Win.32Ertfor virus and possible rootkit

Hello, yesterday I was surfing the internet on DDO forums and when I was about to log off, my avast detected a Win.32 Ertfor and my pc automatically restarted.

When my pc finished restarting, I tried to turn on and run my anti-virus and anti-malware programs but my pc told me I needed administration permission, it's my pc and I'm the administrator. Also, system restore and task manager does not work for the same reason as my anti-virus and everytime I try to access the internet, (I am using my school's computers to type this) I am taken to random sites.

I've cut my pc off from the internet to prevent further damage.
Any help would be greatly appreciated.
Thank you for your time.

Please download the current version of HijackThis from HERE

• Double click and run the installer.
  
• It will install to C:\Program Files\Trend Micro\HijackThis\hijackthis.exe
  
• After installing, you should get the user agreement, press accept and Hijack This will run.
  
• Select Do a system scan and save a log file. This will open a notepad file of everything Hijack This found, copy and paste it back here.
  

Hello, sorry it took so long for me to respond, mid-terms and family crisis'.
Hijack this installed but it cut off halfway through scanning and shut me out like every other program I try to run.

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

• Double-click SystemLook.exe to run it.
  
• Copy the content of the following codebox into the main textfield:
  

  Code:

  
:filefind
scecli.dll
netlogon.dll
eventlog.dll
cngaudit.dll

  
  
  
• Click the Look button to start the scan.
  
• When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
  

Note: The log can also be found on your Desktop entitled SystemLook.txt

SystemLook v1.0 by jpshortstuff (29.08.09)
Log created at 16:36 on 12/10/2009 by Administrator (Administrator - Elevation successful)

========== filefind ==========

Searching for "scecli.dll"
C:\WINDOWS\$NtServicePackUninstall$\scecli.dll -----c 180224 bytes [19:25 07/09/2008] [11:00 10/08/2004] 0F78E27F563F2AAF74B91A49E2ABF19A
C:\WINDOWS\ServicePackFiles\i386\scecli.dll ------ 181248 bytes [19:14 07/09/2008] [00:12 14/04/2008] A86BB5E61BF3E39B62AB4C7E7085A084
C:\WINDOWS\system32\scecli.dll --a--- 181248 bytes [10:18 16/08/2005] [00:12 14/04/2008] A86BB5E61BF3E39B62AB4C7E7085A084

Searching for "netlogon.dll"
C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll -----c 407040 bytes [19:26 07/09/2008] [11:00 10/08/2004] 96353FCECBA774BB8DA74A1C6507015A
C:\WINDOWS\ServicePackFiles\i386\netlogon.dll ------ 407040 bytes [19:14 07/09/2008] [00:12 14/04/2008] 1B7F071C51B77C272875C3A23E1E4550
C:\WINDOWS\system32\netlogon.dll --a--- 407040 bytes [10:18 16/08/2005] [00:12 14/04/2008] 1B7F071C51B77C272875C3A23E1E4550

Searching for "eventlog.dll"
C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll -----c 55808 bytes [19:26 07/09/2008] [11:00 10/08/2004] 82B24CB70E5944E6E34662205A2A5B78
C:\WINDOWS\ServicePackFiles\i386\eventlog.dll ------ 56320 bytes [19:13 07/09/2008] [00:11 14/04/2008] 6D4FEB43EE538FC5428CC7F0565AA656
C:\WINDOWS\system32\eventlog.dll --a--- 61952 bytes [10:18 16/08/2005] [00:11 14/04/2008] (Unable to calculate MD5)

Searching for "cngaudit.dll"
No files found.

-=End Of File=-

1. Please download The Avenger by Swandog46 to your Desktop
Link: HERE

• Click on Avenger.zip to open the file
  
• Extract avenger.exe to your desktop
  

2. Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):

Files to delete:
C:\WINDOWS\system32\eventlog.dll

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

3. Now, start The Avenger program by clicking on its icon on your desktop.

• Under "Input script here:", paste in the script from the quote box above.
  
• Leave the ticked box "Scan for rootkit" ticked.
  
• Then tick "Disable any rootkits found"
  
• Now click on the Execute to begin execution of the script.
  
• Answer "Yes" twice when prompted.
  
  The Avenger will automatically do the following:
  
  
• It will Restart your computer.
  
• On reboot, it will briefly open a black command window on your desktop, this is normal.
  
• After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
  
• The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
  

4. Please copy/paste the content of c:\avenger.txt into your reply.

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!


Completed script processing.

*******************

Finished! Terminate.



//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Platform: Windows XP (build 2600, Service Pack 3)
Mon Oct 12 21:00:40 2009

21:00:40: Error: Invalid script. A valid script must begin with a command directive.
Aborting execution!


//////////////////////////////////////////


//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Platform: Windows XP (build 2600, Service Pack 3)
Mon Oct 12 21:01:26 2009

21:01:26: Error: Invalid script. A valid script must begin with a command directive.
Aborting execution!


//////////////////////////////////////////


Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

File "C:\WINDOWS\system32\eventlog.dll" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

Please download and run this tool.

Download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  
• If an update is found, it will download and install the latest version.
  
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  

Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

Post the contents of the MBAM Log.

Malwarebytes' Anti-Malware 1.41
Database version: 2955
Windows 5.1.2600 Service Pack 3

10/13/2009 4:24:03 PM
mbam-log-2009-10-13 (16-24-03).txt

Scan type: Quick Scan
Objects scanned: 35608
Time elapsed: 11 minute(s), 19 second(s)

Memory Processes Infected: 2
Memory Modules Infected: 4
Registry Keys Infected: 4
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 2
Files Infected: 28

Memory Processes Infected:
C:\Program Files\AntivirusPro_2010\AntivirusPro_2010.exe (Trojan.FakeAlert) -> Unloaded process successfully.
C:\WINDOWS\system32\winupdate.exe (Trojan.FakeAlert) -> Unloaded process successfully.

Memory Modules Infected:
C:\WINDOWS\system32\reranavu.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\niyihese.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\jelivehi.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\tftp.nfo (Trojan.Downloader) -> Delete on reboot.

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{5d63f90d-f193-4277-b27b-fe70c9c55d6f} (Password.Stealer) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5d63f90d-f193-4277-b27b-fe70c9c55d6f} (Password.Stealer) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{d07cdf07-b01d-4a9e-bef4-0a1ba518203b} (Password.Stealer) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5d63f90d-f193-4277-b27b-fe70c9c55d6f} (Password.Stealer) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\antivirus pro 2010 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\winupdate.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\AntivirusPro_2010 (Rogue.AntiVirusPro2010) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cody\Start Menu\Programs\AntivirusPro_2010 (Rogue.AntiVirusPro2010) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\system32\reranavu.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\niyihese.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\jelivehi.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\tftp.nfo (Trojan.Downloader) -> Delete on reboot.
C:\Program Files\AntivirusPro_2010\AntivirusPro_2010.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\winupdate.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wtmet1.dll (Password.Stealer) -> Delete on reboot.
C:\Documents and Settings\Cody\Application Data\lizkavd.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\imat.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\mqhimp.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\mtlff.exe (Trojan.Sasfis) -> Quarantined and deleted successfully.
C:\xrwy.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\yonm.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\nqxbk.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\rlswn.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\rmeprraf.exe (Rogue.InternetAntivirus) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cody\Local Settings\temp\Temporary Internet Files\Content.IE5\AEPVA6GW\qajkhhk[1].htm (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cody\Local Settings\temp\Temporary Internet Files\Content.IE5\AEPVA6GW\rkhueef[1].htm (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cody\Local Settings\temp\Temporary Internet Files\Content.IE5\G9EUZ349\xdqrefw[1].htm (Rogue.InternetAntivirus) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cody\Local Settings\temp\Temporary Internet Files\Content.IE5\G9EUZ349\buuiijjx[1].htm (Trojan.Sasfis) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cody\Local Settings\temp\Temporary Internet Files\Content.IE5\KXBMQ4C3\atuuiima[1].htm (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cody\Local Settings\temp\Temporary Internet Files\Content.IE5\KXBMQ4C3\elyii[1].txt (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cody\Local Settings\temp\Temporary Internet Files\Content.IE5\XSH3C2ML\gispcpqd[1].htm (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cody\Local Settings\temp\Temporary Internet Files\Content.IE5\XSH3C2ML\lbblzmzax[1].htm (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cody\Local Settings\temp\Temporary Internet Files\Content.IE5\XSH3C2ML\SetupAdvancedVirusRemover[1].exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Program Files\AntivirusPro_2010\AntivirusPro_2010.cfg (Rogue.AntiVirusPro2010) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cody\Start Menu\Programs\AntivirusPro_2010\AntivirusPro_2010.lnk (Rogue.AntiVirusPro2010) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cody\Start Menu\Programs\AntivirusPro_2010\Uninstall.lnk (Rogue.AntiVirusPro2010) -> Quarantined and deleted successfully.

Please download the current version of HijackThis from HERE

• Double click and run the installer.
  
• It will install to C:\Program Files\Trend Micro\HijackThis\hijackthis.exe
  
• After installing, you should get the user agreement, press accept and Hijack This will run.
  
• Select Do a system scan and save a log file. This will open a notepad file of everything Hijack This found, copy and paste it back here.
  

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:21:36 PM, on 10/13/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\ehome\RMSvc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://wikipedia.org/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
F2 - REG:system.ini: Shell=Explorer.exe rundll32.exe tftp.nfo beforegllav
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {ace6998b-75a8-43fc-a71e-b69193ae4954} - reranavu.dll (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [dezobazusu] Rundll32.exe "niyihese.dll",s
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [mserv] C:\Documents and Settings\Cody\Application Data\svcst.exe
O4 - HKCU\..\Run: [svchost] C:\Documents and Settings\Cody\Application Data\svcst.exe
O4 - HKUS\S-1-5-19\..\Run: [dezobazusu] Rundll32.exe "niyihese.dll",s (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [dezobazusu] Rundll32.exe "niyihese.dll",s (User 'NETWORK SERVICE')
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader2.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Filter hijack: text/html - {92909ef3-4661-483d-8347-591f456180c3} - C:\WINDOWS\mark_32.dll
O20 - AppInit_DLLs: jelivehi.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 6512 bytes

Hello.

• Download combofix from here
  Link 1
  Link 2
  
  1. If you are using Firefox, make sure that your download settings are as follows:
  
  * Tools->Options->Main tab
  * Set to "Always ask me where to Save the files".
  
  2. During the download, rename Combofix to Combo-Fix as follows:
  
  
  
  
  
  3. It is important you rename Combofix during the download, but not after.
  4. Please do not rename Combofix to other names, but only to the one indicated.
  5. Close any open browsers.
  6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  
  
• We need to disable your local AV (Anti-virus) before running Combofix.
  
• See HERE for how to disable your AV.
  
• Double click on ComboFix.exe.
  
• Follow the prompts. NOTE:
  
• ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
  ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***
  
  **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.
  
  
  
• The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.
  
  
  
  
• Allow ComboFix to download the Recovery Console.
  
• Accept the End-User License Agreement.
  
• The Recovery Console will be installed.
  
• You will then get this next prompt that asks if you want to continue the malware scan, select yes
  
  
  
  
• Allow combofix to run
  
• Post C:\combofix.txt back here.
  
  Note:
  Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
  

ComboFix 09-10-13.04 - Cody 10/14/2009 15:08.2.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.502 [GMT -4:00]
Running from: c:\documents and settings\Cody\Desktop\Combo-Fix.exe
AV: avast! antivirus 4.8.1356 [VPS 090924-0] *On-access scanning disabled* (Outdated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\autorun.inf
c:\documents and settings\All Users\Application Data\awacenex._sy
c:\documents and settings\All Users\Application Data\cahowoz.pif
c:\documents and settings\All Users\Application Data\cegida.exe
c:\documents and settings\All Users\Application Data\efiz.dll
c:\documents and settings\All Users\Application Data\hytem.pif
c:\documents and settings\All Users\Application Data\osyqiravi.scr
c:\documents and settings\All Users\Application Data\oxycufo.dll
c:\documents and settings\All Users\Application Data\qibikazo.exe
c:\documents and settings\All Users\Application Data\ukocig.dl
c:\documents and settings\All Users\Documents\iwegowowa.exe
c:\documents and settings\All Users\Documents\nagemofuq.dl
c:\documents and settings\All Users\Documents\ojevo._dl
c:\documents and settings\All Users\Documents\ripexasugi.ban
c:\documents and settings\Cody\Application Data\awijyny._dl
c:\documents and settings\Cody\Application Data\byhyhak.com
c:\documents and settings\Cody\Application Data\ebupogoc.vbs
c:\documents and settings\Cody\Application Data\enyfage._dl
c:\documents and settings\Cody\Application Data\fytul.ban
c:\documents and settings\Cody\Application Data\iniasd.txt
c:\documents and settings\Cody\Application Data\Microsoft\Internet Explorer\Quick Launch\AntivirusPro_2010.lnk
c:\documents and settings\Cody\Application Data\seres.exe
c:\documents and settings\Cody\Application Data\svcst.exe
c:\documents and settings\Cody\Application Data\zyryd.bat
c:\documents and settings\Cody\Cookies\ekohuqigil.bat
c:\documents and settings\Cody\Cookies\oqijib.pif
c:\documents and settings\Cody\Cookies\telejowulo.dl
c:\documents and settings\Cody\Cookies\ucir.reg
c:\documents and settings\Cody\Cookies\xyxozepyt.vbs
c:\documents and settings\Cody\Local Settings\Application Data\gypiqyge.vbs
c:\documents and settings\Cody\Local Settings\Application Data\iwaciwyrit.com
c:\documents and settings\Cody\Local Settings\Application Data\kudetutyma.scr
c:\documents and settings\Cody\Local Settings\Application Data\nyfuniwyv.ban
c:\documents and settings\Cody\Local Settings\Application Data\qyhahod.vbs
c:\documents and settings\Cody\Local Settings\Application Data\ucuvasygu.com
c:\documents and settings\Cody\Local Settings\Temporary Internet Files\covawoziw.com
c:\documents and settings\Cody\Local Settings\Temporary Internet Files\igykaro.bat
c:\documents and settings\Cody\Local Settings\Temporary Internet Files\kuluc.com
c:\documents and settings\Cody\Local Settings\Temporary Internet Files\wexizylod.pif
C:\p2hhr.bat
c:\program files\Common Files\cyxilode._dl
c:\program files\Common Files\ipyzewix.vbs
c:\program files\Common Files\iwamyxomu.dll
c:\program files\Common Files\leju.pif
c:\program files\Common Files\wunubin.ban
c:\program files\Common Files\wurego.vbs
c:\program files\Internet Explorer\msn.exe
c:\program files\Internet Explorer\stm.exe
c:\windows\cyhoqab.dll
c:\windows\ejigefodib.reg
c:\windows\emih.inf
c:\windows\epavagihy._sy
c:\windows\Installer\2b59a.msp
c:\windows\Installer\6f5b14.msp
c:\windows\kb913800.exe
c:\windows\noqeq._dl
c:\windows\rudycone.inf
c:\windows\saside.sys
c:\windows\system32\_scui.cpl
c:\windows\system32\abaz._sy
c:\windows\system32\akokojad.bat
c:\windows\system32\AVR09.exe
c:\windows\system32\bojime.exe
c:\windows\system32\c2d.dat
c:\windows\system32\critical_warning.html
c:\windows\system32\drivers\gasfkydktuirqo.sys
c:\windows\system32\gasfkycjeyfqjo.dll
c:\windows\system32\gasfkylxruxewq.dll
c:\windows\system32\gasfkyvabdubdg.dat
c:\windows\system32\idm.dat
c:\windows\system32\jc.dat
c:\windows\system32\limereju.exe
c:\windows\system32\nk.dat
c:\windows\system32\ofoleru.sys
c:\windows\system32\q1.dat
c:\windows\system32\qyryr.pif
c:\windows\system32\rylyv.scr
c:\windows\system32\uvyqit._dl
c:\windows\system32\winhelper.dll
c:\windows\ugopud.bat
c:\windows\win32k.sys
c:\windows\ykigi.inf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ovfsthxoewfvpya
-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226ED}
-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226EE}
-------\Service_ovfsthxoewfvpya


((((((((((((((((((((((((( Files Created from 2009-09-14 to 2009-10-14 )))))))))))))))))))))))))))))))
.

2009-10-14 01:21 . 2009-10-14 01:21 -------- d-----w- c:\program files\Trend Micro
2009-10-01 00:42 . 2009-09-15 10:54 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-10-01 00:42 . 2009-09-15 10:54 52368 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-10-01 00:42 . 2009-09-15 10:53 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-10-01 00:42 . 2009-09-15 10:56 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-10-01 00:42 . 2009-09-15 10:56 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-10-01 00:42 . 2009-09-15 10:55 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-10-01 00:42 . 2009-09-15 10:55 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-10-01 00:42 . 2009-09-15 10:53 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-10-01 00:42 . 2009-09-15 10:59 1279968 ----a-w- c:\windows\system32\aswBoot.exe
2009-09-30 20:50 . 2009-09-30 20:50 14873 ----a-w- c:\windows\wobox.dat
2009-09-30 20:50 . 2009-09-30 20:50 13258 ----a-w- c:\windows\axoqa.com
2009-09-30 20:50 . 2009-09-30 20:50 11566 ----a-w- c:\windows\system32\orekynuh.com
2009-09-30 20:43 . 2009-09-30 20:43 10960 ----a-w- c:\windows\isehyne.dat
2009-09-30 20:25 . 2009-09-30 20:25 16569 ----a-w- c:\documents and settings\Cody\Local Settings\Application Data\muxyk.dat
2009-09-30 20:24 . 2009-09-30 20:24 1 ----a-w- c:\windows\system32\xd.dat
2009-09-30 01:53 . 2009-09-30 01:53 -------- d-----w- c:\documents and settings\Cody\Application Data\Turbine
2009-09-26 19:20 . 2009-09-26 19:20 -------- d-----w- c:\documents and settings\Cody\Local Settings\Application Data\Turbine
2009-09-26 17:33 . 2009-09-26 17:33 -------- d-----w- c:\program files\Turbine
2009-09-26 15:05 . 2009-09-30 18:27 -------- d-----w- c:\documents and settings\Cody\Local Settings\Application Data\PMB Files
2009-09-26 15:05 . 2009-09-30 02:45 -------- d-----w- c:\documents and settings\All Users\Application Data\PMB Files
2009-09-26 15:05 . 2009-09-26 15:05 -------- d-----w- c:\program files\Pando Networks
2009-09-21 21:17 . 2009-09-21 21:17 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet
2009-09-21 21:06 . 2009-09-21 21:06 -------- d-----w- c:\program files\Adobe Media Player
2009-09-21 21:04 . 2009-09-21 21:04 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-09-21 20:59 . 2009-09-21 20:59 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2009-09-16 02:55 . 2009-09-30 20:28 -------- d-----w- c:\documents and settings\Cody\Application Data\uTorrent

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-14 01:28 . 2009-08-08 02:42 21840 ----atw- c:\windows\system32\SIntfNT.dll
2009-10-14 01:28 . 2009-08-08 02:42 17212 ----atw- c:\windows\system32\SIntf32.dll
2009-10-14 01:28 . 2009-08-08 02:42 12067 ----atw- c:\windows\system32\SIntf16.dll
2009-10-14 01:27 . 2007-12-13 15:15 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-10-14 01:27 . 2007-12-13 15:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-10-13 20:41 . 2009-08-08 02:24 -------- d-----w- c:\program files\Diablo II
2009-10-13 20:21 . 2009-08-24 20:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-10-13 20:21 . 2009-08-24 20:06 -------- d-----w- c:\program files\Microsoft Visual Studio 9.0
2009-10-13 20:11 . 2009-04-28 05:22 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-30 20:50 . 2009-09-30 20:50 19561 ----a-w- c:\documents and settings\Cody\Application Data\xiqulimu.dat
2009-09-30 17:51 . 2009-04-29 16:40 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-09-30 01:58 . 2008-01-11 20:44 -------- d-----w- c:\documents and settings\Cody\Application Data\LimeWire
2009-09-30 01:43 . 2009-06-25 04:03 -------- d-----w- c:\documents and settings\Cody\Application Data\FrostWire
2009-09-30 01:43 . 2009-06-25 03:42 -------- d-----w- c:\program files\FrostWire
2009-09-29 03:30 . 2007-12-01 16:11 -------- d-----w- c:\documents and settings\Cody\Application Data\OpenOffice.org2
2009-09-28 14:06 . 2009-08-19 22:33 -------- d-----w- c:\documents and settings\Cody\Application Data\gtk-2.0
2009-09-28 03:58 . 2009-08-24 20:13 -------- d-----w- c:\documents and settings\Cody\Application Data\codeblocks
2009-09-21 21:17 . 2008-03-26 02:46 42592 ----a-w- c:\windows\system32\GDIPFONTCACHEV1.DAT
2009-09-21 21:07 . 2007-11-28 23:30 -------- d-----w- c:\program files\Common Files\Adobe
2009-09-14 14:45 . 2007-11-28 23:29 -------- d-----w- c:\program files\Microsoft Works
2009-09-10 18:54 . 2009-04-28 05:22 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 18:53 . 2009-04-28 05:22 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-25 19:40 . 2009-08-25 19:40 -------- d-----w- c:\program files\iTunes
2009-08-25 19:40 . 2009-08-25 19:40 -------- d-----w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-08-25 19:40 . 2009-08-25 19:40 -------- d-----w- c:\program files\iPod
2009-08-25 19:40 . 2008-06-13 04:07 -------- d-----w- c:\program files\Common Files\Apple
2009-08-25 19:38 . 2009-08-25 19:38 -------- d-----w- c:\program files\QuickTime
2009-08-24 20:10 . 2009-08-24 20:10 -------- d-----w- c:\program files\Microsoft SQL Server
2009-08-24 20:05 . 2009-08-24 20:05 -------- d-----w- c:\program files\Microsoft SDKs
2009-08-22 05:36 . 2009-08-22 05:36 -------- d-----w- c:\program files\MSBuild
2009-08-22 05:36 . 2009-08-22 05:36 -------- d-----w- c:\program files\Reference Assemblies
2009-08-19 22:37 . 2009-08-19 22:28 -------- d-----w- c:\documents and settings\Cody\Application Data\geany
2009-08-17 05:13 . 2009-08-17 05:13 -------- d-----w- c:\program files\Microsoft
2009-08-17 05:13 . 2009-08-17 05:12 -------- d-----w- c:\program files\Windows Live
2009-08-17 05:13 . 2009-08-17 05:13 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-08-17 05:07 . 2009-08-17 05:07 -------- d-----w- c:\program files\Common Files\Windows Live
2009-08-08 02:39 . 2009-08-08 02:28 33929 ----a-w- c:\windows\DIIUnin.dat
2009-08-08 02:28 . 2009-08-08 02:28 94208 ----a-w- c:\windows\DIIUnin.exe
2009-08-08 02:28 . 2009-08-08 02:28 2829 ----a-w- c:\windows\DIIUnin.pif
2009-08-07 06:03 . 2009-08-07 06:03 5270 ----a-w- c:\windows\DiabUnin.dat
2009-08-07 06:03 . 2009-08-07 06:03 2829 ----a-w- c:\windows\DiabUnin.pif
2009-08-07 06:03 . 2009-08-07 06:03 118784 ----a-w- c:\windows\DiabUnin.exe
2009-08-05 23:23 . 2008-10-08 02:50 1536 ----a-w- c:\windows\system32\drivers\GameNT.sys
2009-08-05 09:01 . 2005-08-16 10:18 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-17 19:01 . 2005-08-16 10:18 58880 ----a-w- c:\windows\system32\atl.dll
.

------- Sigcheck -------

[7] 2008-04-14 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\eventlog.dll
[-] 2004-08-10 . 82B24CB70E5944E6E34662205A2A5B78 . 55808 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\eventlog.dll

c:\windows\system32\eventlog.dll ... is missing !!
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-09-15 81000]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Extender Resource Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Extender Resource Monitor.lnk
backup=c:\windows\pss\Extender Resource Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Cody^Start Menu^Programs^Startup^OpenOffice.org 2.0.lnk]
path=c:\documents and settings\Cody\Start Menu\Programs\Startup\OpenOffice.org 2.0.lnk
backup=c:\windows\pss\OpenOffice.org 2.0.lnkStartup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Dell\\MediaDirect\\PCMService.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\FrostWire\\FrostWire.exe"=
"c:\\Program Files\\Microsoft Games\\Mechwarrior Mercenaries\\MW4Mercs.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3776:UDP"= 3776:UDP:Media Center Extender Service
"3390:TCP"= 3390:TCP:Remote Media Center Experience
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
"5353:TCP"= 5353:TCP:Adobe CSI CS4
"57304:TCP"= 57304:TCP:Pando Media Booster
"57304:UDP"= 57304:UDP:Pando Media Booster

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [9/30/2009 8:42 PM 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [9/30/2009 8:42 PM 20560]
R2 NwSapAgent;SAP Agent;c:\windows\system32\svchost.exe -k netsvcs [8/16/2005 6:18 AM 14336]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
QWAVE REG_MULTI_SZ QWAVE
.
Contents of the 'Scheduled Tasks' folder

2009-04-28 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://wikipedia.org/
mStart Page = hxxp://www.dell.com
uInternet Settings,ProxyOverride = *.local
DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab
.
- - - - ORPHANS REMOVED - - - -

BHO-{ace6998b-75a8-43fc-a71e-b69193ae4954} - reranavu.dll
HKLM-Run-dezobazusu - niyihese.dll



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-14 15:18
Windows 5.1.2600 Service Pack 3 NTFS

scanning hȋdden processes ...

scanning hȋdden autostart entries ...

scanning hȋdden files ...


**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@DACL=(02 0010)
@Denied: (A 2) (Everyone)
@="IFlashBroker3"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@DACL=(02 0010)
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@DACL=(02 0010)
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(964)
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
c:\windows\System32\BCMLogon.dll

- - - - - - - > 'explorer.exe'(3788)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\BCMWLTRY.EXE
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\ehome\ehrecvr.exe
c:\windows\ehome\ehSched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\ehome\RMSvc.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-10-14 15:26 - machine was rebooted
ComboFix-quarantined-files.txt 2009-10-14 19:25
ComboFix2.txt 2009-04-29 23:24

Pre-Run: 78,545,969,152 bytes free
Post-Run: 78,651,895,808 bytes free

302 --- E O F --- 2009-09-10 13:29

Hello.

I see that you are running Limewire.
P2P(Peer to peer) applications are designed to help you easily share and distribute files between you and a group of people. But they can also be used to distribute malware, and thus are not considered safe.
The removal of these programs is optional, but highly recommended.

If Limewire is not removed, then I won't help you.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs.

Frostwire
Limewire

Next,

1. Close any open browsers.
   
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
   
3. Open notepad and copy/paste the text in the quotebox below into it:
   

   
   KILLALL::
   
   File::
   c:\windows\wobox.dat
   c:\windows\axoqa.com
   c:\windows\system32\orekynuh.com
   c:\windows\isehyne.dat
   c:\documents and settings\Cody\Local Settings\Application Data\muxyk.dat
   c:\windows\system32\xd.dat
   c:\documents and settings\Cody\Application Data\xiqulimu.dat
   
   Folder::
   c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
   c:\documents and settings\Cody\Application Data\LimeWire
   c:\documents and settings\Cody\Application Data\FrostWire
   c:\Program Files\LimeWire
   c:\Program Files\FrostWire
   
   FCopy::
   c:\windows\$NtServicePackUninstall$\eventlog.dll | c:\windows\system32\eventlog.dll
   
   RegLock::
   [HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
   [HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
   [HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
   

   
   
4. Save this as CFScript.txt, in the same location as ComboFix.exe
   
   
   
   
5. Referring to the picture above, drag CFScript into ComboFix.exe
   
6. When finished, it shall produce a log for you at C:\ComboFix.txt
   
7. Please post the contents of the log in your next reply.
   

When I tried to post the whole thing, it said it was too big, so i'm posting this in two parts.


ComboFix 09-10-13.04 - Cody 10/14/2009 16:04.3.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.510 [GMT -4:00]
Running from: c:\documents and settings\Cody\Desktop\Combo-Fix.exe
Command switches used :: c:\documents and settings\Cody\Desktop\CFScript.txt
AV: avast! antivirus 4.8.1356 [VPS 090924-0] *On-access scanning disabled* (Outdated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

FILE ::
"c:\documents and settings\Cody\Application Data\xiqulimu.dat"
"c:\documents and settings\Cody\Local Settings\Application Data\muxyk.dat"
"c:\windows\axoqa.com"
"c:\windows\isehyne.dat"
"c:\windows\system32\orekynuh.com"
"c:\windows\system32\xd.dat"
"c:\windows\wobox.dat"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}\x86\DIFxAPI.dll
c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}\x86\DifXInstall32.exe
c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}\x86\DIFxInstallLog.txt
c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}\x86\GEARAspiWDM.inf
c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}\x86\gearaspiwdmx86.cat
c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}\x86\x86\GEARAspi.dll
c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}\x86\x86\GEARAspiWDM.sys
c:\documents and settings\Cody\Application Data\FrostWire
c:\documents and settings\Cody\Application Data\FrostWire\.NetworkShare\Incomplete\T-4506256-LimeWireWin4.16.6.exe
c:\documents and settings\Cody\Application Data\FrostWire\createtimes.cache
c:\documents and settings\Cody\Application Data\FrostWire\downloads.dat
c:\documents and settings\Cody\Application Data\FrostWire\fileurns.bak
c:\documents and settings\Cody\Application Data\FrostWire\fileurns.cache
c:\documents and settings\Cody\Application Data\FrostWire\filters.props
c:\documents and settings\Cody\Application Data\FrostWire\frostwire.props
c:\documents and settings\Cody\Application Data\FrostWire\gnutella.net
c:\documents and settings\Cody\Application Data\FrostWire\installation.props
c:\documents and settings\Cody\Application Data\FrostWire\intent.props
c:\documents and settings\Cody\Application Data\FrostWire\library.dat
c:\documents and settings\Cody\Application Data\FrostWire\mojito.props
c:\documents and settings\Cody\Application Data\FrostWire\overlays.dat
c:\documents and settings\Cody\Application Data\FrostWire\overlays\espsix_older_is_better.jpg
c:\documents and settings\Cody\Application Data\FrostWire\overlays\freshbodyshop_overlay.jpg
c:\documents and settings\Cody\Application Data\FrostWire\questions.props
c:\documents and settings\Cody\Application Data\FrostWire\responses.cache
c:\documents and settings\Cody\Application Data\FrostWire\seenMessages.dat
c:\documents and settings\Cody\Application Data\FrostWire\spam.dat
c:\documents and settings\Cody\Application Data\FrostWire\tables.props
c:\documents and settings\Cody\Application Data\FrostWire\themes\frostwirePro_theme.fwtp
c:\documents and settings\Cody\Application Data\FrostWire\themes\frostwirePro_theme\theme.txt
c:\documents and settings\Cody\Application Data\FrostWire\themes\frostwirePro_theme\version.txt
c:\documents and settings\Cody\Application Data\FrostWire\ttrees.cache
c:\documents and settings\Cody\Application Data\FrostWire\ttroot.cache
c:\documents and settings\Cody\Application Data\FrostWire\version.xml
c:\documents and settings\Cody\Application Data\FrostWire\xml\data\audio.sxml2
c:\documents and settings\Cody\Application Data\LimeWire
c:\documents and settings\Cody\Application Data\LimeWire\active.mojito
c:\documents and settings\Cody\Application Data\LimeWire\browser\xul-v2.0b2.4-do-not-remove
c:\documents and settings\Cody\Application Data\LimeWire\browser\xulrunner\AccessibleMarshal.dll
c:\documents and settings\Cody\Application Data\LimeWire\browser\xulrunner\chrome\branding.jar
c:\documents and settings\Cody\Application Data\LimeWire\browser\xulrunner\chrome\branding.manifest
c:\documents and settings\Cody\Application Data\LimeWire\browser\xulrunner\chrome\classic.jar
c:\documents and settings\Cody\Application Data\LimeWire\browser\xulrunner\chrome\classic.manifest
c:\documents and settings\Cody\Application Data\LimeWire\browser\xulrunner\chrome\comm.jar
c:\documents and settings\Cody\Application Data\LimeWire\browser\xulrunner\chrome\comm.manifest
c:\documents and settings\Cody\Application Data\LimeWire\browser\xulrunner\chrome\en-US.jar
c:\documents and settings\Cody\Application Data\LimeWire\browser\xulrunner\chrome\en-US.manifest
c:\documents and settings\Cody\Application Data\LimeWire\browser\xulrunner\chrome\limewire.jar
c:\documents and settings\Cody\Application Data\LimeWire\browser\xulrunner\chrome\limewire.manifest
c:\documents and settings\Cody\Application Data\LimeWire\browser\xulrunner\chrome\pippki.jar
c:\documents and settings\Cody\Application Data\LimeWire\browser\xulrunner\chrome\pippki.manifest
c:\documents and settings\Cody\Application Data\LimeWire\browser\xulrunner\chrome\toolkit.jar
c:\documents and settings\Cody\Application Data\LimeWire\browser\xulrunner\chrome\toolkit.manifest
c:\documents and settings\Cody\Application Data\LimeWire\browser\xulrunner\components\accessibility-msaa.xpt
c:\documents and settings\Cody\Application Data\LimeWire\browser\xulrunner\components\accessibility.xpt
c:\documents and settings\Cody\Application Data\LimeWire\browser\xulrunner\components\alerts.xpt
c:\documents and settings\Cody\Application Data\LimeWire\browser\xulrunner\components\appshell.xpt
c:\documents and settings\Cody\Application Data\LimeWire\browser\xulrunner\components\appshell_modal.dll
c:\documents and settings\Cody\Application Data\LimeWire\browser\xulrunner\components\appshell_modal.xpt
c:\documents and settings\Cody\Application Data\LimeWire\browser\xulrunner\components\appstartup.xpt
c:\documents and settings\Cody\Application Data\LimeWire\browser\xulrunner\components\auth.dll
c:\documents and settings\Cody\Application Data\LimeWire\browser\xulrunner\components\autocomplete.xpt
c:\documents and settings\Cody\Application Data\LimeWire\browser\xulrunner\components\autoconfig.dll
c:\documents and settings\Cody\Application Data\LimeWire\browser\xulrunner\components\autoconfig.xpt
c:\documents and settings\Cody\Application Data\LimeWire\browser\xulrunner\components\caps.xpt
c:\documents and settings\Cody\Application Data\LimeWire\browser\xulrunner\components\chardet.xpt
c:\documents and settings\Cody\Application Data\LimeWire\browser\xulrunner\components\chrome.xpt
c:\documents and settings\Cody\Application Data\LimeWire\browser\xulrunner\components\commandhandler.xpt
c:\documents and settings\Cody\Application Data\LimeWire\browser\xulrunner\components\commandlines.xpt
c:\documents and settings\Cody\Application Data\LimeWire\browser\xulrunner\components\composer.xpt
c:\documents and settings\Cody\Application Data\LimeWire\browser\xulrunner\components\content_base.xpt
c:\documents and settings\Cody\Application Data\LimeWire\browser\xulrunner\components\content_html.xpt
c:\documents and settings\Cody\Application Data\LimeWire\browser\xulrunner\components\content_htmldoc.xpt
c:\documents and settings\Cody\Application Data\LimeWire\browser\xulrunner\components\content_xmldoc.xpt
c:\documents and settings\Cody\Application Data\LimeWire\browser\xulrunner\components\content_xslt.xpt
c:\documents and settings\Cody\Application Data\LimeWire\browser\xulrunner\components\content_xtf.xpt
c:\documents and settings\Cody\Application Data\LimeWire\browser\xulrunner\components\contentprefs.xpt
c:\documents and settings\Cody\Application Data\LimeWire\browser\xulrunner\components\cookie.xpt
c:\documents and settings\Cody\Application Data\LimeWire\browser\xulrunner\components\directory.xpt
c:\documents and settings\Cody\Application Data\LimeWire\browser\xulrunner\components\docshell_base.xpt
c:\documents and settings\Cody\Application Data\LimeWire\browser\xulrunner\components\dom.xpt
c:\documents and settings\Cody\Application Data\LimeWire\browser\xulrunner\components\dom_base.xpt
c:\documents and settings\Cody\Application Data\LimeWire\browser\xulrunner\components\dom_canvas.xpt
c:\documents and settings\Cody\Application Data\LimeWire\browser\xulrunner\components\dom_core.xpt
c:\documents and settings\Cody\Application Data\LimeWire\browser\xulrunner\components\dom_css.xpt
c:\documents and settings\Cody\Application Data\LimeWire\browser\xulrunner\components\dom_events.xpt
c:\documents and settings\Cody\Application Data\LimeWire\browser\xulrunner\components\dom_html.xpt
c:\documents and settings\Cody\Application Data\LimeWire\browser\xulrunner\components\dom_json.xpt
c:\documents and settings\Cody\Application Data\LimeWire\browser\xulrunner\components\dom_loadsave.xpt
c:\documents and settings\Cody\Application Data\LimeWire\browser\xulrunner\components\dom_offline.xpt
c:\documents and settings\Cody\Application Data\LimeWire\browser\xulrunner\components\dom_range.xpt
c:\documents and settings\Cody\Application Data\LimeWire\browser\xulrunner\components\dom_sidebar.xpt
c:\documents and settings\Cody\Application Data\LimeWire\browser\xulrunner\components\dom_storage.xpt
c:\documents and settings\Cody\Application Data\LimeWire\browser\xulrunner\components\dom_stylesheets.xpt
c:\documents and settings\Cody\Application Data\LimeWire\browser\xulrunner\components\dom_svg.xpt
c:\documents and settings\Cody\Application Data\LimeWire\browser\xulrunner\components\dom_traversal.xpt
c:\documents and settings\Cody\Application Data\LimeWire\browser\xulrunner\components\dom_views.xpt
c:\documents and settings\Cody\Application Data\LimeWire\browser\xulrunner\components\dom_xbl.xpt
c:\documents and settings\Cody\Application Data\LimeWire\browser\xulrunner\components\dom_xpath.xpt
c:\documents and settings\Cody\Application Data\LimeWire\browser\xulrunner\components\dom_xul.xpt
c:\documents and settings\Cody\Application Data\LimeWire\browser\xulrunner\components\downloads.xpt
c:\documents and settings\Cody\Application Data\LimeWire\browser\xulrunner\components\editor.xpt
c:\documents and settings\Cody\Application Data\LimeWire\browser\xulrunner\components\embed_base.xpt
c:\documents and settings\Cody\Application Data\LimeWire\browser\xulrunner\components\extensions.xpt
c:\documents and settings\Cody\Application Data\LimeWire\browser\xulrunner\components\exthandler.xpt
c:\documents and settings\Cody\Application Data\LimeWire\browser\xulrunner\components\exthelper.xpt
c:\documents and settings\Cody\Application Data\LimeWire\browser\xulrunner\components\fastfind.xpt
c:\documents and settings\Cody\Application Data\LimeWire\browser\xulrunner\components\FeedProcessor.js
c:\documents and settings\Cody\Application Data\LimeWire\browser\xulrunner\components\feeds.xpt
c:\documents and settings\Cody\Application Data\LimeWire\browser\xulrunner\components\find.xpt
c:\documents and settings\Cody\Application Data\LimeWire\browser\xulrunner\components\gfx.xpt
c:\documents and settings\Cody\Application Data\LimeWire\browser\xulrunner\components\htmlparser.xpt
c:\documents and settings\Cody\Application Data\LimeWire\browser\xulrunner\components\imgicon.xpt
c:\documents and settings\Cody\Application Data\LimeWire\browser\xulrunner\components\imglib2.xpt
c:\documents and settings\Cody\Application Data\LimeWire\browser\xulrunner\components\inspector.xpt
c:\documents and settings\Cody\Application Data\LimeWire\browser\xulrunner\components\intl.xpt
c:\documents and settings\Cody\Application Data\LimeWire\browser\xulrunner\components\jar.xpt
c:\documents and settings\Cody\Application Data\LimeWire\browser\xulrunner\components\jsconsole-clhandler.js
c:\documents and settings\Cody\Application Data\LimeWire\browser\xulrunner\components\jsdservice.xpt
c:\documents and settings\Cody\Application Data\LimeWire\browser\xulrunner\components\layout_base.xpt
c:\documents and settings\Cody\Application Data\LimeWire\browser\xulrunner\components\layout_printing.xpt
c:\documents and settings\Cody\Application Data\LimeWire\browser\xulrunner\components\layout_xul.xpt
c:\documents and settings\Cody\Application Data\LimeWire\browser\xulrunner\components\layout_xul_tree.xpt
c:\documents and settings\Cody\Application Data\LimeWire\browser\xulrunner\components\locale.xpt
c:\documents and settings\Cody\Application Data\LimeWire\browser\xulrunner\components\loginmgr.xpt
c:\documents and settings\Cody\Application Data\LimeWire\browser\xulrunner\components\lwbrk.xpt
c:\documents and settings\Cody\Application Data\LimeWire\browser\xulrunner\components\mimetype.xpt
c:\documents and settings\Cody\Application Data\LimeWire\browser\xulrunner\components\mozbrwsr.xpt
c:\documents and settings\Cody\Application Data\LimeWire\browser\xulrunner\components\mozfind.xpt
c:\documents and settings\Cody\Application Data\LimeWire\browser\xulrunner\components\necko.xpt
c:\documents and settings\Cody\Application Data\LimeWire\browser\xulrunner\components\necko_about.xpt
c:\documents and settings\Cody\Application Data\LimeWire\browser\xulrunner\components\necko_cache.xpt
c:\documents and settings\Cody\Application Data\LimeWire\browser\xulrunner\components\necko_cookie.xpt
c:\documents and settings\Cody\Application Data\LimeWire\browser\xulrunner\components\necko_dns.xpt
c:\documents and settings\Cody\Application Data\LimeWire\browser\xulrunner\components\necko_file.xpt
c:\documents and settings\Cody\Application Data\LimeWire\browser\xulrunner\components\necko_ftp.xpt
c:\documents and settings\Cody\Application Data\LimeWire\browser\xulrunner\components\necko_http.xpt
c:\documents and settings\Cody\Application Data\LimeWire\browser\xulrunner\components\necko_res.xpt
c:\documents and settings\Cody\Application Data\LimeWire\browser\xulrunner\components\necko_socket.xpt
c:\documents and settings\Cody\Application Data\LimeWire\browser\xulrunner\components\necko_strconv.xpt
c:\documents and settings\Cody\Application Data\LimeWire\browser\xulrunner\components\necko_viewsource.xpt
c:\documents and settings\Cody\Application Data\LimeWire\browser\xulrunner\components\nsAddonRepository.js
c:\documents and settings\Cody\Application Data\LimeWire\browser\xulrunner\components\nsBadCertHandler.js
c:\documents and settings\Cody\Application Data\LimeWire\browser\xulrunner\components\nsBlocklistService.js
c:\documents and settings\Cody\Application Data\LimeWire\browser\xulrunner\components\nsContentDispatchChooser.js
c:\documents and settings\Cody\Application Data\LimeWire\browser\xulrunner\components\nsContentPrefService.js
c:\documents and settings\Cody\Application Data\LimeWire\browser\xulrunner\components\nsDefaultCLH.js
c:\documents and settings\Cody\Application Data\LimeWire\browser\xulrunner\components\nsDictionary.js
c:\documents and settings\Cody\Application Data\LimeWire\browser\xulrunner\components\nsDownloadManagerUI.js
c:\documents and settings\Cody\Application Data\LimeWire\browser\xulrunner\components\nsExtensionManager.js
c:\documents and settings\Cody\Application Data\LimeWire\browser\xulrunner\components\nsHandlerService.js
c:\documents and settings\Cody\Application Data\LimeWire\browser\xulrunner\components\nsHelperAppDlg.js
c:\documents and settings\Cody\Application Data\LimeWire\browser\xulrunner\components\nsLivemarkService.js
c:\documents and settings\Cody\Application Data\LimeWire\browser\xulrunner\components\nsLoginInfo.js
c:\documents and settings\Cody\Application Data\LimeWire\browser\xulrunner\components\nsLoginManager.js
c:\documents and settings\Cody\Application Data\LimeWire\browser\xulrunner\components\nsLoginManagerPrompter.js
c:\documents and settings\Cody\Application Data\LimeWire\browser\xulrunner\components\nsPostUpdateWin.js
c:\documents and settings\Cody\Application Data\LimeWire\browser\xulrunner\components\nsProgressDialog.js
c:\documents and settings\Cody\Application Data\LimeWire\browser\xulrunner\components\nsProxyAutoConfig.js
c:\documents and settings\Cody\Application Data\LimeWire\browser\xulrunner\components\nsResetPref.js
c:\documents and settings\Cody\Application Data\LimeWire\browser\xulrunner\components\nsTaggingService.js
c:\documents and settings\Cody\Application Data\LimeWire\browser\xulrunner\components\nsTryToClose.js
c:\documents and settings\Cody\Application Data\LimeWire\browser\xulrunner\components\nsUpdateService.js
c:\documents and settings\Cody\Application Data\LimeWire\browser\xulrunner\components\nsURLFormatter.js
c:\documents and settings\Cody\Application Data\LimeWire\browser\xulrunner\components\nsWebHandlerApp.js
c:\documents and settings\Cody\Application Data\LimeWire\browser\xulrunner\components\nsXmlRpcClient.js
c:\documents and settings\Cody\Application Data\LimeWire\browser\xulrunner\components\nsXULAppInstall.js
c:\documents and settings\Cody\Application Data\LimeWire\browser\xulrunner\components\oji.xpt
c:\documents and settings\Cody\Application Data\LimeWire\browser\xulrunner\components\parentalcontrols.xpt
c:\documents and settings\Cody\Application Data\LimeWire\browser\xulrunner\components\pipboot.dll
c:\documents and settings\Cody\Application Data\LimeWire\browser\xulrunner\components\pipboot.xpt
c:\documents and settings\Cody\Application Data\LimeWire\browser\xulrunner\components\pipnss.dll
c:\documents and settings\Cody\Application Data\LimeWire\browser\xulrunner\components\pipnss.xpt
c:\documents and settings\Cody\Application Data\LimeWire\browser\xulrunner\components\pippki.dll
c:\documents and settings\Cody\Application Data\LimeWire\browser\xulrunner\components\pippki.xpt
c:\documents and settings\Cody\Application Data\LimeWire\browser\xulrunner\components\places.xpt
c:\documents and settings\Cody\Application Data\LimeWire\browser\xulrunner\components\plugin.xpt
c:\documents and settings\Cody\Application Data\LimeWire\browser\xulrunner\components\pluginGlue.js
c:\documents and settings\Cody\Application Data\LimeWire\browser\xulrunner\components\pref.xpt
c:\documents and settings\Cody\Application Data\LimeWire\browser\xulrunner\components\prefetch.xpt
c:\documents and settings\Cody\Application Data\LimeWire\browser\xulrunner\components\profile.xpt
c:\documents and settings\Cody\Application Data\LimeWire\browser\xulrunner\components\proxyObject.xpt
c:\documents and settings\Cody\Application Data\LimeWire\browser\xulrunner\components\rdf.xpt
c:\documents and settings\Cody\Application Data\LimeWire\browser\xulrunner\components\satchel.xpt
c:\documents and settings\Cody\Application Data\LimeWire\browser\xulrunner\components\saxparser.xpt
c:\documents and settings\Cody\Application Data\LimeWire\browser\xulrunner\components\shistory.xpt
c:\documents and settings\Cody\Application Data\LimeWire\browser\xulrunner\components\spellchecker.xpt
c:\documents and settings\Cody\Application Data\LimeWire\browser\xulrunner\components\storage-Legacy.js
c:\documents and settings\Cody\Application Data\LimeWire\browser\xulrunner\components\storage.xpt
c:\documents and settings\Cody\Application Data\LimeWire\browser\xulrunner\components\toolkitprofile.xpt
c:\documents and settings\Cody\Application Data\LimeWire\browser\xulrunner\components\transformiix.dll
c:\documents and settings\Cody\Application Data\LimeWire\browser\xulrunner\components\txEXSLTRegExFunctions.js
c:\documents and settings\Cody\Application Data\LimeWire\browser\xulrunner\components\txmgr.xpt
c:\documents and settings\Cody\Application Data\LimeWire\browser\xulrunner\components\txtsvc.xpt
c:\documents and settings\Cody\Application Data\LimeWire\browser\xulrunner\components\uconv.xpt
c:\documents and settings\Cody\Application Data\LimeWire\browser\xulrunner\components\unicharutil.xpt
c:\documents and settings\Cody\Application Data\LimeWire\browser\xulrunner\components\universalchardet.dll
c:\documents and settings\Cody\Application Data\LimeWire\browser\xulrunner\components\update.xpt
c:\documents and settings\Cody\Application Data\LimeWire\browser\xulrunner\components\uriloader.xpt
c:\documents and settings\Cody\Application Data\LimeWire\browser\xulrunner\components\urlformatter.xpt
c:\documents and settings\Cody\Application Data\LimeWire\browser\xulrunner\components\webBrowser_core.xpt
c:\documents and settings\Cody\Application Data\LimeWire\browser\xulrunner\components\webbrowserpersist.xpt
c:\documents and settings\Cody\Application Data\LimeWire\browser\xulrunner\components\webshell_idls.xpt
c:\documents and settings\Cody\Application Data\LimeWire\browser\xulrunner\components\websrvcs.dll
c:\documents and settings\Cody\Application Data\LimeWire\browser\xulrunner\components\widget.xpt
c:\documents and settings\Cody\Application Data\LimeWire\browser\xulrunner\components\windowds.xpt
c:\documents and settings\Cody\Application Data\LimeWire\browser\xulrunner\components\windowwatcher.xpt
c:\documents and settings\Cody\Application Data\LimeWire\browser\xulrunner\components\xml-rpc.xpt
c:\documents and settings\Cody\Application Data\LimeWire\browser\xulrunner\components\xmlextras.dll
c:\documents and settings\Cody\Application Data\LimeWire\browser\xulrunner\components\xpcom_base.xpt
c:\documents and settings\Cody\Application Data\LimeWire\browser\xulrunner\components\xpcom_components.xpt
c:\documents and settings\Cody\Application Data\LimeWire\browser\xulrunner\components\xpcom_ds.xpt
c:\documents and settings\Cody\Application Data\LimeWire\browser\xulrunner\components\xpcom_io.xpt
c:\documents and settings\Cody\Application Data\LimeWire\browser\xulrunner\components\xpcom_system.xpt
c:\documents and settings\Cody\Application Data\LimeWire\browser\xulrunner\components\xpcom_thread.xpt
c:\documents and settings\Cody\Application Data\LimeWire\browser\xulrunner\components\xpcom_xpti.xpt
c:\documents and settings\Cody\Application Data\LimeWire\browser\xulrunner\components\xpconnect.xpt
c:\documents and settings\Cody\Application Data\LimeWire\browser\xulrunner\components\xpinstall.xpt
c:\documents and settings\Cody\Application Data\LimeWire\browser\xulrunner\components\xulapp.xpt
c:\documents and settings\Cody\Application Data\LimeWire\browser\xulrunner\components\xulapp_setup.xpt
c:\documents and settings\Cody\Application Data\LimeWire\browser\xulrunner\components\xuldoc.xpt
c:\documents and settings\Cody\Application Data\LimeWire\browser\xulrunner\components\xultmpl.xpt
c:\documents and settings\Cody\Application Data\LimeWire\browser\xulrunner\components\xulutil.dll
c:\documents and settings\Cody\Application Data\LimeWire\browser\xulrunner\components\zipwriter.xpt
c:\documents and settings\Cody\Application Data\LimeWire\browser\xulrunner\crashreporter.exe
c:\documents and settings\Cody\Application Data\LimeWire\browser\xulrunner\crashreporter.ini
c:\documents and settings\Cody\Application Data\LimeWire\browser\xulrunner\defaults\autoconfig\platform.js
c:\documents and settings\Cody\Application Data\LimeWire\browser\xulrunner\defaults\autoconfig\prefcalls.js
c:\documents and settings\Cody\Application Data\LimeWire\browser\xulrunner\defaults\pref\xulrunner.js
c:\documents and settings\Cody\Application Data\LimeWire\browser\xulrunner\defaults\profile\chrome\userChrome-example.css
c:\documents and settings\Cody\Application Data\LimeWire\browser\xulrunner\defaults\profile\chrome\userContent-example.css
c:\documents and settings\Cody\Application Data\LimeWire\browser\xulrunner\defaults\profile\localstore.rdf
c:\documents and settings\Cody\Application Data\LimeWire\browser\xulrunner\defaults\profile\US\chrome\userChrome-example.css
c:\documents and settings\Cody\Application Data\LimeWire\browser\xulrunner\defaults\profile\US\chrome\userContent-example.css
c:\documents and settings\Cody\Application Data\LimeWire\browser\xulrunner\defaults\profile\US\localstore.rdf
c:\documents and settings\Cody\Application Data\LimeWire\browser\xulrunner\dependentlibs.list
c:\documents and settings\Cody\Application Data\LimeWire\browser\xulrunner\dictionaries\en-US.aff
c:\documents and settings\Cody\Application Data\LimeWire\browser\xulrunner\dictionaries\en-US.dic
c:\documents and settings\Cody\Application Data\LimeWire\browser\xulrunner\freebl3.chk
c:\documents and settings\Cody\Application Data\LimeWire\browser\xulrunner\freebl3.dll
c:\documents and settings\Cody\Application Data\LimeWire\browser\xulrunner\greprefs\all.js
c:\documents and settings\Cody\Application Data\LimeWire\browser\xulrunner\greprefs\security-prefs.js
c:\documents and settings\Cody\Application Data\LimeWire\browser\xulrunner\greprefs\xpinstall.js
c:\documents and settings\Cody\Application Data\LimeWire\browser\xulrunner\IA2Marshal.dll
c:\documents and settings\Cody\Application Data\LimeWire\browser\xulrunner\javaxpcom.jar
c:\documents and settings\Cody\Application Data\LimeWire\browser\xulrunner\javaxpcomglue.dll
c:\documents and settings\Cody\Application Data\LimeWire\browser\xulrunner\js3250.dll
c:\documents and settings\Cody\Application Data\LimeWire\browser\xulrunner\LICENSE
c:\documents and settings\Cody\Application Data\LimeWire\browser\xulrunner\modules\debug.js
c:\documents and settings\Cody\Application Data\LimeWire\browser\xulrunner\modules\DownloadUtils.jsm
c:\documents and settings\Cody\Application Data\LimeWire\browser\xulrunner\modules\ISO8601DateUtils.jsm
c:\documents and settings\Cody\Application Data\LimeWire\browser\xulrunner\modules\JSON.jsm
c:\documents and settings\Cody\Application Data\LimeWire\browser\xulrunner\modules\Microformats.js
c:\documents and settings\Cody\Application Data\LimeWire\browser\xulrunner\modules\PluralForm.jsm
c:\documents and settings\Cody\Application Data\LimeWire\browser\xulrunner\modules\utils.js
c:\documents and settings\Cody\Application Data\LimeWire\browser\xulrunner\modules\XPCOMUtils.jsm
c:\documents and settings\Cody\Application Data\LimeWire\browser\xulrunner\mozctl.dll
c:\documents and settings\Cody\Application Data\LimeWire\browser\xulrunner\mozctlx.dll
c:\documents and settings\Cody\Application Data\LimeWire\browser\xulrunner\MSVCP71.DLL
c:\documents and settings\Cody\Application Data\LimeWire\browser\xulrunner\msvcr71.dll
c:\documents and settings\Cody\Application Data\LimeWire\browser\xulrunner\nspr4.dll
c:\documents and settings\Cody\Application Data\LimeWire\browser\xulrunner\nss3.dll
c:\documents and settings\Cody\Application Data\LimeWire\browser\xulrunner\nssckbi.dll
c:\documents and settings\Cody\Application Data\LimeWire\browser\xulrunner\nssdbm3.dll
c:\documents and settings\Cody\Application Data\LimeWire\browser\xulrunner\nssutil3.dll
c:\documents and settings\Cody\Application Data\LimeWire\browser\xulrunner\platform.ini
c:\documents and settings\Cody\Application Data\LimeWire\browser\xulrunner\plc4.dll
c:\documents and settings\Cody\Application Data\LimeWire\browser\xulrunner\plds4.dll
c:\documents and settings\Cody\Application Data\LimeWire\browser\xulrunner\plugins\npnul32.dll
c:\documents and settings\Cody\Application Data\LimeWire\browser\xulrunner\README.txt
c:\documents and settings\Cody\Application Data\LimeWire\browser\xulrunner\res\arrow.gif
c:\documents and settings\Cody\Application Data\LimeWire\browser\xulrunner\res\arrowd.gif
c:\documents and settings\Cody\Application Data\LimeWire\browser\xulrunner\res\broken-image.gif
c:\documents and settings\Cody\Application Data\LimeWire\browser\xulrunner\res\charsetalias.properties
c:\documents and settings\Cody\Application Data\LimeWire\browser\xulrunner\res\charsetData.properties
c:\documents and settings\Cody\Application Data\LimeWire\browser\xulrunner\res\contenteditable.css
c:\documents and settings\Cody\Application Data\LimeWire\browser\xulrunner\res\designmode.css
c:\documents and settings\Cody\Application Data\LimeWire\browser\xulrunner\res\dtd\mathml.dtd
c:\documents and settings\Cody\Application Data\LimeWire\browser\xulrunner\res\dtd\xhtml11.dtd
c:\documents and settings\Cody\Application Data\LimeWire\browser\xulrunner\res\EditorOverride.css
c:\documents and settings\Cody\Application Data\LimeWire\browser\xulrunner\res\entityTables\html40Latin1.properties
c:\documents and settings\Cody\Application Data\LimeWire\browser\xulrunner\res\entityTables\html40Special.properties
c:\documents and settings\Cody\Application Data\LimeWire\browser\xulrunner\res\entityTables\html40Symbols.properties
c:\documents and settings\Cody\Application Data\LimeWire\browser\xulrunner\res\entityTables\htmlEntityVersions.properties
c:\documents and settings\Cody\Application Data\LimeWire\browser\xulrunner\res\entityTables\mathml20.properties
c:\documents and settings\Cody\Application Data\LimeWire\browser\xulrunner\res\entityTables\transliterate.properties
c:\documents and settings\Cody\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfont.properties
c:\documents and settings\Cody\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfontStandardSymbolsL.properties
c:\documents and settings\Cody\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfontSTIXNonUnicode.properties
c:\documents and settings\Cody\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfontSTIXSize1.properties
c:\documents and settings\Cody\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfontSymbol.properties
c:\documents and settings\Cody\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfontUnicode.properties
c:\documents and settings\Cody\Application Data\LimeWire\browser\xulrunner\res\forms.css
c:\documents and settings\Cody\Application Data\LimeWire\browser\xulrunner\res\grabber.gif
c:\documents and settings\Cody\Application Data\LimeWire\browser\xulrunner\res\hiddenWindow.html
c:\documents and settings\Cody\Application Data\LimeWire\browser\xulrunner\res\html.css
c:\documents and settings\Cody\Application Data\LimeWire\browser\xulrunner\res\html\folder.png
c:\documents and settings\Cody\Application Data\LimeWire\browser\xulrunner\res\langGroups.properties
c:\documents and settings\Cody\Application Data\LimeWire\browser\xulrunner\res\language.properties
c:\documents and settings\Cody\Application Data\LimeWire\browser\xulrunner\res\loading-image.gif
c:\documents and settings\Cody\Application Data\LimeWire\browser\xulrunner\res\mathml.css
c:\documents and settings\Cody\Application Data\LimeWire\browser\xulrunner\res\quirk.css
c:\documents and settings\Cody\Application Data\LimeWire\browser\xulrunner\res\svg.css
c:\documents and settings\Cody\Application Data\LimeWire\browser\xulrunner\res\table-add-column-after-active.gif
c:\documents and settings\Cody\Application Data\LimeWire\browser\xulrunner\res\table-add-column-after-hover.gif
c:\documents and settings\Cody\Application Data\LimeWire\browser\xulrunner\res\table-add-column-after.gif
c:\documents and settings\Cody\Application Data\LimeWire\browser\xulrunner\res\table-add-column-before-active.gif
c:\documents and settings\Cody\Application Data\LimeWire\browser\xulrunner\res\table-add-column-before-hover.gif
c:\documents and settings\Cody\Application Data\LimeWire\browser\xulrunner\res\table-add-column-before.gif
c:\documents and settings\Cody\Application Data\LimeWire\browser\xulrunner\res\table-add-row-after-active.gif
c:\documents and settings\Cody\Application Data\LimeWire\browser\xulrunner\res\table-add-row-after-hover.gif
c:\documents and settings\Cody\Application Data\LimeWire\browser\xulrunner\res\table-add-row-after.gif
c:\documents and settings\Cody\Application Data\LimeWire\browser\xulrunner\res\table-add-row-before-active.gif
c:\documents and settings\Cody\Application Data\LimeWire\browser\xulrunner\res\table-add-row-before-hover.gif
c:\documents and settings\Cody\Application Data\LimeWire\browser\xulrunner\res\table-add-row-before.gif
c:\documents and settings\Cody\Application Data\LimeWire\browser\xulrunner\res\table-remove-column-active.gif
c:\documents and settings\Cody\Application Data\LimeWire\browser\xulrunner\res\table-remove-column-hover.gif
c:\documents and settings\Cody\Application Data\LimeWire\browser\xulrunner\res\table-remove-column.gif
c:\documents and settings\Cody\Application Data\LimeWire\browser\xulrunner\res\table-remove-row-active.gif
c:\documents and settings\Cody\Application Data\LimeWire\browser\xulrunner\res\table-remove-row-hover.gif
c:\documents and settings\Cody\Application Data\LimeWire\browser\xulrunner\res\table-remove-row.gif
c:\documents and settings\Cody\Application Data\LimeWire\browser\xulrunner\res\ua.css
c:\documents and settings\Cody\Application Data\LimeWire\browser\xulrunner\res\viewsource.css
c:\documents and settings\Cody\Application Data\LimeWire\browser\xulrunner\res\wincharset.properties
c:\documents and settings\Cody\Application Data\LimeWire\browser\xulrunner\smime3.dll
c:\documents and settings\Cody\Application Data\LimeWire\browser\xulrunner\softokn3.chk
c:\documents and settings\Cody\Application Data\LimeWire\browser\xulrunner\softokn3.dll
c:\documents and settings\Cody\Application Data\LimeWire\browser\xulrunner\sqlite3.dll
c:\documents and settings\Cody\Application Data\LimeWire\browser\xulrunner\ssl3.dll
c:\documents and settings\Cody\Application Data\LimeWire\browser\xulrunner\updater.exe
c:\documents and settings\Cody\Application Data\LimeWire\browser\xulrunner\version.properties
c:\documents and settings\Cody\Application Data\LimeWire\browser\xulrunner\xpcom.dll
c:\documents and settings\Cody\Application Data\LimeWire\browser\xulrunner\xpcshell.exe
c:\documents and settings\Cody\Application Data\LimeWire\browser\xulrunner\xpicleanup.exe
c:\documents and settings\Cody\Application Data\LimeWire\browser\xulrunner\xpidl.exe
c:\documents and settings\Cody\Application Data\LimeWire\browser\xulrunner\xpt_dump.exe
c:\documents and settings\Cody\Application Data\LimeWire\browser\xulrunner\xpt_link.exe
c:\documents and settings\Cody\Application Data\LimeWire\browser\xulrunner\xul.dll
c:\documents and settings\Cody\Application Data\LimeWire\browser\xulrunner\xulrunner-stub.exe
c:\documents and settings\Cody\Application Data\LimeWire\browser\xulrunner\xulrunner.exe
c:\documents and settings\Cody\Application Data\LimeWire\certificate\limewire.keystore
c:\documents and settings\Cody\Application Data\LimeWire\createtimes.cache
c:\documents and settings\Cody\Application Data\LimeWire\downloads.dat
c:\documents and settings\Cody\Application Data\LimeWire\fileurns.bak
c:\documents and settings\Cody\Application Data\LimeWire\fileurns.cache
c:\documents and settings\Cody\Application Data\LimeWire\filters.props
c:\documents and settings\Cody\Application Data\LimeWire\gnutella.net
c:\documents and settings\Cody\Application Data\LimeWire\installation.props
c:\documents and settings\Cody\Application Data\LimeWire\library.dat
c:\documents and settings\Cody\Application Data\LimeWire\library5.dat
c:\documents and settings\Cody\Application Data\LimeWire\limewire.props
c:\documents and settings\Cody\Application Data\LimeWire\lock
c:\documents and settings\Cody\Application Data\LimeWire\mojito.props
c:\documents and settings\Cody\Application Data\LimeWire\mozilla-profile\.autoreg
c:\documents and settings\Cody\Application Data\LimeWire\mozilla-profile\Cache\_CACHE_001_
c:\documents and settings\Cody\Application Data\LimeWire\mozilla-profile\Cache\_CACHE_002_
c:\documents and settings\Cody\Application Data\LimeWire\mozilla-profile\Cache\_CACHE_003_
c:\documents and settings\Cody\Application Data\LimeWire\mozilla-profile\Cache\_CACHE_MAP_
c:\documents and settings\Cody\Application Data\LimeWire\mozilla-profile\Cache\0E6B8B2Ad01
c:\documents and settings\Cody\Application Data\LimeWire\mozilla-profile\Cache\4C4B6535d01
c:\documents and settings\Cody\Application Data\LimeWire\mozilla-profile\Cache\7BD6A121d01
c:\documents and settings\Cody\Application Data\LimeWire\mozilla-profile\Cache\98E79480d01
c:\documents and settings\Cody\Application Data\LimeWire\mozilla-profile\Cache\AE98BDFBd01
c:\documents and settings\Cody\Application Data\LimeWire\mozilla-profile\Cache\BAFF9A89d01
c:\documents and settings\Cody\Application Data\LimeWire\mozilla-profile\Cache\D5267890d01
c:\documents and settings\Cody\Application Data\LimeWire\mozilla-profile\cert8.db
c:\documents and settings\Cody\Application Data\LimeWire\mozilla-profile\compreg.dat
c:\documents and settings\Cody\Application Data\LimeWire\mozilla-profile\cookies.sqlite
c:\documents and settings\Cody\Application Data\LimeWire\mozilla-profile\downloads.sqlite
c:\documents and settings\Cody\Application Data\LimeWire\mozilla-profile\extensions.cache
c:\documents and settings\Cody\Application Data\LimeWire\mozilla-profile\extensions.ini
c:\documents and settings\Cody\Application Data\LimeWire\mozilla-profile\history.dat
c:\documents and settings\Cody\Application Data\LimeWire\mozilla-profile\key3.db
c:\documents and settings\Cody\Application Data\LimeWire\mozilla-profile\permissions.sqlite
c:\documents and settings\Cody\Application Data\LimeWire\mozilla-profile\places.sqlite-journal
c:\documents and settings\Cody\Application Data\LimeWire\mozilla-profile\places.sqlite
c:\documents and settings\Cody\Application Data\LimeWire\mozilla-profile\pluginreg.dat
c:\documents and settings\Cody\Application Data\LimeWire\mozilla-profile\prefs.js
c:\documents and settings\Cody\Application Data\LimeWire\mozilla-profile\secmod.db
c:\documents and settings\Cody\Application Data\LimeWire\mozilla-profile\XPC.mfl
c:\documents and settings\Cody\Application Data\LimeWire\mozilla-profile\xpti.dat
c:\documents and settings\Cody\Application Data\LimeWire\passive.mojito
c:\documents and settings\Cody\Application Data\LimeWire\promotion\promodb.backup
c:\documents and settings\Cody\Application Data\LimeWire\promotion\promodb.data
c:\documents and settings\Cody\Application Data\LimeWire\promotion\promodb.lck
c:\documents and settings\Cody\Application Data\LimeWire\promotion\promodb.properties
c:\documents and settings\Cody\Application Data\LimeWire\promotion\promodb.script
c:\documents and settings\Cody\Application Data\LimeWire\questions.props
c:\documents and settings\Cody\Application Data\LimeWire\responses.cache
c:\documents and settings\Cody\Application Data\LimeWire\simpp.xml
c:\documents and settings\Cody\Application Data\LimeWire\simpp.xml.tmp
c:\documents and settings\Cody\Application Data\LimeWire\simpp.xml20918tmp
c:\documents and settings\Cody\Application Data\LimeWire\simpp.xml23110tmp
c:\documents and settings\Cody\Application Data\LimeWire\simpp.xml26347tmp
c:\documents and settings\Cody\Application Data\LimeWire\simpp.xml31872tmp
c:\documents and settings\Cody\Application Data\LimeWire\simpp.xml33079tmp
c:\documents and settings\Cody\Application Data\LimeWire\simpp.xml41024tmp
c:\documents and settings\Cody\Application Data\LimeWire\simpp.xml42356tmp
c:\documents and settings\Cody\Application Data\LimeWire\simpp.xml63102tmp
c:\documents and settings\Cody\Application Data\LimeWire\simpp.xml659tmp
c:\documents and settings\Cody\Application Data\LimeWire\spam.dat
c:\documents and settings\Cody\Application Data\LimeWire\tables.props
c:\documents and settings\Cody\Application Data\LimeWire\themes\windows_theme.lwtp
c:\documents and settings\Cody\Application Data\LimeWire\themes\windows_theme\01_star.gif
c:\documents and settings\Cody\Application Data\LimeWire\themes\windows_theme\02_star.gif
c:\documents and settings\Cody\Application Data\LimeWire\themes\windows_theme\03_star.gif
c:\documents and settings\Cody\Application Data\LimeWire\themes\windows_theme\04_star.gif
c:\documents and settings\Cody\Application Data\LimeWire\themes\windows_theme\05_star.gif
c:\documents and settings\Cody\Application Data\LimeWire\themes\windows_theme\chat.gif
c:\documents and settings\Cody\Application Data\LimeWire\themes\windows_theme\forward_dn.gif
c:\documents and settings\Cody\Application Data\LimeWire\themes\windows_theme\forward_up.gif
c:\documents and settings\Cody\Application Data\LimeWire\themes\windows_theme\kill.gif
c:\documents and settings\Cody\Application Data\LimeWire\themes\windows_theme\kill_on.gif
c:\documents and settings\Cody\Application Data\LimeWire\themes\windows_theme\logo.png
c:\documents and settings\Cody\Application Data\LimeWire\themes\windows_theme\notsearching.png
c:\documents and settings\Cody\Application Data\LimeWire\themes\windows_theme\pause_dn.gif
c:\documents and settings\Cody\Application Data\LimeWire\themes\windows_theme\pause_up.gif
c:\documents and settings\Cody\Application Data\LimeWire\themes\windows_theme\play_dn.gif
c:\documents and settings\Cody\Application Data\LimeWire\themes\windows_theme\play_up.gif
c:\documents and settings\Cody\Application Data\LimeWire\themes\windows_theme\question.gif
c:\documents and settings\Cody\Application Data\LimeWire\themes\windows_theme\rewind_dn.gif
c:\documents and settings\Cody\Application Data\LimeWire\themes\windows_theme\rewind_up.gif
c:\documents and settings\Cody\Application Data\LimeWire\themes\windows_theme\searching.gif
c:\documents and settings\Cody\Application Data\LimeWire\themes\windows_theme\stop_dn.gif
c:\documents and settings\Cody\Application Data\LimeWire\themes\windows_theme\stop_up.gif
c:\documents and settings\Cody\Application Data\LimeWire\themes\windows_theme\theme.txt
c:\documents and settings\Cody\Application Data\LimeWire\themes\windows_theme\version.txt
c:\documents and settings\Cody\Application Data\LimeWire\themes\windows_theme\warning.gif
c:\documents and settings\Cody\Application Data\LimeWire\ttrees.cache
c:\documents and settings\Cody\Application Data\LimeWire\ttroot.cache
c:\documents and settings\Cody\Application Data\LimeWire\version.xml
c:\documents and settings\Cody\Application Data\LimeWire\version.xml10251tmp
c:\documents and settings\Cody\Application Data\LimeWire\version.xml10307tmp
c:\documents and settings\Cody\Application Data\LimeWire\version.xml10544tmp
c:\documents and settings\Cody\Application Data\LimeWire\version.xml11126tmp
c:\documents and settings\Cody\Application Data\LimeWire\version.xml1147tmp
c:\documents and settings\Cody\Application Data\LimeWire\version.xml11909tmp
c:\documents and settings\Cody\Application Data\LimeWire\version.xml12626tmp
c:\documents and settings\Cody\Application Data\LimeWire\version.xml12729tmp
c:\documents and settings\Cody\Application Data\LimeWire\version.xml13012tmp
c:\documents and settings\Cody\Application Data\LimeWire\version.xml1307tmp
c:\documents and settings\Cody\Application Data\LimeWire\version.xml13290tmp
c:\documents and settings\Cody\Application Data\LimeWire\version.xml13547tmp
c:\documents and settings\Cody\Application Data\LimeWire\version.xml13594tmp
c:\documents and settings\Cody\Application Data\LimeWire\version.xml13934tmp
c:\documents and settings\Cody\Application Data\LimeWire\version.xml1453tmp
c:\documents and settings\Cody\Application Data\LimeWire\version.xml16038tmp
c:\documents and settings\Cody\Application Data\LimeWire\version.xml16115tmp
c:\documents and settings\Cody\Application Data\LimeWire\version.xml16324tmp
c:\documents and settings\Cody\Application Data\LimeWire\version.xml16433tmp
c:\documents and settings\Cody\Application Data\LimeWire\version.xml16434tmp
c:\documents and settings\Cody\Application Data\LimeWire\version.xml16509tmp
c:\documents and settings\Cody\Application Data\LimeWire\version.xml16510tmp
c:\documents and settings\Cody\Application Data\LimeWire\version.xml16511tmp
c:\documents and settings\Cody\Application Data\LimeWire\version.xml16542tmp
c:\documents and settings\Cody\Application Data\LimeWire\version.xml16687tmp
c:\documents and settings\Cody\Application Data\LimeWire\version.xml17354tmp
c:\documents and settings\Cody\Application Data\LimeWire\version.xml17661tmp
c:\documents and settings\Cody\Application Data\LimeWire\version.xml17746tmp
c:\documents and settings\Cody\Application Data\LimeWire\version.xml18973tmp
c:\documents and settings\Cody\Application Data\LimeWire\version.xml19259tmp
c:\documents and settings\Cody\Application Data\LimeWire\version.xml19813tmp
c:\documents and settings\Cody\Application Data\LimeWire\version.xml20043tmp
c:\documents and settings\Cody\Application Data\LimeWire\version.xml20190tmp
c:\documents and settings\Cody\Application Data\LimeWire\version.xml20407tmp
c:\documents and settings\Cody\Application Data\LimeWire\version.xml20576tmp
c:\documents and settings\Cody\Application Data\LimeWire\version.xml20916tmp
c:\documents and settings\Cody\Application Data\LimeWire\version.xml21102tmp
c:\documents and settings\Cody\Application Data\LimeWire\version.xml21969tmp
c:\documents and settings\Cody\Application Data\LimeWire\version.xml22127tmp
c:\documents and settings\Cody\Application Data\LimeWire\version.xml22430tmp
c:\documents and settings\Cody\Application Data\LimeWire\version.xml22484tmp
c:\documents and settings\Cody\Application Data\LimeWire\version.xml23109tmp
c:\documents and settings\Cody\Application Data\LimeWire\version.xml23688tmp
c:\documents and settings\Cody\Application Data\LimeWire\version.xml24146tmp
c:\documents and settings\Cody\Application Data\LimeWire\version.xml24281tmp
c:\documents and settings\Cody\Application Data\LimeWire\version.xml24492tmp
c:\documents and settings\Cody\Application Data\LimeWire\version.xml25469tmp
c:\documents and settings\Cody\Application Data\LimeWire\version.xml25812tmp
c:\documents and settings\Cody\Application Data\LimeWire\version.xml26141tmp
c:\documents and settings\Cody\Application Data\LimeWire\version.xml26346tmp
c:\documents and settings\Cody\Application Data\LimeWire\version.xml26439tmp
c:\documents and settings\Cody\Application Data\LimeWire\version.xml27113tmp
c:\documents and settings\Cody\Application Data\LimeWire\version.xml27950tmp
c:\documents and settings\Cody\Application Data\LimeWire\version.xml28270tmp
c:\documents and settings\Cody\Application Data\LimeWire\version.xml29155tmp
c:\documents and settings\Cody\Application Data\LimeWire\version.xml30092tmp
c:\documents and settings\Cody\Application Data\LimeWire\version.xml30196tmp
c:\documents and settings\Cody\Application Data\LimeWire\version.xml31164tmp
c:\documents and settings\Cody\Application Data\LimeWire\version.xml31314tmp
c:\documents and settings\Cody\Application Data\LimeWire\version.xml31870tmp
c:\documents and settings\Cody\Application Data\LimeWire\version.xml3290tmp
c:\documents and settings\Cody\Application Data\LimeWire\version.xml32959tmp
c:\documents and settings\Cody\Application Data\LimeWire\version.xml33078tmp
c:\documents and settings\Cody\Application Data\LimeWire\version.xml33339tmp
c:\documents and settings\Cody\Application Data\LimeWire\version.xml3354tmp
c:\documents and settings\Cody\Application Data\LimeWire\version.xml33929tmp
c:\documents and settings\Cody\Application Data\LimeWire\version.xml34288tmp
c:\documents and settings\Cody\Application Data\LimeWire\version.xml34400tmp
c:\documents and settings\Cody\Application Data\LimeWire\version.xml34437tmp
c:\documents and settings\Cody\Application Data\LimeWire\version.xml34757tmp
c:\documents and settings\Cody\Application Data\LimeWire\version.xml34982tmp
c:\documents and settings\Cody\Application Data\LimeWire\version.xml36811tmp
c:\documents and settings\Cody\Application Data\LimeWire\version.xml37483tmp
c:\documents and settings\Cody\Application Data\LimeWire\version.xml38090tmp
c:\documents and settings\Cody\Application Data\LimeWire\version.xml38316tmp
c:\documents and settings\Cody\Application Data\LimeWire\version.xml38969tmp
c:\documents and settings\Cody\Application Data\LimeWire\version.xml39106tmp
c:\documents and settings\Cody\Application Data\LimeWire\version.xml39769tmp
c:\documents and settings\Cody\Application Data\LimeWire\version.xml41025tmp
c:\documents and settings\Cody\Application Data\LimeWire\version.xml41711tmp
c:\documents and settings\Cody\Application Data\LimeWire\version.xml42051tmp
c:\documents and settings\Cody\Application Data\LimeWire\version.xml42193tmp
c:\documents and settings\Cody\Application Data\LimeWire\version.xml4230tmp
c:\documents and settings\Cody\Application Data\LimeWire\version.xml42357tmp
c:\documents and settings\Cody\Application Data\LimeWire\version.xml42561tmp
c:\documents and settings\Cody\Application Data\LimeWire\version.xml42914tmp
c:\documents and settings\Cody\Application Data\LimeWire\version.xml43867tmp
c:\documents and settings\Cody\Application Data\LimeWire\version.xml43889tmp
c:\documents and settings\Cody\Application Data\LimeWire\version.xml44176tmp
c:\documents and settings\Cody\Application Data\LimeWire\version.xml44361tmp
c:\documents and settings\Cody\Application Data\LimeWire\version.xml44440tmp
c:\documents and settings\Cody\Application Data\LimeWire\version.xml44457tmp
c:\documents and settings\Cody\Application Data\LimeWire\version.xml46890tmp
c:\documents and settings\Cody\Application Data\LimeWire\version.xml47447tmp
c:\documents and settings\Cody\Application Data\LimeWire\version.xml47702tmp
c:\documents and settings\Cody\Application Data\LimeWire\version.xml47704tmp
c:\documents and settings\Cody\Application Data\LimeWire\version.xml47922tmp
c:\documents and settings\Cody\Application Data\LimeWire\version.xml48477tmp
c:\documents and settings\Cody\Application Data\LimeWire\version.xml48647tmp
c:\documents and settings\Cody\Application Data\LimeWire\version.xml48774tmp
c:\documents and settings\Cody\Application Data\LimeWire\version.xml49415tmp
c:\documents and settings\Cody\Application Data\LimeWire\version.xml49987tmp
c:\documents and settings\Cody\Application Data\LimeWire\version.xml50911tmp
c:\documents and settings\Cody\Application Data\LimeWire\version.xml51279tmp
c:\documents and settings\Cody\Application Data\LimeWire\version.xml51280tmp
c:\documents and settings\Cody\Application Data\LimeWire\version.xml51352tmp
c:\documents and settings\Cody\Application Data\LimeWire\version.xml51540tmp
c:\documents and settings\Cody\Application Data\LimeWire\version.xml51821tmp
c:\documents and settings\Cody\Application Data\LimeWire\version.xml52188tmp
c:\documents and settings\Cody\Application Data\LimeWire\version.xml5248tmp
c:\documents and settings\Cody\Application Data\LimeWire\version.xml53307tmp
c:\documents and settings\Cody\Application Data\LimeWire\version.xml53576tmp
c:\documents and settings\Cody\Application Data\LimeWire\version.xml54198tmp
c:\documents and settings\Cody\Application Data\LimeWire\version.xml54199tmp
c:\documents and settings\Cody\Application Data\LimeWire\version.xml54619tmp
c:\documents and settings\Cody\Application Data\LimeWire\version.xml54631tmp
c:\documents and settings\Cody\Application Data\LimeWire\version.xml54875tmp
c:\documents and settings\Cody\Application Data\LimeWire\version.xml55009tmp
c:\documents and settings\Cody\Application Data\LimeWire\version.xml55010tmp
c:\documents and settings\Cody\Application Data\LimeWire\version.xml55662tmp
c:\documents and settings\Cody\Application Data\LimeWire\version.xml55710tmp
c:\documents and settings\Cody\Application Data\LimeWire\version.xml55841tmp
c:\documents and settings\Cody\Application Data\LimeWire\version.xml56219tmp
c:\documents and settings\Cody\Application Data\LimeWire\version.xml56220tmp
c:\documents and settings\Cody\Application Data\LimeWire\version.xml56374tmp
c:\documents and settings\Cody\Application Data\LimeWire\version.xml56542tmp
c:\documents and settings\Cody\Application Data\LimeWire\version.xml56628tmp
c:\documents and settings\Cody\Application Data\LimeWire\version.xml57353tmp
c:\documents and settings\Cody\Application Data\LimeWire\version.xml57743tmp
c:\documents and settings\Cody\Application Data\LimeWire\version.xml57826tmp
c:\documents and settings\Cody\Application Data\LimeWire\version.xml58175tmp
c:\documents and settings\Cody\Application Data\LimeWire\version.xml58298tmp
c:\documents and settings\Cody\Application Data\LimeWire\version.xml59448tmp
c:\documents and settings\Cody\Application Data\LimeWire\version.xml5980tmp
c:\documents and settings\Cody\Application Data\LimeWire\version.xml60553tmp
c:\documents and settings\Cody\Application Data\LimeWire\version.xml60667tmp
c:\documents and settings\Cody\Application Data\LimeWire\version.xml616tmp
c:\documents and settings\Cody\Application Data\LimeWire\version.xml6248tmp
c:\documents and settings\Cody\Application Data\LimeWire\version.xml6249tmp
c:\documents and settings\Cody\Application Data\LimeWire\version.xml62772tmp
c:\documents and settings\Cody\Application Data\LimeWire\version.xml6290tmp
c:\documents and settings\Cody\Application Data\LimeWire\version.xml63103tmp
c:\documents and settings\Cody\Application Data\LimeWire\version.xml63332tmp
c:\documents and settings\Cody\Application Data\LimeWire\version.xml63688tmp
c:\documents and settings\Cody\Application Data\LimeWire\version.xml64284tmp
c:\documents and settings\Cody\Application Data\LimeWire\version.xml64398tmp
c:\documents and settings\Cody\Application Data\LimeWire\version.xml64644tmp
c:\documents and settings\Cody\Application Data\LimeWire\version.xml64973tmp
c:\documents and settings\Cody\Application Data\LimeWire\version.xml658tmp
c:\documents and settings\Cody\Application Data\LimeWire\version.xml6645tmp
c:\documents and settings\Cody\Application Data\LimeWire\version.xml7103tmp
c:\documents and settings\Cody\Application Data\LimeWire\version.xml7295tmp
c:\documents and settings\Cody\Application Data\LimeWire\version.xml7948tmp
c:\documents and settings\Cody\Application Data\LimeWire\version.xml8031tmp
c:\documents and settings\Cody\Application Data\LimeWire\version.xml8243tmp
c:\documents and settings\Cody\Application Data\LimeWire\version.xml8877tmp
c:\documents and settings\Cody\Application Data\LimeWire\version.xml9212tmp
c:\documents and settings\Cody\Application Data\LimeWire\version.xml9574tmp
c:\documents and settings\Cody\Application Data\LimeWire\versions.props
c:\documents and settings\Cody\Application Data\LimeWire\xml\data\audio.sxml3
c:\documents and settings\Cody\Application Data\LimeWire\xml\data\video.sxml3
c:\documents and settings\Cody\Application Data\xiqulimu.dat
c:\documents and settings\Cody\Local Settings\Application Data\muxyk.dat
c:\windows\axoqa.com
c:\windows\isehyne.dat
c:\windows\system32\orekynuh.com
c:\windows\system32\xd.dat
c:\windows\wobox.dat

--------------- FCopy ---------------

c:\windows\$NtServicePackUninstall$\eventlog.dll --> c:\windows\system32\eventlog.dll
.
((((((((((((((((((((((((( Files Created from 2009-09-14 to 2009-10-14 )))))))))))))))))))))))))))))))
.

2009-10-14 20:04 . 2009-10-14 20:04 -------- d-----w- c:\windows\LastGood.Tmp
2009-10-14 20:04 . 2008-04-14 00:11 56320 ----a-w- c:\windows\system32\eventlog.dll
2009-10-14 20:04 . 2008-04-14 00:11 56320 ----a-w- c:\windows\system32\dllcache\eventlog.dll
2009-10-14 01:21 . 2009-10-14 01:21 -------- d-----w- c:\program files\Trend Micro
2009-10-01 00:42 . 2009-09-15 10:54 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-10-01 00:42 . 2009-09-15 10:54 52368 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-10-01 00:42 . 2009-09-15 10:53 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-10-01 00:42 . 2009-09-15 10:56 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-10-01 00:42 . 2009-09-15 10:56 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-10-01 00:42 . 2009-09-15 10:55 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-10-01 00:42 . 2009-09-15 10:55 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-10-01 00:42 . 2009-09-15 10:53 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-10-01 00:42 . 2009-09-15 10:59 1279968 ----a-w- c:\windows\system32\aswBoot.exe
2009-09-30 01:53 . 2009-09-30 01:53 -------- d-----w- c:\documents and settings\Cody\Application Data\Turbine
2009-09-26 19:20 . 2009-09-26 19:20 -------- d-----w- c:\documents and settings\Cody\Local Settings\Application Data\Turbine
2009-09-26 17:33 . 2009-09-26 17:33 -------- d-----w- c:\program files\Turbine
2009-09-26 15:05 . 2009-09-30 18:27 -------- d-----w- c:\documents and settings\Cody\Local Settings\Application Data\PMB Files
2009-09-26 15:05 . 2009-09-30 02:45 -------- d-----w- c:\documents and settings\All Users\Application Data\PMB Files
2009-09-26 15:05 . 2009-09-26 15:05 -------- d-----w- c:\program files\Pando Networks
2009-09-21 21:17 . 2009-09-21 21:17 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet
2009-09-21 21:06 . 2009-09-21 21:06 -------- d-----w- c:\program files\Adobe Media Player
2009-09-21 21:04 . 2009-09-21 21:04 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-09-21 20:59 . 2009-09-21 20:59 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2009-09-16 02:55 . 2009-09-30 20:28 -------- d-----w- c:\documents and settings\Cody\Application Data\uTorrent

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-14 20:01 . 2005-08-17 02:54 -------- d-----w- c:\program files\GemMaster
2009-10-14 20:01 . 2005-08-17 02:51 -------- d-----w- c:\program files\EnglishOtto
2009-10-14 20:01 . 2008-01-13 00:33 -------- d-----w- c:\program files\DivX
2009-10-14 20:01 . 2008-01-17 12:20 -------- d-----w- c:\program files\Windows Media Connect 2
2009-10-14 20:01 . 2005-08-17 02:58 -------- d-----w- c:\program files\RGB
2009-10-14 20:01 . 2007-11-28 23:23 -------- d-----w- c:\program files\NetWaiting
2009-10-14 20:01 . 2007-11-28 23:22 -------- d-----w- c:\program files\Modem Helper
2009-10-14 19:57 . 2007-11-28 23:29 -------- d-----w- c:\program files\Microsoft Works
2009-10-14 19:30 . 2009-08-08 02:24 -------- d-----w- c:\program files\Diablo II
2009-10-14 19:30 . 2009-08-08 02:42 21840 ----atw- c:\windows\system32\SIntfNT.dll
2009-10-14 19:30 . 2009-08-08 02:42 17212 ----atw- c:\windows\system32\SIntf32.dll
2009-10-14 19:30 . 2009-08-08 02:42 12067 ----atw- c:\windows\system32\SIntf16.dll
2009-10-14 01:27 . 2007-12-13 15:15 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-10-14 01:27 . 2007-12-13 15:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-10-13 20:21 . 2009-08-24 20:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-10-13 20:21 . 2009-08-24 20:06 -------- d-----w- c:\program files\Microsoft Visual Studio 9.0
2009-10-13 20:11 . 2009-04-28 05:22 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-30 17:51 . 2009-04-29 16:40 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-09-29 03:30 . 2007-12-01 16:11 -------- d-----w- c:\documents and settings\Cody\Application Data\OpenOffice.org2
2009-09-28 14:06 . 2009-08-19 22:33 -------- d-----w- c:\documents and settings\Cody\Application Data\gtk-2.0
2009-09-28 03:58 . 2009-08-24 20:13 -------- d-----w- c:\documents and settings\Cody\Application Data\codeblocks
2009-09-21 21:17 . 2008-03-26 02:46 42592 ----a-w- c:\windows\system32\GDIPFONTCACHEV1.DAT
2009-09-21 21:07 . 2007-11-28 23:30 -------- d-----w- c:\program files\Common Files\Adobe
2009-09-10 18:54 . 2009-04-28 05:22 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 18:53 . 2009-04-28 05:22 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-25 19:40 . 2009-08-25 19:40 -------- d-----w- c:\program files\iTunes
2009-08-25 19:40 . 2009-08-25 19:40 -------- d-----w- c:\program files\iPod
2009-08-25 19:40 . 2008-06-13 04:07 -------- d-----w- c:\program files\Common Files\Apple
2009-08-25 19:38 . 2009-08-25 19:38 -------- d-----w- c:\program files\QuickTime
2009-08-24 20:10 . 2009-08-24 20:10 -------- d-----w- c:\program files\Microsoft SQL Server
2009-08-24 20:05 . 2009-08-24 20:05 -------- d-----w- c:\program files\Microsoft SDKs
2009-08-22 05:36 . 2009-08-22 05:36 -------- d-----w- c:\program files\MSBuild
2009-08-22 05:36 . 2009-08-22 05:36 -------- d-----w- c:\program files\Reference Assemblies
2009-08-19 22:37 . 2009-08-19 22:28 -------- d-----w- c:\documents and settings\Cody\Application Data\geany
2009-08-17 05:13 . 2009-08-17 05:13 -------- d-----w- c:\program files\Microsoft
2009-08-17 05:13 . 2009-08-17 05:12 -------- d-----w- c:\program files\Windows Live
2009-08-17 05:13 . 2009-08-17 05:13 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-08-17 05:07 . 2009-08-17 05:07 -------- d-----w- c:\program files\Common Files\Windows Live
2009-08-08 02:39 . 2009-08-08 02:28 33929 ----a-w- c:\windows\DIIUnin.dat
2009-08-08 02:28 . 2009-08-08 02:28 94208 ----a-w- c:\windows\DIIUnin.exe
2009-08-08 02:28 . 2009-08-08 02:28 2829 ----a-w- c:\windows\DIIUnin.pif
2009-08-07 06:03 . 2009-08-07 06:03 5270 ----a-w- c:\windows\DiabUnin.dat
2009-08-07 06:03 . 2009-08-07 06:03 2829 ----a-w- c:\windows\DiabUnin.pif
2009-08-07 06:03 . 2009-08-07 06:03 118784 ----a-w- c:\windows\DiabUnin.exe
2009-08-05 23:23 . 2008-10-08 02:50 1536 ----a-w- c:\windows\system32\drivers\GameNT.sys
2009-08-05 09:01 . 2005-08-16 10:18 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-17 19:01 . 2005-08-16 10:18 58880 ----a-w- c:\windows\system32\atl.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-10-14_19.18.29 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-10-14 20:15 . 2009-10-14 20:15 16384 c:\windows\Temp\Perflib_Perfdata_808.dat
+ 2009-10-14 20:15 . 2009-10-14 20:15 16384 c:\windows\Temp\Perflib_Perfdata_73c.dat
+ 2009-10-14 20:12 . 2009-10-14 20:12 16384 c:\windows\Temp\Perflib_Perfdata_100.dat
+ 2009-10-14 20:04 . 2004-08-10 11:00 55808 c:\windows\LastGood.Tmp\system32\eventlog.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-09-15 81000]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Extender Resource Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Extender Resource Monitor.lnk
backup=c:\windows\pss\Extender Resource Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Cody^Start Menu^Programs^Startup^OpenOffice.org 2.0.lnk]
path=c:\documents and settings\Cody\Start Menu\Programs\Startup\OpenOffice.org 2.0.lnk
backup=c:\windows\pss\OpenOffice.org 2.0.lnkStartup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Dell\\MediaDirect\\PCMService.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Microsoft Games\\Mechwarrior Mercenaries\\MW4Mercs.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3776:UDP"= 3776:UDP:Media Center Extender Service
"3390:TCP"= 3390:TCP:Remote Media Center Experience
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
"5353:TCP"= 5353:TCP:Adobe CSI CS4
"57304:TCP"= 57304:TCP:Pando Media Booster
"57304:UDP"= 57304:UDP:Pando Media Booster

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [9/30/2009 8:42 PM 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [9/30/2009 8:42 PM 20560]
R2 NwSapAgent;SAP Agent;c:\windows\system32\svchost.exe -k netsvcs [8/16/2005 6:18 AM 14336]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
QWAVE REG_MULTI_SZ QWAVE
.
Contents of the 'Scheduled Tasks' folder

2009-04-28 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://wikipedia.org/
mStart Page = hxxp://www.dell.com
uInternet Settings,ProxyOverride = *.local
DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-14 16:12
Windows 5.1.2600 Service Pack 3 NTFS

scanning hȋdden processes ...

scanning hȋdden autostart entries ...

scanning hȋdden files ...


**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(964)
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
c:\windows\System32\BCMLogon.dll

- - - - - - - > 'explorer.exe'(1712)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\WLTRYSVC.EXE
c:\windows\system32\BCMWLTRY.EXE
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\ehome\ehrecvr.exe
c:\windows\ehome\ehSched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\ehome\RMSvc.exe
c:\windows\ehome\McrdSvc.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-10-14 16:22 - machine was rebooted
ComboFix-quarantined-files.txt 2009-10-14 20:20
ComboFix2.txt 2009-10-14 19:26
ComboFix3.txt 2009-04-29 23:24

Pre-Run: 78,666,629,120 bytes free
Post-Run: 78,594,187,264 bytes free

814 --- E O F --- 2009-09-10 13:29

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /u



This will also reset your restore points.

How is the machine running now?

Awesome, I can use task manager and my internet works fine.
I'm going to reinstall my anti-virus programs and run them to catch any remnants, but everything is working fine.

Thank you very much.