no antivirus protection. computer super slow [Solved]

hello

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop**

• If you are using Firefox, make sure that your download settings are as follows:
  
  • Tools->Options->Main tab
  • Set to "Always ask me where to Save the files".
• During the download, rename Combofix to Combo-Fix as follows:
  
  
  
  
  
  
• It is important you rename Combofix during the download, but not after.
• Please do not rename Combofix to other names, but only to the one indicated.
• Close any open browsers.
• Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  

  -----------------------------------------------------------

  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    

    -----------------------------------------------------------

  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

  -----------------------------------------------------------

• Double click on combo-Fix.exe & follow the prompts.
• When finished, it will produce a report for you.
• Please post the "C:\Combo-Fix.txt" along with a new HijackThis log for further review.

**Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall**

here is my combo-fix report....................

ComboFix 09-02-26.02 - lillia 2009-02-28 7:00:42.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1015.833 [GMT 10:00]
Running from: c:\documents and settings\lillia\Desktop\Combo-Fix.exe
.
ADS - WINDOWS: deleted 24 bytes in 1 streams.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\lillia\Application Data\ShoppingReport
c:\documents and settings\lillia\Application Data\ShoppingReport\cs\Config.xml
c:\documents and settings\lillia\Application Data\ShoppingReport\cs\db\Aliases.dbs
c:\documents and settings\lillia\Application Data\ShoppingReport\cs\db\Sites.dbs
c:\documents and settings\lillia\Application Data\ShoppingReport\cs\dwld\WhiteList.xip
c:\documents and settings\lillia\Application Data\ShoppingReport\cs\report\aggr_storage.xml
c:\documents and settings\lillia\Application Data\ShoppingReport\cs\report\send_storage.xml
c:\documents and settings\lillia\Application Data\ShoppingReport\cs\res1\WhiteList.dbs
c:\documents and settings\noah\Application Data\ShoppingReport
c:\documents and settings\noah\Application Data\ShoppingReport\cs\Config.xml
c:\documents and settings\noah\Application Data\ShoppingReport\cs\db\Aliases.dbs
c:\documents and settings\noah\Application Data\ShoppingReport\cs\db\Sites.dbs
c:\documents and settings\noah\Application Data\ShoppingReport\cs\dwld\WhiteList.xip
c:\documents and settings\noah\Application Data\ShoppingReport\cs\report\aggr_storage.xml
c:\documents and settings\noah\Application Data\ShoppingReport\cs\report\send_storage.xml
c:\documents and settings\noah\Application Data\ShoppingReport\cs\res1\WhiteList.dbs
c:\documents and settings\PC USER\Application Data\ShoppingReport
c:\documents and settings\PC USER\Application Data\ShoppingReport\cs\Config.xml
c:\documents and settings\PC USER\Application Data\ShoppingReport\cs\db\Aliases.dbs
c:\documents and settings\PC USER\Application Data\ShoppingReport\cs\db\Sites.dbs
c:\documents and settings\PC USER\Application Data\ShoppingReport\cs\dwld\WhiteList.xip
c:\documents and settings\PC USER\Application Data\ShoppingReport\cs\report\aggr_storage.xml
c:\documents and settings\PC USER\Application Data\ShoppingReport\cs\report\send_storage.xml
c:\documents and settings\PC USER\Application Data\ShoppingReport\cs\res1\WhiteList.dbs
c:\documents and settings\yacob\Application Data\inst.exe
c:\documents and settings\yacob\Application Data\ShoppingReport
c:\documents and settings\yacob\Application Data\ShoppingReport\cs\Config.xml
c:\documents and settings\yacob\Application Data\ShoppingReport\cs\db\Aliases.dbs
c:\documents and settings\yacob\Application Data\ShoppingReport\cs\db\Sites.dbs
c:\documents and settings\yacob\Application Data\ShoppingReport\cs\dwld\WhiteList.xip
c:\documents and settings\yacob\Application Data\ShoppingReport\cs\report\aggr_storage.xml
c:\documents and settings\yacob\Application Data\ShoppingReport\cs\report\send_storage.xml
c:\documents and settings\yacob\Application Data\ShoppingReport\cs\res1\WhiteList.dbs
c:\documents and settings\yacob\Local Settings\Temporary Internet Files\fbk.sts
C:\lsass.exe
c:\program files\ShoppingReport
c:\program files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll
c:\program files\ShoppingReport\Uninst.exe
c:\temp\1cb
c:\temp\1cb\syscheck.log
c:\windows\system32\algs.exe
c:\windows\system32\crypts.dll
c:\windows\system32\drivers\seneka.sys
c:\windows\system32\drivers\senekaevmkabeb.sys
c:\windows\system32\pac.txt
c:\windows\system32\Pncrt.dll
c:\windows\system32\senekaldgxtfvy.dll
c:\windows\system32\senekamtvklmtj.dll
c:\windows\system32\senekanhdtsgor.dat
c:\windows\system32\senekaputuadjr.dll
c:\windows\system32\senekayageeuem.dat

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_SENEKA


((((((((((((((((((((((((( Files Created from 2009-01-27 to 2009-02-27 )))))))))))))))))))))))))))))))
.

2009-02-28 07:03 . 2009-02-28 07:04 20,480 --a--c--- C:\lsass.exe
2009-02-27 01:20 . 2009-02-27 01:20 4,096 --a------ c:\windows\system32\02.tmp
2009-02-26 22:06 . 2009-02-26 22:06 <DIR> d-------- c:\documents and settings\lillia\Application Data\Yahoo!
2009-02-26 21:49 . 2009-02-27 16:17 <DIR> d----c--- c:\documents and settings\All Users\Application Data\avg8
2009-02-26 21:48 . 2009-02-26 21:48 <DIR> d-------- c:\documents and settings\PC USER\Application Data\SUPERAntiSpyware.com
2009-02-26 21:21 . 2009-02-26 21:21 <DIR> d-------- c:\windows\system32\WNR
2009-02-26 21:21 . 2009-02-26 22:18 <DIR> d-------- c:\windows\system32\ghu02
2009-02-26 21:21 . 2009-02-26 21:21 <DIR> d----c--- c:\temp\itmp2
2009-02-26 21:21 . 2009-02-28 07:00 <DIR> d----c--- C:\Temp
2009-02-26 21:21 . 2009-02-26 21:21 <DIR> d-------- c:\documents and settings\yacob\Application Data\comidle
2009-02-26 21:21 . 2009-02-28 07:04 100,590 --a------ c:\windows\system32\drivers\1e1789b6.sys
2009-02-26 21:21 . 2009-02-26 21:21 81,920 --a--c--- C:\wvqn.exe
2009-02-26 21:21 . 2009-02-28 06:59 20,480 --a--c--- C:\etwd.exe
2009-02-26 21:21 . 2009-02-26 21:21 2 --a--c--- C:\947118104
2009-02-26 21:20 . 2009-02-26 21:20 31,236 ---hs---- c:\documents and settings\yacob\winlogon.exe
2009-02-26 20:30 . 2009-02-26 20:30 <DIR> d-------- c:\program files\YouTube Downloader
2009-02-26 20:30 . 2009-02-27 16:20 <DIR> d-------- c:\program files\Yahoo!
2009-02-26 20:30 . 2009-02-26 20:30 <DIR> d-------- c:\documents and settings\yacob\Application Data\Yahoo!
2009-02-26 19:51 . 2009-02-26 19:53 <DIR> d-------- c:\program files\Orbitdownloader
2009-02-26 19:51 . 2009-02-26 19:53 <DIR> d-------- c:\documents and settings\yacob\Application Data\Orbit
2009-02-26 19:51 . 2009-02-26 19:51 <DIR> d-------- c:\documents and settings\yacob\Application Data\GrabPro
2009-02-26 19:41 . 2009-02-26 20:12 <DIR> d-------- c:\program files\Video Enhancer
2009-02-26 19:40 . 2009-02-26 19:41 <DIR> d-------- c:\documents and settings\yacob\Application Data\GetRightToGo
2009-02-26 19:39 . 2009-02-26 19:39 <DIR> d---s---- c:\documents and settings\yacob\UserData
2009-02-26 19:34 . 2009-02-26 19:37 <DIR> d-------- c:\program files\Free Video Zilla
2009-02-26 19:34 . 2009-02-26 19:52 <DIR> d----c--- C:\downloads
2009-02-26 19:34 . 2009-02-26 19:37 <DIR> d-------- c:\documents and settings\yacob\Application Data\FVZilla
2009-02-26 19:27 . 2009-02-26 19:27 <DIR> d-------- c:\program files\FDRLab
2009-02-25 00:54 . 2009-02-25 00:54 <DIR> d-------- c:\documents and settings\yacob\.dvdcss
2009-02-25 00:54 . 2009-02-25 00:55 27,279,112 --a--c--- C:\output.dat
2009-02-25 00:53 . 2009-02-25 00:53 <DIR> d-------- c:\documents and settings\yacob\mplayer
2009-02-25 00:53 . 2009-02-25 00:53 <DIR> d-------- c:\documents and settings\yacob\Application Data\dvdcss
2009-02-25 00:52 . 2009-02-25 09:58 <DIR> d-------- c:\program files\cheapestsoft
2009-02-25 00:46 . 2009-02-25 00:51 <DIR> d-------- c:\program files\iOrgSoft
2009-02-25 00:28 . 2009-02-25 00:28 <DIR> d----c--- C:\Extradvdcopy
2009-02-24 20:52 . 2009-02-25 00:25 <DIR> d----c--- C:\My Movies
2009-02-24 13:05 . 2009-02-24 13:05 <DIR> d----c--- c:\documents and settings\All Users\Application Data\vsosdk
2009-02-24 12:12 . 2009-02-24 12:12 <DIR> d-------- c:\program files\VSO
2009-02-24 12:12 . 2009-02-25 00:44 <DIR> d-------- c:\documents and settings\yacob\Application Data\Vso
2009-02-24 12:12 . 2006-05-20 16:16 1,184,984 --a------ c:\windows\system32\wvc1dmod.dll
2009-02-24 12:12 . 2006-05-11 19:21 626,688 --a------ c:\windows\system32\vp7vfw.dll
2009-02-24 12:12 . 2006-09-29 12:24 217,127 --a------ c:\windows\system32\drv43260.dll
2009-02-24 12:12 . 2006-09-29 12:25 208,935 --a------ c:\windows\system32\drv33260.dll
2009-02-24 12:12 . 2006-09-29 12:26 176,165 --a------ c:\windows\system32\drv23260.dll
2009-02-24 12:12 . 2002-12-10 02:20 102,439 --a------ c:\windows\system32\sipr3260.dll
2009-02-24 12:12 . 2007-03-18 20:37 65,602 --a------ c:\windows\system32\cook3260.dll
2009-02-24 12:12 . 2009-02-24 12:12 47,360 --a------ c:\documents and settings\yacob\Application Data\pcouffin.sys
2009-02-23 00:22 . 2009-02-23 08:22 <DIR> d-------- c:\documents and settings\noah\Application Data\LimeWire
2009-02-22 19:03 . 2009-02-22 19:03 <DIR> d-------- c:\documents and settings\noah\Application Data\PACE Anti-Piracy
2009-02-22 19:03 . 2009-02-22 19:03 <DIR> d-------- c:\documents and settings\noah\Application Data\Apple Computer
2009-02-22 09:46 . 2009-02-27 16:19 <DIR> d-------- c:\program files\SUPERAntiSpyware
2009-02-22 09:46 . 2009-02-27 16:19 <DIR> d-------- c:\documents and settings\lillia\Application Data\SUPERAntiSpyware.com
2009-02-22 09:46 . 2009-02-22 09:46 <DIR> d----c--- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-02-21 19:32 . 2009-02-21 19:38 <DIR> d-------- c:\program files\NoAdware
2009-02-21 18:48 . 2009-02-21 18:48 <DIR> d-------- c:\program files\Trend Micro
2009-02-21 02:11 . 2009-02-27 01:22 <DIR> d-------- c:\documents and settings\yacob\Application Data\OpenOffice.org2
2009-02-20 22:18 . 2007-12-01 00:26 151,552 --a------ c:\windows\system32\irftp.exe
2009-02-20 22:18 . 2007-12-01 00:26 151,552 --a--c--- c:\windows\system32\dllcache\irftp.exe
2009-02-20 22:18 . 2007-11-30 17:46 88,192 --a------ c:\windows\system32\drivers\irda.sys
2009-02-20 22:18 . 2007-11-30 17:46 88,192 --a--c--- c:\windows\system32\dllcache\irda.sys
2009-02-20 22:18 . 2007-12-01 00:25 28,160 --a------ c:\windows\system32\irmon.dll
2009-02-20 22:18 . 2007-12-01 00:25 28,160 --a--c--- c:\windows\system32\dllcache\irmon.dll
2009-02-20 22:18 . 2001-08-17 13:51 19,584 --a------ c:\windows\system32\drivers\rasirda.sys
2009-02-20 22:18 . 2001-08-17 13:51 19,584 --a--c--- c:\windows\system32\dllcache\rasirda.sys
2009-02-20 22:18 . 2001-08-17 13:51 18,688 --a------ c:\windows\system32\drivers\irsir.sys
2009-02-20 22:18 . 2001-08-17 13:51 18,688 --a--c--- c:\windows\system32\dllcache\irsir.sys
2009-02-20 22:18 . 2007-12-01 00:26 8,192 --a------ c:\windows\system32\wshirda.dll
2009-02-20 22:18 . 2007-12-01 00:26 8,192 --a--c--- c:\windows\system32\dllcache\wshirda.dll
2009-02-20 07:14 . 2009-02-20 07:14 4,096 --a------ c:\windows\system32\01.tmp
2009-02-19 19:07 . 2001-08-17 14:00 2,944 --a------ c:\windows\system32\drivers\msmpu401.sys
2009-02-19 19:07 . 2001-08-17 14:00 2,944 --a--c--- c:\windows\system32\dllcache\msmpu401.sys
2009-02-18 14:39 . 2009-02-27 16:17 <DIR> d-------- c:\documents and settings\john
2009-02-16 06:53 . 2009-02-16 06:53 <DIR> d---s---- c:\documents and settings\lillia\UserData
2009-02-16 06:27 . 2009-02-28 06:39 <DIR> d-------- c:\documents and settings\lillia\Application Data\OpenOffice.org2
2009-02-15 21:40 . 2009-02-15 21:40 <DIR> d-------- c:\program files\LimeWire
2009-02-15 20:39 . 2009-02-15 20:39 <DIR> d--h----- c:\windows\msdownld.tmp
2009-02-15 20:39 . 2009-02-15 20:39 <DIR> d-------- c:\windows\Logs
2009-02-15 20:39 . 2009-02-15 20:39 <DIR> d-------- c:\program files\SiSoftware
2009-02-15 02:42 . 2009-02-27 16:17 <DIR> d-------- c:\documents and settings\noah
2009-02-14 19:31 . 2009-02-14 19:31 <DIR> d-------- c:\windows\Sun
2009-02-14 17:19 . 2009-02-22 08:43 <DIR> d-------- c:\program files\vanBasco's Karaoke Player
2009-02-14 10:57 . 2009-02-14 11:23 <DIR> d-------- c:\documents and settings\lillia\Application Data\Digidesign
2009-02-14 10:56 . 2009-02-14 10:56 <DIR> d-------- c:\documents and settings\lillia\Application Data\PACE Anti-Piracy
2009-02-14 09:22 . 2009-02-28 07:04 <DIR> d-------- c:\documents and settings\lillia\Application Data\LimeWire
2009-02-14 09:17 . 2009-02-14 09:17 <DIR> d-------- c:\documents and settings\lillia\Application Data\Apple Computer
2009-02-14 06:26 . 2009-02-26 21:50 <DIR> d-------- c:\documents and settings\lillia
2009-02-14 01:11 . 2009-02-14 01:12 <DIR> d-------- c:\program files\FruityLoops3
2009-02-14 00:38 . 2009-02-27 01:22 <DIR> d-------- c:\documents and settings\yacob\Application Data\LimeWire
2009-02-13 22:01 . 2009-02-16 21:32 <DIR> d-------- c:\documents and settings\yacob\Application Data\Digidesign
2009-02-13 22:00 . 2009-02-14 10:58 <DIR> d----c--- C:\Digidesign Databases
2009-02-13 21:56 . 2009-02-13 21:56 <DIR> d-------- c:\program files\iPod
2009-02-13 21:56 . 2009-02-22 00:48 <DIR> d-------- c:\documents and settings\yacob\Application Data\Apple Computer
2009-02-13 21:56 . 2008-04-17 13:12 107,368 --a------ c:\windows\system32\GEARAspi.dll
2009-02-13 21:56 . 2008-04-17 13:12 15,464 --a------ c:\windows\system32\drivers\GEARAspiWDM.sys
2009-02-13 21:55 . 2009-02-13 22:42 <DIR> d----c--- c:\windows\system32\DRVSTORE
2009-02-13 21:55 . 2009-02-13 21:55 <DIR> d-------- c:\program files\QuickTime
2009-02-13 21:55 . 2009-02-13 21:56 <DIR> d-------- c:\program files\iTunes
2009-02-13 21:55 . 2009-02-13 22:42 <DIR> d-------- c:\program files\Common Files\Apple
2009-02-13 21:55 . 2009-02-13 21:55 <DIR> d-------- c:\program files\Bonjour
2009-02-13 21:55 . 2009-02-13 21:55 <DIR> d----c--- c:\documents and settings\All Users\Application Data\Apple Computer
2009-02-13 21:55 . 2009-02-13 21:55 <DIR> d----c--- c:\documents and settings\All Users\Application Data\Apple
2009-02-13 21:55 . 2009-02-13 21:56 <DIR> d----c--- c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2009-02-13 21:45 . 2004-04-13 14:48 233,472 ----s---- c:\windows\system32\REX Shared Library.dll
2009-02-13 21:44 . 2009-02-13 21:46 <DIR> d-------- c:\program files\Digidesign
2009-02-13 21:44 . 2005-10-26 01:21 15,488 --a------ c:\windows\system32\drivers\mbx2dfu.sys
2009-02-13 21:44 . 2005-10-26 01:21 15,232 --a------ c:\windows\system32\drivers\mbx2midk.sys
2009-02-13 20:43 . 2009-02-13 20:43 12,598 --a------ c:\windows\system32\wpa.bak
2009-02-13 20:39 . 2005-10-26 00:22 102,400 --a------ c:\windows\system32\Digi32.dll
2009-02-13 20:38 . 2005-10-26 00:19 16,384 --a------ c:\windows\system32\drivers\DigiFilt.sys
2009-02-13 20:36 . 2005-10-26 10:42 3,395,475 --a------ c:\windows\system32\DirectIO.dll
2009-02-13 20:36 . 2005-10-25 22:51 1,394,452 --a------ c:\windows\system32\ExpansionHD_Firmware.bin
2009-02-13 20:36 . 2005-10-25 22:52 528,384 --a------ c:\windows\system32\DSI.dll
2009-02-13 20:36 . 2005-10-25 23:12 105,472 --a------ c:\windows\system32\drivers\Dalwdm.sys
2009-02-13 20:36 . 2005-10-26 00:21 98,304 --a------ c:\windows\system32\Diomidi.DLL
2009-02-13 20:36 . 2005-10-25 22:53 90,112 --a------ c:\windows\system32\WinMMFix.dll
2009-02-13 20:36 . 2005-10-26 01:21 45,056 --a------ c:\windows\system32\mbx2midu.dll
2009-02-13 20:36 . 2005-10-26 00:26 5,632 --a------ c:\windows\system32\digicoin.dll
2009-02-13 19:37 . 2009-02-13 19:37 <DIR> d----c--- c:\documents and settings\All Users\Application Data\SlySoft
2009-02-13 19:36 . 2009-02-13 22:40 <DIR> d-------- c:\program files\SlySoft
2009-02-13 18:31 . 2009-02-27 10:06 116 --a------ c:\windows\NeroDigital.ini
2009-02-13 18:30 . 2009-02-13 18:31 <DIR> d-------- c:\program files\InterActual
2009-02-13 18:22 . 2009-02-25 01:03 <DIR> d-------- c:\windows\Easy DVD Copy
2009-02-13 18:22 . 2009-02-25 10:56 <DIR> d-------- C:\TempDVD
2009-02-13 18:22 . 2009-02-25 01:03 <DIR> d-------- c:\program files\Easy DVD Copy
2009-02-13 18:12 . 2009-02-13 18:12 <DIR> d-------- c:\documents and settings\yacob\Application Data\CyberLink

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-27 06:19 --------- d-----w c:\program files\Java
2009-02-26 15:22 --------- d-----w c:\documents and settings\PC USER\Application Data\OpenOffice.org2
2009-02-20 16:09 --------- d--h--w c:\program files\InstallShield Installation Information
2009-02-20 16:09 --------- d-----w c:\program files\Common Files\InstallShield
2007-11-30 14:25 170,956 --sha-r c:\windows\system32\qckdycm.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"6120"="C:\etwd.exe" [2009-02-28 20480]

c:\documents and settings\yacob\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2008-01-23 147456]
OpenOffice.org 2.3.lnk - c:\program files\OpenOffice.org 2.3\program\quickstart.exe [2007-08-17 393216]

c:\documents and settings\noah\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2008-01-23 147456]

c:\documents and settings\PC USER\Start Menu\Programs\Startup\
OpenOffice.org 2.3.lnk - c:\program files\OpenOffice.org 2.3\program\quickstart.exe [2007-08-17 393216]

c:\documents and settings\lillia\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2008-01-23 147456]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"midi3"= mbx2midu.dll
"wave3"= Digi32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\list]
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2009.SP2\\RpcAgentSrv.exe"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2009.SP2\\WNt500x86\\RpcSandraSrv.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8073:TCP"= 8073:TCP:dihrt

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R0 DigiFilter;DigiFilter;c:\windows\system32\drivers\DigiFilt.sys [2009-02-13 16384]
S2 atvalu;Universal Manager;c:\windows\system32\svchost.exe -k netsvcs [2006-02-28 14336]
S3 bignz;bignz;\??\c:\windows\system32\03.tmp --> c:\windows\system32\03.tmp [?]
S3 dalwdmservice;dal service;c:\windows\system32\drivers\Dalwdm.sys [2009-02-13 105472]
S3 MBX2DFU;MBX2DFU;c:\windows\system32\drivers\mbx2dfu.sys [2009-02-13 15488]
S3 MBX2MIDK;Digidesign Mbox 2 Midi Driver;c:\windows\system32\drivers\mbx2midk.sys [2009-02-13 15232]
S3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware\SiSoftware Sandra Lite 2009.SP2\RpcAgentSrv.exe [2009-02-15 98488]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
atvalu
.
- - - - ORPHANS REMOVED - - - -

BHO-{100EB1FD-D03E-47FD-81F3-EE91287F9465} - c:\program files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll
WebBrowser-{90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - (no file)


.
------- Supplementary Scan -------
.
uLocal Page = \blank.htm
uStart Page = hxxp://www.google.com/
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: {{C5428486-50A0-4a02-9D20-520B59A9F9B2} - {C9CCBB35-D123-4a31-AFFC-9B2933132116} - c:\program files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll
IE: {{C5428486-50A0-4a02-9D20-520B59A9F9B3} - {A16AD1E9-F69A-45af-9462-B1C286708842} - c:\program files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll
FF - ProfilePath - c:\documents and settings\lillia\Application Data\Mozilla\Firefox\Profiles\gknj6arb.default\
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-28 07:04:01
Windows 5.1.2600 Service Pack 3, v.3264 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\bignz]
"ImagePath"="\??\c:\windows\system32\03.tmp"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\1e1789b6]
"ImagePath"="\SystemRoot\System32\drivers\1e1789b6.sys"
--

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\atvalu]
"ServiceDll"="c:\windows\system32\qckdycm.dll"
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Digidesign\Drivers\MMERefresh.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\wscntfy.exe
C:\lsass.exe
.
**************************************************************************
.
Completion time: 2009-02-28 7:05:10 - machine was rebooted
ComboFix-quarantined-files.txt 2009-02-27 21:05:07

Pre-Run: 57,139,793,920 bytes free
Post-Run: 58,427,170,816 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

291 --- E O F --- 2008-02-04 03:50:53




and here is my hijackthis report.................................


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:07:46 AM, on 2/28/2009
Platform: Windows XP SP3, v.3264 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.3264)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Digidesign\Drivers\MMERefresh.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\wscntfy.exe
C:\etwd.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
c:\lsass.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: SSVHelper Class - {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [4145] C:\etwd.exe
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O9 - Extra button: (no name) - {08b0e5c0-4fcb-11cf-aaa5-00401c608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08b0e5c0-4fcb-11cf-aaa5-00401c608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll (file missing)
O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [java_sun] Java (Sun)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1202096684478
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Digidesign MME Refresh Service (DigiRefresh) - Digidesign, A Division of Avid Technology, Inc. - C:\Program Files\Digidesign\Drivers\MMERefresh.exe
O23 - Service: digiSPTIService - Digidesign, A Division of Avid Technology, Inc. - C:\Program Files\Digidesign\Pro Tools\digiSPTIService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009.SP2\RpcAgentSrv.exe

--
End of file - 5042 bytes

hello

Open notepad and copy/paste the text in the quotebox below into it:

http://www.geekstogo...ow-t230471.html

Collect::
C:\lsass.exe
c:\windows\system32\02.tmp
c:\windows\system32\drivers\1e1789b6.sys
C:\wvqn.exe
C:\etwd.exe
C:\947118104
c:\documents and settings\yacob\winlogon.exe
c:\windows\system32\qckdycm.dll

folder::
c:\windows\system32\WNR
c:\windows\system32\ghu02
c:\temp\itmp2
file::

Driver::
1e1789b6
atvalu
bignz

NetSvc::
atvalu

KillAll::

Suspect::

Save this as CFScript.txt




Refering to the picture above, drag CFScript.txt into ComboFix.exe

When finished, it shall produce a log for you. Post that log in your next reply.

**Note**

When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture files to submit for analysis.

• Ensure you are connected to the internet and click OK on the message box.

Thanks for helping. here is my log.........................



ComboFix 09-02-26.02 - lillia 2009-02-28 8:40:21.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1015.799 [GMT 10:00]
Running from: c:\documents and settings\lillia\Desktop\Combo-Fix.exe
Command switches used :: c:\documents and settings\lillia\Desktop\CFScript.txt
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\947118104
c:\documents and settings\yacob\winlogon.exe
C:\etwd.exe
C:\lsass.exe
c:\temp\itmp2
c:\temp\itmp2\mTS.log
c:\windows\system32\02.tmp
c:\windows\system32\drivers\1e1789b6.sys
c:\windows\system32\ghu02
c:\windows\system32\qckdycm.dll
c:\windows\system32\WNR
C:\wvqn.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ATVALU
-------\Service_1e1789b6
-------\Service_atvalu
-------\Service_bignz


((((((((((((((((((((((((( Files Created from 2009-01-27 to 2009-02-27 )))))))))))))))))))))))))))))))
.

2009-02-28 08:41 . 2009-02-28 08:42 100,590 --a------ c:\windows\system32\drivers\1e1789b6.sys
2009-02-26 22:06 . 2009-02-26 22:06 <DIR> d-------- c:\documents and settings\lillia\Application Data\Yahoo!
2009-02-26 21:49 . 2009-02-27 16:17 <DIR> d----c--- c:\documents and settings\All Users\Application Data\avg8
2009-02-26 21:48 . 2009-02-26 21:48 <DIR> d-------- c:\documents and settings\PC USER\Application Data\SUPERAntiSpyware.com
2009-02-26 21:21 . 2009-02-28 08:40 <DIR> d----c--- C:\Temp
2009-02-26 21:21 . 2009-02-26 21:21 <DIR> d-------- c:\documents and settings\yacob\Application Data\comidle
2009-02-26 20:30 . 2009-02-26 20:30 <DIR> d-------- c:\program files\YouTube Downloader
2009-02-26 20:30 . 2009-02-27 16:20 <DIR> d-------- c:\program files\Yahoo!
2009-02-26 20:30 . 2009-02-26 20:30 <DIR> d-------- c:\documents and settings\yacob\Application Data\Yahoo!
2009-02-26 19:51 . 2009-02-26 19:53 <DIR> d-------- c:\program files\Orbitdownloader
2009-02-26 19:51 . 2009-02-26 19:53 <DIR> d-------- c:\documents and settings\yacob\Application Data\Orbit
2009-02-26 19:51 . 2009-02-26 19:51 <DIR> d-------- c:\documents and settings\yacob\Application Data\GrabPro
2009-02-26 19:41 . 2009-02-26 20:12 <DIR> d-------- c:\program files\Video Enhancer
2009-02-26 19:40 . 2009-02-26 19:41 <DIR> d-------- c:\documents and settings\yacob\Application Data\GetRightToGo
2009-02-26 19:39 . 2009-02-26 19:39 <DIR> d---s---- c:\documents and settings\yacob\UserData
2009-02-26 19:34 . 2009-02-26 19:37 <DIR> d-------- c:\program files\Free Video Zilla
2009-02-26 19:34 . 2009-02-26 19:52 <DIR> d----c--- C:\downloads
2009-02-26 19:34 . 2009-02-26 19:37 <DIR> d-------- c:\documents and settings\yacob\Application Data\FVZilla
2009-02-26 19:27 . 2009-02-26 19:27 <DIR> d-------- c:\program files\FDRLab
2009-02-25 00:54 . 2009-02-25 00:54 <DIR> d-------- c:\documents and settings\yacob\.dvdcss
2009-02-25 00:54 . 2009-02-25 00:55 27,279,112 --a--c--- C:\output.dat
2009-02-25 00:53 . 2009-02-25 00:53 <DIR> d-------- c:\documents and settings\yacob\mplayer
2009-02-25 00:53 . 2009-02-25 00:53 <DIR> d-------- c:\documents and settings\yacob\Application Data\dvdcss
2009-02-25 00:52 . 2009-02-25 09:58 <DIR> d-------- c:\program files\cheapestsoft
2009-02-25 00:46 . 2009-02-25 00:51 <DIR> d-------- c:\program files\iOrgSoft
2009-02-25 00:28 . 2009-02-25 00:28 <DIR> d----c--- C:\Extradvdcopy
2009-02-24 20:52 . 2009-02-25 00:25 <DIR> d----c--- C:\My Movies
2009-02-24 13:05 . 2009-02-24 13:05 <DIR> d----c--- c:\documents and settings\All Users\Application Data\vsosdk
2009-02-24 12:12 . 2009-02-24 12:12 <DIR> d-------- c:\program files\VSO
2009-02-24 12:12 . 2009-02-25 00:44 <DIR> d-------- c:\documents and settings\yacob\Application Data\Vso
2009-02-24 12:12 . 2006-05-20 16:16 1,184,984 --a------ c:\windows\system32\wvc1dmod.dll
2009-02-24 12:12 . 2006-05-11 19:21 626,688 --a------ c:\windows\system32\vp7vfw.dll
2009-02-24 12:12 . 2006-09-29 12:24 217,127 --a------ c:\windows\system32\drv43260.dll
2009-02-24 12:12 . 2006-09-29 12:25 208,935 --a------ c:\windows\system32\drv33260.dll
2009-02-24 12:12 . 2006-09-29 12:26 176,165 --a------ c:\windows\system32\drv23260.dll
2009-02-24 12:12 . 2002-12-10 02:20 102,439 --a------ c:\windows\system32\sipr3260.dll
2009-02-24 12:12 . 2007-03-18 20:37 65,602 --a------ c:\windows\system32\cook3260.dll
2009-02-24 12:12 . 2009-02-24 12:12 47,360 --a------ c:\documents and settings\yacob\Application Data\pcouffin.sys
2009-02-23 00:22 . 2009-02-23 08:22 <DIR> d-------- c:\documents and settings\noah\Application Data\LimeWire
2009-02-22 19:03 . 2009-02-22 19:03 <DIR> d-------- c:\documents and settings\noah\Application Data\PACE Anti-Piracy
2009-02-22 19:03 . 2009-02-22 19:03 <DIR> d-------- c:\documents and settings\noah\Application Data\Apple Computer
2009-02-22 09:46 . 2009-02-27 16:19 <DIR> d-------- c:\program files\SUPERAntiSpyware
2009-02-22 09:46 . 2009-02-27 16:19 <DIR> d-------- c:\documents and settings\lillia\Application Data\SUPERAntiSpyware.com
2009-02-22 09:46 . 2009-02-22 09:46 <DIR> d----c--- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-02-21 19:32 . 2009-02-21 19:38 <DIR> d-------- c:\program files\NoAdware
2009-02-21 18:48 . 2009-02-21 18:48 <DIR> d-------- c:\program files\Trend Micro
2009-02-21 02:11 . 2009-02-27 01:22 <DIR> d-------- c:\documents and settings\yacob\Application Data\OpenOffice.org2
2009-02-20 22:18 . 2007-12-01 00:26 151,552 --a------ c:\windows\system32\irftp.exe
2009-02-20 22:18 . 2007-12-01 00:26 151,552 --a--c--- c:\windows\system32\dllcache\irftp.exe
2009-02-20 22:18 . 2007-11-30 17:46 88,192 --a------ c:\windows\system32\drivers\irda.sys
2009-02-20 22:18 . 2007-11-30 17:46 88,192 --a--c--- c:\windows\system32\dllcache\irda.sys
2009-02-20 22:18 . 2007-12-01 00:25 28,160 --a------ c:\windows\system32\irmon.dll
2009-02-20 22:18 . 2007-12-01 00:25 28,160 --a--c--- c:\windows\system32\dllcache\irmon.dll
2009-02-20 22:18 . 2001-08-17 13:51 19,584 --a------ c:\windows\system32\drivers\rasirda.sys
2009-02-20 22:18 . 2001-08-17 13:51 19,584 --a--c--- c:\windows\system32\dllcache\rasirda.sys
2009-02-20 22:18 . 2001-08-17 13:51 18,688 --a------ c:\windows\system32\drivers\irsir.sys
2009-02-20 22:18 . 2001-08-17 13:51 18,688 --a--c--- c:\windows\system32\dllcache\irsir.sys
2009-02-20 22:18 . 2007-12-01 00:26 8,192 --a------ c:\windows\system32\wshirda.dll
2009-02-20 22:18 . 2007-12-01 00:26 8,192 --a--c--- c:\windows\system32\dllcache\wshirda.dll
2009-02-20 07:14 . 2009-02-20 07:14 4,096 --a------ c:\windows\system32\01.tmp
2009-02-19 19:07 . 2001-08-17 14:00 2,944 --a------ c:\windows\system32\drivers\msmpu401.sys
2009-02-19 19:07 . 2001-08-17 14:00 2,944 --a--c--- c:\windows\system32\dllcache\msmpu401.sys
2009-02-18 14:39 . 2009-02-27 16:17 <DIR> d-------- c:\documents and settings\john
2009-02-16 06:53 . 2009-02-16 06:53 <DIR> d---s---- c:\documents and settings\lillia\UserData
2009-02-16 06:27 . 2009-02-28 06:39 <DIR> d-------- c:\documents and settings\lillia\Application Data\OpenOffice.org2
2009-02-15 21:40 . 2009-02-15 21:40 <DIR> d-------- c:\program files\LimeWire
2009-02-15 20:39 . 2009-02-15 20:39 <DIR> d--h----- c:\windows\msdownld.tmp
2009-02-15 20:39 . 2009-02-15 20:39 <DIR> d-------- c:\windows\Logs
2009-02-15 20:39 . 2009-02-15 20:39 <DIR> d-------- c:\program files\SiSoftware
2009-02-15 02:42 . 2009-02-27 16:17 <DIR> d-------- c:\documents and settings\noah
2009-02-14 19:31 . 2009-02-14 19:31 <DIR> d-------- c:\windows\Sun
2009-02-14 17:19 . 2009-02-22 08:43 <DIR> d-------- c:\program files\vanBasco's Karaoke Player
2009-02-14 10:57 . 2009-02-14 11:23 <DIR> d-------- c:\documents and settings\lillia\Application Data\Digidesign
2009-02-14 10:56 . 2009-02-14 10:56 <DIR> d-------- c:\documents and settings\lillia\Application Data\PACE Anti-Piracy
2009-02-14 09:22 . 2009-02-28 08:42 <DIR> d-------- c:\documents and settings\lillia\Application Data\LimeWire
2009-02-14 09:17 . 2009-02-14 09:17 <DIR> d-------- c:\documents and settings\lillia\Application Data\Apple Computer
2009-02-14 06:26 . 2009-02-26 21:50 <DIR> d-------- c:\documents and settings\lillia
2009-02-14 01:11 . 2009-02-14 01:12 <DIR> d-------- c:\program files\FruityLoops3
2009-02-14 00:38 . 2009-02-27 01:22 <DIR> d-------- c:\documents and settings\yacob\Application Data\LimeWire
2009-02-13 22:01 . 2009-02-16 21:32 <DIR> d-------- c:\documents and settings\yacob\Application Data\Digidesign
2009-02-13 22:00 . 2009-02-14 10:58 <DIR> d----c--- C:\Digidesign Databases
2009-02-13 21:56 . 2009-02-13 21:56 <DIR> d-------- c:\program files\iPod
2009-02-13 21:56 . 2009-02-22 00:48 <DIR> d-------- c:\documents and settings\yacob\Application Data\Apple Computer
2009-02-13 21:56 . 2008-04-17 13:12 107,368 --a------ c:\windows\system32\GEARAspi.dll
2009-02-13 21:56 . 2008-04-17 13:12 15,464 --a------ c:\windows\system32\drivers\GEARAspiWDM.sys
2009-02-13 21:55 . 2009-02-13 22:42 <DIR> d----c--- c:\windows\system32\DRVSTORE
2009-02-13 21:55 . 2009-02-13 21:55 <DIR> d-------- c:\program files\QuickTime
2009-02-13 21:55 . 2009-02-13 21:56 <DIR> d-------- c:\program files\iTunes
2009-02-13 21:55 . 2009-02-13 22:42 <DIR> d-------- c:\program files\Common Files\Apple
2009-02-13 21:55 . 2009-02-13 21:55 <DIR> d-------- c:\program files\Bonjour
2009-02-13 21:55 . 2009-02-13 21:55 <DIR> d----c--- c:\documents and settings\All Users\Application Data\Apple Computer
2009-02-13 21:55 . 2009-02-13 21:55 <DIR> d----c--- c:\documents and settings\All Users\Application Data\Apple
2009-02-13 21:55 . 2009-02-13 21:56 <DIR> d----c--- c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2009-02-13 21:45 . 2004-04-13 14:48 233,472 ----s---- c:\windows\system32\REX Shared Library.dll
2009-02-13 21:44 . 2009-02-13 21:46 <DIR> d-------- c:\program files\Digidesign
2009-02-13 21:44 . 2005-10-26 01:21 15,488 --a------ c:\windows\system32\drivers\mbx2dfu.sys
2009-02-13 21:44 . 2005-10-26 01:21 15,232 --a------ c:\windows\system32\drivers\mbx2midk.sys
2009-02-13 20:43 . 2009-02-13 20:43 12,598 --a------ c:\windows\system32\wpa.bak
2009-02-13 20:39 . 2005-10-26 00:22 102,400 --a------ c:\windows\system32\Digi32.dll
2009-02-13 20:38 . 2005-10-26 00:19 16,384 --a------ c:\windows\system32\drivers\DigiFilt.sys
2009-02-13 20:36 . 2005-10-26 10:42 3,395,475 --a------ c:\windows\system32\DirectIO.dll
2009-02-13 20:36 . 2005-10-25 22:51 1,394,452 --a------ c:\windows\system32\ExpansionHD_Firmware.bin
2009-02-13 20:36 . 2005-10-25 22:52 528,384 --a------ c:\windows\system32\DSI.dll
2009-02-13 20:36 . 2005-10-25 23:12 105,472 --a------ c:\windows\system32\drivers\Dalwdm.sys
2009-02-13 20:36 . 2005-10-26 00:21 98,304 --a------ c:\windows\system32\Diomidi.DLL
2009-02-13 20:36 . 2005-10-25 22:53 90,112 --a------ c:\windows\system32\WinMMFix.dll
2009-02-13 20:36 . 2005-10-26 01:21 45,056 --a------ c:\windows\system32\mbx2midu.dll
2009-02-13 20:36 . 2005-10-26 00:26 5,632 --a------ c:\windows\system32\digicoin.dll
2009-02-13 19:37 . 2009-02-13 19:37 <DIR> d----c--- c:\documents and settings\All Users\Application Data\SlySoft
2009-02-13 19:36 . 2009-02-13 22:40 <DIR> d-------- c:\program files\SlySoft
2009-02-13 18:31 . 2009-02-27 10:06 116 --a------ c:\windows\NeroDigital.ini
2009-02-13 18:30 . 2009-02-13 18:31 <DIR> d-------- c:\program files\InterActual
2009-02-13 18:22 . 2009-02-25 01:03 <DIR> d-------- c:\windows\Easy DVD Copy
2009-02-13 18:22 . 2009-02-25 10:56 <DIR> d-------- C:\TempDVD
2009-02-13 18:22 . 2009-02-25 01:03 <DIR> d-------- c:\program files\Easy DVD Copy
2009-02-13 18:12 . 2009-02-13 18:12 <DIR> d-------- c:\documents and settings\yacob\Application Data\CyberLink
2009-02-13 16:21 . 2009-02-13 16:21 <DIR> d-------- c:\documents and settings\aroha
2009-02-13 16:08 . 2009-02-13 16:08 <DIR> d-------- c:\program files\IK Multimedia
2009-02-13 15:40 . 2009-02-13 15:40 <DIR> d----c--- c:\documents and settings\All Users\Application Data\Symantec
2009-02-13 15:35 . 2007-11-30 17:30 60,032 --a------ c:\windows\system32\drivers\USBAUDIO.sys
2009-02-13 15:35 . 2007-11-30 17:30 60,032 --a--c--- c:\windows\system32\dllcache\usbaudio.sys
2009-02-13 15:34 . 2007-11-30 17:31 32,128 --a------ c:\windows\system32\drivers\usbccgp.sys
2009-02-13 15:34 . 2007-11-30 17:31 32,128 --a--c--- c:\windows\system32\dllcache\usbccgp.sys
2009-02-13 15:31 . 2009-02-13 15:31 <DIR> d-------- c:\program files\InterLok
2009-02-13 15:31 . 2009-02-13 15:31 <DIR> d-------- c:\program files\Common Files\PACE Anti-Piracy

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-27 06:19 --------- d-----w c:\program files\Java
2009-02-26 15:22 --------- d-----w c:\documents and settings\PC USER\Application Data\OpenOffice.org2
2009-02-20 16:09 --------- d--h--w c:\program files\InstallShield Installation Information
2009-02-20 16:09 --------- d-----w c:\program files\Common Files\InstallShield
.

((((((((((((((((((((((((((((( SnapShot@2009-02-28_ 7.04.34.00 )))))))))))))))))))))))))))))))))))))))))
.
+ 2005-10-20 10:02:28 163,328 ----a-w c:\windows\ERDNT\subs\ERDNT.EXE
+ 2009-02-27 22:42:19 16,384 ----atw c:\windows\temp\Perflib_Perfdata_208.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

c:\documents and settings\yacob\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2008-01-23 147456]
OpenOffice.org 2.3.lnk - c:\program files\OpenOffice.org 2.3\program\quickstart.exe [2007-08-17 393216]

c:\documents and settings\noah\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2008-01-23 147456]

c:\documents and settings\PC USER\Start Menu\Programs\Startup\
OpenOffice.org 2.3.lnk - c:\program files\OpenOffice.org 2.3\program\quickstart.exe [2007-08-17 393216]

c:\documents and settings\lillia\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2008-01-23 147456]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"midi3"= mbx2midu.dll
"wave3"= Digi32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\list]
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2009.SP2\\RpcAgentSrv.exe"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2009.SP2\\WNt500x86\\RpcSandraSrv.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8073:TCP"= 8073:TCP:dihrt

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R0 DigiFilter;DigiFilter;c:\windows\system32\drivers\DigiFilt.sys [2009-02-13 16384]
S3 dalwdmservice;dal service;c:\windows\system32\drivers\Dalwdm.sys [2009-02-13 105472]
S3 MBX2DFU;MBX2DFU;c:\windows\system32\drivers\mbx2dfu.sys [2009-02-13 15488]
S3 MBX2MIDK;Digidesign Mbox 2 Midi Driver;c:\windows\system32\drivers\mbx2midk.sys [2009-02-13 15232]
S3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware\SiSoftware Sandra Lite 2009.SP2\RpcAgentSrv.exe [2009-02-15 98488]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-11822 - C:\etwd.exe


.
------- Supplementary Scan -------
.
uLocal Page = \blank.htm
uStart Page = hxxp://www.google.com/
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: {{C5428486-50A0-4a02-9D20-520B59A9F9B3} - {A16AD1E9-F69A-45af-9462-B1C286708842} -
FF - ProfilePath - c:\documents and settings\lillia\Application Data\Mozilla\Firefox\Profiles\gknj6arb.default\
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-28 08:42:23
Windows 5.1.2600 Service Pack 3, v.3264 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\1e1789b6]
"ImagePath"="\SystemRoot\System32\drivers\1e1789b6.sys"
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Digidesign\Drivers\MMERefresh.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-02-28 8:43:32 - machine was rebooted
ComboFix-quarantined-files.txt 2009-02-27 22:43:30
ComboFix2.txt 2009-02-27 21:05:11

Pre-Run: 59,951,566,848 bytes free
Post-Run: 59,941,076,992 bytes free

239 --- E O F --- 2008-02-04 03:50:53

hello

Please download OTMoveIt3 by OldTimer

• Save it to your desktop.
• Please double-click OTMoveIt3.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
• Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  
  

  :Processes
  explorer.exe
  
  :Services
  1e1789b6
  :Reg
  
  :Files
  c:\windows\system32\drivers\1e1789b6.sys
  :Commands
  [purity]
  [emptytemp]
  [start explorer]
  [Reboot]

• Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
  
• Click the red Moveit! button.
• Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
• Close OTMoveIt3

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.




Please download ATF Cleaner by Atribune.
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.




Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.






Go to Kaspersky website and perform an online antivirus scan.

• Read through the requirements and privacy statement and click on Accept button.
• It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
• When the downloads have finished, click on Settings.
• Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
  • Spyware, Adware, Dialers, and other potentially dangerous programs
    Archives
    Mail databases
• Click on My Computer under Scan.
• Once the scan is complete, it will display the results. Click on View Scan Report.
• You will see a list of infected items there. Click on Save Report As....
• Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Then post it here.

Thank you for helping here are my logs..........................

OTMoveit Log

========== PROCESSES ==========
Process explorer.exe killed successfully.
========== SERVICES/DRIVERS ==========
Service 1e1789b6 stopped successfully.
Service 1e1789b6 deleted successfully.
========== REGISTRY ==========
========== FILES ==========
File/Folder c:\windows\system32\drivers\1e1789b6.sys not found.
========== COMMANDS ==========
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_26c.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_540.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_714.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 03022009_143823

Files moved on Reboot...
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be moved on reboot.
File C:\WINDOWS\temp\Perflib_Perfdata_26c.dat not found!
File C:\WINDOWS\temp\Perflib_Perfdata_540.dat not found!
File C:\WINDOWS\temp\Perflib_Perfdata_714.dat not found!



MBAM Log:

Malwarebytes' Anti-Malware 1.34
Database version: 1813
Windows 5.1.2600 Service Pack 3, v.3264

3/2/2009 4:56:06 PM
mbam-log-2009-03-02 (16-56-06).txt

Scan type: Quick Scan
Objects scanned: 81661
Time elapsed: 2 hour(s), 5 minute(s), 34 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 1
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 3
Files Infected: 8

Memory Processes Infected:
C:\program files\relevantknowledge\rlvknlg.exe (Spyware.Marketscore) -> Unloaded process successfully.

Memory Modules Infected:
C:\program files\relevantknowledge\rlls.dll (Spyware.Marketscore) -> Delete on reboot.

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Documents and Settings\All Users\Start Menu\Programs\RelevantKnowledge (Spyware.Marketscore) -> Quarantined and deleted successfully.
C:\Program Files\RelevantKnowledge (Spyware.Marketscore) -> Delete on reboot.
C:\Documents and Settings\yacob\Application Data\comidle (Trojan.Downloader) -> Quarantined and deleted successfully.

Files Infected:
C:\Documents and Settings\All Users\Start Menu\Programs\RelevantKnowledge\About RelevantKnowledge.lnk (Spyware.Marketscore) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\RelevantKnowledge\Privacy Policy and User License Agreement.lnk (Spyware.Marketscore) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\RelevantKnowledge\Support.lnk (Spyware.Marketscore) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\RelevantKnowledge\Uninstall Instructions.lnk (Spyware.Marketscore) -> Quarantined and deleted successfully.
C:\Program Files\RelevantKnowledge\rlls.dll (Spyware.Marketscore) -> Delete on reboot.
C:\Program Files\RelevantKnowledge\rloci.bin (Spyware.Marketscore) -> Quarantined and deleted successfully.
C:\Program Files\RelevantKnowledge\rlservice.exe (Spyware.Marketscore) -> Quarantined and deleted successfully.
C:\Program Files\RelevantKnowledge\rlvknlg.exe (Spyware.Marketscore) -> Delete on reboot.



Kapersky Log:

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Monday, March 2, 2009
Operating System: Microsoft Windows XP Professional Service Pack 3, v.3264 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Monday, March 02, 2009 08:40:21
Records in database: 1861399
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\

Scan statistics:
Files scanned: 39014
Threat name: 5
Infected objects: 7
Suspicious objects: 0
Duration of the scan: 00:35:02


File name / Threat name / Threats count
C:\Documents and Settings\yacob\My Documents\LimeWire\Incomplete\T-3545427-passion cater2u.mp3 Infected: Trojan-Downloader.WMA.GetCodec.u 1
C:\Program Files\Alwil Software\Avast4\DATA\moved\jwgkvsq.vmx.vir Infected: Net-Worm.Win32.Kido.ih 1
C:\Qoobox\Quarantine\C\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll.vir Infected: not-a-virus:AdWare.Win32.Shopper.v 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\1e1789b6.sys.vir Infected: Trojan.Win32.Agent2.eeo 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\senekaldgxtfvy.dll.vir Infected: Packed.Win32.Tdss.f 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\senekamtvklmtj.dll.vir Infected: Packed.Win32.Tdss.f 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\senekaputuadjr.dll.vir Infected: Packed.Win32.Tdss.f 1

The selected area was scanned.

delete this file

C:\Documents and Settings\yacob\My Documents\LimeWire\Incomplete\T-3545427-passion cater2u.mp3


and post a new HJT log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:15:32 PM, on 3/3/2009
Platform: Windows XP SP3, v.3264 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.3264)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Digidesign\Drivers\MMERefresh.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://toolbar.ask.c...c...amp;gc=1&q=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://toolbar.ask.c...c...amp;gc=1&q=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://toolbar.ask.c...c...p;gc=1&q=%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R3 - URLSearchHook: DefaultSearchHook Class - {C94E154B-1459-4A47-966B-4B843BEFC7DB} - C:\Program Files\AskSearch\bin\DefaultSearch.dll
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: SSVHelper Class - {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: PHPNukeEN Toolbar - {dd02a4eb-4afd-4d60-99d8-e67f964ca813} - C:\Program Files\PHPNukeEN\tbPHP1.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O3 - Toolbar: PHPNukeEN Toolbar - {dd02a4eb-4afd-4d60-99d8-e67f964ca813} - C:\Program Files\PHPNukeEN\tbPHP1.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RelevantKnowledge] C:\program files\relevantknowledge\rlvknlg.exe -boot
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-21-1011326704-283029756-3269524553-1009\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'john')
O4 - S-1-5-21-1011326704-283029756-3269524553-1005 Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe (User 'yacob')
O4 - S-1-5-21-1011326704-283029756-3269524553-1005 Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe (User 'yacob')
O4 - S-1-5-21-1011326704-283029756-3269524553-1005 User Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe (User 'yacob')
O4 - S-1-5-21-1011326704-283029756-3269524553-1005 User Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe (User 'yacob')
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O9 - Extra button: (no name) - {08b0e5c0-4fcb-11cf-aaa5-00401c608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08b0e5c0-4fcb-11cf-aaa5-00401c608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [java_sun] Java (Sun)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail....es/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1202096684478
O16 - DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} (MSN Games – Texas Holdem Poker) - http://zone.msn.com/...he.cab79352.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn...rk.cab56649.cab
O23 - Service: avast! iAVS4 Control Service (aswupdsv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus (avast! antivirus) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner (avast! mail scanner) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner (avast! web scanner) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Digidesign MME Refresh Service (DigiRefresh) - Digidesign, A Division of Avid Technology, Inc. - C:\Program Files\Digidesign\Drivers\MMERefresh.exe
O23 - Service: digiSPTIService - Digidesign, A Division of Avid Technology, Inc. - C:\Program Files\Digidesign\Pro Tools\digiSPTIService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009.SP2\RpcAgentSrv.exe

--
End of file - 7226 bytes

fix this with HJT

O4 - HKLM\..\Run: [RelevantKnowledge] C:\program files\relevantknowledge\rlvknlg.exe -boot


reboot and post a new HJT Log

Hi,
I tried running and searching for that file but it doesnt exist, neither does the folder.
The closest thing I have found to this is RLVKNLG.EXE-2A0A2C3D.pf found in C:\WINDOWS\prefetch.
I deleted that file and did another HJT scan but that 04 file was still found in the log so I have restored the deleted file.
Here is my HJT log......


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:23:12 PM, on 3/4/2009
Platform: Windows XP SP3, v.3264 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.3264)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Digidesign\Drivers\MMERefresh.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://toolbar.ask.c...c...amp;gc=1&q=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://toolbar.ask.c...c...amp;gc=1&q=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://toolbar.ask.c...c...p;gc=1&q=%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R3 - URLSearchHook: DefaultSearchHook Class - {C94E154B-1459-4A47-966B-4B843BEFC7DB} - C:\Program Files\AskSearch\bin\DefaultSearch.dll
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: SSVHelper Class - {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: PHPNukeEN Toolbar - {dd02a4eb-4afd-4d60-99d8-e67f964ca813} - C:\Program Files\PHPNukeEN\tbPHP1.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O3 - Toolbar: PHPNukeEN Toolbar - {dd02a4eb-4afd-4d60-99d8-e67f964ca813} - C:\Program Files\PHPNukeEN\tbPHP1.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RelevantKnowledge] C:\program files\relevantknowledge\rlvknlg.exe -boot
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O9 - Extra button: (no name) - {08b0e5c0-4fcb-11cf-aaa5-00401c608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08b0e5c0-4fcb-11cf-aaa5-00401c608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [java_sun] Java (Sun)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail....es/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1202096684478
O16 - DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} (MSN Games – Texas Holdem Poker) - http://zone.msn.com/...he.cab79352.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn...rk.cab56649.cab
O23 - Service: avast! iAVS4 Control Service (aswupdsv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus (avast! antivirus) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner (avast! mail scanner) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner (avast! web scanner) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Digidesign MME Refresh Service (DigiRefresh) - Digidesign, A Division of Avid Technology, Inc. - C:\Program Files\Digidesign\Drivers\MMERefresh.exe
O23 - Service: digiSPTIService - Digidesign, A Division of Avid Technology, Inc. - C:\Program Files\Digidesign\Pro Tools\digiSPTIService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009.SP2\RpcAgentSrv.exe

--
End of file - 6438 bytes

hmm nearly done

• Download OTListIt2 to your desktop.
• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• When the window appears, underneath Output at the top change it to Minimal Output.
• Check the boxes beside LOP Check and Purity Check.
• Under Custom Scan paste this in
  
  netsvcs
  msconfig
  safebootminimal
  safebootnetwork
  activex
  %systemroot%\System32\antiwpa.dll
  %systemroot%\SYSTEM32\wpa.dll
  %systemroot%\setup\scripts\biestart.exe
  %systemroot%\system32\serauth1.dll
  %systemroot%\system32\serauth2.dll
  %systemroot%\system32\sysaudio.sys
  %systemroot%\system32\wdmaud.sys
  %systemroot%\system32\aeaudio.sys
  
  
• Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  
• When the scan completes, it will open two notepad windows. OTListIt.Txt and Extras.Txt. These are saved in the same location as OTListIt2.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.

OTListIt logfile created on: 3/5/2009 2:26:02 PM - Run 1
OTListIt2 by OldTimer - Version 2.0.3.4 Folder = C:\Documents and Settings\lillia\Desktop
Windows XP Professional Edition Service Pack 3, v.3264 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.3264)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1015.48 Mb Total Physical Memory | 532.14 Mb Available Physical Memory | 52.40% Memory free
2.44 Gb Paging File | 1.95 Gb Available in Paging File | 79.93% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.53 Gb Total Space | 55.21 Gb Free Space | 74.08% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ACER
Current User Name: lillia
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
PRC - C:\Program Files\Digidesign\Drivers\MMERefresh.exe (Digidesign, A Division of Avid Technology, Inc.)
PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
PRC - C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
PRC - C:\WINDOWS\system32\wscntfy.exe (Microsoft Corporation)
PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
PRC - C:\Program Files\OpenOffice.org 2.3\program\soffice.exe (OpenOffice.org)
PRC - C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN (OpenOffice.org)
PRC - C:\Program Files\iTunes\iTunes.exe (Apple Inc.)
PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
PRC - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\wscntfy.exe (Microsoft Corporation)
PRC - C:\Program Files\LimeWire\LimeWire.exe (Lime Wire, LLC)
PRC - C:\Program Files\internet explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\Documents and Settings\lillia\Desktop\OTListIt2.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (aswupdsv [Auto | Running]) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
SRV - (avast! antivirus [Auto | Running]) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
SRV - (avast! mail scanner [On_Demand | Running]) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
SRV - (avast! web scanner [On_Demand | Running]) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
SRV - (Bonjour Service [Auto | Running]) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (DigiRefresh [Auto | Running]) -- C:\Program Files\Digidesign\Drivers\MMERefresh.exe (Digidesign, A Division of Avid Technology, Inc.)
SRV - (digiSPTIService [On_Demand | Stopped]) -- C:\Program Files\Digidesign\Pro Tools\digiSPTIService.exe (Digidesign, A Division of Avid Technology, Inc.)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (iPod Service [On_Demand | Running]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (Irmon [Auto | Running]) -- C:\WINDOWS\System32\irmon.dll (Microsoft Corporation)
SRV - (JavaQuickStarterService [Auto | Running]) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (SandraAgentSrv [On_Demand | Stopped]) -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009.SP2\RpcAgentSrv.exe (SiSoftware)

========== Driver Services (SafeList) ==========

DRV - (aavmker4 [System | Running]) -- C:\WINDOWS\System32\drivers\aavmker4.sys (ALWIL Software)
DRV - (aswfsblk [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys (ALWIL Software)
DRV - (aswmon2 [Auto | Running]) -- C:\WINDOWS\System32\drivers\aswmon2.sys (ALWIL Software)
DRV - (aswrdr [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\aswRdr.sys (ALWIL Software)
DRV - (aswsp [System | Running]) -- C:\WINDOWS\System32\drivers\aswSP.sys (ALWIL Software)
DRV - (aswtdi [System | Running]) -- C:\WINDOWS\System32\drivers\aswTdi.sys (ALWIL Software)
DRV - (b57w2k [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\b57xp32.sys (Broadcom Corporation)
DRV - (dalwdmservice [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\dalwdm.sys (Digidesign, A Division of Avid Technology, Inc.)
DRV - (DigiFilter [Boot | Running]) -- C:\WINDOWS\system32\drivers\DigiFilt.sys (Digidesign, A Division of Avid Technology, Inc.)
DRV - (GEARAspiWDM [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (HdAudAddService [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\HdAudio.sys (Windows ® Server 2003 DDK provider)
DRV - (HDAudBus [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HDAudBus.sys (Windows ® Server 2003 DDK provider)
DRV - (ialm [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\ialmnt5.sys (Intel Corporation)
DRV - (IntcAzAudAddService [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (irsir [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\irsir.sys (Microsoft Corporation)
DRV - (MBX2DFU [On_Demand | Stopped]) -- C:\WINDOWS\SYSTEM32\DRIVERS\MBX2DFU.sys (Digidesign, A Division of Avid Technology, Inc.)
DRV - (MBX2MIDK [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\mbx2midk.sys (Digidesign, A Division of Avid Technology, Inc.)
DRV - (ms_mpu401 [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\msmpu401.sys (Microsoft Corporation)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (SANDRA [On_Demand | Stopped]) -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009.SP2\WNt500x86\Sandra.sys (SiSoftware)
DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (TPkd [Boot | Running]) -- C:\WINDOWS\System32\drivers\TPkd.sys (PACE Anti-Piracy, Inc.)
DRV - (usbaudio [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\usbaudio.sys (Microsoft Corporation)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://toolbar.ask.c...c...amp;gc=1&q=
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...p...ER}&ar=home
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://toolbar.ask.c...c...amp;gc=1&q=
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - URLSearchHook: {C94E154B-1459-4A47-966B-4B843BEFC7DB} - C:\Program Files\AskSearch\bin\DefaultSearch.dll ()
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - prefs.js..extensions.enabledItems: {10FCE676-1BBF-4A1A-AD43-9EE37953847F}:1.0
FF - prefs.js..extensions.enabledItems: {8F42B0F3-3019-4B8D-A4E1-1901F903D77B}:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:8.0
FF - prefs.js..extensions.enabledItems: {1d5287d1-8a92-0001-1f31-1cec198018d8}:2.0.20080718
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0
FF - C:\Documents and Settings\lillia\Application Data\mozilla\Extensions [2009/02/14 09:22:44 00,000,000 | ---D | M]
FF - C:\Documents and Settings\lillia\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} [2009/02/14 06:27:46 00,000,000 | ---D | M]
FF - C:\Documents and Settings\lillia\Application Data\mozilla\Extensions\[email protected] [2009/02/14 09:22:44 00,000,000 | ---D | M]
FF - C:\Documents and Settings\lillia\Application Data\mozilla\Firefox\Profiles\gknj6arb.default\extensions [2009/02/28 09:40:40 00,000,000 | ---D | M]
FF - C:\Documents and Settings\lillia\Application Data\mozilla\Firefox\Profiles\gknj6arb.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D} [2009/02/28 09:40:40 00,000,000 | ---D | M]
FF - C:\Program Files\mozilla firefox\extensions [2009/03/01 22:34:13 00,000,000 | ---D | M]
FF - C:\Program Files\mozilla firefox\extensions\{10FCE676-1BBF-4A1A-AD43-9EE37953847F} [2009/02/26 21:21:07 00,000,000 | ---D | M]
FF - C:\Program Files\mozilla firefox\extensions\{8F42B0F3-3019-4B8D-A4E1-1901F903D77B} [2009/02/26 21:21:07 00,000,000 | ---D | M]
FF - C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} [2009/02/13 15:20:32 00,000,000 | ---D | M]
FF - C:\Program Files\mozilla firefox\extensions\{dd02a4eb-4afd-4d60-99d8-e67f964ca813} [2009/03/01 22:29:05 00,000,000 | ---D | M]

O1 HOSTS File: (27 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - Reg Error: Key error. File not found
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx ()
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O2 - BHO: (AVG Safe Search) - {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files\AVG\AVG8\avgssie.dll File not found
O2 - BHO: (SSVHelper Class) - {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (PHPNukeEN Toolbar) - {dd02a4eb-4afd-4d60-99d8-e67f964ca813} - C:\Program Files\PHPNukeEN\tbPHP1.dll (Conduit Ltd.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (PHPNukeEN Toolbar) - {dd02a4eb-4afd-4d60-99d8-e67f964ca813} - C:\Program Files\PHPNukeEN\tbPHP1.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {DD02A4EB-4AFD-4D60-99D8-E67F964CA813} - C:\Program Files\PHPNukeEN\tbPHP1.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
O4 - HKLM..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime (Apple Inc.)
O4 - HKLM..\Run: [RelevantKnowledge] C:\program files\relevantknowledge\rlvknlg.exe -boot File not found
O4 - HKCU..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\lillia\Start Menu\Programs\Startup\LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe (Lime Wire, LLC)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Sun Java Console - {08b0e5c0-4fcb-11cf-aaa5-00401c608501} - C:\Program Files\Java\jre6\bin\npjpi160_11.dll (Sun Microsystems, Inc.)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll (Intertrust Technologies, Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.hotmail....es/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1202096684478 (WUWebControl Class)
O16 - DPF: {8ad9c840-044e-11d1-b3e9-00805f499d93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} http://zone.msn.com/...he.cab79352.cab (MSN Games – Texas Holdem Poker)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn...rk.cab56649.cab (MSN Games - Installer)
O16 - DPF: {cafeefac-0016-0000-0011-abcdeffedcba} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {cafeefac-ffff-ffff-ffff-abcdeffedcba} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O18 - Protocol\Handler\ipp Reg Error: Value error. - Reg Error: Key error. File not found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp Reg Error: Value error. - Reg Error: Key error. File not found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - Autorun File - C:\AUTOEXEC.BAT () - [ NTFS ]
O33 - MountPoints2\{c84c4504-fa67-11dd-a878-00016cdcd7b1}\Shell - "" = AutoRun
O33 - MountPoints2\{c84c4504-fa67-11dd-a878-00016cdcd7b1}\Shell\AutoRun - "" = Auto&Play

========== Files/Folders - Created Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[6 C:\WINDOWS\*.tmp files]
[10 C:\Documents and Settings\All Users\Application Data\*.tmp files]
[2009/03/05 14:24:12 | 00,498,176 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\lillia\Desktop\OTListIt2.exe
[2009/03/04 23:24:00 | 00,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdjpn.dll
[2009/03/04 23:24:00 | 00,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdjpn.dll
[2009/03/04 23:24:00 | 00,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdkor.dll
[2009/03/04 23:24:00 | 00,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdkor.dll
[2009/03/04 23:24:00 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbd101c.dll
[2009/03/04 23:24:00 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd101c.dll
[2009/03/04 23:24:00 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbd103.dll
[2009/03/04 23:24:00 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd103.dll
[2009/03/04 23:23:55 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbd101b.dll
[2009/03/04 23:23:55 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd101b.dll
[2009/03/04 23:23:54 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbd106.dll
[2009/03/04 23:23:54 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd106.dll
[2009/03/04 16:04:03 | 00,368,961 | ---- | C] () -- C:\Documents and Settings\lillia\My Documents\dds.scr
[2009/03/03 14:47:37 | 00,047,297 | ---- | C] () -- C:\Documents and Settings\lillia\My Documents\Midnight special by Creedence Clearwater Revival - guitar chords, guitar tabs and lyrics - chordie.htm
[2009/03/03 14:47:37 | 00,000,000 | ---D | C] -- C:\Documents and Settings\lillia\My Documents\Midnight special by Creedence Clearwater Revival - guitar chords, guitar tabs and lyrics - chordie_files
[2009/03/03 14:45:43 | 00,082,432 | ---- | C] () -- C:\Documents and Settings\lillia\My Documents\islands-in-the-stream[1].doc
[2009/03/03 14:43:28 | 00,010,663 | ---- | C] () -- C:\Documents and Settings\lillia\My Documents\B_U_M_S_   MARCH.htm
[2009/03/03 14:43:28 | 00,000,000 | ---D | C] -- C:\Documents and Settings\lillia\My Documents\B_U_M_S_   MARCH_files
[2009/03/03 14:42:11 | 00,493,490 | ---- | C] () -- C:\Documents and Settings\lillia\My Documents\ukulelelady.pdf
[2009/03/03 13:03:30 | 00,001,857 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\MSN Installer.lnk
[2009/03/03 01:13:05 | 00,008,011 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\VCD1.nrv
[2009/03/02 14:38:23 | 00,000,000 | ---D | C] -- C:\_OTMoveIt
[2009/03/02 12:51:17 | 00,000,000 | ---D | C] -- C:\Program Files\Any Video Converter
[2009/03/01 23:39:10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\lillia\Local Settings\Application Data\PHPNukeEN
[2009/03/01 23:39:10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\lillia\Local Settings\Application Data\Conduit
[2009/03/01 23:20:55 | 02,201,224 | ---- | C] (Adobe Systems, Inc.) -- C:\WINDOWS\System32\Flash9.ocx
[2009/03/01 22:29:03 | 00,000,000 | ---D | C] -- C:\Program Files\Conduit
[2009/03/01 22:29:01 | 00,000,000 | ---D | C] -- C:\Program Files\PHPNukeEN
[2009/03/01 22:23:59 | 00,005,117 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\xqkcebzs.dik
[2009/03/01 22:10:43 | 00,237,568 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2009/03/01 22:10:42 | 00,793,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wmpcdcs8.exe
[2009/03/01 18:17:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apowersoft
[2009/03/01 18:16:44 | 00,000,000 | ---D | C] -- C:\Program Files\Apowersoft
[2009/03/01 18:09:52 | 00,000,000 | ---D | C] -- C:\My Videos
[2009/03/01 18:09:20 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\aHisoft
[2009/03/01 18:08:39 | 00,000,000 | ---D | C] -- C:\Program Files\aHisoft
[2009/03/01 15:27:41 | 00,000,000 | ---D | C] -- C:\Documents and Settings\lillia\Local Settings\Application Data\Ahead
[2009/03/01 13:34:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\lillia\Application Data\Malwarebytes
[2009/03/01 13:34:24 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/03/01 13:34:24 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/03/01 13:34:22 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/03/01 13:34:21 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/03/01 13:34:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/03/01 13:34:00 | 02,876,728 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\lillia\My Documents\mbam-setup.exe
[2009/02/28 10:47:43 | 00,023,152 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2009/02/28 10:47:43 | 00,001,709 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Antivirus.lnk
[2009/02/28 10:47:42 | 00,051,376 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2009/02/28 10:47:42 | 00,026,944 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2009/02/28 10:47:40 | 00,114,768 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2009/02/28 10:47:40 | 00,097,480 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\AvastSS.scr
[2009/02/28 10:47:40 | 00,094,032 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2009/02/28 10:47:40 | 00,093,296 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2009/02/28 10:47:40 | 00,020,560 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2009/02/28 10:47:26 | 01,256,296 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2009/02/28 10:47:26 | 00,380,928 | ---- | C] () -- C:\WINDOWS\System32\actskin4.ocx
[2009/02/28 10:47:24 | 00,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2009/02/28 10:43:31 | 31,262,848 | ---- | C] () -- C:\Documents and Settings\lillia\Desktop\setupeng.exe
[2009/02/28 09:55:41 | 00,000,000 | -HSD | C] -- C:\RECYCLER
[2009/02/28 09:41:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\lillia\My Documents\FrostWire
[2009/02/28 09:41:05 | 00,000,000 | ---D | C] -- C:\Documents and Settings\lillia\Application Data\FrostWire
[2009/02/28 09:40:40 | 00,000,000 | ---D | C] -- C:\Program Files\AskSearch
[2009/02/28 09:40:40 | 00,000,000 | ---D | C] -- C:\Program Files\AskBarDis
[2009/02/28 08:41:08 | 00,000,000 | ---D | C] -- C:\WINDOWS\temp
[2009/02/28 06:48:31 | 00,000,211 | ---- | C] () -- C:\Boot.bak
[2009/02/28 06:48:28 | 00,260,272 | ---- | C] () -- C:\cmldr
[2009/02/28 06:48:28 | 00,000,000 | RHSD | C] -- C:\cmdcons
[2009/02/28 06:47:06 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2009/02/28 06:47:06 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2009/02/28 06:47:06 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2009/02/28 06:47:06 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009/02/28 06:47:06 | 00,089,504 | ---- | C] (Smallfrogs Studio) -- C:\WINDOWS\fdsv.exe
[2009/02/28 06:47:06 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009/02/28 06:47:06 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/02/28 06:47:06 | 00,049,152 | ---- | C] () -- C:\WINDOWS\VFIND.exe
[2009/02/28 06:47:06 | 00,029,696 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2009/02/28 06:47:01 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/02/28 06:47:01 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/02/28 06:46:17 | 02,925,850 | R--- | C] () -- C:\Documents and Settings\lillia\Desktop\Combo-Fix.exe
[2009/02/27 16:18:58 | 00,000,000 | -HSD | C] -- C:\Config.Msi
[2009/02/27 16:12:31 | 00,292,352 | ---- | C] (iS3, Inc.) -- C:\Documents and Settings\lillia\My Documents\STOPzilla_Setup.exe
[2009/02/26 23:10:55 | 00,006,144 | ---- | C] () -- C:\Documents and Settings\lillia\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/02/26 22:06:28 | 00,000,000 | ---D | C] -- C:\Documents and Settings\lillia\Application Data\Yahoo!
[2009/02/26 21:49:53 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg8
[2009/02/26 21:21:07 | 00,000,000 | ---D | C] -- C:\Temp
[2009/02/26 20:30:31 | 00,000,000 | ---D | C] -- C:\Program Files\Yahoo!
[2009/02/26 19:41:43 | 00,000,000 | ---D | C] -- C:\Program Files\Video Enhancer
[2009/02/26 19:34:34 | 00,000,000 | ---D | C] -- C:\downloads
[2009/02/26 19:34:30 | 00,000,000 | ---D | C] -- C:\Program Files\Free Video Zilla
[2009/02/25 18:50:04 | 00,000,000 | ---D | C] -- C:\Documents and Settings\lillia\My Documents\A Healthier You - Chapter 4_ Where to Start_files
[2009/02/25 18:50:03 | 00,056,444 | ---- | C] () -- C:\Documents and Settings\lillia\My Documents\A Healthier You - Chapter 4_ Where to Start.htm
[2009/02/25 00:54:15 | 27,279,112 | ---- | C] () -- C:\output.dat
[2009/02/25 00:52:41 | 00,000,000 | ---D | C] -- C:\Program Files\cheapestsoft
[2009/02/25 00:46:39 | 00,000,000 | ---D | C] -- C:\Program Files\iOrgSoft
[2009/02/25 00:28:27 | 00,000,000 | ---D | C] -- C:\Extradvdcopy
[2009/02/24 20:52:28 | 00,000,000 | ---D | C] -- C:\My Movies
[2009/02/24 13:05:23 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\vsosdk
[2009/02/24 12:12:01 | 00,000,000 | ---D | C] -- C:\Program Files\VSO
[2009/02/22 09:46:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2009/02/22 09:46:32 | 00,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2009/02/22 09:46:32 | 00,000,000 | ---D | C] -- C:\Documents and Settings\lillia\Application Data\SUPERAntiSpyware.com
[2009/02/22 09:35:15 | 00,026,535 | ---- | C] () -- C:\Documents and Settings\lillia\My Documents\loveposion9.mid
[2009/02/22 09:34:52 | 00,036,122 | ---- | C] () -- C:\Documents and Settings\lillia\My Documents\loveisallaround.mid
[2009/02/22 09:34:42 | 00,053,010 | ---- | C] () -- C:\Documents and Settings\lillia\My Documents\lonely.mid
[2009/02/22 09:34:28 | 00,038,038 | ---- | C] () -- C:\Documents and Settings\lillia\My Documents\letsfallinlove.mid
[2009/02/22 09:33:58 | 00,031,356 | ---- | C] () -- C:\Documents and Settings\lillia\My Documents\kissfromarose.mid
[2009/02/22 09:32:39 | 00,039,991 | ---- | C] () -- C:\Documents and Settings\lillia\My Documents\ileftheartinsf.mid
[2009/02/22 09:32:29 | 00,041,399 | ---- | C] () -- C:\Documents and Settings\lillia\My Documents\igotubabe.mid
[2009/02/22 09:32:15 | 00,027,634 | ---- | C] () -- C:\Documents and Settings\lillia\My Documents\iftomorrownever.mid
[2009/02/22 09:31:47 | 00,022,960 | ---- | C] () -- C:\Documents and Settings\lillia\My Documents\icantdance.mid
[2009/02/22 09:31:35 | 00,036,853 | ---- | C] () -- C:\Documents and Settings\lillia\My Documents\icouldhavedancedallnight.mid
[2009/02/22 09:30:59 | 00,069,463 | ---- | C] () -- C:\Documents and Settings\lillia\My Documents\hotelcalifornia.mid
[2009/02/22 09:30:29 | 00,032,080 | ---- | C] () -- C:\Documents and Settings\lillia\My Documents\hellodolly.mid
[2009/02/22 09:30:12 | 00,018,980 | ---- | C] () -- C:\Documents and Settings\lillia\My Documents\haveueverseenrain.mid
[2009/02/22 09:29:58 | 00,023,339 | ---- | C] () -- C:\Documents and Settings\lillia\My Documents\haveulovedawoman.mid
[2009/02/22 09:29:52 | 00,023,634 | ---- | C] () -- C:\Documents and Settings\lillia\My Documents\haveitoldu.mid
[2009/02/22 09:29:28 | 00,079,353 | ---- | C] () -- C:\Documents and Settings\lillia\My Documents\girlswanthavefun.mid
[2009/02/22 09:29:20 | 00,017,676 | ---- | C] () -- C:\Documents and Settings\lillia\My Documents\gigi.mid
[2009/02/22 09:29:12 | 00,028,146 | ---- | C] () -- C:\Documents and Settings\lillia\My Documents\georgegirl.mid
[2009/02/22 09:28:45 | 00,024,282 | ---- | C] () -- C:\Documents and Settings\lillia\My Documents\fromthismoment.mid
[2009/02/22 09:28:27 | 00,021,764 | ---- | C] () -- C:\Documents and Settings\lillia\My Documents\fromjacktoking.mid
[2009/02/22 09:28:16 | 00,014,204 | ---- | C] () -- C:\Documents and Settings\lillia\My Documents\fromadistance.mid
[2009/02/22 09:28:07 | 00,025,250 | ---- | C] () -- C:\Documents and Settings\lillia\My Documents\foreveryoung.mid
[2009/02/22 09:27:48 | 00,021,900 | ---- | C] () -- C:\Documents and Settings\lillia\My Documents\ferrycross.mid
[2009/02/22 09:27:21 | 00,067,110 | ---- | C] () -- C:\Documents and Settings\lillia\My Documents\evergreen.mid
[2009/02/22 09:25:48 | 00,010,551 | ---- | C] () -- C:\Documents and Settings\lillia\My Documents\crazy.mid
[2009/02/22 09:25:08 | 00,015,662 | ---- | C] () -- C:\Documents and Settings\lillia\My Documents\chapeloflove.mid
[2009/02/22 09:24:59 | 00,028,233 | ---- | C] () -- C:\Documents and Settings\lillia\My Documents\closetou.mid
[2009/02/22 09:24:49 | 00,030,555 | ---- | C] () -- C:\Documents and Settings\lillia\My Documents\chansondamour.mid
[2009/02/22 09:24:32 | 00,046,822 | ---- | C] () -- C:\Documents and Settings\lillia\My Documents\cecelia.mid
[2009/02/22 09:23:47 | 00,014,732 | ---- | C] () -- C:\Documents and Settings\lillia\My Documents\catchafallingstar.mid
[2009/02/22 09:23:32 | 00,031,294 | ---- | C] () -- C:\Documents and Settings\lillia\My Documents\cjamblues.mid
[2009/02/22 09:23:02 | 00,043,413 | ---- | C] () -- C:\Documents and Settings\lillia\My Documents\bytimegettophoenix.mid
[2009/02/22 09:22:18 | 00,008,305 | ---- | C] () -- C:\Documents and Settings\lillia\My Documents\blueeyes.mid
[2009/02/22 09:17:34 | 00,016,135 | ---- | C] () -- C:\Documents and Settings\lillia\My Documents\bridgewaters.mid
[2009/02/22 09:14:55 | 00,033,063 | ---- | C] () -- C:\Documents and Settings\lillia\My Documents\bettiedaviseye.mid
[2009/02/22 09:12:14 | 00,065,331 | ---- | C] () -- C:\Documents and Settings\lillia\My Documents\dayoh.mid
[2009/02/22 09:12:03 | 00,038,159 | ---- | C] () -- C:\Documents and Settings\lillia\My Documents\babycaniholdutonight.mid
[2009/02/22 09:11:42 | 00,031,131 | ---- | C] () -- C:\Documents and Settings\lillia\My Documents\babooshka.mid
[2009/02/22 09:10:40 | 00,025,087 | ---- | C] () -- C:\Documents and Settings\lillia\My Documents\americanpie.mid
[2009/02/22 09:09:06 | 00,035,641 | ---- | C] () -- C:\Documents and Settings\lillia\My Documents\whiteflag.mid
[2009/02/22 09:08:55 | 00,016,726 | ---- | C] () -- C:\Documents and Settings\lillia\My Documents\whenuwishuponstar.mid
[2009/02/22 09:07:32 | 00,025,152 | ---- | C] () -- C:\Documents and Settings\lillia\My Documents\whenusaynothing.mid
[2009/02/22 09:07:06 | 00,012,784 | ---- | C] () -- C:\Documents and Settings\lillia\My Documents\whatawonderfulworld.mid
[2009/02/22 09:06:37 | 00,034,094 | ---- | C] () -- C:\Documents and Settings\lillia\My Documents\welcomeToMyWorld.mid
[2009/02/22 09:06:09 | 00,026,367 | ---- | C] () -- C:\Documents and Settings\lillia\My Documents\underboardwalk.mid
[2009/02/22 09:05:59 | 00,031,030 | ---- | C] () -- C:\Documents and Settings\lillia\My Documents\unchainedmelody.mid
[2009/02/22 09:03:02 | 00,034,312 | ---- | C] () -- C:\Documents and Settings\lillia\My Documents\nightsinwhitesatin.mid
[2009/02/22 09:00:59 | 00,021,900 | ---- | C] () -- C:\Documents and Settings\lillia\My Documents\mebobbymcgee.mid
[2009/02/22 09:00:46 | 00,040,950 | ---- | C] () -- C:\Documents and Settings\lillia\My Documents\mrbojangles.mid
[2009/02/22 09:00:35 | 00,024,282 | ---- | C] () -- C:\Documents and Settings\lillia\My Documents\misty.mid
[2009/02/22 08:59:22 | 00,009,115 | ---- | C] () -- C:\Documents and Settings\lillia\My Documents\frank_youngheart.mid
[2009/02/22 08:59:14 | 00,035,963 | ---- | C] () -- C:\Documents and Settings\lillia\My Documents\frank_girlfromipanema.mid
[2009/02/22 08:58:48 | 00,049,582 | ---- | C] () -- C:\Documents and Settings\lillia\My Documents\frank_myway.mid
[2009/02/22 08:58:17 | 00,063,240 | ---- | C] () -- C:\Documents and Settings\lillia\My Documents\frank_leavingjetplane.mid
[2009/02/22 08:57:04 | 00,038,677 | ---- | C] () -- C:\Documents and Settings\lillia\My Documents\dean_thatsamore.mid
[2009/02/22 08:56:54 | 00,026,138 | ---- | C] () -- C:\Documents and Settings\lillia\My Documents\dean_dreamalittledream.mid
[2009/02/22 08:55:49 | 00,018,583 | ---- | C] () -- C:\Documents and Settings\lillia\My Documents\nat_fascination.mid
[2009/02/22 08:54:29 | 00,023,021 | ---- | C] () -- C:\Documents and Settings\lillia\My Documents\MONA LISA.mid
[2009/02/22 08:53:45 | 00,024,504 | ---- | C] () -- C:\Documents and Settings\lillia\My Documents\nat_whenifallinlove.mid
[2009/02/21 19:32:53 | 00,000,000 | ---D | C] -- C:\Program Files\NoAdware
[2009/02/21 19:32:42 | 02,465,376 | ---- | C] ( ) -- C:\Documents and Settings\lillia\My Documents\noadware.exe
[2009/02/21 18:48:27 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\lillia\Desktop\HijackThis.lnk
[2009/02/21 18:48:27 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/02/21 18:48:18 | 00,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\lillia\My Documents\HJTInstall.exe
[2009/02/20 22:18:12 | 00,019,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rasirda.sys
[2009/02/20 22:18:12 | 00,019,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rasirda.sys
[2009/02/20 22:18:10 | 00,028,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\irmon.dll
[2009/02/20 22:18:10 | 00,028,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\irmon.dll
[2009/02/20 22:18:09 | 00,151,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\irftp.exe
[2009/02/20 22:18:09 | 00,151,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\irftp.exe
[2009/02/20 22:18:09 | 00,088,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\irda.sys
[2009/02/20 22:18:09 | 00,088,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\irda.sys
[2009/02/20 22:18:09 | 00,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wshirda.dll
[2009/02/20 22:18:09 | 00,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wshirda.dll
[2009/02/20 22:18:05 | 00,018,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\irsir.sys
[2009/02/20 22:18:05 | 00,018,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\irsir.sys
[2009/02/20 18:21:43 | 00,002,440 | ---- | C] () -- C:\Documents and Settings\lillia\My Documents\CUPID.odt
[2009/02/20 09:05:02 | 00,034,699 | ---- | C] () -- C:\Documents and Settings\lillia\My Documents\BANGG.mid
[2009/02/20 09:03:18 | 00,025,990 | ---- | C] () -- C:\Documents and Settings\lillia\My Documents\BANG.mid
[2009/02/20 09:02:01 | 00,024,359 | ---- | C] () -- C:\Documents and Settings\lillia\My Documents\BANG BANG.mid
[2009/02/20 08:24:09 | 00,130,254 | ---- | C] () -- C:\Documents and Settings\lillia\My Documents\dreadlock_holiday-10cc-128k.mid
[2009/02/20 08:23:06 | 00,107,798 | ---- | C] () -- C:\Documents and Settings\lillia\My Documents\dreadlock_holiday-10_cc-106k.mid
[2009/02/20 08:05:39 | 00,042,668 | ---- | C] () -- C:\Documents and Settings\lillia\My Documents\satisfaction.mid
[2009/02/20 08:05:28 | 00,052,138 | ---- | C] () -- C:\Documents and Settings\lillia\My Documents\simply-the-best.mid
[2009/02/20 08:05:09 | 00,040,620 | ---- | C] () -- C:\Documents and Settings\lillia\My Documents\its_my_life.mid
[2009/02/20 08:04:46 | 00,035,608 | ---- | C] () -- C:\Documents and Settings\lillia\My Documents\i_try.mid
[2009/02/20 07:59:01 | 00,015,617 | ---- | C] () -- C:\Documents and Settings\lillia\My Documents\Away_From_MeFVD.mid
[2009/02/20 07:56:05 | 00,010,266 | ---- | C] () -- C:\Documents and Settings\lillia\My Documents\7061_They-Cant-Take-That-Away-From-Me.mid
[2009/02/20 07:41:01 | 00,032,200 | ---- | C] () -- C:\Documents and Settings\lillia\My Documents\danny_boy.mid
[2009/02/20 07:38:45 | 00,029,974 | ---- | C] () -- C:\Documents and Settings\lillia\My Documents\anothersaturdaynight_jimmybuffett.mid
[2009/02/19 20:00:07 | 00,047,244 | ---- | C] () -- C:\Documents and Settings\lillia\My Documents\michael_buble-mack_the_knife.mid
[2009/02/19 19:50:05 | 00,003,151 | ---- | C] () -- C:\Documents and Settings\lillia\My Documents\mactheknife.mid
[2009/02/19 19:44:12 | 00,029,686 | ---- | C] () -- C:\Documents and Settings\lillia\My Documents\macktheknife.mid
[2009/02/19 19:33:34 | 00,034,779 | ---- | C] () -- C:\Documents and Settings\lillia\My Documents\TRACKS TEARS.mid
[2009/02/19 19:07:36 | 00,002,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\msmpu401.sys
[2009/02/19 19:07:36 | 00,002,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msmpu401.sys
[2009/02/19 16:10:48 | 00,074,224 | ---- | C] () -- C:\Documents and Settings\lillia\My Documents\ALL NITE.mid
[2009/02/19 14:50:28 | 00,032,418 | ---- | C] () -- C:\Documents and Settings\lillia\My Documents\John Denver - sunshineonmyshoulders.mid
[2009/02/19 14:49:27 | 00,028,812 | ---- | C] () -- C:\Documents and Settings\lillia\My Documents\John Denver - countryroad.mid
[2009/02/19 14:46:08 | 00,051,963 | ---- | C] () -- C:\Documents and Settings\lillia\My Documents\FunkyReggaeParty_BobMarley_R.mid
[2009/02/19 14:38:44 | 00,040,533 | ---- | C] () -- C:\Documents and Settings\lillia\My Documents\ANGEL.mid
[2009/02/19 14:28:45 | 00,015,080 | ---- | C] () -- C:\Documents and Settings\lillia\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/02/18 15:55:42 | 00,000,000 | ---D | C] -- C:\Documents and Settings\lillia\Desktop\Incomplete
[2009/02/18 15:55:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\lillia\Desktop\New Folder
[2009/02/17 17:48:58 | 00,075,615 | ---- | C] () -- C:\Documents and Settings\lillia\My Documents\WEATHER 1.mid
[2009/02/17 17:39:37 | 00,020,080 | ---- | C] () -- C:\Documents and Settings\lillia\My Documents\ALWAYS LOVE YOU.mid
[2009/02/17 17:34:14 | 00,025,923 | ---- | C] () -- C:\Documents and Settings\lillia\My Documents\DO THAT 2 ME.mid
[2009/02/17 17:33:17 | 00,049,001 | ---- | C] () -- C:\Documents and Settings\lillia\My Documents\MASQUERADE.mid
[2009/02/17 09:38:37 | 00,096,719 | ---- | C] () -- C:\Documents and Settings\lillia\My Documents\FERNANDO.mid
[2009/02/17 09:37:58 | 00,036,915 | ---- | C] () -- C:\Documents and Settings\lillia\My Documents\TIME AFTER TIME.mid
[2009/02/17 09:37:20 | 00,057,685 | ---- | C] () -- C:\Documents and Settings\lillia\My Documents\BELIEVE.mid
[2009/02/17 09:36:25 | 00,154,699 | ---- | C] () -- C:\Documents and Settings\lillia\My Documents\BAKER ST.mid
[2009/02/17 09:35:58 | 00,028,245 | ---- | C] () -- C:\Documents and Settings\lillia\My Documents\WONDERFUL TONIGHT.mid
[2009/02/17 09:35:17 | 00,085,871 | ---- | C] () -- C:\Documents and Settings\lillia\My Documents\JUST THE WAY YOU ARE.mid
[2009/02/17 09:34:02 | 00,039,861 | ---- | C] () -- C:\Documents and Settings\lillia\My Documents\OLE TIME ROCK AN ROLL.mid
[2009/02/17 09:30:26 | 00,042,388 | ---- | C] () -- C:\Documents and Settings\lillia\My Documents\YOU ARE THE SUNSHINE.mid
[2009/02/17 09:28:32 | 00,008,348 | ---- | C] () -- C:\Documents and Settings\lillia\My Documents\THEY CANT TAKE THAT AWAY.mid
[2009/02/17 09:25:20 | 00,036,379 | ---- | C] () -- C:\Documents and Settings\lillia\My Documents\CELEBRATION.mid
[2009/02/17 09:24:27 | 00,047,800 | ---- | C] () -- C:\Documents and Settings\lillia\My Documents\WANDERER.mid
[2009/02/17 09:23:27 | 00,023,756 | ---- | C] () -- C:\Documents and Settings\lillia\My Documents\newyorknewyork 2.mid
[2009/02/17 09:19:35 | 00,040,336 | ---- | C] () -- C:\Documents and Settings\lillia\My Documents\CUPID.mid
[2009/02/16 06:42:08 | 00,083,968 | ---- | C] () -- C:\Documents and Settings\lillia\My Documents\Toni Time sheet 15 Feb.xls
[2009/02/16 06:27:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\lillia\Application Data\OpenOffice.org2
[2009/02/15 21:40:28 | 00,000,000 | ---D | C] -- C:\Program Files\LimeWire
[2009/02/15 20:39:15 | 00,000,000 | -H-D | C] -- C:\WINDOWS\msdownld.tmp
[2009/02/15 20:39:09 | 00,000,000 | ---D | C] -- C:\WINDOWS\Logs
[2009/02/15 20:39:08 | 00,001,022 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SiSoftware Sandra Lite 2009.SP2.lnk
[2009/02/15 20:39:07 | 08,507,392 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\sandra.mda
[2009/02/15 20:39:05 | 00,000,000 | ---D | C] -- C:\Program Files\SiSoftware
[2009/02/14 23:44:58 | 00,068,553 | ---- | C] () -- C:\Documents and Settings\lillia\My Documents\Zstairwaytoheaven.mid
[2009/02/14 23:44:10 | 00,050,758 | ---- | C] () -- C:\Documents and Settings\lillia\My Documents\Zyourbodyisawonderland.mid
[2009/02/14 23:43:28 | 00,118,730 | ---- | C] () -- C:\Documents and Settings\lillia\My Documents\Zhotelcalifornia.mid
[2009/02/14 23:42:28 | 00,057,756 | ---- | C] () -- C:\Documents and Settings\lillia\My Documents\Zlovetheoneyourwith.mid
[2009/02/14 23:40:37 | 00,053,996 | ---- | C] () -- C:\Documents and Settings\lillia\My Documents\Z mysteriousgirl.mid
[2009/02/14 23:40:15 | 00,042,724 | ---- | C] () -- C:\Documents and Settings\lillia\My Documents\Z wickedgame.mid
[2009/02/14 23:39:42 | 00,035,829 | ---- | C] () -- C:\Documents and Settings\lillia\My Documents\Z thefirstcutisthedeepest.mid
[2009/02/14 23:38:45 | 00,127,186 | ---- | C] () -- C:\Documents and Settings\lillia\My Documents\Z allnightlong.mid
[2009/02/14 23:38:14 | 00,066,523 | ---- | C] () -- C:\Documents and Settings\lillia\My Documents\Z neverbeentospain.mid
[2009/02/14 23:35:12 | 00,020,164 | ---- | C] () -- C:\Documents and Settings\lillia\My Documents\Z timeofyourlife.mid
[2009/02/14 23:34:45 | 00,051,829 | ---- | C] () -- C:\Documents and Settings\lillia\My Documents\Z BELIEVER.mid
[2009/02/14 23:34:02 | 00,055,364 | ---- | C] () -- C:\Documents and Settings\lillia\My Documents\Z hero.mid
[2009/02/14 23:33:18 | 00,067,381 | ---- | C] () -- C:\Documents and Settings\lillia\My Documents\Z driftaway.mid
[2009/02/14 23:31:30 | 00,044,705 | ---- | C] () -- C:\Documents and Settings\lillia\My Documents\Z PARTY STARTED.mid
[2009/02/14 23:17:45 | 00,059,759 | ---- | C] () -- C:\Documents and Settings\lillia\My Documents\BB to_know_you_is_.mid
[2009/02/14 23:16:40 | 00,028,835 | ---- | C] () -- C:\Documents and Settings\lillia\My Documents\BB he_thrill_is_gone-.mid
[2009/02/14 23:16:04 | 00,097,440 | ---- | C] () -- C:\Documents and Settings\lillia\My Documents\BB sweet_sixteen-.mid
[2009/02/14 23:14:15 | 00,054,938 | ---- | C] () -- C:\Documents and Settings\lillia\My Documents\BB how_blue_can_you_get-.mid
[2009/02/14 23:12:58 | 00,058,067 | ---- | C] () -- C:\Documents and Settings\lillia\My Documents\BB get_off_my_back-.mid
[2009/02/14 23:11:31 | 00,061,373 | ---- | C] () -- C:\Documents and Settings\lillia\My Documents\bar_zone_blues-.mid
[2009/02/14 23:10:42 | 00,029,261 | ---- | C] () -- C:\Documents and Settings\lillia\My Documents\BBet_the_good_times_roll-.mid
[2009/02/14 22:28:52 | 00,076,806 | ---- | C] () -- C:\Documents and Settings\lillia\My Documents\quando_quando_quando.mid
[2009/02/14 22:25:45 | 00,065,657 | ---- | C] () -- C:\Documents and Settings\lillia\My Documents\how_can_you_mend_a_broken_heart.mid
[2009/02/14 22:25:27 | 00,056,608 | ---- | C] () -- C:\Documents and Settings\lillia\My Documents\for_once_in_my_life.mid
[2009/02/14 20:45:03 | 00,035,342 | ---- | C] () -- C:\Documents and Settings\lillia\My Documents\michael_buble-youll_never_find.mid
[2009/02/14 20:44:45 | 00,043,263 | ---- | C] () -- C:\Documents and Settings\lillia\My Documents\michael_buble-wonderful_tonight.mid
[2009/02/14 20:44:27 | 00,076,290 | ---- | C] () -- C:\Documents and Settings\lillia\My Documents\michael_buble-try_a_little_tenderness.mid
[2009/02/14 20:43:59 | 00,085,230 | ---- | C] () -- C:\Documents and Settings\lillia\My Documents\michael_buble-the_way_you_look_tonight.mid
[2009/02/14 20:43:18 | 00,070,723 | ---- | C] () -- C:\Documents and Settings\lillia\My Documents\michael_buble-moondance.mid
[2009/02/14 20:42:58 | 00,047,992 | ---- | C] () -- C:\Documents and Settings\lillia\My Documents\michael_buble-me_and_mrs_jones.mid
[2009/02/14 20:42:29 | 00,058,101 | ---- | C] () -- C:\Documents and Settings\lillia\My Documents\michael_buble-L_O_V_E.mid
[2009/02/14 20:42:02 | 00,085,975 | ---- | C] () -- C:\Documents and Settings\lillia\My Documents\michael_buble-home.mid
[2009/02/14 20:41:31 | 00,006,855 | ---- | C] () -- C:\Documents and Settings\lillia\My Documents\michael_buble-home.htm
[2009/02/14 20:41:15 | 00,057,186 | ---- | C] () -- C:\Documents and Settings\lillia\My Documents\michael_buble-fever.mid
[2009/02/14 20:40:39 | 00,057,418 | ---- | C] () -- C:\Documents and Settings\lillia\My Documents\michael_buble-cant_help_falling_in_love.mid
[2009/02/14 20:39:58 | 00,087,769 | ---- | C] () -- C:\Documents and Settings\lillia\My Documents\CRAZY THING.mid
[2009/02/14 20:04:45 | 00,023,337 | ---- | C] () -- C:\Documents and Settings\lillia\My Documents\EVERY BREATH YOU TAKE.mid
[2009/02/14 20:03:31 | 00,023,756 | ---- | C] () -- C:\Documents and Settings\lillia\My Documents\NEW YORK.mid
[2009/02/14 20:02:40 | 00,033,957 | ---- | C] () -- C:\Documents and Settings\lillia\My Documents\GRAPEVINE.mid
[2009/02/14 20:02:12 | 00,015,936 | ---- | C] () -- C:\Documents and Settings\lillia\My Documents\HERO.mid
[2009/02/14 19:59:12 | 00,024,454 | ---- | C] () -- C:\Documents and Settings\lillia\My Documents\I FEEL GOOD.mid
[2009/02/14 19:56:44 | 00,025,517 | ---- | C] () -- C:\Documents and Settings\lillia\My Documents\FALLIN IN LOVE.mid
[2009/02/14 19:56:07 | 00,074,224 | ---- | C] () -- C:\Documents and Settings\lillia\My Documents\ALL NIGHT LONG].mid
[2009/02/14 19:53:26 | 00,049,858 | ---- | C] () -- C:\Documents and Settings\lillia\My Documents\SMOOTH OPERATOR.mid
[2009/02/14 19:52:32 | 00,082,602 | ---- | C] () -- C:\Documents and Settings\lillia\My Documents\LA VIDA LOCA.mid
[2009/02/14 19:51:31 | 00,015,775 | ---- | C] () -- C:\Documents and Settings\lillia\My Documents\WONDERFUL WORLD.mid
[2009/02/14 19:49:26 | 00,052,507 | ---- | C] () -- C:\Documents and Settings\lillia\My Documents\SHA LA LA.mid
[2009/02/14 19:33:52 | 00,088,983 | ---- | C] () -- C:\Documents and Settings\lillia\My Documents\FAITH.mid
[2009/02/14 19:31:50 | 00,000,000 | ---D | C] -- C:\WINDOWS\Sun
[2009/02/14 19:31:49 | 00,000,000 | ---D | C] -- C:\Documents and Settings\lillia\Application Data\Sun
[2009/02/14 19:25:19 | 00,039,010 | ---- | C] () -- C:\Documents and Settings\lillia\My Documents\BLUE BERRY HILL.mid
[2009/02/14 19:20:42 | 00,059,312 | ---- | C] () -- C:\Documents and Settings\lillia\My Documents\BITTER.mid
[2009/02/14 19:15:57 | 00,061,965 | ---- | C] () -- C:\Documents and Settings\lillia\My Documents\HOW DEEP.mid
[2009/02/14 19:14:21 | 00,073,308 | ---- | C] () -- C:\Documents and Settings\lillia\My Documents\WALK WILD SIDE.mid
[2009/02/14 19:11:45 | 00,048,875 | ---- | C] () -- C:\Documents and Settings\lillia\My Documents\ISNT SHE LOVELY.mid
[2009/02/14 19:07:39 | 00,036,621 | ---- | C] () -- C:\Documents and Settings\lillia\My Documents\BRIGHT SIDE.mid
[2009/02/14 19:02:21 | 00,046,865 | ---- | C] () -- C:\Documents and Settings\lillia\My Documents\NO WOMAN.mid
[2009/02/14 19:01:54 | 00,035,285 | ---- | C] () -- C:\Documents and Settings\lillia\My Documents\WAIT IN VAIN.mid
[2009/02/14 19:01:23 | 00,091,615 | ---- | C] () -- C:\Documents and Settings\lillia\My Documents\IS THIS LOVE.mid
[2009/02/14 19:00:16 | 00,030,063 | ---- | C] () -- C:\Documents and Settings\lillia\My Documents\JAMMIN.mid
[2009/02/14 18:54:21 | 00,019,787 | ---- | C] () -- C:\Documents and Settings\lillia\My Documents\VIBES BLUES.mid
[2009/02/14 18:53:54 | 00,021,620 | ---- | C] () -- C:\Documents and Settings\lillia\My Documents\ALL BLUE.mid
[2009/02/14 18:52:16 | 00,011,720 | ---- | C] () -- C:\Documents and Settings\lillia\My Documents\SUMMERTIME.mid
[2009/02/14 18:48:39 | 00,028,054 | ---- | C] () -- C:\Documents and Settings\lillia\My Documents\BOARD WALK.mid
[2009/02/14 18:44:54 | 00,039,008 | ---- | C] () -- C:\Documents and Settings\lillia\My Documents\LADY MARTMALADE.mid
[2009/02/14 18:39:32 | 00,062,744 | ---- | C] () -- C:\Documents and Settings\lillia\My Documents\BEAUTIFUL.mid
[2009/02/14 18:38:31 | 00,047,180 | ---- | C] () -- C:\Documents and Settings\lillia\My Documents\U R SO VAIN.mid
[2009/02/14 18:36:36 | 00,052,706 | ---- | C] () -- C:\Documents and Settings\lillia\My Documents\U R BEAUTIFUL.mid
[2009/02/14 18:25:42 | 00,022,308 | ---- | C] () -- C:\Documents and Settings\lillia\My Documents\UNCHAIN.mid
[2009/02/14 18:24:07 | 00,033,079 | ---- | C] () -- C:\Documents and Settings\lillia\My Documents\RED WINE.mid
[2009/02/14 18:20:59 | 00,049,934 | ---- | C] () -- C:\Documents and Settings\lillia\My Documents\BOOM BOOM.mid
[2009/02/14 18:20:31 | 00,049,934 | ---- | C] () -- C:\Documents and Settings\lillia\My Documents\B00M BOOM.mid
[2009/02/14 18:20:15 | 00,056,549 | ---- | C] () -- C:\Documents and Settings\lillia\My Documents\IN SUMMERTIME.mid
[2009/02/14 18:17:26 | 00,051,149 | ---- | C] () -- C:\Documents and Settings\lillia\My Documents\CANT GET ENUFF.mid
[2009/02/14 18:16:55 | 00,136,646 | ---- | C] () -- C:\Documents and Settings\lillia\My Documents\DONT ANSWER.mid
[2009/02/14 18:16:08 | 00,048,873 | ---- | C] () -- C:\Documents and Settings\lillia\My Documents\ONE LOVE.mid
[2009/02/14 17:24:28 | 00,884,736 | ---- | C] () -- C:\Documents and Settings\lillia\My Documents\vkaraoke.exe
[2009/02/14 17:24:28 | 00,080,649 | ---- | C] () -- C:\Documents and Settings\lillia\My Documents\LOVE IN AIR.mid
[2009/02/14 17:24:28 | 00,080,453 | ---- | C] () -- C:\Documents and Settings\lillia\My Documents\LATE IN THE EVENING.mid
[2009/02/14 17:24:28 | 00,075,615 | ---- | C] () -- C:\Documents and Settings\lillia\My Documents\WEATHER WITH YOU 2.mid
[2009/02/14 17:24:28 | 00,060,695 | ---- | C] () -- C:\Documents and Settings\lillia\My Documents\LOOK OF LOVE.mid
[2009/02/14 17:24:28 | 00,060,369 | ---- | C] () -- C:\Documents and Settings\lillia\My Documents\STARS 2.mid
[2009/02/14 17:24:28 | 00,060,003 | ---- | C] () -- C:\Documents and Settings\lillia\My Documents\MAC THE KNIFE.mid
[2009/02/14 17:24:28 | 00,059,428 | ---- |

hello


Run OTList2.exe

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  

  :OTLI
  PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
  O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - Reg Error: Key error. File not found
  O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - Reg Error: Key error. File not found
  O4 - HKLM..\Run: [RelevantKnowledge] C:\program files\relevantknowledge\rlvknlg.exe -boot File not found
  O33 - MountPoints2\{c84c4504-fa67-11dd-a878-00016cdcd7b1}\Shell - "" = AutoRun
  O33 - MountPoints2\{c84c4504-fa67-11dd-a878-00016cdcd7b1}\Shell\AutoRun - "" = Auto&Play
  
  :Services
  
  :Reg
  
  :Files
  
  :Commands
  [purity]
  [emptytemp]
  [start explorer]
  [Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot when it is done
• Then post a new OTL2 log ( don't check the boxes beside LOP Check or Purity this time )

========== OTLISTIT ==========
Process explorer.exe killed successfully!
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{A057A204-BACC-4D26-9990-79A187E2698E} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A057A204-BACC-4D26-9990-79A187E2698E}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\RelevantKnowledge deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c84c4504-fa67-11dd-a878-00016cdcd7b1}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c84c4504-fa67-11dd-a878-00016cdcd7b1}\ not found.
File not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c84c4504-fa67-11dd-a878-00016cdcd7b1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c84c4504-fa67-11dd-a878-00016cdcd7b1}\ not found.
File not found.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
========== COMMANDS ==========
File delete failed. C:\Documents and Settings\lillia\Local Settings\temp\hsperfdata_lillia\2176 scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat scheduled to be deleted on reboot.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_4c4.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_5e4.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully

OTListIt2 by OldTimer - Version 2.0.3.4 log created on 03062009_051240

Files moved on Reboot...
File C:\Documents and Settings\lillia\Local Settings\temp\hsperfdata_lillia\2176 not found!
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be moved on reboot.
File C:\WINDOWS\temp\Perflib_Perfdata_4c4.dat not found!
C:\WINDOWS\temp\Perflib_Perfdata_5e4.dat moved successfully.

Registry entries deleted on Reboot...