Hiya,

Not sure how the circumstances came about, but my wife attempted to use peertopeer software while I was at work. The result of which is:-

Spybot would not open anymore
AVG will not update and most of the functions do not work
Panda activescan will not update and run
whenever i click on something found with google it opens a new window instead, via "windowsclick.com" I get redirected to "lawyerhub" or "coupon mountain". It does this a few times and then takes you where you wish, but always in a new window.
most worryingly, my computer will not start in safe mode anymore

I have run msconfig and removed anything i did not recocgnise from the startup, and uninstalled Spybot, reinstalled to latest version but it has not made any difference.

Worried about what other things might be going on that I dont know about!
Help me Obispybot, your my only hope

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:53:49, on 14/07/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
E:\WINDOWS\system32\WgaTray.exe
E:\WINDOWS\Explorer.EXE
E:\WINDOWS\system32\spoolsv.exe
E:\WINDOWS\SOUNDMAN.EXE
E:\PROGRA~1\AVG\AVG8\avgtray.exe
E:\WINDOWS\system32\ctfmon.exe
E:\Program Files\Logitech\SetPoint\SetPoint.exe
E:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
E:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
E:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
E:\Program Files\Bonjour\mDNSResponder.exe
E:\WINDOWS\system32\nvsvc32.exe
E:\WINDOWS\system32\HPZipm12.exe
E:\WINDOWS\system32\svchost.exe
E:\PROGRA~1\AVG\AVG8\avgrsx.exe
E:\PROGRA~1\AVG\AVG8\avgnsx.exe
E:\PROGRA~1\AVG\AVG8\avgemc.exe
E:\Program Files\AVG\AVG8\avgcsrvx.exe
E:\WINDOWS\System32\svchost.exe
E:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
E:\Program Files\Internet Explorer\iexplore.exe
E:\Program Files\Internet Explorer\iexplore.exe
E:\Program Files\Windows Live\Toolbar\wltuser.exe
E:\Program Files\Internet Explorer\iexplore.exe
E:\Program Files\Internet Explorer\iexplore.exe
E:\Documents and Settings\adam\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/ig?referrer=ign_n
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - E:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - E:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - E:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - E:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - E:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - E:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AVG8_TRAY] E:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [ctfmon.exe] E:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] E:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Adobe Gamma.lnk = E:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Logitech SetPoint.lnk = E:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = E:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - E:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - E:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.3.102.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.truprint.co.uk/TruprintActivia.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
O16 - DPF: {928626A3-6B98-11CF-90B4-00AA00A4011F} (SurroundVideoCtrl Object) - http://www.portplus.com/apps/popupx2/frames/MSSurVid.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - E:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - E:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - E:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - E:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - E:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - E:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - E:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: NMIndexingService - Nero AG - E:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - E:\WINDOWS\system32\HPZipm12.exe

--
End of file - 7015 bytes

Welcome to Safer Networking, I wish to be sure you have viewed and understand this information.
"BEFORE you POST" (READ this Procedure before Requesting Assistance) http://forums.spybot.info/showthread.php?t=288
All advice given is taken at your own risk.
Please make sure you have read this information so we are on the same page.

You must have read and followed the "Before you Post" instructions.

Posting additional comments or logs before a volunteer responds, can push you back instead of forward, because your thread ends up with a newer date. Also, helpers may think you are already being assisted because of the post count.

When Spybot-S&D is installed.
TeaTimer needs to be disabled so that its protection does not interfere with fixes.

Click here to download Trend Micro HJTInstall.exe
HijackThis is not installed safely, please follow the directions to fix this.

Sounds like you have a rootkit infection, if you wish to continue and have read the directions and fixed the above issues, we will start like this.

1) Please DO NOT ENABLE Spybot S&D TeaTimer while we work together.

2) Download Malwarebytes' Anti-Malware to your Desktop
http://www.malwarebytes.org/

http://www.besttechie.net/mbam/mbam-setup.exe <<< download

* Double-click mbam-setup.exe and follow the prompts to install the program.
* Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform FULL SCAN, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad. Please save it to a convenient location. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt
* Please post contents of that file & a new HJT log in your next reply.

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

Tutorial if needed:
http://thespykiller.co.uk/index.php/topic,5946.0.html

If MBAM will not run, try renaming the executable to Silent Badger.exe before saving it to the Desktop and see if that works.

3) Post also an uninstall list: Open Hijackthis.
Click the "Open the Misc Tools" section Button.
Click the "Open Uninstall Manager" Button.
Click the "Save list..." Button.
Save it to your desktop. Copy and paste the contents into your reply.
Image: http://img.bleepingcomputer.com/tutorials/hijackthis/uninstall-man.jpg

Thanks

Hiya, thanks for the help!
not sure what you mean by HJT not installed safely of what directions you are refering too? But I may just be being dumb/hungover.:)

Ran Malwarebytes: found stuff and restarted, log to follow along with HJT and uninstall logs.

Malwarebytes' Anti-Malware 1.39
Database version: 2466
Windows 5.1.2600 Service Pack 3

20/07/2009 15:51:32
mbam-log-2009-07-20 (15-51-32).txt

Scan type: Full Scan (C:\|E:\|I:\|)
Objects scanned: 320351
Time elapsed: 36 minute(s), 37 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 7
Registry Values Infected: 1
Registry Data Items Infected: 3
Folders Infected: 1
Files Infected: 27

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\xpreapp (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\UAC (Rootkit.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\net (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\UID (Malware.Trace) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.FakeAlert) -> Data: e:\windows\system32\sdra64.exe -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.FakeAlert) -> Data: system32\sdra64.exe -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.Userinit) -> Bad: (E:\WINDOWS\system32\userinit.exe,E:\WINDOWS\system32\sdra64.exe,) Good: (Userinit.exe) -> Quarantined and deleted successfully.

Folders Infected:
E:\WINDOWS\system32\lowsec (Stolen.data) -> Delete on reboot.

Files Infected:
e:\documents and settings\adam\local settings\Temp\dailybucks_install.exe (Rogue.SystemSecurity) -> Quarantined and deleted successfully.
e:\documents and settings\adam\local settings\Temp\db.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
e:\documents and settings\adam\local settings\Temp\emrnsxawco.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
e:\documents and settings\adam\local settings\Temp\install.48349.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
e:\documents and settings\adam\local settings\Temp\maccsnet.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
e:\documents and settings\adam\local settings\Temp\oscmwexnar.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
e:\documents and settings\adam\local settings\Temp\prun.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
e:\documents and settings\adam\local settings\Temp\rasvsnet.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
e:\documents and settings\adam\local settings\Temp\seanmxwcro.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
e:\documents and settings\adam\local settings\Temp\svchost.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
e:\documents and settings\adam\local settings\Temp\xpre.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
e:\documents and settings\adam\local settings\Temp\xroanscmew.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
e:\documents and settings\all users\application data\15117654\15117654.exe (Rogue.SystemSecurity) -> Quarantined and deleted successfully.
e:\WINDOWS\system32\net.net (Trojan.Downloader) -> Quarantined and deleted successfully.
e:\WINDOWS\system32\uacbbr.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
e:\WINDOWS\system32\UACkkltehftjihuxmrpi.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
e:\WINDOWS\system32\UAClldmhpirtuwkxobyl.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
e:\WINDOWS\system32\UACnulgwitcjqhvvbjmm.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
e:\WINDOWS\system32\UACrrfvkdwksrqnpjnle.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
e:\WINDOWS\system32\UACyqkhgorilxrgypbbk.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
e:\WINDOWS\Temp\UAC72ba.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
e:\windows\system32\lowsec\local.ds (Stolen.data) -> Delete on reboot.
e:\windows\system32\lowsec\user.ds (Stolen.data) -> Delete on reboot.
E:\WINDOWS\system32\uacinit.dll (Trojan.Agent) -> Quarantined and deleted successfully.
E:\WINDOWS\system32\serauth1.dll (Trojan.Agent) -> Quarantined and deleted successfully.
E:\WINDOWS\system32\serauth2.dll (Trojan.Agent) -> Quarantined and deleted successfully.
E:\WINDOWS\system32\sdra64.exe (Trojan.FakeAlert) -> Delete on reboot.

HyjackThis Log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:37:42, on 20/07/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
E:\WINDOWS\system32\WgaTray.exe
E:\WINDOWS\Explorer.EXE
E:\WINDOWS\system32\spoolsv.exe
E:\WINDOWS\SOUNDMAN.EXE
E:\PROGRA~1\AVG\AVG8\avgtray.exe
E:\WINDOWS\system32\ctfmon.exe
E:\Program Files\Logitech\SetPoint\SetPoint.exe
E:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
E:\WINDOWS\TEMP\oyqeohvabl.exe
E:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
E:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
E:\Program Files\Bonjour\mDNSResponder.exe
E:\WINDOWS\system32\nvsvc32.exe
E:\WINDOWS\system32\HPZipm12.exe
E:\WINDOWS\system32\svchost.exe
E:\PROGRA~1\AVG\AVG8\avgrsx.exe
E:\PROGRA~1\AVG\AVG8\avgnsx.exe
E:\PROGRA~1\AVG\AVG8\avgemc.exe
E:\Program Files\AVG\AVG8\avgcsrvx.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\TEMP\oyqeohvabl.exe
E:\Program Files\Internet Explorer\iexplore.exe
E:\Program Files\Internet Explorer\iexplore.exe
E:\Program Files\Internet Explorer\iexplore.exe
E:\Program Files\Internet Explorer\iexplore.exe
E:\Program Files\Windows Live\Toolbar\wltuser.exe
E:\Documents and Settings\adam\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/ig?referrer=ign_n
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - E:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - E:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - E:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - E:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - E:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - E:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AVG8_TRAY] E:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [ctfmon.exe] E:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] E:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Adobe Gamma.lnk = E:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: ERUNT AutoBackup.lnk = E:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Global Startup: Logitech SetPoint.lnk = E:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = E:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - E:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - E:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.3.102.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.truprint.co.uk/TruprintActivia.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
O16 - DPF: {928626A3-6B98-11CF-90B4-00AA00A4011F} (SurroundVideoCtrl Object) - http://www.portplus.com/apps/popupx2/frames/MSSurVid.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - E:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - E:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - E:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Lavasoft Ad-Aware Service aawservice LM Service (aawservice LM Service) - Unknown owner - E:\WINDOWS\TEMP\oyqeohvabl.exe
O23 - Service: Apple Mobile Device - Apple Inc. - E:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - E:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - E:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - E:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - E:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NMIndexingService - Nero AG - E:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - E:\WINDOWS\system32\HPZipm12.exe

--
End of file - 7319 bytes

Uninstall List

Ad-Aware
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge 1.0
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Common File Installer
Adobe Default Language CS3
Adobe Device Central CS3
Adobe Dreamweaver CS3
Adobe Dreamweaver CS3
Adobe ExtendScript Toolkit 2
Adobe Extension Manager CS3
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Help Center 1.0
Adobe Help Viewer CS3
Adobe PDF Library Files
Adobe Photoshop CS2
Adobe Reader 6.0.1
Adobe Setup
Adobe Stock Photos 1.0
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Apple Mobile Device Support
Apple Software Update
Athlon 64 Processor Driver
AVG Free 8.5
Bonjour
Call Of Cthulhu DCoTE
Choice Guard
Combat Chess
ConvertXtoDVD 2.2.2.256
Doom 3
ERUNT 1.1j
GameSpy Arcade
Half-Life 2
Half-Life 2: Episode One
Half-Life 2: Episode Two
Half-Life(R) 2
Highlight Viewer (Windows Live Toolbar)
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954708)
HP Image Zone Express
HP Imaging Device Functions 5.3
HP PSC & OfficeJet 5.3.A
HP Software Update
HP Solution Center & Imaging Support Tools 5.3
ImageMixer VCD/DVD2 for OLYMPUS
iTunes
J2SE Runtime Environment 5.0 Update 6
Junk Mail filter update
LiveUpdate BVRP Software
Logitech SetPoint
Macromedia Flash Player
MagicTune3.5_Client
Malwarebytes' Anti-Malware
Map Button (Windows Live Toolbar)
Microsoft .NET Framework 2.0
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Office 2000 Premium
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Visual C++ 2005 Redistributable
Microsoft Windows Journal Viewer
MSVCRT
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
Natural Color
Nero 7 Ultra Edition
NVDVD
NVIDIA Drivers
OLYMPUS Master
Panda ActiveScan 2.0
PeerGuardian 2.0
Portal
QuickTime
Safari
SAMSUNG CDMA Modem Driver Set
SAMSUNG Mobile USB Modem 1.0 Software
SAMSUNG Mobile USB Modem Software
Samsung PC Studio
Samsung PC Studio 3 USB Driver Installer
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB973346)
Segoe UI
Shockwave
Smart Menus (Windows Live Toolbar)
Sony USB Driver
SPSS 14.0 for Windows
Spybot - Search & Destroy
Steam(TM)
System Requirements Lab
Tablet
Team Fortress 2
TeamSpeak 2 RC2
The Sims 2
The Sims 2 Glamour Life Stuff
The Sims 2 Nightlife
The Sims™ 2 Kitchen & Bath Interior Design Stuff
The Sims™ 2 Mansion and Garden Stuff
Update for Windows Internet Explorer 8 (KB971930)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
VideoLAN VLC media player 0.8.1
Windows Genuine Advantage v1.3.0254.0
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live Family Safety
Windows Live Favorites for Windows Live Toolbar
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Toolbar
Windows Live Toolbar Extension (Windows Live Toolbar)
Windows Live Upload Tool
Windows Live Writer
Windows XP Service Pack 3
WinRAR archiver
Xfire (remove only)



Thanks very much for all your help! wont do anything else till you give me the all clear.

"BEFORE you POST" (READ this Procedure before Requesting Assistance)

http://forums.spybot.info/showthread.php?t=288 <<< these directions


HJT Logs

Click here to download Trend Micro HJTInstall.exe
Save HJTInstall.exe to your desktop.
Doubleclick on the HJTInstall.exe icon on your desktop.
By default it will install to C:\Program Files\Trend Micro\HijackThis .
Click on Install.
It will create a HijackThis icon on the desktop.
Once installed, it will launch Hijackthis.
Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
Click on "Edit > Select All" then click on "Edit > Copy" and Paste the entire contents of the log (no attachments) into your (Click --> ) own new topic Please provide only the one log until a helper responds, thanks.

Uninstall list: I look for malware and security issues and will not know all of your programs, but you should.
Hackers are using out of date programs to infect folks more and more,
Here is a small free tool that lets you know when something needs an update if you are interested:
http://secunia.com/vulnerability_scanning/personal/ While PSI runs in the System Tray for realtime notifications, I personally prefer to turn it off in MSConfig and run it from All Programs when I want to do a check.

Adobe Flash Player 10 ActiveX <<< check this
Adobe recommends all users of Adobe Flash Player 10.0.12.36 and earlier versions upgrade to the newest version 10.0.22.87
http://www.adobe.com/support/security/bulletins/apsb09-01.html

Adobe Reader 6.0.1 <<< out of date and unsafe, see this:
http://news.cnet.com/8301-1009_3-10081618-83.html?tag=nl.e433
http://blogs.adobe.com/psirt/2009/04/update_on_adobe_reader_issue.html
http://www.adobe.com/support/security/bulletins/apsb09-07.html
http://www.filehippo.com/download_adobe_reader/
(if you want a smaller program, look at this one)
Foxit Reader 3.0 for Windows (make sure to uncheck any toolbars)
http://www.foxitsoftware.com/pdf/rd_intro.php

J2SE Runtime Environment 5.0 Update 6 <<< out of date and unsafe, see this:
http://forums.spybot.info/showpost.php?p=12880&postcount=2
Be aware of this information so you can opt out of anything you do not want.
Microsoft Does MSN Toolbar Distribution Deal With Java:
http://searchengineland.com/microsoft-does-msn-toolbar-distribution-deal-with-java-15413.php


MBAM showing some really nasty malware that needed a reboot so it could remove it, you also are still showing malware in the HJT log run after MBAM. To be sure MBAM was able to remove what it found, please run another Full Scan with MBAM, make sure it reboots if it asks for it, if it does not, restart the computer anyway and then create and post a new HJT log and the MBAM scan results. Make sure the HijackThis log is correctly positioned as instructed in the new HJT log.

Thanks

ARRRRRRRRRR got it, sorry, I installed the executable version rather than the installer. Its in the right place now, need me to rescan or anything?

We posted at the same time, please follow the directions in my post #6.

Thanks...Phil

done and done
here are the logs

MBAM

Malwarebytes' Anti-Malware 1.39
Database version: 2475
Windows 5.1.2600 Service Pack 3

21/07/2009 22:27:59
mbam-log-2009-07-21 (22-27-59).txt

Scan type: Full Scan (C:\|E:\|I:\|)
Objects scanned: 323021
Time elapsed: 36 minute(s), 46 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
\\?\globalroot\systemroot\system32\geyekravxuunjr.dll (Trojan.TDSS) -> Delete on reboot.

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
\\?\globalroot\systemroot\system32\geyekravxuunjr.dll (Trojan.TDSS) -> Quarantined and deleted successfully.


HJThis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:42:49, on 21/07/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
E:\WINDOWS\system32\spoolsv.exe
E:\WINDOWS\TEMP\oyqeohvabl.exe
E:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
E:\WINDOWS\TEMP\oyqeohvabl.exe
E:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
E:\Program Files\Bonjour\mDNSResponder.exe
E:\Program Files\Java\jre6\bin\jqs.exe
E:\WINDOWS\system32\nvsvc32.exe
E:\WINDOWS\system32\HPZipm12.exe
E:\PROGRA~1\AVG\AVG8\avgrsx.exe
E:\PROGRA~1\AVG\AVG8\avgnsx.exe
E:\WINDOWS\system32\WgaTray.exe
E:\WINDOWS\Explorer.EXE
E:\WINDOWS\system32\svchost.exe
E:\PROGRA~1\AVG\AVG8\avgemc.exe
E:\Program Files\AVG\AVG8\avgcsrvx.exe
E:\WINDOWS\SOUNDMAN.EXE
E:\PROGRA~1\AVG\AVG8\avgtray.exe
E:\Program Files\Java\jre6\bin\jusched.exe
E:\WINDOWS\system32\ctfmon.exe
E:\Program Files\Logitech\SetPoint\SetPoint.exe
E:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
E:\WINDOWS\system32\wuauclt.exe
E:\Program Files\Internet Explorer\iexplore.exe
E:\WINDOWS\System32\svchost.exe
E:\Program Files\Internet Explorer\iexplore.exe
E:\Program Files\Windows Live\Toolbar\wltuser.exe
E:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/ig?referrer=ign_n
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - E:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - E:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - E:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - E:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - E:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - E:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - E:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - E:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AVG8_TRAY] E:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "E:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] E:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] E:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Adobe Gamma.lnk = E:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: ERUNT AutoBackup.lnk = E:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Global Startup: Logitech SetPoint.lnk = E:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = E:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - E:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - E:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.3.102.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.truprint.co.uk/TruprintActivia.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
O16 - DPF: {928626A3-6B98-11CF-90B4-00AA00A4011F} (SurroundVideoCtrl Object) - http://www.portplus.com/apps/popupx2/frames/MSSurVid.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - E:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - E:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - E:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Lavasoft Ad-Aware Service aawservice LM Service (aawservice LM Service) - Unknown owner - E:\WINDOWS\TEMP\oyqeohvabl.exe
O23 - Service: Apple Mobile Device - Apple Inc. - E:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - E:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - E:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - E:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - E:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - E:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NMIndexingService - Nero AG - E:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - E:\WINDOWS\system32\HPZipm12.exe

--
End of file - 7739 bytes


Thanks for all this Phil your a star
Ad

O4 - HKCU\..\Run: [SpybotSD TeaTimer] E:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
TeaTimer is running, follow these directions to turn it off until we are finished:

We need first to disable TeaTimer that it doesn't interfere with fixes. You can re-enable it when you're clean again:
* Run Spybot-S&D in Advanced Mode.
* If it is not already set to do this Go to the Mode menu select "Advanced Mode"
* On the left hand side, Click on Tools
* Then click on the Resident Icon in the List
* Uncheck "Resident TeaTimer" and OK any prompts.
* Restart your computer.
(leave TT disabled until we finish)

Please do not proceed until TeaTimer is not showing in the HJT log. If you can not disable TeaTimer, uninstall Spybot S&D completely and restart the computer.


You are showing malware here:
E:\WINDOWS\TEMP\oyqeohvabl.exe

To be safe, let's have combofix check for anything else that may be hidden.

Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please ensure you read this guide carefully and install the Recovery Console first

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Once installed, you should see a blue screen prompt that says:

The Recovery Console was successfully installed

Please continue as follows:

1) Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link
http://www.bleepingcomputer.com/forums/topic114351.html
Remember to re-enable them afterwards.

2) Click Yes to allow ComboFix to continue scanning for malware.

Note: Do not mouseclick combofix's window while its running. That may cause it to stall

When the tool is finished, it will produce a report for you. Post that report and a new HJT log

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own. This tool is not a toy and not for everyday use

Thanks

ComboFix 09-07-25.06 - adam 26/07/2009 14:47.1.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.2047.1619 [GMT 1:00]
Running from: e:\documents and settings\adam\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

e:\windows\run.log
e:\windows\system32\drivers\geyekrvjclhrgf.sys
e:\windows\system32\drivers\UACvmsnbftkbvrqhqfvs.sys
e:\windows\system32\geyekravxuunjr.dll
e:\windows\system32\geyekreuhafyiu.dat
e:\windows\system32\geyekrnxmwfklq.dll
e:\windows\system32\geyekrttkbfamr.dat
e:\windows\system32\geyekrwrqpabrn.dat
e:\windows\system32\nsprs.dll
e:\windows\system32\UACiuuxfmvuequrrgflo.dll
e:\windows\system32\UACtepbctrutobljyiud.db
e:\windows\system32\UACtgswqvdvmxflhrquw.dat

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_geyekrndybwmor
-------\Service_UACd.sys


((((((((((((((((((((((((( Files Created from 2009-06-26 to 2009-07-26 )))))))))))))))))))))))))))))))
.

2009-07-21 19:47 . 2009-07-21 19:47 410984 ----a-w- e:\windows\system32\deploytk.dll
2009-07-21 18:22 . 2009-07-23 19:47 -------- d-----w- e:\docume~1\ALLUSE~1\APPLIC~1\NOS
2009-07-21 18:22 . 2009-07-23 19:47 -------- d-----w- e:\program files\NOS
2009-07-20 16:02 . 2009-07-20 16:02 -------- d-----w- e:\program files\Trend Micro
2009-07-20 14:12 . 2009-07-20 14:12 -------- d-----w- e:\documents and settings\adam\Application Data\Malwarebytes
2009-07-20 14:12 . 2009-07-13 12:36 38160 ----a-w- e:\windows\system32\drivers\mbamswissarmy.sys
2009-07-20 14:12 . 2009-07-20 14:12 -------- d-----w- e:\program files\Malwarebytes' Anti-Malware
2009-07-20 14:12 . 2009-07-20 14:12 -------- d-----w- e:\docume~1\ALLUSE~1\APPLIC~1\Malwarebytes
2009-07-20 14:12 . 2009-07-13 12:36 19096 ----a-w- e:\windows\system32\drivers\mbam.sys
2009-07-20 14:01 . 2009-07-20 14:01 -------- d-----w- e:\program files\ERUNT
2009-07-14 16:44 . 2009-07-14 16:44 -------- d-sh--w- e:\documents and settings\LocalService\IETldCache
2009-07-14 10:44 . 2009-07-20 14:51 -------- d-----w- e:\docume~1\ALLUSE~1\APPLIC~1\15117654
2009-07-14 10:42 . 2009-07-14 10:42 -------- d-sh--w- e:\windows\system32\config\systemprofile\IETldCache
2009-06-30 17:38 . 2009-06-30 17:49 -------- d-----w- e:\program files\Empire Chess
2009-06-28 17:14 . 2009-06-28 17:14 -------- d-sh--w- e:\documents and settings\adam\IECompatCache
2009-06-27 18:31 . 2009-06-27 18:31 -------- d-sh--w- e:\documents and settings\students\PrivacIE
2009-06-27 15:05 . 2009-06-27 15:05 -------- d-sh--w- e:\documents and settings\NetworkService\IETldCache
2009-06-27 10:20 . 2009-06-27 10:20 -------- d-sh--w- e:\documents and settings\students\IETldCache
2009-06-26 16:54 . 2009-06-26 16:54 -------- d-sh--w- e:\documents and settings\adam\PrivacIE
2009-06-26 16:54 . 2009-06-26 16:54 -------- d-sh--w- e:\documents and settings\adam\IETldCache
2009-06-26 16:48 . 2009-06-02 10:12 102912 -c----w- e:\windows\system32\dllcache\iecompat.dll
2009-06-26 16:48 . 2009-06-26 16:48 -------- d-----w- e:\windows\ie8updates
2009-06-26 16:48 . 2009-04-30 21:22 12800 -c----w- e:\windows\system32\dllcache\xpshims.dll
2009-06-26 16:48 . 2009-04-30 21:22 1985024 -c----w- e:\windows\system32\dllcache\iertutil.dll
2009-06-26 16:48 . 2009-04-30 21:22 11064832 -c----w- e:\windows\system32\dllcache\ieframe.dll
2009-06-26 16:48 . 2009-04-30 21:22 246272 -c----w- e:\windows\system32\dllcache\ieproxy.dll
2009-06-26 16:48 . 2009-06-26 16:48 -------- dc-h--w- e:\windows\ie8

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-26 13:05 . 2008-06-06 10:11 -------- d-----w- e:\docume~1\ALLUSE~1\APPLIC~1\avg8
2009-07-23 16:52 . 2006-01-03 08:58 -------- d-----w- e:\program files\Common Files\Adobe
2009-07-21 19:47 . 2006-04-18 18:28 -------- d-----w- e:\program files\Java
2009-07-21 18:17 . 2006-01-13 02:47 -------- d-----w- e:\documents and settings\adam\Application Data\BitTorrent
2009-07-21 18:17 . 2006-01-13 02:48 -------- d-----w- e:\program files\PeerGuardian2
2009-07-20 15:47 . 2006-01-25 03:24 -------- d-----w- e:\program files\Spybot - Search & Destroy
2009-07-20 15:47 . 2006-01-25 03:24 -------- d-----w- e:\docume~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2009-07-14 17:10 . 2008-01-31 15:21 -------- d-----w- e:\documents and settings\adam\Application Data\WTablet
2009-07-12 20:57 . 2007-06-09 19:32 -------- d-----w- e:\documents and settings\adam\Application Data\Vso
2009-07-12 14:12 . 2008-07-24 16:22 -------- d-----w- e:\docume~1\ALLUSE~1\APPLIC~1\Apple
2009-07-10 07:25 . 2008-01-31 17:39 -------- d-----w- e:\documents and settings\LocalService\Application Data\WTablet
2009-07-02 10:56 . 2008-06-06 10:12 335752 ----a-w- e:\windows\system32\drivers\avgldx86.sys
2009-06-26 13:14 . 2008-10-09 11:17 -------- d-----w- e:\program files\Safari
2009-06-26 13:12 . 2009-06-26 13:12 -------- d-----w- e:\docume~1\ALLUSE~1\APPLIC~1\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-06-26 13:12 . 2009-06-26 13:12 -------- d-----w- e:\program files\iTunes
2009-06-26 13:12 . 2009-06-26 13:12 -------- d-----w- e:\program files\iPod
2009-06-26 13:12 . 2008-07-24 16:22 -------- d-----w- e:\program files\Common Files\Apple
2009-06-26 13:11 . 2009-06-26 13:11 -------- d-----w- e:\program files\QuickTime
2009-06-26 13:07 . 2008-05-13 19:15 -------- d-----w- e:\program files\Bonjour
2009-06-26 09:00 . 2008-06-06 10:12 11952 ----a-w- e:\windows\system32\avgrsstx.dll
2009-06-26 09:00 . 2007-02-01 11:24 27784 ----a-w- e:\windows\system32\drivers\avgmfx86.sys
2009-06-16 14:36 . 2004-08-03 23:56 119808 ----a-w- e:\windows\system32\t2embed.dll
2009-06-16 14:36 . 2001-08-23 12:00 81920 ----a-w- e:\windows\system32\fontsub.dll
2009-06-07 16:30 . 2009-06-06 18:06 -------- d-----w- e:\program files\Microsoft Silverlight
2009-06-06 18:07 . 2005-10-25 02:48 31216 ----a-w- e:\documents and settings\adam\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-06 18:06 . 2008-03-04 14:59 -------- d-----w- e:\program files\Windows Live
2009-06-06 18:04 . 2008-10-02 13:09 -------- d-----w- e:\program files\Windows Live Toolbar
2009-06-06 18:04 . 2009-06-06 18:04 -------- d-----w- e:\program files\Microsoft Sync Framework
2009-06-06 18:03 . 2009-06-06 18:03 -------- d-----w- e:\program files\Microsoft SQL Server Compact Edition
2009-06-06 18:02 . 2009-06-06 18:02 -------- d-----w- e:\program files\Microsoft
2009-06-06 18:02 . 2009-06-06 18:02 -------- d-----w- e:\program files\Windows Live SkyDrive
2009-06-06 17:54 . 2009-06-06 17:54 -------- d-----w- e:\program files\Common Files\Windows Live
2009-06-05 10:42 . 2009-06-26 13:09 2060288 ----a-w- e:\windows\system32\usbaaplrc.dll
2009-06-05 10:42 . 2008-07-24 16:22 39424 ----a-w- e:\windows\system32\drivers\usbaapl.sys
2009-06-03 19:09 . 2004-08-03 23:56 1291264 ----a-w- e:\windows\system32\quartz.dll
2009-05-23 11:14 . 2008-06-06 10:12 108552 ----a-w- e:\windows\system32\drivers\avgtdix.sys
2009-05-13 05:15 . 2004-08-03 23:56 915456 ----a-w- e:\windows\system32\wininet.dll
2009-05-07 15:32 . 2004-08-03 23:56 345600 ----a-w- e:\windows\system32\localspl.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="e:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="e:\windows\system32\NvCpl.dll" [2007-12-05 8523776]
"SunJavaUpdateSched"="e:\program files\Java\jre6\bin\jusched.exe" [2009-07-21 148888]
"Adobe Reader Speed Launcher"="e:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"SoundMan"="SOUNDMAN.EXE" - e:\windows\SOUNDMAN.EXE [2005-05-17 77824]

e:\documents and settings\adam\Start Menu\Programs\Startup\
Adobe Gamma.lnk - e:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
ERUNT AutoBackup.lnk - e:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]

e:\docume~1\ALLUSE~1\STARTM~1\Programs\Startup\
Logitech SetPoint.lnk - e:\program files\Logitech\SetPoint\SetPoint.exe [2007-2-13 598016]
Microsoft Office.lnk - e:\program files\Microsoft Office\Office\OSA9.EXE [1999-3-22 65588]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-06-26 09:00 11952 ----a-w- e:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKLM\~\startupfolder\E:^Documents and Settings^adam^Start Menu^Programs^Startup^BitTorrent.lnk]
path=e:\documents and settings\adam\Start Menu\Programs\Startup\BitTorrent.lnk
backup=e:\windows\pss\BitTorrent.lnkStartup

[HKLM\~\startupfolder\E:^Documents and Settings^All Users^Start Menu^Programs^Startup^Color Calibration.lnk]
path=e:\documents and settings\All Users\Start Menu\Programs\Startup\Color Calibration.lnk
backup=e:\windows\pss\Color Calibration.lnkCommon Startup

[HKLM\~\startupfolder\E:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=e:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=e:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\E:^Documents and Settings^All Users^Start Menu^Programs^Startup^MagicTune3.5.lnk]
path=e:\documents and settings\All Users\Start Menu\Programs\Startup\MagicTune3.5.lnk
backup=e:\windows\pss\MagicTune3.5.lnkCommon Startup

[HKLM\~\startupfolder\E:^Documents and Settings^All Users^Start Menu^Programs^Startup^NaturalColorLoad.lnk]
path=e:\documents and settings\All Users\Start Menu\Programs\Startup\NaturalColorLoad.lnk
backup=e:\windows\pss\NaturalColorLoad.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"IDriverT"=3 (0x3)
"Adobe LM Service"=3 (0x3)
"usnjsvc"=3 (0x3)
"ewido security suite control"=2 (0x2)
"TabletService"=2 (0x2)
"SeaPort"=2 (0x2)
"NBService"=3 (0x3)
"iPod Service"=3 (0x3)
"fsssvc"=3 (0x3)
"FLEXnet Licensing Service"=3 (0x3)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"e:\\Program Files\\Messenger\\msmsgs.exe"=
"e:\\Program Files\\Xfire\\Xfire.exe"=
"e:\\Program Files\\Valve\\Steam\\SteamApps\\inflatable_love_badger\\half-life 2 lostcoast\\hl2.exe"=
"e:\\Program Files\\Valve\\Steam\\SteamApps\\inflatable_love_badger\\half-life 2\\hl2.exe"=
"e:\\Program Files\\Valve\\Steam\\SteamApps\\inflatable_love_badger\\half-life 2 deathmatch\\hl2.exe"=
"e:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"e:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"e:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"e:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"e:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"e:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"e:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"e:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"e:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"e:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"e:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"e:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"e:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"e:\\Program Files\\Valve\\Steam\\SteamApps\\inflatable_love_badger\\counter-strike source\\hl2.exe"=
"e:\\Program Files\\BitTorrent\\bittorrent.exe"=
"e:\\Program Files\\Valve\\Steam\\SteamApps\\inflatable_love_badger\\valve test app 1003\\Rag_Doll_Kung_Fu_Steam.exe"=
"e:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"=
"e:\\Program Files\\Valve\\Steam\\SteamApps\\inflatable_love_badger\\team fortress 2\\hl2.exe"=
"e:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"e:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"e:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"e:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"e:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"e:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"e:\\Program Files\\iTunes\\iTunes.exe"=

R0 pavboot;pavboot;e:\windows\system32\drivers\pavboot.sys [09/07/2008 10:59 28544]
R1 AvgLdx86;AVG AVI Loader Driver x86;e:\windows\system32\drivers\avgldx86.sys [06/06/2008 11:12 335752]
R1 AvgTdiX;AVG8 Network Redirector;e:\windows\system32\drivers\avgtdix.sys [06/06/2008 11:12 108552]
R2 avg8emc;AVG8 E-mail Scanner;e:\progra~1\AVG\AVG8\avgemc.exe [04/07/2008 09:11 907032]
R2 avg8wd;AVG8 WatchDog;e:\progra~1\AVG\AVG8\avgwdsvc.exe [04/07/2008 09:11 298776]
R2 fssfltr;FssFltr;e:\windows\system32\drivers\fssfltr_tdi.sys [06/06/2009 19:06 55152]
S2 aawservice LM Service;Lavasoft Ad-Aware Service aawservice LM Service;e:\windows\TEMP\oyqeohvabl.exe service --> e:\windows\TEMP\oyqeohvabl.exe service [?]
S3 ggflt;SEMC USB Flash Driver Filter;e:\windows\system32\drivers\ggflt.sys [10/01/2008 10:29 13352]
S3 SDTHOOK;SDTHOOK;e:\windows\system32\drivers\SDTHOOK.SYS [29/12/2007 19:27 44928]
S4 fsssvc;Windows Live Family Safety;e:\program files\Windows Live\Family Safety\fsssvc.exe [06/02/2009 18:08 533360]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"e:\windows\system32\rundll32.exe" "e:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/ig?referrer=ign_n
uInternet Settings,ProxyOverride = *.local
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-26 14:54
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2009-07-26 14:56
ComboFix-quarantined-files.txt 2009-07-26 13:55

Pre-Run: 9,291,964,416 bytes free
Post-Run: 9,827,696,640 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
e:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

Current=5 Default=5 Failed=4 LastKnownGood=6 Sets=1,2,3,4,5,6
221 --- E O F --- 2009-07-16 13:23

[B]HJT LOG

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:58:08, on 26/07/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
E:\WINDOWS\system32\WgaTray.exe
E:\WINDOWS\system32\spoolsv.exe
E:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
E:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
E:\Program Files\Bonjour\mDNSResponder.exe
E:\Program Files\Java\jre6\bin\jqs.exe
E:\WINDOWS\system32\nvsvc32.exe
E:\WINDOWS\system32\HPZipm12.exe
E:\WINDOWS\system32\svchost.exe
E:\PROGRA~1\AVG\AVG8\avgemc.exe
E:\PROGRA~1\AVG\AVG8\avgrsx.exe
E:\PROGRA~1\AVG\AVG8\avgnsx.exe
E:\WINDOWS\system32\wscntfy.exe
E:\Program Files\AVG\AVG8\avgcsrvx.exe
E:\WINDOWS\system32\notepad.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\explorer.exe
E:\Program Files\internet explorer\iexplore.exe
E:\WINDOWS\system32\ctfmon.exe
E:\Program Files\internet explorer\iexplore.exe
E:\Program Files\Windows Live\Toolbar\wltuser.exe
E:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/ig?referrer=ign_n
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - E:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - E:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - E:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - E:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - E:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - E:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - E:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "E:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "E:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] E:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Adobe Gamma.lnk = E:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: ERUNT AutoBackup.lnk = E:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Global Startup: Logitech SetPoint.lnk = E:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = E:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - E:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - E:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.3.102.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.truprint.co.uk/TruprintActivia.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
O16 - DPF: {928626A3-6B98-11CF-90B4-00AA00A4011F} (SurroundVideoCtrl Object) - http://www.portplus.com/apps/popupx2/frames/MSSurVid.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - E:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - E:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - E:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Lavasoft Ad-Aware Service aawservice LM Service (aawservice LM Service) - Unknown owner - E:\WINDOWS\TEMP\oyqeohvabl.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - E:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - E:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - E:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - E:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - E:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NMIndexingService - Nero AG - E:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - E:\WINDOWS\system32\HPZipm12.exe

--
End of file - 7385 bytes


Sorry it took awhile to get done! seems like every electrical item i own has decided to go mental the last few days!

Sorry it took awhile to get done! seems like every electrical item i own has decided to go mental the last few days!
Not a problem in this case, just be aware the thread can be archived at four days for lack of response and I would not want that to happen to you.

combofix found and removed a rootkit infection and also is showing a p2p program, see this:
http://forums.spybot.info/showthread.php?t=282

If your helper detects the presence of such programs on your computer he/she will ask you to remove them. Help will be withdrawn should you not agree to their removal.

Let's proceed carefully like this:

Please download ATF Cleaner by Atribune
http://www.atribune.org/public-beta/ATF-Cleaner.exe
Save it to your Desktop. We will use this later.

Open notepad and copy/paste the text in the codebox below into it:


Folder::
e:\documents and settings\adam\Application Data\BitTorrent

Save this as CFScript

http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif

Referring to the picture above, drag CFScript into ComboFix.exe.

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThis log. (wait until you finish to post the logs)

Open HijackThis and choose "Do a system scan only" then check the box in front of these line items:

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

Close all programs but HJT and all browser windows, then click on "Fix Checked"

Run ATF Cleaner
Double-click ATF-Cleaner.exe to run the program.
Click Select All found at the bottom of the list.
Click the Empty Selected button.
Click Exit on the Main menu to close the program.

*Cleaning Prefetch may result in a few slow starts until the folder is repopulated:
http://www.windowsnetworking.com/articles_tutorials/Gaining-Speed-Empty-Prefetch-XP.html

I would like a look at a scan from your resident antivirus program.

* Right click the icon for AVG in System Tray and choose Open AVG User Interface.

* Click on Update now, allow AVG to download and install any new updates.

* Click on Computer Scanner then choose "Scan whole computer", this takes a round one hour on the computer I am using now.

* Near the bottom above the words "The scan is complete" choose "Export overview to file"

* Choose Desktop and give it a name you will recognize like AVG Scan Results, then choose SAVE.

* Close results and close the Interface.

* Copy and paste the contents of that file.

Please also provide some feedback, how is the computer running?

Thanks

phew that took awhile!

AVG scan result

Scan "Scan whole computer" was finished.
Infections;"3";"3";"0"
Folders selected for scanning:;"Scan whole computer"
Scan started:;"28 July 2009, 19:12:59"
Scan finished:;"28 July 2009, 22:01:28 (2 hour(s) 48 minute(s) 28 second(s))"
Total object scanned:;"629575"
User who launched the scan:;"adam"

Infections
File;"Infection";"Result"
E:\System Volume Information\_restore{AAE51A59-7FE0-4C75-8D85-A93D0C951FE3}\RP0\A0000001.sys;"Virus identified Win32/Cryptor";"Moved to Virus Vault"
E:\System Volume Information\_restore{AAE51A59-7FE0-4C75-8D85-A93D0C951FE3}\RP0\A0000002.dll;"Virus identified Win32/Cryptor";"Moved to Virus Vault"
E:\System Volume Information\_restore{AAE51A59-7FE0-4C75-8D85-A93D0C951FE3}\RP0\A0000003.dll;"Virus identified Win32/Cryptor";"Moved to Virus Vault"

Combofix result

ComboFix 09-07-28.01 - adam 28/07/2009 18:57.2.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.2047.1567 [GMT 1:00]
Running from: e:\documents and settings\adam\Desktop\ComboFix.exe
Command switches used :: e:\documents and settings\adam\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

e:\documents and settings\adam\Application Data\BitTorrent
e:\documents and settings\adam\Application Data\BitTorrent\data\metainfo\007a9c02abd858cf42cd757d61928c50f1338b02
e:\documents and settings\adam\Application Data\BitTorrent\data\metainfo\0101f310d6e15634e432f54d738a8b16d5c6946c
e:\documents and settings\adam\Application Data\BitTorrent\data\metainfo\04599568fd5439bf723fc990f4faefdf39c40682
e:\documents and settings\adam\Application Data\BitTorrent\data\metainfo\045c46ea175fc84db4f5fcc3c556afefb6c33d07
e:\documents and settings\adam\Application Data\BitTorrent\data\metainfo\053653770f85d14f6ad9a3ddafd3bd0f10046d52
e:\documents and settings\adam\Application Data\BitTorrent\data\metainfo\05dcdc7348e2002ec344dce71813b4253073596e
e:\documents and settings\adam\Application Data\BitTorrent\data\metainfo\07272c7f84efca44b9d9621bf15b4ee6709d15d3
e:\documents and settings\adam\Application Data\BitTorrent\data\metainfo\07cb7d1ec88134dbd0fddb1b8d4d12671fd458b2
e:\documents and settings\adam\Application Data\BitTorrent\data\metainfo\0f5bc8fa2f505f15e13594b31d1039a2fcb62885
e:\documents and settings\adam\Application Data\BitTorrent\data\metainfo\10872267e4ffaf5fd7acb6aeb50eb3a1b2e1beb5
e:\documents and settings\adam\Application Data\BitTorrent\data\metainfo\131d01d1945e03bc07b789c42932188a592b5944
e:\documents and settings\adam\Application Data\BitTorrent\data\metainfo\16a16de47efb90bc3a1ee6b6fc24c37a672116ea
e:\documents and settings\adam\Application Data\BitTorrent\data\metainfo\178a08c58b76e9cf69abd974adec6ca6eaf86fc2
e:\documents and settings\adam\Application Data\BitTorrent\data\metainfo\1bdd5a8abf01d7f4114f9454e5626e214d2cf95a
e:\documents and settings\adam\Application Data\BitTorrent\data\metainfo\1d45b5578b5af3f3dd7dd1d9dbdf00d1db9a9f78
e:\documents and settings\adam\Application Data\BitTorrent\data\metainfo\20d9d2614c02ca6e9b73716e4325872420d3ae06
e:\documents and settings\adam\Application Data\BitTorrent\data\metainfo\23db55b264276a5c2021067cea131d63209e34ae
e:\documents and settings\adam\Application Data\BitTorrent\data\metainfo\2490e5198cd825a2d7be6c2d98286161e10624fd
e:\documents and settings\adam\Application Data\BitTorrent\data\metainfo\26a9ab504eccdffa755c5450e697968bae77eec3
e:\documents and settings\adam\Application Data\BitTorrent\data\metainfo\2a06e89645477f4272ff1ad66fbb457c6484c181
e:\documents and settings\adam\Application Data\BitTorrent\data\metainfo\2a6a348a651bec3763cf690694ab04e4ff24d78b
e:\documents and settings\adam\Application Data\BitTorrent\data\metainfo\2b2b18cc3e762e4162b1da601a750240c134ebc2
e:\documents and settings\adam\Application Data\BitTorrent\data\metainfo\2b4d3ed67295e4947bfa54a9da6864acf86d3e1a
e:\documents and settings\adam\Application Data\BitTorrent\data\metainfo\2c0ed544c75db66aef06248d521e1bb1b9c21e33
e:\documents and settings\adam\Application Data\BitTorrent\data\metainfo\2cd787d0149079a5a735224791a5dd264fb99e63
e:\documents and settings\adam\Application Data\BitTorrent\data\metainfo\2f630a24853bad524f2578e7ad2df41cb298f8b9
e:\documents and settings\adam\Application Data\BitTorrent\data\metainfo\2f7f0a43498b9c5169e64f2d8891c854a5a36290
e:\documents and settings\adam\Application Data\BitTorrent\data\metainfo\3105a2bc1e08bdcf3239f3bd9cf6271caf02fa11
e:\documents and settings\adam\Application Data\BitTorrent\data\metainfo\322b44253e67fe214c070c31794bd996fbf0060b
e:\documents and settings\adam\Application Data\BitTorrent\data\metainfo\33c69cb6bed39b36f051fac46c61a16463eda443
e:\documents and settings\adam\Application Data\BitTorrent\data\metainfo\354bd36245ca444770d81512dd6736184b98c99b
e:\documents and settings\adam\Application Data\BitTorrent\data\metainfo\3915fd73f240c6aae0ee352f57b52a98d0c106d2
e:\documents and settings\adam\Application Data\BitTorrent\data\metainfo\3972690ab208fbea8c1caa1f6aeb0a0cf1b15a3b
e:\documents and settings\adam\Application Data\BitTorrent\data\metainfo\3baf3185a50fb186585ec98de253d15e96cc29aa
e:\documents and settings\adam\Application Data\BitTorrent\data\metainfo\3e3ced57eb87a36a1f4e411f011e1b58d3918832
e:\documents and settings\adam\Application Data\BitTorrent\data\metainfo\4138c3d9b704eb63adb7d4bdd443885b7ba12fe0
e:\documents and settings\adam\Application Data\BitTorrent\data\metainfo\41a251a04d06fcf5af8237b7132e80ca4820bd7d
e:\documents and settings\adam\Application Data\BitTorrent\data\metainfo\4480eb076234538ebe11f345cd09ce1c1f52d945
e:\documents and settings\adam\Application Data\BitTorrent\data\metainfo\45f8feef60a671c4ee68a80cd3f81a064d48986f
e:\documents and settings\adam\Application Data\BitTorrent\data\metainfo\46ebf7889d3498398f1dc91929e9a555560e1517
e:\documents and settings\adam\Application Data\BitTorrent\data\metainfo\47db36da7abbe6fa80568c371fd9d162d676a527
e:\documents and settings\adam\Application Data\BitTorrent\data\metainfo\4858f3b176e1a05a9c4b7eca54ffad0742551692
e:\documents and settings\adam\Application Data\BitTorrent\data\metainfo\49a6b99e6c7e33bde4cc73181455e0b5be02abc1
e:\documents and settings\adam\Application Data\BitTorrent\data\metainfo\4cb0add28da5d3662436be3cd984eac81cc3a5f1
e:\documents and settings\adam\Application Data\BitTorrent\data\metainfo\504bf3d2a61284002dd9e88fff5bd0a45c200c8e
e:\documents and settings\adam\Application Data\BitTorrent\data\metainfo\50ea547313717fef2b46aca8ddae49242c152728
e:\documents and settings\adam\Application Data\BitTorrent\data\metainfo\5192638880477617e595fae8537cccb324c5e0f1
e:\documents and settings\adam\Application Data\BitTorrent\data\metainfo\524024621cf820527b9dd4acb01e5dedae98aad8
e:\documents and settings\adam\Application Data\BitTorrent\data\metainfo\530afd8d1f8b30359295b67f66ed54f02216b3c3
e:\documents and settings\adam\Application Data\BitTorrent\data\metainfo\538b52db751537ea80aef5955a1c3e90e0314662
e:\documents and settings\adam\Application Data\BitTorrent\data\metainfo\554d723c7e6daba1758a12d4efe81591c646af37
e:\documents and settings\adam\Application Data\BitTorrent\data\metainfo\56b37a37468dc205ecbd2555ad8dd9593b2a5f7e
e:\documents and settings\adam\Application Data\BitTorrent\data\metainfo\5ab31848a5262b885cf9dba2aa6cc0e0f4e02502
e:\documents and settings\adam\Application Data\BitTorrent\data\metainfo\5e03d09c213cca1ff605bf1cf39d69272e08e05e
e:\documents and settings\adam\Application Data\BitTorrent\data\metainfo\62aedf37f4379c7f4b615771e03019e0f0598fd7
e:\documents and settings\adam\Application Data\BitTorrent\data\metainfo\63a7db537f47d2d066dbe4dd5924c2717d1be0a6
e:\documents and settings\adam\Application Data\BitTorrent\data\metainfo\6417c39ecb75abc6eb3dbdbe6ac543f20a802204
e:\documents and settings\adam\Application Data\BitTorrent\data\metainfo\64b0b71d758d4b8ec4fa3bd1082568e1062cdfb0
e:\documents and settings\adam\Application Data\BitTorrent\data\metainfo\64cfc11da1f1ede15e637d6d2b7e8013bb4b55ff
e:\documents and settings\adam\Application Data\BitTorrent\data\metainfo\65d701136b6e38e7db2bd3398f626905fe507094
e:\documents and settings\adam\Application Data\BitTorrent\data\metainfo\668b26794e976d4b733ec45d44f9c553bf0c7ba6
e:\documents and settings\adam\Application Data\BitTorrent\data\metainfo\67b1bdc5015432aae2c6c8730ee077cd6779e795
e:\documents and settings\adam\Application Data\BitTorrent\data\metainfo\6b9a5e3bb6256cfff687a2842dee010c129cf7b9
e:\documents and settings\adam\Application Data\BitTorrent\data\metainfo\6dca3a15b4d662190692b02a10f029ff647acc66
e:\documents and settings\adam\Application Data\BitTorrent\data\metainfo\6f19e60b930ac2fcdc0191dd351c8ff07bde9eee
e:\documents and settings\adam\Application Data\BitTorrent\data\metainfo\78f38cee5ae2b83fe8f17d219fd792905f2bbf52
e:\documents and settings\adam\Application Data\BitTorrent\data\metainfo\78f4214fa10bc354ec2eedca5074ea864d5f7dea
e:\documents and settings\adam\Application Data\BitTorrent\data\metainfo\7abe52064f5d0747a0f26604693b4c205ce49467
e:\documents and settings\adam\Application Data\BitTorrent\data\metainfo\7dfc012f6fdddb1564ccde75da3468daa664b9b7
e:\documents and settings\adam\Application Data\BitTorrent\data\metainfo\85a494bb89ed040202de7ae0d93d56d6d90cfdc3
e:\documents and settings\adam\Application Data\BitTorrent\data\metainfo\88b372a033100a0a8b03939b7bde69098821da7f
e:\documents and settings\adam\Application Data\BitTorrent\data\metainfo\8a0932135b307c31ef41609e538439ad2cbc1c0c
e:\documents and settings\adam\Application Data\BitTorrent\data\metainfo\8bc05c3802ce413afe49a073308d9596920ad162
e:\documents and settings\adam\Application Data\BitTorrent\data\metainfo\8bdbfe743076b8df55b14d2abd55af422f58b050
e:\documents and settings\adam\Application Data\BitTorrent\data\metainfo\8cbcf149502cdcf99bf0a7a25859086a323c7e7c
e:\documents and settings\adam\Application Data\BitTorrent\data\metainfo\8dbd672cfae5c6c9c94f1ceb3075a4e4b8631bad
e:\documents and settings\adam\Application Data\BitTorrent\data\metainfo\8f2a2615e228f633c54d3c27c12c2d070127e848
e:\documents and settings\adam\Application Data\BitTorrent\data\metainfo\912fb32a94db6c889e2a8422460226debf5f59ef
e:\documents and settings\adam\Application Data\BitTorrent\data\metainfo\914a7ff88939d67c49ffb9b66bb73d604bf5d991
e:\documents and settings\adam\Application Data\BitTorrent\data\metainfo\91a2554eefb9fa328fade25c89af6184b7d58c19
e:\documents and settings\adam\Application Data\BitTorrent\data\metainfo\91a338840df335ef12c8dcc739a7f1105c94d9c9
e:\documents and settings\adam\Application Data\BitTorrent\data\metainfo\9289134b2a97ae74e088be157ed097995e62d495
e:\documents and settings\adam\Application Data\BitTorrent\data\metainfo\92ee32fcc49608daa738d80352bf207492167d9a
e:\documents and settings\adam\Application Data\BitTorrent\data\metainfo\9499d868023166c215ffafe9f14bfcd879b0f78a
e:\documents and settings\adam\Application Data\BitTorrent\data\metainfo\953e1ae53e59b662ea421a0d0647064053403b8a
e:\documents and settings\adam\Application Data\BitTorrent\data\metainfo\95fad212cfa29f2055ab5d8cb260ccad590cd128
e:\documents and settings\adam\Application Data\BitTorrent\data\metainfo\967eae78bf98ae42626e458ade90d024ebc8d711
e:\documents and settings\adam\Application Data\BitTorrent\data\metainfo\96c4bf9564348bae9faf2d7ba092f6cb91980ffb
e:\documents and settings\adam\Application Data\BitTorrent\data\metainfo\99a5088b984feff675b444ad62d2b11ef98df7c5
e:\documents and settings\adam\Application Data\BitTorrent\data\metainfo\99b95702639d985fb25a3e41fadae8cf4b859527
e:\documents and settings\adam\Application Data\BitTorrent\data\metainfo\9a08bf89950389561e8ab90f7b9716be08a0481b
e:\documents and settings\adam\Application Data\BitTorrent\data\metainfo\9bc7eba21aa9826049f7c8e5062ad70a64bbada7
e:\documents and settings\adam\Application Data\BitTorrent\data\metainfo\9cc8ef1641566b26283138a705386fb720c6c6d9
e:\documents and settings\adam\Application Data\BitTorrent\data\metainfo\9de92f181274925aa6e0e34bf49c9c0f9e9315e3
e:\documents and settings\adam\Application Data\BitTorrent\data\metainfo\9e0eb9c49c24cb10952ad7239ece44860739867e
e:\documents and settings\adam\Application Data\BitTorrent\data\metainfo\a18f5212c3c0e4878e3f86e6af0e1834dae2fa77
e:\documents and settings\adam\Application Data\BitTorrent\data\metainfo\a1b4da1d5c3b6ed48c6db1239578116dd53de1c8
e:\documents and settings\adam\Application Data\BitTorrent\data\metainfo\a322d5706382ed039dbc9a00d6afe40a9e9bc583
e:\documents and settings\adam\Application Data\BitTorrent\data\metainfo\a91f3a704af827720f20d187e8b0ce1370040b1c
e:\documents and settings\adam\Application Data\BitTorrent\data\metainfo\aa332bbb25663d0818796118e93050d5d361d643
e:\documents and settings\adam\Application Data\BitTorrent\data\metainfo\af635db74d259639f50498d34e5fd84e7c06a37b
e:\documents and settings\adam\Application Data\BitTorrent\data\metainfo\af6ab5038ea0c039fc2d458e36413851cd62244e
e:\documents and settings\adam\Application Data\BitTorrent\data\metainfo\b165d0800124f8cf0e29ebf59d7de528ccfd1853
e:\documents and settings\adam\Application Data\BitTorrent\data\metainfo\b6697f786edd26b07af4771afb3f4b52892acc2b
e:\documents and settings\adam\Application Data\BitTorrent\data\metainfo\b7eb77638169f6dcbad27afb58397adc874b2136
e:\documents and settings\adam\Application Data\BitTorrent\data\metainfo\bce835d38ffee1abb88129f4d2506227aeb7d951
e:\documents and settings\adam\Application Data\BitTorrent\data\metainfo\bea0d3eee5bbe8f5f83ac6acf7d03a0be7e218e1
e:\documents and settings\adam\Application Data\BitTorrent\data\metainfo\c14004d0acbd96f3ae3764a2ddb57d6d9926cb04
e:\documents and settings\adam\Application Data\BitTorrent\data\metainfo\c2bb84a4998a07f476c1e21cf839a80eab9b8f1a
e:\documents and settings\adam\Application Data\BitTorrent\data\metainfo\c3a8051df82602a25f78678789b57ca5c605fe64
e:\documents and settings\adam\Application Data\BitTorrent\data\metainfo\c4e37d6288f449d1e5b9a53aa1b8466f29b12624
e:\documents and settings\adam\Application Data\BitTorrent\data\metainfo\c5ef2421fbfa92ff7d1723b123f238cb8951471a
e:\documents and settings\adam\Application Data\BitTorrent\data\metainfo\c9f2375cbf7d2248cbed2397abf5c2638313ce8f
e:\documents and settings\adam\Application Data\BitTorrent\data\metainfo\cc9085fabe0d52e02d05906ff9e42b5d435598c6
e:\documents and settings\adam\Application Data\BitTorrent\data\metainfo\ce060e2761653098865f380530a56b6eec3dc5d8
e:\documents and settings\adam\Application Data\BitTorrent\data\metainfo\cfe7171ae82efd750262febe48e1cc7a849b2de3
e:\documents and settings\adam\Application Data\BitTorrent\data\metainfo\d8ba28bf9e896e52ae7808ae137481600630b697
e:\documents and settings\adam\Application Data\BitTorrent\data\metainfo\d9f86822ad00efaf51c94482f8f8d6a04895d23c
e:\documents and settings\adam\Application Data\BitTorrent\data\metainfo\db396316ee3afd4a124e15a6a40c7aed7c1fe9bb
e:\documents and settings\adam\Application Data\BitTorrent\data\metainfo\de7955fd7e833e1210e4aa89ad7ba22499fcf27b
e:\documents and settings\adam\Application Data\BitTorrent\data\metainfo\e15367f127052f344dd19b7bcecc7245a37416d4
e:\documents and settings\adam\Application Data\BitTorrent\data\metainfo\e39dfa235c48a9174029b461e189d6518e195d5c
e:\documents and settings\adam\Application Data\BitTorrent\data\metainfo\e3fbb17a62f8050192bdcd586e0a2f2a3d8a8daa
e:\documents and settings\adam\Application Data\BitTorrent\data\metainfo\e5d8f022a1c8d4913df6f26e14273fd61d97edfb
e:\documents and settings\adam\Application Data\BitTorrent\data\metainfo\e60f9d6471e6b4a5e7285be6bc18c3136ca0c429
e:\documents and settings\adam\Application Data\BitTorrent\data\metainfo\e9f52fa93164ae88698d39ddfac10b3806441ba9
e:\documents and settings\adam\Application Data\BitTorrent\data\metainfo\eac605d0393f029b813fceab77a3d7ded96aa81c
e:\documents and settings\adam\Application Data\BitTorrent\data\metainfo\ec69d3b23a02c2750e81378c7c6bb1bb52218340
e:\documents and settings\adam\Application Data\BitTorrent\data\metainfo\ec792e47530e8ac77b54db2309bb951bc5d865dd
e:\documents and settings\adam\Application Data\BitTorrent\data\metainfo\edce0a1cfca70cb72f36e2c3fe99edbdf564c7b8
e:\documents and settings\adam\Application Data\BitTorrent\data\metainfo\f02d74df243f8004c7d864399536905f259632ba
e:\documents and settings\adam\Application Data\BitTorrent\data\metainfo\f4ce4be00194b68dd0659cf3fc69ca5db11de48a
e:\documents and settings\adam\Application Data\BitTorrent\data\metainfo\f520afda0d95c6fd7723df305493500f1ec9cd34
e:\documents and settings\adam\Application Data\BitTorrent\data\metainfo\f5ff4970dc2e7c95134445f7ddf180301699a768
e:\documents and settings\adam\Application Data\BitTorrent\data\metainfo\f8304be31eaabca1a7ce16edb628fa3e142be4c5
e:\documents and settings\adam\Application Data\BitTorrent\data\metainfo\fa0770419d64244dfa02069858faa22bb35e4ea5
e:\documents and settings\adam\Application Data\BitTorrent\data\metainfo\fb9191df31997187976beaa5368efd2ba838ae14
e:\documents and settings\adam\Application Data\BitTorrent\data\metainfo\fdae805e668a2f829b53f7cf9e47d960006fb2cd
e:\documents and settings\adam\Application Data\BitTorrent\data\resume\045c46ea175fc84db4f5fcc3c556afefb6c33d07
e:\documents and settings\adam\Application Data\BitTorrent\data\resume\3915fd73f240c6aae0ee352f57b52a98d0c106d2
e:\documents and settings\adam\Application Data\BitTorrent\data\resume\668b26794e976d4b733ec45d44f9c553bf0c7ba6
e:\documents and settings\adam\Application Data\BitTorrent\data\resume\9b1bbdeae58aeb53da82c33b0f2098b0cbd42ab3
e:\documents and settings\adam\Application Data\BitTorrent\data\resume\a322d5706382ed039dbc9a00d6afe40a9e9bc583
e:\documents and settings\adam\Application Data\BitTorrent\data\resume\c5ef2421fbfa92ff7d1723b123f238cb8951471a
e:\documents and settings\adam\Application Data\BitTorrent\data\resume\d8ba28bf9e896e52ae7808ae137481600630b697
e:\documents and settings\adam\Application Data\BitTorrent\data\resume\eac605d0393f029b813fceab77a3d7ded96aa81c
e:\documents and settings\adam\Application Data\BitTorrent\data\routing_table
e:\documents and settings\adam\Application Data\BitTorrent\data\torrent_config
e:\documents and settings\adam\Application Data\BitTorrent\data\torrents\045c46ea175fc84db4f5fcc3c556afefb6c33d07
e:\documents and settings\adam\Application Data\BitTorrent\data\torrents\3915fd73f240c6aae0ee352f57b52a98d0c106d2
e:\documents and settings\adam\Application Data\BitTorrent\data\torrents\668b26794e976d4b733ec45d44f9c553bf0c7ba6
e:\documents and settings\adam\Application Data\BitTorrent\data\torrents\a322d5706382ed039dbc9a00d6afe40a9e9bc583
e:\documents and settings\adam\Application Data\BitTorrent\data\torrents\c5ef2421fbfa92ff7d1723b123f238cb8951471a
e:\documents and settings\adam\Application Data\BitTorrent\data\torrents\d8ba28bf9e896e52ae7808ae137481600630b697
e:\documents and settings\adam\Application Data\BitTorrent\data\torrents\eac605d0393f029b813fceab77a3d7ded96aa81c
e:\documents and settings\adam\Application Data\BitTorrent\data\ui_config
e:\documents and settings\adam\Application Data\BitTorrent\data\ui_state
e:\documents and settings\adam\Application Data\BitTorrent\incomplete\3915fd73-ae70\LEFTFIELD- AFRIKA SHOX.avi
e:\documents and settings\adam\Application Data\BitTorrent\incomplete\3915fd73-ae70\LEFTFIELD- AFRO LEFT.avi
e:\documents and settings\adam\Application Data\BitTorrent\incomplete\3915fd73-ae70\LEFTFIELD- DUSTED.avi
e:\documents and settings\adam\Application Data\BitTorrent\incomplete\3915fd73-ae70\LEFTFIELD- OPEN UP.avi
e:\documents and settings\adam\Application Data\BitTorrent\incomplete\3915fd73-ae70\LEFTFIELD- ORIGINAL.avi
e:\documents and settings\adam\Application Data\BitTorrent\incomplete\3915fd73-ae70\LEFTFIELD- RELEASE THE PRESSURE.avi
e:\documents and settings\adam\Application Data\BitTorrent\incomplete\3915fd73-ae70\LEFTFIELD- SWORDS.avi
e:\documents and settings\adam\Application Data\BitTorrent\incomplete\668b2679-74eb\avd-ut3.iso
e:\documents and settings\adam\Application Data\BitTorrent\incomplete\a322d570-28d1\Crack\FEAR.exe
e:\documents and settings\adam\Application Data\BitTorrent\incomplete\a322d570-28d1\Disk 1.mdf
e:\documents and settings\adam\Application Data\BitTorrent\incomplete\a322d570-28d1\Disk 2.mdf
e:\documents and settings\adam\Application Data\BitTorrent\incomplete\Babylon 5 Season 1\b5.101-amc.avi
e:\documents and settings\adam\Application Data\BitTorrent\incomplete\Babylon 5 Season 1\b5.102-amc.avi
e:\documents and settings\adam\Application Data\BitTorrent\incomplete\Babylon 5 Season 1\b5.103-amc.avi
e:\documents and settings\adam\Application Data\BitTorrent\incomplete\Babylon 5 Season 1\b5.104-amc.avi
e:\documents and settings\adam\Application Data\BitTorrent\incomplete\Babylon 5 Season 1\b5.105-amc.avi
e:\documents and settings\adam\Application Data\BitTorrent\incomplete\Babylon 5 Season 1\b5.106-amc.avi
e:\documents and settings\adam\Application Data\BitTorrent\incomplete\Babylon 5 Season 1\b5.107-amc.avi
e:\documents and settings\adam\Application Data\BitTorrent\incomplete\Babylon 5 Season 1\b5.108-amc.avi
e:\documents and settings\adam\Application Data\BitTorrent\incomplete\Babylon 5 Season 1\b5.109-amc.avi
e:\documents and settings\adam\Application Data\BitTorrent\incomplete\Babylon 5 Season 1\b5.110-amc.avi
e:\documents and settings\adam\Application Data\BitTorrent\incomplete\Babylon 5 Season 1\b5.111-amc.avi
e:\documents and settings\adam\Application Data\BitTorrent\incomplete\Babylon 5 Season 1\b5.112-amc.avi
e:\documents and settings\adam\Application Data\BitTorrent\incomplete\Babylon 5 Season 1\b5.113-amc.avi
e:\documents and settings\adam\Application Data\BitTorrent\incomplete\Babylon 5 Season 1\b5.114-amc.avi
e:\documents and settings\adam\Application Data\BitTorrent\incomplete\Babylon 5 Season 1\b5.115-amc.avi
e:\documents and settings\adam\Application Data\BitTorrent\incomplete\Babylon 5 Season 1\b5.116-amc.avi
e:\documents and settings\adam\Application Data\BitTorrent\incomplete\Babylon 5 Season 1\b5.117-amc.avi
e:\documents and settings\adam\Application Data\BitTorrent\incomplete\Babylon 5 Season 1\b5.118-amc.avi
e:\documents and settings\adam\Application Data\BitTorrent\incomplete\Babylon 5 Season 1\b5.119-amc.avi
e:\documents and settings\adam\Application Data\BitTorrent\incomplete\Babylon 5 Season 1\b5.120-amc.avi
e:\documents and settings\adam\Application Data\BitTorrent\incomplete\Babylon 5 Season 1\b5.121-amc.avi
e:\documents and settings\adam\Application Data\BitTorrent\incomplete\Babylon 5 Season 1\b5.122-amc.avi
e:\documents and settings\adam\Application Data\BitTorrent\incomplete\c5ef2421-3fe8
e:\documents and settings\adam\Application Data\BitTorrent\incomplete\d8ba28bf-b946\Demon Days [2005]\01 Intro.mp3
e:\documents and settings\adam\Application Data\BitTorrent\incomplete\d8ba28bf-b946\Demon Days [2005]\02 Last Living Souls.mp3
e:\documents and settings\adam\Application Data\BitTorrent\incomplete\d8ba28bf-b946\Demon Days [2005]\03 Kids With Guns.mp3
e:\documents and settings\adam\Application Data\BitTorrent\incomplete\d8ba28bf-b946\Demon Days [2005]\04 O Green World.mp3
e:\documents and settings\adam\Application Data\BitTorrent\incomplete\d8ba28bf-b946\Demon Days [2005]\05 Dirty Harry.mp3
e:\documents and settings\adam\Application Data\BitTorrent\incomplete\d8ba28bf-b946\Demon Days [2005]\06 Feel Good Inc..mp3
e:\documents and settings\adam\Application Data\BitTorrent\incomplete\d8ba28bf-b946\Demon Days [2005]\07 El Mañana.mp3
e:\documents and settings\adam\Application Data\BitTorrent\incomplete\d8ba28bf-b946\Demon Days [2005]\08 Every Planet We Reach Is Dead.mp3
e:\documents and settings\adam\Application Data\BitTorrent\incomplete\d8ba28bf-b946\Demon Days [2005]\09 November Has Come, F-MF Doom.mp3
e:\documents and settings\adam\Application Data\BitTorrent\incomplete\d8ba28bf-b946\Demon Days [2005]\10 All Alone.mp3
e:\documents and settings\adam\Application Data\BitTorrent\incomplete\d8ba28bf-b946\Demon Days [2005]\11 White Light.mp3
e:\documents and settings\adam\Application Data\BitTorrent\incomplete\d8ba28bf-b946\Demon Days [2005]\12 DARE.mp3
e:\documents and settings\adam\Application Data\BitTorrent\incomplete\d8ba28bf-b946\Demon Days [2005]\13 Fire Coming Out of a Monkey's Head.mp3
e:\documents and settings\adam\Application Data\BitTorrent\incomplete\d8ba28bf-b946\Demon Days [2005]\14 Don't Get Lost in Heaven.mp3
e:\documents and settings\adam\Application Data\BitTorrent\incomplete\d8ba28bf-b946\Demon Days [2005]\15 Demon Days.mp3
e:\documents and settings\adam\Application Data\BitTorrent\incomplete\d8ba28bf-b946\G-Sides [2002]\01 - 19-2000 (SoulChildRemix).mp3
e:\documents and settings\adam\Application Data\BitTorrent\incomplete\d8ba28bf-b946\G-Sides [2002]\02 - LatinSimone (QuePasaContigo).mp3
e:\documents and settings\adam\Application Data\BitTorrent\incomplete\d8ba28bf-b946\G-Sides [2002]\03 - 19-2000 (TheWiseguysHouseOfWisdomRemix).mp3
e:\documents and settings\adam\Application Data\BitTorrent\incomplete\d8ba28bf-b946\G-Sides [2002]\04 - TheSounder (Edit).mp3
e:\documents and settings\adam\Application Data\BitTorrent\incomplete\d8ba28bf-b946\G-Sides [2002]\05 - Faust.mp3
e:\documents and settings\adam\Application Data\BitTorrent\incomplete\d8ba28bf-b946\G-Sides [2002]\06 - ClintEastwood (PhiLifeCypherVersion).mp3
e:\documents and settings\adam\Application Data\BitTorrent\incomplete\d8ba28bf-b946\G-Sides [2002]\07 - Ghosttrain.mp3
e:\documents and settings\adam\Application Data\BitTorrent\incomplete\d8ba28bf-b946\G-Sides [2002]\08 - HipAlbatross.mp3
e:\documents and settings\adam\Application Data\BitTorrent\incomplete\d8ba28bf-b946\G-Sides [2002]\09 - 12D3.mp3
e:\documents and settings\adam\Application Data\BitTorrent\incomplete\d8ba28bf-b946\Gorillaz [2001]\01 Re-Hash.mp3
e:\documents and settings\adam\Application Data\BitTorrent\incomplete\d8ba28bf-b946\Gorillaz [2001]\02 5-4.mp3
e:\documents and settings\adam\Application Data\BitTorrent\incomplete\d8ba28bf-b946\Gorillaz [2001]\03 Tomorrow Comes Today.mp3
e:\documents and settings\adam\Application Data\BitTorrent\incomplete\d8ba28bf-b946\Gorillaz [2001]\04 New Genious (Brother).mp3
e:\documents and settings\adam\Application Data\BitTorrent\incomplete\d8ba28bf-b946\Gorillaz [2001]\05 Clint Eastwood.mp3
e:\documents and settings\adam\Application Data\BitTorrent\incomplete\d8ba28bf-b946\Gorillaz [2001]\06 Man Research (Clapper).mp3
e:\documents and settings\adam\Application Data\BitTorrent\incomplete\d8ba28bf-b946\Gorillaz [2001]\07 Punk.mp3
e:\documents and settings\adam\Application Data\BitTorrent\incomplete\d8ba28bf-b946\Gorillaz [2001]\08 Sound Check (Gravity).mp3
e:\documents and settings\adam\Application Data\BitTorrent\incomplete\d8ba28bf-b946\Gorillaz [2001]\09 Double Bass.mp3
e:\documents and settings\adam\Application Data\BitTorrent\incomplete\d8ba28bf-b946\Gorillaz [2001]\10 Rock The House.mp3
e:\documents and settings\adam\Application Data\BitTorrent\incomplete\d8ba28bf-b946\Gorillaz [2001]\11 19-2000.mp3
e:\documents and settings\adam\Application Data\BitTorrent\incomplete\d8ba28bf-b946\Gorillaz [2001]\12 Latin Simone (ibrahim ferrer vocals).mp3
e:\documents and settings\adam\Application Data\BitTorrent\incomplete\d8ba28bf-b946\Gorillaz [2001]\13 Starshine.mp3
e:\documents and settings\adam\Application Data\BitTorrent\incomplete\d8ba28bf-b946\Gorillaz [2001]\14 Slow Country.mp3
e:\documents and settings\adam\Application Data\BitTorrent\incomplete\d8ba28bf-b946\Gorillaz [2001]\15 M1 A1 (contains hidden track).mp3
e:\documents and settings\adam\Application Data\BitTorrent\incomplete\d8ba28bf-b946\Greatest Hits [2004]\01.Gorillaz - 19-2000.mp3
e:\documents and settings\adam\Application Data\BitTorrent\incomplete\d8ba28bf-b946\Greatest Hits [2004]\02.Gorillaz - dracula.mp3
e:\documents and settings\adam\Application Data\BitTorrent\incomplete\d8ba28bf-b946\Greatest Hits [2004]\03.Gorillaz - clint eastwood (album version).mp3
e:\documents and settings\adam\Application Data\BitTorrent\incomplete\d8ba28bf-b946\Greatest Hits [2004]\04.Gorillaz - m1A1.mp3
e:\documents and settings\adam\Application Data\BitTorrent\incomplete\d8ba28bf-b946\Greatest Hits [2004]\05.Gorillaz - ghosttrain.mp3
e:\documents and settings\adam\Application Data\BitTorrent\incomplete\d8ba28bf-b946\Greatest Hits [2004]\06.Gorillaz - tomorrow comes today.mp3
e:\documents and settings\adam\Application Data\BitTorrent\incomplete\d8ba28bf-b946\Greatest Hits [2004]\07.Gorillaz - 12D3.mp3
e:\documents and settings\adam\Application Data\BitTorrent\incomplete\d8ba28bf-b946\Greatest Hits [2004]\08.Gorillaz - re-hash.mp3
e:\documents and settings\adam\Application Data\BitTorrent\incomplete\d8ba28bf-b946\Greatest Hits [2004]\09.Gorillaz - latin simone (que pasa contigo).mp3
e:\documents and settings\adam\Application Data\BitTorrent\incomplete\d8ba28bf-b946\Greatest Hits [2004]\10.Gorillaz - faust.mp3
e:\documents and settings\adam\Application Data\BitTorrent\incomplete\d8ba28bf-b946\Greatest Hits [2004]\11.Gorillaz - rock the house.mp3
e:\documents and settings\adam\Application Data\BitTorrent\incomplete\d8ba28bf-b946\Greatest Hits [2004]\12.Gorillaz - 5-4.mp3
e:\documents and settings\adam\Application Data\BitTorrent\incomplete\d8ba28bf-b946\Greatest Hits [2004]\13.Gorillaz - the sounder (EDIT).mp3
e:\documents and settings\adam\Application Data\BitTorrent\incomplete\d8ba28bf-b946\Greatest Hits [2004]\14.Gorillaz - 911 (Featuring D12).mp3
e:\documents and settings\adam\Application Data\BitTorrent\incomplete\d8ba28bf-b946\Greatest Hits [2004]\15.Gorillaz - gorillaz on my mind (Featuring Redman) (O.S.T Blade 2).mp3
e:\documents and settings\adam\Application Data\BitTorrent\incomplete\d8ba28bf-b946\Greatest Hits [2004]\16.Gorillaz - clint eastwood (Phi Life Cypher Version).mp3
e:\documents and settings\adam\Application Data\BitTorrent\incomplete\d8ba28bf-b946\Greatest Hits [2004]\17.Gorillaz - 19-2000 (soulchild remix).mp3
e:\documents and settings\adam\Application Data\BitTorrent\incomplete\d8ba28bf-b946\Greatest Hits [2004]\18.Gorillaz - new genious (brother).mp3
e:\documents and settings\adam\Application Data\BitTorrent\incomplete\d8ba28bf-b946\Greatest Hits [2004]\Gorillaz - Greatest hits - 2004 - Back.jpg
e:\documents and settings\adam\Application Data\BitTorrent\incomplete\d8ba28bf-b946\Greatest Hits [2004]\Gorillaz - Greatest hits - 2004 - Front.jpg
e:\documents and settings\adam\Application Data\BitTorrent\incomplete\d8ba28bf-b946\Laika Come Home [2002]\01 19-2000.mp3
e:\documents and settings\adam\Application Data\BitTorrent\incomplete\d8ba28bf-b946\Laika Come Home [2002]\02 Slow Country.mp3
e:\documents and settings\adam\Application Data\BitTorrent\incomplete\d8ba28bf-b946\Laika Come Home [2002]\03 Tomorrow Comes Today.mp3
e:\documents and settings\adam\Application Data\BitTorrent\incomplete\d8ba28bf-b946\Laika Come Home [2002]\04 Man Research.mp3
e:\documents and settings\adam\Application Data\BitTorrent\incomplete\d8ba28bf-b946\Laika Come Home [2002]\05 Punk.mp3
e:\documents and settings\adam\Application Data\BitTorrent\incomplete\d8ba28bf-b946\Laika Come Home [2002]\06 5-4.mp3
e:\documents and settings\adam\Application Data\BitTorrent\incomplete\d8ba28bf-b946\Laika Come Home [2002]\07 Starshine.mp3
e:\documents and settings\adam\Application Data\BitTorrent\incomplete\d8ba28bf-b946\Laika Come Home [2002]\08 Soundcheck (Gravity).mp3
e:\documents and settings\adam\Application Data\BitTorrent\incomplete\d8ba28bf-b946\Laika Come Home [2002]\09 New Genius (Brother).mp3
e:\documents and settings\adam\Application Data\BitTorrent\incomplete\d8ba28bf-b946\Laika Come Home [2002]\10 Re Hash.mp3
e:\documents and settings\adam\Application Data\BitTorrent\incomplete\d8ba28bf-b946\Laika Come Home [2002]\11 Clint Eastwood.mp3
e:\documents and settings\adam\Application Data\BitTorrent\incomplete\d8ba28bf-b946\Laika Come Home [2002]\12 M1a1.mp3
e:\documents and settings\adam\Application Data\BitTorrent\incomplete\eac605d0-8391
e:\documents and settings\adam\Application Data\BitTorrent\incomplete\Homemade - Hot German redhead teen #2.wmv
e:\documents and settings\adam\Application Data\BitTorrent\incomplete\microsoft office 2000.zip
e:\documents and settings\adam\Application Data\BitTorrent\incomplete\Red Dwarf 2009 Back to Earth Part 1 [MM].avi
e:\documents and settings\adam\Application Data\BitTorrent\incomplete\Sex_Around_The_World_Sexy_Swedish_Girls_XXX_Teen_Sex\Sexy_Swedish_Teen_Gets_Her_Tight_Pussy_Pounded_Hard_XXX_Teen_Sex.avi
e:\documents and settings\adam\Application Data\BitTorrent\incomplete\Superhero Movie[2008]DvDrip[Eng]-FXG\FXG™.nfo
e:\documents and settings\adam\Application Data\BitTorrent\incomplete\Superhero Movie[2008]DvDrip[Eng]-FXG\Superhero Movie[2008]DvDrip[Eng]-FXG.avi
e:\documents and settings\adam\Application Data\BitTorrent\incomplete\Superhero Movie[2008]DvDrip[Eng]-FXG\Superhero Movie.jpg
e:\documents and settings\adam\Application Data\BitTorrent\incomplete\Superhero Movie[2008]DvDrip[Eng]-FXG\Superhero Movie[DvD cover].jpg
e:\documents and settings\adam\Application Data\BitTorrent\incomplete\Superhero Movie[2008]DvDrip[Eng]-FXG\Superhero Movie[Eng][Subs].srt
e:\documents and settings\adam\Application Data\BitTorrent\incomplete\The Levellers - Levelling The Land - FLAC - HellraiserRG\00. Levellers - Levelling The Land.m3u
e:\documents and settings\adam\Application Data\BitTorrent\incomplete\The Levellers - Levelling The Land - FLAC - HellraiserRG\00. Levellers - Levelling The Land.nfo
e:\documents and settings\adam\Application Data\BitTorrent\incomplete\The Levellers - Levelling The Land - FLAC - HellraiserRG\01 - One Way.flac
e:\documents and settings\adam\Application Data\BitTorrent\incomplete\The Levellers - Levelling The Land - FLAC - HellraiserRG\02 - The Game.flac
e:\documents and settings\adam\Application Data\BitTorrent\incomplete\The Levellers - Levelling The Land - FLAC - HellraiserRG\03 - Fifteen Years.flac
e:\documents and settings\adam\Application Data\BitTorrent\incomplete\The Levellers - Levelling The Land - FLAC - HellraiserRG\04 - The Boatman.flac
e:\documents and settings\adam\Application Data\BitTorrent\incomplete\The Levellers - Levelling The Land - FLAC - HellraiserRG\05 - Liberty Song.flac
e:\documents and settings\adam\Application Data\BitTorrent\incomplete\The Levellers - Levelling The Land - FLAC - HellraiserRG\06 - Far From Home.flac
e:\documents and settings\adam\Application Data\BitTorrent\incomplete\The Levellers - Levelling The Land - FLAC - HellraiserRG\07 - Sell Out.flac
e:\documents and settings\adam\Application Data\BitTorrent\incomplete\The Levellers - Levelling The Land - FLAC - HellraiserRG\08 - Another Man's Cause.flac
e:\documents and settings\adam\Application Data\BitTorrent\incomplete\The Levellers - Levelling The Land - FLAC - HellraiserRG\09 - The Road.flac
e:\documents and settings\adam\Application Data\BitTorrent\incomplete\The Levellers - Levelling The Land - FLAC - HellraiserRG\10 - The Riverflow.flac
e:\documents and settings\adam\Application Data\BitTorrent\incomplete\The Levellers - Levelling The Land - FLAC - HellraiserRG\11 - Battle Of The Beanfield.flac
e:\documents and settings\adam\Application Data\BitTorrent\incomplete\The Levellers - Mouth To Mouth - FLAC - HellraiserRG\01 - Dog Train.flac
e:\documents and settings\adam\Application Data\BitTorrent\incomplete\The Levellers - Mouth To Mouth - FLAC - HellraiserRG\02 - Beautiful Day.flac
e:\documents and settings\adam\Application Data\BitTorrent\incomplete\The Levellers - Mouth To Mouth - FLAC - HellraiserRG\03 - Celebrate.flac
e:\documents and settings\adam\Application Data\BitTorrent\incomplete\The Levellers - Mouth To Mouth - FLAC - HellraiserRG\04 - Rain And Snow.flac
e:\documents and settings\adam\Application Data\BitTorrent\incomplete\The Levellers - Mouth To Mouth - FLAC - HellraiserRG\05 - Far Away.flac
e:\documents and settings\adam\Application Data\BitTorrent\incomplete\The Levellers - Mouth To Mouth - FLAC - HellraiserRG\06 - C.C.T.V..flac
e:\documents and settings\adam\Application Data\BitTorrent\incomplete\The Levellers - Mouth To Mouth - FLAC - HellraiserRG\07 - Chemically Free.flac
e:\documents and settings\adam\Application Data\BitTorrent\incomplete\The Levellers - Mouth To Mouth - FLAC - HellraiserRG\08 - Elation.flac
e:\documents and settings\adam\Application Data\BitTorrent\incomplete\The Levellers - Mouth To Mouth - FLAC - HellraiserRG\09 - Captains' Courageous.flac
e:\documents and settings\adam\Application Data\BitTorrent\incomplete\The Levellers - Mouth To Mouth - FLAC - HellraiserRG\10 - Survivors.flac
e:\documents and settings\adam\Application Data\BitTorrent\incomplete\The Levellers - Mouth To Mouth - FLAC - HellraiserRG\11 - Sail Away.flac
e:\documents and settings\adam\Application Data\BitTorrent\incomplete\The Levellers - Mouth To Mouth - FLAC - HellraiserRG\12 - Too Real.flac
e:\documents and settings\adam\Application Data\BitTorrent\incomplete\The Levellers - Mouth To Mouth - FLAC - HellraiserRG\Fingerprint.txt
e:\documents and settings\adam\Application Data\BitTorrent\incomplete\The Levellers - Mouth To Mouth - FLAC - HellraiserRG\GUIDE.txt
e:\documents and settings\adam\Application Data\BitTorrent\incomplete\The Levellers - Mouth To Mouth - FLAC - HellraiserRG\Mouth To Mouth.CUE
e:\documents and settings\adam\Application Data\BitTorrent\incomplete\The Levellers - Mouth To Mouth - FLAC - HellraiserRG\Mouth To Mouth.log
e:\documents and settings\adam\Application Data\BitTorrent\incomplete\The Levellers - Mouth To Mouth - FLAC - HellraiserRG\Torrent_downloaded_from_Demonoid.com.txt
e:\documents and settings\adam\Application Data\BitTorrent\incomplete\The Levellers - Zeitgeist - FLAC - HellraiserRG\01 - Hope St..flac
e:\documents and settings\adam\Application Data\BitTorrent\incomplete\The Levellers - Zeitgeist - FLAC - HellraiserRG\02 - The Fear.flac
e:\documents and settings\adam\Application Data\BitTorrent\incomplete\The Levellers - Zeitgeist - FLAC - HellraiserRG\03 - Exodus.flac
e:\documents and settings\adam\Application Data\BitTorrent\incomplete\The Levellers - Zeitgeist - FLAC - HellraiserRG\04 - Maid Of The River.flac
e:\documents and settings\adam\Application Data\BitTorrent\incomplete\The Levellers - Zeitgeist - FLAC - HellraiserRG\05 - Saturday To Sunday.flac
e:\documents and settings\adam\Application Data\BitTorrent\incomplete\The Levellers - Zeitgeist - FLAC - HellraiserRG\06 - 4 AM.flac
e:\documents and settings\adam\Application Data\BitTorrent\incomplete\The Levellers - Zeitgeist - FLAC - HellraiserRG\07 - Forgotten Ground.flac
e:\documents and settings\adam\Application Data\BitTorrent\incomplete\The Levellers - Zeitgeist - FLAC - HellraiserRG\08 - Fantasy.flac
e:\documents and settings\adam\Application Data\BitTorrent\incomplete\The Levellers - Zeitgeist - FLAC - HellraiserRG\09 - P.C. Keen.flac
e:\documents and settings\adam\Application Data\BitTorrent\incomplete\The Levellers - Zeitgeist - FLAC - HellraiserRG\10 - Just The One.flac
e:\documents and settings\adam\Application Data\BitTorrent\incomplete\The Levellers - Zeitgeist - FLAC - HellraiserRG\11 - Haven't Made It.flac
e:\documents and settings\adam\Application Data\BitTorrent\incomplete\The Levellers - Zeitgeist - FLAC - HellraiserRG\12 - Leave This Town.flac
e:\documents and settings\adam\Application Data\BitTorrent\incomplete\The Levellers - Zeitgeist - FLAC - HellraiserRG\13 - Men-An-Toi.flac
e:\documents and settings\adam\Application Data\BitTorrent\incomplete\Unreal Tournament 3 Keygen Serial to Play Online PC UT3\Password instructions.html
e:\documents and settings\adam\Application Data\BitTorrent\incomplete\Unreal Tournament 3 Keygen Serial to Play Online PC UT3\Password instructions.txt
e:\documents and settings\adam\Application Data\BitTorrent\incomplete\Unreal Tournament 3 Keygen Serial to Play Online PC UT3\ut3keygen.rar
e:\documents and settings\adam\Application Data\BitTorrent\incomplete\Warhammer 7th edition Rulebook.pdf

.
((((((((((((((((((((((((( Files Created from 2009-06-28 to 2009-07-28 )))))))))))))))))))))))))))))))
.

2009-07-21 19:47 . 2009-07-21 19:47 410984 ----a-w- e:\windows\system32\deploytk.dll
2009-07-21 18:22 . 2009-07-23 19:47 -------- d-----w- e:\documents and settings\All Users\Application Data\NOS
2009-07-21 18:22 . 2009-07-23 19:47 -------- d-----w- e:\program files\NOS
2009-07-20 16:02 . 2009-07-20 16:02 -------- d-----w- e:\program files\Trend Micro
2009-07-20 14:12 . 2009-07-20 14:12 -------- d-----w- e:\documents and settings\adam\Application Data\Malwarebytes
2009-07-20 14:12 . 2009-07-13 12:36 38160 ----a-w- e:\windows\system32\drivers\mbamswissarmy.sys
2009-07-20 14:12 . 2009-07-20 14:12 -------- d-----w- e:\program files\Malwarebytes' Anti-Malware
2009-07-20 14:12 . 2009-07-20 14:12 -------- d-----w- e:\documents and settings\All Users\Application Data\Malwarebytes
2009-07-20 14:12 . 2009-07-13 12:36 19096 ----a-w- e:\windows\system32\drivers\mbam.sys
2009-07-20 14:01 . 2009-07-20 14:01 -------- d-----w- e:\program files\ERUNT
2009-07-14 16:44 . 2009-07-14 16:44 -------- d-sh--w- e:\documents and settings\LocalService\IETldCache
2009-07-14 10:44 . 2009-07-20 14:51 -------- d-----w- e:\documents and settings\All Users\Application Data\15117654
2009-07-14 10:42 . 2009-07-14 10:42 -------- d-sh--w- e:\windows\system32\config\systemprofile\IETldCache
2009-07-02 10:57 . 2009-07-02 10:56 2054424 ----a-w- e:\documents and settings\All Users\Application Data\avg8\update\backup\avgcorex.dll
2009-07-02 10:57 . 2009-07-02 10:56 3403032 ----a-w- e:\documents and settings\All Users\Application Data\avg8\update\backup\avgui.exe
2009-07-02 10:57 . 2009-07-02 10:56 2167576 ----a-w- e:\documents and settings\All Users\Application Data\avg8\update\backup\avgresf.dll
2009-06-30 17:38 . 2009-06-30 17:49 -------- d-----w- e:\program files\Empire Chess

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-28 17:48 . 2006-03-14 09:54 -------- d-----w- e:\program files\BitTorrent
2009-07-27 17:06 . 2006-01-13 02:48 -------- d-----w- e:\program files\PeerGuardian2
2009-07-26 13:05 . 2008-06-06 10:11 -------- d-----w- e:\documents and settings\All Users\Application Data\avg8
2009-07-23 16:52 . 2006-01-03 08:58 -------- d-----w- e:\program files\Common Files\Adobe
2009-07-21 19:47 . 2006-04-18 18:28 -------- d-----w- e:\program files\Java
2009-07-20 15:47 . 2006-01-25 03:24 -------- d-----w- e:\program files\Spybot - Search & Destroy
2009-07-20 15:47 . 2006-01-25 03:24 -------- d-----w- e:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-07-14 17:10 . 2008-01-31 15:21 -------- d-----w- e:\documents and settings\adam\Application Data\WTablet
2009-07-12 20:57 . 2007-06-09 19:32 -------- d-----w- e:\documents and settings\adam\Application Data\Vso
2009-07-12 14:12 . 2008-07-24 16:22 -------- d-----w- e:\documents and settings\All Users\Application Data\Apple
2009-07-10 07:25 . 2008-01-31 17:39 -------- d-----w- e:\documents and settings\LocalService\Application Data\WTablet
2009-07-02 10:56 . 2008-06-06 10:12 335752 ----a-w- e:\windows\system32\drivers\avgldx86.sys
2009-06-26 13:14 . 2008-10-09 11:17 -------- d-----w- e:\program files\Safari
2009-06-26 13:12 . 2009-06-26 13:12 -------- d-----w- e:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-06-26 13:12 . 2009-06-26 13:12 -------- d-----w- e:\program files\iTunes
2009-06-26 13:12 . 2009-06-26 13:12 -------- d-----w- e:\program files\iPod
2009-06-26 13:12 . 2008-07-24 16:22 -------- d-----w- e:\program files\Common Files\Apple
2009-06-26 13:11 . 2009-06-26 13:11 -------- d-----w- e:\program files\QuickTime
2009-06-26 13:08 . 2009-06-26 13:08 75048 ----a-w- e:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe
2009-06-26 13:07 . 2008-05-13 19:15 -------- d-----w- e:\program files\Bonjour
2009-06-26 09:00 . 2008-06-06 10:12 11952 ----a-w- e:\windows\system32\avgrsstx.dll
2009-06-26 09:00 . 2007-02-01 11:24 27784 ----a-w- e:\windows\system32\drivers\avgmfx86.sys
2009-06-16 14:36 . 2004-08-03 23:56 119808 ----a-w- e:\windows\system32\t2embed.dll
2009-06-16 14:36 . 2001-08-23 12:00 81920 ----a-w- e:\windows\system32\fontsub.dll
2009-06-07 16:30 . 2009-06-06 18:06 -------- d-----w- e:\program files\Microsoft Silverlight
2009-06-06 18:07 . 2005-10-25 02:48 31216 ----a-w- e:\documents and settings\adam\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-06 18:06 . 2008-03-04 14:59 -------- d-----w- e:\program files\Windows Live
2009-06-06 18:04 . 2008-10-02 13:09 -------- d-----w- e:\program files\Windows Live Toolbar
2009-06-06 18:04 . 2009-06-06 18:04 -------- d-----w- e:\program files\Microsoft Sync Framework
2009-06-06 18:03 . 2009-06-06 18:03 -------- d-----w- e:\program files\Microsoft SQL Server Compact Edition
2009-06-06 18:02 . 2009-06-06 18:02 -------- d-----w- e:\program files\Microsoft
2009-06-06 18:02 . 2009-06-06 18:02 -------- d-----w- e:\program files\Windows Live SkyDrive
2009-06-06 17:54 . 2009-06-06 17:54 -------- d-----w- e:\program files\Common Files\Windows Live
2009-06-05 10:42 . 2009-06-26 13:09 2060288 ----a-w- e:\windows\system32\usbaaplrc.dll
2009-06-05 10:42 . 2008-07-24 16:22 39424 ----a-w- e:\windows\system32\drivers\usbaapl.sys
2009-06-03 19:09 . 2004-08-03 23:56 1291264 ----a-w- e:\windows\system32\quartz.dll
2009-05-23 11:14 . 2008-06-06 10:12 108552 ----a-w- e:\windows\system32\drivers\avgtdix.sys
2009-05-13 05:15 . 2004-08-03 23:56 915456 ----a-w- e:\windows\system32\wininet.dll
2009-05-07 15:32 . 2004-08-03 23:56 345600 ----a-w- e:\windows\system32\localspl.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-07-26_13.54.05 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-28 17:25 . 2009-07-28 17:25 16384 e:\windows\Temp\Perflib_Perfdata_268.dat
+ 2009-07-27 23:46 . 2009-07-27 23:46 184320 e:\windows\ERDNT\AutoBackup\28-07-2009\Users\00000002\UsrClass.dat
+ 2009-07-27 23:46 . 2005-10-20 11:02 163328 e:\windows\ERDNT\AutoBackup\28-07-2009\ERDNT.EXE
+ 2009-07-27 10:13 . 2009-07-27 10:13 184320 e:\windows\ERDNT\AutoBackup\27-07-2009\Users\00000002\UsrClass.dat
+ 2009-07-27 10:13 . 2005-10-20 11:02 163328 e:\windows\ERDNT\AutoBackup\27-07-2009\ERDNT.EXE
+ 2009-07-27 23:46 . 2009-07-27 23:46 12627968 e:\windows\ERDNT\AutoBackup\28-07-2009\Users\00000001\NTUSER.DAT
+ 2009-07-27 10:13 . 2009-07-27 10:13 12627968 e:\windows\ERDNT\AutoBackup\27-07-2009\Users\00000001\NTUSER.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="e:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="e:\windows\system32\NvCpl.dll" [2007-12-05 8523776]
"SunJavaUpdateSched"="e:\program files\Java\jre6\bin\jusched.exe" [2009-07-21 148888]
"Adobe Reader Speed Launcher"="e:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"AVG8_TRAY"="e:\progra~1\AVG\AVG8\avgtray.exe" [2009-06-26 1948440]
"SoundMan"="SOUNDMAN.EXE" - e:\windows\SOUNDMAN.EXE [2005-05-17 77824]

e:\documents and settings\adam\Start Menu\Programs\Startup\
Adobe Gamma.lnk - e:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
ERUNT AutoBackup.lnk - e:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]

e:\documents and settings\All Users\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - e:\program files\Logitech\SetPoint\SetPoint.exe [2007-2-13 598016]
Microsoft Office.lnk - e:\program files\Microsoft Office\Office\OSA9.EXE [1999-3-22 65588]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-06-26 09:00 11952 ----a-w- e:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKLM\~\startupfolder\E:^Documents and Settings^adam^Start Menu^Programs^Startup^BitTorrent.lnk]
path=e:\documents and settings\adam\Start Menu\Programs\Startup\BitTorrent.lnk
backup=e:\windows\pss\BitTorrent.lnkStartup

[HKLM\~\startupfolder\E:^Documents and Settings^All Users^Start Menu^Programs^Startup^Color Calibration.lnk]
path=e:\documents and settings\All Users\Start Menu\Programs\Startup\Color Calibration.lnk
backup=e:\windows\pss\Color Calibration.lnkCommon Startup

[HKLM\~\startupfolder\E:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=e:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=e:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\E:^Documents and Settings^All Users^Start Menu^Programs^Startup^MagicTune3.5.lnk]
path=e:\documents and settings\All Users\Start Menu\Programs\Startup\MagicTune3.5.lnk
backup=e:\windows\pss\MagicTune3.5.lnkCommon Startup

[HKLM\~\startupfolder\E:^Documents and Settings^All Users^Start Menu^Programs^Startup^NaturalColorLoad.lnk]
path=e:\documents and settings\All Users\Start Menu\Programs\Startup\NaturalColorLoad.lnk
backup=e:\windows\pss\NaturalColorLoad.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"IDriverT"=3 (0x3)
"Adobe LM Service"=3 (0x3)
"usnjsvc"=3 (0x3)
"ewido security suite control"=2 (0x2)
"TabletService"=2 (0x2)
"SeaPort"=2 (0x2)
"NBService"=3 (0x3)
"iPod Service"=3 (0x3)
"fsssvc"=3 (0x3)
"FLEXnet Licensing Service"=3 (0x3)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"e:\\Program Files\\Messenger\\msmsgs.exe"=
"e:\\Program Files\\Xfire\\Xfire.exe"=
"e:\\Program Files\\Valve\\Steam\\SteamApps\\inflatable_love_badger\\half-life 2 lostcoast\\hl2.exe"=
"e:\\Program Files\\Valve\\Steam\\SteamApps\\inflatable_love_badger\\half-life 2\\hl2.exe"=
"e:\\Program Files\\Valve\\Steam\\SteamApps\\inflatable_love_badger\\half-life 2 deathmatch\\hl2.exe"=
"e:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"e:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"e:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"e:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"e:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"e:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"e:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"e:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"e:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"e:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"e:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"e:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"e:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"e:\\Program Files\\Valve\\Steam\\SteamApps\\inflatable_love_badger\\counter-strike source\\hl2.exe"=
"e:\\Program Files\\Valve\\Steam\\SteamApps\\inflatable_love_badger\\valve test app 1003\\Rag_Doll_Kung_Fu_Steam.exe"=
"e:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"=
"e:\\Program Files\\Valve\\Steam\\SteamApps\\inflatable_love_badger\\team fortress 2\\hl2.exe"=
"e:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"e:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"e:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"e:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"e:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"e:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"e:\\Program Files\\iTunes\\iTunes.exe"=

R0 pavboot;pavboot;e:\windows\system32\drivers\pavboot.sys [09/07/2008 10:59 28544]
R1 AvgLdx86;AVG AVI Loader Driver x86;e:\windows\system32\drivers\avgldx86.sys [06/06/2008 11:12 335752]
R1 AvgTdiX;AVG8 Network Redirector;e:\windows\system32\drivers\avgtdix.sys [06/06/2008 11:12 108552]
R2 avg8emc;AVG8 E-mail Scanner;e:\progra~1\AVG\AVG8\avgemc.exe [04/07/2008 09:11 907032]
R2 avg8wd;AVG8 WatchDog;e:\progra~1\AVG\AVG8\avgwdsvc.exe [04/07/2008 09:11 298776]
R2 fssfltr;FssFltr;e:\windows\system32\drivers\fssfltr_tdi.sys [06/06/2009 19:06 55152]
S2 aawservice LM Service;Lavasoft Ad-Aware Service aawservice LM Service;e:\windows\TEMP\oyqeohvabl.exe service --> e:\windows\TEMP\oyqeohvabl.exe service [?]
S3 ggflt;SEMC USB Flash Driver Filter;e:\windows\system32\drivers\ggflt.sys [10/01/2008 10:29 13352]
S3 SDTHOOK;SDTHOOK;e:\windows\system32\drivers\SDTHOOK.SYS [29/12/2007 19:27 44928]
S4 fsssvc;Windows Live Family Safety;e:\program files\Windows Live\Family Safety\fsssvc.exe [06/02/2009 18:08 533360]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"e:\windows\system32\rundll32.exe" "e:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-07-24 e:\windows\Tasks\AppleSoftwareUpdate.job
- e:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 11:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/ig?referrer=ign_n
uInternet Settings,ProxyOverride = *.local
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
.

**************************************************************************

catchme 0.3.1398.3 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-28 19:03
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2009-07-28 19:06
ComboFix-quarantined-files.txt 2009-07-28 18:06
ComboFix2.txt 2009-07-26 13:56

Pre-Run: 10,381,647,872 bytes free
Post-Run: 10,360,619,008 bytes free

Current=5 Default=5 Failed=4 LastKnownGood=6 Sets=1,2,3,4,5,6
523 --- E O F --- 2009-07-16 13:23


[B]HJT log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:39:45, on 28/07/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
E:\WINDOWS\system32\spoolsv.exe
E:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
E:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
E:\Program Files\Bonjour\mDNSResponder.exe
E:\Program Files\Java\jre6\bin\jqs.exe
E:\WINDOWS\system32\nvsvc32.exe
E:\WINDOWS\system32\HPZipm12.exe
E:\WINDOWS\system32\svchost.exe
E:\PROGRA~1\AVG\AVG8\avgrsx.exe
E:\PROGRA~1\AVG\AVG8\avgemc.exe
E:\Program Files\AVG\AVG8\avgcsrvx.exe
E:\WINDOWS\system32\WgaTray.exe
E:\WINDOWS\SOUNDMAN.EXE
E:\Program Files\Java\jre6\bin\jusched.exe
E:\PROGRA~1\AVG\AVG8\avgtray.exe
E:\WINDOWS\system32\ctfmon.exe
E:\Program Files\Logitech\SetPoint\SetPoint.exe
E:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
E:\WINDOWS\explorer.exe
E:\PROGRA~1\AVG\AVG8\avgnsx.exe
E:\Program Files\Internet Explorer\IEXPLORE.EXE
E:\Program Files\Internet Explorer\IEXPLORE.EXE
E:\Program Files\Windows Live\Toolbar\wltuser.exe
E:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/ig?referrer=ign_n
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - E:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - E:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - E:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - E:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - E:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - E:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - E:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "E:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "E:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] E:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [ctfmon.exe] E:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Adobe Gamma.lnk = E:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: ERUNT AutoBackup.lnk = E:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Global Startup: Logitech SetPoint.lnk = E:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = E:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - E:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - E:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.3.102.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.truprint.co.uk/TruprintActivia.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
O16 - DPF: {928626A3-6B98-11CF-90B4-00AA00A4011F} (SurroundVideoCtrl Object) - http://www.portplus.com/apps/popupx2/frames/MSSurVid.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - E:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - E:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - E:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Lavasoft Ad-Aware Service aawservice LM Service (aawservice LM Service) - Unknown owner - E:\WINDOWS\TEMP\oyqeohvabl.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - E:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - E:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - E:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - E:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - E:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NMIndexingService - Nero AG - E:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - E:\WINDOWS\system32\HPZipm12.exe

--
End of file - 7486 bytes


computer seems to be running fine, few bugs, but its often twitchy.
For some reason my add/remove program list will not populate, made it hard to uninstall bitorrent, but I think I did it.
Also the recovery consol, it will not start my computer , it just locks at the initial option screen and I have to restart computer.

For some reason my add/remove program list will not populate
It takes a while, often several minutes, for Windows to get the information it needs. It may be that you did not wait long enough, try it again and see what happens, then let me know.

Also the recovery consol, it will not start my computer , it just locks at the initial option screen and I have to restart computer.
Why would you be trying to start Recovery Console? That is an emergency tool, here is some information.
http://support.microsoft.com/kb/314058
http://support.microsoft.com/kb/307654

AVG 8.5 takes about an hour on my computers but you may have a lot more files on the hard drive. I would suggest, if you have not done it in a while, you run maintenance.
Defragmenting
http://artsweb.bham.ac.uk/artsit/Info/Guides/GoodPractice/defrag-win2kxp.htm
Check for Disk Errors in Windows XP
http://www.microsoft.com/windowsxp/using/helpandsupport/learnmore/tips/kbtip.mspx
http://support.microsoft.com/kb/315265

Let's see if we can wrap up like this:

Remove combofix from the computer like this:

Click START then RUN
Now type or copy Combofix /u in the runbox and click OK.
Note the space between the X and the U, it needs to be there.

http://i189.photobucket.com/albums/z176/EPL47/CF_Cleanup.png

Clean the System Restore files like this:

Turn off System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

Reboot

Turn ON System Restore,
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check *Turn off System Restore*.
Click Apply, and then click OK.


Update MBAM and scan to be sure we missed none of the junk, there is no need to post a clean scan result.
(MBAM is yours to keep if you wish, keep it updated and run it once a month or so)

(optional since you just ran it)
Update AVG and scan the system, to be sure it is running right and scanning clean.
Good information:
FAQ: http://www.avg.com/faq
AVG Free Forum: http://freeforum.avg.com/

If all is well at this point, let me know and I will close the topic.

Some good information for you:
http://users.telenet.be/bluepatchy/miekiemoes/slowcomputer.html
http://www.microsoft.com/windowsxp/using/helpandsupport/learnmore/tips/mcgill1.mspx

Here is some great information from experts in this field that will help you stay clean and safe online.
http://users.telenet.be/bluepatchy/miekiemoes/prevention.html
http://forums.spybot.info/showthread.php?t=279
http://russelltexas.com/malware/allclear.htm
http://forum.malwareremoval.com/viewtopic.php?t=14
http://www.bleepingcomputer.com/forums/topict2520.html
http://cybercoyote.org/security/not-admin.shtml

http://www.malwarecomplaints.info/

Thanks...pskelley
Safer Networking Forums
http://www.spybot.info/en/donate/index.html
If you are reading this information...thank a teacher,
If you are reading it in English...thank a soldier.

How hard are your passwords to crack?
http://www.microsoft.com/protect/yourself/password/checker.mspx

http://users.telenet.be/bluepatchy/miekiemoes/Links.html
http://www.microsoft.com/windows/ie/community/columns/protection.mspx
Improve the safety of your browsing and e-mail activities
http://www.microsoft.com/protect/computer/advanced/browsing.mspx

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Once installed, you should see a blue screen prompt that says:

The Recovery Console was successfully installed



When I astrt up the comp it goes to a black screen with the two options on it, normal and recovery console, but the computer locks at this point and I cant do anything, it stays this way until restarted.

Apart from this everything seems fine! Thanks very mcuh for all the help! Dont know hat I would have done otherwise.

Complete the instructions to remove combofix and reset System Restore, then if the issues continues, see if anything here helps:
http://support.microsoft.com/kb/314058

done and done, again thank you very much for all the help