trojan.win32.buzus.eglu

3 posters

WiredWX Christian Hobby Weather Tools :: GeekPolice tech support archive :: Technical Support

trojan.win32.buzus.eglu2nd August 2010, 4:54 pm

Hi i got a message from my antivirus software F-Secure saying:

Malicious code found in file c:\system volume\_restore{057EF1DB-699E-460E-A182-554DABF78B4D}-\RP355\A0076825.0xe

Infection: trojan.win32.buzus.eglu

action: failed

can you help me get rid of this i don't have a clue Sad tearing

Thanks Tazzy

Re: trojan.win32.buzus.eglu2nd August 2010, 6:24 pm

Hello.

Download OTL by OldTimer to your Desktop.

Close all windows and double click OTL.exe
Click Run Scan and let the program run uninterrupted
It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
You may need to use two posts to get it all.

............................................................................................
Site Admin / Security Administrator

Virus Removal ~ OS Support ~ Have we helped you? Help us! ~ GeekChat
- Please PM me if I fail to respond within 24hrs.
trojan.win32.buzus.eglu DXwU4

Re: trojan.win32.buzus.eglu3rd August 2010, 5:05 am

Running now thanks will get back with logs

Re: trojan.win32.buzus.eglu3rd August 2010, 5:20 am

OTL logfile created on: 03/08/2010 06:06:08 - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\Tania Wood\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 47.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 76.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 40.65 Gb Total Space | 6.71 Gb Free Space | 16.50% Space Free | Partition Type: NTFS
Drive D: | 65.87 Gb Total Space | 3.13 Gb Free Space | 4.76% Space Free | Partition Type: NTFS
Drive E: | 5.56 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
F: Drive not present or media not loaded
G: Drive not present or media not loaded
Drive H: | 970.13 Mb Total Space | 393.44 Mb Free Space | 40.56% Space Free | Partition Type: FAT
I: Drive not present or media not loaded

Computer Name: TANIA-82363
Current User Name: Tania Wood
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/08/03 00:04:44 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Tania Wood\Desktop\OTL.exe
PRC - [2010/07/22 23:02:16 | 000,945,720 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Tania Wood\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2010/03/18 15:59:36 | 000,057,344 | R--- | M] (iS3, Inc.) -- C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
PRC - [2010/01/28 13:48:00 | 010,035,448 | ---- | M] (3Connect) -- C:\Program Files\3 Mobile Broadband\3Connect\Wilog.exe
PRC - [2010/01/28 13:47:44 | 001,737,464 | ---- | M] () -- C:\Program Files\3 Mobile Broadband\3Connect\BecHelperService.exe
PRC - [2009/09/02 18:30:28 | 000,078,104 | ---- | M] (iWin Inc.) -- C:\Program Files\iWin Games\iWinTrusted.exe
PRC - [2009/06/29 09:02:55 | 000,551,424 | ---- | M] (F-Secure Corp.) -- C:\Program Files\F-Secure Internet Security\Anti-Virus\fssm32.exe
PRC - [2009/06/29 09:02:55 | 000,434,176 | ---- | M] (F-Secure Corp.) -- C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32.exe
PRC - [2008/12/29 19:47:06 | 000,339,968 | ---- | M] (Western Digital Technologies, Inc.) -- C:\WINDOWS\system32\WDBtnMgr.exe
PRC - [2008/10/20 22:18:26 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe
PRC - [2008/04/14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/04/09 12:39:08 | 003,068,352 | ---- | M] () -- C:\Program Files\Kontiki\KService.exe
PRC - [2007/11/07 19:26:44 | 001,945,688 | ---- | M] (Acronis) -- C:\Program Files\Acronis\TrueImage\TimounterMonitor.exe
PRC - [2007/11/07 19:18:28 | 000,148,760 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
PRC - [2007/11/07 19:18:22 | 000,406,808 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
PRC - [2007/11/07 19:14:04 | 001,165,120 | ---- | M] (Acronis) -- C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe
PRC - [2007/08/24 11:24:00 | 000,174,960 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure Internet Security\FSAUA\program\fsus.exe
PRC - [2007/05/25 14:13:52 | 000,596,848 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure Internet Security\FSPC\fspc.exe
PRC - [2007/05/25 14:13:04 | 000,232,360 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure Internet Security\Common\FSMB32.EXE
PRC - [2007/05/25 14:12:54 | 000,113,576 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE
PRC - [2007/05/25 14:12:38 | 000,125,864 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure Internet Security\Common\FCH32.EXE
PRC - [2007/05/25 14:12:36 | 000,392,048 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure Internet Security\Common\FAMEH32.EXE
PRC - [2007/05/25 14:10:08 | 000,453,488 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure Internet Security\FWES\program\fsdfwd.exe
PRC - [2007/05/25 14:08:28 | 000,043,952 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure Internet Security\Anti-Virus\fsqh.exe
PRC - [2007/05/25 14:08:20 | 000,048,072 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
PRC - [2007/05/25 14:07:58 | 000,319,856 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure Internet Security\Anti-Virus\fsav32.exe
PRC - [2007/05/25 14:07:06 | 000,457,584 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure Internet Security\FSAUA\program\fsaua.exe
PRC - [2007/05/11 10:06:50 | 000,143,360 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
PRC - [2007/04/26 11:49:34 | 000,495,616 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\DDWMon.exe
PRC - [2007/04/18 13:34:40 | 000,299,008 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TPSMain.exe
PRC - [2007/04/18 13:34:26 | 000,040,960 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TPSBattM.exe
PRC - [2007/04/09 23:01:02 | 000,166,680 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxext.exe
PRC - [2007/04/02 10:34:36 | 000,562,744 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\ThpSrv.exe
PRC - [2007/02/25 21:55:18 | 000,125,048 | ---- | M] (TOSHIBA CORPORATION) -- c:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosBtSrv.exe
PRC - [2007/02/16 20:40:50 | 000,069,632 | ---- | M] (OLYMPUS IMAGING CORP.) -- C:\Program Files\Olympus\DeviceDetector\DM1Service.exe
PRC - [2007/02/12 13:38:04 | 000,355,096 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2007/02/12 13:37:58 | 000,174,872 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2006/10/05 20:10:12 | 000,009,216 | ---- | M] (Agere Systems) -- C:\WINDOWS\system32\agrsmsvc.exe
PRC - [2006/09/11 18:32:12 | 000,094,208 | ---- | M] (EMC Corporation) -- C:\Program Files\Retrospect\Retrospect Express HD 2.0\retrorun.exe
PRC - [2006/08/07 12:58:10 | 000,253,952 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\00THotkey.exe
PRC - [2006/05/25 18:30:16 | 000,114,688 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TODDSrv.exe
PRC - [2006/04/11 02:14:52 | 000,622,592 | ---- | M] (TOSHIBA Corp.) -- C:\WINDOWS\system32\TFNF5.exe
PRC - [2006/03/06 16:30:58 | 000,114,688 | ---- | M] (TOSHIBA) -- C:\Program Files\TOSHIBA\TME3\TMESRV31.exe
PRC - [2005/08/31 14:46:04 | 000,102,400 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TouchED\TouchED.exe
PRC - [2005/08/05 15:54:58 | 000,155,648 | ---- | M] (TOSHIBA) -- C:\Program Files\TOSHIBA\DualPointUtility\TEDTray.exe
PRC - [2005/05/17 11:42:02 | 000,049,152 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe
PRC - [2005/04/11 11:26:06 | 000,065,536 | ---- | M] (TOSHIBA) -- C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
PRC - [2005/01/18 00:38:38 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

========== Modules (SafeList) ==========

MOD - [2010/08/03 00:04:44 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Tania Wood\Desktop\OTL.exe
MOD - [1999/12/07 21:00:00 | 000,106,547 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Texthelp Systems\Read And Write 8\msscript.ocx

========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2010/03/18 15:59:36 | 000,057,344 | R--- | M] (iS3, Inc.) [Auto | Running] -- C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe -- (szserver)
SRV - [2010/01/28 13:47:44 | 001,737,464 | ---- | M] () [Auto | Running] -- C:\Program Files\3 Mobile Broadband\3Connect\BecHelperService.exe -- (BecHelperService)
SRV - [2009/09/02 18:30:28 | 000,078,104 | ---- | M] (iWin Inc.) [Auto | Running] -- C:\Program Files\iWin Games\iWinTrusted.exe -- (iWinTrusted)
SRV - [2008/10/20 22:18:26 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU)
SRV - [2008/10/09 14:47:42 | 001,079,176 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService)
SRV - [2008/06/13 17:29:14 | 000,356,920 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService)
SRV - [2008/04/09 12:39:08 | 003,068,352 | ---- | M] () [Auto | Running] -- C:\Program Files\Kontiki\KService.exe -- (KService)
SRV - [2007/11/07 19:18:22 | 000,406,808 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2007/11/07 09:58:18 | 003,004,416 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x86\msvsmon.exe -- (msvsmon90)
SRV - [2007/05/31 17:30:53 | 001,174,664 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2007/05/25 14:12:54 | 000,113,576 | ---- | M] (F-Secure Corporation) [Auto | Running] -- C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE -- (FSMA)
SRV - [2007/05/25 14:10:08 | 000,453,488 | ---- | M] (F-Secure Corporation) [On_Demand | Running] -- C:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe -- (FSDFWD)
SRV - [2007/05/25 14:08:20 | 000,048,072 | ---- | M] (F-Secure Corporation) [Auto | Running] -- C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe -- (F-Secure Gatekeeper Handler Starter)
SRV - [2007/05/25 14:07:06 | 000,457,584 | ---- | M] (F-Secure Corporation) [On_Demand | Running] -- C:\Program Files\F-Secure Internet Security\FSAUA\program\fsaua.exe -- (FSAUA)
SRV - [2007/04/02 10:34:36 | 000,562,744 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\WINDOWS\system32\ThpSrv.exe -- (Thpsrv)
SRV - [2007/02/25 21:55:18 | 000,125,048 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- c:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
SRV - [2007/02/16 20:40:50 | 000,069,632 | ---- | M] (OLYMPUS IMAGING CORP.) [Auto | Running] -- C:\Program Files\Olympus\DeviceDetector\DM1Service.exe -- (DM1Service)
SRV - [2007/02/12 13:38:04 | 000,355,096 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2007/02/10 06:29:56 | 000,089,968 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2006/10/05 20:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\WINDOWS\system32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2006/09/11 18:32:12 | 000,094,208 | ---- | M] (EMC Corporation) [Auto | Running] -- C:\Program Files\Retrospect\Retrospect Express HD 2.0\retrorun.exe -- (RetroExpLauncher)
SRV - [2006/05/25 18:30:16 | 000,114,688 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\WINDOWS\system32\TODDSrv.exe -- (TODDSrv)
SRV - [2006/03/06 16:30:58 | 000,114,688 | ---- | M] (TOSHIBA) [Auto | Running] -- C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe -- (Tmesrv)
SRV - [2005/01/18 00:38:38 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (CFSvcs)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\DRIVERS\nielprt.sys -- (nielprt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\nielgfx.sys -- (NielGfx)
DRV - [2010/02/24 15:06:36 | 000,173,328 | R--- | M] (iS3, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\szkgfs.sys -- (szkgfs)
DRV - [2010/01/28 13:35:24 | 000,010,240 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\mdvrmng.sys -- (mdvrmng)
DRV - [2010/01/19 12:49:50 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - [2010/01/19 12:49:50 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - [2010/01/19 12:49:50 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - [2010/01/19 12:49:50 | 000,009,216 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\massfilter.sys -- (massfilter)
DRV - [2009/12/07 17:59:32 | 000,061,328 | R--- | M] (iS3 Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\szkg.sys -- (szkg5)
DRV - [2009/12/07 17:59:32 | 000,061,328 | R--- | M] (iS3 Inc.) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\drivers\is3srv.sys -- (is3srv)
DRV - [2009/06/29 09:02:56 | 000,077,824 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\F-Secure Internet Security\Anti-Virus\minifilter\fsgk.sys -- (F-Secure Gatekeeper)
DRV - [2008/12/05 07:58:48 | 000,241,296 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e1e5132.sys -- (e1express) Intel(R)
DRV - [2008/11/22 15:15:24 | 000,051,072 | ---- | M] (F-Secure Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\fsdfw.sys -- (FSFW)
DRV - [2008/11/22 15:15:16 | 000,041,184 | ---- | M] () [Kernel | System | Running] -- C:\Program Files\F-Secure Internet Security\HIPS\fshs.sys -- (F-Secure HIPS)
DRV - [2008/11/17 16:23:16 | 003,636,864 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw5x32.sys -- (NETw5x32) Intel(R)
DRV - [2008/08/25 13:36:30 | 000,081,288 | ---- | M] (PCTools Research Pty Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\iksyssec.sys -- (IKSysSec)
DRV - [2008/08/25 13:36:28 | 000,066,952 | ---- | M] (PCTools Research Pty Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\iksysflt.sys -- (IKSysFlt)
DRV - [2008/08/25 13:36:28 | 000,040,840 | ---- | M] (PCTools Research Pty Ltd.) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ikfilesec.sys -- (IKFileSec)
DRV - [2008/04/13 19:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/13 17:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007/12/07 14:39:21 | 000,400,864 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\timntr.sys -- (timounter)
DRV - [2007/12/07 14:39:21 | 000,040,064 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\tifsfilt.sys -- (tifsfilter)
DRV - [2007/12/07 14:39:18 | 000,120,992 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\snapman.sys -- (snapman)
DRV - [2007/08/08 11:12:40 | 000,101,120 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2007/05/25 14:09:16 | 000,025,456 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Program Files\F-Secure Internet Security\Anti-Virus\win2k\fsrec.sys -- (F-Secure Recognizer)
DRV - [2007/05/25 14:09:10 | 000,040,048 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Program Files\F-Secure Internet Security\Anti-Virus\win2k\fsfilter.sys -- (F-Secure Filter)
DRV - [2007/04/05 07:19:20 | 000,546,112 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ar5211.sys -- (AR5211)
DRV - [2007/03/30 22:34:14 | 005,704,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)
DRV - [2007/03/30 17:19:08 | 000,041,856 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfusb.sys -- (tosrfusb)
DRV - [2007/03/26 12:22:18 | 000,105,856 | ---- | M] (TOSHIBA Corporation) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\tdudf.sys -- (tdudf)
DRV - [2007/03/22 13:07:00 | 000,020,992 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\thpdrv.sys -- (Thpdrv)
DRV - [2007/03/13 03:32:40 | 004,486,144 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007/03/09 15:23:18 | 000,006,528 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Thpevm.SYS -- (Thpevm)
DRV - [2007/03/01 16:53:12 | 000,073,728 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Tosrfhid.sys -- (Tosrfhid)
DRV - [2007/02/25 14:05:24 | 002,203,520 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NETw4x32.sys -- (NETw4x32) Intel(R)
DRV - [2007/02/22 19:56:24 | 000,113,920 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfbd.sys -- (tosrfbd)
DRV - [2007/02/22 15:10:30 | 000,016,128 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV - [2007/02/21 18:20:36 | 000,435,072 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\TEchoCan.sys -- (TEchoCan)
DRV - [2007/02/19 12:15:32 | 000,134,016 | ---- | M] (TOSHIBA Corporation) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\trudf.sys -- (trudf)
DRV - [2007/02/15 16:44:06 | 000,016,768 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\TVALZ.SYS -- (TVALZ)
DRV - [2007/02/12 13:36:54 | 000,277,784 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\iaStor.sys -- (iaStor)
DRV - [2007/01/24 22:44:06 | 000,290,304 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21)
DRV - [2007/01/22 10:43:26 | 000,053,376 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TosRfSnd.sys -- (TosRfSnd)
DRV - [2006/11/28 23:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006/11/20 17:55:16 | 000,036,480 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfbnp.sys -- (tosrfbnp)
DRV - [2006/10/23 16:32:20 | 000,009,216 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosrfec.sys -- (tosrfec)
DRV - [2006/10/10 19:33:00 | 000,041,600 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosporte.sys -- (tosporte)
DRV - [2006/05/05 18:00:02 | 000,013,568 | ---- | M] (UPEK Inc.) [File_System | Auto | Running] -- C:\Program Files\Common Files\Protector Suite QL\Drivers\FdRedir.sys -- (FdRedir)
DRV - [2006/05/05 17:59:52 | 000,033,024 | ---- | M] (UPEK Inc.) [Kernel | Auto | Running] -- C:\Program Files\Common Files\Protector Suite QL\Drivers\filedisk.sys -- (FileDisk2)
DRV - [2006/05/05 17:43:38 | 000,028,800 | ---- | M] (UPEK Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tcusb.sys -- (TcUsb)
DRV - [2006/05/05 17:33:04 | 000,003,456 | ---- | M] (UPEK Inc.) [Kernel | Auto | Running] -- C:\Program Files\Protector Suite QL\smihlp.sys -- (smihlp)
DRV - [2005/08/01 16:45:00 | 000,064,896 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tosrfcom.sys -- (Tosrfcom)
DRV - [2005/06/10 21:26:00 | 000,035,968 | ---- | M] (Infineon Technologies AG) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ifxtpm.sys -- (IFXTPM)
DRV - [2005/01/06 13:42:00 | 000,018,612 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfnds.sys -- (tosrfnds)
DRV - [2004/06/16 11:08:48 | 000,005,888 | ---- | M] (Toshiba Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TMEI3E.sys -- (TMEI3E)
DRV - [2004/05/09 04:38:06 | 000,101,833 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2003/07/16 15:27:40 | 000,043,264 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ser2pl.sys -- (Ser2pl)
DRV - [2003/01/29 22:35:00 | 000,012,032 | ---- | M] (TOSHIBA Corporation.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\Netdevio.sys -- (Netdevio)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,FirstHomePage = http://www.google.co.uk/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.google.co.uk [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.theprizeday.com/today.php
IE - HKCU\..\URLSearchHook: {00A6FAF6-072E-44cf-8957-5838F569A31D} - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files\myBabylon_English\tbmyB1.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.defaulturl: "http://search.babylon.com/web/{searchTerms}?babsrc=browsersearch"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.selectedEngine: "Search the web (Babylon)"
FF - prefs.js..browser.startup.homepage: "http://www.theprizeday.com/today.php|http://www.google.co.uk/"
FF - prefs.js..extensions.enabledItems: {8141440E-08F0-4339-9959-5C31C6A69F23}:5.7.0.7330
FF - prefs.js..extensions.enabledItems: {AA1ACB70-B5F1-4037-909E-1F725B04D2A8}:1.7.0.3990
FF - prefs.js..extensions.enabledItems: {E889F097-B0BE-471B-89AD-B86B6F04B506}:4.7.0.2910
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {5909FC3D-7F8B-415d-A5D1-7C7E941E536E}:2.7.0.4370
FF - prefs.js..extensions.enabledItems: {E63605FC-D583-4C81-867F-9457BDB3EA1B}:4.7.0.2940
FF - prefs.js..extensions.enabledItems: {7b13ec3e-999a-4b70-b9cb-2617b8323822}:2.5.6.0

FF - HKLM\software\mozilla\Firefox\extensions\\{E63605FC-D583-4C81-867F-9457BDB3EA1B}: C:\Program Files\Web Content Searcher\4.7.0.2940\FF [2010/06/04 13:24:35 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{8141440E-08F0-4339-9959-5C31C6A69F23}: C:\Program Files\Computerized Content Operator\5.7.0.7330\FF [2010/06/04 13:24:45 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{E889F097-B0BE-471B-89AD-B86B6F04B506}: C:\Program Files\Customized Platform Services\4.7.0.2910\FF [2010/06/04 13:25:06 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{AA1ACB70-B5F1-4037-909E-1F725B04D2A8}: C:\Program Files\Contextual Content Manager\1.7.0.3990\FF [2010/06/04 13:25:42 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{5909FC3D-7F8B-415d-A5D1-7C7E941E536E}: C:\Program Files\Textual Content Enhancer\2.7.0.4370\FF [2010/06/04 13:26:00 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\m3ffxtbr@mywebsearch.com: C:\Program Files\MyWebSearch\bar\1.bin [2010/07/27 22:46:21 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/07/30 22:25:00 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/07/30 22:25:00 | 000,000,000 | ---D | M]

[2010/02/21 06:36:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tania Wood\Application Data\Mozilla\Extensions
[2010/02/21 06:36:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tania Wood\Application Data\Mozilla\Extensions\IMVUClientXUL@imvu.com
[2010/08/02 16:25:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tania Wood\Application Data\Mozilla\Firefox\Profiles\os6m0tqw.default\extensions
[2009/09/03 15:34:42 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Tania Wood\Application Data\Mozilla\Firefox\Profiles\os6m0tqw.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/02/08 18:21:43 | 000,000,000 | ---D | M] (Zynga Toolbar) -- C:\Documents and Settings\Tania Wood\Application Data\Mozilla\Firefox\Profiles\os6m0tqw.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
[2009/07/04 16:57:19 | 000,000,000 | ---D | M] (BitComet Video Downloader) -- C:\Documents and Settings\Tania Wood\Application Data\Mozilla\Firefox\Profiles\os6m0tqw.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}
[2009/09/29 12:28:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tania Wood\Application Data\Mozilla\Firefox\Profiles\os6m0tqw.default\extensions\foxmarks@kei.com
[2009/09/29 12:28:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tania Wood\Application Data\Mozilla\Firefox\Profiles\os6m0tqw.default\extensions\isreaditlater@ideashower.com
[2009/09/29 12:28:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tania Wood\Application Data\Mozilla\Firefox\Profiles\os6m0tqw.default\extensions\smarterwiki@wikiatic.com
[2010/08/02 16:25:08 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/05/25 14:58:40 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2008/11/11 08:38:54 | 000,663,552 | ---- | M] (BitComet) -- C:\Program Files\Mozilla Firefox\plugins\npBitCometAgent.dll
[2010/04/12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2006/09/26 13:03:14 | 000,098,304 | ---- | M] (Zylom) -- C:\Program Files\Mozilla Firefox\plugins\npzylomgamesplayer.dll

O1 HOSTS File: ([2009/07/04 17:27:01 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (txthlpBHO Class) - {060235DC-6D84-47BD-95D7-A4EF5099A59D} - C:\Program Files\Texthelp Systems\Read And Write 8\texthelpbho.dll ()
O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.3.3.2.dll (BitComet)
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (IEHlprObj Class) - {8CA5ED52-F3FB-4414-A105-2E3491156990} - C:\Program Files\iWin Games\iWinGamesHookIE.dll (iWin Inc.)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - No CLSID value found.
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (no name) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - No CLSID value found.
O2 - BHO: (myBabylon English Toolbar) - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files\myBabylon_English\tbmyB1.dll (Conduit Ltd.)
O2 - BHO: (no name) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - No CLSID value found.
O2 - BHO: (STOPzilla Browser Helper Object) - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\Program Files\STOPzilla!\SZIEBHO.dll (iS3, Inc.)
O3 - HKLM\..\Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKLM\..\Toolbar: (myBabylon English Toolbar) - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files\myBabylon_English\tbmyB1.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (myBabylon English Toolbar) - {B2E293EE-FD7E-4C71-A714-5F4750D8D7B7} - C:\Program Files\myBabylon_English\tbmyB1.dll (Conduit Ltd.)
O4 - HKLM..\Run: [000StTHK] C:\WINDOWS\System32\000StTHK.exe ()
O4 - HKLM..\Run: [00THotkey] C:\WINDOWS\system32\00THotkey.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImage\TimounterMonitor.exe (Acronis)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [DDWMon] C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe ()
O4 - HKLM..\Run: [DpUtil] C:\Program Files\TOSHIBA\DualPointUtility\TEDTray.exe (TOSHIBA)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TFNF5] C:\WINDOWS\System32\TFNF5.exe (TOSHIBA Corp.)
O4 - HKLM..\Run: [TOSDCR] C:\WINDOWS\System32\TOSDCR.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TosHKCW.exe] C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TPSMain] C:\WINDOWS\System32\TPSMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TPSODDCtl] C:\WINDOWS\System32\TPSODDCtl.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe (Acronis)
O4 - HKLM..\Run: [WD Button Manager] C:\WINDOWS\System32\WDBtnMgr.exe (Western Digital Technologies, Inc.)
O4 - HKCU..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth Manager.lnk = C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)
O4 - Startup: C:\Documents and Settings\Tania Wood\Start Menu\Programs\Startup\BBC iPlayer Desktop.lnk = C:\Program Files\BBC iPlayer Desktop\BBC iPlayer Desktop.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &D&ownload &with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: &D&ownload all video with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: &D&ownload all with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll (F-Secure Corporation)
O9 - Extra 'Tools' menuitem : Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll (F-Secure Corporation)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - C:\Program Files\BitComet\tools\BitCometBHO_1.3.3.2.dll (BitComet)
O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Tania Wood\Start Menu\Programs\IMVU\Run IMVU.lnk File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\F-Secure Internet Security\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\F-Secure Internet Security\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\F-Secure Internet Security\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\F-Secure Internet Security\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} https://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1192731469078 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1192731515546 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.microsoft.com/officeupdate/content/opuc4.cab (Office Update Installation Engine)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\x-sdch {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - Reg Error: Key error. File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\psfus: DllName - psqlpwd.dll - C:\WINDOWS\System32\psqlpwd.dll (UPEK Inc.)
O20 - Winlogon\Notify\TosBtNP: DllName - TosBtNP.dll - C:\WINDOWS\System32\TosBtNP.dll (TOSHIBA CORPORATION)
O24 - Desktop WallPaper: C:\Documents and Settings\Tania Wood\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Tania Wood\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (relog_ap) - C:\WINDOWS\System32\relog_ap.dll (Acronis)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/05/30 10:22:24 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/04/30 03:57:32 | 000,054,544 | R--- | M] (Electronic Arts) - E:\Autorun.exe -- [ UDF ]
O32 - AutoRun File - [2008/10/22 00:48:37 | 000,000,045 | R--- | M] () - E:\Autorun.inf -- [ UDF ]
O33 - MountPoints2\{1e411122-d5d6-11dd-906a-001cbf139729}\Shell\AutoRun\command - "" = G:\wd_windows_tools\WDSetup.exe -- File not found
O33 - MountPoints2\{1e411124-d5d6-11dd-906a-001cbf139729}\Shell\AutoRun\command - "" = F:\wd_windows_tools\WDSetup.exe -- File not found
O33 - MountPoints2\{52b27ae2-8006-11de-90a9-001cbf139729}\Shell - "" = AutoRun
O33 - MountPoints2\{52b27ae2-8006-11de-90a9-001cbf139729}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{52b27ae2-8006-11de-90a9-001cbf139729}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found
O33 - MountPoints2\{52b27ae3-8006-11de-90a9-001cbf139729}\Shell - "" = AutoRun
O33 - MountPoints2\{52b27ae3-8006-11de-90a9-001cbf139729}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{52b27ae3-8006-11de-90a9-001cbf139729}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found
O33 - MountPoints2\{72760b32-a4ef-11dc-9049-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{72760b32-a4ef-11dc-9049-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{72760b32-a4ef-11dc-9049-806d6172696f}\Shell\AutoRun\command - "" = E:\Autorun.exe -- [2009/04/30 03:57:32 | 000,054,544 | R--- | M] (Electronic Arts)
O33 - MountPoints2\{cc98c5d5-9e41-11df-90fe-001cbf139729}\Shell - "" = AutoRun
O33 - MountPoints2\{cc98c5d5-9e41-11df-90fe-001cbf139729}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{cc98c5d5-9e41-11df-90fe-001cbf139729}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O33 - MountPoints2\{daa2dd9e-7454-11de-90a6-001cbf139729}\Shell - "" = AutoRun
O33 - MountPoints2\{daa2dd9e-7454-11de-90a6-001cbf139729}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{daa2dd9e-7454-11de-90a6-001cbf139729}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O33 - MountPoints2\{daa2dda0-7454-11de-90a6-001cbf139729}\Shell - "" = AutoRun
O33 - MountPoints2\{daa2dda0-7454-11de-90a6-001cbf139729}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{daa2dda0-7454-11de-90a6-001cbf139729}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found
O33 - MountPoints2\{dfc261ac-7da5-11dc-9a6c-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{dfc261ac-7da5-11dc-9a6c-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{dfc261ac-7da5-11dc-9a6c-806d6172696f}\Shell\AutoRun\command - "" = E:\bootcd\wintools\autorun.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 30 Days ==========

[2010/08/03 00:08:05 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Tania Wood\Desktop\OTL.exe
[2010/08/02 20:27:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2010/08/02 15:27:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tania Wood\Application Data\Birdstep Technology
[2010/08/02 15:27:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Birdstep Technology
[2010/08/02 15:27:01 | 000,105,088 | ---- | C] (ZTE Incorporated) -- C:\WINDOWS\System32\drivers\ZTEusbser6k.sys
[2010/08/02 15:27:01 | 000,105,088 | ---- | C] (ZTE Incorporated) -- C:\WINDOWS\System32\drivers\ZTEusbnmea.sys
[2010/08/02 15:27:00 | 000,105,088 | ---- | C] (ZTE Incorporated) -- C:\WINDOWS\System32\drivers\ZTEusbmdm6k.sys
[2010/08/02 15:27:00 | 000,009,216 | ---- | C] (ZTE Incorporated) -- C:\WINDOWS\System32\drivers\massfilter.sys
[2010/08/02 15:26:57 | 000,000,000 | ---D | C] -- C:\Program Files\ZTE_1.2059.0.8
[2010/08/02 15:26:30 | 000,000,000 | ---D | C] -- C:\Program Files\3 Mobile Broadband
[2010/08/01 17:39:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2010/07/29 01:07:06 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Tania Wood\Recent
[2010/07/27 22:44:34 | 000,000,000 | ---D | C] -- C:\Program Files\FunWebProducts
[2010/07/20 19:51:33 | 000,000,000 | R-SD | C] -- D:\My Documents\My Safe
[2010/07/20 19:11:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SITEguard
[2010/07/20 19:10:35 | 000,000,000 | ---D | C] -- C:\Program Files\STOPzilla!
[2010/07/20 19:10:24 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\iS3
[2010/07/20 19:10:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!
[2010/07/14 12:21:48 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\helpsvc.exe
[2010/07/09 14:39:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tania Wood\Desktop\fp10_archive
[1996/11/18 22:15:46 | 000,018,944 | ---- | C] ( ) -- C:\WINDOWS\System32\implode.dll
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/08/03 06:02:00 | 000,000,996 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3605395860-2466649076-873052810-1008UA.job
[2010/08/03 01:00:43 | 000,000,526 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled scanning task.job
[2010/08/03 00:14:57 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2010/08/03 00:04:44 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Tania Wood\Desktop\OTL.exe
[2010/08/02 17:26:49 | 012,058,624 | -H-- | M] () -- C:\Documents and Settings\Tania Wood\NTUSER.DAT
[2010/08/02 15:48:38 | 000,000,474 | ---- | M] () -- C:\WINDOWS\tasks\SDMsgUpdate (TE).job
[2010/08/02 15:41:56 | 000,000,744 | ---- | M] () -- C:\WINDOWS\System32\drivers\kgpcpy.cfg
[2010/08/02 15:39:06 | 000,000,752 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Start Menu\Programs\Startup\BBC iPlayer Desktop.lnk
[2010/08/02 15:39:00 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/08/02 15:37:01 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/08/02 15:36:59 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/08/02 15:36:56 | 2137,821,184 | -HS- | M] () -- C:\hiberfil.sys
[2010/08/02 15:32:39 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Tania Wood\ntuser.ini
[2010/08/02 15:27:10 | 000,001,740 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\3Connect.lnk
[2010/08/02 15:27:10 | 000,001,668 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Application Data\Microsoft\Internet Explorer\Quick Launch\3Connect.lnk
[2010/08/01 08:02:00 | 000,000,944 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3605395860-2466649076-873052810-1008Core.job
[2010/08/01 07:48:21 | 000,211,819 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\quattro rooms.JPG
[2010/07/30 20:01:13 | 000,200,659 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\paint now.JPG
[2010/07/29 19:39:03 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/07/28 12:03:12 | 000,002,323 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\Google Chrome.lnk
[2010/07/28 12:03:12 | 000,002,301 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/07/27 22:23:16 | 000,223,868 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\painting sea.JPG
[2010/07/27 15:25:39 | 000,179,252 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\painting of sand.JPG
[2010/07/27 15:23:58 | 000,207,469 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\waves paint.JPG
[2010/07/27 07:30:35 | 008,462,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shell32.dll
[2010/07/21 05:46:22 | 000,147,751 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\paint4.JPG
[2010/07/21 05:40:36 | 000,140,198 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\paint3.JPG
[2010/07/21 05:38:45 | 000,205,694 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\paint2.JPG
[2010/07/21 05:37:40 | 000,200,521 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\paint.JPG
[2010/07/20 19:16:13 | 000,237,568 | -H-- | M] () -- C:\SZKGFS.dat
[2010/07/20 00:19:16 | 006,401,826 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\17 Carry Me (Like a Fire in Your Heart).mp3
[2010/07/17 02:40:19 | 000,163,865 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\paint1.JPG
[2010/07/16 15:01:13 | 000,064,439 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\SmallWorlds - Receipt,cloak.pdf
[2010/07/14 14:34:16 | 000,003,068 | ---- | M] () -- D:\My Documents\cc_20100714_143412.reg
[2010/07/07 16:50:52 | 000,090,112 | ---- | M] () -- D:\My Documents\artMission.doc
[2010/07/07 12:16:31 | 000,002,473 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Office Excel 2007.lnk
[2010/07/07 02:30:49 | 000,028,160 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\ARTIST MISSIONS.doc
[2010/07/06 17:10:46 | 000,065,964 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\SmallWorlds - Receipt1.pdf
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/08/02 15:41:46 | 000,000,744 | ---- | C] () -- C:\WINDOWS\System32\drivers\kgpcpy.cfg
[2010/08/02 15:27:10 | 000,001,740 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\3Connect.lnk
[2010/08/02 15:27:10 | 000,001,668 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Application Data\Microsoft\Internet Explorer\Quick Launch\3Connect.lnk
[2010/08/02 15:26:50 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\drivers\mdvrmng.sys
[2010/08/01 07:48:21 | 000,211,819 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\quattro rooms.JPG
[2010/07/30 20:01:13 | 000,200,659 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\paint now.JPG
[2010/07/27 22:23:16 | 000,223,868 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\painting sea.JPG
[2010/07/27 15:25:38 | 000,179,252 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\painting of sand.JPG
[2010/07/27 15:23:58 | 000,207,469 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\waves paint.JPG
[2010/07/21 05:46:22 | 000,147,751 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\paint4.JPG
[2010/07/21 05:40:36 | 000,140,198 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\paint3.JPG
[2010/07/21 05:38:44 | 000,205,694 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\paint2.JPG
[2010/07/21 05:37:40 | 000,200,521 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\paint.JPG
[2010/07/20 19:16:13 | 000,237,568 | -H-- | C] () -- C:\SZKGFS.dat
[2010/07/20 00:59:22 | 006,401,826 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\17 Carry Me (Like a Fire in Your Heart).mp3
[2010/07/17 02:40:18 | 000,163,865 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\paint1.JPG
[2010/07/16 15:01:13 | 000,064,439 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\SmallWorlds - Receipt,cloak.pdf
[2010/07/14 14:34:14 | 000,003,068 | ---- | C] () -- D:\My Documents\cc_20100714_143412.reg
[2010/07/07 16:50:52 | 000,090,112 | ---- | C] () -- D:\My Documents\artMission.doc
[2010/07/07 02:30:46 | 000,028,160 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\ARTIST MISSIONS.doc
[2010/07/06 17:10:45 | 000,065,964 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\SmallWorlds - Receipt1.pdf
[2010/01/19 12:49:54 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\RemoveDevice.dll
[2009/12/14 18:14:17 | 000,000,098 | ---- | C] () -- C:\WINDOWS\WirelessFTP.INI
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/06/01 19:42:52 | 000,000,000 | ---- | C] () -- C:\WINDOWS\tosOBEX.INI
[2009/04/18 00:42:23 | 000,000,041 | ---- | C] () -- C:\WINDOWS\crw.ini
[2009/01/19 18:40:54 | 000,000,520 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/12/07 13:40:43 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\DM1USBAPIVB.dll
[2007/09/27 11:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 11:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 11:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2007/08/09 11:49:09 | 000,000,440 | ---- | C] () -- C:\WINDOWS\yahoo.ini
[2007/06/01 09:29:31 | 000,000,562 | ---- | C] () -- C:\WINDOWS\TBTdetect.ini
[2007/05/31 16:04:12 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2007/05/31 16:04:12 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2007/05/31 16:04:12 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2007/05/31 16:04:12 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2007/05/31 16:04:12 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2007/05/31 16:04:12 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2007/05/30 16:26:19 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NDSTray.INI
[2007/05/30 14:00:12 | 000,128,113 | ---- | C] () -- C:\WINDOWS\System32\csellang.ini
[2007/05/30 14:00:12 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\csellang.dll
[2007/05/30 14:00:12 | 000,010,150 | ---- | C] () -- C:\WINDOWS\System32\tosmreg.ini
[2007/05/30 14:00:12 | 000,007,671 | ---- | C] () -- C:\WINDOWS\System32\cseltbl.ini
[2007/05/30 12:44:07 | 000,910,304 | ---- | C] () -- C:\WINDOWS\System32\igmedkrn.dll
[2007/05/30 12:44:07 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4814.dll
[2007/05/30 11:20:26 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2007/05/30 10:25:22 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2007/05/30 09:13:38 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\ToshBIOS.dll
[2007/05/30 09:13:37 | 000,000,083 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2006/12/05 13:05:06 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\TosBtAcc.dll
[2005/07/22 21:30:20 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\TosCommAPI.dll
[1998/05/31 00:00:00 | 000,748,160 | ---- | C] () -- C:\WINDOWS\System32\CO2C40EN.DLL
[1996/11/18 22:15:52 | 000,131,072 | ---- | C] () -- C:\WINDOWS\System32\p2sodbc.dll
[1996/11/18 22:15:50 | 000,054,272 | ---- | C] () -- C:\WINDOWS\System32\p2irdao.dll
[1996/11/18 22:15:50 | 000,050,176 | ---- | C] () -- C:\WINDOWS\System32\p2ctdao.dll
[1996/11/18 22:15:50 | 000,036,352 | ---- | C] () -- C:\WINDOWS\System32\p2bbnd.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 146 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1FEDA220
@Alternate Data Stream - 144 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:79108DDD
@Alternate Data Stream - 144 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6EB5B3D3
@Alternate Data Stream - 143 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C4B264B5
@Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:755BD5CD
@Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BA37E1F6
@Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DCE8F703
@Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B9B2111D
@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:362B7440
@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EBFD4E6F
@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:29058F8B
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4BD41AB7
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2F8DACDA
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9CD3B6D1
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C462DAE
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C8FE79B
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:ADE16379
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:385BC52C
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:94124B85
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E36F5B57
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:67518200
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A61A6FCC
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3D0C4F47
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EFD52482
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EB3AF287
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:30ECA2C2
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5BB2BD38
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D66B5EAE
< End of report >

Re: trojan.win32.buzus.eglu3rd August 2010, 5:21 am

OTL Extras logfile created on: 03/08/2010 06:06:08 - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\Tania Wood\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 47.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 76.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 40.65 Gb Total Space | 6.71 Gb Free Space | 16.50% Space Free | Partition Type: NTFS
Drive D: | 65.87 Gb Total Space | 3.13 Gb Free Space | 4.76% Space Free | Partition Type: NTFS
Drive E: | 5.56 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
F: Drive not present or media not loaded
G: Drive not present or media not loaded
Drive H: | 970.13 Mb Total Space | 393.44 Mb Free Space | 40.56% Space Free | Partition Type: FAT
I: Drive not present or media not loaded

Computer Name: TANIA-82363
Current User Name: Tania Wood
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.exe [@ = exefile] -- Reg Error: Key error. File not found
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"50000:TCP" = 50000:TCP:*:Enabled:BitComet 50000 TCP
"50000:UDP" = 50000:UDP:*:Enabled:BitComet 50000 UDP
"7375:TCP" = 7375:TCP:*:Enabled:BitComet 7375 TCP
"7375:UDP" = 7375:UDP:*:Enabled:BitComet 7375 UDP
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\BitComet\BitComet.exe" = C:\Program Files\BitComet\BitComet.exe:*:Enabled:BitComet.exe -- (www.BitComet.com)
"C:\Program Files\iWin Games\iWinGames.exe" = C:\Program Files\iWin Games\iWinGames.exe:*:Enabled:iWin Games application. -- (iWin Inc.)
"C:\Program Files\iWin Games\WebUpdater.exe" = C:\Program Files\iWin Games\WebUpdater.exe:*:Enabled:iWin Games updater. -- ()
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
"C:\Program Files\Google\Google Talk\googletalk.exe" = C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk -- (Google)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Kontiki\KService.exe" = C:\Program Files\Kontiki\KService.exe:*:Enabled:Delivery Manager Service -- ()

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0456ebd7-5f67-4ab6-852e-63781e3f389c}" = Macromedia Flash Player
"{0577A2AA-DEA0-4D40-8372-4211102D43E4}" = TOSHIBA Mic Effect
"{05EC21B8-4593-3037-A781-A6B5AFFCB19D}" = Microsoft Windows SDK for Visual Studio 2008 .NET Framework Tools
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}" = WD Diagnostics
"{0F4F4815-76AD-4B26-8763-72F3344041C2}" = TOSHIBA Manuals
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP210_series" = Canon MP210 series
"{11D3D948-2789-2E3D-03D7-282B537D8C01}" = BBC iPlayer Desktop
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{17B66E83-1BC9-11D5-A54A-0090278A1BB8}" = Microsoft FrontPage Client - English
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1CB92574-96F2-467B-B793-5CEB35C40C29}" = Image Resizer Powertoy for Windows XP
"{1E63ACB5-D45E-4856-8FC9-78F4B0D7BB80}" = TOSHIBA Security Assist
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{2254E64C-D2B1-4478-BD7E-37457D09FF39}" = QuickLink Desktop
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
"{2290A680-4083-410A-ADCC-7092C67FC052}" = Toshiba Online Product Information
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{241F2BF7-69EB-42A4-9156-96B2426C7504}" = Microsoft SQL Server Compact 3.5 for Devices ENU
"{24300A63-DD78-4AA5-A914-4D582C41D33A}" = TOSHIBA TouchPad On/Off Utility V2.5.1.0
"{26A24AE4-039D-4CA4-87B4-2F83216010FF}" = Java(TM) 6 Update 20
"{291B3A3B-F808-45B8-8113-DF232FCB6C82}" = Microsoft .NET Compact Framework 3.5
"{2C38F661-26B7-445D-B87D-B53FE2D3BD42}" = TOSHIBA PC Diagnostic Tool
"{2E5C075E-11AB-4BDD-918C-7B9A68953FF8}" = Microsoft SQL Server Compact 3.5 Design Tools ENU
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java(TM) SE Runtime Environment 6
"{32A3A4F4-B792-11D6-A78A-00B0D0160100}" = Java(TM) SE Development Kit 6 Update 10
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3B8D9FA4-745C-47C9-962D-4ABE6ACE136B}" = TOSHIBA Mobile Extension3
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{400830CA-F056-4BBE-80A3-9DF9CA4FB889}" = TOSHIBA Direct Disc Writer
"{4323A3CF-D66F-46BC-AD16-B94D7BF05CF1}" = TOSHIBA Dual Pointing Device Utility
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C2E5A82-DA8B-4c72-91A6-EBB4E0463537}_is1" = V Stuff Backup v1.6.2.16478
"{503C0372-6161-4B3E-B4A6-AC0A15C44CBC}" = PL-2303 USB-to-Serial
"{50AD75E8-547E-4998-8C06-BF5CEEF30813}" = Acronis True Image
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{56190F69-01D3-46CA-9861-43377C5E9B87}" = TOSHIBA Utilities
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{5D652EC3-8AC0-41E7-B337-162BC7B01148}" = Retrospect Express HD 2.0
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{64212898-097F-4F3F-AECA-6D34A7EF82DF}" = TOSHIBA Zooming Utility
"{64c5b887-b5ee-42b8-8596-78905a6b5f1f}" = Microsoft Windows SDK for Visual Studio 2008 SDK Reference Assemblies and IntelliSense
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6753B40C-0FBD-3BED-8A9D-0ACAC2DCD85D}" = Microsoft Document Explorer 2008
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6C9F6D23-E9AD-43C9-B43A-011562AAF876}" = Windows Mobile 5.0 SDK R2 for Pocket PC
"{6DE13770-01B7-4366-8DA6-48237793F445}" = VoiceOver Kit
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{737629F4-4111-4FD4-9071-29873B7C6426}" = Protector Suite 5.4
"{76E6BBAA-25E6-4BFC-9613-75A5CACE2940}" = Olympus DSS Player
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7862BAD8-A379-4128-8AA1-EFD5A9603C53}" = Wireless Hotkey
"{79756522-09EE-4CD9-9B66-308E7A8954C0}" = The Best Quiz Night In The World
"{7B569268-AB31-4156-BAA7-1330C6227217}" = Sequence Diagram Editor
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{842FAF7C-50EF-4463-9B8F-6222E1384D7D}" = Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8FB53850-246A-3507-8ADE-0060093FFEA6}" = Visual Studio Tools for the Office system 3.0 Runtime
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_STANDARDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_STANDARDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_STANDARDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_STANDARDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_STANDARDR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_STANDARDR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_STANDARDR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0021-0000-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer 2007
"{90120000-0021-0000-0000-0000000FF1CE}_VisualWebDeveloper_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0021-0409-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer MUI (English) 2007
"{90120000-0021-0409-0000-0000000FF1CE}_VisualWebDeveloper_{E1044ED2-E4AD-4B39-B500-31109750F6B4}" = Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_STANDARDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}_VisualWebDeveloper_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00B2-0409-0000-0000000FF1CE}" = Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_STANDARDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}_VisualWebDeveloper_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
"{91120000-0012-0000-0000-0000000FF1CE}" = Microsoft Office Standard 2007
"{91120000-0012-0000-0000-0000000FF1CE}_STANDARDR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0012-0000-0000-0000000FF1CE}_STANDARDR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD for TOSHIBA
"{94A90C69-71C1-470A-88F5-AA47ECC96B40}" = TOSHIBA HDD Protection
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95120000-0122-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{9656F3AC-6BA9-43F0-ABED-F214B5DAB27B}" = Windows Mobile 5.0 SDK R2 for Smartphone
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{998D6972-F58E-479D-9248-8F179E55AE38}" = Java DB 10.4.1.3
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A33B83D-FFC4-44CF-BEEF-632DECEF2FCD}" = Microsoft SQL Server Database Publishing Wizard 1.2
"{9A9EB5FC-1155-497B-9AF9-D1AB20382B10}" = STOPzilla
"{9ACBDDE2-DD2D-4103-8ECE-D1A9F7F03D1A}" = TOSHIBA Power Saver
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{A10DA03B-9048-48B4-00A2-A71153C3F886}" = The Sims™ Pet Stories
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A59BB15D-51B7-F12B-4548-8C0368243441}" = EA Download Manager UI
"{A6690C0E-B96E-4F0F-A8EB-D5B332454AC6}" = TOSHIBA Controls
"{A6FDF86A-F541-4E7B-AEA0-8849A2A700D5}" = iTunes
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A899DA1F-D626-401C-8651-F2921E3B4CB3}" = 3Connect
"{AA467959-A1D6-4F45-90CD-11DC57733F32}" = Crystal Reports Basic for Visual Studio 2008
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1.3
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B268E9A1-04A9-40D0-9866-846BE2B74BA7}" = Microsoft Windows SDK for Visual Studio 2008 Win32 Tools
"{B32E7732-B2FB-3FD0-81AC-6025B1104C66}" = Microsoft Device Emulator version 3.0 - ENU
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BBF5493A-05FB-4449-90DE-84A61EB78154}" = TOSHIBA SD Memory Boot Utility
"{BCC899FE-2DAA-460C-A5FB-60291E73D9C3}" = Microsoft SQL Server Compact 3.5 ENU
"{BDD83DC9-BEE9-4654-A5DA-CC46C250088D}" = TOSHIBA ConfigFree
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C0FC3B56-E345-40CD-A5CB-7EB791CE3E74}" = TOSHIBA Password Utility
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{CAA376AF-0DE8-4FCA-942E-C6AC579B94B3}" = Microsoft Windows SDK for Visual Studio 2008 Tools
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CB9EBE84-1EA9-3053-8E3C-13BE147B36E2}" = Native x86 Runtime for Visual C++ 2008 Feature Pack (v.9.0.30411)
"{CB9EBE84-1EA9-3053-8E3C-13BE147B36E2}.vc_x86runtime_30411_00" = Visual C++ 2008 Feature Pack - x86 - v9.0.30411.00
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D4D24FE5-FAB3-4FE2-AFFC-623955F4DF3A}" = Visual Studio.NET Baseline - English
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{D7DAD1E4-45F4-3B2B-899A-EA728167EC4F}" = Microsoft Visual Studio 2008 Professional Edition - ENU
"{DB780B85-B4B5-4864-A49C-9B706B169C93}" = TIPCI
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E9F44C98-B8B6-480F-AF7B-E42A0A46F4E3}" = Microsoft SQL Server VSS Writer
"{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}" = TOSHIBA SD Memory Utilities
"{EDDF99D9-9FE3-4871-A7DB-D1522C51EE9A}" = Microsoft .NET Compact Framework 2.0 SP2
"{EFE9ACA6-6056-40CD-8325-0E0BE2CB622B}" = Read And Write 8.1 Gold
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F9B3DD02-B0B3-42E9-8650-030DFF0D133D}" = Microsoft SQL Server Native Client
"{FC4C645F-8EBC-4F1E-A517-D1505B43A374}" = TOSHIBA Wireless Key Logon
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1" = BBC iPlayer Desktop
"BitComet" = BitComet 1.13
"Bullzip PDF Printer_is1" = Bullzip PDF Printer 6.0.0.702
"CCleaner" = CCleaner
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"com.ea.Vault.919CACB699904AC5D41B606703500DD39747C02D.1" = EA Download Manager UI
"Demand Five Player_is1" = Demand Five Player
"EA Download Manager" = EA Download Manager
"EditPlus 3" = EditPlus 3
"Entriq MediaSphere_is1" = Uninstall Entriq MediaSphere
"FileZilla Client" = FileZilla Client 3.2.4
"F-Secure Product 444" = F-Secure Internet Security 2008 OEM
"GPL Ghostscript Lite_is1" = GPL Ghostscript Lite 8.63
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"Huawei Modems" = Huawei Modems
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"iMesh" = iMesh
"InstallShield_{2C38F661-26B7-445D-B87D-B53FE2D3BD42}" = TOSHIBA PC Diagnostic Tool
"InstallShield_{56190F69-01D3-46CA-9861-43377C5E9B87}" = TOSHIBA Utilities
"InstallShield_{9ACBDDE2-DD2D-4103-8ECE-D1A9F7F03D1A}" = TOSHIBA Power Saver
"InstallShield_{C0FC3B56-E345-40CD-A5CB-7EB791CE3E74}" = TOSHIBA Password Utility
"InstallShield_{DB780B85-B4B5-4864-A49C-9B706B169C93}" = Texas Instruments PCIxx21/x515/xx12 drivers.
"iWinArcade" = iWin Games (remove only)
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Document Explorer 2008" = Microsoft Document Explorer 2008
"Microsoft Visual Studio 2005 Tools for Office Runtime" = Visual Studio 2005 Tools for Office Second Edition Runtime
"Microsoft Visual Studio 2008 Professional Edition - ENU" = Microsoft Visual Studio 2008 Professional Edition - ENU
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"MSNINST" = MSN
"myBabylon_English Toolbar" = myBabylon_English Toolbar
"nbi-glassfish-2.0.2.4.20080515" = GlassFish V2 UR2
"nbi-nb-base-6.1.0.1.200805300101" = NetBeans IDE 6.1
"PROSet" = Intel(R) PRO Network Connections Drivers
"Registry Mechanic_is1" = Registry Mechanic 8.0
"Spyware Doctor" = Spyware Doctor 6.0
"SpywareBlaster_is1" = SpywareBlaster 4.2
"ST6UNST #1" = The Budgerigar Program 2006
"STANDARDR" = Microsoft Office Standard 2007
"SwiftKit" = SwiftKit
"SystemRequirementsLab" = System Requirements Lab
"TDspBtn" = TOSHIBA Display Devices Change Utility
"TFNF5" = TOSHIBA Hotkey Utility for Display Devices
"TME" = Uninstall for TOSHIBA Mobile Extension3
"TOSHIBA Software Modem" = TOSHIBA Software Modem
"Visual Studio Tools for the Office system 3.0 Runtime" = Visual Studio Tools for the Office system 3.0 Runtime
"VisualWebDeveloper" = Microsoft Visual Studio Web Authoring Component
"VLC media player" = VLC media player 1.0.1
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"ZTE_1.2059.0.8" = ZTE_1.2059.0.8

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Combo Box" = Combo Box
"Facebook Plug-In" = Facebook Plug-In
"Google Chrome" = Google Chrome
"Icon Demo Application" = Icon Demo Application
"SmartDraw 2009" = SmartDraw 2009
"UnityWebPlayer" = Unity Web Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 01/08/2010 23:22:41 | Computer Name = TANIA-82363 | Source = Message from F-Secure Anti-Virus on | ID = 103
Description = 7 2010-08-02 04:22:41+01:00 tania-82363 TANIA-82363\Tania Wood
Message from F-Secure Anti-Virus on Scanning of \DEVICE\HARDDISKVOLUME1\DOCUMENTS
AND SETTINGS\TANIA WOOD\APPLICATION DATA\SKYPE\CHERRY.AID\MAIN.DB-JOURNAL was aborted
due to exceeded scanning time limit. The file may be in use or reading it was too
slow (e.g. network connection was under stress).

Error - 01/08/2010 23:47:58 | Computer Name = TANIA-82363 | Source = Message from F-Secure Anti-Virus on | ID = 103
Description = 8 2010-08-02 04:47:44+01:00 tania-82363 TANIA-82363\Tania Wood
Message from F-Secure Anti-Virus on Scanning of \DEVICE\HARDDISKVOLUME1\DOCUMENTS
AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\SEARCH\DATA\APPLICATIONS\WINDOWS\MSS.CHK
was aborted due to exceeded scanning time limit. The file may be in use or reading
it was too slow (e.g. network connection was under stress).

Error - 01/08/2010 23:48:01 | Computer Name = TANIA-82363 | Source = Message from F-Secure Anti-Virus on | ID = 103
Description = 9 2010-08-02 04:47:44+01:00 tania-82363 TANIA-82363\Tania Wood
Message from F-Secure Anti-Virus on Scanning of \DEVICE\HARDDISKVOLUME1\DOCUMENTS
AND SETTINGS\TANIA WOOD\LOCAL SETTINGS\TEMP\ETILQS_BUCW5VGZRPY7QRXYQETT was aborted
due to exceeded scanning time limit. The file may be in use or reading it was too
slow (e.g. network connection was under stress).

Error - 01/08/2010 23:48:06 | Computer Name = TANIA-82363 | Source = Message from F-Secure Anti-Virus on | ID = 103
Description = 10 2010-08-02 04:47:56+01:00 tania-82363 TANIA-82363\Tania Wood
Message from F-Secure Anti-Virus on Scanning of \DEVICE\HARDDISKVOLUME1\DOCUMENTS
AND SETTINGS\TANIA WOOD\APPLICATION DATA\SKYPE\CHERRY.AID\MAIN.DB-JOURNAL was aborted
due to exceeded scanning time limit. The file may be in use or reading it was too
slow (e.g. network connection was under stress).

Error - 02/08/2010 00:09:27 | Computer Name = TANIA-82363 | Source = Message from F-Secure Anti-Virus on | ID = 103
Description = 11 2010-08-02 05:09:26+01:00 tania-82363 TANIA-82363\Tania Wood
Message from F-Secure Anti-Virus on Scanning of \DEVICE\HARDDISKVOLUME1\PROGRAM
FILES\F-SECURE INTERNET SECURITY\FSAUA\SUBSCRIPTIONS\AVH_AVPE was aborted due to
exceeded scanning time limit. The file may be in use or reading it was too slow
(e.g. network connection was under stress).

Error - 02/08/2010 00:16:45 | Computer Name = TANIA-82363 | Source = Message from F-Secure Anti-Virus on | ID = 103
Description = 12 2010-08-02 05:16:44+01:00 tania-82363 TANIA-82363\Tania Wood
Message from F-Secure Anti-Virus on Scanning of \DEVICE\HARDDISKVOLUME1\DOCUMENTS
AND SETTINGS\TANIA WOOD\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\CACHE\F_0005A6
was aborted due to exceeded scanning time limit. The file may be in use or reading
it was too slow (e.g. network connection was under stress).

Error - 02/08/2010 12:11:06 | Computer Name = TANIA-82363 | Source = Message from F-Secure Anti-Virus on | ID = 103
Description = 1 2010-08-02 17:11:06+01:00 tania-82363 TANIA-82363\Tania Wood
Message from F-Secure Anti-Virus on Malicious code found in file C:\System Volume
Information\_restore{057EF1DB-699E-460E-A182-554DABF78B4D}\RP355\A0076825.0xe.
Infection: Trojan.Win32.Buzus.eglu Action: failed.

Error - 03/08/2010 01:07:59 | Computer Name = TANIA-82363 | Source = Message from F-Secure Anti-Virus on | ID = 103
Description = 2 2010-08-03 06:07:58+01:00 tania-82363 TANIA-82363\Tania Wood
Message from F-Secure Anti-Virus on Malicious code found in file C:\WINDOWS\system32\f3PSSavr.0cr.
Infection: Adware:W32/MyWebSearch.H

Error - 03/08/2010 01:09:59 | Computer Name = TANIA-82363 | Source = Message from F-Secure Anti-Virus on | ID = 103
Description = 3 2010-08-03 06:09:59+01:00 tania-82363 TANIA-82363\Tania Wood
Message from F-Secure Anti-Virus on Malicious code found in file C:\WINDOWS\system32\f3PSSavr.0cr.
Infection: Adware:W32/MyWebSearch.H

Error - 03/08/2010 01:10:11 | Computer Name = TANIA-82363 | Source = Message from F-Secure Anti-Virus on | ID = 103
Description = 4 2010-08-03 06:10:11+01:00 tania-82363 TANIA-82363\Tania Wood
Message from F-Secure Anti-Virus on Malicious code found in file C:\Documents
and Settings\Tania Wood\Local Settings\Application Data\wazjltd.0xe. Infection:
Trojan.Win32.Hrup.aah Action: failed.

[ OSession Events ]
Error - 18/06/2009 06:54:33 | Computer Name = TANIA-82363 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 9
seconds with 0 seconds of active time. This session ended with a crash.

Error - 18/06/2009 06:54:51 | Computer Name = TANIA-82363 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 9
seconds with 0 seconds of active time. This session ended with a crash.

Error - 18/06/2009 06:55:01 | Computer Name = TANIA-82363 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 3
seconds with 0 seconds of active time. This session ended with a crash.

Error - 19/10/2009 18:54:22 | Computer Name = TANIA-82363 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 88
seconds with 0 seconds of active time. This session ended with a crash.

Error - 19/10/2009 18:54:45 | Computer Name = TANIA-82363 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 12
seconds with 0 seconds of active time. This session ended with a crash.

Error - 12/04/2010 06:41:39 | Computer Name = TANIA-82363 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 9
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 02/08/2010 10:29:21 | Computer Name = TANIA-82363 | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the Bonjour Service service.

Error - 02/08/2010 10:29:52 | Computer Name = TANIA-82363 | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the Bonjour Service service.

Error - 02/08/2010 10:30:24 | Computer Name = TANIA-82363 | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the Bonjour Service service.

Error - 02/08/2010 10:30:54 | Computer Name = TANIA-82363 | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the Bonjour Service service.

Error - 02/08/2010 10:31:25 | Computer Name = TANIA-82363 | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the Bonjour Service service.

Error - 02/08/2010 10:31:55 | Computer Name = TANIA-82363 | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the Bonjour Service service.

Error - 02/08/2010 10:32:25 | Computer Name = TANIA-82363 | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the Bonjour Service service.

Error - 02/08/2010 10:38:57 | Computer Name = TANIA-82363 | Source = Service Control Manager | ID = 7022
Description = The SQL Server VSS Writer service hung on starting.

Error - 02/08/2010 10:38:57 | Computer Name = TANIA-82363 | Source = Service Control Manager | ID = 7034
Description = The SQL Server VSS Writer service terminated unexpectedly. It has
done this 1 time(s).

Error - 02/08/2010 10:53:53 | Computer Name = TANIA-82363 | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.0.100 for the Network Card with network
address 001CBF139729 has been denied by the DHCP server 192.168.0.1 (The DHCP Server
sent a DHCPNACK message).

< End of report >

Re: trojan.win32.buzus.eglu4th August 2010, 12:00 am

Hello.

Please run OTL.exe.

Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

:OTL
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - No CLSID value found.
O2 - BHO: (no name) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - No CLSID value found.
O2 - BHO: (no name) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
Return to OTL, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.
Click the red Run Fix button.
A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
Close OTL.exe

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Re: trojan.win32.buzus.eglu4th August 2010, 2:30 am

ok thanks here is the text file that i got Smile...

========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{2318C2B1-4965-11d4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11d4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.

OTL by OldTimer - Version 3.2.9.1 log created on 08042010_032937

Re: trojan.win32.buzus.eglu4th August 2010, 2:49 pm

Please download and run this tool.

Download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

Post the contents of the MBAM Log.

Re: trojan.win32.buzus.eglu9th August 2010, 7:31 pm

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4052

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

09/08/2010 20:19:06
mbam-log-2010-08-09 (20-19-06).txt

Scan type: Quick scan
Objects scanned: 131374
Time elapsed: 31 minute(s), 50 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 35
Registry Values Infected: 5
Registry Data Items Infected: 0
Folders Infected: 13
Files Infected: 14

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\Interface\{480098c6-f6ad-4c61-9b5c-2bae228a34d1} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{6160f76a-1992-4b17-a32d-0c706d159105} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{cf54be1c-9359-4395-8533-1657cf209cfe} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{3de88beb-f271-484a-ba71-01d30f439f0c} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{50ad41d2-b1f0-47cc-9ea7-395355eaeebd} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{8ceb185e-81a5-46d3-bc20-c555d605afbd} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a72522ba-9ff3-4c83-abc6-9b476728a396} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c5762628-ae15-4ca6-96c4-b00dd17f3419} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{d062e03e-65ca-49e4-9b15-31938ba98922} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{883dfc00-8a21-411d-956c-73a4e4b7d16f} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{d518921a-4a03-425e-9873-b9a71756821e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Explorer\Bars\{cac89ff9-34a9-4431-8cfe-292a47f843bc} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Explorer\Bars\{b72681c0-a222-4b21-a0e2-53a5a5ca3d411} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{42c7c39f-3128-4a17-bdb7-91c46032b5b9} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d74e9dd-8987-448b-b2cb-67fff2b8a932} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b72681c0-a222-4b21-a0e2-53a5a5ca3d41} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{cac89ff9-34a9-4431-8cfe-292a47f843bc} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{eb4a577d-bcad-4b1c-8af2-9a74b8dd3431} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf6-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{d45817b8-3ead-4d1d-8fca-ec63a8e35de2} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{42c7c39f-3128-4a17-bdb7-91c46032b5b9} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{1d74e9dd-8987-448b-b2cb-67fff2b8a932} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{b72681c0-a222-4b21-a0e2-53a5a5ca3d41} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{cac89ff9-34a9-4431-8cfe-292a47f843bc} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{eb4a577d-bcad-4b1c-8af2-9a74b8dd3431} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{d45817b8-3ead-4d1d-8fca-ec63a8e35de2} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\fcn (Rogue.Residue) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{00a6faf6-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions\{8141440e-08f0-4339-9959-5c31c6a69f23} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions\{e63605fc-d583-4c81-867f-9457bdb3ea1b} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions\{e889f097-b0be-471b-89ad-b86b6f04b506} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\forceclassiccontrolpanel (Hijack.ControlPanelStyle) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\ScreenSaver (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\ScreenSaver\Images (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\2.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\3.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\4.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\5.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\6.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\7.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Files Infected:
C:\Documents and Settings\Tania Wood\Local Settings\Application Data\wazjltd_navps.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\Tania Wood\Local Settings\Application Data\wazjltd_nav.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\Tania Wood\Local Settings\Application Data\wazjltd.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
D:\My Documents\downloads\WebfettiSetup2.3.69.8.ZKman000.exe (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\Popular Screensavers.scr (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\MWSOESTB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\3.bin\F3HKSTUB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\4.bin\F3HKSTUB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\5.bin\MWSOEMON.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\5.bin\MWSOESTB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\6.bin\MWSOEMON.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\6.bin\MWSSVC.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Re: trojan.win32.buzus.eglu11th August 2010, 12:01 am

Hello.

Download combofix from here
Link 1
Link 2

1. If you are using Firefox, make sure that your download settings are as follows:

* Tools->Options->Main tab
* Set to "Always ask me where to Save the files".

2. During the download, rename Combofix to Combo-Fix as follows:

3. It is important you rename Combofix during the download, but not after.
4. Please do not rename Combofix to other names, but only to the one indicated.
5. Close any open browsers.
6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
We need to disable your local AV (Anti-virus) before running Combofix.
See HERE for how to disable your AV.
Double click on ComboFix.exe.
Follow the prompts. NOTE:
ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.
The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.
Allow ComboFix to download the Recovery Console.
Accept the End-User License Agreement.
The Recovery Console will be installed.
You will then get this next prompt that asks if you want to continue the malware scan, select yes
Allow combofix to run
Post C:\combofix.txt back here.

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

Re: trojan.win32.buzus.eglu19th August 2010, 5:10 pm

Hi
Sorry this reply took so long but i was away without internet access.
I have run the combofix but on the first run as the report was being created the computer locked up and i was unable to do anything except shut the computer down and restart then re run combofix, will this affect the log file as the following log file is from the rerun.

Thanks

ComboFix 10-08-18.02 - Tania Wood 19/08/2010 16:45:35.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.2039.1177 [GMT 1:00]
Running from: c:\documents and settings\Tania Wood\Desktop\Combo-Fix.exe
AV: F-Secure Internet Security 2008 OEM 8.00 *On-access scanning disabled* (Updated) {E7512ED5-4245-4B4D-AF3A-382D3F313F15}
AV: Norton Internet Security *On-access scanning disabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: F-Secure Internet Security 2008 OEM 8.00 *disabled* {D4747503-0346-49EB-9262-997542F79BF4}
FW: Norton Internet Security *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\documents and settings\Tania Wood\Local Settings\Application Data\tcesetup.exe
c:\documents and settings\Tania Wood\Local Settings\Application Data\wazjltd.0xe
c:\documents and settings\Tania Wood\System
c:\documents and settings\Tania Wood\System\win_qs8.jqx
c:\program files\iWin Games\iWinGamesHookIE.dll
c:\windows\Installer\$PatchCache$\Managed\6ACA9EFE6506DC043852E0B02EBC26B2\8.1.0\html.ini2
c:\windows\system32\images
c:\windows\system32\images\toolbar\calendar.gif
c:\windows\system32\images\toolbar\crlogo.gif
c:\windows\system32\images\toolbar\export.gif
c:\windows\system32\images\toolbar\export_over.gif
c:\windows\system32\images\toolbar\exportd.gif
c:\windows\system32\images\toolbar\First.gif
c:\windows\system32\images\toolbar\first_over.gif
c:\windows\system32\images\toolbar\Firstd.gif
c:\windows\system32\images\toolbar\gotopage.gif
c:\windows\system32\images\toolbar\gotopage_over.gif
c:\windows\system32\images\toolbar\gotopaged.gif
c:\windows\system32\images\toolbar\grouptree.gif
c:\windows\system32\images\toolbar\grouptree_over.gif
c:\windows\system32\images\toolbar\grouptreed.gif
c:\windows\system32\images\toolbar\grouptreepressed.gif
c:\windows\system32\images\toolbar\Last.gif
c:\windows\system32\images\toolbar\last_over.gif
c:\windows\system32\images\toolbar\Lastd.gif
c:\windows\system32\images\toolbar\Next.gif
c:\windows\system32\images\toolbar\next_over.gif
c:\windows\system32\images\toolbar\Nextd.gif
c:\windows\system32\images\toolbar\Prev.gif
c:\windows\system32\images\toolbar\prev_over.gif
c:\windows\system32\images\toolbar\Prevd.gif
c:\windows\system32\images\toolbar\print.gif
c:\windows\system32\images\toolbar\print_over.gif
c:\windows\system32\images\toolbar\printd.gif
c:\windows\system32\images\toolbar\Refresh.gif
c:\windows\system32\images\toolbar\refresh_over.gif
c:\windows\system32\images\toolbar\refreshd.gif
c:\windows\system32\images\toolbar\Search.gif
c:\windows\system32\images\toolbar\search_over.gif
c:\windows\system32\images\toolbar\searchd.gif
c:\windows\system32\images\toolbar\up.gif
c:\windows\system32\images\toolbar\up_over.gif
c:\windows\system32\images\toolbar\upd.gif
c:\windows\system32\images\tree\begindots.gif
c:\windows\system32\images\tree\beginminus.gif
c:\windows\system32\images\tree\beginplus.gif
c:\windows\system32\images\tree\blank.gif
c:\windows\system32\images\tree\blankdots.gif
c:\windows\system32\images\tree\dots.gif
c:\windows\system32\images\tree\lastdots.gif
c:\windows\system32\images\tree\lastminus.gif
c:\windows\system32\images\tree\lastplus.gif
c:\windows\system32\images\tree\Magnify.gif
c:\windows\system32\images\tree\minus.gif
c:\windows\system32\images\tree\minusbox.gif
c:\windows\system32\images\tree\plus.gif
c:\windows\system32\images\tree\plusbox.gif
c:\windows\system32\images\tree\singleminus.gif
c:\windows\system32\images\tree\singleplus.gif

.
((((((((((((((((((((((((( Files Created from 2010-07-19 to 2010-08-19 )))))))))))))))))))))))))))))))
.

2010-08-16 12:59 . 2010-08-16 12:59 -------- d-----w- c:\documents and settings\Tania Wood\Application Data\Birdstep Technology
2010-08-16 12:58 . 2010-01-28 12:35 10240 ----a-w- c:\windows\system32\drivers\mdvrmng.sys
2010-08-16 12:58 . 2010-08-16 12:58 -------- d-----w- c:\program files\3 Mobile Broadband
2010-08-12 16:35 . 2004-03-09 16:36 69632 ----a-w- c:\windows\system32\xmltok.dll
2010-08-12 16:35 . 2004-03-09 16:36 36864 ----a-w- c:\windows\system32\xmlparse.dll
2010-08-12 16:35 . 2004-03-09 16:36 26096 ----a-w- c:\windows\system32\xmlinst.exe
2010-08-12 16:35 . 2004-03-09 16:36 24576 ----a-w- c:\windows\system32\msxml3a.dll
2010-08-12 16:35 . 2010-08-12 16:35 -------- d-----w- c:\program files\Ubisoft
2010-08-09 12:21 . 2010-08-09 12:21 503808 ----a-w- c:\documents and settings\Tania Wood\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-1dbe9b9f-n\msvcp71.dll
2010-08-09 12:21 . 2010-08-09 12:21 499712 ----a-w- c:\documents and settings\Tania Wood\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-1dbe9b9f-n\jmc.dll
2010-08-09 12:21 . 2010-08-09 12:21 348160 ----a-w- c:\documents and settings\Tania Wood\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-1dbe9b9f-n\msvcr71.dll
2010-08-09 12:21 . 2010-08-09 12:21 61440 ----a-w- c:\documents and settings\Tania Wood\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-5e2e1a75-n\decora-sse.dll
2010-08-09 12:21 . 2010-08-09 12:21 12800 ----a-w- c:\documents and settings\Tania Wood\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-5e2e1a75-n\decora-d3d.dll
2010-08-08 18:38 . 2010-08-08 18:38 -------- d-----w- c:\documents and settings\Tania Wood\Application Data\Malwarebytes
2010-08-08 18:38 . 2010-04-29 14:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-08 18:38 . 2010-08-08 18:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-08-08 18:38 . 2010-04-29 14:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-08 18:38 . 2010-08-08 19:19 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-04 02:29 . 2010-08-04 02:29 -------- d-----w- C:\_OTL
2010-08-02 14:27 . 2010-08-02 14:27 -------- d-----w- c:\documents and settings\LocalService\Application Data\Birdstep Technology
2010-08-02 14:27 . 2010-01-19 11:49 105088 ----a-w- c:\windows\system32\drivers\ZTEusbser6k.sys
2010-08-02 14:27 . 2010-01-19 11:49 105088 ----a-w- c:\windows\system32\drivers\ZTEusbnmea.sys
2010-08-02 14:27 . 2010-01-19 11:49 9216 ----a-w- c:\windows\system32\drivers\massfilter.sys
2010-08-02 14:27 . 2010-01-19 11:49 105088 ----a-w- c:\windows\system32\drivers\ZTEusbmdm6k.sys
2010-08-02 14:26 . 2010-08-02 14:27 -------- d-----w- c:\program files\ZTE_1.2059.0.8
2010-07-20 18:16 . 2010-07-20 18:16 237568 ---ha-w- C:\SZKGFS.dat
2010-07-20 18:11 . 2010-07-20 18:11 -------- d-----w- c:\documents and settings\All Users\Application Data\SITEguard
2010-07-20 18:10 . 2010-07-20 18:10 -------- d-----w- c:\program files\Common Files\iS3
2010-07-20 18:10 . 2010-08-16 13:01 -------- d-----w- c:\documents and settings\All Users\Application Data\STOPzilla!

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-19 15:10 . 2009-07-18 18:27 -------- d-----w- c:\program files\iWin Games
2010-08-19 12:39 . 2009-07-04 15:57 -------- d-----w- c:\program files\BitComet
2010-08-16 12:59 . 2009-07-25 08:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Birdstep Technology
2010-08-16 12:58 . 2007-05-30 10:33 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-08-12 13:10 . 2009-12-14 02:57 -------- d-----w- c:\documents and settings\Tania Wood\Application Data\Skype
2010-08-12 09:54 . 2009-12-14 03:00 -------- d-----w- c:\documents and settings\Tania Wood\Application Data\skypePM
2010-08-11 02:12 . 2007-05-31 16:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-07-20 18:58 . 2009-02-15 01:44 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-07-20 18:54 . 2008-12-29 18:44 -------- d-----w- c:\documents and settings\All Users\Application Data\RetroExp
2010-07-19 23:22 . 2009-12-28 23:21 -------- d-----w- c:\documents and settings\Tania Wood\Application Data\vlc
2010-06-30 12:31 . 2007-05-30 08:13 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-24 12:22 . 2007-05-30 08:13 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-24 11:51 . 2010-06-24 11:51 -------- d-----w- c:\program files\Common Files\Skype
2010-06-24 11:51 . 2009-12-14 02:56 -------- d-----r- c:\program files\Skype
2010-06-24 11:40 . 2009-12-25 00:49 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-06-24 11:39 . 2010-06-24 11:51 53632 ----a-w- c:\documents and settings\Tania Wood\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-06-23 13:44 . 2007-05-30 08:13 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-21 15:27 . 2007-05-30 08:13 354304 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-17 14:03 . 2007-05-30 08:13 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-14 14:31 . 2007-05-30 09:21 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-14 07:41 . 2007-05-30 08:13 1172480 ----a-w- c:\windows\system32\msxml3.dll
2010-06-12 16:29 . 2010-06-12 16:29 50354 ----a-w- c:\documents and settings\Tania Wood\Application Data\Facebook\uninstall.exe
2010-06-09 10:45 . 2010-06-09 10:45 5591040 ----a-w- c:\documents and settings\Tania Wood\Application Data\Facebook\npfbplugin_1_0_3.dll
2010-05-25 14:27 . 2009-05-29 23:08 42 ----a-w- c:\documents and settings\Tania Wood\jagex_runescape_preferences.dat
2010-05-25 14:20 . 2010-05-25 14:08 81 ----a-w- c:\documents and settings\Tania Wood\jagex_runescape_preferences2.dat
2010-05-25 14:08 . 2010-05-25 14:08 0 ----a-w- c:\documents and settings\Tania Wood\jagex__preferences3.dat
2010-05-25 14:03 . 2010-05-25 14:03 503808 ----a-w- c:\documents and settings\Tania Wood\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-31308b56-n\msvcp71.dll
2010-05-25 14:03 . 2010-05-25 14:03 499712 ----a-w- c:\documents and settings\Tania Wood\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-31308b56-n\jmc.dll
2010-05-25 14:03 . 2010-05-25 14:03 348160 ----a-w- c:\documents and settings\Tania Wood\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-31308b56-n\msvcr71.dll
2010-05-25 14:03 . 2010-05-25 14:03 61440 ----a-w- c:\documents and settings\Tania Wood\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-7381fef5-n\decora-sse.dll
2010-05-25 14:03 . 2010-05-25 14:03 12800 ----a-w- c:\documents and settings\Tania Wood\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-7381fef5-n\decora-d3d.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}"= "c:\program files\myBabylon_English\tbmyB1.dll" [2010-05-15 2515552]

[HKEY_CLASSES_ROOT\clsid\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]
2010-05-15 13:11 2515552 ----a-w- c:\program files\myBabylon_English\tbmyB1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}"= "c:\program files\myBabylon_English\tbmyB1.dll" [2010-05-15 2515552]

[HKEY_CLASSES_ROOT\clsid\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{B2E293EE-FD7E-4C71-A714-5F4750D8D7B7}"= "c:\program files\myBabylon_English\tbmyB1.dll" [2010-05-15 2515552]

[HKEY_CLASSES_ROOT\clsid\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2005-04-11 65536]
"Google Update"="c:\documents and settings\Tania Wood\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-03-15 135664]
"BitComet"="d:\program files\BitComet\BitComet.exe" [2008-10-10 2497336]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-02-12 174872]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-04-09 138008]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-04-09 162584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-04-09 138008]
"RTHDCPL"="RTHDCPL.EXE" [2007-03-13 16125440]
"00THotkey"="c:\windows\system32\00THotkey.exe" [2006-08-07 253952]
"000StTHK"="000StTHK.exe" [2001-06-23 24576]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2004-03-24 196608]
"DpUtil"="c:\program files\TOSHIBA\DualPointUtility\TEDTray.exe" [2005-08-05 155648]
"TouchED"="c:\program files\TOSHIBA\TouchED\TouchED.exe" [2005-08-31 102400]
"TFNF5"="TFNF5.exe" [2006-04-11 622592]
"SmoothView"="c:\program files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2007-05-11 143360]
"TPSODDCtl"="TPSODDCtl.exe" [2007-04-18 102400]
"TPSMain"="TPSMain.exe" [2007-04-18 299008]
"TOSDCR"="TOSDCR.EXE" [2005-12-12 57344]
"TosHKCW.exe"="c:\program files\TOSHIBA\Wireless Hotkey\TosHKCW.exe" [2005-05-17 49152]
"DDWMon"="c:\program files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe" [2007-04-26 495616]
"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImage\TrueImageMonitor.exe" [2007-11-07 1165120]
"AcronisTimounterMonitor"="c:\program files\Acronis\TrueImage\TimounterMonitor.exe" [2007-11-07 1945688]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2007-11-07 148760]
"WD Button Manager"="WDBtnMgr.exe" [2008-12-29 339968]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-12 141600]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]

c:\documents and settings\Tania Wood\Start Menu\Programs\Startup\
BBC iPlayer Desktop.lnk - c:\program files\BBC iPlayer Desktop\BBC iPlayer Desktop.exe [2009-12-25 95232]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2007-4-24 2756608]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2006-05-05 16:48 40448 ----a-w- c:\windows\system32\psqlpwd.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\TosBtNP]
2006-07-22 02:54 65536 ----a-w- c:\windows\system32\TosBtNP.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli psqlpwd

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\BitComet\\BitComet.exe"=
"c:\\Program Files\\iWin Games\\iWinGames.exe"=
"c:\\Program Files\\iWin Games\\WebUpdater.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Kontiki\\KService.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\3 Mobile Broadband\\3Connect\\Wilog.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"50000:TCP"= 50000:TCP:BitComet 50000 TCP
"50000:UDP"= 50000:UDP:BitComet 50000 UDP
"7375:TCP"= 7375:TCP:BitComet 7375 TCP
"7375:UDP"= 7375:UDP:BitComet 7375 UDP

R0 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [07/12/2007 13:48 51072]
R0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\drivers\thpdrv.sys [22/03/2007 13:07 20992]
R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\drivers\Thpevm.sys [09/03/2007 15:23 6528]
R1 F-Secure HIPS;F-Secure HIPS;c:\program files\F-Secure Internet Security\HIPS\fshs.sys [07/12/2007 13:47 41184]
R1 TMEI3E;TMEI3E;c:\windows\system32\drivers\TMEI3E.sys [30/05/2007 16:23 5888]
R2 BecHelperService;BecHelperService;c:\program files\3 Mobile Broadband\3Connect\BecHelperService.exe [16/08/2010 13:58 1737464]
R2 FdRedir;FdRedir;c:\program files\Common Files\Protector Suite QL\Drivers\FdRedir.sys [05/05/2006 18:00 13568]
R2 FileDisk2;FileDisk Protector Kernel Driver;c:\program files\Common Files\Protector Suite QL\Drivers\filedisk.sys [05/05/2006 17:59 33024]
R2 iWinTrusted;iWinTrusted;c:\program files\iWin Games\iWinTrusted.exe [02/09/2009 18:30 78104]
R2 smihlp;SMI helper driver;c:\program files\Protector Suite QL\smihlp.sys [05/05/2006 17:33 3456]
R2 tdudf;TOSHIBA UDF File System Driver;c:\windows\system32\drivers\tdudf.sys [26/03/2007 12:22 105856]
R2 Tmesrv;Tmesrv3;c:\program files\TOSHIBA\TME3\TMESRV31.exe [30/05/2007 16:23 114688]
R2 trudf;TOSHIBA DVD-RAM UDF File System Driver;c:\windows\system32\drivers\trudf.sys [19/02/2007 12:15 134016]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\F-Secure Internet Security\Anti-Virus\minifilter\fsgk.sys [07/12/2007 13:47 77824]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [31/05/2007 16:10 35968]
R3 TEchoCan;Toshiba Audio Effect;c:\windows\system32\drivers\TEchoCan.sys [30/05/2007 16:26 435072]
S0 nielprt;Nielsen Patch Service;c:\windows\system32\DRIVERS\nielprt.sys --> c:\windows\system32\DRIVERS\nielprt.sys [?]
S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [02/08/2010 15:27 9216]
S3 NielGfx;Nielsen USB GFX;c:\windows\system32\drivers\nielgfx.sys --> c:\windows\system32\drivers\nielgfx.sys [?]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [15/02/2009 02:43 356920]
S4 F-Secure Filter;F-Secure File System Filter;c:\program files\F-Secure Internet Security\Anti-Virus\win2k\fsfilter.sys [07/12/2007 13:47 40048]
S4 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files\F-Secure Internet Security\Anti-Virus\win2k\fsrec.sys [07/12/2007 13:47 25456]
.
Contents of the 'Scheduled Tasks' folder

2010-07-29 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2010-08-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3605395860-2466649076-873052810-1008Core.job
- c:\documents and settings\Tania Wood\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-03-15 18:46]

2010-08-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3605395860-2466649076-873052810-1008UA.job
- c:\documents and settings\Tania Wood\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-03-15 18:46]

2010-03-16 c:\windows\Tasks\Install_NSS.job
- c:\windows\system32\Macromed\Shockwave 10\nssstub.exe [2010-03-16 12:12]

2007-12-07 c:\windows\Tasks\Registration reminder 1.job
- c:\windows\system32\OOBE\oobebaln.exe [2007-05-30 00:12]

2007-12-07 c:\windows\Tasks\Registration reminder 2.job
- c:\windows\system32\OOBE\oobebaln.exe [2007-05-30 00:12]

2007-12-07 c:\windows\Tasks\Registration reminder 3.job
- c:\windows\system32\OOBE\oobebaln.exe [2007-05-30 00:12]

2010-08-19 c:\windows\Tasks\SDMsgUpdate (TE).job
- c:\progra~1\SMARTD~1\Messages\SDNotify.exe [2009-05-04 06:29]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
uInternet Settings,ProxyOverride = *.local
IE: &D&ownload &with BitComet - d:\program files\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - d:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - d:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\Tania Wood\Start Menu\Programs\IMVU\Run IMVU.lnk
FF - ProfilePath - c:\documents and settings\Tania Wood\Application Data\Mozilla\Firefox\Profiles\os6m0tqw.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch
FF - prefs.js: browser.search.selectedEngine - Search the web (Babylon)
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - component: c:\documents and settings\Tania Wood\Application Data\Mozilla\Firefox\Profiles\os6m0tqw.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\Tania Wood\Application Data\Mozilla\Firefox\Profiles\os6m0tqw.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCore.dll
FF - component: c:\program files\Contextual Content Manager\1.7.0.3990\FF\components\CCMFFAddOn.dll
FF - component: c:\program files\Textual Content Enhancer\2.7.0.4370\FF\components\TCEFFAddOn.dll
FF - plugin: c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
FF - plugin: c:\documents and settings\Tania Wood\Application Data\Facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\documents and settings\Tania Wood\Local Settings\Application Data\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\documents and settings\Tania Wood\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\Entriq\MediaSphere\3.8.2.9\npEntriqMediaMozillaPlugin.dll
FF - plugin: c:\program files\Entriq\MediaSphere\3.8.2.9\npEntriqVersionCheckMozillaPlugin.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

Notify-TPSvc - TPSvc.dll

**************************************************************************
scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(704)
c:\windows\system32\psqlpwd.dll
c:\program files\Protector Suite QL\infra.dll
c:\program files\Protector Suite QL\homefus2.dll
c:\windows\system32\biologon.dll
c:\program files\Protector Suite QL\homepass.dll
c:\program files\Protector Suite QL\bio.dll
c:\program files\Protector Suite QL\remote.dll
c:\program files\Protector Suite QL\crypto.dll
c:\program files\Protector Suite QL\biokmd.dll
c:\program files\F-Secure Internet Security\FWES\Program\fsdc.dll

- - - - - - - > 'lsass.exe'(760)
c:\windows\system32\relog_ap.dll
c:\windows\system32\psqlpwd.dll
c:\program files\Protector Suite QL\infra.dll
c:\program files\Protector Suite QL\homefus2.dll
c:\program files\F-Secure Internet Security\FWES\Program\fsdc.dll

- - - - - - - > 'csrss.exe'(680)
c:\program files\F-Secure Internet Security\FWES\Program\fsdc.dll
.
Completion time: 2010-08-19 16:54:41
ComboFix-quarantined-files.txt 2010-08-19 15:54

Pre-Run: 7,945,195,520 bytes free
Post-Run: 7,903,784,960 bytes free

- - End Of File - - 91DC66A704AB966DCF5ED9C04EC56116

Re: trojan.win32.buzus.eglu20th August 2010, 3:37 am

Hi.

Please go to Kaspersky website and perform an online antivirus scan.

Read through the requirements and privacy statement and click on Accept button.
It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
When the downloads have finished, click on Settings.
Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:

Click on My Computer under Scan.

Once the scan is complete, it will display the results. Click on View Scan Report.

You will see a list of infected items there. Click on Save Report As....

Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.

Please post this log in your next reply.

............................................................................................
I'm livin' life in the fast lane.

Re: trojan.win32.buzus.eglu20th August 2010, 11:57 pm

Hi
Thank you very much for helping with this i have noticed that my computer is slowly getting back to normal Smile...

here is the log you requested after the Kaspersky scan.

Tazzy

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Saturday, August 21, 2010
Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Friday, August 20, 2010 07:29:41
Records in database: 4131583
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
H:\

Scan statistics:
Objects scanned: 174839
Threats found: 9
Infected objects found: 10
Suspicious objects found: 0
Scan duration: 04:33:45

File name / Threat / Threats count
C:\Documents and Settings\Tania Wood\Local Settings\Application Data\GamiePlay Toolbar\3.7.1.8090\bin\mvbup.0xe Infected: Trojan.Win32.Buzus.eglz 1
C:\Program Files\Daily Internet Enhancer\1.7.0.2500\PixelLogExe.0xe Infected: Trojan.Win32.Buzus.ehpo 1
C:\Program Files\GamiePlay Toolbar\3.7.1.8090\mvbapp.0xe Infected: Trojan.Win32.Buzus.eglt 1
C:\Program Files\GamiePlay Toolbar\3.7.1.8090\mvbasst.0xe Infected: Trojan.Win32.Buzus.eglu 1
C:\Program Files\GamiePlay Toolbar\3.7.1.8090\mvbdl.0xe Infected: Trojan.Win32.Buzus.egmh 1
C:\Program Files\GamiePlay Toolbar\3.7.1.8090\mvbsvc.0xe Infected: Trojan.Win32.Buzus.egmb 1
C:\Qoobox\Quarantine\C\Documents and Settings\Tania Wood\Local Settings\Application Data\wazjltd.0xe.0ir Infected: Trojan.Win32.Hrup.aah 1
D:\downloaded software MS\Windows XP Home SP2 [OEM Edition].ISO Infected: Trojan.Win32.Agent.eoyq 1
D:\My Documents\Downloads\GamiePlay_installer (1).0xe Infected: Trojan.Win32.Buzus.ehpb 1
D:\My Documents\Downloads\GamiePlay_installer.0xe Infected: Trojan.Win32.Buzus.ehpb 1

Selected area has been scanned.

Re: trojan.win32.buzus.eglu21st August 2010, 3:28 am

Hi.

Please run OTL.exe.

Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

Code:
:Files C:\Documents and Settings\Tania Wood\Local Settings\Application Data\GamiePlay Toolbar C:\Program Files\Daily Internet Enhancer C:\Program Files\GamiePlay Toolbar D:\downloaded software MS\Windows XP Home SP2 [OEM Edition].ISO D:\My Documents\Downloads\GamiePlay_installer (1).0xe D:\My Documents\Downloads\GamiePlay_installer.0xe :commands [emptytemp] [emptyflash] [resethosts] [reboot]
Return to OTL.exe, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.
Click the red Run Fix button.
A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
Close OTL.exe

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

............................................................................................
I'm livin' life in the fast lane.

Re: trojan.win32.buzus.eglu21st August 2010, 11:11 am

Hi

Here is the requested log file

Tazzy

All processes killed
========== FILES ==========
C:\Documents and Settings\Tania Wood\Local Settings\Application Data\GamiePlay Toolbar\3.7.1.8090\Skins folder moved successfully.
C:\Documents and Settings\Tania Wood\Local Settings\Application Data\GamiePlay Toolbar\3.7.1.8090\Icons folder moved successfully.
C:\Documents and Settings\Tania Wood\Local Settings\Application Data\GamiePlay Toolbar\3.7.1.8090\Data folder moved successfully.
C:\Documents and Settings\Tania Wood\Local Settings\Application Data\GamiePlay Toolbar\3.7.1.8090\Cache folder moved successfully.
C:\Documents and Settings\Tania Wood\Local Settings\Application Data\GamiePlay Toolbar\3.7.1.8090\bin folder moved successfully.
C:\Documents and Settings\Tania Wood\Local Settings\Application Data\GamiePlay Toolbar\3.7.1.8090 folder moved successfully.
C:\Documents and Settings\Tania Wood\Local Settings\Application Data\GamiePlay Toolbar folder moved successfully.
C:\Program Files\Daily Internet Enhancer\1.7.0.2500\data folder moved successfully.
C:\Program Files\Daily Internet Enhancer\1.7.0.2500 folder moved successfully.
C:\Program Files\Daily Internet Enhancer folder moved successfully.
C:\Program Files\GamiePlay Toolbar\3.7.1.8090\Skins folder moved successfully.
C:\Program Files\GamiePlay Toolbar\3.7.1.8090\Icons folder moved successfully.
C:\Program Files\GamiePlay Toolbar\3.7.1.8090\FFToolbar\searchplugins folder moved successfully.
C:\Program Files\GamiePlay Toolbar\3.7.1.8090\FFToolbar\components folder moved successfully.
C:\Program Files\GamiePlay Toolbar\3.7.1.8090\FFToolbar\chrome\locale\en-US folder moved successfully.
C:\Program Files\GamiePlay Toolbar\3.7.1.8090\FFToolbar\chrome\locale folder moved successfully.
C:\Program Files\GamiePlay Toolbar\3.7.1.8090\FFToolbar\chrome folder moved successfully.
C:\Program Files\GamiePlay Toolbar\3.7.1.8090\FFToolbar folder moved successfully.
C:\Program Files\GamiePlay Toolbar\3.7.1.8090\Data folder moved successfully.
C:\Program Files\GamiePlay Toolbar\3.7.1.8090\Cache folder moved successfully.
C:\Program Files\GamiePlay Toolbar\3.7.1.8090 folder moved successfully.
C:\Program Files\GamiePlay Toolbar folder moved successfully.
D:\downloaded software MS\Windows XP Home SP2 [OEM Edition].ISO moved successfully.
D:\My Documents\Downloads\GamiePlay_installer (1).0xe moved successfully.
D:\My Documents\Downloads\GamiePlay_installer.0xe moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->FireFox cache emptied: 3390384 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 172170 bytes
->FireFox cache emptied: 3390384 bytes
->Flash cache emptied: 56504 bytes

User: LocalService
->Temp folder emptied: 65748 bytes
->Temporary Internet Files folder emptied: 593164 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 614483 bytes

User: Tania Wood
->Temp folder emptied: 250970611 bytes
->Temporary Internet Files folder emptied: 96606251 bytes
->Java cache emptied: 128094 bytes
->FireFox cache emptied: 30969267 bytes
->Google Chrome cache emptied: 228615616 bytes
->Flash cache emptied: 71641 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 234410 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 163066 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 1467 bytes

Total Files Cleaned = 588.00 mb

[EMPTYFLASH]

User: Administrator

User: All Users

User: Default User
->Flash cache emptied: 0 bytes

User: LocalService

User: NetworkService

User: Tania Wood
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.9.1 log created on 08212010_115818

Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\Tania Wood\Local Settings\Temp\~DFAA04.tmp not found!
File\Folder C:\Documents and Settings\Tania Wood\Local Settings\Temp\~DFAA29.tmp not found!
File\Folder C:\Documents and Settings\Tania Wood\Local Settings\Temp\~DFAA92.tmp not found!
File\Folder C:\Documents and Settings\Tania Wood\Local Settings\Temp\~DFAAB7.tmp not found!
File\Folder C:\Documents and Settings\Tania Wood\Local Settings\Temp\~DFAB0C.tmp not found!
File\Folder C:\Documents and Settings\Tania Wood\Local Settings\Temp\~DFAB31.tmp not found!
C:\Documents and Settings\Tania Wood\Local Settings\Temporary Internet Files\Content.IE5\IKR12EV9\trojanwin32buzuseglu-t23076[2].htm moved successfully.
C:\Documents and Settings\Tania Wood\Local Settings\Temporary Internet Files\Content.IE5\G994O1OK\bottomcontent_inworld[1].htm moved successfully.
C:\Documents and Settings\Tania Wood\Local Settings\Temporary Internet Files\Content.IE5\G994O1OK\snowdrifft[1].htm moved successfully.
C:\Documents and Settings\Tania Wood\Local Settings\Temporary Internet Files\Content.IE5\G994O1OK\xd_proxy[2].htm moved successfully.

Registry entries deleted on Reboot...

Re: trojan.win32.buzus.eglu21st August 2010, 5:44 pm

Hi.

How is your computer running?

............................................................................................
I'm livin' life in the fast lane.

Re: trojan.win32.buzus.eglu26th August 2010, 12:42 am

Hi

sorry missed page 2 my bad Sad tearing

yes everything seems to be running A ok now appart from google chrome which is got alot of glitches now but im going to uninstall it and download a new one once i have saved bookmarks

Thank you so much for all your help i was drowning in stuff maleware etc

thanks to you all

Tazzy

Re: trojan.win32.buzus.eglu26th August 2010, 4:59 am

Hi.

Your computer is now clean. Now, time to remove the tools used, and update your computer to prevent vulnerability.

Updating System Restore
Now to get you off to a good start we will clean your restore points so that all the bad stuff is gone for good. Then if you need to restore at some stage you will be clean. There are several ways to reset your restore points, but this is my method:

Select Start > All Programs > Accessories > System tools > System Restore.
On the dialogue box that appears select Create a Restore Point
Click NEXT
Enter a name e.g. Clean
Click CREATE.

You now have a clean restore point.

To get rid of the bad ones:

Select Start > All Programs > Accessories > System tools > Disk Cleanup.
In the Drop down box that appears select your main drive e.g. C
Click OK
The System will do a calculation of temporary/old files, and then display a dialogue box.
Select the More Options Tab.
At the bottom will be a System Restore box with a CLEANUP button click this
Accept the Warning and select OK again, the program will close and you are done.

========

Removing the tools
Now, to remove all of the tools we used and the files and folders they created, please do the following:

Download OTC.exe by OldTimer:

Save it to your Desktop.
Double click OTC.exe.
Click the CleanUp! button.
If you are prompted to Reboot during the cleanup, select Yes.
The tool will delete itself once it finishes.
Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.

============

Service Pack upgrade
Please consider upgrading to Windows XP SP3, because it includes all previously released updates. It also includes a small number of new functionalities. Some of the updates that Service Pack 3 provides, you may not have. It is now available via Windows Update.

More info about SP3: Here

=====

Update Programs
Please download the newest version of Adobe Acrobat Reader from Adobe.com

Before installing: it is important to remove older versions of Acrobat Reader since it does not do so automatically and old versions still leave you vulnerable.
Go to the Control Panel and enter Add or Remove Programs.
Search in the list for all previous installed versions of Adobe Acrobat Reader. Uninstall/Remove each of them.

Once old versions are gone, please install the newest version.

Please download the newest version of Java from Java.com.

Before installing: it is important to remove older versions of Java since it does not do so automatically and old versions still leave you vulnerable.
Go to the Control Panel and enter Add or Remove Programs.
Search in the list for all previous installed versions of Java (J2SE Runtime Environment). Please uninstall/remove each of them.

Once old versions are gone, please install the newest version.

=========

Here are some prevention tips I have provided:

1. Don't download files from untrusted websites or websites that seem suspious.

2. Don't use torrents they are a good way to get lots of malware.

3. Don't download and use cracks/warez/keygens they are illegal and are another good way to contract malware.

4. Disable autorun XP or Vista/7

5. Always make sure you have the latest Windows updates. windowsupdate.microsoft.com

6. Don't ever click on the links inside of a popup.

7. Make sure you know what you install you can make sure it is not know for being a virus by just simply searching about it on google.

8. Use a Site Advisor so you don't go to sites that will infect you. Mcafee Siteadvisor

9. Also there are many holes and flaws in Internet Explorer I recommend using Firefox 3 to keep you more safe.

10. Always keep your Java and Adobe updated.

11. Don't fall for the Scareware. What is Scareware? it is a website made to download a rogue Antivirus on your system that will scare you into buying their fake software due to false detections.

12. Always have a Firewall and a Antivirus.

Thanks for choosing GeekPolice, see this page if you would like to leave feedback or contribute to our site. Do you have any more questions?

For more information please visit Here

............................................................................................
I'm livin' life in the fast lane.

Re: trojan.win32.buzus.eglu6th September 2010, 10:40 pm

hi there

i wonder if you can still help me. i recently had over 50 infected files on my computer, they were maleware and viruses and Trojons etc

I Had this help on here to clean them and for a few days the computer seemed to be ok but now it has started playing up again and not the same issues.

I have a lot of applications crashing and hanging half way through or not even starting sometimes also when i try using task manager to end task it wont kill the process.
If i want to shutdown with a process still running it wont let me shut down. I have to turn off the computer manually by the button. (which i know is not good)

When i look at the processes that are running sometimes there are 2 of the same process running and i have only opened 1 process - which leads me to the assumption that may have a virus/maleware hiding in the system.

i also have started today to get a pop up telling me there is a trojon in qoobox ?

Can you help please thanks Tazzy

Re: trojan.win32.buzus.eglu10th September 2010, 2:06 am

Hi,

Lets start over.

Please download OTL to your Desktop. (If you already have it downloaded, then just follow the instructions below).

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
Under the Custom Scan box paste this in

%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\system32\*.exe /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.sys
%systemroot%\system32\drivers\*.dll
%systemroot%\system32\drivers\*.ini
%systemroot%\system32\drivers\*.exe
%SYSTEMDRIVE%\*.*
%PROGRAMFILES%\*.
%appdata%\*.*
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
disk.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys
symmpi.sys
adp3132.sys
mv61xx.sys
usbstor.sys
/md5stop
CREATERESTOREPOINT
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
- When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
- Please copy (Edit->Select All, Edit->Copy) and paste (Edit->Paste) the contents of these files, one at a time

Note: in the event that OTL fails to run, please use alternate download links to try again:

http://oldtimer.geekstogo.com/OTL.com
http://oldtimer.geekstogo.com/OTL.scr

............................................................................................
I'm livin' life in the fast lane.

Re: trojan.win32.buzus.eglu10th September 2010, 4:00 am

Hi
As i read through these log files i notice it said network under stress but it is early hours of the morning here and nothing was running unless in the back ground ie processes that cant be shut down as per this error. so i will shut down the whole computer and re run this again. the sirst 2 log files are without rebooting system just as i use it after a whole day. the last 2 will be immediatly on restart of computer.

Re: trojan.win32.buzus.eglu10th September 2010, 4:02 am

OTL logfile created on: 10/09/2010 04:29:42 - Run 1 ...........part 1 as was too big
OTL by OldTimer - Version 3.2.11.0 Folder = D:\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 62.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 79.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 40.65 Gb Total Space | 11.50 Gb Free Space | 28.30% Space Free | Partition Type: NTFS
Drive D: | 65.87 Gb Total Space | 6.97 Gb Free Space | 10.59% Space Free | Partition Type: NTFS
Drive E: | 581.42 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
Drive G: | 3.73 Gb Total Space | 3.63 Gb Free Space | 97.46% Space Free | Partition Type: FAT32
Drive H: | 970.13 Mb Total Space | 393.44 Mb Free Space | 40.56% Space Free | Partition Type: FAT
I: Drive not present or media not loaded

Computer Name: TANIA-82363
Current User Name: Tania Wood
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/09/10 04:24:35 | 000,574,976 | ---- | M] (OldTimer Tools) -- D:\My Documents\Downloads\OTL.exe
PRC - [2010/08/31 11:40:43 | 000,975,928 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Tania Wood\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2009/09/02 18:30:28 | 000,078,104 | ---- | M] (iWin Inc.) -- C:\Program Files\iWin Games\iWinTrusted.exe
PRC - [2009/08/18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
PRC - [2009/08/18 11:29:22 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
PRC - [2009/06/29 09:02:55 | 000,551,424 | ---- | M] (F-Secure Corp.) -- C:\Program Files\F-Secure Internet Security\Anti-Virus\fssm32.exe
PRC - [2009/06/29 09:02:55 | 000,434,176 | ---- | M] (F-Secure Corp.) -- C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32.exe
PRC - [2008/12/29 19:47:06 | 000,339,968 | ---- | M] (Western Digital Technologies, Inc.) -- C:\WINDOWS\system32\WDBtnMgr.exe
PRC - [2008/10/20 22:18:26 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe
PRC - [2008/04/14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/04/09 12:39:08 | 003,068,352 | ---- | M] () -- C:\Program Files\Kontiki\KService.exe
PRC - [2007/11/07 19:26:44 | 001,945,688 | ---- | M] (Acronis) -- C:\Program Files\Acronis\TrueImage\TimounterMonitor.exe
PRC - [2007/11/07 19:18:28 | 000,148,760 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
PRC - [2007/11/07 19:18:22 | 000,406,808 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
PRC - [2007/11/07 19:14:04 | 001,165,120 | ---- | M] (Acronis) -- C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe
PRC - [2007/08/24 11:24:00 | 000,174,960 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure Internet Security\FSAUA\program\fsus.exe
PRC - [2007/05/25 14:13:52 | 000,596,848 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure Internet Security\FSPC\fspc.exe
PRC - [2007/05/25 14:13:04 | 000,232,360 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure Internet Security\Common\FSMB32.EXE
PRC - [2007/05/25 14:12:54 | 000,113,576 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE
PRC - [2007/05/25 14:12:38 | 000,125,864 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure Internet Security\Common\FCH32.EXE
PRC - [2007/05/25 14:12:36 | 000,392,048 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure Internet Security\Common\FAMEH32.EXE
PRC - [2007/05/25 14:10:08 | 000,453,488 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure Internet Security\FWES\program\fsdfwd.exe
PRC - [2007/05/25 14:08:28 | 000,043,952 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure Internet Security\Anti-Virus\fsqh.exe
PRC - [2007/05/25 14:08:20 | 000,048,072 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
PRC - [2007/05/25 14:07:58 | 000,319,856 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure Internet Security\Anti-Virus\fsav32.exe
PRC - [2007/05/25 14:07:06 | 000,457,584 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure Internet Security\FSAUA\program\fsaua.exe
PRC - [2007/05/24 13:41:10 | 000,188,936 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure Internet Security\Anti-Virus\fsav.exe
PRC - [2007/05/11 10:06:50 | 000,143,360 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
PRC - [2007/04/26 11:49:34 | 000,495,616 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\DDWMon.exe
PRC - [2007/04/18 13:34:40 | 000,299,008 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TPSMain.exe
PRC - [2007/04/18 13:34:26 | 000,040,960 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TPSBattM.exe
PRC - [2007/04/09 23:01:02 | 000,166,680 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxext.exe
PRC - [2007/04/02 10:34:36 | 000,562,744 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\ThpSrv.exe
PRC - [2007/02/25 21:55:18 | 000,125,048 | ---- | M] (TOSHIBA CORPORATION) -- c:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosBtSrv.exe
PRC - [2007/02/16 20:40:50 | 000,069,632 | ---- | M] (OLYMPUS IMAGING CORP.) -- C:\Program Files\Olympus\DeviceDetector\DM1Service.exe
PRC - [2007/02/12 13:38:04 | 000,355,096 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2007/02/12 13:37:58 | 000,174,872 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2006/10/05 20:10:12 | 000,009,216 | ---- | M] (Agere Systems) -- C:\WINDOWS\system32\agrsmsvc.exe
PRC - [2006/09/11 18:32:12 | 000,094,208 | ---- | M] (EMC Corporation) -- C:\Program Files\Retrospect\Retrospect Express HD 2.0\retrorun.exe
PRC - [2006/08/07 12:58:10 | 000,253,952 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\00THotkey.exe
PRC - [2006/05/25 18:30:16 | 000,114,688 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TODDSrv.exe
PRC - [2006/04/11 02:14:52 | 000,622,592 | ---- | M] (TOSHIBA Corp.) -- C:\WINDOWS\system32\TFNF5.exe
PRC - [2006/03/06 16:30:58 | 000,114,688 | ---- | M] (TOSHIBA) -- C:\Program Files\TOSHIBA\TME3\TMESRV31.exe
PRC - [2006/03/06 16:30:04 | 000,065,536 | ---- | M] (TOSHIBA) -- C:\Program Files\TOSHIBA\TME3\TMEEJME.exe
PRC - [2005/08/31 14:46:04 | 000,102,400 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TouchED\TouchED.exe
PRC - [2005/08/05 15:54:58 | 000,155,648 | ---- | M] (TOSHIBA) -- C:\Program Files\TOSHIBA\DualPointUtility\TEDTray.exe
PRC - [2005/05/17 11:42:02 | 000,049,152 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe
PRC - [2005/04/11 11:26:06 | 000,065,536 | ---- | M] (TOSHIBA) -- C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
PRC - [2005/01/18 00:38:38 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

========== Modules (SafeList) ==========

MOD - [2010/09/10 04:24:35 | 000,574,976 | ---- | M] (OldTimer Tools) -- D:\My Documents\Downloads\OTL.exe
MOD - [1999/12/07 21:00:00 | 000,106,547 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Texthelp Systems\Read And Write 8\msscript.ocx

========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (gusvc)
SRV - [2010/03/18 16:47:22 | 000,035,160 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe -- (aspnet_state)
SRV - [2010/03/18 13:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/18 13:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2009/09/02 18:30:28 | 000,078,104 | ---- | M] (iWin Inc.) [Auto | Running] -- C:\Program Files\iWin Games\iWinTrusted.exe -- (iWinTrusted)
SRV - [2009/08/18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2008/10/20 22:18:26 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU)
SRV - [2008/10/09 14:47:42 | 001,079,176 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService)
SRV - [2008/06/13 17:29:14 | 000,356,920 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService)
SRV - [2008/04/09 12:39:08 | 003,068,352 | ---- | M] () [Auto | Running] -- C:\Program Files\Kontiki\KService.exe -- (KService)
SRV - [2007/11/07 19:18:22 | 000,406,808 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2007/11/07 09:58:18 | 003,004,416 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x86\msvsmon.exe -- (msvsmon90)
SRV - [2007/05/31 17:30:53 | 001,174,664 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2007/05/25 14:12:54 | 000,113,576 | ---- | M] (F-Secure Corporation) [Auto | Running] -- C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE -- (FSMA)
SRV - [2007/05/25 14:10:08 | 000,453,488 | ---- | M] (F-Secure Corporation) [On_Demand | Running] -- C:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe -- (FSDFWD)
SRV - [2007/05/25 14:08:20 | 000,048,072 | ---- | M] (F-Secure Corporation) [Auto | Running] -- C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe -- (F-Secure Gatekeeper Handler Starter)
SRV - [2007/05/25 14:07:06 | 000,457,584 | ---- | M] (F-Secure Corporation) [On_Demand | Running] -- C:\Program Files\F-Secure Internet Security\FSAUA\program\fsaua.exe -- (FSAUA)
SRV - [2007/04/02 10:34:36 | 000,562,744 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\WINDOWS\system32\ThpSrv.exe -- (Thpsrv)
SRV - [2007/02/25 21:55:18 | 000,125,048 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- c:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
SRV - [2007/02/16 20:40:50 | 000,069,632 | ---- | M] (OLYMPUS IMAGING CORP.) [Auto | Running] -- C:\Program Files\Olympus\DeviceDetector\DM1Service.exe -- (DM1Service)
SRV - [2007/02/12 13:38:04 | 000,355,096 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2007/02/10 06:29:56 | 000,089,968 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2006/10/05 20:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\WINDOWS\system32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2006/09/11 18:32:12 | 000,094,208 | ---- | M] (EMC Corporation) [Auto | Running] -- C:\Program Files\Retrospect\Retrospect Express HD 2.0\retrorun.exe -- (RetroExpLauncher)
SRV - [2006/05/25 18:30:16 | 000,114,688 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\WINDOWS\system32\TODDSrv.exe -- (TODDSrv)
SRV - [2006/03/06 16:30:58 | 000,114,688 | ---- | M] (TOSHIBA) [Auto | Running] -- C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe -- (Tmesrv)
SRV - [2005/01/18 00:38:38 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (CFSvcs)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\usbaapl.sys -- (USBAAPL)
DRV - File not found [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\DRIVERS\nielprt.sys -- (nielprt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\nielgfx.sys -- (NielGfx)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2010/05/31 19:58:35 | 006,608,512 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw5x32.sys -- (NETw5x32) Intel(R)
DRV - [2010/03/26 00:59:22 | 000,243,928 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e1e5132.sys -- (e1express) Intel(R)
DRV - [2010/01/19 12:49:50 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - [2010/01/19 12:49:50 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - [2010/01/19 12:49:50 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - [2010/01/19 12:49:50 | 000,009,216 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\massfilter.sys -- (massfilter)
DRV - [2009/12/18 10:58:52 | 000,011,336 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\SystemRequirementsLab\cpudrv.sys -- (cpudrv)
DRV - [2009/06/29 09:02:56 | 000,077,824 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\F-Secure Internet Security\Anti-Virus\minifilter\fsgk.sys -- (F-Secure Gatekeeper)
DRV - [2008/11/22 15:15:24 | 000,051,072 | ---- | M] (F-Secure Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\fsdfw.sys -- (FSFW)
DRV - [2008/11/22 15:15:16 | 000,041,184 | ---- | M] () [Kernel | System | Running] -- C:\Program Files\F-Secure Internet Security\HIPS\fshs.sys -- (F-Secure HIPS)
DRV - [2008/08/25 13:36:30 | 000,081,288 | ---- | M] (PCTools Research Pty Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\iksyssec.sys -- (IKSysSec)
DRV - [2008/08/25 13:36:28 | 000,066,952 | ---- | M] (PCTools Research Pty Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\iksysflt.sys -- (IKSysFlt)
DRV - [2008/08/25 13:36:28 | 000,040,840 | ---- | M] (PCTools Research Pty Ltd.) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ikfilesec.sys -- (IKFileSec)
DRV - [2008/04/13 19:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/13 17:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007/12/07 14:39:21 | 000,400,864 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\timntr.sys -- (timounter)
DRV - [2007/12/07 14:39:21 | 000,040,064 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\tifsfilt.sys -- (tifsfilter)
DRV - [2007/12/07 14:39:18 | 000,120,992 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\snapman.sys -- (snapman)
DRV - [2007/08/08 11:12:40 | 000,101,120 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2007/05/25 14:09:16 | 000,025,456 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Program Files\F-Secure Internet Security\Anti-Virus\win2k\fsrec.sys -- (F-Secure Recognizer)
DRV - [2007/05/25 14:09:10 | 000,040,048 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Program Files\F-Secure Internet Security\Anti-Virus\win2k\fsfilter.sys -- (F-Secure Filter)
DRV - [2007/04/05 07:19:20 | 000,546,112 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ar5211.sys -- (AR5211)
DRV - [2007/03/30 22:34:14 | 005,704,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)
DRV - [2007/03/30 17:19:08 | 000,041,856 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfusb.sys -- (tosrfusb)
DRV - [2007/03/26 12:22:18 | 000,105,856 | ---- | M] (TOSHIBA Corporation) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\tdudf.sys -- (tdudf)
DRV - [2007/03/22 13:07:00 | 000,020,992 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\thpdrv.sys -- (Thpdrv)
DRV - [2007/03/13 03:32:40 | 004,486,144 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007/03/09 15:23:18 | 000,006,528 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Thpevm.SYS -- (Thpevm)
DRV - [2007/03/01 16:53:12 | 000,073,728 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Tosrfhid.sys -- (Tosrfhid)
DRV - [2007/02/25 14:05:24 | 002,203,520 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NETw4x32.sys -- (NETw4x32) Intel(R)
DRV - [2007/02/22 19:56:24 | 000,113,920 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfbd.sys -- (tosrfbd)
DRV - [2007/02/22 15:10:30 | 000,016,128 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV - [2007/02/21 18:20:36 | 000,435,072 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\TEchoCan.sys -- (TEchoCan)
DRV - [2007/02/19 12:15:32 | 000,134,016 | ---- | M] (TOSHIBA Corporation) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\trudf.sys -- (trudf)
DRV - [2007/02/15 16:44:06 | 000,016,768 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\TVALZ.SYS -- (TVALZ)
DRV - [2007/02/12 13:36:54 | 000,277,784 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\iaStor.sys -- (iaStor)
DRV - [2007/01/24 22:44:06 | 000,290,304 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21)
DRV - [2007/01/22 10:43:26 | 000,053,376 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TosRfSnd.sys -- (TosRfSnd)
DRV - [2006/11/28 23:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006/11/20 17:55:16 | 000,036,480 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfbnp.sys -- (tosrfbnp)
DRV - [2006/10/23 16:32:20 | 000,009,216 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosrfec.sys -- (tosrfec)
DRV - [2006/10/10 19:33:00 | 000,041,600 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosporte.sys -- (tosporte)
DRV - [2006/05/05 18:00:02 | 000,013,568 | ---- | M] (UPEK Inc.) [File_System | Auto | Running] -- C:\Program Files\Common Files\Protector Suite QL\Drivers\FdRedir.sys -- (FdRedir)
DRV - [2006/05/05 17:59:52 | 000,033,024 | ---- | M] (UPEK Inc.) [Kernel | Auto | Running] -- C:\Program Files\Common Files\Protector Suite QL\Drivers\filedisk.sys -- (FileDisk2)
DRV - [2006/05/05 17:43:38 | 000,028,800 | ---- | M] (UPEK Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tcusb.sys -- (TcUsb)
DRV - [2006/05/05 17:33:04 | 000,003,456 | ---- | M] (UPEK Inc.) [Kernel | Auto | Running] -- C:\Program Files\Protector Suite QL\smihlp.sys -- (smihlp)
DRV - [2005/08/01 16:45:00 | 000,064,896 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tosrfcom.sys -- (Tosrfcom)
DRV - [2005/06/10 21:26:00 | 000,035,968 | ---- | M] (Infineon Technologies AG) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ifxtpm.sys -- (IFXTPM)
DRV - [2005/01/06 13:42:00 | 000,018,612 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfnds.sys -- (tosrfnds)
DRV - [2004/06/16 11:08:48 | 000,005,888 | ---- | M] (Toshiba Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TMEI3E.sys -- (TMEI3E)
DRV - [2004/05/09 04:38:06 | 000,101,833 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2003/07/16 15:27:40 | 000,043,264 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ser2pl.sys -- (Ser2pl)
DRV - [2003/01/29 22:35:00 | 000,012,032 | ---- | M] (TOSHIBA Corporation.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\Netdevio.sys -- (Netdevio)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,FirstHomePage = http://www.google.co.uk/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.defaulturl: "http://search.babylon.com/web/{searchTerms}?babsrc=browsersearch"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.selectedEngine: "Search the web (Babylon)"
FF - prefs.js..browser.startup.homepage: "http://www.google.co.uk/"
FF - prefs.js..extensions.enabledItems: {AA1ACB70-B5F1-4037-909E-1F725B04D2A8}:1.7.0.3990
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {5909FC3D-7F8B-415d-A5D1-7C7E941E536E}:2.7.0.4370
FF - prefs.js..extensions.enabledItems: {7b13ec3e-999a-4b70-b9cb-2617b8323822}:2.5.6.0

FF - HKLM\software\mozilla\Firefox\extensions\\{AA1ACB70-B5F1-4037-909E-1F725B04D2A8}: C:\Program Files\Contextual Content Manager\1.7.0.3990\FF [2010/06/04 13:25:42 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{5909FC3D-7F8B-415d-A5D1-7C7E941E536E}: C:\Program Files\Textual Content Enhancer\2.7.0.4370\FF [2010/06/04 13:26:00 | 000,000,000 | ---D | M]

[2010/02/21 06:36:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tania Wood\Application Data\Mozilla\Extensions
[2010/02/21 06:36:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tania Wood\Application Data\Mozilla\Extensions\IMVUClientXUL@imvu.com
[2010/09/06 03:02:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tania Wood\Application Data\Mozilla\Firefox\Profiles\os6m0tqw.default\extensions
[2009/09/03 15:34:42 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Tania Wood\Application Data\Mozilla\Firefox\Profiles\os6m0tqw.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/02/08 18:21:43 | 000,000,000 | ---D | M] (Zynga Toolbar) -- C:\Documents and Settings\Tania Wood\Application Data\Mozilla\Firefox\Profiles\os6m0tqw.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
[2009/09/29 12:28:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tania Wood\Application Data\Mozilla\Firefox\Profiles\os6m0tqw.default\extensions\foxmarks@kei.com
[2009/09/29 12:28:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tania Wood\Application Data\Mozilla\Firefox\Profiles\os6m0tqw.default\extensions\isreaditlater@ideashower.com
[2009/09/29 12:28:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tania Wood\Application Data\Mozilla\Firefox\Profiles\os6m0tqw.default\extensions\smarterwiki@wikiatic.com
[2010/09/05 03:07:54 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/05/25 14:58:40 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2008/11/11 08:38:54 | 000,663,552 | ---- | M] (BitComet) -- C:\Program Files\Mozilla Firefox\plugins\npBitCometAgent.dll
[2010/04/12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2006/09/26 13:03:14 | 000,098,304 | ---- | M] (Zylom) -- C:\Program Files\Mozilla Firefox\plugins\npzylomgamesplayer.dll

O1 HOSTS File: ([2010/09/06 03:43:53 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (txthlpBHO Class) - {060235DC-6D84-47BD-95D7-A4EF5099A59D} - C:\Program Files\Texthelp Systems\Read And Write 8\texthelpbho.dll ()
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O4 - HKLM..\Run: [000StTHK] C:\WINDOWS\System32\000StTHK.exe ()
O4 - HKLM..\Run: [00THotkey] C:\WINDOWS\system32\00THotkey.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImage\TimounterMonitor.exe (Acronis)
O4 - HKLM..\Run: [DDWMon] C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe ()
O4 - HKLM..\Run: [DpUtil] C:\Program Files\TOSHIBA\DualPointUtility\TEDTray.exe (TOSHIBA)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TFNF5] C:\WINDOWS\System32\TFNF5.exe (TOSHIBA Corp.)
O4 - HKLM..\Run: [TOSDCR] C:\WINDOWS\System32\TOSDCR.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TosHKCW.exe] C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TPSMain] C:\WINDOWS\System32\TPSMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TPSODDCtl] C:\WINDOWS\System32\TPSODDCtl.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe (Acronis)
O4 - HKLM..\Run: [WD Button Manager] C:\WINDOWS\System32\WDBtnMgr.exe (Western Digital Technologies, Inc.)
O4 - HKCU..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll (F-Secure Corporation)
O9 - Extra 'Tools' menuitem : Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll (F-Secure Corporation)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Tania Wood\Start Menu\Programs\IMVU\Run IMVU.lnk File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} https://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1192731469078 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1192731515546 (MUWebControl Class)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.microsoft.com/officeupdate/content/opuc4.cab (Office Update Installation Engine)
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://d1ylr6sba64qi3.cloudfront.net/global/bin/srldetect_intel_4.1.66.0.cab (SysInfo Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\x-sdch {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - Reg Error: Key error. File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\psfus: DllName - psqlpwd.dll - C:\WINDOWS\System32\psqlpwd.dll (UPEK Inc.)
O20 - Winlogon\Notify\TosBtNP: DllName - TosBtNP.dll - C:\WINDOWS\System32\TosBtNP.dll (TOSHIBA CORPORATION)
O24 - Desktop WallPaper: C:\Documents and Settings\Tania Wood\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Tania Wood\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (relog_ap) - C:\WINDOWS\System32\relog_ap.dll (Acronis)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/05/30 10:22:24 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2004/03/10 01:34:10 | 000,022,528 | R--- | M] () - E:\AutoRunLauncher.exe -- [ CDFS ]
O32 - AutoRun File - [2004/03/10 01:34:10 | 000,000,051 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 2

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sdauxservice - C:\Program Files\Spyware Doctor\pctsAuxs.exe (PC Tools)
SafeBootMin: sdcoreservice - C:\Program Files\Spyware Doctor\pctsSvc.exe (PC Tools)
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sdauxservice - C:\Program Files\Spyware Doctor\pctsAuxs.exe (PC Tools)
SafeBootNet: sdcoreservice - C:\Program Files\Spyware Doctor\pctsSvc.exe (PC Tools)
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {ECD292A0-0347-4244-8C24-5DBCE990FB40} - Hotfix for Microsoft .NET Framework 3.0 (KB932471)
ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
ActiveX: Microsoft Base Smart Card Crypto Provider Package -

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codecx.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.siren - C:\WINDOWS\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.tscc - C:\WINDOWS\System32\tsccvid.dll (TechSmith Corporation)
Drivers32: vidc.VP60 - C:\WINDOWS\system32\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\WINDOWS\system32\vp6vfw.dll (On2.com)

Last edited by Tazzy on 10th September 2010, 4:05 am; edited 1 time in total

Re: trojan.win32.buzus.eglu10th September 2010, 4:04 am

OTL logfile created on: 10/09/2010 04:29:42 - Run 1 .......Part 2 as was too big

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (17183584330711040)

========== Files/Folders - Created Within 30 Days ==========

[2010/09/07 00:43:31 | 000,000,000 | ---D | C] -- C:\Program Files\Phoenix Viewer
[2010/09/07 00:21:39 | 000,567,680 | ---- | C] (Google Inc.) -- C:\Documents and Settings\Tania Wood\Desktop\ChromeSetup.exe
[2010/09/06 23:59:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\WindowsPowerShell
[2010/09/06 23:59:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\winrm
[2010/09/06 23:59:27 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$968930Uinstall_KB968930$
[2010/09/06 23:59:06 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010/09/06 22:05:20 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Tania Wood\Recent
[2010/09/06 03:31:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2010/09/05 22:04:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SecTaskMan
[2010/09/05 22:04:30 | 000,000,000 | ---D | C] -- C:\Program Files\Security Task Manager
[2010/09/05 21:39:06 | 000,000,000 | ---D | C] -- C:\Program Files\Eusing Free Registry Cleaner
[2010/09/05 17:52:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tania Wood\Application Data\Uniblue
[2010/09/05 04:35:38 | 000,000,000 | ---D | C] -- C:\d2bf15400392b349be9432
[2010/09/05 04:25:27 | 048,643,144 | ---- | C] ( ) -- C:\Documents and Settings\Tania Wood\Desktop\AppFix.exe
[2010/09/05 03:57:14 | 003,427,248 | ---- | C] (Piriform Ltd) -- C:\Documents and Settings\Tania Wood\Desktop\ccsetup235.exe
[2010/09/05 03:17:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tania Wood\Local Settings\Application Data\SecondLife
[2010/09/05 02:31:31 | 049,718,955 | ---- | C] (PhoenixViewer.com ) -- C:\Documents and Settings\Tania Wood\Desktop\Phoenix_Viewer_1.5.0.1.exe
[2010/08/19 19:31:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2010/08/19 18:50:43 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/08/19 16:44:05 | 000,000,000 | ---D | C] -- C:\Combo-Fix
[2010/08/19 16:02:30 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/08/19 15:53:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/08/19 15:27:22 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2010/08/16 14:06:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tania Wood\Desktop\basic
[2010/08/12 17:35:37 | 000,026,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xmlinst.exe
[2010/08/12 17:35:37 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msxml3a.dll
[2010/08/12 17:35:34 | 000,000,000 | ---D | C] -- C:\Program Files\Ubisoft
[1996/11/18 22:15:46 | 000,018,944 | ---- | C] ( ) -- C:\WINDOWS\System32\implode.dll
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/09/10 01:41:38 | 000,002,342 | ---- | M] () -- C:\error.htm
[2010/09/10 01:32:23 | 000,000,230 | ---- | M] () -- C:\infect.htm
[2010/09/10 01:00:55 | 000,000,526 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled scanning task.job
[2010/09/10 00:27:00 | 000,000,944 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3605395860-2466649076-873052810-1008Core.job
[2010/09/09 23:34:59 | 000,195,441 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\wave at verandas.jpg
[2010/09/09 23:34:55 | 000,181,145 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\at verandas.jpg
[2010/09/09 23:34:48 | 000,208,459 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\team at trapp.jpg
[2010/09/09 23:34:46 | 000,141,051 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\jump.jpg
[2010/09/09 20:17:40 | 000,150,424 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\beach.JPG
[2010/09/09 13:09:22 | 000,016,304 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\cherry comp.JPG
[2010/09/09 05:34:30 | 000,108,265 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\cherry loves us all.jpg
[2010/09/09 05:24:47 | 000,396,147 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\741360_YRzDMezWHAzqmBIaqLQ22.png
[2010/09/09 05:24:36 | 000,376,467 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\741360_V5JsoA1CaH2C3BpcWS602.png
[2010/09/09 05:24:25 | 000,376,467 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\741360_V5JsoA1CaH2C3BpcWS601.png
[2010/09/09 05:24:05 | 000,114,401 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\great team.jpg
[2010/09/09 05:23:49 | 000,396,147 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\741360_YRzDMezWHAzqmBIaqLQ21.png
[2010/09/09 05:22:26 | 000,376,467 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\741360_V5JsoA1CaH2C3BpcWS60.png
[2010/09/09 05:22:04 | 000,396,147 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\741360_YRzDMezWHAzqmBIaqLQ2.png
[2010/09/09 05:22:02 | 000,099,645 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\the wall.jpg
[2010/09/09 05:20:25 | 000,774,881 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\mary's 2.PNG
[2010/09/09 05:17:33 | 000,095,097 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\come ave a piccy.JPG
[2010/09/09 05:16:40 | 000,179,631 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\Group Hug 1.jpg
[2010/09/09 05:16:05 | 000,248,340 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\Group Hug 2.jpg
[2010/09/09 05:12:38 | 000,171,720 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\Count Down1.jpg
[2010/09/09 05:11:35 | 000,151,179 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\woot love ya.JPG
[2010/09/09 05:09:26 | 000,235,398 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\Count Down 2.jpg
[2010/09/09 05:07:46 | 000,639,718 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\ahhhhh 3.png
[2010/09/09 05:07:41 | 000,171,720 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\Count Down.jpg
[2010/09/09 05:06:13 | 000,110,093 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\last ones standing.JPG
[2010/09/08 20:26:56 | 000,174,149 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\tree.JPG
[2010/09/08 20:26:41 | 000,198,562 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\fireworks.JPG
[2010/09/08 20:26:25 | 000,174,195 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\hill.JPG
[2010/09/08 04:25:29 | 000,002,515 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Office Word 2007.lnk
[2010/09/08 03:27:00 | 000,000,996 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3605395860-2466649076-873052810-1008UA.job
[2010/09/07 22:36:57 | 000,085,064 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/09/07 21:57:41 | 000,125,640 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\swan.JPG
[2010/09/07 21:56:30 | 000,140,030 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\fairy 2.JPG
[2010/09/07 21:54:01 | 000,139,431 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\landscape.JPG
[2010/09/07 21:52:57 | 000,139,783 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\fairy.JPG
[2010/09/07 21:52:41 | 000,135,536 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\lady2.JPG
[2010/09/07 21:52:26 | 000,139,929 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\lady.JPG
[2010/09/07 00:45:12 | 000,000,833 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Phoenix Viewer.lnk
[2010/09/07 00:42:39 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2010/09/07 00:22:34 | 000,002,323 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\Google Chrome.lnk
[2010/09/07 00:22:34 | 000,002,301 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/09/07 00:21:47 | 000,567,680 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Tania Wood\Desktop\ChromeSetup.exe
[2010/09/07 00:18:15 | 000,000,474 | ---- | M] () -- C:\WINDOWS\tasks\SDMsgUpdate (TE).job
[2010/09/07 00:18:14 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/09/07 00:16:02 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/09/07 00:16:01 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/09/07 00:14:38 | 012,058,624 | -H-- | M] () -- C:\Documents and Settings\Tania Wood\NTUSER.DAT
[2010/09/07 00:14:38 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Tania Wood\ntuser.ini
[2010/09/07 00:10:42 | 000,625,550 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/09/07 00:10:42 | 000,533,818 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/09/07 00:10:42 | 000,099,586 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/09/07 00:00:04 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/09/06 22:55:31 | 000,332,280 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/09/06 22:07:02 | 000,004,868 | ---- | M] () -- D:\My Documents\cc_20100906_220659.reg
[2010/09/06 20:34:11 | 140,309,118 | ---- | M] () -- D:\My Documents\regbackup.reg
[2010/09/06 06:26:36 | 000,122,532 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\JENEDY~1.JPG
[2010/09/06 06:25:32 | 000,011,803 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\41RT83VEX2L__SL500_AA300_.jpg
[2010/09/06 03:59:54 | 000,030,226 | ---- | M] () -- D:\My Documents\cc_20100906_035949.reg
[2010/09/06 03:43:53 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2010/09/06 03:37:02 | 000,511,968 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\sdsetup.exe
[2010/09/05 21:44:04 | 142,646,658 | ---- | M] () -- D:\My Documents\EFRbackup.reg
[2010/09/05 21:39:08 | 000,000,740 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\Eusing Free Registry Cleaner.lnk
[2010/09/05 21:38:57 | 000,963,827 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\EFRCSetup.exe
[2010/09/05 17:47:57 | 000,001,352 | ---- | M] () -- D:\My Documents\cc_20100905_174753.reg
[2010/09/05 10:36:50 | 000,000,745 | ---- | M] () -- D:\My Documents\xp_exe_fix.zip
[2010/09/05 04:29:38 | 048,643,144 | ---- | M] ( ) -- C:\Documents and Settings\Tania Wood\Desktop\AppFix.exe
[2010/09/05 04:00:14 | 000,050,426 | ---- | M] () -- D:\My Documents\cc_20100905_040004.reg
[2010/09/05 03:59:32 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\CCleaner.lnk
[2010/09/05 03:57:21 | 003,427,248 | ---- | M] (Piriform Ltd) -- C:\Documents and Settings\Tania Wood\Desktop\ccsetup235.exe
[2010/09/05 03:14:14 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/09/05 02:31:40 | 049,718,955 | ---- | M] (PhoenixViewer.com ) -- C:\Documents and Settings\Tania Wood\Desktop\Phoenix_Viewer_1.5.0.1.exe
[2010/09/05 02:29:24 | 000,700,144 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\Second_Life_Setup.exe
[2010/09/03 04:03:06 | 000,173,835 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\painting to try.JPG
[2010/09/03 04:02:49 | 000,156,056 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\chery.JPG
[2010/09/03 03:48:51 | 000,160,887 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\wicked.JPG
[2010/09/03 03:46:40 | 000,149,804 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\rosestem.JPG
[2010/09/03 03:36:25 | 000,158,863 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\flower.JPG
[2010/09/03 03:31:18 | 000,139,443 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\purple storm.JPG
[2010/09/03 03:26:18 | 000,146,335 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\snakes eyes.JPG
[2010/09/03 03:25:47 | 000,152,181 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\cards.JPG
[2010/09/03 03:24:03 | 000,138,825 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\vicks rose mwhahahah.JPG
[2010/09/02 06:54:18 | 000,142,799 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\cove.JPG
[2010/09/02 06:53:46 | 000,162,927 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\blue rose.JPG
[2010/09/01 19:45:51 | 000,146,913 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\phoenix.jpg
[2010/09/01 15:51:56 | 000,025,808 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\invisible1.JPG
[2010/08/28 19:14:07 | 000,156,575 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\wow.JPG
[2010/08/27 22:19:51 | 000,016,649 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\droplet-on-a-rose.jpg
[2010/08/27 06:44:58 | 000,188,091 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\painting.JPG
[2010/08/27 06:37:49 | 000,157,842 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\hoofy.JPG
[2010/08/26 06:16:40 | 000,112,869 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\rose.JPG
[2010/08/25 20:18:45 | 000,146,069 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\orange sun.JPG
[2010/08/25 07:53:42 | 000,164,363 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\towers.JPG
[2010/08/25 02:08:54 | 000,182,647 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\lighthouse.JPG
[2010/08/25 02:08:04 | 000,175,308 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\ocean.JPG
[2010/08/24 17:10:59 | 000,149,811 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\eeeeeeeeeeeeee.JPG
[2010/08/23 19:25:13 | 000,078,868 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\bboik.html
[2010/08/23 15:06:46 | 000,177,606 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\rollingsea.JPG
[2010/08/23 15:04:55 | 000,151,841 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\sundown.JPG
[2010/08/23 14:49:35 | 000,168,380 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\romance.JPG
[2010/08/23 14:48:34 | 000,152,632 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\apples.JPG
[2010/08/23 14:25:51 | 000,152,149 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\mystical lights.JPG
[2010/08/23 14:19:14 | 000,147,404 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\footprints.JPG
[2010/08/23 06:34:38 | 000,153,601 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\tez.JPG
[2010/08/23 06:30:40 | 000,192,308 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\untitled.JPG
[2010/08/19 19:19:43 | 000,000,774 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/08/19 19:19:43 | 000,000,296 | RHS- | M] () -- C:\boot.ini
[2010/08/19 19:19:43 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/08/19 18:57:00 | 044,089,904 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\avira_antivir_personal_en.exe
[2010/08/19 15:19:57 | 000,000,226 | ---- | M] () -- C:\Boot.bak
[2010/08/19 12:46:30 | 000,000,897 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\Open F-Secure Internet Security 2008 OEM.lnk
[2010/08/12 17:45:01 | 000,001,804 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\Ubisoft Product Registration.lnk
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/09/10 00:59:41 | 000,002,342 | ---- | C] () -- C:\error.htm
[2010/09/10 00:59:41 | 000,000,230 | ---- | C] () -- C:\infect.htm
[2010/09/09 23:34:50 | 000,195,441 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\wave at verandas.jpg
[2010/09/09 23:34:47 | 000,181,145 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\at verandas.jpg
[2010/09/09 23:34:44 | 000,208,459 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\team at trapp.jpg
[2010/09/09 23:34:34 | 000,141,051 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\jump.jpg
[2010/09/09 20:17:40 | 000,150,424 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\beach.JPG
[2010/09/09 13:09:22 | 000,016,304 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\cherry comp.JPG
[2010/09/09 05:34:30 | 000,108,265 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\cherry loves us all.jpg
[2010/09/09 05:24:35 | 000,396,147 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\741360_YRzDMezWHAzqmBIaqLQ22.png
[2010/09/09 05:24:24 | 000,376,467 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\741360_V5JsoA1CaH2C3BpcWS602.png
[2010/09/09 05:24:15 | 000,376,467 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\741360_V5JsoA1CaH2C3BpcWS601.png
[2010/09/09 05:24:04 | 000,114,401 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\great team.jpg
[2010/09/09 05:23:34 | 000,396,147 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\741360_YRzDMezWHAzqmBIaqLQ21.png
[2010/09/09 05:22:06 | 000,376,467 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\741360_V5JsoA1CaH2C3BpcWS60.png
[2010/09/09 05:21:58 | 000,099,645 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\the wall.jpg
[2010/09/09 05:21:49 | 000,396,147 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\741360_YRzDMezWHAzqmBIaqLQ2.png
[2010/09/09 05:17:33 | 000,095,097 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\come ave a piccy.JPG
[2010/09/09 05:15:36 | 000,179,631 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\Group Hug 1.jpg
[2010/09/09 05:14:45 | 000,774,881 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\mary's 2.PNG
[2010/09/09 05:13:15 | 000,248,340 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\Group Hug 2.jpg
[2010/09/09 05:12:33 | 000,171,720 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\Count Down1.jpg
[2010/09/09 05:11:28 | 000,151,179 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\woot love ya.JPG
[2010/09/09 05:09:17 | 000,235,398 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\Count Down 2.jpg
[2010/09/09 05:07:37 | 000,171,720 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\Count Down.jpg
[2010/09/09 05:07:28 | 000,639,718 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\ahhhhh 3.png
[2010/09/09 05:06:13 | 000,110,093 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\last ones standing.JPG
[2010/09/08 20:26:56 | 000,174,149 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\tree.JPG
[2010/09/08 20:26:41 | 000,198,562 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\fireworks.JPG
[2010/09/08 20:26:25 | 000,174,195 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\hill.JPG
[2010/09/07 21:57:41 | 000,125,640 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\swan.JPG
[2010/09/07 21:56:30 | 000,140,030 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\fairy 2.JPG
[2010/09/07 21:54:01 | 000,139,431 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\landscape.JPG
[2010/09/07 21:52:57 | 000,139,783 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\fairy.JPG
[2010/09/07 21:52:41 | 000,135,536 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\lady2.JPG
[2010/09/07 21:52:26 | 000,139,929 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\lady.JPG
[2010/09/07 00:45:12 | 000,000,833 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Phoenix Viewer.lnk
[2010/09/07 00:22:34 | 000,002,323 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\Google Chrome.lnk
[2010/09/07 00:22:34 | 000,002,301 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/09/07 00:22:01 | 000,000,996 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3605395860-2466649076-873052810-1008UA.job
[2010/09/07 00:22:01 | 000,000,944 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3605395860-2466649076-873052810-1008Core.job
[2010/09/06 23:58:41 | 000,001,355 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2010/09/06 22:07:00 | 000,004,868 | ---- | C] () -- D:\My Documents\cc_20100906_220659.reg
[2010/09/06 20:33:50 | 140,309,118 | ---- | C] () -- D:\My Documents\regbackup.reg
[2010/09/06 06:26:44 | 000,122,532 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\JENEDY~1.JPG
[2010/09/06 06:25:46 | 000,011,803 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\41RT83VEX2L__SL500_AA300_.jpg
[2010/09/06 03:59:52 | 000,030,226 | ---- | C] () -- D:\My Documents\cc_20100906_035949.reg
[2010/09/06 03:31:07 | 000,511,968 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\sdsetup.exe
[2010/09/05 21:43:48 | 142,646,658 | ---- | C] () -- D:\My Documents\EFRbackup.reg
[2010/09/05 21:39:08 | 000,000,740 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\Eusing Free Registry Cleaner.lnk
[2010/09/05 21:33:36 | 000,963,827 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\EFRCSetup.exe
[2010/09/05 18:34:42 | 000,001,904 | ---- | C] () -- C:\WINDOWS\System32\SetupBD.din
[2010/09/05 17:47:55 | 000,001,352 | ---- | C] () -- D:\My Documents\cc_20100905_174753.reg
[2010/09/05 10:36:47 | 000,000,745 | ---- | C] () -- D:\My Documents\xp_exe_fix.zip
[2010/09/05 04:00:08 | 000,050,426 | ---- | C] () -- D:\My Documents\cc_20100905_040004.reg
[2010/09/05 02:29:16 | 000,700,144 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\Second_Life_Setup.exe
[2010/09/03 04:03:06 | 000,173,835 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\painting to try.JPG
[2010/09/03 04:02:49 | 000,156,056 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\chery.JPG
[2010/09/03 03:48:51 | 000,160,887 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\wicked.JPG
[2010/09/03 03:46:40 | 000,149,804 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\rosestem.JPG
[2010/09/03 03:36:25 | 000,158,863 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\flower.JPG
[2010/09/03 03:31:18 | 000,139,443 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\purple storm.JPG
[2010/09/03 03:26:18 | 000,146,335 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\snakes eyes.JPG
[2010/09/03 03:25:47 | 000,152,181 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\cards.JPG
[2010/09/03 03:24:03 | 000,138,825 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\vicks rose mwhahahah.JPG
[2010/09/02 06:54:18 | 000,142,799 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\cove.JPG
[2010/09/02 06:53:46 | 000,162,927 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\blue rose.JPG
[2010/09/01 19:45:55 | 000,146,913 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\phoenix.jpg
[2010/09/01 15:51:55 | 000,025,808 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\invisible1.JPG
[2010/08/28 19:14:07 | 000,156,575 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\wow.JPG
[2010/08/27 22:20:04 | 000,016,649 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\droplet-on-a-rose.jpg
[2010/08/27 06:44:56 | 000,188,091 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\painting.JPG
[2010/08/27 06:37:49 | 000,157,842 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\hoofy.JPG
[2010/08/26 06:16:40 | 000,112,869 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\rose.JPG
[2010/08/25 20:18:45 | 000,146,069 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\orange sun.JPG
[2010/08/25 07:53:42 | 000,164,363 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\towers.JPG
[2010/08/25 02:08:53 | 000,182,647 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\lighthouse.JPG
[2010/08/25 02:08:04 | 000,175,308 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\ocean.JPG
[2010/08/24 17:10:59 | 000,149,811 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\eeeeeeeeeeeeee.JPG
[2010/08/23 19:25:12 | 000,078,868 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\bboik.html
[2010/08/23 15:06:46 | 000,177,606 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\rollingsea.JPG
[2010/08/23 15:04:55 | 000,151,841 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\sundown.JPG
[2010/08/23 14:49:35 | 000,168,380 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\romance.JPG
[2010/08/23 14:48:34 | 000,152,632 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\apples.JPG
[2010/08/23 14:25:51 | 000,152,149 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\mystical lights.JPG
[2010/08/23 14:19:14 | 000,147,404 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\footprints.JPG
[2010/08/23 06:34:37 | 000,153,601 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\tez.JPG
[2010/08/23 06:30:39 | 000,192,308 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\untitled.JPG
[2010/08/21 01:03:18 | 000,000,526 | ---- | C] () -- C:\WINDOWS\tasks\Scheduled scanning task.job
[2010/08/19 19:10:08 | 044,089,904 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\avira_antivir_personal_en.exe
[2010/08/19 16:02:36 | 000,000,226 | ---- | C] () -- C:\Boot.bak
[2010/08/19 16:02:32 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/08/19 15:53:48 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/08/19 15:53:48 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/08/19 13:17:49 | 000,000,897 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\Open F-Secure Internet Security 2008 OEM.lnk
[2010/08/16 15:00:36 | 000,006,421 | ---- | C] () -- C:\Documents and Settings\Tania Wood\resetlog.txt
[2010/08/12 17:45:01 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\Ubisoft Product Registration.lnk
[2010/08/12 17:35:38 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\xmltok.dll
[2010/08/12 17:35:38 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\xmlparse.dll
[2010/08/12 17:35:38 | 000,035,840 | ---- | C] () -- C:\WINDOWS\System32\comdlg32.oca
[2010/08/12 17:35:37 | 000,029,184 | ---- | C] () -- C:\WINDOWS\System32\MSINET.oca
[2010/02/21 05:59:33 | 000,076,407 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Application Data\Smiley.ico
[2010/01/19 12:49:54 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\RemoveDevice.dll
[2009/12/14 18:14:17 | 000,000,098 | ---- | C] () -- C:\WINDOWS\WirelessFTP.INI
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/06/01 19:42:52 | 000,000,000 | ---- | C] () -- C:\WINDOWS\tosOBEX.INI
[2009/04/18 00:42:23 | 000,000,041 | ---- | C] () -- C:\WINDOWS\crw.ini
[2009/02/15 01:02:38 | 000,000,133 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Local Settings\Application Data\fusioncache.dat
[2009/01/19 18:40:54 | 000,000,520 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/11/22 20:17:31 | 000,053,760 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/02/05 13:28:20 | 000,000,051 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Local Settings\Application Data\setup.txt
[2007/12/07 13:40:43 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\DM1USBAPIVB.dll
[2007/09/27 11:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 11:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 11:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2007/08/09 11:49:09 | 000,000,440 | ---- | C] () -- C:\WINDOWS\yahoo.ini
[2007/06/01 09:29:31 | 000,000,562 | ---- | C] () -- C:\WINDOWS\TBTdetect.ini
[2007/05/31 16:04:12 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2007/05/31 16:04:12 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2007/05/31 16:04:12 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2007/05/31 16:04:12 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2007/05/31 16:04:12 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2007/05/31 16:04:12 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2007/05/30 16:26:19 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NDSTray.INI
[2007/05/30 14:00:12 | 000,128,113 | ---- | C] () -- C:\WINDOWS\System32\csellang.ini
[2007/05/30 14:00:12 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\csellang.dll
[2007/05/30 14:00:12 | 000,010,150 | ---- | C] () -- C:\WINDOWS\System32\tosmreg.ini
[2007/05/30 14:00:12 | 000,007,671 | ---- | C] () -- C:\WINDOWS\System32\cseltbl.ini
[2007/05/30 12:44:07 | 000,910,304 | ---- | C] () -- C:\WINDOWS\System32\igmedkrn.dll
[2007/05/30 12:44:07 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4814.dll
[2007/05/30 11:20:26 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2007/05/30 10:25:22 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2007/05/30 09:13:38 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\ToshBIOS.dll
[2007/05/30 09:13:37 | 000,000,083 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2006/12/05 13:05:06 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\TosBtAcc.dll
[2005/07/22 21:30:20 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\TosCommAPI.dll
[1998/05/31 00:00:00 | 000,748,160 | ---- | C] () -- C:\WINDOWS\System32\CO2C40EN.DLL
[1996/11/18 22:15:52 | 000,131,072 | ---- | C] () -- C:\WINDOWS\System32\p2sodbc.dll
[1996/11/18 22:15:50 | 000,054,272 | ---- | C] () -- C:\WINDOWS\System32\p2irdao.dll
[1996/11/18 22:15:50 | 000,050,176 | ---- | C] () -- C:\WINDOWS\System32\p2ctdao.dll
[1996/11/18 22:15:50 | 000,036,352 | ---- | C] () -- C:\WINDOWS\System32\p2bbnd.dll

========== Custom Scans ==========

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[3 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\*.exe /lockedfiles >
[3 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2007/05/30 11:17:56 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2007/05/30 11:17:56 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2007/05/30 11:17:56 | 000,905,216 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\*.sys >
[2004/08/04 13:00:00 | 000,009,029 | ---- | M] () -- C:\WINDOWS\system32\ansi.sys
[2004/08/04 13:00:00 | 000,027,097 | ---- | M] () -- C:\WINDOWS\system32\country.sys
[2004/08/04 13:00:00 | 000,004,768 | ---- | M] () -- C:\WINDOWS\system32\himem.sys
[2004/08/04 13:00:00 | 000,042,809 | ---- | M] () -- C:\WINDOWS\system32\key01.sys
[2004/08/04 13:00:00 | 000,042,537 | ---- | M] () -- C:\WINDOWS\system32\keyboard.sys
[2004/08/04 13:00:00 | 000,027,866 | ---- | M] () -- C:\WINDOWS\system32\ntdos.sys
[2004/08/04 13:00:00 | 000,029,146 | ---- | M] () -- C:\WINDOWS\system32\ntdos404.sys
[2004/08/04 13:00:00 | 000,029,370 | ---- | M] () -- C:\WINDOWS\system32\ntdos411.sys
[2004/08/04 13:00:00 | 000,029,274 | ---- | M] () -- C:\WINDOWS\system32\ntdos412.sys
[2004/08/04 13:00:00 | 000,029,146 | ---- | M] () -- C:\WINDOWS\system32\ntdos804.sys
[2004/08/04 13:00:00 | 000,033,840 | ---- | M] () -- C:\WINDOWS\system32\ntio.sys
[2004/08/04 13:00:00 | 000,034,560 | ---- | M] () -- C:\WINDOWS\system32\ntio404.sys
[2004/08/04 13:00:00 | 000,035,648 | ---- | M] () -- C:\WINDOWS\system32\ntio411.sys
[2004/08/04 13:00:00 | 000,035,424 | ---- | M] () -- C:\WINDOWS\system32\ntio412.sys
[2004/08/04 13:00:00 | 000,034,560 | ---- | M] () -- C:\WINDOWS\system32\ntio804.sys
[2008/04/13 19:44:59 | 000,017,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\watchdog.sys
[2010/06/23 14:44:04 | 001,851,904 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\win32k.sys
[3 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\drivers\*.dll >
[2008/04/14 01:11:48 | 000,004,255 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv01nt5.dll
[2008/04/14 01:11:48 | 000,003,967 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv02nt5.dll
[2008/04/14 01:11:48 | 000,003,615 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv05nt5.dll
[2008/04/14 01:11:48 | 000,003,647 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv07nt5.dll
[2008/04/14 01:11:48 | 000,003,135 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv08nt5.dll
[2008/04/14 01:11:48 | 000,003,711 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv09nt5.dll
[2008/04/14 01:11:48 | 000,003,775 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv11nt5.dll
[2008/04/14 01:11:50 | 000,021,183 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv01nt5.dll
[2008/04/14 01:11:50 | 000,011,359 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv02nt5.dll
[2008/04/14 01:11:50 | 000,025,471 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv04nt5.dll
[2008/04/14 01:11:50 | 000,014,143 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv06nt5.dll
[2008/04/14 01:11:50 | 000,017,279 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv10nt5.dll
[2008/04/14 01:11:50 | 000,015,423 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\ch7xxnt5.dll
[2008/04/14 01:12:05 | 000,003,901 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\siint5.dll
[2008/04/14 01:12:08 | 000,011,325 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\vchnt5.dll

< %systemroot%\system32\drivers\*.ini >

< %systemroot%\system32\drivers\*.exe >

< %SYSTEMDRIVE%\*.* >
[2007/05/30 10:22:24 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/08/19 15:19:57 | 000,000,226 | ---- | M] () -- C:\Boot.bak
[2010/08/19 19:19:43 | 000,000,296 | RHS- | M] () -- C:\boot.ini
[2004/08/03 23:00:00 | 000,260,272 | ---- | M] () -- C:\cmldr
[2007/05/30 10:22:24 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2010/08/02 15:27:07 | 000,005,619 | ---- | M] () -- C:\debug.txt
[2010/09/10 01:41:38 | 000,002,342 | ---- | M] () -- C:\error.htm
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1028.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1031.txt
[2007/11/07 08:00:40 | 000,010,134 | ---- | M] () -- C:\eula.1033.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1036.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1040.txt
[2007/11/07 08:00:40 | 000,000,118 | ---- | M] () -- C:\eula.1041.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1042.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.2052.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.3082.txt
[2007/11/07 08:00:40 | 000,001,110 | ---- | M] () -- C:\globdata.ini
[2010/09/10 01:32:23 | 000,000,230 | ---- | M] () -- C:\infect.htm
[2009/02/15 02:23:56 | 000,000,164 | ---- | M] () -- C:\install.dat
[2007/11/07 08:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe
[2007/11/07 08:00:40 | 000,000,843 | ---- | M] () -- C:\install.ini
[2007/11/07 08:03:18 | 000,076,304 | ---- | M] (Microsoft Corporation) -- C:\install.res.1028.dll
[2007/11/07 08:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.1031.dll
[2007/11/07 08:03:18 | 000,091,152 | ---- | M] (Microsoft Corporation) -- C:\install.res.1033.dll
[2007/11/07 08:03:18 | 000,097,296 | ---- | M] (Microsoft Corporation) -- C:\install.res.1036.dll
[2007/11/07 08:03:18 | 000,095,248 | ---- | M] (Microsoft Corporation) -- C:\install.res.1040.dll
[2007/11/07 08:03:18 | 000,081,424 | ---- | M] (Microsoft Corporation) -- C:\install.res.1041.dll
[2007/11/07 08:03:18 | 000,079,888 | ---- | M] (Microsoft Corporation) -- C:\install.res.1042.dll
[2007/11/07 08:03:18 | 000,075,792 | ---- | M] (Microsoft Corporation) -- C:\install.res.2052.dll
[2007/11/07 08:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.3082.dll
[2007/05/30 10:22:24 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2007/05/30 10:22:24 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2010/05/01 02:25:13 | 000,000,439 | ---- | M] () -- C:\nsinst.log
[2004/08/04 13:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/11/26 04:09:02 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/09/07 00:15:57 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys
[2007/06/11 16:59:32 | 000,000,706 | -H-- | M] () -- C:\SWSTAMP.TXT
[2010/07/20 19:16:13 | 000,237,568 | -H-- | M] () -- C:\SZKGFS.dat
[2007/11/07 08:00:40 | 000,005,686 | ---- | M] () -- C:\vcredist.bmp
[2007/11/07 08:09:22 | 001,442,522 | ---- | M] () -- C:\VC_RED.cab
[2007/11/07 08:12:28 | 000,232,960 | ---- | M] () -- C:\VC_RED.MSI

< %PROGRAMFILES%\*. >
[2007/12/07 14:38:57 | 000,000,000 | ---D | M] -- C:\Program Files\Acronis
[2007/08/09 18:55:33 | 000,000,000 | ---D | M] -- C:\Program Files\Activation Assistant for the 2007 Microsoft Office suites
[2010/09/05 17:46:45 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
[2007/06/11 15:37:37 | 000,000,000 | ---D | M] -- C:\Program Files\Apoint2K
[2007/08/09 18:56:05 | 000,000,000 | ---D | M] -- C:\Program Files\Atheros
[2009/09/03 20:39:27 | 000,000,000 | ---D | M] -- C:\Program Files\AVG
[2010/02/09 15:38:47 | 000,000,000 | ---D | M] -- C:\Program Files\Babylon
[2010/09/06 03:45:37 | 000,000,000 | ---D | M] -- C:\Program Files\BitComet
[2009/12/26 21:11:37 | 000,000,000 | ---D | M] -- C:\Program Files\Bonjour
[2009/12/25 18:44:52 | 000,000,000 | ---D | M] -- C:\Program Files\BQNITW
[2008/12/07 21:30:40 | 000,000,000 | ---D | M] -- C:\Program Files\Bullzip
[2009/02/19 11:39:19 | 000,000,000 | ---D | M] -- C:\Program Files\Business Objects
[2007/12/07 20:53:03 | 000,000,000 | -H-D | M] -- C:\Program Files\CanonBJ
[2010/09/05 03:57:36 | 000,000,000 | ---D | M] -- C:\Program Files\CCleaner
[2009/02/15 20:04:55 | 000,000,000 | ---D | M] -- C:\Program Files\CDBurnerXP
[2009/02/19 11:10:45 | 000,000,000 | ---D | M] -- C:\Program Files\CE Remote Tools
[2010/09/05 17:46:47 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2007/05/30 10:20:49 | 000,000,000 | ---D | M] -- C:\Program Files\ComPlus Applications
[2010/06/04 13:24:43 | 000,000,000 | ---D | M] -- C:\Program Files\Computerized Content Operator
[2010/06/04 13:25:37 | 000,000,000 | ---D | M] -- C:\Program Files\Contextual Content Manager
[2010/06/04 13:25:04 | 000,000,000 | ---D | M] -- C:\Program Files\Customized Platform Services
[2008/11/22 15:49:54 | 000,000,000 | ---D | M] -- C:\Program Files\EditPlus 3
[2009/05/04 11:43:47 | 000,000,000 | ---D | M] -- C:\Program Files\Effexis Software
[2009/06/17 20:01:26 | 000,000,000 | ---D | M] -- C:\Program Files\Electronic Arts
[2010/03/31 03:08:36 | 000,000,000 | ---D | M] -- C:\Program Files\Entriq
[2010/09/05 21:39:13 | 000,000,000 | ---D | M] -- C:\Program Files\Eusing Free Registry Cleaner
[2009/06/29 09:03:38 | 000,000,000 | ---D | M] -- C:\Program Files\F-Secure Internet Security
[2009/02/15 02:23:06 | 000,000,000 | ---D | M] -- C:\Program Files\File Scanner Library (Spybot - Search & Destroy)
[2009/04/27 19:02:08 | 000,000,000 | ---D | M] -- C:\Program Files\FileZilla FTP Client
[2009/03/31 23:55:07 | 000,000,000 | ---D | M] -- C:\Program Files\Gamenext
[2009/03/31 22:55:09 | 000,000,000 | ---D | M] -- C:\Program Files\GamesBar
[2009/02/18 16:36:27 | 000,000,000 | ---D | M] -- C:\Program Files\glassfish-v2ur2
[2010/09/06 03:16:20 | 000,000,000 | ---D | M] -- C:\Program Files\Google
[2010/05/04 17:29:09 | 000,000,000 | ---D | M] -- C:\Program Files\HandyGamez Toolbar
[2009/02/19 11:18:28 | 000,000,000 | ---D | M] -- C:\Program Files\HTML Help Workshop
[2009/07/25 09:02:19 | 000,000,000 | ---D | M] -- C:\Program Files\Huawei Modems
[2010/09/06 03:14:39 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2010/09/05 18:35:19 | 000,000,000 | ---D | M] -- C:\Program Files\Intel
[2010/09/07 00:02:51 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2007/06/11 15:38:26 | 000,000,000 | ---D | M] -- C:\Program Files\InterVideo
[2010/09/06 03:26:17 | 000,000,000 | ---D | M] -- C:\Program Files\iTunes
[2010/08/19 19:39:57 | 000,000,000 | ---D | M] -- C:\Program Files\iWin Games
[2010/05/04 17:36:36 | 000,000,000 | ---D | M] -- C:\Program Files\iWin.com
[2010/09/06 23:34:49 | 000,000,000 | ---D | M] -- C:\Program Files\Java
[2010/03/31 03:08:50 | 000,000,000 | ---D | M] -- C:\Program Files\Kontiki
[2007/08/09 18:58:44 | 000,000,000 | ---D | M] -- C:\Program Files\ltmoh
[2008/11/26 04:19:20 | 000,000,000 | ---D | M] -- C:\Program Files\Messenger
[2010/09/06 23:58:53 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft
[2007/10/18 19:29:06 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft CAPICOM 2.1.0.2
[2009/02/19 11:35:14 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Device Emulator
[2007/08/09 18:58:45 | 000,000,000 | ---D | M] -- C:\Program Files\microsoft frontpage
[2009/02/15 02:13:06 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2009/11/18 03:14:41 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office Outlook Connector
[2009/02/19 11:10:45 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft SDKs
[2010/09/05 02:59:51 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Silverlight
[2007/06/11 15:39:22 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft SQL Server
[2009/03/15 22:56:44 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2009/02/19 11:32:46 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Synchronization Services
[2009/02/19 11:39:20 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Visual Studio 9.0
[2009/02/19 11:09:32 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Web Designer Tools
[2009/11/04 04:05:31 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Works
[2009/06/17 19:50:44 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft WSE
[2010/09/07 00:03:57 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft.NET
[2009/02/15 02:23:07 | 000,000,000 | ---D | M] -- C:\Program Files\Misc. Support Library (Spybot - Search & Destroy)
[2010/08/11 03:03:15 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2010/09/05 03:07:54 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
[2009/02/19 11:17:50 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2008/12/07 20:56:30 | 000,000,000 | ---D | M] -- C:\Program Files\MSECache
[2009/03/26 20:46:49 | 000,000,000 | ---D | M] -- C:\Program Files\MSN
[2007/08/09 19:01:31 | 000,000,000 | ---D | M] -- C:\Program Files\MSN Gaming Zone
[2007/05/30 10:46:33 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 4.0
[2007/08/09 14:26:05 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 6.0
[2010/09/05 22:21:15 | 000,000,000 | ---D | M] -- C:\Program Files\myBabylon_English
[2009/06/01 17:54:26 | 000,000,000 | ---D | M] -- C:\Program Files\NetBeans 6.1
[2009/02/18 03:35:30 | 000,000,000 | ---D | M] -- C:\Program Files\NetBeans 6.5
[2008/11/26 04:10:49 | 000,000,000 | ---D | M] -- C:\Program Files\NetMeeting
[2010/05/04 17:25:37 | 000,000,000 | ---D | M] -- C:\Program Files\Oberon Media
[2007/12/07 13:40:45 | 000,000,000 | ---D | M] -- C:\Program Files\Olympus
[2007/08/09 19:01:40 | 000,000,000 | ---D | M] -- C:\Program Files\Online Services
[2010/05/13 03:03:46 | 000,000,000 | ---D | M] -- C:\Program Files\Outlook Express
[2010/09/07 00:45:13 | 000,000,000 | ---D | M] -- C:\Program Files\Phoenix Viewer
[2009/06/05 19:36:35 | 000,000,000 | ---D | M] -- C:\Program Files\Picasa2
[2007/06/11 15:39:42 | 000,000,000 | ---D | M] -- C:\Program Files\Protector Suite QL
[2007/12/07 13:25:33 | 000,000,000 | ---D | M] -- C:\Program Files\QuickLink Desktop
[2010/09/06 23:45:52 | 000,000,000 | ---D | M] -- C:\Program Files\QuickTime
[2007/08/09 19:01:48 | 000,000,000 | ---D | M] -- C:\Program Files\Realtek
[2007/08/09 14:22:29 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2009/07/02 00:45:04 | 000,000,000 | ---D | M] -- C:\Program Files\ReflexiveArcade
[2008/12/29 19:44:07 | 000,000,000 | ---D | M] -- C:\Program Files\Retrospect
[2007/12/07 13:44:52 | 000,000,000 | ---D | M] -- C:\Program Files\Scansoft
[2009/02/15 02:23:07 | 000,000,000 | ---D | M] -- C:\Program Files\SDHelper (Spybot - Search & Destroy)
[2010/09/05 22:20:22 | 000,000,000 | ---D | M] -- C:\Program Files\Security Task Manager
[2010/06/24 12:51:28 | 000,000,000 | R--D | M] -- C:\Program Files\Skype
[2009/05/04 12:43:11 | 000,000,000 | ---D | M] -- C:\Program Files\SmartDraw 2009
[2009/07/04 17:28:32 | 000,000,000 | ---D | M] -- C:\Program Files\Spybot - Search & Destroy
[2010/09/06 05:05:00 | 000,000,000 | ---D | M] -- C:\Program Files\Spyware Doctor
[2009/08/13 13:13:11 | 000,000,000 | ---D | M] -- C:\Program Files\SpywareBlaster
[2009/08/14 12:27:48 | 000,000,000 | ---D | M] -- C:\Program Files\SwiftKit
[2010/09/05 18:31:14 | 000,000,000 | ---D | M] -- C:\Program Files\SystemRequirementsLab
[2007/12/07 13:44:52 | 000,000,000 | ---D | M] -- C:\Program Files\Texthelp Systems
[2010/06/04 13:26:00 | 000,000,000 | ---D | M] -- C:\Program Files\Textual Content Enhancer
[2009/09/08 03:53:59 | 000,000,000 | ---D | M] -- C:\Program Files\The Budgerigar Program 2006
[2007/08/09 11:25:49 | 000,000,000 | ---D | M] -- C:\Program Files\TOSHIBA
[2010/08/12 17:35:35 | 000,000,000 | ---D | M] -- C:\Program Files\Ubisoft
[2009/02/15 00:07:04 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2009/12/29 00:19:16 | 000,000,000 | ---D | M] -- C:\Program Files\VideoLAN
[2010/04/23 12:32:40 | 000,000,000 | ---D | M] -- C:\Program Files\VirginMedia
[2010/06/04 13:24:33 | 000,000,000 | ---D | M] -- C:\Program Files\Web Content Searcher
[2009/06/05 19:26:59 | 000,000,000 | ---D | M] -- C:\Program Files\Western Digital
[2008/12/29 19:42:40 | 000,000,000 | ---D | M] -- C:\Program Files\Western Digital Technologies
[2009/06/11 03:15:20 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Desktop Search
[2009/11/18 03:13:55 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live
[2009/03/15 22:54:43 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live SkyDrive
[2007/08/09 14:21:39 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Connect 2
[2008/11/26 04:10:46 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2009/02/19 11:34:44 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Mobile 5.0 SDK R2
[2008/11/26 04:10:46 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2007/05/30 10:21:27 | 000,000,000 | -H-D | M] -- C:\Program Files\WindowsUpdate
[2008/12/05 17:42:12 | 000,000,000 | ---D | M] -- C:\Program Files\WinRAR
[2007/08/09 19:02:31 | 000,000,000 | ---D | M] -- C:\Program Files\xerox
[2009/02/15 04:04:48 | 000,000,000 | ---D | M] -- C:\Program Files\Yahoo!
[2010/08/02 15:27:07 | 000,000,000 | ---D | M] -- C:\Program Files\ZTE_1.2059.0.8
[2010/05/04 17:31:37 | 000,000,000 | ---D | M] -- C:\Program Files\Zylom Games

< %appdata%\*.* >
[2007/05/30 11:18:48 | 000,000,062 | -HS- | M] () -- C:\Documents and Settings\Tania Wood\Application Data\desktop.ini
[2009/11/04 12:49:48 | 000,076,407 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Application Data\Smiley.ico

< MD5 for: AGP440.SYS >
[2004/08/04 13:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\I386\sp2.cab:AGP440.sys
[2004/08/04 13:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/11/26 04:06:44 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008/11/26 04:06:44 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys
[2008/04/13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/04 13:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\I386\sp2.cab:atapi.sys
[2004/08/04 13:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/11/26 04:06:44 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/11/26 04:06:44 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008/04/13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0005\DriverFiles\i386\atapi.sys

< MD5 for: DISK.SYS >
[2004/08/04 13:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\I386\sp2.cab:disk.sys
[2004/08/04 13:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:disk.sys
[2008/11/26 04:06:44 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:disk.sys
[2008/11/26 04:06:44 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:disk.sys
[2004/08/04 13:00:00 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=00CA44E4534865F8A3B64F7C0984BFF0 -- C:\WINDOWS\$NtServicePackUninstall$\disk.sys
[2008/04/13 19:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\ServicePackFiles\i386\disk.sys
[2008/04/13 19:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\system32\drivers\disk.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/14 01:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2008/04/14 01:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/14 01:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/04 13:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
[2006/05/05 17:50:50 | 000,023,552 | ---- | M] (UPEK Inc.) MD5=885972DF728A6C0600C0133DCF7CDD78 -- C:\Program Files\Protector Suite QL\eventlog.dll

< MD5 for: IASTOR.SYS >
[2007/02/12 13:37:22 | 000,537,368 | ---- | M] (Intel Corporation) MD5=2EE127D5407DA3957EE54711C9AED6EC -- C:\Program Files\Intel\Intel Matrix Storage Manager\Driver64\IaStor.sys
[2007/02/12 13:36:54 | 000,277,784 | ---- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:\Program Files\Intel\Intel Matrix Storage Manager\Driver\iaStor.sys
[2007/02/12 13:36:54 | 000,277,784 | ---- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:\TOSAPINS\Intel Matrix Storage Manager\Inf Setup\iastor.sys
[2007/02/12 13:36:54 | 000,277,784 | ---- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:\WINDOWS\OemDir\iaStor.sys
[2007/02/12 13:36:54 | 000,277,784 | ---- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:\WINDOWS\system32\drivers\iaStor.sys
[2007/02/12 13:36:54 | 000,277,784 | ---- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:\WINDOWS\system32\ReinstallBackups\0000\DriverFiles\iaStor.sys

< MD5 for: NETLOGON.DLL >
[2008/04/14 01:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008/04/14 01:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/14 01:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/04 13:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 13:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/14 01:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008/04/14 01:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/14 01:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< MD5 for: USBSTOR.SYS >
[2004/08/04 13:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\I386\sp2.cab:usbstor.sys
[2004/08/04 13:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:usbstor.sys
[2008/11/26 04:06:44 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:usbstor.sys
[2008/11/26 04:06:44 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:usbstor.sys
[2004/08/04 00:08:48 | 000,026,496 | ---- | M] (Microsoft Corporation) MD5=6CD7B22193718F1D17A47A1CD6D37E75 -- C:\WINDOWS\$NtServicePackUninstall$\usbstor.sys
[2008/04/13 19:45:38 | 000,026,368 | ---- | M] (Microsoft Corporation) MD5=A32426D9B14A089EAA1D922E0C5801A9 -- C:\WINDOWS\ServicePackFiles\i386\usbstor.sys
[2008/04/13 19:45:38 | 000,026,368 | ---- | M] (Microsoft Corporation) MD5=A32426D9B14A089EAA1D922E0C5801A9 -- C:\WINDOWS\system32\drivers\usbstor.sys
[2008/04/13 19:45:38 | 000,026,368 | ---- | M] (Microsoft Corporation) MD5=A32426D9B14A089EAA1D922E0C5801A9 -- C:\WINDOWS\system32\ReinstallBackups\0024\DriverFiles\i386\USBSTOR.SYS

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-09-03 02:01:42

========== Alternate Data Streams ==========

@Alternate Data Stream - 146 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1FEDA220
@Alternate Data Stream - 144 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:79108DDD
@Alternate Data Stream - 144 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6EB5B3D3
@Alternate Data Stream - 143 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C4B264B5
@Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:755BD5CD
@Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BA37E1F6
@Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DCE8F703
@Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B9B2111D
@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:362B7440
@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EBFD4E6F
@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:29058F8B
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4BD41AB7
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2F8DACDA
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9CD3B6D1
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C462DAE
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C8FE79B
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:ADE16379
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:385BC52C
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:94124B85
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E36F5B57
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:67518200
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A61A6FCC
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3D0C4F47
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EFD52482
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EB3AF287
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:30ECA2C2
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5BB2BD38
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D66B5EAE
< End of report >

Re: trojan.win32.buzus.eglu10th September 2010, 4:05 am

OTL Extras logfile created on: 10/09/2010 04:29:42 - Run 1
OTL by OldTimer - Version 3.2.11.0 Folder = D:\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 62.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 79.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 40.65 Gb Total Space | 11.50 Gb Free Space | 28.30% Space Free | Partition Type: NTFS
Drive D: | 65.87 Gb Total Space | 6.97 Gb Free Space | 10.59% Space Free | Partition Type: NTFS
Drive E: | 581.42 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
Drive G: | 3.73 Gb Total Space | 3.63 Gb Free Space | 97.46% Space Free | Partition Type: FAT32
Drive H: | 970.13 Mb Total Space | 393.44 Mb Free Space | 40.56% Space Free | Partition Type: FAT
I: Drive not present or media not loaded

Computer Name: TANIA-82363
Current User Name: Tania Wood
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.exe [@ = exefile] -- Reg Error: Key error. File not found
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"50000:TCP" = 50000:TCP:*:Enabled:BitComet 50000 TCP
"50000:UDP" = 50000:UDP:*:Enabled:BitComet 50000 UDP
"7375:TCP" = 7375:TCP:*:Enabled:BitComet 7375 TCP
"7375:UDP" = 7375:UDP:*:Enabled:BitComet 7375 UDP
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"5985:TCP" = 5985:TCP:*:Disabled:Windows Remote Management
"80:TCP" = 80:TCP:*:Disabled:Windows Remote Management - Compatibility Mode (HTTP-In)

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\BitComet\BitComet.exe" = C:\Program Files\BitComet\BitComet.exe:*:Enabled:BitComet.exe -- File not found
"C:\Program Files\iWin Games\iWinGames.exe" = C:\Program Files\iWin Games\iWinGames.exe:*:Enabled:iWin Games application. -- (iWin Inc.)
"C:\Program Files\iWin Games\WebUpdater.exe" = C:\Program Files\iWin Games\WebUpdater.exe:*:Enabled:iWin Games updater. -- ()
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
"C:\Program Files\Google\Google Talk\googletalk.exe" = C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk -- File not found
"C:\Program Files\Kontiki\KService.exe" = C:\Program Files\Kontiki\KService.exe:*:Enabled:Delivery Manager Service -- ()
"C:\Program Files\3 Mobile Broadband\3Connect\Wilog.exe" = C:\Program Files\3 Mobile Broadband\3Connect\Wilog.exe:*:Enabled:3Connect -- File not found

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0456ebd7-5f67-4ab6-852e-63781e3f389c}" = Macromedia Flash Player
"{0577A2AA-DEA0-4D40-8372-4211102D43E4}" = TOSHIBA Mic Effect
"{05EC21B8-4593-3037-A781-A6B5AFFCB19D}" = Microsoft Windows SDK for Visual Studio 2008 .NET Framework Tools
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}" = WD Diagnostics
"{0F4F4815-76AD-4B26-8763-72F3344041C2}" = TOSHIBA Manuals
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP210_series" = Canon MP210 series
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{17B66E83-1BC9-11D5-A54A-0090278A1BB8}" = Microsoft FrontPage Client - English
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1CB92574-96F2-467B-B793-5CEB35C40C29}" = Image Resizer Powertoy for Windows XP
"{1E63ACB5-D45E-4856-8FC9-78F4B0D7BB80}" = TOSHIBA Security Assist
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{2254E64C-D2B1-4478-BD7E-37457D09FF39}" = QuickLink Desktop
"{2290A680-4083-410A-ADCC-7092C67FC052}" = Toshiba Online Product Information
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{241F2BF7-69EB-42A4-9156-96B2426C7504}" = Microsoft SQL Server Compact 3.5 for Devices ENU
"{24300A63-DD78-4AA5-A914-4D582C41D33A}" = TOSHIBA TouchPad On/Off Utility V2.5.1.0
"{26DB09BC-6EB5-4CE0-A05D-D4DECE60E189}_is1" = Phoenix Viewer 1.5.0.1
"{291B3A3B-F808-45B8-8113-DF232FCB6C82}" = Microsoft .NET Compact Framework 3.5
"{2AAA1310-1A77-472d-A7D2-A5E55B00EF8E}" = Intel(R) Network Connections 15.5.74.0
"{2C38F661-26B7-445D-B87D-B53FE2D3BD42}" = TOSHIBA PC Diagnostic Tool
"{2E5C075E-11AB-4BDD-918C-7B9A68953FF8}" = Microsoft SQL Server Compact 3.5 Design Tools ENU
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3B8D9FA4-745C-47C9-962D-4ABE6ACE136B}" = TOSHIBA Mobile Extension3
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{400830CA-F056-4BBE-80A3-9DF9CA4FB889}" = TOSHIBA Direct Disc Writer
"{4323A3CF-D66F-46BC-AD16-B94D7BF05CF1}" = TOSHIBA Dual Pointing Device Utility
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C2E5A82-DA8B-4c72-91A6-EBB4E0463537}_is1" = V Stuff Backup v1.6.2.16478
"{503C0372-6161-4B3E-B4A6-AC0A15C44CBC}" = PL-2303 USB-to-Serial
"{50AD75E8-547E-4998-8C06-BF5CEEF30813}" = Acronis True Image
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{56190F69-01D3-46CA-9861-43377C5E9B87}" = TOSHIBA Utilities
"{5D652EC3-8AC0-41E7-B337-162BC7B01148}" = Retrospect Express HD 2.0
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{64212898-097F-4F3F-AECA-6D34A7EF82DF}" = TOSHIBA Zooming Utility
"{64c5b887-b5ee-42b8-8596-78905a6b5f1f}" = Microsoft Windows SDK for Visual Studio 2008 SDK Reference Assemblies and IntelliSense
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6753B40C-0FBD-3BED-8A9D-0ACAC2DCD85D}" = Microsoft Document Explorer 2008
"{6C9F6D23-E9AD-43C9-B43A-011562AAF876}" = Windows Mobile 5.0 SDK R2 for Pocket PC
"{6DE13770-01B7-4366-8DA6-48237793F445}" = VoiceOver Kit
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{737629F4-4111-4FD4-9071-29873B7C6426}" = Protector Suite 5.4
"{76E6BBAA-25E6-4BFC-9613-75A5CACE2940}" = Olympus DSS Player
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7862BAD8-A379-4128-8AA1-EFD5A9603C53}" = Wireless Hotkey
"{79756522-09EE-4CD9-9B66-308E7A8954C0}" = The Best Quiz Night In The World
"{7B569268-AB31-4156-BAA7-1330C6227217}" = Sequence Diagram Editor
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{842FAF7C-50EF-4463-9B8F-6222E1384D7D}" = Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8FB53850-246A-3507-8ADE-0060093FFEA6}" = Visual Studio Tools for the Office system 3.0 Runtime
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_STANDARDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_STANDARDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_STANDARDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_STANDARDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_STANDARDR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_STANDARDR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_STANDARDR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0021-0000-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer 2007
"{90120000-0021-0000-0000-0000000FF1CE}_VisualWebDeveloper_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0021-0409-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer MUI (English) 2007
"{90120000-0021-0409-0000-0000000FF1CE}_VisualWebDeveloper_{E1044ED2-E4AD-4B39-B500-31109750F6B4}" = Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_STANDARDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}_VisualWebDeveloper_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00B2-0409-0000-0000000FF1CE}" = Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_STANDARDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}_VisualWebDeveloper_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
"{91120000-0012-0000-0000-0000000FF1CE}" = Microsoft Office Standard 2007
"{91120000-0012-0000-0000-0000000FF1CE}_STANDARDR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0012-0000-0000-0000000FF1CE}_STANDARDR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD for TOSHIBA
"{94A90C69-71C1-470A-88F5-AA47ECC96B40}" = TOSHIBA HDD Protection
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95120000-0122-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{9656F3AC-6BA9-43F0-ABED-F214B5DAB27B}" = Windows Mobile 5.0 SDK R2 for Smartphone
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A33B83D-FFC4-44CF-BEEF-632DECEF2FCD}" = Microsoft SQL Server Database Publishing Wizard 1.2
"{9ACBDDE2-DD2D-4103-8ECE-D1A9F7F03D1A}" = TOSHIBA Power Saver
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{A10DA03B-9048-48B4-00A2-A71153C3F886}" = The Sims™ Pet Stories
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A59BB15D-51B7-F12B-4548-8C0368243441}" = EA Download Manager UI
"{A6690C0E-B96E-4F0F-A8EB-D5B332454AC6}" = TOSHIBA Controls
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{AA467959-A1D6-4F45-90CD-11DC57733F32}" = Crystal Reports Basic for Visual Studio 2008
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B268E9A1-04A9-40D0-9866-846BE2B74BA7}" = Microsoft Windows SDK for Visual Studio 2008 Win32 Tools
"{B32E7732-B2FB-3FD0-81AC-6025B1104C66}" = Microsoft Device Emulator version 3.0 - ENU
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BBF5493A-05FB-4449-90DE-84A61EB78154}" = TOSHIBA SD Memory Boot Utility
"{BCC899FE-2DAA-460C-A5FB-60291E73D9C3}" = Microsoft SQL Server Compact 3.5 ENU
"{BDD83DC9-BEE9-4654-A5DA-CC46C250088D}" = TOSHIBA ConfigFree
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C0FC3B56-E345-40CD-A5CB-7EB791CE3E74}" = TOSHIBA Password Utility
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{CAA376AF-0DE8-4FCA-942E-C6AC579B94B3}" = Microsoft Windows SDK for Visual Studio 2008 Tools
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CB9EBE84-1EA9-3053-8E3C-13BE147B36E2}" = Native x86 Runtime for Visual C++ 2008 Feature Pack (v.9.0.30411)
"{CB9EBE84-1EA9-3053-8E3C-13BE147B36E2}.vc_x86runtime_30411_00" = Visual C++ 2008 Feature Pack - x86 - v9.0.30411.00
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D4D24FE5-FAB3-4FE2-AFFC-623955F4DF3A}" = Visual Studio.NET Baseline - English
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{D7DAD1E4-45F4-3B2B-899A-EA728167EC4F}" = Microsoft Visual Studio 2008 Professional Edition - ENU
"{DB780B85-B4B5-4864-A49C-9B706B169C93}" = TIPCI
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E9F44C98-B8B6-480F-AF7B-E42A0A46F4E3}" = Microsoft SQL Server VSS Writer
"{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}" = TOSHIBA SD Memory Utilities
"{EDDF99D9-9FE3-4871-A7DB-D1522C51EE9A}" = Microsoft .NET Compact Framework 2.0 SP2
"{EFE9ACA6-6056-40CD-8325-0E0BE2CB622B}" = Read And Write 8.1 Gold
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F7FC9307-374E-4017-8E9D-DE1154780480}" = System Requirements Lab for Intel
"{F9B3DD02-B0B3-42E9-8650-030DFF0D133D}" = Microsoft SQL Server Native Client
"{FC4C645F-8EBC-4F1E-A517-D1505B43A374}" = TOSHIBA Wireless Key Logon
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Bullzip PDF Printer_is1" = Bullzip PDF Printer 6.0.0.702
"CCleaner" = CCleaner
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"com.ea.Vault.919CACB699904AC5D41B606703500DD39747C02D.1" = EA Download Manager UI
"Demand Five Player_is1" = Demand Five Player
"EA Download Manager" = EA Download Manager
"EditPlus 3" = EditPlus 3
"Entriq MediaSphere_is1" = Uninstall Entriq MediaSphere
"Eusing Free Registry Cleaner" = Eusing Free Registry Cleaner
"FileZilla Client" = FileZilla Client 3.2.4
"F-Secure Product 444" = F-Secure Internet Security 2008 OEM
"GPL Ghostscript Lite_is1" = GPL Ghostscript Lite 8.63
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"Huawei Modems" = Huawei Modems
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{2C38F661-26B7-445D-B87D-B53FE2D3BD42}" = TOSHIBA PC Diagnostic Tool
"InstallShield_{56190F69-01D3-46CA-9861-43377C5E9B87}" = TOSHIBA Utilities
"InstallShield_{9ACBDDE2-DD2D-4103-8ECE-D1A9F7F03D1A}" = TOSHIBA Power Saver
"InstallShield_{C0FC3B56-E345-40CD-A5CB-7EB791CE3E74}" = TOSHIBA Password Utility
"InstallShield_{DB780B85-B4B5-4864-A49C-9B706B169C93}" = Texas Instruments PCIxx21/x515/xx12 drivers.
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Document Explorer 2008" = Microsoft Document Explorer 2008
"Microsoft Visual Studio 2005 Tools for Office Runtime" = Visual Studio 2005 Tools for Office Second Edition Runtime
"Microsoft Visual Studio 2008 Professional Edition - ENU" = Microsoft Visual Studio 2008 Professional Edition - ENU
"MSNINST" = MSN
"nbi-glassfish-2.0.2.4.20080515" = GlassFish V2 UR2
"nbi-nb-base-6.1.0.1.200805300101" = NetBeans IDE 6.1
"Security Task Manager" = Security Task Manager 1.7h
"Spyware Doctor" = Spyware Doctor 6.0
"SpywareBlaster_is1" = SpywareBlaster 4.2
"ST6UNST #1" = The Budgerigar Program 2006
"STANDARDR" = Microsoft Office Standard 2007
"SwiftKit" = SwiftKit
"SystemRequirementsLab" = System Requirements Lab
"TDspBtn" = TOSHIBA Display Devices Change Utility
"TFNF5" = TOSHIBA Hotkey Utility for Display Devices
"TME" = Uninstall for TOSHIBA Mobile Extension3
"TOSHIBA Software Modem" = TOSHIBA Software Modem
"Visual Studio Tools for the Office system 3.0 Runtime" = Visual Studio Tools for the Office system 3.0 Runtime
"VisualWebDeveloper" = Microsoft Visual Studio Web Authoring Component
"VLC media player" = VLC media player 1.0.1
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"ZTE_1.2059.0.8" = ZTE_1.2059.0.8

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Facebook Plug-In" = Facebook Plug-In
"Google Chrome" = Google Chrome
"SmartDraw 2009" = SmartDraw 2009
"UnityWebPlayer" = Unity Web Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 09/09/2010 20:46:53 | Computer Name = TANIA-82363 | Source = Message from F-Secure Anti-Virus on | ID = 103
Description = 6 2010-09-10 01:46:52+01:00 tania-82363 TANIA-82363\Tania Wood
Message from F-Secure Anti-Virus on Scanning of \DEVICE\HARDDISKVOLUME1\DOCUMENTS
AND SETTINGS\TANIA WOOD\APPLICATION DATA\SKYPE\CHERRY.AID\MAIN.DB-JOURNAL was aborted
due to exceeded scanning time limit. The file may be in use or reading it was too
slow (e.g. network connection was under stress).

Error - 09/09/2010 21:17:27 | Computer Name = TANIA-82363 | Source = Message from F-Secure Anti-Virus on | ID = 103
Description = 7 2010-09-10 02:17:27+01:00 tania-82363 TANIA-82363\Tania Wood
Message from F-Secure Anti-Virus on Scanning of \DEVICE\HARDDISKVOLUME1\DOCUMENTS
AND SETTINGS\TANIA WOOD\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\CACHE\F_000E61
was aborted due to exceeded scanning time limit. The file may be in use or reading
it was too slow (e.g. network connection was under stress).

Error - 09/09/2010 21:36:25 | Computer Name = TANIA-82363 | Source = Message from F-Secure Anti-Virus on | ID = 103
Description = 8 2010-09-10 02:36:23+01:00 tania-82363 TANIA-82363\Tania Wood
Message from F-Secure Anti-Virus on Scanning of \DEVICE\HARDDISKVOLUME1\DOCUMENTS
AND SETTINGS\TANIA WOOD\APPLICATION DATA\SKYPE\CHERRY.AID\MAIN.DB-JOURNAL was aborted
due to exceeded scanning time limit. The file may be in use or reading it was too
slow (e.g. network connection was under stress).

Error - 09/09/2010 22:07:56 | Computer Name = TANIA-82363 | Source = Message from F-Secure Anti-Virus on | ID = 103
Description = 9 2010-09-10 03:07:55+01:00 tania-82363 TANIA-82363\Tania Wood
Message from F-Secure Anti-Virus on Scanning of \DEVICE\HARDDISKVOLUME1\PROGRAM
FILES\F-SECURE INTERNET SECURITY\FSAUA\SUBSCRIPTIONS\AVH_AVPE was aborted due to
exceeded scanning time limit. The file may be in use or reading it was too slow
(e.g. network connection was under stress).

Error - 09/09/2010 22:33:19 | Computer Name = TANIA-82363 | Source = Message from F-Secure Anti-Virus on | ID = 103
Description = 10 2010-09-10 03:33:18+01:00 tania-82363 TANIA-82363\Tania Wood
Message from F-Secure Anti-Virus on Scanning of \DEVICE\HARDDISKVOLUME1\DOCUMENTS
AND SETTINGS\TANIA WOOD\APPLICATION DATA\SKYPE\CHERRY.AID\MAIN.DB-JOURNAL was aborted
due to exceeded scanning time limit. The file may be in use or reading it was too
slow (e.g. network connection was under stress).

Error - 09/09/2010 22:39:40 | Computer Name = TANIA-82363 | Source = Message from F-Secure Anti-Virus on | ID = 103
Description = 11 2010-09-10 03:39:39+01:00 tania-82363 TANIA-82363\Tania Wood
Message from F-Secure Anti-Virus on Scanning of \DEVICE\HARDDISKVOLUME1\DOCUMENTS
AND SETTINGS\TANIA WOOD\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\UCDGWWDE\CONTENT.SMALLWORLDS.COM\SMALLWORLDS_LOGIN_DATA.SXX
was aborted due to exceeded scanning time limit. The file may be in use or reading
it was too slow (e.g. network connection was under stress).

Error - 09/09/2010 22:57:23 | Computer Name = TANIA-82363 | Source = Message from F-Secure Anti-Virus on | ID = 103
Description = 12 2010-09-10 03:57:22+01:00 tania-82363 TANIA-82363\Tania Wood
Message from F-Secure Anti-Virus on Scanning of \DEVICE\HARDDISKVOLUME1\DOCUMENTS
AND SETTINGS\TANIA WOOD\APPLICATION DATA\SKYPE\CHERRY.AID\MAIN.DB-JOURNAL was aborted
due to exceeded scanning time limit. The file may be in use or reading it was too
slow (e.g. network connection was under stress).

Error - 09/09/2010 23:27:48 | Computer Name = TANIA-82363 | Source = Message from F-Secure Anti-Virus on | ID = 103
Description = 13 2010-09-10 04:27:46+01:00 tania-82363 TANIA-82363\Tania Wood
Message from F-Secure Anti-Virus on Scanning of \DEVICE\HARDDISKVOLUME1\DOCUMENTS
AND SETTINGS\TANIA WOOD\DESKTOP\.LNK was aborted due to exceeded scanning time
limit. The file may be in use or reading it was too slow (e.g. network connection
was under stress).

Error - 09/09/2010 23:37:31 | Computer Name = TANIA-82363 | Source = Message from F-Secure Anti-Virus on | ID = 103
Description = 14 2010-09-10 04:37:30+01:00 tania-82363 TANIA-82363\Tania Wood
Message from F-Secure Anti-Virus on Malicious code found in file C:\WINDOWS\system32\f3PSSavr.0cr.
Infection: Adware:W32/MyWebSearch.H

Error - 09/09/2010 23:41:38 | Computer Name = TANIA-82363 | Source = Message from F-Secure Anti-Virus on | ID = 103
Description = 15 2010-09-10 04:41:38+01:00 tania-82363 TANIA-82363\Tania Wood
Message from F-Secure Anti-Virus on Malicious code found in file C:\WINDOWS\system32\f3PSSavr.0cr.
Infection: Adware:W32/MyWebSearch.H

[ OSession Events ]
Error - 18/06/2009 06:54:33 | Computer Name = TANIA-82363 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 9
seconds with 0 seconds of active time. This session ended with a crash.

Error - 18/06/2009 06:54:51 | Computer Name = TANIA-82363 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 9
seconds with 0 seconds of active time. This session ended with a crash.

Error - 18/06/2009 06:55:01 | Computer Name = TANIA-82363 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 3
seconds with 0 seconds of active time. This session ended with a crash.

Error - 19/10/2009 18:54:22 | Computer Name = TANIA-82363 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 88
seconds with 0 seconds of active time. This session ended with a crash.

Error - 19/10/2009 18:54:45 | Computer Name = TANIA-82363 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 12
seconds with 0 seconds of active time. This session ended with a crash.

Error - 12/04/2010 06:41:39 | Computer Name = TANIA-82363 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 9
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 06/09/2010 17:55:35 | Computer Name = TANIA-82363 | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.0.100 for the Network Card with network
address 001C7E49D31E has been denied by the DHCP server 192.168.0.1 (The DHCP Server
sent a DHCPNACK message).

Error - 06/09/2010 17:55:57 | Computer Name = TANIA-82363 | Source = Service Control Manager | ID = 7023
Description = The HID Input Service service terminated with the following error:
%%126

Error - 06/09/2010 17:56:00 | Computer Name = TANIA-82363 | Source = Service Control Manager | ID = 7024
Description = The Windows Search service terminated with service-specific error
2147749155 (0x80040D23).

Error - 06/09/2010 17:57:38 | Computer Name = TANIA-82363 | Source = Service Control Manager | ID = 7022
Description = The SQL Server VSS Writer service hung on starting.

Error - 06/09/2010 17:57:39 | Computer Name = TANIA-82363 | Source = Service Control Manager | ID = 7034
Description = The SQL Server VSS Writer service terminated unexpectedly. It has
done this 1 time(s).

Error - 06/09/2010 19:16:01 | Computer Name = TANIA-82363 | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.0.100 for the Network Card with network
address 001C7E49D31E has been denied by the DHCP server 192.168.0.1 (The DHCP Server
sent a DHCPNACK message).

Error - 06/09/2010 19:16:24 | Computer Name = TANIA-82363 | Source = Service Control Manager | ID = 7023
Description = The HID Input Service service terminated with the following error:
%%126

Error - 06/09/2010 19:18:05 | Computer Name = TANIA-82363 | Source = Service Control Manager | ID = 7022
Description = The SQL Server VSS Writer service hung on starting.

Error - 06/09/2010 19:18:07 | Computer Name = TANIA-82363 | Source = Service Control Manager | ID = 7034
Description = The SQL Server VSS Writer service terminated unexpectedly. It has
done this 1 time(s).

Error - 09/09/2010 20:30:37 | Computer Name = TANIA-82363 | Source = PlugPlayManager | ID = 11
Description = The device Root\LEGACY_FSBL\0000 disappeared from the system without
first being prepared for removal.

< End of report >

Re: trojan.win32.buzus.eglu10th September 2010, 5:03 am

OTL logfile created on: 10/09/2010 05:17:01 - Run 2 ....part 1
OTL by OldTimer - Version 3.2.11.0 Folder = D:\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 66.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 84.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 40.65 Gb Total Space | 11.46 Gb Free Space | 28.20% Space Free | Partition Type: NTFS
Drive D: | 65.87 Gb Total Space | 6.97 Gb Free Space | 10.59% Space Free | Partition Type: NTFS
Drive E: | 581.42 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
Drive G: | 3.73 Gb Total Space | 3.63 Gb Free Space | 97.46% Space Free | Partition Type: FAT32
Drive H: | 970.13 Mb Total Space | 393.44 Mb Free Space | 40.56% Space Free | Partition Type: FAT
I: Drive not present or media not loaded

Computer Name: TANIA-82363
Current User Name: Tania Wood
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/09/10 04:24:35 | 000,574,976 | ---- | M] (OldTimer Tools) -- D:\My Documents\Downloads\OTL.exe
PRC - [2009/09/02 18:30:28 | 000,078,104 | ---- | M] (iWin Inc.) -- C:\Program Files\iWin Games\iWinTrusted.exe
PRC - [2009/08/18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
PRC - [2009/08/18 11:29:22 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
PRC - [2009/06/29 09:02:55 | 000,551,424 | ---- | M] (F-Secure Corp.) -- C:\Program Files\F-Secure Internet Security\Anti-Virus\fssm32.exe
PRC - [2009/06/29 09:02:55 | 000,434,176 | ---- | M] (F-Secure Corp.) -- C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32.exe
PRC - [2008/12/29 19:47:06 | 000,339,968 | ---- | M] (Western Digital Technologies, Inc.) -- C:\WINDOWS\system32\WDBtnMgr.exe
PRC - [2008/10/20 22:18:26 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe
PRC - [2008/04/14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/04/09 12:39:08 | 003,068,352 | ---- | M] () -- C:\Program Files\Kontiki\KService.exe
PRC - [2007/11/07 19:26:44 | 001,945,688 | ---- | M] (Acronis) -- C:\Program Files\Acronis\TrueImage\TimounterMonitor.exe
PRC - [2007/11/07 19:18:28 | 000,148,760 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
PRC - [2007/11/07 19:18:22 | 000,406,808 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
PRC - [2007/11/07 19:14:04 | 001,165,120 | ---- | M] (Acronis) -- C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe
PRC - [2007/08/24 11:24:00 | 000,174,960 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure Internet Security\FSAUA\program\fsus.exe
PRC - [2007/05/25 14:13:52 | 000,596,848 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure Internet Security\FSPC\fspc.exe
PRC - [2007/05/25 14:13:04 | 000,232,360 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure Internet Security\Common\FSMB32.EXE
PRC - [2007/05/25 14:12:54 | 000,113,576 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE
PRC - [2007/05/25 14:12:38 | 000,125,864 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure Internet Security\Common\FCH32.EXE
PRC - [2007/05/25 14:12:36 | 000,392,048 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure Internet Security\Common\FAMEH32.EXE
PRC - [2007/05/25 14:10:08 | 000,453,488 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure Internet Security\FWES\program\fsdfwd.exe
PRC - [2007/05/25 14:08:28 | 000,043,952 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure Internet Security\Anti-Virus\fsqh.exe
PRC - [2007/05/25 14:08:20 | 000,048,072 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
PRC - [2007/05/25 14:07:58 | 000,319,856 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure Internet Security\Anti-Virus\fsav32.exe
PRC - [2007/05/25 14:07:06 | 000,457,584 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure Internet Security\FSAUA\program\fsaua.exe
PRC - [2007/05/11 10:06:50 | 000,143,360 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
PRC - [2007/04/26 11:49:34 | 000,495,616 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\DDWMon.exe
PRC - [2007/04/18 13:34:40 | 000,299,008 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TPSMain.exe
PRC - [2007/04/18 13:34:26 | 000,040,960 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TPSBattM.exe
PRC - [2007/04/09 23:01:02 | 000,166,680 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxext.exe
PRC - [2007/04/02 10:34:36 | 000,562,744 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\ThpSrv.exe
PRC - [2007/02/25 21:55:18 | 000,125,048 | ---- | M] (TOSHIBA CORPORATION) -- c:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosBtSrv.exe
PRC - [2007/02/16 20:40:50 | 000,069,632 | ---- | M] (OLYMPUS IMAGING CORP.) -- C:\Program Files\Olympus\DeviceDetector\DM1Service.exe
PRC - [2007/02/12 13:38:04 | 000,355,096 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2007/02/12 13:37:58 | 000,174,872 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2006/10/05 20:10:12 | 000,009,216 | ---- | M] (Agere Systems) -- C:\WINDOWS\system32\agrsmsvc.exe
PRC - [2006/09/11 18:32:12 | 000,094,208 | ---- | M] (EMC Corporation) -- C:\Program Files\Retrospect\Retrospect Express HD 2.0\retrorun.exe
PRC - [2006/08/07 12:58:10 | 000,253,952 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\00THotkey.exe
PRC - [2006/05/25 18:30:16 | 000,114,688 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TODDSrv.exe
PRC - [2006/04/11 02:14:52 | 000,622,592 | ---- | M] (TOSHIBA Corp.) -- C:\WINDOWS\system32\TFNF5.exe
PRC - [2006/03/06 16:30:58 | 000,114,688 | ---- | M] (TOSHIBA) -- C:\Program Files\TOSHIBA\TME3\TMESRV31.exe
PRC - [2005/08/31 14:46:04 | 000,102,400 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TouchED\TouchED.exe
PRC - [2005/08/05 15:54:58 | 000,155,648 | ---- | M] (TOSHIBA) -- C:\Program Files\TOSHIBA\DualPointUtility\TEDTray.exe
PRC - [2005/05/17 11:42:02 | 000,049,152 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe
PRC - [2005/04/11 11:26:06 | 000,065,536 | ---- | M] (TOSHIBA) -- C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
PRC - [2005/01/18 00:38:38 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

========== Modules (SafeList) ==========

MOD - [2010/09/10 04:24:35 | 000,574,976 | ---- | M] (OldTimer Tools) -- D:\My Documents\Downloads\OTL.exe
MOD - [1999/12/07 21:00:00 | 000,106,547 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Texthelp Systems\Read And Write 8\msscript.ocx

========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (gusvc)
SRV - [2010/03/18 16:47:22 | 000,035,160 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe -- (aspnet_state)
SRV - [2010/03/18 13:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/18 13:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2009/09/02 18:30:28 | 000,078,104 | ---- | M] (iWin Inc.) [Auto | Running] -- C:\Program Files\iWin Games\iWinTrusted.exe -- (iWinTrusted)
SRV - [2009/08/18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2008/10/20 22:18:26 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU)
SRV - [2008/10/09 14:47:42 | 001,079,176 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService)
SRV - [2008/06/13 17:29:14 | 000,356,920 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService)
SRV - [2008/04/09 12:39:08 | 003,068,352 | ---- | M] () [Auto | Running] -- C:\Program Files\Kontiki\KService.exe -- (KService)
SRV - [2007/11/07 19:18:22 | 000,406,808 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2007/11/07 09:58:18 | 003,004,416 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x86\msvsmon.exe -- (msvsmon90)
SRV - [2007/05/31 17:30:53 | 001,174,664 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2007/05/25 14:12:54 | 000,113,576 | ---- | M] (F-Secure Corporation) [Auto | Running] -- C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE -- (FSMA)
SRV - [2007/05/25 14:10:08 | 000,453,488 | ---- | M] (F-Secure Corporation) [On_Demand | Running] -- C:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe -- (FSDFWD)
SRV - [2007/05/25 14:08:20 | 000,048,072 | ---- | M] (F-Secure Corporation) [Auto | Running] -- C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe -- (F-Secure Gatekeeper Handler Starter)
SRV - [2007/05/25 14:07:06 | 000,457,584 | ---- | M] (F-Secure Corporation) [On_Demand | Running] -- C:\Program Files\F-Secure Internet Security\FSAUA\program\fsaua.exe -- (FSAUA)
SRV - [2007/04/02 10:34:36 | 000,562,744 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\WINDOWS\system32\ThpSrv.exe -- (Thpsrv)
SRV - [2007/02/25 21:55:18 | 000,125,048 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- c:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
SRV - [2007/02/16 20:40:50 | 000,069,632 | ---- | M] (OLYMPUS IMAGING CORP.) [Auto | Running] -- C:\Program Files\Olympus\DeviceDetector\DM1Service.exe -- (DM1Service)
SRV - [2007/02/12 13:38:04 | 000,355,096 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2007/02/10 06:29:56 | 000,089,968 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2006/10/05 20:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\WINDOWS\system32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2006/09/11 18:32:12 | 000,094,208 | ---- | M] (EMC Corporation) [Auto | Running] -- C:\Program Files\Retrospect\Retrospect Express HD 2.0\retrorun.exe -- (RetroExpLauncher)
SRV - [2006/05/25 18:30:16 | 000,114,688 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\WINDOWS\system32\TODDSrv.exe -- (TODDSrv)
SRV - [2006/03/06 16:30:58 | 000,114,688 | ---- | M] (TOSHIBA) [Auto | Running] -- C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe -- (Tmesrv)
SRV - [2005/01/18 00:38:38 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (CFSvcs)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\usbaapl.sys -- (USBAAPL)
DRV - File not found [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\DRIVERS\nielprt.sys -- (nielprt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\nielgfx.sys -- (NielGfx)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2010/05/31 19:58:35 | 006,608,512 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw5x32.sys -- (NETw5x32) Intel(R)
DRV - [2010/03/26 00:59:22 | 000,243,928 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e1e5132.sys -- (e1express) Intel(R)
DRV - [2010/01/19 12:49:50 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - [2010/01/19 12:49:50 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - [2010/01/19 12:49:50 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - [2010/01/19 12:49:50 | 000,009,216 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\massfilter.sys -- (massfilter)
DRV - [2009/12/18 10:58:52 | 000,011,336 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\SystemRequirementsLab\cpudrv.sys -- (cpudrv)
DRV - [2009/06/29 09:02:56 | 000,077,824 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\F-Secure Internet Security\Anti-Virus\minifilter\fsgk.sys -- (F-Secure Gatekeeper)
DRV - [2008/11/22 15:15:24 | 000,051,072 | ---- | M] (F-Secure Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\fsdfw.sys -- (FSFW)
DRV - [2008/11/22 15:15:16 | 000,041,184 | ---- | M] () [Kernel | System | Running] -- C:\Program Files\F-Secure Internet Security\HIPS\fshs.sys -- (F-Secure HIPS)
DRV - [2008/08/25 13:36:30 | 000,081,288 | ---- | M] (PCTools Research Pty Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\iksyssec.sys -- (IKSysSec)
DRV - [2008/08/25 13:36:28 | 000,066,952 | ---- | M] (PCTools Research Pty Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\iksysflt.sys -- (IKSysFlt)
DRV - [2008/08/25 13:36:28 | 000,040,840 | ---- | M] (PCTools Research Pty Ltd.) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ikfilesec.sys -- (IKFileSec)
DRV - [2008/04/13 19:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/13 17:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007/12/07 14:39:21 | 000,400,864 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\timntr.sys -- (timounter)
DRV - [2007/12/07 14:39:21 | 000,040,064 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\tifsfilt.sys -- (tifsfilter)
DRV - [2007/12/07 14:39:18 | 000,120,992 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\snapman.sys -- (snapman)
DRV - [2007/08/08 11:12:40 | 000,101,120 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2007/05/25 14:09:16 | 000,025,456 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Program Files\F-Secure Internet Security\Anti-Virus\win2k\fsrec.sys -- (F-Secure Recognizer)
DRV - [2007/05/25 14:09:10 | 000,040,048 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Program Files\F-Secure Internet Security\Anti-Virus\win2k\fsfilter.sys -- (F-Secure Filter)
DRV - [2007/04/05 07:19:20 | 000,546,112 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ar5211.sys -- (AR5211)
DRV - [2007/03/30 22:34:14 | 005,704,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)
DRV - [2007/03/30 17:19:08 | 000,041,856 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfusb.sys -- (tosrfusb)
DRV - [2007/03/26 12:22:18 | 000,105,856 | ---- | M] (TOSHIBA Corporation) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\tdudf.sys -- (tdudf)
DRV - [2007/03/22 13:07:00 | 000,020,992 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\thpdrv.sys -- (Thpdrv)
DRV - [2007/03/13 03:32:40 | 004,486,144 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007/03/09 15:23:18 | 000,006,528 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Thpevm.SYS -- (Thpevm)
DRV - [2007/03/01 16:53:12 | 000,073,728 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Tosrfhid.sys -- (Tosrfhid)
DRV - [2007/02/25 14:05:24 | 002,203,520 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NETw4x32.sys -- (NETw4x32) Intel(R)
DRV - [2007/02/22 19:56:24 | 000,113,920 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfbd.sys -- (tosrfbd)
DRV - [2007/02/22 15:10:30 | 000,016,128 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV - [2007/02/21 18:20:36 | 000,435,072 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\TEchoCan.sys -- (TEchoCan)
DRV - [2007/02/19 12:15:32 | 000,134,016 | ---- | M] (TOSHIBA Corporation) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\trudf.sys -- (trudf)
DRV - [2007/02/15 16:44:06 | 000,016,768 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\TVALZ.SYS -- (TVALZ)
DRV - [2007/02/12 13:36:54 | 000,277,784 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\iaStor.sys -- (iaStor)
DRV - [2007/01/24 22:44:06 | 000,290,304 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21)
DRV - [2007/01/22 10:43:26 | 000,053,376 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TosRfSnd.sys -- (TosRfSnd)
DRV - [2006/11/28 23:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006/11/20 17:55:16 | 000,036,480 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfbnp.sys -- (tosrfbnp)
DRV - [2006/10/23 16:32:20 | 000,009,216 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosrfec.sys -- (tosrfec)
DRV - [2006/10/10 19:33:00 | 000,041,600 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosporte.sys -- (tosporte)
DRV - [2006/05/05 18:00:02 | 000,013,568 | ---- | M] (UPEK Inc.) [File_System | Auto | Running] -- C:\Program Files\Common Files\Protector Suite QL\Drivers\FdRedir.sys -- (FdRedir)
DRV - [2006/05/05 17:59:52 | 000,033,024 | ---- | M] (UPEK Inc.) [Kernel | Auto | Running] -- C:\Program Files\Common Files\Protector Suite QL\Drivers\filedisk.sys -- (FileDisk2)
DRV - [2006/05/05 17:43:38 | 000,028,800 | ---- | M] (UPEK Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tcusb.sys -- (TcUsb)
DRV - [2006/05/05 17:33:04 | 000,003,456 | ---- | M] (UPEK Inc.) [Kernel | Auto | Running] -- C:\Program Files\Protector Suite QL\smihlp.sys -- (smihlp)
DRV - [2005/08/01 16:45:00 | 000,064,896 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tosrfcom.sys -- (Tosrfcom)
DRV - [2005/06/10 21:26:00 | 000,035,968 | ---- | M] (Infineon Technologies AG) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ifxtpm.sys -- (IFXTPM)
DRV - [2005/01/06 13:42:00 | 000,018,612 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfnds.sys -- (tosrfnds)
DRV - [2004/06/16 11:08:48 | 000,005,888 | ---- | M] (Toshiba Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TMEI3E.sys -- (TMEI3E)
DRV - [2004/05/09 04:38:06 | 000,101,833 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2003/07/16 15:27:40 | 000,043,264 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ser2pl.sys -- (Ser2pl)
DRV - [2003/01/29 22:35:00 | 000,012,032 | ---- | M] (TOSHIBA Corporation.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\Netdevio.sys -- (Netdevio)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,FirstHomePage = http://www.google.co.uk/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.defaulturl: "http://search.babylon.com/web/{searchTerms}?babsrc=browsersearch"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.selectedEngine: "Search the web (Babylon)"
FF - prefs.js..browser.startup.homepage: "http://www.google.co.uk/"
FF - prefs.js..extensions.enabledItems: {AA1ACB70-B5F1-4037-909E-1F725B04D2A8}:1.7.0.3990
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {5909FC3D-7F8B-415d-A5D1-7C7E941E536E}:2.7.0.4370
FF - prefs.js..extensions.enabledItems: {7b13ec3e-999a-4b70-b9cb-2617b8323822}:2.5.6.0

FF - HKLM\software\mozilla\Firefox\extensions\\{AA1ACB70-B5F1-4037-909E-1F725B04D2A8}: C:\Program Files\Contextual Content Manager\1.7.0.3990\FF [2010/06/04 13:25:42 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{5909FC3D-7F8B-415d-A5D1-7C7E941E536E}: C:\Program Files\Textual Content Enhancer\2.7.0.4370\FF [2010/06/04 13:26:00 | 000,000,000 | ---D | M]

[2010/02/21 06:36:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tania Wood\Application Data\Mozilla\Extensions
[2010/02/21 06:36:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tania Wood\Application Data\Mozilla\Extensions\IMVUClientXUL@imvu.com
[2010/09/06 03:02:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tania Wood\Application Data\Mozilla\Firefox\Profiles\os6m0tqw.default\extensions
[2009/09/03 15:34:42 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Tania Wood\Application Data\Mozilla\Firefox\Profiles\os6m0tqw.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/02/08 18:21:43 | 000,000,000 | ---D | M] (Zynga Toolbar) -- C:\Documents and Settings\Tania Wood\Application Data\Mozilla\Firefox\Profiles\os6m0tqw.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
[2009/09/29 12:28:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tania Wood\Application Data\Mozilla\Firefox\Profiles\os6m0tqw.default\extensions\foxmarks@kei.com
[2009/09/29 12:28:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tania Wood\Application Data\Mozilla\Firefox\Profiles\os6m0tqw.default\extensions\isreaditlater@ideashower.com
[2009/09/29 12:28:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tania Wood\Application Data\Mozilla\Firefox\Profiles\os6m0tqw.default\extensions\smarterwiki@wikiatic.com
[2010/09/05 03:07:54 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/05/25 14:58:40 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2008/11/11 08:38:54 | 000,663,552 | ---- | M] (BitComet) -- C:\Program Files\Mozilla Firefox\plugins\npBitCometAgent.dll
[2010/04/12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2006/09/26 13:03:14 | 000,098,304 | ---- | M] (Zylom) -- C:\Program Files\Mozilla Firefox\plugins\npzylomgamesplayer.dll

O1 HOSTS File: ([2010/09/06 03:43:53 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (txthlpBHO Class) - {060235DC-6D84-47BD-95D7-A4EF5099A59D} - C:\Program Files\Texthelp Systems\Read And Write 8\texthelpbho.dll ()
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O4 - HKLM..\Run: [000StTHK] C:\WINDOWS\System32\000StTHK.exe ()
O4 - HKLM..\Run: [00THotkey] C:\WINDOWS\system32\00THotkey.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImage\TimounterMonitor.exe (Acronis)
O4 - HKLM..\Run: [DDWMon] C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe ()
O4 - HKLM..\Run: [DpUtil] C:\Program Files\TOSHIBA\DualPointUtility\TEDTray.exe (TOSHIBA)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TFNF5] C:\WINDOWS\System32\TFNF5.exe (TOSHIBA Corp.)
O4 - HKLM..\Run: [TOSDCR] C:\WINDOWS\System32\TOSDCR.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TosHKCW.exe] C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TPSMain] C:\WINDOWS\System32\TPSMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TPSODDCtl] C:\WINDOWS\System32\TPSODDCtl.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe (Acronis)
O4 - HKLM..\Run: [WD Button Manager] C:\WINDOWS\System32\WDBtnMgr.exe (Western Digital Technologies, Inc.)
O4 - HKCU..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll (F-Secure Corporation)
O9 - Extra 'Tools' menuitem : Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll (F-Secure Corporation)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Tania Wood\Start Menu\Programs\IMVU\Run IMVU.lnk File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} https://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1192731469078 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1192731515546 (MUWebControl Class)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.microsoft.com/officeupdate/content/opuc4.cab (Office Update Installation Engine)
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://d1ylr6sba64qi3.cloudfront.net/global/bin/srldetect_intel_4.1.66.0.cab (SysInfo Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\x-sdch {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - Reg Error: Key error. File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\psfus: DllName - psqlpwd.dll - C:\WINDOWS\System32\psqlpwd.dll (UPEK Inc.)
O20 - Winlogon\Notify\TosBtNP: DllName - TosBtNP.dll - C:\WINDOWS\System32\TosBtNP.dll (TOSHIBA CORPORATION)
O24 - Desktop WallPaper: C:\Documents and Settings\Tania Wood\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Tania Wood\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (relog_ap) - C:\WINDOWS\System32\relog_ap.dll (Acronis)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/05/30 10:22:24 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2004/03/10 01:34:10 | 000,022,528 | R--- | M] () - E:\AutoRunLauncher.exe -- [ CDFS ]
O32 - AutoRun File - [2004/03/10 01:34:10 | 000,000,051 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 2

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sdauxservice - C:\Program Files\Spyware Doctor\pctsAuxs.exe (PC Tools)
SafeBootMin: sdcoreservice - C:\Program Files\Spyware Doctor\pctsSvc.exe (PC Tools)
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sdauxservice - C:\Program Files\Spyware Doctor\pctsAuxs.exe (PC Tools)
SafeBootNet: sdcoreservice - C:\Program Files\Spyware Doctor\pctsSvc.exe (PC Tools)
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {ECD292A0-0347-4244-8C24-5DBCE990FB40} - Hotfix for Microsoft .NET Framework 3.0 (KB932471)
ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
ActiveX: Microsoft Base Smart Card Crypto Provider Package -

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codecx.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.siren - C:\WINDOWS\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.tscc - C:\WINDOWS\System32\tsccvid.dll (TechSmith Corporation)
Drivers32: vidc.VP60 - C:\WINDOWS\system32\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\WINDOWS\system32\vp6vfw.dll (On2.com)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (17183584330711040)

========== Files/Folders - Created Within 30 Days ==========

Re: trojan.win32.buzus.eglu10th September 2010, 5:04 am

OTL logfile created on: 10/09/2010 05:17:01 - Run 2 ....part 2

[2010/09/07 00:43:31 | 000,000,000 | ---D | C] -- C:\Program Files\Phoenix Viewer
[2010/09/07 00:21:39 | 000,567,680 | ---- | C] (Google Inc.) -- C:\Documents and Settings\Tania Wood\Desktop\ChromeSetup.exe
[2010/09/06 23:59:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\WindowsPowerShell
[2010/09/06 23:59:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\winrm
[2010/09/06 23:59:27 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$968930Uinstall_KB968930$
[2010/09/06 23:59:06 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010/09/06 22:05:20 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Tania Wood\Recent
[2010/09/06 03:31:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2010/09/05 22:04:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SecTaskMan
[2010/09/05 22:04:30 | 000,000,000 | ---D | C] -- C:\Program Files\Security Task Manager
[2010/09/05 21:39:06 | 000,000,000 | ---D | C] -- C:\Program Files\Eusing Free Registry Cleaner
[2010/09/05 17:52:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tania Wood\Application Data\Uniblue
[2010/09/05 04:35:38 | 000,000,000 | ---D | C] -- C:\d2bf15400392b349be9432
[2010/09/05 04:25:27 | 048,643,144 | ---- | C] ( ) -- C:\Documents and Settings\Tania Wood\Desktop\AppFix.exe
[2010/09/05 03:57:14 | 003,427,248 | ---- | C] (Piriform Ltd) -- C:\Documents and Settings\Tania Wood\Desktop\ccsetup235.exe
[2010/09/05 03:17:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tania Wood\Local Settings\Application Data\SecondLife
[2010/09/05 02:31:31 | 049,718,955 | ---- | C] (PhoenixViewer.com ) -- C:\Documents and Settings\Tania Wood\Desktop\Phoenix_Viewer_1.5.0.1.exe
[2010/08/19 19:31:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2010/08/19 18:50:43 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/08/19 16:44:05 | 000,000,000 | ---D | C] -- C:\Combo-Fix
[2010/08/19 16:02:30 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/08/19 15:53:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/08/19 15:27:22 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2010/08/16 14:06:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tania Wood\Desktop\basic
[2010/08/12 17:35:37 | 000,026,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xmlinst.exe
[2010/08/12 17:35:37 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msxml3a.dll
[2010/08/12 17:35:34 | 000,000,000 | ---D | C] -- C:\Program Files\Ubisoft
[1996/11/18 22:15:46 | 000,018,944 | ---- | C] ( ) -- C:\WINDOWS\System32\implode.dll
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/09/10 05:13:22 | 000,000,474 | ---- | M] () -- C:\WINDOWS\tasks\SDMsgUpdate (TE).job
[2010/09/10 05:11:36 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/09/10 05:11:03 | 000,000,996 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3605395860-2466649076-873052810-1008UA.job
[2010/09/10 05:11:03 | 000,000,526 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled scanning task.job
[2010/09/10 05:11:03 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/09/10 05:11:02 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/09/10 05:09:41 | 000,002,428 | ---- | M] () -- C:\error.htm
[2010/09/10 01:32:23 | 000,000,230 | ---- | M] () -- C:\infect.htm
[2010/09/10 00:27:00 | 000,000,944 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3605395860-2466649076-873052810-1008Core.job
[2010/09/09 23:34:59 | 000,195,441 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\wave at verandas.jpg
[2010/09/09 23:34:55 | 000,181,145 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\at verandas.jpg
[2010/09/09 23:34:48 | 000,208,459 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\team at trapp.jpg
[2010/09/09 23:34:46 | 000,141,051 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\jump.jpg
[2010/09/09 20:17:40 | 000,150,424 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\beach.JPG
[2010/09/09 13:09:22 | 000,016,304 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\cherry comp.JPG
[2010/09/09 05:34:30 | 000,108,265 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\cherry loves us all.jpg
[2010/09/09 05:24:47 | 000,396,147 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\741360_YRzDMezWHAzqmBIaqLQ22.png
[2010/09/09 05:24:36 | 000,376,467 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\741360_V5JsoA1CaH2C3BpcWS602.png
[2010/09/09 05:24:25 | 000,376,467 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\741360_V5JsoA1CaH2C3BpcWS601.png
[2010/09/09 05:24:05 | 000,114,401 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\great team.jpg
[2010/09/09 05:23:49 | 000,396,147 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\741360_YRzDMezWHAzqmBIaqLQ21.png
[2010/09/09 05:22:26 | 000,376,467 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\741360_V5JsoA1CaH2C3BpcWS60.png
[2010/09/09 05:22:04 | 000,396,147 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\741360_YRzDMezWHAzqmBIaqLQ2.png
[2010/09/09 05:22:02 | 000,099,645 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\the wall.jpg
[2010/09/09 05:20:25 | 000,774,881 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\mary's 2.PNG
[2010/09/09 05:17:33 | 000,095,097 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\come ave a piccy.JPG
[2010/09/09 05:16:40 | 000,179,631 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\Group Hug 1.jpg
[2010/09/09 05:16:05 | 000,248,340 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\Group Hug 2.jpg
[2010/09/09 05:12:38 | 000,171,720 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\Count Down1.jpg
[2010/09/09 05:11:35 | 000,151,179 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\woot love ya.JPG
[2010/09/09 05:09:26 | 000,235,398 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\Count Down 2.jpg
[2010/09/09 05:07:46 | 000,639,718 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\ahhhhh 3.png
[2010/09/09 05:07:41 | 000,171,720 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\Count Down.jpg
[2010/09/09 05:06:13 | 000,110,093 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\last ones standing.JPG
[2010/09/08 20:26:56 | 000,174,149 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\tree.JPG
[2010/09/08 20:26:41 | 000,198,562 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\fireworks.JPG
[2010/09/08 20:26:25 | 000,174,195 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\hill.JPG
[2010/09/08 04:25:29 | 000,002,515 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Office Word 2007.lnk
[2010/09/07 22:36:57 | 000,085,064 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/09/07 21:57:41 | 000,125,640 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\swan.JPG
[2010/09/07 21:56:30 | 000,140,030 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\fairy 2.JPG
[2010/09/07 21:54:01 | 000,139,431 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\landscape.JPG
[2010/09/07 21:52:57 | 000,139,783 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\fairy.JPG
[2010/09/07 21:52:41 | 000,135,536 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\lady2.JPG
[2010/09/07 21:52:26 | 000,139,929 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\lady.JPG
[2010/09/07 00:45:12 | 000,000,833 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Phoenix Viewer.lnk
[2010/09/07 00:42:39 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2010/09/07 00:22:34 | 000,002,323 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\Google Chrome.lnk
[2010/09/07 00:22:34 | 000,002,301 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/09/07 00:21:47 | 000,567,680 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Tania Wood\Desktop\ChromeSetup.exe
[2010/09/07 00:14:38 | 012,058,624 | -H-- | M] () -- C:\Documents and Settings\Tania Wood\NTUSER.DAT
[2010/09/07 00:14:38 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Tania Wood\ntuser.ini
[2010/09/07 00:10:42 | 000,625,550 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/09/07 00:10:42 | 000,533,818 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/09/07 00:10:42 | 000,099,586 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/09/07 00:00:04 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/09/06 22:55:31 | 000,332,280 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/09/06 22:07:02 | 000,004,868 | ---- | M] () -- D:\My Documents\cc_20100906_220659.reg
[2010/09/06 20:34:11 | 140,309,118 | ---- | M] () -- D:\My Documents\regbackup.reg
[2010/09/06 06:26:36 | 000,122,532 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\JENEDY~1.JPG
[2010/09/06 06:25:32 | 000,011,803 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\41RT83VEX2L__SL500_AA300_.jpg
[2010/09/06 03:59:54 | 000,030,226 | ---- | M] () -- D:\My Documents\cc_20100906_035949.reg
[2010/09/06 03:43:53 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2010/09/06 03:37:02 | 000,511,968 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\sdsetup.exe
[2010/09/05 21:44:04 | 142,646,658 | ---- | M] () -- D:\My Documents\EFRbackup.reg
[2010/09/05 21:39:08 | 000,000,740 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\Eusing Free Registry Cleaner.lnk
[2010/09/05 21:38:57 | 000,963,827 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\EFRCSetup.exe
[2010/09/05 17:47:57 | 000,001,352 | ---- | M] () -- D:\My Documents\cc_20100905_174753.reg
[2010/09/05 10:36:50 | 000,000,745 | ---- | M] () -- D:\My Documents\xp_exe_fix.zip
[2010/09/05 04:29:38 | 048,643,144 | ---- | M] ( ) -- C:\Documents and Settings\Tania Wood\Desktop\AppFix.exe
[2010/09/05 04:00:14 | 000,050,426 | ---- | M] () -- D:\My Documents\cc_20100905_040004.reg
[2010/09/05 03:59:32 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\CCleaner.lnk
[2010/09/05 03:57:21 | 003,427,248 | ---- | M] (Piriform Ltd) -- C:\Documents and Settings\Tania Wood\Desktop\ccsetup235.exe
[2010/09/05 03:14:14 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/09/05 02:31:40 | 049,718,955 | ---- | M] (PhoenixViewer.com ) -- C:\Documents and Settings\Tania Wood\Desktop\Phoenix_Viewer_1.5.0.1.exe
[2010/09/05 02:29:24 | 000,700,144 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\Second_Life_Setup.exe
[2010/09/03 04:03:06 | 000,173,835 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\painting to try.JPG
[2010/09/03 04:02:49 | 000,156,056 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\chery.JPG
[2010/09/03 03:48:51 | 000,160,887 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\wicked.JPG
[2010/09/03 03:46:40 | 000,149,804 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\rosestem.JPG
[2010/09/03 03:36:25 | 000,158,863 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\flower.JPG
[2010/09/03 03:31:18 | 000,139,443 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\purple storm.JPG
[2010/09/03 03:26:18 | 000,146,335 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\snakes eyes.JPG
[2010/09/03 03:25:47 | 000,152,181 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\cards.JPG
[2010/09/03 03:24:03 | 000,138,825 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\vicks rose mwhahahah.JPG
[2010/09/02 06:54:18 | 000,142,799 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\cove.JPG
[2010/09/02 06:53:46 | 000,162,927 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\blue rose.JPG
[2010/09/01 19:45:51 | 000,146,913 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\phoenix.jpg
[2010/09/01 15:51:56 | 000,025,808 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\invisible1.JPG
[2010/08/28 19:14:07 | 000,156,575 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\wow.JPG
[2010/08/27 22:19:51 | 000,016,649 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\droplet-on-a-rose.jpg
[2010/08/27 06:44:58 | 000,188,091 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\painting.JPG
[2010/08/27 06:37:49 | 000,157,842 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\hoofy.JPG
[2010/08/26 06:16:40 | 000,112,869 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\rose.JPG
[2010/08/25 20:18:45 | 000,146,069 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\orange sun.JPG
[2010/08/25 07:53:42 | 000,164,363 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\towers.JPG
[2010/08/25 02:08:54 | 000,182,647 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\lighthouse.JPG
[2010/08/25 02:08:04 | 000,175,308 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\ocean.JPG
[2010/08/24 17:10:59 | 000,149,811 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\eeeeeeeeeeeeee.JPG
[2010/08/23 19:25:13 | 000,078,868 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\bboik.html
[2010/08/23 15:06:46 | 000,177,606 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\rollingsea.JPG
[2010/08/23 15:04:55 | 000,151,841 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\sundown.JPG
[2010/08/23 14:49:35 | 000,168,380 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\romance.JPG
[2010/08/23 14:48:34 | 000,152,632 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\apples.JPG
[2010/08/23 14:25:51 | 000,152,149 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\mystical lights.JPG
[2010/08/23 14:19:14 | 000,147,404 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\footprints.JPG
[2010/08/23 06:34:38 | 000,153,601 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\tez.JPG
[2010/08/23 06:30:40 | 000,192,308 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\untitled.JPG
[2010/08/19 19:19:43 | 000,000,774 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/08/19 19:19:43 | 000,000,296 | RHS- | M] () -- C:\boot.ini
[2010/08/19 19:19:43 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/08/19 18:57:00 | 044,089,904 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\avira_antivir_personal_en.exe
[2010/08/19 15:19:57 | 000,000,226 | ---- | M] () -- C:\Boot.bak
[2010/08/19 12:46:30 | 000,000,897 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\Open F-Secure Internet Security 2008 OEM.lnk
[2010/08/12 17:45:01 | 000,001,804 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\Ubisoft Product Registration.lnk
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/09/10 00:59:41 | 000,002,428 | ---- | C] () -- C:\error.htm
[2010/09/10 00:59:41 | 000,000,230 | ---- | C] () -- C:\infect.htm
[2010/09/09 23:34:50 | 000,195,441 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\wave at verandas.jpg
[2010/09/09 23:34:47 | 000,181,145 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\at verandas.jpg
[2010/09/09 23:34:44 | 000,208,459 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\team at trapp.jpg
[2010/09/09 23:34:34 | 000,141,051 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\jump.jpg
[2010/09/09 20:17:40 | 000,150,424 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\beach.JPG
[2010/09/09 13:09:22 | 000,016,304 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\cherry comp.JPG
[2010/09/09 05:34:30 | 000,108,265 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\cherry loves us all.jpg
[2010/09/09 05:24:35 | 000,396,147 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\741360_YRzDMezWHAzqmBIaqLQ22.png
[2010/09/09 05:24:24 | 000,376,467 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\741360_V5JsoA1CaH2C3BpcWS602.png
[2010/09/09 05:24:15 | 000,376,467 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\741360_V5JsoA1CaH2C3BpcWS601.png
[2010/09/09 05:24:04 | 000,114,401 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\great team.jpg
[2010/09/09 05:23:34 | 000,396,147 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\741360_YRzDMezWHAzqmBIaqLQ21.png
[2010/09/09 05:22:06 | 000,376,467 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\741360_V5JsoA1CaH2C3BpcWS60.png
[2010/09/09 05:21:58 | 000,099,645 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\the wall.jpg
[2010/09/09 05:21:49 | 000,396,147 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\741360_YRzDMezWHAzqmBIaqLQ2.png
[2010/09/09 05:17:33 | 000,095,097 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\come ave a piccy.JPG
[2010/09/09 05:15:36 | 000,179,631 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\Group Hug 1.jpg
[2010/09/09 05:14:45 | 000,774,881 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\mary's 2.PNG
[2010/09/09 05:13:15 | 000,248,340 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\Group Hug 2.jpg
[2010/09/09 05:12:33 | 000,171,720 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\Count Down1.jpg
[2010/09/09 05:11:28 | 000,151,179 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\woot love ya.JPG
[2010/09/09 05:09:17 | 000,235,398 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\Count Down 2.jpg
[2010/09/09 05:07:37 | 000,171,720 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\Count Down.jpg
[2010/09/09 05:07:28 | 000,639,718 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\ahhhhh 3.png
[2010/09/09 05:06:13 | 000,110,093 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\last ones standing.JPG
[2010/09/08 20:26:56 | 000,174,149 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\tree.JPG
[2010/09/08 20:26:41 | 000,198,562 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\fireworks.JPG
[2010/09/08 20:26:25 | 000,174,195 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\hill.JPG
[2010/09/07 21:57:41 | 000,125,640 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\swan.JPG
[2010/09/07 21:56:30 | 000,140,030 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\fairy 2.JPG
[2010/09/07 21:54:01 | 000,139,431 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\landscape.JPG
[2010/09/07 21:52:57 | 000,139,783 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\fairy.JPG
[2010/09/07 21:52:41 | 000,135,536 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\lady2.JPG
[2010/09/07 21:52:26 | 000,139,929 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\lady.JPG
[2010/09/07 00:45:12 | 000,000,833 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Phoenix Viewer.lnk
[2010/09/07 00:22:34 | 000,002,323 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\Google Chrome.lnk
[2010/09/07 00:22:34 | 000,002,301 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/09/07 00:22:01 | 000,000,996 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3605395860-2466649076-873052810-1008UA.job
[2010/09/07 00:22:01 | 000,000,944 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3605395860-2466649076-873052810-1008Core.job
[2010/09/06 23:58:41 | 000,001,355 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2010/09/06 22:07:00 | 000,004,868 | ---- | C] () -- D:\My Documents\cc_20100906_220659.reg
[2010/09/06 20:33:50 | 140,309,118 | ---- | C] () -- D:\My Documents\regbackup.reg
[2010/09/06 06:26:44 | 000,122,532 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\JENEDY~1.JPG
[2010/09/06 06:25:46 | 000,011,803 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\41RT83VEX2L__SL500_AA300_.jpg
[2010/09/06 03:59:52 | 000,030,226 | ---- | C] () -- D:\My Documents\cc_20100906_035949.reg
[2010/09/06 03:31:07 | 000,511,968 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\sdsetup.exe
[2010/09/05 21:43:48 | 142,646,658 | ---- | C] () -- D:\My Documents\EFRbackup.reg
[2010/09/05 21:39:08 | 000,000,740 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\Eusing Free Registry Cleaner.lnk
[2010/09/05 21:33:36 | 000,963,827 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\EFRCSetup.exe
[2010/09/05 18:34:42 | 000,001,904 | ---- | C] () -- C:\WINDOWS\System32\SetupBD.din
[2010/09/05 17:47:55 | 000,001,352 | ---- | C] () -- D:\My Documents\cc_20100905_174753.reg
[2010/09/05 10:36:47 | 000,000,745 | ---- | C] () -- D:\My Documents\xp_exe_fix.zip
[2010/09/05 04:00:08 | 000,050,426 | ---- | C] () -- D:\My Documents\cc_20100905_040004.reg
[2010/09/05 02:29:16 | 000,700,144 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\Second_Life_Setup.exe
[2010/09/03 04:03:06 | 000,173,835 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\painting to try.JPG
[2010/09/03 04:02:49 | 000,156,056 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\chery.JPG
[2010/09/03 03:48:51 | 000,160,887 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\wicked.JPG
[2010/09/03 03:46:40 | 000,149,804 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\rosestem.JPG
[2010/09/03 03:36:25 | 000,158,863 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\flower.JPG
[2010/09/03 03:31:18 | 000,139,443 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\purple storm.JPG
[2010/09/03 03:26:18 | 000,146,335 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\snakes eyes.JPG
[2010/09/03 03:25:47 | 000,152,181 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\cards.JPG
[2010/09/03 03:24:03 | 000,138,825 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\vicks rose mwhahahah.JPG
[2010/09/02 06:54:18 | 000,142,799 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\cove.JPG
[2010/09/02 06:53:46 | 000,162,927 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\blue rose.JPG
[2010/09/01 19:45:55 | 000,146,913 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\phoenix.jpg
[2010/09/01 15:51:55 | 000,025,808 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\invisible1.JPG
[2010/08/28 19:14:07 | 000,156,575 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\wow.JPG
[2010/08/27 22:20:04 | 000,016,649 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\droplet-on-a-rose.jpg
[2010/08/27 06:44:56 | 000,188,091 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\painting.JPG
[2010/08/27 06:37:49 | 000,157,842 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\hoofy.JPG
[2010/08/26 06:16:40 | 000,112,869 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\rose.JPG
[2010/08/25 20:18:45 | 000,146,069 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\orange sun.JPG
[2010/08/25 07:53:42 | 000,164,363 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\towers.JPG
[2010/08/25 02:08:53 | 000,182,647 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\lighthouse.JPG
[2010/08/25 02:08:04 | 000,175,308 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\ocean.JPG
[2010/08/24 17:10:59 | 000,149,811 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\eeeeeeeeeeeeee.JPG
[2010/08/23 19:25:12 | 000,078,868 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\bboik.html
[2010/08/23 15:06:46 | 000,177,606 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\rollingsea.JPG
[2010/08/23 15:04:55 | 000,151,841 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\sundown.JPG
[2010/08/23 14:49:35 | 000,168,380 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\romance.JPG
[2010/08/23 14:48:34 | 000,152,632 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\apples.JPG
[2010/08/23 14:25:51 | 000,152,149 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\mystical lights.JPG
[2010/08/23 14:19:14 | 000,147,404 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\footprints.JPG
[2010/08/23 06:34:37 | 000,153,601 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\tez.JPG
[2010/08/23 06:30:39 | 000,192,308 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\untitled.JPG
[2010/08/21 01:03:18 | 000,000,526 | ---- | C] () -- C:\WINDOWS\tasks\Scheduled scanning task.job
[2010/08/19 19:10:08 | 044,089,904 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\avira_antivir_personal_en.exe
[2010/08/19 16:02:36 | 000,000,226 | ---- | C] () -- C:\Boot.bak
[2010/08/19 16:02:32 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/08/19 15:53:48 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/08/19 15:53:48 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/08/19 13:17:49 | 000,000,897 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\Open F-Secure Internet Security 2008 OEM.lnk
[2010/08/16 15:00:36 | 000,006,421 | ---- | C] () -- C:\Documents and Settings\Tania Wood\resetlog.txt
[2010/08/12 17:45:01 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\Ubisoft Product Registration.lnk
[2010/08/12 17:35:38 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\xmltok.dll
[2010/08/12 17:35:38 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\xmlparse.dll
[2010/08/12 17:35:38 | 000,035,840 | ---- | C] () -- C:\WINDOWS\System32\comdlg32.oca
[2010/08/12 17:35:37 | 000,029,184 | ---- | C] () -- C:\WINDOWS\System32\MSINET.oca
[2010/02/21 05:59:33 | 000,076,407 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Application Data\Smiley.ico
[2010/01/19 12:49:54 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\RemoveDevice.dll
[2009/12/14 18:14:17 | 000,000,098 | ---- | C] () -- C:\WINDOWS\WirelessFTP.INI
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/06/01 19:42:52 | 000,000,000 | ---- | C] () -- C:\WINDOWS\tosOBEX.INI
[2009/04/18 00:42:23 | 000,000,041 | ---- | C] () -- C:\WINDOWS\crw.ini
[2009/02/15 01:02:38 | 000,000,133 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Local Settings\Application Data\fusioncache.dat
[2009/01/19 18:40:54 | 000,000,520 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/11/22 20:17:31 | 000,053,760 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/02/05 13:28:20 | 000,000,051 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Local Settings\Application Data\setup.txt
[2007/12/07 13:40:43 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\DM1USBAPIVB.dll
[2007/09/27 11:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 11:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 11:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2007/08/09 11:49:09 | 000,000,440 | ---- | C] () -- C:\WINDOWS\yahoo.ini
[2007/06/01 09:29:31 | 000,000,562 | ---- | C] () -- C:\WINDOWS\TBTdetect.ini
[2007/05/31 16:04:12 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2007/05/31 16:04:12 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2007/05/31 16:04:12 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2007/05/31 16:04:12 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2007/05/31 16:04:12 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2007/05/31 16:04:12 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2007/05/30 16:26:19 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NDSTray.INI
[2007/05/30 14:00:12 | 000,128,113 | ---- | C] () -- C:\WINDOWS\System32\csellang.ini
[2007/05/30 14:00:12 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\csellang.dll
[2007/05/30 14:00:12 | 000,010,150 | ---- | C] () -- C:\WINDOWS\System32\tosmreg.ini
[2007/05/30 14:00:12 | 000,007,671 | ---- | C] () -- C:\WINDOWS\System32\cseltbl.ini
[2007/05/30 12:44:07 | 000,910,304 | ---- | C] () -- C:\WINDOWS\System32\igmedkrn.dll
[2007/05/30 12:44:07 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4814.dll
[2007/05/30 11:20:26 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2007/05/30 10:25:22 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2007/05/30 09:13:38 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\ToshBIOS.dll
[2007/05/30 09:13:37 | 000,000,083 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2006/12/05 13:05:06 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\TosBtAcc.dll
[2005/07/22 21:30:20 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\TosCommAPI.dll
[1998/05/31 00:00:00 | 000,748,160 | ---- | C] () -- C:\WINDOWS\System32\CO2C40EN.DLL
[1996/11/18 22:15:52 | 000,131,072 | ---- | C] () -- C:\WINDOWS\System32\p2sodbc.dll
[1996/11/18 22:15:50 | 000,054,272 | ---- | C] () -- C:\WINDOWS\System32\p2irdao.dll
[1996/11/18 22:15:50 | 000,050,176 | ---- | C] () -- C:\WINDOWS\System32\p2ctdao.dll
[1996/11/18 22:15:50 | 000,036,352 | ---- | C] () -- C:\WINDOWS\System32\p2bbnd.dll

========== Custom Scans ==========

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[3 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\*.exe /lockedfiles >
[3 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2007/05/30 11:17:56 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2007/05/30 11:17:56 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2007/05/30 11:17:56 | 000,905,216 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\*.sys >
[2004/08/04 13:00:00 | 000,009,029 | ---- | M] () -- C:\WINDOWS\system32\ansi.sys
[2004/08/04 13:00:00 | 000,027,097 | ---- | M] () -- C:\WINDOWS\system32\country.sys
[2004/08/04 13:00:00 | 000,004,768 | ---- | M] () -- C:\WINDOWS\system32\himem.sys
[2004/08/04 13:00:00 | 000,042,809 | ---- | M] () -- C:\WINDOWS\system32\key01.sys
[2004/08/04 13:00:00 | 000,042,537 | ---- | M] () -- C:\WINDOWS\system32\keyboard.sys
[2004/08/04 13:00:00 | 000,027,866 | ---- | M] () -- C:\WINDOWS\system32\ntdos.sys
[2004/08/04 13:00:00 | 000,029,146 | ---- | M] () -- C:\WINDOWS\system32\ntdos404.sys
[2004/08/04 13:00:00 | 000,029,370 | ---- | M] () -- C:\WINDOWS\system32\ntdos411.sys
[2004/08/04 13:00:00 | 000,029,274 | ---- | M] () -- C:\WINDOWS\system32\ntdos412.sys
[2004/08/04 13:00:00 | 000,029,146 | ---- | M] () -- C:\WINDOWS\system32\ntdos804.sys
[2004/08/04 13:00:00 | 000,033,840 | ---- | M] () -- C:\WINDOWS\system32\ntio.sys
[2004/08/04 13:00:00 | 000,034,560 | ---- | M] () -- C:\WINDOWS\system32\ntio404.sys
[2004/08/04 13:00:00 | 000,035,648 | ---- | M] () -- C:\WINDOWS\system32\ntio411.sys
[2004/08/04 13:00:00 | 000,035,424 | ---- | M] () -- C:\WINDOWS\system32\ntio412.sys
[2004/08/04 13:00:00 | 000,034,560 | ---- | M] () -- C:\WINDOWS\system32\ntio804.sys
[2008/04/13 19:44:59 | 000,017,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\watchdog.sys
[2010/06/23 14:44:04 | 001,851,904 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\win32k.sys
[3 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\drivers\*.dll >
[2008/04/14 01:11:48 | 000,004,255 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv01nt5.dll
[2008/04/14 01:11:48 | 000,003,967 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv02nt5.dll
[2008/04/14 01:11:48 | 000,003,615 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv05nt5.dll
[2008/04/14 01:11:48 | 000,003,647 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv07nt5.dll
[2008/04/14 01:11:48 | 000,003,135 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv08nt5.dll
[2008/04/14 01:11:48 | 000,003,711 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv09nt5.dll
[2008/04/14 01:11:48 | 000,003,775 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv11nt5.dll
[2008/04/14 01:11:50 | 000,021,183 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv01nt5.dll
[2008/04/14 01:11:50 | 000,011,359 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv02nt5.dll
[2008/04/14 01:11:50 | 000,025,471 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv04nt5.dll
[2008/04/14 01:11:50 | 000,014,143 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv06nt5.dll
[2008/04/14 01:11:50 | 000,017,279 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv10nt5.dll
[2008/04/14 01:11:50 | 000,015,423 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\ch7xxnt5.dll
[2008/04/14 01:12:05 | 000,003,901 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\siint5.dll
[2008/04/14 01:12:08 | 000,011,325 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\vchnt5.dll

< %systemroot%\system32\drivers\*.ini >

< %systemroot%\system32\drivers\*.exe >

< %SYSTEMDRIVE%\*.* >
[2007/05/30 10:22:24 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/08/19 15:19:57 | 000,000,226 | ---- | M] () -- C:\Boot.bak
[2010/08/19 19:19:43 | 000,000,296 | RHS- | M] () -- C:\boot.ini
[2004/08/03 23:00:00 | 000,260,272 | ---- | M] () -- C:\cmldr
[2007/05/30 10:22:24 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2010/08/02 15:27:07 | 000,005,619 | ---- | M] () -- C:\debug.txt
[2010/09/10 05:09:41 | 000,002,428 | ---- | M] () -- C:\error.htm
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1028.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1031.txt
[2007/11/07 08:00:40 | 000,010,134 | ---- | M] () -- C:\eula.1033.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1036.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1040.txt
[2007/11/07 08:00:40 | 000,000,118 | ---- | M] () -- C:\eula.1041.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1042.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.2052.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.3082.txt
[2007/11/07 08:00:40 | 000,001,110 | ---- | M] () -- C:\globdata.ini
[2010/09/10 01:32:23 | 000,000,230 | ---- | M] () -- C:\infect.htm
[2009/02/15 02:23:56 | 000,000,164 | ---- | M] () -- C:\install.dat
[2007/11/07 08:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe
[2007/11/07 08:00:40 | 000,000,843 | ---- | M] () -- C:\install.ini
[2007/11/07 08:03:18 | 000,076,304 | ---- | M] (Microsoft Corporation) -- C:\install.res.1028.dll
[2007/11/07 08:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.1031.dll
[2007/11/07 08:03:18 | 000,091,152 | ---- | M] (Microsoft Corporation) -- C:\install.res.1033.dll
[2007/11/07 08:03:18 | 000,097,296 | ---- | M] (Microsoft Corporation) -- C:\install.res.1036.dll
[2007/11/07 08:03:18 | 000,095,248 | ---- | M] (Microsoft Corporation) -- C:\install.res.1040.dll
[2007/11/07 08:03:18 | 000,081,424 | ---- | M] (Microsoft Corporation) -- C:\install.res.1041.dll
[2007/11/07 08:03:18 | 000,079,888 | ---- | M] (Microsoft Corporation) -- C:\install.res.1042.dll
[2007/11/07 08:03:18 | 000,075,792 | ---- | M] (Microsoft Corporation) -- C:\install.res.2052.dll
[2007/11/07 08:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.3082.dll
[2007/05/30 10:22:24 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2007/05/30 10:22:24 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2010/05/01 02:25:13 | 000,000,439 | ---- | M] () -- C:\nsinst.log
[2004/08/04 13:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/11/26 04:09:02 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/09/10 05:10:58 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys
[2007/06/11 16:59:32 | 000,000,706 | -H-- | M] () -- C:\SWSTAMP.TXT
[2010/07/20 19:16:13 | 000,237,568 | -H-- | M] () -- C:\SZKGFS.dat
[2007/11/07 08:00:40 | 000,005,686 | ---- | M] () -- C:\vcredist.bmp
[2007/11/07 08:09:22 | 001,442,522 | ---- | M] () -- C:\VC_RED.cab
[2007/11/07 08:12:28 | 000,232,960 | ---- | M] () -- C:\VC_RED.MSI

< %PROGRAMFILES%\*. >
[2007/12/07 14:38:57 | 000,000,000 | ---D | M] -- C:\Program Files\Acronis
[2007/08/09 18:55:33 | 000,000,000 | ---D | M] -- C:\Program Files\Activation Assistant for the 2007 Microsoft Office suites
[2010/09/05 17:46:45 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
[2007/06/11 15:37:37 | 000,000,000 | ---D | M] -- C:\Program Files\Apoint2K
[2007/08/09 18:56:05 | 000,000,000 | ---D | M] -- C:\Program Files\Atheros
[2009/09/03 20:39:27 | 000,000,000 | ---D | M] -- C:\Program Files\AVG
[2010/02/09 15:38:47 | 000,000,000 | ---D | M] -- C:\Program Files\Babylon
[2010/09/06 03:45:37 | 000,000,000 | ---D | M] -- C:\Program Files\BitComet
[2009/12/26 21:11:37 | 000,000,000 | ---D | M] -- C:\Program Files\Bonjour
[2009/12/25 18:44:52 | 000,000,000 | ---D | M] -- C:\Program Files\BQNITW
[2008/12/07 21:30:40 | 000,000,000 | ---D | M] -- C:\Program Files\Bullzip
[2009/02/19 11:39:19 | 000,000,000 | ---D | M] -- C:\Program Files\Business Objects
[2007/12/07 20:53:03 | 000,000,000 | -H-D | M] -- C:\Program Files\CanonBJ
[2010/09/05 03:57:36 | 000,000,000 | ---D | M] -- C:\Program Files\CCleaner
[2009/02/15 20:04:55 | 000,000,000 | ---D | M] -- C:\Program Files\CDBurnerXP
[2009/02/19 11:10:45 | 000,000,000 | ---D | M] -- C:\Program Files\CE Remote Tools
[2010/09/05 17:46:47 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2007/05/30 10:20:49 | 000,000,000 | ---D | M] -- C:\Program Files\ComPlus Applications
[2010/06/04 13:24:43 | 000,000,000 | ---D | M] -- C:\Program Files\Computerized Content Operator
[2010/06/04 13:25:37 | 000,000,000 | ---D | M] -- C:\Program Files\Contextual Content Manager
[2010/06/04 13:25:04 | 000,000,000 | ---D | M] -- C:\Program Files\Customized Platform Services
[2008/11/22 15:49:54 | 000,000,000 | ---D | M] -- C:\Program Files\EditPlus 3
[2009/05/04 11:43:47 | 000,000,000 | ---D | M] -- C:\Program Files\Effexis Software
[2009/06/17 20:01:26 | 000,000,000 | ---D | M] -- C:\Program Files\Electronic Arts
[2010/03/31 03:08:36 | 000,000,000 | ---D | M] -- C:\Program Files\Entriq
[2010/09/05 21:39:13 | 000,000,000 | ---D | M] -- C:\Program Files\Eusing Free Registry Cleaner
[2009/06/29 09:03:38 | 000,000,000 | ---D | M] -- C:\Program Files\F-Secure Internet Security
[2009/02/15 02:23:06 | 000,000,000 | ---D | M] -- C:\Program Files\File Scanner Library (Spybot - Search & Destroy)
[2009/04/27 19:02:08 | 000,000,000 | ---D | M] -- C:\Program Files\FileZilla FTP Client
[2009/03/31 23:55:07 | 000,000,000 | ---D | M] -- C:\Program Files\Gamenext
[2009/03/31 22:55:09 | 000,000,000 | ---D | M] -- C:\Program Files\GamesBar
[2009/02/18 16:36:27 | 000,000,000 | ---D | M] -- C:\Program Files\glassfish-v2ur2
[2010/09/06 03:16:20 | 000,000,000 | ---D | M] -- C:\Program Files\Google
[2010/05/04 17:29:09 | 000,000,000 | ---D | M] -- C:\Program Files\HandyGamez Toolbar
[2009/02/19 11:18:28 | 000,000,000 | ---D | M] -- C:\Program Files\HTML Help Workshop
[2009/07/25 09:02:19 | 000,000,000 | ---D | M] -- C:\Program Files\Huawei Modems
[2010/09/06 03:14:39 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2010/09/05 18:35:19 | 000,000,000 | ---D | M] -- C:\Program Files\Intel
[2010/09/07 00:02:51 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2007/06/11 15:38:26 | 000,000,000 | ---D | M] -- C:\Program Files\InterVideo
[2010/09/06 03:26:17 | 000,000,000 | ---D | M] -- C:\Program Files\iTunes
[2010/08/19 19:39:57 | 000,000,000 | ---D | M] -- C:\Program Files\iWin Games
[2010/05/04 17:36:36 | 000,000,000 | ---D | M] -- C:\Program Files\iWin.com
[2010/09/06 23:34:49 | 000,000,000 | ---D | M] -- C:\Program Files\Java
[2010/03/31 03:08:50 | 000,000,000 | ---D | M] -- C:\Program Files\Kontiki
[2007/08/09 18:58:44 | 000,000,000 | ---D | M] -- C:\Program Files\ltmoh
[2008/11/26 04:19:20 | 000,000,000 | ---D | M] -- C:\Program Files\Messenger
[2010/09/06 23:58:53 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft
[2007/10/18 19:29:06 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft CAPICOM 2.1.0.2
[2009/02/19 11:35:14 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Device Emulator
[2007/08/09 18:58:45 | 000,000,000 | ---D | M] -- C:\Program Files\microsoft frontpage
[2009/02/15 02:13:06 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2009/11/18 03:14:41 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office Outlook Connector
[2009/02/19 11:10:45 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft SDKs
[2010/09/05 02:59:51 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Silverlight
[2007/06/11 15:39:22 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft SQL Server
[2009/03/15 22:56:44 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2009/02/19 11:32:46 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Synchronization Services
[2009/02/19 11:39:20 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Visual Studio 9.0
[2009/02/19 11:09:32 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Web Designer Tools
[2009/11/04 04:05:31 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Works
[2009/06/17 19:50:44 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft WSE
[2010/09/07 00:03:57 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft.NET
[2009/02/15 02:23:07 | 000,000,000 | ---D | M] -- C:\Program Files\Misc. Support Library (Spybot - Search & Destroy)
[2010/08/11 03:03:15 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2010/09/05 03:07:54 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
[2009/02/19 11:17:50 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2008/12/07 20:56:30 | 000,000,000 | ---D | M] -- C:\Program Files\MSECache
[2009/03/26 20:46:49 | 000,000,000 | ---D | M] -- C:\Program Files\MSN
[2007/08/09 19:01:31 | 000,000,000 | ---D | M] -- C:\Program Files\MSN Gaming Zone
[2007/05/30 10:46:33 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 4.0
[2007/08/09 14:26:05 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 6.0
[2010/09/05 22:21:15 | 000,000,000 | ---D | M] -- C:\Program Files\myBabylon_English
[2009/06/01 17:54:26 | 000,000,000 | ---D | M] -- C:\Program Files\NetBeans 6.1
[2009/02/18 03:35:30 | 000,000,000 | ---D | M] -- C:\Program Files\NetBeans 6.5
[2008/11/26 04:10:49 | 000,000,000 | ---D | M] -- C:\Program Files\NetMeeting
[2010/05/04 17:25:37 | 000,000,000 | ---D | M] -- C:\Program Files\Oberon Media
[2007/12/07 13:40:45 | 000,000,000 | ---D | M] -- C:\Program Files\Olympus
[2007/08/09 19:01:40 | 000,000,000 | ---D | M] -- C:\Program Files\Online Services
[2010/05/13 03:03:46 | 000,000,000 | ---D | M] -- C:\Program Files\Outlook Express
[2010/09/07 00:45:13 | 000,000,000 | ---D | M] -- C:\Program Files\Phoenix Viewer
[2009/06/05 19:36:35 | 000,000,000 | ---D | M] -- C:\Program Files\Picasa2
[2007/06/11 15:39:42 | 000,000,000 | ---D | M] -- C:\Program Files\Protector Suite QL
[2007/12/07 13:25:33 | 000,000,000 | ---D | M] -- C:\Program Files\QuickLink Desktop
[2010/09/06 23:45:52 | 000,000,000 | ---D | M] -- C:\Program Files\QuickTime
[2007/08/09 19:01:48 | 000,000,000 | ---D | M] -- C:\Program Files\Realtek
[2007/08/09 14:22:29 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2009/07/02 00:45:04 | 000,000,000 | ---D | M] -- C:\Program Files\ReflexiveArcade
[2008/12/29 19:44:07 | 000,000,000 | ---D | M] -- C:\Program Files\Retrospect
[2007/12/07 13:44:52 | 000,000,000 | ---D | M] -- C:\Program Files\Scansoft
[2009/02/15 02:23:07 | 000,000,000 | ---D | M] -- C:\Program Files\SDHelper (Spybot - Search & Destroy)
[2010/09/05 22:20:22 | 000,000,000 | ---D | M] -- C:\Program Files\Security Task Manager
[2010/06/24 12:51:28 | 000,000,000 | R--D | M] -- C:\Program Files\Skype
[2009/05/04 12:43:11 | 000,000,000 | ---D | M] -- C:\Program Files\SmartDraw 2009
[2009/07/04 17:28:32 | 000,000,000 | ---D | M] -- C:\Program Files\Spybot - Search & Destroy
[2010/09/06 05:05:00 | 000,000,000 | ---D | M] -- C:\Program Files\Spyware Doctor
[2009/08/13 13:13:11 | 000,000,000 | ---D | M] -- C:\Program Files\SpywareBlaster
[2009/08/14 12:27:48 | 000,000,000 | ---D | M] -- C:\Program Files\SwiftKit
[2010/09/05 18:31:14 | 000,000,000 | ---D | M] -- C:\Program Files\SystemRequirementsLab
[2007/12/07 13:44:52 | 000,000,000 | ---D | M] -- C:\Program Files\Texthelp Systems
[2010/06/04 13:26:00 | 000,000,000 | ---D | M] -- C:\Program Files\Textual Content Enhancer
[2009/09/08 03:53:59 | 000,000,000 | ---D | M] -- C:\Program Files\The Budgerigar Program 2006
[2007/08/09 11:25:49 | 000,000,000 | ---D | M] -- C:\Program Files\TOSHIBA
[2010/08/12 17:35:35 | 000,000,000 | ---D | M] -- C:\Program Files\Ubisoft
[2009/02/15 00:07:04 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2009/12/29 00:19:16 | 000,000,000 | ---D | M] -- C:\Program Files\VideoLAN
[2010/04/23 12:32:40 | 000,000,000 | ---D | M] -- C:\Program Files\VirginMedia
[2010/06/04 13:24:33 | 000,000,000 | ---D | M] -- C:\Program Files\Web Content Searcher
[2009/06/05 19:26:59 | 000,000,000 | ---D | M] -- C:\Program Files\Western Digital
[2008/12/29 19:42:40 | 000,000,000 | ---D | M] -- C:\Program Files\Western Digital Technologies
[2009/06/11 03:15:20 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Desktop Search
[2009/11/18 03:13:55 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live
[2009/03/15 22:54:43 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live SkyDrive
[2007/08/09 14:21:39 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Connect 2
[2008/11/26 04:10:46 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2009/02/19 11:34:44 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Mobile 5.0 SDK R2
[2008/11/26 04:10:46 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2007/05/30 10:21:27 | 000,000,000 | -H-D | M] -- C:\Program Files\WindowsUpdate
[2008/12/05 17:42:12 | 000,000,000 | ---D | M] -- C:\Program Files\WinRAR
[2007/08/09 19:02:31 | 000,000,000 | ---D | M] -- C:\Program Files\xerox
[2009/02/15 04:04:48 | 000,000,000 | ---D | M] -- C:\Program Files\Yahoo!
[2010/08/02 15:27:07 | 000,000,000 | ---D | M] -- C:\Program Files\ZTE_1.2059.0.8
[2010/05/04 17:31:37 | 000,000,000 | ---D | M] -- C:\Program Files\Zylom Games
< %appdata%\*.* >
[2007/05/30 11:18:48 | 000,000,062 | -HS- | M] () -- C:\Documents and Settings\Tania Wood\Application Data\desktop.ini
[2009/11/04 12:49:48 | 000,076,407 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Application Data\Smiley.ico

< MD5 for: AGP440.SYS >
[2004/08/04 13:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\I386\sp2.cab:AGP440.sys
[2004/08/04 13:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/11/26 04:06:44 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008/11/26 04:06:44 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys
[2008/04/13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/04 13:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\I386\sp2.cab:atapi.sys
[2004/08/04 13:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/11/26 04:06:44 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/11/26 04:06:44 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008/04/13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0005\DriverFiles\i386\atapi.sys

< MD5 for: DISK.SYS >
[2004/08/04 13:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\I386\sp2.cab:disk.sys
[2004/08/04 13:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:disk.sys
[2008/11/26 04:06:44 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:disk.sys
[2008/11/26 04:06:44 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:disk.sys
[2004/08/04 13:00:00 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=00CA44E4534865F8A3B64F7C0984BFF0 -- C:\WINDOWS\$NtServicePackUninstall$\disk.sys
[2008/04/13 19:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\ServicePackFiles\i386\disk.sys
[2008/04/13 19:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\system32\drivers\disk.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/14 01:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2008/04/14 01:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/14 01:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/04 13:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
[2006/05/05 17:50:50 | 000,023,552 | ---- | M] (UPEK Inc.) MD5=885972DF728A6C0600C0133DCF7CDD78 -- C:\Program Files\Protector Suite QL\eventlog.dll

< MD5 for: IASTOR.SYS >
[2007/02/12 13:37:22 | 000,537,368 | ---- | M] (Intel Corporation) MD5=2EE127D5407DA3957EE54711C9AED6EC -- C:\Program Files\Intel\Intel Matrix Storage Manager\Driver64\IaStor.sys
[2007/02/12 13:36:54 | 000,277,784 | ---- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:\Program Files\Intel\Intel Matrix Storage Manager\Driver\iaStor.sys
[2007/02/12 13:36:54 | 000,277,784 | ---- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:\TOSAPINS\Intel Matrix Storage Manager\Inf Setup\iastor.sys
[2007/02/12 13:36:54 | 000,277,784 | ---- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:\WINDOWS\OemDir\iaStor.sys
[2007/02/12 13:36:54 | 000,277,784 | ---- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:\WINDOWS\system32\drivers\iaStor.sys
[2007/02/12 13:36:54 | 000,277,784 | ---- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:\WINDOWS\system32\ReinstallBackups\0000\DriverFiles\iaStor.sys

< MD5 for: NETLOGON.DLL >
[2008/04/14 01:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008/04/14 01:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/14 01:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/04 13:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 13:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/14 01:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008/04/14 01:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/14 01:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< MD5 for: USBSTOR.SYS >
[2004/08/04 13:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\I386\sp2.cab:usbstor.sys
[2004/08/04 13:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:usbstor.sys
[2008/11/26 04:06:44 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:usbstor.sys
[2008/11/26 04:06:44 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:usbstor.sys
[2004/08/04 00:08:48 | 000,026,496 | ---- | M] (Microsoft Corporation) MD5=6CD7B22193718F1D17A47A1CD6D37E75 -- C:\WINDOWS\$NtServicePackUninstall$\usbstor.sys
[2008/04/13 19:45:38 | 000,026,368 | ---- | M] (Microsoft Corporation) MD5=A32426D9B14A089EAA1D922E0C5801A9 -- C:\WINDOWS\ServicePackFiles\i386\usbstor.sys
[2008/04/13 19:45:38 | 000,026,368 | ---- | M] (Microsoft Corporation) MD5=A32426D9B14A089EAA1D922E0C5801A9 -- C:\WINDOWS\system32\drivers\usbstor.sys
[2008/04/13 19:45:38 | 000,026,368 | ---- | M] (Microsoft Corporation) MD5=A32426D9B14A089EAA1D922E0C5801A9 -- C:\WINDOWS\system32\ReinstallBackups\0024\DriverFiles\i386\USBSTOR.SYS

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-09-03 02:01:42

========== Alternate Data Streams ==========

@Alternate Data Stream - 146 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1FEDA220
@Alternate Data Stream - 144 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:79108DDD
@Alternate Data Stream - 144 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6EB5B3D3
@Alternate Data Stream - 143 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C4B264B5
@Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:755BD5CD
@Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BA37E1F6
@Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DCE8F703
@Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B9B2111D
@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:362B7440
@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EBFD4E6F
@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:29058F8B
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4BD41AB7
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2F8DACDA
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9CD3B6D1
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C462DAE
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C8FE79B
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:ADE16379
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:385BC52C
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:94124B85
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E36F5B57
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:67518200
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A61A6FCC
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3D0C4F47
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EFD52482
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EB3AF287
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:30ECA2C2
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5BB2BD38
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D66B5EAE
< End of report >

Re: trojan.win32.buzus.eglu11th September 2010, 11:33 pm

Hi.

Please download ComboFix trojan.win32.buzus.eglu Combofix

from BleepingComputer.com

Alternate link: GeeksToGo.com

Alternate link: Forospyware.com

Rename ComboFix.exe to commy.exe before you save it to your Desktop

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found here
Click Start>Run then copy paste the following command into the Run box & click OK "%userprofile%\desktop\commy.exe" /stepdel
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console

Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
trojan.win32.buzus.eglu RC_successful

Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.

............................................................................................
I'm livin' life in the fast lane.

Re: trojan.win32.buzus.eglu12th September 2010, 7:45 am

Hi
Thank you for getting back to me here is the log file
Tazzy

ComboFix 10-09-11.02 - Tania Wood 12/09/2010 8:07.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.2039.1344 [GMT 1:00]
Running from: c:\documents and settings\Tania Wood\desktop\commy.exe
Command switches used :: /stepdel
AV: F-Secure Internet Security 2008 OEM 8.00 *On-access scanning enabled* (Outdated) {E7512ED5-4245-4B4D-AF3A-382D3F313F15}
AV: Norton Internet Security *On-access scanning disabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: F-Secure Internet Security 2008 OEM 8.00 *disabled* {D4747503-0346-49EB-9262-997542F79BF4}
FW: Norton Internet Security *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Install.exe
d:\my documents\EFRbackup.reg
d:\my documents\regbackup.reg

.
((((((((((((((((((((((((( Files Created from 2010-08-12 to 2010-09-12 )))))))))))))))))))))))))))))))
.

2010-09-06 23:43 . 2010-09-06 23:45 -------- d-----w- c:\program files\Phoenix Viewer
2010-09-06 22:59 . 2010-09-06 22:59 -------- d-----w- c:\windows\system32\winrm
2010-09-06 22:59 . 2010-09-06 22:59 -------- dc-h--w- c:\windows\$968930Uinstall_KB968930$
2010-09-06 02:48 . 2010-09-06 02:49 80767800 ----a-w- c:\documents and settings\All Users\Application Data\PC Tools\DownloadManager\Spyware Doctor8.0\sdsetup_dl.exe
2010-09-06 02:31 . 2010-09-06 02:31 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2010-09-05 21:04 . 2010-09-05 21:04 316 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_0D756077321A70C3E844C138CE981581.dll
2010-09-05 20:39 . 2010-09-05 20:39 -------- d-----w- c:\program files\Eusing Free Registry Cleaner
2010-09-05 16:52 . 2010-09-05 16:52 -------- d-----w- c:\documents and settings\Tania Wood\Application Data\Uniblue
2010-09-05 03:35 . 2010-09-05 03:35 -------- d-----w- C:\d2bf15400392b349be9432
2010-09-05 02:17 . 2010-09-06 01:25 -------- d-----w- c:\documents and settings\Tania Wood\Local Settings\Application Data\SecondLife
2010-08-19 18:31 . 2010-08-20 01:43 -------- d-----w- c:\windows\system32\NtmsData
2010-08-19 15:44 . 2010-08-19 15:54 -------- d-----w- C:\Combo-Fix
2010-08-19 14:28 . 2010-08-19 14:28 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-12 07:04 . 2009-12-14 02:57 -------- d-----w- c:\documents and settings\Tania Wood\Application Data\Skype
2010-09-12 07:01 . 2009-12-14 03:00 -------- d-----w- c:\documents and settings\Tania Wood\Application Data\skypePM
2010-09-07 21:36 . 2007-12-07 18:23 85064 ----a-w- c:\documents and settings\Tania Wood\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-09-06 23:03 . 2007-12-07 12:42 -------- d-----w- c:\program files\Microsoft.NET
2010-09-06 22:58 . 2009-03-15 21:54 -------- d-----w- c:\program files\Microsoft
2010-09-06 22:58 . 2007-05-31 16:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-09-06 22:45 . 2009-12-26 20:10 -------- d-----w- c:\program files\QuickTime
2010-09-06 22:44 . 2007-08-09 11:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2010-09-06 22:34 . 2007-05-30 09:46 -------- d-----w- c:\program files\Java
2010-09-06 21:26 . 2009-02-15 01:44 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-09-06 04:05 . 2009-02-15 01:43 -------- d-----w- c:\program files\Spyware Doctor
2010-09-06 02:45 . 2009-07-04 15:57 -------- d-----w- c:\program files\BitComet
2010-09-06 02:26 . 2009-12-26 20:12 -------- d-----w- c:\program files\iTunes
2010-09-06 02:26 . 2009-12-26 20:07 -------- d-----w- c:\program files\Common Files\Apple
2010-09-06 02:16 . 2009-12-17 23:24 -------- d-----w- c:\program files\Google
2010-09-06 02:14 . 2007-05-30 10:33 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-09-06 02:01 . 2009-07-25 08:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Birdstep Technology
2010-09-05 21:21 . 2010-02-09 14:38 -------- d-----w- c:\program files\myBabylon_English
2010-09-05 21:20 . 2010-09-05 21:04 -------- d-----w- c:\documents and settings\All Users\Application Data\SecTaskMan
2010-09-05 21:20 . 2010-09-05 21:04 -------- d-----w- c:\program files\Security Task Manager
2010-09-05 21:04 . 2010-09-05 21:04 152 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_0E23E40C6140D434FA9B96967D309AFE.dll
2010-09-05 17:35 . 2007-05-30 10:33 -------- d-----w- c:\program files\Intel
2010-09-05 17:31 . 2010-01-23 14:53 -------- d-----w- c:\program files\SystemRequirementsLab
2010-09-05 02:57 . 2009-02-15 03:06 -------- d-----w- c:\program files\CCleaner
2010-09-05 02:17 . 2010-02-19 18:35 -------- d-----w- c:\documents and settings\Tania Wood\Application Data\SecondLife
2010-09-05 01:59 . 2009-01-04 17:19 -------- d-----w- c:\program files\Microsoft Silverlight
2010-08-19 18:39 . 2009-07-18 18:27 -------- d-----w- c:\program files\iWin Games
2010-08-16 13:01 . 2010-07-20 18:10 -------- d-----w- c:\documents and settings\All Users\Application Data\STOPzilla!
2010-08-12 16:35 . 2010-08-12 16:35 -------- d-----w- c:\program files\Ubisoft
2010-08-09 12:21 . 2010-08-09 12:21 503808 ----a-w- c:\documents and settings\Tania Wood\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-1dbe9b9f-n\msvcp71.dll
2010-08-09 12:21 . 2010-08-09 12:21 499712 ----a-w- c:\documents and settings\Tania Wood\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-1dbe9b9f-n\jmc.dll
2010-08-09 12:21 . 2010-08-09 12:21 348160 ----a-w- c:\documents and settings\Tania Wood\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-1dbe9b9f-n\msvcr71.dll
2010-08-09 12:21 . 2010-08-09 12:21 61440 ----a-w- c:\documents and settings\Tania Wood\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-5e2e1a75-n\decora-sse.dll
2010-08-09 12:21 . 2010-08-09 12:21 12800 ----a-w- c:\documents and settings\Tania Wood\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-5e2e1a75-n\decora-d3d.dll
2010-08-08 18:38 . 2010-08-08 18:38 -------- d-----w- c:\documents and settings\Tania Wood\Application Data\Malwarebytes
2010-08-08 18:38 . 2010-08-08 18:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-08-02 14:27 . 2010-08-02 14:27 -------- d-----w- c:\documents and settings\LocalService\Application Data\Birdstep Technology
2010-08-02 14:27 . 2010-08-02 14:26 -------- d-----w- c:\program files\ZTE_1.2059.0.8
2010-07-20 18:54 . 2008-12-29 18:44 -------- d-----w- c:\documents and settings\All Users\Application Data\RetroExp
2010-07-20 18:16 . 2010-07-20 18:16 237568 ---ha-w- C:\SZKGFS.dat
2010-07-20 18:11 . 2010-07-20 18:11 -------- d-----w- c:\documents and settings\All Users\Application Data\SITEguard
2010-07-20 18:10 . 2010-07-20 18:10 -------- d-----w- c:\program files\Common Files\iS3
2010-07-19 23:22 . 2009-12-28 23:21 -------- d-----w- c:\documents and settings\Tania Wood\Application Data\vlc
2010-07-15 10:23 . 2010-07-15 10:23 654456 ----a-w- c:\windows\system32\ncs2dmix.dll
2010-07-15 10:23 . 2010-07-15 10:23 506488 ----a-w- c:\windows\system32\accesor.dll
2010-07-14 09:16 . 2010-07-14 09:16 182784 ----a-w- c:\windows\system32\Ncs2Setp.dll
2010-07-14 08:39 . 2010-07-14 08:39 134264 ----a-w- c:\windows\system32\ncs2instutility.dll
2010-07-14 08:20 . 2010-07-14 08:20 1813112 ----a-w- c:\windows\system32\ncscolib.dll
2010-06-30 12:31 . 2007-05-30 08:13 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-24 12:22 . 2007-05-30 08:13 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-23 13:44 . 2007-05-30 08:13 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-21 15:27 . 2007-05-30 08:13 354304 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-21 13:43 . 2010-06-21 13:43 30880 ----a-w- c:\windows\system32\drivers\iqvw32.sys
2010-06-17 14:03 . 2007-05-30 08:13 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-14 14:31 . 2007-05-30 09:21 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-14 07:41 . 2007-05-30 08:13 1172480 ----a-w- c:\windows\system32\msxml3.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2005-04-11 65536]
"Google Update"="c:\documents and settings\Tania Wood\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-09-06 136176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-02-12 174872]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-04-09 138008]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-04-09 162584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-04-09 138008]
"RTHDCPL"="RTHDCPL.EXE" [2007-03-13 16125440]
"00THotkey"="c:\windows\system32\00THotkey.exe" [2006-08-07 253952]
"000StTHK"="000StTHK.exe" [2001-06-23 24576]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2004-03-24 196608]
"DpUtil"="c:\program files\TOSHIBA\DualPointUtility\TEDTray.exe" [2005-08-05 155648]
"TouchED"="c:\program files\TOSHIBA\TouchED\TouchED.exe" [2005-08-31 102400]
"TFNF5"="TFNF5.exe" [2006-04-11 622592]
"SmoothView"="c:\program files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2007-05-11 143360]
"TPSODDCtl"="TPSODDCtl.exe" [2007-04-18 102400]
"TPSMain"="TPSMain.exe" [2007-04-18 299008]
"TOSDCR"="TOSDCR.EXE" [2005-12-12 57344]
"TosHKCW.exe"="c:\program files\TOSHIBA\Wireless Hotkey\TosHKCW.exe" [2005-05-17 49152]
"DDWMon"="c:\program files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe" [2007-04-26 495616]
"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImage\TrueImageMonitor.exe" [2007-11-07 1165120]
"AcronisTimounterMonitor"="c:\program files\Acronis\TrueImage\TimounterMonitor.exe" [2007-11-07 1945688]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2007-11-07 148760]
"WD Button Manager"="WDBtnMgr.exe" [2008-12-29 339968]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2006-05-05 16:48 40448 ----a-w- c:\windows\system32\psqlpwd.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\TosBtNP]
2006-07-22 02:54 65536 ----a-w- c:\windows\system32\TosBtNP.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli psqlpwd

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\iWin Games\\iWinGames.exe"=
"c:\\Program Files\\iWin Games\\WebUpdater.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Kontiki\\KService.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"50000:TCP"= 50000:TCP:BitComet 50000 TCP
"50000:UDP"= 50000:UDP:BitComet 50000 UDP
"7375:TCP"= 7375:TCP:BitComet 7375 TCP
"7375:UDP"= 7375:UDP:BitComet 7375 UDP
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management

R0 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [07/12/2007 13:48 51072]
R0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\drivers\thpdrv.sys [22/03/2007 13:07 20992]
R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\drivers\Thpevm.sys [09/03/2007 15:23 6528]
R1 F-Secure HIPS;F-Secure HIPS;c:\program files\F-Secure Internet Security\HIPS\fshs.sys [07/12/2007 13:47 41184]
R1 TMEI3E;TMEI3E;c:\windows\system32\drivers\TMEI3E.sys [30/05/2007 16:23 5888]
R2 FdRedir;FdRedir;c:\program files\Common Files\Protector Suite QL\Drivers\FdRedir.sys [05/05/2006 18:00 13568]
R2 FileDisk2;FileDisk Protector Kernel Driver;c:\program files\Common Files\Protector Suite QL\Drivers\filedisk.sys [05/05/2006 17:59 33024]
R2 iWinTrusted;iWinTrusted;c:\program files\iWin Games\iWinTrusted.exe [02/09/2009 18:30 78104]
R2 smihlp;SMI helper driver;c:\program files\Protector Suite QL\smihlp.sys [05/05/2006 17:33 3456]
R2 tdudf;TOSHIBA UDF File System Driver;c:\windows\system32\drivers\tdudf.sys [26/03/2007 12:22 105856]
R2 Tmesrv;Tmesrv3;c:\program files\TOSHIBA\TME3\TMESRV31.exe [30/05/2007 16:23 114688]
R2 trudf;TOSHIBA DVD-RAM UDF File System Driver;c:\windows\system32\drivers\trudf.sys [19/02/2007 12:15 134016]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\F-Secure Internet Security\Anti-Virus\minifilter\fsgk.sys [07/12/2007 13:47 77824]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [31/05/2007 16:10 35968]
R3 TEchoCan;Toshiba Audio Effect;c:\windows\system32\drivers\TEchoCan.sys [30/05/2007 16:26 435072]
S0 nielprt;Nielsen Patch Service;c:\windows\system32\DRIVERS\nielprt.sys --> c:\windows\system32\DRIVERS\nielprt.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18/03/2010 13:16 130384]
S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [18/12/2009 10:58 11336]
S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [02/08/2010 15:27 9216]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
S3 NielGfx;Nielsen USB GFX;c:\windows\system32\drivers\nielgfx.sys --> c:\windows\system32\drivers\nielgfx.sys [?]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [15/02/2009 02:43 356920]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [30/05/2007 09:13 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18/03/2010 13:16 753504]
S4 F-Secure Filter;F-Secure File System Filter;c:\program files\F-Secure Internet Security\Anti-Virus\win2k\fsfilter.sys [07/12/2007 13:47 40048]
S4 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files\F-Secure Internet Security\Anti-Virus\win2k\fsrec.sys [07/12/2007 13:47 25456]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
.
Contents of the 'Scheduled Tasks' folder

2010-09-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3605395860-2466649076-873052810-1008Core.job
- c:\documents and settings\Tania Wood\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-09-06 23:21]

2010-09-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3605395860-2466649076-873052810-1008UA.job
- c:\documents and settings\Tania Wood\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-09-06 23:21]

2007-12-07 c:\windows\Tasks\Registration reminder 1.job
- c:\windows\system32\OOBE\oobebaln.exe [2007-05-30 00:12]

2007-12-07 c:\windows\Tasks\Registration reminder 2.job
- c:\windows\system32\OOBE\oobebaln.exe [2007-05-30 00:12]

2007-12-07 c:\windows\Tasks\Registration reminder 3.job
- c:\windows\system32\OOBE\oobebaln.exe [2007-05-30 00:12]

2010-09-12 c:\windows\Tasks\Scheduled scanning task.job
- c:\progra~1\F-SECU~1\ANTI-V~1\fsav.exe [2007-12-07 12:41]

2010-09-11 c:\windows\Tasks\SDMsgUpdate (TE).job
- c:\progra~1\SMARTD~1\Messages\SDNotify.exe [2009-05-04 06:29]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\Tania Wood\Start Menu\Programs\IMVU\Run IMVU.lnk
.

**************************************************************************
scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1056)
c:\windows\system32\psqlpwd.dll
c:\program files\Protector Suite QL\infra.dll
c:\program files\Protector Suite QL\homefus2.dll
c:\windows\system32\biologon.dll
c:\program files\Protector Suite QL\homepass.dll
c:\program files\Protector Suite QL\bio.dll
c:\program files\Protector Suite QL\remote.dll
c:\program files\Protector Suite QL\crypto.dll
c:\program files\Protector Suite QL\biokmd.dll

- - - - - - - > 'lsass.exe'(1112)
c:\windows\system32\relog_ap.dll
c:\windows\system32\psqlpwd.dll
c:\program files\Protector Suite QL\infra.dll
c:\program files\Protector Suite QL\homefus2.dll
.
Completion time: 2010-09-12 08:17:04
ComboFix-quarantined-files.txt 2010-09-12 07:17

Pre-Run: 11,641,454,592 bytes free
Post-Run: 12,090,286,080 bytes free

- - End Of File - - 1A8E8C76B79FC595B167AB6485389F37

Re: trojan.win32.buzus.eglu14th September 2010, 2:15 am

Hi.

Please download Malwarebytes Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.

............................................................................................
I'm livin' life in the fast lane.

Re: trojan.win32.buzus.eglu14th September 2010, 8:00 am

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4611

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

14/09/2010 09:00:21
mbam-log-2010-09-14 (09-00-21).txt

Scan type: Quick scan
Objects scanned: 149612
Time elapsed: 27 minute(s), 4 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 2
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\GamiePlay Toolbar (Adware.DoubleD) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions\{5909fc3d-7f8b-415d-a5d1-7c7e941e536e} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions\{aa1acb70-b5f1-4037-909e-1f725b04d2a8} (Adware.DoubleD) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\HandyGamez Toolbar (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Tania Wood\Local Settings\Application Data\HandyGamez Toolbar (Adware.DoubleD) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\system32\f3PSSavr.0cr (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Documents and Settings\Tania Wood\Favorites\MyFastSearcher.url (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Tania Wood\Favorites\MyMindSearcher.url (Hijack.Favorites) -> Quarantined and deleted successfully.

Re: trojan.win32.buzus.eglu16th September 2010, 4:17 am

Hi.

Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan

Tick the box next to YES, I accept the Terms of Use
Click Start
When asked, allow the ActiveX control to install
Click Start
Make sure that the options Remove found threats and the option Scan unwanted applications is checked
Click Scan (This scan can take several hours, so please be patient)
Once the scan is completed, you may close the window
Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
Copy and paste that log as a reply to this topic

............................................................................................
I'm livin' life in the fast lane.

Re: trojan.win32.buzus.eglu17th September 2010, 1:44 am

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=a49e29b3e79025408a8a2741b4a20df9
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-09-17 12:39:15
# local_time=2010-09-17 01:39:15 (+0000, GMT Daylight Time)
# country="United Kingdom"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=1026 16777214 0 2 32496789 32496789 0 0
# compatibility_mode=2304 16777179 100 0 0 0 0 0
# compatibility_mode=2560 16777215 100 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 29171 29171 0 0
# scanned=157056
# found=0
# cleaned=0
# scan_time=5113

Re: trojan.win32.buzus.eglu18th September 2010, 6:36 pm

Hi.

How is your computer running now?

............................................................................................
I'm livin' life in the fast lane.

Re: trojan.win32.buzus.eglu24th September 2010, 6:54 am

hi well
i have just managed to get on the internet and find this as my intel 82566mc gigabit network connection (adapter) has stopped working.

i got a blue screen with alot of writing and then when the computer restarted the ethernet (lan) connection didnt show in my networks anymore
when i go to device manager i have the yellow triangle with the i and it says This device cannot start. (Code 10) i unistalled and re installed the rebooted to no change

any ideas please would be awesome Sad tearing

Thank you Tazzy

Re: trojan.win32.buzus.eglu1st October 2010, 9:44 pm

Hi.

Sorry for the delay.

Could you please navigate to C:\Windows\Minidump and zip those .dmp files up and attach them here?

............................................................................................
I'm livin' life in the fast lane.

Re: trojan.win32.buzus.eglu3rd October 2010, 10:42 pm

Hi i managed to zip them but i cant attach them here?

i can email them or is there another way sorry let me know whats best thx

Tazzy Thank You!

Re: trojan.win32.buzus.eglu5th October 2010, 1:42 am

Hi.

Please go here and upload the zip file, then post the link here.

............................................................................................
I'm livin' life in the fast lane.

Re: trojan.win32.buzus.eglu6th October 2010, 1:14 am

Thank you for that Big Grin

http://www.mediafire.com/file/i64oghaajwct17c/Minidump.rar

Re: trojan.win32.buzus.eglu6th October 2010, 1:32 am

Hi.

Try updating your graphics card driver in Device Manager and see if it still occurs.

............................................................................................
I'm livin' life in the fast lane.

Re: trojan.win32.buzus.eglu6th October 2010, 10:09 pm

no updates avalible
can not find newer version Smile...

Re: trojan.win32.buzus.eglu9th October 2010, 6:35 pm

Hi,

Try re-installing it in Device Manager, and see if it still occurs.

............................................................................................
I'm livin' life in the fast lane.

Re: trojan.win32.buzus.eglu10th October 2010, 12:39 pm

un installed and re installed
still have all applications hanging continuesly hard to used any browser except ie Sad tearing

chrome and mozzilla crash ie only one that works now have unistalled and reinstalled them office programs hang and now also the explorer application starting to hang or become non resposive for a while then works again cant do anything on the laptop hardley have just bought a external hard drive and saved stuff to it but it is still hanging Sad tearing

Re: trojan.win32.buzus.eglu10th October 2010, 8:28 pm

Hi,

I don't know why I didn't catch this earlier, but I noticed you have 2 Anti-virus programs.

I recommend removing both F-Secure and Norton and install one of these:

If you don't have a Antivirus I recommend to download these free Antivirus programs:
1. Microsoft Security Essentials
2. AVG Free
3. Avast!

After you install one of these see if the issues still occur.

............................................................................................
I'm livin' life in the fast lane.

Re: trojan.win32.buzus.eglu11th October 2010, 11:14 am

ok norton was removed but only shows remnants that i cant remove I don't know why they wont go. Fsecure came with the computer and i have disabled it - i have down loaded avast that didnt find anything then i uninstalled avast and down loaded avg - that found 2 warnings and nothing more.

Re: trojan.win32.buzus.eglu11th October 2010, 10:46 pm

Hi,

Please download and run each of these:

1. ftp://ftp.symantec.com/public/english_us_canada/removal_tools/Norton_Removal_Tool.exe

2. ftp://ftp.f-secure.com/support/tools/uitool/UninstallationTool.zip

3. http://files.avast.com/files/eng/aswclear5.exe

4. http://download.avg.com/filedir/util/avg_arm_sup_____.dir/avgremover.exe

==================

After that; please download only this Anti-Virus:

http://www.microsoft.com/security_essentials/

............................................................................................
I'm livin' life in the fast lane.

trojan.win32.buzus.eglu

descriptiontrojan.win32.buzus.eglu2nd August 2010, 4:54 pm

descriptionRe: trojan.win32.buzus.eglu2nd August 2010, 6:24 pm

descriptionRe: trojan.win32.buzus.eglu3rd August 2010, 5:05 am

descriptionRe: trojan.win32.buzus.eglu3rd August 2010, 5:20 am

descriptionRe: trojan.win32.buzus.eglu3rd August 2010, 5:21 am

descriptionRe: trojan.win32.buzus.eglu4th August 2010, 12:00 am

descriptionRe: trojan.win32.buzus.eglu4th August 2010, 2:30 am

descriptionRe: trojan.win32.buzus.eglu4th August 2010, 2:49 pm

descriptionRe: trojan.win32.buzus.eglu9th August 2010, 7:31 pm

descriptionRe: trojan.win32.buzus.eglu11th August 2010, 12:01 am

descriptionRe: trojan.win32.buzus.eglu19th August 2010, 5:10 pm

descriptionRe: trojan.win32.buzus.eglu20th August 2010, 3:37 am

descriptionRe: trojan.win32.buzus.eglu20th August 2010, 11:57 pm

descriptionRe: trojan.win32.buzus.eglu21st August 2010, 3:28 am

descriptionRe: trojan.win32.buzus.eglu21st August 2010, 11:11 am

descriptionRe: trojan.win32.buzus.eglu21st August 2010, 5:44 pm

descriptionRe: trojan.win32.buzus.eglu26th August 2010, 12:42 am

descriptionRe: trojan.win32.buzus.eglu26th August 2010, 4:59 am

descriptionRe: trojan.win32.buzus.eglu6th September 2010, 10:40 pm

descriptionRe: trojan.win32.buzus.eglu10th September 2010, 2:06 am

descriptionRe: trojan.win32.buzus.eglu10th September 2010, 4:00 am

descriptionRe: trojan.win32.buzus.eglu10th September 2010, 4:02 am

descriptionRe: trojan.win32.buzus.eglu10th September 2010, 4:04 am

descriptionRe: trojan.win32.buzus.eglu10th September 2010, 4:05 am

descriptionRe: trojan.win32.buzus.eglu10th September 2010, 5:03 am

descriptionRe: trojan.win32.buzus.eglu10th September 2010, 5:04 am

descriptionRe: trojan.win32.buzus.eglu11th September 2010, 11:33 pm

descriptionRe: trojan.win32.buzus.eglu12th September 2010, 7:45 am

descriptionRe: trojan.win32.buzus.eglu14th September 2010, 2:15 am

descriptionRe: trojan.win32.buzus.eglu14th September 2010, 8:00 am

descriptionRe: trojan.win32.buzus.eglu16th September 2010, 4:17 am

descriptionRe: trojan.win32.buzus.eglu17th September 2010, 1:44 am

descriptionRe: trojan.win32.buzus.eglu18th September 2010, 6:36 pm

descriptionRe: trojan.win32.buzus.eglu24th September 2010, 6:54 am

descriptionRe: trojan.win32.buzus.eglu1st October 2010, 9:44 pm

descriptionRe: trojan.win32.buzus.eglu3rd October 2010, 10:42 pm

descriptionRe: trojan.win32.buzus.eglu5th October 2010, 1:42 am

descriptionRe: trojan.win32.buzus.eglu6th October 2010, 1:14 am

descriptionRe: trojan.win32.buzus.eglu6th October 2010, 1:32 am

descriptionRe: trojan.win32.buzus.eglu6th October 2010, 10:09 pm

descriptionRe: trojan.win32.buzus.eglu9th October 2010, 6:35 pm

descriptionRe: trojan.win32.buzus.eglu10th October 2010, 12:39 pm

descriptionRe: trojan.win32.buzus.eglu10th October 2010, 8:28 pm

descriptionRe: trojan.win32.buzus.eglu11th October 2010, 11:14 am

descriptionRe: trojan.win32.buzus.eglu11th October 2010, 10:46 pm

descriptionRe: trojan.win32.buzus.eglu