Hello my name is Nic. I hope that aside from the log itself that the following bit of info is helpful.

A friend of mine asked for my help in getting their computer cleaned which in turn brings me here after running a spybot scan. I do have the computer in my possession and it is offline. Also I have gone ahead and disabled tea timer as well as backed up the registry with erunt.

In my original spybot scan the following appear as problems:
TinyBar.C
WinSpywareProtect
Smitfraud-c
MyWay.MyWebSearh

I did not try remove anything via spybot. I did however uninstall an application named "ask toolbar" via control panel.



Now for the HiJack This Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:50:07 PM, on 4/7/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=pavilion&pf=laptop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?fr=fptb-hptb2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=pavilion&pf=laptop
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O1 - Hosts: ::1 localhost
O1 - Hosts: 91.212.65.122 browser-security.microsoft.com
O1 - Hosts: 91.212.65.122 spyware-protector-2009.com
O1 - Hosts: 91.212.65.122 www.spyware-protector-2009.com (http://www.spyware-protector-2009.com)
O1 - Hosts: 91.212.65.122 secure.spyware-protector-2009.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {3C883019-CBE3-4AB8-A5D4-A5CBC8728B5F} - (no file)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: {6ee6} - {3d84dfcc-8c92-4833-8eda-567d634c4886} - (no file)
O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [Reminder] C:\Windows\CREATOR\Remind_XP.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - S-1-5-18 Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (User 'Default user')
O4 - .DEFAULT User Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=pavilion&pf=laptop
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5483.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1233453177578
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://65.40.167.144/activex/AxisCamControl.ocx
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://12.107.193.125:8080/activex/AMC.cab
O20 - Winlogon Notify: yayyWNDU - yayyWNDU.dll (file missing)
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 10073 bytes

Thanks in advance to whomever may help.

Welcome to Safer Networking, I wish to be sure you have viewed and understand this information.
"BEFORE you POST" (READ this Procedure before Requesting Assistance) http://forums.spybot.info/showthread.php?t=288
All advice given is taken at your own risk.
Please make sure you have read this information so we are on the same page.

Hi Nic, the junk can be hard to remove, this might take a while.

1) Please DO NOT ENABLE Spybot S&D TeaTimer while we work together.

2) http://siri.geekstogo.com/SmitfraudFix.php <<< download Smitfraudfix from here and follow ONLY these directions.

Search:
Double-click SmitfraudFix.exe
Select 1 and hit Enter to create a report of the infected files. The report can be found at the root of the system drive, usually at C:\rapport.txt

Note: process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool". It is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlogic.org/consulting/processutil/processutil.htm

Post the C:\rapport.txt

3) Post also an uninstall list: Open Hijackthis.
Click the "Open the Misc Tools" section Button.
Click the "Open Uninstall Manager" Button.
Click the "Save list..." Button.
Save it to your desktop. Copy and paste the contents into your reply.
Image: http://img.bleepingcomputer.com/tutorials/hijackthis/uninstall-man.jpg

Thanks...Phil

Phil, first off I'd like to start by thanking you for your help, it is greatly appreciated.


On to business...

I have uploaded the rapport as a .txt file because I wasn't sure if I should copy and paste the file contents.

&

Here is the HiJack This uninstall log:

Adobe Flash Player 10 ActiveX
Adobe Reader 7.0.5
AnswerWorks 5.0 English Runtime
Apple Mobile Device Support
Apple Software Update
AXIS Media Control Embedded
Bonjour
Bowflex i-Trainer
CCleaner (remove only)
Conexant HD Audio
Customer Experience Enhancement
Data Access Objects (DAO) 3.5
DivX
ERUNT 1.1j
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Help and Support
HP Imaging Device Functions 6.0
HP Photosmart Premier Software 6.0
HP PSC & OfficeJet 3.0
HP Quick Launch Buttons 6.10 A2
HP QuickPlay 2.3
HP Rhapsody
HP Update
HP User Guides 0035
HP Wireless Assistant 2.00 G2
Intel(R) Graphics Media Accelerator Driver
Intel(R) PRO Network Connections Drivers
iTunes
J2SE Runtime Environment 5.0 Update 6
Java(TM) 6 Update 13
Macromedia Flash Player 8
Macromedia Shockwave Player
Memories Disc Creator 2.0
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft ActiveSync
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Standard Edition 2003
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
MobileMe Control Panel
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
muvee autoProducer 5.0
NetWaiting
Office 2003 Trial Assistant
Otto
QuickTime
Safari
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Soft Data Fax Modem with SmartCP
Sonic Audio Module
Sonic Copy Module
Sonic Data Module
Sonic Express Labeler
Sonic MyDVD Plus
Sonic Update Manager
SonicAC3Encoder
SonicMPEGEncoder
Spybot - Search & Destroy
Synaptics Pointing Device Driver
TallStick TS-AudioToMIDI 3.20 (remove only)
TourSetup
TurboTax 2008
TurboTax 2008 WinPerFedFormset
TurboTax 2008 WinPerProgramHelp
TurboTax 2008 WinPerReleaseEngine
TurboTax 2008 WinPerTaxSupport
TurboTax 2008 WinPerUserEducation
TurboTax 2008 wrapper
TurboTax 2008 wvaiper
Vongo
Windows Defender
Windows Internet Explorer 7
Windows Live OneCare safety scanner
Windows Media Connect
Windows Media Format Runtime
Windows XP Service Pack 3
WinRAR archiver
Wireless Home Network Setup

One of the reasons I posted this in bold:

Please make sure you have read this information so we are on the same page.
Is so you could read and understand what is expected of you, like this:

All logs should be copy/pasted into topic and not attached unless requested by helper in that format.
I looked at this one to expedite matters, but I do not open files from an infected computer I do not request. Please review the instructions again. Please read and follow all directions carefully.


Thanks for returning your information, Smitfraudfix found the infection and it also found this:
»»»»»»»»»»»»»»»»»»»»»»»» hosts
hosts file corrupted !
After we clean, in the next C:\rapport.txt, there may be a very large hosts file (items starting with 127.0.0.1) and I do not need to see it. Edit (remove) it from the C:\rapport.txt before you post it.

Clean:
Reboot your computer in Safe Mode (before the Windows icon appears, tap the F8 key continually)
Double-click SmitfraudFix.exe
Select 2 and hit Enter to delete infected files.
You will be prompted: Do you want to clean the registry ? answer Y (yes) and hit Enter in order to remove the Desktop background and clean registry keys associated with the infection.
The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found): Replace infected file ? answer Y (yes) and hit Enter to restore a clean file.
A reboot may be needed to finish the cleaning process. The report can be found at the root of the system drive, usually at C:\rapport.txt

Optional:
To restore Trusted and Restricted site zone, select 3 and hit Enter.
You will be prompted: Restore Trusted Zone ? answer Y (yes) and hit Enter to delete trusted zone.
Note, if you use SpywareBlaster and/or IE-SPYAD, it will be necessary to re-install the protection both afford. For SpywareBlaster, run the program and re-protect all items. For IE-SPYAD, run the batch file and reinstall the protection.

Post the C:\rapport.txt and a new HJT log.


This can be done as time permits, but it is important, and may be why you are infected.
Uninstall list: I look for malware and security issues and will not know all of your programs, but you should.
Hackers are using out of date programs to infect folks more and more,
Here is a small free tool that lets you know when something needs an update if you are interested:
http://secunia.com/vulnerability_scanning/personal/ While PSI runs in the System Tray for realtime notifications, I personally prefer to turn it off in MSConfig and run it from All Programs when I want to do a check.


Adobe Flash Player 10 ActiveX
Adobe recommends all users of Adobe Flash Player 10.0.12.36 and earlier versions upgrade to the newest version 10.0.22.87
http://www.adobe.com/support/security/bulletins/apsb09-01.html

Adobe Reader 7.0.5 <<< out of date and unsafe, see this:
http://news.cnet.com/8301-1009_3-10081618-83.html?tag=nl.e433
http://www.filehippo.com/download_adobe_reader/
(if you want a smaller program, look at this one)
Foxit Reader 2.3 for Windows (make sure to uncheck any toolbars)
http://www.foxitsoftware.com/pdf/rd_intro.php

J2SE Runtime Environment 5.0 Update 6 <<< out of date, uninstall:
http://forums.spybot.info/showpost.php?p=12880&postcount=2

Sorry about that misunderstanding. Won't let it happen again! Cleaned files as well as restored trusted zones. Will install updates for programs when the computer is clean enough to go back online.



SmitFrud Report:

SmitFraudFix v2.407

Scan done at 13:53:17.46, Wed 04/08/2009
Run from C:\Documents and Settings\test\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» hosts

::1 localhost
91.212.65.122 spyware-protector-2009.com
91.212.65.122 www.spyware-protector-2009.com (http://www.spyware-protector-2009.com)
91.212.65.122 secure.spyware-protector-2009.com
...

»»»»»»»»»»»»»»»»»»»»»»»» VACFix

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files


»»»»»»»»»»»»»»»»»»»»»»»» IEDFix

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix

Agent.OMZ.Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» 404Fix

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» RK


»»»»»»»»»»»»»»»»»»»»»»»» DNS



»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» RK.2



»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End






HiJack This log after cleaning was done:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:01:05, on 4/8/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=pavilion&pf=laptop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?fr=fptb-hptb2
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=pavilion&pf=laptop
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O1 - Hosts: ::1 localhost
O1 - Hosts: 91.212.65.122 spyware-protector-2009.com
O1 - Hosts: 91.212.65.122 www.spyware-protector-2009.com (http://www.spyware-protector-2009.com)
O1 - Hosts: 91.212.65.122 secure.spyware-protector-2009.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {3C883019-CBE3-4AB8-A5D4-A5CBC8728B5F} - (no file)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: {6ee6} - {3d84dfcc-8c92-4833-8eda-567d634c4886} - (no file)
O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [Reminder] C:\Windows\CREATOR\Remind_XP.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - S-1-5-18 Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (User 'Default user')
O4 - .DEFAULT User Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=pavilion&pf=laptop
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5483.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1233453177578
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://65.40.167.144/activex/AxisCamControl.ocx
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://12.107.193.125:8080/activex/AMC.cab
O20 - Winlogon Notify: yayyWNDU - yayyWNDU.dll (file missing)
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 9710 bytes

Please remove (delete) Smitfraudfix, we are finished with that tool. Let's have combofix take a look for hidden malware.

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own. This tool is not a toy and not for everyday use

Download ComboFix from here:

Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)

* IMPORTANT !!! Save ComboFix.exe to your Desktop

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
See this Link (http://www.bleepingcomputer.com/forums/topic114351.html) for programs that need to be disabled and instruction on how to disable them.
Remember to re-enable them when we're done.


Double click on ComboFix.exe & follow the prompts.

As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


http://i24.photobucket.com/albums/c30/ken545/RcAuto1.gif

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

http://i24.photobucket.com/albums/c30/ken545/whatnext.jpg

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply along with a New Hijackthis log.

*If there is no internet connection when Combofix has completely finished then restart your computer to restore back the connections.

Tutorial if needed
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Thanks

Here is the ComboFix Log:

ComboFix 09-04-04.01 - test 2009-04-08 14:45:49.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.502.139 [GMT -4:00]
Running from: c:\documents and settings\test\Desktop\ComboFix.exe
FW: Norton Internet Worm Protection *disabled*
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\Agent.OMZ.Fix.exe
c:\windows\system32\auvfrtbo.ini
c:\windows\system32\dumphive.exe
c:\windows\system32\IEDFix.exe
c:\windows\system32\moqpWvut.ini
c:\windows\system32\moqpWvut.ini2
c:\windows\system32\ncerjxcb.ini
c:\windows\system32\Process.exe
c:\windows\system32\repebgul.ini
c:\windows\system32\snwktbdh.ini
c:\windows\system32\SrchSTS.exe
c:\windows\system32\tmp.reg
c:\windows\system32\VCCLSID.exe
c:\windows\system32\WS2Fix.exe
c:\windows\Tasks\umohawde.job
D:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2009-03-08 to 2009-04-08 )))))))))))))))))))))))))))))))
.

2009-04-07 23:49 . 2009-04-07 23:49 <DIR> d-------- c:\program files\Trend Micro
2009-04-07 23:38 . 2009-04-07 23:39 <DIR> d-------- c:\program files\ERUNT
2009-04-07 23:34 . 2009-04-08 14:05 <DIR> d-------- c:\documents and settings\test\Application Data\U3
2009-04-07 21:47 . 2008-04-13 17:11 21,504 --a------ c:\windows\system32\hidserv.dll
2009-04-07 21:47 . 2008-04-13 17:11 21,504 --a------ c:\windows\system32\dllcache\hidserv.dll
2009-04-07 19:55 . 2009-04-07 21:42 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2009-04-07 19:55 . 2009-04-07 23:46 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-08 03:02 --------- d-----w c:\program files\Yahoo!
2009-04-08 03:01 --------- d-----w c:\program files\Vuze
2009-04-05 01:22 --------- d-----w c:\program files\Windows Live Safety Center
2009-04-04 19:58 --------- d-----w c:\documents and settings\test\Application Data\Azureus
2009-04-04 14:18 --------- d-----w c:\program files\Windows Live Safety CenterRebootActions
2009-04-01 14:32 --------- d-----w c:\program files\Java
2009-02-20 19:33 --------- d-----w c:\program files\Axis Communications
2008-09-10 02:01 0 -c--a-w c:\documents and settings\test\Application Data\wklnhst.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-06 64512]
"hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-05-04 458752]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-03-22 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-03-22 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-03-22 118784]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-06-17 794713]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2006-07-19 102400]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-06-19 163840]
"Cpqset"="c:\program files\Hewlett-Packard\Default Settings\cpqset.exe" [2006-06-19 40960]
"RecGuard"="c:\windows\SMINST\RecGuard.exe" [2005-10-11 1187840]
"Reminder"="c:\windows\CREATOR\Remind_XP.exe" [2006-02-09 643072]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2003-06-26 212992]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-10-01 111936]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-06-02 c:\windows\system32\CHDAudPropShortcut.exe]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-24 29696]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2003-07-07 233472]
HP Photosmart Premier Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2005-09-24 73728]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\mqsvc.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R2 IntuitUpdateService;Intuit Update Service;c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe [2008-10-10 13088]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
S1 fentzkgg;fentzkgg;\??\c:\windows\system32\drivers\fentzkgg.sys --> c:\windows\system32\drivers\fentzkgg.sys [?]
S3 {DEF85C80-216A-43ab-AF70-1665EDBE2780};{DEF85C80-216A-43ab-AF70-1665EDBE2780};\??\c:\windows\TEMP\32.tmp --> c:\windows\TEMP\32.tmp [?]
S3 5U870CAP_VID_1262&PID_25FD;HP Pavilion Webcam ;c:\windows\system32\drivers\5U870CAP.sys [2006-06-06 61952]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{34c2e8e6-0626-11de-9337-0018de2fbec2}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Start.exe
.
Contents of the 'Scheduled Tasks' folder

2009-04-01 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 13:34]

2009-03-24 c:\windows\Tasks\HP DArC Task #Hewlett-Packard#hp psc 2500 series#1224872986.job
- c:\program files\HP\hpcoretech\comp\hpdarc.exe [2003-06-26 21:50]

2009-04-08 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 22:20]
.
- - - - ORPHANS REMOVED - - - -

BHO-{3C883019-CBE3-4AB8-A5D4-A5CBC8728B5F} - (no file)
BHO-{3d84dfcc-8c92-4833-8eda-567d634c4886} - (no file)
Notify-yayyWNDU - yayyWNDU.dll


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/?fr=fptb-hptb2
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=pavilion&pf=laptop
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://12.107.193.125:8080/activex/AMC.cab
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-08 14:49:56
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\Hewlett-Packard\Default Settings\cpqset.exe????????????L?@? ????]??????`?@?????L?@

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{DEF85C80-216A-43ab-AF70-1665EDBE2780}]
"ImagePath"="\??\c:\windows\TEMP\32.tmp"
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\msdtc.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\ehome\ehrecvr.exe
c:\windows\ehome\ehSched.exe
c:\progra~1\MI3AA1~1\rapimgr.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\HP\Digital Imaging\bin\hpqimzone.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\system32\mqsvc.exe
c:\windows\ehome\mcrdsvc.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\windows\system32\mqtgsvc.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\wscntfy.exe
c:\windows\ehome\ehmsas.exe
.
**************************************************************************
.
Completion time: 2009-04-08 14:52:53 - machine was rebooted [test]
ComboFix-quarantined-files.txt 2009-04-08 18:52:50

Pre-Run: 10,975,866,880 bytes free
Post-Run: 10,867,179,520 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

170 --- E O F --- 2009-04-06 14:59:31





[B]Here is the HiJack This log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:54:45, on 4/8/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?fr=fptb-hptb2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=pavilion&pf=laptop
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [Reminder] C:\Windows\CREATOR\Remind_XP.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - S-1-5-18 Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (User 'Default user')
O4 - .DEFAULT User Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=pavilion&pf=laptop
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5483.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1233453177578
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://65.40.167.144/activex/AxisCamControl.ocx
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://12.107.193.125:8080/activex/AMC.cab
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 9220 bytes

That's the junk we were looking for, please follow the driections carefully and in the numbered order.

Before we start: Azureus <<< all p2p programs must be uninstalled.
http://forums.spybot.info/showthread.php?t=282

If your helper detects the presence of such programs on your computer he/she will ask you to remove them. Help will be withdrawn should you not agree to their removal.

Caution your friend, if they are using a USB stick or Flash drive, to be sure it is clean, reformated or toss it. May be how they got infected?

1) Please download ATF Cleaner by Atribune
http://www.atribune.org/public-beta/ATF-Cleaner.exe
Save it to your Desktop. We will use this later.

2) Open notepad and copy/paste the text in the codebox below into it:


Driver::
fentzkgg

File::
c:\windows\TEMP\32.tmp
c:\windows\system32\drivers\fentzkgg.sys

Registry::
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{34c2e8e6-0626-11de-9337-0018de2fbec2}]

Folder::
c:\program files\Vuze
c:\documents and settings\test\Application Data\Azureus

Save this as CFScript

http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif

Referring to the picture above, drag CFScript into ComboFix.exe.

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThis log. (wait until you finish to post the logs)

3) Open HijackThis and choose "Do a system scan only" then check the box in front of these line items:

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TY...lion&pf=laptop
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)

Close all programs but HJT and all browser windows, then click on "Fix Checked"

4) Run ATF Cleaner
Double-click ATF-Cleaner.exe to run the program.
Click Select All found at the bottom of the list.
Click the Empty Selected button.
Click Exit on the Main menu to close the program.

*Cleaning Prefetch may result in a few slow starts until the folder is repopulated:
http://www.windowsnetworking.com/articles_tutorials/Gaining-Speed-Empty-Prefetch-XP.html

Download Malwarebytes' Anti-Malware to your Desktop
http://www.malwarebytes.org/

* Double-click mbam-setup.exe and follow the prompts to install the program.
* Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform FULL SCAN, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad. Please save it to a convenient location. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt
* Please post the log from CFScript, the log from MBAM and a new HJT log.

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

Tutorial if needed:
http://www.techsupportteam.org/forum/tutorials/2282-malwarebytes-anti-malware-mbam.html

How is the computer running now?

Thanks...Phil

Thanks Phil,

On the issue of azureus...I had previously uninstalled it having read the required reading before seeking help. I do know there are folders left in some directories, and possible registry entires. Should I delete the folders as well as the registry entries?


Nic


PS: The computers performance has already improved, however I'm not done until you think we are done. Also I have been using my flash drive to load the txt docs(log files) back and forth between machines, are there any possibilities my mahcine has become infected in this process? My machine seems to be performing normally.

The combofix script will remove the p2p programs.

That should not have caused a problem, if you are finished using the other computer, follow these directions to disinfect and be sure. These instructions are for your computer.

1 - Flash Drive Disinfector
Download Flash_Disinfector.exe by sUBs from here (http://download.bleepingcomputer.com/sUBs/Flash_Disinfector.exe) and save it to your desktop.

Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
The utility may ask you to insert your flash drive and/or other removable drives including your mobile phone. Please do so and allow the utility to clean up those drives as well.
Wait until it has finished scanning and then exit the program.
Reboot your computer when done.

Note: Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive plugged in when you run it. Don't delete this folder...it will help protect your drives from future infection.


Thanks

The computer is much more response now, seems to be running fine. However what do the logs tell, is it clean or does the machine still need more work?

Also thanks for the advice about my flash drive! That is a relif.


ComboFix Log:

ComboFix 09-04-04.01 - test 2009-04-08 15:50:01.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.502.144 [GMT -4:00]
Running from: c:\documents and settings\test\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\test\Desktop\CFscript.txt.txt
FW: Norton Internet Worm Protection *disabled*
* Created a new restore point

FILE ::
c:\windows\system32\drivers\fentzkgg.sys
c:\windows\TEMP\32.tmp
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\test\Application Data\Azureus
c:\documents and settings\test\Application Data\Azureus\.certs
c:\documents and settings\test\Application Data\Azureus\.keystore
c:\documents and settings\test\Application Data\Azureus\.lock
c:\documents and settings\test\Application Data\Azureus\active\cache.dat
c:\documents and settings\test\Application Data\Azureus\azureus.config
c:\documents and settings\test\Application Data\Azureus\azureus.config.bak
c:\documents and settings\test\Application Data\Azureus\azureus.statistics
c:\documents and settings\test\Application Data\Azureus\azureus.statistics.bak
c:\documents and settings\test\Application Data\Azureus\banips.config
c:\documents and settings\test\Application Data\Azureus\banips.config.bak
c:\documents and settings\test\Application Data\Azureus\cache\1191085919.ico
c:\documents and settings\test\Application Data\Azureus\cnetworks.config
c:\documents and settings\test\Application Data\Azureus\dht\addresses.dat
c:\documents and settings\test\Application Data\Azureus\dht\contacts.dat
c:\documents and settings\test\Application Data\Azureus\dht\diverse.dat
c:\documents and settings\test\Application Data\Azureus\dht\general.dat
c:\documents and settings\test\Application Data\Azureus\dht\version.dat
c:\documents and settings\test\Application Data\Azureus\downloads.config
c:\documents and settings\test\Application Data\Azureus\downloads.config.bak
c:\documents and settings\test\Application Data\Azureus\friends.config
c:\documents and settings\test\Application Data\Azureus\friends.config.bak
c:\documents and settings\test\Application Data\Azureus\ipfilter.cache
c:\documents and settings\test\Application Data\Azureus\logs\MetaSearch_Engine_3.txt
c:\documents and settings\test\Application Data\Azureus\logs\MetaSearch_Engine_4.txt
c:\documents and settings\test\Application Data\Azureus\logs\MetaSearch_Engine_5.txt
c:\documents and settings\test\Application Data\Azureus\logs\MetaSearch_Engine_9.txt
c:\documents and settings\test\Application Data\Azureus\logs\save\1238850003406_MetaSearch_Engine_3.txt
c:\documents and settings\test\Application Data\Azureus\logs\save\1238850003406_MetaSearch_Engine_4.txt
c:\documents and settings\test\Application Data\Azureus\logs\save\1238850003406_MetaSearch_Engine_5.txt
c:\documents and settings\test\Application Data\Azureus\logs\save\1238850003406_MetaSearch_Engine_9.txt
c:\documents and settings\test\Application Data\Azureus\metasearch.config
c:\documents and settings\test\Application Data\Azureus\metasearch.config.bak
c:\documents and settings\test\Application Data\Azureus\net\pm_19262.dat
c:\documents and settings\test\Application Data\Azureus\net\pm_22773.dat
c:\documents and settings\test\Application Data\Azureus\net\pm_default.dat
c:\documents and settings\test\Application Data\Azureus\plugins\azump\azump_1.2.jar
c:\documents and settings\test\Application Data\Azureus\plugins\azump\azump_1.2.zip
c:\documents and settings\test\Application Data\Azureus\plugins\azump\azump_1.3.jar
c:\documents and settings\test\Application Data\Azureus\plugins\azump\azump_1.3.zip
c:\documents and settings\test\Application Data\Azureus\plugins\azump\mplayer.exe
c:\documents and settings\test\Application Data\Azureus\plugins\azump\mplayer.exe.bak
c:\documents and settings\test\Application Data\Azureus\plugins\azump\mplayer\config
c:\documents and settings\test\Application Data\Azureus\sidebarauto.config
c:\documents and settings\test\Application Data\Azureus\sidebarauto.config.bak
c:\documents and settings\test\Application Data\Azureus\subs\00C60E73A94959D3C5D4.vuze
c:\documents and settings\test\Application Data\Azureus\subs\01FE0E4954FEEB299706.vuze
c:\documents and settings\test\Application Data\Azureus\subs\027E8896EAA459EECD86.vuze
c:\documents and settings\test\Application Data\Azureus\subs\03779EA12EAD44014BBC.vuze
c:\documents and settings\test\Application Data\Azureus\subs\065BC7FC173B034D8ED1.vuze
c:\documents and settings\test\Application Data\Azureus\subs\06CB2693507E1A022820.vuze
c:\documents and settings\test\Application Data\Azureus\subs\080CBFDD763057C0601E.vuze
c:\documents and settings\test\Application Data\Azureus\subs\08A73ACBC705C786ADAE.vuze
c:\documents and settings\test\Application Data\Azureus\subs\09A4EF071DB008D2F8DB.vuze
c:\documents and settings\test\Application Data\Azureus\subs\09B584381E122A0F9A8F.vuze
c:\documents and settings\test\Application Data\Azureus\subs\09C5EF370AA8C1805B00.vuze
c:\documents and settings\test\Application Data\Azureus\subs\09FFAF25290EDF861647.vuze
c:\documents and settings\test\Application Data\Azureus\subs\0AC74425FCD696B95977.vuze
c:\documents and settings\test\Application Data\Azureus\subs\0C09B63E9E28FA953B75.vuze
c:\documents and settings\test\Application Data\Azureus\subs\0D0FF1C71C2194E11100.vuze
c:\documents and settings\test\Application Data\Azureus\subs\0F193C9F601B15C4EFFE.vuze
c:\documents and settings\test\Application Data\Azureus\subs\1315F3E263BCA78CCB05.vuze
c:\documents and settings\test\Application Data\Azureus\subs\1318175E4E1FA98A9865.vuze
c:\documents and settings\test\Application Data\Azureus\subs\13CCCA643B4D4185F7D8.vuze
c:\documents and settings\test\Application Data\Azureus\subs\1631AA84DFD110F3231D.vuze
c:\documents and settings\test\Application Data\Azureus\subs\177BEAD0090D3FD31234.vuze
c:\documents and settings\test\Application Data\Azureus\subs\17D053E4AF421BFD8B27.vuze
c:\documents and settings\test\Application Data\Azureus\subs\17FA4A7BB5E6CEBED5B7.vuze
c:\documents and settings\test\Application Data\Azureus\subs\186D0E57232DEE8DC2FD.vuze
c:\documents and settings\test\Application Data\Azureus\subs\19C87A60BCA1E8CEE30D.vuze
c:\documents and settings\test\Application Data\Azureus\subs\19D197C718E86D5B1B15.vuze
c:\documents and settings\test\Application Data\Azureus\subs\19E94E9B501CB8B21D6F.vuze
c:\documents and settings\test\Application Data\Azureus\subs\1A070CEE493845F89B8B.vuze
c:\documents and settings\test\Application Data\Azureus\subs\1A10CBBBBFED12CA5DCA.vuze
c:\documents and settings\test\Application Data\Azureus\subs\1A3FC0313635EB3FFECF.vuze
c:\documents and settings\test\Application Data\Azureus\subs\1B71D0A30260074421E0.vuze
c:\documents and settings\test\Application Data\Azureus\subs\1D4C8D4C71B978F1F654.vuze
c:\documents and settings\test\Application Data\Azureus\subs\2190724D255A346CBA39.vuze
c:\documents and settings\test\Application Data\Azureus\subs\21B6F154E1FA75E4DF0A.vuze
c:\documents and settings\test\Application Data\Azureus\subs\232E059D82033345DD27.vuze
c:\documents and settings\test\Application Data\Azureus\subs\23874448F3148CDD35E7.vuze
c:\documents and settings\test\Application Data\Azureus\subs\23C07FC046663EDB38E5.vuze
c:\documents and settings\test\Application Data\Azureus\subs\25D5429BA8913199E8C8.vuze
c:\documents and settings\test\Application Data\Azureus\subs\2757E34B3081117F721B.vuze
c:\documents and settings\test\Application Data\Azureus\subs\2786786FFA13BBC6151C.vuze
c:\documents and settings\test\Application Data\Azureus\subs\2DD34BCB85CDDCB979F0.vuze
c:\documents and settings\test\Application Data\Azureus\subs\2F3C053F4A66EDA4DB05.vuze
c:\documents and settings\test\Application Data\Azureus\subs\30A08C643309AC14F3D6.vuze
c:\documents and settings\test\Application Data\Azureus\subs\31FF70471734C8A044C9.vuze
c:\documents and settings\test\Application Data\Azureus\subs\323A4ADFB999F6620B6D.vuze
c:\documents and settings\test\Application Data\Azureus\subs\327F4762CCB7C9C5102D.vuze
c:\documents and settings\test\Application Data\Azureus\subs\33618D448F5459E79804.vuze
c:\documents and settings\test\Application Data\Azureus\subs\3405D0DD44921CFD1D39.vuze
c:\documents and settings\test\Application Data\Azureus\subs\34C345F7DA0B21D5A6B5.vuze
c:\documents and settings\test\Application Data\Azureus\subs\381E0EE2AEFEC3E541A4.vuze
c:\documents and settings\test\Application Data\Azureus\subs\384C12FC9B72D8D7ECDF.vuze
c:\documents and settings\test\Application Data\Azureus\subs\38835CFE7F9B0070747D.vuze
c:\documents and settings\test\Application Data\Azureus\subs\3899974FA488B341844A.vuze
c:\documents and settings\test\Application Data\Azureus\subs\38F14939A1ADE522383C.vuze
c:\documents and settings\test\Application Data\Azureus\subs\393FD6AF6275B71E28B2.vuze
c:\documents and settings\test\Application Data\Azureus\subs\39554085B8E2EE6D631B.vuze
c:\documents and settings\test\Application Data\Azureus\subs\3982E98C7990B2009F67.vuze
c:\documents and settings\test\Application Data\Azureus\subs\3CD629F6B386B0438C8C.vuze
c:\documents and settings\test\Application Data\Azureus\subs\3D5A72BF494438486AF8.vuze
c:\documents and settings\test\Application Data\Azureus\subs\3F2B3EA9FE89105B7B26.vuze
c:\documents and settings\test\Application Data\Azureus\subs\400B09C6BFC041C77125.vuze
c:\documents and settings\test\Application Data\Azureus\subs\41B5BA8E964DADE2D58B.vuze
c:\documents and settings\test\Application Data\Azureus\subs\421BA43C274F180B1106.vuze
c:\documents and settings\test\Application Data\Azureus\subs\428870FB845DFB86BDFF.vuze
c:\documents and settings\test\Application Data\Azureus\subs\44189A0635B8D4B2C2C9.vuze
c:\documents and settings\test\Application Data\Azureus\subs\447229A3A371779E8871.vuze
c:\documents and settings\test\Application Data\Azureus\subs\475A6FF4074864929368.vuze
c:\documents and settings\test\Application Data\Azureus\subs\47D01B51E6FACC969E1D.vuze
c:\documents and settings\test\Application Data\Azureus\subs\481C7B142EBA8C9090C0.vuze
c:\documents and settings\test\Application Data\Azureus\subs\488205C7691AFEABA1D4.vuze
c:\documents and settings\test\Application Data\Azureus\subs\4A522F963512B9C510B9.vuze
c:\documents and settings\test\Application Data\Azureus\subs\4C7B6ECF6748914296F9.vuze
c:\documents and settings\test\Application Data\Azureus\subs\4DFF4164045DC73294DD.vuze
c:\documents and settings\test\Application Data\Azureus\subs\4E52720D295BF1A3277A.vuze
c:\documents and settings\test\Application Data\Azureus\subs\4F2AA8C2D919E9835A62.vuze
c:\documents and settings\test\Application Data\Azureus\subs\4F4FD6E107BAF85C3403.vuze
c:\documents and settings\test\Application Data\Azureus\subs\4F5D92DCB17E8F9148BB.vuze
c:\documents and settings\test\Application Data\Azureus\subs\508DE7D270983F7A2458.vuze
c:\documents and settings\test\Application Data\Azureus\subs\52C6D09A02BBB590C252.vuze
c:\documents and settings\test\Application Data\Azureus\subs\5318EA0BF31F86C58EEC.vuze
c:\documents and settings\test\Application Data\Azureus\subs\537E2C922C8E026561CE.vuze
c:\documents and settings\test\Application Data\Azureus\subs\54004C0B7ADCCE4069C9.vuze
c:\documents and settings\test\Application Data\Azureus\subs\55146EAA008D7710D613.vuze
c:\documents and settings\test\Application Data\Azureus\subs\561060E15D5F31D5F891.vuze
c:\documents and settings\test\Application Data\Azureus\subs\581765478D3517627C73.vuze
c:\documents and settings\test\Application Data\Azureus\subs\59A9D23FCE5DD3F9A01B.vuze
c:\documents and settings\test\Application Data\Azureus\subs\5A217F011BAB9B2DEB56.vuze
c:\documents and settings\test\Application Data\Azureus\subs\5A4946D476CB61EF9301.vuze
c:\documents and settings\test\Application Data\Azureus\subs\5CBA0BA6AAA42E09B126.vuze
c:\documents and settings\test\Application Data\Azureus\subs\624910A3A637947DE3C8.vuze
c:\documents and settings\test\Application Data\Azureus\subs\6266EA3AFA431F35C521.vuze
c:\documents and settings\test\Application Data\Azureus\subs\62FE6A1CAD12849F5889.vuze
c:\documents and settings\test\Application Data\Azureus\subs\632A20E73961F1C133F2.vuze
c:\documents and settings\test\Application Data\Azureus\subs\64BCD2FF470505CABB07.vuze
c:\documents and settings\test\Application Data\Azureus\subs\652295769F010C05B030.vuze
c:\documents and settings\test\Application Data\Azureus\subs\659E360DA4C7A78064E4.vuze
c:\documents and settings\test\Application Data\Azureus\subs\6824755C86CF5244EBB4.vuze
c:\documents and settings\test\Application Data\Azureus\subs\68461FFBE2AB011691AE.vuze
c:\documents and settings\test\Application Data\Azureus\subs\687B5D8D87F188977E5D.vuze
c:\documents and settings\test\Application Data\Azureus\subs\68CAC08D609A9B7FDFE0.vuze
c:\documents and settings\test\Application Data\Azureus\subs\68F3E5B4C3CF3CDA6782.vuze
c:\documents and settings\test\Application Data\Azureus\subs\6914941BE2FFCB395CF5.vuze
c:\documents and settings\test\Application Data\Azureus\subs\6CE4CD4B41EB765CCBCF.vuze
c:\documents and settings\test\Application Data\Azureus\subs\6FB8BCCFEA8FE00EB21F.vuze
c:\documents and settings\test\Application Data\Azureus\subs\7076DB20A5F225DDB82C.vuze
c:\documents and settings\test\Application Data\Azureus\subs\708C5D9333EC9E54E297.vuze
c:\documents and settings\test\Application Data\Azureus\subs\7121CFED9C398458EF19.vuze
c:\documents and settings\test\Application Data\Azureus\subs\722FEC9BA057A883FE52.vuze
c:\documents and settings\test\Application Data\Azureus\subs\72C5BF989E85043749E9.vuze
c:\documents and settings\test\Application Data\Azureus\subs\737553100CB057ACF094.vuze
c:\documents and settings\test\Application Data\Azureus\subs\740AF5DF29177BDBE64C.vuze
c:\documents and settings\test\Application Data\Azureus\subs\7472680B49ACBCFA19D9.vuze
c:\documents and settings\test\Application Data\Azureus\subs\79D0146B15851A703E92.vuze
c:\documents and settings\test\Application Data\Azureus\subs\7AA8A97E28F65BEDAE80.vuze
c:\documents and settings\test\Application Data\Azureus\subs\7EB198584F3721914E9D.vuze
c:\documents and settings\test\Application Data\Azureus\subs\7F3FF06351F0D180F55B.vuze
c:\documents and settings\test\Application Data\Azureus\subs\8060C3313C66DF45F383.vuze
c:\documents and settings\test\Application Data\Azureus\subs\816D7B7EA6C45ACA806F.vuze
c:\documents and settings\test\Application Data\Azureus\subs\829E59C40EFFE22EB406.vuze
c:\documents and settings\test\Application Data\Azureus\subs\83F9D7CFBA5E7496ACC5.vuze
c:\documents and settings\test\Application Data\Azureus\subs\8518327D0D62BB94EF10.vuze
c:\documents and settings\test\Application Data\Azureus\subs\866B5EFEAF4827AAE628.vuze
c:\documents and settings\test\Application Data\Azureus\subs\87ADF8E41A1DB5628FEF.vuze
c:\documents and settings\test\Application Data\Azureus\subs\87E23B1872099785E348.vuze
c:\documents and settings\test\Application Data\Azureus\subs\884BFCC11810F8634E63.vuze
c:\documents and settings\test\Application Data\Azureus\subs\88A288B21FB4C7E7757D.vuze
c:\documents and settings\test\Application Data\Azureus\subs\8C8EBAC20A7C191149F8.vuze
c:\documents and settings\test\Application Data\Azureus\subs\8DE6E5753F5ADF094F49.vuze
c:\documents and settings\test\Application Data\Azureus\subs\8F7CF980EB704A78D737.vuze
c:\documents and settings\test\Application Data\Azureus\subs\9167E16C9B7944056AC7.vuze
c:\documents and settings\test\Application Data\Azureus\subs\91B2B05808E1B2FFA4F8.vuze
c:\documents and settings\test\Application Data\Azureus\subs\92C595C3322967E8A3C0.vuze
c:\documents and settings\test\Application Data\Azureus\subs\93B716386602D52C6EB7.vuze
c:\documents and settings\test\Application Data\Azureus\subs\9496FCE423743B92FC32.vuze
c:\documents and settings\test\Application Data\Azureus\subs\955C746AE05FD2758123.vuze
c:\documents and settings\test\Application Data\Azureus\subs\95B34C1A1F40931D0972.vuze
c:\documents and settings\test\Application Data\Azureus\subs\96530D21F0C4F96C2942.vuze
c:\documents and settings\test\Application Data\Azureus\subs\9E0B7FF1A7F025F28186.vuze
c:\documents and settings\test\Application Data\Azureus\subs\9ECE7AE52148CDE6E331.vuze
c:\documents and settings\test\Application Data\Azureus\subs\9EDB83DD6C0E3248906A.vuze
c:\documents and settings\test\Application Data\Azureus\subs\9F1658B76B44A5EA4725.vuze
c:\documents and settings\test\Application Data\Azureus\subs\A0565AF02148C6175EAA.vuze
c:\documents and settings\test\Application Data\Azureus\subs\A10ECCF6F09A0E9648DA.vuze
c:\documents and settings\test\Application Data\Azureus\subs\A1D26F82A30D6241E9B9.vuze
c:\documents and settings\test\Application Data\Azureus\subs\A3287F0DF2346D598B5D.vuze
c:\documents and settings\test\Application Data\Azureus\subs\A57341AB2AA7A98D5F19.vuze
c:\documents and settings\test\Application Data\Azureus\subs\A6875C9905F5F324D605.vuze
c:\documents and settings\test\Application Data\Azureus\subs\A7A62765F81E2725DD47.vuze
c:\documents and settings\test\Application Data\Azureus\subs\AA18A55630A89D766D85.vuze
c:\documents and settings\test\Application Data\Azureus\subs\AC4F1AD49C0D5FFEBF74.vuze
c:\documents and settings\test\Application Data\Azureus\subs\AD24B5020C5322BEBDAD.vuze
c:\documents and settings\test\Application Data\Azureus\subs\AE29051F1A3B15B26C24.vuze
c:\documents and settings\test\Application Data\Azureus\subs\AF734186BA1B192A332E.vuze
c:\documents and settings\test\Application Data\Azureus\subs\B06D3EA2370C8CFCD14A.vuze
c:\documents and settings\test\Application Data\Azureus\subs\B117B4D5EF69D9B0D8F2.vuze
c:\documents and settings\test\Application Data\Azureus\subs\B1A9966308956737704D.vuze
c:\documents and settings\test\Application Data\Azureus\subs\B3B665EB16D3D3582A95.vuze
c:\documents and settings\test\Application Data\Azureus\subs\B3FBE4B83465EBED04B7.vuze
c:\documents and settings\test\Application Data\Azureus\subs\B4D5B57BBCFD58B8C221.vuze
c:\documents and settings\test\Application Data\Azureus\subs\B77A94F68395C6F819B7.vuze
c:\documents and settings\test\Application Data\Azureus\subs\B838F5D871039A5EF5B3.vuze
c:\documents and settings\test\Application Data\Azureus\subs\B8D49D40BB83C32390BE.vuze
c:\documents and settings\test\Application Data\Azureus\subs\BAD9AC808DA5DC699651.vuze
c:\documents and settings\test\Application Data\Azureus\subs\BBA708018991E48BD0CC.vuze
c:\documents and settings\test\Application Data\Azureus\subs\BC330A5B5B760F1BAE11.vuze
c:\documents and settings\test\Application Data\Azureus\subs\BE5CDA4B40FD9FD6D96D.vuze
c:\documents and settings\test\Application Data\Azureus\subs\BED6B0EDAA5AED7D8DB4.vuze
c:\documents and settings\test\Application Data\Azureus\subs\BFF8CA6650753157FB90.vuze
c:\documents and settings\test\Application Data\Azureus\subs\C2D8E4DAE897328B413A.vuze
c:\documents and settings\test\Application Data\Azureus\subs\C39BEA7DDBE66A4CDBD2.vuze
c:\documents and settings\test\Application Data\Azureus\subs\C400715418419412BD7A.vuze
c:\documents and settings\test\Application Data\Azureus\subs\C5B6F26384CA96B090DD.vuze
c:\documents and settings\test\Application Data\Azureus\subs\C6087E3CBA1EED29D393.vuze
c:\documents and settings\test\Application Data\Azureus\subs\C69F8A17B5DAF6035411.vuze
c:\documents and settings\test\Application Data\Azureus\subs\C72B65EE9283EBBD372E.vuze
c:\documents and settings\test\Application Data\Azureus\subs\C8350FB254C3543118EB.vuze
c:\documents and settings\test\Application Data\Azureus\subs\C868FF325124E3D0D58F.vuze
c:\documents and settings\test\Application Data\Azureus\subs\C9BCF1F181CE789A2FEF.vuze
c:\documents and settings\test\Application Data\Azureus\subs\C9EBC80E3E1D103634DB.vuze
c:\documents and settings\test\Application Data\Azureus\subs\CB878B8D0D62318669C5.vuze
c:\documents and settings\test\Application Data\Azureus\subs\CB9B17C97A13AA049726.vuze
c:\documents and settings\test\Application Data\Azureus\subs\CBC2322EB32060DC5494.vuze
c:\documents and settings\test\Application Data\Azureus\subs\CEA06BACAA04C3DAA925.vuze
c:\documents and settings\test\Application Data\Azureus\subs\D218245D15265D7BBB12.vuze
c:\documents and settings\test\Application Data\Azureus\subs\D2D8DF7849E40C3EFA71.vuze
c:\documents and settings\test\Application Data\Azureus\subs\D44784B7433BB66BE6CB.vuze
c:\documents and settings\test\Application Data\Azureus\subs\D8AF9F56AC8F655A6C44.vuze
c:\documents and settings\test\Application Data\Azureus\subs\D99CF90B4CDB209E319F.vuze
c:\documents and settings\test\Application Data\Azureus\subs\DA00AA294C47156FEA1C.vuze
c:\documents and settings\test\Application Data\Azureus\subs\DB8EBA0A8243FAC1DD16.vuze
c:\documents and settings\test\Application Data\Azureus\subs\DBDF0042424D171D5F40.vuze
c:\documents and settings\test\Application Data\Azureus\subs\DC10272782C80481871B.vuze
c:\documents and settings\test\Application Data\Azureus\subs\DCD20AB6684A16AA1475.vuze
c:\documents and settings\test\Application Data\Azureus\subs\DF23569F2CC4362D69F9.vuze
c:\documents and settings\test\Application Data\Azureus\subs\E01DCA8F4B6A7A5A27D8.vuze
c:\documents and settings\test\Application Data\Azureus\subs\E06604853A0D65E6C436.vuze
c:\documents and settings\test\Application Data\Azureus\subs\E3FAFADD4E7B350EBFCD.vuze
c:\documents and settings\test\Application Data\Azureus\subs\E556000FE7C3C3E73760.vuze
c:\documents and settings\test\Application Data\Azureus\subs\E67D8443DF3B6D5C02B4.vuze
c:\documents and settings\test\Application Data\Azureus\subs\E6925ADD353B0CC4752A.vuze
c:\documents and settings\test\Application Data\Azureus\subs\E6A810C0D7599C2A37F4.vuze
c:\documents and settings\test\Application Data\Azureus\subs\E73307E8112B5A556E39.vuze
c:\documents and settings\test\Application Data\Azureus\subs\E7D63B5A67DAC7ECAF1A.vuze
c:\documents and settings\test\Application Data\Azureus\subs\E8CB9DDFE8782A1715B2.vuze
c:\documents and settings\test\Application Data\Azureus\subs\E9143F73AFF575C60F79.vuze
c:\documents and settings\test\Application Data\Azureus\subs\E945B0308AD3020B8B78.vuze
c:\documents and settings\test\Application Data\Azureus\subs\EA0E3E4297AA0A16BC5F.vuze
c:\documents and settings\test\Application Data\Azureus\subs\EA9D48FDF3EEF0EBF839.vuze
c:\documents and settings\test\Application Data\Azureus\subs\EF1E56532E8BEF299671.vuze
c:\documents and settings\test\Application Data\Azureus\subs\F07279E115F3777EF5CF.vuze
c:\documents and settings\test\Application Data\Azureus\subs\F697EC37C5A4D154EB6F.vuze
c:\documents and settings\test\Application Data\Azureus\subs\F6EB481F42D7A6D98C5A.vuze
c:\documents and settings\test\Application Data\Azureus\subs\F79561DE25ADCAEF8BE3.vuze
c:\documents and settings\test\Application Data\Azureus\subs\FB842F38FBD17B46F780.vuze
c:\documents and settings\test\Application Data\Azureus\subs\FCC85A671C589DE02BA0.vuze
c:\documents and settings\test\Application Data\Azureus\subs\FDA6C9DF3B7E1F2FABB6.vuze
c:\documents and settings\test\Application Data\Azureus\subscriptions.config
c:\documents and settings\test\Application Data\Azureus\subscriptions.config.bak
c:\documents and settings\test\Application Data\Azureus\tables.config
c:\documents and settings\test\Application Data\Azureus\tables.config.bak
c:\documents and settings\test\Application Data\Azureus\timingstats.dat
c:\documents and settings\test\Application Data\Azureus\tmp\AZU1043884457378167858.tmp
c:\documents and settings\test\Application Data\Azureus\tmp\AZU1221467841146234399.tmp
c:\documents and settings\test\Application Data\Azureus\tmp\AZU1571187679984542478.tmp
c:\documents and settings\test\Application Data\Azureus\tmp\AZU2046426052801131024.tmp
c:\documents and settings\test\Application Data\Azureus\tmp\AZU2376652644035177329.tmp
c:\documents and settings\test\Application Data\Azureus\tmp\AZU254880010660913231.tmp
c:\documents and settings\test\Application Data\Azureus\tmp\AZU3219776109049930388.tmp
c:\documents and settings\test\Application Data\Azureus\tmp\AZU5374078241086237828.tmp
c:\documents and settings\test\Application Data\Azureus\tmp\AZU7656017690154642901.tmp
c:\documents and settings\test\Application Data\Azureus\tmp\AZU7744101519024364114.tmp
c:\documents and settings\test\Application Data\Azureus\tmp\AZU8742839512546599697.tmp
c:\documents and settings\test\Application Data\Azureus\tmp\AZU98010281043966670.tmp\patch.jar
c:\documents and settings\test\Application Data\Azureus\torrents\[isoHunt]_[LEAKED_EXCLUSIVE]_Brtiney_Spears_Sex_Tape.rar_[smaragdtorrent.to][1].torrent
c:\documents and settings\test\Application Data\Azureus\torrents\[isoHunt]_[LEAKED_EXCLUSIVE]_Jennifer_Lopez_Sex_Tape.rar_[smaragdtorrent.to][1].torrent
c:\documents and settings\test\Application Data\Azureus\torrents\[isoHunt]_17c0cf0603a3f9fdabf5708c70eba59895040ca9[1].torrent
c:\documents and settings\test\Application Data\Azureus\torrents\[isoHunt]_50_Cent_-_Curtis_[2007][1].torrent
c:\documents and settings\test\Application Data\Azureus\torrents\[isoHunt]_50_Cent_-_Get_Up[1].torrent
c:\documents and settings\test\Application Data\Azureus\torrents\[isoHunt]_7240f86ac880fca8cf3b3e7c7a28176767cebd7f[1].torrent
c:\documents and settings\test\Application Data\Azureus\torrents\[isoHunt]_83f9867c1487503bea24b10a5c86601124c82e2b[1].torrent
c:\documents and settings\test\Application Data\Azureus\torrents\[isoHunt]_A_Static_Lullaby_-_Rattlesnake[1].torrent
c:\documents and settings\test\Application Data\Azureus\torrents\[isoHunt]_Amateur_Man_Fucking_college_Russian_Teen_doggy.3976233.TPB[1].torrent
c:\documents and settings\test\Application Data\Azureus\torrents\[isoHunt]_Appaloosa[2008]DvDrip-aXXo[1].torrent
c:\documents and settings\test\Application Data\Azureus\torrents\[isoHunt]_Baby_Mama[2008]DvDrip[Eng]-FXG[1].torrent
c:\documents and settings\test\Application Data\Azureus\torrents\[isoHunt]_Bangkok.Dangerous.TS.XviD-COALiTiON[1].torrent
c:\documents and settings\test\Application Data\Azureus\torrents\[isoHunt]_Blindness[2008]DvDrip[Eng]-FXG.4713599.TPB[1].torrent
c:\documents and settings\test\Application Data\Azureus\torrents\[isoHunt]_Body_Of_Lies[1].torrent
c:\documents and settings\test\Application Data\Azureus\torrents\[isoHunt]_Brand_New_-_Deja_Entendu[1].torrent
c:\documents and settings\test\Application Data\Azureus\torrents\[isoHunt]_Collie_Budz.1302183.SN[1].torrent
c:\documents and settings\test\Application Data\Azureus\torrents\[isoHunt]_d84cd9ab33e265644ccc00ea45fdaed87c84e1e7[1].torrent
c:\documents and settings\test\Application Data\Azureus\torrents\[isoHunt]_Death.Race[2008][Unrated.Edition]DvDrip-aXXo[1].torrent
c:\documents and settings\test\Application Data\Azureus\torrents\[isoHunt]_Deception[2008]DvDrip-aXXo[1].torrent
c:\documents and settings\test\Application Data\Azureus\torrents\[isoHunt]_Donkey_Punch_(2008)_DVDRip_Occor_avi[1].torrent
c:\documents and settings\test\Application Data\Azureus\torrents\[isoHunt]_Doomsday[2008][Unrated.Edition]DvDrip-aXXo[1].torrent
c:\documents and settings\test\Application Data\Azureus\torrents\[isoHunt]_download-others-1461621-Surfer,Dude[2008]DvDripaXXo[1].torrent
c:\documents and settings\test\Application Data\Azureus\torrents\[isoHunt]_download[1].torrent
c:\documents and settings\test\Application Data\Azureus\torrents\[isoHunt]_download[2].torrent
c:\documents and settings\test\Application Data\Azureus\torrents\[isoHunt]_Eagle_Eye_2008_cam_XviD-KingBen_(Kingdom-Release).4421509.TPB[1].torrent
c:\documents and settings\test\Application Data\Azureus\torrents\[isoHunt]_Eminem_-__Having_A_Relapse_(Prod._Eminem)[1].torrent
c:\documents and settings\test\Application Data\Azureus\torrents\[isoHunt]_Entourage.S05E01.HDTV.XviD-0TV.avi[1].torrent
c:\documents and settings\test\Application Data\Azureus\torrents\[isoHunt]_Entourage.S05E02.HDTV.XviD-2HD.[eztv][1].torrent
c:\documents and settings\test\Application Data\Azureus\torrents\[isoHunt]_Entourage.S05E03.HDTV.XviD-0TV.[eztv][1].torrent
c:\documents and settings\test\Application Data\Azureus\torrents\[isoHunt]_Entourage.S05E04.HDTV.XviD-0TV.[eztv][1].torrent
c:\documents and settings\test\Application Data\Azureus\torrents\[isoHunt]_Entourage.S05E05.HDTV.XviD-aAF.[eztv][1].torrent
c:\documents and settings\test\Application Data\Azureus\torrents\[isoHunt]_Entourage.S05E06.HDTV.XviD-SYS.[eztv][1].torrent
c:\documents and settings\test\Application Data\Azureus\torrents\[isoHunt]_Entourage.S05E07.HDTV.XviD-0TV.[eztv][1].torrent
c:\documents and settings\test\Application Data\Azureus\torrents\[isoHunt]_Entourage.S05E08.HDTV.XviD-aAF.avi.4469947.TPB[1].torrent
c:\documents and settings\test\Application Data\Azureus\torrents\[isoHunt]_Entourage.S05E09.HDTV.XviD-0TV.[eztv][1].torrent
c:\documents and settings\test\Application Data\Azureus\torrents\[isoHunt]_Entourage.S05E10.HDTV.XviD-0TV.[eztv][1].torrent
c:\documents and settings\test\Application Data\Azureus\torrents\[isoHunt]_Entourage.S05E11.HDTV.XviD-0TV.[eztv][1].torrent
c:\documents and settings\test\Application Data\Azureus\torrents\[isoHunt]_Entourage.S05E12.HDTV.XviD-0TV.[eztv][1].torrent
c:\documents and settings\test\Application Data\Azureus\torrents\[isoHunt]_Escape_The_Fate_-_This_War_Is_Ours_(2008)_Advance_Tagged_[[JohnPiracy]][1].torrent
c:\documents and settings\test\Application Data\Azureus\torrents\[isoHunt]_Eva_Longoria_Sex_Tape.wmv[1].torrent
c:\documents and settings\test\Application Data\Azureus\torrents\[isoHunt]_Evergreen_Terrace-Wolfbiker-Promo-2007-QTXMp3[1].torrent
c:\documents and settings\test\Application Data\Azureus\torrents\[isoHunt]_Evergreen_Terrace[1].torrent
c:\documents and settings\test\Application Data\Azureus\torrents\[isoHunt]_Felon[2008]DvDrip-aXXo[1].torrent
c:\documents and settings\test\Application Data\Azureus\torrents\[isoHunt]_Forgetting.Sarah.Marshall[2008][Unrated.Edition]DvDrip-aXXo[1].torrent
c:\documents and settings\test\Application Data\Azureus\torrents\[isoHunt]_Fred.Claus[2007]DvDrip-aXXo.4493729.TPB[1].torrent
c:\documents and settings\test\Application Data\Azureus\torrents\[isoHunt]_Gina_Lisa_XXX_Sex_Video_Germany_Next_Top_Model_babe.wmv[1].torrent
c:\documents and settings\test\Application Data\Azureus\torrents\[isoHunt]_GZA-D.A.R.T.S.-2008-pLAN9[1].torrent
c:\documents and settings\test\Application Data\Azureus\torrents\[isoHunt]_GZA_(Genius)-Pro_Tools-2008-WHOA[1].torrent
c:\documents and settings\test\Application Data\Azureus\torrents\[isoHunt]_Hancock_[2008]DvDrip_R5[Eng]-NikonXp[1].torrent
c:\documents and settings\test\Application Data\Azureus\torrents\[isoHunt]_Haste_The_Day-Dreamer-2008-RTB.4436791.TPB[1].torrent
c:\documents and settings\test\Application Data\Azureus\torrents\[isoHunt]_Idiocracy[2006]DvDrip.AC3[Eng]-aXXo[1].torrent
c:\documents and settings\test\Application Data\Azureus\torrents\[isoHunt]_Indiana_Jones_And_The_Kingdom_Of_The_Crystal_Skull[2008]-aXXo.4421027.TPB[1].torrent
c:\documents and settings\test\Application Data\Azureus\torrents\[isoHunt]_Indiana_Jones_And_The_Kingdom_Of_The_Crystal_Skull[2008]DvDrip-aXXo[1].torrent
c:\documents and settings\test\Application Data\Azureus\torrents\[isoHunt]_It_Dies_Today_-_Lividity_[Advance]_[Studio_Album]_-_2009[1].torrent
c:\documents and settings\test\Application Data\Azureus\torrents\[isoHunt]_Joey_Cape_&_Tony_Sly_-_Accoustic_2004[1].torrent
c:\documents and settings\test\Application Data\Azureus\torrents\[isoHunt]_Kim_Kardashian_Playboy_Pics_-_leaked_from_the_December_issue.3879130.TPB[1].torrent
c:\documents and settings\test\Application Data\Azureus\torrents\[isoHunt]_Lagwagon-I_Think_My_Older_Brother_Used_To_Listen_To_Lagwagon-(EP)-2008-pLAN9[1].torrent
c:\documents and settings\test\Application Data\Azureus\torrents\[isoHunt]_Lakeview.Terrace[2008]DvDrip-aXXo[1].torrent
c:\documents and settings\test\Application Data\Azureus\torrents\[isoHunt]_Last_Of_The_Believers_-_Paper_Ships_Under_A_Burning_Bridge_(2008)_[CHANNEL_NEO][1].torrent
c:\documents and settings\test\Application Data\Azureus\torrents\[isoHunt]_Leatherheads[2008]DvDrip-aXXo[1].torrent
c:\documents and settings\test\Application Data\Azureus\torrents\[isoHunt]_Loaded[2008]DvDrip-aXXo.4466938.TPB[1].torrent
c:\documents and settings\test\Application Data\Azureus\torrents\[isoHunt]_M.I.A._-_Paper_Planes.zip[1].torrent
c:\documents and settings\test\Application Data\Azureus\torrents\[isoHunt]_M.I.A.__-__Paper__Planes.wma[1].torrent
c:\documents and settings\test\Application Data\Azureus\torrents\[isoHunt]_MAX.Payne.2008.CAM.XViD-PreVail[1].torrent
c:\documents and settings\test\Application Data\Azureus\torrents\[isoHunt]_Metallica-Death_Magnetic-PROPER-Retail-2008-FLM[1].torrent
c:\documents and settings\test\Application Data\Azureus\torrents\[isoHunt]_Miracle.At.St.Anna.2008.DvDRip-FxM.4661244.TPB[1].torrent
c:\documents and settings\test\Application Data\Azureus\torrents\[isoHunt]_Mirrors[2008]DvDrip-aXXo[1].torrent
c:\documents and settings\test\Application Data\Azureus\torrents\[isoHunt]_Mr.Brooks[2007]DvDrip[Eng]-aXXo[1].torrent
c:\documents and settings\test\Application Data\Azureus\torrents\[isoHunt]_Never.Back.Down[2008]DvDrip-aXXo[1].torrent
c:\documents and settings\test\Application Data\Azureus\torrents\[isoHunt]_NOFX_-_7_Inch_Of_The_Month_Club_(2005).3904829.TPB[1].torrent
c:\documents and settings\test\Application Data\Azureus\torrents\[isoHunt]_Passengers[2008]DvDrip-aXXo[1].torrent
c:\documents and settings\test\Application Data\Azureus\torrents\[isoHunt]_Pepper-Pink_Crustaceans_and_Good_Vibrations-2008-pLAN9[1].torrent
c:\documents and settings\test\Application Data\Azureus\torrents\[isoHunt]_Pineapple.Express[2008]DvDrip-aXXo[1].torrent
c:\documents and settings\test\Application Data\Azureus\torrents\[isoHunt]_Playboy_Magazine_January[2009]_Issue_--PDR--.4616745.TPB[1].torrent
c:\documents and settings\test\Application Data\Azureus\torrents\[isoHunt]_Raekwon_&_Ghostface_-_R.A.G.U._(2006)_-_Rap_By_FEFE2003.rar[1].torrent
c:\documents and settings\test\Application Data\Azureus\torrents\[isoHunt]_Rebelution-Courage_To_Grow-2007-pLAN9[1].torrent
c:\documents and settings\test\Application Data\Azureus\torrents\[isoHunt]_Reservation.Road[2007]DvDrip[Eng]-aXXo[1].torrent
c:\documents and settings\test\Application Data\Azureus\torrents\[isoHunt]_Revolver.2005.DvDRiP.XviD-iRiS-MF.3539374.TPB[1].torrent
c:\documents and settings\test\Application Data\Azureus\torrents\[isoHunt]_Rise_Against-Appeal_To_Reason-2008-RiSEAGAiNST[1].torrent
c:\documents and settings\test\Application Data\Azureus\torrents\[isoHunt]_Rise_Against-Reeducate_Through_Labor-(CDS)-2008-FNT.4373824.TPB[1].torrent
c:\documents and settings\test\Application Data\Azureus\torrents\[isoHunt]_Rise_Against[1].torrent
c:\documents and settings\test\Application Data\Azureus\torrents\[isoHunt]_Rise_Against_-_Acoustic_Collection[1].torrent
c:\documents and settings\test\Application Data\Azureus\torrents\[isoHunt]_Rise_Against_-_Appeal_to_Reason_-_ALL_AVAILABLE_TRACKS.4413372.TPB[1].torrent
c:\documents and settings\test\Application Data\Azureus\torrents\[isoHunt]_Rise_Against_-_Appeal_To_Reason_[2008]_320kbps.4424732.TPB[1].torrent
c:\documents and settings\test\Application Data\Azureus\torrents\[isoHunt]_Rise_of_the_Footsoldier[2007]DvDrip[Eng]-FXG[1].torrent
c:\documents and settings\test\Application Data\Azureus\torrents\[isoHunt]_Role_Models_2008_cam_XviD-KingBen_(Kingdom-Release).4507490.TPB[1].torrent
c:\documents and settings\test\Application Data\Azureus\torrents\[isoHunt]_Senses_Fail-Life_Is_Not_A_Waiting_Room-2008-FNT[1].torrent
c:\documents and settings\test\Application Data\Azureus\torrents\[isoHunt]_Sex.Drive.DVDSCR.XviD-HEFTY[1].torrent
c:\documents and settings\test\Application Data\Azureus\torrents\[isoHunt]_Slightly_Stoopid_-_Chronchitis_[2007][1].torrent
c:\documents and settings\test\Application Data\Azureus\torrents\[isoHunt]_Slightly_Stoopid_-_Slightly_Not_Stoned_Enough_To_Eat_Breakfast_Y.4351176.TPB[1].torrent
c:\documents and settings\test\Application Data\Azureus\torrents\[isoHunt]_Smokin'.Aces[2007]DvDrip[Eng]-aXXo[1].torrent
c:\documents and settings\test\Application Data\Azureus\torrents\[isoHunt]_Sparta.4091559.TPB[1].torrent
c:\documents and settings\test\Application Data\Azureus\torrents\[isoHunt]_Step.Brothers[2008][Unrated.Edition]DvDrip-aXXo.4485640.TPB[1].torrent
c:\documents and settings\test\Application Data\Azureus\torrents\[isoHunt]_Step_Brothers_CAM_XVID_-_STG.4324977.TPB[1].torrent
c:\documents and settings\test\Application Data\Azureus\torrents\[isoHunt]_Stuck.2007.LiMiTED.DVDRip.XviD-LMG.4422335.TPB[1].torrent
c:\documents and settings\test\Application Data\Azureus\torrents\[isoHunt]_T.I.-_Swagga_Like_Us_(Ft._Kanye_West__Jay-Z__Lil_Wayne___Twista).4463827.TPB[1].torrent
c:\documents and settings\test\Application Data\Azureus\torrents\[isoHunt]_Taken[2008]DvDrip-aXXo[1].torrent
c:\documents and settings\test\Application Data\Azureus\torrents\[isoHunt]_The.Express[2008]DvDrip-aXXo[1].torrent
c:\documents and settings\test\Application Data\Azureus\torrents\[isoHunt]_The.Happening[2008]DvDrip-aXXo[1].torrent
c:\documents and settings\test\Application Data\Azureus\torrents\[isoHunt]_The.Incredible.Hulk[2008]DvDrip-aXXo[1].torrent
c:\documents and settings\test\Application Data\Azureus\torrents\[isoHunt]_The.Love.Guru[2008]DvDrip-aXXo[1].torrent
c:\documents and settings\test\Application Data\Azureus\torrents\[isoHunt]_The.Promotion[2008]DvDrip-aXXo[1].torrent
c:\documents and settings\test\Application Data\Azureus\torrents\[isoHunt]_The.Reaping[2007]DvDrip[Eng]-aXXo[1].torrent
c:\documents and settings\test\Application Data\Azureus\torrents\[isoHunt]_The.Wackness[2008]DvDrip-aXXo[1].torrent
c:\documents and settings\test\Application Data\Azureus\torrents\[isoHunt]_The_Expendables_-_Complete_Discography.3975778.TPB[1].torrent
c:\documents and settings\test\Application Data\Azureus\torrents\[isoHunt]_The_Game_-_LAX_(Explicit)_[2008]_-_Rap_.4353934.TPB[1].torrent
c:\documents and settings\test\Application Data\Azureus\torrents\[isoHunt]_The_Invasion[2007]DvDrip[Eng]-FXG.3940541.TPB[1].torrent
c:\documents and settings\test\Application Data\Azureus\torrents\[isoHunt]_The_Strangers[2008][Unrated_Edition]DvDrip[Eng]-FXG[1].torrent
c:\documents and settings\test\Application Data\Azureus\torrents\[isoHunt]_The_Wrestler_(2008)__DVDSCR_Occor_avi[1].torrent
c:\documents and settings\test\Application Data\Azureus\torrents\[isoHunt]_Thick.As.Thieves[2009]DvDrip-aXXo[1].torrent
c:\documents and settings\test\Application Data\Azureus\torrents\[isoHunt]_Traitor[2008]DvDrip[Eng]-FXG[1].torrent
c:\documents and settings\test\Application Data\Azureus\torrents\[isoHunt]_Transsiberian[2008]DvDrip-aXXo.4452864.TPB[1].torrent
c:\documents and settings\test\Application Data\Azureus\torrents\[isoHunt]_Tropic.Thunder[2008]DvDrip-aXXo.4479112.TPB[1].torrent
c:\documents and settings\test\Application Data\Azureus\torrents\[isoHunt]_Tropic_Thunder_2008_TELESYNC_XviD-KingBen_Kingdom-Release_[1].torrent
c:\documents and settings\test\Application Data\Azureus\torrents\[isoHunt]_Underoath_,_Lost_In_The_Sound_Of_Seperation_2008_MP3_(SeCtIoN8_ReLeAsE_SharegoRG)[1].torrent
c:\documents and settings\test\Application Data\Azureus\torrents\[isoHunt]_W.[2008]DvDrip[Eng]-FXG.4681487.TPB[1].torrent
c:\documents and settings\test\Application Data\Azureus\torrents\[isoHunt]_WANTED_[2008][ENG][AC3][R5RIP-M333]-FLAWL3SS[1].torrent
c:\documents and settings\test\Application Data\Azureus\torrents\[isoHunt]_What.Happens.In.Vegas[2008]DvDrip-aXXo[1].torrent
c:\documents and settings\test\Application Data\Azureus\torrents\[isoHunt]_You.Don't.Mess.With.The.Zohan[2008][Unrated.Edition]DvDrip-aXXo[1].torrent
c:\documents and settings\test\Application Data\Azureus\torrents\_[isoHunt]_download[1].torrent
c:\documents and settings\test\Application Data\Azureus\torrents\_[isoHunt]_Tropic.Thunder[2008]DvDrip-aXXo.4479112.TPB[1].torrent
c:\documents and settings\test\Application Data\Azureus\torrents\__[isoHunt]_download[1].torrent
c:\documents and settings\test\Application Data\Azureus\torrents\_Extratorrent_com_Will_Ferrell_Youre_Welcome_America_HDTV_XviD-aAF[1].torrent
c:\documents and settings\test\Application Data\Azureus\torrents\AZ_44589.torrent
c:\documents and settings\test\Application Data\Azureus\torrents\AZ_44590.torrent
c:\documents and settings\test\Application Data\Azureus\torrents\AZ_44591.torrent
c:\documents and settings\test\Application Data\Azureus\torrents\AZ_44593.torrent
c:\documents and settings\test\Application Data\Azureus\torrents\AZ_44595.torrent
c:\documents and settings\test\Application Data\Azureus\torrents\AZU24107.tmp
c:\documents and settings\test\Application Data\Azureus\torrents\AZU35734.tmp
c:\documents and settings\test\Application Data\Azureus\torrents\AZU3629500487167085804.tmp
c:\documents and settings\test\Application Data\Azureus\torrents\AZU52712.tmp
c:\documents and settings\test\Application Data\Azureus\torrents\AZU52714.tmp
c:\documents and settings\test\Application Data\Azureus\torrents\AZU5690.tmp
c:\documents and settings\test\Application Data\Azureus\torrents\AZU6104084821488253210.tmp
c:\documents and settings\test\Application Data\Azureus\torrents\AZU6308058260414940203.tmp
c:\documents and settings\test\Application Data\Azureus\torrents\AZU6337944647671790465.tmp
c:\documents and settings\test\Application Data\Azureus\torrents\AZU63451.tmp
c:\documents and settings\test\Application Data\Azureus\torrents\AZU6779.tmp
c:\documents and settings\test\Application Data\Azureus\torrents\AZU6781.tmp
c:\documents and settings\test\Application Data\Azureus\torrents\AZU7959600628051730468.tmp
c:\documents and settings\test\Application Data\Azureus\torrents\Extratorrent_com_18Eighteen_-_Teens_Next_Door_(2008)[1].torrent
c:\documents and settings\test\Application Data\Azureus\torrents\Extratorrent_com_50.Cent-50.Is.President-(Bootleg)-2008-NoFS[1].torrent
c:\documents and settings\test\Application Data\Azureus\torrents\Extratorrent_com_Baby_[2008]_DVDRip[1].torrent
c:\documents and settings\test\Application Data\Azureus\torrents\Extratorrent_com_Bangbros_Dirty_World_Tour_-_Dominos_Tits_Are_Big_(Dec._17,_2008)_Hot_Ass_Sex[1].torrent
c:\documents and settings\test\Application Data\Azureus\torrents\Extratorrent_com_BangBros_Milf_Soup_-_Lisa_Anns_Jail_Time_-_HOT!!_November_30,_2008!![1].torrent
c:\documents and settings\test\Application Data\Azureus\torrents\Extratorrent_com_Bangkok.Dangerous_2008_DvDrip[1].torrent
c:\documents and settings\test\Application Data\Azureus\torrents\Extratorrent_com_Big_Stan_[2007]_DvDRip-FxM[1].torrent
c:\documents and settings\test\Application Data\Azureus\torrents\Extratorrent_com_Blank_2009_DVDRip_Xvid.avi[1].torrent
c:\documents and settings\test\Application Data\Azureus\torrents\Extratorrent_com_bowflex_trainer_iso[1].torrent
c:\documents and settings\test\Application Data\Azureus\torrents\Extratorrent_com_Briana_Banks_-_The_Babysitter_is_a_Slut[1].torrent
c:\documents and settings\test\Application Data\Azureus\torrents\Extratorrent_com_Britney_Spears_and_Kevin_Federline_fucking_XXX[1].torrent
c:\documents and settings\test\Application Data\Azureus\torrents\Extratorrent_com_Che_Part_One_(2008)_DVDSCR_XViD[1].torrent
c:\documents and settings\test\Application Data\Azureus\torrents\Extratorrent_com_Cry_Of_The_Owl_(2009)_DVDRip[1].torrent
c:\documents and settings\test\Application Data\Azureus\torrents\Extratorrent_com_Damian_Jr_Gong_Marley_-_3_Albums_+_Covers[1].torrent
c:\documents and settings\test\Application Data\Azureus\torrents\Extratorrent_com_Defiance_[2009]_DVDSCR_XviD-ORC[1].torrent
c:\documents and settings\test\Application Data\Azureus\torrents\Extratorrent_com_Dr.Dre-Detoxification.Retail-2009-NoFS[1].torrent
c:\documents and settings\test\Application Data\Azureus\torrents\Extratorrent_com_Echelon.Conspiracy2009R5Eng-SaM[1].torrent
c:\documents and settings\test\Application Data\Azureus\torrents\Extratorrent_com_Eminem-Before.The.Relapse-Bootleg-2008-NoFS[1].torrent
c:\documents and settings\test\Application Data\Azureus\torrents\Extratorrent_com_Eminem_Ft_50_Cent_And_Dr__Dre-Crack_A_Bottle-(Promo_CDS)-2009[1].torrent
c:\documents and settings\test\Application Data\Azureus\torrents\Extratorrent_com_Extreme_Movie_[2008]_STV_NTSC_DVDR-MOTION[1].torrent
c:\documents and settings\test\Application Data\Azureus\torrents\Extratorrent_com_Fireflies_In_The_Garden_2008_WS_DVDRiP_iNTERNAL_Xvid_-_CULTXvid(jdub)[1].torrent
c:\documents and settings\test\Application Data\Azureus\torrents\Extratorrent_com_Frozen_River_[2008]_LIMITED_DVDScr_KVCD_Immortalis[1].torrent
c:\documents and settings\test\Application Data\Azureus\torrents\Extratorrent_com_Garden_Party_[2008]_DVDRip_XviD-DMT[1].torrent
c:\documents and settings\test\Application Data\Azureus\torrents\Extratorrent_com_Gardens_Of_The_Night_(2008)_DVDRip_XviD-VoMiT[1].torrent
c:\documents and settings\test\Application Data\Azureus\torrents\Extratorrent_com_Ghostface_Killah_-_Ghostdeini_The_Great_-_(Retail-Cd)_-_2009[1].torrent
c:\documents and settings\test\Application Data\Azureus\torrents\Extratorrent_com_Gran_Torino_[2008]_DVDSCR_XviD-KingBen[1].torrent
c:\documents and settings\test\Application Data\Azureus\torrents\Extratorrent_com_Green_Street_Hooligans_2_(2009)dvdripAhashare[1].torrent
c:\documents and settings\test\Application Data\Azureus\torrents\Extratorrent_com_Growing_Op_(2008)_DvdRip_Xvid_{1337x}-Noir[1].torrent
c:\documents and settings\test\Application Data\Azureus\torrents\Extratorrent_com_Hellboy_II__The_Golden_Army_[2008]_DvDrip_Eng-FXG[1].torrent
c:\documents and settings\test\Application Data\Azureus\torrents\Extratorrent_com_In_The_Electric_Mist_[2008]_DVDScr_XviD-SaM[1].torrent
c:\documents and settings\test\Application Data\Azureus\torrents\Extratorrent_com_Incendiary_2008_LIMITED_DVDRip_XviD-AMIABLE[1].torrent
c:\documents and settings\test\Application Data\Azureus\torrents\Extratorrent_com_Jennifer_Love_Hewitt_shower_shoot[1].torrent
c:\documents and settings\test\Application Data\Azureus\torrents\Extratorrent_com_Karla_Spice_-_In_My_Bed[1].torrent
c:\documents and settings\test\Application Data\Azureus\torrents\Extratorrent_com_Katt_Williams_Internet_Dating_2008_DVDRip_XviD-ARiGOLD[1].torrent
c:\documents and settings\test\Application Data\Azureus\torrents\Extratorrent_com_Killshot_(2008)_LIMITED-DVDRip_XviD-AMIABLE[1].torrent
c:\documents and settings\test\Application Data\Azureus\torrents\Extratorrent_com_Killshot_2009_Unrated_Eng_DvDScR_DivX[1].torrent
c:\documents and settings\test\Application Data\Azureus\torrents\Extratorrent_com_Knife_Edge_(2008)dvdrip[1].torrent
c:\documents and settings\test\Application Data\Azureus\torrents\Extratorrent_com_Lingerie_Models_Getting_Naughty_with_each_other.wmv[1].torrent
c:\documents and settings\test\Application Data\Azureus\torrents\Extratorrent_com_Lower_Learning_LIMITED_DVDRip_XviD[1].torrent
c:\documents and settings\test\Application Data\Azureus\torrents\Extratorrent_com_Ludacris-Theater.Of.The.Mind-Explicit.Retail-2007-NoFS[1].torrent
c:\documents and settings\test\Application Data\Azureus\torrents\Extratorrent_com_Marley.And.Me.DVDRIP.XviD-ORC[1].torrent
c:\documents and settings\test\Application Data\Azureus\torrents\Extratorrent_com_Max_Payne_2008_R5_DVDRIP_XVID_Eng-DUQA[1].torrent
c:\documents and settings\test\Application Data\Azureus\torrents\Extratorrent_com_Meet_Dave_[2008]_DvDrip_[Eng]-FXG[1].torrent
c:\documents and settings\test\Application Data\Azureus\torrents\Extratorrent_com_Method.Man-Ticallion-(Bootleg)-2008-NoFS[1].torrent
c:\documents and settings\test\Application Data\Azureus\torrents\Extratorrent_com_Microsoft_Office_Word_2007_QuickSteps~tqw~_darksiderg[1].torrent
c:\documents and settings\test\Application Data\Azureus\torrents\Extratorrent_com_Milton.Twins.4.XXX.DVDrip.XviD-XCiTE[1].torrent
c:\documents and settings\test\Application Data\Azureus\torrents\Extratorrent_com_Mirrors.2008.DvDrip_Eng[1].torrent
c:\documents and settings\test\Application Data\Azureus\torrents\Extratorrent_com_My_Best_Friends_Girl_DVDRip_XViD-PUKKA__com[1].torrent
c:\documents and settings\test\Application Data\Azureus\torrents\Extratorrent_com_My_First_Sex_Teacher_-_Carol[1].torrent
c:\documents and settings\test\Application Data\Azureus\torrents\Extratorrent_com_My_First_Sex_Teacher_-_Mrs_Midori[1].torrent
c:\documents and settings\test\Application Data\Azureus\torrents\Extratorrent_com_Not_Quite_Hollywood_[2008]_DVDRip_XviD-aAF[1].torrent
c:\documents and settings\test\Application Data\Azureus\torrents\Extratorrent_com_Nothing_But_The_Truth_[2008]_DVDSCR_XviD-ARiGOLD[1].torrent
c:\documents and settings\test\Application Data\Azureus\torrents\Extratorrent_com_Notorious_(2009)_DVDRip_XviD[1].torrent
c:\documents and settings\test\Application Data\Azureus\torrents\Extratorrent_com_Pierce_The_Veil_-_A_Flair_For_The_Dramatic_(2007)_CHiVALRY[1].torrent
c:\documents and settings\test\Application Data\Azureus\torrents\Extratorrent_com_Pirates.2.Stagnettis.Revenge.2008.STV.Rated.R.Version.DVDRiP.XviD-iNTiMiD[1].torrent
c:\documents and settings\test\Application Data\Azureus\torrents\Extratorrent_com_Platon.2008.DVDRip.XviD-FiCO(jdubs)[1].torrent
c:\documents and settings\test\Application Data\Azureus\torrents\Extratorrent_com_Poison_Ivy_The_Secret_Society(2008)dvdrip[1].torrent
c:\documents and settings\test\Application Data\Azureus\torrents\Extratorrent_com_Pride_and_Glory_[2008]_DVDRip_XviD-DiAMOND[1].torrent
c:\documents and settings\test\Application Data\Azureus\torrents\Extratorrent_com_Punisher_War_Zone_BDRip_XviD[1].torrent
c:\documents and settings\test\Application Data\Azureus\torrents\Extratorrent_com_Red_Jumpsuit_Apparatus_-_Lonely_Road_2009[1].torrent
c:\documents and settings\test\Application Data\Azureus\torrents\Extratorrent_com_Righteous_Kill_[2008]_R5_H264-KingBen[1].torrent
c:\documents and settings\test\Application Data\Azureus\torrents\Extratorrent_com_RocknRolla_[2008]_DVDRip_XviD-DiAMOND[1].torrent
c:\documents and settings\test\Application Data\Azureus\torrents\Extratorrent_com_Rocknrolla_DVDScr_XviD-BeStDivX[1].torrent
c:\documents and settings\test\Application Data\Azureus\torrents\Extratorrent_com_Role_Models_[2009]_UNRATED_DVDRip_XviD-DiAMOND[1].torrent
c:\documents and settings\test\Application Data\Azureus\torrents\Extratorrent_com_Saw.1.2.3.4.5.2008.DVDRIP.XVID.Eng-DUQA[1].torrent
c:\documents and settings\test\Application Data\Azureus\torrents\Extratorrent_com_Shuttle_2008_DVDRip_Xvid_WaLMaRT[1].torrent
c:\documents and settings\test\Application Data\Azureus\torrents\Extratorrent_com_Silverstein_-_A_Shipwreck_in_the_Sand_(2009)[1].torrent
c:\documents and settings\test\Application Data\Azureus\torrents\Extratorrent_com_Silverstein_-_When_Broken_Is_Easily_Fixed[1].torrent
c:\documents and settings\test\Application Data\Azureus\torrents\Extratorrent_com_Skinwalkers[1].torrent
c:\documents and settings\test\Application Data\Azureus\torrents\Extratorrent_com_Slumdog_Millionaire_[2008]_DVDSCR.XVID-FINNQUEST[1].torrent
c:\documents and settings\test\Application Data\Azureus\torrents\Extratorrent_com_State_Radio_Discography[1].torrent
c:\documents and settings\test\Application Data\Azureus\torrents\Extratorrent_com_Still.Waiting.UNRATED.2009.DVDRiP.XViD-DOCUMENT[1].torrent
c:\documents and settings\test\Application Data\Azureus\torrents\Extratorrent_com_Surveillance_(2008)_DVDRip_XviD-VoMiT[1].torrent
c:\documents and settings\test\Application Data\Azureus\torrents\Extratorrent_com_The.Day.The.Earth.Stood.Still.2008.DvDrip.-NoRar™[1].torrent
c:\documents and settings\test\Application Data\Azureus\torrents\Extratorrent_com_The.Unborn.DVDRip.XviD-W.A.L[1].torrent
c:\documents and settings\test\Application Data\Azureus\torrents\Extratorrent_com_The_Alphabet_Killer_[2008]_DVDRip[1].torrent
c:\documents and settings\test\Application Data\Azureus\torrents\Extratorrent_com_The_Burning_Plain_(2008)_DVDRip_Xvid[1].torrent
c:\documents and settings\test\Application Data\Azureus\torrents\Extratorrent_com_The_Curious_Case_of_Benjamin_Button_[2008]_DVDSCR_XviD-DEViSE[1].torrent
c:\documents and settings\test\Application Data\Azureus\torrents\Extratorrent_com_The_Day_The_Earth_Stood_Still_2008DVDScrENG_XVID-PreVail[1].torrent
c:\documents and settings\test\Application Data\Azureus\torrents\Extratorrent_com_The_Day_The_Earth_Stopped_2008_STV_DVDRiP_XviD-iNTiMiD-rarbg.com[1].torrent
c:\documents and settings\test\Application Data\Azureus\torrents\Extratorrent_com_The_Death_and_Life_of_Bobby_Z_[2007]_DvDripEng-FXG[1].torrent
c:\documents and settings\test\Application Data\Azureus\torrents\Extratorrent_com_The_Doom_Generation(1995)Rose_McGowan_DivX[1].torrent
c:\documents and settings\test\Application Data\Azureus\torrents\Extratorrent_com_The_Flock_[2007]_Ac3_-FxM[1].torrent
c:\documents and settings\test\Application Data\Azureus\torrents\Extratorrent_com_The_Foot_Fist_Way_LIMITED_DVDRip_XviD-SAPHiRE[1].torrent
c:\documents and settings\test\Application Data\Azureus\torrents\Extratorrent_com_The_Graduates_2008_LiMiTED_DVDSCR_XViD_-_PRiSM[1].torrent
c:\documents and settings\test\Application Data\Azureus\torrents\Extratorrent_com_The_Sleeping[1].torrent
c:\documents and settings\test\Application Data\Azureus\torrents\Extratorrent_com_The_Spirit_2008_cam_XviD-KingBen_(Kingdom-Release)[1].torrent
c:\documents and settings\test\Application Data\Azureus\torrents\Extratorrent_com_The_Spirit_DVDRip_XviD_(NoRar)[1].torrent
c:\documents and settings\test\Application Data\Azureus\torrents\Extratorrent_com_The_Unborn_INTERNAL_R5_LINE_XViD-mVs[1].torrent
c:\documents and settings\test\Application Data\Azureus\torrents\Extratorrent_com_Turbo_Tax_Deluxe_Federal_and_State_2008[1].torrent
c:\documents and settings\test\Application Data\Azureus\torrents\Extratorrent_com_Twilight_2008_English_DvDrip_AC5_DivX_Exclusive[1].torrent
c:\documents and settings\test\Application Data\Azureus\torrents\Extratorrent_com_Twilight_DVDRip_XviD-DiAMOND[1].torrent
c:\documents and settings\test\Application Data\Azureus\torrents\Extratorrent_com_Valkyrie.R5.LINE.XviD-COALiTiON[1].torrent
c:\documents and settings\test\Application Data\Azureus\torrents\Extratorrent_com_Watchmen_TS_FullMovie_STG_KVCD_ResourceRG_Reidy[1].torrent
c:\documents and settings\test\Application Data\Azureus\torrents\Extratorrent_com_What.Doesnt.Kill.You.LiMiTED.DVDSCR.XviD-COALiTION[1].torrent
c:\documents and settings\test\Application Data\Azureus\torrents\Extratorrent_com_Winter_Of_Frozen_Dreams_DVDRip_XviD-TFE[1].torrent
c:\documents and settings\test\Application Data\Azureus\torrents\Extratorrent_com_X-Men_Origins_-_Wolverine_2009_Scr_XviD-LTT[1].torrent
c:\documents and settings\test\Application Data\Azureus\torrents\Extratorrent_com_Xavier_Rudd-Dark_Shades_Of_Blue-2008-404[1].torrent
c:\documents and settings\test\Application Data\Azureus\torrents\Extratorrent_com_XIII_-_The_Conspiracy_[2008]_DvDrip[1].torrent
c:\documents and settings\test\Application Data\Azureus\torrents\Extratorrent_com_Yes_Man_[2008]_DVD_Scr_XViD-BaLD[1].torrent
c:\documents and settings\test\Application Data\Azureus\torrents\Extratorrent_com_Yes_Man_2008[1].torrent
c:\documents and settings\test\Application Data\Azureus\torrents\Extratorrent_com_Zack_And_Miri_Make_A_Porno_(2008)_DRIP_XviD-DMT[1].torrent
c:\documents and settings\test\Application Data\Azureus\torrents\KillShot_DvDRip_[mininova][1].torrent
c:\documents and settings\test\Application Data\Azureus\torrents\Marley.And.Me.2008.DVDRip.DivX-LTT_[mininova][1].torrent
c:\documents and settings\test\Application Data\Azureus\tracker.config
c:\documents and settings\test\Application Data\Azureus\tracker.config.bak
c:\documents and settings\test\Application Data\Azureus\unsentdata.config
c:\documents and settings\test\Application Data\Azureus\unsentdata.config.bak
c:\documents and settings\test\Application Data\Azureus\update.log
c:\documents and settings\test\Application Data\Azureus\update.properties
c:\documents and settings\test\Application Data\Azureus\v3.Friends.dat
c:\documents and settings\test\Application Data\Azureus\v3.Friends.dat.bak
c:\documents and settings\test\Application Data\Azureus\VuzeActivities.config
c:\documents and settings\test\Application Data\Azureus\VuzeActivities.config.bak
c:\program files\Vuze
c:\program files\Vuze\plugins\azemp\azemp_2.0.28.jar
c:\program files\Vuze\plugins\azemp\azemp_2.0.28.zip
c:\program files\Vuze\plugins\azemp\azemp_2.0.30.jar
c:\program files\Vuze\plugins\azemp\azemp_2.0.30.zip
c:\program files\Vuze\plugins\azemp\azemp_2.0.32.jar
c:\program files\Vuze\plugins\azemp\azemp_2.0.32.zip
c:\program files\Vuze\plugins\azemp\azemp_2.0.34.jar
c:\program files\Vuze\plugins\azemp\azemp_2.0.34.zip
c:\program files\Vuze\plugins\azemp\azmplay.exe.bak
c:\program files\Vuze\plugins\azemp\cp1250-a.raw.bak
c:\program files\Vuze\plugins\azemp\cp1250-b.raw.bak
c:\program files\Vuze\plugins\azemp\font.desc.bak
c:\program files\Vuze\plugins\azemp\mplayer\config
c:\program files\Vuze\plugins\azemp\osd-mplayer-a.raw.bak
c:\program files\Vuze\plugins\azemp\osd-mplayer-b.raw.bak
c:\program files\Vuze\plugins\azemp\plugin.properties_2.0.28
c:\program files\Vuze\plugins\azemp\plugin.properties_2.0.30
c:\program files\Vuze\plugins\azemp\plugin.properties_2.0.32
c:\program files\Vuze\plugins\azemp\plugin.properties_2.0.34
c:\program files\Vuze\plugins\azupnpav\azupnpav_0.2.5.jar
c:\program files\Vuze\plugins\azupnpav\azupnpav_0.2.5.zip
c:\program files\Vuze\plugins\azupnpav\plugin.properties_0.2.5
G:\autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_fentzkgg


((((((((((((((((((((((((( Files Created from 2009-03-08 to 2009-04-08 )))))))))))))))))))))))))))))))
.

2009-04-07 23:49 . 2009-04-07 23:49 <DIR> d-------- c:\program files\Trend Micro
2009-04-07 23:38 . 2009-04-07 23:39 <DIR> d-------- c:\program files\ERUNT
2009-04-07 23:34 . 2009-04-08 14:05 <DIR> d-------- c:\documents and settings\test\Application Data\U3
2009-04-07 21:47 . 2008-04-13 17:11 21,504 --a------ c:\windows\system32\hidserv.dll
2009-04-07 21:47 . 2008-04-13 17:11 21,504 --a------ c:\windows\system32\dllcache\hidserv.dll
2009-04-07 19:55 . 2009-04-07 21:42 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2009-04-07 19:55 . 2009-04-07 23:46 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-08 03:02 --------- d-----w c:\program files\Yahoo!
2009-04-05 01:22 --------- d-----w c:\program files\Windows Live Safety Center
2009-04-04 14:18 --------- d-----w c:\program files\Windows Live Safety CenterRebootActions
2009-04-01 14:32 --------- d-----w c:\program files\Java
2009-02-20 19:33 --------- d-----w c:\program files\Axis Communications
2008-09-10 02:01 0 -c--a-w c:\documents and settings\test\Application Data\wklnhst.dat
.

((((((((((((((((((((((((((((( SnapShot@2009-04-08_14.52.02.56 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-04-08 19:55:46 16,384 ----atw c:\windows\temp\Perflib_Perfdata_2bc.dat


Original post was to long. Continued in second post...

Continued from previous post...


.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-06 64512]
"hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-05-04 458752]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-03-22 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-03-22 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-03-22 118784]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-06-17 794713]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2006-07-19 102400]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-06-19 163840]
"Cpqset"="c:\program files\Hewlett-Packard\Default Settings\cpqset.exe" [2006-06-19 40960]
"RecGuard"="c:\windows\SMINST\RecGuard.exe" [2005-10-11 1187840]
"Reminder"="c:\windows\CREATOR\Remind_XP.exe" [2006-02-09 643072]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2003-06-26 212992]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-10-01 111936]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-06-02 c:\windows\system32\CHDAudPropShortcut.exe]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-24 29696]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2003-07-07 233472]
HP Photosmart Premier Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2005-09-24 73728]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\mqsvc.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R2 IntuitUpdateService;Intuit Update Service;c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe [2008-10-10 13088]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
S3 {DEF85C80-216A-43ab-AF70-1665EDBE2780};{DEF85C80-216A-43ab-AF70-1665EDBE2780};\??\c:\windows\TEMP\32.tmp --> c:\windows\TEMP\32.tmp [?]
S3 5U870CAP_VID_1262&PID_25FD;HP Pavilion Webcam ;c:\windows\system32\drivers\5U870CAP.sys [2006-06-06 61952]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{34c2e8e6-0626-11de-9337-0018de2fbec2}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Start.exe
.
Contents of the 'Scheduled Tasks' folder

2009-04-01 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 13:34]

2009-03-24 c:\windows\Tasks\HP DArC Task #Hewlett-Packard#hp psc 2500 series#1224872986.job
- c:\program files\HP\hpcoretech\comp\hpdarc.exe [2003-06-26 21:50]

2009-04-08 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 22:20]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/?fr=fptb-hptb2
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=pavilion&pf=laptop
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://12.107.193.125:8080/activex/AMC.cab
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-08 15:56:10
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\Hewlett-Packard\Default Settings\cpqset.exe????????????L?@? ????]??????`?@?????L?@

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{DEF85C80-216A-43ab-AF70-1665EDBE2780}]
"ImagePath"="\??\c:\windows\TEMP\32.tmp"
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\msdtc.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\ehome\ehrecvr.exe
c:\windows\ehome\ehSched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\mqsvc.exe
c:\windows\system32\mqtgsvc.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\wscntfy.exe
c:\windows\ehome\ehmsas.exe
c:\progra~1\MI3AA1~1\rapimgr.exe
c:\program files\HP\Digital Imaging\bin\hpqimzone.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2009-04-08 15:59:31 - machine was rebooted
ComboFix-quarantined-files.txt 2009-04-08 19:59:27
ComboFix2.txt 2009-04-08 18:52:55

Pre-Run: 10,859,954,176 bytes free
Post-Run: 10,830,344,192 bytes free

709 --- E O F --- 2009-04-06 14:59:31


Malware Bytes Log:

Malwarebytes' Anti-Malware 1.36
Database version: 1952
Windows 5.1.2600 Service Pack 3

4/8/2009 4:42:43 PM
mbam-log-2009-04-08 (16-42-43).txt

Scan type: Full Scan (C:\|)
Objects scanned: 155743
Time elapsed: 33 minute(s), 53 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\{def85c80-216a-43ab-af70-1665edbe2780} (Spyware.Sinowal) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)



HiJack This Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:48:53, on 4/8/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?fr=fptb-hptb2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [Reminder] C:\Windows\CREATOR\Remind_XP.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - S-1-5-18 Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (User 'Default user')
O4 - .DEFAULT User Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=pavilion&pf=laptop
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5483.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1233453177578
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://65.40.167.144/activex/AxisCamControl.ocx
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://12.107.193.125:8080/activex/AMC.cab
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 8893 bytes

Nic, since you are doing this for a friend, why not show them this information:
http://forums.spybot.info/showthread.php?t=282
http://www.nutnworks.com/SafeHex/file_sharing.htm
http://arstechnica.com/news.ars/post/20080316-kazaa-downloads-cost-one-man-750-per-song-in-riaa-suit.html
AT&T first to test RIAA antipiracy plan
http://news.cnet.com/8301-1023_3-10203799-93.html?tag=nl.e70

Show them some of this:
http://news.cnet.com/8301-1009_3-9992897-83.html
http://www.youtube.com/watch?v=zBUZHiKhsog
http://en.wikipedia.org/wiki/Russian_Business_Network
http://rbnexploit.blogspot.com/
http://en.wikipedia.org/wiki/Vundo_trojan
http://www.google.com/search?hl=en&q=infected+websites&btnG=Google+Search
http://news.cnet.com/8301-1009_3-10004970-83.html?tag=nl.e703

Before we wrap up, what are you running for an antivirus program? If you need links to freeware programs, let me know.

Thanks

I will definitely pass on the info you've presented to me and I also will benefit from it. I am always willing to learn and will forever be a student in life. I can't thank you enough for helping me get this sorted out. Thank you a million times over and I'm sure my friend is just as grateful!

I'm open for any advice you can give for freeware antivirus and or spyware programs. I was going to reinstall AVG, however I'd like to hear what you think about the options that are out there.

Thanks and kudos Phil!

:)
Nic

I use AVG 8 (free) myself, here is the download information and a tutorial to save them resources.

http://free.grisoft.com/ww.download-avg-anti-virus-free-edition
How to Install Free version AVG 8.0 without LinkScanner feature
http://russelltexas.com/tutorials/avg8install.htm

Once installed and updated, run a system scan and let me know if all is well. If so, I will post closing information and links to valuable advice concerning security.

Post a HJT log for a last look please.

Thanks

What do you think Phil, does everything look ok?




HiJack This log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 04:35:36 AM, on 4/11/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AVG\AVG8\avgscanx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?fr=fptb-hptb2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [Reminder] C:\Windows\CREATOR\Remind_XP.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - S-1-5-18 Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (User 'Default user')
O4 - .DEFAULT User Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=pavilion&pf=laptop
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5483.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1233453177578
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://65.40.167.144/activex/AxisCamControl.ocx
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://12.107.193.125:8080/activex/AMC.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
--
End of file - 9734 bytes

Once installed and updated, run a system scan and let me know if all is well.
The HJT log looks free of malware, let's se if we can wrap up like this.

Remove combofix from the computer like this:

Click START then RUN
Now type or copy Combofix /u in the runbox and click OK.
Note the space between the X and the U, it needs to be there.

http://i189.photobucket.com/albums/z176/EPL47/CF_Cleanup.png

Clean the System Restore files like this:

Turn off System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

Reboot

Turn ON System Restore,
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check *Turn off System Restore*.
Click Apply, and then click OK.

Update MBAM and scan to be sure we missed none of the junk, there is no need to post a clean scan result.
(MBAM is yours to keep if you wish, update it and run it once a month or so)

Update AVG 8 and scan the system, to be sure it is running right and scanning clean.
FAQ: http://www.avg.com/faq
AVG Free Forum: http://freeforum.avg.com/

If all is well at this point, let me know and I will close the topic.

Some good information for you:
http://users.telenet.be/bluepatchy/miekiemoes/slowcomputer.html
http://www.microsoft.com/windowsxp/using/helpandsupport/learnmore/tips/mcgill1.mspx

Here is some great information from experts in this field that will help you stay clean and safe online.
http://users.telenet.be/bluepatchy/miekiemoes/prevention.html
http://forums.spybot.info/showthread.php?t=279
http://russelltexas.com/malware/allclear.htm
http://forum.malwareremoval.com/viewtopic.php?t=14
http://www.bleepingcomputer.com/forums/topict2520.html
http://cybercoyote.org/security/not-admin.shtml

http://www.malwarecomplaints.info/

Thanks...pskelley
Safer Networking Forums
http://www.spybot.info/en/donate/index.html
If you are reading this information...thank a teacher,
If you are reading it in English...thank a soldier.

http://users.telenet.be/bluepatchy/miekiemoes/Links.html
http://www.microsoft.com/windows/ie/community/columns/protection.mspx
Improve the safety of your browsing and e-mail activities
http://www.microsoft.com/protect/computer/advanced/browsing.mspx