trojan.win32.buzus.eglu

3 posters

WiredWX Christian Hobby Weather Tools :: GeekPolice tech support archive :: Technical Support

Re: trojan.win32.buzus.eglu10th September 2010, 5:04 am

OTL logfile created on: 10/09/2010 05:17:01 - Run 2 ....part 2

[2010/09/07 00:43:31 | 000,000,000 | ---D | C] -- C:\Program Files\Phoenix Viewer
[2010/09/07 00:21:39 | 000,567,680 | ---- | C] (Google Inc.) -- C:\Documents and Settings\Tania Wood\Desktop\ChromeSetup.exe
[2010/09/06 23:59:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\WindowsPowerShell
[2010/09/06 23:59:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\winrm
[2010/09/06 23:59:27 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$968930Uinstall_KB968930$
[2010/09/06 23:59:06 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010/09/06 22:05:20 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Tania Wood\Recent
[2010/09/06 03:31:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2010/09/05 22:04:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SecTaskMan
[2010/09/05 22:04:30 | 000,000,000 | ---D | C] -- C:\Program Files\Security Task Manager
[2010/09/05 21:39:06 | 000,000,000 | ---D | C] -- C:\Program Files\Eusing Free Registry Cleaner
[2010/09/05 17:52:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tania Wood\Application Data\Uniblue
[2010/09/05 04:35:38 | 000,000,000 | ---D | C] -- C:\d2bf15400392b349be9432
[2010/09/05 04:25:27 | 048,643,144 | ---- | C] ( ) -- C:\Documents and Settings\Tania Wood\Desktop\AppFix.exe
[2010/09/05 03:57:14 | 003,427,248 | ---- | C] (Piriform Ltd) -- C:\Documents and Settings\Tania Wood\Desktop\ccsetup235.exe
[2010/09/05 03:17:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tania Wood\Local Settings\Application Data\SecondLife
[2010/09/05 02:31:31 | 049,718,955 | ---- | C] (PhoenixViewer.com ) -- C:\Documents and Settings\Tania Wood\Desktop\Phoenix_Viewer_1.5.0.1.exe
[2010/08/19 19:31:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2010/08/19 18:50:43 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/08/19 16:44:05 | 000,000,000 | ---D | C] -- C:\Combo-Fix
[2010/08/19 16:02:30 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/08/19 15:53:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/08/19 15:27:22 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2010/08/16 14:06:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tania Wood\Desktop\basic
[2010/08/12 17:35:37 | 000,026,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xmlinst.exe
[2010/08/12 17:35:37 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msxml3a.dll
[2010/08/12 17:35:34 | 000,000,000 | ---D | C] -- C:\Program Files\Ubisoft
[1996/11/18 22:15:46 | 000,018,944 | ---- | C] ( ) -- C:\WINDOWS\System32\implode.dll
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/09/10 05:13:22 | 000,000,474 | ---- | M] () -- C:\WINDOWS\tasks\SDMsgUpdate (TE).job
[2010/09/10 05:11:36 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/09/10 05:11:03 | 000,000,996 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3605395860-2466649076-873052810-1008UA.job
[2010/09/10 05:11:03 | 000,000,526 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled scanning task.job
[2010/09/10 05:11:03 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/09/10 05:11:02 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/09/10 05:09:41 | 000,002,428 | ---- | M] () -- C:\error.htm
[2010/09/10 01:32:23 | 000,000,230 | ---- | M] () -- C:\infect.htm
[2010/09/10 00:27:00 | 000,000,944 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3605395860-2466649076-873052810-1008Core.job
[2010/09/09 23:34:59 | 000,195,441 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\wave at verandas.jpg
[2010/09/09 23:34:55 | 000,181,145 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\at verandas.jpg
[2010/09/09 23:34:48 | 000,208,459 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\team at trapp.jpg
[2010/09/09 23:34:46 | 000,141,051 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\jump.jpg
[2010/09/09 20:17:40 | 000,150,424 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\beach.JPG
[2010/09/09 13:09:22 | 000,016,304 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\cherry comp.JPG
[2010/09/09 05:34:30 | 000,108,265 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\cherry loves us all.jpg
[2010/09/09 05:24:47 | 000,396,147 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\741360_YRzDMezWHAzqmBIaqLQ22.png
[2010/09/09 05:24:36 | 000,376,467 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\741360_V5JsoA1CaH2C3BpcWS602.png
[2010/09/09 05:24:25 | 000,376,467 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\741360_V5JsoA1CaH2C3BpcWS601.png
[2010/09/09 05:24:05 | 000,114,401 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\great team.jpg
[2010/09/09 05:23:49 | 000,396,147 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\741360_YRzDMezWHAzqmBIaqLQ21.png
[2010/09/09 05:22:26 | 000,376,467 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\741360_V5JsoA1CaH2C3BpcWS60.png
[2010/09/09 05:22:04 | 000,396,147 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\741360_YRzDMezWHAzqmBIaqLQ2.png
[2010/09/09 05:22:02 | 000,099,645 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\the wall.jpg
[2010/09/09 05:20:25 | 000,774,881 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\mary's 2.PNG
[2010/09/09 05:17:33 | 000,095,097 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\come ave a piccy.JPG
[2010/09/09 05:16:40 | 000,179,631 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\Group Hug 1.jpg
[2010/09/09 05:16:05 | 000,248,340 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\Group Hug 2.jpg
[2010/09/09 05:12:38 | 000,171,720 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\Count Down1.jpg
[2010/09/09 05:11:35 | 000,151,179 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\woot love ya.JPG
[2010/09/09 05:09:26 | 000,235,398 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\Count Down 2.jpg
[2010/09/09 05:07:46 | 000,639,718 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\ahhhhh 3.png
[2010/09/09 05:07:41 | 000,171,720 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\Count Down.jpg
[2010/09/09 05:06:13 | 000,110,093 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\last ones standing.JPG
[2010/09/08 20:26:56 | 000,174,149 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\tree.JPG
[2010/09/08 20:26:41 | 000,198,562 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\fireworks.JPG
[2010/09/08 20:26:25 | 000,174,195 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\hill.JPG
[2010/09/08 04:25:29 | 000,002,515 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Office Word 2007.lnk
[2010/09/07 22:36:57 | 000,085,064 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/09/07 21:57:41 | 000,125,640 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\swan.JPG
[2010/09/07 21:56:30 | 000,140,030 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\fairy 2.JPG
[2010/09/07 21:54:01 | 000,139,431 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\landscape.JPG
[2010/09/07 21:52:57 | 000,139,783 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\fairy.JPG
[2010/09/07 21:52:41 | 000,135,536 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\lady2.JPG
[2010/09/07 21:52:26 | 000,139,929 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\lady.JPG
[2010/09/07 00:45:12 | 000,000,833 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Phoenix Viewer.lnk
[2010/09/07 00:42:39 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2010/09/07 00:22:34 | 000,002,323 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\Google Chrome.lnk
[2010/09/07 00:22:34 | 000,002,301 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/09/07 00:21:47 | 000,567,680 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Tania Wood\Desktop\ChromeSetup.exe
[2010/09/07 00:14:38 | 012,058,624 | -H-- | M] () -- C:\Documents and Settings\Tania Wood\NTUSER.DAT
[2010/09/07 00:14:38 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Tania Wood\ntuser.ini
[2010/09/07 00:10:42 | 000,625,550 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/09/07 00:10:42 | 000,533,818 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/09/07 00:10:42 | 000,099,586 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/09/07 00:00:04 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/09/06 22:55:31 | 000,332,280 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/09/06 22:07:02 | 000,004,868 | ---- | M] () -- D:\My Documents\cc_20100906_220659.reg
[2010/09/06 20:34:11 | 140,309,118 | ---- | M] () -- D:\My Documents\regbackup.reg
[2010/09/06 06:26:36 | 000,122,532 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\JENEDY~1.JPG
[2010/09/06 06:25:32 | 000,011,803 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\41RT83VEX2L__SL500_AA300_.jpg
[2010/09/06 03:59:54 | 000,030,226 | ---- | M] () -- D:\My Documents\cc_20100906_035949.reg
[2010/09/06 03:43:53 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2010/09/06 03:37:02 | 000,511,968 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\sdsetup.exe
[2010/09/05 21:44:04 | 142,646,658 | ---- | M] () -- D:\My Documents\EFRbackup.reg
[2010/09/05 21:39:08 | 000,000,740 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\Eusing Free Registry Cleaner.lnk
[2010/09/05 21:38:57 | 000,963,827 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\EFRCSetup.exe
[2010/09/05 17:47:57 | 000,001,352 | ---- | M] () -- D:\My Documents\cc_20100905_174753.reg
[2010/09/05 10:36:50 | 000,000,745 | ---- | M] () -- D:\My Documents\xp_exe_fix.zip
[2010/09/05 04:29:38 | 048,643,144 | ---- | M] ( ) -- C:\Documents and Settings\Tania Wood\Desktop\AppFix.exe
[2010/09/05 04:00:14 | 000,050,426 | ---- | M] () -- D:\My Documents\cc_20100905_040004.reg
[2010/09/05 03:59:32 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\CCleaner.lnk
[2010/09/05 03:57:21 | 003,427,248 | ---- | M] (Piriform Ltd) -- C:\Documents and Settings\Tania Wood\Desktop\ccsetup235.exe
[2010/09/05 03:14:14 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/09/05 02:31:40 | 049,718,955 | ---- | M] (PhoenixViewer.com ) -- C:\Documents and Settings\Tania Wood\Desktop\Phoenix_Viewer_1.5.0.1.exe
[2010/09/05 02:29:24 | 000,700,144 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\Second_Life_Setup.exe
[2010/09/03 04:03:06 | 000,173,835 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\painting to try.JPG
[2010/09/03 04:02:49 | 000,156,056 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\chery.JPG
[2010/09/03 03:48:51 | 000,160,887 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\wicked.JPG
[2010/09/03 03:46:40 | 000,149,804 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\rosestem.JPG
[2010/09/03 03:36:25 | 000,158,863 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\flower.JPG
[2010/09/03 03:31:18 | 000,139,443 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\purple storm.JPG
[2010/09/03 03:26:18 | 000,146,335 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\snakes eyes.JPG
[2010/09/03 03:25:47 | 000,152,181 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\cards.JPG
[2010/09/03 03:24:03 | 000,138,825 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\vicks rose mwhahahah.JPG
[2010/09/02 06:54:18 | 000,142,799 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\cove.JPG
[2010/09/02 06:53:46 | 000,162,927 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\blue rose.JPG
[2010/09/01 19:45:51 | 000,146,913 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\phoenix.jpg
[2010/09/01 15:51:56 | 000,025,808 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\invisible1.JPG
[2010/08/28 19:14:07 | 000,156,575 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\wow.JPG
[2010/08/27 22:19:51 | 000,016,649 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\droplet-on-a-rose.jpg
[2010/08/27 06:44:58 | 000,188,091 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\painting.JPG
[2010/08/27 06:37:49 | 000,157,842 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\hoofy.JPG
[2010/08/26 06:16:40 | 000,112,869 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\rose.JPG
[2010/08/25 20:18:45 | 000,146,069 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\orange sun.JPG
[2010/08/25 07:53:42 | 000,164,363 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\towers.JPG
[2010/08/25 02:08:54 | 000,182,647 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\lighthouse.JPG
[2010/08/25 02:08:04 | 000,175,308 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\ocean.JPG
[2010/08/24 17:10:59 | 000,149,811 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\eeeeeeeeeeeeee.JPG
[2010/08/23 19:25:13 | 000,078,868 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\bboik.html
[2010/08/23 15:06:46 | 000,177,606 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\rollingsea.JPG
[2010/08/23 15:04:55 | 000,151,841 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\sundown.JPG
[2010/08/23 14:49:35 | 000,168,380 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\romance.JPG
[2010/08/23 14:48:34 | 000,152,632 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\apples.JPG
[2010/08/23 14:25:51 | 000,152,149 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\mystical lights.JPG
[2010/08/23 14:19:14 | 000,147,404 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\footprints.JPG
[2010/08/23 06:34:38 | 000,153,601 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\tez.JPG
[2010/08/23 06:30:40 | 000,192,308 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\untitled.JPG
[2010/08/19 19:19:43 | 000,000,774 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/08/19 19:19:43 | 000,000,296 | RHS- | M] () -- C:\boot.ini
[2010/08/19 19:19:43 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/08/19 18:57:00 | 044,089,904 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\avira_antivir_personal_en.exe
[2010/08/19 15:19:57 | 000,000,226 | ---- | M] () -- C:\Boot.bak
[2010/08/19 12:46:30 | 000,000,897 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\Open F-Secure Internet Security 2008 OEM.lnk
[2010/08/12 17:45:01 | 000,001,804 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\Ubisoft Product Registration.lnk
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/09/10 00:59:41 | 000,002,428 | ---- | C] () -- C:\error.htm
[2010/09/10 00:59:41 | 000,000,230 | ---- | C] () -- C:\infect.htm
[2010/09/09 23:34:50 | 000,195,441 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\wave at verandas.jpg
[2010/09/09 23:34:47 | 000,181,145 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\at verandas.jpg
[2010/09/09 23:34:44 | 000,208,459 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\team at trapp.jpg
[2010/09/09 23:34:34 | 000,141,051 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\jump.jpg
[2010/09/09 20:17:40 | 000,150,424 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\beach.JPG
[2010/09/09 13:09:22 | 000,016,304 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\cherry comp.JPG
[2010/09/09 05:34:30 | 000,108,265 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\cherry loves us all.jpg
[2010/09/09 05:24:35 | 000,396,147 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\741360_YRzDMezWHAzqmBIaqLQ22.png
[2010/09/09 05:24:24 | 000,376,467 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\741360_V5JsoA1CaH2C3BpcWS602.png
[2010/09/09 05:24:15 | 000,376,467 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\741360_V5JsoA1CaH2C3BpcWS601.png
[2010/09/09 05:24:04 | 000,114,401 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\great team.jpg
[2010/09/09 05:23:34 | 000,396,147 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\741360_YRzDMezWHAzqmBIaqLQ21.png
[2010/09/09 05:22:06 | 000,376,467 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\741360_V5JsoA1CaH2C3BpcWS60.png
[2010/09/09 05:21:58 | 000,099,645 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\the wall.jpg
[2010/09/09 05:21:49 | 000,396,147 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\741360_YRzDMezWHAzqmBIaqLQ2.png
[2010/09/09 05:17:33 | 000,095,097 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\come ave a piccy.JPG
[2010/09/09 05:15:36 | 000,179,631 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\Group Hug 1.jpg
[2010/09/09 05:14:45 | 000,774,881 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\mary's 2.PNG
[2010/09/09 05:13:15 | 000,248,340 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\Group Hug 2.jpg
[2010/09/09 05:12:33 | 000,171,720 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\Count Down1.jpg
[2010/09/09 05:11:28 | 000,151,179 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\woot love ya.JPG
[2010/09/09 05:09:17 | 000,235,398 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\Count Down 2.jpg
[2010/09/09 05:07:37 | 000,171,720 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\Count Down.jpg
[2010/09/09 05:07:28 | 000,639,718 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\ahhhhh 3.png
[2010/09/09 05:06:13 | 000,110,093 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\last ones standing.JPG
[2010/09/08 20:26:56 | 000,174,149 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\tree.JPG
[2010/09/08 20:26:41 | 000,198,562 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\fireworks.JPG
[2010/09/08 20:26:25 | 000,174,195 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\hill.JPG
[2010/09/07 21:57:41 | 000,125,640 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\swan.JPG
[2010/09/07 21:56:30 | 000,140,030 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\fairy 2.JPG
[2010/09/07 21:54:01 | 000,139,431 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\landscape.JPG
[2010/09/07 21:52:57 | 000,139,783 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\fairy.JPG
[2010/09/07 21:52:41 | 000,135,536 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\lady2.JPG
[2010/09/07 21:52:26 | 000,139,929 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\lady.JPG
[2010/09/07 00:45:12 | 000,000,833 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Phoenix Viewer.lnk
[2010/09/07 00:22:34 | 000,002,323 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\Google Chrome.lnk
[2010/09/07 00:22:34 | 000,002,301 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/09/07 00:22:01 | 000,000,996 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3605395860-2466649076-873052810-1008UA.job
[2010/09/07 00:22:01 | 000,000,944 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3605395860-2466649076-873052810-1008Core.job
[2010/09/06 23:58:41 | 000,001,355 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2010/09/06 22:07:00 | 000,004,868 | ---- | C] () -- D:\My Documents\cc_20100906_220659.reg
[2010/09/06 20:33:50 | 140,309,118 | ---- | C] () -- D:\My Documents\regbackup.reg
[2010/09/06 06:26:44 | 000,122,532 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\JENEDY~1.JPG
[2010/09/06 06:25:46 | 000,011,803 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\41RT83VEX2L__SL500_AA300_.jpg
[2010/09/06 03:59:52 | 000,030,226 | ---- | C] () -- D:\My Documents\cc_20100906_035949.reg
[2010/09/06 03:31:07 | 000,511,968 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\sdsetup.exe
[2010/09/05 21:43:48 | 142,646,658 | ---- | C] () -- D:\My Documents\EFRbackup.reg
[2010/09/05 21:39:08 | 000,000,740 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\Eusing Free Registry Cleaner.lnk
[2010/09/05 21:33:36 | 000,963,827 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\EFRCSetup.exe
[2010/09/05 18:34:42 | 000,001,904 | ---- | C] () -- C:\WINDOWS\System32\SetupBD.din
[2010/09/05 17:47:55 | 000,001,352 | ---- | C] () -- D:\My Documents\cc_20100905_174753.reg
[2010/09/05 10:36:47 | 000,000,745 | ---- | C] () -- D:\My Documents\xp_exe_fix.zip
[2010/09/05 04:00:08 | 000,050,426 | ---- | C] () -- D:\My Documents\cc_20100905_040004.reg
[2010/09/05 02:29:16 | 000,700,144 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\Second_Life_Setup.exe
[2010/09/03 04:03:06 | 000,173,835 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\painting to try.JPG
[2010/09/03 04:02:49 | 000,156,056 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\chery.JPG
[2010/09/03 03:48:51 | 000,160,887 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\wicked.JPG
[2010/09/03 03:46:40 | 000,149,804 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\rosestem.JPG
[2010/09/03 03:36:25 | 000,158,863 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\flower.JPG
[2010/09/03 03:31:18 | 000,139,443 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\purple storm.JPG
[2010/09/03 03:26:18 | 000,146,335 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\snakes eyes.JPG
[2010/09/03 03:25:47 | 000,152,181 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\cards.JPG
[2010/09/03 03:24:03 | 000,138,825 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\vicks rose mwhahahah.JPG
[2010/09/02 06:54:18 | 000,142,799 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\cove.JPG
[2010/09/02 06:53:46 | 000,162,927 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\blue rose.JPG
[2010/09/01 19:45:55 | 000,146,913 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\phoenix.jpg
[2010/09/01 15:51:55 | 000,025,808 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\invisible1.JPG
[2010/08/28 19:14:07 | 000,156,575 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\wow.JPG
[2010/08/27 22:20:04 | 000,016,649 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\droplet-on-a-rose.jpg
[2010/08/27 06:44:56 | 000,188,091 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\painting.JPG
[2010/08/27 06:37:49 | 000,157,842 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\hoofy.JPG
[2010/08/26 06:16:40 | 000,112,869 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\rose.JPG
[2010/08/25 20:18:45 | 000,146,069 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\orange sun.JPG
[2010/08/25 07:53:42 | 000,164,363 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\towers.JPG
[2010/08/25 02:08:53 | 000,182,647 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\lighthouse.JPG
[2010/08/25 02:08:04 | 000,175,308 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\ocean.JPG
[2010/08/24 17:10:59 | 000,149,811 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\eeeeeeeeeeeeee.JPG
[2010/08/23 19:25:12 | 000,078,868 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\bboik.html
[2010/08/23 15:06:46 | 000,177,606 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\rollingsea.JPG
[2010/08/23 15:04:55 | 000,151,841 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\sundown.JPG
[2010/08/23 14:49:35 | 000,168,380 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\romance.JPG
[2010/08/23 14:48:34 | 000,152,632 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\apples.JPG
[2010/08/23 14:25:51 | 000,152,149 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\mystical lights.JPG
[2010/08/23 14:19:14 | 000,147,404 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\footprints.JPG
[2010/08/23 06:34:37 | 000,153,601 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\tez.JPG
[2010/08/23 06:30:39 | 000,192,308 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\untitled.JPG
[2010/08/21 01:03:18 | 000,000,526 | ---- | C] () -- C:\WINDOWS\tasks\Scheduled scanning task.job
[2010/08/19 19:10:08 | 044,089,904 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\avira_antivir_personal_en.exe
[2010/08/19 16:02:36 | 000,000,226 | ---- | C] () -- C:\Boot.bak
[2010/08/19 16:02:32 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/08/19 15:53:48 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/08/19 15:53:48 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/08/19 13:17:49 | 000,000,897 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\Open F-Secure Internet Security 2008 OEM.lnk
[2010/08/16 15:00:36 | 000,006,421 | ---- | C] () -- C:\Documents and Settings\Tania Wood\resetlog.txt
[2010/08/12 17:45:01 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\Ubisoft Product Registration.lnk
[2010/08/12 17:35:38 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\xmltok.dll
[2010/08/12 17:35:38 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\xmlparse.dll
[2010/08/12 17:35:38 | 000,035,840 | ---- | C] () -- C:\WINDOWS\System32\comdlg32.oca
[2010/08/12 17:35:37 | 000,029,184 | ---- | C] () -- C:\WINDOWS\System32\MSINET.oca
[2010/02/21 05:59:33 | 000,076,407 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Application Data\Smiley.ico
[2010/01/19 12:49:54 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\RemoveDevice.dll
[2009/12/14 18:14:17 | 000,000,098 | ---- | C] () -- C:\WINDOWS\WirelessFTP.INI
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/06/01 19:42:52 | 000,000,000 | ---- | C] () -- C:\WINDOWS\tosOBEX.INI
[2009/04/18 00:42:23 | 000,000,041 | ---- | C] () -- C:\WINDOWS\crw.ini
[2009/02/15 01:02:38 | 000,000,133 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Local Settings\Application Data\fusioncache.dat
[2009/01/19 18:40:54 | 000,000,520 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/11/22 20:17:31 | 000,053,760 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/02/05 13:28:20 | 000,000,051 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Local Settings\Application Data\setup.txt
[2007/12/07 13:40:43 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\DM1USBAPIVB.dll
[2007/09/27 11:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 11:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 11:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2007/08/09 11:49:09 | 000,000,440 | ---- | C] () -- C:\WINDOWS\yahoo.ini
[2007/06/01 09:29:31 | 000,000,562 | ---- | C] () -- C:\WINDOWS\TBTdetect.ini
[2007/05/31 16:04:12 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2007/05/31 16:04:12 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2007/05/31 16:04:12 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2007/05/31 16:04:12 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2007/05/31 16:04:12 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2007/05/31 16:04:12 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2007/05/30 16:26:19 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NDSTray.INI
[2007/05/30 14:00:12 | 000,128,113 | ---- | C] () -- C:\WINDOWS\System32\csellang.ini
[2007/05/30 14:00:12 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\csellang.dll
[2007/05/30 14:00:12 | 000,010,150 | ---- | C] () -- C:\WINDOWS\System32\tosmreg.ini
[2007/05/30 14:00:12 | 000,007,671 | ---- | C] () -- C:\WINDOWS\System32\cseltbl.ini
[2007/05/30 12:44:07 | 000,910,304 | ---- | C] () -- C:\WINDOWS\System32\igmedkrn.dll
[2007/05/30 12:44:07 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4814.dll
[2007/05/30 11:20:26 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2007/05/30 10:25:22 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2007/05/30 09:13:38 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\ToshBIOS.dll
[2007/05/30 09:13:37 | 000,000,083 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2006/12/05 13:05:06 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\TosBtAcc.dll
[2005/07/22 21:30:20 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\TosCommAPI.dll
[1998/05/31 00:00:00 | 000,748,160 | ---- | C] () -- C:\WINDOWS\System32\CO2C40EN.DLL
[1996/11/18 22:15:52 | 000,131,072 | ---- | C] () -- C:\WINDOWS\System32\p2sodbc.dll
[1996/11/18 22:15:50 | 000,054,272 | ---- | C] () -- C:\WINDOWS\System32\p2irdao.dll
[1996/11/18 22:15:50 | 000,050,176 | ---- | C] () -- C:\WINDOWS\System32\p2ctdao.dll
[1996/11/18 22:15:50 | 000,036,352 | ---- | C] () -- C:\WINDOWS\System32\p2bbnd.dll

========== Custom Scans ==========

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[3 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\*.exe /lockedfiles >
[3 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2007/05/30 11:17:56 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2007/05/30 11:17:56 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2007/05/30 11:17:56 | 000,905,216 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\*.sys >
[2004/08/04 13:00:00 | 000,009,029 | ---- | M] () -- C:\WINDOWS\system32\ansi.sys
[2004/08/04 13:00:00 | 000,027,097 | ---- | M] () -- C:\WINDOWS\system32\country.sys
[2004/08/04 13:00:00 | 000,004,768 | ---- | M] () -- C:\WINDOWS\system32\himem.sys
[2004/08/04 13:00:00 | 000,042,809 | ---- | M] () -- C:\WINDOWS\system32\key01.sys
[2004/08/04 13:00:00 | 000,042,537 | ---- | M] () -- C:\WINDOWS\system32\keyboard.sys
[2004/08/04 13:00:00 | 000,027,866 | ---- | M] () -- C:\WINDOWS\system32\ntdos.sys
[2004/08/04 13:00:00 | 000,029,146 | ---- | M] () -- C:\WINDOWS\system32\ntdos404.sys
[2004/08/04 13:00:00 | 000,029,370 | ---- | M] () -- C:\WINDOWS\system32\ntdos411.sys
[2004/08/04 13:00:00 | 000,029,274 | ---- | M] () -- C:\WINDOWS\system32\ntdos412.sys
[2004/08/04 13:00:00 | 000,029,146 | ---- | M] () -- C:\WINDOWS\system32\ntdos804.sys
[2004/08/04 13:00:00 | 000,033,840 | ---- | M] () -- C:\WINDOWS\system32\ntio.sys
[2004/08/04 13:00:00 | 000,034,560 | ---- | M] () -- C:\WINDOWS\system32\ntio404.sys
[2004/08/04 13:00:00 | 000,035,648 | ---- | M] () -- C:\WINDOWS\system32\ntio411.sys
[2004/08/04 13:00:00 | 000,035,424 | ---- | M] () -- C:\WINDOWS\system32\ntio412.sys
[2004/08/04 13:00:00 | 000,034,560 | ---- | M] () -- C:\WINDOWS\system32\ntio804.sys
[2008/04/13 19:44:59 | 000,017,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\watchdog.sys
[2010/06/23 14:44:04 | 001,851,904 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\win32k.sys
[3 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\drivers\*.dll >
[2008/04/14 01:11:48 | 000,004,255 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv01nt5.dll
[2008/04/14 01:11:48 | 000,003,967 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv02nt5.dll
[2008/04/14 01:11:48 | 000,003,615 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv05nt5.dll
[2008/04/14 01:11:48 | 000,003,647 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv07nt5.dll
[2008/04/14 01:11:48 | 000,003,135 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv08nt5.dll
[2008/04/14 01:11:48 | 000,003,711 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv09nt5.dll
[2008/04/14 01:11:48 | 000,003,775 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv11nt5.dll
[2008/04/14 01:11:50 | 000,021,183 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv01nt5.dll
[2008/04/14 01:11:50 | 000,011,359 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv02nt5.dll
[2008/04/14 01:11:50 | 000,025,471 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv04nt5.dll
[2008/04/14 01:11:50 | 000,014,143 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv06nt5.dll
[2008/04/14 01:11:50 | 000,017,279 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv10nt5.dll
[2008/04/14 01:11:50 | 000,015,423 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\ch7xxnt5.dll
[2008/04/14 01:12:05 | 000,003,901 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\siint5.dll
[2008/04/14 01:12:08 | 000,011,325 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\vchnt5.dll

< %systemroot%\system32\drivers\*.ini >

< %systemroot%\system32\drivers\*.exe >

< %SYSTEMDRIVE%\*.* >
[2007/05/30 10:22:24 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/08/19 15:19:57 | 000,000,226 | ---- | M] () -- C:\Boot.bak
[2010/08/19 19:19:43 | 000,000,296 | RHS- | M] () -- C:\boot.ini
[2004/08/03 23:00:00 | 000,260,272 | ---- | M] () -- C:\cmldr
[2007/05/30 10:22:24 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2010/08/02 15:27:07 | 000,005,619 | ---- | M] () -- C:\debug.txt
[2010/09/10 05:09:41 | 000,002,428 | ---- | M] () -- C:\error.htm
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1028.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1031.txt
[2007/11/07 08:00:40 | 000,010,134 | ---- | M] () -- C:\eula.1033.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1036.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1040.txt
[2007/11/07 08:00:40 | 000,000,118 | ---- | M] () -- C:\eula.1041.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1042.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.2052.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.3082.txt
[2007/11/07 08:00:40 | 000,001,110 | ---- | M] () -- C:\globdata.ini
[2010/09/10 01:32:23 | 000,000,230 | ---- | M] () -- C:\infect.htm
[2009/02/15 02:23:56 | 000,000,164 | ---- | M] () -- C:\install.dat
[2007/11/07 08:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe
[2007/11/07 08:00:40 | 000,000,843 | ---- | M] () -- C:\install.ini
[2007/11/07 08:03:18 | 000,076,304 | ---- | M] (Microsoft Corporation) -- C:\install.res.1028.dll
[2007/11/07 08:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.1031.dll
[2007/11/07 08:03:18 | 000,091,152 | ---- | M] (Microsoft Corporation) -- C:\install.res.1033.dll
[2007/11/07 08:03:18 | 000,097,296 | ---- | M] (Microsoft Corporation) -- C:\install.res.1036.dll
[2007/11/07 08:03:18 | 000,095,248 | ---- | M] (Microsoft Corporation) -- C:\install.res.1040.dll
[2007/11/07 08:03:18 | 000,081,424 | ---- | M] (Microsoft Corporation) -- C:\install.res.1041.dll
[2007/11/07 08:03:18 | 000,079,888 | ---- | M] (Microsoft Corporation) -- C:\install.res.1042.dll
[2007/11/07 08:03:18 | 000,075,792 | ---- | M] (Microsoft Corporation) -- C:\install.res.2052.dll
[2007/11/07 08:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.3082.dll
[2007/05/30 10:22:24 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2007/05/30 10:22:24 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2010/05/01 02:25:13 | 000,000,439 | ---- | M] () -- C:\nsinst.log
[2004/08/04 13:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/11/26 04:09:02 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/09/10 05:10:58 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys
[2007/06/11 16:59:32 | 000,000,706 | -H-- | M] () -- C:\SWSTAMP.TXT
[2010/07/20 19:16:13 | 000,237,568 | -H-- | M] () -- C:\SZKGFS.dat
[2007/11/07 08:00:40 | 000,005,686 | ---- | M] () -- C:\vcredist.bmp
[2007/11/07 08:09:22 | 001,442,522 | ---- | M] () -- C:\VC_RED.cab
[2007/11/07 08:12:28 | 000,232,960 | ---- | M] () -- C:\VC_RED.MSI

< %PROGRAMFILES%\*. >
[2007/12/07 14:38:57 | 000,000,000 | ---D | M] -- C:\Program Files\Acronis
[2007/08/09 18:55:33 | 000,000,000 | ---D | M] -- C:\Program Files\Activation Assistant for the 2007 Microsoft Office suites
[2010/09/05 17:46:45 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
[2007/06/11 15:37:37 | 000,000,000 | ---D | M] -- C:\Program Files\Apoint2K
[2007/08/09 18:56:05 | 000,000,000 | ---D | M] -- C:\Program Files\Atheros
[2009/09/03 20:39:27 | 000,000,000 | ---D | M] -- C:\Program Files\AVG
[2010/02/09 15:38:47 | 000,000,000 | ---D | M] -- C:\Program Files\Babylon
[2010/09/06 03:45:37 | 000,000,000 | ---D | M] -- C:\Program Files\BitComet
[2009/12/26 21:11:37 | 000,000,000 | ---D | M] -- C:\Program Files\Bonjour
[2009/12/25 18:44:52 | 000,000,000 | ---D | M] -- C:\Program Files\BQNITW
[2008/12/07 21:30:40 | 000,000,000 | ---D | M] -- C:\Program Files\Bullzip
[2009/02/19 11:39:19 | 000,000,000 | ---D | M] -- C:\Program Files\Business Objects
[2007/12/07 20:53:03 | 000,000,000 | -H-D | M] -- C:\Program Files\CanonBJ
[2010/09/05 03:57:36 | 000,000,000 | ---D | M] -- C:\Program Files\CCleaner
[2009/02/15 20:04:55 | 000,000,000 | ---D | M] -- C:\Program Files\CDBurnerXP
[2009/02/19 11:10:45 | 000,000,000 | ---D | M] -- C:\Program Files\CE Remote Tools
[2010/09/05 17:46:47 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2007/05/30 10:20:49 | 000,000,000 | ---D | M] -- C:\Program Files\ComPlus Applications
[2010/06/04 13:24:43 | 000,000,000 | ---D | M] -- C:\Program Files\Computerized Content Operator
[2010/06/04 13:25:37 | 000,000,000 | ---D | M] -- C:\Program Files\Contextual Content Manager
[2010/06/04 13:25:04 | 000,000,000 | ---D | M] -- C:\Program Files\Customized Platform Services
[2008/11/22 15:49:54 | 000,000,000 | ---D | M] -- C:\Program Files\EditPlus 3
[2009/05/04 11:43:47 | 000,000,000 | ---D | M] -- C:\Program Files\Effexis Software
[2009/06/17 20:01:26 | 000,000,000 | ---D | M] -- C:\Program Files\Electronic Arts
[2010/03/31 03:08:36 | 000,000,000 | ---D | M] -- C:\Program Files\Entriq
[2010/09/05 21:39:13 | 000,000,000 | ---D | M] -- C:\Program Files\Eusing Free Registry Cleaner
[2009/06/29 09:03:38 | 000,000,000 | ---D | M] -- C:\Program Files\F-Secure Internet Security
[2009/02/15 02:23:06 | 000,000,000 | ---D | M] -- C:\Program Files\File Scanner Library (Spybot - Search & Destroy)
[2009/04/27 19:02:08 | 000,000,000 | ---D | M] -- C:\Program Files\FileZilla FTP Client
[2009/03/31 23:55:07 | 000,000,000 | ---D | M] -- C:\Program Files\Gamenext
[2009/03/31 22:55:09 | 000,000,000 | ---D | M] -- C:\Program Files\GamesBar
[2009/02/18 16:36:27 | 000,000,000 | ---D | M] -- C:\Program Files\glassfish-v2ur2
[2010/09/06 03:16:20 | 000,000,000 | ---D | M] -- C:\Program Files\Google
[2010/05/04 17:29:09 | 000,000,000 | ---D | M] -- C:\Program Files\HandyGamez Toolbar
[2009/02/19 11:18:28 | 000,000,000 | ---D | M] -- C:\Program Files\HTML Help Workshop
[2009/07/25 09:02:19 | 000,000,000 | ---D | M] -- C:\Program Files\Huawei Modems
[2010/09/06 03:14:39 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2010/09/05 18:35:19 | 000,000,000 | ---D | M] -- C:\Program Files\Intel
[2010/09/07 00:02:51 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2007/06/11 15:38:26 | 000,000,000 | ---D | M] -- C:\Program Files\InterVideo
[2010/09/06 03:26:17 | 000,000,000 | ---D | M] -- C:\Program Files\iTunes
[2010/08/19 19:39:57 | 000,000,000 | ---D | M] -- C:\Program Files\iWin Games
[2010/05/04 17:36:36 | 000,000,000 | ---D | M] -- C:\Program Files\iWin.com
[2010/09/06 23:34:49 | 000,000,000 | ---D | M] -- C:\Program Files\Java
[2010/03/31 03:08:50 | 000,000,000 | ---D | M] -- C:\Program Files\Kontiki
[2007/08/09 18:58:44 | 000,000,000 | ---D | M] -- C:\Program Files\ltmoh
[2008/11/26 04:19:20 | 000,000,000 | ---D | M] -- C:\Program Files\Messenger
[2010/09/06 23:58:53 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft
[2007/10/18 19:29:06 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft CAPICOM 2.1.0.2
[2009/02/19 11:35:14 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Device Emulator
[2007/08/09 18:58:45 | 000,000,000 | ---D | M] -- C:\Program Files\microsoft frontpage
[2009/02/15 02:13:06 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2009/11/18 03:14:41 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office Outlook Connector
[2009/02/19 11:10:45 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft SDKs
[2010/09/05 02:59:51 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Silverlight
[2007/06/11 15:39:22 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft SQL Server
[2009/03/15 22:56:44 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2009/02/19 11:32:46 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Synchronization Services
[2009/02/19 11:39:20 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Visual Studio 9.0
[2009/02/19 11:09:32 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Web Designer Tools
[2009/11/04 04:05:31 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Works
[2009/06/17 19:50:44 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft WSE
[2010/09/07 00:03:57 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft.NET
[2009/02/15 02:23:07 | 000,000,000 | ---D | M] -- C:\Program Files\Misc. Support Library (Spybot - Search & Destroy)
[2010/08/11 03:03:15 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2010/09/05 03:07:54 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
[2009/02/19 11:17:50 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2008/12/07 20:56:30 | 000,000,000 | ---D | M] -- C:\Program Files\MSECache
[2009/03/26 20:46:49 | 000,000,000 | ---D | M] -- C:\Program Files\MSN
[2007/08/09 19:01:31 | 000,000,000 | ---D | M] -- C:\Program Files\MSN Gaming Zone
[2007/05/30 10:46:33 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 4.0
[2007/08/09 14:26:05 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 6.0
[2010/09/05 22:21:15 | 000,000,000 | ---D | M] -- C:\Program Files\myBabylon_English
[2009/06/01 17:54:26 | 000,000,000 | ---D | M] -- C:\Program Files\NetBeans 6.1
[2009/02/18 03:35:30 | 000,000,000 | ---D | M] -- C:\Program Files\NetBeans 6.5
[2008/11/26 04:10:49 | 000,000,000 | ---D | M] -- C:\Program Files\NetMeeting
[2010/05/04 17:25:37 | 000,000,000 | ---D | M] -- C:\Program Files\Oberon Media
[2007/12/07 13:40:45 | 000,000,000 | ---D | M] -- C:\Program Files\Olympus
[2007/08/09 19:01:40 | 000,000,000 | ---D | M] -- C:\Program Files\Online Services
[2010/05/13 03:03:46 | 000,000,000 | ---D | M] -- C:\Program Files\Outlook Express
[2010/09/07 00:45:13 | 000,000,000 | ---D | M] -- C:\Program Files\Phoenix Viewer
[2009/06/05 19:36:35 | 000,000,000 | ---D | M] -- C:\Program Files\Picasa2
[2007/06/11 15:39:42 | 000,000,000 | ---D | M] -- C:\Program Files\Protector Suite QL
[2007/12/07 13:25:33 | 000,000,000 | ---D | M] -- C:\Program Files\QuickLink Desktop
[2010/09/06 23:45:52 | 000,000,000 | ---D | M] -- C:\Program Files\QuickTime
[2007/08/09 19:01:48 | 000,000,000 | ---D | M] -- C:\Program Files\Realtek
[2007/08/09 14:22:29 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2009/07/02 00:45:04 | 000,000,000 | ---D | M] -- C:\Program Files\ReflexiveArcade
[2008/12/29 19:44:07 | 000,000,000 | ---D | M] -- C:\Program Files\Retrospect
[2007/12/07 13:44:52 | 000,000,000 | ---D | M] -- C:\Program Files\Scansoft
[2009/02/15 02:23:07 | 000,000,000 | ---D | M] -- C:\Program Files\SDHelper (Spybot - Search & Destroy)
[2010/09/05 22:20:22 | 000,000,000 | ---D | M] -- C:\Program Files\Security Task Manager
[2010/06/24 12:51:28 | 000,000,000 | R--D | M] -- C:\Program Files\Skype
[2009/05/04 12:43:11 | 000,000,000 | ---D | M] -- C:\Program Files\SmartDraw 2009
[2009/07/04 17:28:32 | 000,000,000 | ---D | M] -- C:\Program Files\Spybot - Search & Destroy
[2010/09/06 05:05:00 | 000,000,000 | ---D | M] -- C:\Program Files\Spyware Doctor
[2009/08/13 13:13:11 | 000,000,000 | ---D | M] -- C:\Program Files\SpywareBlaster
[2009/08/14 12:27:48 | 000,000,000 | ---D | M] -- C:\Program Files\SwiftKit
[2010/09/05 18:31:14 | 000,000,000 | ---D | M] -- C:\Program Files\SystemRequirementsLab
[2007/12/07 13:44:52 | 000,000,000 | ---D | M] -- C:\Program Files\Texthelp Systems
[2010/06/04 13:26:00 | 000,000,000 | ---D | M] -- C:\Program Files\Textual Content Enhancer
[2009/09/08 03:53:59 | 000,000,000 | ---D | M] -- C:\Program Files\The Budgerigar Program 2006
[2007/08/09 11:25:49 | 000,000,000 | ---D | M] -- C:\Program Files\TOSHIBA
[2010/08/12 17:35:35 | 000,000,000 | ---D | M] -- C:\Program Files\Ubisoft
[2009/02/15 00:07:04 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2009/12/29 00:19:16 | 000,000,000 | ---D | M] -- C:\Program Files\VideoLAN
[2010/04/23 12:32:40 | 000,000,000 | ---D | M] -- C:\Program Files\VirginMedia
[2010/06/04 13:24:33 | 000,000,000 | ---D | M] -- C:\Program Files\Web Content Searcher
[2009/06/05 19:26:59 | 000,000,000 | ---D | M] -- C:\Program Files\Western Digital
[2008/12/29 19:42:40 | 000,000,000 | ---D | M] -- C:\Program Files\Western Digital Technologies
[2009/06/11 03:15:20 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Desktop Search
[2009/11/18 03:13:55 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live
[2009/03/15 22:54:43 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live SkyDrive
[2007/08/09 14:21:39 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Connect 2
[2008/11/26 04:10:46 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2009/02/19 11:34:44 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Mobile 5.0 SDK R2
[2008/11/26 04:10:46 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2007/05/30 10:21:27 | 000,000,000 | -H-D | M] -- C:\Program Files\WindowsUpdate
[2008/12/05 17:42:12 | 000,000,000 | ---D | M] -- C:\Program Files\WinRAR
[2007/08/09 19:02:31 | 000,000,000 | ---D | M] -- C:\Program Files\xerox
[2009/02/15 04:04:48 | 000,000,000 | ---D | M] -- C:\Program Files\Yahoo!
[2010/08/02 15:27:07 | 000,000,000 | ---D | M] -- C:\Program Files\ZTE_1.2059.0.8
[2010/05/04 17:31:37 | 000,000,000 | ---D | M] -- C:\Program Files\Zylom Games
< %appdata%\*.* >
[2007/05/30 11:18:48 | 000,000,062 | -HS- | M] () -- C:\Documents and Settings\Tania Wood\Application Data\desktop.ini
[2009/11/04 12:49:48 | 000,076,407 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Application Data\Smiley.ico

< MD5 for: AGP440.SYS >
[2004/08/04 13:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\I386\sp2.cab:AGP440.sys
[2004/08/04 13:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/11/26 04:06:44 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008/11/26 04:06:44 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys
[2008/04/13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/04 13:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\I386\sp2.cab:atapi.sys
[2004/08/04 13:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/11/26 04:06:44 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/11/26 04:06:44 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008/04/13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0005\DriverFiles\i386\atapi.sys

< MD5 for: DISK.SYS >
[2004/08/04 13:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\I386\sp2.cab:disk.sys
[2004/08/04 13:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:disk.sys
[2008/11/26 04:06:44 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:disk.sys
[2008/11/26 04:06:44 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:disk.sys
[2004/08/04 13:00:00 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=00CA44E4534865F8A3B64F7C0984BFF0 -- C:\WINDOWS\$NtServicePackUninstall$\disk.sys
[2008/04/13 19:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\ServicePackFiles\i386\disk.sys
[2008/04/13 19:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\system32\drivers\disk.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/14 01:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2008/04/14 01:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/14 01:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/04 13:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
[2006/05/05 17:50:50 | 000,023,552 | ---- | M] (UPEK Inc.) MD5=885972DF728A6C0600C0133DCF7CDD78 -- C:\Program Files\Protector Suite QL\eventlog.dll

< MD5 for: IASTOR.SYS >
[2007/02/12 13:37:22 | 000,537,368 | ---- | M] (Intel Corporation) MD5=2EE127D5407DA3957EE54711C9AED6EC -- C:\Program Files\Intel\Intel Matrix Storage Manager\Driver64\IaStor.sys
[2007/02/12 13:36:54 | 000,277,784 | ---- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:\Program Files\Intel\Intel Matrix Storage Manager\Driver\iaStor.sys
[2007/02/12 13:36:54 | 000,277,784 | ---- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:\TOSAPINS\Intel Matrix Storage Manager\Inf Setup\iastor.sys
[2007/02/12 13:36:54 | 000,277,784 | ---- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:\WINDOWS\OemDir\iaStor.sys
[2007/02/12 13:36:54 | 000,277,784 | ---- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:\WINDOWS\system32\drivers\iaStor.sys
[2007/02/12 13:36:54 | 000,277,784 | ---- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:\WINDOWS\system32\ReinstallBackups\0000\DriverFiles\iaStor.sys

< MD5 for: NETLOGON.DLL >
[2008/04/14 01:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008/04/14 01:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/14 01:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/04 13:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 13:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/14 01:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008/04/14 01:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/14 01:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< MD5 for: USBSTOR.SYS >
[2004/08/04 13:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\I386\sp2.cab:usbstor.sys
[2004/08/04 13:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:usbstor.sys
[2008/11/26 04:06:44 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:usbstor.sys
[2008/11/26 04:06:44 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:usbstor.sys
[2004/08/04 00:08:48 | 000,026,496 | ---- | M] (Microsoft Corporation) MD5=6CD7B22193718F1D17A47A1CD6D37E75 -- C:\WINDOWS\$NtServicePackUninstall$\usbstor.sys
[2008/04/13 19:45:38 | 000,026,368 | ---- | M] (Microsoft Corporation) MD5=A32426D9B14A089EAA1D922E0C5801A9 -- C:\WINDOWS\ServicePackFiles\i386\usbstor.sys
[2008/04/13 19:45:38 | 000,026,368 | ---- | M] (Microsoft Corporation) MD5=A32426D9B14A089EAA1D922E0C5801A9 -- C:\WINDOWS\system32\drivers\usbstor.sys
[2008/04/13 19:45:38 | 000,026,368 | ---- | M] (Microsoft Corporation) MD5=A32426D9B14A089EAA1D922E0C5801A9 -- C:\WINDOWS\system32\ReinstallBackups\0024\DriverFiles\i386\USBSTOR.SYS

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-09-03 02:01:42

========== Alternate Data Streams ==========

@Alternate Data Stream - 146 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1FEDA220
@Alternate Data Stream - 144 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:79108DDD
@Alternate Data Stream - 144 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6EB5B3D3
@Alternate Data Stream - 143 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C4B264B5
@Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:755BD5CD
@Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BA37E1F6
@Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DCE8F703
@Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B9B2111D
@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:362B7440
@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EBFD4E6F
@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:29058F8B
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4BD41AB7
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2F8DACDA
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9CD3B6D1
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C462DAE
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C8FE79B
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:ADE16379
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:385BC52C
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:94124B85
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E36F5B57
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:67518200
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A61A6FCC
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3D0C4F47
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EFD52482
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EB3AF287
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:30ECA2C2
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5BB2BD38
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D66B5EAE
< End of report >

Re: trojan.win32.buzus.eglu11th September 2010, 11:33 pm

Hi.

Please download ComboFix trojan.win32.buzus.eglu - Page 2 Combofix

from BleepingComputer.com

Alternate link: GeeksToGo.com

Alternate link: Forospyware.com

Rename ComboFix.exe to commy.exe before you save it to your Desktop

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found here
Click Start>Run then copy paste the following command into the Run box & click OK "%userprofile%\desktop\commy.exe" /stepdel
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console

trojan.win32.buzus.eglu - Page 2 Query_RC

Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
trojan.win32.buzus.eglu - Page 2 RC_successful

trojan.win32.buzus.eglu - Page 2 RC_successful

Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.

............................................................................................
I'm livin' life in the fast lane.

Re: trojan.win32.buzus.eglu12th September 2010, 7:45 am

Hi
Thank you for getting back to me here is the log file
Tazzy

ComboFix 10-09-11.02 - Tania Wood 12/09/2010 8:07.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.2039.1344 [GMT 1:00]
Running from: c:\documents and settings\Tania Wood\desktop\commy.exe
Command switches used :: /stepdel
AV: F-Secure Internet Security 2008 OEM 8.00 *On-access scanning enabled* (Outdated) {E7512ED5-4245-4B4D-AF3A-382D3F313F15}
AV: Norton Internet Security *On-access scanning disabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: F-Secure Internet Security 2008 OEM 8.00 *disabled* {D4747503-0346-49EB-9262-997542F79BF4}
FW: Norton Internet Security *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Install.exe
d:\my documents\EFRbackup.reg
d:\my documents\regbackup.reg

.
((((((((((((((((((((((((( Files Created from 2010-08-12 to 2010-09-12 )))))))))))))))))))))))))))))))
.

2010-09-06 23:43 . 2010-09-06 23:45 -------- d-----w- c:\program files\Phoenix Viewer
2010-09-06 22:59 . 2010-09-06 22:59 -------- d-----w- c:\windows\system32\winrm
2010-09-06 22:59 . 2010-09-06 22:59 -------- dc-h--w- c:\windows\$968930Uinstall_KB968930$
2010-09-06 02:48 . 2010-09-06 02:49 80767800 ----a-w- c:\documents and settings\All Users\Application Data\PC Tools\DownloadManager\Spyware Doctor8.0\sdsetup_dl.exe
2010-09-06 02:31 . 2010-09-06 02:31 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2010-09-05 21:04 . 2010-09-05 21:04 316 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_0D756077321A70C3E844C138CE981581.dll
2010-09-05 20:39 . 2010-09-05 20:39 -------- d-----w- c:\program files\Eusing Free Registry Cleaner
2010-09-05 16:52 . 2010-09-05 16:52 -------- d-----w- c:\documents and settings\Tania Wood\Application Data\Uniblue
2010-09-05 03:35 . 2010-09-05 03:35 -------- d-----w- C:\d2bf15400392b349be9432
2010-09-05 02:17 . 2010-09-06 01:25 -------- d-----w- c:\documents and settings\Tania Wood\Local Settings\Application Data\SecondLife
2010-08-19 18:31 . 2010-08-20 01:43 -------- d-----w- c:\windows\system32\NtmsData
2010-08-19 15:44 . 2010-08-19 15:54 -------- d-----w- C:\Combo-Fix
2010-08-19 14:28 . 2010-08-19 14:28 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-12 07:04 . 2009-12-14 02:57 -------- d-----w- c:\documents and settings\Tania Wood\Application Data\Skype
2010-09-12 07:01 . 2009-12-14 03:00 -------- d-----w- c:\documents and settings\Tania Wood\Application Data\skypePM
2010-09-07 21:36 . 2007-12-07 18:23 85064 ----a-w- c:\documents and settings\Tania Wood\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-09-06 23:03 . 2007-12-07 12:42 -------- d-----w- c:\program files\Microsoft.NET
2010-09-06 22:58 . 2009-03-15 21:54 -------- d-----w- c:\program files\Microsoft
2010-09-06 22:58 . 2007-05-31 16:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-09-06 22:45 . 2009-12-26 20:10 -------- d-----w- c:\program files\QuickTime
2010-09-06 22:44 . 2007-08-09 11:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2010-09-06 22:34 . 2007-05-30 09:46 -------- d-----w- c:\program files\Java
2010-09-06 21:26 . 2009-02-15 01:44 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-09-06 04:05 . 2009-02-15 01:43 -------- d-----w- c:\program files\Spyware Doctor
2010-09-06 02:45 . 2009-07-04 15:57 -------- d-----w- c:\program files\BitComet
2010-09-06 02:26 . 2009-12-26 20:12 -------- d-----w- c:\program files\iTunes
2010-09-06 02:26 . 2009-12-26 20:07 -------- d-----w- c:\program files\Common Files\Apple
2010-09-06 02:16 . 2009-12-17 23:24 -------- d-----w- c:\program files\Google
2010-09-06 02:14 . 2007-05-30 10:33 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-09-06 02:01 . 2009-07-25 08:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Birdstep Technology
2010-09-05 21:21 . 2010-02-09 14:38 -------- d-----w- c:\program files\myBabylon_English
2010-09-05 21:20 . 2010-09-05 21:04 -------- d-----w- c:\documents and settings\All Users\Application Data\SecTaskMan
2010-09-05 21:20 . 2010-09-05 21:04 -------- d-----w- c:\program files\Security Task Manager
2010-09-05 21:04 . 2010-09-05 21:04 152 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_0E23E40C6140D434FA9B96967D309AFE.dll
2010-09-05 17:35 . 2007-05-30 10:33 -------- d-----w- c:\program files\Intel
2010-09-05 17:31 . 2010-01-23 14:53 -------- d-----w- c:\program files\SystemRequirementsLab
2010-09-05 02:57 . 2009-02-15 03:06 -------- d-----w- c:\program files\CCleaner
2010-09-05 02:17 . 2010-02-19 18:35 -------- d-----w- c:\documents and settings\Tania Wood\Application Data\SecondLife
2010-09-05 01:59 . 2009-01-04 17:19 -------- d-----w- c:\program files\Microsoft Silverlight
2010-08-19 18:39 . 2009-07-18 18:27 -------- d-----w- c:\program files\iWin Games
2010-08-16 13:01 . 2010-07-20 18:10 -------- d-----w- c:\documents and settings\All Users\Application Data\STOPzilla!
2010-08-12 16:35 . 2010-08-12 16:35 -------- d-----w- c:\program files\Ubisoft
2010-08-09 12:21 . 2010-08-09 12:21 503808 ----a-w- c:\documents and settings\Tania Wood\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-1dbe9b9f-n\msvcp71.dll
2010-08-09 12:21 . 2010-08-09 12:21 499712 ----a-w- c:\documents and settings\Tania Wood\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-1dbe9b9f-n\jmc.dll
2010-08-09 12:21 . 2010-08-09 12:21 348160 ----a-w- c:\documents and settings\Tania Wood\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-1dbe9b9f-n\msvcr71.dll
2010-08-09 12:21 . 2010-08-09 12:21 61440 ----a-w- c:\documents and settings\Tania Wood\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-5e2e1a75-n\decora-sse.dll
2010-08-09 12:21 . 2010-08-09 12:21 12800 ----a-w- c:\documents and settings\Tania Wood\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-5e2e1a75-n\decora-d3d.dll
2010-08-08 18:38 . 2010-08-08 18:38 -------- d-----w- c:\documents and settings\Tania Wood\Application Data\Malwarebytes
2010-08-08 18:38 . 2010-08-08 18:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-08-02 14:27 . 2010-08-02 14:27 -------- d-----w- c:\documents and settings\LocalService\Application Data\Birdstep Technology
2010-08-02 14:27 . 2010-08-02 14:26 -------- d-----w- c:\program files\ZTE_1.2059.0.8
2010-07-20 18:54 . 2008-12-29 18:44 -------- d-----w- c:\documents and settings\All Users\Application Data\RetroExp
2010-07-20 18:16 . 2010-07-20 18:16 237568 ---ha-w- C:\SZKGFS.dat
2010-07-20 18:11 . 2010-07-20 18:11 -------- d-----w- c:\documents and settings\All Users\Application Data\SITEguard
2010-07-20 18:10 . 2010-07-20 18:10 -------- d-----w- c:\program files\Common Files\iS3
2010-07-19 23:22 . 2009-12-28 23:21 -------- d-----w- c:\documents and settings\Tania Wood\Application Data\vlc
2010-07-15 10:23 . 2010-07-15 10:23 654456 ----a-w- c:\windows\system32\ncs2dmix.dll
2010-07-15 10:23 . 2010-07-15 10:23 506488 ----a-w- c:\windows\system32\accesor.dll
2010-07-14 09:16 . 2010-07-14 09:16 182784 ----a-w- c:\windows\system32\Ncs2Setp.dll
2010-07-14 08:39 . 2010-07-14 08:39 134264 ----a-w- c:\windows\system32\ncs2instutility.dll
2010-07-14 08:20 . 2010-07-14 08:20 1813112 ----a-w- c:\windows\system32\ncscolib.dll
2010-06-30 12:31 . 2007-05-30 08:13 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-24 12:22 . 2007-05-30 08:13 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-23 13:44 . 2007-05-30 08:13 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-21 15:27 . 2007-05-30 08:13 354304 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-21 13:43 . 2010-06-21 13:43 30880 ----a-w- c:\windows\system32\drivers\iqvw32.sys
2010-06-17 14:03 . 2007-05-30 08:13 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-14 14:31 . 2007-05-30 09:21 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-14 07:41 . 2007-05-30 08:13 1172480 ----a-w- c:\windows\system32\msxml3.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2005-04-11 65536]
"Google Update"="c:\documents and settings\Tania Wood\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-09-06 136176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-02-12 174872]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-04-09 138008]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-04-09 162584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-04-09 138008]
"RTHDCPL"="RTHDCPL.EXE" [2007-03-13 16125440]
"00THotkey"="c:\windows\system32\00THotkey.exe" [2006-08-07 253952]
"000StTHK"="000StTHK.exe" [2001-06-23 24576]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2004-03-24 196608]
"DpUtil"="c:\program files\TOSHIBA\DualPointUtility\TEDTray.exe" [2005-08-05 155648]
"TouchED"="c:\program files\TOSHIBA\TouchED\TouchED.exe" [2005-08-31 102400]
"TFNF5"="TFNF5.exe" [2006-04-11 622592]
"SmoothView"="c:\program files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2007-05-11 143360]
"TPSODDCtl"="TPSODDCtl.exe" [2007-04-18 102400]
"TPSMain"="TPSMain.exe" [2007-04-18 299008]
"TOSDCR"="TOSDCR.EXE" [2005-12-12 57344]
"TosHKCW.exe"="c:\program files\TOSHIBA\Wireless Hotkey\TosHKCW.exe" [2005-05-17 49152]
"DDWMon"="c:\program files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe" [2007-04-26 495616]
"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImage\TrueImageMonitor.exe" [2007-11-07 1165120]
"AcronisTimounterMonitor"="c:\program files\Acronis\TrueImage\TimounterMonitor.exe" [2007-11-07 1945688]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2007-11-07 148760]
"WD Button Manager"="WDBtnMgr.exe" [2008-12-29 339968]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2006-05-05 16:48 40448 ----a-w- c:\windows\system32\psqlpwd.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\TosBtNP]
2006-07-22 02:54 65536 ----a-w- c:\windows\system32\TosBtNP.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli psqlpwd

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\iWin Games\\iWinGames.exe"=
"c:\\Program Files\\iWin Games\\WebUpdater.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Kontiki\\KService.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"50000:TCP"= 50000:TCP:BitComet 50000 TCP
"50000:UDP"= 50000:UDP:BitComet 50000 UDP
"7375:TCP"= 7375:TCP:BitComet 7375 TCP
"7375:UDP"= 7375:UDP:BitComet 7375 UDP
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management

R0 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [07/12/2007 13:48 51072]
R0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\drivers\thpdrv.sys [22/03/2007 13:07 20992]
R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\drivers\Thpevm.sys [09/03/2007 15:23 6528]
R1 F-Secure HIPS;F-Secure HIPS;c:\program files\F-Secure Internet Security\HIPS\fshs.sys [07/12/2007 13:47 41184]
R1 TMEI3E;TMEI3E;c:\windows\system32\drivers\TMEI3E.sys [30/05/2007 16:23 5888]
R2 FdRedir;FdRedir;c:\program files\Common Files\Protector Suite QL\Drivers\FdRedir.sys [05/05/2006 18:00 13568]
R2 FileDisk2;FileDisk Protector Kernel Driver;c:\program files\Common Files\Protector Suite QL\Drivers\filedisk.sys [05/05/2006 17:59 33024]
R2 iWinTrusted;iWinTrusted;c:\program files\iWin Games\iWinTrusted.exe [02/09/2009 18:30 78104]
R2 smihlp;SMI helper driver;c:\program files\Protector Suite QL\smihlp.sys [05/05/2006 17:33 3456]
R2 tdudf;TOSHIBA UDF File System Driver;c:\windows\system32\drivers\tdudf.sys [26/03/2007 12:22 105856]
R2 Tmesrv;Tmesrv3;c:\program files\TOSHIBA\TME3\TMESRV31.exe [30/05/2007 16:23 114688]
R2 trudf;TOSHIBA DVD-RAM UDF File System Driver;c:\windows\system32\drivers\trudf.sys [19/02/2007 12:15 134016]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\F-Secure Internet Security\Anti-Virus\minifilter\fsgk.sys [07/12/2007 13:47 77824]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [31/05/2007 16:10 35968]
R3 TEchoCan;Toshiba Audio Effect;c:\windows\system32\drivers\TEchoCan.sys [30/05/2007 16:26 435072]
S0 nielprt;Nielsen Patch Service;c:\windows\system32\DRIVERS\nielprt.sys --> c:\windows\system32\DRIVERS\nielprt.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18/03/2010 13:16 130384]
S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [18/12/2009 10:58 11336]
S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [02/08/2010 15:27 9216]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
S3 NielGfx;Nielsen USB GFX;c:\windows\system32\drivers\nielgfx.sys --> c:\windows\system32\drivers\nielgfx.sys [?]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [15/02/2009 02:43 356920]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [30/05/2007 09:13 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18/03/2010 13:16 753504]
S4 F-Secure Filter;F-Secure File System Filter;c:\program files\F-Secure Internet Security\Anti-Virus\win2k\fsfilter.sys [07/12/2007 13:47 40048]
S4 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files\F-Secure Internet Security\Anti-Virus\win2k\fsrec.sys [07/12/2007 13:47 25456]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
.
Contents of the 'Scheduled Tasks' folder

2010-09-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3605395860-2466649076-873052810-1008Core.job
- c:\documents and settings\Tania Wood\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-09-06 23:21]

2010-09-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3605395860-2466649076-873052810-1008UA.job
- c:\documents and settings\Tania Wood\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-09-06 23:21]

2007-12-07 c:\windows\Tasks\Registration reminder 1.job
- c:\windows\system32\OOBE\oobebaln.exe [2007-05-30 00:12]

2007-12-07 c:\windows\Tasks\Registration reminder 2.job
- c:\windows\system32\OOBE\oobebaln.exe [2007-05-30 00:12]

2007-12-07 c:\windows\Tasks\Registration reminder 3.job
- c:\windows\system32\OOBE\oobebaln.exe [2007-05-30 00:12]

2010-09-12 c:\windows\Tasks\Scheduled scanning task.job
- c:\progra~1\F-SECU~1\ANTI-V~1\fsav.exe [2007-12-07 12:41]

2010-09-11 c:\windows\Tasks\SDMsgUpdate (TE).job
- c:\progra~1\SMARTD~1\Messages\SDNotify.exe [2009-05-04 06:29]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\Tania Wood\Start Menu\Programs\IMVU\Run IMVU.lnk
.

**************************************************************************
scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1056)
c:\windows\system32\psqlpwd.dll
c:\program files\Protector Suite QL\infra.dll
c:\program files\Protector Suite QL\homefus2.dll
c:\windows\system32\biologon.dll
c:\program files\Protector Suite QL\homepass.dll
c:\program files\Protector Suite QL\bio.dll
c:\program files\Protector Suite QL\remote.dll
c:\program files\Protector Suite QL\crypto.dll
c:\program files\Protector Suite QL\biokmd.dll

- - - - - - - > 'lsass.exe'(1112)
c:\windows\system32\relog_ap.dll
c:\windows\system32\psqlpwd.dll
c:\program files\Protector Suite QL\infra.dll
c:\program files\Protector Suite QL\homefus2.dll
.
Completion time: 2010-09-12 08:17:04
ComboFix-quarantined-files.txt 2010-09-12 07:17

Pre-Run: 11,641,454,592 bytes free
Post-Run: 12,090,286,080 bytes free

- - End Of File - - 1A8E8C76B79FC595B167AB6485389F37

Re: trojan.win32.buzus.eglu14th September 2010, 2:15 am

Hi.

Please download Malwarebytes Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.

............................................................................................
I'm livin' life in the fast lane.

Re: trojan.win32.buzus.eglu14th September 2010, 8:00 am

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4611

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

14/09/2010 09:00:21
mbam-log-2010-09-14 (09-00-21).txt

Scan type: Quick scan
Objects scanned: 149612
Time elapsed: 27 minute(s), 4 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 2
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\GamiePlay Toolbar (Adware.DoubleD) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions\{5909fc3d-7f8b-415d-a5d1-7c7e941e536e} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions\{aa1acb70-b5f1-4037-909e-1f725b04d2a8} (Adware.DoubleD) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\HandyGamez Toolbar (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Tania Wood\Local Settings\Application Data\HandyGamez Toolbar (Adware.DoubleD) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\system32\f3PSSavr.0cr (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Documents and Settings\Tania Wood\Favorites\MyFastSearcher.url (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Tania Wood\Favorites\MyMindSearcher.url (Hijack.Favorites) -> Quarantined and deleted successfully.

Re: trojan.win32.buzus.eglu16th September 2010, 4:17 am

Hi.

Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan

Tick the box next to YES, I accept the Terms of Use
Click Start
When asked, allow the ActiveX control to install
Click Start
Make sure that the options Remove found threats and the option Scan unwanted applications is checked
Click Scan (This scan can take several hours, so please be patient)
Once the scan is completed, you may close the window
Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
Copy and paste that log as a reply to this topic

............................................................................................
I'm livin' life in the fast lane.

Re: trojan.win32.buzus.eglu17th September 2010, 1:44 am

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=a49e29b3e79025408a8a2741b4a20df9
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-09-17 12:39:15
# local_time=2010-09-17 01:39:15 (+0000, GMT Daylight Time)
# country="United Kingdom"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=1026 16777214 0 2 32496789 32496789 0 0
# compatibility_mode=2304 16777179 100 0 0 0 0 0
# compatibility_mode=2560 16777215 100 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 29171 29171 0 0
# scanned=157056
# found=0
# cleaned=0
# scan_time=5113

Re: trojan.win32.buzus.eglu18th September 2010, 6:36 pm

Hi.

How is your computer running now?

............................................................................................
I'm livin' life in the fast lane.

Re: trojan.win32.buzus.eglu24th September 2010, 6:54 am

hi well
i have just managed to get on the internet and find this as my intel 82566mc gigabit network connection (adapter) has stopped working.

i got a blue screen with alot of writing and then when the computer restarted the ethernet (lan) connection didnt show in my networks anymore
when i go to device manager i have the yellow triangle with the i and it says This device cannot start. (Code 10) i unistalled and re installed the rebooted to no change

any ideas please would be awesome Sad tearing

Thank you Tazzy

Re: trojan.win32.buzus.eglu1st October 2010, 9:44 pm

Hi.

Sorry for the delay.

Could you please navigate to C:\Windows\Minidump and zip those .dmp files up and attach them here?

............................................................................................
I'm livin' life in the fast lane.

Re: trojan.win32.buzus.eglu3rd October 2010, 10:42 pm

Hi i managed to zip them but i cant attach them here?

i can email them or is there another way sorry let me know whats best thx

Tazzy Thank You!

Re: trojan.win32.buzus.eglu5th October 2010, 1:42 am

Hi.

Please go here and upload the zip file, then post the link here.

............................................................................................
I'm livin' life in the fast lane.

Re: trojan.win32.buzus.eglu6th October 2010, 1:14 am

Thank you for that Big Grin

http://www.mediafire.com/file/i64oghaajwct17c/Minidump.rar

Re: trojan.win32.buzus.eglu6th October 2010, 1:32 am

Hi.

Try updating your graphics card driver in Device Manager and see if it still occurs.

............................................................................................
I'm livin' life in the fast lane.

Re: trojan.win32.buzus.eglu6th October 2010, 10:09 pm

no updates avalible
can not find newer version Smile...

Re: trojan.win32.buzus.eglu9th October 2010, 6:35 pm

Hi,

Try re-installing it in Device Manager, and see if it still occurs.

............................................................................................
I'm livin' life in the fast lane.

Re: trojan.win32.buzus.eglu10th October 2010, 12:39 pm

un installed and re installed
still have all applications hanging continuesly hard to used any browser except ie Sad tearing

chrome and mozzilla crash ie only one that works now have unistalled and reinstalled them office programs hang and now also the explorer application starting to hang or become non resposive for a while then works again cant do anything on the laptop hardley have just bought a external hard drive and saved stuff to it but it is still hanging Sad tearing

Re: trojan.win32.buzus.eglu10th October 2010, 8:28 pm

Hi,

I don't know why I didn't catch this earlier, but I noticed you have 2 Anti-virus programs.

I recommend removing both F-Secure and Norton and install one of these:

If you don't have a Antivirus I recommend to download these free Antivirus programs:
1. Microsoft Security Essentials
2. AVG Free
3. Avast!

After you install one of these see if the issues still occur.

............................................................................................
I'm livin' life in the fast lane.

Re: trojan.win32.buzus.eglu11th October 2010, 11:14 am

ok norton was removed but only shows remnants that i cant remove I don't know why they wont go. Fsecure came with the computer and i have disabled it - i have down loaded avast that didnt find anything then i uninstalled avast and down loaded avg - that found 2 warnings and nothing more.

Re: trojan.win32.buzus.eglu11th October 2010, 10:46 pm

Hi,

Please download and run each of these:

1. ftp://ftp.symantec.com/public/english_us_canada/removal_tools/Norton_Removal_Tool.exe

2. ftp://ftp.f-secure.com/support/tools/uitool/UninstallationTool.zip

3. http://files.avast.com/files/eng/aswclear5.exe

4. http://download.avg.com/filedir/util/avg_arm_sup_____.dir/avgremover.exe

==================

After that; please download only this Anti-Virus:

http://www.microsoft.com/security_essentials/

............................................................................................
I'm livin' life in the fast lane.

trojan.win32.buzus.eglu

descriptionRe: trojan.win32.buzus.eglu10th September 2010, 5:04 am

descriptionRe: trojan.win32.buzus.eglu11th September 2010, 11:33 pm

descriptionRe: trojan.win32.buzus.eglu12th September 2010, 7:45 am

descriptionRe: trojan.win32.buzus.eglu14th September 2010, 2:15 am

descriptionRe: trojan.win32.buzus.eglu14th September 2010, 8:00 am

descriptionRe: trojan.win32.buzus.eglu16th September 2010, 4:17 am

descriptionRe: trojan.win32.buzus.eglu17th September 2010, 1:44 am

descriptionRe: trojan.win32.buzus.eglu18th September 2010, 6:36 pm

descriptionRe: trojan.win32.buzus.eglu24th September 2010, 6:54 am

descriptionRe: trojan.win32.buzus.eglu1st October 2010, 9:44 pm

descriptionRe: trojan.win32.buzus.eglu3rd October 2010, 10:42 pm

descriptionRe: trojan.win32.buzus.eglu5th October 2010, 1:42 am

descriptionRe: trojan.win32.buzus.eglu6th October 2010, 1:14 am

descriptionRe: trojan.win32.buzus.eglu6th October 2010, 1:32 am

descriptionRe: trojan.win32.buzus.eglu6th October 2010, 10:09 pm

descriptionRe: trojan.win32.buzus.eglu9th October 2010, 6:35 pm

descriptionRe: trojan.win32.buzus.eglu10th October 2010, 12:39 pm

descriptionRe: trojan.win32.buzus.eglu10th October 2010, 8:28 pm

descriptionRe: trojan.win32.buzus.eglu11th October 2010, 11:14 am

descriptionRe: trojan.win32.buzus.eglu11th October 2010, 10:46 pm

descriptionRe: trojan.win32.buzus.eglu

Re: trojan.win32.buzus.eglu10th September 2010, 5:04 am

Re: trojan.win32.buzus.eglu11th September 2010, 11:33 pm

Re: trojan.win32.buzus.eglu12th September 2010, 7:45 am

Re: trojan.win32.buzus.eglu14th September 2010, 2:15 am

Re: trojan.win32.buzus.eglu14th September 2010, 8:00 am

Re: trojan.win32.buzus.eglu16th September 2010, 4:17 am

Re: trojan.win32.buzus.eglu17th September 2010, 1:44 am

Re: trojan.win32.buzus.eglu18th September 2010, 6:36 pm

Re: trojan.win32.buzus.eglu24th September 2010, 6:54 am

Re: trojan.win32.buzus.eglu1st October 2010, 9:44 pm

Re: trojan.win32.buzus.eglu3rd October 2010, 10:42 pm

Re: trojan.win32.buzus.eglu5th October 2010, 1:42 am

Re: trojan.win32.buzus.eglu6th October 2010, 1:14 am

Re: trojan.win32.buzus.eglu6th October 2010, 1:32 am

Re: trojan.win32.buzus.eglu6th October 2010, 10:09 pm

Re: trojan.win32.buzus.eglu9th October 2010, 6:35 pm

Re: trojan.win32.buzus.eglu10th October 2010, 12:39 pm

Re: trojan.win32.buzus.eglu10th October 2010, 8:28 pm

Re: trojan.win32.buzus.eglu11th October 2010, 11:14 am

Re: trojan.win32.buzus.eglu11th October 2010, 10:46 pm

Re: trojan.win32.buzus.eglu