PDA

View Full Version : PC running slow and freezing


sunny01au
2011-02-07, 12:10
Hi,

I think I have some sort of malicious program in my pc. I think I ran a malicious program on my pc few days ago and now my PC is behaving weird. It is not slow, freezing, internet explorer freezes and google chrome not opening pages.

Can you please help?

thanks,

Sonny

Here is the DDS log:

DDS (Ver_10-12-12.02) - NTFSx86
Run by Sonny at 21:05:24.96 on Mon 07/02/2011
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.61.1033.18.1913.603 [GMT 11:00]

AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {DAAC1C79-1A96-9DFE-FC4C-6940214C33E6}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Lavasoft Ad-Watch Live! *Enabled/Updated* {61CDFD9D-3CAC-9270-C6FC-52325ACB795B}

============== Running Processes ===============

C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\windows\system32\svchost.exe -k hpdevmgmt
c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\windows\System32\svchost.exe -k HPZ12
C:\windows\System32\svchost.exe -k HPZ12
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\windows\system32\taskhost.exe
C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
C:\windows\Explorer.EXE
C:\windows\system32\Dwm.exe
C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
C:\windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\TOSHIBA\TECO\TecoService.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\windows\system32\igfxsrvc.exe
C:\Program Files\TeamViewer\Version6\TeamViewer.exe
C:\windows\system32\wbem\unsecapp.exe
C:\windows\system32\SearchIndexer.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\taskeng.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\windows\system32\svchost.exe -k HPService
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe
C:\Program Files\LSI SoftModem\agrsmsvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\TOSHIBA\RSelect\RSelSvc.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Sonny\Desktop\dds.scr
C:\windows\system32\conhost.exe
C:\windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.theage.com.au/
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSAU&bmod=TSAU
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: Softonic-Eng7 Toolbar: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - c:\program files\softonic-eng7\tbSoft.dll
uURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\tbuTor.dll
mURLSearchHooks: Softonic-Eng7 Toolbar: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - c:\program files\softonic-eng7\tbSoft.dll
mURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\tbuTor.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: Softonic-Eng7 Toolbar: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - c:\program files\softonic-eng7\tbSoft.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5805.1910\swg.dll
BHO: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\tbuTor.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Softonic-Eng7 Toolbar: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - c:\program files\softonic-eng7\tbSoft.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\tbuTor.dll
TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [Google Update] "c:\users\sonny\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [VeohPlugin] "c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe"
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [SVPWUTIL] c:\program files\toshiba\utilities\SVPWUTIL.exe SVPwUTIL
mRun: [HWSetup] "c:\program files\toshiba\utilities\HWSetup.exe" hwSetUP
mRun: [KeNotify] c:\program files\toshiba\utilities\KeNotify.exe
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe
mRun: [TosSENotify] c:\program files\toshiba\toshiba hdd ssd alert\TosWaitSrv.exe
mRun: [TWebCamera] "%ProgramFiles%\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
StartupFolder: c:\users\sonny\appdata\roaming\micros~1\windows\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\users\sonny\appdata\roaming\micros~1\windows\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\mif5ba~1\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\mif5ba~1\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mif5ba~1\office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\sonny\appdata\roaming\mozilla\firefox\profiles\42tuj77h.default\
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpClipBook.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpClipBookDB.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpNeoLogger.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSaturn.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSeymour.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSmartSelect.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSmartWebPrinting.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSWPOperation.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXPLogging.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXPMTC.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXPMTL.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXREStub.dll
FF - component: c:\program files\real\realplayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - component: c:\users\sonny\appdata\roaming\mozilla\firefox\profiles\42tuj77h.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\RadioWMPCoreGecko19.dll
FF - component: c:\users\sonny\appdata\roaming\mozilla\firefox\profiles\42tuj77h.default\extensions\engine@conduit.com\components\RadioWMPCoreGecko19.dll
FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\plugins\nphpclipbook.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\sonny\appdata\local\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\users\sonny\appdata\local\yahoo!\browserplus\2.9.2\plugins\npybrowserplus_2.9.2.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: HP Smart Web Printing: http://forums.spybot.info/misc.php?do=email_dev&email=c21hcnR3ZWJwcmludGluZ0BocC5jb20= - c:\program files\hp\digital imaging\smart web printing\MozillaAddOn3
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\program files\real\realplayer\browserrecord
FF - Ext: HP Smart Web Printing: http://forums.spybot.info/misc.php?do=email_dev&email=c21hcnR3ZWJwcmludGluZ0BocC5jb20= - c:\program files\hp\digital imaging\smart web printing\MozillaAddOn3
FF - Ext: Illimitux: http://forums.spybot.info/misc.php?do=email_dev&email=aWxsaW1pdHV4QGlsbGltaXR1eC5uZXQ= - %profile%\extensions\illimitux@illimitux.net
FF - Ext: Conduit Engine : http://forums.spybot.info/misc.php?do=email_dev&email=ZW5naW5lQGNvbmR1aXQuY29t - %profile%\extensions\engine@conduit.com
FF - Ext: uTorrentBar Community Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - %profile%\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-11-27 64288]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-3-25 165264]
R1 MpKslae8db63f;MpKslae8db63f;c:\programdata\microsoft\microsoft antimalware\definition updates\{851405d4-c1da-4eb5-9c95-ed112c727dd4}\MpKslae8db63f.sys [2011-2-7 28752]
R1 MpKslc2595d82;MpKslc2595d82;c:\programdata\microsoft\microsoft antimalware\definition updates\{851405d4-c1da-4eb5-9c95-ed112c727dd4}\MpKslc2595d82.sys [2011-2-7 28752]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]
R2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files\toshiba\configfree\CFIWmxSvcs.exe [2009-7-18 181616]
R2 ConfigFree Service;ConfigFree Service;c:\program files\toshiba\configfree\CFSvcs.exe [2009-3-11 46448]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-9-23 1375992]
R2 RSELSVC;TOSHIBA Modem region select service;c:\program files\toshiba\rselect\RSelSvc.exe [2009-7-8 62832]
R2 TeamViewer5;TeamViewer 5;c:\program files\teamviewer\version5\TeamViewer_Service.exe [2010-7-7 173352]
R2 TeamViewer6;TeamViewer 6;c:\program files\teamviewer\version6\TeamViewer_Service.exe [2011-1-15 2250616]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\toshiba\teco\TecoService.exe [2009-8-11 181616]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\drivers\TVALZFL.sys [2009-6-20 12920]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2010-9-23 15264]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2010-10-24 54144]
R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2010-11-11 206360]
R3 PGEffect;Pangu effect driver;c:\windows\system32\drivers\PGEffect.sys [2009-11-17 24064]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-11-17 167936]
R3 RTL8187B;Realtek RTL8187B Wireless 802.11bg 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187B.sys [2009-11-17 376320]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\toshiba\toshiba hdd ssd alert\TosSmartSrv.exe [2009-8-4 111960]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-22 135664]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2010-3-25 43392]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2009-11-17 171520]
S3 TMachInfo;TMachInfo;c:\program files\toshiba\toshiba service station\TMachInfo.exe [2009-11-17 51512]
S3 TPCHSrv;TPCH Service;c:\program files\toshiba\tphm\TPCHSrv.exe [2009-8-7 685424]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-3-7 1343400]

=============== Created Last 30 ================

2011-02-07 09:38:55 28752 ----a-w- c:\progra~2\microsoft\microsoft antimalware\definition updates\{851405d4-c1da-4eb5-9c95-ed112c727dd4}\MpKslc2595d82.sys
2011-02-07 06:21:40 28752 ----a-w- c:\progra~2\microsoft\microsoft antimalware\definition updates\{851405d4-c1da-4eb5-9c95-ed112c727dd4}\MpKslae8db63f.sys
2011-02-07 06:21:31 5890896 ----a-w- c:\progra~2\microsoft\microsoft antimalware\definition updates\{851405d4-c1da-4eb5-9c95-ed112c727dd4}\mpengine.dll
2011-02-07 05:56:20 -------- d-----w- c:\program files\Sierra Wireless Inc
2011-02-07 05:55:33 -------- d-----w- c:\users\sonny\appdata\roaming\Sierra Wireless
2011-01-31 04:31:05 -------- d-----w- c:\users\sonny\appdata\roaming\Mp3tag
2011-01-31 04:30:46 -------- d-----w- c:\program files\Mp3tag
2011-01-26 16:29:50 439632 ------w- c:\progra~2\microsoft\microsoft antimalware\definition updates\{0c9d28b9-6354-479e-8ccd-9898ab48280d}\gapaengine.dll
2011-01-26 10:27:47 -------- d-----w- C:\New folder
2011-01-26 07:02:40 -------- d-----w- c:\program files\common files\Adobe Systems Shared
2011-01-26 02:18:58 5890896 ----a-w- c:\progra~2\microsoft\microsoft antimalware\definition updates\updates\mpengine.dll
2011-01-26 02:17:35 -------- d-----w- c:\program files\Microsoft Security Client
2011-01-26 02:16:43 240008 ----a-w- c:\windows\system32\drivers\netio.sys
2011-01-22 05:11:42 737280 ----a-w- c:\windows\iun6002.exe
2011-01-22 05:11:22 -------- d-----w- c:\program files\Karaoke Anything!
2011-01-22 04:40:11 -------- d-----w- c:\program files\Plugins
2011-01-19 03:40:22 -------- d-----w- c:\users\sonny\appdata\local\Sony
2011-01-19 03:38:30 -------- d-----w- c:\program files\Sony
2011-01-19 00:41:03 -------- d-----w- c:\users\sonny\appdata\roaming\PhotoScape
2011-01-19 00:30:05 -------- d-----w- c:\program files\PhotoScape
2011-01-17 11:46:00 -------- d-----w- c:\program files\ABC Amber BlackBerry Converter
2011-01-17 04:04:26 -------- d-----w- c:\program files\ConduitEngine
2011-01-17 04:04:22 -------- d-----w- c:\program files\uTorrentBar

==================== Find3M ====================


=================== ROOTKIT ====================

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.1.7600 Disk: TOSHIBA_ rev.FG01 -> Harddisk0\DR0 -> \Device\Ide\iaStor0

device: opened successfully
user: MBR read successfully

Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x868E95DC]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x868ef7b8]; MOV EAX, [0x868ef834]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 ntkrnlpa!IofCallDriver[0x82C8B458] -> \Device\Harddisk0\DR0[0x868C6030]
3 CLASSPNP[0x88C0459E] -> ntkrnlpa!IofCallDriver[0x82C8B458] -> [0x86CD63B0]
\Driver\iaStor[0x868CDB78] -> IRP_MJ_CREATE -> 0x868E95DC
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; PUSHA ; MOV CX, 0x132; MOV BP, 0x62a; ROR BYTE [BP+0x0], CL; INC BP; }
detected disk devices:
\Device\Ide\IAAStorageDevice-1 -> \??\IDE#DiskTOSHIBA_MK4055GSX_______________________FG011M__#4&2a5f735&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
user != kernel MBR !!!
error: Read The request could not be performed because of an I/O device error.
Warning: possible TDL4 rootkit infection !
TDL4 rootkit infection detected ! Use: "mbr.exe -f" to fix.

============= FINISH: 21:08:05.17 ===============

I just found out that when I open a new tab in IE it freezes or if I open a link in a new window it freezes again. Also a lot of links in google search are also redirecting.
ken545
2011-02-08, 03:14
:snwelcome:


Please read Before You Post (http://forums.spybot.info/showthread.php?t=288)
While best efforts are made to assist in removing infections safely, unexpected stuff can happen. It is advisable that you back up your important data before starting any clean up procedure. Neither Safer Networking Forums nor the Analyst providing the advice may be held responsible for any loss.

Until we deem your system clean I am going to ask you not to install or uninstall any software or hardware except for the programs we may run.


Your infected with a rootkit


Please download TDSSKiller.zip (http://support.kaspersky.com/downloads/utils/tdsskiller.zip)
Extract it to your desktop
Double click TDSSKiller.exe
Press Start Scan

Only if Malicious objects are found then ensure Cure is selected
Then click Continue > Reboot now

Copy and paste the log in your next reply

A copy of the log will be saved automatically to the root of the drive (typically C:\)
sunny01au
2011-02-08, 03:31
Hi,

thanks for your help so far. Here is the log you requested.

2011/02/08 12:22:56.0562 2076 TDSS rootkit removing tool 2.4.16.0 Feb 1 2011 10:34:03
2011/02/08 12:22:57.0421 2076 ================================================================================
2011/02/08 12:22:57.0421 2076 SystemInfo:
2011/02/08 12:22:57.0421 2076
2011/02/08 12:22:57.0421 2076 OS Version: 6.1.7600 ServicePack: 0.0
2011/02/08 12:22:57.0421 2076 Product type: Workstation
2011/02/08 12:22:57.0421 2076 ComputerName: SONNY-PC
2011/02/08 12:22:57.0421 2076 UserName: Sonny
2011/02/08 12:22:57.0421 2076 Windows directory: C:\windows
2011/02/08 12:22:57.0421 2076 System windows directory: C:\windows
2011/02/08 12:22:57.0421 2076 Processor architecture: Intel x86
2011/02/08 12:22:57.0421 2076 Number of processors: 2
2011/02/08 12:22:57.0421 2076 Page size: 0x1000
2011/02/08 12:22:57.0421 2076 Boot type: Normal boot
2011/02/08 12:22:57.0421 2076 ================================================================================
2011/02/08 12:22:58.0099 2076 Initialize success
2011/02/08 12:23:18.0450 5316 ================================================================================
2011/02/08 12:23:18.0450 5316 Scan started
2011/02/08 12:23:18.0451 5316 Mode: Manual;
2011/02/08 12:23:18.0451 5316 ================================================================================
2011/02/08 12:23:19.0833 5316 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\windows\system32\DRIVERS\1394ohci.sys
2011/02/08 12:23:19.0972 5316 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\windows\system32\DRIVERS\ACPI.sys
2011/02/08 12:23:20.0093 5316 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\windows\system32\DRIVERS\acpipmi.sys
2011/02/08 12:23:20.0264 5316 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\windows\system32\DRIVERS\adp94xx.sys
2011/02/08 12:23:20.0417 5316 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\windows\system32\DRIVERS\adpahci.sys
2011/02/08 12:23:20.0559 5316 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\windows\system32\DRIVERS\adpu320.sys
2011/02/08 12:23:20.0701 5316 AFD (ddc040fdb01ef1712a6b13e52afb104c) C:\windows\system32\drivers\afd.sys
2011/02/08 12:23:20.0861 5316 AgereSoftModem (07758c2196a62f207f77556311e7459a) C:\windows\system32\DRIVERS\AGRSM.sys
2011/02/08 12:23:20.0989 5316 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\windows\system32\DRIVERS\agp440.sys
2011/02/08 12:23:21.0111 5316 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\windows\system32\DRIVERS\djsvs.sys
2011/02/08 12:23:21.0264 5316 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\windows\system32\DRIVERS\aliide.sys
2011/02/08 12:23:21.0387 5316 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\windows\system32\DRIVERS\amdagp.sys
2011/02/08 12:23:21.0520 5316 amdide (cd5914170297126b6266860198d1d4f0) C:\windows\system32\DRIVERS\amdide.sys
2011/02/08 12:23:21.0638 5316 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\windows\system32\DRIVERS\amdk8.sys
2011/02/08 12:23:21.0758 5316 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\windows\system32\DRIVERS\amdppm.sys
2011/02/08 12:23:21.0870 5316 amdsata (2101a86c25c154f8314b24ef49d7fbc2) C:\windows\system32\DRIVERS\amdsata.sys
2011/02/08 12:23:22.0002 5316 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\windows\system32\DRIVERS\amdsbs.sys
2011/02/08 12:23:22.0218 5316 amdxata (b81c2b5616f6420a9941ea093a92b150) C:\windows\system32\DRIVERS\amdxata.sys
2011/02/08 12:23:22.0345 5316 AppID (feb834c02ce1e84b6a38f953ca067706) C:\windows\system32\drivers\appid.sys
2011/02/08 12:23:22.0532 5316 arc (2932004f49677bd84dbc72edb754ffb3) C:\windows\system32\DRIVERS\arc.sys
2011/02/08 12:23:22.0766 5316 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\windows\system32\DRIVERS\arcsas.sys
2011/02/08 12:23:22.0881 5316 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\windows\system32\DRIVERS\asyncmac.sys
2011/02/08 12:23:22.0996 5316 atapi (338c86357871c167a96ab976519bf59e) C:\windows\system32\DRIVERS\atapi.sys
2011/02/08 12:23:23.0159 5316 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\windows\system32\DRIVERS\bxvbdx.sys
2011/02/08 12:23:23.0288 5316 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\windows\system32\DRIVERS\b57nd60x.sys
2011/02/08 12:23:23.0422 5316 Beep (505506526a9d467307b3c393dedaf858) C:\windows\system32\drivers\Beep.sys
2011/02/08 12:23:23.0549 5316 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\windows\system32\DRIVERS\blbdrive.sys
2011/02/08 12:23:23.0687 5316 bowser (fcafaef6798d7b51ff029f99a9898961) C:\windows\system32\DRIVERS\bowser.sys
2011/02/08 12:23:23.0791 5316 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\windows\system32\DRIVERS\BrFiltLo.sys
2011/02/08 12:23:23.0899 5316 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\windows\system32\DRIVERS\BrFiltUp.sys
2011/02/08 12:23:24.0026 5316 Brserid (845b8ce732e67f3b4133164868c666ea) C:\windows\System32\Drivers\Brserid.sys
2011/02/08 12:23:24.0130 5316 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\windows\System32\Drivers\BrSerWdm.sys
2011/02/08 12:23:24.0244 5316 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\windows\System32\Drivers\BrUsbMdm.sys
2011/02/08 12:23:24.0351 5316 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\windows\System32\Drivers\BrUsbSer.sys
2011/02/08 12:23:24.0447 5316 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\windows\system32\DRIVERS\bthmodem.sys
2011/02/08 12:23:24.0662 5316 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\windows\system32\DRIVERS\cdfs.sys
2011/02/08 12:23:24.0781 5316 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\windows\system32\DRIVERS\cdrom.sys
2011/02/08 12:23:24.0908 5316 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\windows\system32\DRIVERS\circlass.sys
2011/02/08 12:23:24.0999 5316 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\windows\system32\CLFS.sys
2011/02/08 12:23:25.0117 5316 CmBatt (dea805815e587dad1dd2c502220b5616) C:\windows\system32\DRIVERS\CmBatt.sys
2011/02/08 12:23:25.0214 5316 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\windows\system32\DRIVERS\cmdide.sys
2011/02/08 12:23:25.0345 5316 CNG (1b675691ed940766149c93e8f4488d68) C:\windows\system32\Drivers\cng.sys
2011/02/08 12:23:25.0467 5316 Compbatt (a6023d3823c37043986713f118a89bee) C:\windows\system32\DRIVERS\compbatt.sys
2011/02/08 12:23:25.0569 5316 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\windows\system32\DRIVERS\CompositeBus.sys
2011/02/08 12:23:25.0691 5316 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\windows\system32\DRIVERS\crcdisk.sys
2011/02/08 12:23:25.0831 5316 DfsC (8e09e52ee2e3ceb199ef3dd99cf9e3fb) C:\windows\system32\Drivers\dfsc.sys
2011/02/08 12:23:25.0928 5316 discache (1a050b0274bfb3890703d490f330c0da) C:\windows\system32\drivers\discache.sys
2011/02/08 12:23:26.0049 5316 Disk (565003f326f99802e68ca78f2a68e9ff) C:\windows\system32\DRIVERS\disk.sys
2011/02/08 12:23:26.0185 5316 Dot4 (b5e479eb83707dd698f66953e922042c) C:\windows\system32\DRIVERS\Dot4.sys
2011/02/08 12:23:26.0299 5316 Dot4Print (c25fea07a8e7767e8b89ab96a3b96519) C:\windows\system32\DRIVERS\Dot4Prt.sys
2011/02/08 12:23:26.0424 5316 dot4usb (cf491ff38d62143203c065260567e2f7) C:\windows\system32\DRIVERS\dot4usb.sys
2011/02/08 12:23:26.0533 5316 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\windows\system32\drivers\drmkaud.sys
2011/02/08 12:23:26.0677 5316 DXGKrnl (8b6c3464d7fac176500061dbfff42ad4) C:\windows\System32\drivers\dxgkrnl.sys
2011/02/08 12:23:26.0868 5316 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\windows\system32\DRIVERS\evbdx.sys
2011/02/08 12:23:27.0048 5316 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\windows\system32\DRIVERS\elxstor.sys
2011/02/08 12:23:27.0148 5316 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\windows\system32\DRIVERS\errdev.sys
2011/02/08 12:23:27.0275 5316 exfat (2dc9108d74081149cc8b651d3a26207f) C:\windows\system32\drivers\exfat.sys
2011/02/08 12:23:27.0391 5316 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\windows\system32\drivers\fastfat.sys
2011/02/08 12:23:27.0500 5316 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\windows\system32\DRIVERS\fdc.sys
2011/02/08 12:23:27.0540 5316 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\windows\system32\drivers\fileinfo.sys
2011/02/08 12:23:27.0632 5316 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\windows\system32\drivers\filetrace.sys
2011/02/08 12:23:27.0732 5316 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\windows\system32\DRIVERS\flpydisk.sys
2011/02/08 12:23:27.0835 5316 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\windows\system32\drivers\fltmgr.sys
2011/02/08 12:23:27.0943 5316 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\windows\system32\drivers\FsDepends.sys
2011/02/08 12:23:28.0041 5316 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\windows\system32\drivers\Fs_Rec.sys
2011/02/08 12:23:28.0155 5316 fvevol (5592f5dba26282d24d2b080eb438a4d7) C:\windows\system32\DRIVERS\fvevol.sys
2011/02/08 12:23:28.0270 5316 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\windows\system32\DRIVERS\gagp30kx.sys
2011/02/08 12:23:28.0415 5316 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\windows\system32\DRIVERS\GEARAspiWDM.sys
2011/02/08 12:23:28.0558 5316 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\windows\system32\drivers\hcw85cir.sys
2011/02/08 12:23:28.0674 5316 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\windows\system32\drivers\HdAudio.sys
2011/02/08 12:23:28.0789 5316 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\windows\system32\DRIVERS\HDAudBus.sys
2011/02/08 12:23:28.0890 5316 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\windows\system32\DRIVERS\HidBatt.sys
2011/02/08 12:23:28.0992 5316 HidBth (89448f40e6df260c206a193a4683ba78) C:\windows\system32\DRIVERS\hidbth.sys
2011/02/08 12:23:29.0100 5316 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\windows\system32\DRIVERS\hidir.sys
2011/02/08 12:23:29.0245 5316 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\windows\system32\DRIVERS\hidusb.sys
2011/02/08 12:23:29.0409 5316 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\windows\system32\DRIVERS\HpSAMD.sys
2011/02/08 12:23:29.0533 5316 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\windows\system32\drivers\HTTP.sys
2011/02/08 12:23:29.0632 5316 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\windows\system32\drivers\hwpolicy.sys
2011/02/08 12:23:29.0741 5316 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\windows\system32\DRIVERS\i8042prt.sys
2011/02/08 12:23:29.0852 5316 iaStor (d483687eace0c065ee772481a96e05f5) C:\windows\system32\DRIVERS\iaStor.sys
2011/02/08 12:23:29.0971 5316 iaStorV (934af4d7c5f457b9f0743f4299b77b67) C:\windows\system32\DRIVERS\iaStorV.sys
2011/02/08 12:23:30.0244 5316 igfx (315aaaa2bc9bc778adc0454b3ca8dcce) C:\windows\system32\DRIVERS\igdkmd32.sys
2011/02/08 12:23:30.0486 5316 iirsp (4173ff5708f3236cf25195fecd742915) C:\windows\system32\DRIVERS\iirsp.sys
2011/02/08 12:23:30.0687 5316 IntcAzAudAddService (e4a2e810cb2607c9c159c0dfb0bd4c88) C:\windows\system32\drivers\RTKVHDA.sys
2011/02/08 12:23:30.0814 5316 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\windows\system32\DRIVERS\intelide.sys
2011/02/08 12:23:30.0935 5316 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\windows\system32\DRIVERS\intelppm.sys
2011/02/08 12:23:31.0045 5316 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\windows\system32\DRIVERS\ipfltdrv.sys
2011/02/08 12:23:31.0146 5316 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\windows\system32\DRIVERS\IPMIDrv.sys
2011/02/08 12:23:31.0182 5316 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\windows\system32\drivers\ipnat.sys
2011/02/08 12:23:31.0297 5316 IRENUM (42996cff20a3084a56017b7902307e9f) C:\windows\system32\drivers\irenum.sys
2011/02/08 12:23:31.0400 5316 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\windows\system32\DRIVERS\isapnp.sys
2011/02/08 12:23:31.0521 5316 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\windows\system32\DRIVERS\msiscsi.sys
2011/02/08 12:23:31.0627 5316 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\windows\system32\DRIVERS\kbdclass.sys
2011/02/08 12:23:31.0728 5316 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\windows\system32\DRIVERS\kbdhid.sys
2011/02/08 12:23:31.0836 5316 KSecDD (e36a061ec11b373826905b21be10948f) C:\windows\system32\Drivers\ksecdd.sys
2011/02/08 12:23:31.0946 5316 KSecPkg (365c6154bbbc5377173f1ca7bfb6cc59) C:\windows\system32\Drivers\ksecpkg.sys
2011/02/08 12:23:32.0064 5316 Lavasoft Kernexplorer (0bd6d3f477df86420de942a741dabe37) C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys
2011/02/08 12:23:32.0177 5316 Lbd (b7c19ec8b0dd7efa58ad41ffeb8b8cda) C:\windows\system32\DRIVERS\Lbd.sys
2011/02/08 12:23:32.0297 5316 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\windows\system32\DRIVERS\lltdio.sys
2011/02/08 12:23:32.0410 5316 LPCFilter (6e3d3816749e107883eec5734ce44493) C:\windows\system32\DRIVERS\LPCFilter.sys
2011/02/08 12:23:32.0533 5316 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\windows\system32\DRIVERS\lsi_fc.sys
2011/02/08 12:23:32.0860 5316 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\windows\system32\DRIVERS\lsi_sas.sys
2011/02/08 12:23:32.0977 5316 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\windows\system32\DRIVERS\lsi_sas2.sys
2011/02/08 12:23:33.0083 5316 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\windows\system32\DRIVERS\lsi_scsi.sys
2011/02/08 12:23:33.0182 5316 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\windows\system32\drivers\luafv.sys
2011/02/08 12:23:33.0309 5316 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\windows\system32\DRIVERS\megasas.sys
2011/02/08 12:23:33.0421 5316 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\windows\system32\DRIVERS\MegaSR.sys
2011/02/08 12:23:33.0544 5316 Modem (f001861e5700ee84e2d4e52c712f4964) C:\windows\system32\drivers\modem.sys
2011/02/08 12:23:33.0655 5316 monitor (79d10964de86b292320e9dfe02282a23) C:\windows\system32\DRIVERS\monitor.sys
2011/02/08 12:23:33.0753 5316 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\windows\system32\DRIVERS\mouclass.sys
2011/02/08 12:23:33.0864 5316 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\windows\system32\DRIVERS\mouhid.sys
2011/02/08 12:23:33.0956 5316 mountmgr (921c18727c5920d6c0300736646931c2) C:\windows\system32\drivers\mountmgr.sys
2011/02/08 12:23:34.0421 5316 MpFilter (7e34bfa1a7b60bba1da03d677f16cd63) C:\windows\system32\DRIVERS\MpFilter.sys
2011/02/08 12:23:34.0529 5316 mpio (2af5997438c55fb79d33d015c30e1974) C:\windows\system32\DRIVERS\mpio.sys
2011/02/08 12:23:34.0694 5316 MpKsl8236e8a3 (5f53edfead46fa7adb78eee9ecce8fdf) c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{851405D4-C1DA-4EB5-9C95-ED112C727DD4}\MpKsl8236e8a3.sys
2011/02/08 12:23:34.0969 5316 MpKslae8db63f (5f53edfead46fa7adb78eee9ecce8fdf) c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{851405D4-C1DA-4EB5-9C95-ED112C727DD4}\MpKslae8db63f.sys
2011/02/08 12:23:35.0130 5316 MpKslc2595d82 (5f53edfead46fa7adb78eee9ecce8fdf) c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{851405D4-C1DA-4EB5-9C95-ED112C727DD4}\MpKslc2595d82.sys
2011/02/08 12:23:35.0249 5316 MpNWMon (f32e2d6a1640a469a9ed4f1929a4a861) C:\windows\system32\DRIVERS\MpNWMon.sys
2011/02/08 12:23:35.0350 5316 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\windows\system32\drivers\mpsdrv.sys
2011/02/08 12:23:35.0396 5316 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\windows\system32\drivers\mrxdav.sys
2011/02/08 12:23:35.0521 5316 mrxsmb (f1b6aa08497ea86ca6ef6f7a08b0bfb8) C:\windows\system32\DRIVERS\mrxsmb.sys
2011/02/08 12:23:35.0632 5316 mrxsmb10 (5613358b4050f46f5a9832da8050d6e4) C:\windows\system32\DRIVERS\mrxsmb10.sys
2011/02/08 12:23:35.0757 5316 mrxsmb20 (25c9792778d80feb4c8201e62281bfdf) C:\windows\system32\DRIVERS\mrxsmb20.sys
2011/02/08 12:23:35.0855 5316 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\windows\system32\DRIVERS\msahci.sys
2011/02/08 12:23:35.0942 5316 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\windows\system32\DRIVERS\msdsm.sys
2011/02/08 12:23:36.0053 5316 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\windows\system32\drivers\Msfs.sys
2011/02/08 12:23:36.0141 5316 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\windows\System32\drivers\mshidkmdf.sys
2011/02/08 12:23:36.0235 5316 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\windows\system32\DRIVERS\msisadrv.sys
2011/02/08 12:23:36.0358 5316 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\windows\system32\drivers\MSKSSRV.sys
2011/02/08 12:23:36.0481 5316 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\windows\system32\drivers\MSPCLOCK.sys
2011/02/08 12:23:36.0593 5316 MSPQM (f456e973590d663b1073e9c463b40932) C:\windows\system32\drivers\MSPQM.sys
2011/02/08 12:23:36.0693 5316 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\windows\system32\drivers\MsRPC.sys
2011/02/08 12:23:36.0801 5316 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\windows\system32\DRIVERS\mssmbios.sys
2011/02/08 12:23:36.0918 5316 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\windows\system32\drivers\MSTEE.sys
2011/02/08 12:23:37.0005 5316 MTConfig (33599130f44e1f34631cea241de8ac84) C:\windows\system32\DRIVERS\MTConfig.sys
2011/02/08 12:23:37.0097 5316 Mup (159fad02f64e6381758c990f753bcc80) C:\windows\system32\Drivers\mup.sys
2011/02/08 12:23:37.0235 5316 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\windows\system32\DRIVERS\nwifi.sys
2011/02/08 12:23:37.0354 5316 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\windows\system32\drivers\ndis.sys
2011/02/08 12:23:37.0470 5316 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\windows\system32\DRIVERS\ndiscap.sys
2011/02/08 12:23:37.0573 5316 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\windows\system32\DRIVERS\ndistapi.sys
2011/02/08 12:23:37.0693 5316 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\windows\system32\DRIVERS\ndisuio.sys
2011/02/08 12:23:37.0790 5316 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\windows\system32\DRIVERS\ndiswan.sys
2011/02/08 12:23:37.0985 5316 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\windows\system32\drivers\NDProxy.sys
2011/02/08 12:23:38.0096 5316 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\windows\system32\DRIVERS\netbios.sys
2011/02/08 12:23:38.0186 5316 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\windows\system32\DRIVERS\netbt.sys
2011/02/08 12:23:38.0337 5316 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\windows\system32\DRIVERS\nfrd960.sys
2011/02/08 12:23:38.0443 5316 NisDrv (17e2c08c5ecfbe94a7c67b1c275ee9d9) C:\windows\system32\DRIVERS\NisDrvWFP.sys
2011/02/08 12:23:38.0592 5316 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\windows\system32\drivers\Npfs.sys
2011/02/08 12:23:38.0699 5316 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\windows\system32\drivers\nsiproxy.sys
2011/02/08 12:23:38.0828 5316 Ntfs (3795dcd21f740ee799fb7223234215af) C:\windows\system32\drivers\Ntfs.sys
2011/02/08 12:23:38.0934 5316 Null (f9756a98d69098dca8945d62858a812c) C:\windows\system32\drivers\Null.sys
2011/02/08 12:23:39.0054 5316 nvraid (3f3d04b1d08d43c16ea7963954ec768d) C:\windows\system32\DRIVERS\nvraid.sys
2011/02/08 12:23:39.0158 5316 nvstor (c99f251a5de63c6f129cf71933aced0f) C:\windows\system32\DRIVERS\nvstor.sys
2011/02/08 12:23:39.0267 5316 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\windows\system32\DRIVERS\nv_agp.sys
2011/02/08 12:23:39.0398 5316 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\windows\system32\DRIVERS\ohci1394.sys
2011/02/08 12:23:39.0535 5316 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\windows\system32\DRIVERS\parport.sys
2011/02/08 12:23:39.0643 5316 partmgr (ff4218952b51de44fe910953a3e686b9) C:\windows\system32\drivers\partmgr.sys
2011/02/08 12:23:39.0743 5316 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\windows\system32\DRIVERS\parvdm.sys
2011/02/08 12:23:39.0856 5316 pci (c858cb77c577780ecc456a892e7e7d0f) C:\windows\system32\DRIVERS\pci.sys
2011/02/08 12:23:39.0967 5316 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\windows\system32\DRIVERS\pciide.sys
2011/02/08 12:23:40.0071 5316 pcmcia (f396431b31693e71e8a80687ef523506) C:\windows\system32\DRIVERS\pcmcia.sys
2011/02/08 12:23:40.0169 5316 pcw (250f6b43d2b613172035c6747aeeb19f) C:\windows\system32\drivers\pcw.sys
2011/02/08 12:23:40.0283 5316 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\windows\system32\drivers\peauth.sys
2011/02/08 12:23:40.0418 5316 PGEffect (1b5011dd8d57f53aed31ff0f7d635802) C:\windows\system32\DRIVERS\pgeffect.sys
2011/02/08 12:23:40.0583 5316 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\windows\system32\DRIVERS\raspptp.sys
2011/02/08 12:23:40.0684 5316 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\windows\system32\DRIVERS\processr.sys
2011/02/08 12:23:40.0812 5316 Psched (6270ccae2a86de6d146529fe55b3246a) C:\windows\system32\DRIVERS\pacer.sys
2011/02/08 12:23:40.0945 5316 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\windows\system32\DRIVERS\ql2300.sys
2011/02/08 12:23:41.0061 5316 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\windows\system32\DRIVERS\ql40xx.sys
2011/02/08 12:23:41.0163 5316 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\windows\system32\drivers\qwavedrv.sys
2011/02/08 12:23:41.0268 5316 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\windows\system32\DRIVERS\rasacd.sys
2011/02/08 12:23:41.0398 5316 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\windows\system32\DRIVERS\AgileVpn.sys
2011/02/08 12:23:41.0515 5316 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\windows\system32\DRIVERS\rasl2tp.sys
2011/02/08 12:23:41.0636 5316 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\windows\system32\DRIVERS\raspppoe.sys
2011/02/08 12:23:41.0743 5316 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\windows\system32\DRIVERS\rassstp.sys
2011/02/08 12:23:41.0835 5316 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\windows\system32\DRIVERS\rdbss.sys
2011/02/08 12:23:41.0937 5316 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\windows\system32\DRIVERS\rdpbus.sys
2011/02/08 12:23:42.0385 5316 RDPCDD (1e016846895b15a99f9a176a05029075) C:\windows\system32\DRIVERS\RDPCDD.sys
2011/02/08 12:23:42.0489 5316 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\windows\system32\drivers\rdpencdd.sys
2011/02/08 12:23:42.0585 5316 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\windows\system32\drivers\rdprefmp.sys
2011/02/08 12:23:42.0699 5316 RDPWD (801371ba9782282892d00aadb08ee367) C:\windows\system32\drivers\RDPWD.sys
2011/02/08 12:23:42.0811 5316 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\windows\system32\drivers\rdyboost.sys
2011/02/08 12:23:42.0932 5316 RimUsb (f17713d108aca124a139fde877eef68a) C:\windows\system32\Drivers\RimUsb.sys
2011/02/08 12:23:43.0047 5316 RimVSerPort (d9b34325ee5df78b8f28a3de9f577c7d) C:\windows\system32\DRIVERS\RimSerial.sys
2011/02/08 12:23:43.0327 5316 ROOTMODEM (564297827d213f52c7a3a2ff749568ca) C:\windows\system32\Drivers\RootMdm.sys
2011/02/08 12:23:43.0489 5316 rspndr (032b0d36ad92b582d869879f5af5b928) C:\windows\system32\DRIVERS\rspndr.sys
2011/02/08 12:23:43.0620 5316 RSUSBSTOR (ef8b2afc3c0751c5e5a59983c8893260) C:\windows\system32\Drivers\RtsUStor.sys
2011/02/08 12:23:43.0735 5316 RTL8167 (26a9d6227d12b9d9da5a81bb9b55d810) C:\windows\system32\DRIVERS\Rt86win7.sys
2011/02/08 12:23:43.0866 5316 RTL8187B (0a804a2375b99419d13821b451651856) C:\windows\system32\DRIVERS\RTL8187B.sys
2011/02/08 12:23:44.0073 5316 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\windows\system32\DRIVERS\sbp2port.sys
2011/02/08 12:23:44.0175 5316 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\windows\system32\DRIVERS\scfilter.sys
2011/02/08 12:23:44.0305 5316 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\windows\system32\drivers\secdrv.sys
2011/02/08 12:23:44.0432 5316 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\windows\system32\DRIVERS\serenum.sys
2011/02/08 12:23:44.0552 5316 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\windows\system32\DRIVERS\serial.sys
2011/02/08 12:23:44.0677 5316 sermouse (79bffb520327ff916a582dfea17aa813) C:\windows\system32\DRIVERS\sermouse.sys
2011/02/08 12:23:44.0801 5316 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\windows\system32\DRIVERS\sffdisk.sys
2011/02/08 12:23:44.0901 5316 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\windows\system32\DRIVERS\sffp_mmc.sys
2011/02/08 12:23:45.0000 5316 sffp_sd (4f1e5b0fe7c8050668dbfade8999aefb) C:\windows\system32\DRIVERS\sffp_sd.sys
2011/02/08 12:23:45.0108 5316 sfloppy (db96666cc8312ebc45032f30b007a547) C:\windows\system32\DRIVERS\sfloppy.sys
2011/02/08 12:23:45.0234 5316 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\windows\system32\DRIVERS\sisagp.sys
2011/02/08 12:23:45.0349 5316 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\windows\system32\DRIVERS\SiSRaid2.sys
2011/02/08 12:23:45.0444 5316 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\windows\system32\DRIVERS\sisraid4.sys
2011/02/08 12:23:45.0551 5316 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\windows\system32\DRIVERS\smb.sys
2011/02/08 12:23:45.0692 5316 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\windows\system32\drivers\spldr.sys
2011/02/08 12:23:45.0839 5316 srv (2dbedfb1853f06110ec2aa7f3213c89f) C:\windows\system32\DRIVERS\srv.sys
2011/02/08 12:23:45.0949 5316 srv2 (db37131d1027c50ea7ee21c8bb4536aa) C:\windows\system32\DRIVERS\srv2.sys
2011/02/08 12:23:46.0060 5316 srvnet (f5980b74124db9233b33f86fc5ebbb4f) C:\windows\system32\DRIVERS\srvnet.sys
2011/02/08 12:23:46.0180 5316 stexstor (db32d325c192b801df274bfd12a7e72b) C:\windows\system32\DRIVERS\stexstor.sys
2011/02/08 12:23:46.0305 5316 StillCam (edb05bd63148796f23ea78506404a538) C:\windows\system32\DRIVERS\serscan.sys
2011/02/08 12:23:46.0414 5316 swenum (e58c78a848add9610a4db6d214af5224) C:\windows\system32\DRIVERS\swenum.sys
2011/02/08 12:23:46.0556 5316 SynTP (8bd10dc8809dc69a1c5a795cb10add76) C:\windows\system32\DRIVERS\SynTP.sys
2011/02/08 12:23:46.0727 5316 Tcpip (bb7f39c31c4a4417fd318e7cd184e225) C:\windows\system32\drivers\tcpip.sys
2011/02/08 12:23:46.0883 5316 TCPIP6 (bb7f39c31c4a4417fd318e7cd184e225) C:\windows\system32\DRIVERS\tcpip.sys
2011/02/08 12:23:47.0009 5316 tcpipreg (e64444523add154f86567c469bc0b17f) C:\windows\system32\drivers\tcpipreg.sys
2011/02/08 12:23:47.0253 5316 tdcmdpst (4084ea00d50c858d6f9038f86ae2e2d0) C:\windows\system32\DRIVERS\tdcmdpst.sys
2011/02/08 12:23:47.0348 5316 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\windows\system32\drivers\tdpipe.sys
2011/02/08 12:23:47.0448 5316 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\windows\system32\drivers\tdtcp.sys
2011/02/08 12:23:47.0555 5316 tdx (cb39e896a2a83702d1737bfd402b3542) C:\windows\system32\DRIVERS\tdx.sys
2011/02/08 12:23:47.0730 5316 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\windows\system32\DRIVERS\termdd.sys
2011/02/08 12:23:47.0905 5316 tos_sps32 (969377943fe7284609babbab4e06b93c) C:\windows\system32\DRIVERS\tos_sps32.sys
2011/02/08 12:23:48.0035 5316 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\windows\system32\DRIVERS\tssecsrv.sys
2011/02/08 12:23:48.0138 5316 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\windows\system32\DRIVERS\tunnel.sys
2011/02/08 12:23:48.0256 5316 TVALZ (fc24015b4052600c324c43e3a79c0664) C:\windows\system32\DRIVERS\TVALZ_O.SYS
2011/02/08 12:23:48.0368 5316 TVALZFL (866462f5ae3f375ef83ef9dce436031c) C:\windows\system32\DRIVERS\TVALZFL.sys
2011/02/08 12:23:48.0448 5316 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\windows\system32\DRIVERS\uagp35.sys
2011/02/08 12:23:48.0548 5316 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\windows\system32\DRIVERS\udfs.sys
2011/02/08 12:23:48.0690 5316 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\windows\system32\DRIVERS\uliagpkx.sys
2011/02/08 12:23:48.0804 5316 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\windows\system32\DRIVERS\umbus.sys
2011/02/08 12:23:48.0920 5316 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\windows\system32\DRIVERS\umpass.sys
2011/02/08 12:23:49.0037 5316 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\windows\system32\Drivers\usbaapl.sys
2011/02/08 12:23:49.0154 5316 usbccgp (8455c4ed038efd09e99327f9d2d48ffa) C:\windows\system32\DRIVERS\usbccgp.sys
2011/02/08 12:23:49.0361 5316 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\windows\system32\DRIVERS\usbcir.sys
2011/02/08 12:23:49.0469 5316 usbehci (1c333bfd60f2fed2c7ad5daf533cb742) C:\windows\system32\DRIVERS\usbehci.sys
2011/02/08 12:23:49.0583 5316 usbhub (ee6ef93ccfa94fae8c6ab298273d8ae2) C:\windows\system32\DRIVERS\usbhub.sys
2011/02/08 12:23:49.0717 5316 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\windows\system32\DRIVERS\usbohci.sys
2011/02/08 12:23:49.0828 5316 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\windows\system32\DRIVERS\usbprint.sys
2011/02/08 12:23:49.0937 5316 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\windows\system32\DRIVERS\usbscan.sys
2011/02/08 12:23:49.0993 5316 USBSTOR (d8889d56e0d27e57ed4591837fe71d27) C:\windows\system32\DRIVERS\USBSTOR.SYS
2011/02/08 12:23:50.0136 5316 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\windows\system32\DRIVERS\usbuhci.sys
2011/02/08 12:23:50.0237 5316 usbvideo (f642a7e4bf78cfa359cca0a3557c28d7) C:\windows\system32\Drivers\usbvideo.sys
2011/02/08 12:23:50.0357 5316 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\windows\system32\DRIVERS\vdrvroot.sys
2011/02/08 12:23:50.0474 5316 vga (17c408214ea61696cec9c66e388b14f3) C:\windows\system32\DRIVERS\vgapnp.sys
2011/02/08 12:23:50.0573 5316 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\windows\System32\drivers\vga.sys
2011/02/08 12:23:50.0677 5316 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\windows\system32\DRIVERS\vhdmp.sys
2011/02/08 12:23:50.0786 5316 viaagp (c829317a37b4bea8f39735d4b076e923) C:\windows\system32\DRIVERS\viaagp.sys
2011/02/08 12:23:50.0880 5316 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\windows\system32\DRIVERS\viac7.sys
2011/02/08 12:23:50.0981 5316 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\windows\system32\DRIVERS\viaide.sys
2011/02/08 12:23:51.0081 5316 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\windows\system32\DRIVERS\volmgr.sys
2011/02/08 12:23:51.0195 5316 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\windows\system32\drivers\volmgrx.sys
2011/02/08 12:23:51.0323 5316 volsnap (58df9d2481a56edde167e51b334d44fd) C:\windows\system32\DRIVERS\volsnap.sys
2011/02/08 12:23:51.0440 5316 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\windows\system32\DRIVERS\vsmraid.sys
2011/02/08 12:23:51.0563 5316 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\windows\System32\drivers\vwifibus.sys
2011/02/08 12:23:51.0719 5316 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\windows\system32\DRIVERS\vwififlt.sys
2011/02/08 12:23:51.0839 5316 WacomPen (de3721e89c653aa281428c8a69745d90) C:\windows\system32\DRIVERS\wacompen.sys
2011/02/08 12:23:51.0946 5316 WANARP (692a712062146e96d28ba0b7d75de31b) C:\windows\system32\DRIVERS\wanarp.sys
2011/02/08 12:23:51.0963 5316 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\windows\system32\DRIVERS\wanarp.sys
2011/02/08 12:23:52.0118 5316 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\windows\system32\DRIVERS\wd.sys
2011/02/08 12:23:52.0226 5316 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\windows\system32\drivers\Wdf01000.sys
2011/02/08 12:23:52.0386 5316 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\windows\system32\DRIVERS\wfplwf.sys
2011/02/08 12:23:52.0485 5316 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\windows\system32\drivers\wimmount.sys
2011/02/08 12:23:52.0647 5316 WinUsb (30fc6e5448d0cbaaa95280eeef7fedae) C:\windows\system32\DRIVERS\WinUsb.sys
2011/02/08 12:23:52.0747 5316 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\windows\system32\DRIVERS\wmiacpi.sys
2011/02/08 12:23:52.0887 5316 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\windows\system32\drivers\ws2ifsl.sys
2011/02/08 12:23:53.0013 5316 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\windows\system32\drivers\WudfPf.sys
2011/02/08 12:23:53.0116 5316 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\windows\system32\DRIVERS\WUDFRd.sys
2011/02/08 12:23:53.0391 5316 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2011/02/08 12:23:53.0397 5316 ================================================================================
2011/02/08 12:23:53.0398 5316 Scan finished
2011/02/08 12:23:53.0398 5316 ================================================================================
2011/02/08 12:23:53.0417 2728 Detected object count: 1
2011/02/08 12:24:21.0890 2728 \HardDisk0 - will be cured after reboot
2011/02/08 12:24:21.0891 2728 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure
2011/02/08 12:24:30.0535 6048 Deinitialize success
ken545
2011-02-08, 03:47
:bigthumb:

Make sure you reboot for the fix to take effect and then run this program

Download ComboFix from one of these locations:

Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link 2 (http://www.forospyware.com/sUBs/ComboFix.exe)


* IMPORTANT !!! Save ComboFix.exe to your Desktop


Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
See this Link (http://www.bleepingcomputer.com/forums/topic114351.html) for programs that need to be disabled and instruction on how to disable them.
Remember to re-enable them when we're done.


Double click on ComboFix.exe & follow the prompts.


As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.


Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.



http://img.photobucket.com/albums/v706/ried7/RC1.png


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

http://img.photobucket.com/albums/v706/ried7/RC2-1.png

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

*If there is no internet connection when Combofix has completely finished then restart your computer to restore back the connections.
sunny01au
2011-02-08, 04:09
Hi,

here is the combofix log:

ComboFix 11-02-07.01 - Sonny 08/02/2011 12:55:11.3.2 - x86
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.61.1033.18.1913.925 [GMT 11:00]
Running from: c:\users\Sonny\Desktop\ComboFix.exe
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {DAAC1C79-1A96-9DFE-FC4C-6940214C33E6}
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {61CDFD9D-3CAC-9270-C6FC-52325ACB795B}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((( Files Created from 2011-01-08 to 2011-02-08 )))))))))))))))))))))))))))))))
.

2011-02-08 02:02 . 2011-02-08 02:02 -------- d-----w- c:\users\Public\AppData\Local\temp
2011-02-08 02:02 . 2011-02-08 02:02 -------- d-----w- c:\users\Gunjan\AppData\Local\temp
2011-02-08 02:02 . 2011-02-08 02:02 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-02-08 02:02 . 2011-02-08 02:02 -------- d-----w- c:\users\Guest\AppData\Local\temp
2011-02-08 01:50 . 2011-02-08 01:51 -------- d-----w- C:\32788R22FWJFW
2011-02-08 01:25 . 2011-02-08 01:25 28752 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{851405D4-C1DA-4EB5-9C95-ED112C727DD4}\MpKslc15b73f2.sys
2011-02-07 09:57 . 2011-02-07 09:57 -------- d-----w- c:\program files\ERUNT
2011-02-07 06:21 . 2011-01-13 09:41 5890896 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{851405D4-C1DA-4EB5-9C95-ED112C727DD4}\mpengine.dll
2011-02-07 05:56 . 2011-02-07 05:56 -------- d-----w- c:\program files\Sierra Wireless Inc
2011-02-07 05:55 . 2011-02-07 05:55 -------- d-----w- c:\users\Sonny\AppData\Roaming\Sierra Wireless
2011-02-06 13:47 . 2011-02-06 13:47 -------- d-----w- c:\windows\Sun
2011-02-01 12:57 . 2011-02-01 12:57 -------- d-----w- c:\users\Public\While You Were Sleeping
2011-01-31 04:31 . 2011-02-07 06:15 -------- d-----w- c:\users\Sonny\AppData\Roaming\Mp3tag
2011-01-31 04:30 . 2011-02-07 06:15 -------- d-----w- c:\program files\Mp3tag
2011-01-26 16:29 . 2011-01-26 16:29 439632 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0C9D28B9-6354-479E-8CCD-9898AB48280D}\gapaengine.dll
2011-01-26 10:27 . 2011-01-26 10:27 -------- d-----w- C:\New folder
2011-01-26 07:08 . 2011-01-26 07:08 -------- d-----w- c:\programdata\Adobe Systems
2011-01-26 07:02 . 2011-01-26 07:02 -------- d-----w- c:\program files\Common Files\Adobe Systems Shared
2011-01-26 02:18 . 2011-01-13 09:41 5890896 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Updates\mpengine.dll
2011-01-26 02:17 . 2011-01-26 02:20 -------- d-----w- c:\program files\Microsoft Security Client
2011-01-26 02:16 . 2010-04-09 07:24 240008 ----a-w- c:\windows\system32\drivers\netio.sys
2011-01-22 05:11 . 2011-01-22 05:10 737280 ----a-w- c:\windows\iun6002.exe
2011-01-22 05:11 . 2011-01-22 05:11 -------- d-----w- c:\program files\Karaoke Anything!
2011-01-22 04:40 . 2011-01-22 04:40 -------- d-----w- c:\program files\Plugins
2011-01-22 04:38 . 2011-02-07 06:15 -------- d-----w- c:\users\Sonny\AppData\Roaming\Winamp
2011-01-22 04:38 . 2011-01-22 04:39 -------- d-----w- c:\program files\Winamp
2011-01-19 03:40 . 2011-01-19 03:40 -------- d-----w- c:\users\Sonny\AppData\Local\Sony
2011-01-19 03:38 . 2011-01-19 03:52 -------- d-----w- c:\program files\Sony
2011-01-19 00:41 . 2011-02-07 06:15 -------- d-----w- c:\users\Sonny\AppData\Roaming\PhotoScape
2011-01-19 00:30 . 2011-01-19 00:30 -------- d-----w- c:\program files\PhotoScape
2011-01-17 11:46 . 2011-01-17 11:46 -------- d-----w- c:\program files\ABC Amber BlackBerry Converter
2011-01-17 04:04 . 2011-01-17 04:04 -------- d-----w- c:\program files\ConduitEngine
2011-01-17 04:04 . 2011-01-17 04:04 -------- d-----w- c:\program files\uTorrentBar

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-13 09:41 . 2010-11-27 14:55 5890896 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2010-12-09 16:59 . 2009-12-23 00:24 336192 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2010-11-27 12:33 . 2010-11-27 12:33 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-11-16 05:04 . 2010-11-16 05:04 388096 ----a-r- c:\users\Sonny\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-11-10 12:09 . 2010-11-10 12:09 53248 ----a-r- c:\users\Gunjan\AppData\Roaming\Microsoft\Installer\{23C12370-3A82-4558-B727-F345B473AD87}\ARPPRODUCTICON.exe
2010-11-10 04:33 . 2010-11-23 10:21 6273872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{72AF60AB-88F1-4DC9-BB22-DBE1F8840740}\mpengine.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}"= "c:\program files\Softonic-Eng7\tbSoft.dll" [2010-03-17 2355224]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files\uTorrentBar\tbuTor.dll" [2010-12-09 3911776]

[HKEY_CLASSES_ROOT\clsid\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]

[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-12-09 01:51 3911776 ----a-w- c:\program files\ConduitEngine\ConduitEngine.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]
2010-03-17 05:45 2355224 ----a-w- c:\program files\Softonic-Eng7\tbSoft.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
2010-12-09 01:51 3911776 ----a-w- c:\program files\uTorrentBar\tbuTor.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}"= "c:\program files\Softonic-Eng7\tbSoft.dll" [2010-03-17 2355224]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files\uTorrentBar\tbuTor.dll" [2010-12-09 3911776]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-12-09 3911776]

[HKEY_CLASSES_ROOT\clsid\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]

[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]

[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3}"= "c:\program files\Softonic-Eng7\tbSoft.dll" [2010-03-17 2355224]
"{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}"= "c:\program files\uTorrentBar\tbuTor.dll" [2010-12-09 3911776]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-12-09 3911776]

[HKEY_CLASSES_ROOT\clsid\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]

[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]

[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-11-17 39408]
"Google Update"="c:\users\Sonny\AppData\Local\Google\Update\GoogleUpdate.exe" [2009-12-22 135664]
"VeohPlugin"="c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2009-12-22 2642168]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-10 218032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TWebCamera"="%ProgramFiles%\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe autorun" [X]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-02 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-02 174104]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-02 151064]
"SVPWUTIL"="c:\program files\TOSHIBA\Utilities\SVPWUTIL.exe" [2009-07-10 352256]
"HWSetup"="c:\program files\TOSHIBA\Utilities\HWSetup.exe" [2009-06-02 425984]
"KeNotify"="c:\program files\TOSHIBA\Utilities\KeNotify.exe" [2009-01-14 34088]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-07-29 7625248]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2009-08-04 611672]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-03-05 1135912]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-08-08 198160]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-23 421160]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]

c:\users\Sonny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-12-15 384000]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

R1 MpKsla8e3fefd;MpKsla8e3fefd;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D9A257F4-0008-4285-A7AA-72B8ED75B587}\MpKsla8e3fefd.sys [x]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-21 135664]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-10-24 43392]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2010-10-24 54144]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 206360]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-07-31 171520]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 TMachInfo;TMachInfo;c:\program files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-08-17 51512]
R3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2009-08-07 685424]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-03-06 1343400]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2010-09-23 64288]
S1 MpKslc15b73f2;MpKslc15b73f2;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{851405D4-C1DA-4EB5-9C95-ED112C727DD4}\MpKslc15b73f2.sys [2011-02-08 28752]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe [2009-07-18 181616]
S2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-11 46448]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2010-11-27 1375992]
S2 RSELSVC;TOSHIBA Modem region select service;c:\program files\TOSHIBA\RSelect\RSelSvc.exe [2009-07-07 62832]
S2 TeamViewer5;TeamViewer 5;c:\program files\TeamViewer\Version5\TeamViewer_Service.exe [2010-07-06 173352]
S2 TeamViewer6;TeamViewer 6;c:\program files\TeamViewer\Version6\TeamViewer_Service.exe [2011-01-14 2250616]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2009-08-10 181616]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [2009-06-20 12920]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [2010-11-27 15264]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [2009-06-23 24064]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-05-23 167936]
S3 RTL8187B;Realtek RTL8187B Wireless 802.11bg 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8187B.sys [2009-08-13 376320]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2009-08-04 111960]


--- Other Services/Drivers In Memory ---

*NewlyCreated* - MPKSLC15B73F2

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2011-02-08 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-09-23 12:33]

2011-02-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-21 12:49]

2011-02-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-21 12:49]

2011-02-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-821897740-3954700717-3476648037-1005Core.job
- c:\users\Sonny\AppData\Local\Google\Update\GoogleUpdate.exe [2009-12-22 08:19]

2011-02-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-821897740-3954700717-3476648037-1005UA.job
- c:\users\Sonny\AppData\Local\Google\Update\GoogleUpdate.exe [2009-12-22 08:19]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.theage.com.au/
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSAU&bmod=TSAU
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MIF5BA~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
FF - ProfilePath - c:\users\Sonny\AppData\Roaming\Mozilla\Firefox\Profiles\42tuj77h.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: HP Smart Web Printing: smartwebprinting@hp.com - c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\program files\Real\RealPlayer\browserrecord
FF - Ext: HP Smart Web Printing: smartwebprinting@hp.com - c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF - Ext: Illimitux: illimitux@illimitux.net - %profile%\extensions\illimitux@illimitux.net
FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com
FF - Ext: uTorrentBar Community Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - %profile%\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe


.
Completion time: 2011-02-08 13:04:42
ComboFix-quarantined-files.txt 2011-02-08 02:04
ComboFix2.txt 2010-11-28 08:38

Pre-Run: 264,527,769,600 bytes free
Post-Run: 264,606,937,088 bytes free

- - End Of File - - 778DF844025CF6583F38478B48F911AB
ken545
2011-02-08, 11:10
Good Morning,

uTorrent
Softonic
Just want to give you a heads up on P2P programs, your downloading a file from an unknown source, you never know whats attached to that file, its like playing Russian roulette malwarewise.

Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.



We have noticed that many people seeking help from us are coming with infections contracted from the use of P2P programs.

Because of this, we changed our malware forum's policy on the use of P2P file sharing programs.


If your helper detects the presence of such programs on your computer he/she will ask you to remove them. Help will be withdrawn should you not agree to their removal.
If we clean your computer of infection, and you return to us a short time later with an infection contracted by the use of P2P programs, volunteer analysts will refuse their help.


We do not ask you to do this without reason.


P2P (File Sharing ) programs form a direct conduit onto your computer, their security measures are easily circumvented, and Malware writers are increasingly exploiting them to spread their wares onto your computer. Further to that, if your P2P program is not configured correctly you may be sharing more files than you realize. There have been cases where people's Passwords, Address Books and other personal, private, and financial details have been exposed to the file sharing network by a badly configured program.

Many of the programs come bundled with other unwanted programs, but even the ones free of any bundled software are not safe to use.

This article from InfoWorld illustrates the dangers of a poorly configured P2P program.
http://www.infoworld.com/article/07/09/06/...ID-theft_1.html (http://www.infoworld.com/article/07/09/06/Seattle-man-arrested-for-p-to-p-ID-theft_1.html)

When you use them you are downloading software from an unknown source directly onto your computer, bypassing your Firewall and Anti-Virus software. Hardly surprising then that many of these Downloads are being targeted to carry infections.


Please download ATF Cleaner (http://www.atribune.org/ccount/click.php?id=1) by Atribune to your desktop.

Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.Your system may start up slower after running ATF Cleaner, this is expected but will be back to normal after the first or second boot up
Please note: If you use online banking or are registered online with any other organizations, ensure you have memorized password and other personal information as removing cookies will temporarily disable the auto-login facility.






Please download Malwarebytes from Here (http://www.malwarebytes.org/mbam-download.php) or Here (http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html)


Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform quick scan, then click Scan.
http://i24.photobucket.com/albums/c30/ken545/MBAMCapture.jpg
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected .
When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.
Post the report please






OTL by OldTimer

Download OTL (http://oldtimer.geekstogo.com/OTL.exe) to your desktop.
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Check the boxes beside LOP Check and Purity Check.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.
sunny01au
2011-02-09, 05:42
Hi,

Log from Malwarebytes:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 5213

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

9/02/2011 2:31:36 PM
mbam-log-2011-02-09 (14-31-36).txt

Scan type: Quick scan
Objects scanned: 177737
Time elapsed: 9 minute(s), 32 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


Here is the OTL.txt :

OTL logfile created on: 2/9/2011 2:36:17 PM - Run 1
OTL by OldTimer - Version 3.2.20.6 Folder = C:\Users\Sonny\Desktop
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

2.00 Gb Total Physical Memory | 0.00 Gb Available Physical Memory | 21.00% Memory free
4.00 Gb Paging File | 1.00 Gb Available in Paging File | 28.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 360.84 Gb Total Space | 245.22 Gb Free Space | 67.96% Space Free | Partition Type: NTFS

Computer Name: SONNY-PC | User Name: Sonny | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Sonny\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Users\Sonny\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Program Files\TeamViewer\Version6\TeamViewer.exe (TeamViewer GmbH)
PRC - C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
PRC - c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe (Microsoft Corporation)
PRC - c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe (Google Inc.)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe (Veoh Networks)
PRC - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\TOSHIBA\TECO\TecoService.exe (TOSHIBA Corporation)
PRC - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
PRC - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe (TOSHIBA Corporation)
PRC - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe (TOSHIBA Corporation)
PRC - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe (TOSHIBA CORPORATION)
PRC - C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation)
PRC - C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe (TOSHIBA CORPORATION)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files\TOSHIBA\RSelect\RSelSvc.exe (TOSHIBA Corporation)
PRC - C:\Program Files\LSI SoftModem\agrsmsvc.exe (LSI Corporation)
PRC - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)
PRC - C:\Program Files\TOSHIBA\Utilities\KeNotify.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Program Files\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)


========== Modules (SafeList) ==========

MOD - C:\Users\Sonny\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\sspicli.dll (Microsoft Corporation)
MOD - C:\Windows\System32\sechost.dll (Microsoft Corporation)
MOD - C:\Windows\System32\samcli.dll (Microsoft Corporation)
MOD - C:\Windows\System32\profapi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\netutils.dll (Microsoft Corporation)
MOD - C:\Windows\System32\KernelBase.dll (Microsoft Corporation)
MOD - C:\Windows\System32\dwmapi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\devobj.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cryptbase.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cfgmgr32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (RoxLiveShare9) -- File not found
SRV - (TeamViewer6) -- C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SRV - (NisSrv) -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe (Microsoft Corporation)
SRV - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (TeamViewer5) -- C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (TMachInfo) -- C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe (TOSHIBA Corporation)
SRV - (TOSHIBA eco Utility Service) -- C:\Program Files\TOSHIBA\TECO\TecoService.exe (TOSHIBA Corporation)
SRV - (TPCHSrv) -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe (TOSHIBA Corporation)
SRV - (TosCoSrv) -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
SRV - (TOSHIBA HDD SSD Alert Service) -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe (TOSHIBA Corporation)
SRV - (TODDSrv) -- C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation)
SRV - (cfWiMAXService) -- C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe (TOSHIBA CORPORATION)
SRV - (WwanSvc) -- C:\Windows\System32\wwansvc.dll (Microsoft Corporation)
SRV - (WbioSrvc) -- C:\Windows\System32\wbiosrvc.dll (Microsoft Corporation)
SRV - (Power) -- C:\Windows\System32\umpo.dll (Microsoft Corporation)
SRV - (Themes) -- C:\Windows\System32\themeservice.dll (Microsoft Corporation)
SRV - (sppuinotify) -- C:\Windows\System32\sppuinotify.dll (Microsoft Corporation)
SRV - (RpcEptMapper) -- C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PNRPsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (p2pimsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (HomeGroupProvider) -- C:\Windows\System32\provsvc.dll (Microsoft Corporation)
SRV - (PNRPAutoReg) -- C:\Windows\System32\pnrpauto.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (HomeGroupListener) -- C:\Windows\System32\ListSvc.dll (Microsoft Corporation)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (Dhcp) -- C:\Windows\System32\dhcpcore.dll (Microsoft Corporation)
SRV - (defragsvc) -- C:\Windows\System32\defragsvc.dll (Microsoft Corporation)
SRV - (BDESVC) -- C:\Windows\System32\bdesvc.dll (Microsoft Corporation)
SRV - (AxInstSV) ActiveX Installer (AxInstSV) -- C:\Windows\System32\AxInstSv.dll (Microsoft Corporation)
SRV - (AppIDSvc) -- C:\Windows\System32\appidsvc.dll (Microsoft Corporation)
SRV - (sppsvc) -- C:\Windows\System32\sppsvc.exe (Microsoft Corporation)
SRV - (RSELSVC) -- C:\Program Files\TOSHIBA\RSelect\RSelSvc.exe (TOSHIBA Corporation)
SRV - (GameConsoleService) -- C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe (WildTangent, Inc.)
SRV - (AgereModemAudio) -- C:\Program Files\LSI SoftModem\agrsmsvc.exe (LSI Corporation)
SRV - (vvdsvc) -- C:\Windows\System32\Nagasoft\vjocx.dll (NanJing Nagasoft Co, LTD.)
SRV - (ConfigFree Service) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
SRV - (BcmSqlStartupSvc) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - (catchme) -- File not found
DRV - (MpKsld8341395) -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{A51F61BE-E413-4389-B731-B29482C61421}\MpKsld8341395.sys (Microsoft Corporation)
DRV - (Lavasoft Kernexplorer) -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys ()
DRV - (NisDrv) -- C:\Windows\System32\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV - (MpNWMon) -- C:\Windows\System32\drivers\MpNWMon.sys (Microsoft Corporation)
DRV - (Lbd) -- C:\windows\system32\DRIVERS\Lbd.sys (Lavasoft AB)
DRV - (KSecPkg) -- C:\windows\System32\Drivers\ksecpkg.sys (Microsoft Corporation)
DRV - (igfx) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation)
DRV - (RTL8187B) -- C:\Windows\System32\drivers\RTL8187B.sys (Realtek Semiconductor Corporation )
DRV - (tdcmdpst) -- C:\Windows\System32\drivers\tdcmdpst.sys (TOSHIBA Corporation.)
DRV - (RSUSBSTOR) -- C:\Windows\System32\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (tos_sps32) -- C:\windows\system32\DRIVERS\tos_sps32.sys (TOSHIBA Corporation)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (LSI Corporation)
DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics Incorporated)
DRV - (TVALZ) -- C:\windows\system32\DRIVERS\TVALZ_O.SYS (TOSHIBA Corporation)
DRV - (cmdide) -- C:\windows\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (adpahci) -- C:\windows\system32\DRIVERS\adpahci.sys (Adaptec, Inc.)
DRV - (adp94xx) -- C:\windows\system32\DRIVERS\adp94xx.sys (Adaptec, Inc.)
DRV - (amdsbs) -- C:\windows\system32\DRIVERS\amdsbs.sys (AMD Technologies Inc.)
DRV - (adpu320) -- C:\windows\system32\DRIVERS\adpu320.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\windows\system32\DRIVERS\arcsas.sys (Adaptec, Inc.)
DRV - (amdsata) -- C:\windows\system32\DRIVERS\amdsata.sys (Advanced Micro Devices)
DRV - (arc) -- C:\windows\system32\DRIVERS\arc.sys (Adaptec, Inc.)
DRV - (amdxata) -- C:\windows\system32\DRIVERS\amdxata.sys (Advanced Micro Devices)
DRV - (aliide) -- C:\windows\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (nvstor) -- C:\windows\system32\DRIVERS\nvstor.sys (NVIDIA Corporation)
DRV - (nvraid) -- C:\windows\system32\DRIVERS\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\windows\system32\DRIVERS\nfrd960.sys (IBM Corporation)
DRV - (LSI_SAS) -- C:\windows\system32\DRIVERS\lsi_sas.sys (LSI Corporation)
DRV - (iaStorV) -- C:\windows\system32\DRIVERS\iaStorV.sys (Intel Corporation)
DRV - (MegaSR) -- C:\windows\system32\DRIVERS\MegaSR.sys (LSI Corporation, Inc.)
DRV - (LSI_SCSI) -- C:\windows\system32\DRIVERS\lsi_scsi.sys (LSI Corporation)
DRV - (LSI_FC) -- C:\windows\system32\DRIVERS\lsi_fc.sys (LSI Corporation)
DRV - (LSI_SAS2) -- C:\windows\system32\DRIVERS\lsi_sas2.sys (LSI Corporation)
DRV - (iirsp) -- C:\windows\system32\DRIVERS\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (megasas) -- C:\windows\system32\DRIVERS\megasas.sys (LSI Corporation)
DRV - (hwpolicy) -- C:\windows\System32\drivers\hwpolicy.sys (Microsoft Corporation)
DRV - (elxstor) -- C:\windows\system32\DRIVERS\elxstor.sys (Emulex)
DRV - (aic78xx) -- C:\windows\system32\DRIVERS\djsvs.sys (Adaptec, Inc.)
DRV - (HpSAMD) -- C:\windows\system32\DRIVERS\HpSAMD.sys (Hewlett-Packard Company)
DRV - (FsDepends) -- C:\Windows\System32\drivers\fsdepends.sys (Microsoft Corporation)
DRV - (vsmraid) -- C:\windows\system32\DRIVERS\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (vhdmp) -- C:\windows\system32\DRIVERS\vhdmp.sys (Microsoft Corporation)
DRV - (vdrvroot) -- C:\windows\system32\DRIVERS\vdrvroot.sys (Microsoft Corporation)
DRV - (WIMMount) -- C:\Windows\System32\drivers\wimmount.sys (Microsoft Corporation)
DRV - (viaide) -- C:\windows\system32\DRIVERS\viaide.sys (VIA Technologies, Inc.)
DRV - (ql2300) -- C:\windows\system32\DRIVERS\ql2300.sys (QLogic Corporation)
DRV - (rdyboost) -- C:\windows\System32\drivers\rdyboost.sys (Microsoft Corporation)
DRV - (ql40xx) -- C:\windows\system32\DRIVERS\ql40xx.sys (QLogic Corporation)
DRV - (SiSRaid4) -- C:\windows\system32\DRIVERS\sisraid4.sys (Silicon Integrated Systems)
DRV - (pcw) -- C:\windows\System32\drivers\pcw.sys (Microsoft Corporation)
DRV - (SiSRaid2) -- C:\windows\system32\DRIVERS\SiSRaid2.sys (Silicon Integrated Systems Corp.)
DRV - (stexstor) -- C:\windows\system32\DRIVERS\stexstor.sys (Promise Technology)
DRV - (CNG) -- C:\windows\System32\Drivers\cng.sys (Microsoft Corporation)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\windows\System32\Drivers\Brserid.sys (Brother Industries Ltd.)
DRV - (rdpbus) -- C:\windows\system32\DRIVERS\rdpbus.sys (Microsoft Corporation)
DRV - (RDPREFMP) -- C:\Windows\System32\drivers\RDPREFMP.sys (Microsoft Corporation)
DRV - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\System32\drivers\agilevpn.sys (Microsoft Corporation)
DRV - (WfpLwf) -- C:\Windows\System32\drivers\wfplwf.sys (Microsoft Corporation)
DRV - (NdisCap) -- C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation)
DRV - (vwififlt) -- C:\Windows\System32\drivers\vwififlt.sys (Microsoft Corporation)
DRV - (vwifibus) -- C:\windows\System32\drivers\vwifibus.sys (Microsoft Corporation)
DRV - (1394ohci) -- C:\windows\system32\DRIVERS\1394ohci.sys (Microsoft Corporation)
DRV - (UmPass) -- C:\windows\system32\DRIVERS\umpass.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (mshidkmdf) -- C:\windows\System32\drivers\mshidkmdf.sys (Microsoft Corporation)
DRV - (MTConfig) -- C:\windows\system32\DRIVERS\MTConfig.sys (Microsoft Corporation)
DRV - (CompositeBus) -- C:\Windows\System32\drivers\CompositeBus.sys (Microsoft Corporation)
DRV - (AppID) -- C:\windows\system32\drivers\appid.sys (Microsoft Corporation)
DRV - (scfilter) -- C:\Windows\System32\drivers\scfilter.sys (Microsoft Corporation)
DRV - (discache) -- C:\Windows\System32\drivers\discache.sys (Microsoft Corporation)
DRV - (AcpiPmi) -- C:\windows\system32\DRIVERS\acpipmi.sys (Microsoft Corporation)
DRV - (AmdPPM) -- C:\windows\system32\DRIVERS\amdppm.sys (Microsoft Corporation)
DRV - (hcw85cir) -- C:\windows\system32\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (BrUsbMdm) -- C:\windows\System32\Drivers\BrUsbMdm.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\windows\System32\Drivers\BrUsbSer.sys (Brother Industries Ltd.)
DRV - (BrSerWdm) -- C:\windows\System32\Drivers\BrSerWdm.sys (Brother Industries Ltd.)
DRV - (BrFiltLo) -- C:\windows\system32\DRIVERS\BrFiltLo.sys (Brother Industries, Ltd.)
DRV - (BrFiltUp) -- C:\windows\system32\DRIVERS\BrFiltUp.sys (Brother Industries, Ltd.)
DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation)
DRV - (ebdrv) -- C:\windows\system32\DRIVERS\evbdx.sys (Broadcom Corporation)
DRV - (b06bdrv) -- C:\windows\system32\DRIVERS\bxvbdx.sys (Broadcom Corporation)
DRV - (LPCFilter) -- C:\windows\system32\DRIVERS\LPCFilter.sys (COMPAL ELECTRONIC INC.)
DRV - (PGEffect) -- C:\Windows\System32\drivers\PGEffect.sys (TOSHIBA Corporation)
DRV - (TVALZFL) -- C:\Windows\System32\drivers\TVALZFL.sys (TOSHIBA Corporation)
DRV - (iaStor) -- C:\windows\system32\DRIVERS\iaStor.sys (Intel Corporation)
DRV - (RTL8167) -- C:\Windows\System32\drivers\Rt86win7.sys (Realtek )


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain?brand=TSAU&bmod=TSAU
IE - HKLM\..\URLSearchHook: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files\Softonic-Eng7\tbSoft.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTor.dll (Conduit Ltd.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.theage.com.au/
IE - HKCU\..\URLSearchHook: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files\Softonic-Eng7\tbSoft.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTor.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0
FF - prefs.js..extensions.enabledItems: smartwebprinting@hp.com:4.51
FF - prefs.js..extensions.enabledItems: illimitux@illimitux.net:4.0
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.2.5.2
FF - prefs.js..extensions.enabledItems: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}:3.2.5.2

FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2009/12/29 22:44:09 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2010/08/08 15:43:19 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/10/30 18:03:40 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/12/04 18:34:45 | 000,000,000 | ---D | M]

[2010/10/30 18:03:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sonny\AppData\Roaming\Mozilla\Extensions
[2011/02/07 18:01:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sonny\AppData\Roaming\Mozilla\Firefox\Profiles\42tuj77h.default\extensions
[2011/02/07 17:15:01 | 000,000,000 | ---D | M] (uTorrentBar Community Toolbar) -- C:\Users\Sonny\AppData\Roaming\Mozilla\Firefox\Profiles\42tuj77h.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
[2011/02/07 17:15:01 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Sonny\AppData\Roaming\Mozilla\Firefox\Profiles\42tuj77h.default\extensions\engine@conduit.com
[2011/02/07 17:15:01 | 000,000,000 | ---D | M] (Illimitux) -- C:\Users\Sonny\AppData\Roaming\Mozilla\Firefox\Profiles\42tuj77h.default\extensions\illimitux@illimitux.net
[2010/10/30 18:03:38 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2009/12/29 22:44:09 | 000,000,000 | ---D | M] (HP Smart Web Printing) -- C:\PROGRAM FILES\HP\DIGITAL IMAGING\SMART WEB PRINTING\MOZILLAADDON3
[2010/08/08 15:43:19 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAM FILES\REAL\REALPLAYER\BROWSERRECORD

O1 HOSTS File: ([2010/11/28 19:36:49 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - File not found
O2 - BHO: (Softonic-Eng7 Toolbar) - {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files\Softonic-Eng7\tbSoft.dll (Conduit Ltd.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
O2 - BHO: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTor.dll (Conduit Ltd.)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Softonic-Eng7 Toolbar) - {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files\Softonic-Eng7\tbSoft.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTor.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Softonic-Eng7 Toolbar) - {414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3} - C:\Program Files\Softonic-Eng7\tbSoft.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (uTorrentBar Toolbar) - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - C:\Program Files\uTorrentBar\tbuTor.dll (Conduit Ltd.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe (TOSHIBA Electronics, Inc.)
O4 - HKLM..\Run: [KeNotify] C:\Program Files\TOSHIBA\Utilities\KeNotify.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TWebCamera] C:\Program Files\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe (TOSHIBA CORPORATION.)
O4 - HKCU..\Run: [ISUSPM] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\Run: [VeohPlugin] C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe (Veoh Networks)
O4 - HKLM..\RunOnce: [InnoSetupRegFile.0000000001] C:\windows\is-810IS.exe ()
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware (registration)] C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll (Malwarebytes Corporation)
O4 - Startup: C:\Users\Sonny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Users\Sonny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll (Google Inc.)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab (HP Download Manager)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 61.9.133.193 61.9.134.49
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\windows\System32\igfxdev.dll (Intel Corporation)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O30 - LSA: Security Packages - (pku2u) - C:\windows\System32\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/11 08:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/02/08 23:44:13 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Users\Sonny\Desktop\OTL.exe
[2011/02/08 23:35:10 | 000,050,688 | ---- | C] (Atribune.org) -- C:\Users\Sonny\Desktop\ATF-Cleaner.exe
[2011/02/08 13:04:10 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/02/08 12:51:49 | 000,161,792 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe
[2011/02/08 12:51:49 | 000,136,704 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe
[2011/02/08 12:51:49 | 000,031,232 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe
[2011/02/08 12:51:42 | 000,000,000 | ---D | C] -- C:\ComboFix
[2011/02/08 12:51:20 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/02/08 12:51:02 | 000,212,480 | ---- | C] (SteelWerX) -- C:\windows\SWXCACLS.exe
[2011/02/08 12:50:58 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
[2011/02/07 20:57:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2011/02/07 20:57:23 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2011/02/07 20:55:48 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Users\Sonny\Desktop\erunt-setup.exe
[2011/02/07 16:56:20 | 000,000,000 | ---D | C] -- C:\Program Files\Sierra Wireless Inc
[2011/02/07 16:55:33 | 000,000,000 | ---D | C] -- C:\Users\Sonny\AppData\Roaming\Sierra Wireless
[2011/02/07 00:47:36 | 000,000,000 | ---D | C] -- C:\windows\Sun
[2011/01/31 15:31:05 | 000,000,000 | ---D | C] -- C:\Users\Sonny\AppData\Roaming\Mp3tag
[2011/01/31 15:30:46 | 000,000,000 | ---D | C] -- C:\Program Files\Mp3tag
[2011/01/31 14:34:11 | 000,000,000 | ---D | C] -- C:\Users\Sonny\Desktop\Gift
[2011/01/26 21:27:47 | 000,000,000 | ---D | C] -- C:\New folder
[2011/01/26 18:11:38 | 000,000,000 | ---D | C] -- C:\Users\Sonny\Documents\Updater
[2011/01/26 18:08:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe Systems
[2011/01/26 18:03:08 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Adobe PDF
[2011/01/26 18:02:40 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe Systems Shared
[2011/01/26 18:02:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe
[2011/01/26 13:17:35 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2011/01/26 13:16:43 | 000,240,008 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\netio.sys
[2011/01/22 16:11:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Karaoke Anything!
[2011/01/22 16:11:42 | 000,737,280 | ---- | C] (Indigo Rose Corporation) -- C:\windows\iun6002.exe
[2011/01/22 16:11:22 | 000,000,000 | ---D | C] -- C:\Program Files\Karaoke Anything!
[2011/01/22 15:40:12 | 000,000,000 | ---D | C] -- C:\Users\Sonny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AnalogX
[2011/01/22 15:40:11 | 000,000,000 | ---D | C] -- C:\Program Files\Plugins
[2011/01/22 15:38:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Winamp
[2011/01/22 15:38:49 | 000,000,000 | ---D | C] -- C:\Users\Sonny\AppData\Roaming\Winamp
[2011/01/22 15:38:49 | 000,000,000 | ---D | C] -- C:\Program Files\Winamp
[2011/01/19 14:47:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony
[2011/01/19 14:40:22 | 000,000,000 | ---D | C] -- C:\Users\Sonny\AppData\Local\Sony
[2011/01/19 14:38:30 | 000,000,000 | ---D | C] -- C:\Program Files\Sony
[2011/01/19 11:41:03 | 000,000,000 | ---D | C] -- C:\Users\Sonny\AppData\Roaming\PhotoScape
[2011/01/19 11:30:05 | 000,000,000 | ---D | C] -- C:\Program Files\PhotoScape
[2011/01/17 22:46:11 | 000,000,000 | ---D | C] -- C:\Users\Sonny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ProcessText Group
[2011/01/17 22:46:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ProcessText Group
[2011/01/17 22:46:00 | 000,000,000 | ---D | C] -- C:\Program Files\ABC Amber BlackBerry Converter
[2011/01/17 15:04:26 | 000,000,000 | ---D | C] -- C:\Program Files\ConduitEngine
[2011/01/17 15:04:22 | 000,000,000 | ---D | C] -- C:\Program Files\uTorrentBar
[2011/01/17 02:37:32 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\tzres.dll
[2011/01/17 02:37:22 | 000,606,208 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mstime.dll
[2011/01/17 02:37:18 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msfeeds.dll
[2011/01/17 02:37:18 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iedkcs32.dll
[2011/01/17 02:37:17 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mshtml.tlb
[2011/01/17 02:37:17 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\html.iec
[2011/01/17 02:37:17 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iepeers.dll
[2011/01/17 02:37:17 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieui.dll
[2011/01/17 02:37:17 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msfeedsbs.dll
[2011/01/17 02:37:17 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\jsproxy.dll
[2011/01/17 02:37:17 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\licmgr10.dll
[2011/01/17 02:37:17 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msfeedssync.exe
[2011/01/17 02:37:16 | 000,573,440 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\odbc32.dll
[2011/01/17 02:37:13 | 000,496,128 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\taskschd.dll
[2011/01/17 02:37:13 | 000,351,232 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wmicmiplugin.dll
[2011/01/17 02:37:13 | 000,305,152 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\taskcomp.dll
[2011/01/17 02:37:12 | 000,179,712 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\schtasks.exe
[2011/01/17 02:37:10 | 000,294,400 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\System32\atmfd.dll
[2011/01/17 02:37:10 | 000,101,760 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\consent.exe
[2011/01/17 02:37:10 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\windows\System32\atmlib.dll
[2011/01/17 02:37:09 | 000,314,368 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\webio.dll
[2011/01/17 02:37:07 | 002,327,552 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\win32k.sys

========== Files - Modified Within 30 Days ==========

[2011/02/09 14:33:25 | 000,709,456 | ---- | M] () -- C:\windows\is-810IS.exe
[2011/02/09 14:33:25 | 000,010,562 | ---- | M] () -- C:\windows\is-810IS.msg
[2011/02/09 14:33:25 | 000,000,361 | ---- | M] () -- C:\windows\is-810IS.lst
[2011/02/09 14:00:01 | 000,000,886 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/02/09 13:45:01 | 000,000,908 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-821897740-3954700717-3476648037-1005UA.job
[2011/02/09 11:09:07 | 000,000,882 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/02/09 10:45:00 | 000,000,856 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-821897740-3954700717-3476648037-1005Core.job
[2011/02/08 23:44:29 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\Sonny\Desktop\OTL.exe
[2011/02/08 23:35:25 | 000,050,688 | ---- | M] (Atribune.org) -- C:\Users\Sonny\Desktop\ATF-Cleaner.exe
[2011/02/08 12:50:33 | 004,264,891 | R--- | M] () -- C:\Users\Sonny\Desktop\ComboFix.exe
[2011/02/08 12:33:47 | 000,016,304 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/02/08 12:33:47 | 000,016,304 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/02/08 12:25:45 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2011/02/08 12:25:39 | 1504,342,016 | -HS- | M] () -- C:\hiberfil.sys
[2011/02/08 12:22:05 | 001,246,371 | ---- | M] () -- C:\Users\Sonny\Desktop\tdsskiller.zip
[2011/02/07 22:31:27 | 281,783,643 | ---- | M] () -- C:\windows\MEMORY.DMP
[2011/02/07 21:10:00 | 000,005,216 | ---- | M] () -- C:\Users\Sonny\Desktop\Attach.zip
[2011/02/07 20:58:43 | 000,624,128 | ---- | M] () -- C:\Users\Sonny\Desktop\dds.scr
[2011/02/07 20:57:25 | 000,000,938 | ---- | M] () -- C:\Users\Sonny\Desktop\NTREGOPT.lnk
[2011/02/07 20:57:24 | 000,000,919 | ---- | M] () -- C:\Users\Sonny\Desktop\ERUNT.lnk
[2011/02/07 20:56:06 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Users\Sonny\Desktop\erunt-setup.exe
[2011/02/06 18:55:54 | 000,719,440 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2011/02/06 18:55:54 | 000,152,136 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2011/02/04 23:46:00 | 000,002,409 | ---- | M] () -- C:\Users\Sonny\Desktop\Google Chrome.lnk
[2011/02/01 23:53:56 | 000,000,882 | ---- | M] () -- C:\Users\Sonny\Desktop\Downloads - Shortcut.lnk
[2011/01/31 15:30:52 | 000,000,948 | ---- | M] () -- C:\Users\Public\Desktop\Mp3tag.lnk
[2011/01/27 03:17:46 | 000,457,952 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
[2011/01/26 18:03:21 | 000,001,350 | ---- | M] () -- C:\Users\Sonny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk
[2011/01/26 13:20:33 | 000,001,945 | ---- | M] () -- C:\windows\epplauncher.mif
[2011/01/22 16:10:51 | 000,737,280 | ---- | M] (Indigo Rose Corporation) -- C:\windows\iun6002.exe
[2011/01/22 15:38:54 | 000,000,948 | ---- | M] () -- C:\Users\Public\Desktop\Winamp.lnk
[2011/01/22 13:02:03 | 000,001,059 | ---- | M] () -- C:\Users\Public\Desktop\TeamViewer 6.lnk
[2011/01/19 14:58:00 | 000,001,008 | ---- | M] () -- C:\Users\Sonny\Desktop\Virtual DJ Pro.lnk
[2011/01/19 11:30:40 | 000,001,000 | ---- | M] () -- C:\Users\Sonny\Desktop\PhotoScape.lnk
[2011/01/19 11:19:55 | 000,014,848 | ---- | M] () -- C:\Users\Sonny\Documents\Backup-(2011-01-19).ipd
[2011/01/17 22:46:11 | 000,001,076 | ---- | M] () -- C:\Users\Sonny\Desktop\ABC Amber BlackBerry Converter.lnk

========== Files Created - No Company Name ==========

[2011/02/09 14:33:25 | 000,709,456 | ---- | C] () -- C:\windows\is-810IS.exe
[2011/02/09 14:33:25 | 000,010,562 | ---- | C] () -- C:\windows\is-810IS.msg
[2011/02/09 14:33:25 | 000,000,361 | ---- | C] () -- C:\windows\is-810IS.lst
[2011/02/08 12:51:49 | 000,256,512 | ---- | C] () -- C:\windows\PEV.exe
[2011/02/08 12:51:49 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
[2011/02/08 12:51:49 | 000,089,088 | ---- | C] () -- C:\windows\MBR.exe
[2011/02/08 12:51:49 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
[2011/02/08 12:51:49 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
[2011/02/08 12:50:33 | 004,264,891 | R--- | C] () -- C:\Users\Sonny\Desktop\ComboFix.exe
[2011/02/08 12:21:56 | 001,246,371 | ---- | C] () -- C:\Users\Sonny\Desktop\tdsskiller.zip
[2011/02/07 21:10:00 | 000,005,216 | ---- | C] () -- C:\Users\Sonny\Desktop\Attach.zip
[2011/02/07 20:58:29 | 000,624,128 | ---- | C] () -- C:\Users\Sonny\Desktop\dds.scr
[2011/02/07 20:57:25 | 000,000,938 | ---- | C] () -- C:\Users\Sonny\Desktop\NTREGOPT.lnk
[2011/02/07 20:57:24 | 000,000,919 | ---- | C] () -- C:\Users\Sonny\Desktop\ERUNT.lnk
[2011/02/01 23:53:56 | 000,000,882 | ---- | C] () -- C:\Users\Sonny\Desktop\Downloads - Shortcut.lnk
[2011/01/31 15:30:52 | 000,000,948 | ---- | C] () -- C:\Users\Public\Desktop\Mp3tag.lnk
[2011/01/26 18:05:23 | 000,002,066 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help Center.lnk
[2011/01/26 18:03:21 | 000,001,350 | ---- | C] () -- C:\Users\Sonny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk
[2011/01/26 18:02:36 | 000,002,048 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge.lnk
[2011/01/26 18:01:17 | 000,002,026 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS2.lnk
[2011/01/26 18:01:17 | 000,002,023 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ImageReady CS2.lnk
[2011/01/26 13:20:33 | 000,001,945 | ---- | C] () -- C:\windows\epplauncher.mif
[2011/01/22 15:38:54 | 000,000,948 | ---- | C] () -- C:\Users\Public\Desktop\Winamp.lnk
[2011/01/22 13:02:03 | 000,001,071 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 6.lnk
[2011/01/22 13:02:02 | 000,001,059 | ---- | C] () -- C:\Users\Public\Desktop\TeamViewer 6.lnk
[2011/01/19 14:58:00 | 000,001,008 | ---- | C] () -- C:\Users\Sonny\Desktop\Virtual DJ Pro.lnk
[2011/01/19 11:30:40 | 000,001,000 | ---- | C] () -- C:\Users\Sonny\Desktop\PhotoScape.lnk
[2011/01/19 11:19:55 | 000,014,848 | ---- | C] () -- C:\Users\Sonny\Documents\Backup-(2011-01-19).ipd
[2011/01/17 22:46:11 | 000,001,076 | ---- | C] () -- C:\Users\Sonny\Desktop\ABC Amber BlackBerry Converter.lnk
[2010/10/31 15:36:56 | 000,003,584 | ---- | C] () -- C:\Users\Sonny\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/06/28 00:48:02 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/06/23 23:57:57 | 000,168,448 | ---- | C] () -- C:\windows\System32\unrar.dll
[2009/12/29 22:38:50 | 000,000,808 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2009/11/17 13:12:50 | 000,000,000 | ---- | C] () -- C:\windows\NDSTray.INI
[2009/11/17 12:55:39 | 000,073,728 | ---- | C] () -- C:\windows\System32\RtNicProp32.dll
[2009/11/17 12:46:32 | 000,045,056 | ---- | C] () -- C:\windows\System32\HWS_Ctrl.dll
[2009/07/14 10:51:43 | 000,073,728 | ---- | C] () -- C:\windows\System32\BthpanContextHandler.dll
[2009/07/14 10:42:10 | 000,064,000 | ---- | C] () -- C:\windows\System32\BWContextHandler.dll
[2009/04/28 23:37:00 | 000,028,672 | ---- | C] () -- C:\windows\System32\SPCtl.dll

========== LOP Check ==========

[2011/02/07 17:15:03 | 000,000,000 | ---D | M] -- C:\Users\Sonny\AppData\Roaming\ARGELA
[2011/02/07 17:15:01 | 000,000,000 | ---D | M] -- C:\Users\Sonny\AppData\Roaming\Mp3tag
[2010/04/15 23:23:18 | 000,000,000 | ---D | M] -- C:\Users\Sonny\AppData\Roaming\OpenOffice.org
[2011/02/07 17:15:01 | 000,000,000 | ---D | M] -- C:\Users\Sonny\AppData\Roaming\PhotoScape
[2010/03/23 21:56:00 | 000,000,000 | ---D | M] -- C:\Users\Sonny\AppData\Roaming\Research In Motion
[2010/10/31 15:45:44 | 000,000,000 | ---D | M] -- C:\Users\Sonny\AppData\Roaming\Shareaza
[2009/12/24 14:52:41 | 000,000,000 | ---D | M] -- C:\Users\Sonny\AppData\Roaming\SharePod
[2011/02/07 16:55:33 | 000,000,000 | ---D | M] -- C:\Users\Sonny\AppData\Roaming\Sierra Wireless
[2010/11/04 19:15:49 | 000,000,000 | ---D | M] -- C:\Users\Sonny\AppData\Roaming\StreamTorrent
[2011/02/07 17:15:01 | 000,000,000 | ---D | M] -- C:\Users\Sonny\AppData\Roaming\TeamViewer
[2009/12/25 01:04:15 | 000,000,000 | ---D | M] -- C:\Users\Sonny\AppData\Roaming\Toshiba
[2010/01/06 17:45:18 | 000,000,000 | ---D | M] -- C:\Users\Sonny\AppData\Roaming\Ulead Systems
[2011/02/07 17:15:01 | 000,000,000 | ---D | M] -- C:\Users\Sonny\AppData\Roaming\uTorrent
[2011/02/07 20:25:39 | 000,021,782 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 16 bytes -> C:\Users\Sonny\Downloads:Shareaza.GUID

< End of report >
sunny01au
2011-02-09, 05:42
Hi,

Here is the extras.txt log :

OTL Extras logfile created on: 2/9/2011 2:36:18 PM - Run 1
OTL by OldTimer - Version 3.2.20.6 Folder = C:\Users\Sonny\Desktop
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

2.00 Gb Total Physical Memory | 0.00 Gb Available Physical Memory | 21.00% Memory free
4.00 Gb Paging File | 1.00 Gb Available in Paging File | 28.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 360.84 Gb Total Space | 245.22 Gb Free Space | 67.96% Space Free | Partition Type: NTFS

Computer Name: SONNY-PC | User Name: Sonny | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{008D69EB-70FF-46AB-9C75-924620DF191A}" = TOSHIBA Speech System SR Engine(U.S.) Version1.0
"{0DEF8C02-2EAB-4BFE-A7E0-7990665DF1A9}" = C6100
"{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}" = Status
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{0FB630AB-7BD8-40AE-B223-60397D57C3C9}" = Realtek WLAN Driver
"{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{17016DA1-F040-4032-BD36-34DD317BC9D5}" = HP Photosmart All-In-One Driver Software 13.0 Rel. A
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}" = TrayApp
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{23C12370-3A82-4558-B727-F345B473AD87}" = BlackBerry Device Software Updater
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java(TM) 6 Update 22
"{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2A7EF808-14F3-4E93-BE3A-1675EE5332A4}" = AIO_CDA_ProductContext
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
"{2CE5A2E7-3437-4CE7-BCF4-85ED6EEFF9E4}" = iTunes
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2FF8C687-DB7D-4adc-A5DC-57983EC25046}" = DeviceDiscovery
"{342126B2-10D5-409E-884B-245347A497E1}" = TOSHIBA Bulletin Board
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C92B2E6-380D-4fef-B4DF-4A3B4B669771}" = Copy
"{3EDE8B6E-FC21-48E7-A1A7-D2AC5D1F3040}" = BlackBerry Desktop Software 4.6
"{3FBF6F99-8EC6-41B4-8527-0A32241B5496}" = TOSHIBA Speech System TTS Engine(U.S.) Version1.0
"{42451051-52B5-4D74-920A-BB49861D7253}" = TOSHIBA ReelTime
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4BD5B5D2-406D-4bc5-BB10-2F0D1D367C95}" = c6100_Help
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{50F68032-B5B7-4513-9116-C978DBD8F27A}" = DVD MovieFactory for TOSHIBA
"{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password
"{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"{53536479-DFB0-47ED-9D10-43F3708C222D}" = TOSHIBA eco Utility
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{56B4002F-671C-49F4-984C-C760FE3806B5}" = Microsoft SQL Server VSS Writer
"{5A447CFB-B64E-4D3C-9744-2EA44EFB8F97}" = BlackBerry Device Software Updater
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{5E6F6CF3-BACC-4144-868C-E14622C658F3}" = TOSHIBA Web Camera Application
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
"{6DEF11C0-35FF-4160-A543-FDD336C4DAE5}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{75247E38-5C9B-45D6-ADF8-E11CB56B4990}" = Network
"{774088D4-0777-4D78-904D-E435B318F5D2}" = Microsoft Antimalware
"{77A776C4-D10F-416D-88F0-53F2D9DCD9B3}" = Microsoft Security Client
"{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{870815CA-6B60-47B6-88DD-A67F42D2F03E}" = GPL MPEG-1/2 DirectShow Decoder Filter
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{89F7D66C-777D-473B-AA11-319C0F190EAC}" = TOSHIBA Internal Modem Region Select Utility
"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROHYBRIDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROHYBRIDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}" = TOSHIBA PC Health Monitor
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A7AEE29F-839E-46B5-B347-6D430618129F}" = AIO_CDA_Software
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.1
"{B32C4059-6E7A-41EF-AD20-56DF1872B923}" = Business Contact Manager for Outlook 2007 SP2
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Media Creator
"{B74D4E10-1033-0000-0000-000000000001}" = Adobe Bridge 1.0
"{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}" = Microsoft SQL Server Native Client
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C730E42C-935A-45BB-A0C5-37E5234D111B}" = TOSHIBA Face Recognition
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}" = Apple Mobile Device Support
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240BD}" = WinZip 14.5
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
"{D86B0E2E-DF9A-441C-AF77-8D1A0FF00FA6}" = AIO_Scan
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{DC635845-46D3-404B-BCB1-FC4A91091AFA}" = SmartWebPrinting
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
"{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}" = TOSHIBA SD Memory Utilities
"{EE033C1F-443E-41EC-A0E2-559B539A4E4D}" = TOSHIBA Speech System Applications
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F13E913F-69F4-45DC-9DEE-5E95F3B1BE41}" = BlackBerry Device Software v4.6.0 for the BlackBerry 9000 smartphone
"{F2004B8D-7791-4B35-A3FA-D8CA8BB4DD81}" = Direct DiscRecorder
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F3529665-D75E-4D6D-98F0-745C78C68E9B}" = TOSHIBA ConfigFree
"{F44DA61E-720D-4E79-871F-F6E628B33242}" = OpenOffice.org 3.0
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
"ABC Amber BlackBerry Converter" = ABC Amber BlackBerry Converter
"Ad-Aware" = Ad-Aware
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"AnalogX Vocal Remover (WinAmp)" = AnalogX Vocal Remover (WinAmp)
"BlackBerry_{3EDE8B6E-FC21-48E7-A1A7-D2AC5D1F3040}" = BlackBerry Desktop Software 4.6
"Business Contact Manager" = Business Contact Manager for Outlook 2007 SP2
"conduitEngine" = Conduit Engine
"DivX Setup.divx.com" = DivX Setup
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ERUNT_is1" = ERUNT 1.1j
"ESET Online Scanner" = ESET Online Scanner v3
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Photosmart Essential" = HP Photosmart Essential 3.5
"HP Smart Web Printing" = HP Smart Web Printing 4.51
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"HPOCR" = OCR Software by I.R.I.S. 13.0
"InstallShield_{342126B2-10D5-409E-884B-245347A497E1}" = TOSHIBA Bulletin Board
"InstallShield_{42451051-52B5-4D74-920A-BB49861D7253}" = TOSHIBA ReelTime
"InstallShield_{50F68032-B5B7-4513-9116-C978DBD8F27A}" = DVD MovieFactory for TOSHIBA
"InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password
"InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"InstallShield_{53536479-DFB0-47ED-9D10-43F3708C222D}" = TOSHIBA eco Utility
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"InstallShield_{89F7D66C-777D-473B-AA11-319C0F190EAC}" = TOSHIBA Internal Modem Region Select Utility
"InstallShield_{C730E42C-935A-45BB-A0C5-37E5234D111B}" = TOSHIBA Face Recognition
"InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"InstallShield_{F2004B8D-7791-4B35-A3FA-D8CA8BB4DD81}" = Direct DiscRecorder
"InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"Karaoke Anything!1.0" = Karaoke Anything!
"KLiteCodecPack_is1" = K-Lite Codec Pack 4.8.0 (Full)
"LTMOH" = LSI V92 MOH Application
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft Security Client" = Microsoft Security Essentials
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Firefox (3.6.12)" = Mozilla Firefox (3.6.12)
"Mp3tag" = Mp3tag v2.48
"pdfsam" = pdfsam
"PhotoScape" = PhotoScape
"PROHYBRIDR" = 2007 Microsoft Office system
"RealPlayer 6.0" = RealPlayer
"Shop for HP Supplies" = Shop for HP Supplies
"Softonic-Eng7 Toolbar" = Softonic-Eng7 Toolbar
"SopCast" = SopCast 3.0.3
"ST6UNST #1" = Hazard Perception Test Demo
"StreamTorrent 1.0" = StreamTorrent 1.0
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TeamViewer 5" = TeamViewer 5
"TeamViewer 6" = TeamViewer 6
"uTorrent" = µTorrent
"uTorrentBar Toolbar" = uTorrentBar Toolbar
"Virtual DJ - Atomix Productions" = Virtual DJ - Atomix Productions
"Virtual DJ Pro Full - Atomix Productions" = Virtual DJ Pro Full - Atomix Productions
"VJOcx2.0" = VJOcx2.0
"WildTangent toshiba Master Uninstall" = WildTangent Games
"WinAce Archiver" = WinAce Archiver
"Winamp" = Winamp
"WinLiveSuite_Wave3" = Windows Live Essentials

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.9.2

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2/6/2011 7:49:29 PM | Computer Name = Sonny-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2223529

Error - 2/6/2011 7:49:29 PM | Computer Name = Sonny-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2223529

Error - 2/6/2011 7:49:30 PM | Computer Name = Sonny-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 2/6/2011 7:49:30 PM | Computer Name = Sonny-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2224699

Error - 2/6/2011 7:49:30 PM | Computer Name = Sonny-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2224699

Error - 2/6/2011 7:49:31 PM | Computer Name = Sonny-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 2/6/2011 7:49:31 PM | Computer Name = Sonny-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2225853

Error - 2/6/2011 7:49:31 PM | Computer Name = Sonny-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2225853

Error - 2/6/2011 7:49:33 PM | Computer Name = Sonny-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 2/6/2011 7:49:33 PM | Computer Name = Sonny-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2227008

[ Media Center Events ]
Error - 2/18/2010 12:20:01 PM | Computer Name = Sonny-PC | Source = MCUpdate | ID = 0
Description = 3:20:01 AM - Error connecting to the internet. 3:20:01 AM - Unable
to contact server..

Error - 2/18/2010 12:20:08 PM | Computer Name = Sonny-PC | Source = MCUpdate | ID = 0
Description = 3:20:06 AM - Error connecting to the internet. 3:20:06 AM - Unable
to contact server..

Error - 2/19/2010 12:04:53 PM | Computer Name = Sonny-PC | Source = MCUpdate | ID = 0
Description = 3:04:53 AM - Error connecting to the internet. 3:04:53 AM - Unable
to contact server..

Error - 2/19/2010 12:04:59 PM | Computer Name = Sonny-PC | Source = MCUpdate | ID = 0
Description = 3:04:58 AM - Error connecting to the internet. 3:04:58 AM - Unable
to contact server..

Error - 2/20/2010 12:11:09 PM | Computer Name = Sonny-PC | Source = MCUpdate | ID = 0
Description = 3:11:09 AM - Error connecting to the internet. 3:11:09 AM - Unable
to contact server..

Error - 2/20/2010 12:11:15 PM | Computer Name = Sonny-PC | Source = MCUpdate | ID = 0
Description = 3:11:14 AM - Error connecting to the internet. 3:11:14 AM - Unable
to contact server..

Error - 3/5/2010 10:46:50 AM | Computer Name = Sonny-PC | Source = MCUpdate | ID = 0
Description = 1:46:50 AM - Error connecting to the internet. 1:46:50 AM - Unable
to contact server..

Error - 3/5/2010 10:47:00 AM | Computer Name = Sonny-PC | Source = MCUpdate | ID = 0
Description = 1:46:55 AM - Error connecting to the internet. 1:46:55 AM - Unable
to contact server..

Error - 3/5/2010 11:47:05 AM | Computer Name = Sonny-PC | Source = MCUpdate | ID = 0
Description = 2:47:05 AM - Error connecting to the internet. 2:47:05 AM - Unable
to contact server..

Error - 3/5/2010 11:47:14 AM | Computer Name = Sonny-PC | Source = MCUpdate | ID = 0
Description = 2:47:11 AM - Error connecting to the internet. 2:47:11 AM - Unable
to contact server..

[ OSession Events ]
Error - 1/17/2010 3:39:16 PM | Computer Name = Sonny-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6425.1000, Microsoft Office Version: 12.0.6425.1000. This session
lasted 23791 seconds with 1200 seconds of active time. This session ended with
a crash.

Error - 1/17/2010 3:56:24 PM | Computer Name = Sonny-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6425.1000, Microsoft Office Version: 12.0.6425.1000. This session
lasted 996 seconds with 600 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 9/25/2010 9:36:47 AM | Computer Name = Sonny-PC | Source = Service Control Manager | ID = 7031
Description = The Apple Mobile Device service terminated unexpectedly. It has done
this 2 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.

Error - 9/25/2010 9:37:47 AM | Computer Name = Sonny-PC | Source = Service Control Manager | ID = 7032
Description = The Service Control Manager tried to take a corrective action (Restart
the service) after the unexpected termination of the Apple Mobile Device service,
but this action failed with the following error: %%1056

Error - 9/27/2010 4:06:30 AM | Computer Name = Sonny-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR2.

Error - 9/27/2010 4:06:31 AM | Computer Name = Sonny-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR2.

Error - 9/27/2010 4:06:31 AM | Computer Name = Sonny-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR2.

Error - 9/27/2010 4:28:18 AM | Computer Name = Sonny-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR4.

Error - 9/27/2010 4:28:18 AM | Computer Name = Sonny-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR4.

Error - 9/27/2010 4:28:19 AM | Computer Name = Sonny-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR4.

Error - 4/10/2008 11:29:51 AM | Computer Name = Sonny-PC | Source = volsnap | ID = 393245
Description = The shadow copies of volume C: were aborted during detection.

Error - 4/10/2008 11:30:15 AM | Computer Name = Sonny-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 10:32:13 PM on ?11/?10/?2010 was unexpected.


< End of report >
ken545
2011-02-09, 11:30
Hi,

Delete this folder
C:\32788R22FWJFW

Looks like you still have file sharing programs installed. Just so you know if you get infected again in the future and post back help will not be offered.

Logs look ok, lets sweep for leftovers

Please do a scan with Kaspersky Online Scanner (http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html) or from Here. (http://www.kaspersky.com/virusscanner)

Click on the Accept button and install any components it needs.
The program will install and then begin downloading the latest definition files.
After the files have been downloaded on the left side of the page in the Scan section select My Computer.
This will start the program and scan your system.
The scan will take a while, so be patient and let it run. (At times it may appear to stall)
Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.

Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.


Once the scan is complete, click on View scan report To obtain the report:
Click on: Save Report As
Next, in the Save as prompt, Save in area, select: Desktop
In the File name area, use KScan, or something similar In Save as type, click the drop arrow and select: Text file [*.txt]
Then, click: Save
Please post the Kaspersky Online Scanner Report in your reply.



http://i275.photobucket.com/albums/jj285/Bleeping/KAS/KAS9.gif
sunny01au
2011-02-09, 13:41
Hi,

I have deleted that folder but when I try to run Kaspersky it starts updating database and then gives me error

" The program is starting. Please wait...
Updates source is selected: http://www.kaspersky.com
File download: packages/kos-extras.jar
The program is started.

Updating the anti-virus database. Please wait...

Update has failed The program could not be started. Please close the window of Kaspersky Online Scanner 7.0 and start the program again from the web site of Kaspersky Lab. Successful updating of Kaspersky Online Scanner 7.0 and scanning of your computer requires uninterrupted Internet connection. Please make sure that the Internet connection is established. [ERROR: License has expired]" ????

I don't have any issues with my internet connection and have disabled anti virus as well.
ken545
2011-02-09, 14:09
Try this one in lew of Kaspersky


ESET Online Scanner
I'd like us to scan your machine with ESET OnlineScan

*Note
It is recommended to disable onboard antivirus program and antispyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your antivirus along with your antispyware programs.



Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan (http://eset.com/onlinescan)
Click the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetOnline.png button.
For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
Click on http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetSmartInstall.png to download the ESET Smart Installer. Save it to your desktop.
Double click on the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetSmartInstallDesktopIcon.png icon on your desktop.

Check http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetAcceptTerms.png
Click the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetStart.png button.
Accept any security warnings from your browser.
Check http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetScanArchives.png
Make sure that the option "Remove found threats" is Unchecked
Push the Start button.
ESET will then download updates for itself, install itself, and begin
scanning your computer. Please be patient as this can take some time.
When the scan completes, push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetListThreats.png
Push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetExport.png, and save the file to your desktop using a unique name, such as
ESETScan. Include the contents of this report in your next reply.
Push the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetBack.png button.
Push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetFinish.png
Please make sure you include the following items in your next post:
The log that was produced after running ESET Online Scanner.
sunny01au
2011-02-10, 10:32
Hi,

Log as requested:

C:\Users\Sonny\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20\15585d14-16f8d29d probably a variant of Win32/Agent.RPSVWU trojan
C:\Users\Sonny\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45\257a302d-729b0dc9 probably a variant of Win32/Agent.RPSVWU trojan
C:\Users\Sonny\Desktop\Misc\Blink_key_generator_by_FFF.zip Win32/Olmarik.AMN trojan
C:\Users\Sonny\Downloads\WINDOWS_7_X86_OEM.iso a variant of Win32/Keygen.AI application
C:\Users\Sonny\Downloads\Adobe Photoshop CS4 Extended v.11 + Activation\Adobe Photoshop CS4 Extended v.11 + Activation.rar probably a variant of Win32/Injector.BWB trojan
C:\Users\Sonny\Downloads\WinZip Pro v14.5.9 +Serials\winzip145.exe a variant of MSIL/TrojanDropper.Agent.DT trojan
ken545
2011-02-10, 11:41
Run this program please

Download CKScanner (http://downloads.malwareremoval.com/CKScanner.exe)

Important - Save it to your desktop.
Doubleclick CKScanner.exe and click Search For Files.
After a very short time, when the cursor hourglass disappears, click Save List To File.
A message box will verify the file saved.
Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.
sunny01au
2011-02-10, 12:34
hi,

here is the log:

CKScanner - Additional Security Risks - These are not necessarily bad
c:\users\sonny\downloads\photoshop cs2 v9.0 + working keygen\install notes.txt
c:\users\sonny\downloads\photoshop cs2 v9.0 + working keygen\photoshop.cs2.keygen.exe
c:\users\sonny\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\activation read me.html
c:\users\sonny\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\autorun.inf
c:\users\sonny\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\epic_eula.dll
c:\users\sonny\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\how to install.html
c:\users\sonny\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\legalnotices.pdf
c:\users\sonny\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\photoshop at a glance.pdf
c:\users\sonny\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\photoshop new features.pdf
c:\users\sonny\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\read me first.html
c:\users\sonny\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\setup.exe
c:\users\sonny\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\setup.exe.manifest
c:\users\sonny\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\thumbs.db
c:\users\sonny\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\unicows.dll
c:\users\sonny\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\adobe dng converter\adobe dng 3.0 converter read me.pdf
c:\users\sonny\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\adobe dng converter\adobe dng converter.exe
c:\users\sonny\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\adobe(r) photoshop(r) cs2\0x0409.ini
c:\users\sonny\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\adobe(r) photoshop(r) cs2\abcpy.ini
c:\users\sonny\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\adobe(r) photoshop(r) cs2\adobe photoshop cs2.msi
c:\users\sonny\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\adobe(r) photoshop(r) cs2\data1.cab
c:\users\sonny\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\adobe(r) photoshop(r) cs2\instmsia.exe
c:\users\sonny\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\adobe(r) photoshop(r) cs2\instmsiw.exe
c:\users\sonny\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\adobe(r) photoshop(r) cs2\photoshop read me.wri
c:\users\sonny\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\adobe(r) photoshop(r) cs2\setup.exe
c:\users\sonny\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\adobe(r) photoshop(r) cs2\setup.ini
c:\users\sonny\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\adobe(r) photoshop(r) cs2\bridge\adobe bridge 1.0.msi
c:\users\sonny\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\adobe(r) photoshop(r) cs2\commonfilesinstaller\adobe common file installer.msi
c:\users\sonny\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\adobe(r) photoshop(r) cs2\commonfilesinstaller\data1.cab
c:\users\sonny\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\adobe(r) photoshop(r) cs2\help center\adobe help center 1.0.msi
c:\users\sonny\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\adobe(r) photoshop(r) cs2\stock photography\adobe stock photos 1.0.msi
c:\users\sonny\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\autoplay\eularesda_dk.dll
c:\users\sonny\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\autoplay\eularesde_de.dll
c:\users\sonny\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\autoplay\eularesen_gb.dll
c:\users\sonny\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\autoplay\eularesen_us.dll
c:\users\sonny\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\autoplay\eulareses_es.dll
c:\users\sonny\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\autoplay\eularesfi_fi.dll
c:\users\sonny\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\autoplay\eularesfr_fr.dll
c:\users\sonny\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\autoplay\eularesit_it.dll
c:\users\sonny\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\autoplay\eularesja_jp.dll
c:\users\sonny\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\autoplay\eularesko_kr.dll
c:\users\sonny\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\autoplay\eularesnl_nl.dll
c:\users\sonny\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\autoplay\eularesno_no.dll
c:\users\sonny\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\autoplay\eularespt_br.dll
c:\users\sonny\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\autoplay\eularessv_se.dll
c:\users\sonny\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\autoplay\eulareszh_cn.dll
c:\users\sonny\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\autoplay\eulareszh_tw.dll
c:\users\sonny\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\autoplay\main.ini
c:\users\sonny\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\autoplay\langdata\da_dk\lang.dat
c:\users\sonny\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\autoplay\langdata\de_de\lang.dat
c:\users\sonny\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\autoplay\langdata\en_gb\lang.dat
c:\users\sonny\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\autoplay\langdata\en_us\lang.dat
c:\users\sonny\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\autoplay\langdata\es_es\lang.dat
c:\users\sonny\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\autoplay\langdata\fi_fi\lang.dat
c:\users\sonny\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\autoplay\langdata\fr_fr\lang.dat
c:\users\sonny\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\autoplay\langdata\it_it\lang.dat
c:\users\sonny\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\autoplay\langdata\ja_jp\lang.dat
c:\users\sonny\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\autoplay\langdata\ko_kr\lang.dat
c:\users\sonny\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\autoplay\langdata\nl_nl\lang.dat
c:\users\sonny\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\autoplay\langdata\no_no\lang.dat
c:\users\sonny\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\autoplay\langdata\pt_br\lang.dat
c:\users\sonny\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\autoplay\langdata\sv_se\lang.dat
c:\users\sonny\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\autoplay\langdata\zh_cn\lang.dat
c:\users\sonny\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\autoplay\langdata\zh_tw\lang.dat
c:\users\sonny\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\autoplay\legal\adobe photoshop cs2\4.0.0\da_dk\license.html
c:\users\sonny\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\autoplay\legal\adobe photoshop cs2\4.0.0\de_de\license.html
c:\users\sonny\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\autoplay\legal\adobe photoshop cs2\4.0.0\en_gb\license.html
c:\users\sonny\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\autoplay\legal\adobe photoshop cs2\4.0.0\en_us\license.html
c:\users\sonny\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\autoplay\legal\adobe photoshop cs2\4.0.0\es_es\license.html
c:\users\sonny\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\autoplay\legal\adobe photoshop cs2\4.0.0\fi_fi\license.html
c:\users\sonny\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\autoplay\legal\adobe photoshop cs2\4.0.0\fr_fr\license.html
c:\users\sonny\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\autoplay\legal\adobe photoshop cs2\4.0.0\it_it\license.html
c:\users\sonny\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\autoplay\legal\adobe photoshop cs2\4.0.0\ja_jp\license.html
c:\users\sonny\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\autoplay\legal\adobe photoshop cs2\4.0.0\ko_kr\license.html
c:\users\sonny\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\autoplay\legal\adobe photoshop cs2\4.0.0\nl_nl\license.html
c:\users\sonny\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\autoplay\legal\adobe photoshop cs2\4.0.0\no_no\license.html
c:\users\sonny\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\autoplay\legal\adobe photoshop cs2\4.0.0\pt_br\license.html
c:\users\sonny\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\autoplay\legal\adobe photoshop cs2\4.0.0\sv_se\license.html
c:\users\sonny\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\autoplay\legal\adobe photoshop cs2\4.0.0\zh_cn\license.html
c:\users\sonny\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\autoplay\legal\adobe photoshop cs2\4.0.0\zh_tw\license.html
c:\users\sonny\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\autoplay\resdata\autoplay_launchicon.ico
c:\users\sonny\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\autoplay\resdata\blank.ico
c:\users\sonny\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\autoplay\resdata\cdicon.ico
c:\users\sonny\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\autoplay\resdata\cs2_autoplayacrobat_n.ico
c:\users\sonny\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\autoplay\resdata\cs2_autoplayacrobat_r.ico
c:\users\sonny\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\autoplay\resdata\cs2_autoplayacrobat_s.ico
c:\users\sonny\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\autoplay\resdata\cs2_autoplayback_md_n.ico
c:\users\sonny\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\autoplay\resdata\cs2_autoplayback_md_r.ico
c:\users\sonny\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\autoplay\resdata\cs2_autoplayback_md_s.ico
c:\users\sonny\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\autoplay\resdata\cs2_autoplaycd_md_n.ico
c:\users\sonny\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\autoplay\resdata\cs2_autoplaycd_md_r.ico
c:\users\sonny\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\autoplay\resdata\cs2_autoplaycd_md_s.ico
c:\users\sonny\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\autoplay\resdata\cs2_autoplaygeneric_n.ico
c:\users\sonny\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\autoplay\resdata\cs2_autoplaygeneric_r.ico
c:\users\sonny\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\autoplay\resdata\cs2_autoplaygeneric_s.ico
c:\users\sonny\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\autoplay\resdata\cs2_autoplaynew_md_n.ico
c:\users\sonny\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\autoplay\resdata\cs2_autoplaynew_md_r.ico
c:\users\sonny\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\autoplay\resdata\cs2_autoplaynew_md_s.ico
c:\users\sonny\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\autoplay\resdata\cs2_autoplayonline_n.ico
c:\users\sonny\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\autoplay\resdata\cs2_autoplayonline_r.ico
c:\users\sonny\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\autoplay\resdata\cs2_autoplayonline_s.ico
c:\users\sonny\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\autoplay\resdata\cs2_autoplayquit_md_n.ico
c:\users\sonny\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\autoplay\resdata\cs2_autoplayquit_md_r.ico
c:\users\sonny\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\autoplay\resdata\cs2_autoplayquit_md_s.ico
c:\users\sonny\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\autoplay\resdata\cs2_autoplayreadme_md_n.ico
c:\users\sonny\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\autoplay\resdata\cs2_autoplayreadme_md_r.ico
c:\users\sonny\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\autoplay\resdata\cs2_autoplayreadme_md_s.ico
c:\users\sonny\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\autoplay\resdata\cs2_autoplaysoundoff_md_n.ico
c:\users\sonny\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\autoplay\resdata\cs2_autoplaysoundoff_md_r.ico
c:\users\sonny\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\autoplay\resdata\cs2_autoplaysoundoff_md_s.ico
c:\users\sonny\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\autoplay\resdata\cs2_autoplaysoundon_md_n.ico
c:\users\sonny\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\autoplay\resdata\cs2_autoplaysoundon_md_r.ico
c:\users\sonny\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\autoplay\resdata\cs2_autoplaysoundon_md_s.ico
c:\users\sonny\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\autoplay\resdata\cs2_autoplaysound_md_n.ico
c:\users\sonny\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\autoplay\resdata\cs2_autoplaytutorial_md_n.ico
c:\users\sonny\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\autoplay\resdata\cs2_autoplaytutorial_md_r.ico
c:\users\sonny\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\autoplay\resdata\cs2_autoplaytutorial_md_s.ico
c:\users\sonny\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\autoplay\resdata\c_autoplaytour_md_n.ico
c:\users\sonny\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\autoplay\resdata\c_autoplaytour_md_r.ico
c:\users\sonny\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\autoplay\resdata\c_autoplaytour_md_s.ico
c:\users\sonny\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\channel mixer presets\channel mixer read me.html
c:\users\sonny\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\channel mixer presets\channel swaps\cmyk rotate channels back.cha
c:\users\sonny\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\channel mixer presets\channel swaps\cmyk rotate channels fore.cha
c:\users\sonny\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\channel mixer presets\channel swaps\cmyk swap cyan&black.cha
c:\users\sonny\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\channel mixer presets\channel swaps\cmyk swap cyan&magenta.cha
c:\users\sonny\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\channel mixer presets\channel swaps\cmyk swap cyan&yellow.cha
c:\users\sonny\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\channel mixer presets\channel swaps\rgb rotate channels.cha
c:\users\sonny\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\channel mixer presets\channel swaps\rgb swap green&blue.cha
c:\users\sonny\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\channel mixer presets\channel swaps\rgb swap red&blue.cha
c:\users\sonny\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\channel mixer presets\channel swaps\rgb swap red&green.cha
c:\users\sonny\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\channel mixer presets\grayscale\cmyk to gray.cha
c:\users\sonny\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\channel mixer presets\grayscale\grayscale blues.cha
c:\users\sonny\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\channel mixer presets\grayscale\grayscale standard.cha
c:\users\sonny\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\channel mixer presets\grayscale\grayscale yellows.cha
c:\users\sonny\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\channel mixer presets\grayscale\grayscale yellows2.cha
c:\users\sonny\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\channel mixer presets\grayscale\rgb inverted grayscale.cha
c:\users\sonny\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\channel mixer presets\special effects\cmyk holiday wrap.cha
c:\users\sonny\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\channel mixer presets\special effects\rgb blacklight.cha
c:\users\sonny\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\channel mixer presets\special effects\rgb blueprint.cha
c:\users\sonny\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\channel mixer presets\special effects\rgb burnt foliage.cha
c:\users\sonny\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\channel mixer presets\special effects\rgb easter colors.cha
c:\users\sonny\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\channel mixer presets\special effects\rgb holiday wrap.cha
c:\users\sonny\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\channel mixer presets\special effects\rgb inverted warm brass.cha
c:\users\sonny\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\channel mixer presets\special effects\rgb over saturate.cha
c:\users\sonny\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\channel mixer presets\special effects\rgb pastels.cha
c:\users\sonny\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\channel mixer presets\special effects\rgb sepiatone subtle color.cha
c:\users\sonny\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\channel mixer presets\special effects\rgb sepiatone subtle color2.cha
c:\users\sonny\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\channel mixer presets\special effects\rgb sepiatone subtle color3.cha
c:\users\sonny\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\channel mixer presets\special effects\rgb warmer.cha
c:\users\sonny\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\channel mixer presets\special effects\yellows&blues (rgb or cmyk).cha
c:\users\sonny\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\channel mixer presets\ycc color\rgb to ycrcb.cha
c:\users\sonny\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\channel mixer presets\ycc color\ycrcb to rgb.cha
c:\users\sonny\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\custom file info panels\file info panels read me.html
c:\users\sonny\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\custom file info panels\xmp custom panels.pdf
c:\users\sonny\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\custom file info panels\sample file info panels\custompanel_allwidgets.txt
c:\users\sonny\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\custom file info panels\sample file info panels\description.txt
c:\users\sonny\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\optional plug-ins\ditherbox\dither box filter.pdf
c:\users\sonny\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\optional plug-ins\ditherbox\ditherbox read me.html
c:\users\sonny\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\optional plug-ins\ditherbox\ditherbx.8bf
c:\users\sonny\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\optional plug-ins\ffactory\ffactory.8bf
c:\users\sonny\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\optional plug-ins\ffactory\ffactory.wri
c:\users\sonny\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\optional plug-ins\ffactory\ffexamp.8bf
c:\users\sonny\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\optional plug-ins\ffactory\ffexamp.afs
c:\users\sonny\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\optional plug-ins\ffactory\fftutor.pdf
c:\users\sonny\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\optional plug-ins\ffactory\filter factory read me.html
c:\users\sonny\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\optional plug-ins\ffactory\filter_factory.pdf
c:\users\sonny\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\optional plug-ins\ffactory\lights.8bf
c:\users\sonny\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\optional plug-ins\ffactory\lights.afs
c:\users\sonny\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\optional plug-ins\ffactory\msvcrt10.dll
c:\users\sonny\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\optional plug-ins\ffactory\transparency examples\edittran.8bf
c:\users\sonny\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\optional plug-ins\ffactory\transparency examples\edittrns.afs
c:\users\sonny\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\optional plug-ins\ffactory\transparency examples\lumopac.8bf
c:\users\sonny\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\optional plug-ins\ffactory\transparency examples\lumopac.afs
c:\users\sonny\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\optional plug-ins\ffactory\transparency examples\opaclum.8bf
c:\users\sonny\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\optional plug-ins\ffactory\transparency examples\opaclum.afs
c:\users\sonny\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\optional plug-ins\ffactory\transparency examples\settrans.8bf
c:\users\sonny\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\optional plug-ins\ffactory\transparency examples\settrans.afs
c:\users\sonny\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\optional plug-ins\ffactory\transparency examples\transparency read me.pdf
c:\users\sonny\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\optional plug-ins\file format\about alias format.html
c:\users\sonny\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\optional plug-ins\file format\about electricimage format.html
c:\users\sonny\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\optional plug-ins\file format\about iff format.html
c:\users\sonny\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\optional plug-ins\file format\about rla format.html
c:\users\sonny\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\optional plug-ins\file format\about sgi rgb format.html
c:\users\sonny\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\optional plug-ins\file format\about softimage format.html
c:\users\sonny\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\optional plug-ins\file format\alias.8bi
c:\users\sonny\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\optional plug-ins\file format\electricimage.8bi
c:\users\sonny\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\optional plug-ins\file format\iff format.8bi
c:\users\sonny\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\optional plug-ins\file format\rla.8bi
c:\users\sonny\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\optional plug-ins\file format\sgirgb.8bi
c:\users\sonny\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\optional plug-ins\file format\softimage.8bi
c:\users\sonny\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\optional plug-ins\filters\3d transform.8bf
c:\users\sonny\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\optional plug-ins\filters\texture fill.8bf
c:\users\sonny\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\optional plug-ins\photoshop only\file formats\file formats read me.html
c:\users\sonny\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\optional plug-ins\photoshop only\file formats\jpeg2000.8bi
c:\users\sonny\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\optional plug-ins\photoshop only\file formats\mac paint.8bi
c:\users\sonny\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\optional plug-ins\photoshop only\file formats\pixpnt8b.8bi
c:\users\sonny\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\optional plug-ins\photoshop only\hsbhsl\hsbhsl read me.html
c:\users\sonny\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\optional plug-ins\photoshop only\hsbhsl\hsbhsl.8bf
c:\users\sonny\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\optional plug-ins\photoshop only\optional extensions\allownetworkscratch_off_d.reg
c:\users\sonny\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\optional plug-ins\photoshop only\optional extensions\allownetworkscratch_on.reg
c:\users\sonny\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\optional plug-ins\photoshop only\optional extensions\allowremovablescrtch_off_d.reg
c:\users\sonny\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\optional plug-ins\photoshop only\optional extensions\allowremovablescrtch_on.reg
c:\users\sonny\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\optional plug-ins\photoshop only\optional extensions\alwaysimportclipbd_off_d.reg
c:\users\sonny\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\optional plug-ins\photoshop only\optional extensions\alwaysimportclipbd_on.reg
c:\users\sonny\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\optional plug-ins\photoshop only\optional extensions\alwaysshowpalettes_off_d.reg
c:\users\sonny\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\optional plug-ins\photoshop only\optional extensions\alwaysshowpalettes_on.reg
c:\users\sonny\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\optional plug-ins\photoshop only\optional extensions\baddriverrgbblitcheck_off.reg
c:\users\sonny\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\optional plug-ins\photoshop only\optional extensions\baddriverrgbblitcheck_on_d.reg
c:\users\sonny\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\optional plug-ins\photoshop only\optional extensions\baddriverstickycrsr_off_d.reg
c:\users\sonny\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\optional plug-ins\photoshop only\optional extensions\baddriverstickycrsr_on.reg
c:\users\sonny\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\optional plug-ins\photoshop only\optional extensions\blitsinglescanlines_off_d.reg
c:\users\sonny\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\optional plug-ins\photoshop only\optional extensions\blitsinglescanlines_on.reg
c:\users\sonny\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\optional plug-ins\photoshop only\optional extensions\brokenlargecursors_off.reg
c:\users\sonny\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\optional plug-ins\photoshop only\optional extensions\brokenlargecursors_on_d.reg
c:\users\sonny\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\optional plug-ins\photoshop only\optional extensions\clipboardsizelimit_off.reg
c:\users\sonny\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\optional plug-ins\photoshop only\optional extensions\clipboardsizelimit_on_d.reg
c:\users\sonny\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\optional plug-ins\photoshop only\optional extensions\disablescratchcmprs_off_d.reg
c:\users\sonny\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\optional plug-ins\photoshop only\optional extensions\disablescratchcmprs_on.reg
c:\users\sonny\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\optional plug-ins\photoshop only\optional extensions\forceprogress_off_d.reg
c:\users\sonny\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\optional plug-ins\photoshop only\optional extensions\forceprogress_on.reg
c:\users\sonny\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\optional plug-ins\photoshop only\optional extensions\forcevmcompression_off_d.reg
c:\users\sonny\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\optional plug-ins\photoshop only\optional extensions\forcevmcompression_on.reg
c:\users\sonny\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\optional plug-ins\photoshop only\optional extensions\ignoreexifsrgb_off_d.reg
c:\users\sonny\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\optional plug-ins\photoshop only\optional extensions\ignoreexifsrgb_on.reg
c:\users\sonny\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\optional plug-ins\photoshop only\optional extensions\optimizeresizedrawing_off.reg
c:\users\sonny\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\optional plug-ins\photoshop only\optional extensions\optimizeresizedrawing_on_d.reg
c:\users\sonny\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\optional plug-ins\photoshop only\optional extensions\printpassthrough_norm_d.reg
c:\users\sonny\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\optional plug-ins\photoshop only\optional extensions\printpassthrough_pass.reg
c:\users\sonny\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\optional plug-ins\photoshop only\optional extensions\printpassthrough_ps_pass.reg
c:\users\sonny\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\optional plug-ins\photoshop only\optional extensions\registry keys read me.html
c:\users\sonny\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\optional plug-ins\photoshop only\optional extensions\rememberslowfiles_off_d.reg
c:\users\sonny\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\optional plug-ins\photoshop only\optional extensions\rememberslowfiles_on.reg
c:\users\sonny\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\optional plug-ins\photoshop only\optional extensions\showwindowsthumbnails_off.reg
c:\users\sonny\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\optional plug-ins\photoshop only\optional extensions\showwindowsthumbnails_on_d.reg
c:\users\sonny\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\optional plug-ins\photoshop only\optional extensions\taskdebugging_off_d.reg
c:\users\sonny\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\optional plug-ins\photoshop only\optional extensions\taskdebugging_on.reg
c:\users\sonny\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\optional plug-ins\photoshop only\optional extensions\unlimitedpreviews_off_d.reg
c:\users\sonny\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\optional plug-ins\photoshop only\optional extensions\unlimitedpreviews_on.reg
c:\users\sonny\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\optional plug-ins\photoshop only\optional extensions\useasyncio_off.reg
c:\users\sonny\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\optional plug-ins\photoshop only\optional extensions\useasyncio_on_d.reg
c:\users\sonny\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\optional plug-ins\photoshop only\optional extensions\useasyncscratch_off_d.reg
c:\users\sonny\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\optional plug-ins\photoshop only\optional extensions\useasyncscratch_on.reg
c:\users\sonny\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\optional plug-ins\photoshop only\optional extensions\warnsaveprefsfailure_off.reg
c:\users\sonny\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\optional plug-ins\photoshop only\optional extensions\warnsaveprefsfailure_on_d.reg
c:\users\sonny\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\textures for lighting effects\adobep8m.md0
c:\users\sonny\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\textures for lighting effects\adobep8p.tb0
c:\users\sonny\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\textures for lighting effects\adobep8t.tb0
c:\users\sonny\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\textures for lighting effects\textures read me.html
c:\users\sonny\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\web photo gallery templates\wpg templates read me.html
c:\users\sonny\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\web photo gallery templates\horizontal blue & gray\caption.htm
c:\users\sonny\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\web photo gallery templates\horizontal blue & gray\frameset.htm
c:\users\sonny\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\web photo gallery templates\horizontal blue & gray\indexpage.htm
c:\users\sonny\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\web photo gallery templates\horizontal blue & gray\subpage.htm
c:\users\sonny\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\web photo gallery templates\horizontal blue & gray\thumbnail.htm
c:\users\sonny\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\web photo gallery templates\horizontal dark\caption.htm
c:\users\sonny\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\web photo gallery templates\horizontal dark\frameset.htm
c:\users\sonny\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\web photo gallery templates\horizontal dark\indexpage.htm
c:\users\sonny\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\web photo gallery templates\horizontal dark\subpage.htm
c:\users\sonny\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\web photo gallery templates\horizontal dark\thumbnail.htm
c:\users\sonny\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\web photo gallery templates\horizontal frame\caption.htm
c:\users\sonny\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\web photo gallery templates\horizontal frame\frameset.htm
c:\users\sonny\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\web photo gallery templates\horizontal frame\indexpage.htm
c:\users\sonny\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\web photo gallery templates\horizontal frame\subpage.htm
c:\users\sonny\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\web photo gallery templates\horizontal frame\thumbnail.htm
c:\users\sonny\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\web photo gallery templates\horizontal light\caption.htm
c:\users\sonny\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\web photo gallery templates\horizontal light\frameset.htm
c:\users\sonny\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\web photo gallery templates\horizontal light\indexpage.htm
c:\users\sonny\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\web photo gallery templates\horizontal light\subpage.htm
c:\users\sonny\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\web photo gallery templates\horizontal light\thumbnail.htm
c:\users\sonny\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\web photo gallery templates\horizontal patterned\caption.htm
c:\users\sonny\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\web photo gallery templates\horizontal patterned\frameset.htm
c:\users\sonny\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\web photo gallery templates\horizontal patterned\indexpage.htm
c:\users\sonny\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\web photo gallery templates\horizontal patterned\subpage.htm
c:\users\sonny\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\web photo gallery templates\horizontal patterned\thumbnail.htm
c:\users\sonny\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\web photo gallery templates\table\caption.htm
c:\users\sonny\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\web photo gallery templates\table\indexpage.htm
c:\users\sonny\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\web photo gallery templates\table\subpage.htm
c:\users\sonny\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\web photo gallery templates\table\thumbnail.htm
c:\users\sonny\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\web photo gallery templates\table - blue\caption.htm
c:\users\sonny\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\web photo gallery templates\table - blue\indexpage.htm
c:\users\sonny\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\web photo gallery templates\table - blue\subpage.htm
c:\users\sonny\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\web photo gallery templates\table - blue\thumbnail.htm
c:\users\sonny\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\web photo gallery templates\vertical frame\caption.htm
c:\users\sonny\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\web photo gallery templates\vertical frame\frameset.htm
c:\users\sonny\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\web photo gallery templates\vertical frame\indexpage.htm
c:\users\sonny\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\web photo gallery templates\vertical frame\subpage.htm
c:\users\sonny\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\web photo gallery templates\vertical frame\thumbnail.htm
c:\users\sonny\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\web photo gallery templates\vertical slide show 1\caption.htm
c:\users\sonny\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\web photo gallery templates\vertical slide show 1\frameset.htm
c:\users\sonny\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\web photo gallery templates\vertical slide show 1\indexpage.htm
c:\users\sonny\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\web photo gallery templates\vertical slide show 1\subpage.htm
c:\users\sonny\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\web photo gallery templates\vertical slide show 1\thumbnail.htm
c:\users\sonny\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\web photo gallery templates\vertical slide show 2\caption.htm
c:\users\sonny\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\web photo gallery templates\vertical slide show 2\frameset.htm
c:\users\sonny\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\web photo gallery templates\vertical slide show 2\indexpage.htm
c:\users\sonny\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\web photo gallery templates\vertical slide show 2\subpage.htm
c:\users\sonny\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\web photo gallery templates\vertical slide show 2\thumbnail.htm
c:\users\sonny\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\help\photoshop help.pdf
c:\users\sonny\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\help\thumbs.db
c:\users\sonny\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\technical information\scripting guide\applescript reference guide.pdf
c:\users\sonny\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\technical information\scripting guide\javascript reference guide.pdf
c:\users\sonny\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\technical information\scripting guide\photoshop scripting guide.pdf
c:\users\sonny\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\technical information\scripting guide\thumbs.db
c:\users\sonny\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\technical information\scripting guide\visualbasic reference guide.pdf
scanner sequence 3.ZZ.11
----- EOF -----
ken545
2011-02-10, 13:54
Hi,

You have an illegal copy of Photoshop, downloading cracked/keygens/warez software, besides it being illegal its one of the fastest ways of infecting your computer.

We do not support the use of illegal stolen software, to help you any further could be construed in the eyes of the law as aiding and abetting a crime.

Further help will cease and this thread will be closed.