Need assistance - Disabled secturity programs & redirecting net searches (Resolved)

Download a fresh Copy of Combofix from one of the following links .. (delete any old ones)

ComboFix.exe
ComboFix.exe


----------------------------------------------------------------------------------------
Avenger

Note to users reading this topic! This script was created specificly for the particular infection on this specific machine! If you are not this user, do NOT follow these directions as they could damage the workings of your system.
  1. Please download The Avenger2 by SwanDog46.
  2. Unzip avenger.exe to your desktop.
  3. Copy the text in the following codebox by selecting all of it, and pressing (<Control> + C) or by right clicking and selecting "Copy"
    Code: 
    Drivers to disable:
kungsfimrybfpl
SKYNETeorjqjoq
UACd.sys
  4. Now start The Avenger2 by double clicking avenger.exe on your desktop.
  5. Read the prompt that appears, and press OK.
  6. Paste the script into the textbox that appears, using (<Control> + V) or by right clicking and choosing "Paste".
  7. Press the "Execute" button.
  8. You will be presented with 2 confirmation prompts. Select yes on each. Your system will reboot.
    Note: It is possible that Avenger will reboot your system TWICE.
  9. Upon reboot, a command prompt window will appear on your screen for a few seconds, and then Avenger's log will open. Please paste that log here in your next post.

----------------------------------------------------------------------------------------



When Avenger has rebooted the machine, disable all your security programs as before and double click the new Comofix.
 
I copy and pasted the text you provided into avenger, pressed execute and my system rebooted. I returned to safe mode (with networking) and received no further prompts from avenger, and was unable to run Combofix.

When avenger reboots my system, should I allow it to boot to normal windows, or should I be returning to safe mode? I'm also still wary of those two instances of iexplore.exe running on their own...
 
I restarted the system and allowed it to boot to normal windows, where Avenger was able to run and produce the log. Combofix still not working.


Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.

Hidden driver "a3pw8n89" found!
Could not open driver a3pw8n89 for rootkit scan. Error:c0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

Rootkit scan completed.

Driver "kungsfimrybfpl" disabled successfully.
Driver "SKYNETeorjqjoq" disabled successfully.
Disablement of driver "UACd.sys" failed!
Status: 0xc0000001 (STATUS_UNSUCCESSFUL)


Completed script processing.

*******************

Finished! Terminate.
 
Please run GMER again, and post the fresh log.
Let's see if avenger did any good.
 
Ran gmer again, and it found a rootkit and asked if i want to do a full scan. I selected Yes, and the full scan ran but later encountered a serious error and shuts down. I did this twice and the same thing happened. I just ran it a third time and had success (i think). Here's the log:

GMER 1.0.15.15077 [Look.exe] - http://www.gmer.net
Rootkit scan 2009-08-25 17:09:46
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.15 ----

INT 0x62 ? 8A6D0BF8
INT 0x63 ? 8A5DDBF8
INT 0x73 ? 8A5DDBF8
INT 0x82 ? 8A6D0BF8
INT 0x83 ? 8A6D0BF8
INT 0xA4 ? 8A5DDBF8
INT 0xB4 ? 8A5DDBF8

Code 8A51F5E8 ZwEnumerateKey
Code 8A512980 ZwFlushInstructionCache
Code 8A1944F6 IofCallDriver
Code 8A174366 IofCompleteRequest
Code 8A5DCE55 ZwSaveKey
Code 8A5A7E55 ZwSaveKeyEx

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!IofCallDriver 804E13A7 5 Bytes JMP 8A1944FB
.text ntoskrnl.exe!IofCompleteRequest 804E17BD 5 Bytes JMP 8A17436B
.text ntoskrnl.exe!ZwSaveKey 804E42AE 5 Bytes JMP 8A5DCE5A
.text ntoskrnl.exe!ZwSaveKeyEx 804E42C2 5 Bytes JMP 8A5A7E5A
PAGE ntoskrnl.exe!ZwEnumerateKey 805783A4 5 Bytes JMP 8A51F5EC
PAGE ntoskrnl.exe!ZwFlushInstructionCache 80585F1C 5 Bytes JMP 8A512984
? spzf.sys The system cannot find the file specified. !
.text USBPORT.SYS!DllUnload BA6AD62C 5 Bytes JMP 8A5DD1D8

---- User code sections - GMER 1.0.15 ----

.text C:\program files\Mozilla Firefox\firefox.exe[964] WS2_32.dll!connect 71AB406A 5 Bytes JMP 100127E0 \\?\globalroot\systemroot\system32\UACgqfucbfalq.dll
.text C:\program files\Mozilla Firefox\firefox.exe[964] WS2_32.dll!send 71AB428A 5 Bytes JMP 100127C0 \\?\globalroot\systemroot\system32\UACgqfucbfalq.dll
.text C:\program files\Mozilla Firefox\firefox.exe[964] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 100129A0 \\?\globalroot\systemroot\system32\UACgqfucbfalq.dll
.text C:\Program Files\Internet Explorer\Iexplore.exe[1296] USER32.dll!CreateWindowExW 7E41FC25 5 Bytes JMP 3E2ED2C4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\Iexplore.exe[1296] USER32.dll!DialogBoxParamW 7E42555F 5 Bytes JMP 3E2151D5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\Iexplore.exe[1296] USER32.dll!DialogBoxIndirectParamW 7E432032 5 Bytes JMP 3E40B6CB C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\Iexplore.exe[1296] USER32.dll!MessageBoxIndirectA 7E43A04A 5 Bytes JMP 3E40B5FD C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\Iexplore.exe[1296] USER32.dll!DialogBoxParamA 7E43B10C 5 Bytes JMP 3E40B668 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\Iexplore.exe[1296] USER32.dll!MessageBoxExW 7E4505D8 5 Bytes JMP 3E40B4CE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\Iexplore.exe[1296] USER32.dll!MessageBoxExA 7E4505FC 5 Bytes JMP 3E40B530 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\Iexplore.exe[1296] USER32.dll!DialogBoxIndirectParamA 7E456B50 5 Bytes JMP 3E40B72E C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\Iexplore.exe[1296] USER32.dll!MessageBoxIndirectW 7E4662AB 5 Bytes JMP 3E40B592 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\Iexplore.exe[1296] WS2_32.dll!connect 71AB406A 5 Bytes JMP 100127E0
.text C:\Program Files\Internet Explorer\Iexplore.exe[1296] WS2_32.dll!send 71AB428A 5 Bytes JMP 100127C0
.text C:\Program Files\Internet Explorer\Iexplore.exe[1296] WS2_32.dll!recv 71AB615A 5 Bytes JMP 100127A0
.text C:\Program Files\Internet Explorer\Iexplore.exe[1296] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 100129A0
.text C:\Program Files\Internet Explorer\Iexplore.exe[1296] WININET.dll!HttpAddRequestHeadersA 3D94D02E 5 Bytes JMP 010B000A
.text C:\Program Files\Internet Explorer\Iexplore.exe[1296] WININET.dll!HttpAddRequestHeadersW 3D94FF29 5 Bytes JMP 011A000A
.text C:\Program Files\Internet Explorer\Iexplore.exe[1432] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 3E254254 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\Iexplore.exe[1432] USER32.dll!CallNextHookEx 7E41F85B 5 Bytes JMP 3E2DC8A9 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\Iexplore.exe[1432] USER32.dll!CreateWindowExW 7E41FC25 5 Bytes JMP 3E2ED2C4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\Iexplore.exe[1432] USER32.dll!DialogBoxParamW 7E42555F 5 Bytes JMP 3E2151D5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\Iexplore.exe[1432] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 3E2E9261 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\Iexplore.exe[1432] USER32.dll!DialogBoxIndirectParamW 7E432032 5 Bytes JMP 3E40B6CB C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\Iexplore.exe[1432] USER32.dll!MessageBoxIndirectA 7E43A04A 5 Bytes JMP 3E40B5FD C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\Iexplore.exe[1432] USER32.dll!DialogBoxParamA 7E43B10C 5 Bytes JMP 3E40B668 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\Iexplore.exe[1432] USER32.dll!MessageBoxExW 7E4505D8 5 Bytes JMP 3E40B4CE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\Iexplore.exe[1432] USER32.dll!MessageBoxExA 7E4505FC 5 Bytes JMP 3E40B530 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\Iexplore.exe[1432] USER32.dll!DialogBoxIndirectParamA 7E456B50 5 Bytes JMP 3E40B72E C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\Iexplore.exe[1432] USER32.dll!MessageBoxIndirectW 7E4662AB 5 Bytes JMP 3E40B592 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\Iexplore.exe[1432] ole32.dll!CoCreateInstance 774FFAC3 5 Bytes JMP 3E2ED320 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\Iexplore.exe[1432] WS2_32.dll!connect 71AB406A 5 Bytes JMP 100127E0
.text C:\Program Files\Internet Explorer\Iexplore.exe[1432] WS2_32.dll!send 71AB428A 5 Bytes JMP 100127C0
.text C:\Program Files\Internet Explorer\Iexplore.exe[1432] WS2_32.dll!recv 71AB615A 5 Bytes JMP 100127A0
.text C:\Program Files\Internet Explorer\Iexplore.exe[1432] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 100129A0
.text C:\Program Files\Internet Explorer\Iexplore.exe[1432] WININET.dll!HttpAddRequestHeadersA 3D94D02E 5 Bytes JMP 010B000A
.text C:\Program Files\Internet Explorer\Iexplore.exe[1432] WININET.dll!HttpAddRequestHeadersW 3D94FF29 5 Bytes JMP 011A000A

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \WINDOWS\System32\Drivers\SCSIPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 8A6622D8
IAT pci.sys[ntoskrnl.exe!IoDetachDevice] [F7508C4C] spzf.sys
IAT pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F7508CA0] spzf.sys
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F74D8040] spzf.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F74D813C] spzf.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F74D80BE] spzf.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F74D87FC] spzf.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F74D86D2] spzf.sys
IAT \SystemRoot\system32\DRIVERS\USBPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 8A5DD2D8
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F74E8048] spzf.sys

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\Internet Explorer\Iexplore.exe[1432] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [451F1A7B] C:\Program Files\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 8A65E1F8
Device \FileSystem\Fastfat \FatCdrom 8A0C11F8
Device \Driver\usbohci \Device\USBPDO-0 8A5DC1F8
Device \Driver\usbohci \Device\USBPDO-1 8A5DC1F8
Device \Driver\dmio \Device\DmControl\DmIoDaemon 8A6601F8
Device \Driver\dmio \Device\DmControl\DmConfig 8A6601F8
Device \Driver\dmio \Device\DmControl\DmPnP 8A6601F8
Device \Driver\dmio \Device\DmControl\DmInfo 8A6601F8
Device \Driver\usbohci \Device\USBPDO-2 8A5DC1F8
Device \Driver\usbohci \Device\USBPDO-3 8A5DC1F8
Device \Driver\usbohci \Device\USBPDO-4 8A5DC1F8
Device \Driver\usbehci \Device\USBPDO-5 8A52D1F8
Device \Driver\Ftdisk \Device\HarddiskVolume1 8A6D11F8
Device \Driver\Ftdisk \Device\HarddiskVolume2 8A6D11F8
Device \Driver\atapi \Device\Ide\IdePort0 8A6D01F8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 8A6D01F8
Device \Driver\atapi \Device\Ide\IdePort1 8A6D01F8
Device \Driver\atapi \Device\Ide\IdePort2 8A6D01F8
Device \Driver\atapi \Device\Ide\IdePort3 8A6D01F8
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-12 8A6D01F8
Device \Driver\sptd \Device\3092614628 spzf.sys
Device \Driver\PCI_PNP8378 \Device\0000004a spzf.sys
Device \Driver\PCI_PNP8378 \Device\0000004a spzf.sys
Device \Driver\NetBT \Device\NetBt_Wins_Export 8A11E1F8
Device \Driver\NetBT \Device\NetbiosSmb 8A11E1F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{0E0E37F0-3EF7-43E1-A8A5-B7F35B4A012C} 8A11E1F8
Device ACPI.sys (ACPI Driver for NT/Microsoft Corporation)
Device \Driver\usbohci \Device\USBFDO-0 8A5DC1F8
Device \Driver\usbohci \Device\USBFDO-1 8A5DC1F8
Device \Driver\usbohci \Device\USBFDO-2 8A5DC1F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 8A1101F8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 8A1101F8
Device \Driver\usbohci \Device\USBFDO-3 8A5DC1F8
Device \Driver\Ftdisk \Device\FtControl 8A6D11F8
Device \Driver\usbohci \Device\USBFDO-4 8A5DC1F8
Device \Driver\usbehci \Device\USBFDO-5 8A52D1F8
Device \Driver\ntcdrdrv \Device\Scsi\ntcdrdrv1 8A65F1F8
Device \Driver\a2pgr0zp \Device\Scsi\a2pgr0zp1Port5Path0Target0Lun0 8A5161F8
Device \Driver\a2pgr0zp \Device\Scsi\a2pgr0zp1 8A5161F8
Device \Driver\ntcdrdrv \Device\Scsi\ntcdrdrv1Port4Path0Target0Lun0 8A65F1F8
Device \FileSystem\Fastfat \Fat 8A0C11F8
Device \FileSystem\Cdfs \Cdfs 8A0F51F8
---- Processes - GMER 1.0.15 ----

Library \\?\globalroot\systemroot\system32\UACfuxthxjqcr.dll (*** hidden *** ) @ C:\WINDOWS\Explorer.EXE [196] 0x00E40000
Library \\?\globalroot\systemroot\system32\UACgqfucbfalq.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [864] 0x01120000
Library \\?\globalroot\systemroot\system32\UACgqfucbfalq.dll (*** hidden *** ) @ C:\program files\Mozilla Firefox\firefox.exe [964] 0x10000000
Library \\?\globalroot\systemroot\system32\UACgqfucbfalq.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [972] 0x10000000
Library \\?\globalroot\systemroot\system32\UACutimusipfy.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [972] 0x00860000
Library \\?\globalroot\systemroot\system32\UACgqfucbfalq.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1140] 0x10000000
Library \\?\globalroot\systemroot\system32\UACutimusipfy.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1140] 0x00860000
Library \\?\globalroot\systemroot\system32\UACfuxthxjqcr.dll (*** hidden *** ) @ C:\Program Files\Internet Explorer\Iexplore.exe [1296] 0x00C60000
Library \\?\globalroot\systemroot\system32\UACgqfucbfalq.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1300] 0x10000000
Library \\?\globalroot\systemroot\system32\UACutimusipfy.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1300] 0x00860000
Library \\?\globalroot\systemroot\system32\UACfuxthxjqcr.dll (*** hidden *** ) @ C:\Program Files\Internet Explorer\Iexplore.exe [1432] 0x00C60000

---- Services - GMER 1.0.15 ----

Service system32\drivers\kungsfwmqrjoeu.sys (*** hidden *** ) [DISABLED] kungsfimrybfpl <-- ROOTKIT !!!
Service system32\drivers\SKYNETmccxnose.sys (*** hidden *** ) [DISABLED] SKYNETeorjqjoq <-- ROOTKIT !!!
Service C:\WINDOWS\system32\drivers\UACawesrlcwcg.sys (*** hidden *** ) [SYSTEM] UACd.sys <-- ROOTKIT !!!

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\kungsfimrybfpl@start 4
Reg HKLM\SYSTEM\CurrentControlSet\Services\kungsfimrybfpl@type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\kungsfimrybfpl@group file system
Reg HKLM\SYSTEM\CurrentControlSet\Services\kungsfimrybfpl@imagepath \systemroot\system32\drivers\kungsfwmqrjoeu.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\kungsfimrybfpl\main
Reg HKLM\SYSTEM\CurrentControlSet\Services\kungsfimrybfpl\main@aid 10002
Reg HKLM\SYSTEM\CurrentControlSet\Services\kungsfimrybfpl\main@sid 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\kungsfimrybfpl\main@cmddelay 7200
Reg HKLM\SYSTEM\CurrentControlSet\Services\kungsfimrybfpl\main\delete
Reg HKLM\SYSTEM\CurrentControlSet\Services\kungsfimrybfpl\main\injector
Reg HKLM\SYSTEM\CurrentControlSet\Services\kungsfimrybfpl\main\injector@* kungsfwsp.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\kungsfimrybfpl\main\tasks
Reg HKLM\SYSTEM\CurrentControlSet\Services\kungsfimrybfpl\modules
Reg HKLM\SYSTEM\CurrentControlSet\Services\kungsfimrybfpl\modules@kungsfrk.sys \systemroot\system32\drivers\kungsfwmqrjoeu.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\kungsfimrybfpl\modules@kungsfcmd.dll \systemroot\system32\kungsfxlfswtpm.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\kungsfimrybfpl\modules@kungsflog.dat \systemroot\system32\kungsfqwnwdxxx.dat
Reg HKLM\SYSTEM\CurrentControlSet\Services\kungsfimrybfpl\modules@kungsfwsp.dll \systemroot\system32\kungsfsmprshqu.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\kungsfimrybfpl\modules@kungsf.dat \systemroot\system32\kungsfgpnnqjrk.dat
Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETeorjqjoq@start 4
Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETeorjqjoq@type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETeorjqjoq@group file system
Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETeorjqjoq@imagepath \systemroot\system32\drivers\SKYNETmccxnose.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETeorjqjoq\main
Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETeorjqjoq\main\injector
Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETeorjqjoq\modules
Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETeorjqjoq\modules@SKYNETrk.sys \systemroot\system32\drivers\SKYNETmccxnose.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETeorjqjoq\modules@SKYNETcmd.dll \systemroot\system32\SKYNETeqobdwpr.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x76 0x72 0xA1 0x55 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x12 0xA7 0x6F 0x0E ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x4E 0xAD 0x38 0x77 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys@start 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys@type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys@imagepath \systemroot\system32\drivers\UACawesrlcwcg.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys@group file system
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@UACd \\?\globalroot\systemroot\system32\drivers\UACawesrlcwcg.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@UACc \\?\globalroot\systemroot\system32\UACemtvytpysy.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@UACsr \\?\globalroot\systemroot\system32\UACewiwuyusct.dat
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacbbr \\?\globalroot\systemroot\system32\UACgqfucbfalq.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacmal \\?\globalroot\systemroot\system32\UACegxwvvpwsa.db
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacrem \\?\globalroot\systemroot\system32\UACutimusipfy.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacserf \\?\globalroot\systemroot\system32\UACfuxthxjqcr.dll
Reg HKLM\SYSTEM\ControlSet002\Services\kungsfimrybfpl@start 4
Reg HKLM\SYSTEM\ControlSet002\Services\kungsfimrybfpl@type 1
Reg HKLM\SYSTEM\ControlSet002\Services\kungsfimrybfpl@group file system
Reg HKLM\SYSTEM\ControlSet002\Services\kungsfimrybfpl@imagepath \systemroot\system32\drivers\kungsfwmqrjoeu.sys
Reg HKLM\SYSTEM\ControlSet002\Services\kungsfimrybfpl\main (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\kungsfimrybfpl\main@aid 10002
Reg HKLM\SYSTEM\ControlSet002\Services\kungsfimrybfpl\main@sid 0
Reg HKLM\SYSTEM\ControlSet002\Services\kungsfimrybfpl\main@cmddelay 7200
Reg HKLM\SYSTEM\ControlSet002\Services\kungsfimrybfpl\main\delete (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\kungsfimrybfpl\main\injector (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\kungsfimrybfpl\main\injector@* kungsfwsp.dll
Reg HKLM\SYSTEM\ControlSet002\Services\kungsfimrybfpl\main\tasks (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\kungsfimrybfpl\modules (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\kungsfimrybfpl\modules@kungsfrk.sys \systemroot\system32\drivers\kungsfwmqrjoeu.sys
Reg HKLM\SYSTEM\ControlSet002\Services\kungsfimrybfpl\modules@kungsfcmd.dll \systemroot\system32\kungsfxlfswtpm.dll
Reg HKLM\SYSTEM\ControlSet002\Services\kungsfimrybfpl\modules@kungsflog.dat \systemroot\system32\kungsfqwnwdxxx.dat
Reg HKLM\SYSTEM\ControlSet002\Services\kungsfimrybfpl\modules@kungsfwsp.dll \systemroot\system32\kungsfsmprshqu.dll
Reg HKLM\SYSTEM\ControlSet002\Services\kungsfimrybfpl\modules@kungsf.dat \systemroot\system32\kungsfgpnnqjrk.dat
Reg HKLM\SYSTEM\ControlSet002\Services\SKYNETeorjqjoq@start 4
Reg HKLM\SYSTEM\ControlSet002\Services\SKYNETeorjqjoq@type 1
Reg HKLM\SYSTEM\ControlSet002\Services\SKYNETeorjqjoq@group file system
Reg HKLM\SYSTEM\ControlSet002\Services\SKYNETeorjqjoq@imagepath \systemroot\system32\drivers\SKYNETmccxnose.sys
Reg HKLM\SYSTEM\ControlSet002\Services\SKYNETeorjqjoq\main (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\SKYNETeorjqjoq\main\injector (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\SKYNETeorjqjoq\modules (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\SKYNETeorjqjoq\modules@SKYNETrk.sys \systemroot\system32\drivers\SKYNETmccxnose.sys
Reg HKLM\SYSTEM\ControlSet002\Services\SKYNETeorjqjoq\modules@SKYNETcmd.dll \systemroot\system32\SKYNETeqobdwpr.dll
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x76 0x72 0xA1 0x55 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x12 0xA7 0x6F 0x0E ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x4E 0xAD 0x38 0x77 ...
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys@start 1
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys@type 1
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys@imagepath \systemroot\system32\drivers\UACawesrlcwcg.sys
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys@group file system
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys\modules (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys\modules@UACd \\?\globalroot\systemroot\system32\drivers\UACawesrlcwcg.sys
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys\modules@UACc \\?\globalroot\systemroot\system32\UACemtvytpysy.dll
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys\modules@UACsr \\?\globalroot\systemroot\system32\UACewiwuyusct.dat
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys\modules@uacbbr \\?\globalroot\systemroot\system32\UACgqfucbfalq.dll
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys\modules@uacmal \\?\globalroot\systemroot\system32\UACegxwvvpwsa.db
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys\modules@uacrem \\?\globalroot\systemroot\system32\UACutimusipfy.dll
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys\modules@uacserf \\?\globalroot\systemroot\system32\UACfuxthxjqcr.dll

---- Files - GMER 1.0.15 ----

File C:\Photoshop\Uninst.isu (size mismatch) 45056/808955 bytes executable

---- EOF - GMER 1.0.15 ----
 
Boot to safe mode and try the following.

If the first instruction doesn't work, try the second

#1
Run ComboFix using these instructions:

Click the Windows 'Start' button > Select 'Run' - then copy/paste the following bolded text into the run box & click OK.

"%userprofile%\desktop\combofix.exe" /killall

When finished, it shall produce a log for you. Post that log in your next reply.

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.




#2
Run ComboFix using these instructions:

Click the Windows 'Start' button > Select 'Run' - then copy/paste the following bolded text into the run box & click OK.

"%userprofile%\desktop\combofix.exe" /stepdel

When finished, it shall produce a log for you. Post that log in your next reply.

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
 
I was finally(!) able to run combofix using the 2nd method provided. I hope it will help us move forward in this....


ComboFix 09-08-25.04 - Dug Chan 26/08/2009 2:12.1.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.2.1033.18.2046.1664 [GMT -7:00]
Running from: c:\documents and settings\Dug Chan\Desktop\ComboFix.exe
Command switches used :: /stepdel
* Created a new restore point
.
PEV Error: CacheFolder

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Installer\2da2ee1.msi
c:\windows\Installer\2e6db.msi
c:\documents and settings\Dug Chan\Application Data\inst.exe
c:\documents and settings\Dug Chan\My Documents\ZbThumbnail.info
c:\windows\run.log
c:\windows\system32\drivers\kungsfwmqrjoeu.sys
c:\windows\system32\drivers\SKYNETmccxnose.sys
c:\windows\system32\drivers\UACawesrlcwcg.sys
c:\windows\system32\kungsfgpnnqjrk.dat
c:\windows\system32\kungsfqwnwdxxx.dat
c:\windows\system32\kungsfsmprshqu.dll
c:\windows\system32\kungsfxlfswtpm.dll
c:\windows\system32\SKYNETeqobdwpr.dll
c:\windows\system32\UACegxwvvpwsa.db
c:\windows\system32\UACemtvytpysy.dll
c:\windows\system32\UACewiwuyusct.dat
c:\windows\system32\UACfuxthxjqcr.dll
c:\windows\system32\UACgqfucbfalq.dll
c:\windows\system32\uacinit.dll
c:\windows\system32\UACutimusipfy.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_kungsfimrybfpl
-------\Legacy_kungsfimrybfpl
-------\Service_SKYNETeorjqjoq
-------\Legacy_SKYNETeorjqjoq
-------\Service_UACd.sys
-------\Legacy_UACd.sys


((((((((((((((((((((((((( Files Created from 2009-07-26 to 2009-08-26 )))))))))))))))))))))))))))))))
.

2009-08-25 08:17 . 2009-08-25 08:17 -------- d-----w- c:\documents and settings\Administrator.DUG\Local Settings\Application Data\Mozilla
2009-08-25 08:16 . 2009-08-25 08:16 -------- d-sh--w- c:\documents and settings\Administrator.DUG\PrivacIE
2009-08-24 20:33 . 2009-08-03 20:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-24 20:33 . 2009-08-24 20:34 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-24 20:33 . 2009-08-03 20:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-23 08:27 . 2009-08-23 08:28 -------- d-----w- C:\rsit
2009-08-23 08:27 . 2009-08-23 08:28 -------- d-----w- c:\program files\trend micro
2009-08-23 08:25 . 2009-08-24 19:52 174 ----a-w- c:\windows\system32\uacsr.dat
2009-08-23 08:25 . 2009-08-23 08:25 174 ----a-w- c:\windows\system32\UACcbritfjolx.dat
2009-08-19 00:10 . 2009-08-19 00:10 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-08-18 23:34 . 2009-08-18 23:46 -------- d-----w- C:\H.osts
2009-08-18 23:26 . 2009-08-18 23:26 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-08-18 23:26 . 2009-08-18 23:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-08-18 03:09 . 2008-08-07 09:49 -------- d-----w- c:\documents and settings\Administrator.DUG\Local Settings\Application Data\Microsoft Help
2009-08-18 02:10 . 2009-08-18 02:10 71168 ----a-w- c:\windows\system32\drivers\mtvpwipyyqxnkibi.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-25 18:08 . 2008-07-22 20:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-08-23 22:30 . 2007-12-26 10:25 -------- d-----w- c:\program files\BearShare
2009-08-18 04:27 . 2008-01-16 09:52 -------- d-----w- c:\program files\Common Files\Adobe
2009-08-18 03:05 . 2007-12-16 10:42 -------- d-----w- c:\program files\lg_fwupdate
2009-08-18 01:58 . 2009-08-18 01:58 784390 ----a-w- c:\windows\system32\xa.tmp
2009-08-17 22:57 . 2009-07-19 18:54 -------- d-----w- c:\documents and settings\Dug Chan\Application Data\vlc
2009-08-17 21:25 . 2008-04-21 03:50 -------- d-----w- c:\documents and settings\Dug Chan\Application Data\uTorrent
2009-08-17 10:42 . 2009-04-27 01:46 -------- d-----w- c:\documents and settings\Dug Chan\Application Data\Audacity
2009-08-05 22:20 . 2009-06-26 19:44 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-07-21 07:48 . 2009-07-21 07:47 -------- d-----w- c:\program files\iTunes
2009-07-21 07:47 . 2009-07-21 07:47 -------- d-----w- c:\program files\iPod
2009-07-21 07:47 . 2007-12-28 10:03 -------- d-----w- c:\program files\Common Files\Apple
2009-07-21 07:44 . 2009-07-21 07:44 75040 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.2.1.6\SetupAdmin.exe
2009-06-02 00:06 . 2009-06-02 00:06 34063 ----a-w- c:\documents and settings\Dug Chan\Application Data\Move Networks\ie_bin\Uninst.exe
2009-05-29 20:36 . 2009-03-20 21:14 2060288 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-05-29 20:36 . 2007-12-28 10:04 39424 ----a-w- c:\windows\system32\drivers\usbaapl.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"Creative Detector"="c:\program files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-03 102400]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-08-08 490952]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-03 208952]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 56928]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-06 54832]
"LGODDFU"="c:\program files\lg_fwupdate\fwupdate.exe" [2007-12-16 249856]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"SecurDisc"="c:\program files\Nero\Nero 7\InCD\NBHGui.exe" [2007-05-15 1628208]
"InCD"="c:\program files\Nero\Nero 7\InCD\InCD.exe" [2007-05-15 1057328]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-10-22 136600]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]
"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2007-07-23 77824]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-05-14 177472]
"Nokia FastStart"="c:\program files\Nokia\Nokia Music\NokiaMusic.exe" [2008-06-30 2327776]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-27 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2007-03-21 16126464]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

c:\documents and settings\Dug Chan\Start Menu\Programs\Startup\
Stardock ObjectDock.lnk - c:\program files\Stardock\ObjectDock\ObjectDock.exe [2007-12-26 3450608]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2008-07-03 20:43 10536 ----a-w- c:\program files\Citrix\GoToAssist\516\g2awinlogon.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"AntiVirService"=3 (0x3)
"AntiVirSchedulerService"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\ABC\\abc.exe"=
"c:\\Program Files\\Steam\\steamapps\\dukerus\\half-life 2 deathmatch\\hl2.exe"=
"c:\\Program Files\\Electronic Arts\\Command & Conquer 3\\RetailExe\\1.9\\cnc3game.dat"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Steam\\steamapps\\dukerus\\team fortress 2\\hl2.exe"=
"d:\\Games\\Unreal Tournament 3\\Binaries\\UT3.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"d:\\Games\\Battle for Middle Earth II\\game.dat"=
"d:\\Games\\Battle for Middle Earth II\\EP1\\game.dat"=
"c:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"=
"c:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"=
"c:\\Program Files\\Electronic Arts\\Command & Conquer 3 Kane's Wrath\\RetailExe\\1.0\\cnc3ep1.dat"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"d:\\Games\\LucasArts\\Jedi Outcast\\GameData\\jk2mp.exe"=
"c:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"d:\\Games\\Mirror's Edge\\Binaries\\MirrorsEdge.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R0 ntcdrdrv;ntcdrdrv;c:\windows\system32\drivers\ntcdrdrv.sys [17/04/2008 5:53 PM 13440]
R3 AtiHdmiService;ATI Function Driver for HDMI Service;c:\windows\system32\drivers\AtiHdmi.sys [20/07/2007 7:40 PM 84992]
S3 miniusb;FrameManager Display Adapter;c:\windows\system32\DRIVERS\sam_miniusb.sys --> c:\windows\system32\DRIVERS\sam_miniusb.sys [?]
S3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\drivers\s0016bus.sys [21/10/2008 8:58 PM 89256]
S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\drivers\s0016mdfl.sys [21/10/2008 8:58 PM 15016]
S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\drivers\s0016mdm.sys [21/10/2008 8:58 PM 120744]
S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0016mgmt.sys [21/10/2008 8:58 PM 114216]
S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\drivers\s0016nd5.sys [21/10/2008 8:58 PM 25512]
S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\drivers\s0016obex.sys [21/10/2008 8:58 PM 110632]
S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\drivers\s0016unic.sys [21/10/2008 8:58 PM 115752]
S3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\drivers\s1018bus.sys [21/10/2008 8:58 PM 90408]
S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\drivers\s1018mdfl.sys [21/10/2008 8:58 PM 15016]
S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\drivers\s1018mdm.sys [21/10/2008 8:58 PM 122024]
S3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s1018mgmt.sys [21/10/2008 8:58 PM 115368]
S3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\drivers\s1018nd5.sys [21/10/2008 8:58 PM 25768]
S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\drivers\s1018obex.sys [21/10/2008 8:58 PM 111784]
S3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\drivers\s1018unic.sys [21/10/2008 8:58 PM 117544]
S3 SODI;SODI;c:\windows\system32\DRIVERS\sam_miniport.sys --> c:\windows\system32\DRIVERS\sam_miniport.sys [?]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://xbox360.ign.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Dug Chan\Application Data\Mozilla\Firefox\Profiles\4t6o41bt.default\
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-26 02:17
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2000478354-73586283-682003330-1003\Software\SecuROM\License information*]
"datasecu"=hex:42,8c,28,b1,e7,15,de,32,4d,f9,6d,e6,3f,23,59,92,92,39,7e,16,48,
ee,70,6c,b7,d5,67,e4,12,c6,11,10,73,da,03,fd,5a,31,66,f4,ed,9f,94,e0,08,ea,\
"rkeysecu"=hex:b2,95,69,23,48,0e,8f,40,83,e4,b7,0a,9a,82,70,69
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(764)
c:\windows\system32\Ati2evxx.dll
c:\program files\Citrix\GoToAssist\516\G2AWinLogon.dll
.
Completion time: 2009-08-26 2:18
ComboFix-quarantined-files.txt 2009-08-26 09:18

Pre-Run: 78,777,982,976 bytes free
Post-Run: 78,772,711,424 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer

229 --- E O F --- 2009-03-04 11:00
 
Excellent

The rest should be plain sailing now :)

----------------------------------------------------------------------------------------
Step 1

Custom CFScript
  • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

    Code: 
    http://forums.spybot.info/showthread.php?p=331143#post331143
Collect::
c:\windows\system32\uacsr.dat
c:\windows\system32\UACcbritfjolx.dat
c:\windows\system32\drivers\mtvpwipyyqxnkibi.sys
c:\windows\system32\xa.tmp
DirLook::
C:\H.osts
Folder::
c:\Program Files\BearShare
c:\documents and settings\Dug Chan\Application Data\uTorrent
Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"=-

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\ABC\\abc.exe"=-
"c:\\Program Files\\uTorrent\\uTorrent.exe"=-
ADS::
  • Save this as CFScript.txt and place it on your desktop.


    CFScriptb.gif


  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • **Note**
    When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture files to submit for analysis.
    • Ensure you are connected to the internet and click OK on the message box.
  • Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.


----------------------------------------------------------------------------------------
Step 2

Malwarebytes' Anti-Malware

  • Start MalwareBytes AntiMalware
    • Update Malwarebytes' Anti-Malware
    • Select the Update tab
    • Click Update
  • When the update is complete, select the Scanner tab
  • Select Perform full scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

----------------------------------------------------------------------------------------
Step 3

Kaspersky Online Scanner .
Your Antivirus and/or Antispyware may give a warning during the scan. This is perfectly normal
NOTE:- This scan is best done from IE (Internet Explorer)
NOTE:- Vista users should start IE by Start(Vista Orb) >> Internet Explorer >> Right-Click Run As Admin
Go Here http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html

Read the Requirements and limitations before you click Accept.
Once the database has downloaded, click My Computer in the left pane
Now go and put the kettle on !
When the scan has completed, click Save Report As...
Enter a name for the file in the Filename: text box and then click the down arrow to the right of Save as type: and select text file (*.txt)
Click Save - by default the file will be saved to your Desktop, but you can change this if you wish.


**Note**

To optimize scanning time and produce a more sensible report for review:
  • Close any open programs.
  • Turn off the real-time scanner of all antivirus or antispyware programs while performing the online scan.
Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%.

----------------------------------------------------------------------------------------
Logs/Information to Post in Reply
Please post the following logs/Information in your reply
Some of the logs I request will be quite large, You may need to split them over a couple of replies.
  • Combofix log
  • MalwareBytes log
  • Kaspersky log
  • How are things running now ?
 
Looks like I'll have to split my Combofix log into two posts..

ComboFix 09-08-26.05 - Dug Chan 26/08/2009 12:19.2.2 - NTFSx86 NETWORK
Microsoft Windows XP Professional 5.1.2600.2.1252.2.1033.18.2046.1755 [GMT -7:00]
Running from: c:\documents and settings\Dug Chan\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Dug Chan\Desktop\CFScript.txt

file zipped: c:\windows\system32\drivers\mtvpwipyyqxnkibi.sys
file zipped: c:\windows\system32\UACcbritfjolx.dat
file zipped: c:\windows\system32\uacsr.dat
file zipped: c:\windows\system32\xa.tmp
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Dug Chan\Application Data\uTorrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\-The_roots_-_ 8_Albums_-.1.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\-The_roots_-_ 8_Albums_-.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\#gamemp3s Archive K-L.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\#gamemp3s Archive M.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\#gamemp3s Archive S part 2.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\[HentaiShare].Acrobat.1.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\[HentaiShare].Artificial.Girl.3.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\[HST] MonsterQuest - Giant Squid Found.1.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\[HST] MonsterQuest - Giant Squid Found.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\12.Rounds.READNFO.R5.LiNE.XviD-DEViSE.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\17 Again[2009]DvDrip[Eng]-FXG.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\2007.Dexter.Season02.Full.avi.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\2008 - Human.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\30 Rock S03E03.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\30.Rock.S02E11.HDTV.XviD-LOL.avi.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\30.Rock.S02E12.HR.HDTV.AVC.AC3-TAM.mkv.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\30.Rock.S02E13.HDTV.XviD-XOR.avi.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\30.Rock.S02E14.HDTV.XviD-LOL.avi.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\30.Rock.S02E15.HDTV.XviD-LOL.avi.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\30.Rock.S03E01.HDTV.XviD-LOL.avi.1.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\30.Rock.S03E01.HDTV.XviD-LOL.avi.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\30.Rock.S03E02.HDTV.XviD-LOL.avi.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\30.Rock.S03E04.HDTV.XviD.REPACK-LOL.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\30.Rock.S03E05.HDTV.XviD-LOL.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\30.Rock.S03E06.Christmas.Special.HDTV.XviD-FQM.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\30.Rock.S03E07.HDTV.XviD-LOL.avi.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\30.Rock.S03E08.HDTV.XviD-LOL.avi.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\30.Rock.S03E09.HDTV.XviD-LOL.avi.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\30.Rock.S03E10.HDTV.XviD-LOL.avi.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\30.Rock.S03E11.HDTV.XviD-LOL.avi.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\30.Rock.S03E12.HDTV.XviD-0TV.avi.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\30.Rock.S03E13.HDTV.XviD-LOL.avi.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\30.Rock.S03E14.HDTV.XviD-LOL.avi.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\30.Rock.S03E15.HDTV.XviD-LOL.avi.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\30.Rock.S03E16.HDTV.XviD-LOL.avi.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\30.Rock.S03E17.HDTV.XviD-LOL.avi.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\30.Rock.S03E18.HDTV.XviD-LOL.avi.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\30.Rock.S03E19.HDTV.XviD-LOL.avi.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\30.Rock.S03E20.HDTV.XviD-LOL.avi.1.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\30.Rock.S03E20.HDTV.XviD-LOL.avi.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\30.Rock.S03E21.HDTV.XviD-LOL.avi.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\30.Rock.S03E22.HDTV.XviD-LOL.avi.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\300[2006]DvDrip[Eng]-aXXo.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\A Kid Named Cudi.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Adobe.Dreamweaver.CS4-NoPE.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Adrift in Tokyo.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Adventureland.DVDSCR.XViD-CRUX.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Aesop Rock - 2007 - All Day Nike+ Original Run (Continuous Mix).torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Alien.Vs.Predator-Requiem[2007][Unrated.Edition]DvDrip[Eng]-aXXo.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Alphabeat - This Is Alphabeat [2008][CD+SkidVid_Xvid+Cov].torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\America's Best Dance Crew S01E03 Xvid-CDPLAYABACKUP.avi.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\America's Best Dance Crew S02E05.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\America's Best Dance Crew S03E02 Xvid-CDPLAYABACKUP.avi.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\America's Best Dance Crew S03E03 Xvid-CDPLAYABACKUP.avi.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\americas.best.dance.crew.s03e06.ws.dsr.xvid.avi.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Anchorman[Unrated]DVDRip.Xvid.2004-tots.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Andy Richter Controls the Universe [Xvid TV rip].torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Animal Collective.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Anna Ternheim - Halfway To Fivepoints (2008) - Folk [www.torrentazos.com].torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Anna Ternheim - Shoreline.mpg.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Anna_Ternheim_-_Separation_road.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Ashanti - The Declaration [2008][CD+SkidVid_XviD+Cov].torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\ASHER ROTH - The GreenHouse Effect Vol. 1.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Ashlee Simpson-BittersweetWrld[2008][CD+3 SkidVid_XviD+Cov].torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Augustana-Cant_Love_Cant_Hurt-2008-FNT.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Avril Lavigne.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Bart.Got.A.Room.2009.DvDRip-FxM.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Bat For Lashes - Two Suns.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Be.Kind.Rewind[2008]DvDrip-aXXo.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Ben Folds - Discography.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Ben.X.2007.DVDRip.XviD.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Ben_Folds-Way_To_Normal-2008-BENFOLDS.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\benny benassi- who's your daddy uncensored.avi.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Benny Benassi - Best Of Benny Benassi (2007).torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Benny_Benassi-The_Remix_Sessions-2009.[www.Mixermusic.net].torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Best of Jenna Jameson[DVDrip][XXX][www.NEWPCT.com].avi.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Beyonce - If I Were A Boy_NEW 2008.avi.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Beyonce - Single Ladies.avi.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\blackwhiterun.mp3.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Bloc Party - Intimacy [2008].torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Bolt.DVDSCR.XViD-mVs.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Bon Iver - For Emma, Forever Ago [2007].torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Borat[2006]DvDrip.AC3[Eng]-aXXo.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Boston - Greatest Hits.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Bryan Adams.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Buraka Som Sistema_Black diamond.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Busta Rhymes - Back On My Shit (2009) - Hip Hop [www.torrentazos.com].torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Busta Rhymes.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Calles Sin Nombre (2009) [ENG] [DVDRip] [XviD-MoH].avi.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\CB4.DVDRip.XviD-SUNOFWIZZ.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Chris Rock - Bigger & Blacker.avi.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Chrisette_Michele-Epiphany-2009-wWw.FiveMP3.CoM.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Coldplay - Viva La Vida Or Death And All His Friends - (Kingdom-music by Bob White).torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Coldplay.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Command.And.Conquer.Red.Alert.3.Update.1.04.Cracked-BAT.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Constantines-Kensington_Heights-2008-RTB.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Crayon Physics Deluxe.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Crystal Castles.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Da Drought 3.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Daniel Merriweather - Love & War.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Daniel Merriweather - Love and War (2009) KompletlyWyred DHZ Inc Release.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\David Byrne & Brian Eno [2008] Everything That Happens Will Happen Today.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Death From Above 1979.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Death_Cab_For_Cutie-Narrow_Stairs-2008-DEATHCABFORCUTiE.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Debbie Does Dallas - The Next Generation 2000.avi.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Debbie Does Dallas Again - 2007 (Evan Stone, Savanna Samson, Hillary Scott, Courtney Simpson, Penny Flame, Moniqu.avi.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Demetri.Martin.Person.2007.DVDRip.XviD-VH-PROD.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Departures.2008.JAP.DVDRip.XviD-CiELO.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Dexter.S01.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Dexter.S03.COMPLETE.VOSTFR.HDTV.XviD-PM5.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Dexter.S03E01.DVDScr.XviD-NOTYOU.avi.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Dexter.S03E02.HDTV.XviD-0TV.avi.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Dexter.S03E03.HDTV.XviD-NoTV.avi.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Dexter.S03E04.HDTV.XviD-0TV.[VTV].avi.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Dexter.S03E05.HDTV.XviD-0TV.avi.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Dexter.S03E06.HDTV.XviD-LOL.avi.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Dexter.S03E07.HDTV.XviD-LOL.avi.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Dexter.S03E08.HDTV.XviD-LOL.avi.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Dexter.S03E09.HDTV.XviD-0TV.avi.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Dexter.S03E10.HDTV.XviD-0TV.avi.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Dexter.S03E11.HDTV.XviD-aAF.avi.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Dexter.S03E12.HDTV.XviD-aAF.avi.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\dht.dat
c:\documents and settings\Dug Chan\Application Data\uTorrent\dht.dat.old
c:\documents and settings\Dug Chan\Application Data\uTorrent\Digitalism - Idealism [2007].torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Does It Offend You Yeah - You Have No Idea What You're Getting Yourself Into (2008).torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Does You Inspire You.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Dr. Dre - Chronic 2001.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Drake - So Far Gone[2009].torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Duffy - Rockferry [2008][CD+2 SkidVid_XviD+Cov]192Kbps.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Eddie Murphy - Delirious [DivX].avi.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Eddie.Murphy.Raw.1987.PROPER.DVDRip.XviD-SChiZO.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\El Perro del Mar - From The Valley To The Stars [2008].torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Elvis Costello & The Imposters - Momofuku (2008) - Rock.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Fantasies.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Fat_Girl (xvid110-sickboy88).torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Fearless.2006.DVDRip.XviD-BiEN.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Fine Young Cannibals 5 Album Discography.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Fink - Distance And Time (Advance 2007) - Indie [www.torrentazos.com].rar.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Firefox AK - Madame Madame (2006).torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Flash.Point[2007]DvDrip-aXXo.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Foo Fighters - 10 Albums [+Covers][+Vid][320kbps][DeadPoetRIP]@H33T.com.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Friendly_Fires-Friendly_Fires-(Advance)-2008-DV8.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\GBs0aSqE_Manny Pacquiao vs. Ricky Hatton [MNB].AVI.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Girl Talk - Feed The Animals (2008).torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Girl Talk - Night Ripper.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Girl Talk.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Girls and Boys.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Gnarls Barkley - The Odd Couple [2008][CD+SkidVid_XviD+Cov].torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Gran.Torino.DVDSCR.xViD-xSCR.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Grand National - A Drink And A Quick Decision [2007] Bonus Track.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Greg the Bunny 2005.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Greg The Bunny.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Happy.Go.Lucky.[2008.Eng].DVDRip.DivX-LTT.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\HBO.Presents.Louis.CK.Shameless.HDTV.XviD-Kyr.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\He's Just Not That Into You[2009]DvDrip[Eng]-FXG.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\HIMYM - Season 1.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\HotRod.English.DVDRIP.DIVX.EvilSnowmen.2007.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\House.S04E10.HDTV.XviD-LOL.avi.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\House.S04E11.HDTV.XviD-LOL.avi.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\House.S04E12.HDTV.XviD-LOL.avi.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\House.S04E13.HDTV.XviD-XOR.avi.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\House.S04E14.HDTV.XviD-NoTV.avi.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\House.S04E15.HDTV.XviD-0TV.avi.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\House.S04E16.HDTV.XviD-LOL.avi.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\House.S05E01.HDTV.XviD-NoTV.avi.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\House.S05E02.HDTV.XviD-NoTV.avi.1.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\House.S05E02.HDTV.XviD-NoTV.avi.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\House.S05E03.HDTV.XviD-LOL.avi.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\House.S05E04.HDTV.XviD-LOL.avi.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\House.S05E05.HDTV.XviD-LOL.avi.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\House.S05E06.Joy.HDTV.XviD-FQM.avi.1.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\House.S05E06.Joy.HDTV.XviD-FQM.avi.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\House.S05E07.HDTV.XviD-LOL.avi.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\House.S05E08.HDTV.XviD-LOL.avi.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\House.S05E09.HDTV.XviD-LOL.avi.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\House.S05E10.HDTV.XviD-LOL.avi.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\House.S05E11.HDTV.XviD-LOL.avi.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\House.S05E12.Painless.HDTV.XviD-FQM.avi.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\House.S05E13.HDTV.XviD-LOL.avi.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\House.S05E14.HDTV.XviD-2HD.avi.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\House.S05E15.Unfaithful.HDTV.XviD-FQM.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\House.S05E16.HDTV.XviD-LOL.avi.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\House.S05E17.HDTV.XviD-LOL.avi.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\House.S05E18.HDTV.XviD-LOL.[VTV].avi.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\House.S05E19.HDTV.XviD-LOL.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\House.S05E20.Simple.Explanation.HDTV.XviD-FQM.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\House.S05E21.HDTV.XviD-LOL.avi.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\House.S05E22.HDTV.XviD-LOL.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\House.S05E23.HDTV.XviD-LOL.avi.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\House.S05E24.HDTV.XviD-LOL.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\howling bells-radio wars.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Howling Bells - Howling Bells [2006].torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Human Giant Season 2.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\I.Love.You.Man.DVDRip.XviD-DASH.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Important.Things.with.Demetri.Martin.REPACK.S01E01.DSRip.XviD-aAF.avi.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Ip Man[2008]DVDrip[Zho]+Eng softsub -alwaysontop.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Iron & Wine-The Shepherd's Dog.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Iron & Wine.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Jamie Foxx - Intuition.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Jamie_Lidell-Jim-2008-RTB.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Janelle Monae - Metropolis The Chase Suite (Special Edition 2008) - R&B.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Jason Mraz - We Sing, We Dance, We Steal Things [2008].torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\JCVD[2008]DvDrip[Eng]-FXG.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Jenna Jameson Collection.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Jens Lekman - Night Falls Over Kortedala.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Jet Li - Once Upon A Time In China 2.avi.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Jimi Hendrix - Experience Hendrix- The Best of.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\John Mayer All Albums by MusicmindedNL.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\John Mayer.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\John_Legend-Evolver deluxe edition 2008.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Jumper.2008.ENGLISH.TELESYNC.DivX-LTT.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Jurassic.Fight.Club.S01E01.Cannibal.Dinosaur.HDTV.XviD-FQM.avi.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Jurassic.Fight.Club.S01E02.The.T-Rex.Hunter.HDTV.XviD-FQM.avi.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Jurassic.Fight.Club.S01E03.Gang.Killers.HDTV.XviD-FQM.avi.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Jurassic.Fight.Club.S01E04.Bloodiest.Battle.HDTV.XviD-FQM.avi.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Justin Timberlake.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Karina - First Love (2008) - R&B [www.torrentazos.com].torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Kaskade-Love_Mysterious-(Advance)-2006-RNS.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Kaskade - In The Moment [2004].torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Kaskade - Strobelite Seduction 2008(By troncho)-www.tripilandia.es-.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Keane-Perfect_Symmetry-(Deluxe_Edition)-2CD-2008.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Keane - The Theft Of Octo.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Keri Hilson - In A Perfect World... (Explicit Retail).torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Keyshia Cole - A Different Me [Retail].torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Kid Rock Collection.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Kidz_In_The_Hall-The_In_Crowd-2008-C4.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\KILL_ZONE.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Killing Floor + Free Multiplayer.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Kira Kener Filmography.1.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Kira Kener Filmography.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Kitchen.Confidential.(2005).Season.1.DVD-Rip [eFiCi].torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Kleerup-Kleerup-(EMI)-2008-soup.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Ladytron-Velocifero (2008) [Mp3][www.zonatorrent.com].torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Late Night Alumni - Empty Streets [Hed Kandi] (2005).torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Left4Dead (PC) (ENG)(NON-STEAM) (ALREADY CRACKED) (DIRECT PLAY) [blaze69].torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Lela.Star.Loves.Cock[2009]DVDRip-Perlite.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Lenka-Lenka[2008][MP3@320kbps]-antecho.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Lenny Kravitz - Greatest Hits.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Lights - EP(2008).rar.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Lights.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Lil Wayne - Tha Carter II [2005].torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Lil.Wayne-Tha.Carter.III.Retail-2008-[NoFS].torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Lily Allen - It's Not Me It's You [mp3-320-2009].torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Lindstrom-Where_you_go_I_go_too-(Feedelity)-2008-JUST.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Lisa Hannigan - Sea Sew (2008).torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\LMFAO - Party Rock-2009-CMS - Rock Music Album - rcrocks.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\LMFAO (24 songs - leaked and more) blissful0ne [Feb 2009].torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Louis.CK-Chewed.Up(2008)DvdScr[MiNdSkiN]1337x.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Love.Stinks[1999][DvDrip][Eng]-Criptkprr.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Lykke_Li-Youth_Novel-2008-TRAMPOLiN.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Lynda.com - DreamweaverCS4 Essential Training.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\M83 - Dead Cities, Red Seas & Lost Ghosts.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\m83 - saturdays = youth (2008).torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\M83.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Magic ISO Maker 5.4 with serial.rar.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\MagicISO Maker v5.5 (Build 265) [BRAiGHTLiNG Crack][h33t][matt14].torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Mariah Carey - Discography- The Pirate Bay-.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Marley & Me[2008]DvDrip[Eng]-FXG.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Matt Costa Discography.1.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Matt Costa Discography.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Maxwell - Discography.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\MGMT - Oracular Spectacular 320kbs.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Michael Jackson - Discography.2009.320.KBPS-KTY.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Michael Jackson.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Microcastle.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Microsoft Office Enterprise 2007 (VOXIGEN@mininova.org).torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Miike Snow.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Mirror's Edge.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Miss March 2009 UNRATED DVDRip XviD-AMIABLE.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Mommas.Man.2008.PROPER.DVDRip.XviD.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Monique Alexander & Sunny Lane - All Dressed Up.avi.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Mos Def-The Ecstatic (2009) KompletlyWyred DHZ Inc Release.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\MOS Trance Nation.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\MOS_Clubbers_Guide_2009(split tracks).torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Moyea FLV To Video Converter Pro v1.29.2.11.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Mr Hudson & The Library - A Tale Of Two Cities.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\MS-Office.2003.SP3.updated.17.Feb.2009.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Muse - 5 albums.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Musiq Soulchild - Onmyradio [2008].torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\My Plaything Jenna Jameson 2 - It's A Boy!.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\N-E-R-D.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\N.E.R.D-Seeing_Sounds-Retail-2008-HHKINGZ.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Nada Surf - Lucky [2008].torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\National.Geographics.Fight.Science.DSR.XviD-KmF.avi.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Neko Case - Middle Cyclone.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Never.Back.Down[2008]DvDrip-aXXo.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\New Kids On the Block - 1989 - Merry Merry Christmas.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\New Kids On the Block.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Nick.and.Norahs.Infinite.Playlist.REPACK.DVDRip.XviD.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\not Jet Li - Iron Monkey DvDrip(DivX) Eng - by Good Fight MaXXoM group - GFMMg.avi.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Nothing.But.The.Truth.LiMiTED.DVDRip.XviD-ARiGOLD.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Notorious BIG.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Notorious[2009]DvDrip[Eng]-FXG.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Nouns.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Nurses xXx DVDRip.XviD.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Nurses.XXX.DVDRiP.XviD-VBT.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Of Montreal - Skeletal Lamping.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Office 2003 Professional with SP1,2,3 + Working Serial.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Office 2003.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Office 2007 Enterprise Blue Edition.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Office2003Lite-SFX.exe.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Ong-Bak.2.2008.READ.NFO.DVDRip.XviD-d0h.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Ong-Bak.2003.DVDRip.XviD-VALiOMEDiA.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Ong.Bak.2.2008.DVDRip.XviD-TDM.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\OST_Pulp.Fiction.Collector's.Edition.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Outkast Discography.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\P2.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Parks.and.Recreation.S01E01.HDTV.XviD-LOL.avi.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Parks.and.Recreation.S01E02.HDTV.XviD-LOL.avi.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Parks.and.Recreation.S01E03.HDTV.XviD-LOL.avi.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Parks.and.Recreation.S01E04.Boys.Club.HDTV.XviD-FQM.avi.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Parks.and.Recreation.S01E05.HDTV.XviD-LOL.avi.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Parks.and.Recreation.S01E06.Rock.Show.HDTV.XviD-FQM.avi.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Passion Pit.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Paul Blart Mall Cop[2009]DvDrip[Eng]-FXG.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Peaches - I Feel Cream [mp3-vbr-2009].torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Pete Yorn - Musicforthemorningafter (2001).torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Peter Bjorn and John - Living Thing.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Peter Bjorn And John - Peter Bjorn And John.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Peter Bjorn And John - Writer's Block [2006].torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Peter_Bjorn_And_John-Seaside_Rock-(Advance)-2008-PBJ.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Phoenix - Wolfgang Amadeus Phoenix [mp3-160-2009].torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Pink - I'm Not Dead [2006][CD+Vid+Covers].torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Postal Service, The.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Pretty.Woman.1CD.Soundtrack.[WmC-PL].torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Pure.18.Vol.7.XviD-PORNOLATiON.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Q-Tip-Amplified-1999-iNT-OSM.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Q-Tip_-_The_Renaissance-2008-YSP[www.dutchdawn.com].torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Röyksopp - The Understanding (2005).torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Rambo[2008]DvDrip[Eng]-FXG.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Ramsay's Kitchen Nightmares - UK.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Randy.Jackson.Presents.Americas.Best.Dance.Crew.S02E01.WS.DSR.XviD-SYS.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Randy.Jackson.Presents.Americas.Best.Dance.Crew.S02E02.WS.DSR.XviD-SYS.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Randy.Jackson.Presents.Americas.Best.Dance.Crew.S02E03.DSR.XviD-OMiCRON.1.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Randy.Jackson.Presents.Americas.Best.Dance.Crew.S02E03.DSR.XviD-OMiCRON.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Randy.Jackson.Presents.Americas.Best.Dance.Crew.S02E06.WS.DSR.XviD-SYS.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Randy.Jackson.Presents.Americas.Best.Dance.Crew.S02E07.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Randy.Jackson.Presents.Americas.Best.Dance.Crew.S02E08.WS.DSR.XviD.avi.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\randy.jackson.presents.americas.best.dance.crew.s03e04.dsr.xvid-omicron.avi.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Randy.Jackson.Presents.Americas.Best.Dance.Crew.S03E05.WS.DSR.XviD-SYS.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\randy.jackson.presents.americas.best.dance.crew.s03e07.dsr.xvid-omicron.avi.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Raphael Saadiq.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Real Female Orgasms 9 XXX DVDRip Squirting www.sesionvip.com.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Real.Female.Orgasms.8.[www.kiborg.org]XXX.DVDRiP.avi.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\resume.dat
c:\documents and settings\Dug Chan\Application Data\uTorrent\resume.dat.old
c:\documents and settings\Dug Chan\Application Data\uTorrent\Richard Hawley - Coles Corner (2005).torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Richard.Pryor.Live.In.Concert.1979.DVDRip.Xvid.iNT-420Ripz.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\RIP.A.Remix.Manifesto.Xvid.avi.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Robert Greene, The 48 Laws of Power.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Role.Models[2008][Unrated.Edition]DvDrip-aXXo.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Royksopp-The_Girl_and_The_Robot-WEB-2009-QB.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Royksopp - Junior [mp3-192-2009].torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Royksopp - Junior 2009.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Royksopp - Melody A-M.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\rss.dat
c:\documents and settings\Dug Chan\Application Data\uTorrent\rss.dat.old
c:\documents and settings\Dug Chan\Application Data\uTorrent\Ryan Leslie - Ryan Leslie [GeneGeter.com].torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Saint Etienne - London Conversations (Advance) [2008] - Electronic [www.torrentazos.com].torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\santogold[mp3-by-Oj].torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Saturday.Night.Live.S34E21.Justin.Timberlake.HDTV.XviD-2HD.avi.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Saturday.Night.Live.S34E22.Will.Ferrell.HDTV.XviD-iHT.avi.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\SB3_CEE-EN.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Semi-Pro[2008]DvDrip AC3[Eng]-FXG.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\settings.dat
c:\documents and settings\Dug Chan\Application Data\uTorrent\settings.dat.old
c:\documents and settings\Dug Chan\Application Data\uTorrent\Seven.Pounds[2008]DvDrip-aXXo.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Sharkwater[2006]DvDrip[Eng]-NikonXP.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\SL-MA-SLM.avi.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\SnowPatrol-AHundredMillionSuns[2008][CD+SkidVid_XviD+Cov].torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\So.You.Think.You.Can.Dance.S05E01.WS.PDTV.XviD-2HD.avi.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\So.You.Think.You.Can.Dance.S05E02.WS.PDTV.XviD-FQM.avi.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\So.You.Think.You.Can.Dance.S05E03.WS.PDTV.XVID-BAJSKORV.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\So.You.Think.You.Can.Dance.S05E04.PROPER.WS.PDTV.XviD-FQM.avi.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\So.You.Think.You.Can.Dance.S05E05.WS.PDTV.XviD-FQM.avi.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\so.you.think.you.can.dance.s05e06.ws.pdtv.xvid-2hd.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\So.You.Think.You.Can.Dance.S05E07.WS.PDTV.XviD-2HD.avi.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\So.You.Think.You.Can.Dance.S05E08.WS.PDTV.XviD-2HD.avi.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\So.You.Think.You.Can.Dance.S05E09.WS.PDTV.XviD-FQM.avi.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\So.You.Think.You.Can.Dance.S05E10.WS.PDTV.XviD-2HD.avi.1.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\So.You.Think.You.Can.Dance.S05E10.WS.PDTV.XviD-2HD.avi.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\So.You.Think.You.Can.Dance.S05E11.WS.PDTV.XviD-2HD.avi.1.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\So.You.Think.You.Can.Dance.S05E11.WS.PDTV.XviD-2HD.avi.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\So.You.Think.You.Can.Dance.S05E12.WS.PDTV.XviD-2HD.avi.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\So.You.Think.You.Can.Dance.S05E13.WS.PDTV.XVID-BAJSKORV.avi.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\So.You.Think.You.Can.Dance.S05E14.WS.PDTV.XviD-2HD.avi.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\So.You.Think.You.Can.Dance.S05E15.WS.PDTV.XVID-BAJSKORV.avi.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\So.You.Think.You.Can.Dance.S05E16.WS.PDTV.XviD-2HD.avi.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\So.You.Think.You.Can.Dance.S05E17.WS.PDTV.XviD-2HD.avi.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\So.You.Think.You.Can.Dance.S05E18.WS.PDTV.XviD-2HD.avi.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\So.You.Think.You.Can.Dance.S05E19.WS.PDTV.XviD-FQM.avi.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\So.You.Think.You.Can.Dance.S05E20.WS.PDTV.XviD-2HD.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\So.You.Think.You.Can.Dance.S05E21.WS.PDTV.XviD-2HD.avi.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Sonya_Kitchell-This_Storm-(Advance)-2008-SONYAKiTCHELL.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Soulja Boy - Turn My Swag On.mp3.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Soulja_Boy-iSouljaBoyTellem-(RapGodFathers.com).torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Southland.S01E01.HDTV.XviD-NoTV.avi.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Southland.S01E02.HDTV.XviD-2HD.avi.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Southland.S01E03.HDTV.XviD-0TV.avi.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Southland.S01E04.HDTV.XviD-DOT.avi.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Southland.S01E05.Two.Gangs.HDTV.XviD-FQM.avi.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Southland.S01E06.REPACK.HDTV.XviD-XII.avi.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Southland.S01E07.HDTV.XviD-NoTV.avi.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Space Boogie- Smoke Oddessey [UK].rar.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Spore-RELOADED.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Star Wars - Jedi Knight II - Jedi Outcast.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Star Wars Jedi Knight - Jedi Academy (2 Cds).1.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Star Wars Jedi Knight - Jedi Academy (2 Cds).torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Subtle-Exiting_Arm-CD-2008-BPM.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\T-Pain - Thr33 Ringz (Deluxe Edition).torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\T.I.-Paper.Trail.Retail-2008-[NoFS].torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Tell.No.One.2006.DVDRip.XviD.AC3-DEViSE.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\tell.noone.xvid.dvdrip.eng.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Tennis.US.Open.2008.Mens.Final.Roger.Federer.Vs.Andy.Murray.WS.PDTV.XviD-NOsegmenT.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\The Cool Kids - Bake Sale.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\The Crystal Method - [2006] Drive- Nike + Original Run(Judah).torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\The Dears - Missiles [mp3-vbr-2008].torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\The Do - A Mouthful (2008).torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\The Frames [9 Albums] + The Swell Season + Once OST.1.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\The Frames [9 Albums] + The Swell Season + Once OST.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\The Hurricane (1999).torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\The Kooks-Konk Special Limited Edition 2CD (with covers) a DHZ.Inc Release.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\The Office S05E09 HDTV XviD LOL vXv.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\The Script - The Script [2008][CD+SkidVid_XviD+Cov]320Kbps.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\The Spirit[2008]DvDrip[Eng]-FXG.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\The Wrestler (2008) DVDSCR Occor avi.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\The Wrestler 2008 DVDScr H264 AAC-SecretMyth (Kingdom-Release).torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\The.Bachelorette.S05E01.PDTV.XviD-2HD.avi.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\The.Bachelorette.S05E03.PDTV.XviD-2HD.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\The.Bucket.List[2007]DvDrip-aXXo.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\The.Dark.Knight[2008]DvDrip-aXXo.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\The.Forbidden.Kingdom.CAM.XViD-CAMERA.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\The.Girlfriend.Experience.2009.DVDRip.XviD-iAPULA.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\The.Office.S04E12.HDTV.XviD-LOL.[VTV].avi.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\The.Office.S04E14.HDTV.XviD-XOR.[VTV].avi.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\The.Office.S05E01.HDTV.XviD-NoTV.1.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\The.Office.S05E01.HDTV.XviD-NoTV.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\The.Office.S05E02.HDTV.XviD-LOL.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\The.Office.S05E03.HDTV.XviD-LOL.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\The.Office.S05E04.HDTV.XviD-LOL.avi.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\The.Office.S05E05.HDTV.XviD-XOR.avi.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\The.Office.S05E06.HDTV.XviD-LOL.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\The.Office.S05E07.HDTV.XviD-LOL.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\The.Office.S05E08.HDTV.XviD-LOL.avi.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\The.Office.S05E10.HDTV.XviD-LOL.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\The.Office.S05E11.HDTV.XviD-LOL.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\The.Office.S05E12.HDTV.XviD-LOL.[VTV].avi.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\The.Office.S05E13.PROPER.HDTV.XviD-2HD.[VTV].avi.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\The.Office.S05E14.HDTV.XviD-2HD.[VTV].avi.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\The.Office.S05E15.HDTV.XviD-LOL.[VTV].avi.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\The.Office.S05E16.HDTV.XviD-LOL.[VTV].avi.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\The.Office.S05E17.HDTV.XviD-LOL.[VTV].avi.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\The.Office.S05E18.HDTV.XviD-LOL.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\The.Office.S05E19.HDTV.XviD-LOL.[VTV].avi.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\The.Office.S05E20.HDTV.XviD-LOL.[VTV].avi.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\The.Office.S05E21.HDTV.XviD-LOL.[VTV].avi.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\The.Office.S05E22.HDTV.XviD-LOL.[VTV].avi.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\The.Office.S05E23.HDTV.XviD-LOL.[VTV].avi.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\The.Office.S05E24.HDTV.XviD-LOL.[VTV].avi.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\The.Office.S05E25.HDTV.XviD-LOL.[VTV].avi.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\The.Office.S05E26.HDTV.XviD-LOL.[VTV].avi.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\The.Office.US.S04E09.HDTV.XviD-LOL.[VTV].avi.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\The.Office.US.S04E10.HDTV.XviD-LOL.[VTV].avi.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\The.Office.US.S04E13.HDTV.XviD-LOL.[VTV].avi.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\The_Dream-Love_Vs_Money-2009-C4.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\The_Empire_And_Lil_Wayne-The_Drought_Is_Over_2_(The_Carter_3_Sessions)-(Bootleg)-2007.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\The_Office.4x11.Night_Out.REPACK.HDTV_XviD-FoV.[VTV].avi.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\The_Ting_Tings-We_Started_Nothing-2008-RTB.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\top.chef.masters.107.hdtv.xvid-sys.avi.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Top.Chef.Masters.S01E01.HDTV.XviD.[goat].avi.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Top.Chef.Masters.S01E02.The.Lost.Supper.DSR-XviD.pwe.avi.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Top.Chef.Masters.S01E03.VeroVenlo.avi.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Top.Chef.Masters.S01E04.HDTV.XviD-SYS.1.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Top.Chef.Masters.S01E04.HDTV.XviD-SYS.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Top.Chef.Masters.S01E05.VeroVenlo.avi.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Top.Chef.Masters.S01E06.HDTV.XviD.[goat].avi.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Top.Chef.Masters.S01E08.HDTV.XviD.[goat].avi.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Top.Chef.S05E12.HDTV.XviD-SYS.avi.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Top.Chef.S05E13.HDTV.XviD-SYS.avi.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Top.Chef.S05E14.HDTV.XviD-GNARLY.avi.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Travis-Ode_To_J_Smith-2008-404.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Trey_Songz-Trey_Day-2007-H3X.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\TV on the Radio - Dear Science, (2008).torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Twilight[2008]DvDrip-aXXo.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Two.Lovers.LIMITED.BDRip.XviD-NeDiVx.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Tyson.2009.DvdRip.Xvid.MegaGun.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\U2 - The Best And The B-Sides Of 1990-2000 - 2CD.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\U2 - The Joshua Tree [Deluxe Edition].torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\UFC.83.Serra.vs.St.Pierre.2.PPV.HDTV.XviD-aAF.avi.1.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\UFC.83.Serra.vs.St.Pierre.2.PPV.HDTV.XviD-aAF.avi.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\UFC.91.Couture.vs.Lesnar.PPV.HDTV.XviD-aAF.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\UFC.98.Evans.vs.Machida.PPV.HDTV.XviD-aAF.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\UFC.98.Rashad.Evans.Vs.Lyoto.Machida.XviD-XS.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Utada-This Is the One-2009.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\utorrent.lng
c:\documents and settings\Dug Chan\Application Data\uTorrent\VA-Ministry Of Sound Clubbers Guide Summer 09 2CD 2009 BSBT RG.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Vanessa Carlton - Be Not Nobody.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Vanessa Carlton - Harmonium [2004].torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Vanessa Carlton -Heroes_Thieves[2007][CD+SkidVid_XviD+Cov].torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Vantage.Point[2008]DvDrip.AC3-aXXo.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Various Artists - Indie Rock Playlist Best Of.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Various Artists - Teenage Mutant Ninja Turtles.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\VideoGet 3.0.2.43.1.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\VideoGet 3.0.2.43.2.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\VideoGet 3.0.2.43.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Virtual Sex With Jenna Jameson.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Virtual Sex With Monique Alexander.avi.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Vista_Recovery_Disc.iso.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Walk.Hard-The.Dewey.Cox.Story[2007]DvDrip-aXXo.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Walking on a Dream.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Waltz With Bashir.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Waltz.With.Bashir.LIMITED.DVDRip.XviD.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Wendy.And.Lucy.2008.LiMiTED.DVDSCR.XViD.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Why_ Discography.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Will I Am - Songs About Girls [2007][CD+SkidVid+Cov]192Kbps.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\World.of.Goo-SKIDROW.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Xbox_360_3_Red_Lights_Error_Repair_Guide.pdf.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Y.P.F.[Young.People.Fucking][2007]DvDrip.AC3-aXXo.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Yacht - See Mystery Lights (2009).torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Yael Naim.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Yes.Man.2008.DvDRip-FxM.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Young.Jeezy-The.Recession-Retail-2008-[NoFS].torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\zbxyzj101?Watching My Wife.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Zoolander KLAXXON.torrent
c:\program files\BearShare
c:\program files\BearShare\BearShare.dat
c:\program files\BearShare\BSidle.dll
c:\program files\BearShare\db\config.bin
c:\program files\BearShare\db\connect.txt
c:\program files\BearShare\db\gwebcache.dat
c:\program files\BearShare\db\Hostiles-Chat.txt
c:\program files\BearShare\db\Hostiles.txt
c:\program files\BearShare\db\library.2.db
c:\program files\BearShare\db\library.2.db.lastgoodload.bak
c:\program files\BearShare\db\library.db
c:\program files\BearShare\db\library.db.lastgoodload.bak
c:\program files\BearShare\db\searches.ini
c:\program files\BearShare\FreePeers.ini
c:\program files\BearShare\Installer\BSLITEINSTALL.exe
c:\program files\BearShare\Logs\hosts-state.txt
c:\program files\BearShare\Logs\memory.txt
c:\program files\BearShare\Logs\ordinal.txt
c:\program files\BearShare\Logs\streams.txt
c:\program files\BearShare\proinstall2.ini
c:\program files\BearShare\RunMSC.dll
c:\program files\BearShare\sounds\notify.wav
c:\program files\BearShare\Temp\0902FA.tmp
c:\program files\BearShare\Temp\0902FC.tmp
c:\program files\BearShare\Temp\0902FE.tmp
c:\program files\BearShare\Temp\0902FF.tmp
c:\program files\BearShare\Temp\090301.tmp
c:\program files\BearShare\Temp\42516A.tmp
c:\program files\BearShare\Temp\425178.tmp
c:\program files\BearShare\Temp\42517A.tmp
c:\program files\BearShare\Temp\42517C.tmp
c:\program files\BearShare\Temp\425181.tmp
c:\program files\BearShare\Temp\425184.tmp
c:\program files\BearShare\Temp\425186.tmp
c:\program files\BearShare\Temp\425188.tmp
c:\program files\BearShare\Temp\42518B.tmp
c:\program files\BearShare\Temp\42518C.tmp
c:\program files\BearShare\Temp\42518F.tmp
c:\program files\BearShare\Temp\425191.tmp
c:\program files\BearShare\Temp\425193.tmp
c:\program files\BearShare\Temp\425195.tmp
c:\program files\BearShare\Temp\425197.tmp
c:\program files\BearShare\Temp\42519A.tmp
c:\program files\BearShare\Temp\42519C.tmp
c:\program files\BearShare\Temp\42519E.tmp
c:\program files\BearShare\Temp\4251A4.tmp
c:\program files\BearShare\Temp\4251A5.tmp
c:\program files\BearShare\Temp\4251A7.tmp
c:\program files\BearShare\UNWISE.EXE
c:\program files\BearShare\Webstats.bat
c:\program files\BearShare\Webstats.exe
c:\windows\system32\drivers\mtvpwipyyqxnkibi.sys
c:\windows\system32\UACcbritfjolx.dat
c:\windows\system32\uacsr.dat
c:\windows\system32\xa.tmp
 
.
((((((((((((((((((((((((( Files Created from 2009-07-26 to 2009-08-26 )))))))))))))))))))))))))))))))
.

2009-08-25 08:17 . 2009-08-25 08:17 -------- d-----w- c:\documents and settings\Administrator.DUG\Local Settings\Application Data\Mozilla
2009-08-25 08:16 . 2009-08-25 08:16 -------- d-sh--w- c:\documents and settings\Administrator.DUG\PrivacIE
2009-08-24 20:33 . 2009-08-03 20:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-24 20:33 . 2009-08-24 20:34 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-24 20:33 . 2009-08-03 20:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-23 08:27 . 2009-08-23 08:28 -------- d-----w- C:\rsit
2009-08-23 08:27 . 2009-08-23 08:28 -------- d-----w- c:\program files\trend micro
2009-08-19 00:10 . 2009-08-19 00:10 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-08-18 23:34 . 2009-08-18 23:46 -------- d-----w- C:\H.osts
2009-08-18 23:26 . 2009-08-18 23:26 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-08-18 23:26 . 2009-08-18 23:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-08-18 03:09 . 2008-08-07 09:49 -------- d-----w- c:\documents and settings\Administrator.DUG\Local Settings\Application Data\Microsoft Help

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-25 18:08 . 2008-07-22 20:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-08-18 04:27 . 2008-01-16 09:52 -------- d-----w- c:\program files\Common Files\Adobe
2009-08-18 03:05 . 2007-12-16 10:42 -------- d-----w- c:\program files\lg_fwupdate
2009-08-17 22:57 . 2009-07-19 18:54 -------- d-----w- c:\documents and settings\Dug Chan\Application Data\vlc
2009-08-17 10:42 . 2009-04-27 01:46 -------- d-----w- c:\documents and settings\Dug Chan\Application Data\Audacity
2009-08-05 22:20 . 2009-06-26 19:44 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-07-21 07:48 . 2009-07-21 07:47 -------- d-----w- c:\program files\iTunes
2009-07-21 07:47 . 2009-07-21 07:47 -------- d-----w- c:\program files\iPod
2009-07-21 07:47 . 2007-12-28 10:03 -------- d-----w- c:\program files\Common Files\Apple
2009-07-21 07:44 . 2009-07-21 07:44 75040 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.2.1.6\SetupAdmin.exe
2009-06-02 00:06 . 2009-06-02 00:06 34063 ----a-w- c:\documents and settings\Dug Chan\Application Data\Move Networks\ie_bin\Uninst.exe
2009-05-29 20:36 . 2009-03-20 21:14 2060288 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-05-29 20:36 . 2007-12-28 10:04 39424 ----a-w- c:\windows\system32\drivers\usbaapl.sys
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of C:\H.osts ----

2009-08-18 23:34 . 2007-09-06 08:12 794 ----a-w- c:\h.osts\License.txt
2009-08-18 23:34 . 2008-12-24 12:07 1615 ----a-w- c:\h.osts\mvps.bat
2009-08-18 23:34 . 2009-07-19 06:58 1384 ----a-w- c:\h.osts\PrivacyPolicy.txt
2009-08-18 23:34 . 2009-07-19 06:56 6293 ----a-w- c:\h.osts\readme.txt
2009-08-18 23:34 . 2009-07-27 17:08 610636 ----a-w- c:\h.osts\HOSTS
2009-08-18 23:34 . 2009-08-18 23:34 148286 ----a-w- c:\h.osts\hosts.zip


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"Creative Detector"="c:\program files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-03 102400]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-08-08 490952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-03 208952]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 56928]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-06 54832]
"LGODDFU"="c:\program files\lg_fwupdate\fwupdate.exe" [2007-12-16 249856]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"SecurDisc"="c:\program files\Nero\Nero 7\InCD\NBHGui.exe" [2007-05-15 1628208]
"InCD"="c:\program files\Nero\Nero 7\InCD\InCD.exe" [2007-05-15 1057328]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-10-22 136600]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]
"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2007-07-23 77824]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-05-14 177472]
"Nokia FastStart"="c:\program files\Nokia\Nokia Music\NokiaMusic.exe" [2008-06-30 2327776]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-27 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2007-03-21 16126464]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

c:\documents and settings\Dug Chan\Start Menu\Programs\Startup\
Stardock ObjectDock.lnk - c:\program files\Stardock\ObjectDock\ObjectDock.exe [2007-12-26 3450608]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2008-07-03 20:43 10536 ----a-w- c:\program files\Citrix\GoToAssist\516\g2awinlogon.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"AntiVirService"=3 (0x3)
"AntiVirSchedulerService"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Steam\\steamapps\\dukerus\\half-life 2 deathmatch\\hl2.exe"=
"c:\\Program Files\\Electronic Arts\\Command & Conquer 3\\RetailExe\\1.9\\cnc3game.dat"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Steam\\steamapps\\dukerus\\team fortress 2\\hl2.exe"=
"d:\\Games\\Unreal Tournament 3\\Binaries\\UT3.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"d:\\Games\\Battle for Middle Earth II\\game.dat"=
"d:\\Games\\Battle for Middle Earth II\\EP1\\game.dat"=
"c:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"=
"c:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"=
"c:\\Program Files\\Electronic Arts\\Command & Conquer 3 Kane's Wrath\\RetailExe\\1.0\\cnc3ep1.dat"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"d:\\Games\\LucasArts\\Jedi Outcast\\GameData\\jk2mp.exe"=
"c:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"d:\\Games\\Mirror's Edge\\Binaries\\MirrorsEdge.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R0 ntcdrdrv;ntcdrdrv;c:\windows\system32\drivers\ntcdrdrv.sys [17/04/2008 5:53 PM 13440]
S3 AtiHdmiService;ATI Function Driver for HDMI Service;c:\windows\system32\drivers\AtiHdmi.sys [20/07/2007 7:40 PM 84992]
S3 miniusb;FrameManager Display Adapter;c:\windows\system32\DRIVERS\sam_miniusb.sys --> c:\windows\system32\DRIVERS\sam_miniusb.sys [?]
S3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\drivers\s0016bus.sys [21/10/2008 8:58 PM 89256]
S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\drivers\s0016mdfl.sys [21/10/2008 8:58 PM 15016]
S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\drivers\s0016mdm.sys [21/10/2008 8:58 PM 120744]
S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0016mgmt.sys [21/10/2008 8:58 PM 114216]
S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\drivers\s0016nd5.sys [21/10/2008 8:58 PM 25512]
S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\drivers\s0016obex.sys [21/10/2008 8:58 PM 110632]
S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\drivers\s0016unic.sys [21/10/2008 8:58 PM 115752]
S3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\drivers\s1018bus.sys [21/10/2008 8:58 PM 90408]
S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\drivers\s1018mdfl.sys [21/10/2008 8:58 PM 15016]
S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\drivers\s1018mdm.sys [21/10/2008 8:58 PM 122024]
S3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s1018mgmt.sys [21/10/2008 8:58 PM 115368]
S3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\drivers\s1018nd5.sys [21/10/2008 8:58 PM 25768]
S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\drivers\s1018obex.sys [21/10/2008 8:58 PM 111784]
S3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\drivers\s1018unic.sys [21/10/2008 8:58 PM 117544]
S3 SODI;SODI;c:\windows\system32\DRIVERS\sam_miniport.sys --> c:\windows\system32\DRIVERS\sam_miniport.sys [?]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-08-14 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 19:34]

2009-08-26 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-07-22 23:45]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://xbox360.ign.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Dug Chan\Application Data\Mozilla\Firefox\Profiles\4t6o41bt.default\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-26 12:27
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2000478354-73586283-682003330-1003\Software\SecuROM\License information*]
"datasecu"=hex:42,8c,28,b1,e7,15,de,32,4d,f9,6d,e6,3f,23,59,92,92,39,7e,16,48,
ee,70,6c,b7,d5,67,e4,12,c6,11,10,73,da,03,fd,5a,31,66,f4,ed,9f,94,e0,08,ea,\
"rkeysecu"=hex:b2,95,69,23,48,0e,8f,40,83,e4,b7,0a,9a,82,70,69
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(644)
c:\windows\system32\Ati2evxx.dll
c:\program files\Citrix\GoToAssist\516\G2AWinLogon.dll
.
Completion time: 2009-08-26 12:29
ComboFix-quarantined-files.txt 2009-08-26 19:29
ComboFix2.txt 2009-08-26 09:18

Pre-Run: 78,777,937,920 bytes free
Post-Run: 78,715,236,352 bytes free

783 --- E O F --- 2009-03-04 11:00
Upload was successful
 
Malwarebytes' Anti-Malware 1.40
Database version: 2700
Windows 5.1.2600 Service Pack 2 (Safe Mode)

26/08/2009 1:13:21 PM
mbam-log-2009-08-26 (13-13-21).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 264281
Time elapsed: 30 minute(s), 14 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 4

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Qoobox\Quarantine\C\WINDOWS\system32\UACemtvytpysy.dll.vir (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\UACgqfucbfalq.dll.vir (Rogue.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B1DBF069-7B1F-4CDB-8F97-1DBD4DE4F53E}\RP638\A0078003.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B1DBF069-7B1F-4CDB-8F97-1DBD4DE4F53E}\RP638\A0078004.dll (Rogue.Agent) -> Quarantined and deleted successfully.
 
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Wednesday, August 26, 2009
Operating system: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Wednesday, August 26, 2009 22:56:27
Records in database: 2690241
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\

Scan statistics:
Objects scanned: 153374
Threats found: 3
Infected objects found: 5
Suspicious objects found: 0
Scan duration: 02:38:41


File name / Threat / Threats count
C:\Photoshop\Useful Installers\extfix(.mess.be).zip Infected: not-a-virus:RiskTool.Win32.ExtUnlock.a 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\UACawesrlcwcg.sys.vir Infected: Rootkit.Win32.Agent.oxr 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\UACfuxthxjqcr.dll.vir Infected: Packed.Win32.TDSS.y 1
C:\System Volume Information\_restore{B1DBF069-7B1F-4CDB-8F97-1DBD4DE4F53E}\RP638\A0078002.sys Infected: Rootkit.Win32.Agent.oxr 1
C:\System Volume Information\_restore{B1DBF069-7B1F-4CDB-8F97-1DBD4DE4F53E}\RP638\A0078006.dll Infected: Packed.Win32.TDSS.y 1

Selected area has been scanned.
 
Last edited by a moderator:
How are things running now ?


Your Adobe Acrobat Reader is out of date. Older versions have vulnerabilities that malware can use to infect your system.

Adobe Reader is a large program and uses unnecessary space.
If you prefer a smaller program you can get Foxit 3.0 from http://www.foxitsoftware.com/pdf/rd_intro.php << Recommended

There is a newer version of Adobe Acrobat Reader available.
  • Please go to this link Adobe Acrobat Reader Download Link
  • Click Download
  • On the right Untick Adobe Phototshop Album Starter Edition if you do not wish to include this in the installation.
  • Click the Continue button
  • Click Run, and click Run again
  • Next click the Install Now button and follow the on screen prompts



Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.

Please download Java SE Runtime Environment (JRE) . ( don't install it yet )
  • Scroll down to where it says "Java SE Runtime Environment (JRE)".
  • Click the "Download" button to the right.
    • Platform = Windows
    • Language = Multi Language
  • Check the box that says: "Accept License Agreement".
  • The page will refresh.
  • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.

Now download JavaRa and unzip it to your desktop.

***Please close any instances of Internet Explorer (or other web browser) before continuing!***

  • Double-click on JavaRa.exe to start the program.
  • From the drop-down menu, choose English and click on Select.
  • JavaRa will open; click on Remove Older Versions to remove the older versions of Java installed on your computer.
  • Click Yes when prompted. When JavaRa is done, a notice will appear that a logfile has been produced. Click OK.
  • A logfile will pop up. Please save it to a convenient location.

Now install the Java SE Runtime Environment (JRE) package you downloaded
(it comes with a toolbar pre-selected, so make sure you uncheck the box)

You can delete JavaRa (zip and exe)
 
I updated Adobe Reader and Java as you've indicated above. It seems like things are back to normal.. I ran mbam once more and it removed two threats that were already in quarantine. I'll be sure to follow up again in the next day or two if I notice any odd behaviour.

If not, thank you so much for your help Katana. You've been incredible! =)
 
Congratulations your logs look clean :)

Let's see if I can help you keep it that way

First lets tidy up



Uninstall Combofix
  • This will clear your System Volume Information restore points and remove all the infected files that were quarantined
  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK. Note the space between the X and the /U, it needs to be there.
    • CF_Cleanup.png



OTCleanup
Please download OTCleanup from HERE
Click the OTC.exe icon and then click the CleanUp button.
If you get any pop ups asking if it is OK let the program proceed. At the end the program will ask to let it reboot the computer. Let it do so.
Let me know if there were any problems with OT CleanIt




You can also delete any logs we have produced, and empty your Recycle bin.

----------------------------------------------------------- -----------------------------------------------------------

The following is some info to help you stay safe and clean.


You may already have some of the following programs, but I include the full list for the benefit of all the other people who will be reading this thread in the future.
( Vista users must ensure that any programs are Vista compatible BEFORE installing )

Online Scanners
I would recommend a scan at one or more of the following sites at least once a month.

http://www.pandasecurity.com/activescan
http://www.kaspersky.com/kos/eng/partner/71706/kavwebscan.html

!!! Make sure that all your programs are updated !!!
Secunia Software Inspector does all the work for you, .... see HERE for details

AntiSpyware

  • AntiSpyware is not the same thing as Antivirus.
    Different AntiSpyware programs detect different things, so in this case it is recommended that you have more than one.
    You should only have one running all the time, the other/s should be used "on demand" on a regular basis.
    Most of the programs in this list have a free (for Home Users ) and paid versions,
    it is worth paying for one and having "realtime" protection, unless you intend to do a manual scan often.
  • Spybot - Search & Destroy <<< A must have program
    • It includes host protection and registry protection
    • A hosts file is a bit like a phone book, it points to the actual numeric address (i.e. the IP address) from the human friendly name of a website. This feature can be used to block malicious websites
  • MalwareBytes Anti-malware <<< A New and effective program
  • a-squared Free <<< A good "realtime" or "on demand" scanner
  • superantispyware <<< A good "realtime" or "on demand" scanner

Prevention

  • These programs don't detect malware, they help stop it getting on your machine in the first place.
    Each does a different job, so you can have more than one
  • Winpatrol
    • An excellent startup manager and then some !!
    • Notifies you if programs are added to startup
    • Allows delayed startup
    • A must have addition
  • SpywareBlaster 4.0
    • SpywareBlaster sets killbits in the registry to prevent known malicious activex controls from installing themselves on your computer.
  • SpywareGuard 2.2
    • SpywareGuard provides real-time protection against spyware.
    • Not required if you have other "realtime" antispyware or Winpatrol
  • ZonedOut
    • Formerly known as IE-SPYAD, adds a long list of sites and domains associated with known advertisers and marketers to the Restricted sites zone of Internet Explorer.
  • MVPS HOSTS
    • This little program packs a powerful punch as it blocks ads, banners, 3rd party Cookies, 3rd party page counters, web bugs, and many hijackers.
    • For information on how to download and install, please read this tutorial by WinHelp2002.
    • Not required if you are using other host file protections

Internet Browsers

  • Microsoft has worked hard to make IE.7 a more secure browser, unfortunately whilst it is still the leading browser of choice it will always be under attack from the bad guys.
    Using a different web browser can help stop malware getting on your machine.
    • Make your Internet Explorer more secure - This can be done by following these simple instructions:
      1. From within Internet Explorer click on the Tools menu and then click on Options.
      2. Click once on the Security tab
      3. Click once on the Internet icon so it becomes highlighted.
      4. Click once on the Custom Level button.
        • Change the Download signed ActiveX controls to Prompt
        • Change the Download unsigned ActiveX controls to Disable
        • Change the Initialise and script ActiveX controls not marked as safe to Disable
        • Change the Installation of desktop items to Prompt
        • Change the Launching programs and files in an IFRAME to Prompt
        • Change the Navigate sub-frames across different domains to Prompt
        • When all these settings have been made, click on the OK button.
        • If it prompts you as to whether or not you want to save the settings, press the Yes button.
      5. Next press the Apply button and then the OK to exit the Internet Properties page.
    If you are still using IE6 then either update, or get one of the following.
    • FireFox
      • With many addons available that make customization easy this is a very popular choice
      • NoScript and AdBlockPlus addons are essential
    • Opera
      • Another popular alternative
    • Netscape
      • Another popular alternative
      • Also has Addons available

Cleaning Temporary Internet Files and Tracking Cookies

  • Temporary Internet Files are mainly the files that are downloaded when you open a web page.
    Unfortunately, if the site you visit is of a dubious nature or has been hacked, they can also be an entry point for malware.
    It is a good idea to empty the Temporary Internet Files folder on a regular basis.

    Tracking Cookies are files that websites use to monitor which sites you visit and how often.
    A lot of Antispyware scanners pick up these tracking cookies and flag them as unwanted.
    CAUTION :- If you delete all your cookies you will lose any autologin information for sites that you visit, and will need your passwords

    Both of these can be cleaned manually, but a quicker option is to use a program
  • ATF Cleaner
    • Free and very simple to use
  • CCleaner
    • Free and very flexible, you can chose which cookies to keep

Also PLEASE read this article.....So How Did I Get Infected In The First Place

The last and most important thing I can tell you is UPDATE.
If you don't update your security programs (Antivirus, Antispyware even Windows) then you are at risk.
Malware changes on a day to day basis. You should update every week at the very least.

If you follow this advice then (with a bit of luck) you will never have to hear from me again :D


If you could post back one more time to let me know everything is OK, then I can have this thread archived.

Happy surfing K'
 
From what I can tell, my system is operating as it was before the infection. =)

I took your advice and beefed up my security. Hopefully that'll help me out in the future. Thanks Katana! You're awesome!
 
You must log in or register to reply here.
Back
Top