Trojan.generic.2338857 ; win32.buzus infection

View previous topic View next topic Go down

Trojan.generic.2338857 ; win32.buzus infection

Post by court_mcd on Thu Apr 21, 2011 5:44 am

Hello,
Also infected with the "windows recovery" virus.
Have run BitDefender and it has deleted some of the infected files, but was unable to delete "trojan.generic.2338857.
Have run OTL, here are the reports. Thank you.

court_mcd
Novice
Novice

Status :
Online
Offline

Posts : 8
Joined : 2011-04-21
Gender : Female
OS : XPS3

View user profile

Back to top Go down

Re: Trojan.generic.2338857 ; win32.buzus infection

Post by court_mcd on Thu Apr 21, 2011 5:47 am

OTL logfile created on: 21/04/2011 2:15:50 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\FDU spare\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

1,023.00 Mb Total Physical Memory | 325.00 Mb Available Physical Memory | 32.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 78.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 29.29 Gb Total Space | 3.68 Gb Free Space | 12.57% Space Free | Partition Type: NTFS
Drive D: | 45.23 Gb Total Space | 8.28 Gb Free Space | 18.30% Space Free | Partition Type: NTFS

Computer Name: FLINDERS-7B80CB | User Name: FDU spare | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/04/21 14:14:15 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\FDU spare\Desktop\OTL.com
PRC - [2009/12/13 14:27:19 | 000,289,584 | -H-- | M] (BitTorrent, Inc.) -- C:\Program Files\uTorrent\uTorrent.exe
PRC - [2009/12/03 09:12:12 | 000,976,320 | -H-- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Epson Software\Event Manager\EEventManager.exe
PRC - [2009/09/25 22:32:18 | 000,189,736 | -H-- | M] (Seagate Technology LLC) -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
PRC - [2009/09/25 22:31:32 | 000,185,640 | -H-- | M] (Seagate LLC) -- C:\Program Files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe
PRC - [2009/05/14 16:07:14 | 000,759,048 | -H-- | M] (ABBYY) -- C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
PRC - [2008/08/29 14:20:56 | 000,935,208 | -H-- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
PRC - [2007/06/13 19:53:07 | 001,033,216 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/05/29 10:07:04 | 000,167,936 | -H-- | M] (Sophos Plc) -- c:\Program Files\Sophos\AutoUpdate\ALsvc.exe
PRC - [2007/05/29 10:03:47 | 000,086,016 | -H-- | M] (Sophos Plc) -- c:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe
PRC - [2007/05/29 10:03:38 | 000,069,632 | -H-- | M] (Sophos Plc) -- c:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
PRC - [2006/03/03 21:03:10 | 000,069,632 | -H-- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2004/04/26 17:02:14 | 000,163,840 | -H-- | M] (WIDCOMM, Inc.) -- C:\Program Files\Dell\Bluetooth Software\bin\btwdins.exe
PRC - [2004/01/13 15:15:20 | 000,376,832 | -H-- | M] (Intel Corporation) -- C:\WINDOWS\system32\ZCfgSvc.exe
PRC - [2004/01/13 15:08:52 | 000,184,320 | -H-- | M] (Intel) -- C:\WINDOWS\system32\1XConfig.exe
PRC - [2004/01/13 15:08:12 | 000,311,363 | -H-- | M] (Intel Corporation ) -- C:\WINDOWS\system32\S24EvMon.exe
PRC - [2004/01/13 15:07:04 | 000,122,880 | -H-- | M] (Intel Corporation) -- C:\WINDOWS\system32\RegSrvc.exe
PRC - [2002/03/12 10:37:28 | 000,028,672 | -H-- | M] (Novell, Inc.) -- C:\WINDOWS\system32\nwtray.exe


========== Modules (SafeList) ==========

MOD - [2011/04/21 14:14:15 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\FDU spare\Desktop\OTL.com
MOD - [2006/08/25 07:45:56 | 001,054,208 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
MOD - [2006/05/03 21:53:54 | 000,174,592 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\framedyn.dll


========== Win32 Services (SafeList) ==========

SRV - [2009/10/27 08:26:36 | 000,657,408 | -H-- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2009/09/25 22:32:18 | 000,189,736 | -H-- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe -- (FreeAgentGoNext Service)
SRV - [2009/05/14 16:07:14 | 000,759,048 | -H-- | M] (ABBYY) [Auto | Running] -- C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe -- (ABBYY.Licensing.FineReader.Sprint.9.0)
SRV - [2008/08/29 14:20:56 | 000,935,208 | -H-- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2007/05/29 10:07:04 | 000,167,936 | -H-- | M] (Sophos Plc) [Auto | Running] -- c:\Program Files\Sophos\AutoUpdate\ALsvc.exe -- (Sophos AutoUpdate Service)
SRV - [2007/05/29 10:03:47 | 000,086,016 | -H-- | M] (Sophos Plc) [Unknown | Running] -- c:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe -- (SAVService)
SRV - [2007/05/29 10:03:38 | 000,069,632 | -H-- | M] (Sophos Plc) [Unknown | Running] -- c:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe -- (SAVAdminService)
SRV - [2006/03/03 21:03:10 | 000,069,632 | -H-- | M] (HP) [Unknown | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2005/01/18 09:17:56 | 000,036,864 | -H-- | M] (Novell, Inc.) [On_Demand | Stopped] -- C:\WINDOWS\system32\cusrvc.exe -- (cusrvc)
SRV - [2004/04/26 17:02:14 | 000,163,840 | -H-- | M] (WIDCOMM, Inc.) [Auto | Running] -- C:\Program Files\Dell\Bluetooth Software\bin\btwdins.exe -- (btwdins)
SRV - [2004/01/13 15:08:12 | 000,311,363 | -H-- | M] (Intel Corporation ) [Auto | Running] -- C:\WINDOWS\system32\S24EvMon.exe -- (S24EventMonitor)
SRV - [2004/01/13 15:07:04 | 000,122,880 | -H-- | M] (Intel Corporation) [Auto | Running] -- C:\WINDOWS\system32\RegSrvc.exe -- (RegSrvc)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | Boot | Running] -- -- (szkgfs)
DRV - File not found [Kernel | Boot | Running] -- -- (szkg5)
DRV - [2009/08/05 21:48:42 | 000,054,752 | -H-- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2007/02/12 18:14:31 | 000,639,224 | -H-- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2006/08/14 12:26:10 | 000,014,037 | -H-- | M] (Meetinghouse Data Communications) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\mdc8021x.sys -- (MDC8021X) AEGIS Protocol (IEEE 802.1x)
DRV - [2006/07/24 15:05:00 | 000,005,632 | -H-- | M] () [File_System | System | Running] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2006/06/08 10:49:50 | 000,344,064 | -H-- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rt73.sys -- (RT73)
DRV - [2006/01/05 17:43:54 | 000,080,128 | -H-- | M] (Sophos plc) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\savonaccesscontrol.sys -- (SAVOnAccess Control)
DRV - [2006/01/05 17:43:46 | 000,024,064 | -H-- | M] (Sophos plc) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\savonaccessfilter.sys -- (SAVOnAccess Filter)
DRV - [2005/11/10 07:53:00 | 000,018,353 | -H-- | M] (Novell, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\NetWare\nwdhcp.sys -- (NWDHCP)
DRV - [2005/10/27 16:38:46 | 000,497,743 | -H-- | M] (Novell, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\NetWare\nwfs.sys -- (NetwareWorkstation)
DRV - [2005/10/27 16:21:08 | 000,155,761 | -H-- | M] (Novell, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\NetWare\srvloc.sys -- (SRVLOC)
DRV - [2005/10/27 16:15:14 | 000,039,731 | -H-- | M] (Novell, Inc.) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\NetWare\nwsipx32.sys -- (NWSIPX32)
DRV - [2005/10/12 13:12:18 | 000,009,297 | -H-- | M] (Novell, Inc.) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\NetWare\nwhost.sys -- (NWHOST)
DRV - [2005/10/12 13:11:32 | 000,006,128 | -H-- | M] (Novell, Inc.) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\NetWare\nwsns.sys -- (NWSNS)
DRV - [2005/09/29 12:04:46 | 000,035,568 | -H-- | M] (Novell, Inc.) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\NetWare\nwdns.sys -- (NWDNS)
DRV - [2005/05/26 18:14:00 | 000,015,891 | -H-- | M] (Novell, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\NetWare\nwfilter.sys -- (NWFILTER)
DRV - [2005/01/03 14:51:38 | 000,020,332 | -H-- | M] (Novell, Inc.) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\NetWare\nwslp.sys -- (NWSLP)
DRV - [2004/08/19 12:34:06 | 000,038,848 | -H-- | M] (Novell, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\nicm.sys -- (NICM)
DRV - [2004/08/12 22:14:00 | 000,786,944 | -H-- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2004/07/20 11:14:06 | 000,258,160 | -H-- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\stac97.sys -- (STAC97) Audio Driver (WDM)
DRV - [2004/06/01 18:19:34 | 000,027,249 | -H-- | M] (Novell, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\NetWare\resmgr.sys -- (RESMGR)
DRV - [2004/04/26 16:38:18 | 000,016,896 | -H-- | M] (WIDCOMM, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
DRV - [2004/04/26 16:31:56 | 001,239,338 | -H-- | M] (WIDCOMM, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2004/04/26 16:24:56 | 000,147,864 | -H-- | M] (WIDCOMM, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)
DRV - [2004/04/26 16:24:44 | 000,030,235 | -H-- | M] (WIDCOMM, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)
DRV - [2004/04/26 16:15:16 | 000,053,336 | -H-- | M] (WIDCOMM, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2004/03/08 11:55:50 | 000,013,567 | -H-- | M] (B.H.A Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\CDRBSDRV.SYS -- (cdrbsdrv)
DRV - [2004/01/14 05:58:26 | 001,648,640 | -H-- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w22n51.sys -- (w22n51) Intel(R)
DRV - [2003/11/13 18:21:16 | 000,197,120 | -H-- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWICH.sys -- (HSFHWICH)
DRV - [2003/11/13 18:18:36 | 000,679,808 | -H-- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2003/11/13 18:17:00 | 001,042,816 | -H-- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2003/09/15 10:20:18 | 000,011,258 | -H-- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2003/05/15 18:09:32 | 000,043,136 | RH-- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2003/02/26 14:51:18 | 000,023,232 | -H-- | M] () [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\NetWare\nwsap.sys -- (NWSAP)
DRV - [2002/09/09 19:54:06 | 000,016,269 | -H-- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\ASNDIS5.sys -- (ASNDIS5)
DRV - [2001/08/22 08:42:58 | 000,013,632 | -H-- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS -- (OMCI)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = [You must be registered and logged in to see this link.]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = [You must be registered and logged in to see this link.]
IE - HKCU\..\URLSearchHook: {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL (MyWebSearch.com)
IE - HKCU\..\URLSearchHook: {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" =

========== FireFox ==========

FF - prefs.js..browser.search.defaultEngine: "Yahoo"
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaulturl: "http://search.yahoo.com/search?fr=ffsp1&p="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com.au/"
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.0.0.42
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.0.0.07103010
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.0.20090922023629
FF - prefs.js..keyword.URL: "http://toolbar.inbox.com/search/dispatcher.aspx?tp=sf&tbid=80101&language=en&qkw="
FF - prefs.js..network.proxy.autoconfig_url: "http://www.flinders.edu.au/proxy.pac"
FF - prefs.js..network.proxy.type: 2


FF - HKLM\software\mozilla\Mozilla Firefox 3.5.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/08/17 10:48:48 | 000,000,000 | -H-D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/08/17 10:48:48 | 000,000,000 | -H-D | M]

[2009/12/13 10:09:18 | 000,000,000 | -H-D | M] (No name found) -- C:\Documents and Settings\FDU spare\Application Data\Mozilla\Extensions
[2011/04/21 13:22:56 | 000,000,000 | -H-D | M] (No name found) -- C:\Documents and Settings\FDU spare\Application Data\Mozilla\Firefox\Profiles\xsryr3nr.default\extensions
[2009/10/11 10:54:40 | 000,000,000 | -H-D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\FDU spare\Application Data\Mozilla\Firefox\Profiles\xsryr3nr.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2007/01/25 09:28:02 | 000,000,000 | -H-D | M] (Firefox Showcase) -- C:\Documents and Settings\FDU spare\Application Data\Mozilla\Firefox\Profiles\xsryr3nr.default\extensions\{89506680-e3f4-484c-a2c0-ed711d481eda}
[2007/01/25 09:22:31 | 000,000,000 | -H-D | M] (Hyperwords(tm)) -- C:\Documents and Settings\FDU spare\Application Data\Mozilla\Firefox\Profiles\xsryr3nr.default\extensions\{9A752782-D706-479b-98F8-3F66BF921692}
[2007/01/25 09:28:02 | 000,000,000 | -H-D | M] (ReminderFox) -- C:\Documents and Settings\FDU spare\Application Data\Mozilla\Firefox\Profiles\xsryr3nr.default\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}
[2008/10/07 09:56:06 | 000,000,000 | -H-D | M] (Move Media Player) -- C:\Documents and Settings\FDU spare\Application Data\Mozilla\Firefox\Profiles\xsryr3nr.default\extensions\moveplayer@movenetworks.com
[2009/07/04 14:00:18 | 000,001,632 | -H-- | M] () -- C:\Documents and Settings\FDU spare\Application Data\Mozilla\Firefox\Profiles\xsryr3nr.default\searchplugins\live-search.xml
[2011/04/02 10:02:48 | 000,000,000 | -H-D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\FDU SPARE\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\XSRYR3NR.DEFAULT\EXTENSIONS\INBOXCOMTOOLBAR@INBOX.COM
[2007/01/06 09:53:00 | 000,049,152 | -H-- | M] (BitTorrent, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npbittorrent.dll

O1 HOSTS File: ([2001/08/23 21:30:00 | 000,000,734 | -H-- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (MyWebSearch Search Assistant BHO) - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL (MyWebSearch.com)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - No CLSID value found.
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No CLSID value found.
O4 - HKLM..\Run: [EEventManager] C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [MaxMenuMgr] C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe (Seagate LLC)
O4 - HKLM..\Run: [NWTRAY] C:\WINDOWS\System32\nwtray.exe (Novell, Inc.)
O4 - HKCU..\Run: [DriverMax] File not found
O4 - HKCU..\Run: [DriverMax_RESTART] File not found
O4 - HKCU..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: CompatibleRUPSecurity = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.)
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\Dell\Bluetooth Software\btsendto_ie_ctx.htm ()
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll (Sun Microsystems, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\WINDOWS\system32\NetWare\nwws2nds.dll (Novell, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\WINDOWS\system32\NetWare\nwws2sap.dll (Novell, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\WINDOWS\system32\NetWare\nwws2slp.dll (Novell, Inc.)
O15 - HKCU\..Trusted Domains: flinders.edu.au ([gateway] https in Trusted sites)
O15 - HKCU\..Trusted Domains: select2perform.com.au ([www] https in Trusted sites)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} [You must be registered and logged in to see this link.] (Microsoft Office Template and Media Control)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} [You must be registered and logged in to see this link.] (QuickTime Object)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} [You must be registered and logged in to see this link.] (Office Genuine Advantage Validation Tool)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} [You must be registered and logged in to see this link.] (Facebook Photo Uploader 5 Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} [You must be registered and logged in to see this link.] (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} [You must be registered and logged in to see this link.] (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} [You must be registered and logged in to see this link.] (Shockwave ActiveX Control)
O16 - DPF: {483EB14D-AF1C-4951-81B0-4E2B41829FF6} [You must be registered and logged in to see this link.] (QOLCheck Control)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} [You must be registered and logged in to see this link.] (MySpace Uploader Control)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} [You must be registered and logged in to see this link.] (MSN Photo Upload Tool)
O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} [You must be registered and logged in to see this link.] (Slide Image Uploader Control)
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} [You must be registered and logged in to see this link.] (Facebook Photo Uploader 4 Control)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} [You must be registered and logged in to see this link.] (UnoCtrl Class)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} [You must be registered and logged in to see this link.] (BDSCANONLINE Control)
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} [You must be registered and logged in to see this link.] (Facebook Photo Uploader Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} [You must be registered and logged in to see this link.] (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} [You must be registered and logged in to see this link.] (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_02)
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} [You must be registered and logged in to see this link.] (MessengerStatsClient Class)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} [You must be registered and logged in to see this link.] (MSN Games - Installer)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} [You must be registered and logged in to see this link.] (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.5.0_07)
O16 - DPF: {CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.5.0_08)
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.5.0_09)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.5.0_10)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.5.0_11)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_02)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} [You must be registered and logged in to see this link.] (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\widimg {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\system32\BTXPPanel.dll (WIDCOMM, Inc.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (NWGINA.DLL) - C:\WINDOWS\System32\nwgina.dll (Novell, Inc.)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll ()
O20 - Winlogon\Notify\Sebring: DllName - c:\WINDOWS\system32\LgNotify.dll - C:\WINDOWS\system32\LgNotify.dll (Intel Corporation)
O20 - Winlogon\Notify\TPSvc: DllName - TPSvc.dll - File not found
O24 - Desktop WallPaper: C:\Documents and Settings\FDU spare\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\FDU spare\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O30 - LSA: Authentication Packages - (nwv1_0) - C:\WINDOWS\System32\nwv1_0.dll (Novell, Inc.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/12/15 10:00:28 | 000,000,050 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/07/05 12:26:40 | 000,000,090 | ---- | M] () - D:\AUTORUN.INF -- [ NTFS ]
O33 - MountPoints2\{1927ca50-f3d5-11dc-b70f-0010c652b6ef}\Shell - "" = AutoRun
O33 - MountPoints2\{1927ca50-f3d5-11dc-b70f-0010c652b6ef}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{1927ca50-f3d5-11dc-b70f-0010c652b6ef}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O33 - MountPoints2\{3a50e210-729e-11de-9c28-0010c652b6ef}\Shell\AutoRun\command - "" = E:\ice\fire\traymgr.exe
O33 - MountPoints2\{3a50e210-729e-11de-9c28-0010c652b6ef}\Shell\Explore\Command - "" = E:\ice\fire\traymgr.exe
O33 - MountPoints2\{3a50e210-729e-11de-9c28-0010c652b6ef}\Shell\open\command - "" = E:\ice\fire\traymgr.exe
O33 - MountPoints2\{42cd8072-453d-11df-9cfe-0010c652b6ef}\Shell\AutoRun\command - "" = E:\ice\fire\traymgr.exe
O33 - MountPoints2\{42cd8072-453d-11df-9cfe-0010c652b6ef}\Shell\Explore\Command - "" = E:\ice\fire\traymgr.exe
O33 - MountPoints2\{42cd8072-453d-11df-9cfe-0010c652b6ef}\Shell\open\command - "" = E:\ice\fire\traymgr.exe
O33 - MountPoints2\{a8f1be12-1075-11e0-9db9-0010c652b6ef}\Shell\AutoRun\command - "" = E:\ice\fire\traymgr.exe
O33 - MountPoints2\{a8f1be12-1075-11e0-9db9-0010c652b6ef}\Shell\Explore\Command - "" = E:\ice\fire\traymgr.exe
O33 - MountPoints2\{a8f1be12-1075-11e0-9db9-0010c652b6ef}\Shell\open\command - "" = E:\ice\fire\traymgr.exe
O33 - MountPoints2\{bbb0fed3-31a3-11dc-b554-00114361e263}\Shell\AutoRun\command - "" = E:\ice\fire\traymgr.exe
O33 - MountPoints2\{bbb0fed3-31a3-11dc-b554-00114361e263}\Shell\Explore\Command - "" = E:\ice\fire\traymgr.exe
O33 - MountPoints2\{bbb0fed3-31a3-11dc-b554-00114361e263}\Shell\open\command - "" = E:\ice\fire\traymgr.exe
O33 - MountPoints2\{dad52254-fee1-11dc-b728-0010c652b6ef}\Shell\AutoRun\command - "" = G:\ice\fire\traymgr.exe
O33 - MountPoints2\{dad52254-fee1-11dc-b728-0010c652b6ef}\Shell\Explore\Command - "" = G:\ice\fire\traymgr.exe
O33 - MountPoints2\{dad52254-fee1-11dc-b728-0010c652b6ef}\Shell\open\command - "" = G:\ice\fire\traymgr.exe
O33 - MountPoints2\{e9c714f2-0fa1-11df-9cc5-0010c652b6ef}\Shell\AutoRun\command - "" = G:\ice\fire\traymgr.exe
O33 - MountPoints2\{e9c714f2-0fa1-11df-9cc5-0010c652b6ef}\Shell\Explore\Command - "" = G:\ice\fire\traymgr.exe
O33 - MountPoints2\{e9c714f2-0fa1-11df-9cc5-0010c652b6ef}\Shell\open\command - "" = G:\ice\fire\traymgr.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe - (Adobe Systems Incorporated)
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AutoUpdate Monitor.lnk - C:\Program Files\Sophos\AutoUpdate\ALMon.exe - (Sophos Plc)
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BTTray.lnk - C:\Program Files\Dell\Bluetooth Software\BTTray.exe - (WIDCOMM, Inc.)
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk - C:\Program Files\Hewlett-Packard\hp color LaserJet 2550 Series\Digital Imaging\bin\hpqtra08.exe - (Hewlett-Packard Development Company, L.P.)
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Photosmart Premier Fast Start.lnk - C:\Program Files\Hewlett-Packard\hp color LaserJet 2550 Series\Digital Imaging\bin\hpqthb08.exe - (Hewlett-Packard Development Company, L.P.)
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^MiniMavis.lnk - - File not found
MsConfig - StartUpFolder: C:^Documents and Settings^FDU spare^Start Menu^Programs^Startup^Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe - (Adobe Systems, Inc.)
MsConfig - StartUpFolder: C:^Documents and Settings^FDU spare^Start Menu^Programs^Startup^America Online 5.0 Tray Icon.lnk - - File not found
MsConfig - StartUpReg: ATIPTA - hkey= - key= - C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (ATI Technologies, Inc.)
MsConfig - StartUpReg: BitTorrent - hkey= - key= - File not found
MsConfig - StartUpReg: BluetoothAuthenticationAgent - hkey= - key= - File not found
MsConfig - StartUpReg: ccApp - hkey= - key= - File not found
MsConfig - StartUpReg: ctfmon.exe - hkey= - key= - File not found
MsConfig - StartUpReg: DAEMON Tools - hkey= - key= - File not found
MsConfig - StartUpReg: HP Component Manager - hkey= - key= - C:\Program Files\HP\hpcoretech\hpcmpmgr.exe (Hewlett-Packard Company)
MsConfig - StartUpReg: HP Software Update - hkey= - key= - C:\Program Files\Hewlett-Packard\hp color LaserJet 2550 Series\HP Software Update\hpwuSchd2.exe (Hewlett-Packard Development Company, L.P.)
MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Computer, Inc.)
MsConfig - StartUpReg: Microsoft - hkey= - key= - File not found
MsConfig - StartUpReg: NeroFilterCheck - hkey= - key= - File not found
MsConfig - StartUpReg: NWTRAY - hkey= - key= - File not found
MsConfig - StartUpReg: osCheck - hkey= - key= - File not found
MsConfig - StartUpReg: Picasa Media Detector - hkey= - key= - File not found
MsConfig - StartUpReg: PRONoMgr.exe - hkey= - key= - c:\Program Files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe (Intel(R) Corporation)
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\qttask.exe (Apple Computer, Inc.)
MsConfig - StartUpReg: RemoteControl - hkey= - key= - C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe (Cyberlink Corp.)
MsConfig - StartUpReg: StatusClient 2.6 - hkey= - key= - File not found
MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe (Sun Microsystems, Inc.)
MsConfig - StartUpReg: swg - hkey= - key= - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
MsConfig - StartUpReg: TomcatStartup 2.5 - hkey= - key= - File not found
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 2

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SAVService - c:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe (Sophos Plc)
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SAVService - c:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe (Sophos Plc)
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {1325db73-d9f1-48f8-8895-6d814ec58889} - Security Update for Windows XP (KB913433)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 10.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 10.4
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {8056AC9E-49C5-4375-9ADE-B2F862C9DF51} - Security Update for Microsoft .NET Framework 2.0 (KB928365)
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} -
ActiveX: {B01B78B4-7E93-4A48-C336-A8D1B814423F} - Vector Graphics Rendering (VML)
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {DAA94A2A-2A8D-4D3B-9DB8-56FBECED082D} - Microsoft .NET Framework 1.1 Security Update (KB953297)
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax ()
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll ()
CREATERESTOREPOINT
Restore point Set: OTL Restore Point (56590081070202880)

========== Files/Folders - Created Within 30 Days ==========

[2011/04/21 14:21:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\FDU spare\Desktop\Virus Removal Tool
[2011/04/21 14:14:24 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\FDU spare\Desktop\OTL.com
[2011/04/21 13:04:37 | 000,000,000 | -H-D | C] -- C:\WINDOWS\BDOSCAN8
[2011/04/21 13:04:32 | 000,000,000 | -H-D | C] -- C:\WINDOWS\LastGood
[2011/04/21 13:02:13 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\FDU spare\Recent
[2011/04/19 19:18:50 | 000,000,000 | -H-D | C] -- C:\WINDOWS\CSC
[2011/04/19 06:57:10 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!
[2011/04/19 06:55:07 | 000,509,440 | -H-- | C] (iS3, Inc.) -- C:\SZSetupAV.exe
[2011/04/19 00:21:11 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\NtmsData
[2011/04/19 00:18:20 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\FDU spare\Application Data\Avira
[2011/04/19 00:13:51 | 000,000,000 | -H-D | C] -- C:\Program Files\Avira
[2011/04/18 23:11:13 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\FDU spare\Start Menu\Programs\Windows Recovery
[2011/04/02 10:09:57 | 000,000,000 | ---D | C] -- D:\My Documents\New Folder
[2011/03/22 19:08:12 | 000,000,000 | -H-D | C] -- C:\Program Files\Inbox Toolbar
[2009/02/02 08:19:56 | 003,686,400 | -H-- | C] (Infor) -- C:\Program Files\Shortcut to IKEA Home Planner.lnk
[2007/03/13 15:33:29 | 037,844,544 | -H-- | C] (Apple Inc.) -- C:\Program Files\iTunesSetup.exe
[2006/08/14 11:40:30 | 000,151,552 | -H-- | C] ( ) -- C:\WINDOWS\System32\ATIDEMGR.dll
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[18 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/04/21 14:25:20 | 000,002,299 | ---- | M] () -- C:\Documents and Settings\FDU spare\Start Menu\Programs\Startup\setup_9.0.0.722_21.04.2011_06-53[1].lnk
[2011/04/21 14:14:15 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\FDU spare\Desktop\OTL.com
[2011/04/21 14:08:02 | 000,000,886 | -H-- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/04/21 13:05:49 | 000,000,704 | -H-- | M] () -- C:\WINDOWS\System32\drivers\kgpfr2.cfg
[2011/04/21 13:05:47 | 000,002,232 | -H-- | M] () -- C:\WINDOWS\System32\drivers\kgpcpy.cfg
[2011/04/21 12:52:43 | 000,000,868 | -H-- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2011/04/21 12:49:37 | 000,000,430 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{F30FF99A-BAB0-43C9-861E-A588716FAAAD}.job
[2011/04/21 12:46:22 | 000,000,440 | -H-- | M] () -- C:\WINDOWS\tasks\XoftSpySE 2.job
[2011/04/21 12:46:16 | 000,000,882 | -H-- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/04/21 12:45:27 | 000,002,206 | -H-- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/04/21 12:45:25 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/04/19 06:55:10 | 000,509,440 | -H-- | M] (iS3, Inc.) -- C:\SZSetupAV.exe
[2011/04/19 03:00:00 | 000,000,370 | -H-- | M] () -- C:\WINDOWS\tasks\XoftSpySE.job
[2011/04/19 00:03:23 | 051,349,520 | -H-- | M] () -- C:\avira_antivir_personal_en.exe
[2011/04/18 23:11:18 | 000,000,821 | -H-- | M] () -- C:\Documents and Settings\FDU spare\Desktop\Windows Recovery.lnk
[2011/04/18 23:11:17 | 000,000,128 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\~18145076
[2011/04/18 23:11:16 | 000,000,160 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\~18145076r
[2011/04/18 23:10:51 | 000,000,336 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\18145076
[2011/04/18 23:06:10 | 000,116,224 | -H-- | M] () -- C:\WINDOWS\System32\drivers\20232.sys
[2011/04/05 15:48:54 | 000,016,896 | -H-- | M] () -- C:\Documents and Settings\FDU spare\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/04/03 09:48:43 | 000,440,164 | -H-- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/04/03 09:48:43 | 000,071,718 | -H-- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/04/02 09:57:00 | 000,000,284 | -H-- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[18 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/04/21 12:50:00 | 000,000,704 | -H-- | C] () -- C:\WINDOWS\System32\drivers\kgpfr2.cfg
[2011/04/21 12:48:24 | 000,002,232 | -H-- | C] () -- C:\WINDOWS\System32\drivers\kgpcpy.cfg
[2011/04/19 00:03:23 | 051,349,520 | -H-- | C] () -- C:\avira_antivir_personal_en.exe
[2011/04/18 23:11:18 | 000,000,821 | -H-- | C] () -- C:\Documents and Settings\FDU spare\Desktop\Windows Recovery.lnk
[2011/04/18 23:11:16 | 000,000,160 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\~18145076r
[2011/04/18 23:11:16 | 000,000,128 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\~18145076
[2011/04/18 23:10:51 | 000,000,336 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\18145076
[2011/04/18 23:06:10 | 000,116,224 | -H-- | C] () -- C:\WINDOWS\System32\drivers\20232.sys
[2011/02/15 13:39:31 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\EEventManager.INI
[2010/02/04 15:50:12 | 000,004,767 | -H-- | C] () -- C:\WINDOWS\Irremote.ini
[2010/02/04 15:39:11 | 000,214,136 | -H-- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2009/10/17 16:24:12 | 000,091,916 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/09/28 19:23:56 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2009/07/17 14:14:45 | 000,000,094 | -H-- | C] () -- C:\WINDOWS\awshkwv.ini
[2009/01/05 15:44:10 | 000,053,248 | -H-- | C] () -- C:\WINDOWS\bdoscandel.exe
[2009/01/05 15:44:10 | 000,000,453 | -H-- | C] () -- C:\WINDOWS\bdoscandellang.ini
[2008/05/30 20:50:26 | 000,537,600 | -H-- | C] () -- C:\WINDOWS\System32\ASWL2K.exe
[2008/05/30 20:50:26 | 000,496,640 | -H-- | C] () -- C:\WINDOWS\System32\ASWLSVC.exe
[2008/05/30 20:50:26 | 000,159,827 | -H-- | C] () -- C:\WINDOWS\System32\RemSvc.exe
[2008/04/01 19:22:27 | 000,005,092 | -H-- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2008/03/06 10:34:24 | 000,237,057 | -H-- | C] () -- C:\WINDOWS\System32\Office [Keygen].exe
[2008/02/04 17:23:10 | 000,693,792 | -H-- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2008/01/07 19:40:32 | 000,000,033 | -H-- | C] () -- C:\WINDOWS\Multimedia manager.INI
[2008/01/07 18:19:44 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\LauncherAccess.dt
[2008/01/07 17:50:00 | 000,005,632 | -H-- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2007/12/11 15:15:52 | 000,000,030 | -H-- | C] () -- C:\WINDOWS\Mavis12.INI
[2007/12/11 15:11:16 | 024,733,448 | -H-- | C] () -- C:\WINDOWS\aolback.exe
[2007/12/11 15:11:15 | 000,182,966 | -H-- | C] () -- C:\WINDOWS\Aolunins.exe
[2007/12/11 14:39:57 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\SETUP32.INI
[2007/11/30 14:11:34 | 000,003,679 | -H-- | C] () -- C:\WINDOWS\System32\Sys2679b.DLL
[2007/10/11 16:36:50 | 000,117,255 | -H-- | C] () -- C:\WINDOWS\hpoins11.dat
[2007/10/11 16:09:58 | 000,077,824 | RH-- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll
[2007/04/07 11:05:04 | 000,000,151 | -H-- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2007/03/08 13:13:07 | 047,122,544 | -H-- | C] () -- C:\Program Files\Symantec Antivirus.exe
[2007/01/27 18:33:39 | 000,012,288 | -H-- | C] () -- C:\WINDOWS\System32\impborl.dll
[2006/12/15 17:29:03 | 000,000,116 | -H-- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006/12/15 09:57:58 | 000,003,654 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Sonyhcp.dll
[2006/12/12 13:01:52 | 000,100,724 | -H-- | C] () -- C:\WINDOWS\cpeins04.dat
[2006/12/12 13:01:52 | 000,017,176 | -H-- | C] () -- C:\WINDOWS\hpomdl04.dat.temp
[2006/12/12 13:00:00 | 000,000,214 | -H-- | C] () -- C:\WINDOWS\HP_48BitScanUpdatePatch.ini
[2006/11/20 18:33:18 | 000,016,896 | -H-- | C] () -- C:\Documents and Settings\FDU spare\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/11/13 19:33:38 | 000,001,755 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/11/11 11:24:40 | 000,000,132 | -H-- | C] () -- C:\Documents and Settings\FDU spare\Local Settings\Application Data\fusioncache.dat
[2006/11/11 11:02:33 | 000,104,340 | -H-- | C] () -- C:\WINDOWS\hpoins04.dat
[2006/11/11 11:02:33 | 000,017,176 | -H-- | C] () -- C:\WINDOWS\hpomdl04.dat
[2006/09/15 09:49:28 | 000,000,036 | -H-- | C] () -- C:\WINDOWS\webica.ini
[2006/09/08 16:35:38 | 000,007,019 | -H-- | C] () -- C:\WINDOWS\hpclj2550.ini
[2006/08/31 11:30:03 | 000,000,302 | -H-- | C] () -- C:\WINDOWS\System32\AddPort.ini
[2006/08/31 11:30:02 | 000,003,399 | RH-- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[2006/08/31 11:27:53 | 000,000,103 | -H-- | C] () -- C:\WINDOWS\System32\hptrace.ini
[2006/08/31 11:27:11 | 000,009,092 | -H-- | C] () -- C:\WINDOWS\hplj42504350.ini
[2006/08/31 11:26:55 | 000,001,474 | -H-- | C] () -- C:\WINDOWS\mariner.ini
[2006/08/14 20:15:36 | 000,004,161 | -H-- | C] () -- C:\WINDOWS\ODBCINST.INI
[2006/08/14 20:14:25 | 000,411,880 | -H-- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2006/08/14 14:52:16 | 000,000,376 | -H-- | C] () -- C:\WINDOWS\ODBC.INI
[2006/08/14 14:22:25 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\nsreg.dat
[2006/08/14 14:22:09 | 000,002,301 | -H-- | C] () -- C:\WINDOWS\mozver.dat
[2006/08/14 11:40:29 | 000,389,120 | -H-- | C] () -- C:\WINDOWS\System32\ati2evxx.exe
[2006/08/14 11:40:29 | 000,086,016 | -H-- | C] () -- C:\WINDOWS\System32\ati2evxx.dll
[2006/08/14 11:02:32 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2006/08/14 10:56:21 | 000,021,640 | -H-- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2006/05/06 07:46:29 | 000,011,634 | -H-- | C] () -- C:\WINDOWS\hpomdl11.dat
[2005/11/10 11:38:44 | 000,235,520 | -H-- | C] () -- C:\WINDOWS\System32\lgnwnt32.dll
[2005/09/08 10:55:34 | 000,245,843 | -H-- | C] () -- C:\WINDOWS\System32\nwshlxnt.dll
[2005/04/18 08:43:00 | 000,053,248 | -H-- | C] () -- C:\WINDOWS\System32\setupw2k.dll
[2004/08/04 01:07:22 | 000,001,788 | -H-- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2004/08/04 00:56:44 | 000,755,200 | -H-- | C] () -- C:\WINDOWS\System32\ir50_32.dll
[2004/08/04 00:56:44 | 000,338,432 | -H-- | C] () -- C:\WINDOWS\System32\ir41_qcx.dll
[2004/08/04 00:56:44 | 000,200,192 | -H-- | C] () -- C:\WINDOWS\System32\ir50_qc.dll
[2004/08/04 00:56:44 | 000,183,808 | -H-- | C] () -- C:\WINDOWS\System32\ir50_qcx.dll
[2004/08/04 00:56:44 | 000,120,320 | -H-- | C] () -- C:\WINDOWS\System32\ir41_qc.dll
[2004/08/02 14:20:40 | 000,004,569 | -H-- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/04/26 16:53:42 | 000,086,016 | -H-- | C] () -- C:\WINDOWS\System32\btprn2k.dll
[2003/12/18 10:29:12 | 000,001,724 | -H-- | C] () -- C:\WINDOWS\System32\vipx.exe
[2003/04/17 12:35:00 | 000,651,264 | -H-- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2003/04/17 12:35:00 | 000,147,456 | -H-- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2003/02/25 15:19:56 | 000,094,274 | -H-- | C] () -- C:\WINDOWS\System32\HPBHEALR.DLL
[2003/02/05 16:31:42 | 000,045,119 | -H-- | C] () -- C:\WINDOWS\System32\dprpcw32.dll
[2001/11/14 13:56:00 | 001,802,240 | -H-- | C] () -- C:\WINDOWS\System32\lcppn21.dll
[2001/10/23 10:14:28 | 000,012,736 | -H-- | C] () -- C:\WINDOWS\System32\cmdinfo.exe
[2001/10/04 14:40:54 | 000,040,960 | -H-- | C] () -- C:\WINDOWS\System32\nwslog32.dll
[2001/08/23 21:30:00 | 013,107,200 | -H-- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/23 21:30:00 | 000,673,088 | -H-- | C] () -- C:\WINDOWS\System32\mlang.dat
[2001/08/23 21:30:00 | 000,440,164 | -H-- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2001/08/23 21:30:00 | 000,272,128 | -H-- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2001/08/23 21:30:00 | 000,218,003 | -H-- | C] () -- C:\WINDOWS\System32\dssec.dat
[2001/08/23 21:30:00 | 000,071,718 | -H-- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2001/08/23 21:30:00 | 000,046,258 | -H-- | C] () -- C:\WINDOWS\System32\mib.bin
[2001/08/23 21:30:00 | 000,028,626 | -H-- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2001/08/23 21:30:00 | 000,004,463 | -H-- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/08/23 21:30:00 | 000,000,741 | -H-- | C] () -- C:\WINDOWS\System32\noise.dat
[2000/01/20 09:15:14 | 000,051,200 | -H-- | C] () -- C:\WINDOWS\System32\lgncon32.dll
[1999/07/22 19:07:38 | 000,015,898 | -H-- | C] () -- C:\WINDOWS\System32\vlmsup.exe
[1999/01/11 04:37:36 | 000,002,757 | -H-- | C] () -- C:\WINDOWS\System32\rdrstats.ini
[1996/05/14 09:50:22 | 000,192,512 | -H-- | C] () -- C:\WINDOWS\System32\prtwin32.dll
[1995/08/22 08:36:12 | 000,192,512 | -H-- | C] () -- C:\WINDOWS\System32\nwpsrv32.dll

court_mcd
Novice
Novice

Status :
Online
Offline

Posts : 8
Joined : 2011-04-21
Gender : Female
OS : XPS3

View user profile

Back to top Go down

Re: Trojan.generic.2338857 ; win32.buzus infection

Post by court_mcd on Thu Apr 21, 2011 5:48 am

========== Custom Scans ==========


< %systemroot%\Fonts\*.com >
[2006/04/19 19:21:28 | 000,026,040 | -H-- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/07/02 21:37:10 | 000,026,489 | -H-- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/19 19:21:28 | 000,029,779 | -H-- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/07/02 21:37:12 | 000,030,808 | -H-- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >
[2006/02/19 03:28:56 | 000,012,288 | -H-- | M] (Hewlett-Packard Development Company, L.P.) -- C:\WINDOWS\Fonts\RandFont.dll

< %systemroot%\Fonts\*.ini >
[2006/08/14 10:59:07 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2006/10/14 15:43:18 | 000,027,648 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2004/05/13 22:10:56 | 000,051,712 | -H-- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\HPZPP034.DLL
[2006/04/10 14:02:32 | 000,074,240 | -H-- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\hpzpp054.dll
[2004/12/06 13:39:50 | 000,062,976 | -H-- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\HPZPP38Y.DLL
[2003/06/18 17:31:48 | 000,018,944 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll
[2006/10/26 19:56:12 | 000,033,104 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\msonpppr.dll
[2006/10/14 15:44:44 | 000,671,744 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\PrintFilterPipelineSvc.exe
[1 C:\WINDOWS\system32\spool\prtprocs\w32x86\*.tmp files -> C:\WINDOWS\system32\spool\prtprocs\w32x86\*.tmp -> ]

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2009/07/10 11:15:46 | 000,306,544 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\WLXPGSS.SCR
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >
[2009/07/05 12:26:40 | 000,001,626 | -H-- | M] () -- C:\Documents and Settings\FDU spare\Application Data\Microsoft\LastFlashConfig.WFC

< %PROGRAMFILES%\*.* >
[2007/03/13 15:33:53 | 037,844,544 | -H-- | M] (Apple Inc.) -- C:\Program Files\iTunesSetup.exe
[2007/11/19 11:31:00 | 003,686,400 | -H-- | M] (Infor) -- C:\Program Files\Shortcut to IKEA Home Planner.lnk
[2007/03/08 13:13:41 | 047,122,544 | -H-- | M] () -- C:\Program Files\Symantec Antivirus.exe
[2007/12/12 14:26:59 | 000,009,216 | -HS- | M] () -- C:\Program Files\Thumbs.db

< %APPDATA%\Update\*.* >

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2006/08/14 10:59:46 | 000,000,294 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2006/08/14 11:34:34 | 000,000,119 | -HS- | M] () -- C:\Documents and Settings\FDU spare\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\*.exe >
[2010/08/17 10:48:33 | 000,120,280 | -H-- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\crashreporter.exe
[2010/08/17 10:48:34 | 000,908,248 | -H-- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
[2010/08/17 10:48:43 | 000,245,208 | -H-- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\updater.exe

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2006/08/14 11:34:33 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\FDU spare\Favorites\Desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >
[2009/03/24 20:38:43 | 001,075,832 | -H-- | M] () -- C:\Documents and Settings\All Users\Google earth.exe
[2006/08/14 13:43:18 | 000,001,496 | RHS- | M] () -- C:\Documents and Settings\All Users\ntuser.pol

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2004/08/04 00:56:44 | 000,380,957 | -H-- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\expsrv.dll
[2004/08/04 00:56:44 | 001,028,096 | -H-- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\mfc42.dll
[2001/08/23 21:30:00 | 001,355,776 | -H-- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\msvbvm50.dll
[2004/02/24 14:12:40 | 001,386,496 | -H-- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\msvbvm60.dll
[6 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\*.exe /lockedfiles >
[2010/02/16 22:49:55 | 002,181,376 | -H-- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\ntoskrnl.exe
[6 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2007/02/12 18:14:31 | 000,639,224 | -H-- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\sptd.sys

< %systemroot%\System32\config\*.sav >
[2006/08/14 20:13:38 | 000,094,208 | -H-- | M] () -- C:\WINDOWS\system32\config\default.sav
[2006/08/14 20:13:38 | 000,659,456 | -H-- | M] () -- C:\WINDOWS\system32\config\software.sav
[2006/08/14 20:13:38 | 000,884,736 | -H-- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\*.sys >
[2001/08/23 21:30:00 | 000,009,029 | -H-- | M] () -- C:\WINDOWS\system32\ansi.sys
[2002/09/09 19:54:06 | 000,016,269 | -H-- | M] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINDOWS\system32\ASNDIS5.sys
[2001/08/23 21:30:00 | 000,027,097 | -H-- | M] () -- C:\WINDOWS\system32\country.sys
[2001/08/23 21:30:00 | 000,004,768 | -H-- | M] () -- C:\WINDOWS\system32\himem.sys
[2001/08/23 21:30:00 | 000,042,809 | -H-- | M] () -- C:\WINDOWS\system32\key01.sys
[2004/08/03 22:46:56 | 000,042,537 | -H-- | M] () -- C:\WINDOWS\system32\keyboard.sys
[2001/08/23 21:30:00 | 000,027,866 | -H-- | M] () -- C:\WINDOWS\system32\ntdos.sys
[2001/08/23 21:30:00 | 000,029,146 | -H-- | M] () -- C:\WINDOWS\system32\ntdos404.sys
[2001/08/23 21:30:00 | 000,029,370 | -H-- | M] () -- C:\WINDOWS\system32\ntdos411.sys
[2001/08/23 21:30:00 | 000,029,274 | -H-- | M] () -- C:\WINDOWS\system32\ntdos412.sys
[2001/08/23 21:30:00 | 000,029,146 | -H-- | M] () -- C:\WINDOWS\system32\ntdos804.sys
[2004/08/03 22:45:10 | 000,033,840 | -H-- | M] () -- C:\WINDOWS\system32\ntio.sys
[2004/08/03 22:45:16 | 000,034,560 | -H-- | M] () -- C:\WINDOWS\system32\ntio404.sys
[2004/08/03 22:45:12 | 000,035,648 | -H-- | M] () -- C:\WINDOWS\system32\ntio411.sys
[2004/08/03 22:45:16 | 000,035,424 | -H-- | M] () -- C:\WINDOWS\system32\ntio412.sys
[2004/08/03 22:45:14 | 000,034,560 | -H-- | M] () -- C:\WINDOWS\system32\ntio804.sys
[2004/08/03 23:07:34 | 000,017,664 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\watchdog.sys
[2009/08/14 21:49:41 | 001,850,112 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\win32k.sys
[6 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\drivers\*.dll >
[2001/07/03 19:39:00 | 000,003,654 | -H-- | M] () -- C:\WINDOWS\system32\drivers\Sonyhcp.dll

< %systemroot%\system32\drivers\*.ini >

< %systemroot%\system32\drivers\*.exe >

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
[2006/10/14 15:43:18 | 000,027,648 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2004/05/13 22:10:56 | 000,051,712 | -H-- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\HPZPP034.DLL
[2006/04/10 14:02:32 | 000,074,240 | -H-- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\hpzpp054.dll
[2004/12/06 13:39:50 | 000,062,976 | -H-- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\HPZPP38Y.DLL
[2003/06/18 17:31:48 | 000,018,944 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll
[2006/10/26 19:56:12 | 000,033,104 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\msonpppr.dll
[1 C:\WINDOWS\system32\Spool\prtprocs\w32x86\*.tmp files -> C:\WINDOWS\system32\Spool\prtprocs\w32x86\*.tmp -> ]

< %SYSTEMDRIVE%\*.* >
[2011/03/14 15:38:29 | 000,000,029 | -H-- | M] () -- C:\.log
[2008/08/15 17:47:33 | 000,000,170 | -H-- | M] () -- C:\ASWL2K.ini
[2006/12/15 10:00:28 | 000,000,050 | -H-- | M] () -- C:\AUTOEXEC.BAT
[2011/04/19 00:03:23 | 051,349,520 | -H-- | M] () -- C:\avira_antivir_personal_en.exe
[2008/04/20 17:19:13 | 000,000,311 | RHS- | M] () -- C:\boot.ini
[2006/08/14 10:59:38 | 000,000,000 | -H-- | M] () -- C:\CONFIG.SYS
[2007/03/28 08:46:46 | 000,000,081 | -H-- | M] () -- C:\CTX.DAT
[2006/08/14 10:59:38 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2008/05/26 16:55:42 | 000,000,482 | -H-- | M] () -- C:\LOG1.log
[2008/05/27 12:48:53 | 000,000,482 | -H-- | M] () -- C:\LOG11.log
[2008/08/31 12:15:01 | 000,000,482 | -H-- | M] () -- C:\LOG19B.log
[2008/05/26 10:54:17 | 000,000,482 | -H-- | M] () -- C:\LOG2.log
[2008/05/26 14:00:56 | 000,000,482 | -H-- | M] () -- C:\LOG3.log
[2008/05/27 09:21:29 | 000,000,482 | -H-- | M] () -- C:\LOG4.log
[2008/06/10 17:01:10 | 000,000,482 | -H-- | M] () -- C:\LOG40.log
[2008/05/27 09:23:22 | 000,000,482 | -H-- | M] () -- C:\LOG5.log
[2008/06/03 12:10:18 | 000,000,482 | -H-- | M] () -- C:\LOG6.log
[2008/05/27 11:08:18 | 000,000,482 | -H-- | M] () -- C:\LOG7.log
[2008/06/03 12:37:31 | 000,000,482 | -H-- | M] () -- C:\LOG8.log
[2008/06/04 16:35:56 | 000,000,482 | -H-- | M] () -- C:\LOG9.log
[2008/06/09 13:45:04 | 000,000,482 | -H-- | M] () -- C:\LOGA.log
[2008/08/31 10:17:31 | 000,000,482 | -H-- | M] () -- C:\LOGA4.log
[2008/06/10 08:38:46 | 000,000,482 | -H-- | M] () -- C:\LOGB.log
[2008/08/30 12:02:52 | 000,000,482 | -H-- | M] () -- C:\LOGC.log
[2008/12/04 08:42:51 | 000,000,482 | -H-- | M] () -- C:\LOGD.log
[2008/12/19 08:40:56 | 000,000,482 | -H-- | M] () -- C:\LOGE.log
[2006/08/14 10:59:38 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004/08/03 22:38:34 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2004/08/03 22:59:34 | 000,250,032 | RHS- | M] () -- C:\ntldr
[2011/04/21 12:45:20 | 1610,612,736 | -HS- | M] () -- C:\pagefile.sys
[2008/12/02 10:48:22 | 000,956,344 | -H-- | M] (Microsoft Corporation) -- C:\SaveAsPDFandXPS.exe
[2011/04/19 06:55:10 | 000,509,440 | -H-- | M] (iS3, Inc.) -- C:\SZSetupAV.exe
[2008/10/11 13:08:13 | 000,089,864 | -H-- | M] () -- C:\_GEAREXT.vol
[2008/10/11 13:08:13 | 000,002,685 | -H-- | M] () -- C:\_GEAREXT.WO_IDENT.TXT
[18 C:\*.tmp files -> C:\*.tmp -> ]

< %PROGRAMFILES%\*. >
[2011/02/12 15:24:38 | 000,000,000 | -H-D | M] -- C:\Program Files\ABBYY FineReader 9.0 Sprint
[2007/02/13 07:16:49 | 000,000,000 | -H-D | M] -- C:\Program Files\Adobe
[2006/12/15 17:25:37 | 000,000,000 | -H-D | M] -- C:\Program Files\Ahead
[2008/05/30 20:50:21 | 000,000,000 | -H-D | M] -- C:\Program Files\ASUS
[2006/08/14 11:45:36 | 000,000,000 | -H-D | M] -- C:\Program Files\ATI Technologies
[2011/04/19 00:13:51 | 000,000,000 | -H-D | M] -- C:\Program Files\Avira
[2006/08/14 12:20:25 | 000,000,000 | -H-D | M] -- C:\Program Files\Broadcom
[2008/12/05 12:32:40 | 000,000,000 | -H-D | M] -- C:\Program Files\Broderbund
[2010/02/03 17:23:07 | 000,000,000 | -H-D | M] -- C:\Program Files\Carbonite
[2007/01/25 13:24:57 | 000,000,000 | -H-D | M] -- C:\Program Files\Citrix
[2011/04/21 13:21:34 | 000,000,000 | -H-D | M] -- C:\Program Files\Common Files
[2006/08/14 10:56:07 | 000,000,000 | -H-D | M] -- C:\Program Files\ComPlus Applications
[2006/08/14 12:17:03 | 000,000,000 | -H-D | M] -- C:\Program Files\CONEXANT
[2006/08/14 14:38:03 | 000,000,000 | -H-D | M] -- C:\Program Files\CUAgent
[2006/12/15 17:19:04 | 000,000,000 | -H-D | M] -- C:\Program Files\CyberLink
[2006/08/14 12:23:22 | 000,000,000 | -H-D | M] -- C:\Program Files\Dell
[2006/12/15 17:05:38 | 000,000,000 | -H-D | M] -- C:\Program Files\Deskshare
[2009/12/16 12:06:59 | 000,000,000 | -H-D | M] -- C:\Program Files\DIFX
[2008/03/03 15:09:47 | 000,000,000 | -H-D | M] -- C:\Program Files\Digital Locker Assistant
[2010/04/12 08:53:27 | 000,000,000 | -H-D | M] -- C:\Program Files\DivX
[2011/02/12 15:25:42 | 000,000,000 | -H-D | M] -- C:\Program Files\epson
[2011/02/12 15:28:33 | 000,000,000 | -H-D | M] -- C:\Program Files\Epson Software
[2008/11/19 08:55:17 | 000,000,000 | -H-D | M] -- C:\Program Files\FunWebProducts
[2009/09/29 09:46:30 | 000,000,000 | -H-D | M] -- C:\Program Files\Google
[2009/10/19 16:35:49 | 000,000,000 | -H-D | M] -- C:\Program Files\Hewlett-Packard
[2007/07/13 08:42:41 | 000,000,000 | -H-D | M] -- C:\Program Files\HP
[2009/04/26 11:05:34 | 000,000,000 | -H-D | M] -- C:\Program Files\IKEA Home Planner
[2011/04/21 13:23:00 | 000,000,000 | -H-D | M] -- C:\Program Files\Inbox Toolbar
[2010/01/20 11:10:44 | 000,000,000 | -H-D | M] -- C:\Program Files\Incomplete
[2010/02/01 14:06:24 | 000,000,000 | -H-D | M] -- C:\Program Files\Innovative Solutions
[2011/02/12 15:28:28 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2006/08/14 12:26:20 | 000,000,000 | -H-D | M] -- C:\Program Files\Intel
[2010/05/19 19:46:38 | 000,000,000 | -H-D | M] -- C:\Program Files\Internet Explorer
[2009/12/17 07:38:25 | 000,000,000 | -H-D | M] -- C:\Program Files\Internode
[2006/11/09 17:04:09 | 000,000,000 | -H-D | M] -- C:\Program Files\iPod
[2007/06/06 18:23:25 | 000,000,000 | -H-D | M] -- C:\Program Files\iTunes
[2007/08/13 20:56:00 | 000,000,000 | -H-D | M] -- C:\Program Files\Java
[2010/01/20 10:46:02 | 000,000,000 | -H-D | M] -- C:\Program Files\LimeWire
[2008/09/09 17:11:30 | 000,000,000 | -H-D | M] -- C:\Program Files\Messenger
[2009/07/03 20:36:58 | 000,000,000 | -H-D | M] -- C:\Program Files\Microsoft
[2006/08/14 11:00:01 | 000,000,000 | -H-D | M] -- C:\Program Files\microsoft frontpage
[2008/08/31 12:09:12 | 000,000,000 | -H-D | M] -- C:\Program Files\Microsoft Office
[2009/12/17 14:46:13 | 000,000,000 | -H-D | M] -- C:\Program Files\Microsoft Office Outlook Connector
[2009/12/17 15:01:51 | 000,000,000 | -H-D | M] -- C:\Program Files\Microsoft Silverlight
[2007/12/07 09:59:54 | 000,000,000 | -H-D | M] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2009/07/03 20:31:24 | 000,000,000 | -H-D | M] -- C:\Program Files\Microsoft Sync Framework
[2008/08/31 12:08:54 | 000,000,000 | -H-D | M] -- C:\Program Files\Microsoft Visual Studio
[2008/08/31 12:09:42 | 000,000,000 | -H-D | M] -- C:\Program Files\Microsoft Works
[2008/08/31 12:07:40 | 000,000,000 | -H-D | M] -- C:\Program Files\Microsoft.NET
[2010/05/19 19:56:50 | 000,000,000 | -H-D | M] -- C:\Program Files\Movie Maker
[2011/04/10 17:52:23 | 000,000,000 | -H-D | M] -- C:\Program Files\Mozilla Firefox
[2010/02/04 14:58:54 | 000,000,000 | -H-D | M] -- C:\Program Files\MSBuild
[2008/12/02 10:48:26 | 000,000,000 | -H-D | M] -- C:\Program Files\MSECache
[2006/08/14 10:55:04 | 000,000,000 | -H-D | M] -- C:\Program Files\MSN
[2006/08/14 10:55:36 | 000,000,000 | -H-D | M] -- C:\Program Files\MSN Gaming Zone
[2006/11/10 15:26:57 | 000,000,000 | -H-D | M] -- C:\Program Files\MSXML 4.0
[2010/02/03 17:23:17 | 000,000,000 | -H-D | M] -- C:\Program Files\MSXML 6.0
[2008/11/26 14:43:57 | 000,000,000 | -H-D | M] -- C:\Program Files\MyVirtualHome
[2008/11/19 08:13:37 | 000,000,000 | -H-D | M] -- C:\Program Files\MyWebSearch
[2010/02/04 15:48:59 | 000,000,000 | -H-D | M] -- C:\Program Files\Nero
[2006/08/14 10:57:24 | 000,000,000 | -H-D | M] -- C:\Program Files\NetMeeting
[2006/08/14 10:55:48 | 000,000,000 | -H-D | M] -- C:\Program Files\Online Services
[2009/07/15 18:07:36 | 000,000,000 | -H-D | M] -- C:\Program Files\Opera
[2010/05/19 19:46:00 | 000,000,000 | -H-D | M] -- C:\Program Files\Outlook Express
[2006/12/12 13:02:57 | 000,000,000 | -H-D | M] -- C:\Program Files\Overland
[2009/12/16 12:06:10 | 000,000,000 | -H-D | M] -- C:\Program Files\PC Connectivity Solution
[2010/04/12 08:49:14 | 000,000,000 | -H-D | M] -- C:\Program Files\PeerGuardian2
[2008/11/21 17:41:36 | 000,000,000 | -H-D | M] -- C:\Program Files\Picasa
[2006/12/15 09:58:41 | 000,000,000 | -H-D | M] -- C:\Program Files\PIXELA
[2011/02/28 08:45:06 | 000,000,000 | -H-D | M] -- C:\Program Files\ProMash
[2006/12/06 10:51:45 | 000,000,000 | -H-D | M] -- C:\Program Files\QuickTime
[2010/02/04 14:45:56 | 000,000,000 | -H-D | M] -- C:\Program Files\Reference Assemblies
[2010/02/03 17:24:43 | 000,000,000 | -H-D | M] -- C:\Program Files\Seagate
[2009/10/03 15:26:05 | 000,000,000 | -H-D | M] -- C:\Program Files\Shockwave.com
[2006/08/14 12:11:22 | 000,000,000 | -H-D | M] -- C:\Program Files\SigmaTel
[2009/09/28 19:18:04 | 000,000,000 | RH-D | M] -- C:\Program Files\Skype
[2006/08/14 13:30:06 | 000,000,000 | -H-D | M] -- C:\Program Files\Sophos
[2007/01/25 09:17:12 | 000,000,000 | -H-D | M] -- C:\Program Files\Thunderbird
[2007/11/30 14:34:19 | 000,000,000 | -H-D | M] -- C:\Program Files\TypingQueen Demo
[2006/08/14 11:34:21 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2008/01/22 12:16:16 | 000,000,000 | -H-D | M] -- C:\Program Files\uTorrent
[2010/08/09 18:03:09 | 000,000,000 | -H-D | M] -- C:\Program Files\VideoLAN
[2007/04/02 14:43:58 | 000,000,000 | -H-D | M] -- C:\Program Files\WBS Chart Pro
[2009/12/17 14:44:13 | 000,000,000 | -H-D | M] -- C:\Program Files\Windows Live
[2007/12/07 10:03:57 | 000,000,000 | -H-D | M] -- C:\Program Files\Windows Live Favorites
[2007/03/01 21:09:42 | 000,000,000 | -H-D | M] -- C:\Program Files\Windows Live Safety Center
[2009/07/03 20:25:14 | 000,000,000 | -H-D | M] -- C:\Program Files\Windows Live SkyDrive
[2009/07/03 20:31:59 | 000,000,000 | -H-D | M] -- C:\Program Files\Windows Live Toolbar
[2006/12/15 15:49:59 | 000,000,000 | -H-D | M] -- C:\Program Files\Windows Media Connect 2
[2006/12/15 15:49:58 | 000,000,000 | -H-D | M] -- C:\Program Files\Windows Media Player
[2006/08/14 10:55:29 | 000,000,000 | -H-D | M] -- C:\Program Files\Windows NT
[2010/02/04 15:46:36 | 000,000,000 | -H-D | M] -- C:\Program Files\Windows Sidebar
[2006/08/14 10:58:12 | 000,000,000 | -H-D | M] -- C:\Program Files\WindowsUpdate
[2008/03/06 10:28:36 | 000,000,000 | -H-D | M] -- C:\Program Files\WinRAR
[2006/08/14 11:00:01 | 000,000,000 | -H-D | M] -- C:\Program Files\xerox
[2010/03/27 09:52:32 | 000,000,000 | -H-D | M] -- C:\Program Files\XoftSpySE
[2009/10/19 16:38:21 | 000,000,000 | -H-D | M] -- C:\Program Files\Yahoo!
[2007/03/11 12:58:25 | 000,000,000 | -H-D | M] -- C:\Program Files\Yetisports
[2009/10/19 16:35:50 | 000,000,000 | -H-D | M] -- C:\Program Files\Zero G Registry

< %appdata%\*.* >
[2006/08/14 20:15:07 | 000,000,062 | -HS- | M] () -- C:\Documents and Settings\FDU spare\Application Data\desktop.ini


< MD5 for: AGP440.SYS >
[2004/08/04 01:05:44 | 018,738,937 | -H-- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2004/08/03 23:07:42 | 000,042,368 | -H-- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\system32\dllcache\agp440.sys
[2004/08/03 23:07:42 | 000,042,368 | -H-- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\system32\drivers\AGP440.SYS
[2004/08/04 08:37:42 | 000,042,368 | -H-- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\system32\ReinstallBackups\0007\DriverFiles\i386\AGP440.SYS

< MD5 for: ATAPI.SYS >
[2004/08/04 01:05:44 | 018,738,937 | -H-- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | -H-- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | -H-- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | -H-- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0004\DriverFiles\i386\atapi.sys

< MD5 for: DISK.SYS >
[2004/08/04 01:05:44 | 018,738,937 | -H-- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:disk.sys
[2004/08/03 22:59:56 | 000,036,352 | -H-- | M] (Microsoft Corporation) MD5=00CA44E4534865F8A3B64F7C0984BFF0 -- C:\WINDOWS\system32\drivers\disk.sys

< MD5 for: EVENTLOG.DLL >
[2004/08/04 00:56:44 | 000,055,808 | -H-- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2004/08/04 00:56:44 | 000,055,808 | -H-- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\system32\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2009/02/07 04:16:09 | 000,408,064 | -H-- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll
[2009/02/07 04:16:09 | 000,408,064 | -H-- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB975467\SP2QFE\netlogon.dll
[2004/08/04 00:56:46 | 000,407,040 | -H-- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2004/08/04 00:56:46 | 000,407,040 | -H-- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\system32\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 00:56:46 | 000,180,224 | -H-- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\system32\dllcache\scecli.dll
[2004/08/04 00:56:46 | 000,180,224 | -H-- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\system32\scecli.dll

< MD5 for: USBSTOR.SYS >
[2004/08/04 01:05:44 | 018,738,937 | -H-- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:usbstor.sys
[2004/08/03 23:08:48 | 000,026,496 | -H-- | M] (Microsoft Corporation) MD5=6CD7B22193718F1D17A47A1CD6D37E75 -- C:\WINDOWS\system32\dllcache\usbstor.sys
[2004/08/03 23:08:48 | 000,026,496 | -H-- | M] (Microsoft Corporation) MD5=6CD7B22193718F1D17A47A1CD6D37E75 -- C:\WINDOWS\system32\drivers\USBSTOR.SYS

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-05-19 10:33:44

< End of report >

court_mcd
Novice
Novice

Status :
Online
Offline

Posts : 8
Joined : 2011-04-21
Gender : Female
OS : XPS3

View user profile

Back to top Go down

Re: Trojan.generic.2338857 ; win32.buzus infection

Post by court_mcd on Thu Apr 21, 2011 5:49 am

OTL Extras logfile created on: 21/04/2011 2:15:50 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\FDU spare\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

1,023.00 Mb Total Physical Memory | 325.00 Mb Available Physical Memory | 32.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 78.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 29.29 Gb Total Space | 3.68 Gb Free Space | 12.57% Space Free | Partition Type: NTFS
Drive D: | 45.23 Gb Total Space | 8.28 Gb Free Space | 18.30% Space Free | Partition Type: NTFS

Computer Name: FLINDERS-7B80CB | User Name: FDU spare | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.exe [@ = exefile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"25115:TCP" = 25115:TCP:*:Enabled:Utor1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe" = C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe:*:Enabled:javaw
"C:\StubInstaller.exe" = C:\StubInstaller.exe:*:Enabled:LimeWire swarmed installer
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC)
"C:\Program Files\Java\jre1.5.0_08\bin\javaw.exe" = C:\Program Files\Java\jre1.5.0_08\bin\javaw.exe:*:Enabled:Java(TM) 2 Platform Standard Edition binary -- (Sun Microsystems, Inc.)
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent
"G:\Program Files DONT TOUCH\utorrent.exe" = G:\Program Files DONT TOUCH\utorrent.exe:*:Enabled:µTorrent
"C:\Program Files\Hewlett-Packard\HP Software Update\HPWUCli.exe" = C:\Program Files\Hewlett-Packard\HP Software Update\HPWUCli.exe:*:Enabled:HP Software Update -- (Hewlett-Packard)
"C:\Program Files\Hewlett-Packard\hp color LaserJet 2550 Series\Diagnostic Assistant\bin\hprbevwr.exe" = C:\Program Files\Hewlett-Packard\hp color LaserJet 2550 Series\Diagnostic Assistant\bin\hprbevwr.exe:*:Enabled:HP Diagnostic Assistant
"C:\Program Files\Hewlett-Packard\hp color LaserJet 2550 Series\Digital Imaging\bin\Hpqdirec.exe" = C:\Program Files\Hewlett-Packard\hp color LaserJet 2550 Series\Digital Imaging\bin\Hpqdirec.exe:*:Enabled:HP Director -- (Hewlett-Packard Company)
"C:\Program Files\Hewlett-Packard\hp color LaserJet 2550 Series\Digital Imaging\Help\cuetour\START.exe" = C:\Program Files\Hewlett-Packard\hp color LaserJet 2550 Series\Digital Imaging\Help\cuetour\START.exe:*:Enabled:HP Image Zone Tour -- (Macromedia, Inc.)
"C:\Program Files\Hewlett-Packard\hp color LaserJet 2550 Series\Digital Imaging\bin\hpqtra08.exe" = C:\Program Files\Hewlett-Packard\hp color LaserJet 2550 Series\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\Hewlett-Packard\hp color LaserJet 2550 Series\Digital Imaging\bin\hpqste08.exe" = C:\Program Files\Hewlett-Packard\hp color LaserJet 2550 Series\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\Hewlett-Packard\hp color LaserJet 2550 Series\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\Hewlett-Packard\hp color LaserJet 2550 Series\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\Hewlett-Packard\hp color LaserJet 2550 Series\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\Hewlett-Packard\hp color LaserJet 2550 Series\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\Hewlett-Packard\hp color LaserJet 2550 Series\Digital Imaging\bin\hposid01.exe" = C:\Program Files\Hewlett-Packard\hp color LaserJet 2550 Series\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\Hewlett-Packard\hp color LaserJet 2550 Series\Digital Imaging\bin\hpqscnvw.exe" = C:\Program Files\Hewlett-Packard\hp color LaserJet 2550 Series\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe -- ()
"C:\Program Files\Hewlett-Packard\hp color LaserJet 2550 Series\Digital Imaging\bin\hpqkygrp.exe" = C:\Program Files\Hewlett-Packard\hp color LaserJet 2550 Series\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe -- (Hewlett-Packard)
"C:\Program Files\Hewlett-Packard\hp color LaserJet 2550 Series\Digital Imaging\bin\hpqCopy.exe" = C:\Program Files\Hewlett-Packard\hp color LaserJet 2550 Series\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\Hewlett-Packard\hp color LaserJet 2550 Series\Digital Imaging\bin\hpfccopy.exe" = C:\Program Files\Hewlett-Packard\hp color LaserJet 2550 Series\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard)
"C:\Program Files\Hewlett-Packard\hp color LaserJet 2550 Series\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\Hewlett-Packard\hp color LaserJet 2550 Series\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\Hewlett-Packard\hp color LaserJet 2550 Series\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Program Files\Hewlett-Packard\hp color LaserJet 2550 Series\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe -- (Hewlett-Packard)
"C:\Program Files\Hewlett-Packard\hp color LaserJet 2550 Series\Digital Imaging\Unload\HpqDIA.exe" = C:\Program Files\Hewlett-Packard\hp color LaserJet 2550 Series\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe -- ( )
"C:\Program Files\Hewlett-Packard\hp color LaserJet 2550 Series\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\Hewlett-Packard\hp color LaserJet 2550 Series\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\Hewlett-Packard\hp color LaserJet 2550 Series\Digital Imaging\bin\hpqnrs08.exe" = C:\Program Files\Hewlett-Packard\hp color LaserJet 2550 Series\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger
"C:\Program Files\Epson Software\Event Manager\EEventManager.exe" = C:\Program Files\Epson Software\Event Manager\EEventManager.exe:*:Enabled:EEventManager Application -- (SEIKO EPSON CORPORATION)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03B8AA32-F23C-4178-B8E6-09ECD07EAA47}" = Epson Event Manager
"{0711500B-9912-4D60-9A49-C577B4503D42}" = Nero Recode Help
"{07FF7593-9DEA-40B5-9F87-F557E65BBF60}" = Nero Recode
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{09C6BF52-6DBA-4A97-9939-B6C24E4738BF}" = Sophos Anti-Virus
"{0A65A3BD-54B5-4d0d-B084-7688507813F5}" = SlideShow
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{1122AAC4-AAAA-43BF-B2D4-3C8C12378952}" = Nero InfoTool
"{11A84FCA-C3C7-4AFD-A797-111DB8569DBC}" = Nero BurningROM
"{12345674-DE9A-677A-CCEE-666356D89777}" = Nero BurnRights
"{139E303E-1050-497F-98B1-9AE87B15C463}" = Windows Live Family Safety
"{15095BF3-A3D7-4DDF-B193-3A496881E003}" = Microsoft .NET Framework 3.0
"{15C0AF59-4877-49B6-B8C6-A61CE54515F5}" = cp_OnlineProjectsConfig
"{15C418EB-7675-42be-B2B3-281952DA014D}" = Sophos AutoUpdate
"{15EE79F4-4ED1-4267-9B0F-351009325D7D}" = HP Software Update
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{184E7118-0295-43C4-B72C-1D54AA75AAF7}" = Windows Live Mail
"{1B040683-C390-4711-ABC7-DA8D85E470E7}" = NeroBurningROM
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{2376813B-2E5A-4641-B7B3-A0D5ADB55229}" = HPPhotoSmartExpress
"{2405665A-16C9-4D3A-B70E-F006220E1472}" = Overland
"{267868CE-6DFF-40F7-9C58-C01119B7B117}" = Fax
"{2A30052B-831C-41D3-8044-3C0388066350}" = Seagate Manager Installer
"{2BBC9458-07CA-4843-848B-5C8146E5EFA8}" = CreativeProjects
"{2D3455A8-3B15-41A8-99F8-0D4215746463}" = Nero StartSmart
"{2F58D60D-2BFD-4467-9B4D-64E7355C329D}" = Sonic_PrimoSDK
"{3097B151-1F61-4211-A4CC-D70127B226AE}" = SoundTrax
"{3248F0A8-6813-11D6-A77B-00B0D0150070}" = J2SE Runtime Environment 5.0 Update 7
"{3248F0A8-6813-11D6-A77B-00B0D0150080}" = J2SE Runtime Environment 5.0 Update 8
"{3248F0A8-6813-11D6-A77B-00B0D0150090}" = J2SE Runtime Environment 5.0 Update 9
"{3248F0A8-6813-11D6-A77B-00B0D0150100}" = J2SE Runtime Environment 5.0 Update 10
"{3248F0A8-6813-11D6-A77B-00B0D0150110}" = J2SE Runtime Environment 5.0 Update 11
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2
"{33BF0960-DBA3-4187-B6CC-C969FCFA2D25}" = SkinsHP1
"{341201D4-4F61-4ADB-987E-9CCE4D83A58D}" = Windows Live Toolbar Extension (Windows Live Toolbar)
"{34A59AC3-6C5C-4A09-A7F5-369A37176C8A}" = AiOSoftware
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{363790D2-DA98-41DD-9C9F-69FA36B169DE}" = PanoStandAlone
"{39F58DDB-B2B8-4B86-AF20-4706A80EB30D}" = Epson Easy Photo Print 2
"{3AE681E0-4E8D-453F-950A-48534D3C0724}" = Copy
"{3CF78481-FB7B-4B51-99A2-D5E0CD0B3AAF}" = HPSystemDiagnostics
"{3F30CC51-0788-487B-AA83-7214A239C0C0}" = Nero Disc Copy Gadget Help
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{41E776A5-9B12-416D-9A12-B4F7B044EBED}" = CP_Package_Basic1
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{446DBFFA-4088-48E3-8932-74316BA4CAE4}" = iTunes
"{491DD792-AD81-429C-9EB4-86DD3D22E333}" = Windows Communication Foundation
"{491EAC1A-8ECB-45D5-97D1-0583D5676914}" = ProMash
"{4D42353B-533F-4306-AD0B-7FEF292ADE04}" = Nero CoverDesigner Help
"{4E8C27C2-D727-4C00-A90E-C3F6376EEE70}" = Nero ControlCenter
"{4EA684E9-5C81-4033-A696-3019EC57AC3A}" = HPProductAssistant
"{50D8FFDD-90CD-4859-841F-AA1961C7767A}" = QuickTime
"{52504CE6-E909-4113-B232-4AFEC6543A61}" = Broadcom 440x 10/100 Integrated Controller
"{5380063E-2909-4d72-BFA3-625881F2E78B}" = Intel(R) PROSet for Wireless
"{53EE9E42-CECB-4C92-BF76-9CA65DAF8F1C}" = FullDPAppQFolder
"{548F99E0-14CC-4D53-A7D6-4A62A5F2C748}" = Nero PhotoSnap
"{56BE5CC9-95E6-4128-ABEA-968414CA9C80}" = DolbyFiles
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57B2281D-A34A-4a48-8C68-169B8873659D}" = c4100_Help
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{597D73A8-5FDB-4bc1-9893-40B54459F1BC}" = ProductContext
"{5A62A775-A29A-4CE1-BBC2-4A9CD0B211EF}" = Nero Live Help
"{5AE12194-3EAA-40DF-B2BF-FE1D6B78BBF4}" = Nero Vision
"{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}" = Sony USB Driver
"{5C2E8A0F-80E2-4C68-8CC0-D8D16E7196BF}" = Nero RescueAgent Help
"{5C42EAB8-54F9-423A-948C-1CBEF25F8DB4}" = Nero PhotoSnap Help
"{5C9BB0B3-E830-4814-BBA4-D93535E1C7B9}" = Nero Live
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{66910000-8B30-4973-A159-6371345AFFA5}" = WebReg
"{6696D9A4-28A8-4F5A-8E9A-2E8974C8C39C}" = RandMap
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{68763C27-235D-4165-A961-FDEA228CE504}" = AiOSoftwareNPI
"{6909F917-5499-482e-9AA1-FAD06A99F231}" = Toolbox
"{6BD4B0B5-3359-4932-BF94-C805EE83E710}" = 2350_Help
"{6CD27A25-D4A5-4e25-86B1-36EBBA2BA279}" = 2350Trb
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6E0352EE-6F0D-4FBC-B1B8-4FF032C78BE0}" = PC Connectivity Solution
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{736C803C-DD3B-4015-BC51-AFB9E67B9076}" = Readme
"{75321954-2589-11DC-DDCC-E98356D81493}" = Nero DriveSpeed
"{753973C4-B961-43BF-B2D4-3C8C92F7216E}" = Nero DriveSpeed
"{766273C1-A39B-47EB-ACE8-DEBDD8094BCC}" = overland
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{78523651-D8B1-11DC-CCEE-741589645873}" = Nero DiscSpeed
"{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}" = Windows Live Favorites for Windows Live Toolbar
"{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}" = Windows Workflow Foundation
"{7E7B7865-6C80-4373-8BC1-C2EB9431F9DE}" = ProductContextNPI
"{7F2AC7B5-3DA8-45d3-B5E5-F36DCD9FDC6A}" = 2350
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{8331C3EA-0C91-43AA-A4D4-27221C631139}" = Status
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A4CE7FD-9657-4B06-9943-E1819F3D5D67}" = DocProc
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8C6027FD-53DC-446D-BB75-CACD7028A134}" = HP Update
"{8C654BD0-1949-43DE-84F2-EC2A1ABB0CB4}" = Nero ShowTime
"{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}" = Unload
"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer
"{8F722FA9-B994-4C9B-B292-FD32D6206EDF}" = ASUS WLAN Card Utilities/Driver
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00B2-0409-0000-0000000FF1CE}" = Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90535871-81B9-4D99-8A13-A7EE97F2D7FE}" = Dell Bluetooth Software
"{90AD0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office PowerPoint 2003 Template Pack 3
"{943CC0C0-2253-4FE0-9493-DD386F7857FD}" = Nero Express
"{948FFAAE-C57F-447B-9B07-3721E950BFDC}" = Nero ShowTime
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95120000-0122-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{961D53EA-40DC-4156-AD74-25684CE05F81}" = Nero Installer
"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
"{996512CF-F35B-48DE-9291-557FA5316967}" = ScannerCopy
"{9A875B56-A35C-46BA-A3AA-DF8D03EE9F2F}" = Nero ControlCenter
"{9B427732-573E-4E78-B6FA-AC3E5A218BA2}" = NMAS Client
"{9C9CEB9D-53FD-49A7-85D2-FE674F72F24E}" = Microsoft Search Enhancement Pack
"{9CB2512B-3EC4-43DF-8002-46BDAB5EDD1B}" = QuickProjects
"{9EEBF8D5-8712-4D1D-88F4-4CDC2D270BC3}" = PrintScreen
"{9F3523F8-DAD7-AE52-6DA7-45CDDDF33726}" = Advertising Center
"{A1062847-0846-427A-92A1-BB8251A91E91}" = HP PSC & OfficeJet 4.2
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A29800BA-0BF1-4E63-9F31-DF05A87F4104}" = InstantShareDevices
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = C-Major Audio
"{A4EA3AB4-E78C-4286-96DF-26035507CE55}" = AiO_Scan
"{A50C25D7-62E9-4511-AD70-8E2DA5E79B7D}" = Apple Software Update
"{A5C4AD72-25FE-4899-B6DF-6D8DF63C93CF}" = Highlight Viewer (Windows Live Toolbar)
"{A73BEC3C-40A0-480E-87EF-EFCD33629088}" = NeroExpress
"{A8399F58-234A-48C6-BA55-30C15738BF3C}" = Nero CoverDesigner
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AAA12554-2589-11DC-92EF-E98356D81493}" = Nero InfoTool
"{AABBCC54-D8B1-11DC-92EF-E98356D81493}" = Nero DiscSpeed
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A71000000002}" = Adobe Reader 7.1.0
"{B2157760-AA3C-4E2E-BFE6-D20BC52495D9}" = cp_PosterPrintConfig
"{B2C12C8D-65DC-40BD-B309-5ADB0C6C8D8F}" = Nero WaveEditor
"{B2D55EB8-32C5-4B43-9006-9E97DECBA178}" = Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser)
"{B45D9FEE-1AF4-46F3-9A83-2545F81547F5}" = CreativeProjectsTemplates
"{B6286A44-7505-471A-A72B-04EC2DB2F442}" = CueTour
"{B69CFE29-FD03-4E0A-87A7-6ED97F98E5B3}" = CP_Panorama1Config
"{B74D4E10-6884-0000-0000-000000000103}" = Adobe Bridge 1.0
"{B96C2601-52F5-4D5D-816A-63469EA311EF}" = "Nero SoundTrax Help
"{B9A5A789-D491-49FB-958C-BFEC2C11BB1D}" = NMAS Challenge Response Method
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BCC992E5-5C81-4066-9B55-03DC10B24D21}" = InstantShare
"{BCD82AB5-670D-4242-90FA-1F97103C16CD}" = Movie Templates - Starter Kit
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BDBE2F3E-42DB-4d4a-8CB1-19BA765DBC6C}" = HP Photosmart, Officejet and Deskjet 7.0.A
"{C1C6767D-B395-43CB-BF99-051B58B86DA6}" = PhotoGallery
"{C4A978A3-CAE4-4856-89D5-696498A7B8F7}" = HPODiscovery
"{C66FE99D-7C15-40A0-AE4A-A1A3900D9EE3}" = MyVirtualHome
"{C7F54CF8-D6FB-4E0A-93A3-E68AE0D6C476}" = SolutionCenter
"{C871525F-7116-4d26-BA6D-215F59B6F88B}" = C4100
"{C8753E28-2680-49BF-BD48-DD38FD086EFE}" = AiO_Scan_CDA
"{C99C89A3-119A-45E6-B26E-DD5643CAA0C5}" = Menu Templates - Starter Kit
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD1826A5-CFCC-4C6E-9F9D-E181876162EA}" = Nero Rescue Agent
"{D01653EF-9F9F-41D6-B879-654A6BF5892C}" = Digital Locker Assistant
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{D78653C3-A8FF-415F-92E6-D774E634FF2D}" = Dell ResourceCD
"{D7C206B6-1A63-4389-A8B1-8F607D0BFF1F}" = Nero StartSmart Help
"{D989BCC0-757C-4FB6-893C-512DF4382656}" = MetaFrame Presentation Server Client
"{DBC20735-34E6-4E97-A9E5-2066B66B243D}" = TrayApp
"{DDD512C6-2251-4046-8F25-1A5EB355015E}" = Intel(R) mDriver
"{e1e9b5bd-1f14-4b7e-87e4-3dcd9ccc3c88}" = Nero 9
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E4A8DD87-A746-4443-BF25-CAF99CED6767}" = Nero Disc Copy Gadget
"{E86156E5-9859-440D-8876-26CED1349802}" = Nero WaveEditor Help
"{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
"{EA9FFE54-D8B1-11DC-92EF-E98356D81493}" = Nero BurnRights
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{ED2C557E-9C18-41FF-B58E-A05EEF0B3B5F}" = CP_CalendarTemplates1
"{EE0D5DCD-2B97-4473-98DF-E93C0BD92F7A}" = Adobe Stock Photos 1.0
"{F02DBC5D-33E3-45E9-B0F8-B7745229ED1C}" = NICI (Shared) U.S./Worldwide (128 bit) (2.6.8-2)
"{F084395C-40FB-4DB3-981C-B51E74E1E83D}" = Smart Menus (Windows Live Toolbar)
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F157460F-720E-482f-8625-AD7843891E5F}" = InstantShareDevicesMFC
"{F3760724-B29D-465B-BC53-E5D72095BCC4}" = Scan
"{F53F6769-AC46-49E3-ABE3-2C8AFD39D0DD}" = Nero Vision
"{F6076EF9-08E1-442F-B6A2-BFB61B295A14}" = Fax_CDA
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F8C6BABF-0837-4EA0-AD6C-8E5A392A7538}" = ImageMixer VCD2
"{F9000000-0018-0000-0000-074957833700}" = ABBYY FineReader 9.0 Sprint
"{FB15E224-67C3-491F-9F5C-F257BC418412}" = Destinations
"{FBB980B0-63F8-4B48-8D65-90F1D9F81D9F}" = NewCopy_CDA
"ABBYY FineReader 9.0 Sprint" = ABBYY FineReader 9.0 Sprint
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"Adobe Shockwave Player" = Adobe Shockwave Player
"All ATI Software" = ATI - Software Uninstall Utility
"America Online" = America Online
"ATI Display Driver" = ATI Display Driver
"Carbonite Setup Lite" = Carbonite Online Backup Setup
"CNXT_MODEM_PCI_VEN_8086&DEV_24x6&SUBSYS_542214F1" = Conexant D480 MDC V.9x Modem
"Digital Media Converter_is1" = Digital Media Converter 2.72
"DMX5_is1" = DriverMax 5
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EPSON Scanner" = EPSON Scan
"EPSON TX120 NX120 Series" = EPSON TX120 NX120 Series Printer Uninstall
"EPSON TX120 NX120 Series Manual" = EPSON TX120 NX120 Series Manual
"Google Chrome" = Google Chrome
"Google Updater" = Google Updater
"HP Imaging Device Functions" = HP Imaging Device Functions 7.0
"HP Photo & Imaging" = HP Photosmart Premier Software 6.5
"HP Solution Center & Imaging Support Tools" = HP Solution Center 7.0
"HPOCR" = OCR Software by I.R.I.S 7.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"IKEA Home Planner" = IKEA Home Planner
"InstallShield_{2A30052B-831C-41D3-8044-3C0388066350}" = Seagate Manager Installer
"InstallShield_{52504CE6-E909-4113-B232-4AFEC6543A61}" = Broadcom 440x 10/100 Integrated Controller
"Internode Monthly Usage Meter_is1" = Internode Monthly Usage Meter 8.1s
"IrfanView" = IrfanView (remove only)
"LimeWire" = LimeWire 4.16.6
"MetaFrame Presentation Server Web Client for Win32" = MetaFrame Presentation Server Web Client for Win32
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"Microsoft .NET Framework 3.0" = Microsoft .NET Framework 3.0
"Mozilla Firefox (3.5.10)" = Mozilla Firefox (3.5.10)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NeroMultiInstaller!UninstallKey" = Nero Suite
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Novell Client for Windows" = Novell Client for Windows
"PFConfig" = PFConfig 1.0.127
"Picasa 3" = Picasa 3
"Snail Mail™" = Snail Mail™
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.1.2
"WBS Chart Pro" = WBS Chart Pro
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"WIC" = Windows Imaging Component
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01007" = Microsoft User-Mode Driver Framework Feature Pack 1.7
"XoftSpySE" = XoftSpySE
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"uTorrent" = µTorrent

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 19/04/2011 3:17:41 AM | Computer Name = FLINDERS-7B80CB | Source = Application Hang | ID = 1002
Description = Hanging application nero.exe, version 6.6.0.17, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 19/04/2011 3:29:38 AM | Computer Name = FLINDERS-7B80CB | Source = Application Hang | ID = 1002
Description = Hanging application E_FARNGGP.EXE, version 7.0.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 19/04/2011 3:31:00 AM | Computer Name = FLINDERS-7B80CB | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 21/04/2011 12:51:34 AM | Computer Name = FLINDERS-7B80CB | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at:
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 21/04/2011 12:51:34 AM | Computer Name = FLINDERS-7B80CB | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at:
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 21/04/2011 12:51:49 AM | Computer Name = FLINDERS-7B80CB | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from:
with error: This operation returned because the timeout period expired.

Error - 21/04/2011 12:52:22 AM | Computer Name = FLINDERS-7B80CB | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at:
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 21/04/2011 12:52:37 AM | Computer Name = FLINDERS-7B80CB | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from:
with error: This operation returned because the timeout period expired.

Error - 21/04/2011 12:52:42 AM | Computer Name = FLINDERS-7B80CB | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at:
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 21/04/2011 12:52:42 AM | Computer Name = FLINDERS-7B80CB | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from:
with error: The specified server cannot perform the requested operation.

[ OSession Events ]
Error - 6/08/2008 9:41:39 PM | Computer Name = FLINDERS-7B80CB | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.6021.5000. This session lasted 42
seconds with 0 seconds of active time. This session ended with a crash.

Error - 6/08/2008 9:42:26 PM | Computer Name = FLINDERS-7B80CB | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.6021.5000. This session lasted 8
seconds with 0 seconds of active time. This session ended with a crash.

Error - 6/08/2008 9:42:46 PM | Computer Name = FLINDERS-7B80CB | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.6021.5000. This session lasted 12
seconds with 0 seconds of active time. This session ended with a crash.

Error - 27/01/2009 4:05:17 AM | Computer Name = FLINDERS-7B80CB | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6308.5000, Microsoft Office Version: 12.0.4518.1014. This session lasted 2124
seconds with 60 seconds of active time. This session ended with a crash.

Error - 19/11/2009 1:31:44 AM | Computer Name = FLINDERS-7B80CB | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6308.5000, Microsoft Office Version: 12.0.4518.1014. This session lasted 14776
seconds with 12180 seconds of active time. This session ended with a crash.

Error - 14/04/2010 3:43:58 AM | Computer Name = FLINDERS-7B80CB | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6308.5000, Microsoft Office Version: 12.0.4518.1014. This session lasted 11402
seconds with 4620 seconds of active time. This session ended with a crash.

Error - 12/02/2011 2:18:51 AM | Computer Name = FLINDERS-7B80CB | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6331.5000, Microsoft Office Version: 12.0.4518.1014. This session lasted 21
seconds with 0 seconds of active time. This session ended with a crash.

Error - 12/02/2011 2:19:09 AM | Computer Name = FLINDERS-7B80CB | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6331.5000, Microsoft Office Version: 12.0.4518.1014. This session lasted 11
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 20/04/2011 11:15:27 PM | Computer Name = FLINDERS-7B80CB | Source = sptd | ID = 262148
Description = Driver detected an internal error in its data structures for .

Error - 20/04/2011 11:15:27 PM | Computer Name = FLINDERS-7B80CB | Source = sptd | ID = 262148
Description = Driver detected an internal error in its data structures for .

Error - 20/04/2011 11:15:27 PM | Computer Name = FLINDERS-7B80CB | Source = sptd | ID = 262148
Description = Driver detected an internal error in its data structures for .

Error - 20/04/2011 11:15:27 PM | Computer Name = FLINDERS-7B80CB | Source = sptd | ID = 262148
Description = Driver detected an internal error in its data structures for .

Error - 20/04/2011 11:15:27 PM | Computer Name = FLINDERS-7B80CB | Source = sptd | ID = 262148
Description = Driver detected an internal error in its data structures for .

Error - 20/04/2011 11:16:52 PM | Computer Name = FLINDERS-7B80CB | Source = Service Control Manager | ID = 7000
Description = The Bluetooth Device (RFCOMM Protocol TDI) service failed to start
due to the following error: %%1058

Error - 20/04/2011 11:16:52 PM | Computer Name = FLINDERS-7B80CB | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
IntelIde

Error - 20/04/2011 11:18:30 PM | Computer Name = FLINDERS-7B80CB | Source = Windows Update Agent | ID = 16
Description = Unable to Connect: Windows is unable to connect to the automatic updates
service and therefore cannot download and install updates according to the set
schedule. Windows will continue to try to establish a connection.

Error - 20/04/2011 11:50:30 PM | Computer Name = FLINDERS-7B80CB | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the szserver service.

Error - 20/04/2011 11:51:00 PM | Computer Name = FLINDERS-7B80CB | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the service.


< End of report >

court_mcd
Novice
Novice

Status :
Online
Offline

Posts : 8
Joined : 2011-04-21
Gender : Female
OS : XPS3

View user profile

Back to top Go down

Re: Trojan.generic.2338857 ; win32.buzus infection

Post by court_mcd on Thu Apr 21, 2011 5:50 am

About to run Kapersky in Safe mode.

court_mcd
Novice
Novice

Status :
Online
Offline

Posts : 8
Joined : 2011-04-21
Gender : Female
OS : XPS3

View user profile

Back to top Go down

Re: Trojan.generic.2338857 ; win32.buzus infection

Post by Belahzur on Thu Apr 21, 2011 8:02 pm

Hello.

  • Download combofix from here
    [You must be registered and logged in to see this link.]

    1. If you are using Firefox, make sure that your download settings are as follows:

    * Tools->Options->Main tab
    * Set to "Always ask me where to Save the files".

    2. During the download, rename Combofix to Combo-Fix as follows:





    3. It is important you rename Combofix during the download, but not after.
    4. Please do not rename Combofix to other names, but only to the one indicated.
    5. Close any open browsers.
    6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

  • We need to disable your local AV (Anti-virus) before running Combofix.
  • See [You must be registered and logged in to see this link.] for how to disable your AV.
  • Double click on ComboFix.exe.
  • Follow the prompts. NOTE:
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
    ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.


  • The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.



  • Allow ComboFix to download the Recovery Console.
  • Accept the End-User License Agreement.
  • The Recovery Console will be installed.
  • You will then get this next prompt that asks if you want to continue the malware scan, select yes



  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Trojan.generic.2338857 ; win32.buzus infection

Post by court_mcd on Fri Apr 22, 2011 2:33 am

Thanks. I'll give that a go.
Also this is what Kapersky found, but it didn't manage to remove the virus.

Autoscan: stopped 20 hours ago (events: 2, objects: 0, time: 00:00:09)
21/04/2011 3:20:49 PM Task stopped
21/04/2011 3:20:39 PM Task started
Autoscan: completed 15 hours ago (events: 14, objects: 223176, time: 04:36:34)
21/04/2011 3:26:15 PM Task started
21/04/2011 3:39:04 PM Detected: Exploit.OSX.Smid.b C:\Documents and Settings\FDU spare\Application Data\Sun\Java\Deployment\cache\6.0\30\2bae4f1e-3578ffed/AppletX.class
21/04/2011 3:39:05 PM Detected: Trojan-Downloader.Java.Agent.kh C:\Documents and Settings\FDU spare\Application Data\Sun\Java\Deployment\cache\6.0\34\25f60ca2-5e75f395/trew/plopert.class
21/04/2011 3:45:01 PM Deleted: Exploit.OSX.Smid.b C:\Documents and Settings\FDU spare\Application Data\Sun\Java\Deployment\cache\6.0\30\2bae4f1e-3578ffed/AppletX.class
21/04/2011 3:45:02 PM Deleted: Trojan-Downloader.Java.Agent.kh C:\Documents and Settings\FDU spare\Application Data\Sun\Java\Deployment\cache\6.0\34\25f60ca2-5e75f395/trew/plopert.class
21/04/2011 3:58:35 PM Detected: Trojan-Spy.HTML.Fraud.gen C:\Documents and Settings\FDU spare\Local Settings\Application Data\Microsoft\Windows Live Mail\Hotmail (co fe5\Junk e-mail\21A04783-0000007E.eml
21/04/2011 6:49:30 PM Detected: Trojan.Win32.Buzus.byzl C:\System Volume Information\_restore{94C8D6E0-A027-4367-A913-1BA1E459FD76}\RP653\A0147189.exe
21/04/2011 6:50:11 PM Detected: HEUR:Trojan.Win32.Generic C:\System Volume Information\_restore{94C8D6E0-A027-4367-A913-1BA1E459FD76}\RP654\A0147208.exe
21/04/2011 6:51:43 PM Deleted: Trojan.Win32.Buzus.byzl C:\System Volume Information\_restore{94C8D6E0-A027-4367-A913-1BA1E459FD76}\RP653\A0147189.exe
21/04/2011 6:52:31 PM Detected: HEUR:Trojan.Win32.Generic C:\System Volume Information\_restore{94C8D6E0-A027-4367-A913-1BA1E459FD76}\RP654\A0150226.exe
21/04/2011 7:44:41 PM Detected: Trojan-Downloader.Win32.Agent.fhac C:\WINDOWS\system32\setup.exe.tmp
21/04/2011 7:48:44 PM Detected: HEUR:Trojan.Win32.Generic C:\WINDOWS\system32\drivers\20232.sys
21/04/2011 7:58:48 PM Deleted: Trojan-Downloader.Win32.Agent.fhac C:\WINDOWS\system32\setup.exe.tmp
21/04/2011 8:02:50 PM Task completed

court_mcd
Novice
Novice

Status :
Online
Offline

Posts : 8
Joined : 2011-04-21
Gender : Female
OS : XPS3

View user profile

Back to top Go down

Re: Trojan.generic.2338857 ; win32.buzus infection

Post by court_mcd on Fri Apr 22, 2011 3:19 am

Well I've got all my programs & desktop icons back! So quite an improvement! Thank you. Here's the combo-fix log

ComboFix 11-04-21.02 - FDU spare 22/04/2011 12:21:34.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1023.665 [GMT 9.5:30]
Running from: c:\documents and settings\FDU spare\Desktop\Combo-Fix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Google earth.exe
c:\documents and settings\FDU spare\Desktop\Windows Recovery.lnk
c:\documents and settings\FDU spare\jaudioMp3Win.tar
c:\documents and settings\FDU spare\Start Menu\Programs\Windows Recovery
c:\documents and settings\FDU spare\Start Menu\Programs\Windows Recovery\Uninstall Windows Recovery.lnk
c:\documents and settings\FDU spare\Start Menu\Programs\Windows Recovery\Windows Recovery.lnk
C:\LOG1.tmp
C:\LOG11.tmp
C:\LOG19B.tmp
C:\LOG2.tmp
C:\LOG3.tmp
C:\LOG4.tmp
C:\LOG40.tmp
C:\LOG5.tmp
C:\LOG6.tmp
C:\LOG7.tmp
C:\LOG8.tmp
C:\LOG9.tmp
C:\LOGA.tmp
C:\LOGA4.tmp
C:\LOGB.tmp
C:\LOGC.tmp
C:\LOGD.tmp
C:\LOGE.tmp
c:\program files\FunWebProducts
c:\program files\MyWebSearch
c:\program files\MyWebSearch\SrchAstt\1.bin\MWSSrcas.dll
c:\windows\Downloaded Program Files\f3initialsetup1.0.1.1.inf
D:\AUTORUN.INF
.
Infected copy of c:\windows\system32\drivers\volsnap.sys was found and disinfected
Restored copy from - Kitty had a snack :p
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_Parameters
-------\Service_Security
.
.
((((((((((((((((((((((((( Files Created from 2011-03-22 to 2011-04-22 )))))))))))))))))))))))))))))))
.
.
2011-04-21 04:51 . 2009-10-22 04:24 37392 ----a-w- c:\windows\system32\drivers\19539682.sys
2011-04-21 04:51 . 2009-10-09 14:01 315408 ----a-w- c:\windows\system32\drivers\1953968.sys
2011-04-21 04:51 . 2009-09-25 08:29 128016 ----a-w- c:\windows\system32\drivers\19539681.sys
2011-04-21 03:34 . 2011-04-21 04:35 -------- d--h--w- c:\windows\BDOSCAN8
2011-04-18 21:27 . 2011-04-21 03:51 -------- d--h--w- c:\documents and settings\All Users\Application Data\STOPzilla!
2011-04-18 21:25 . 2011-04-18 21:25 509440 ---ha-w- C:\SZSetupAV.exe
2011-04-18 14:51 . 2011-04-18 14:59 -------- d--h--w- c:\windows\system32\NtmsData
2011-04-18 14:48 . 2011-04-18 14:48 -------- d--h--w- c:\documents and settings\FDU spare\Application Data\Avira
2011-04-18 14:33 . 2011-04-18 14:33 51349520 ---ha-w- C:\avira_antivir_personal_en.exe
2011-04-18 13:35 . 2011-04-18 13:35 65536 ---ha-w- c:\windows\system32\Spool\prtprocs\w32x86\87431.tmp
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-11 01:57 . 2010-02-13 01:20 45056 ---ha-r- c:\documents and settings\FDU spare\Application Data\Microsoft\Installer\{491EAC1A-8ECB-45D5-97D1-0583D5676914}\ProMash.exe1_491EAC1A8ECB45D597D10583D5676914.exe
2011-02-11 01:57 . 2010-02-13 01:20 45056 ---ha-r- c:\documents and settings\FDU spare\Application Data\Microsoft\Installer\{491EAC1A-8ECB-45D5-97D1-0583D5676914}\ProMash.exe_491EAC1A8ECB45D597D10583D5676914.exe
2007-11-19 02:01 . 2009-02-01 22:49 3686400 ---ha-w- c:\program files\Shortcut to IKEA Home Planner.lnk
2007-03-13 06:03 . 2007-03-13 06:03 37844544 ---ha-w- c:\program files\iTunesSetup.exe
2007-03-08 03:43 . 2007-03-08 03:43 47122544 ---ha-w- c:\program files\Symantec Antivirus.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2009-12-13 289584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NWTRAY"="NWTRAY.EXE" [2002-03-12 28672]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"MaxMenuMgr"="c:\program files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" [2009-09-25 185640]
"EEventManager"="c:\program files\Epson Software\Event Manager\EEventManager.exe" [2009-12-02 976320]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"TSClientMSIUninstaller"="c:\windows\Installer\TSClientMsiTrans\tscuinst.vbs" [2006-11-07 12451]
.
c:\documents and settings\FDU spare\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-7 101440]
setup_9.0.0.722_21.04.2011_06-53[1].lnk - c:\documents and settings\FDU spare\Desktop\Virus Removal Tool\setup_9.0.0.722_21.04.2011_06-53[1]\startup.exe [2011-4-21 72208]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"CompatibleRUPSecurity"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Sebring]
2004-01-13 05:47 110592 ---ha-w- c:\windows\system32\LgNotify.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AutoUpdate Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\AutoUpdate Monitor.lnk
backup=c:\windows\pss\AutoUpdate Monitor.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BTTray.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\BTTray.lnk
backup=c:\windows\pss\BTTray.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Photosmart Premier Fast Start.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk
backup=c:\windows\pss\HP Photosmart Premier Fast Start.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^MiniMavis.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\MiniMavis.lnk
backup=c:\windows\pss\MiniMavis.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^FDU spare^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=c:\documents and settings\FDU spare\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=c:\windows\pss\Adobe Gamma.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^FDU spare^Start Menu^Programs^Startup^America Online 5.0 Tray Icon.lnk]
path=c:\documents and settings\FDU spare\Start Menu\Programs\Startup\America Online 5.0 Tray Icon.lnk
backup=c:\windows\pss\America Online 5.0 Tray Icon.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
2004-08-12 11:40 339968 ---ha-w- c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
2004-08-03 15:26 110592 ---ha-w- c:\windows\system32\bthprops.cpl
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2004-08-03 15:26 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
2005-01-12 04:24 241664 ---ha-w- c:\program files\HP\hpcoretech\hpcmpmgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2006-02-18 17:11 49152 ---ha-w- c:\program files\Hewlett-Packard\hp color LaserJet 2550 Series\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2006-10-29 23:06 256576 ---ha-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 01:20 155648 ---ha-w- c:\windows\system32\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NWTRAY]
2002-03-12 01:07 28672 ---ha-w- c:\windows\system32\nwtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PRONoMgr.exe]
2003-12-19 03:19 86016 ---ha-w- c:\program files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2006-12-06 01:21 282624 ---ha-w- c:\program files\QuickTime\qttask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2003-10-31 09:12 32768 ---ha-w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2007-07-11 18:30 132496 ---ha-w- c:\program files\Java\jre1.6.0_02\bin\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2007-07-12 06:39 68856 ---ha-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Java\\jre1.5.0_08\\bin\\javaw.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Hewlett-Packard\\HP Software Update\\HPWUCli.exe"=
"c:\\Program Files\\HP\\hpcoretech\\hpcmpmgr.exe"=
"c:\\Program Files\\Hewlett-Packard\\hp color LaserJet 2550 Series\\Digital Imaging\\bin\\Hpqdirec.exe"=
"c:\\Program Files\\Hewlett-Packard\\hp color LaserJet 2550 Series\\Digital Imaging\\Help\\cuetour\\START.exe"=
"c:\\Program Files\\Hewlett-Packard\\hp color LaserJet 2550 Series\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\Hewlett-Packard\\hp color LaserJet 2550 Series\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\Hewlett-Packard\\hp color LaserJet 2550 Series\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\Hewlett-Packard\\hp color LaserJet 2550 Series\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\Hewlett-Packard\\hp color LaserJet 2550 Series\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\Hewlett-Packard\\hp color LaserJet 2550 Series\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\Hewlett-Packard\\hp color LaserJet 2550 Series\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\Hewlett-Packard\\hp color LaserJet 2550 Series\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\Hewlett-Packard\\hp color LaserJet 2550 Series\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\Hewlett-Packard\\hp color LaserJet 2550 Series\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\Hewlett-Packard\\hp color LaserJet 2550 Series\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\Hewlett-Packard\\hp color LaserJet 2550 Series\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\Hewlett-Packard\\hp color LaserJet 2550 Series\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\Hewlett-Packard\\hp color LaserJet 2550 Series\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Epson Software\\Event Manager\\EEventManager.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"25115:TCP"= 25115:TCP:Utor1
.
R0 19539682;19539682 Boot Guard Driver;c:\windows\system32\drivers\19539682.sys [21/04/2011 2:21 PM 37392]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [12/02/2007 6:14 PM 639224]
R1 19539681;19539681;c:\windows\system32\drivers\19539681.sys [21/04/2011 2:21 PM 128016]
R2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\program files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [14/05/2009 4:07 PM 759048]
R2 FreeAgentGoNext Service;Seagate Service;c:\program files\Seagate\SeagateManager\Sync\FreeAgentService.exe [25/09/2009 10:32 PM 189736]
S0 is3srv;is3srv;c:\windows\system32\drivers\is3srv.sys --> c:\windows\system32\drivers\is3srv.sys [?]
S0 szkg5;szkg5;c:\windows\system32\DRIVERS\szkg.sys --> c:\windows\system32\DRIVERS\szkg.sys [?]
S0 szkgfs;szkgfs;c:\windows\system32\drivers\szkgfs.sys --> c:\windows\system32\drivers\szkgfs.sys [?]
S2 gupdate1c9ac71c2d67e0;Google Update Service (gupdate1c9ac71c2d67e0);c:\program files\Google\Update\GoogleUpdate.exe [24/03/2009 8:39 PM 133104]
.
Contents of the 'Scheduled Tasks' folder
.
2011-04-22 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2006-12-18 11:08]
.
2011-04-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-24 11:09]
.
2011-04-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-24 11:09]
.
2011-04-21 c:\windows\Tasks\User_Feed_Synchronization-{F30FF99A-BAB0-43C9-861E-A588716FAAAD}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 18:01]
.
2011-04-22 c:\windows\Tasks\XoftSpySE 2.job
- c:\program files\XoftSpySE\XoftSpy.exe [2007-07-13 05:14]
.
2011-04-18 c:\windows\Tasks\XoftSpySE.job
- c:\program files\XoftSpySE\XoftSpy.exe [2007-07-13 05:14]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uDefault_Search_URL = [You must be registered and logged in to see this link.]
uSearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
mSearch Bar = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyOverride =
uSearchAssistant = [You must be registered and logged in to see this link.]
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Add to Windows &Live Favorites - [You must be registered and logged in to see this link.]
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: Send To &Bluetooth - c:\program files\Dell\Bluetooth Software\btsendto_ie_ctx.htm
Trusted Zone: flinders.edu.au\gateway
Trusted Zone: select2perform.com.au\www
FF - ProfilePath - c:\documents and settings\FDU spare\Application Data\Mozilla\Firefox\Profiles\xsryr3nr.default\
FF - prefs.js: browser.search.defaulturl - [You must be registered and logged in to see this link.]
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - prefs.js: keyword.URL - [You must be registered and logged in to see this link.]
FF - prefs.js: network.proxy.type - 2
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
FF - Ext: Move Media Player: [You must be registered and logged in to see this link.] - %profile%\extensions\moveplayer@movenetworks.com
FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF - user.js: yahoo.homepage.dontask - true
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-DriverMax - (no file)
HKCU-Run-DriverMax_RESTART - (no file)
Notify-TPSvc - TPSvc.dll
MSConfigStartUp-BitTorrent - c:\program files\BitTorrent\bittorrent.exe
MSConfigStartUp-ccApp - c:\program files\Common Files\Symantec Shared\ccApp.exe
MSConfigStartUp-DAEMON Tools - g:\program files dont touch\DAEMON Tools\daemon.exe
MSConfigStartUp-Microsoft - test.exe
MSConfigStartUp-osCheck - c:\program files\Norton Internet Security\osCheck.exe
MSConfigStartUp-Picasa Media Detector - g:\anita's backuppicasa2\PicasaMediaDetector.exe
MSConfigStartUp-StatusClient 2 - c:\program files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe
MSConfigStartUp-TomcatStartup 2 - c:\program files\Hewlett-Packard\Toolbox\hpbpsttp.exe
AddRemove-IrfanView - c:\program files\IrfanView\iv_uninstall.exe
AddRemove-PFConfig - g:\program files dont touch\PFConfig\uninst.exe
AddRemove-XoftSpySE - g:\program files dont touch\XoftSpySE\uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2011-04-22 12:29
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1060284298-764733703-1343024091-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{2CFB54C5-4CCE-EE23-476E-712A432415FB}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"abegipgemoljgeoaepkpcodcccnodllapf"=hex:61,61,00,00
"bbegipgemoljgeoaepdadodabkmpiohblpml"=hex:61,61,00,00
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(984)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\LgNotify.dll
.
- - - - - - - > 'Explorer.exe'(912)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\program files\Windows Media Player\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\NLS\ENGLISH\NWSHLXNR.DLL
c:\windows\system32\NLS\ENGLISH\NOVNPNTR.DLL
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\S24EvMon.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Dell\Bluetooth Software\bin\btwdins.exe
c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\windows\system32\HPZipm12.exe
c:\windows\system32\RegSrvc.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\ZCfgSvc.exe
c:\windows\system32\1XConfig.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2011-04-22 12:46:09 - machine was rebooted
ComboFix-quarantined-files.txt 2011-04-22 03:16
.
Pre-Run: 4,040,310,784 bytes free
Post-Run: 4,062,748,672 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptOut
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional"=optin /fastdetect
.
- - End Of File - - 7EB77FA263ED5619A7796AC02704EF41

court_mcd
Novice
Novice

Status :
Online
Offline

Posts : 8
Joined : 2011-04-21
Gender : Female
OS : XPS3

View user profile

Back to top Go down

Re: Trojan.generic.2338857 ; win32.buzus infection

Post by court_mcd on Fri Apr 22, 2011 5:26 am

followed a post you wrote for someone else having the same issue and ran ESET online scanner...

C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL.vir Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
C:\System Volume Information\_restore{94C8D6E0-A027-4367-A913-1BA1E459FD76}\RP656\A0150470.sys Win32/Olmasco.D trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{94C8D6E0-A027-4367-A913-1BA1E459FD76}\RP658\A0150924.DLL Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
C:\System Volume Information\_restore{94C8D6E0-A027-4367-A913-1BA1E459FD76}\RP658\A0150937.sys Win32/Olmasco.E trojan deleted - quarantined
C:\WINDOWS\system32\spool\prtprocs\w32x86\87431.tmp a variant of Win32/Kryptik.MSL trojan cleaned by deleting - quarantined

court_mcd
Novice
Novice

Status :
Online
Offline

Posts : 8
Joined : 2011-04-21
Gender : Female
OS : XPS3

View user profile

Back to top Go down

Re: Trojan.generic.2338857 ; win32.buzus infection

Post by Belahzur on Fri Apr 22, 2011 8:00 pm

Hello.

  1. Close any open browsers.
  2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  3. Open notepad and copy/paste the text in the quotebox below into it:
    Code:

    File::
    c:\windows\system32\drivers\19539682.sys
    c:\windows\system32\drivers\1953968.sys
    c:\windows\system32\drivers\19539681.sys

    Driver::
    19539682
    19539681
    is3srv
    szkg5
    szkgfs

    RegNull::
    [HKEY_USERS\S-1-5-21-1060284298-764733703-1343024091-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{2CFB54C5-4CCE-EE23-476E-712A432415FB}*]

  4. Save this as CFScript.txt, in the same location as ComboFix.exe



  5. Referring to the picture above, drag CFScript into ComboFix.exe
  6. When finished, it shall produce a log for you at C:\ComboFix.txt
  7. Please post the contents of the log in your next reply.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum