Win32/Cryptor

AVG came up with the Win32/Cryptor Virus and is unable to clean it because it keeps popping up. I tried downloading MBAM and it got near the end of the installation, but didn't complete. Now everytime I tried to install it the .exe runs but nothing happens. I believe the virus is blocking the install. I have tried to install MBAM from a USB as well however to no avail. I just tried installing HJT but again the same problem. It won't run the installer. I have never had a problem with a virus like this. It's like the cockroach of virii.

Hello.

1. Please download The Avenger by Swandog46 to your Desktop
Link: HERE or HERE.

• Click on Avenger.zip to open the file
  
• Extract avenger.exe to your desktop
  

2. Now, start The Avenger program by clicking on its icon on your desktop.

• Leave the script box empty.
  
• Leave the ticked box "Scan for rootkit" ticked.
  
• Then tick "Disable any rootkits found"
  
• Now click on the Execute to begin execution of the script.
  
• Answer "Yes" twice when prompted.
  
  The Avenger will automatically do the following:
  
  
• It will Restart your computer.
  
• On reboot, it will briefly open a black command window on your desktop, this is normal.
  
• After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
  
• The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
  

3. Please copy/paste the content of c:\avenger.txt into your reply.

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.

Hidden driver "UACd.sys" found!
ImagePath: \systemroot\system32\drivers\UACiqukowfk.sys
Start Type: 1 (System)

Rootkit scan completed.


Completed script processing.

*******************

Finished! Terminate.

2. Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):

Drivers to delete:
UACd.sys

Files to delete:
C:\WINDOWS\system32\drivers\UACiqukowfk.sys

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

3. Now, start The Avenger program by clicking on its icon on your desktop.

• Under "Input script here:", paste in the script from the quote box above.
  
• Leave the ticked box "Scan for rootkit" ticked.
  
• Then tick "Disable any rootkits found"
  
• Now click on the Execute to begin execution of the script.
  
• Answer "Yes" twice when prompted.
  
  The Avenger will automatically do the following:
  
  
• It will Restart your computer.
  
• On reboot, it will briefly open a black command window on your desktop, this is normal.
  
• After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
  
• The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
  

4. Please copy/paste the content of c:\avenger.txt into your reply.

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

Driver "UACd.sys" deleted successfully.
File "C:\WINDOWS\system32\drivers\UACiqukowfk.sys" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

Also after doing this AVG is detecting lots of Win32/Cryptor Virii.

Yep, it will do until we clean it.

Please download and run this tool.

Download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  
• If an update is found, it will download and install the latest version.
  
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  

Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

Post the contents of the MBAM Log.

Malwarebytes' Anti-Malware 1.36
Database version: 1945
Windows 5.1.2600 Service Pack 2

4/6/2009 6:41:09 PM
mbam-log-2009-04-06 (18-41-09).txt

Scan type: Quick Scan
Objects scanned: 87366
Time elapsed: 9 minute(s), 58 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 8
Registry Values Infected: 2
Registry Data Items Infected: 3
Folders Infected: 1
Files Infected: 15

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7e814fc2-aec2-49d1-965b-453df36c7376} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\aukafigz (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7e814fc2-aec2-49d1-965b-453df36c7376} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{abc42510-9b22-41c1-9dcd-8182a2d07c63} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{abc42510-9b22-41c1-9dcd-8182a2d07c63} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{2d2bee6e-3c9a-4d58-b9ec-458edb28d0f6} (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\UAC (Rootkit.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\AvScan (Malware.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\dnuqopacajuhiqij (Trojan.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\UID (Malware.Trace) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: apustrp.dll -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.FakeAlert) -> Data: c:\windows\system32\sdra64.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.UserInit) -> Bad: (C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\sdra64.exe,) Good: (userinit.exe) -> Quarantined and deleted successfully.

Folders Infected:
C:\WINDOWS\system32\lowsec (Spyware.StolenData) -> Quarantined and deleted successfully.

Files Infected:
c:\windows\system32\eukbqyy.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\apustrp.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\UACateboeex.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\UACoyqkmngi.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\UACrrdaijcj.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\Documents and Settings\David\Local Settings\Temp\UACa326.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lowsec\local.ds (Spyware.StolenData) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lowsec\user.ds (Spyware.StolenData) -> Quarantined and deleted successfully.
C:\WINDOWS\ahutaxuh.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\uacinit.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sdra64.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\UAChfiekmyx.log (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\UACwdxfvbog.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\UACwppkfbke.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\UACwutpataw.dat (Trojan.Agent) -> Quarantined and deleted successfully.

DDS (Ver_09-03-16.01) - NTFSx86
Run by David at 20:05:45.15 on Mon 04/06/2009
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2047.1470 [GMT -4:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\OpenCase\OpenCASE Media Agent\MediaAgent.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\OpenCase\OpenCASE Media Agent\PandoBinaries\NBCPandoREST.exe
C:\Program Files\Logitech\SetPoint\LU\LULnchr.exe
C:\Program Files\Logitech\SetPoint\LU\LogitechUpdate.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\David\Desktop\dds.scr

============== Pseudo HJT Report ===============

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: GetRight IE Download Helper: {31ff080d-12a3-439a-a2ef-4ba95a3148e8} - c:\program files\getright\xx2gr.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [DAEMON Tools] "c:\program files\daemon tools\daemon.exe" -lang 1033
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Aim6] "c:\program files\aim6\aim6.exe" /d locale=en-US ee://aol/imApp /HIDEBL
uRun: [AdobeUpdater] "c:\program files\common files\adobe\updater5\AdobeUpdater.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe"
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
IE: Download with GetRight Pro - c:\program files\getright\GRdownload.htm
IE: Open with GetRight Pro Browser - c:\program files\getright\GRbrowse.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab
DPF: {25365FF3-2746-4230-9DA7-163CCA318309} - hxxp://inst.c-wss.com/vwhpro/EN/install/gtdownlr.cab
DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - hxxp://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://by105fd.bay105.hotmail.msn.com/resources/MsnPUpld.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0014-0002-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {D821DC4A-0814-435E-9820-661C543A4679} - hxxp://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
TCP: {D9195A28-269D-44E6-83EA-18B418C3CD37} = 64.233.217.3,64.233.217.5
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath -
FF - HiddenExtension: XUL Cache: {D4E0CD36-CD86-44E7-841C-3CF7453F1746} - c:\documents and settings\david\local settings\application data\{D4E0CD36-CD86-44E7-841C-3CF7453F1746}
FF - HiddenExtension: XUL Cache: {CFED15E2-CB40-481C-8517-91B73E4124F2} - c:\documents and settings\administrator\local settings\application data\{cfed15e2-cb40-481c-8517-91b73e4124f2}\

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-3-28 325640]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-3-28 27656]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-3-28 108552]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-3-28 298264]
R2 OpenCASE Media Agent;OpenCASE Media Agent;c:\program files\opencase\opencase media agent\MediaAgent.exe [2008-8-29 835208]
S2 pciobvsv;Logitech SetPoint KMDF HID Filter Controller;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\d:\ntglm7x.sys --> d:\NTGLM7X.sys [?]

=============== Created Last 30 ================

2009-04-06 18:25 --d----- c:\docume~1\david\applic~1\Malwarebytes
2009-04-06 18:25 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-04-06 18:25 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-06 18:25 --d----- c:\program files\Malwarebytes' Anti-Malware
2009-04-06 18:25 --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-04-06 17:18 410,984 a------- c:\windows\system32\deploytk.dll
2009-04-06 12:43 23,955 a------- c:\windows\system32\AAWService_2009_04_06_12_43_24.dmp
2009-04-03 03:06 266 a---h--- C:\aaw7boot.cmd
2009-03-28 16:01 --d----- c:\docume~1\david\applic~1\xznzhvuf
2009-03-28 15:59 --d-h--- C:\$AVG8.VAULT$
2009-03-28 15:52 325,640 a------- c:\windows\system32\drivers\avgldx86.sys
2009-03-28 15:52 108,552 a------- c:\windows\system32\drivers\avgtdix.sys
2009-03-28 15:52 10,520 a------- c:\windows\system32\avgrsstx.dll
2009-03-28 15:52 --d----- c:\windows\system32\drivers\Avg
2009-03-28 15:52 --d----- c:\program files\AVG
2009-03-28 15:52 --d----- c:\docume~1\alluse~1\applic~1\avg8
2009-03-28 05:02 21,417 a------- c:\windows\system32\AAWService_2009_03_28_05_02_53.dmp
2009-03-28 04:23 23,955 a------- c:\windows\system32\AAWService_2009_03_28_04_23_28.dmp
2009-03-27 04:47 0 a------- c:\windows\system32\AAWService_2009_03_27_04_47_27.dmp
2009-03-27 02:03 23,746 a------- c:\windows\system32\AAWService_2009_03_27_02_03_36.dmp

==================== Find3M ====================

2009-02-09 06:19 1,846,272 a------- c:\windows\system32\win32k.sys

============= FINISH: 20:06:04.71 ===============

Hello. Two tools for you to run.

First,

Please download GooredFix and save it to your Desktop. Please double-click GooredFix.exe on your Desktop to run it. Select 2. Fix Goored by typing 2 and pressing Enter. Make sure all instances of Firefox are closed at this point. Type y at the prompt and press Enter again. A log will open, please post the contents of that log in your next reply (it can also be found on your desktop, called GooredLog.txt).

Second,

• Download combofix from here
  Link 1
  Link 2
  
• We need to disable your local AV (Anti-virus) before running Combofix.
  
• See HERE for how to disable your AV. (AVG8)
  
• Double click on ComboFix.exe.
  
• Follow the prompts. NOTE:
  
• ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
  ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***
  
  **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.
  
  
  
• The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.
  
  
  
  
• Allow ComboFix to download the Recovery Console.
  
• Accept the End-User License Agreement.
  
• The Recovery Console will be installed.
  
• You will then get this next prompt that asks if you want to continue the malware scan, select yes
  
  
  
  
• Allow combofix to run
  
• Post C:\combofix.txt back here.
  
  Note:
  Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
  

GooredFix v1.92 by jpshortstuff
Log created at 20:34 on 06/04/2009 running Option #2 (David)
Firefox version 3.0.5 (en-US)

=====Goored Deletions=====

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
"{CFED15E2-CB40-481C-8517-91B73E4124F2}"="C:\Documents and Settings\Administrator\Local Settings\Application Data\{CFED15E2-CB40-481C-8517-91B73E4124F2}\"
->Backing up value... Done.
->Deleting value... Done.

C:\Documents and Settings\Administrator\Local Settings\Application Data\{CFED15E2-CB40-481C-8517-91B73E4124F2}
->Backing up folder... Done.
->Emptying folder... Done.
->Deleting folder... Done.

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
"{D4E0CD36-CD86-44E7-841C-3CF7453F1746}"="C:\Documents and Settings\David\Local Settings\Application Data\{D4E0CD36-CD86-44E7-841C-3CF7453F1746}"
->Backing up value... Done.
->Deleting value... Done.

C:\Documents and Settings\David\Local Settings\Application Data\{D4E0CD36-CD86-44E7-841C-3CF7453F1746}
->Backing up folder... Done.
->Emptying folder... Done.
->Deleting folder... Done.

=====Dumping Registry Values=====

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.5\extensions]
"Plugins"="C:\Program Files\Mozilla Firefox\plugins"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.5\extensions]
"Components"="C:\Program Files\Mozilla Firefox\components"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
"jqs@sun.com"="C:\Program Files\Java\jre6\lib\deploy\jqs\ff"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
"{3f963a5b-e555-4543-90e2-c3908898db71}"="C:\Program Files\AVG\AVG8\Firefox"


ComboFix 09-04-04.01 - David 2009-04-06 20:47:29.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2047.1519 [GMT -4:00]
Running from: c:\documents and settings\David\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated)
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
F:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2009-03-07 to 2009-04-07 )))))))))))))))))))))))))))))))
.

2009-04-06 18:25 . 2009-04-06 18:25 d-------- c:\program files\Malwarebytes' Anti-Malware
2009-04-06 18:25 . 2009-04-06 18:25 d-------- c:\documents and settings\David\Application Data\Malwarebytes
2009-04-06 18:25 . 2009-04-06 18:25 d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-04-06 18:25 . 2009-04-06 15:32 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-06 18:25 . 2009-04-06 15:32 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-04-06 17:18 . 2009-04-06 17:18 410,984 --a------ c:\windows\system32\deploytk.dll
2009-04-06 13:02 . 2009-04-06 13:02 d-------- c:\documents and settings\Administrator
2009-04-06 12:43 . 2009-04-06 12:43 23,955 --a------ c:\windows\system32\AAWService_2009_04_06_12_43_24.dmp
2009-04-03 03:06 . 2009-04-03 03:10 266 --ah----- C:\aaw7boot.cmd
2009-03-28 16:01 . 2009-03-28 16:01 d-------- c:\documents and settings\David\Application Data\xznzhvuf
2009-03-28 15:59 . 2009-04-06 16:06 d--h----- C:\$AVG8.VAULT$
2009-03-28 15:52 . 2009-04-06 19:14 d-------- c:\windows\system32\drivers\Avg
2009-03-28 15:52 . 2009-03-28 15:52 d-------- c:\program files\AVG
2009-03-28 15:52 . 2009-03-29 05:42 d-------- c:\documents and settings\All Users\Application Data\avg8
2009-03-28 15:52 . 2009-03-28 15:52 325,640 --a------ c:\windows\system32\drivers\avgldx86.sys
2009-03-28 15:52 . 2009-04-06 12:50 108,552 --a------ c:\windows\system32\drivers\avgtdix.sys
2009-03-28 15:52 . 2009-03-28 15:52 10,520 --a------ c:\windows\system32\avgrsstx.dll
2009-03-28 05:02 . 2009-03-28 05:02 21,417 --a------ c:\windows\system32\AAWService_2009_03_28_05_02_53.dmp
2009-03-28 04:23 . 2009-03-28 04:23 23,955 --a------ c:\windows\system32\AAWService_2009_03_28_04_23_28.dmp
2009-03-27 17:42 . 2009-03-27 17:42 d-------- c:\documents and settings\NetworkService\Application Data\xznzhvuf
2009-03-27 04:47 . 2009-03-27 04:47 0 --a------ c:\windows\system32\AAWService_2009_03_27_04_47_27.dmp
2009-03-27 02:03 . 2009-03-27 02:03 23,746 --a------ c:\windows\system32\AAWService_2009_03_27_02_03_36.dmp
2009-03-27 01:48 . 2009-03-27 01:49 d-------- c:\documents and settings\All Users\Application Data\Lavasoft

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-06 21:17 --------- d-----w c:\program files\Java
2009-04-02 20:22 --------- d-----w c:\documents and settings\David\Application Data\Azureus
2009-03-28 20:55 --------- d-----w c:\program files\GetRight
2009-03-02 14:49 --------- d-----w c:\program files\Combined Community Codec Pack
2009-02-09 10:19 1,846,272 ----a-w c:\windows\system32\win32k.sys
.

((((((((((((((((((((((((((((( SnapShot@2009-04-06_20.42.53.76 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-04-07 00:46:11 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_5b8.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2007-04-03 165784]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"Aim6"="c:\program files\AIM6\aim6.exe" [2008-06-06 50528]
"AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2009-01-11 2356088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-04-06 148888]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-03-20 213936]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-04-27 282624]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2006-11-21 813912]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-02 13529088]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-02 86016]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-03-28 1932568]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 c:\windows\KHALMNPR.Exe]
"SoundMan"="SOUNDMAN.EXE" [2006-11-17 c:\windows\SOUNDMAN.EXE]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-05-22 805392]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 02:42 72208 c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-03-28 15:52 10520 c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.ac3filter"= ac3filter.acm
"vidc.ffds"= c:\progra~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dnuqopacajuhiqij]
c:\windows\ahutaxuh.dll [BU]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-10-13 12:24 1694208 c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\system tool]
c:\windows\sysguard.exe [BU]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2008-05-02 22:46 1630208 c:\windows\system32\nwiz.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\InterVideo\\DVD8\\WinDVD.exe"=
"c:\\Program Files\\Steam\\steamapps\\umichhockey\\half-life 2 deathmatch\\hl2.exe"=
"c:\\Program Files\\GetRight\\getright.exe"=
"c:\\Program Files\\Azureus\\Azureus.exe"=
"c:\\Program Files\\NCsoft\\Exteel\\System\\Exteel.exe"=
"c:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\OpenCase\\OpenCASE Media Agent\\PandoBinaries\\NBCPandoREST.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"57375:TCP"= 57375:TCP:PandoRest Listening Port
"58411:TCP"= 58411:TCP:PandoRest Listening Port
"57727:TCP"= 57727:TCP:PandoRest Listening Port
"57678:TCP"= 57678:TCP:PandoRest Listening Port

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-03-28 325640]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-03-28 108552]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-03-28 298264]
R2 OpenCASE Media Agent;OpenCASE Media Agent;c:\program files\OpenCase\OpenCASE Media Agent\MediaAgent.exe [2008-08-29 835208]
S2 pciobvsv;Logitech SetPoint KMDF HID Filter Controller;c:\windows\System32\svchost.exe -k netsvcs [2004-08-04 14336]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\d:\ntglm7x.sys --> d:\NTGLM7X.sys [?]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
pciobvsv

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0b18d348-21ed-11dd-96ae-001617470c48}]
\Shell\Shell00\Command - F:\Start.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{aad237cf-0ab7-11dc-a377-806d6172696f}]
\Shell\AutoRun\command - D:\Setup.exe
.
Contents of the 'Scheduled Tasks' folder

2009-04-06 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe []
.
.
------- Supplementary Scan -------
.
IE: Download with GetRight Pro - c:\program files\GetRight\GRdownload.htm
IE: Open with GetRight Pro Browser - c:\program files\GetRight\GRbrowse.htm
TCP: {D9195A28-269D-44E6-83EA-18B418C3CD37} = 64.233.217.3,64.233.217.5
FF - ProfilePath -
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-06 20:50:42
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(780)
c:\windows\system32\Ati2evxx.dll
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\program files\common files\logishrd\bluetooth\LBTServ.dll
.
Completion time: 2009-04-06 20:52:57
ComboFix-quarantined-files.txt 2009-04-07 00:52:01

Pre-Run: 50,468,962,304 bytes free
Post-Run: 50,455,797,760 bytes free

163 --- E O F --- 2009-03-28 08:23:19

Now open a new notepad file.
Input this into the notepad file:

KILLALL::

Driver::
pciobvsv

File::
c:\windows\system32\AAWService_2009_03_28_05_02_53.dmp
c:\windows\system32\AAWService_2009_03_28_04_23_28.dmp
c:\windows\system32\AAWService_2009_03_27_04_47_27.dmp
c:\windows\system32\AAWService_2009_03_27_02_03_36.dmp
c:\windows\sysguard.exe
c:\windows\ahutaxuh.dll

Folder::
c:\documents and settings\David\Application Data\Azureus

NetSvc::
pciobvsv

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dnuqopacajuhiqij]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\system tool]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Azureus\\Azureus.exe"=-

Save this as CFScript.txt, save it to your desktop also.
Then drag and drop CFScript.txt into combofix as seen below:


This will open combofix.exe again, agree to it's terms and allow it to run, it may want to reboot after it's done. Post the resulting log back here.

ComboFix 09-04-04.01 - David 2009-04-06 21:06:27.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2047.1507 [GMT -4:00]
Running from: c:\documents and settings\David\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\David\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated)
* Created a new restore point

FILE ::
c:\windows\ahutaxuh.dll
c:\windows\sysguard.exe
c:\windows\system32\AAWService_2009_03_27_02_03_36.dmp
c:\windows\system32\AAWService_2009_03_27_04_47_27.dmp
c:\windows\system32\AAWService_2009_03_28_04_23_28.dmp
c:\windows\system32\AAWService_2009_03_28_05_02_53.dmp
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\David\Application Data\Azureus
c:\documents and settings\David\Application Data\Azureus\.certs
c:\documents and settings\David\Application Data\Azureus\.keystore
c:\documents and settings\David\Application Data\Azureus\.lock
c:\documents and settings\David\Application Data\Azureus\active\0091B931186C3B6990D7C80F5804B7DA317C5150.dat
c:\documents and settings\David\Application Data\Azureus\active\0091B931186C3B6990D7C80F5804B7DA317C5150.dat.bak
c:\documents and settings\David\Application Data\Azureus\active\02CD55BCF6DD2F8DBE0413E43590CC66213B16EE.dat
c:\documents and settings\David\Application Data\Azureus\active\02CD55BCF6DD2F8DBE0413E43590CC66213B16EE.dat.bak
c:\documents and settings\David\Application Data\Azureus\active\0494CE786E594FD049841A02203FE1F145CFB290.dat
c:\documents and settings\David\Application Data\Azureus\active\0494CE786E594FD049841A02203FE1F145CFB290.dat.bak
c:\documents and settings\David\Application Data\Azureus\active\0627D302E1EEDF534C139E223E1F015D89EF2B89.dat
c:\documents and settings\David\Application Data\Azureus\active\0627D302E1EEDF534C139E223E1F015D89EF2B89.dat.bak
c:\documents and settings\David\Application Data\Azureus\active\0627D302E1EEDF534C139E223E1F015D89EF2B89\fmfile3.dat
c:\documents and settings\David\Application Data\Azureus\active\0B2190AB30B0F1668565E7C131F1BE7A0CF6E9B4.dat
c:\documents and settings\David\Application Data\Azureus\active\0B2190AB30B0F1668565E7C131F1BE7A0CF6E9B4.dat.bak
c:\documents and settings\David\Application Data\Azureus\active\0E656A1C29C4C14B046DFC5E9DF0E9E79F396EA4.dat
c:\documents and settings\David\Application Data\Azureus\active\0E656A1C29C4C14B046DFC5E9DF0E9E79F396EA4.dat.bak
c:\documents and settings\David\Application Data\Azureus\active\16FBB51D2A29E8B7D743C5D3F1C56DB5BD4CBEAD.dat
c:\documents and settings\David\Application Data\Azureus\active\16FBB51D2A29E8B7D743C5D3F1C56DB5BD4CBEAD.dat.bak
c:\documents and settings\David\Application Data\Azureus\active\178B2B67C0DCE48852FF1AA87AF1D03CAAA85154.dat
c:\documents and settings\David\Application Data\Azureus\active\178B2B67C0DCE48852FF1AA87AF1D03CAAA85154.dat.bak
c:\documents and settings\David\Application Data\Azureus\active\1798D672934CB23C19441FBDBB17EF78A4395C65.dat
c:\documents and settings\David\Application Data\Azureus\active\1798D672934CB23C19441FBDBB17EF78A4395C65.dat.bak
c:\documents and settings\David\Application Data\Azureus\active\1BE3FB3985D546E2A1CF6211BF8671F6E3B95A43.dat
c:\documents and settings\David\Application Data\Azureus\active\1BE3FB3985D546E2A1CF6211BF8671F6E3B95A43.dat.bak
c:\documents and settings\David\Application Data\Azureus\active\1D9F8B63500B23DCF236F227501919CA1B139CF9.dat
c:\documents and settings\David\Application Data\Azureus\active\1D9F8B63500B23DCF236F227501919CA1B139CF9.dat.bak
c:\documents and settings\David\Application Data\Azureus\active\1F4531149E7D4D99DEA2719C2BB03D5057958AEF.dat
c:\documents and settings\David\Application Data\Azureus\active\1F4531149E7D4D99DEA2719C2BB03D5057958AEF.dat.bak
c:\documents and settings\David\Application Data\Azureus\active\21625D1979E18BDA18247C190EC696F4B8096545.dat
c:\documents and settings\David\Application Data\Azureus\active\21625D1979E18BDA18247C190EC696F4B8096545.dat.bak
c:\documents and settings\David\Application Data\Azureus\active\21F63D29F9CF6D8E44A1088277F8784241E2C742.dat
c:\documents and settings\David\Application Data\Azureus\active\21F63D29F9CF6D8E44A1088277F8784241E2C742.dat.bak
c:\documents and settings\David\Application Data\Azureus\active\24C701D910925EC0A0743A7234516B2C6A90C856.dat
c:\documents and settings\David\Application Data\Azureus\active\24C701D910925EC0A0743A7234516B2C6A90C856.dat.bak
c:\documents and settings\David\Application Data\Azureus\active\264AE3D694D2C87638F513936F181D15DEA6E0F0.dat
c:\documents and settings\David\Application Data\Azureus\active\264AE3D694D2C87638F513936F181D15DEA6E0F0.dat.bak
c:\documents and settings\David\Application

c:\documents and settings\David\Application Data\Azureus\active\B23052705153BFE3A1013DE4F5A0C08565370960.dat
c:\documents and settings\David\Application Data\Azureus\active\B23052705153BFE3A1013DE4F5A0C08565370960.dat.bak
c:\documents and settings\David\Application Data\Azureus\active\B326EDF02C068D296AEEDBC6C8BA6DA16A926918.dat
c:\documents and settings\David\Application Data\Azureus\active\B326EDF02C068D296AEEDBC6C8BA6DA16A926918.dat.bak
c:\documents and settings\David\Application Data\Azureus\active\B5E93EAD20D69041C955E3AA30696C7B978B5CFE.dat
c:\documents and settings\David\Application Data\Azureus\active\B5E93EAD20D69041C955E3AA30696C7B978B5CFE.dat.bak
c:\documents and settings\David\Application Data\Azureus\active\B7DF06A2E0659E66C6B9D1D8CF4F85E65C6E7B5C.dat
c:\documents and settings\David\Application Data\Azureus\active\B7DF06A2E0659E66C6B9D1D8CF4F85E65C6E7B5C.dat.bak
c:\documents and settings\David\Application Data\Azureus\active\BB3F9F6CF655E3CF7B629A4689C777FD16EE580F.dat
c:\documents and settings\David\Application Data\Azureus\active\BB3F9F6CF655E3CF7B629A4689C777FD16EE580F.dat.bak
c:\documents and settings\David\Application Data\Azureus\active\BE77813780F89B17656F0388EBB6823DBEB2B1FD.dat
c:\documents and settings\David\Application Data\Azureus\active\BE77813780F89B17656F0388EBB6823DBEB2B1FD.dat.bak
c:\documents and settings\David\Application Data\Azureus\active\C034B35275241FAE3F8F7676B050145B96FB435C.dat
c:\documents and settings\David\Application Data\Azureus\active\C034B35275241FAE3F8F7676B050145B96FB435C.dat.bak
c:\documents and settings\David\Application Data\Azureus\active\C235E72B61101B0BED037BDD5D7C1141BBDA7D5B.dat
c:\documents and settings\David\Application Data\Azureus\active\C235E72B61101B0BED037BDD5D7C1141BBDA7D5B.dat.bak
c:\documents and settings\David\Application Data\Azureus\active\C54262F6120B616908AF0F5167A8B136DF0878F8.dat
c:\documents and settings\David\Application Data\Azureus\active\C54262F6120B616908AF0F5167A8B136DF0878F8.dat.bak
c:\documents and settings\David\Application Data\Azureus\active\C69BA8DB91BFD5C901053714AA191A418D5E8961.dat
c:\documents and settings\David\Application Data\Azureus\active\C69BA8DB91BFD5C901053714AA191A418D5E8961.dat.bak
c:\documents and settings\David\Application Data\Azureus\active\C89EDDBF2C56F49794846E011B4ED1879BA24E65.dat
c:\documents and settings\David\Application Data\Azureus\active\C89EDDBF2C56F49794846E011B4ED1879BA24E65.dat.bak
c:\documents and settings\David\Application Data\Azureus\active\cache.dat
c:\documents and settings\David\Application Data\Azureus\active\CD20439B1EBD5D99150B0D3F9AEE2637D11F5E54.dat
c:\documents and settings\David\Application Data\Azureus\active\CD20439B1EBD5D99150B0D3F9AEE2637D11F5E54.dat.bak
c:\documents and settings\David\Application Data\Azureus\active\CDD6D31B82E2EAA037B24948EC1A2F24CCD31D9E.dat
c:\documents and settings\David\Application Data\Azureus\active\CDD6D31B82E2EAA037B24948EC1A2F24CCD31D9E.dat.bak
c:\documents and settings\David\Application Data\Azureus\active\CE825A6AB2651384FE50473312661CAB24B57068.dat
c:\documents and settings\David\Application Data\Azureus\active\CE825A6AB2651384FE50473312661CAB24B57068.dat.bak
c:\documents and settings\David\Application Data\Azureus\active\D0B50398A8C77A941D5BB5E7DF0A148C73ED0A74.dat
c:\documents and settings\David\Application Data\Azureus\active\D0B50398A8C77A941D5BB5E7DF0A148C73ED0A74.dat.bak
c:\documents and settings\David\Application Data\Azureus\active\D137B80E33EDD46DB12313E1BA3E27A96C489B51.dat
c:\documents and settings\David\Application Data\Azureus\active\D137B80E33EDD46DB12313E1BA3E27A96C489B51.dat.bak
c:\documents and settings\David\Application Data\Azureus\active\D38542D59C7B7FE3AFBC062D62A669018AC6C614.dat
c:\documents and settings\David\Application Data\Azureus\active\D38542D59C7B7FE3AFBC062D62A669018AC6C614.dat.bak
c:\documents and settings\David\Application Data\Azureus\active\D7FB011B6DAE4A928356A9E72F216BD524340BF0.dat
c:\documents and settings\David\Application Data\Azureus\active\D7FB011B6DAE4A928356A9E72F216BD524340BF0.dat.bak
c:\documents and settings\David\Application Data\Azureus\active\D8F09CD5E351913011F5F65FCE03DA875E45784D.dat
c:\documents and settings\David\Application Data\Azureus\active\D8F09CD5E351913011F5F65FCE03DA875E45784D.dat.bak
c:\documents and settings\David\Application Data\Azureus\active\D9C81292CF16945D7DA7576B3715674100DB214F.dat
c:\documents and settings\David\Application Data\Azureus\active\D9C81292CF16945D7DA7576B3715674100DB214F.dat.bak
c:\documents and settings\David\Application Data\Azureus\active\DE57802D9AE8A20ABF0B151D1E931A65B5A0165B.dat
c:\documents and settings\David\Application Data\Azureus\active\DE57802D9AE8A20ABF0B151D1E931A65B5A0165B.dat.bak
c:\documents and settings\David\Application Data\Azureus\active\E10A120411D344ECC840D0CDA5AFBC1F084D4070.dat
c:\documents and settings\David\Application Data\Azureus\active\E10A120411D344ECC840D0CDA5AFBC1F084D4070.dat.bak
c:\documents and settings\David\Application Data\Azureus\active\E44000E33B1CDD46E1DFA2F5BB84B98FDE0893AE.dat
c:\documents and settings\David\Application Data\Azureus\active\E44000E33B1CDD46E1DFA2F5BB84B98FDE0893AE.dat.bak
c:\documents and settings\David\Application Data\Azureus\active\E9309230E210129D6C9F8C7F37E3F68B8AB88842.dat
c:\documents and settings\David\Application Data\Azureus\active\E9309230E210129D6C9F8C7F37E3F68B8AB88842.dat.bak
c:\documents and settings\David\Application Data\Azureus\active\EF215966557FC6C1DD61486F8BBAAC2811F25A9A.dat
c:\documents and settings\David\Application Data\Azureus\active\EF215966557FC6C1DD61486F8BBAAC2811F25A9A.dat.bak
c:\documents and settings\David\Application Data\Azureus\active\F05C7EE6E6CF1254AE5A6CD08B2989C4D231FA67.dat
c:\documents and settings\David\Application Data\Azureus\active\F05C7EE6E6CF1254AE5A6CD08B2989C4D231FA67.dat.bak
c:\documents and settings\David\Application Data\Azureus\active\F7D510F12A6613E26D4C94E233F2C736D8271656.dat
c:\documents and settings\David\Application Data\Azureus\active\F7D510F12A6613E26D4C94E233F2C736D8271656.dat.bak
c:\documents and settings\David\Application Data\Azureus\active\F98C7809EBF2FFE2FF57723D019704E434789170.dat
c:\documents and settings\David\Application Data\Azureus\active\F98C7809EBF2FFE2FF57723D019704E434789170.dat.bak
c:\documents and settings\David\Application Data\Azureus\active\FA4D2E439A8BE48B421EAC6A5CA08190AD77E571.dat
c:\documents and settings\David\Application Data\Azureus\active\FA4D2E439A8BE48B421EAC6A5CA08190AD77E571.dat.bak
c:\documents and settings\David\Application Data\Azureus\active\FAC6BDF65E40A870AB7B6ABCA026A1472917B320.dat
c:\documents and settings\David\Application Data\Azureus\active\FAC6BDF65E40A870AB7B6ABCA026A1472917B320.dat.bak
c:\documents and settings\David\Application Data\Azureus\active\FBAF7CCD441A0A88172453A1930A6599220B6B59.dat
c:\documents and settings\David\Application Data\Azureus\active\FBAF7CCD441A0A88172453A1930A6599220B6B59.dat.bak
c:\documents and settings\David\Application Data\Azureus\azureus.config
c:\documents and settings\David\Application Data\Azureus\azureus.config.bak
c:\documents and settings\David\Application Data\Azureus\azureus.statistics
c:\documents and settings\David\Application Data\Azureus\azureus.statistics.bak
c:\documents and settings\David\Application Data\Azureus\banips.config
c:\documents and settings\David\Application Data\Azureus\banips.config.bak
c:\documents and settings\David\Application Data\Azureus\dht\addresses.dat
c:\documents and settings\David\Application Data\Azureus\dht\contacts.dat
c:\documents and settings\David\Application Data\Azureus\dht\diverse.dat
c:\documents and settings\David\Application Data\Azureus\dht\general.dat
c:\documents and settings\David\Application Data\Azureus\dht\version.dat
c:\documents and settings\David\Application Data\Azureus\downloads.config
c:\documents and settings\David\Application Data\Azureus\downloads.config.bak
c:\documents and settings\David\Application Data\Azureus\filters.config
c:\documents and settings\David\Application Data\Azureus\friends.config
c:\documents and settings\David\Application Data\Azureus\friends.config.bak
c:\documents and settings\David\Application Data\Azureus\ipfilter.cache
c:\documents and settings\David\Application Data\Azureus\logs\alerts_1.log
c:\documents and settings\David\Application Data\Azureus\logs\AutoSpeed_1.log
c:\documents and settings\David\Application Data\Azureus\logs\AutoSpeed_2.log
c:\documents and settings\David\Application Data\Azureus\logs\AutoSpeedSearchHistory_1.log
c:\documents and settings\David\Application Data\Azureus\logs\clientid_1.log
c:\documents and settings\David\Application Data\Azureus\logs\debug_1.log
c:\documents and settings\David\Application Data\Azureus\logs\debug_2.log
c:\documents and settings\David\Application Data\Azureus\logs\Friends_1.log
c:\documents and settings\David\Application Data\Azureus\logs\NetStatus_1.log
c:\documents and settings\David\Application Data\Azureus\logs\seltrace_1.log
c:\documents and settings\David\Application Data\Azureus\logs\seltrace_2.log
c:\documents and settings\David\Application Data\Azureus\logs\SpeedMan_1.log
c:\documents and settings\David\Application Data\Azureus\logs\SpeedMan_2.log
c:\documents and settings\David\Application Data\Azureus\logs\thread_1.log
c:\documents and settings\David\Application Data\Azureus\logs\thread_2.log
c:\documents and settings\David\Application Data\Azureus\net\pm_29737.dat
c:\documents and settings\David\Application Data\Azureus\net\pm_33668.dat
c:\documents and settings\David\Application Data\Azureus\plugins\azupnpav\azupnpav_0.1.3.jar
c:\documents and settings\David\Application Data\Azureus\plugins\azupnpav\azupnpav_0.1.3.zip
c:\documents and settings\David\Application Data\Azureus\plugins\azupnpav\azupnpav_0.1.7.jar
c:\documents and settings\David\Application Data\Azureus\plugins\azupnpav\azupnpav_0.1.7.zip
c:\documents and settings\David\Application Data\Azureus\plugins\azupnpav\azupnpav_0.2.2.jar
c:\documents and settings\David\Application Data\Azureus\plugins\azupnpav\azupnpav_0.2.2.zip
c:\documents and settings\David\Application Data\Azureus\plugins\azupnpav\plugin.properties
c:\documents and settings\David\Application Data\Azureus\plugins\azupnpav\plugin.properties_0.1.3
c:\documents and settings\David\Application Data\Azureus\plugins\azupnpav\plugin.properties_0.1.7
c:\documents and settings\David\Application Data\Azureus\plugins\azupnpav\plugin.properties_0.2.2
c:\documents and settings\David\Application Data\Azureus\tables.config
c:\documents and settings\David\Application Data\Azureus\tables.config.bak
c:\documents and settings\David\Application Data\Azureus\tmp\AZU38933.tmp
c:\documents and settings\David\Application Data\Azureus\tmp\AZU38934.tmp
c:\documents and settings\David\Application Data\Azureus\tmp\AZU38935.tmp
c:\documents and settings\David\Application Data\Azureus\tmp\AZU38936.tmp
c:\documents and settings\David\Application Data\Azureus\tmp\AZU38937.tmp
c:\documents and settings\David\Application Data\Azureus\tmp\AZU38938.tmp
c:\documents and settings\David\Application Data\Azureus\tmp\AZU38939.tmp
c:\documents and settings\David\Application Data\Azureus\tmp\AZU38940.tmp
c:\documents and settings\David\Application Data\Azureus\torrents\AZU24909.tmp
c:\documents and settings\David\Application Data\Azureus\torrents\AZU24912.tmp
c:\documents and settings\David\Application Data\Azureus\torrents\AZU25398.tmp
c:\documents and settings\David\Application Data\Azureus\torrents\AZU25402.tmp
c:\documents and settings\David\Application Data\Azureus\torrents\AZU25922.tmp
c:\documents and settings\David\Application Data\Azureus\torrents\AZU25924.tmp
c:\documents and settings\David\Application Data\Azureus\torrents\AZU25927.tmp
c:\documents and settings\David\Application Data\Azureus\torrents\AZU36350.tmp
c:\documents and settings\David\Application Data\Azureus\torrents\AZU37010.tmp
c:\documents and settings\David\Application Data\Azureus\torrents\AZU42366.tmp
c:\documents and settings\David\Application Data\Azureus\torrents\AZU49406.tmp
c:\documents and settings\David\Application Data\Azureus\torrents\AZU59704.tmp
c:\documents and settings\David\Application Data\Azureus\torrents\AZU61055.tmp
c:\documents and settings\David\Application Data\Azureus\torrents\AZU63799.tmp
c:\documents and settings\David\Application Data\Azureus\torrents\AZU6928.tmp
c:\documents and settings\David\Application Data\Azureus\torrents\AZU6932.tmp
c:\documents and settings\David\Application Data\Azureus\torrents\b130[1].torrent
c:\documents and settings\David\Application Data\Azureus\torrents\b146[1].torrent
c:\documents and settings\David\Application Data\Azureus\torrents\b147[1].torrent
c:\documents and settings\David\Application Data\Azureus\torrents\b148[1].torrent
c:\documents and settings\David\Application Data\Azureus\torrents\b149[1].torrent
c:\documents and settings\David\Application Data\Azureus\torrents\b150[1].torrent
c:\documents and settings\David\Application Data\Azureus\torrents\b151[1].torrent
c:\documents and settings\David\Application Data\Azureus\torrents\b152[1].torrent
c:\documents and settings\David\Application Data\Azureus\torrents\b153[1].torrent
c:\documents and settings\David\Application Data\Azureus\torrents\b154[1].torrent
c:\documents and settings\David\Application Data\Azureus\torrents\b155[1].torrent
c:\documents and settings\David\Application Data\Azureus\torrents\b156[1].torrent
c:\documents and settings\David\Application Data\Azureus\torrents\b157[1].torrent
c:\documents and settings\David\Application Data\Azureus\torrents\b158v2[1].torrent
c:\documents and settings\David\Application Data\Azureus\torrents\b159[1].torrent
c:\documents and settings\David\Application Data\Azureus\torrents\b160[1].torrent
c:\documents and settings\David\Application Data\Azureus\torrents\b161[1].torrent
c:\documents and settings\David\Application Data\Azureus\torrents\b162[1].torrent
c:\documents and settings\David\Application Data\Azureus\torrents\b163[1].torrent
c:\documents and settings\David\Application Data\Azureus\torrents\b164[1].torrent
c:\documents and settings\David\Application Data\Azureus\torrents\b165[1].torrent
c:\documents and settings\David\Application Data\Azureus\torrents\b166[1].torrent
c:\documents and settings\David\Application Data\Azureus\torrents\b166hd[1].torrent
c:\documents and settings\David\Application Data\Azureus\torrents\b167[1].torrent
c:\documents and settings\David\Application Data\Azureus\torrents\b168[1].torrent
c:\documents and settings\David\Application Data\Azureus\torrents\b169[1].torrent
c:\documents and settings\David\Application Data\Azureus\torrents\b170[1].torrent
c:\documents and settings\David\Application Data\Azureus\torrents\b171[1].torrent
c:\documents and settings\David\Application Data\Azureus\torrents\b172.torrent

c:\documents and settings\David\Application Data\Azureus\torrents\b173.torrent
c:\documents and settings\David\Application Data\Azureus\torrents\b174.torrent
c:\documents and settings\David\Application Data\Azureus\torrents\b175.torrent
c:\documents and settings\David\Application Data\Azureus\torrents\b176-177.torrent
c:\documents and settings\David\Application Data\Azureus\torrents\b178.torrent
c:\documents and settings\David\Application Data\Azureus\torrents\b179.torrent
c:\documents and settings\David\Application Data\Azureus\torrents\b180.torrent
c:\documents and settings\David\Application Data\Azureus\torrents\b181.torrent
c:\documents and settings\David\Application Data\Azureus\torrents\b182.torrent
c:\documents and settings\David\Application Data\Azureus\torrents\b183.torrent
c:\documents and settings\David\Application Data\Azureus\torrents\b184.torrent
c:\documents and settings\David\Application Data\Azureus\torrents\b185.torrent
c:\documents and settings\David\Application Data\Azureus\torrents\b186.torrent
c:\documents and settings\David\Application Data\Azureus\torrents\b187.torrent
c:\documents and settings\David\Application Data\Azureus\torrents\b188.torrent
c:\documents and settings\David\Application Data\Azureus\torrents\b189.torrent
c:\documents and settings\David\Application Data\Azureus\torrents\b190.torrent
c:\documents and settings\David\Application Data\Azureus\torrents\b191.torrent
c:\documents and settings\David\Application Data\Azureus\torrents\b192.torrent
c:\documents and settings\David\Application Data\Azureus\torrents\b193v2.torrent
c:\documents and settings\David\Application Data\Azureus\torrents\b194.torrent
c:\documents and settings\David\Application Data\Azureus\torrents\b195[1].torrent
c:\documents and settings\David\Application Data\Azureus\torrents\b196[1].torrent
c:\documents and settings\David\Application Data\Azureus\torrents\b197[1].torrent
c:\documents and settings\David\Application Data\Azureus\torrents\b198[1].torrent
c:\documents and settings\David\Application Data\Azureus\torrents\b199[1].torrent
c:\documents and settings\David\Application Data\Azureus\torrents\b200.torrent
c:\documents and settings\David\Application Data\Azureus\torrents\b201[1].torrent
c:\documents and settings\David\Application Data\Azureus\torrents\b202.torrent
c:\documents and settings\David\Application Data\Azureus\torrents\b203.torrent
c:\documents and settings\David\Application Data\Azureus\torrents\b204[1].torrent
c:\documents and settings\David\Application Data\Azureus\torrents\b205[1].torrent
c:\documents and settings\David\Application Data\Azureus\torrents\b206[1].torrent
c:\documents and settings\David\Application Data\Azureus\torrents\b207[1].torrent
c:\documents and settings\David\Application Data\Azureus\torrents\b208[1].torrent
c:\documents and settings\David\Application Data\Azureus\torrents\b209[1].torrent
c:\documents and settings\David\Application Data\Azureus\torrents\b210[1].torrent
c:\documents and settings\David\Application Data\Azureus\torrents\b211[1].torrent
c:\documents and settings\David\Application Data\Azureus\torrents\b212[1].torrent
c:\documents and settings\David\Application Data\Azureus\torrents\b213[1].torrent
c:\documents and settings\David\Application Data\Azureus\torrents\ns001-002[1].torrent
c:\documents and settings\David\Application Data\Azureus\torrents\ns003[1].torrent
c:\documents and settings\David\Application Data\Azureus\torrents\ns004[1].torrent
c:\documents and settings\David\Application Data\Azureus\torrents\ns005[1].torrent
c:\documents and settings\David\Application Data\Azureus\torrents\ns006-007[1].torrent
c:\documents and settings\David\Application Data\Azureus\torrents\ns008-009[1].torrent
c:\documents and settings\David\Application Data\Azureus\torrents\ns010[1].torrent
c:\documents and settings\David\Application Data\Azureus\torrents\ns011[1].torrent
c:\documents and settings\David\Application Data\Azureus\torrents\ns012[1].torrent
c:\documents and settings\David\Application Data\Azureus\torrents\ns013[1].torrent
c:\documents and settings\David\Application Data\Azureus\torrents\ns014[1].torrent
c:\documents and settings\David\Application Data\Azureus\torrents\ns015[1].torrent
c:\documents and settings\David\Application Data\Azureus\torrents\ns016[1].torrent
c:\documents and settings\David\Application Data\Azureus\torrents\ns017[1].torrent
c:\documents and settings\David\Application Data\Azureus\torrents\ns018[1].torrent
c:\documents and settings\David\Application Data\Azureus\torrents\ns019[1].torrent
c:\documents and settings\David\Application Data\Azureus\torrents\ns020[1].torrent
c:\documents and settings\David\Application Data\Azureus\torrents\ns021[1].torrent
c:\documents and settings\David\Application Data\Azureus\torrents\ns022-023[1].torrent
c:\documents and settings\David\Application Data\Azureus\torrents\ns024[1].torrent
c:\documents and settings\David\Application Data\Azureus\torrents\ns025[1].torrent
c:\documents and settings\David\Application Data\Azureus\torrents\ns026[1].torrent
c:\documents and settings\David\Application Data\Azureus\torrents\ns027[1].torrent
c:\documents and settings\David\Application Data\Azureus\torrents\ns028[1].torrent
c:\documents and settings\David\Application Data\Azureus\torrents\ns029-030[1].torrent
c:\documents and settings\David\Application Data\Azureus\torrents\ns031[1].torrent
c:\documents and settings\David\Application Data\Azureus\torrents\ns032[1].torrent
c:\documents and settings\David\Application Data\Azureus\torrents\ns033[1].torrent
c:\documents and settings\David\Application Data\Azureus\torrents\ns034[1].torrent
c:\documents and settings\David\Application Data\Azureus\torrents\ns035[1].torrent
c:\documents and settings\David\Application Data\Azureus\torrents\ns036-037[1].torrent
c:\documents and settings\David\Application Data\Azureus\torrents\ns038[1].torrent
c:\documents and settings\David\Application Data\Azureus\torrents\ns039[1].torrent
c:\documents and settings\David\Application Data\Azureus\torrents\ns040-041[1].torrent
c:\documents and settings\David\Application Data\Azureus\torrents\ns042[1].torrent
c:\documents and settings\David\Application Data\Azureus\torrents\ns043[1].torrent
c:\documents and settings\David\Application Data\Azureus\torrents\ns044[1].torrent
c:\documents and settings\David\Application Data\Azureus\torrents\ns045[1].torrent
c:\documents and settings\David\Application Data\Azureus\torrents\ns046[1].torrent
c:\documents and settings\David\Application Data\Azureus\torrents\ns047[1].torrent
c:\documents and settings\David\Application Data\Azureus\torrents\ns048[1].torrent
c:\documents and settings\David\Application Data\Azureus\torrents\ns049[1].torrent
c:\documents and settings\David\Application Data\Azureus\torrents\ns050[1].torrent
c:\documents and settings\David\Application Data\Azureus\torrents\ns051-052[1].torrent
c:\documents and settings\David\Application Data\Azureus\torrents\ns053[1].torrent
c:\documents and settings\David\Application Data\Azureus\torrents\ns054[1].torrent
c:\documents and settings\David\Application Data\Azureus\torrents\ns055[1].torrent
c:\documents and settings\David\Application Data\Azureus\torrents\ns056[1].torrent
c:\documents and settings\David\Application Data\Azureus\torrents\ns057-058[1].torrent
c:\documents and settings\David\Application Data\Azureus\torrents\ns059[1].torrent
c:\documents and settings\David\Application Data\Azureus\torrents\ns060v2[1].torrent
c:\documents and settings\David\Application Data\Azureus\torrents\ns061[1].torrent
c:\documents and settings\David\Application Data\Azureus\torrents\ns062[1].torrent
c:\documents and settings\David\Application Data\Azureus\torrents\ns063[1].torrent
c:\documents and settings\David\Application Data\Azureus\torrents\ns064-065[1].torrent
c:\documents and settings\David\Application Data\Azureus\torrents\ns066[1].torrent
c:\documents and settings\David\Application Data\Azureus\torrents\ns067[1].torrent
c:\documents and settings\David\Application Data\Azureus\torrents\ns068-069[1].torrent
c:\documents and settings\David\Application Data\Azureus\torrents\ns070[1].torrent
c:\documents and settings\David\Application Data\Azureus\torrents\ns071[1].torrent
c:\documents and settings\David\Application Data\Azureus\torrents\ns072[1].torrent
c:\documents and settings\David\Application Data\Azureus\torrents\ns073[1].torrent
c:\documents and settings\David\Application Data\Azureus\torrents\ns074[1].torrent
c:\documents and settings\David\Application Data\Azureus\torrents\ns075[1].torrent
c:\documents and settings\David\Application Data\Azureus\torrents\ns076-077[1].torrent
c:\documents and settings\David\Application Data\Azureus\torrents\ns078-079[1].torrent
c:\documents and settings\David\Application Data\Azureus\torrents\ns080[1].torrent
c:\documents and settings\David\Application Data\Azureus\torrents\ns081[1].torrent
c:\documents and settings\David\Application Data\Azureus\torrents\ns082[1].torrent
c:\documents and settings\David\Application Data\Azureus\torrents\ns083[1].torrent
c:\documents and settings\David\Application Data\Azureus\torrents\ns084[1].torrent
c:\documents and settings\David\Application Data\Azureus\torrents\ns085[1].torrent
c:\documents and settings\David\Application Data\Azureus\torrents\ns086-087[1].torrent
c:\documents and settings\David\Application Data\Azureus\torrents\ns088[1].torrent
c:\documents and settings\David\Application Data\Azureus\torrents\ns089[1].torrent
c:\documents and settings\David\Application Data\Azureus\torrents\ns090.torrent
c:\documents and settings\David\Application Data\Azureus\torrents\ns091[1].torrent
c:\documents and settings\David\Application Data\Azureus\tracker.config
c:\documents and settings\David\Application Data\Azureus\tracker.config.bak
c:\documents and settings\David\Application Data\Azureus\update.log
c:\documents and settings\David\Application Data\Azureus\update.properties
c:\windows\system32\AAWService_2009_03_27_02_03_36.dmp
c:\windows\system32\AAWService_2009_03_27_04_47_27.dmp
c:\windows\system32\AAWService_2009_03_28_04_23_28.dmp
c:\windows\system32\AAWService_2009_03_28_05_02_53.dmp

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_PCIOBVSV
-------\Service_pciobvsv


((((((((((((((((((((((((( Files Created from 2009-03-07 to 2009-04-07 )))))))))))))))))))))))))))))))
.

2009-04-06 18:25 . 2009-04-06 18:25 d-------- c:\program files\Malwarebytes' Anti-Malware
2009-04-06 18:25 . 2009-04-06 18:25 d-------- c:\documents and settings\David\Application Data\Malwarebytes
2009-04-06 18:25 . 2009-04-06 18:25 d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-04-06 18:25 . 2009-04-06 15:32 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-06 18:25 . 2009-04-06 15:32 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-04-06 17:18 . 2009-04-06 17:18 410,984 --a------ c:\windows\system32\deploytk.dll
2009-04-06 13:02 . 2009-04-06 13:02 d-------- c:\documents and settings\Administrator
2009-04-06 12:43 . 2009-04-06 12:43 23,955 --a------ c:\windows\system32\AAWService_2009_04_06_12_43_24.dmp
2009-04-03 03:06 . 2009-04-03 03:10 266 --ah----- C:\aaw7boot.cmd
2009-03-28 16:01 . 2009-03-28 16:01 d-------- c:\documents and settings\David\Application Data\xznzhvuf
2009-03-28 15:59 . 2009-04-06 16:06 d--h----- C:\$AVG8.VAULT$
2009-03-28 15:52 . 2009-04-06 19:14 d-------- c:\windows\system32\drivers\Avg
2009-03-28 15:52 . 2009-03-28 15:52 d-------- c:\program files\AVG
2009-03-28 15:52 . 2009-03-29 05:42 d-------- c:\documents and settings\All Users\Application Data\avg8
2009-03-28 15:52 . 2009-03-28 15:52 325,640 --a------ c:\windows\system32\drivers\avgldx86.sys
2009-03-28 15:52 . 2009-04-06 12:50 108,552 --a------ c:\windows\system32\drivers\avgtdix.sys
2009-03-28 15:52 . 2009-03-28 15:52 10,520 --a------ c:\windows\system32\avgrsstx.dll
2009-03-27 17:42 . 2009-03-27 17:42 d-------- c:\documents and settings\NetworkService\Application Data\xznzhvuf
2009-03-27 01:48 . 2009-03-27 01:49 d-------- c:\documents and settings\All Users\Application Data\Lavasoft

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-06 21:17 --------- d-----w c:\program files\Java
2009-03-28 20:55 --------- d-----w c:\program files\GetRight
2009-03-02 14:49 --------- d-----w c:\program files\Combined Community Codec Pack
.

((((((((((((((((((((((((((((( SnapShot@2009-04-06_20.42.53.76 )))))))))))))))))))))))))))))))))))))))))
.
+ 2005-10-21 00:02:28 163,328 ----a-w c:\windows\ERDNT\subs\ERDNT.EXE
+ 2009-04-07 01:09:53 16,384 ----atw c:\windows\temp\Perflib_Perfdata_27c.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2007-04-03 165784]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"Aim6"="c:\program files\AIM6\aim6.exe" [2008-06-06 50528]
"AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2009-01-11 2356088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-04-06 148888]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-03-20 213936]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-04-27 282624]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2006-11-21 813912]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-02 13529088]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-02 86016]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-03-28 1932568]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 c:\windows\KHALMNPR.Exe]
"SoundMan"="SOUNDMAN.EXE" [2006-11-17 c:\windows\SOUNDMAN.EXE]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-05-22 805392]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 02:42 72208 c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-03-28 15:52 10520 c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.ac3filter"= ac3filter.acm
"vidc.ffds"= c:\progra~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-10-13 12:24 1694208 c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2008-05-02 22:46 1630208 c:\windows\system32\nwiz.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\InterVideo\\DVD8\\WinDVD.exe"=
"c:\\Program Files\\Steam\\steamapps\\umichhockey\\half-life 2 deathmatch\\hl2.exe"=
"c:\\Program Files\\GetRight\\getright.exe"=
"c:\\Program Files\\NCsoft\\Exteel\\System\\Exteel.exe"=
"c:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\OpenCase\\OpenCASE Media Agent\\PandoBinaries\\NBCPandoREST.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"57375:TCP"= 57375:TCP:PandoRest Listening Port
"58411:TCP"= 58411:TCP:PandoRest Listening Port
"57727:TCP"= 57727:TCP:PandoRest Listening Port
"57678:TCP"= 57678:TCP:PandoRest Listening Port

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-03-28 325640]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-03-28 108552]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-03-28 298264]
R2 OpenCASE Media Agent;OpenCASE Media Agent;c:\program files\OpenCase\OpenCASE Media Agent\MediaAgent.exe [2008-08-29 835208]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\d:\ntglm7x.sys --> d:\NTGLM7X.sys [?]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0b18d348-21ed-11dd-96ae-001617470c48}]
\Shell\Shell00\Command - F:\Start.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{aad237cf-0ab7-11dc-a377-806d6172696f}]
\Shell\AutoRun\command - D:\Setup.exe
.
Contents of the 'Scheduled Tasks' folder

2009-04-06 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe []
.
.
------- Supplementary Scan -------
.
IE: Download with GetRight Pro - c:\program files\GetRight\GRdownload.htm
IE: Open with GetRight Pro Browser - c:\program files\GetRight\GRbrowse.htm
TCP: {D9195A28-269D-44E6-83EA-18B418C3CD37} = 64.233.217.3,64.233.217.5
FF - ProfilePath -
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-06 21:10:12
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(784)
c:\windows\system32\Ati2evxx.dll
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\program files\common files\logishrd\bluetooth\LBTServ.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\windows\system32\wscntfy.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
c:\program files\AIM6\aolsoftware.exe
c:\program files\Logitech\SetPoint\LU\LULnchr.exe
c:\program files\Logitech\SetPoint\LU\LogitechUpdate.exe
c:\program files\OpenCase\OpenCASE Media Agent\PandoBinaries\NBCPandoREST.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
.
**************************************************************************
.
Completion time: 2009-04-06 21:14:16 - machine was rebooted
ComboFix-quarantined-files.txt 2009-04-07 01:14:03
ComboFix2.txt 2009-04-07 00:52:58

Pre-Run: 50,446,704,640 bytes free
Post-Run: 50,385,522,688 bytes free

1369 --- E O F --- 2009-03-28 08:23:19

Hello.
Please delete this file in bold:
c:\windows\system32\AAWService_2009_04_06_12_43_24.dmp

I just wanna take a peek at what's installed.

• Open HijackThis
  
• When Hijack This opens, click "Open the Misc Tools section"
  
• Then select "Open Uninstall Manager"
  
• Click on "Save List..." (generates uninstall_list.txt)
  
• Click Save, copy and paste the results in your next post.
  

??????
??????
??????
??????
??????
AC3Filter (remove only)
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe Flash Player ActiveX
Adobe Flash Player Plugin
Adobe Reader 8.1.2
Age of Conan - Hyborian Adventures
AIM 6
ATI - Software Uninstall Utility
ATI Catalyst Control Center
ATI Display Driver
AVG 8.5
Azureus
Canon iP1800 series
CDDRV_Installer
Combined Community Codec Pack 2008-09-21 16:18
Critical Update for Windows Media Player 11 (KB959772)
DivX Codec
DivX Converter
DivX Web Player
Exteel
GetRight Pro
HijackThis 2.0.2
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB952287)
InterVideo WinDVD 8
Java 2 Runtime Environment, SE v1.4.2_04
Java(TM) 6 Update 13
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Java(TM) SE Runtime Environment 6 Update 1
KhalInstallWrapper
Logitech Harmony Remote Software 7
Logitech SetPoint
Malwarebytes' Anti-Malware
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox (3.0.5)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
NBC Direct Beta
NVIDIA Drivers
OpenCASE Media Agent
QuickTime
Realtek AC'97 Audio
Remote Control USB Driver
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931768)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Steam
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB932823-v3)
Update for Windows XP (KB933360)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Ventrilo Client
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
WinRAR archiver
World of Warcraft

I see that you were running Azureus.
P2P(Peer to peer) applications are designed to help you easily share and distribute files between you and a group of people. But they can also be used to distribute malware, and thus are not considered safe.
The removal of these programs is optional, but highly recommended.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs.

• Adobe Reader 8.1.2
  
• Azureus
  
• Java 2 Runtime Environment, SE v1.4.2_04
  
• Java(TM) 6 Update 2
  
• Java(TM) 6 Update 3
  
• Java(TM) SE Runtime Environment 6 Update 1
  

Next, please download Firefox version 3.0.8 and install it over version 3.0.5 you currently have installed.

And last,

Please download JavaRa from here

• First, unzip it.
  
• Then run JavaRa. (If you are running Vista, you will need to right click JavaRa > select "Run as administrator")
  
• Select English from the drop down menu and press Select.
  
• This will open JavaRa.
  
• Press Remove older versions
  
• Press yes to the prompt.
  
• It will make a log file of what it's removed.
  
• Copy and paste the log back here.
  

JavaRa 1.12 Removal Log.

Report follows after line.

------------------------------------

The JavaRa removal process was started on Tue Apr 07 00:47:07 2009

Found and removed: C:\Program Files\Java\jre1.6.0_01

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.4

Found and removed: Software\JavaSoft\Java2D\1.5.0_11

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D610001

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F841731866D117AB7000B0D410204

Found and removed: SOFTWARE\Classes\JavaPlugin.142_04

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA}

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_02

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_03

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_04

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2.0_01

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_01\

------------------------------------

Finished reporting.

Hello.
How is the machine running now?

It seems to be running smooth at the moment. Did we go through all the steps you wanted to?

Yep.

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /u



This will also reset your restore points.

Below I have included a number of recommendations for how to protect your computer in order to prevent future malware infections. Please take these recommendations seriously; these few simple steps can stave off the vast majority of spyware problems. As happy as we are to help you, for your sake we would rather not have repeat customers.

1) Please navigate to http://windowsupdate.microsoft.com and download all the "critical updates" for Windows. This can patch many of the security holes through which attackers can gain access to your computer.

Please either enable Automatic Updates under Start -> Control Panel -> Automatic Updates , or get into the habit of checking for Windows updates regularly. I cannot stress enough how important this is.

2) In order to protect yourself against spyware, you should consider installing and running the following free programs:

Ad-Aware SE
A tutorial on using Ad-Aware to remove spyware from your computer may be found here.

Spybot-Search & Destroy
A tutorial on using Spybot to remove spyware from your computer may be found here. Please also remember to enable Spybot's "Immunize" and "TeaTimer" features.

SpywareBlaster
A tutorial on using SpywareBlaster to prevent spyware from ever installing on your computer may be found here.

SpywareGuard
A tutorial on using SpywareGuard for realtime protection against spyware and hijackers may be found here.

Make sure to keep these programs up-to-date and to run them regularly, as this can prevent a great deal of spyware hassle.

3) Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in popup blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from here:
http://www.mozilla.org/products/firefox/
I also recommand the following add-ons for Firefox, they will help keep you safe from malicious scripts or activeX exploits.
https://addons.mozilla.org/en-US/firefox/addon/722
https://addons.mozilla.org/en-US/firefox/addon/1865
https://addons.mozilla.org/en-US/firefox/addon/433

4) Also make sure to run your antivirus software regularly, and to keep it up-to-date.

To help you keep your software updated, please considering using this free software program that will check for program updates.
Update Checker

5) Finally, consider maintaining a firewall. Some good free firewalls are Kerio, or
Outpost
A tutorial on understanding and using firewalls may be found here.

Please also read Tony Klein's excellent article: How I got Infected in the First Place

If you would take a moment to fill out our feedback form, we would appreciate it.
The link can be found here.

Hopefully this should take care of your problems! Good luck.

Thanks so much for all the help!