system security and malware removal bot infected my pc how do i remove them?

so im not sure how but my pc was infected with system security malware, like a idiot i i downloaded another malware program called malware removal bot trying to fix it. Ive tried downloading other free anti virus programs that others recommended like malwarebytes but the virus is keeping me from downloading it or anything else for that matter in normal mode or safety. ive also tried doing a factory reset but it wont read my boot cd either. i dont know what other options i have at this point i heard you can try manually removing them but if your not computer savy witch im not you could harm your computer further. i also have a usb drive and im thinking of installing malwarebytes or another program from my room mates lab top and installing them that way but ive never done that before. at this point after installing malware removal bot like a idiot im nervous to do anything else.

Please download the current version of HijackThis from HERE

• Double click and run the installer.
  
• It will install to C:\Program Files\Trend Micro\HijackThis\hijackthis.exe
  
• After installing, you should get the user agreement, press accept and Hijack This will run.
  
• Select Do a system scan and save a log file. This will open a notepad file of everything Hijack This found, copy and paste it back here.
  

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:14:36 PM, on 6/15/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16850)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Internet Explorer\Iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.alienware.com/Mothership?Comp=AWC&SysCode=PC-AREA51-3500-R2&ai=636E3D33333731323126706F3D504F2D33353932383441
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {348FE907-249E-4C65-A838-F34A193FE1D1} - (no file)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: XML module - {500BCA15-57A7-4eaf-8143-8C619470B13D} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: StumbleUpon Toolbar - {5093EB4C-3E93-40AB-9266-B607BA87BDC8} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.alienware.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1208632087281
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun.com/ESD40/JSCDL/jre/6u5-b19/jinstall-6u5-windows-i586-jc.cab?AuthParam=1209399813_cf18ca55af2f264f1acb6ac8a4e041bb&GroupName=JSC&BHost=javadl.sun.com&FilePath=/ESD40/JSCDL/jre/6u5-b19/jinstall-6u5-windows-i586-jc.cab&File=jinstall-6u5-windows-i586-jc.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: wbsys.dll,c:\progra~1\Manson\liser.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 5447 bytes
hopefully i did that correctly

Hello.

• Open HijackThis
  
• Choose "Do a system scan only"
  
• Check the boxes in front of these lines:
  
  
  O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
  O2 - BHO: (no name) - {348FE907-249E-4C65-A838-F34A193FE1D1} - (no file)
  O2 - BHO: XML module - {500BCA15-57A7-4eaf-8143-8C619470B13D} - (no file)
  O20 - AppInit_DLLs: wbsys.dll,c:\progra~1\Manson\liser.dll
  
  
  
• Press "Fix Checked"
  
• Close Hijack This.
  

Please download and run this tool.

Download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  
• If an update is found, it will download and install the latest version.
  
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  

Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

Post the contents of the MBAM Log.

i did the hijack this part but when i go to install malwarebytes it still wont let me download anything i get up to running the installer but it stops in extracting files part, ive tried in safe mode as well and nothing but i heard you shouldnt download any programs in safe mode also the longer this is on my computer it seems the less responsive my computer is becoming at first my firefox wouldnt open up now it does but every link takes me to coupon mountain or some other useless things

Hello.

• Download combofix from here
  Link 1
  Link 2
  
  1. If you are using Firefox, make sure that your download settings are as follows:
  
  * Tools->Options->Main tab
  * Set to "Always ask me where to Save the files".
  
  2. During the download, rename Combofix to Combo-Fix as follows:
  
  
  
  
  
  3. It is important you rename Combofix during the download, but not after.
  4. Please do not rename Combofix to other names, but only to the one indicated.
  5. Close any open browsers.
  6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  
  
• We need to disable your local AV (Anti-virus) before running Combofix.
  
• See HERE for how to disable your AV. (AVG8)
  
• Double click on ComboFix.exe.
  
• Follow the prompts. NOTE:
  
• ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
  ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***
  
  **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.
  
  
  
• The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.
  
  
  
  
• Allow ComboFix to download the Recovery Console.
  
• Accept the End-User License Agreement.
  
• The Recovery Console will be installed.
  
• You will then get this next prompt that asks if you want to continue the malware scan, select yes
  
  
  
  
• Allow combofix to run
  
• Post C:\combofix.txt back here.
  
  Note:
  Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
  

i turned off my av and tryed to download combo-fix i altered the name like it told me but when it was down saving and i tryed to get it to run a little box would show up that says combo fix and then nothing else happens not sure if it has to do with the combo fix but a command prompt looking thing pops up not sure exactly what it is i tried to remove the combo fix to try to re do it but it wont let me do that ethier.

i got the combo-fix to work i think it did a scan and came up with this is the combofix txt you need

ComboFix 09-06-15.04 - 63 06/15/2009 22:14.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.705 [GMT -4:00]
Running from: c:\documents and settings\63\Desktop\Combo-Fix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: ZoneAlarm Security Suite Antivirus *On-access scanning disabled* (Updated) {5D467B10-818C-4CAB-9FF7-6893B5B8F3CF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Manson\liser.dll
c:\program files\Manson\liser.exe
C:\tj.vbs
c:\windows\system32\drivers\UACfrxnmfldnqqowkm.sys
c:\windows\system32\UACcwcrduxhtjjijjo.log
c:\windows\system32\UACfoewgbnmybxbios.dat
c:\windows\system32\UACfpcskavylypiagu.dll
c:\windows\system32\uacinit.dll
c:\windows\system32\UACkiyqxypqaifsmpq.dll
c:\windows\system32\UACpcaovaohuoxqxwb.dll
c:\windows\system32\UACpjxvmcfwhptjkpe.log
c:\windows\system32\UACpsyunrlpjlklkxw.log
c:\windows\system32\UACptutfjjgubxheli.dll
c:\windows\system32\UACrrxbmqevdppevxb.dll
c:\windows\system32\UACrsuojnswvrpwkdo.dll
c:\windows\system32\uactmp.db
c:\windows\system32\UACvhkmwlkltvrrirn.db
c:\windows\Tasks\{783AF354-B514-42d6-970E-3E8BF0A5279C}.job

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_UACd.sys


((((((((((((((((((((((((( Files Created from 2009-05-16 to 2009-06-16 )))))))))))))))))))))))))))))))
.

2009-06-15 18:18 . 2009-05-26 17:20 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-15 18:18 . 2009-06-16 00:57 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-15 18:18 . 2009-06-15 18:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-06-15 18:18 . 2009-05-26 17:19 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-15 16:32 . 2009-06-15 16:32 2 ---h--w- c:\windows\zaponce53290.dat
2009-06-15 16:32 . 2009-06-15 16:32 2 ---h--w- c:\windows\zaponce53173.dat
2009-06-15 16:32 . 2009-06-15 17:20 -------- d-----w- c:\documents and settings\All Users\Application Data\98727026
2009-06-15 16:32 . 2009-06-15 17:20 -------- d-----w- c:\documents and settings\All Users\Application Data\18717034
2009-06-15 16:32 . 2009-06-16 02:14 -------- d-sh--r- c:\program files\Manson
2009-06-12 21:50 . 2009-06-12 22:23 -------- d-----w- c:\docume~1\63\APPLIC~1\Command & Conquer 3 Tiberium Wars
2009-06-12 21:49 . 2009-06-12 21:49 98304 ----a-w- c:\windows\system32CmdLineExt.dll
2009-06-11 21:59 . 2009-06-11 22:00 -------- d-----w- c:\docume~1\63\APPLIC~1\Red Alert 3 Demo
2009-06-05 08:26 . 2009-06-05 08:26 -------- d--h--r- c:\docume~1\63\APPLIC~1\SecuROM
2009-06-05 08:26 . 2009-06-12 18:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Electronic Arts
2009-06-05 08:26 . 2009-06-05 08:26 -------- d-----w- C:\ProgramData
2009-06-05 08:24 . 2008-11-09 01:21 447752 ----a-w- c:\windows\system32\vp6vfw.dll
2009-06-05 08:24 . 2009-06-05 08:24 -------- d-----w- c:\program files\Microsoft WSE
2009-06-05 01:34 . 2009-06-11 18:33 -------- d-----w- c:\docume~1\63\APPLIC~1\IGN_DLM
2009-06-04 23:58 . 2009-06-04 23:58 -------- d-----w- c:\documents and settings\63\Local Settings\Application Data\Electronic Arts
2009-06-04 23:39 . 2009-06-04 23:40 -------- d-----w- c:\program files\MediaMonkey
2009-06-04 21:46 . 2009-06-04 23:50 -------- d-----w- c:\program files\Incomplete
2009-06-04 20:20 . 2009-06-04 20:20 -------- d-----w- c:\documents and settings\63\Local Settings\Application Data\World in Conflict - DEMO
2009-05-22 08:42 . 2009-06-12 21:38 -------- d-----w- c:\program files\Electronic Arts
2009-05-21 07:15 . 2009-05-21 07:15 -------- d-----w- c:\documents and settings\63\Local Settings\Application Data\Funcom
2009-05-19 04:33 . 2009-05-19 04:33 -------- d-----w- c:\documents and settings\63\Local Settings\Application Data\PunkBuster
2009-05-19 04:15 . 2009-05-19 04:18 -------- d-----w- c:\windows\NV3940448.TMP
2009-05-19 03:38 . 2009-03-09 19:27 453456 ----a-w- c:\windows\system32\d3dx10_41.dll
2009-05-19 03:38 . 2009-03-09 19:27 4178264 ----a-w- c:\windows\system32\D3DX9_41.dll
2009-05-19 03:38 . 2009-03-09 19:27 1846632 ----a-w- c:\windows\system32\D3DCompiler_41.dll
2009-05-19 03:38 . 2009-03-16 18:18 69448 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2009-05-19 03:38 . 2009-03-16 18:18 517448 ----a-w- c:\windows\system32\XAudio2_4.dll
2009-05-19 03:38 . 2009-03-16 18:18 235352 ----a-w- c:\windows\system32\xactengine3_4.dll
2009-05-19 03:38 . 2009-03-16 18:18 22360 ----a-w- c:\windows\system32\X3DAudio1_6.dll
2009-05-19 02:01 . 2009-05-19 02:01 -------- d-----w- c:\documents and settings\63\Local Settings\Application Data\Activision
2009-05-19 01:44 . 2009-05-28 03:49 -------- d-----w- c:\program files\Activision

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-16 01:16 . 2009-04-25 19:54 -------- d-----w- c:\program files\Steam
2009-06-16 00:14 . 2009-03-19 06:18 -------- d-----w- c:\program files\Trend Micro
2009-06-15 17:20 . 2009-03-08 05:07 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-06-15 17:17 . 2005-11-10 19:28 -------- d--h--w- c:\program files\InstallShield Installation Information

ok the full thing is too big so im guessing thats not it any advice how to get the C:\combofix.txt sorry im so inept went it comes to this stuff

Hello can you split the log into two posts or more if required.

so like the idiot i am my pc restarted and i didnt save that log but after words my computer seemed a bit more normal so i tryed to download malwarebytes again and it worked this time i did a quick scan and it found some infections that it removed and i got this log

Malwarebytes' Anti-Malware 1.37
Database version: 2285
Windows 5.1.2600 Service Pack 3

6/15/2009 10:41:37 PM
mbam-log-2009-06-15 (22-41-37).txt

Scan type: Quick Scan
Objects scanned: 83457
Time elapsed: 2 minute(s), 25 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

did another and got this

Malwarebytes' Anti-Malware 1.37
Database version: 2285
Windows 5.1.2600 Service Pack 3

6/15/2009 10:51:22 PM
mbam-log-2009-06-15 (22-51-22).txt

Scan type: Quick Scan
Objects scanned: 83580
Time elapsed: 2 minute(s), 27 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:

is there a way to check if theres still mal ware on my pc or if there jus somewhere else?

should i do another combo-fix scan?

No please, can you post the first ComboFix log that you did? If you don't remember where you saved it, it should be some where in your C:\ drive.

found it

ComboFix 09-06-15.04 - 63 06/15/2009 22:14.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.705 [GMT -4:00]
Running from: c:\documents and settings\63\Desktop\Combo-Fix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: ZoneAlarm Security Suite Antivirus *On-access scanning disabled* (Updated) {5D467B10-818C-4CAB-9FF7-6893B5B8F3CF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Manson\liser.dll
c:\program files\Manson\liser.exe
C:\tj.vbs
c:\windows\system32\drivers\UACfrxnmfldnqqowkm.sys
c:\windows\system32\UACcwcrduxhtjjijjo.log
c:\windows\system32\UACfoewgbnmybxbios.dat
c:\windows\system32\UACfpcskavylypiagu.dll
c:\windows\system32\uacinit.dll
c:\windows\system32\UACkiyqxypqaifsmpq.dll
c:\windows\system32\UACpcaovaohuoxqxwb.dll
c:\windows\system32\UACpjxvmcfwhptjkpe.log
c:\windows\system32\UACpsyunrlpjlklkxw.log
c:\windows\system32\UACptutfjjgubxheli.dll
c:\windows\system32\UACrrxbmqevdppevxb.dll
c:\windows\system32\UACrsuojnswvrpwkdo.dll
c:\windows\system32\uactmp.db
c:\windows\system32\UACvhkmwlkltvrrirn.db
c:\windows\Tasks\{783AF354-B514-42d6-970E-3E8BF0A5279C}.job

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_UACd.sys


((((((((((((((((((((((((( Files Created from 2009-05-16 to 2009-06-16 )))))))))))))))))))))))))))))))
.

2009-06-15 18:18 . 2009-05-26 17:20 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-15 18:18 . 2009-06-16 00:57 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-15 18:18 . 2009-06-15 18:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-06-15 18:18 . 2009-05-26 17:19 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-15 16:32 . 2009-06-15 16:32 2 ---h--w- c:\windows\zaponce53290.dat
2009-06-15 16:32 . 2009-06-15 16:32 2 ---h--w- c:\windows\zaponce53173.dat
2009-06-15 16:32 . 2009-06-15 17:20 -------- d-----w- c:\documents and settings\All Users\Application Data\98727026
2009-06-15 16:32 . 2009-06-15 17:20 -------- d-----w- c:\documents and settings\All Users\Application Data\18717034
2009-06-15 16:32 . 2009-06-16 02:14 -------- d-sh--r- c:\program files\Manson
2009-06-12 21:50 . 2009-06-12 22:23 -------- d-----w- c:\docume~1\63\APPLIC~1\Command & Conquer 3 Tiberium Wars
2009-06-12 21:49 . 2009-06-12 21:49 98304 ----a-w- c:\windows\system32CmdLineExt.dll
2009-06-11 21:59 . 2009-06-11 22:00 -------- d-----w- c:\docume~1\63\APPLIC~1\Red Alert 3 Demo
2009-06-05 08:26 . 2009-06-05 08:26 -------- d--h--r- c:\docume~1\63\APPLIC~1\SecuROM
2009-06-05 08:26 . 2009-06-12 18:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Electronic Arts
2009-06-05 08:26 . 2009-06-05 08:26 -------- d-----w- C:\ProgramData
2009-06-05 08:24 . 2008-11-09 01:21 447752 ----a-w- c:\windows\system32\vp6vfw.dll
2009-06-05 08:24 . 2009-06-05 08:24 -------- d-----w- c:\program files\Microsoft WSE
2009-06-05 01:34 . 2009-06-11 18:33 -------- d-----w- c:\docume~1\63\APPLIC~1\IGN_DLM
2009-06-04 23:58 . 2009-06-04 23:58 -------- d-----w- c:\documents and settings\63\Local Settings\Application Data\Electronic Arts
2009-06-04 23:39 . 2009-06-04 23:40 -------- d-----w- c:\program files\MediaMonkey
2009-06-04 21:46 . 2009-06-04 23:50 -------- d-----w- c:\program files\Incomplete
2009-06-04 20:20 . 2009-06-04 20:20 -------- d-----w- c:\documents and settings\63\Local Settings\Application Data\World in Conflict - DEMO
2009-05-22 08:42 . 2009-06-12 21:38 -------- d-----w- c:\program files\Electronic Arts
2009-05-21 07:15 . 2009-05-21 07:15 -------- d-----w- c:\documents and settings\63\Local Settings\Application Data\Funcom
2009-05-19 04:33 . 2009-05-19 04:33 -------- d-----w- c:\documents and settings\63\Local Settings\Application Data\PunkBuster
2009-05-19 04:15 . 2009-05-19 04:18 -------- d-----w- c:\windows\NV3940448.TMP
2009-05-19 03:38 . 2009-03-09 19:27 453456 ----a-w- c:\windows\system32\d3dx10_41.dll
2009-05-19 03:38 . 2009-03-09 19:27 4178264 ----a-w- c:\windows\system32\D3DX9_41.dll
2009-05-19 03:38 . 2009-03-09 19:27 1846632 ----a-w- c:\windows\system32\D3DCompiler_41.dll
2009-05-19 03:38 . 2009-03-16 18:18 69448 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2009-05-19 03:38 . 2009-03-16 18:18 517448 ----a-w- c:\windows\system32\XAudio2_4.dll
2009-05-19 03:38 . 2009-03-16 18:18 235352 ----a-w- c:\windows\system32\xactengine3_4.dll
2009-05-19 03:38 . 2009-03-16 18:18 22360 ----a-w- c:\windows\system32\X3DAudio1_6.dll
2009-05-19 02:01 . 2009-05-19 02:01 -------- d-----w- c:\documents and settings\63\Local Settings\Application Data\Activision
2009-05-19 01:44 . 2009-05-28 03:49 -------- d-----w- c:\program files\Activision

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-16 01:16 . 2009-04-25 19:54 -------- d-----w- c:\program files\Steam
2009-06-16 00:14 . 2009-03-19 06:18 -------- d-----w- c:\program files\Trend Micro
2009-06-15 17:20 . 2009-03-08 05:07 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-06-15 17:17 . 2005-11-10 19:28 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-04 23:57 . 2009-03-19 19:23 -------- d-----w- c:\docume~1\63\APPLIC~1\FrostWire
2009-06-04 23:50 . 2009-05-16 22:02 -------- d-----w- c:\program files\FrostWire
2009-05-23 23:03 . 2009-03-07 21:05 -------- d-----w- c:\docume~1\63\APPLIC~1\Azureus
2009-05-21 02:11 . 2009-05-05 09:44 189496 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-05-19 04:33 . 2009-05-05 05:06 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2009-05-19 01:59 . 2009-05-05 05:07 22328 ----a-w- c:\docume~1\63\APPLIC~1\PnkBstrK.sys
2009-05-16 19:24 . 2009-05-16 19:24 -------- d-----w- c:\program files\Windows Media Connect 2
2009-05-15 08:21 . 2009-05-15 08:21 201728 ----a-w- c:\windows\system32\[adult swim] neon light.scr
2009-05-15 05:43 . 2009-05-15 05:43 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2009-05-15 05:43 . 2009-05-15 05:43 -------- d-----w- c:\program files\Google
2009-05-15 05:43 . 2009-05-15 05:43 -------- d-----w- c:\program files\ZSoft
2009-05-15 05:43 . 2009-05-15 05:43 -------- d-----w- c:\program files\Yahoo!
2009-05-15 05:43 . 2009-05-15 05:43 -------- d-----w- c:\program files\Three Rings Design
2009-05-15 05:43 . 2009-05-15 05:43 -------- d-----w- c:\program files\AskBarDis
2009-05-15 05:32 . 2008-05-27 06:00 -------- d-----w- c:\docume~1\63\APPLIC~1\StumbleUpon
2009-05-13 06:32 . 2009-05-02 20:10 -------- d-----w- c:\program files\Microsoft Games for Windows - LIVE
2009-05-10 06:36 . 2008-04-18 17:11 13104 ----a-w- c:\documents and settings\63\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-08 19:07 . 2009-04-30 19:32 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-05-07 15:32 . 2005-08-31 14:51 345600 ----a-w- c:\windows\system32\localspl.dll
2009-05-06 09:55 . 2009-05-06 09:55 -------- d-----w- c:\docume~1\63\APPLIC~1\The Creative Assembly
2009-05-02 20:18 . 2009-05-02 20:18 -------- d-----w- c:\program files\MSBuild
2009-05-02 20:18 . 2009-05-02 20:18 62304 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-05-02 20:13 . 2009-05-02 20:13 -------- d-----w- c:\program files\Reference Assemblies
2009-05-02 17:28 . 2009-03-08 05:07 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-05-02 17:28 . 2009-03-08 05:07 325896 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-05-02 17:28 . 2009-03-08 05:07 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-05-02 17:28 . 2009-03-08 05:07 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-05-01 20:01 . 2009-05-01 20:01 -------- d-----w- c:\program files\AGEIA Technologies
2009-05-01 19:58 . 2009-05-01 19:58 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-04-30 19:34 . 2008-04-25 01:16 -------- d-----w- c:\docume~1\63\APPLIC~1\Ventrilo
2009-04-29 04:56 . 2005-08-31 14:52 827392 ----a-w- c:\windows\system32\wininet.dll
2009-04-29 04:55 . 2009-03-26 18:12 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-04-22 04:20 . 2009-04-22 04:20 14311680 ----a-w- c:\windows\system32\xlive.dll
2009-04-22 04:20 . 2009-04-22 04:20 13642496 ----a-w- c:\windows\system32\xlivefnt.dll
2009-04-17 12:26 . 2005-08-31 14:52 1847168 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 14:51 . 2005-08-31 14:51 585216 ----a-w- c:\windows\system32\rpcrt4.dll
2009-03-27 12:14 . 2009-05-01 19:57 453152 ----a-w- c:\windows\system32\nvuninst.exe
2009-03-19 08:41 . 2009-03-19 08:41 0 -c--a-w- c:\windows\nsreg.dat

second half
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"Steam"="c:\program files\steam\steam.exe" [2009-06-10 1217784]
"EA Core"="c:\program files\Electronic Arts\EADM\Core.exe" [2009-04-29 3338240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-05-02 1947928]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-15 135168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-15 159744]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-15 131072]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-03-28 13684736]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-03-28 86016]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2009-03-28 1657376]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
2001-12-21 04:34 24576 ----a-w- c:\program files\AlienGUIse\fastload.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-05-02 17:28 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKLM\~\startupfolder\C:^Documents and Settings^63^Start Menu^Programs^Startup^FrostWire On Startup.lnk]
path=c:\documents and settings\63\Start Menu\Programs\Startup\FrostWire On Startup.lnk
backup=c:\windows\pss\FrostWire On Startup.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Steam\\steamapps\\sargentpepper06\\team fortress 2\\hl2.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Steam\\steamapps\\sargentpepper06\\day of defeat source\\hl2.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\company of heroes\\RelicDownloader\\RelicDownloader.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\dawn of war 2\\DOW2.exe"=
"c:\\Program Files\\FrostWire\\FrostWire.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\dead space\\Dead Space.exe"=
"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\company of heroes\\RelicCOH.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\company of heroes\\help.htm"=
"c:\\Program Files\\Steam\\steamapps\\common\\left 4 dead\\left4dead.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [3/8/2009 1:07 AM 325896]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [3/8/2009 1:07 AM 108552]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [3/8/2009 1:07 AM 908568]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [3/8/2009 1:07 AM 298776]
S4 ASKService;ASKService;c:\program files\AskBarDis\bar\bin\AskService.exe [3/7/2009 5:05 PM 464264]
S4 ASKUpgrade;ASKUpgrade;c:\program files\AskBarDis\bar\bin\ASKUpgrade.exe [3/7/2009 5:06 PM 234888]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,LaunchINFSectionEx c:\program files\Internet Explorer\clrtour.inf,DefaultInstall.ResetTour,,12
.
Contents of the 'Scheduled Tasks' folder
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-kell - c:\program files\Manson\liser.exe
HKCU-Run-ColdWare - c:\windows\msa.exe


.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.ask.com?gcht=HD&o=101676&l=dis
uInternet Settings,ProxyOverride =
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: StumbleUpon PhotoBlog It! - StumbleUponIEBar.dll/blogimage
FF - ProfilePath -
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-15 22:18
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1008904861-3847084260-3245235271-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]
@Denied: (Full) (LocalSystem)
@SACL=

[HKEY_USERS\S-1-5-21-1008904861-3847084260-3245235271-1005\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:14,78,f6,f1,71,4c,30,27,3a,65,8d,ba,34,fb,53,a4,25,f3,90,f6,2a,8f,8d,
75,47,1c,54,d8,5a,f1,50,60,7b,14,60,87,53,2e,c8,d9,71,ef,2d,93,d9,66,83,bd,\
"??"=hex:5d,2e,bc,00,9b,07,bc,9c,34,34,87,88,c9,ab,ca,0d

[HKEY_USERS\S-1-5-21-1008904861-3847084260-3245235271-1005\Software\SecuROM\License information*]
"datasecu"=hex:e9,95,9a,c2,64,5b,45,3c,47,22,21,01,b1,fa,f7,51,55,08,a8,dc,0b,
3f,d7,b2,4f,e1,97,87,1b,85,2d,a9,3e,0b,cb,08,91,b5,f1,fd,2f,18,08,16,b9,90,\
"rkeysecu"=hex:8e,30,6a,91,0b,7b,81,9c,32,6d,b6,1c,93,e6,b6,1b
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(652)
c:\program files\AlienGUIse\fastload.dll
.
Completion time: 2009-06-16 22:19
ComboFix-quarantined-files.txt 2009-06-16 02:19

Pre-Run: 10,773,327,872 bytes free
Post-Run: 10,904,522,752 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect /noguiboot

225 --- E O F --- 2009-06-15 22:44

Now open a new notepad file.
Input this into the notepad file:

File::
c:\windows\zaponce53290.dat
c:\windows\zaponce53173.dat
c:\documents and settings\All Users\Application Data\98727026
c:\documents and settings\All Users\Application Data\18717034
c:\windows\NV3940448.TMP

Folder::
c:\docume~1\63\APPLIC~1\FrostWire
c:\program files\FrostWire
c:\docume~1\63\APPLIC~1\Azureus
c:\program files\AskBarDis

Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\FrostWire\\FrostWire.exe"=-

Save this as CFScript.txt, save it to your desktop also.
Then drag and drop CFScript.txt into combofix as seen below:


This will open combofix again, agree to it's terms and allow it to run.
It may want to reboot after it's done. (It will warn you if it wants to)
Post the resulting log back here.

ok here it is
ComboFix 09-06-15.05 - 63 06/16/2009 1:12.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.645 [GMT -4:00]
Running from: c:\documents and settings\63\Desktop\Combo-Fix.exe
Command switches used :: c:\documents and settings\63\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: ZoneAlarm Security Suite Antivirus *On-access scanning disabled* (Updated) {5D467B10-818C-4CAB-9FF7-6893B5B8F3CF}
* Created a new restore point

FILE ::
"c:\documents and settings\All Users\Application Data\18717034"
"c:\documents and settings\All Users\Application Data\98727026"
"c:\windows\NV3940448.TMP"
"c:\windows\zaponce53173.dat"
"c:\windows\zaponce53290.dat"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\63\APPLIC~1\Azureus
c:\docume~1\63\APPLIC~1\FrostWire
c:\program files\AskBarDis
c:\program files\FrostWire
c:\docume~1\63\APPLIC~1\Azureus\.certs
c:\docume~1\63\APPLIC~1\Azureus\.keystore
c:\docume~1\63\APPLIC~1\Azureus\.lock
c:\docume~1\63\APPLIC~1\Azureus\active\1F0806CB3461530BA5FE80BF3D8C96A02C9AF5A1.dat
c:\docume~1\63\APPLIC~1\Azureus\active\1F0806CB3461530BA5FE80BF3D8C96A02C9AF5A1.dat.bak
c:\docume~1\63\APPLIC~1\Azureus\active\3383A9047FCC91C89ACB745516913CFD9A514CE5.dat
c:\docume~1\63\APPLIC~1\Azureus\active\3383A9047FCC91C89ACB745516913CFD9A514CE5.dat.bak
c:\docume~1\63\APPLIC~1\Azureus\active\49465DCC1EA3D751B37EA5661DDF248F471DDEBA.dat
c:\docume~1\63\APPLIC~1\Azureus\active\49465DCC1EA3D751B37EA5661DDF248F471DDEBA.dat.bak
c:\docume~1\63\APPLIC~1\Azureus\active\88DF30D6E7F420EF9BB857801A530A25F4BE229F.dat
c:\docume~1\63\APPLIC~1\Azureus\active\88DF30D6E7F420EF9BB857801A530A25F4BE229F.dat.bak
c:\docume~1\63\APPLIC~1\Azureus\active\A46398E82821F6A5BCE060E40CDBE6507BE41DE0.dat
c:\docume~1\63\APPLIC~1\Azureus\active\A46398E82821F6A5BCE060E40CDBE6507BE41DE0.dat.bak
c:\docume~1\63\APPLIC~1\Azureus\active\B0C8AF6333F7A902936FF5C8D3EE99118118C418.dat
c:\docume~1\63\APPLIC~1\Azureus\active\B0C8AF6333F7A902936FF5C8D3EE99118118C418.dat.bak
c:\docume~1\63\APPLIC~1\Azureus\active\cache.dat
c:\docume~1\63\APPLIC~1\Azureus\active\E853C402E8D2D4E5D1AAD2D4345BB9A0265E5009.dat
c:\docume~1\63\APPLIC~1\Azureus\active\E853C402E8D2D4E5D1AAD2D4345BB9A0265E5009.dat.bak
c:\docume~1\63\APPLIC~1\Azureus\azureus.config
c:\docume~1\63\APPLIC~1\Azureus\azureus.config.bak
c:\docume~1\63\APPLIC~1\Azureus\azureus.statistics
c:\docume~1\63\APPLIC~1\Azureus\azureus.statistics.bak
c:\docume~1\63\APPLIC~1\Azureus\banips.config
c:\docume~1\63\APPLIC~1\Azureus\banips.config.bak
c:\docume~1\63\APPLIC~1\Azureus\cache\1191085919.ico
c:\docume~1\63\APPLIC~1\Azureus\cache\1254202186.ico
c:\docume~1\63\APPLIC~1\Azureus\cache\1569122847.ico
c:\docume~1\63\APPLIC~1\Azureus\cnetworks.config
c:\docume~1\63\APPLIC~1\Azureus\devices.config
c:\docume~1\63\APPLIC~1\Azureus\devices.config.bak
c:\docume~1\63\APPLIC~1\Azureus\devices\3_uuid_40748326-1505-2000-0000-00125aad44ff__upnp_rootdevice.dat
c:\docume~1\63\APPLIC~1\Azureus\dht\addresses.dat
c:\docume~1\63\APPLIC~1\Azureus\dht\contacts.dat
c:\docume~1\63\APPLIC~1\Azureus\dht\diverse.dat
c:\docume~1\63\APPLIC~1\Azureus\dht\general.dat
c:\docume~1\63\APPLIC~1\Azureus\dht\version.dat
c:\docume~1\63\APPLIC~1\Azureus\downloads.config
c:\docume~1\63\APPLIC~1\Azureus\downloads.config.bak
c:\docume~1\63\APPLIC~1\Azureus\friends.config
c:\docume~1\63\APPLIC~1\Azureus\friends.config.bak
c:\docume~1\63\APPLIC~1\Azureus\ipfilter.cache
c:\docume~1\63\APPLIC~1\Azureus\logs\alerts_1.log
c:\docume~1\63\APPLIC~1\Azureus\logs\AutoSpeedSearchHistory_1.log
c:\docume~1\63\APPLIC~1\Azureus\logs\clientid_1.log
c:\docume~1\63\APPLIC~1\Azureus\logs\CNetworks_1.log
c:\docume~1\63\APPLIC~1\Azureus\logs\debug_1.log
c:\docume~1\63\APPLIC~1\Azureus\logs\Devices_1.log
c:\docume~1\63\APPLIC~1\Azureus\logs\Friends_1.log
c:\docume~1\63\APPLIC~1\Azureus\logs\MetaSearch_1.log
c:\docume~1\63\APPLIC~1\Azureus\logs\MetaSearch_Engine_3.txt
c:\docume~1\63\APPLIC~1\Azureus\logs\MetaSearch_Engine_4.txt
c:\docume~1\63\APPLIC~1\Azureus\logs\MetaSearch_Engine_5.txt
c:\docume~1\63\APPLIC~1\Azureus\logs\MetaSearch_Engine_9.txt
c:\docume~1\63\APPLIC~1\Azureus\logs\NetStatus_1.log
c:\docume~1\63\APPLIC~1\Azureus\logs\save\1242923380593_alerts_1.log
c:\docume~1\63\APPLIC~1\Azureus\logs\save\1242923380593_clientid_1.log
c:\docume~1\63\APPLIC~1\Azureus\logs\save\1242923380593_CNetworks_1.log
c:\docume~1\63\APPLIC~1\Azureus\logs\save\1242923380593_debug_1.log
c:\docume~1\63\APPLIC~1\Azureus\logs\save\1242923380593_Devices_1.log
c:\docume~1\63\APPLIC~1\Azureus\logs\save\1242923380593_Friends_1.log
c:\docume~1\63\APPLIC~1\Azureus\logs\save\1242923380593_MetaSearch_1.log
c:\docume~1\63\APPLIC~1\Azureus\logs\save\1242923380593_MetaSearch_Engine_3.txt
c:\docume~1\63\APPLIC~1\Azureus\logs\save\1242923380593_MetaSearch_Engine_4.txt
c:\docume~1\63\APPLIC~1\Azureus\logs\save\1242923380593_MetaSearch_Engine_5.txt
c:\docume~1\63\APPLIC~1\Azureus\logs\save\1242923380593_MetaSearch_Engine_9.txt
c:\docume~1\63\APPLIC~1\Azureus\logs\save\1242923380593_seltrace_1.log
c:\docume~1\63\APPLIC~1\Azureus\logs\save\1242923380593_Subscriptions_1.log
c:\docume~1\63\APPLIC~1\Azureus\logs\save\1242923380593_thread_1.log
c:\docume~1\63\APPLIC~1\Azureus\logs\save\1242923380593_thread_2.log
c:\docume~1\63\APPLIC~1\Azureus\logs\save\1242923380593_v3.ads_1.log
c:\docume~1\63\APPLIC~1\Azureus\logs\save\1242923380593_v3.CMsgr_1.log
c:\docume~1\63\APPLIC~1\Azureus\logs\save\1242923380593_v3.emp_1.log
c:\docume~1\63\APPLIC~1\Azureus\logs\save\1242923380593_v3.Friends_1.log
c:\docume~1\63\APPLIC~1\Azureus\logs\save\1242923380593_v3.PMsgr_1.log
c:\docume~1\63\APPLIC~1\Azureus\logs\save\1242923380593_v3.Stream_1.log
c:\docume~1\63\APPLIC~1\Azureus\logs\save\1243109136062_alerts_1.log
c:\docume~1\63\APPLIC~1\Azureus\logs\save\1243109136062_clientid_1.log
c:\docume~1\63\APPLIC~1\Azureus\logs\save\1243109136062_CNetworks_1.log
c:\docume~1\63\APPLIC~1\Azureus\logs\save\1243109136062_debug_1.log
c:\docume~1\63\APPLIC~1\Azureus\logs\save\1243109136062_Devices_1.log
c:\docume~1\63\APPLIC~1\Azureus\logs\save\1243109136062_Friends_1.log
c:\docume~1\63\APPLIC~1\Azureus\logs\save\1243109136062_MetaSearch_1.log
c:\docume~1\63\APPLIC~1\Azureus\logs\save\1243109136062_MetaSearch_Engine_3.txt
c:\docume~1\63\APPLIC~1\Azureus\logs\save\1243109136062_MetaSearch_Engine_4.txt
c:\docume~1\63\APPLIC~1\Azureus\logs\save\1243109136062_MetaSearch_Engine_5.txt
c:\docume~1\63\APPLIC~1\Azureus\logs\save\1243109136062_MetaSearch_Engine_9.txt
c:\docume~1\63\APPLIC~1\Azureus\logs\save\1243109136062_NetStatus_1.log
c:\docume~1\63\APPLIC~1\Azureus\logs\save\1243109136062_seltrace_1.log
c:\docume~1\63\APPLIC~1\Azureus\logs\save\1243109136062_Subscriptions_1.log
c:\docume~1\63\APPLIC~1\Azureus\logs\save\1243109136062_thread_1.log
c:\docume~1\63\APPLIC~1\Azureus\logs\save\1243109136062_thread_2.log
c:\docume~1\63\APPLIC~1\Azureus\logs\save\1243109136062_v3.ads_1.log
c:\docume~1\63\APPLIC~1\Azureus\logs\save\1243109136062_v3.CMsgr_1.log
c:\docume~1\63\APPLIC~1\Azureus\logs\save\1243109136062_v3.emp_1.log
c:\docume~1\63\APPLIC~1\Azureus\logs\save\1243109136062_v3.emp_2.log
c:\docume~1\63\APPLIC~1\Azureus\logs\save\1243109136062_v3.Friends_1.log
c:\docume~1\63\APPLIC~1\Azureus\logs\save\1243109136062_v3.PMsgr_1.log
c:\docume~1\63\APPLIC~1\Azureus\logs\save\1243109136062_v3.Stream_1.log
c:\docume~1\63\APPLIC~1\Azureus\logs\seltrace_1.log
c:\docume~1\63\APPLIC~1\Azureus\logs\Subscriptions_1.log
c:\docume~1\63\APPLIC~1\Azureus\logs\thread_1.log
c:\docume~1\63\APPLIC~1\Azureus\logs\thread_2.log
c:\docume~1\63\APPLIC~1\Azureus\logs\v3.ads_1.log
c:\docume~1\63\APPLIC~1\Azureus\logs\v3.CMsgr_1.log
c:\docume~1\63\APPLIC~1\Azureus\logs\v3.emp_1.log
c:\docume~1\63\APPLIC~1\Azureus\logs\v3.emp_2.log
c:\docume~1\63\APPLIC~1\Azureus\logs\v3.Friends_1.log
c:\docume~1\63\APPLIC~1\Azureus\logs\v3.PMsgr_1.log
c:\docume~1\63\APPLIC~1\Azureus\logs\v3.Stream_1.log
c:\docume~1\63\APPLIC~1\Azureus\media\azpd\AVX3TMMSDYY4WDKUWD3ALEFUYUMS6YNX.azpd
c:\docume~1\63\APPLIC~1\Azureus\metasearch.config
c:\docume~1\63\APPLIC~1\Azureus\net\pm_11427.dat
c:\docume~1\63\APPLIC~1\Azureus\net\pm_default.dat
c:\docume~1\63\APPLIC~1\Azureus\plugins\azump\azump_1.3.jar
c:\docume~1\63\APPLIC~1\Azureus\plugins\azump\azump_1.3.zip
c:\docume~1\63\APPLIC~1\Azureus\plugins\azump\mplayer.exe
c:\docume~1\63\APPLIC~1\Azureus\plugins\azump\mplayer\config
c:\docume~1\63\APPLIC~1\Azureus\plugins\azupnpav\cd.dat
c:\docume~1\63\APPLIC~1\Azureus\plugins\vuzexcode\ffmpeg.exe
c:\docume~1\63\APPLIC~1\Azureus\plugins\vuzexcode\mediainfo.exe
c:\docume~1\63\APPLIC~1\Azureus\plugins\vuzexcode\plugin.properties
c:\docume~1\63\APPLIC~1\Azureus\plugins\vuzexcode\profiles\AppleTV.properties
c:\docume~1\63\APPLIC~1\Azureus\plugins\vuzexcode\profiles\Browser.properties
c:\docume~1\63\APPLIC~1\Azureus\plugins\vuzexcode\profiles\Generic_mp4.properties
c:\docume~1\63\APPLIC~1\Azureus\plugins\vuzexcode\profiles\iPhone.properties
c:\docume~1\63\APPLIC~1\Azureus\plugins\vuzexcode\profiles\iPodClassic.properties
c:\docume~1\63\APPLIC~1\Azureus\plugins\vuzexcode\profiles\iPodNano.properties
c:\docume~1\63\APPLIC~1\Azureus\plugins\vuzexcode\profiles\iPodTouch.properties
c:\docume~1\63\APPLIC~1\Azureus\plugins\vuzexcode\profiles\PS3_HD.properties
c:\docume~1\63\APPLIC~1\Azureus\plugins\vuzexcode\profiles\PS3_SD.properties
c:\docume~1\63\APPLIC~1\Azureus\plugins\vuzexcode\profiles\PSP.properties
c:\docume~1\63\APPLIC~1\Azureus\plugins\vuzexcode\profiles\Wii.properties
c:\docume~1\63\APPLIC~1\Azureus\plugins\vuzexcode\profiles\XBox_HD.properties
c:\docume~1\63\APPLIC~1\Azureus\plugins\vuzexcode\profiles\XBox_SD.properties
c:\docume~1\63\APPLIC~1\Azureus\plugins\vuzexcode\profiles\Zen.properties
c:\docume~1\63\APPLIC~1\Azureus\plugins\vuzexcode\vuzexcode_0.2.6.jar
c:\docume~1\63\APPLIC~1\Azureus\plugins\vuzexcode\vuzexcode_0.2.6.zip
c:\docume~1\63\APPLIC~1\Azureus\sidebarauto.config
c:\docume~1\63\APPLIC~1\Azureus\sidebarauto.config.bak
c:\docume~1\63\APPLIC~1\Azureus\subs\00C60E73A94959D3C5D4.vuze
c:\docume~1\63\APPLIC~1\Azureus\subs\02BAAAEBE411DFAC0244.vuze
c:\docume~1\63\APPLIC~1\Azureus\subs\09A4EF071DB008D2F8DB.vuze
c:\docume~1\63\APPLIC~1\Azureus\subs\09B6E1830B19307D8626.vuze
c:\docume~1\63\APPLIC~1\Azureus\subs\0F193C9F601B15C4EFFE.vuze
c:\docume~1\63\APPLIC~1\Azureus\subs\0F43028A20CF28E3BD66.vuze
c:\docume~1\63\APPLIC~1\Azureus\subs\0F853B9D4B9B0ADD1E34.vuze
c:\docume~1\63\APPLIC~1\Azureus\subs\13CCCA643B4D4185F7D8.vuze
c:\docume~1\63\APPLIC~1\Azureus\subs\14A8380B2C8C4475E38F.vuze
c:\docume~1\63\APPLIC~1\Azureus\subs\19B6D8EE8077BAADAE86.vuze
c:\docume~1\63\APPLIC~1\Azureus\subs\19D197C718E86D5B1B15.vuze
c:\docume~1\63\APPLIC~1\Azureus\subs\1A3FC0313635EB3FFECF.vuze
c:\docume~1\63\APPLIC~1\Azureus\subs\204A61AC58762563C9F4.vuze
c:\docume~1\63\APPLIC~1\Azureus\subs\21B6F154E1FA75E4DF0A.vuze
c:\docume~1\63\APPLIC~1\Azureus\subs\2352F568FEAE843EAF78.vuze
c:\docume~1\63\APPLIC~1\Azureus\subs\23C07FC046663EDB38E5.vuze
c:\docume~1\63\APPLIC~1\Azureus\subs\25D5429BA8913199E8C8.vuze
c:\docume~1\63\APPLIC~1\Azureus\subs\2DD1C5844C18CFF84D89.vuze
c:\docume~1\63\APPLIC~1\Azureus\subs\2DD34BCB85CDDCB979F0.vuze
c:\docume~1\63\APPLIC~1\Azureus\subs\3405D0DD44921CFD1D39.vuze
c:\docume~1\63\APPLIC~1\Azureus\subs\3899974FA488B341844A.vuze
c:\docume~1\63\APPLIC~1\Azureus\subs\38F14939A1ADE522383C.vuze
c:\docume~1\63\APPLIC~1\Azureus\subs\3CE1DE1CE7E9DE480F06.vuze
c:\docume~1\63\APPLIC~1\Azureus\subs\3DDB51032045BA8FCB22.vuze
c:\docume~1\63\APPLIC~1\Azureus\subs\400B09C6BFC041C77125.vuze
c:\docume~1\63\APPLIC~1\Azureus\subs\41B5BA8E964DADE2D58B.vuze
c:\docume~1\63\APPLIC~1\Azureus\subs\428870FB845DFB86BDFF.vuze
c:\docume~1\63\APPLIC~1\Azureus\subs\475A6FF4074864929368.vuze
c:\docume~1\63\APPLIC~1\Azureus\subs\47CAC7EA4C11BAF87F29.vuze
c:\docume~1\63\APPLIC~1\Azureus\subs\4A522F963512B9C510B9.vuze
c:\docume~1\63\APPLIC~1\Azureus\subs\4E52720D295BF1A3277A.vuze
c:\docume~1\63\APPLIC~1\Azureus\subs\4E8485C5DD6EA6FADE1E.vuze
c:\docume~1\63\APPLIC~1\Azureus\subs\51A2E99917A2ED165FA9.vuze
c:\docume~1\63\APPLIC~1\Azureus\subs\54BCD7706C9AED3A4424.vuze
c:\docume~1\63\APPLIC~1\Azureus\subs\5606B699ABC25A96CBF5.vuze
c:\docume~1\63\APPLIC~1\Azureus\subs\561060E15D5F31D5F891.vuze
c:\docume~1\63\APPLIC~1\Azureus\subs\581765478D3517627C73.vuze
c:\docume~1\63\APPLIC~1\Azureus\subs\5C512BBF2C688C6C8A9F.vuze
c:\docume~1\63\APPLIC~1\Azureus\subs\5C66EC0C29AFE1D1718A.vuze
c:\docume~1\63\APPLIC~1\Azureus\subs\5CBA0BA6AAA42E09B126.vuze
c:\docume~1\63\APPLIC~1\Azureus\subs\659E360DA4C7A78064E4.vuze
c:\docume~1\63\APPLIC~1\Azureus\subs\6824755C86CF5244EBB4.vuze
c:\docume~1\63\APPLIC~1\Azureus\subs\68461FFBE2AB011691AE.vuze
c:\docume~1\63\APPLIC~1\Azureus\subs\687B5D8D87F188977E5D.vuze
c:\docume~1\63\APPLIC~1\Azureus\subs\6A655F329E284AFA36C3.vuze
c:\docume~1\63\APPLIC~1\Azureus\subs\6A803897AA33CE5BEFFE.vuze
c:\docume~1\63\APPLIC~1\Azureus\subs\6CE4CD4B41EB765CCBCF.vuze
c:\docume~1\63\APPLIC~1\Azureus\subs\6E3AFF2A1E5913E176E7.vuze
c:\docume~1\63\APPLIC~1\Azureus\subs\7076DB20A5F225DDB82C.vuze
c:\docume~1\63\APPLIC~1\Azureus\subs\708C5D9333EC9E54E297.vuze
c:\docume~1\63\APPLIC~1\Azureus\subs\722FEC9BA057A883FE52.vuze
c:\docume~1\63\APPLIC~1\Azureus\subs\740AF5DF29177BDBE64C.vuze
c:\docume~1\63\APPLIC~1\Azureus\subs\7E32D607DDE5A5304A3A.vuze
c:\docume~1\63\APPLIC~1\Azureus\subs\7EB198584F3721914E9D.vuze
c:\docume~1\63\APPLIC~1\Azureus\subs\7F62CD6CE66C7D1E357D.vuze
c:\docume~1\63\APPLIC~1\Azureus\subs\83E942CD74E5F15FE40A.vuze
c:\docume~1\63\APPLIC~1\Azureus\subs\85C5A6BB1D2123A1ADA4.vuze
c:\docume~1\63\APPLIC~1\Azureus\subs\87E23B1872099785E348.vuze
c:\docume~1\63\APPLIC~1\Azureus\subs\8B9A427971C2CE1EADDB.vuze

c:\docume~1\63\APPLIC~1\Azureus\subs\8BB3D41DAD783FD2C653.vuze
c:\docume~1\63\APPLIC~1\Azureus\subs\8DE6E5753F5ADF094F49.vuze
c:\docume~1\63\APPLIC~1\Azureus\subs\900C1E0998B587F65A47.vuze
c:\docume~1\63\APPLIC~1\Azureus\subs\9088D6D9BF1D22EB36D9.vuze
c:\docume~1\63\APPLIC~1\Azureus\subs\909DA4CC561DFEEEA518.vuze
c:\docume~1\63\APPLIC~1\Azureus\subs\92CAAF7810F2D6D82973.vuze
c:\docume~1\63\APPLIC~1\Azureus\subs\95B34C1A1F40931D0972.vuze
c:\docume~1\63\APPLIC~1\Azureus\subs\993921E93E8EE8265D2F.vuze
c:\docume~1\63\APPLIC~1\Azureus\subs\A57341AB2AA7A98D5F19.vuze
c:\docume~1\63\APPLIC~1\Azureus\subs\A8269DBB06060B430805.vuze
c:\docume~1\63\APPLIC~1\Azureus\subs\AA18A55630A89D766D85.vuze
c:\docume~1\63\APPLIC~1\Azureus\subs\AC45575633A120FE1243.vuze
c:\docume~1\63\APPLIC~1\Azureus\subs\AECE91637B085F60479A.vuze
c:\docume~1\63\APPLIC~1\Azureus\subs\AF734186BA1B192A332E.vuze
c:\docume~1\63\APPLIC~1\Azureus\subs\AF982FE05518DF77E24D.vuze
c:\docume~1\63\APPLIC~1\Azureus\subs\B386CD3CFAF04D324C4C.vuze
c:\docume~1\63\APPLIC~1\Azureus\subs\B7DBB427AF1E5D29B174.vuze
c:\docume~1\63\APPLIC~1\Azureus\subs\B838F5D871039A5EF5B3.vuze
c:\docume~1\63\APPLIC~1\Azureus\subs\BAD9AC808DA5DC699651.vuze
c:\docume~1\63\APPLIC~1\Azureus\subs\BBA708018991E48BD0CC.vuze
c:\docume~1\63\APPLIC~1\Azureus\subs\BC330A5B5B760F1BAE11.vuze
c:\docume~1\63\APPLIC~1\Azureus\subs\BE6128F7FD624E895C5D.vuze
c:\docume~1\63\APPLIC~1\Azureus\subs\BFBFF494C21FC0860207.vuze
c:\docume~1\63\APPLIC~1\Azureus\subs\C1644D5D299CAD509D1F.vuze
c:\docume~1\63\APPLIC~1\Azureus\subs\C9EBC80E3E1D103634DB.vuze
c:\docume~1\63\APPLIC~1\Azureus\subs\CA52C723D1141B06883C.vuze
c:\docume~1\63\APPLIC~1\Azureus\subs\CB9B17C97A13AA049726.vuze
c:\docume~1\63\APPLIC~1\Azureus\subs\CDD83C59A01168973626.vuze
c:\docume~1\63\APPLIC~1\Azureus\subs\CFEBA32C2B2EE1A8FCDB.vuze
c:\docume~1\63\APPLIC~1\Azureus\subs\D1A213C0AE585959D03D.vuze
c:\docume~1\63\APPLIC~1\Azureus\subs\D8FEE1A7C995129DD009.vuze
c:\docume~1\63\APPLIC~1\Azureus\subs\DE85E135FD3B432053D4.vuze
c:\docume~1\63\APPLIC~1\Azureus\subs\E06604853A0D65E6C436.vuze
c:\docume~1\63\APPLIC~1\Azureus\subs\E3FAFADD4E7B350EBFCD.vuze
c:\docume~1\63\APPLIC~1\Azureus\subs\E600889D25A9AA614446.vuze
c:\docume~1\63\APPLIC~1\Azureus\subs\E67D8443DF3B6D5C02B4.vuze
c:\docume~1\63\APPLIC~1\Azureus\subs\E6925ADD353B0CC4752A.vuze
c:\docume~1\63\APPLIC~1\Azureus\subs\E6A810C0D7599C2A37F4.vuze
c:\docume~1\63\APPLIC~1\Azureus\subs\E6AEACFA5544EAB6E688.vuze
c:\docume~1\63\APPLIC~1\Azureus\subs\E945B0308AD3020B8B78.vuze
c:\docume~1\63\APPLIC~1\Azureus\subs\EB63245BB20838CB4C32.vuze
c:\docume~1\63\APPLIC~1\Azureus\subs\EC1EA4CD184D3EC77C1F.vuze
c:\docume~1\63\APPLIC~1\Azureus\subs\ECF2D5E1A96472A47669.vuze
c:\docume~1\63\APPLIC~1\Azureus\subs\F1C7D40089B99176C8A3.vuze
c:\docume~1\63\APPLIC~1\Azureus\subs\F61DD2E5A0FFAA417F95.vuze
c:\docume~1\63\APPLIC~1\Azureus\subs\F697EC37C5A4D154EB6F.vuze
c:\docume~1\63\APPLIC~1\Azureus\subs\F94F6371F4A3DDF480B1.vuze
c:\docume~1\63\APPLIC~1\Azureus\subs\FB842F38FBD17B46F780.vuze
c:\docume~1\63\APPLIC~1\Azureus\subs\FD5743941A5616C485DC.vuze
c:\docume~1\63\APPLIC~1\Azureus\subs\FF0EBBE21CEC049A539D.vuze
c:\docume~1\63\APPLIC~1\Azureus\subscriptions.config
c:\docume~1\63\APPLIC~1\Azureus\subscriptions.config.bak
c:\docume~1\63\APPLIC~1\Azureus\tables.config
c:\docume~1\63\APPLIC~1\Azureus\tables.config.bak
c:\docume~1\63\APPLIC~1\Azureus\timingstats.dat
c:\docume~1\63\APPLIC~1\Azureus\tmp\AZU47958.tmp
c:\docume~1\63\APPLIC~1\Azureus\tmp\AZU47959.tmp
c:\docume~1\63\APPLIC~1\Azureus\tmp\AZU47960.tmp
c:\docume~1\63\APPLIC~1\Azureus\tmp\AZU47961.tmp
c:\docume~1\63\APPLIC~1\Azureus\tmp\AZU47962.tmp
c:\docume~1\63\APPLIC~1\Azureus\tmp\AZU47963.tmp
c:\docume~1\63\APPLIC~1\Azureus\tmp\AZU47964.tmp
c:\docume~1\63\APPLIC~1\Azureus\tmp\AZU47965.tmp
c:\docume~1\63\APPLIC~1\Azureus\tmp\AZU47966.tmp
c:\docume~1\63\APPLIC~1\Azureus\tmp\AZU47968.tmp
c:\docume~1\63\APPLIC~1\Azureus\tmp\AZU47969.tmp
c:\docume~1\63\APPLIC~1\Azureus\tmp\AZU47970.tmp
c:\docume~1\63\APPLIC~1\Azureus\torrents\_Suicide_Girls___The_First_Tour.torrent
c:\docume~1\63\APPLIC~1\Azureus\torrents\30_Rock_Season_1_Complete_HDTV_soagg[1].torrent
c:\docume~1\63\APPLIC~1\Azureus\torrents\30_Rock_Season_2_Complete_HDTV_XVID_soagg[1].torrent
c:\docume~1\63\APPLIC~1\Azureus\torrents\AZU14881.tmp
c:\docume~1\63\APPLIC~1\Azureus\torrents\AZU48282.tmp
c:\docume~1\63\APPLIC~1\Azureus\torrents\AZU5338.tmp
c:\docume~1\63\APPLIC~1\Azureus\torrents\Eliza Dushku in Maxim [AVX3TMMSDYY4WDKUWD3ALEFUYUMS6YNX].torrent
c:\docume~1\63\APPLIC~1\Azureus\torrents\Flight_of_the_Conchords___Season_2.torrent
c:\docume~1\63\APPLIC~1\Azureus\torrents\Fujiya__amp__Miyagi___Transparent_Things__2006_.torrent
c:\docume~1\63\APPLIC~1\Azureus\torrents\Fujiya_And_Miyagi_Lightbulbs_2008_DV8.torrent
c:\docume~1\63\APPLIC~1\Azureus\torrents\Kasabian___Vlad_The_Impaler__NEW_SINGLE___2009_MP3_320_.torrent
c:\docume~1\63\APPLIC~1\Azureus\torrents\Porn_Melissa_Midwest_Fuck[1].torrent
c:\docume~1\63\APPLIC~1\Azureus\torrents\Sarah_Silverman_Program__The__Season_1_[1].torrent
c:\docume~1\63\APPLIC~1\Azureus\torrents\Sarah_Silverman_Season_2[1].torrent
c:\docume~1\63\APPLIC~1\Azureus\torrents\Suicide_Girls___The_First_Tour.torrent
c:\docume~1\63\APPLIC~1\Azureus\torrents\Suicide_Girls_The_First_Tour.3588590.TPB.torrent
c:\docume~1\63\APPLIC~1\Azureus\torrents\Valkyrie_2008_DvDrip_Eng__FXG.torrent
c:\docume~1\63\APPLIC~1\Azureus\torrents\Valkyrie_R5_LINE_XviD_COALiTiON.torrent
c:\docume~1\63\APPLIC~1\Azureus\tracker.config
c:\docume~1\63\APPLIC~1\Azureus\tracker.config.bak
c:\docume~1\63\APPLIC~1\Azureus\unsentdata.config
c:\docume~1\63\APPLIC~1\Azureus\unsentdata.config.bak
c:\docume~1\63\APPLIC~1\Azureus\update.log
c:\docume~1\63\APPLIC~1\Azureus\update.properties
c:\docume~1\63\APPLIC~1\Azureus\upnp_trace1.log
c:\docume~1\63\APPLIC~1\Azureus\upnp_trace2.log
c:\docume~1\63\APPLIC~1\Azureus\upnp_trace3.log
c:\docume~1\63\APPLIC~1\Azureus\upnp_trace4.log
c:\docume~1\63\APPLIC~1\Azureus\upnp_trace5.log
c:\docume~1\63\APPLIC~1\Azureus\v3.Friends.dat
c:\docume~1\63\APPLIC~1\Azureus\v3.Friends.dat.bak
c:\docume~1\63\APPLIC~1\Azureus\VuzeActivities.config
c:\docume~1\63\APPLIC~1\Azureus\VuzeActivities.config.bak
c:\docume~1\63\APPLIC~1\FrostWire\.NetworkShare\Incomplete\T-4506256-LimeWireWin4.16.6.exe
c:\docume~1\63\APPLIC~1\FrostWire\createtimes.cache
c:\docume~1\63\APPLIC~1\FrostWire\downloads.dat
c:\docume~1\63\APPLIC~1\FrostWire\fileurns.bak
c:\docume~1\63\APPLIC~1\FrostWire\fileurns.cache
c:\docume~1\63\APPLIC~1\FrostWire\filters.props
c:\docume~1\63\APPLIC~1\FrostWire\frostwire.props
c:\docume~1\63\APPLIC~1\FrostWire\gnutella.net
c:\docume~1\63\APPLIC~1\FrostWire\installation.props
c:\docume~1\63\APPLIC~1\FrostWire\intent.props
c:\docume~1\63\APPLIC~1\FrostWire\library.dat
c:\docume~1\63\APPLIC~1\FrostWire\mojito.props
c:\docume~1\63\APPLIC~1\FrostWire\overlays.dat
c:\docume~1\63\APPLIC~1\FrostWire\overlays\default.png
c:\docume~1\63\APPLIC~1\FrostWire\overlays\legacy_overlay2.jpg
c:\docume~1\63\APPLIC~1\FrostWire\questions.props
c:\docume~1\63\APPLIC~1\FrostWire\responses.cache
c:\docume~1\63\APPLIC~1\FrostWire\seenMessages.dat
c:\docume~1\63\APPLIC~1\FrostWire\spam.dat
c:\docume~1\63\APPLIC~1\FrostWire\tables.props
c:\docume~1\63\APPLIC~1\FrostWire\themes\frostwirePro_theme.fwtp
c:\docume~1\63\APPLIC~1\FrostWire\themes\frostwirePro_theme\theme.txt
c:\docume~1\63\APPLIC~1\FrostWire\themes\frostwirePro_theme\version.txt
c:\docume~1\63\APPLIC~1\FrostWire\ttrees.cache
c:\docume~1\63\APPLIC~1\FrostWire\ttroot.cache
c:\docume~1\63\APPLIC~1\FrostWire\version.xml
c:\docume~1\63\APPLIC~1\FrostWire\xml\data\audio.sxml2
c:\program files\AskBarDis\bar\bin\askPopStp.dll
c:\program files\AskBarDis\bar\bin\AskService.exe
c:\program files\AskBarDis\bar\bin\AskSplash.exe
c:\program files\AskBarDis\bar\bin\AskTBApp.exe
c:\program files\AskBarDis\bar\bin\ASKUpgrade.exe
c:\program files\AskBarDis\bar\bin\psvince.dll
c:\program files\AskBarDis\bar\Cache\files.ini
c:\program files\AskBarDis\bar\Settings\AskLogo.ico
c:\program files\AskBarDis\unins000.exe
c:\program files\FrostWire\aopalliance.jar
c:\program files\FrostWire\clink.jar
c:\program files\FrostWire\commons-codec-1.3.jar
c:\program files\FrostWire\commons-logging.jar
c:\program files\FrostWire\daap.jar
c:\program files\FrostWire\EULA.txt
c:\program files\FrostWire\forms.jar
c:\program files\FrostWire\foxtrot.jar
c:\program files\FrostWire\FrostWire.exe
c:\program files\FrostWire\FrostWire.ico
c:\program files\FrostWire\FrostWire.jar
c:\program files\FrostWire\gettext-commons.jar
c:\program files\FrostWire\GPL2.txt
c:\program files\FrostWire\guice-1.0.jar
c:\program files\FrostWire\hashes
c:\program files\FrostWire\httpclient-4.0-alpha3.jar
c:\program files\FrostWire\httpcore-4.0-beta2.jar
c:\program files\FrostWire\httpcore-nio-4.0-beta2.jar
c:\program files\FrostWire\httpcore-niossl-4.0-alpha7.jar
c:\program files\FrostWire\icu4j.jar
c:\program files\FrostWire\inspection.props
c:\program files\FrostWire\jaudiotagger.jar
c:\program files\FrostWire\jcraft.jar
c:\program files\FrostWire\jdic.dll
c:\program files\FrostWire\jdic.jar
c:\program files\FrostWire\jdic_stub.jar
c:\program files\FrostWire\jflac.jar
c:\program files\FrostWire\jl.jar
c:\program files\FrostWire\jmdns.jar
c:\program files\FrostWire\jogg.jar
c:\program files\FrostWire\jorbis.jar
c:\program files\FrostWire\jython.jar
c:\program files\FrostWire\launch.properties
c:\program files\FrostWire\log.txt
c:\program files\FrostWire\log4j.jar
c:\program files\FrostWire\log4j.properties
c:\program files\FrostWire\looks.jar
c:\program files\FrostWire\lw-all.jar
c:\program files\FrostWire\messages.jar
c:\program files\FrostWire\mp3spi.jar
c:\program files\FrostWire\onion-common.jar
c:\program files\FrostWire\onion-fec.jar
c:\program files\FrostWire\pmf.ico
c:\program files\FrostWire\ProgressTabs.jar
c:\program files\FrostWire\SystemUtilities.dll
c:\program files\FrostWire\SystemUtilitiesA.dll
c:\program files\FrostWire\themes.jar
c:\program files\FrostWire\tray.dll
c:\program files\FrostWire\tritonus.jar
c:\program files\FrostWire\Uninstall.exe
c:\program files\FrostWire\vorbisspi.jar

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ASKService
-------\Legacy_ASKUpgrade
-------\Service_ASKService
-------\Service_ASKUpgrade


((((((((((((((((((((((((( Files Created from 2009-05-16 to 2009-06-16 )))))))))))))))))))))))))))))))
.

2009-06-16 05:18 . 2009-06-16 05:18 -------- d-sh--w- C:\found.000
2009-06-16 02:37 . 2009-06-16 02:37 -------- d-----w- c:\documents and settings\63\Application Data\Malwarebytes
2009-06-15 18:18 . 2009-05-26 17:20 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-15 18:18 . 2009-06-16 02:37 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-15 18:18 . 2009-06-15 18:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-06-15 18:18 . 2009-05-26 17:19 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-15 16:32 . 2009-06-15 17:20 -------- d-----w- c:\documents and settings\All Users\Application Data\98727026
2009-06-15 16:32 . 2009-06-15 17:20 -------- d-----w- c:\documents and settings\All Users\Application Data\18717034
2009-06-12 21:50 . 2009-06-12 22:23 -------- d-----w- c:\documents and settings\63\Application Data\Command & Conquer 3 Tiberium Wars
2009-06-12 21:49 . 2009-06-12 21:49 98304 ----a-w- c:\windows\system32CmdLineExt.dll
2009-06-11 21:59 . 2009-06-11 22:00 -------- d-----w- c:\documents and settings\63\Application Data\Red Alert 3 Demo
2009-06-05 08:26 . 2009-06-05 08:26 -------- d--h--r- c:\documents and settings\63\Application Data\SecuROM
2009-06-05 08:26 . 2009-06-12 18:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Electronic Arts
2009-06-05 08:26 . 2009-06-05 08:26 -------- d-----w- C:\ProgramData
2009-06-05 08:24 . 2009-06-05 08:24 10134 ----a-r- c:\documents and settings\63\Application Data\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe
2009-06-05 08:24 . 2008-11-09 01:21 447752 ----a-w- c:\windows\system32\vp6vfw.dll
2009-06-05 08:24 . 2009-06-05 08:24 -------- d-----w- c:\program files\Microsoft WSE
2009-06-05 01:34 . 2009-06-11 18:33 -------- d-----w- c:\documents and settings\63\Application Data\IGN_DLM
2009-06-04 23:58 . 2009-06-04 23:58 -------- d-----w- c:\documents and settings\63\Local Settings\Application Data\Electronic Arts
2009-06-04 23:39 . 2009-06-04 23:40 -------- d-----w- c:\program files\MediaMonkey
2009-06-04 21:46 . 2009-06-04 23:50 -------- d-----w- c:\program files\Incomplete
2009-06-04 20:20 . 2009-06-04 20:20 -------- d-----w- c:\documents and settings\63\Local Settings\Application Data\World in Conflict - DEMO
2009-05-22 08:42 . 2009-06-12 21:38 -------- d-----w- c:\program files\Electronic Arts
2009-05-21 07:15 . 2009-05-21 07:15 -------- d-----w- c:\documents and settings\63\Local Settings\Application Data\Funcom
2009-05-19 04:33 . 2009-05-19 04:33 -------- d-----w- c:\documents and settings\63\Local Settings\Application Data\PunkBuster
2009-05-19 04:15 . 2009-05-19 04:18 -------- d-----w- c:\windows\NV3940448.TMP
2009-05-19 03:38 . 2009-03-09 19:27 453456 ----a-w- c:\windows\system32\d3dx10_41.dll
2009-05-19 03:38 . 2009-03-09 19:27 4178264 ----a-w- c:\windows\system32\D3DX9_41.dll
2009-05-19 03:38 . 2009-03-09 19:27 1846632 ----a-w- c:\windows\system32\D3DCompiler_41.dll
2009-05-19 03:38 . 2009-03-16 18:18 69448 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2009-05-19 03:38 . 2009-03-16 18:18 517448 ----a-w- c:\windows\system32\XAudio2_4.dll
2009-05-19 03:38 . 2009-03-16 18:18 235352 ----a-w- c:\windows\system32\xactengine3_4.dll
2009-05-19 03:38 . 2009-03-16 18:18 22360 ----a-w- c:\windows\system32\X3DAudio1_6.dll
2009-05-19 02:01 . 2009-05-19 02:01 -------- d-----w- c:\documents and settings\63\Local Settings\Application Data\Activision
2009-05-19 01:44 . 2009-05-28 03:49 -------- d-----w- c:\program files\Activision

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-16 03:50 . 2009-04-25 19:54 -------- d-----w- c:\program files\Steam
2009-06-16 00:14 . 2009-03-19 06:18 -------- d-----w- c:\program files\Trend Micro
2009-06-15 17:20 . 2009-03-08 05:07 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-06-15 17:17 . 2005-11-10 19:28 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-05-21 02:11 . 2009-05-05 09:44 189496 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-05-19 04:33 . 2009-05-05 05:06 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2009-05-19 01:59 . 2009-05-05 05:07 22328 ----a-w- c:\documents and settings\63\Application Data\PnkBstrK.sys
2009-05-19 01:59 . 2009-05-05 05:07 22328 ----a-w- c:\documents and settings\63\Application Data\PnkBstrK.sys
2009-05-16 19:24 . 2009-05-16 19:24 -------- d-----w- c:\program files\Windows Media Connect 2
2009-05-15 08:21 . 2009-05-15 08:21 201728 ----a-w- c:\windows\system32\[adult swim] neon light.scr
2009-05-15 05:43 . 2009-05-15 05:43 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2009-05-15 05:43 . 2009-05-15 05:43 -------- d-----w- c:\program files\Google
2009-05-15 05:43 . 2009-05-15 05:43 -------- d-----w- c:\program files\ZSoft
2009-05-15 05:43 . 2009-05-15 05:43 -------- d-----w- c:\program files\Yahoo!
2009-05-15 05:43 . 2009-05-15 05:43 -------- d-----w- c:\program files\Three Rings Design
2009-05-15 05:32 . 2008-05-27 06:00 -------- d-----w- c:\documents and settings\63\Application Data\StumbleUpon
2009-05-13 06:32 . 2009-05-02 20:10 -------- d-----w- c:\program files\Microsoft Games for Windows - LIVE
2009-05-10 06:36 . 2008-04-18 17:11 13104 ----a-w- c:\documents and settings\63\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-08 19:07 . 2009-04-30 19:32 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-05-07 15:32 . 2005-08-31 14:51 345600 ----a-w- c:\windows\system32\localspl.dll
2009-05-06 09:55 . 2009-05-06 09:55 -------- d-----w- c:\documents and settings\63\Application Data\The Creative Assembly
2009-05-02 20:18 . 2009-05-02 20:18 -------- d-----w- c:\program files\MSBuild
2009-05-02 20:18 . 2009-05-02 20:18 62304 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-05-02 20:13 . 2009-05-02 20:13 -------- d-----w- c:\program files\Reference Assemblies
2009-05-02 17:28 . 2009-03-08 05:07 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-05-02 17:28 . 2009-03-08 05:07 325896 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-05-02 17:28 . 2009-03-08 05:07 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-05-02 17:28 . 2009-03-08 05:07 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-05-01 20:01 . 2009-05-01 20:01 -------- d-----w- c:\program files\AGEIA Technologies
2009-05-01 19:58 . 2009-05-01 19:58 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-04-30 19:34 . 2008-04-25 01:16 -------- d-----w- c:\documents and settings\63\Application Data\Ventrilo
2009-04-29 04:56 . 2005-08-31 14:52 827392 ----a-w- c:\windows\system32\wininet.dll
2009-04-29 04:55 . 2009-03-26 18:12 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-04-22 04:20 . 2009-04-22 04:20 14311680 ----a-w- c:\windows\system32\xlive.dll
2009-04-22 04:20 . 2009-04-22 04:20 13642496 ----a-w- c:\windows\system32\xlivefnt.dll
2009-04-17 12:26 . 2005-08-31 14:52 1847168 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 14:51 . 2005-08-31 14:51 585216 ----a-w- c:\windows\system32\rpcrt4.dll
2009-03-27 12:14 . 2009-05-01 19:57 453152 ----a-w- c:\windows\system32\nvuninst.exe
2009-03-19 08:41 . 2009-03-19 08:41 0 -c--a-w- c:\windows\nsreg.dat
.

((((((((((((((((((((((((((((( SnapShot@2009-06-16_02.18.33 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-06-16 05:11 . 2009-06-16 05:11 389120 c:\windows\system32\CF17612.exe
+ 2009-06-16 05:06 . 2009-06-16 05:06 262144 c:\windows\assembly\NativeImages_v2.0.50727_32\sysglobl\06cd76a12ea77cd8970e8656d56b7ca1\sysglobl.ni.dll
+ 2009-06-16 05:05 . 2009-06-16 05:05 548864 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\f06ebb12e5c56642e954d1463e445deb\PresentationFramework.Luna.ni.dll
+ 2009-06-16 05:05 . 2009-06-16 05:05 393216 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\9b48bb7ecb43b4a5ef94d2d72ef40ae2\PresentationFramework.Aero.ni.dll
+ 2009-06-16 05:05 . 2009-06-16 05:05 241664 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\36dc8c2c9445aeeccd5ea7151a9ec0b4\PresentationFramework.Classic.ni.dll
+ 2009-06-16 05:05 . 2009-06-16 05:05 270336 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\119803efd068b21ef3f7514709344347\PresentationFramework.Royale.ni.dll
+ 2009-06-16 05:06 . 2009-06-16 05:06 2306048 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\fb6b930a82241b8225e3fef4270f45d1\System.Web.Mobile.ni.dll
+ 2009-06-16 05:06 . 2009-06-16 05:06 2031616 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Speech\42a7fa124b7e36d9526db4abcf639425\System.Speech.ni.dll
+ 2009-06-16 05:05 . 2009-06-16 05:05 1118208 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\2d7ad3127512db61941682c3b2e29f98\System.Printing.ni.dll
+ 2009-06-16 05:05 . 2009-06-16 05:05 2396160 c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\1b1314af0ff7ab9c24d24edc0210c1f5\ReachFramework.ni.dll
+ 2009-06-16 03:49 . 2009-06-16 03:49 1982464 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\f20e7e2fcbd3b19605b7898c483c8a12\PresentationUI.ni.dll
+ 2009-06-16 02:19 . 2009-06-16 02:19 1568768 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationBuildTa#\1620e3706790a642192e46dec3f9ee80\PresentationBuildTasks.ni.dll
+ 2009-06-16 02:19 . 2009-06-16 02:19 1720320 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\af58828489f52407c691608baed905ac\Microsoft.VisualBasic.ni.dll
+ 2009-06-16 03:49 . 2009-06-16 03:49 14680064 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\a4a686abd38ad3d931b0e798692fa811\PresentationFramework.ni.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"Steam"="c:\program files\steam\steam.exe" [2009-06-10 1217784]
"EA Core"="c:\program files\Electronic Arts\EADM\Core.exe" [2009-04-29 3338240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-05-02 1947928]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-15 135168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-15 159744]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-15 131072]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-03-28 13684736]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-03-28 86016]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2009-03-28 1657376]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
2001-12-21 04:34 24576 ----a-w- c:\program files\AlienGUIse\fastload.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-05-02 17:28 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKLM\~\startupfolder\C:^Documents and Settings^63^Start Menu^Programs^Startup^FrostWire On Startup.lnk]
path=c:\documents and settings\63\Start Menu\Programs\Startup\FrostWire On Startup.lnk
backup=c:\windows\pss\FrostWire On Startup.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Steam\\steamapps\\sargentpepper06\\team fortress 2\\hl2.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Steam\\steamapps\\sargentpepper06\\day of defeat source\\hl2.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\company of heroes\\RelicDownloader\\RelicDownloader.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\dawn of war 2\\DOW2.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\dead space\\Dead Space.exe"=
"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\company of heroes\\RelicCOH.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\company of heroes\\help.htm"=
"c:\\Program Files\\Steam\\steamapps\\common\\left 4 dead\\left4dead.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [3/8/2009 1:07 AM 325896]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [3/8/2009 1:07 AM 108552]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [3/8/2009 1:07 AM 908568]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [3/8/2009 1:07 AM 298776]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,LaunchINFSectionEx c:\program files\Internet Explorer\clrtour.inf,DefaultInstall.ResetTour,,12
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.ask.com?gcht=HD&o=101676&l=dis
uInternet Settings,ProxyOverride =
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: StumbleUpon PhotoBlog It! - StumbleUponIEBar.dll/blogimage
FF - ProfilePath -
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-16 01:20
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1008904861-3847084260-3245235271-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]
@Denied: (Full) (LocalSystem)
@SACL=

[HKEY_USERS\S-1-5-21-1008904861-3847084260-3245235271-1005\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:14,78,f6,f1,71,4c,30,27,3a,65,8d,ba,34,fb,53,a4,25,f3,90,f6,2a,8f,8d,
75,47,1c,54,d8,5a,f1,50,60,7b,14,60,87,53,2e,c8,d9,71,ef,2d,93,d9,66,83,bd,\
"??"=hex:5d,2e,bc,00,9b,07,bc,9c,34,34,87,88,c9,ab,ca,0d

[HKEY_USERS\S-1-5-21-1008904861-3847084260-3245235271-1005\Software\SecuROM\License information*]
"datasecu"=hex:e9,95,9a,c2,64,5b,45,3c,47,22,21,01,b1,fa,f7,51,55,08,a8,dc,0b,
3f,d7,b2,4f,e1,97,87,1b,85,2d,a9,3e,0b,cb,08,91,b5,f1,fd,2f,18,08,16,b9,90,\
"rkeysecu"=hex:8e,30,6a,91,0b,7b,81,9c,32,6d,b6,1c,93,e6,b6,1b
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(652)
c:\program files\AlienGUIse\fastload.dll

- - - - - - - > 'explorer.exe'(360)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Ahead\InCD\InCDsrv.exe
c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\CF17612.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
.
**************************************************************************
.
Completion time: 2009-06-16 1:22 - machine was rebooted
ComboFix-quarantined-files.txt 2009-06-16 05:22
ComboFix2.txt 2009-06-16 02:19

Pre-Run: 10,829,250,560 bytes free
Post-Run: 10,748,674,048 bytes free

623 --- E O F --- 2009-06-15 22:44

Hello.

Now open a new notepad file.
Input this into the notepad file:

KILLALL::

Folder::
C:\found.000

Registry::
[-HKLM\~\startupfolder\C:^Documents and Settings^63^Start Menu^Programs^Startup^FrostWire On Startup.lnk]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=-

DDS::
uStart Page = hxxp://www.ask.com?gcht=HD&o=101676&l=dis

Save this as CFScript.txt, save it to your desktop also.
Then drag and drop CFScript.txt into combofix as seen below:


This will open combofix again, agree to it's terms and allow it to run.
It may want to reboot after it's done. (It will warn you if it wants to)
Post the resulting log back here.

ComboFix 09-06-15.07 - 63 06/16/2009 11:40.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.578 [GMT -4:00]
Running from: c:\documents and settings\63\Desktop\Combo-Fix.exe
Command switches used :: c:\documents and settings\63\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: ZoneAlarm Security Suite Antivirus *On-access scanning disabled* (Updated) {5D467B10-818C-4CAB-9FF7-6893B5B8F3CF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\found.000
c:\found.000\file0000.chk

.
((((((((((((((((((((((((( Files Created from 2009-05-16 to 2009-06-16 )))))))))))))))))))))))))))))))
.

2009-06-16 02:37 . 2009-06-16 02:37 -------- d-----w- c:\documents and settings\63\Application Data\Malwarebytes
2009-06-15 18:18 . 2009-05-26 17:20 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-15 18:18 . 2009-06-16 02:37 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-15 18:18 . 2009-06-15 18:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-06-15 18:18 . 2009-05-26 17:19 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-15 16:32 . 2009-06-15 17:20 -------- d-----w- c:\documents and settings\All Users\Application Data\98727026
2009-06-15 16:32 . 2009-06-15 17:20 -------- d-----w- c:\documents and settings\All Users\Application Data\18717034
2009-06-12 21:50 . 2009-06-12 22:23 -------- d-----w- c:\documents and settings\63\Application Data\Command & Conquer 3 Tiberium Wars
2009-06-12 21:49 . 2009-06-12 21:49 98304 ----a-w- c:\windows\system32CmdLineExt.dll
2009-06-11 21:59 . 2009-06-11 22:00 -------- d-----w- c:\documents and settings\63\Application Data\Red Alert 3 Demo
2009-06-05 08:26 . 2009-06-05 08:26 -------- d--h--r- c:\documents and settings\63\Application Data\SecuROM
2009-06-05 08:26 . 2009-06-12 18:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Electronic Arts
2009-06-05 08:26 . 2009-06-05 08:26 -------- d-----w- C:\ProgramData
2009-06-05 08:24 . 2009-06-05 08:24 10134 ----a-r- c:\documents and settings\63\Application Data\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe
2009-06-05 08:24 . 2008-11-09 01:21 447752 ----a-w- c:\windows\system32\vp6vfw.dll
2009-06-05 08:24 . 2009-06-05 08:24 -------- d-----w- c:\program files\Microsoft WSE
2009-06-05 01:34 . 2009-06-11 18:33 -------- d-----w- c:\documents and settings\63\Application Data\IGN_DLM
2009-06-04 23:58 . 2009-06-04 23:58 -------- d-----w- c:\documents and settings\63\Local Settings\Application Data\Electronic Arts
2009-06-04 23:39 . 2009-06-04 23:40 -------- d-----w- c:\program files\MediaMonkey
2009-06-04 21:46 . 2009-06-04 23:50 -------- d-----w- c:\program files\Incomplete
2009-06-04 20:20 . 2009-06-04 20:20 -------- d-----w- c:\documents and settings\63\Local Settings\Application Data\World in Conflict - DEMO
2009-05-22 08:42 . 2009-06-12 21:38 -------- d-----w- c:\program files\Electronic Arts
2009-05-21 07:15 . 2009-05-21 07:15 -------- d-----w- c:\documents and settings\63\Local Settings\Application Data\Funcom
2009-05-19 04:33 . 2009-05-19 04:33 -------- d-----w- c:\documents and settings\63\Local Settings\Application Data\PunkBuster
2009-05-19 04:15 . 2009-05-19 04:18 -------- d-----w- c:\windows\NV3940448.TMP
2009-05-19 03:38 . 2009-03-09 19:27 453456 ----a-w- c:\windows\system32\d3dx10_41.dll
2009-05-19 03:38 . 2009-03-09 19:27 4178264 ----a-w- c:\windows\system32\D3DX9_41.dll
2009-05-19 03:38 . 2009-03-09 19:27 1846632 ----a-w- c:\windows\system32\D3DCompiler_41.dll
2009-05-19 03:38 . 2009-03-16 18:18 69448 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2009-05-19 03:38 . 2009-03-16 18:18 517448 ----a-w- c:\windows\system32\XAudio2_4.dll
2009-05-19 03:38 . 2009-03-16 18:18 235352 ----a-w- c:\windows\system32\xactengine3_4.dll
2009-05-19 03:38 . 2009-03-16 18:18 22360 ----a-w- c:\windows\system32\X3DAudio1_6.dll
2009-05-19 02:01 . 2009-05-19 02:01 -------- d-----w- c:\documents and settings\63\Local Settings\Application Data\Activision
2009-05-19 01:44 . 2009-05-28 03:49 -------- d-----w- c:\program files\Activision

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-16 16:02 . 2009-04-25 19:54 -------- d-----w- c:\program files\Steam
2009-06-16 00:14 . 2009-03-19 06:18 -------- d-----w- c:\program files\Trend Micro
2009-06-15 17:20 . 2009-03-08 05:07 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-06-15 17:17 . 2005-11-10 19:28 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-05-21 02:11 . 2009-05-05 09:44 189496 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-05-19 04:33 . 2009-05-05 05:06 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2009-05-19 01:59 . 2009-05-05 05:07 22328 ----a-w- c:\documents and settings\63\Application Data\PnkBstrK.sys
2009-05-19 01:59 . 2009-05-05 05:07 22328 ----a-w- c:\documents and settings\63\Application Data\PnkBstrK.sys
2009-05-16 19:24 . 2009-05-16 19:24 -------- d-----w- c:\program files\Windows Media Connect 2
2009-05-15 08:21 . 2009-05-15 08:21 201728 ----a-w- c:\windows\system32\[adult swim] neon light.scr
2009-05-15 05:43 . 2009-05-15 05:43 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2009-05-15 05:43 . 2009-05-15 05:43 -------- d-----w- c:\program files\Google
2009-05-15 05:43 . 2009-05-15 05:43 -------- d-----w- c:\program files\ZSoft
2009-05-15 05:43 . 2009-05-15 05:43 -------- d-----w- c:\program files\Yahoo!
2009-05-15 05:43 . 2009-05-15 05:43 -------- d-----w- c:\program files\Three Rings Design
2009-05-15 05:32 . 2008-05-27 06:00 -------- d-----w- c:\documents and settings\63\Application Data\StumbleUpon
2009-05-13 06:32 . 2009-05-02 20:10 -------- d-----w- c:\program files\Microsoft Games for Windows - LIVE
2009-05-10 06:36 . 2008-04-18 17:11 13104 ----a-w- c:\documents and settings\63\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-08 19:07 . 2009-04-30 19:32 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-05-07 15:32 . 2005-08-31 14:51 345600 ----a-w- c:\windows\system32\localspl.dll
2009-05-06 09:55 . 2009-05-06 09:55 -------- d-----w- c:\documents and settings\63\Application Data\The Creative Assembly
2009-05-02 20:18 . 2009-05-02 20:18 -------- d-----w- c:\program files\MSBuild
2009-05-02 20:18 . 2009-05-02 20:18 62304 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-05-02 20:13 . 2009-05-02 20:13 -------- d-----w- c:\program files\Reference Assemblies
2009-05-02 17:28 . 2009-03-08 05:07 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-05-02 17:28 . 2009-03-08 05:07 325896 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-05-02 17:28 . 2009-03-08 05:07 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-05-02 17:28 . 2009-03-08 05:07 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-05-01 20:01 . 2009-05-01 20:01 -------- d-----w- c:\program files\AGEIA Technologies
2009-05-01 19:58 . 2009-05-01 19:58 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-04-30 19:34 . 2008-04-25 01:16 -------- d-----w- c:\documents and settings\63\Application Data\Ventrilo
2009-04-29 04:56 . 2005-08-31 14:52 827392 ----a-w- c:\windows\system32\wininet.dll
2009-04-29 04:55 . 2009-03-26 18:12 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-04-22 04:20 . 2009-04-22 04:20 14311680 ----a-w- c:\windows\system32\xlive.dll
2009-04-22 04:20 . 2009-04-22 04:20 13642496 ----a-w- c:\windows\system32\xlivefnt.dll
2009-04-17 12:26 . 2005-08-31 14:52 1847168 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 14:51 . 2005-08-31 14:51 585216 ----a-w- c:\windows\system32\rpcrt4.dll
2009-03-27 12:14 . 2009-05-01 19:57 453152 ----a-w- c:\windows\system32\nvuninst.exe
2009-03-19 08:41 . 2009-03-19 08:41 0 -c--a-w- c:\windows\nsreg.dat
.

((((((((((((((((((((((((((((( SnapShot@2009-06-16_02.18.33 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-06-16 15:39 . 2009-06-16 15:39 389120 c:\windows\system32\CF9646.exe
+ 2009-06-16 05:34 . 2009-06-16 05:34 274432 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\70a0c19ab8fa18a8be4169689a5a42b9\WindowsFormsIntegration.ni.dll
+ 2009-06-16 05:34 . 2009-06-16 05:34 483328 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\439569086e5dd9a76363ceba7f488da9\UIAutomationClient.ni.dll
+ 2009-06-16 05:33 . 2009-06-16 05:33 655360 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Messaging\5dfd4c244e8b461c42a745d359be3b83\System.Messaging.ni.dll
+ 2009-06-16 05:06 . 2009-06-16 05:06 262144 c:\windows\assembly\NativeImages_v2.0.50727_32\sysglobl\06cd76a12ea77cd8970e8656d56b7ca1\sysglobl.ni.dll
+ 2009-06-16 05:05 . 2009-06-16 05:05 548864 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\f06ebb12e5c56642e954d1463e445deb\PresentationFramework.Luna.ni.dll
+ 2009-06-16 05:05 . 2009-06-16 05:05 393216 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\9b48bb7ecb43b4a5ef94d2d72ef40ae2\PresentationFramework.Aero.ni.dll
+ 2009-06-16 05:05 . 2009-06-16 05:05 241664 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\36dc8c2c9445aeeccd5ea7151a9ec0b4\PresentationFramework.Classic.ni.dll
+ 2009-06-16 05:05 . 2009-06-16 05:05 270336 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\119803efd068b21ef3f7514709344347\PresentationFramework.Royale.ni.dll
+ 2009-06-16 05:34 . 2009-06-16 05:34 1118208 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\3f678cf6ebf65a7fd6b7b810d263b469\UIAutomationClientsideProviders.ni.dll
+ 2009-06-16 05:33 . 2009-06-16 05:33 2101248 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\4117d96256f72985a2544419ba10a785\System.Workflow.Runtime.ni.dll
+ 2009-06-16 05:33 . 2009-06-16 05:33 4587520 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\10ac6655cedd9f017ae3606501144803\System.Workflow.ComponentModel.ni.dll
+ 2009-06-16 05:33 . 2009-06-16 05:33 2994176 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\84a8cfb051e84ae418a23fa66053c9da\System.Workflow.Activities.ni.dll
+ 2009-06-16 05:06 . 2009-06-16 05:06 2306048 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\fb6b930a82241b8225e3fef4270f45d1\System.Web.Mobile.ni.dll
+ 2009-06-16 05:06 . 2009-06-16 05:06 2031616 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Speech\42a7fa124b7e36d9526db4abcf639425\System.Speech.ni.dll
+ 2009-06-16 05:05 . 2009-06-16 05:05 1118208 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\2d7ad3127512db61941682c3b2e29f98\System.Printing.ni.dll
+ 2009-06-16 05:05 . 2009-06-16 05:05 2396160 c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\1b1314af0ff7ab9c24d24edc0210c1f5\ReachFramework.ni.dll
+ 2009-06-16 03:49 . 2009-06-16 03:49 1982464 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\f20e7e2fcbd3b19605b7898c483c8a12\PresentationUI.ni.dll
+ 2009-06-16 02:19 . 2009-06-16 02:19 1568768 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationBuildTa#\1620e3706790a642192e46dec3f9ee80\PresentationBuildTasks.ni.dll
+ 2009-06-16 02:19 . 2009-06-16 02:19 1720320 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\af58828489f52407c691608baed905ac\Microsoft.VisualBasic.ni.dll
+ 2009-06-16 03:49 . 2009-06-16 03:49 14680064 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\a4a686abd38ad3d931b0e798692fa811\PresentationFramework.ni.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"Steam"="c:\program files\steam\steam.exe" [2009-06-10 1217784]
"EA Core"="c:\program files\Electronic Arts\EADM\Core.exe" [2009-04-29 3338240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-05-02 1947928]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-15 135168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-15 159744]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-15 131072]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-03-28 13684736]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-03-28 86016]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2009-03-28 1657376]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
2001-12-21 04:34 24576 ----a-w- c:\program files\AlienGUIse\fastload.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-05-02 17:28 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Steam\\steamapps\\sargentpepper06\\team fortress 2\\hl2.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Steam\\steamapps\\sargentpepper06\\day of defeat source\\hl2.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\company of heroes\\RelicDownloader\\RelicDownloader.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\dawn of war 2\\DOW2.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\dead space\\Dead Space.exe"=
"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\company of heroes\\RelicCOH.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\company of heroes\\help.htm"=
"c:\\Program Files\\Steam\\steamapps\\common\\left 4 dead\\left4dead.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [3/8/2009 1:07 AM 325896]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [3/8/2009 1:07 AM 108552]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [3/8/2009 1:07 AM 908568]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [3/8/2009 1:07 AM 298776]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,LaunchINFSectionEx c:\program files\Internet Explorer\clrtour.inf,DefaultInstall.ResetTour,,12
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride =
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: StumbleUpon PhotoBlog It! - StumbleUponIEBar.dll/blogimage
FF - ProfilePath -
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-16 12:02
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1008904861-3847084260-3245235271-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]
@Denied: (Full) (LocalSystem)
@SACL=

[HKEY_USERS\S-1-5-21-1008904861-3847084260-3245235271-1005\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:14,78,f6,f1,71,4c,30,27,3a,65,8d,ba,34,fb,53,a4,25,f3,90,f6,2a,8f,8d,
75,47,1c,54,d8,5a,f1,50,60,7b,14,60,87,53,2e,c8,d9,71,ef,2d,93,d9,66,83,bd,\
"??"=hex:5d,2e,bc,00,9b,07,bc,9c,34,34,87,88,c9,ab,ca,0d

[HKEY_USERS\S-1-5-21-1008904861-3847084260-3245235271-1005\Software\SecuROM\License information*]
"datasecu"=hex:e9,95,9a,c2,64,5b,45,3c,47,22,21,01,b1,fa,f7,51,55,08,a8,dc,0b,
3f,d7,b2,4f,e1,97,87,1b,85,2d,a9,3e,0b,cb,08,91,b5,f1,fd,2f,18,08,16,b9,90,\
"rkeysecu"=hex:8e,30,6a,91,0b,7b,81,9c,32,6d,b6,1c,93,e6,b6,1b
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(652)
c:\program files\AlienGUIse\fastload.dll

- - - - - - - > 'explorer.exe'(268)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Ahead\InCD\InCDsrv.exe
c:\windows\system32\CF9646.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\rundll32.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-06-16 12:05 - machine was rebooted
ComboFix-quarantined-files.txt 2009-06-16 16:05
ComboFix2.txt 2009-06-16 05:22
ComboFix3.txt 2009-06-16 02:19

Pre-Run: 10,754,535,424 bytes free
Post-Run: 10,738,151,424 bytes free

225 --- E O F --- 2009-06-15 22:44

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /u



This will also reset your restore points.

How is the machine running now?

seems to be working much better now thank you very much. Ill be sure to make a donation. BTW is there any anti virus or anti malware software you would recommend so this doesn't happen, again free or otherwise.

Your already have AVG free and Zonealarm firewall. Stick with them, they are good.