44C98-B8B6-480F-AF7B-E42A0A46F4E3}" = Microsoft SQL Server VSS Writer
"{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}" = TOSHIBA SD Memory Utilities
"{EDDF99D9-9FE3-4871-A7DB-D1522C51EE9A}" = Microsoft .NET Compact Framework 2.0 SP2
"{EFE9ACA6-6056-40CD-8325-0E0BE2CB622B}" = Read And Write 8.1 Gold
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F9B3DD02-B0B3-42E9-8650-030DFF0D133D}" = Microsoft SQL Server Native Client
"{FC4C645F-8EBC-4F1E-A517-D1505B43A374}" = TOSHIBA Wireless Key Logon
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1" = BBC iPlayer Desktop
"BitComet" = BitComet 1.13
"Bullzip PDF Printer_is1" = Bullzip PDF Printer 6.0.0.702
"CCleaner" = CCleaner
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"com.ea.Vault.919CACB699904AC5D41B606703500DD39747C02D.1" = EA Download Manager UI
"Demand Five Player_is1" = Demand Five Player
"EA Download Manager" = EA Download Manager
"EditPlus 3" = EditPlus 3
"Entriq MediaSphere_is1" = Uninstall Entriq MediaSphere
"FileZilla Client" = FileZilla Client 3.2.4
"F-Secure Product 444" = F-Secure Internet Security 2008 OEM
"GPL Ghostscript Lite_is1" = GPL Ghostscript Lite 8.63
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"Huawei Modems" = Huawei Modems
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"iMesh" = iMesh
"InstallShield_{2C38F661-26B7-445D-B87D-B53FE2D3BD42}" = TOSHIBA PC Diagnostic Tool
"InstallShield_{56190F69-01D3-46CA-9861-43377C5E9B87}" = TOSHIBA Utilities
"InstallShield_{9ACBDDE2-DD2D-4103-8ECE-D1A9F7F03D1A}" = TOSHIBA Power Saver
"InstallShield_{C0FC3B56-E345-40CD-A5CB-7EB791CE3E74}" = TOSHIBA Password Utility
"InstallShield_{DB780B85-B4B5-4864-A49C-9B706B169C93}" = Texas Instruments PCIxx21/x515/xx12 drivers.
"iWinArcade" = iWin Games (remove only)
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Document Explorer 2008" = Microsoft Document Explorer 2008
"Microsoft Visual Studio 2005 Tools for Office Runtime" = Visual Studio 2005 Tools for Office Second Edition Runtime
"Microsoft Visual Studio 2008 Professional Edition - ENU" = Microsoft Visual Studio 2008 Professional Edition - ENU
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"MSNINST" = MSN
"myBabylon_English Toolbar" = myBabylon_English Toolbar
"nbi-glassfish-2.0.2.4.20080515" = GlassFish V2 UR2
"nbi-nb-base-6.1.0.1.200805300101" = NetBeans IDE 6.1
"PROSet" = Intel(R) PRO Network Connections Drivers
"Registry Mechanic_is1" = Registry Mechanic 8.0
"Spyware Doctor" = Spyware Doctor 6.0
"SpywareBlaster_is1" = SpywareBlaster 4.2
"ST6UNST #1" = The Budgerigar Program 2006
"STANDARDR" = Microsoft Office Standard 2007
"SwiftKit" = SwiftKit
"SystemRequirementsLab" = System Requirements Lab
"TDspBtn" = TOSHIBA Display Devices Change Utility
"TFNF5" = TOSHIBA Hotkey Utility for Display Devices
"TME" = Uninstall for TOSHIBA Mobile Extension3
"TOSHIBA Software Modem" = TOSHIBA Software Modem
"Visual Studio Tools for the Office system 3.0 Runtime" = Visual Studio Tools for the Office system 3.0 Runtime
"VisualWebDeveloper" = Microsoft Visual Studio Web Authoring Component
"VLC media player" = VLC media player 1.0.1
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"ZTE_1.2059.0.8" = ZTE_1.2059.0.8

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Combo Box" = Combo Box
"Facebook Plug-In" = Facebook Plug-In
"Google Chrome" = Google Chrome
"Icon Demo Application" = Icon Demo Application
"SmartDraw 2009" = SmartDraw 2009
"UnityWebPlayer" = Unity Web Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 01/08/2010 23:22:41 | Computer Name = TANIA-82363 | Source = Message from F-Secure Anti-Virus on | ID = 103
Description = 7 2010-08-02 04:22:41+01:00 tania-82363 TANIA-82363\Tania Wood
Message from F-Secure Anti-Virus on Scanning of \DEVICE\HARDDISKVOLUME1\DOCUMENTS
AND SETTINGS\TANIA WOOD\APPLICATION DATA\SKYPE\CHERRY.AID\MAIN.DB-JOURNAL was aborted
due to exceeded scanning time limit. The file may be in use or reading it was too
slow (e.g. network connection was under stress).

Error - 01/08/2010 23:47:58 | Computer Name = TANIA-82363 | Source = Message from F-Secure Anti-Virus on | ID = 103
Description = 8 2010-08-02 04:47:44+01:00 tania-82363 TANIA-82363\Tania Wood
Message from F-Secure Anti-Virus on Scanning of \DEVICE\HARDDISKVOLUME1\DOCUMENTS
AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\SEARCH\DATA\APPLICATIONS\WINDOWS\MSS.CHK
was aborted due to exceeded scanning time limit. The file may be in use or reading
it was too slow (e.g. network connection was under stress).

Error - 01/08/2010 23:48:01 | Computer Name = TANIA-82363 | Source = Message from F-Secure Anti-Virus on | ID = 103
Description = 9 2010-08-02 04:47:44+01:00 tania-82363 TANIA-82363\Tania Wood
Message from F-Secure Anti-Virus on Scanning of \DEVICE\HARDDISKVOLUME1\DOCUMENTS
AND SETTINGS\TANIA WOOD\LOCAL SETTINGS\TEMP\ETILQS_BUCW5VGZRPY7QRXYQETT was aborted
due to exceeded scanning time limit. The file may be in use or reading it was too
slow (e.g. network connection was under stress).

Error - 01/08/2010 23:48:06 | Computer Name = TANIA-82363 | Source = Message from F-Secure Anti-Virus on | ID = 103
Description = 10 2010-08-02 04:47:56+01:00 tania-82363 TANIA-82363\Tania Wood
Message from F-Secure Anti-Virus on Scanning of \DEVICE\HARDDISKVOLUME1\DOCUMENTS
AND SETTINGS\TANIA WOOD\APPLICATION DATA\SKYPE\CHERRY.AID\MAIN.DB-JOURNAL was aborted
due to exceeded scanning time limit. The file may be in use or reading it was too
slow (e.g. network connection was under stress).

Error - 02/08/2010 00:09:27 | Computer Name = TANIA-82363 | Source = Message from F-Secure Anti-Virus on | ID = 103
Description = 11 2010-08-02 05:09:26+01:00 tania-82363 TANIA-82363\Tania Wood
Message from F-Secure Anti-Virus on Scanning of \DEVICE\HARDDISKVOLUME1\PROGRAM
FILES\F-SECURE INTERNET SECURITY\FSAUA\SUBSCRIPTIONS\AVH_AVPE was aborted due to
exceeded scanning time limit. The file may be in use or reading it was too slow
(e.g. network connection was under stress).

Error - 02/08/2010 00:16:45 | Computer Name = TANIA-82363 | Source = Message from F-Secure Anti-Virus on | ID = 103
Description = 12 2010-08-02 05:16:44+01:00 tania-82363 TANIA-82363\Tania Wood
Message from F-Secure Anti-Virus on Scanning of \DEVICE\HARDDISKVOLUME1\DOCUMENTS
AND SETTINGS\TANIA WOOD\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\CACHE\F_0005A6
was aborted due to exceeded scanning time limit. The file may be in use or reading
it was too slow (e.g. network connection was under stress).

Error - 02/08/2010 12:11:06 | Computer Name = TANIA-82363 | Source = Message from F-Secure Anti-Virus on | ID = 103
Description = 1 2010-08-02 17:11:06+01:00 tania-82363 TANIA-82363\Tania Wood
Message from F-Secure Anti-Virus on Malicious code found in file C:\System Volume
Information\_restore{057EF1DB-699E-460E-A182-554DABF78B4D}\RP355\A0076825.0xe.
Infection: Trojan.Win32.Buzus.eglu Action: failed.

Error - 03/08/2010 01:07:59 | Computer Name = TANIA-82363 | Source = Message from F-Secure Anti-Virus on | ID = 103
Description = 2 2010-08-03 06:07:58+01:00 tania-82363 TANIA-82363\Tania Wood
Message from F-Secure Anti-Virus on Malicious code found in file C:\WINDOWS\system32\f3PSSavr.0cr.
Infection: Adware:W32/MyWebSearch.H

Error - 03/08/2010 01:09:59 | Computer Name = TANIA-82363 | Source = Message from F-Secure Anti-Virus on | ID = 103
Description = 3 2010-08-03 06:09:59+01:00 tania-82363 TANIA-82363\Tania Wood
Message from F-Secure Anti-Virus on Malicious code found in file C:\WINDOWS\system32\f3PSSavr.0cr.
Infection: Adware:W32/MyWebSearch.H

Error - 03/08/2010 01:10:11 | Computer Name = TANIA-82363 | Source = Message from F-Secure Anti-Virus on | ID = 103
Description = 4 2010-08-03 06:10:11+01:00 tania-82363 TANIA-82363\Tania Wood
Message from F-Secure Anti-Virus on Malicious code found in file C:\Documents
and Settings\Tania Wood\Local Settings\Application Data\wazjltd.0xe. Infection:
Trojan.Win32.Hrup.aah Action: failed.

[ OSession Events ]
Error - 18/06/2009 06:54:33 | Computer Name = TANIA-82363 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 9
seconds with 0 seconds of active time. This session ended with a crash.

Error - 18/06/2009 06:54:51 | Computer Name = TANIA-82363 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 9
seconds with 0 seconds of active time. This session ended with a crash.

Error - 18/06/2009 06:55:01 | Computer Name = TANIA-82363 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 3
seconds with 0 seconds of active time. This session ended with a crash.

Error - 19/10/2009 18:54:22 | Computer Name = TANIA-82363 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 88
seconds with 0 seconds of active time. This session ended with a crash.

Error - 19/10/2009 18:54:45 | Computer Name = TANIA-82363 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 12
seconds with 0 seconds of active time. This session ended with a crash.

Error - 12/04/2010 06:41:39 | Computer Name = TANIA-82363 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 9
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 02/08/2010 10:29:21 | Computer Name = TANIA-82363 | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the Bonjour Service service.

Error - 02/08/2010 10:29:52 | Computer Name = TANIA-82363 | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the Bonjour Service service.

Error - 02/08/2010 10:30:24 | Computer Name = TANIA-82363 | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the Bonjour Service service.

Error - 02/08/2010 10:30:54 | Computer Name = TANIA-82363 | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the Bonjour Service service.

Error - 02/08/2010 10:31:25 | Computer Name = TANIA-82363 | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the Bonjour Service service.

Error - 02/08/2010 10:31:55 | Computer Name = TANIA-82363 | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the Bonjour Service service.

Error - 02/08/2010 10:32:25 | Computer Name = TANIA-82363 | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the Bonjour Service service.

Error - 02/08/2010 10:38:57 | Computer Name = TANIA-82363 | Source = Service Control Manager | ID = 7022
Description = The SQL Server VSS Writer service hung on starting.

Error - 02/08/2010 10:38:57 | Computer Name = TANIA-82363 | Source = Service Control Manager | ID = 7034
Description = The SQL Server VSS Writer service terminated unexpectedly. It has
done this 1 time(s).

Error - 02/08/2010 10:53:53 | Computer Name = TANIA-82363 | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.0.100 for the Network Card with network
address 001CBF139729 has been denied by the DHCP server 192.168.0.1 (The DHCP Server
sent a DHCPNACK message).


< End of report >

Tazzy

Newbie Surfer
Newbie Surfer

Posts : 26
Joined : 2010-08-03
Operating System : windows xp

View user profile

Back to top Go down

Re: trojan.win32.buzus.eglu

Post by Belahzur on Wed 04 Aug 2010, 11:00 am

Hello.

Please run OTL.exe.

  • Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):


    :OTL
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - No CLSID value found.
    O2 - BHO: (no name) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - No CLSID value found.
    O2 - BHO: (no name) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.



  • Return to OTL, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.

  • Click the red Run Fix button.
  • A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTL.exe
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: trojan.win32.buzus.eglu

Post by Tazzy on Wed 04 Aug 2010, 1:30 pm

ok thanks here is the text file that i got

========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{2318C2B1-4965-11d4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11d4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.

OTL by OldTimer - Version 3.2.9.1 log created on 08042010_032937

Tazzy

Newbie Surfer
Newbie Surfer

Posts : 26
Joined : 2010-08-03
Operating System : windows xp

View user profile

Back to top Go down

Re: trojan.win32.buzus.eglu

Post by Belahzur on Thu 05 Aug 2010, 1:49 am

Please download and run this tool.

Download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: trojan.win32.buzus.eglu

Post by Tazzy on Tue 10 Aug 2010, 6:31 am

Malwarebytes' Anti-Malware 1.46
[You must be registered and logged in to see this link.]

Database version: 4052

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

09/08/2010 20:19:06
mbam-log-2010-08-09 (20-19-06).txt

Scan type: Quick scan
Objects scanned: 131374
Time elapsed: 31 minute(s), 50 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 35
Registry Values Infected: 5
Registry Data Items Infected: 0
Folders Infected: 13
Files Infected: 14

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\Interface\{480098c6-f6ad-4c61-9b5c-2bae228a34d1} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{6160f76a-1992-4b17-a32d-0c706d159105} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{cf54be1c-9359-4395-8533-1657cf209cfe} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{3de88beb-f271-484a-ba71-01d30f439f0c} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{50ad41d2-b1f0-47cc-9ea7-395355eaeebd} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{8ceb185e-81a5-46d3-bc20-c555d605afbd} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a72522ba-9ff3-4c83-abc6-9b476728a396} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c5762628-ae15-4ca6-96c4-b00dd17f3419} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{d062e03e-65ca-49e4-9b15-31938ba98922} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{883dfc00-8a21-411d-956c-73a4e4b7d16f} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{d518921a-4a03-425e-9873-b9a71756821e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Explorer\Bars\{cac89ff9-34a9-4431-8cfe-292a47f843bc} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Explorer\Bars\{b72681c0-a222-4b21-a0e2-53a5a5ca3d411} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{42c7c39f-3128-4a17-bdb7-91c46032b5b9} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d74e9dd-8987-448b-b2cb-67fff2b8a932} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b72681c0-a222-4b21-a0e2-53a5a5ca3d41} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{cac89ff9-34a9-4431-8cfe-292a47f843bc} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{eb4a577d-bcad-4b1c-8af2-9a74b8dd3431} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf6-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{d45817b8-3ead-4d1d-8fca-ec63a8e35de2} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{42c7c39f-3128-4a17-bdb7-91c46032b5b9} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{1d74e9dd-8987-448b-b2cb-67fff2b8a932} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{b72681c0-a222-4b21-a0e2-53a5a5ca3d41} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{cac89ff9-34a9-4431-8cfe-292a47f843bc} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{eb4a577d-bcad-4b1c-8af2-9a74b8dd3431} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{d45817b8-3ead-4d1d-8fca-ec63a8e35de2} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\fcn (Rogue.Residue) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{00a6faf6-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions\{8141440e-08f0-4339-9959-5c31c6a69f23} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions\{e63605fc-d583-4c81-867f-9457bdb3ea1b} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions\{e889f097-b0be-471b-89ad-b86b6f04b506} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\forceclassiccontrolpanel (Hijack.ControlPanelStyle) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\ScreenSaver (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\ScreenSaver\Images (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\2.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\3.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\4.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\5.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\6.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\7.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Files Infected:
C:\Documents and Settings\Tania Wood\Local Settings\Application Data\wazjltd_navps.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\Tania Wood\Local Settings\Application Data\wazjltd_nav.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\Tania Wood\Local Settings\Application Data\wazjltd.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
D:\My Documents\downloads\WebfettiSetup2.3.69.8.ZKman000.exe (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\Popular Screensavers.scr (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\MWSOESTB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\3.bin\F3HKSTUB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\4.bin\F3HKSTUB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\5.bin\MWSOEMON.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\5.bin\MWSOESTB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\6.bin\MWSOEMON.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\6.bin\MWSSVC.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Tazzy

Newbie Surfer
Newbie Surfer

Posts : 26
Joined : 2010-08-03
Operating System : windows xp

View user profile

Back to top Go down

Re: trojan.win32.buzus.eglu

Post by Belahzur on Wed 11 Aug 2010, 11:01 am

Hello.

  • Download combofix from here
    Link 1
    Link 2

    1. If you are using Firefox, make sure that your download settings are as follows:

    * Tools->Options->Main tab
    * Set to "Always ask me where to Save the files".

    2. During the download, rename Combofix to Combo-Fix as follows:





    3. It is important you rename Combofix during the download, but not after.
    4. Please do not rename Combofix to other names, but only to the one indicated.
    5. Close any open browsers.
    6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

  • We need to disable your local AV (Anti-virus) before running Combofix.
  • See HERE for how to disable your AV.
  • Double click on ComboFix.exe.
  • Follow the prompts. NOTE:
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
    ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.


  • The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.



  • Allow ComboFix to download the Recovery Console.
  • Accept the End-User License Agreement.
  • The Recovery Console will be installed.
  • You will then get this next prompt that asks if you want to continue the malware scan, select yes



  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: trojan.win32.buzus.eglu

Post by Tazzy on Fri 20 Aug 2010, 4:10 am

Hi
Sorry this reply took so long but i was away without internet access.
I have run the combofix but on the first run as the report was being created the computer locked up and i was unable to do anything except shut the computer down and restart then re run combofix, will this affect the log file as the following log file is from the rerun.

Thanks



ComboFix 10-08-18.02 - Tania Wood 19/08/2010 16:45:35.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.2039.1177 [GMT 1:00]
Running from: c:\documents and settings\Tania Wood\Desktop\Combo-Fix.exe
AV: F-Secure Internet Security 2008 OEM 8.00 *On-access scanning disabled* (Updated) {E7512ED5-4245-4B4D-AF3A-382D3F313F15}
AV: Norton Internet Security *On-access scanning disabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: F-Secure Internet Security 2008 OEM 8.00 *disabled* {D4747503-0346-49EB-9262-997542F79BF4}
FW: Norton Internet Security *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\documents and settings\Tania Wood\Local Settings\Application Data\tcesetup.exe
c:\documents and settings\Tania Wood\Local Settings\Application Data\wazjltd.0xe
c:\documents and settings\Tania Wood\System
c:\documents and settings\Tania Wood\System\win_qs8.jqx
c:\program files\iWin Games\iWinGamesHookIE.dll
c:\windows\Installer\$PatchCache$\Managed\6ACA9EFE6506DC043852E0B02EBC26B2\8.1.0\html.ini2
c:\windows\system32\images
c:\windows\system32\images\toolbar\calendar.gif
c:\windows\system32\images\toolbar\crlogo.gif
c:\windows\system32\images\toolbar\export.gif
c:\windows\system32\images\toolbar\export_over.gif
c:\windows\system32\images\toolbar\exportd.gif
c:\windows\system32\images\toolbar\First.gif
c:\windows\system32\images\toolbar\first_over.gif
c:\windows\system32\images\toolbar\Firstd.gif
c:\windows\system32\images\toolbar\gotopage.gif
c:\windows\system32\images\toolbar\gotopage_over.gif
c:\windows\system32\images\toolbar\gotopaged.gif
c:\windows\system32\images\toolbar\grouptree.gif
c:\windows\system32\images\toolbar\grouptree_over.gif
c:\windows\system32\images\toolbar\grouptreed.gif
c:\windows\system32\images\toolbar\grouptreepressed.gif
c:\windows\system32\images\toolbar\Last.gif
c:\windows\system32\images\toolbar\last_over.gif
c:\windows\system32\images\toolbar\Lastd.gif
c:\windows\system32\images\toolbar\Next.gif
c:\windows\system32\images\toolbar\next_over.gif
c:\windows\system32\images\toolbar\Nextd.gif
c:\windows\system32\images\toolbar\Prev.gif
c:\windows\system32\images\toolbar\prev_over.gif
c:\windows\system32\images\toolbar\Prevd.gif
c:\windows\system32\images\toolbar\print.gif
c:\windows\system32\images\toolbar\print_over.gif
c:\windows\system32\images\toolbar\printd.gif
c:\windows\system32\images\toolbar\Refresh.gif
c:\windows\system32\images\toolbar\refresh_over.gif
c:\windows\system32\images\toolbar\refreshd.gif
c:\windows\system32\images\toolbar\Search.gif
c:\windows\system32\images\toolbar\search_over.gif
c:\windows\system32\images\toolbar\searchd.gif
c:\windows\system32\images\toolbar\up.gif
c:\windows\system32\images\toolbar\up_over.gif
c:\windows\system32\images\toolbar\upd.gif
c:\windows\system32\images\tree\begindots.gif
c:\windows\system32\images\tree\beginminus.gif
c:\windows\system32\images\tree\beginplus.gif
c:\windows\system32\images\tree\blank.gif
c:\windows\system32\images\tree\blankdots.gif
c:\windows\system32\images\tree\dots.gif
c:\windows\system32\images\tree\lastdots.gif
c:\windows\system32\images\tree\lastminus.gif
c:\windows\system32\images\tree\lastplus.gif
c:\windows\system32\images\tree\Magnify.gif
c:\windows\system32\images\tree\minus.gif
c:\windows\system32\images\tree\minusbox.gif
c:\windows\system32\images\tree\plus.gif
c:\windows\system32\images\tree\plusbox.gif
c:\windows\system32\images\tree\singleminus.gif
c:\windows\system32\images\tree\singleplus.gif

.
((((((((((((((((((((((((( Files Created from 2010-07-19 to 2010-08-19 )))))))))))))))))))))))))))))))
.

2010-08-16 12:59 . 2010-08-16 12:59 -------- d-----w- c:\documents and settings\Tania Wood\Application Data\Birdstep Technology
2010-08-16 12:58 . 2010-01-28 12:35 10240 ----a-w- c:\windows\system32\drivers\mdvrmng.sys
2010-08-16 12:58 . 2010-08-16 12:58 -------- d-----w- c:\program files\3 Mobile Broadband
2010-08-12 16:35 . 2004-03-09 16:36 69632 ----a-w- c:\windows\system32\xmltok.dll
2010-08-12 16:35 . 2004-03-09 16:36 36864 ----a-w- c:\windows\system32\xmlparse.dll
2010-08-12 16:35 . 2004-03-09 16:36 26096 ----a-w- c:\windows\system32\xmlinst.exe
2010-08-12 16:35 . 2004-03-09 16:36 24576 ----a-w- c:\windows\system32\msxml3a.dll
2010-08-12 16:35 . 2010-08-12 16:35 -------- d-----w- c:\program files\Ubisoft
2010-08-09 12:21 . 2010-08-09 12:21 503808 ----a-w- c:\documents and settings\Tania Wood\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-1dbe9b9f-n\msvcp71.dll
2010-08-09 12:21 . 2010-08-09 12:21 499712 ----a-w- c:\documents and settings\Tania Wood\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-1dbe9b9f-n\jmc.dll
2010-08-09 12:21 . 2010-08-09 12:21 348160 ----a-w- c:\documents and settings\Tania Wood\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-1dbe9b9f-n\msvcr71.dll
2010-08-09 12:21 . 2010-08-09 12:21 61440 ----a-w- c:\documents and settings\Tania Wood\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-5e2e1a75-n\decora-sse.dll
2010-08-09 12:21 . 2010-08-09 12:21 12800 ----a-w- c:\documents and settings\Tania Wood\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-5e2e1a75-n\decora-d3d.dll
2010-08-08 18:38 . 2010-08-08 18:38 -------- d-----w- c:\documents and settings\Tania Wood\Application Data\Malwarebytes
2010-08-08 18:38 . 2010-04-29 14:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-08 18:38 . 2010-08-08 18:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-08-08 18:38 . 2010-04-29 14:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-08 18:38 . 2010-08-08 19:19 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-04 02:29 . 2010-08-04 02:29 -------- d-----w- C:\_OTL
2010-08-02 14:27 . 2010-08-02 14:27 -------- d-----w- c:\documents and settings\LocalService\Application Data\Birdstep Technology
2010-08-02 14:27 . 2010-01-19 11:49 105088 ----a-w- c:\windows\system32\drivers\ZTEusbser6k.sys
2010-08-02 14:27 . 2010-01-19 11:49 105088 ----a-w- c:\windows\system32\drivers\ZTEusbnmea.sys
2010-08-02 14:27 . 2010-01-19 11:49 9216 ----a-w- c:\windows\system32\drivers\massfilter.sys
2010-08-02 14:27 . 2010-01-19 11:49 105088 ----a-w- c:\windows\system32\drivers\ZTEusbmdm6k.sys
2010-08-02 14:26 . 2010-08-02 14:27 -------- d-----w- c:\program files\ZTE_1.2059.0.8
2010-07-20 18:16 . 2010-07-20 18:16 237568 ---ha-w- C:\SZKGFS.dat
2010-07-20 18:11 . 2010-07-20 18:11 -------- d-----w- c:\documents and settings\All Users\Application Data\SITEguard
2010-07-20 18:10 . 2010-07-20 18:10 -------- d-----w- c:\program files\Common Files\iS3
2010-07-20 18:10 . 2010-08-16 13:01 -------- d-----w- c:\documents and settings\All Users\Application Data\STOPzilla!

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-19 15:10 . 2009-07-18 18:27 -------- d-----w- c:\program files\iWin Games
2010-08-19 12:39 . 2009-07-04 15:57 -------- d-----w- c:\program files\BitComet
2010-08-16 12:59 . 2009-07-25 08:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Birdstep Technology
2010-08-16 12:58 . 2007-05-30 10:33 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-08-12 13:10 . 2009-12-14 02:57 -------- d-----w- c:\documents and settings\Tania Wood\Application Data\Skype
2010-08-12 09:54 . 2009-12-14 03:00 -------- d-----w- c:\documents and settings\Tania Wood\Application Data\skypePM
2010-08-11 02:12 . 2007-05-31 16:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-07-20 18:58 . 2009-02-15 01:44 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-07-20 18:54 . 2008-12-29 18:44 -------- d-----w- c:\documents and settings\All Users\Application Data\RetroExp
2010-07-19 23:22 . 2009-12-28 23:21 -------- d-----w- c:\documents and settings\Tania Wood\Application Data\vlc
2010-06-30 12:31 . 2007-05-30 08:13 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-24 12:22 . 2007-05-30 08:13 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-24 11:51 . 2010-06-24 11:51 -------- d-----w- c:\program files\Common Files\Skype
2010-06-24 11:51 . 2009-12-14 02:56 -------- d-----r- c:\program files\Skype
2010-06-24 11:40 . 2009-12-25 00:49 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-06-24 11:39 . 2010-06-24 11:51 53632 ----a-w- c:\documents and settings\Tania Wood\Application Data\Macromedia\Flash Player\[You must be registered and logged in to see this link.]
2010-06-23 13:44 . 2007-05-30 08:13 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-21 15:27 . 2007-05-30 08:13 354304 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-17 14:03 . 2007-05-30 08:13 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-14 14:31 . 2007-05-30 09:21 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-14 07:41 . 2007-05-30 08:13 1172480 ----a-w- c:\windows\system32\msxml3.dll
2010-06-12 16:29 . 2010-06-12 16:29 50354 ----a-w- c:\documents and settings\Tania Wood\Application Data\Facebook\uninstall.exe
2010-06-09 10:45 . 2010-06-09 10:45 5591040 ----a-w- c:\documents and settings\Tania Wood\Application Data\Facebook\npfbplugin_1_0_3.dll
2010-05-25 14:27 . 2009-05-29 23:08 42 ----a-w- c:\documents and settings\Tania Wood\jagex_runescape_preferences.dat
2010-05-25 14:20 . 2010-05-25 14:08 81 ----a-w- c:\documents and settings\Tania Wood\jagex_runescape_preferences2.dat
2010-05-25 14:08 . 2010-05-25 14:08 0 ----a-w- c:\documents and settings\Tania Wood\jagex__preferences3.dat
2010-05-25 14:03 . 2010-05-25 14:03 503808 ----a-w- c:\documents and settings\Tania Wood\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-31308b56-n\msvcp71.dll
2010-05-25 14:03 . 2010-05-25 14:03 499712 ----a-w- c:\documents and settings\Tania Wood\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-31308b56-n\jmc.dll
2010-05-25 14:03 . 2010-05-25 14:03 348160 ----a-w- c:\documents and settings\Tania Wood\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-31308b56-n\msvcr71.dll
2010-05-25 14:03 . 2010-05-25 14:03 61440 ----a-w- c:\documents and settings\Tania Wood\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-7381fef5-n\decora-sse.dll
2010-05-25 14:03 . 2010-05-25 14:03 12800 ----a-w- c:\documents and settings\Tania Wood\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-7381fef5-n\decora-d3d.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}"= "c:\program files\myBabylon_English\tbmyB1.dll" [2010-05-15 2515552]

[HKEY_CLASSES_ROOT\clsid\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]
2010-05-15 13:11 2515552 ----a-w- c:\program files\myBabylon_English\tbmyB1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}"= "c:\program files\myBabylon_English\tbmyB1.dll" [2010-05-15 2515552]

[HKEY_CLASSES_ROOT\clsid\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{B2E293EE-FD7E-4C71-A714-5F4750D8D7B7}"= "c:\program files\myBabylon_English\tbmyB1.dll" [2010-05-15 2515552]

[HKEY_CLASSES_ROOT\clsid\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2005-04-11 65536]
"Google Update"="c:\documents and settings\Tania Wood\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-03-15 135664]
"BitComet"="d:\program files\BitComet\BitComet.exe" [2008-10-10 2497336]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-02-12 174872]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-04-09 138008]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-04-09 162584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-04-09 138008]
"RTHDCPL"="RTHDCPL.EXE" [2007-03-13 16125440]
"00THotkey"="c:\windows\system32\00THotkey.exe" [2006-08-07 253952]
"000StTHK"="000StTHK.exe" [2001-06-23 24576]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2004-03-24 196608]
"DpUtil"="c:\program files\TOSHIBA\DualPointUtility\TEDTray.exe" [2005-08-05 155648]
"TouchED"="c:\program files\TOSHIBA\TouchED\TouchED.exe" [2005-08-31 102400]
"TFNF5"="TFNF5.exe" [2006-04-11 622592]
"SmoothView"="c:\program files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2007-05-11 143360]
"TPSODDCtl"="TPSODDCtl.exe" [2007-04-18 102400]
"TPSMain"="TPSMain.exe" [2007-04-18 299008]
"TOSDCR"="TOSDCR.EXE" [2005-12-12 57344]
"TosHKCW.exe"="c:\program files\TOSHIBA\Wireless Hotkey\TosHKCW.exe" [2005-05-17 49152]
"DDWMon"="c:\program files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe" [2007-04-26 495616]
"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImage\TrueImageMonitor.exe" [2007-11-07 1165120]
"AcronisTimounterMonitor"="c:\program files\Acronis\TrueImage\TimounterMonitor.exe" [2007-11-07 1945688]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2007-11-07 148760]
"WD Button Manager"="WDBtnMgr.exe" [2008-12-29 339968]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-12 141600]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]

c:\documents and settings\Tania Wood\Start Menu\Programs\Startup\
BBC iPlayer Desktop.lnk - c:\program files\BBC iPlayer Desktop\BBC iPlayer Desktop.exe [2009-12-25 95232]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2007-4-24 2756608]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2006-05-05 16:48 40448 ----a-w- c:\windows\system32\psqlpwd.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\TosBtNP]
2006-07-22 02:54 65536 ----a-w- c:\windows\system32\TosBtNP.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli psqlpwd

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\BitComet\\BitComet.exe"=
"c:\\Program Files\\iWin Games\\iWinGames.exe"=
"c:\\Program Files\\iWin Games\\WebUpdater.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Kontiki\\KService.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\3 Mobile Broadband\\3Connect\\Wilog.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"50000:TCP"= 50000:TCP:BitComet 50000 TCP
"50000:UDP"= 50000:UDP:BitComet 50000 UDP
"7375:TCP"= 7375:TCP:BitComet 7375 TCP
"7375:UDP"= 7375:UDP:BitComet 7375 UDP

R0 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [07/12/2007 13:48 51072]
R0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\drivers\thpdrv.sys [22/03/2007 13:07 20992]
R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\drivers\Thpevm.sys [09/03/2007 15:23 6528]
R1 F-Secure HIPS;F-Secure HIPS;c:\program files\F-Secure Internet Security\HIPS\fshs.sys [07/12/2007 13:47 41184]
R1 TMEI3E;TMEI3E;c:\windows\system32\drivers\TMEI3E.sys [30/05/2007 16:23 5888]
R2 BecHelperService;BecHelperService;c:\program files\3 Mobile Broadband\3Connect\BecHelperService.exe [16/08/2010 13:58 1737464]
R2 FdRedir;FdRedir;c:\program files\Common Files\Protector Suite QL\Drivers\FdRedir.sys [05/05/2006 18:00 13568]
R2 FileDisk2;FileDisk Protector Kernel Driver;c:\program files\Common Files\Protector Suite QL\Drivers\filedisk.sys [05/05/2006 17:59 33024]
R2 iWinTrusted;iWinTrusted;c:\program files\iWin Games\iWinTrusted.exe [02/09/2009 18:30 78104]
R2 smihlp;SMI helper driver;c:\program files\Protector Suite QL\smihlp.sys [05/05/2006 17:33 3456]
R2 tdudf;TOSHIBA UDF File System Driver;c:\windows\system32\drivers\tdudf.sys [26/03/2007 12:22 105856]
R2 Tmesrv;Tmesrv3;c:\program files\TOSHIBA\TME3\TMESRV31.exe [30/05/2007 16:23 114688]
R2 trudf;TOSHIBA DVD-RAM UDF File System Driver;c:\windows\system32\drivers\trudf.sys [19/02/2007 12:15 134016]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\F-Secure Internet Security\Anti-Virus\minifilter\fsgk.sys [07/12/2007 13:47 77824]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [31/05/2007 16:10 35968]
R3 TEchoCan;Toshiba Audio Effect;c:\windows\system32\drivers\TEchoCan.sys [30/05/2007 16:26 435072]
S0 nielprt;Nielsen Patch Service;c:\windows\system32\DRIVERS\nielprt.sys --> c:\windows\system32\DRIVERS\nielprt.sys [?]
S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [02/08/2010 15:27 9216]
S3 NielGfx;Nielsen USB GFX;c:\windows\system32\drivers\nielgfx.sys --> c:\windows\system32\drivers\nielgfx.sys [?]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [15/02/2009 02:43 356920]
S4 F-Secure Filter;F-Secure File System Filter;c:\program files\F-Secure Internet Security\Anti-Virus\win2k\fsfilter.sys [07/12/2007 13:47 40048]
S4 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files\F-Secure Internet Security\Anti-Virus\win2k\fsrec.sys [07/12/2007 13:47 25456]
.
Contents of the 'Scheduled Tasks' folder

2010-07-29 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2010-08-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3605395860-2466649076-873052810-1008Core.job
- c:\documents and settings\Tania Wood\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-03-15 18:46]

2010-08-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3605395860-2466649076-873052810-1008UA.job
- c:\documents and settings\Tania Wood\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-03-15 18:46]

2010-03-16 c:\windows\Tasks\Install_NSS.job
- c:\windows\system32\Macromed\Shockwave 10\nssstub.exe [2010-03-16 12:12]

2007-12-07 c:\windows\Tasks\Registration reminder 1.job
- c:\windows\system32\OOBE\oobebaln.exe [2007-05-30 00:12]

2007-12-07 c:\windows\Tasks\Registration reminder 2.job
- c:\windows\system32\OOBE\oobebaln.exe [2007-05-30 00:12]

2007-12-07 c:\windows\Tasks\Registration reminder 3.job
- c:\windows\system32\OOBE\oobebaln.exe [2007-05-30 00:12]

2010-08-19 c:\windows\Tasks\SDMsgUpdate (TE).job
- c:\progra~1\SMARTD~1\Messages\SDNotify.exe [2009-05-04 06:29]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyOverride = *.local
IE: &D&ownload &with BitComet - d:\program files\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - d:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - d:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\Tania Wood\Start Menu\Programs\IMVU\Run IMVU.lnk
FF - ProfilePath - c:\documents and settings\Tania Wood\Application Data\Mozilla\Firefox\Profiles\os6m0tqw.default\
FF - prefs.js: browser.search.defaulturl - [You must be registered and logged in to see this link.]
FF - prefs.js: browser.search.selectedEngine - Search the web (Babylon)
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - component: c:\documents and settings\Tania Wood\Application Data\Mozilla\Firefox\Profiles\os6m0tqw.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\Tania Wood\Application Data\Mozilla\Firefox\Profiles\os6m0tqw.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCore.dll
FF - component: c:\program files\Contextual Content Manager\1.7.0.3990\FF\components\CCMFFAddOn.dll
FF - component: c:\program files\Textual Content Enhancer\2.7.0.4370\FF\components\TCEFFAddOn.dll
FF - plugin: c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
FF - plugin: c:\documents and settings\Tania Wood\Application Data\Facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\documents and settings\Tania Wood\Local Settings\Application Data\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\documents and settings\Tania Wood\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\Entriq\MediaSphere\3.8.2.9\npEntriqMediaMozillaPlugin.dll
FF - plugin: c:\program files\Entriq\MediaSphere\3.8.2.9\npEntriqVersionCheckMozillaPlugin.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

Notify-TPSvc - TPSvc.dll



**************************************************************************
scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(704)
c:\windows\system32\psqlpwd.dll
c:\program files\Protector Suite QL\infra.dll
c:\program files\Protector Suite QL\homefus2.dll
c:\windows\system32\biologon.dll
c:\program files\Protector Suite QL\homepass.dll
c:\program files\Protector Suite QL\bio.dll
c:\program files\Protector Suite QL\remote.dll
c:\program files\Protector Suite QL\crypto.dll
c:\program files\Protector Suite QL\biokmd.dll
c:\program files\F-Secure Internet Security\FWES\Program\fsdc.dll

- - - - - - - > 'lsass.exe'(760)
c:\windows\system32\relog_ap.dll
c:\windows\system32\psqlpwd.dll
c:\program files\Protector Suite QL\infra.dll
c:\program files\Protector Suite QL\homefus2.dll
c:\program files\F-Secure Internet Security\FWES\Program\fsdc.dll

- - - - - - - > 'csrss.exe'(680)
c:\program files\F-Secure Internet Security\FWES\Program\fsdc.dll
.
Completion time: 2010-08-19 16:54:41
ComboFix-quarantined-files.txt 2010-08-19 15:54

Pre-Run: 7,945,195,520 bytes free
Post-Run: 7,903,784,960 bytes free

- - End Of File - - 91DC66A704AB966DCF5ED9C04EC56116

Tazzy

Newbie Surfer
Newbie Surfer

Posts : 26
Joined : 2010-08-03
Operating System : windows xp

View user profile

Back to top Go down

Re: trojan.win32.buzus.eglu

Post by Sneakyone on Fri 20 Aug 2010, 2:37 pm

Hi.

Please go to Kaspersky website and perform an online antivirus scan.

  1. Read through the requirements and privacy statement and click on Accept button.
  2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  3. When the downloads have finished, click on Settings.
  4. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
      Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  • Click on My Computer under Scan.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  • Please post this log in your next reply.


  • I'm livin' life in the fast lane.


    Sneakyone

    Tech Officer
    Tech Officer

    Posts : 2707
    Joined : 2010-01-10
    Operating System : Windows 7 Ultimate 64-bit

    View user profile http://twitter.com/AVerySneakyone

    Back to top Go down

    Re: trojan.win32.buzus.eglu

    Post by Tazzy on Sat 21 Aug 2010, 10:57 am

    Hi
    Thank you very much for helping with this i have noticed that my computer is slowly getting back to normal
    here is the log you requested after the Kaspersky scan.

    Tazzy


    --------------------------------------------------------------------------------
    KASPERSKY ONLINE SCANNER 7.0: scan report
    Saturday, August 21, 2010
    Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600)
    Kaspersky Online Scanner version: 7.0.26.13
    Last database update: Friday, August 20, 2010 07:29:41
    Records in database: 4131583
    --------------------------------------------------------------------------------

    Scan settings:
    scan using the following database: extended
    Scan archives: yes
    Scan e-mail databases: yes

    Scan area - My Computer:
    C:\
    D:\
    E:\
    H:\

    Scan statistics:
    Objects scanned: 174839
    Threats found: 9
    Infected objects found: 10
    Suspicious objects found: 0
    Scan duration: 04:33:45


    File name / Threat / Threats count
    C:\Documents and Settings\Tania Wood\Local Settings\Application Data\GamiePlay Toolbar\3.7.1.8090\bin\mvbup.0xe Infected: Trojan.Win32.Buzus.eglz 1
    C:\Program Files\Daily Internet Enhancer\1.7.0.2500\PixelLogExe.0xe Infected: Trojan.Win32.Buzus.ehpo 1
    C:\Program Files\GamiePlay Toolbar\3.7.1.8090\mvbapp.0xe Infected: Trojan.Win32.Buzus.eglt 1
    C:\Program Files\GamiePlay Toolbar\3.7.1.8090\mvbasst.0xe Infected: Trojan.Win32.Buzus.eglu 1
    C:\Program Files\GamiePlay Toolbar\3.7.1.8090\mvbdl.0xe Infected: Trojan.Win32.Buzus.egmh 1
    C:\Program Files\GamiePlay Toolbar\3.7.1.8090\mvbsvc.0xe Infected: Trojan.Win32.Buzus.egmb 1
    C:\Qoobox\Quarantine\C\Documents and Settings\Tania Wood\Local Settings\Application Data\wazjltd.0xe.0ir Infected: Trojan.Win32.Hrup.aah 1
    D:\downloaded software MS\Windows XP Home SP2 [OEM Edition].ISO Infected: Trojan.Win32.Agent.eoyq 1
    D:\My Documents\Downloads\GamiePlay_installer (1).0xe Infected: Trojan.Win32.Buzus.ehpb 1
    D:\My Documents\Downloads\GamiePlay_installer.0xe Infected: Trojan.Win32.Buzus.ehpb 1

    Selected area has been scanned.

    Tazzy

    Newbie Surfer
    Newbie Surfer

    Posts : 26
    Joined : 2010-08-03
    Operating System : windows xp

    View user profile

    Back to top Go down

    Re: trojan.win32.buzus.eglu

    Post by Sneakyone on Sat 21 Aug 2010, 2:28 pm

    Hi.

    Please run OTL.exe.

    • Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

      Code:


      :Files
      C:\Documents and Settings\Tania Wood\Local Settings\Application Data\GamiePlay Toolbar
      C:\Program Files\Daily Internet Enhancer
      C:\Program Files\GamiePlay Toolbar
      D:\downloaded software MS\Windows XP Home SP2 [OEM Edition].ISO
      D:\My Documents\Downloads\GamiePlay_installer (1).0xe
      D:\My Documents\Downloads\GamiePlay_installer.0xe

      :commands
      [emptytemp]
      [emptyflash]
      [resethosts]
      [reboot]

    • Return to OTL.exe, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.

    • Click the red Run Fix button.
    • A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
    • Close OTL.exe

    If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.


    I'm livin' life in the fast lane.


    Sneakyone

    Tech Officer
    Tech Officer

    Posts : 2707
    Joined : 2010-01-10
    Operating System : Windows 7 Ultimate 64-bit

    View user profile http://twitter.com/AVerySneakyone

    Back to top Go down

    Re: trojan.win32.buzus.eglu

    Post by Tazzy on Sat 21 Aug 2010, 10:11 pm

    Hi

    Here is the requested log file

    Tazzy

    All processes killed
    ========== FILES ==========
    C:\Documents and Settings\Tania Wood\Local Settings\Application Data\GamiePlay Toolbar\3.7.1.8090\Skins folder moved successfully.
    C:\Documents and Settings\Tania Wood\Local Settings\Application Data\GamiePlay Toolbar\3.7.1.8090\Icons folder moved successfully.
    C:\Documents and Settings\Tania Wood\Local Settings\Application Data\GamiePlay Toolbar\3.7.1.8090\Data folder moved successfully.
    C:\Documents and Settings\Tania Wood\Local Settings\Application Data\GamiePlay Toolbar\3.7.1.8090\Cache folder moved successfully.
    C:\Documents and Settings\Tania Wood\Local Settings\Application Data\GamiePlay Toolbar\3.7.1.8090\bin folder moved successfully.
    C:\Documents and Settings\Tania Wood\Local Settings\Application Data\GamiePlay Toolbar\3.7.1.8090 folder moved successfully.
    C:\Documents and Settings\Tania Wood\Local Settings\Application Data\GamiePlay Toolbar folder moved successfully.
    C:\Program Files\Daily Internet Enhancer\1.7.0.2500\data folder moved successfully.
    C:\Program Files\Daily Internet Enhancer\1.7.0.2500 folder moved successfully.
    C:\Program Files\Daily Internet Enhancer folder moved successfully.
    C:\Program Files\GamiePlay Toolbar\3.7.1.8090\Skins folder moved successfully.
    C:\Program Files\GamiePlay Toolbar\3.7.1.8090\Icons folder moved successfully.
    C:\Program Files\GamiePlay Toolbar\3.7.1.8090\FFToolbar\searchplugins folder moved successfully.
    C:\Program Files\GamiePlay Toolbar\3.7.1.8090\FFToolbar\components folder moved successfully.
    C:\Program Files\GamiePlay Toolbar\3.7.1.8090\FFToolbar\chrome\locale\en-US folder moved successfully.
    C:\Program Files\GamiePlay Toolbar\3.7.1.8090\FFToolbar\chrome\locale folder moved successfully.
    C:\Program Files\GamiePlay Toolbar\3.7.1.8090\FFToolbar\chrome folder moved successfully.
    C:\Program Files\GamiePlay Toolbar\3.7.1.8090\FFToolbar folder moved successfully.
    C:\Program Files\GamiePlay Toolbar\3.7.1.8090\Data folder moved successfully.
    C:\Program Files\GamiePlay Toolbar\3.7.1.8090\Cache folder moved successfully.
    C:\Program Files\GamiePlay Toolbar\3.7.1.8090 folder moved successfully.
    C:\Program Files\GamiePlay Toolbar folder moved successfully.
    D:\downloaded software MS\Windows XP Home SP2 [OEM Edition].ISO moved successfully.
    D:\My Documents\Downloads\GamiePlay_installer (1).0xe moved successfully.
    D:\My Documents\Downloads\GamiePlay_installer.0xe moved successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Administrator
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes
    ->FireFox cache emptied: 3390384 bytes

    User: All Users

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 172170 bytes
    ->FireFox cache emptied: 3390384 bytes
    ->Flash cache emptied: 56504 bytes

    User: LocalService
    ->Temp folder emptied: 65748 bytes
    ->Temporary Internet Files folder emptied: 593164 bytes

    User: NetworkService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 614483 bytes

    User: Tania Wood
    ->Temp folder emptied: 250970611 bytes
    ->Temporary Internet Files folder emptied: 96606251 bytes
    ->Java cache emptied: 128094 bytes
    ->FireFox cache emptied: 30969267 bytes
    ->Google Chrome cache emptied: 228615616 bytes
    ->Flash cache emptied: 71641 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 234410 bytes
    %systemroot%\System32 .tmp files removed: 2577 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 163066 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
    RecycleBin emptied: 1467 bytes

    Total Files Cleaned = 588.00 mb


    [EMPTYFLASH]

    User: Administrator

    User: All Users

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: LocalService

    User: NetworkService

    User: Tania Wood
    ->Flash cache emptied: 0 bytes

    Total Flash Files Cleaned = 0.00 mb

    C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
    HOSTS file reset successfully

    OTL by OldTimer - Version 3.2.9.1 log created on 08212010_115818

    Files\Folders moved on Reboot...
    File\Folder C:\Documents and Settings\Tania Wood\Local Settings\Temp\~DFAA04.tmp not found!
    File\Folder C:\Documents and Settings\Tania Wood\Local Settings\Temp\~DFAA29.tmp not found!
    File\Folder C:\Documents and Settings\Tania Wood\Local Settings\Temp\~DFAA92.tmp not found!
    File\Folder C:\Documents and Settings\Tania Wood\Local Settings\Temp\~DFAAB7.tmp not found!
    File\Folder C:\Documents and Settings\Tania Wood\Local Settings\Temp\~DFAB0C.tmp not found!
    File\Folder C:\Documents and Settings\Tania Wood\Local Settings\Temp\~DFAB31.tmp not found!
    C:\Documents and Settings\Tania Wood\Local Settings\Temporary Internet Files\Content.IE5\IKR12EV9\trojanwin32buzuseglu-t23076[2].htm moved successfully.
    C:\Documents and Settings\Tania Wood\Local Settings\Temporary Internet Files\Content.IE5\G994O1OK\bottomcontent_inworld[1].htm moved successfully.
    C:\Documents and Settings\Tania Wood\Local Settings\Temporary Internet Files\Content.IE5\G994O1OK\snowdrifft[1].htm moved successfully.
    C:\Documents and Settings\Tania Wood\Local Settings\Temporary Internet Files\Content.IE5\G994O1OK\xd_proxy[2].htm moved successfully.

    Registry entries deleted on Reboot...

    Tazzy

    Newbie Surfer
    Newbie Surfer

    Posts : 26
    Joined : 2010-08-03
    Operating System : windows xp

    View user profile

    Back to top Go down

    Re: trojan.win32.buzus.eglu

    Post by Sneakyone on Sun 22 Aug 2010, 4:44 am

    Hi.

    How is your computer running?


    I'm livin' life in the fast lane.


    Sneakyone

    Tech Officer
    Tech Officer

    Posts : 2707
    Joined : 2010-01-10
    Operating System : Windows 7 Ultimate 64-bit

    View user profile http://twitter.com/AVerySneakyone

    Back to top Go down

    Re: trojan.win32.buzus.eglu

    Post by Tazzy on Thu 26 Aug 2010, 11:42 am

    Hi

    sorry missed page 2 my bad

    yes everything seems to be running A ok now appart from google chrome which is got alot of glitches now but im going to uninstall it and download a new one once i have saved bookmarks

    Thank you so much for all your help i was drowning in stuff maleware etc

    thanks to you all

    Tazzy

    Tazzy

    Newbie Surfer
    Newbie Surfer

    Posts : 26
    Joined : 2010-08-03
    Operating System : windows xp

    View user profile

    Back to top Go down

    Re: trojan.win32.buzus.eglu

    Post by Sneakyone on Thu 26 Aug 2010, 3:59 pm

    Hi.

    Your computer is now clean. Now, time to remove the tools used, and update your computer to prevent vulnerability.

    Updating System Restore
    Now to get you off to a good start we will clean your restore points so that all the bad stuff is gone for good. Then if you need to restore at some stage you will be clean. There are several ways to reset your restore points, but this is my method:
    • Select Start > All Programs > Accessories > System tools > System Restore.
    • On the dialogue box that appears select Create a Restore Point
    • Click NEXT
    • Enter a name e.g. Clean
    • Click CREATE.


    You now have a clean restore point.

    To get rid of the bad ones:
    • Select Start > All Programs > Accessories > System tools > Disk Cleanup.
    • In the Drop down box that appears select your main drive e.g. C
    • Click OK
    • The System will do a calculation of temporary/old files, and then display a dialogue box.
    • Select the More Options Tab.
    • At the bottom will be a System Restore box with a CLEANUP button click this
    • Accept the Warning and select OK again, the program will close and you are done.


    ========

    Removing the tools
    Now, to remove all of the tools we used and the files and folders they created, please do the following:

    Download OTC.exe by OldTimer:
    • Save it to your Desktop.
    • Double click OTC.exe.
    • Click the CleanUp! button.
    • If you are prompted to Reboot during the cleanup, select Yes.
    • The tool will delete itself once it finishes.
      Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.


    ============

    Service Pack upgrade
    Please consider upgrading to Windows XP SP3, because it includes all previously released updates. It also includes a small number of new functionalities. Some of the updates that Service Pack 3 provides, you may not have. It is now available via Windows Update.

    More info about SP3: [You must be registered and logged in to see this link.]

    =====

    Update Programs
    Please download the newest version of Adobe Acrobat Reader from Adobe.com

    Before installing: it is important to remove older versions of Acrobat Reader since it does not do so automatically and old versions still leave you vulnerable.
    Go to the Control Panel and enter Add or Remove Programs.
    Search in the list for all previous installed versions of Adobe Acrobat Reader. Uninstall/Remove each of them.

    Once old versions are gone, please install the newest version.



    Please download the newest version of Java from Java.com.

    Before installing: it is important to remove older versions of Java since it does not do so automatically and old versions still leave you vulnerable.
    Go to the Control Panel and enter Add or Remove Programs.
    Search in the list for all previous installed versions of Java (J2SE Runtime Environment). Please uninstall/remove each of them.

    Once old versions are gone, please install the newest version.

    =========

    Here are some prevention tips I have provided:

    1. Don't download files from untrusted websites or websites that seem suspious.

    2. Don't use torrents they are a good way to get lots of malware.

    3. Don't download and use cracks/warez/keygens they are illegal and are another good way to contract malware.

    4. Disable autorun XP or Vista/7

    5. Always make sure you have the latest Windows updates. windowsupdate.microsoft.com

    6. Don't ever click on the links inside of a popup.

    7. Make sure you know what you install you can make sure it is not know for being a virus by just simply searching about it on google.

    8. Use a Site Advisor so you don't go to sites that will infect you. Mcafee Siteadvisor

    9. Also there are many holes and flaws in Internet Explorer I recommend using Firefox 3 to keep you more safe.

    10. Always keep your Java and Adobe updated.

    11. Don't fall for the Scareware. What is Scareware? it is a website made to download a rogue Antivirus on your system that will scare you into buying their fake software due to false detections.

    12. Always have a Firewall and a Antivirus.

    Thanks for choosing GeekPolice, see [You must be registered and logged in to see this link.] if you would like to leave feedback or contribute to our site. Do you have any more questions?

    For more information please visit [You must be registered and logged in to see this link.]


    I'm livin' life in the fast lane.


    Sneakyone

    Tech Officer
    Tech Officer

    Posts : 2707
    Joined : 2010-01-10
    Operating System : Windows 7 Ultimate 64-bit

    View user profile http://twitter.com/AVerySneakyone

    Back to top Go down

    Re: trojan.win32.buzus.eglu

    Post by Tazzy on Tue 07 Sep 2010, 9:40 am

    hi there

    i wonder if you can still help me. i recently had over 50 infected files on my computer, they were maleware and viruses and Trojons etc

    I Had this help on here to clean them and for a few days the computer seemed to be ok but now it has started playing up again and not the same issues.

    I have a lot of applications crashing and hanging half way through or not even starting sometimes also when i try using task manager to end task it wont kill the process.
    If i want to shutdown with a process still running it wont let me shut down. I have to turn off the computer manually by the button. (which i know is not good)

    When i look at the processes that are running sometimes there are 2 of the same process running and i have only opened 1 process - which leads me to the assumption that may have a virus/maleware hiding in the system.

    i also have started today to get a pop up telling me there is a trojon in qoobox ?

    Can you help please thanks Tazzy

    Tazzy

    Newbie Surfer
    Newbie Surfer

    Posts : 26
    Joined : 2010-08-03
    Operating System : windows xp

    View user profile

    Back to top Go down

    Re: trojan.win32.buzus.eglu

    Post by Sneakyone on Fri 10 Sep 2010, 1:06 pm

    Hi,

    Lets start over.

    Please download OTL to your Desktop. (If you already have it downloaded, then just follow the instructions below).
    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Under the Custom Scan box paste this in

      %systemroot%\*. /mp /s
      %systemroot%\system32\*.dll /lockedfiles
      %systemroot%\system32\*.exe /lockedfiles
      %systemroot%\Tasks\*.job /lockedfiles
      %systemroot%\system32\drivers\*.sys /lockedfiles
      %systemroot%\System32\config\*.sav
      %systemroot%\system32\*.sys
      %systemroot%\system32\drivers\*.dll
      %systemroot%\system32\drivers\*.ini
      %systemroot%\system32\drivers\*.exe
      %SYSTEMDRIVE%\*.*
      %PROGRAMFILES%\*.
      %appdata%\*.*
      netsvcs
      msconfig
      safebootminimal
      safebootnetwork
      activex
      drivers32
      /md5start
      eventlog.dll
      scecli.dll
      netlogon.dll
      cngaudit.dll
      sceclt.dll
      ntelogon.dll
      logevent.dll
      iaStor.sys
      nvstor.sys
      atapi.sys
      IdeChnDr.sys
      viasraid.sys
      AGP440.sys
      vaxscsi.sys
      nvatabus.sys
      viamraid.sys
      nvata.sys
      nvgts.sys
      iastorv.sys
      ViPrt.sys
      eNetHook.dll
      ahcix86.sys
      KR10N.sys
      disk.sys
      nvstor32.sys
      ahcix86s.sys
      nvrd32.sys
      symmpi.sys
      adp3132.sys
      mv61xx.sys
      usbstor.sys
      /md5stop
      CREATERESTOREPOINT
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs


    • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

      • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
      • Please copy (Edit->Select All, Edit->Copy) and paste (Edit->Paste) the contents of these files, one at a time


    Note: in the event that OTL fails to run, please use alternate download links to try again:

    [You must be registered and logged in to see this link.]
    [You must be registered and logged in to see this link.]


    I'm livin' life in the fast lane.


    Sneakyone

    Tech Officer
    Tech Officer

    Posts : 2707
    Joined : 2010-01-10
    Operating System : Windows 7 Ultimate 64-bit

    View user profile http://twitter.com/AVerySneakyone

    Back to top Go down

    Re: trojan.win32.buzus.eglu

    Post by Tazzy on Fri 10 Sep 2010, 3:00 pm

    Hi
    As i read through these log files i notice it said network under stress but it is early hours of the morning here and nothing was running unless in the back ground ie processes that cant be shut down as per this error. so i will shut down the whole computer and re run this again. the sirst 2 log files are without rebooting system just as i use it after a whole day. the last 2 will be immediatly on restart of computer.

    Tazzy

    Newbie Surfer
    Newbie Surfer

    Posts : 26
    Joined : 2010-08-03
    Operating System : windows xp

    View user profile

    Back to top Go down

    Re: trojan.win32.buzus.eglu

    Post by Tazzy on Fri 10 Sep 2010, 3:02 pm

    OTL logfile created on: 10/09/2010 04:29:42 - Run 1 ...........part 1 as was too big
    OTL by OldTimer - Version 3.2.11.0 Folder = D:\My Documents\Downloads
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

    2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 62.00% Memory free
    4.00 Gb Paging File | 3.00 Gb Available in Paging File | 79.00% Paging File free
    Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 40.65 Gb Total Space | 11.50 Gb Free Space | 28.30% Space Free | Partition Type: NTFS
    Drive D: | 65.87 Gb Total Space | 6.97 Gb Free Space | 10.59% Space Free | Partition Type: NTFS
    Drive E: | 581.42 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
    F: Drive not present or media not loaded
    Drive G: | 3.73 Gb Total Space | 3.63 Gb Free Space | 97.46% Space Free | Partition Type: FAT32
    Drive H: | 970.13 Mb Total Space | 393.44 Mb Free Space | 40.56% Space Free | Partition Type: FAT
    I: Drive not present or media not loaded

    Computer Name: TANIA-82363
    Current User Name: Tania Wood
    Logged in as Administrator.

    Current Boot Mode: Normal
    Scan Mode: Current user
    Company Name Whitelist: Off
    Skip Microsoft Files: Off
    File Age = 30 Days
    Output = Standard

    ========== Processes (SafeList) ==========

    PRC - [2010/09/10 04:24:35 | 000,574,976 | ---- | M] (OldTimer Tools) -- D:\My Documents\Downloads\OTL.exe
    PRC - [2010/08/31 11:40:43 | 000,975,928 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Tania Wood\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    PRC - [2009/09/02 18:30:28 | 000,078,104 | ---- | M] (iWin Inc.) -- C:\Program Files\iWin Games\iWinTrusted.exe
    PRC - [2009/08/18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    PRC - [2009/08/18 11:29:22 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
    PRC - [2009/06/29 09:02:55 | 000,551,424 | ---- | M] (F-Secure Corp.) -- C:\Program Files\F-Secure Internet Security\Anti-Virus\fssm32.exe
    PRC - [2009/06/29 09:02:55 | 000,434,176 | ---- | M] (F-Secure Corp.) -- C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32.exe
    PRC - [2008/12/29 19:47:06 | 000,339,968 | ---- | M] (Western Digital Technologies, Inc.) -- C:\WINDOWS\system32\WDBtnMgr.exe
    PRC - [2008/10/20 22:18:26 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe
    PRC - [2008/04/14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
    PRC - [2008/04/09 12:39:08 | 003,068,352 | ---- | M] () -- C:\Program Files\Kontiki\KService.exe
    PRC - [2007/11/07 19:26:44 | 001,945,688 | ---- | M] (Acronis) -- C:\Program Files\Acronis\TrueImage\TimounterMonitor.exe
    PRC - [2007/11/07 19:18:28 | 000,148,760 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
    PRC - [2007/11/07 19:18:22 | 000,406,808 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
    PRC - [2007/11/07 19:14:04 | 001,165,120 | ---- | M] (Acronis) -- C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe
    PRC - [2007/08/24 11:24:00 | 000,174,960 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure Internet Security\FSAUA\program\fsus.exe
    PRC - [2007/05/25 14:13:52 | 000,596,848 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure Internet Security\FSPC\fspc.exe
    PRC - [2007/05/25 14:13:04 | 000,232,360 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure Internet Security\Common\FSMB32.EXE
    PRC - [2007/05/25 14:12:54 | 000,113,576 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE
    PRC - [2007/05/25 14:12:38 | 000,125,864 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure Internet Security\Common\FCH32.EXE
    PRC - [2007/05/25 14:12:36 | 000,392,048 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure Internet Security\Common\FAMEH32.EXE
    PRC - [2007/05/25 14:10:08 | 000,453,488 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure Internet Security\FWES\program\fsdfwd.exe
    PRC - [2007/05/25 14:08:28 | 000,043,952 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure Internet Security\Anti-Virus\fsqh.exe
    PRC - [2007/05/25 14:08:20 | 000,048,072 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
    PRC - [2007/05/25 14:07:58 | 000,319,856 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure Internet Security\Anti-Virus\fsav32.exe
    PRC - [2007/05/25 14:07:06 | 000,457,584 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure Internet Security\FSAUA\program\fsaua.exe
    PRC - [2007/05/24 13:41:10 | 000,188,936 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure Internet Security\Anti-Virus\fsav.exe
    PRC - [2007/05/11 10:06:50 | 000,143,360 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
    PRC - [2007/04/26 11:49:34 | 000,495,616 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\DDWMon.exe
    PRC - [2007/04/18 13:34:40 | 000,299,008 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TPSMain.exe
    PRC - [2007/04/18 13:34:26 | 000,040,960 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TPSBattM.exe
    PRC - [2007/04/09 23:01:02 | 000,166,680 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxext.exe
    PRC - [2007/04/02 10:34:36 | 000,562,744 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\ThpSrv.exe
    PRC - [2007/02/25 21:55:18 | 000,125,048 | ---- | M] (TOSHIBA CORPORATION) -- c:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosBtSrv.exe
    PRC - [2007/02/16 20:40:50 | 000,069,632 | ---- | M] (OLYMPUS IMAGING CORP.) -- C:\Program Files\Olympus\DeviceDetector\DM1Service.exe
    PRC - [2007/02/12 13:38:04 | 000,355,096 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
    PRC - [2007/02/12 13:37:58 | 000,174,872 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    PRC - [2006/10/05 20:10:12 | 000,009,216 | ---- | M] (Agere Systems) -- C:\WINDOWS\system32\agrsmsvc.exe
    PRC - [2006/09/11 18:32:12 | 000,094,208 | ---- | M] (EMC Corporation) -- C:\Program Files\Retrospect\Retrospect Express HD 2.0\retrorun.exe
    PRC - [2006/08/07 12:58:10 | 000,253,952 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\00THotkey.exe
    PRC - [2006/05/25 18:30:16 | 000,114,688 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TODDSrv.exe
    PRC - [2006/04/11 02:14:52 | 000,622,592 | ---- | M] (TOSHIBA Corp.) -- C:\WINDOWS\system32\TFNF5.exe
    PRC - [2006/03/06 16:30:58 | 000,114,688 | ---- | M] (TOSHIBA) -- C:\Program Files\TOSHIBA\TME3\TMESRV31.exe
    PRC - [2006/03/06 16:30:04 | 000,065,536 | ---- | M] (TOSHIBA) -- C:\Program Files\TOSHIBA\TME3\TMEEJME.exe
    PRC - [2005/08/31 14:46:04 | 000,102,400 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TouchED\TouchED.exe
    PRC - [2005/08/05 15:54:58 | 000,155,648 | ---- | M] (TOSHIBA) -- C:\Program Files\TOSHIBA\DualPointUtility\TEDTray.exe
    PRC - [2005/05/17 11:42:02 | 000,049,152 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe
    PRC - [2005/04/11 11:26:06 | 000,065,536 | ---- | M] (TOSHIBA) -- C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
    PRC - [2005/01/18 00:38:38 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe


    ========== Modules (SafeList) ==========

    MOD - [2010/09/10 04:24:35 | 000,574,976 | ---- | M] (OldTimer Tools) -- D:\My Documents\Downloads\OTL.exe
    MOD - [1999/12/07 21:00:00 | 000,106,547 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Texthelp Systems\Read And Write 8\msscript.ocx


    ========== Win32 Services (SafeList) ==========

    SRV - File not found [On_Demand | Stopped] -- -- (gusvc)
    SRV - [2010/03/18 16:47:22 | 000,035,160 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe -- (aspnet_state)
    SRV - [2010/03/18 13:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
    SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2010/03/18 13:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetTcpPortSharing)
    SRV - [2009/09/02 18:30:28 | 000,078,104 | ---- | M] (iWin Inc.) [Auto | Running] -- C:\Program Files\iWin Games\iWinTrusted.exe -- (iWinTrusted)
    SRV - [2009/08/18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
    SRV - [2008/10/20 22:18:26 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU)
    SRV - [2008/10/09 14:47:42 | 001,079,176 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService)
    SRV - [2008/06/13 17:29:14 | 000,356,920 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService)
    SRV - [2008/04/09 12:39:08 | 003,068,352 | ---- | M] () [Auto | Running] -- C:\Program Files\Kontiki\KService.exe -- (KService)
    SRV - [2007/11/07 19:18:22 | 000,406,808 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
    SRV - [2007/11/07 09:58:18 | 003,004,416 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x86\msvsmon.exe -- (msvsmon90)
    SRV - [2007/05/31 17:30:53 | 001,174,664 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
    SRV - [2007/05/25 14:12:54 | 000,113,576 | ---- | M] (F-Secure Corporation) [Auto | Running] -- C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE -- (FSMA)
    SRV - [2007/05/25 14:10:08 | 000,453,488 | ---- | M] (F-Secure Corporation) [On_Demand | Running] -- C:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe -- (FSDFWD)
    SRV - [2007/05/25 14:08:20 | 000,048,072 | ---- | M] (F-Secure Corporation) [Auto | Running] -- C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe -- (F-Secure Gatekeeper Handler Starter)
    SRV - [2007/05/25 14:07:06 | 000,457,584 | ---- | M] (F-Secure Corporation) [On_Demand | Running] -- C:\Program Files\F-Secure Internet Security\FSAUA\program\fsaua.exe -- (FSAUA)
    SRV - [2007/04/02 10:34:36 | 000,562,744 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\WINDOWS\system32\ThpSrv.exe -- (Thpsrv)
    SRV - [2007/02/25 21:55:18 | 000,125,048 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- c:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
    SRV - [2007/02/16 20:40:50 | 000,069,632 | ---- | M] (OLYMPUS IMAGING CORP.) [Auto | Running] -- C:\Program Files\Olympus\DeviceDetector\DM1Service.exe -- (DM1Service)
    SRV - [2007/02/12 13:38:04 | 000,355,096 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
    SRV - [2007/02/10 06:29:56 | 000,089,968 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
    SRV - [2006/10/05 20:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\WINDOWS\system32\agrsmsvc.exe -- (AgereModemAudio)
    SRV - [2006/09/11 18:32:12 | 000,094,208 | ---- | M] (EMC Corporation) [Auto | Running] -- C:\Program Files\Retrospect\Retrospect Express HD 2.0\retrorun.exe -- (RetroExpLauncher)
    SRV - [2006/05/25 18:30:16 | 000,114,688 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\WINDOWS\system32\TODDSrv.exe -- (TODDSrv)
    SRV - [2006/03/06 16:30:58 | 000,114,688 | ---- | M] (TOSHIBA) [Auto | Running] -- C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe -- (Tmesrv)
    SRV - [2005/01/18 00:38:38 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (CFSvcs)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\usbaapl.sys -- (USBAAPL)
    DRV - File not found [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\DRIVERS\nielprt.sys -- (nielprt)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\nielgfx.sys -- (NielGfx)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
    DRV - [2010/05/31 19:58:35 | 006,608,512 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw5x32.sys -- (NETw5x32) Intel(R)
    DRV - [2010/03/26 00:59:22 | 000,243,928 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e1e5132.sys -- (e1express) Intel(R)
    DRV - [2010/01/19 12:49:50 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
    DRV - [2010/01/19 12:49:50 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
    DRV - [2010/01/19 12:49:50 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
    DRV - [2010/01/19 12:49:50 | 000,009,216 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\massfilter.sys -- (massfilter)
    DRV - [2009/12/18 10:58:52 | 000,011,336 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\SystemRequirementsLab\cpudrv.sys -- (cpudrv)
    DRV - [2009/06/29 09:02:56 | 000,077,824 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\F-Secure Internet Security\Anti-Virus\minifilter\fsgk.sys -- (F-Secure Gatekeeper)
    DRV - [2008/11/22 15:15:24 | 000,051,072 | ---- | M] (F-Secure Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\fsdfw.sys -- (FSFW)
    DRV - [2008/11/22 15:15:16 | 000,041,184 | ---- | M] () [Kernel | System | Running] -- C:\Program Files\F-Secure Internet Security\HIPS\fshs.sys -- (F-Secure HIPS)
    DRV - [2008/08/25 13:36:30 | 000,081,288 | ---- | M] (PCTools Research Pty Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\iksyssec.sys -- (IKSysSec)
    DRV - [2008/08/25 13:36:28 | 000,066,952 | ---- | M] (PCTools Research Pty Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\iksysflt.sys -- (IKSysFlt)
    DRV - [2008/08/25 13:36:28 | 000,040,840 | ---- | M] (PCTools Research Pty Ltd.) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ikfilesec.sys -- (IKFileSec)
    DRV - [2008/04/13 19:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
    DRV - [2008/04/13 17:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
    DRV - [2007/12/07 14:39:21 | 000,400,864 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\timntr.sys -- (timounter)
    DRV - [2007/12/07 14:39:21 | 000,040,064 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\tifsfilt.sys -- (tifsfilter)
    DRV - [2007/12/07 14:39:18 | 000,120,992 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\snapman.sys -- (snapman)
    DRV - [2007/08/08 11:12:40 | 000,101,120 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard)
    DRV - [2007/05/25 14:09:16 | 000,025,456 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Program Files\F-Secure Internet Security\Anti-Virus\win2k\fsrec.sys -- (F-Secure Recognizer)
    DRV - [2007/05/25 14:09:10 | 000,040,048 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Program Files\F-Secure Internet Security\Anti-Virus\win2k\fsfilter.sys -- (F-Secure Filter)
    DRV - [2007/04/05 07:19:20 | 000,546,112 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ar5211.sys -- (AR5211)
    DRV - [2007/03/30 22:34:14 | 005,704,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)
    DRV - [2007/03/30 17:19:08 | 000,041,856 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfusb.sys -- (tosrfusb)
    DRV - [2007/03/26 12:22:18 | 000,105,856 | ---- | M] (TOSHIBA Corporation) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\tdudf.sys -- (tdudf)
    DRV - [2007/03/22 13:07:00 | 000,020,992 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\thpdrv.sys -- (Thpdrv)
    DRV - [2007/03/13 03:32:40 | 004,486,144 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
    DRV - [2007/03/09 15:23:18 | 000,006,528 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Thpevm.SYS -- (Thpevm)
    DRV - [2007/03/01 16:53:12 | 000,073,728 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Tosrfhid.sys -- (Tosrfhid)
    DRV - [2007/02/25 14:05:24 | 002,203,520 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NETw4x32.sys -- (NETw4x32) Intel(R)
    DRV - [2007/02/22 19:56:24 | 000,113,920 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfbd.sys -- (tosrfbd)
    DRV - [2007/02/22 15:10:30 | 000,016,128 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tdcmdpst.sys -- (tdcmdpst)
    DRV - [2007/02/21 18:20:36 | 000,435,072 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\TEchoCan.sys -- (TEchoCan)
    DRV - [2007/02/19 12:15:32 | 000,134,016 | ---- | M] (TOSHIBA Corporation) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\trudf.sys -- (trudf)
    DRV - [2007/02/15 16:44:06 | 000,016,768 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\TVALZ.SYS -- (TVALZ)
    DRV - [2007/02/12 13:36:54 | 000,277,784 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\iaStor.sys -- (iaStor)
    DRV - [2007/01/24 22:44:06 | 000,290,304 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21)
    DRV - [2007/01/22 10:43:26 | 000,053,376 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TosRfSnd.sys -- (TosRfSnd)
    DRV - [2006/11/28 23:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
    DRV - [2006/11/20 17:55:16 | 000,036,480 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfbnp.sys -- (tosrfbnp)
    DRV - [2006/10/23 16:32:20 | 000,009,216 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosrfec.sys -- (tosrfec)
    DRV - [2006/10/10 19:33:00 | 000,041,600 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosporte.sys -- (tosporte)
    DRV - [2006/05/05 18:00:02 | 000,013,568 | ---- | M] (UPEK Inc.) [File_System | Auto | Running] -- C:\Program Files\Common Files\Protector Suite QL\Drivers\FdRedir.sys -- (FdRedir)
    DRV - [2006/05/05 17:59:52 | 000,033,024 | ---- | M] (UPEK Inc.) [Kernel | Auto | Running] -- C:\Program Files\Common Files\Protector Suite QL\Drivers\filedisk.sys -- (FileDisk2)
    DRV - [2006/05/05 17:43:38 | 000,028,800 | ---- | M] (UPEK Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tcusb.sys -- (TcUsb)
    DRV - [2006/05/05 17:33:04 | 000,003,456 | ---- | M] (UPEK Inc.) [Kernel | Auto | Running] -- C:\Program Files\Protector Suite QL\smihlp.sys -- (smihlp)
    DRV - [2005/08/01 16:45:00 | 000,064,896 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tosrfcom.sys -- (Tosrfcom)
    DRV - [2005/06/10 21:26:00 | 000,035,968 | ---- | M] (Infineon Technologies AG) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ifxtpm.sys -- (IFXTPM)
    DRV - [2005/01/06 13:42:00 | 000,018,612 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfnds.sys -- (tosrfnds)
    DRV - [2004/06/16 11:08:48 | 000,005,888 | ---- | M] (Toshiba Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TMEI3E.sys -- (TMEI3E)
    DRV - [2004/05/09 04:38:06 | 000,101,833 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
    DRV - [2003/07/16 15:27:40 | 000,043,264 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ser2pl.sys -- (Ser2pl)
    DRV - [2003/01/29 22:35:00 | 000,012,032 | ---- | M] (TOSHIBA Corporation.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\Netdevio.sys -- (Netdevio)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========


    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,FirstHomePage = [You must be registered and logged in to see this link.]
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
    FF - prefs.js..browser.search.defaulturl: "http://search.babylon.com/web/{searchTerms}?babsrc=browsersearch"
    FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
    FF - prefs.js..browser.search.selectedEngine: "Search the web (Babylon)"
    FF - prefs.js..browser.startup.homepage: "http://www.google.co.uk/"
    FF - prefs.js..extensions.enabledItems: {AA1ACB70-B5F1-4037-909E-1F725B04D2A8}:1.7.0.3990
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
    FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.0
    FF - prefs.js..extensions.enabledItems: {5909FC3D-7F8B-415d-A5D1-7C7E941E536E}:2.7.0.4370
    FF - prefs.js..extensions.enabledItems: {7b13ec3e-999a-4b70-b9cb-2617b8323822}:2.5.6.0

    FF - HKLM\software\mozilla\Firefox\extensions\\{AA1ACB70-B5F1-4037-909E-1F725B04D2A8}: C:\Program Files\Contextual Content Manager\1.7.0.3990\FF [2010/06/04 13:25:42 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Firefox\extensions\\{5909FC3D-7F8B-415d-A5D1-7C7E941E536E}: C:\Program Files\Textual Content Enhancer\2.7.0.4370\FF [2010/06/04 13:26:00 | 000,000,000 | ---D | M]

    [2010/02/21 06:36:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tania Wood\Application Data\Mozilla\Extensions
    [2010/02/21 06:36:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tania Wood\Application Data\Mozilla\Extensions\IMVUClientXUL@imvu.com
    [2010/09/06 03:02:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tania Wood\Application Data\Mozilla\Firefox\Profiles\os6m0tqw.default\extensions
    [2009/09/03 15:34:42 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Tania Wood\Application Data\Mozilla\Firefox\Profiles\os6m0tqw.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    [2010/02/08 18:21:43 | 000,000,000 | ---D | M] (Zynga Toolbar) -- C:\Documents and Settings\Tania Wood\Application Data\Mozilla\Firefox\Profiles\os6m0tqw.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
    [2009/09/29 12:28:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tania Wood\Application Data\Mozilla\Firefox\Profiles\os6m0tqw.default\extensions\foxmarks@kei.com
    [2009/09/29 12:28:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tania Wood\Application Data\Mozilla\Firefox\Profiles\os6m0tqw.default\extensions\isreaditlater@ideashower.com
    [2009/09/29 12:28:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tania Wood\Application Data\Mozilla\Firefox\Profiles\os6m0tqw.default\extensions\smarterwiki@wikiatic.com
    [2010/09/05 03:07:54 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
    [2010/05/25 14:58:40 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    [2008/11/11 08:38:54 | 000,663,552 | ---- | M] (BitComet) -- C:\Program Files\Mozilla Firefox\plugins\npBitCometAgent.dll
    [2010/04/12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
    [2006/09/26 13:03:14 | 000,098,304 | ---- | M] (Zylom) -- C:\Program Files\Mozilla Firefox\plugins\npzylomgamesplayer.dll

    O1 HOSTS File: ([2010/09/06 03:43:53 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
    O1 - Hosts: 127.0.0.1 localhost
    O1 - Hosts: ::1 localhost
    O2 - BHO: (txthlpBHO Class) - {060235DC-6D84-47BD-95D7-A4EF5099A59D} - C:\Program Files\Texthelp Systems\Read And Write 8\texthelpbho.dll ()
    O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O4 - HKLM..\Run: [000StTHK] C:\WINDOWS\System32\000StTHK.exe ()
    O4 - HKLM..\Run: [00THotkey] C:\WINDOWS\system32\00THotkey.exe (TOSHIBA Corporation)
    O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
    O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImage\TimounterMonitor.exe (Acronis)
    O4 - HKLM..\Run: [DDWMon] C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe ()
    O4 - HKLM..\Run: [DpUtil] C:\Program Files\TOSHIBA\DualPointUtility\TEDTray.exe (TOSHIBA)
    O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
    O4 - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe (TOSHIBA Corporation)
    O4 - HKLM..\Run: [TFNF5] C:\WINDOWS\System32\TFNF5.exe (TOSHIBA Corp.)
    O4 - HKLM..\Run: [TOSDCR] C:\WINDOWS\System32\TOSDCR.exe (TOSHIBA Corporation)
    O4 - HKLM..\Run: [TosHKCW.exe] C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe (TOSHIBA CORPORATION)
    O4 - HKLM..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.exe (TOSHIBA Corporation)
    O4 - HKLM..\Run: [TPSMain] C:\WINDOWS\System32\TPSMain.exe (TOSHIBA Corporation)
    O4 - HKLM..\Run: [TPSODDCtl] C:\WINDOWS\System32\TPSODDCtl.exe (TOSHIBA Corporation)
    O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe (Acronis)
    O4 - HKLM..\Run: [WD Button Manager] C:\WINDOWS\System32\WDBtnMgr.exe (Western Digital Technologies, Inc.)
    O4 - HKCU..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
    O9 - Extra Button: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll (F-Secure Corporation)
    O9 - Extra 'Tools' menuitem : Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll (F-Secure Corporation)
    O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
    O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Tania Wood\Start Menu\Programs\IMVU\Run IMVU.lnk File not found
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} [You must be registered and logged in to see this link.] (Office Genuine Advantage Validation Tool)
    O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} [You must be registered and logged in to see this link.] (Facebook Photo Uploader 5 Control)
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} [You must be registered and logged in to see this link.] (WUWebControl Class)
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} [You must be registered and logged in to see this link.] (MUWebControl Class)
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
    O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} [You must be registered and logged in to see this link.] (Office Update Installation Engine)
    O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} [You must be registered and logged in to see this link.] (SysInfo Class)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
    O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
    O18 - Protocol\Filter\x-sdch {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - Reg Error: Key error. File not found
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
    O20 - Winlogon\Notify\psfus: DllName - psqlpwd.dll - C:\WINDOWS\System32\psqlpwd.dll (UPEK Inc.)
    O20 - Winlogon\Notify\TosBtNP: DllName - TosBtNP.dll - C:\WINDOWS\System32\TosBtNP.dll (TOSHIBA CORPORATION)
    O24 - Desktop WallPaper: C:\Documents and Settings\Tania Wood\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\Tania Wood\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
    O30 - LSA: Authentication Packages - (relog_ap) - C:\WINDOWS\System32\relog_ap.dll (Acronis)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2007/05/30 10:22:24 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O32 - AutoRun File - [2004/03/10 01:34:10 | 000,022,528 | R--- | M] () - E:\AutoRunLauncher.exe -- [ CDFS ]
    O32 - AutoRun File - [2004/03/10 01:34:10 | 000,000,051 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

    NetSvcs: 6to4 - File not found
    NetSvcs: Ias - File not found
    NetSvcs: Iprip - File not found
    NetSvcs: Irmon - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: WmdmPmSp - File not found

    MsConfig - State: "system.ini" - 0
    MsConfig - State: "win.ini" - 0
    MsConfig - State: "bootini" - 0
    MsConfig - State: "services" - 0
    MsConfig - State: "startup" - 2

    SafeBootMin: Base - Driver Group
    SafeBootMin: Boot Bus Extender - Driver Group
    SafeBootMin: Boot file system - Driver Group
    SafeBootMin: File system - Driver Group
    SafeBootMin: Filter - Driver Group
    SafeBootMin: PCI Configuration - Driver Group
    SafeBootMin: PNP Filter - Driver Group
    SafeBootMin: Primary disk - Driver Group
    SafeBootMin: SCSI Class - Driver Group
    SafeBootMin: sdauxservice - C:\Program Files\Spyware Doctor\pctsAuxs.exe (PC Tools)
    SafeBootMin: sdcoreservice - C:\Program Files\Spyware Doctor\pctsSvc.exe (PC Tools)
    SafeBootMin: sermouse.sys - Driver
    SafeBootMin: System Bus Extender - Driver Group
    SafeBootMin: vds - Service
    SafeBootMin: vga.sys - Driver
    SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
    SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
    SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
    SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
    SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
    SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
    SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
    SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
    SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
    SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
    SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
    SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
    SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
    SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

    SafeBootNet: Base - Driver Group
    SafeBootNet: Boot Bus Extender - Driver Group
    SafeBootNet: Boot file system - Driver Group
    SafeBootNet: File system - Driver Group
    SafeBootNet: Filter - Driver Group
    SafeBootNet: NDIS Wrapper - Driver Group
    SafeBootNet: NetBIOSGroup - Driver Group
    SafeBootNet: NetDDEGroup - Driver Group
    SafeBootNet: Network - Driver Group
    SafeBootNet: NetworkProvider - Driver Group
    SafeBootNet: PCI Configuration - Driver Group
    SafeBootNet: PNP Filter - Driver Group
    SafeBootNet: PNP_TDI - Driver Group
    SafeBootNet: Primary disk - Driver Group
    SafeBootNet: SCSI Class - Driver Group
    SafeBootNet: sdauxservice - C:\Program Files\Spyware Doctor\pctsAuxs.exe (PC Tools)
    SafeBootNet: sdcoreservice - C:\Program Files\Spyware Doctor\pctsSvc.exe (PC Tools)
    SafeBootNet: sermouse.sys - Driver
    SafeBootNet: Streams Drivers - Driver Group
    SafeBootNet: System Bus Extender - Driver Group
    SafeBootNet: TDI - Driver Group
    SafeBootNet: vga.sys - Driver
    SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
    SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
    SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
    SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
    SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
    SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
    SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
    SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
    SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
    SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
    SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
    SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
    SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
    SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
    SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
    SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
    SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

    ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
    ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
    ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
    ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
    ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
    ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
    ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
    ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
    ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
    ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
    ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
    ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
    ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
    ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
    ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
    ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
    ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
    ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
    ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
    ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
    ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
    ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
    ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
    ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
    ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
    ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
    ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders
    ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
    ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
    ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
    ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
    ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
    ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
    ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
    ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
    ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
    ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
    ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
    ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
    ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
    ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
    ActiveX: {ECD292A0-0347-4244-8C24-5DBCE990FB40} - Hotfix for Microsoft .NET Framework 3.0 (KB932471)
    ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate
    ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
    ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
    ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
    ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
    ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
    ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
    ActiveX: Microsoft Base Smart Card Crypto Provider Package -

    Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
    Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codecx.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.siren - C:\WINDOWS\System32\sirenacm.dll (Microsoft Corporation)
    Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
    Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
    Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
    Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
    Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
    Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
    Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
    Drivers32: vidc.tscc - C:\WINDOWS\System32\tsccvid.dll (TechSmith Corporation)
    Drivers32: vidc.VP60 - C:\WINDOWS\system32\vp6vfw.dll (On2.com)
    Drivers32: vidc.VP61 - C:\WINDOWS\system32\vp6vfw.dll (On2.com)



    Last edited by Tazzy on Fri 10 Sep 2010, 3:05 pm; edited 1 time in total

    Tazzy

    Newbie Surfer
    Newbie Surfer

    Posts : 26
    Joined : 2010-08-03
    Operating System : windows xp

    View user profile

    Back to top Go down

    Re: trojan.win32.buzus.eglu

    Post by Tazzy on Fri 10 Sep 2010, 3:04 pm

    OTL logfile created on: 10/09/2010 04:29:42 - Run 1 .......Part 2 as was too big

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point (17183584330711040)

    ========== Files/Folders - Created Within 30 Days ==========

    [2010/09/07 00:43:31 | 000,000,000 | ---D | C] -- C:\Program Files\Phoenix Viewer
    [2010/09/07 00:21:39 | 000,567,680 | ---- | C] (Google Inc.) -- C:\Documents and Settings\Tania Wood\Desktop\ChromeSetup.exe
    [2010/09/06 23:59:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\WindowsPowerShell
    [2010/09/06 23:59:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\winrm
    [2010/09/06 23:59:27 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$968930Uinstall_KB968930$
    [2010/09/06 23:59:06 | 000,000,000 | -HSD | C] -- C:\Config.Msi
    [2010/09/06 22:05:20 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Tania Wood\Recent
    [2010/09/06 03:31:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
    [2010/09/05 22:04:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SecTaskMan
    [2010/09/05 22:04:30 | 000,000,000 | ---D | C] -- C:\Program Files\Security Task Manager
    [2010/09/05 21:39:06 | 000,000,000 | ---D | C] -- C:\Program Files\Eusing Free Registry Cleaner
    [2010/09/05 17:52:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tania Wood\Application Data\Uniblue
    [2010/09/05 04:35:38 | 000,000,000 | ---D | C] -- C:\d2bf15400392b349be9432
    [2010/09/05 04:25:27 | 048,643,144 | ---- | C] ( ) -- C:\Documents and Settings\Tania Wood\Desktop\AppFix.exe
    [2010/09/05 03:57:14 | 003,427,248 | ---- | C] (Piriform Ltd) -- C:\Documents and Settings\Tania Wood\Desktop\ccsetup235.exe
    [2010/09/05 03:17:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tania Wood\Local Settings\Application Data\SecondLife
    [2010/09/05 02:31:31 | 049,718,955 | ---- | C] (PhoenixViewer.com ) -- C:\Documents and Settings\Tania Wood\Desktop\Phoenix_Viewer_1.5.0.1.exe
    [2010/08/19 19:31:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
    [2010/08/19 18:50:43 | 000,000,000 | -HSD | C] -- C:\RECYCLER
    [2010/08/19 16:44:05 | 000,000,000 | ---D | C] -- C:\Combo-Fix
    [2010/08/19 16:02:30 | 000,000,000 | RHSD | C] -- C:\cmdcons
    [2010/08/19 15:53:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
    [2010/08/19 15:27:22 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
    [2010/08/16 14:06:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tania Wood\Desktop\basic
    [2010/08/12 17:35:37 | 000,026,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xmlinst.exe
    [2010/08/12 17:35:37 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msxml3a.dll
    [2010/08/12 17:35:34 | 000,000,000 | ---D | C] -- C:\Program Files\Ubisoft
    [1996/11/18 22:15:46 | 000,018,944 | ---- | C] ( ) -- C:\WINDOWS\System32\implode.dll
    [3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2010/09/10 01:41:38 | 000,002,342 | ---- | M] () -- C:\error.htm
    [2010/09/10 01:32:23 | 000,000,230 | ---- | M] () -- C:\infect.htm
    [2010/09/10 01:00:55 | 000,000,526 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled scanning task.job
    [2010/09/10 00:27:00 | 000,000,944 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3605395860-2466649076-873052810-1008Core.job
    [2010/09/09 23:34:59 | 000,195,441 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\wave at verandas.jpg
    [2010/09/09 23:34:55 | 000,181,145 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\at verandas.jpg
    [2010/09/09 23:34:48 | 000,208,459 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\team at trapp.jpg
    [2010/09/09 23:34:46 | 000,141,051 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\jump.jpg
    [2010/09/09 20:17:40 | 000,150,424 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\beach.JPG
    [2010/09/09 13:09:22 | 000,016,304 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\cherry comp.JPG
    [2010/09/09 05:34:30 | 000,108,265 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\cherry loves us all.jpg
    [2010/09/09 05:24:47 | 000,396,147 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\741360_YRzDMezWHAzqmBIaqLQ22.png
    [2010/09/09 05:24:36 | 000,376,467 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\741360_V5JsoA1CaH2C3BpcWS602.png
    [2010/09/09 05:24:25 | 000,376,467 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\741360_V5JsoA1CaH2C3BpcWS601.png
    [2010/09/09 05:24:05 | 000,114,401 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\great team.jpg
    [2010/09/09 05:23:49 | 000,396,147 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\741360_YRzDMezWHAzqmBIaqLQ21.png
    [2010/09/09 05:22:26 | 000,376,467 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\741360_V5JsoA1CaH2C3BpcWS60.png
    [2010/09/09 05:22:04 | 000,396,147 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\741360_YRzDMezWHAzqmBIaqLQ2.png
    [2010/09/09 05:22:02 | 000,099,645 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\the wall.jpg
    [2010/09/09 05:20:25 | 000,774,881 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\mary's 2.PNG
    [2010/09/09 05:17:33 | 000,095,097 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\come ave a piccy.JPG
    [2010/09/09 05:16:40 | 000,179,631 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\Group Hug 1.jpg
    [2010/09/09 05:16:05 | 000,248,340 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\Group Hug 2.jpg
    [2010/09/09 05:12:38 | 000,171,720 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\Count Down1.jpg
    [2010/09/09 05:11:35 | 000,151,179 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\woot love ya.JPG
    [2010/09/09 05:09:26 | 000,235,398 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\Count Down 2.jpg
    [2010/09/09 05:07:46 | 000,639,718 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\ahhhhh 3.png
    [2010/09/09 05:07:41 | 000,171,720 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\Count Down.jpg
    [2010/09/09 05:06:13 | 000,110,093 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\last ones standing.JPG
    [2010/09/08 20:26:56 | 000,174,149 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\tree.JPG
    [2010/09/08 20:26:41 | 000,198,562 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\fireworks.JPG
    [2010/09/08 20:26:25 | 000,174,195 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\hill.JPG
    [2010/09/08 04:25:29 | 000,002,515 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Office Word 2007.lnk
    [2010/09/08 03:27:00 | 000,000,996 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3605395860-2466649076-873052810-1008UA.job
    [2010/09/07 22:36:57 | 000,085,064 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    [2010/09/07 21:57:41 | 000,125,640 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\swan.JPG
    [2010/09/07 21:56:30 | 000,140,030 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\fairy 2.JPG
    [2010/09/07 21:54:01 | 000,139,431 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\landscape.JPG
    [2010/09/07 21:52:57 | 000,139,783 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\fairy.JPG
    [2010/09/07 21:52:41 | 000,135,536 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\lady2.JPG
    [2010/09/07 21:52:26 | 000,139,929 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\lady.JPG
    [2010/09/07 00:45:12 | 000,000,833 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Phoenix Viewer.lnk
    [2010/09/07 00:42:39 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
    [2010/09/07 00:22:34 | 000,002,323 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\Google Chrome.lnk
    [2010/09/07 00:22:34 | 000,002,301 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
    [2010/09/07 00:21:47 | 000,567,680 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Tania Wood\Desktop\ChromeSetup.exe
    [2010/09/07 00:18:15 | 000,000,474 | ---- | M] () -- C:\WINDOWS\tasks\SDMsgUpdate (TE).job
    [2010/09/07 00:18:14 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2010/09/07 00:16:02 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
    [2010/09/07 00:16:01 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2010/09/07 00:14:38 | 012,058,624 | -H-- | M] () -- C:\Documents and Settings\Tania Wood\NTUSER.DAT
    [2010/09/07 00:14:38 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Tania Wood\ntuser.ini
    [2010/09/07 00:10:42 | 000,625,550 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
    [2010/09/07 00:10:42 | 000,533,818 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2010/09/07 00:10:42 | 000,099,586 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
    [2010/09/07 00:00:04 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
    [2010/09/06 22:55:31 | 000,332,280 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2010/09/06 22:07:02 | 000,004,868 | ---- | M] () -- D:\My Documents\cc_20100906_220659.reg
    [2010/09/06 20:34:11 | 140,309,118 | ---- | M] () -- D:\My Documents\regbackup.reg
    [2010/09/06 06:26:36 | 000,122,532 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\JENEDY~1.JPG
    [2010/09/06 06:25:32 | 000,011,803 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\41RT83VEX2L__SL500_AA300_.jpg
    [2010/09/06 03:59:54 | 000,030,226 | ---- | M] () -- D:\My Documents\cc_20100906_035949.reg
    [2010/09/06 03:43:53 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
    [2010/09/06 03:37:02 | 000,511,968 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\sdsetup.exe
    [2010/09/05 21:44:04 | 142,646,658 | ---- | M] () -- D:\My Documents\EFRbackup.reg
    [2010/09/05 21:39:08 | 000,000,740 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\Eusing Free Registry Cleaner.lnk
    [2010/09/05 21:38:57 | 000,963,827 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\EFRCSetup.exe
    [2010/09/05 17:47:57 | 000,001,352 | ---- | M] () -- D:\My Documents\cc_20100905_174753.reg
    [2010/09/05 10:36:50 | 000,000,745 | ---- | M] () -- D:\My Documents\xp_exe_fix.zip
    [2010/09/05 04:29:38 | 048,643,144 | ---- | M] ( ) -- C:\Documents and Settings\Tania Wood\Desktop\AppFix.exe
    [2010/09/05 04:00:14 | 000,050,426 | ---- | M] () -- D:\My Documents\cc_20100905_040004.reg
    [2010/09/05 03:59:32 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\CCleaner.lnk
    [2010/09/05 03:57:21 | 003,427,248 | ---- | M] (Piriform Ltd) -- C:\Documents and Settings\Tania Wood\Desktop\ccsetup235.exe
    [2010/09/05 03:14:14 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
    [2010/09/05 02:31:40 | 049,718,955 | ---- | M] (PhoenixViewer.com ) -- C:\Documents and Settings\Tania Wood\Desktop\Phoenix_Viewer_1.5.0.1.exe
    [2010/09/05 02:29:24 | 000,700,144 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\Second_Life_Setup.exe
    [2010/09/03 04:03:06 | 000,173,835 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\painting to try.JPG
    [2010/09/03 04:02:49 | 000,156,056 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\chery.JPG
    [2010/09/03 03:48:51 | 000,160,887 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\wicked.JPG
    [2010/09/03 03:46:40 | 000,149,804 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\rosestem.JPG
    [2010/09/03 03:36:25 | 000,158,863 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\flower.JPG
    [2010/09/03 03:31:18 | 000,139,443 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\purple storm.JPG
    [2010/09/03 03:26:18 | 000,146,335 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\snakes eyes.JPG
    [2010/09/03 03:25:47 | 000,152,181 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\cards.JPG
    [2010/09/03 03:24:03 | 000,138,825 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\vicks rose mwhahahah.JPG
    [2010/09/02 06:54:18 | 000,142,799 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\cove.JPG
    [2010/09/02 06:53:46 | 000,162,927 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\blue rose.JPG
    [2010/09/01 19:45:51 | 000,146,913 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\phoenix.jpg
    [2010/09/01 15:51:56 | 000,025,808 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\invisible1.JPG
    [2010/08/28 19:14:07 | 000,156,575 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\wow.JPG
    [2010/08/27 22:19:51 | 000,016,649 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\droplet-on-a-rose.jpg
    [2010/08/27 06:44:58 | 000,188,091 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\painting.JPG
    [2010/08/27 06:37:49 | 000,157,842 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\hoofy.JPG
    [2010/08/26 06:16:40 | 000,112,869 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\rose.JPG
    [2010/08/25 20:18:45 | 000,146,069 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\orange sun.JPG
    [2010/08/25 07:53:42 | 000,164,363 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\towers.JPG
    [2010/08/25 02:08:54 | 000,182,647 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\lighthouse.JPG
    [2010/08/25 02:08:04 | 000,175,308 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\ocean.JPG
    [2010/08/24 17:10:59 | 000,149,811 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\eeeeeeeeeeeeee.JPG
    [2010/08/23 19:25:13 | 000,078,868 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\bboik.html
    [2010/08/23 15:06:46 | 000,177,606 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\rollingsea.JPG
    [2010/08/23 15:04:55 | 000,151,841 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\sundown.JPG
    [2010/08/23 14:49:35 | 000,168,380 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\romance.JPG
    [2010/08/23 14:48:34 | 000,152,632 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\apples.JPG
    [2010/08/23 14:25:51 | 000,152,149 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\mystical lights.JPG
    [2010/08/23 14:19:14 | 000,147,404 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\footprints.JPG
    [2010/08/23 06:34:38 | 000,153,601 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\tez.JPG
    [2010/08/23 06:30:40 | 000,192,308 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\untitled.JPG
    [2010/08/19 19:19:43 | 000,000,774 | ---- | M] () -- C:\WINDOWS\win.ini
    [2010/08/19 19:19:43 | 000,000,296 | RHS- | M] () -- C:\boot.ini
    [2010/08/19 19:19:43 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
    [2010/08/19 18:57:00 | 044,089,904 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\avira_antivir_personal_en.exe
    [2010/08/19 15:19:57 | 000,000,226 | ---- | M] () -- C:\Boot.bak
    [2010/08/19 12:46:30 | 000,000,897 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\Open F-Secure Internet Security 2008 OEM.lnk
    [2010/08/12 17:45:01 | 000,001,804 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\Ubisoft Product Registration.lnk
    [3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2010/09/10 00:59:41 | 000,002,342 | ---- | C] () -- C:\error.htm
    [2010/09/10 00:59:41 | 000,000,230 | ---- | C] () -- C:\infect.htm
    [2010/09/09 23:34:50 | 000,195,441 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\wave at verandas.jpg
    [2010/09/09 23:34:47 | 000,181,145 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\at verandas.jpg
    [2010/09/09 23:34:44 | 000,208,459 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\team at trapp.jpg
    [2010/09/09 23:34:34 | 000,141,051 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\jump.jpg
    [2010/09/09 20:17:40 | 000,150,424 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\beach.JPG
    [2010/09/09 13:09:22 | 000,016,304 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\cherry comp.JPG
    [2010/09/09 05:34:30 | 000,108,265 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\cherry loves us all.jpg
    [2010/09/09 05:24:35 | 000,396,147 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\741360_YRzDMezWHAzqmBIaqLQ22.png
    [2010/09/09 05:24:24 | 000,376,467 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\741360_V5JsoA1CaH2C3BpcWS602.png
    [2010/09/09 05:24:15 | 000,376,467 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\741360_V5JsoA1CaH2C3BpcWS601.png
    [2010/09/09 05:24:04 | 000,114,401 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\great team.jpg
    [2010/09/09 05:23:34 | 000,396,147 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\741360_YRzDMezWHAzqmBIaqLQ21.png
    [2010/09/09 05:22:06 | 000,376,467 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\741360_V5JsoA1CaH2C3BpcWS60.png
    [2010/09/09 05:21:58 | 000,099,645 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\the wall.jpg
    [2010/09/09 05:21:49 | 000,396,147 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\741360_YRzDMezWHAzqmBIaqLQ2.png
    [2010/09/09 05:17:33 | 000,095,097 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\come ave a piccy.JPG
    [2010/09/09 05:15:36 | 000,179,631 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\Group Hug 1.jpg
    [2010/09/09 05:14:45 | 000,774,881 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\mary's 2.PNG
    [2010/09/09 05:13:15 | 000,248,340 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\Group Hug 2.jpg
    [2010/09/09 05:12:33 | 000,171,720 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\Count Down1.jpg
    [2010/09/09 05:11:28 | 000,151,179 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\woot love ya.JPG
    [2010/09/09 05:09:17 | 000,235,398 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\Count Down 2.jpg
    [2010/09/09 05:07:37 | 000,171,720 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\Count Down.jpg
    [2010/09/09 05:07:28 | 000,639,718 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\ahhhhh 3.png
    [2010/09/09 05:06:13 | 000,110,093 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\last ones standing.JPG
    [2010/09/08 20:26:56 | 000,174,149 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\tree.JPG
    [2010/09/08 20:26:41 | 000,198,562 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\fireworks.JPG
    [2010/09/08 20:26:25 | 000,174,195 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\hill.JPG
    [2010/09/07 21:57:41 | 000,125,640 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\swan.JPG
    [2010/09/07 21:56:30 | 000,140,030 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\fairy 2.JPG
    [2010/09/07 21:54:01 | 000,139,431 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\landscape.JPG
    [2010/09/07 21:52:57 | 000,139,783 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\fairy.JPG
    [2010/09/07 21:52:41 | 000,135,536 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\lady2.JPG
    [2010/09/07 21:52:26 | 000,139,929 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\lady.JPG
    [2010/09/07 00:45:12 | 000,000,833 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Phoenix Viewer.lnk
    [2010/09/07 00:22:34 | 000,002,323 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\Google Chrome.lnk
    [2010/09/07 00:22:34 | 000,002,301 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
    [2010/09/07 00:22:01 | 000,000,996 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3605395860-2466649076-873052810-1008UA.job
    [2010/09/07 00:22:01 | 000,000,944 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3605395860-2466649076-873052810-1008Core.job
    [2010/09/06 23:58:41 | 000,001,355 | ---- | C] () -- C:\WINDOWS\imsins.BAK
    [2010/09/06 22:07:00 | 000,004,868 | ---- | C] () -- D:\My Documents\cc_20100906_220659.reg
    [2010/09/06 20:33:50 | 140,309,118 | ---- | C] () -- D:\My Documents\regbackup.reg
    [2010/09/06 06:26:44 | 000,122,532 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\JENEDY~1.JPG
    [2010/09/06 06:25:46 | 000,011,803 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\41RT83VEX2L__SL500_AA300_.jpg
    [2010/09/06 03:59:52 | 000,030,226 | ---- | C] () -- D:\My Documents\cc_20100906_035949.reg
    [2010/09/06 03:31:07 | 000,511,968 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\sdsetup.exe
    [2010/09/05 21:43:48 | 142,646,658 | ---- | C] () -- D:\My Documents\EFRbackup.reg
    [2010/09/05 21:39:08 | 000,000,740 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\Eusing Free Registry Cleaner.lnk
    [2010/09/05 21:33:36 | 000,963,827 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\EFRCSetup.exe
    [2010/09/05 18:34:42 | 000,001,904 | ---- | C] () -- C:\WINDOWS\System32\SetupBD.din
    [2010/09/05 17:47:55 | 000,001,352 | ---- | C] () -- D:\My Documents\cc_20100905_174753.reg
    [2010/09/05 10:36:47 | 000,000,745 | ---- | C] () -- D:\My Documents\xp_exe_fix.zip
    [2010/09/05 04:00:08 | 000,050,426 | ---- | C] () -- D:\My Documents\cc_20100905_040004.reg
    [2010/09/05 02:29:16 | 000,700,144 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\Second_Life_Setup.exe
    [2010/09/03 04:03:06 | 000,173,835 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\painting to try.JPG
    [2010/09/03 04:02:49 | 000,156,056 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\chery.JPG
    [2010/09/03 03:48:51 | 000,160,887 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\wicked.JPG
    [2010/09/03 03:46:40 | 000,149,804 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\rosestem.JPG
    [2010/09/03 03:36:25 | 000,158,863 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\flower.JPG
    [2010/09/03 03:31:18 | 000,139,443 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\purple storm.JPG
    [2010/09/03 03:26:18 | 000,146,335 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\snakes eyes.JPG
    [2010/09/03 03:25:47 | 000,152,181 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\cards.JPG
    [2010/09/03 03:24:03 | 000,138,825 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\vicks rose mwhahahah.JPG
    [2010/09/02 06:54:18 | 000,142,799 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\cove.JPG
    [2010/09/02 06:53:46 | 000,162,927 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\blue rose.JPG
    [2010/09/01 19:45:55 | 000,146,913 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\phoenix.jpg
    [2010/09/01 15:51:55 | 000,025,808 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\invisible1.JPG
    [2010/08/28 19:14:07 | 000,156,575 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\wow.JPG
    [2010/08/27 22:20:04 | 000,016,649 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\droplet-on-a-rose.jpg
    [2010/08/27 06:44:56 | 000,188,091 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\painting.JPG
    [2010/08/27 06:37:49 | 000,157,842 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\hoofy.JPG
    [2010/08/26 06:16:40 | 000,112,869 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\rose.JPG
    [2010/08/25 20:18:45 | 000,146,069 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\orange sun.JPG
    [2010/08/25 07:53:42 | 000,164,363 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\towers.JPG
    [2010/08/25 02:08:53 | 000,182,647 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\lighthouse.JPG
    [2010/08/25 02:08:04 | 000,175,308 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\ocean.JPG
    [2010/08/24 17:10:59 | 000,149,811 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\eeeeeeeeeeeeee.JPG
    [2010/08/23 19:25:12 | 000,078,868 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\bboik.html
    [2010/08/23 15:06:46 | 000,177,606 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\rollingsea.JPG
    [2010/08/23 15:04:55 | 000,151,841 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\sundown.JPG
    [2010/08/23 14:49:35 | 000,168,380 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\romance.JPG
    [2010/08/23 14:48:34 | 000,152,632 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\apples.JPG
    [2010/08/23 14:25:51 | 000,152,149 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\mystical lights.JPG
    [2010/08/23 14:19:14 | 000,147,404 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\footprints.JPG
    [2010/08/23 06:34:37 | 000,153,601 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\tez.JPG
    [2010/08/23 06:30:39 | 000,192,308 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\untitled.JPG
    [2010/08/21 01:03:18 | 000,000,526 | ---- | C] () -- C:\WINDOWS\tasks\Scheduled scanning task.job
    [2010/08/19 19:10:08 | 044,089,904 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\avira_antivir_personal_en.exe
    [2010/08/19 16:02:36 | 000,000,226 | ---- | C] () -- C:\Boot.bak
    [2010/08/19 16:02:32 | 000,260,272 | ---- | C] () -- C:\cmldr
    [2010/08/19 15:53:48 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
    [2010/08/19 15:53:48 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
    [2010/08/19 13:17:49 | 000,000,897 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\Open F-Secure Internet Security 2008 OEM.lnk
    [2010/08/16 15:00:36 | 000,006,421 | ---- | C] () -- C:\Documents and Settings\Tania Wood\resetlog.txt
    [2010/08/12 17:45:01 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\Ubisoft Product Registration.lnk
    [2010/08/12 17:35:38 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\xmltok.dll
    [2010/08/12 17:35:38 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\xmlparse.dll
    [2010/08/12 17:35:38 | 000,035,840 | ---- | C] () -- C:\WINDOWS\System32\comdlg32.oca
    [2010/08/12 17:35:37 | 000,029,184 | ---- | C] () -- C:\WINDOWS\System32\MSINET.oca
    [2010/02/21 05:59:33 | 000,076,407 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Application Data\Smiley.ico
    [2010/01/19 12:49:54 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\RemoveDevice.dll
    [2009/12/14 18:14:17 | 000,000,098 | ---- | C] () -- C:\WINDOWS\WirelessFTP.INI
    [2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
    [2009/06/01 19:42:52 | 000,000,000 | ---- | C] () -- C:\WINDOWS\tosOBEX.INI
    [2009/04/18 00:42:23 | 000,000,041 | ---- | C] () -- C:\WINDOWS\crw.ini
    [2009/02/15 01:02:38 | 000,000,133 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Local Settings\Application Data\fusioncache.dat
    [2009/01/19 18:40:54 | 000,000,520 | ---- | C] () -- C:\WINDOWS\ODBC.INI
    [2008/11/22 20:17:31 | 000,053,760 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2008/02/05 13:28:20 | 000,000,051 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Local Settings\Application Data\setup.txt
    [2007/12/07 13:40:43 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\DM1USBAPIVB.dll
    [2007/09/27 11:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
    [2007/09/27 11:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
    [2007/09/27 11:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
    [2007/08/09 11:49:09 | 000,000,440 | ---- | C] () -- C:\WINDOWS\yahoo.ini
    [2007/06/01 09:29:31 | 000,000,562 | ---- | C] () -- C:\WINDOWS\TBTdetect.ini
    [2007/05/31 16:04:12 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
    [2007/05/31 16:04:12 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
    [2007/05/31 16:04:12 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
    [2007/05/31 16:04:12 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
    [2007/05/31 16:04:12 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
    [2007/05/31 16:04:12 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
    [2007/05/30 16:26:19 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NDSTray.INI
    [2007/05/30 14:00:12 | 000,128,113 | ---- | C] () -- C:\WINDOWS\System32\csellang.ini
    [2007/05/30 14:00:12 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\csellang.dll
    [2007/05/30 14:00:12 | 000,010,150 | ---- | C] () -- C:\WINDOWS\System32\tosmreg.ini
    [2007/05/30 14:00:12 | 000,007,671 | ---- | C] () -- C:\WINDOWS\System32\cseltbl.ini
    [2007/05/30 12:44:07 | 000,910,304 | ---- | C] () -- C:\WINDOWS\System32\igmedkrn.dll
    [2007/05/30 12:44:07 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4814.dll
    [2007/05/30 11:20:26 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
    [2007/05/30 10:25:22 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
    [2007/05/30 09:13:38 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\ToshBIOS.dll
    [2007/05/30 09:13:37 | 000,000,083 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
    [2006/12/05 13:05:06 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\TosBtAcc.dll
    [2005/07/22 21:30:20 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\TosCommAPI.dll
    [1998/05/31 00:00:00 | 000,748,160 | ---- | C] () -- C:\WINDOWS\System32\CO2C40EN.DLL
    [1996/11/18 22:15:52 | 000,131,072 | ---- | C] () -- C:\WINDOWS\System32\p2sodbc.dll
    [1996/11/18 22:15:50 | 000,054,272 | ---- | C] () -- C:\WINDOWS\System32\p2irdao.dll
    [1996/11/18 22:15:50 | 000,050,176 | ---- | C] () -- C:\WINDOWS\System32\p2ctdao.dll
    [1996/11/18 22:15:50 | 000,036,352 | ---- | C] () -- C:\WINDOWS\System32\p2bbnd.dll

    ========== Custom Scans ==========


    < %systemroot%\*. /mp /s >

    < %systemroot%\system32\*.dll /lockedfiles >
    [3 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

    < %systemroot%\system32\*.exe /lockedfiles >
    [3 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

    < %systemroot%\Tasks\*.job /lockedfiles >

    < %systemroot%\system32\drivers\*.sys /lockedfiles >

    < %systemroot%\System32\config\*.sav >
    [2007/05/30 11:17:56 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
    [2007/05/30 11:17:56 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
    [2007/05/30 11:17:56 | 000,905,216 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

    < %systemroot%\system32\*.sys >
    [2004/08/04 13:00:00 | 000,009,029 | ---- | M] () -- C:\WINDOWS\system32\ansi.sys
    [2004/08/04 13:00:00 | 000,027,097 | ---- | M] () -- C:\WINDOWS\system32\country.sys
    [2004/08/04 13:00:00 | 000,004,768 | ---- | M] () -- C:\WINDOWS\system32\himem.sys
    [2004/08/04 13:00:00 | 000,042,809 | ---- | M] () -- C:\WINDOWS\system32\key01.sys
    [2004/08/04 13:00:00 | 000,042,537 | ---- | M] () -- C:\WINDOWS\system32\keyboard.sys
    [2004/08/04 13:00:00 | 000,027,866 | ---- | M] () -- C:\WINDOWS\system32\ntdos.sys
    [2004/08/04 13:00:00 | 000,029,146 | ---- | M] () -- C:\WINDOWS\system32\ntdos404.sys
    [2004/08/04 13:00:00 | 000,029,370 | ---- | M] () -- C:\WINDOWS\system32\ntdos411.sys
    [2004/08/04 13:00:00 | 000,029,274 | ---- | M] () -- C:\WINDOWS\system32\ntdos412.sys
    [2004/08/04 13:00:00 | 000,029,146 | ---- | M] () -- C:\WINDOWS\system32\ntdos804.sys
    [2004/08/04 13:00:00 | 000,033,840 | ---- | M] () -- C:\WINDOWS\system32\ntio.sys
    [2004/08/04 13:00:00 | 000,034,560 | ---- | M] () -- C:\WINDOWS\system32\ntio404.sys
    [2004/08/04 13:00:00 | 000,035,648 | ---- | M] () -- C:\WINDOWS\system32\ntio411.sys
    [2004/08/04 13:00:00 | 000,035,424 | ---- | M] () -- C:\WINDOWS\system32\ntio412.sys
    [2004/08/04 13:00:00 | 000,034,560 | ---- | M] () -- C:\WINDOWS\system32\ntio804.sys
    [2008/04/13 19:44:59 | 000,017,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\watchdog.sys
    [2010/06/23 14:44:04 | 001,851,904 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\win32k.sys
    [3 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

    < %systemroot%\system32\drivers\*.dll >
    [2008/04/14 01:11:48 | 000,004,255 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv01nt5.dll
    [2008/04/14 01:11:48 | 000,003,967 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv02nt5.dll
    [2008/04/14 01:11:48 | 000,003,615 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv05nt5.dll
    [2008/04/14 01:11:48 | 000,003,647 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv07nt5.dll
    [2008/04/14 01:11:48 | 000,003,135 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv08nt5.dll
    [2008/04/14 01:11:48 | 000,003,711 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv09nt5.dll
    [2008/04/14 01:11:48 | 000,003,775 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv11nt5.dll
    [2008/04/14 01:11:50 | 000,021,183 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv01nt5.dll
    [2008/04/14 01:11:50 | 000,011,359 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv02nt5.dll
    [2008/04/14 01:11:50 | 000,025,471 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv04nt5.dll
    [2008/04/14 01:11:50 | 000,014,143 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv06nt5.dll
    [2008/04/14 01:11:50 | 000,017,279 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv10nt5.dll
    [2008/04/14 01:11:50 | 000,015,423 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\ch7xxnt5.dll
    [2008/04/14 01:12:05 | 000,003,901 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\siint5.dll
    [2008/04/14 01:12:08 | 000,011,325 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\vchnt5.dll

    < %systemroot%\system32\drivers\*.ini >

    < %systemroot%\system32\drivers\*.exe >

    < %SYSTEMDRIVE%\*.* >
    [2007/05/30 10:22:24 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
    [2010/08/19 15:19:57 | 000,000,226 | ---- | M] () -- C:\Boot.bak
    [2010/08/19 19:19:43 | 000,000,296 | RHS- | M] () -- C:\boot.ini
    [2004/08/03 23:00:00 | 000,260,272 | ---- | M] () -- C:\cmldr
    [2007/05/30 10:22:24 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
    [2010/08/02 15:27:07 | 000,005,619 | ---- | M] () -- C:\debug.txt
    [2010/09/10 01:41:38 | 000,002,342 | ---- | M] () -- C:\error.htm
    [2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1028.txt
    [2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1031.txt
    [2007/11/07 08:00:40 | 000,010,134 | ---- | M] () -- C:\eula.1033.txt
    [2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1036.txt
    [2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1040.txt
    [2007/11/07 08:00:40 | 000,000,118 | ---- | M] () -- C:\eula.1041.txt
    [2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1042.txt
    [2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.2052.txt
    [2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.3082.txt
    [2007/11/07 08:00:40 | 000,001,110 | ---- | M] () -- C:\globdata.ini
    [2010/09/10 01:32:23 | 000,000,230 | ---- | M] () -- C:\infect.htm
    [2009/02/15 02:23:56 | 000,000,164 | ---- | M] () -- C:\install.dat
    [2007/11/07 08:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe
    [2007/11/07 08:00:40 | 000,000,843 | ---- | M] () -- C:\install.ini
    [2007/11/07 08:03:18 | 000,076,304 | ---- | M] (Microsoft Corporation) -- C:\install.res.1028.dll
    [2007/11/07 08:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.1031.dll
    [2007/11/07 08:03:18 | 000,091,152 | ---- | M] (Microsoft Corporation) -- C:\install.res.1033.dll
    [2007/11/07 08:03:18 | 000,097,296 | ---- | M] (Microsoft Corporation) -- C:\install.res.1036.dll
    [2007/11/07 08:03:18 | 000,095,248 | ---- | M] (Microsoft Corporation) -- C:\install.res.1040.dll
    [2007/11/07 08:03:18 | 000,081,424 | ---- | M] (Microsoft Corporation) -- C:\install.res.1041.dll
    [2007/11/07 08:03:18 | 000,079,888 | ---- | M] (Microsoft Corporation) -- C:\install.res.1042.dll
    [2007/11/07 08:03:18 | 000,075,792 | ---- | M] (Microsoft Corporation) -- C:\install.res.2052.dll
    [2007/11/07 08:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.3082.dll
    [2007/05/30 10:22:24 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
    [2007/05/30 10:22:24 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
    [2010/05/01 02:25:13 | 000,000,439 | ---- | M] () -- C:\nsinst.log
    [2004/08/04 13:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
    [2008/11/26 04:09:02 | 000,250,048 | RHS- | M] () -- C:\ntldr
    [2010/09/07 00:15:57 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys
    [2007/06/11 16:59:32 | 000,000,706 | -H-- | M] () -- C:\SWSTAMP.TXT
    [2010/07/20 19:16:13 | 000,237,568 | -H-- | M] () -- C:\SZKGFS.dat
    [2007/11/07 08:00:40 | 000,005,686 | ---- | M] () -- C:\vcredist.bmp
    [2007/11/07 08:09:22 | 001,442,522 | ---- | M] () -- C:\VC_RED.cab
    [2007/11/07 08:12:28 | 000,232,960 | ---- | M] () -- C:\VC_RED.MSI

    < %PROGRAMFILES%\*. >
    [2007/12/07 14:38:57 | 000,000,000 | ---D | M] -- C:\Program Files\Acronis
    [2007/08/09 18:55:33 | 000,000,000 | ---D | M] -- C:\Program Files\Activation Assistant for the 2007 Microsoft Office suites
    [2010/09/05 17:46:45 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
    [2007/06/11 15:37:37 | 000,000,000 | ---D | M] -- C:\Program Files\Apoint2K
    [2007/08/09 18:56:05 | 000,000,000 | ---D | M] -- C:\Program Files\Atheros
    [2009/09/03 20:39:27 | 000,000,000 | ---D | M] -- C:\Program Files\AVG
    [2010/02/09 15:38:47 | 000,000,000 | ---D | M] -- C:\Program Files\Babylon
    [2010/09/06 03:45:37 | 000,000,000 | ---D | M] -- C:\Program Files\BitComet
    [2009/12/26 21:11:37 | 000,000,000 | ---D | M] -- C:\Program Files\Bonjour
    [2009/12/25 18:44:52 | 000,000,000 | ---D | M] -- C:\Program Files\BQNITW
    [2008/12/07 21:30:40 | 000,000,000 | ---D | M] -- C:\Program Files\Bullzip
    [2009/02/19 11:39:19 | 000,000,000 | ---D | M] -- C:\Program Files\Business Objects
    [2007/12/07 20:53:03 | 000,000,000 | -H-D | M] -- C:\Program Files\CanonBJ
    [2010/09/05 03:57:36 | 000,000,000 | ---D | M] -- C:\Program Files\CCleaner
    [2009/02/15 20:04:55 | 000,000,000 | ---D | M] -- C:\Program Files\CDBurnerXP
    [2009/02/19 11:10:45 | 000,000,000 | ---D | M] -- C:\Program Files\CE Remote Tools
    [2010/09/05 17:46:47 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
    [2007/05/30 10:20:49 | 000,000,000 | ---D | M] -- C:\Program Files\ComPlus Applications
    [2010/06/04 13:24:43 | 000,000,000 | ---D | M] -- C:\Program Files\Computerized Content Operator
    [2010/06/04 13:25:37 | 000,000,000 | ---D | M] -- C:\Program Files\Contextual Content Manager
    [2010/06/04 13:25:04 | 000,000,000 | ---D | M] -- C:\Program Files\Customized Platform Services
    [2008/11/22 15:49:54 | 000,000,000 | ---D | M] -- C:\Program Files\EditPlus 3
    [2009/05/04 11:43:47 | 000,000,000 | ---D | M] -- C:\Program Files\Effexis Software
    [2009/06/17 20:01:26 | 000,000,000 | ---D | M] -- C:\Program Files\Electronic Arts
    [2010/03/31 03:08:36 | 000,000,000 | ---D | M] -- C:\Program Files\Entriq
    [2010/09/05 21:39:13 | 000,000,000 | ---D | M] -- C:\Program Files\Eusing Free Registry Cleaner
    [2009/06/29 09:03:38 | 000,000,000 | ---D | M] -- C:\Program Files\F-Secure Internet Security
    [2009/02/15 02:23:06 | 000,000,000 | ---D | M] -- C:\Program Files\File Scanner Library (Spybot - Search & Destroy)
    [2009/04/27 19:02:08 | 000,000,000 | ---D | M] -- C:\Program Files\FileZilla FTP Client
    [2009/03/31 23:55:07 | 000,000,000 | ---D | M] -- C:\Program Files\Gamenext
    [2009/03/31 22:55:09 | 000,000,000 | ---D | M] -- C:\Program Files\GamesBar
    [2009/02/18 16:36:27 | 000,000,000 | ---D | M] -- C:\Program Files\glassfish-v2ur2
    [2010/09/06 03:16:20 | 000,000,000 | ---D | M] -- C:\Program Files\Google
    [2010/05/04 17:29:09 | 000,000,000 | ---D | M] -- C:\Program Files\HandyGamez Toolbar
    [2009/02/19 11:18:28 | 000,000,000 | ---D | M] -- C:\Program Files\HTML Help Workshop
    [2009/07/25 09:02:19 | 000,000,000 | ---D | M] -- C:\Program Files\Huawei Modems
    [2010/09/06 03:14:39 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
    [2010/09/05 18:35:19 | 000,000,000 | ---D | M] -- C:\Program Files\Intel
    [2010/09/07 00:02:51 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
    [2007/06/11 15:38:26 | 000,000,000 | ---D | M] -- C:\Program Files\InterVideo
    [2010/09/06 03:26:17 | 000,000,000 | ---D | M] -- C:\Program Files\iTunes
    [2010/08/19 19:39:57 | 000,000,000 | ---D | M] -- C:\Program Files\iWin Games
    [2010/05/04 17:36:36 | 000,000,000 | ---D | M] -- C:\Program Files\iWin.com
    [2010/09/06 23:34:49 | 000,000,000 | ---D | M] -- C:\Program Files\Java
    [2010/03/31 03:08:50 | 000,000,000 | ---D | M] -- C:\Program Files\Kontiki
    [2007/08/09 18:58:44 | 000,000,000 | ---D | M] -- C:\Program Files\ltmoh
    [2008/11/26 04:19:20 | 000,000,000 | ---D | M] -- C:\Program Files\Messenger
    [2010/09/06 23:58:53 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft
    [2007/10/18 19:29:06 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft CAPICOM 2.1.0.2
    [2009/02/19 11:35:14 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Device Emulator
    [2007/08/09 18:58:45 | 000,000,000 | ---D | M] -- C:\Program Files\microsoft frontpage
    [2009/02/15 02:13:06 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
    [2009/11/18 03:14:41 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office Outlook Connector
    [2009/02/19 11:10:45 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft SDKs
    [2010/09/05 02:59:51 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Silverlight
    [2007/06/11 15:39:22 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft SQL Server
    [2009/03/15 22:56:44 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft SQL Server Compact Edition
    [2009/02/19 11:32:46 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Synchronization Services
    [2009/02/19 11:39:20 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Visual Studio 9.0
    [2009/02/19 11:09:32 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Web Designer Tools
    [2009/11/04 04:05:31 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Works
    [2009/06/17 19:50:44 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft WSE
    [2010/09/07 00:03:57 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft.NET
    [2009/02/15 02:23:07 | 000,000,000 | ---D | M] -- C:\Program Files\Misc. Support Library (Spybot - Search & Destroy)
    [2010/08/11 03:03:15 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker
    [2010/09/05 03:07:54 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
    [2009/02/19 11:17:50 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
    [2008/12/07 20:56:30 | 000,000,000 | ---D | M] -- C:\Program Files\MSECache
    [2009/03/26 20:46:49 | 000,000,000 | ---D | M] -- C:\Program Files\MSN
    [2007/08/09 19:01:31 | 000,000,000 | ---D | M] -- C:\Program Files\MSN Gaming Zone
    [2007/05/30 10:46:33 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 4.0
    [2007/08/09 14:26:05 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 6.0
    [2010/09/05 22:21:15 | 000,000,000 | ---D | M] -- C:\Program Files\myBabylon_English
    [2009/06/01 17:54:26 | 000,000,000 | ---D | M] -- C:\Program Files\NetBeans 6.1
    [2009/02/18 03:35:30 | 000,000,000 | ---D | M] -- C:\Program Files\NetBeans 6.5
    [2008/11/26 04:10:49 | 000,000,000 | ---D | M] -- C:\Program Files\NetMeeting
    [2010/05/04 17:25:37 | 000,000,000 | ---D | M] -- C:\Program Files\Oberon Media
    [2007/12/07 13:40:45 | 000,000,000 | ---D | M] -- C:\Program Files\Olympus
    [2007/08/09 19:01:40 | 000,000,000 | ---D | M] -- C:\Program Files\Online Services
    [2010/05/13 03:03:46 | 000,000,000 | ---D | M] -- C:\Program Files\Outlook Express
    [2010/09/07 00:45:13 | 000,000,000 | ---D | M] -- C:\Program Files\Phoenix Viewer
    [2009/06/05 19:36:35 | 000,000,000 | ---D | M] -- C:\Program Files\Picasa2
    [2007/06/11 15:39:42 | 000,000,000 | ---D | M] -- C:\Program Files\Protector Suite QL
    [2007/12/07 13:25:33 | 000,000,000 | ---D | M] -- C:\Program Files\QuickLink Desktop
    [2010/09/06 23:45:52 | 000,000,000 | ---D | M] -- C:\Program Files\QuickTime
    [2007/08/09 19:01:48 | 000,000,000 | ---D | M] -- C:\Program Files\Realtek
    [2007/08/09 14:22:29 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
    [2009/07/02 00:45:04 | 000,000,000 | ---D | M] -- C:\Program Files\ReflexiveArcade
    [2008/12/29 19:44:07 | 000,000,000 | ---D | M] -- C:\Program Files\Retrospect
    [2007/12/07 13:44:52 | 000,000,000 | ---D | M] -- C:\Program Files\Scansoft
    [2009/02/15 02:23:07 | 000,000,000 | ---D | M] -- C:\Program Files\SDHelper (Spybot - Search & Destroy)
    [2010/09/05 22:20:22 | 000,000,000 | ---D | M] -- C:\Program Files\Security Task Manager
    [2010/06/24 12:51:28 | 000,000,000 | R--D | M] -- C:\Program Files\Skype
    [2009/05/04 12:43:11 | 000,000,000 | ---D | M] -- C:\Program Files\SmartDraw 2009
    [2009/07/04 17:28:32 | 000,000,000 | ---D | M] -- C:\Program Files\Spybot - Search & Destroy
    [2010/09/06 05:05:00 | 000,000,000 | ---D | M] -- C:\Program Files\Spyware Doctor
    [2009/08/13 13:13:11 | 000,000,000 | ---D | M] -- C:\Program Files\SpywareBlaster
    [2009/08/14 12:27:48 | 000,000,000 | ---D | M] -- C:\Program Files\SwiftKit
    [2010/09/05 18:31:14 | 000,000,000 | ---D | M] -- C:\Program Files\SystemRequirementsLab
    [2007/12/07 13:44:52 | 000,000,000 | ---D | M] -- C:\Program Files\Texthelp Systems
    [2010/06/04 13:26:00 | 000,000,000 | ---D | M] -- C:\Program Files\Textual Content Enhancer
    [2009/09/08 03:53:59 | 000,000,000 | ---D | M] -- C:\Program Files\The Budgerigar Program 2006
    [2007/08/09 11:25:49 | 000,000,000 | ---D | M] -- C:\Program Files\TOSHIBA
    [2010/08/12 17:35:35 | 000,000,000 | ---D | M] -- C:\Program Files\Ubisoft
    [2009/02/15 00:07:04 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
    [2009/12/29 00:19:16 | 000,000,000 | ---D | M] -- C:\Program Files\VideoLAN
    [2010/04/23 12:32:40 | 000,000,000 | ---D | M] -- C:\Program Files\VirginMedia
    [2010/06/04 13:24:33 | 000,000,000 | ---D | M] -- C:\Program Files\Web Content Searcher
    [2009/06/05 19:26:59 | 000,000,000 | ---D | M] -- C:\Program Files\Western Digital
    [2008/12/29 19:42:40 | 000,000,000 | ---D | M] -- C:\Program Files\Western Digital Technologies
    [2009/06/11 03:15:20 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Desktop Search
    [2009/11/18 03:13:55 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live
    [2009/03/15 22:54:43 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live SkyDrive
    [2007/08/09 14:21:39 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Connect 2
    [2008/11/26 04:10:46 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
    [2009/02/19 11:34:44 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Mobile 5.0 SDK R2
    [2008/11/26 04:10:46 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
    [2007/05/30 10:21:27 | 000,000,000 | -H-D | M] -- C:\Program Files\WindowsUpdate
    [2008/12/05 17:42:12 | 000,000,000 | ---D | M] -- C:\Program Files\WinRAR
    [2007/08/09 19:02:31 | 000,000,000 | ---D | M] -- C:\Program Files\xerox
    [2009/02/15 04:04:48 | 000,000,000 | ---D | M] -- C:\Program Files\Yahoo!
    [2010/08/02 15:27:07 | 000,000,000 | ---D | M] -- C:\Program Files\ZTE_1.2059.0.8
    [2010/05/04 17:31:37 | 000,000,000 | ---D | M] -- C:\Program Files\Zylom Games

    < %appdata%\*.* >
    [2007/05/30 11:18:48 | 000,000,062 | -HS- | M] () -- C:\Documents and Settings\Tania Wood\Application Data\desktop.ini
    [2009/11/04 12:49:48 | 000,076,407 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Application Data\Smiley.ico


    < MD5 for: AGP440.SYS >
    [2004/08/04 13:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\I386\sp2.cab:AGP440.sys
    [2004/08/04 13:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
    [2008/11/26 04:06:44 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
    [2008/11/26 04:06:44 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
    [2008/04/13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys
    [2008/04/13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
    [2008/04/13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

    < MD5 for: ATAPI.SYS >
    [2004/08/04 13:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\I386\sp2.cab:atapi.sys
    [2004/08/04 13:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
    [2008/11/26 04:06:44 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
    [2008/11/26 04:06:44 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
    [2008/04/13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
    [2008/04/13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
    [2008/04/13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
    [2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
    [2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0005\DriverFiles\i386\atapi.sys

    < MD5 for: DISK.SYS >
    [2004/08/04 13:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\I386\sp2.cab:disk.sys
    [2004/08/04 13:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:disk.sys
    [2008/11/26 04:06:44 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:disk.sys
    [2008/11/26 04:06:44 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:disk.sys
    [2004/08/04 13:00:00 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=00CA44E4534865F8A3B64F7C0984BFF0 -- C:\WINDOWS\$NtServicePackUninstall$\disk.sys
    [2008/04/13 19:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\ServicePackFiles\i386\disk.sys
    [2008/04/13 19:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\system32\drivers\disk.sys

    < MD5 for: EVENTLOG.DLL >
    [2008/04/14 01:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
    [2008/04/14 01:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
    [2008/04/14 01:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
    [2004/08/04 13:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
    [2006/05/05 17:50:50 | 000,023,552 | ---- | M] (UPEK Inc.) MD5=885972DF728A6C0600C0133DCF7CDD78 -- C:\Program Files\Protector Suite QL\eventlog.dll

    < MD5 for: IASTOR.SYS >
    [2007/02/12 13:37:22 | 000,537,368 | ---- | M] (Intel Corporation) MD5=2EE127D5407DA3957EE54711C9AED6EC -- C:\Program Files\Intel\Intel Matrix Storage Manager\Driver64\IaStor.sys
    [2007/02/12 13:36:54 | 000,277,784 | ---- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:\Program Files\Intel\Intel Matrix Storage Manager\Driver\iaStor.sys
    [2007/02/12 13:36:54 | 000,277,784 | ---- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:\TOSAPINS\Intel Matrix Storage Manager\Inf Setup\iastor.sys
    [2007/02/12 13:36:54 | 000,277,784 | ---- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:\WINDOWS\OemDir\iaStor.sys
    [2007/02/12 13:36:54 | 000,277,784 | ---- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:\WINDOWS\system32\drivers\iaStor.sys
    [2007/02/12 13:36:54 | 000,277,784 | ---- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:\WINDOWS\system32\ReinstallBackups\0000\DriverFiles\iaStor.sys

    < MD5 for: NETLOGON.DLL >
    [2008/04/14 01:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
    [2008/04/14 01:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
    [2008/04/14 01:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
    [2004/08/04 13:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

    < MD5 for: SCECLI.DLL >
    [2004/08/04 13:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
    [2008/04/14 01:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ERDNT\cache\scecli.dll
    [2008/04/14 01:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
    [2008/04/14 01:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

    < MD5 for: USBSTOR.SYS >
    [2004/08/04 13:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\I386\sp2.cab:usbstor.sys
    [2004/08/04 13:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:usbstor.sys
    [2008/11/26 04:06:44 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:usbstor.sys
    [2008/11/26 04:06:44 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:usbstor.sys
    [2004/08/04 00:08:48 | 000,026,496 | ---- | M] (Microsoft Corporation) MD5=6CD7B22193718F1D17A47A1CD6D37E75 -- C:\WINDOWS\$NtServicePackUninstall$\usbstor.sys
    [2008/04/13 19:45:38 | 000,026,368 | ---- | M] (Microsoft Corporation) MD5=A32426D9B14A089EAA1D922E0C5801A9 -- C:\WINDOWS\ServicePackFiles\i386\usbstor.sys
    [2008/04/13 19:45:38 | 000,026,368 | ---- | M] (Microsoft Corporation) MD5=A32426D9B14A089EAA1D922E0C5801A9 -- C:\WINDOWS\system32\drivers\usbstor.sys
    [2008/04/13 19:45:38 | 000,026,368 | ---- | M] (Microsoft Corporation) MD5=A32426D9B14A089EAA1D922E0C5801A9 -- C:\WINDOWS\system32\ReinstallBackups\0024\DriverFiles\i386\USBSTOR.SYS

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-09-03 02:01:42

    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 146 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1FEDA220
    @Alternate Data Stream - 144 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:79108DDD
    @Alternate Data Stream - 144 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6EB5B3D3
    @Alternate Data Stream - 143 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C4B264B5
    @Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:755BD5CD
    @Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BA37E1F6
    @Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DCE8F703
    @Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B9B2111D
    @Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:362B7440
    @Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EBFD4E6F
    @Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:29058F8B
    @Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4BD41AB7
    @Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2F8DACDA
    @Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9CD3B6D1
    @Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
    @Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C462DAE
    @Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C8FE79B
    @Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:ADE16379
    @Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:385BC52C
    @Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:94124B85
    @Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E36F5B57
    @Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:67518200
    @Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A61A6FCC
    @Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3D0C4F47
    @Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EFD52482
    @Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EB3AF287
    @Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
    @Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:30ECA2C2
    @Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5BB2BD38
    @Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
    @Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D66B5EAE
    < End of report >


    Tazzy

    Newbie Surfer
    Newbie Surfer

    Posts : 26
    Joined : 2010-08-03
    Operating System : windows xp

    View user profile

    Back to top Go down

    Re: trojan.win32.buzus.eglu

    Post by Tazzy on Fri 10 Sep 2010, 3:05 pm

    OTL Extras logfile created on: 10/09/2010 04:29:42 - Run 1
    OTL by OldTimer - Version 3.2.11.0 Folder = D:\My Documents\Downloads
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

    2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 62.00% Memory free
    4.00 Gb Paging File | 3.00 Gb Available in Paging File | 79.00% Paging File free
    Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 40.65 Gb Total Space | 11.50 Gb Free Space | 28.30% Space Free | Partition Type: NTFS
    Drive D: | 65.87 Gb Total Space | 6.97 Gb Free Space | 10.59% Space Free | Partition Type: NTFS
    Drive E: | 581.42 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
    F: Drive not present or media not loaded
    Drive G: | 3.73 Gb Total Space | 3.63 Gb Free Space | 97.46% Space Free | Partition Type: FAT32
    Drive H: | 970.13 Mb Total Space | 393.44 Mb Free Space | 40.56% Space Free | Partition Type: FAT
    I: Drive not present or media not loaded

    Computer Name: TANIA-82363
    Current User Name: Tania Wood
    Logged in as Administrator.

    Current Boot Mode: Normal
    Scan Mode: Current user
    Company Name Whitelist: Off
    Skip Microsoft Files: Off
    File Age = 30 Days
    Output = Standard

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]

    [HKEY_CURRENT_USER\SOFTWARE\Classes\]
    .exe [@ = exefile] -- Reg Error: Key error. File not found
    .html [@ = ChromeHTML] -- Reg Error: Key error. File not found

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
    http [open] -- Reg Error: Key error.
    https [open] -- Reg Error: Key error.
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirstRunDisabled" = 1
    "AntiVirusDisableNotify" = 0
    "FirewallDisableNotify" = 0
    "UpdatesDisableNotify" = 0
    "AntiVirusOverride" = 1
    "FirewallOverride" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
    "1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
    "2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 0
    "DoNotAllowExceptions" = 0
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
    "50000:TCP" = 50000:TCP:*:Enabled:BitComet 50000 TCP
    "50000:UDP" = 50000:UDP:*:Enabled:BitComet 50000 UDP
    "7375:TCP" = 7375:TCP:*:Enabled:BitComet 7375 TCP
    "7375:UDP" = 7375:UDP:*:Enabled:BitComet 7375 UDP
    "1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
    "2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
    "5985:TCP" = 5985:TCP:*:Disabled:Windows Remote Management
    "80:TCP" = 80:TCP:*:Disabled:Windows Remote Management - Compatibility Mode (HTTP-In)

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
    "C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
    "C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
    "C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
    "C:\Program Files\BitComet\BitComet.exe" = C:\Program Files\BitComet\BitComet.exe:*:Enabled:BitComet.exe -- File not found
    "C:\Program Files\iWin Games\iWinGames.exe" = C:\Program Files\iWin Games\iWinGames.exe:*:Enabled:iWin Games application. -- (iWin Inc.)
    "C:\Program Files\iWin Games\WebUpdater.exe" = C:\Program Files\iWin Games\WebUpdater.exe:*:Enabled:iWin Games updater. -- ()
    "C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
    "C:\Program Files\Google\Google Talk\googletalk.exe" = C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk -- File not found
    "C:\Program Files\Kontiki\KService.exe" = C:\Program Files\Kontiki\KService.exe:*:Enabled:Delivery Manager Service -- ()
    "C:\Program Files\3 Mobile Broadband\3Connect\Wilog.exe" = C:\Program Files\3 Mobile Broadband\3Connect\Wilog.exe:*:Enabled:3Connect -- File not found


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    "{0456ebd7-5f67-4ab6-852e-63781e3f389c}" = Macromedia Flash Player
    "{0577A2AA-DEA0-4D40-8372-4211102D43E4}" = TOSHIBA Mic Effect
    "{05EC21B8-4593-3037-A781-A6B5AFFCB19D}" = Microsoft Windows SDK for Visual Studio 2008 .NET Framework Tools
    "{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
    "{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
    "{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
    "{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}" = WD Diagnostics
    "{0F4F4815-76AD-4B26-8763-72F3344041C2}" = TOSHIBA Manuals
    "{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP210_series" = Canon MP210 series
    "{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
    "{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
    "{17B66E83-1BC9-11D5-A54A-0090278A1BB8}" = Microsoft FrontPage Client - English
    "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
    "{1CB92574-96F2-467B-B793-5CEB35C40C29}" = Image Resizer Powertoy for Windows XP
    "{1E63ACB5-D45E-4856-8FC9-78F4B0D7BB80}" = TOSHIBA Security Assist
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
    "{2254E64C-D2B1-4478-BD7E-37457D09FF39}" = QuickLink Desktop
    "{2290A680-4083-410A-ADCC-7092C67FC052}" = Toshiba Online Product Information
    "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
    "{241F2BF7-69EB-42A4-9156-96B2426C7504}" = Microsoft SQL Server Compact 3.5 for Devices ENU
    "{24300A63-DD78-4AA5-A914-4D582C41D33A}" = TOSHIBA TouchPad On/Off Utility V2.5.1.0
    "{26DB09BC-6EB5-4CE0-A05D-D4DECE60E189}_is1" = Phoenix Viewer 1.5.0.1
    "{291B3A3B-F808-45B8-8113-DF232FCB6C82}" = Microsoft .NET Compact Framework 3.5
    "{2AAA1310-1A77-472d-A7D2-A5E55B00EF8E}" = Intel(R) Network Connections 15.5.74.0
    "{2C38F661-26B7-445D-B87D-B53FE2D3BD42}" = TOSHIBA PC Diagnostic Tool
    "{2E5C075E-11AB-4BDD-918C-7B9A68953FF8}" = Microsoft SQL Server Compact 3.5 Design Tools ENU
    "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
    "{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime
    "{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
    "{3B8D9FA4-745C-47C9-962D-4ABE6ACE136B}" = TOSHIBA Mobile Extension3
    "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
    "{400830CA-F056-4BBE-80A3-9DF9CA4FB889}" = TOSHIBA Direct Disc Writer
    "{4323A3CF-D66F-46BC-AD16-B94D7BF05CF1}" = TOSHIBA Dual Pointing Device Utility
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4C2E5A82-DA8B-4c72-91A6-EBB4E0463537}_is1" = V Stuff Backup v1.6.2.16478
    "{503C0372-6161-4B3E-B4A6-AC0A15C44CBC}" = PL-2303 USB-to-Serial
    "{50AD75E8-547E-4998-8C06-BF5CEEF30813}" = Acronis True Image
    "{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
    "{56190F69-01D3-46CA-9861-43377C5E9B87}" = TOSHIBA Utilities
    "{5D652EC3-8AC0-41E7-B337-162BC7B01148}" = Retrospect Express HD 2.0
    "{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
    "{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
    "{64212898-097F-4F3F-AECA-6D34A7EF82DF}" = TOSHIBA Zooming Utility
    "{64c5b887-b5ee-42b8-8596-78905a6b5f1f}" = Microsoft Windows SDK for Visual Studio 2008 SDK Reference Assemblies and IntelliSense
    "{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
    "{6753B40C-0FBD-3BED-8A9D-0ACAC2DCD85D}" = Microsoft Document Explorer 2008
    "{6C9F6D23-E9AD-43C9-B43A-011562AAF876}" = Windows Mobile 5.0 SDK R2 for Pocket PC
    "{6DE13770-01B7-4366-8DA6-48237793F445}" = VoiceOver Kit
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{737629F4-4111-4FD4-9071-29873B7C6426}" = Protector Suite 5.4
    "{76E6BBAA-25E6-4BFC-9613-75A5CACE2940}" = Olympus DSS Player
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
    "{7862BAD8-A379-4128-8AA1-EFD5A9603C53}" = Wireless Hotkey
    "{79756522-09EE-4CD9-9B66-308E7A8954C0}" = The Best Quiz Night In The World
    "{7B569268-AB31-4156-BAA7-1330C6227217}" = Sequence Diagram Editor
    "{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
    "{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{842FAF7C-50EF-4463-9B8F-6222E1384D7D}" = Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
    "{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8FB53850-246A-3507-8ADE-0060093FFEA6}" = Visual Studio Tools for the Office system 3.0 Runtime
    "{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
    "{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}_STANDARDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}_STANDARDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
    "{90120000-001A-0409-0000-0000000FF1CE}_STANDARDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}_STANDARDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_STANDARDR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_STANDARDR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_STANDARDR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-0021-0000-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer 2007
    "{90120000-0021-0000-0000-0000000FF1CE}_VisualWebDeveloper_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
    "{90120000-0021-0409-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer MUI (English) 2007
    "{90120000-0021-0409-0000-0000000FF1CE}_VisualWebDeveloper_{E1044ED2-E4AD-4B39-B500-31109750F6B4}" = Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2)
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}_STANDARDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-006E-0409-0000-0000000FF1CE}_VisualWebDeveloper_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-00B2-0409-0000-0000000FF1CE}" = Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}_STANDARDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0115-0409-0000-0000000FF1CE}_VisualWebDeveloper_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
    "{91120000-0012-0000-0000-0000000FF1CE}" = Microsoft Office Standard 2007
    "{91120000-0012-0000-0000-0000000FF1CE}_STANDARDR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{91120000-0012-0000-0000-0000000FF1CE}_STANDARDR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
    "{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD for TOSHIBA
    "{94A90C69-71C1-470A-88F5-AA47ECC96B40}" = TOSHIBA HDD Protection
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{95120000-0122-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
    "{9656F3AC-6BA9-43F0-ABED-F214B5DAB27B}" = Windows Mobile 5.0 SDK R2 for Smartphone
    "{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9A33B83D-FFC4-44CF-BEEF-632DECEF2FCD}" = Microsoft SQL Server Database Publishing Wizard 1.2
    "{9ACBDDE2-DD2D-4103-8ECE-D1A9F7F03D1A}" = TOSHIBA Power Saver
    "{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
    "{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
    "{A10DA03B-9048-48B4-00A2-A71153C3F886}" = The Sims™ Pet Stories
    "{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
    "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
    "{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
    "{A59BB15D-51B7-F12B-4548-8C0368243441}" = EA Download Manager UI
    "{A6690C0E-B96E-4F0F-A8EB-D5B332454AC6}" = TOSHIBA Controls
    "{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
    "{AA467959-A1D6-4F45-90CD-11DC57733F32}" = Crystal Reports Basic for Visual Studio 2008
    "{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
    "{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
    "{B268E9A1-04A9-40D0-9866-846BE2B74BA7}" = Microsoft Windows SDK for Visual Studio 2008 Win32 Tools
    "{B32E7732-B2FB-3FD0-81AC-6025B1104C66}" = Microsoft Device Emulator version 3.0 - ENU
    "{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
    "{BBF5493A-05FB-4449-90DE-84A61EB78154}" = TOSHIBA SD Memory Boot Utility
    "{BCC899FE-2DAA-460C-A5FB-60291E73D9C3}" = Microsoft SQL Server Compact 3.5 ENU
    "{BDD83DC9-BEE9-4654-A5DA-CC46C250088D}" = TOSHIBA ConfigFree
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
    "{C0FC3B56-E345-40CD-A5CB-7EB791CE3E74}" = TOSHIBA Password Utility
    "{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
    "{CAA376AF-0DE8-4FCA-942E-C6AC579B94B3}" = Microsoft Windows SDK for Visual Studio 2008 Tools
    "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
    "{CB9EBE84-1EA9-3053-8E3C-13BE147B36E2}" = Native x86 Runtime for Visual C++ 2008 Feature Pack (v.9.0.30411)
    "{CB9EBE84-1EA9-3053-8E3C-13BE147B36E2}.vc_x86runtime_30411_00" = Visual C++ 2008 Feature Pack - x86 - v9.0.30411.00
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
    "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
    "{D4D24FE5-FAB3-4FE2-AFFC-623955F4DF3A}" = Visual Studio.NET Baseline - English
    "{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
    "{D7DAD1E4-45F4-3B2B-899A-EA728167EC4F}" = Microsoft Visual Studio 2008 Professional Edition - ENU
    "{DB780B85-B4B5-4864-A49C-9B706B169C93}" = TIPCI
    "{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
    "{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
    "{E9F44C98-B8B6-480F-AF7B-E42A0A46F4E3}" = Microsoft SQL Server VSS Writer
    "{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}" = TOSHIBA SD Memory Utilities
    "{EDDF99D9-9FE3-4871-A7DB-D1522C51EE9A}" = Microsoft .NET Compact Framework 2.0 SP2
    "{EFE9ACA6-6056-40CD-8325-0E0BE2CB622B}" = Read And Write 8.1 Gold
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
    "{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
    "{F7FC9307-374E-4017-8E9D-DE1154780480}" = System Requirements Lab for Intel
    "{F9B3DD02-B0B3-42E9-8650-030DFF0D133D}" = Microsoft SQL Server Native Client
    "{FC4C645F-8EBC-4F1E-A517-D1505B43A374}" = TOSHIBA Wireless Key Logon
    "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    "Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Bullzip PDF Printer_is1" = Bullzip PDF Printer 6.0.0.702
    "CCleaner" = CCleaner
    "com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
    "com.ea.Vault.919CACB699904AC5D41B606703500DD39747C02D.1" = EA Download Manager UI
    "Demand Five Player_is1" = Demand Five Player
    "EA Download Manager" = EA Download Manager
    "EditPlus 3" = EditPlus 3
    "Entriq MediaSphere_is1" = Uninstall Entriq MediaSphere
    "Eusing Free Registry Cleaner" = Eusing Free Registry Cleaner
    "FileZilla Client" = FileZilla Client 3.2.4
    "F-Secure Product 444" = F-Secure Internet Security 2008 OEM
    "GPL Ghostscript Lite_is1" = GPL Ghostscript Lite 8.63
    "HDMI" = Intel(R) Graphics Media Accelerator Driver
    "Huawei Modems" = Huawei Modems
    "ie7" = Windows Internet Explorer 7
    "ie8" = Windows Internet Explorer 8
    "InstallShield_{2C38F661-26B7-445D-B87D-B53FE2D3BD42}" = TOSHIBA PC Diagnostic Tool
    "InstallShield_{56190F69-01D3-46CA-9861-43377C5E9B87}" = TOSHIBA Utilities
    "InstallShield_{9ACBDDE2-DD2D-4103-8ECE-D1A9F7F03D1A}" = TOSHIBA Power Saver
    "InstallShield_{C0FC3B56-E345-40CD-A5CB-7EB791CE3E74}" = TOSHIBA Password Utility
    "InstallShield_{DB780B85-B4B5-4864-A49C-9B706B169C93}" = Texas Instruments PCIxx21/x515/xx12 drivers.
    "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
    "Microsoft Document Explorer 2008" = Microsoft Document Explorer 2008
    "Microsoft Visual Studio 2005 Tools for Office Runtime" = Visual Studio 2005 Tools for Office Second Edition Runtime
    "Microsoft Visual Studio 2008 Professional Edition - ENU" = Microsoft Visual Studio 2008 Professional Edition - ENU
    "MSNINST" = MSN
    "nbi-glassfish-2.0.2.4.20080515" = GlassFish V2 UR2
    "nbi-nb-base-6.1.0.1.200805300101" = NetBeans IDE 6.1
    "Security Task Manager" = Security Task Manager 1.7h
    "Spyware Doctor" = Spyware Doctor 6.0
    "SpywareBlaster_is1" = SpywareBlaster 4.2
    "ST6UNST #1" = The Budgerigar Program 2006
    "STANDARDR" = Microsoft Office Standard 2007
    "SwiftKit" = SwiftKit
    "SystemRequirementsLab" = System Requirements Lab
    "TDspBtn" = TOSHIBA Display Devices Change Utility
    "TFNF5" = TOSHIBA Hotkey Utility for Display Devices
    "TME" = Uninstall for TOSHIBA Mobile Extension3
    "TOSHIBA Software Modem" = TOSHIBA Software Modem
    "Visual Studio Tools for the Office system 3.0 Runtime" = Visual Studio Tools for the Office system 3.0 Runtime
    "VisualWebDeveloper" = Microsoft Visual Studio Web Authoring Component
    "VLC media player" = VLC media player 1.0.1
    "Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
    "Windows Media Format Runtime" = Windows Media Format 11 runtime
    "Windows Media Player" = Windows Media Player 11
    "Windows XP Service Pack" = Windows XP Service Pack 3
    "WinLiveSuite_Wave3" = Windows Live Essentials
    "WinRAR archiver" = WinRAR archiver
    "XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
    "ZTE_1.2059.0.8" = ZTE_1.2059.0.8

    ========== HKEY_CURRENT_USER Uninstall List ==========

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Facebook Plug-In" = Facebook Plug-In
    "Google Chrome" = Google Chrome
    "SmartDraw 2009" = SmartDraw 2009
    "UnityWebPlayer" = Unity Web Player

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 09/09/2010 20:46:53 | Computer Name = TANIA-82363 | Source = Message from F-Secure Anti-Virus on | ID = 103
    Description = 6 2010-09-10 01:46:52+01:00 tania-82363 TANIA-82363\Tania Wood
    Message from F-Secure Anti-Virus on Scanning of \DEVICE\HARDDISKVOLUME1\DOCUMENTS
    AND SETTINGS\TANIA WOOD\APPLICATION DATA\SKYPE\CHERRY.AID\MAIN.DB-JOURNAL was aborted
    due to exceeded scanning time limit. The file may be in use or reading it was too
    slow (e.g. network connection was under stress).

    Error - 09/09/2010 21:17:27 | Computer Name = TANIA-82363 | Source = Message from F-Secure Anti-Virus on | ID = 103
    Description = 7 2010-09-10 02:17:27+01:00 tania-82363 TANIA-82363\Tania Wood
    Message from F-Secure Anti-Virus on Scanning of \DEVICE\HARDDISKVOLUME1\DOCUMENTS
    AND SETTINGS\TANIA WOOD\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\CACHE\F_000E61
    was aborted due to exceeded scanning time limit. The file may be in use or reading
    it was too slow (e.g. network connection was under stress).

    Error - 09/09/2010 21:36:25 | Computer Name = TANIA-82363 | Source = Message from F-Secure Anti-Virus on | ID = 103
    Description = 8 2010-09-10 02:36:23+01:00 tania-82363 TANIA-82363\Tania Wood
    Message from F-Secure Anti-Virus on Scanning of \DEVICE\HARDDISKVOLUME1\DOCUMENTS
    AND SETTINGS\TANIA WOOD\APPLICATION DATA\SKYPE\CHERRY.AID\MAIN.DB-JOURNAL was aborted
    due to exceeded scanning time limit. The file may be in use or reading it was too
    slow (e.g. network connection was under stress).

    Error - 09/09/2010 22:07:56 | Computer Name = TANIA-82363 | Source = Message from F-Secure Anti-Virus on | ID = 103
    Description = 9 2010-09-10 03:07:55+01:00 tania-82363 TANIA-82363\Tania Wood
    Message from F-Secure Anti-Virus on Scanning of \DEVICE\HARDDISKVOLUME1\PROGRAM
    FILES\F-SECURE INTERNET SECURITY\FSAUA\SUBSCRIPTIONS\AVH_AVPE was aborted due to
    exceeded scanning time limit. The file may be in use or reading it was too slow
    (e.g. network connection was under stress).

    Error - 09/09/2010 22:33:19 | Computer Name = TANIA-82363 | Source = Message from F-Secure Anti-Virus on | ID = 103
    Description = 10 2010-09-10 03:33:18+01:00 tania-82363 TANIA-82363\Tania Wood
    Message from F-Secure Anti-Virus on Scanning of \DEVICE\HARDDISKVOLUME1\DOCUMENTS
    AND SETTINGS\TANIA WOOD\APPLICATION DATA\SKYPE\CHERRY.AID\MAIN.DB-JOURNAL was aborted
    due to exceeded scanning time limit. The file may be in use or reading it was too
    slow (e.g. network connection was under stress).

    Error - 09/09/2010 22:39:40 | Computer Name = TANIA-82363 | Source = Message from F-Secure Anti-Virus on | ID = 103
    Description = 11 2010-09-10 03:39:39+01:00 tania-82363 TANIA-82363\Tania Wood
    Message from F-Secure Anti-Virus on Scanning of \DEVICE\HARDDISKVOLUME1\DOCUMENTS
    AND SETTINGS\TANIA WOOD\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\UCDGWWDE\CONTENT.SMALLWORLDS.COM\SMALLWORLDS_LOGIN_DATA.SXX
    was aborted due to exceeded scanning time limit. The file may be in use or reading
    it was too slow (e.g. network connection was under stress).

    Error - 09/09/2010 22:57:23 | Computer Name = TANIA-82363 | Source = Message from F-Secure Anti-Virus on | ID = 103
    Description = 12 2010-09-10 03:57:22+01:00 tania-82363 TANIA-82363\Tania Wood
    Message from F-Secure Anti-Virus on Scanning of \DEVICE\HARDDISKVOLUME1\DOCUMENTS
    AND SETTINGS\TANIA WOOD\APPLICATION DATA\SKYPE\CHERRY.AID\MAIN.DB-JOURNAL was aborted
    due to exceeded scanning time limit. The file may be in use or reading it was too
    slow (e.g. network connection was under stress).

    Error - 09/09/2010 23:27:48 | Computer Name = TANIA-82363 | Source = Message from F-Secure Anti-Virus on | ID = 103
    Description = 13 2010-09-10 04:27:46+01:00 tania-82363 TANIA-82363\Tania Wood
    Message from F-Secure Anti-Virus on Scanning of \DEVICE\HARDDISKVOLUME1\DOCUMENTS
    AND SETTINGS\TANIA WOOD\DESKTOP\.LNK was aborted due to exceeded scanning time
    limit. The file may be in use or reading it was too slow (e.g. network connection
    was under stress).

    Error - 09/09/2010 23:37:31 | Computer Name = TANIA-82363 | Source = Message from F-Secure Anti-Virus on | ID = 103
    Description = 14 2010-09-10 04:37:30+01:00 tania-82363 TANIA-82363\Tania Wood
    Message from F-Secure Anti-Virus on Malicious code found in file C:\WINDOWS\system32\f3PSSavr.0cr.
    Infection: Adware:W32/MyWebSearch.H

    Error - 09/09/2010 23:41:38 | Computer Name = TANIA-82363 | Source = Message from F-Secure Anti-Virus on | ID = 103
    Description = 15 2010-09-10 04:41:38+01:00 tania-82363 TANIA-82363\Tania Wood
    Message from F-Secure Anti-Virus on Malicious code found in file C:\WINDOWS\system32\f3PSSavr.0cr.
    Infection: Adware:W32/MyWebSearch.H

    [ OSession Events ]
    Error - 18/06/2009 06:54:33 | Computer Name = TANIA-82363 | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
    12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 9
    seconds with 0 seconds of active time. This session ended with a crash.

    Error - 18/06/2009 06:54:51 | Computer Name = TANIA-82363 | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
    12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 9
    seconds with 0 seconds of active time. This session ended with a crash.

    Error - 18/06/2009 06:55:01 | Computer Name = TANIA-82363 | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
    12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 3
    seconds with 0 seconds of active time. This session ended with a crash.

    Error - 19/10/2009 18:54:22 | Computer Name = TANIA-82363 | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
    12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 88
    seconds with 0 seconds of active time. This session ended with a crash.

    Error - 19/10/2009 18:54:45 | Computer Name = TANIA-82363 | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
    12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 12
    seconds with 0 seconds of active time. This session ended with a crash.

    Error - 12/04/2010 06:41:39 | Computer Name = TANIA-82363 | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
    12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 9
    seconds with 0 seconds of active time. This session ended with a crash.

    [ System Events ]
    Error - 06/09/2010 17:55:35 | Computer Name = TANIA-82363 | Source = Dhcp | ID = 1002
    Description = The IP address lease 192.168.0.100 for the Network Card with network
    address 001C7E49D31E has been denied by the DHCP server 192.168.0.1 (The DHCP Server
    sent a DHCPNACK message).

    Error - 06/09/2010 17:55:57 | Computer Name = TANIA-82363 | Source = Service Control Manager | ID = 7023
    Description = The HID Input Service service terminated with the following error:
    %%126

    Error - 06/09/2010 17:56:00 | Computer Name = TANIA-82363 | Source = Service Control Manager | ID = 7024
    Description = The Windows Search service terminated with service-specific error
    2147749155 (0x80040D23).

    Error - 06/09/2010 17:57:38 | Computer Name = TANIA-82363 | Source = Service Control Manager | ID = 7022
    Description = The SQL Server VSS Writer service hung on starting.

    Error - 06/09/2010 17:57:39 | Computer Name = TANIA-82363 | Source = Service Control Manager | ID = 7034
    Description = The SQL Server VSS Writer service terminated unexpectedly. It has
    done this 1 time(s).

    Error - 06/09/2010 19:16:01 | Computer Name = TANIA-82363 | Source = Dhcp | ID = 1002
    Description = The IP address lease 192.168.0.100 for the Network Card with network
    address 001C7E49D31E has been denied by the DHCP server 192.168.0.1 (The DHCP Server
    sent a DHCPNACK message).

    Error - 06/09/2010 19:16:24 | Computer Name = TANIA-82363 | Source = Service Control Manager | ID = 7023
    Description = The HID Input Service service terminated with the following error:
    %%126

    Error - 06/09/2010 19:18:05 | Computer Name = TANIA-82363 | Source = Service Control Manager | ID = 7022
    Description = The SQL Server VSS Writer service hung on starting.

    Error - 06/09/2010 19:18:07 | Computer Name = TANIA-82363 | Source = Service Control Manager | ID = 7034
    Description = The SQL Server VSS Writer service terminated unexpectedly. It has
    done this 1 time(s).

    Error - 09/09/2010 20:30:37 | Computer Name = TANIA-82363 | Source = PlugPlayManager | ID = 11
    Description = The device Root\LEGACY_FSBL\0000 disappeared from the system without
    first being prepared for removal.


    < End of report >

    Tazzy

    Newbie Surfer
    Newbie Surfer

    Posts : 26
    Joined : 2010-08-03
    Operating System : windows xp

    View user profile

    Back to top Go down

    Re: trojan.win32.buzus.eglu

    Post by Tazzy on Fri 10 Sep 2010, 4:03 pm

    OTL logfile created on: 10/09/2010 05:17:01 - Run 2 ....part 1
    OTL by OldTimer - Version 3.2.11.0 Folder = D:\My Documents\Downloads
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

    2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 66.00% Memory free
    4.00 Gb Paging File | 3.00 Gb Available in Paging File | 84.00% Paging File free
    Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 40.65 Gb Total Space | 11.46 Gb Free Space | 28.20% Space Free | Partition Type: NTFS
    Drive D: | 65.87 Gb Total Space | 6.97 Gb Free Space | 10.59% Space Free | Partition Type: NTFS
    Drive E: | 581.42 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
    F: Drive not present or media not loaded
    Drive G: | 3.73 Gb Total Space | 3.63 Gb Free Space | 97.46% Space Free | Partition Type: FAT32
    Drive H: | 970.13 Mb Total Space | 393.44 Mb Free Space | 40.56% Space Free | Partition Type: FAT
    I: Drive not present or media not loaded

    Computer Name: TANIA-82363
    Current User Name: Tania Wood
    Logged in as Administrator.

    Current Boot Mode: Normal
    Scan Mode: Current user
    Company Name Whitelist: Off
    Skip Microsoft Files: Off
    File Age = 30 Days
    Output = Standard

    ========== Processes (SafeList) ==========

    PRC - [2010/09/10 04:24:35 | 000,574,976 | ---- | M] (OldTimer Tools) -- D:\My Documents\Downloads\OTL.exe
    PRC - [2009/09/02 18:30:28 | 000,078,104 | ---- | M] (iWin Inc.) -- C:\Program Files\iWin Games\iWinTrusted.exe
    PRC - [2009/08/18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    PRC - [2009/08/18 11:29:22 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
    PRC - [2009/06/29 09:02:55 | 000,551,424 | ---- | M] (F-Secure Corp.) -- C:\Program Files\F-Secure Internet Security\Anti-Virus\fssm32.exe
    PRC - [2009/06/29 09:02:55 | 000,434,176 | ---- | M] (F-Secure Corp.) -- C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32.exe
    PRC - [2008/12/29 19:47:06 | 000,339,968 | ---- | M] (Western Digital Technologies, Inc.) -- C:\WINDOWS\system32\WDBtnMgr.exe
    PRC - [2008/10/20 22:18:26 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe
    PRC - [2008/04/14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
    PRC - [2008/04/09 12:39:08 | 003,068,352 | ---- | M] () -- C:\Program Files\Kontiki\KService.exe
    PRC - [2007/11/07 19:26:44 | 001,945,688 | ---- | M] (Acronis) -- C:\Program Files\Acronis\TrueImage\TimounterMonitor.exe
    PRC - [2007/11/07 19:18:28 | 000,148,760 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
    PRC - [2007/11/07 19:18:22 | 000,406,808 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
    PRC - [2007/11/07 19:14:04 | 001,165,120 | ---- | M] (Acronis) -- C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe
    PRC - [2007/08/24 11:24:00 | 000,174,960 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure Internet Security\FSAUA\program\fsus.exe
    PRC - [2007/05/25 14:13:52 | 000,596,848 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure Internet Security\FSPC\fspc.exe
    PRC - [2007/05/25 14:13:04 | 000,232,360 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure Internet Security\Common\FSMB32.EXE
    PRC - [2007/05/25 14:12:54 | 000,113,576 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE
    PRC - [2007/05/25 14:12:38 | 000,125,864 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure Internet Security\Common\FCH32.EXE
    PRC - [2007/05/25 14:12:36 | 000,392,048 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure Internet Security\Common\FAMEH32.EXE
    PRC - [2007/05/25 14:10:08 | 000,453,488 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure Internet Security\FWES\program\fsdfwd.exe
    PRC - [2007/05/25 14:08:28 | 000,043,952 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure Internet Security\Anti-Virus\fsqh.exe
    PRC - [2007/05/25 14:08:20 | 000,048,072 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
    PRC - [2007/05/25 14:07:58 | 000,319,856 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure Internet Security\Anti-Virus\fsav32.exe
    PRC - [2007/05/25 14:07:06 | 000,457,584 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure Internet Security\FSAUA\program\fsaua.exe
    PRC - [2007/05/11 10:06:50 | 000,143,360 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
    PRC - [2007/04/26 11:49:34 | 000,495,616 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\DDWMon.exe
    PRC - [2007/04/18 13:34:40 | 000,299,008 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TPSMain.exe
    PRC - [2007/04/18 13:34:26 | 000,040,960 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TPSBattM.exe
    PRC - [2007/04/09 23:01:02 | 000,166,680 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxext.exe
    PRC - [2007/04/02 10:34:36 | 000,562,744 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\ThpSrv.exe
    PRC - [2007/02/25 21:55:18 | 000,125,048 | ---- | M] (TOSHIBA CORPORATION) -- c:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosBtSrv.exe
    PRC - [2007/02/16 20:40:50 | 000,069,632 | ---- | M] (OLYMPUS IMAGING CORP.) -- C:\Program Files\Olympus\DeviceDetector\DM1Service.exe
    PRC - [2007/02/12 13:38:04 | 000,355,096 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
    PRC - [2007/02/12 13:37:58 | 000,174,872 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    PRC - [2006/10/05 20:10:12 | 000,009,216 | ---- | M] (Agere Systems) -- C:\WINDOWS\system32\agrsmsvc.exe
    PRC - [2006/09/11 18:32:12 | 000,094,208 | ---- | M] (EMC Corporation) -- C:\Program Files\Retrospect\Retrospect Express HD 2.0\retrorun.exe
    PRC - [2006/08/07 12:58:10 | 000,253,952 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\00THotkey.exe
    PRC - [2006/05/25 18:30:16 | 000,114,688 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TODDSrv.exe
    PRC - [2006/04/11 02:14:52 | 000,622,592 | ---- | M] (TOSHIBA Corp.) -- C:\WINDOWS\system32\TFNF5.exe
    PRC - [2006/03/06 16:30:58 | 000,114,688 | ---- | M] (TOSHIBA) -- C:\Program Files\TOSHIBA\TME3\TMESRV31.exe
    PRC - [2005/08/31 14:46:04 | 000,102,400 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TouchED\TouchED.exe
    PRC - [2005/08/05 15:54:58 | 000,155,648 | ---- | M] (TOSHIBA) -- C:\Program Files\TOSHIBA\DualPointUtility\TEDTray.exe
    PRC - [2005/05/17 11:42:02 | 000,049,152 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe
    PRC - [2005/04/11 11:26:06 | 000,065,536 | ---- | M] (TOSHIBA) -- C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
    PRC - [2005/01/18 00:38:38 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe


    ========== Modules (SafeList) ==========

    MOD - [2010/09/10 04:24:35 | 000,574,976 | ---- | M] (OldTimer Tools) -- D:\My Documents\Downloads\OTL.exe
    MOD - [1999/12/07 21:00:00 | 000,106,547 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Texthelp Systems\Read And Write 8\msscript.ocx


    ========== Win32 Services (SafeList) ==========

    SRV - File not found [On_Demand | Stopped] -- -- (gusvc)
    SRV - [2010/03/18 16:47:22 | 000,035,160 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe -- (aspnet_state)
    SRV - [2010/03/18 13:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
    SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2010/03/18 13:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetTcpPortSharing)
    SRV - [2009/09/02 18:30:28 | 000,078,104 | ---- | M] (iWin Inc.) [Auto | Running] -- C:\Program Files\iWin Games\iWinTrusted.exe -- (iWinTrusted)
    SRV - [2009/08/18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
    SRV - [2008/10/20 22:18:26 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU)
    SRV - [2008/10/09 14:47:42 | 001,079,176 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService)
    SRV - [2008/06/13 17:29:14 | 000,356,920 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService)
    SRV - [2008/04/09 12:39:08 | 003,068,352 | ---- | M] () [Auto | Running] -- C:\Program Files\Kontiki\KService.exe -- (KService)
    SRV - [2007/11/07 19:18:22 | 000,406,808 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
    SRV - [2007/11/07 09:58:18 | 003,004,416 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x86\msvsmon.exe -- (msvsmon90)
    SRV - [2007/05/31 17:30:53 | 001,174,664 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
    SRV - [2007/05/25 14:12:54 | 000,113,576 | ---- | M] (F-Secure Corporation) [Auto | Running] -- C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE -- (FSMA)
    SRV - [2007/05/25 14:10:08 | 000,453,488 | ---- | M] (F-Secure Corporation) [On_Demand | Running] -- C:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe -- (FSDFWD)
    SRV - [2007/05/25 14:08:20 | 000,048,072 | ---- | M] (F-Secure Corporation) [Auto | Running] -- C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe -- (F-Secure Gatekeeper Handler Starter)
    SRV - [2007/05/25 14:07:06 | 000,457,584 | ---- | M] (F-Secure Corporation) [On_Demand | Running] -- C:\Program Files\F-Secure Internet Security\FSAUA\program\fsaua.exe -- (FSAUA)
    SRV - [2007/04/02 10:34:36 | 000,562,744 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\WINDOWS\system32\ThpSrv.exe -- (Thpsrv)
    SRV - [2007/02/25 21:55:18 | 000,125,048 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- c:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
    SRV - [2007/02/16 20:40:50 | 000,069,632 | ---- | M] (OLYMPUS IMAGING CORP.) [Auto | Running] -- C:\Program Files\Olympus\DeviceDetector\DM1Service.exe -- (DM1Service)
    SRV - [2007/02/12 13:38:04 | 000,355,096 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
    SRV - [2007/02/10 06:29:56 | 000,089,968 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
    SRV - [2006/10/05 20:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\WINDOWS\system32\agrsmsvc.exe -- (AgereModemAudio)
    SRV - [2006/09/11 18:32:12 | 000,094,208 | ---- | M] (EMC Corporation) [Auto | Running] -- C:\Program Files\Retrospect\Retrospect Express HD 2.0\retrorun.exe -- (RetroExpLauncher)
    SRV - [2006/05/25 18:30:16 | 000,114,688 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\WINDOWS\system32\TODDSrv.exe -- (TODDSrv)
    SRV - [2006/03/06 16:30:58 | 000,114,688 | ---- | M] (TOSHIBA) [Auto | Running] -- C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe -- (Tmesrv)
    SRV - [2005/01/18 00:38:38 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (CFSvcs)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\usbaapl.sys -- (USBAAPL)
    DRV - File not found [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\DRIVERS\nielprt.sys -- (nielprt)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\nielgfx.sys -- (NielGfx)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
    DRV - [2010/05/31 19:58:35 | 006,608,512 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw5x32.sys -- (NETw5x32) Intel(R)
    DRV - [2010/03/26 00:59:22 | 000,243,928 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e1e5132.sys -- (e1express) Intel(R)
    DRV - [2010/01/19 12:49:50 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
    DRV - [2010/01/19 12:49:50 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
    DRV - [2010/01/19 12:49:50 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
    DRV - [2010/01/19 12:49:50 | 000,009,216 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\massfilter.sys -- (massfilter)
    DRV - [2009/12/18 10:58:52 | 000,011,336 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\SystemRequirementsLab\cpudrv.sys -- (cpudrv)
    DRV - [2009/06/29 09:02:56 | 000,077,824 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\F-Secure Internet Security\Anti-Virus\minifilter\fsgk.sys -- (F-Secure Gatekeeper)
    DRV - [2008/11/22 15:15:24 | 000,051,072 | ---- | M] (F-Secure Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\fsdfw.sys -- (FSFW)
    DRV - [2008/11/22 15:15:16 | 000,041,184 | ---- | M] () [Kernel | System | Running] -- C:\Program Files\F-Secure Internet Security\HIPS\fshs.sys -- (F-Secure HIPS)
    DRV - [2008/08/25 13:36:30 | 000,081,288 | ---- | M] (PCTools Research Pty Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\iksyssec.sys -- (IKSysSec)
    DRV - [2008/08/25 13:36:28 | 000,066,952 | ---- | M] (PCTools Research Pty Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\iksysflt.sys -- (IKSysFlt)
    DRV - [2008/08/25 13:36:28 | 000,040,840 | ---- | M] (PCTools Research Pty Ltd.) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ikfilesec.sys -- (IKFileSec)
    DRV - [2008/04/13 19:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
    DRV - [2008/04/13 17:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
    DRV - [2007/12/07 14:39:21 | 000,400,864 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\timntr.sys -- (timounter)
    DRV - [2007/12/07 14:39:21 | 000,040,064 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\tifsfilt.sys -- (tifsfilter)
    DRV - [2007/12/07 14:39:18 | 000,120,992 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\snapman.sys -- (snapman)
    DRV - [2007/08/08 11:12:40 | 000,101,120 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard)
    DRV - [2007/05/25 14:09:16 | 000,025,456 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Program Files\F-Secure Internet Security\Anti-Virus\win2k\fsrec.sys -- (F-Secure Recognizer)
    DRV - [2007/05/25 14:09:10 | 000,040,048 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Program Files\F-Secure Internet Security\Anti-Virus\win2k\fsfilter.sys -- (F-Secure Filter)
    DRV - [2007/04/05 07:19:20 | 000,546,112 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ar5211.sys -- (AR5211)
    DRV - [2007/03/30 22:34:14 | 005,704,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)
    DRV - [2007/03/30 17:19:08 | 000,041,856 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfusb.sys -- (tosrfusb)
    DRV - [2007/03/26 12:22:18 | 000,105,856 | ---- | M] (TOSHIBA Corporation) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\tdudf.sys -- (tdudf)
    DRV - [2007/03/22 13:07:00 | 000,020,992 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\thpdrv.sys -- (Thpdrv)
    DRV - [2007/03/13 03:32:40 | 004,486,144 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
    DRV - [2007/03/09 15:23:18 | 000,006,528 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Thpevm.SYS -- (Thpevm)
    DRV - [2007/03/01 16:53:12 | 000,073,728 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Tosrfhid.sys -- (Tosrfhid)
    DRV - [2007/02/25 14:05:24 | 002,203,520 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NETw4x32.sys -- (NETw4x32) Intel(R)
    DRV - [2007/02/22 19:56:24 | 000,113,920 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfbd.sys -- (tosrfbd)
    DRV - [2007/02/22 15:10:30 | 000,016,128 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tdcmdpst.sys -- (tdcmdpst)
    DRV - [2007/02/21 18:20:36 | 000,435,072 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\TEchoCan.sys -- (TEchoCan)
    DRV - [2007/02/19 12:15:32 | 000,134,016 | ---- | M] (TOSHIBA Corporation) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\trudf.sys -- (trudf)
    DRV - [2007/02/15 16:44:06 | 000,016,768 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\TVALZ.SYS -- (TVALZ)
    DRV - [2007/02/12 13:36:54 | 000,277,784 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\iaStor.sys -- (iaStor)
    DRV - [2007/01/24 22:44:06 | 000,290,304 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21)
    DRV - [2007/01/22 10:43:26 | 000,053,376 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TosRfSnd.sys -- (TosRfSnd)
    DRV - [2006/11/28 23:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
    DRV - [2006/11/20 17:55:16 | 000,036,480 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfbnp.sys -- (tosrfbnp)
    DRV - [2006/10/23 16:32:20 | 000,009,216 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosrfec.sys -- (tosrfec)
    DRV - [2006/10/10 19:33:00 | 000,041,600 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosporte.sys -- (tosporte)
    DRV - [2006/05/05 18:00:02 | 000,013,568 | ---- | M] (UPEK Inc.) [File_System | Auto | Running] -- C:\Program Files\Common Files\Protector Suite QL\Drivers\FdRedir.sys -- (FdRedir)
    DRV - [2006/05/05 17:59:52 | 000,033,024 | ---- | M] (UPEK Inc.) [Kernel | Auto | Running] -- C:\Program Files\Common Files\Protector Suite QL\Drivers\filedisk.sys -- (FileDisk2)
    DRV - [2006/05/05 17:43:38 | 000,028,800 | ---- | M] (UPEK Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tcusb.sys -- (TcUsb)
    DRV - [2006/05/05 17:33:04 | 000,003,456 | ---- | M] (UPEK Inc.) [Kernel | Auto | Running] -- C:\Program Files\Protector Suite QL\smihlp.sys -- (smihlp)
    DRV - [2005/08/01 16:45:00 | 000,064,896 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tosrfcom.sys -- (Tosrfcom)
    DRV - [2005/06/10 21:26:00 | 000,035,968 | ---- | M] (Infineon Technologies AG) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ifxtpm.sys -- (IFXTPM)
    DRV - [2005/01/06 13:42:00 | 000,018,612 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfnds.sys -- (tosrfnds)
    DRV - [2004/06/16 11:08:48 | 000,005,888 | ---- | M] (Toshiba Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TMEI3E.sys -- (TMEI3E)
    DRV - [2004/05/09 04:38:06 | 000,101,833 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
    DRV - [2003/07/16 15:27:40 | 000,043,264 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ser2pl.sys -- (Ser2pl)
    DRV - [2003/01/29 22:35:00 | 000,012,032 | ---- | M] (TOSHIBA Corporation.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\Netdevio.sys -- (Netdevio)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========


    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,FirstHomePage = [You must be registered and logged in to see this link.]
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
    FF - prefs.js..browser.search.defaulturl: "http://search.babylon.com/web/{searchTerms}?babsrc=browsersearch"
    FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
    FF - prefs.js..browser.search.selectedEngine: "Search the web (Babylon)"
    FF - prefs.js..browser.startup.homepage: "http://www.google.co.uk/"
    FF - prefs.js..extensions.enabledItems: {AA1ACB70-B5F1-4037-909E-1F725B04D2A8}:1.7.0.3990
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
    FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.0
    FF - prefs.js..extensions.enabledItems: {5909FC3D-7F8B-415d-A5D1-7C7E941E536E}:2.7.0.4370
    FF - prefs.js..extensions.enabledItems: {7b13ec3e-999a-4b70-b9cb-2617b8323822}:2.5.6.0

    FF - HKLM\software\mozilla\Firefox\extensions\\{AA1ACB70-B5F1-4037-909E-1F725B04D2A8}: C:\Program Files\Contextual Content Manager\1.7.0.3990\FF [2010/06/04 13:25:42 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Firefox\extensions\\{5909FC3D-7F8B-415d-A5D1-7C7E941E536E}: C:\Program Files\Textual Content Enhancer\2.7.0.4370\FF [2010/06/04 13:26:00 | 000,000,000 | ---D | M]

    [2010/02/21 06:36:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tania Wood\Application Data\Mozilla\Extensions
    [2010/02/21 06:36:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tania Wood\Application Data\Mozilla\Extensions\IMVUClientXUL@imvu.com
    [2010/09/06 03:02:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tania Wood\Application Data\Mozilla\Firefox\Profiles\os6m0tqw.default\extensions
    [2009/09/03 15:34:42 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Tania Wood\Application Data\Mozilla\Firefox\Profiles\os6m0tqw.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    [2010/02/08 18:21:43 | 000,000,000 | ---D | M] (Zynga Toolbar) -- C:\Documents and Settings\Tania Wood\Application Data\Mozilla\Firefox\Profiles\os6m0tqw.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
    [2009/09/29 12:28:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tania Wood\Application Data\Mozilla\Firefox\Profiles\os6m0tqw.default\extensions\foxmarks@kei.com
    [2009/09/29 12:28:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tania Wood\Application Data\Mozilla\Firefox\Profiles\os6m0tqw.default\extensions\isreaditlater@ideashower.com
    [2009/09/29 12:28:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tania Wood\Application Data\Mozilla\Firefox\Profiles\os6m0tqw.default\extensions\smarterwiki@wikiatic.com
    [2010/09/05 03:07:54 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
    [2010/05/25 14:58:40 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    [2008/11/11 08:38:54 | 000,663,552 | ---- | M] (BitComet) -- C:\Program Files\Mozilla Firefox\plugins\npBitCometAgent.dll
    [2010/04/12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
    [2006/09/26 13:03:14 | 000,098,304 | ---- | M] (Zylom) -- C:\Program Files\Mozilla Firefox\plugins\npzylomgamesplayer.dll

    O1 HOSTS File: ([2010/09/06 03:43:53 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
    O1 - Hosts: 127.0.0.1 localhost
    O1 - Hosts: ::1 localhost
    O2 - BHO: (txthlpBHO Class) - {060235DC-6D84-47BD-95D7-A4EF5099A59D} - C:\Program Files\Texthelp Systems\Read And Write 8\texthelpbho.dll ()
    O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O4 - HKLM..\Run: [000StTHK] C:\WINDOWS\System32\000StTHK.exe ()
    O4 - HKLM..\Run: [00THotkey] C:\WINDOWS\system32\00THotkey.exe (TOSHIBA Corporation)
    O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
    O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImage\TimounterMonitor.exe (Acronis)
    O4 - HKLM..\Run: [DDWMon] C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe ()
    O4 - HKLM..\Run: [DpUtil] C:\Program Files\TOSHIBA\DualPointUtility\TEDTray.exe (TOSHIBA)
    O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
    O4 - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe (TOSHIBA Corporation)
    O4 - HKLM..\Run: [TFNF5] C:\WINDOWS\System32\TFNF5.exe (TOSHIBA Corp.)
    O4 - HKLM..\Run: [TOSDCR] C:\WINDOWS\System32\TOSDCR.exe (TOSHIBA Corporation)
    O4 - HKLM..\Run: [TosHKCW.exe] C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe (TOSHIBA CORPORATION)
    O4 - HKLM..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.exe (TOSHIBA Corporation)
    O4 - HKLM..\Run: [TPSMain] C:\WINDOWS\System32\TPSMain.exe (TOSHIBA Corporation)
    O4 - HKLM..\Run: [TPSODDCtl] C:\WINDOWS\System32\TPSODDCtl.exe (TOSHIBA Corporation)
    O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe (Acronis)
    O4 - HKLM..\Run: [WD Button Manager] C:\WINDOWS\System32\WDBtnMgr.exe (Western Digital Technologies, Inc.)
    O4 - HKCU..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
    O9 - Extra Button: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll (F-Secure Corporation)
    O9 - Extra 'Tools' menuitem : Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll (F-Secure Corporation)
    O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
    O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Tania Wood\Start Menu\Programs\IMVU\Run IMVU.lnk File not found
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} [You must be registered and logged in to see this link.] (Office Genuine Advantage Validation Tool)
    O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} [You must be registered and logged in to see this link.] (Facebook Photo Uploader 5 Control)
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} [You must be registered and logged in to see this link.] (WUWebControl Class)
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} [You must be registered and logged in to see this link.] (MUWebControl Class)
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
    O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} [You must be registered and logged in to see this link.] (Office Update Installation Engine)
    O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} [You must be registered and logged in to see this link.] (SysInfo Class)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
    O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
    O18 - Protocol\Filter\x-sdch {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - Reg Error: Key error. File not found
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
    O20 - Winlogon\Notify\psfus: DllName - psqlpwd.dll - C:\WINDOWS\System32\psqlpwd.dll (UPEK Inc.)
    O20 - Winlogon\Notify\TosBtNP: DllName - TosBtNP.dll - C:\WINDOWS\System32\TosBtNP.dll (TOSHIBA CORPORATION)
    O24 - Desktop WallPaper: C:\Documents and Settings\Tania Wood\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\Tania Wood\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
    O30 - LSA: Authentication Packages - (relog_ap) - C:\WINDOWS\System32\relog_ap.dll (Acronis)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2007/05/30 10:22:24 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O32 - AutoRun File - [2004/03/10 01:34:10 | 000,022,528 | R--- | M] () - E:\AutoRunLauncher.exe -- [ CDFS ]
    O32 - AutoRun File - [2004/03/10 01:34:10 | 000,000,051 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

    NetSvcs: 6to4 - File not found
    NetSvcs: Ias - File not found
    NetSvcs: Iprip - File not found
    NetSvcs: Irmon - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: WmdmPmSp - File not found

    MsConfig - State: "system.ini" - 0
    MsConfig - State: "win.ini" - 0
    MsConfig - State: "bootini" - 0
    MsConfig - State: "services" - 0
    MsConfig - State: "startup" - 2

    SafeBootMin: Base - Driver Group
    SafeBootMin: Boot Bus Extender - Driver Group
    SafeBootMin: Boot file system - Driver Group
    SafeBootMin: File system - Driver Group
    SafeBootMin: Filter - Driver Group
    SafeBootMin: PCI Configuration - Driver Group
    SafeBootMin: PNP Filter - Driver Group
    SafeBootMin: Primary disk - Driver Group
    SafeBootMin: SCSI Class - Driver Group
    SafeBootMin: sdauxservice - C:\Program Files\Spyware Doctor\pctsAuxs.exe (PC Tools)
    SafeBootMin: sdcoreservice - C:\Program Files\Spyware Doctor\pctsSvc.exe (PC Tools)
    SafeBootMin: sermouse.sys - Driver
    SafeBootMin: System Bus Extender - Driver Group
    SafeBootMin: vds - Service
    SafeBootMin: vga.sys - Driver
    SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
    SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
    SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
    SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
    SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
    SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
    SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
    SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
    SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
    SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
    SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
    SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
    SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
    SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

    SafeBootNet: Base - Driver Group
    SafeBootNet: Boot Bus Extender - Driver Group
    SafeBootNet: Boot file system - Driver Group
    SafeBootNet: File system - Driver Group
    SafeBootNet: Filter - Driver Group
    SafeBootNet: NDIS Wrapper - Driver Group
    SafeBootNet: NetBIOSGroup - Driver Group
    SafeBootNet: NetDDEGroup - Driver Group
    SafeBootNet: Network - Driver Group
    SafeBootNet: NetworkProvider - Driver Group
    SafeBootNet: PCI Configuration - Driver Group
    SafeBootNet: PNP Filter - Driver Group
    SafeBootNet: PNP_TDI - Driver Group
    SafeBootNet: Primary disk - Driver Group
    SafeBootNet: SCSI Class - Driver Group
    SafeBootNet: sdauxservice - C:\Program Files\Spyware Doctor\pctsAuxs.exe (PC Tools)
    SafeBootNet: sdcoreservice - C:\Program Files\Spyware Doctor\pctsSvc.exe (PC Tools)
    SafeBootNet: sermouse.sys - Driver
    SafeBootNet: Streams Drivers - Driver Group
    SafeBootNet: System Bus Extender - Driver Group
    SafeBootNet: TDI - Driver Group
    SafeBootNet: vga.sys - Driver
    SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
    SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
    SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
    SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
    SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
    SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
    SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
    SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
    SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
    SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
    SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
    SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
    SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
    SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
    SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
    SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
    SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

    ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
    ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
    ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
    ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
    ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
    ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
    ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
    ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
    ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
    ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
    ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
    ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
    ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
    ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
    ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
    ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
    ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
    ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
    ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
    ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
    ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
    ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
    ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
    ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
    ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
    ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
    ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders
    ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
    ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
    ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
    ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
    ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
    ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
    ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
    ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
    ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
    ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
    ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
    ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
    ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
    ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
    ActiveX: {ECD292A0-0347-4244-8C24-5DBCE990FB40} - Hotfix for Microsoft .NET Framework 3.0 (KB932471)
    ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate
    ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
    ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
    ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
    ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
    ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
    ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
    ActiveX: Microsoft Base Smart Card Crypto Provider Package -

    Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
    Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codecx.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.siren - C:\WINDOWS\System32\sirenacm.dll (Microsoft Corporation)
    Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
    Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
    Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
    Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
    Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
    Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
    Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
    Drivers32: vidc.tscc - C:\WINDOWS\System32\tsccvid.dll (TechSmith Corporation)
    Drivers32: vidc.VP60 - C:\WINDOWS\system32\vp6vfw.dll (On2.com)
    Drivers32: vidc.VP61 - C:\WINDOWS\system32\vp6vfw.dll (On2.com)

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point (17183584330711040)

    ========== Files/Folders - Created Within 30 Days ==========



    Tazzy

    Newbie Surfer
    Newbie Surfer

    Posts : 26
    Joined : 2010-08-03
    Operating System : windows xp

    View user profile

    Back to top Go down

    Re: trojan.win32.buzus.eglu

    Post by Sponsored content Today at 8:00 am


    Sponsored content


    Back to top Go down

    Page 1 of 2 1, 2  Next

    View previous topic View next topic Back to top


     
    Permissions in this forum:
    You cannot reply to topics in this forum