PDA

View Full Version : Lots of issues :(



Aspen04
2010-03-20, 02:58
my brother is having some issues with his laptop. I told him multiple times he needs to get a firewall and an antivirus program, but he is not computer savy and its to late.

hopefully you can give us some help here.

thank you.

HJT Log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:55:39 PM, on 3/19/2010
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16982)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe
C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\System32\p2phost.exe
C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe
C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntiSpy.exe
C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Comcast
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: P2P Energy Toolbar - {2bae58c2-79f9-45d1-a286-81f911301c3a} - C:\Program Files\P2P_Energy\tbP2P0.dll
R3 - URLSearchHook: ToggleEN Toolbar - {038cb5c7-48ea-4af9-94e0-a1646542e62b} - C:\Program Files\ToggleEN\tbTog0.dll
R3 - URLSearchHook: (no name) - - (no file)
F3 - REG:win.ini: run=E:\setup.ins
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: ToggleEN Toolbar - {038cb5c7-48ea-4af9-94e0-a1646542e62b} - C:\Program Files\ToggleEN\tbTog0.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: PlaySushi - {21608B66-026F-4DCB-9244-0DACA328DCED} - C:\Program Files\PlaySushi\PSText.dll
O2 - BHO: P2P Energy Toolbar - {2bae58c2-79f9-45d1-a286-81f911301c3a} - C:\Program Files\P2P_Energy\tbP2P0.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Comcast Toolbar - {79CEEA4E-C231-4614-9E3B-53B2A02F39B7} - C:\Program Files\comcasttb\comcastdx.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll
O2 - BHO: MSN Toolbar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\npwinext.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O3 - Toolbar: P2P Energy Toolbar - {2bae58c2-79f9-45d1-a286-81f911301c3a} - C:\Program Files\P2P_Energy\tbP2P0.dll
O3 - Toolbar: ToggleEN Toolbar - {038cb5c7-48ea-4af9-94e0-a1646542e62b} - C:\Program Files\ToggleEN\tbTog0.dll
O3 - Toolbar: MSN Toolbar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\npwinext.dll
O3 - Toolbar: Comcast Toolbar - {79CEEA4E-C231-4614-9E3B-53B2A02F39B7} - C:\Program Files\comcasttb\comcastdx.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MSN Toolbar] "C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe"
O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKLM\..\Run: [ddoctorv2] "C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe" /P ddoctorv2
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [CollaborationHost] C:\Windows\system32\p2phost.exe -s
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [cdloader] "C:\Users\keeghen\AppData\Roaming\mjusbsp\cdloader2.exe" MAGICJACK
O4 - HKCU\..\Run: [DW6] "C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe"
O4 - HKCU\..\Run: [WeatherDPA] "C:\Program Files\Hotbar\bin\11.0.78.0\Weather.exe" -auto
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [ComcastAntispyClient] "C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntispy.exe" /hide
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: Nikon Monitor.lnk = ?
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Go PlaySushi! - {EBD24BD3-E272-4FA3-A8BA-C5D709757CAB} - C:\Program Files\PlaySushi\PSText.dll
O13 - Gopher Prefix:
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O23 - Service: Comcast AntiSpyware (AntiSpywareService) - Unknown owner - C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: Google Update Service (gupdate1ca2bf0da1cdaf0) (gupdate1ca2bf0da1cdaf0) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: SupportSoft Sprocket Service (ddoctorv2) (sprtsvc_ddoctorv2) - SupportSoft, Inc. - C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 13266 bytes

Blade81
2010-03-24, 08:26
Hi,

Download DDS and save it to your desktop from here (http://www.techsupportforum.com/sectools/sUBs/dds) or here (http://download.bleepingcomputer.com/sUBs/dds.scr) or here (http://www.forospyware.com/sUBs/dds).
Disable any script blocker, and then double click dds.scr to run the tool.
When done, DDS will open two (2) logs:
DDS.txt
Attach.txt

Save both reports to your desktop. Post them back to your topic.


Download GMER (http://www.gmer.net) here by clicking download exe -button and then saving it your desktop:
Double-click .exe that you downloaded
Click rootkit-tab and then scan.
Don't check
Show All
box while scanning in progress!
When scanning is ready, click Copy.
This copies log to clipboard
Post log (if the log is long, archive it into a zip file and attach instead of posting) in your reply.

Aspen04
2010-03-26, 04:49
DDS (Ver_10-03-17.01) - NTFSx86
Run by keeghen at 19:45:54.62 on Thu 03/25/2010
Internet Explorer: 7.0.6000.16982 BrowserJavaVersion: 1.6.0_03
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.2038.894 [GMT -7:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe
C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\System32\p2phost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe
C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntiSpy.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
C:\Windows\system32\wuauclt.exe
c:\program files\windows defender\MpCmdRun.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\System32\svchost.exe -k wdisvc
C:\Windows\system32\Macromed\Flash\FlashUtil10d.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\keeghen\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.comcast.net/
uSearch Page =
uSearch Bar =
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop
uWindow Title = Windows Internet Explorer provided by Comcast
mStart Page = hxxp://www.comcast.net/
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop
mWindow Title = Windows Internet Explorer provided by Comcast
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
uURLSearchHooks: P2P Energy Toolbar: {2bae58c2-79f9-45d1-a286-81f911301c3a} - c:\program files\p2p_energy\tbP2P0.dll
uURLSearchHooks: ToggleEN Toolbar: {038cb5c7-48ea-4af9-94e0-a1646542e62b} - c:\program files\toggleen\tbTog0.dll
uURLSearchHooks: H - No File
mURLSearchHooks: P2P Energy Toolbar: {2bae58c2-79f9-45d1-a286-81f911301c3a} - c:\program files\p2p_energy\tbP2P0.dll
mURLSearchHooks: ToggleEN Toolbar: {038cb5c7-48ea-4af9-94e0-a1646542e62b} - c:\program files\toggleen\tbTog0.dll
uWindows: run=E:\setup.ins
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
BHO: ToggleEN Toolbar: {038cb5c7-48ea-4af9-94e0-a1646542e62b} - c:\program files\toggleen\tbTog0.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar.dll
BHO: PlaySushi: {21608b66-026f-4dcb-9244-0daca328dced} - c:\program files\playsushi\PSText.dll
BHO: P2P Energy Toolbar: {2bae58c2-79f9-45d1-a286-81f911301c3a} - c:\program files\p2p_energy\tbP2P0.dll
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_03\bin\ssv.dll
BHO: Comcast Toolbar: {79ceea4e-c231-4614-9e3b-53b2a02f39b7} - c:\program files\comcasttb\comcastdx.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.4723.1820\swg.dll
BHO: MSN Toolbar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\4.0.0379.0\npwinext.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll
TB: P2P Energy Toolbar: {2bae58c2-79f9-45d1-a286-81f911301c3a} - c:\program files\p2p_energy\tbP2P0.dll
TB: ToggleEN Toolbar: {038cb5c7-48ea-4af9-94e0-a1646542e62b} - c:\program files\toggleen\tbTog0.dll
TB: MSN Toolbar: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\4.0.0379.0\npwinext.dll
TB: Comcast Toolbar: {79ceea4e-c231-4614-9e3b-53b2a02f39b7} - c:\program files\comcasttb\comcastdx.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [CollaborationHost] c:\windows\system32\p2phost.exe -s
uRun: [Yahoo! Pager] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [cdloader] "c:\users\keeghen\appdata\roaming\mjusbsp\cdloader2.exe" MAGICJACK
uRun: [DW6] "c:\program files\the weather channel fw\desktop\DesktopWeather.exe"
uRun: [WeatherDPA] "c:\program files\hotbar\bin\11.0.78.0\Weather.exe" -auto
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [ComcastAntispyClient] "c:\program files\comcasttb\comcastspywarescan\ComcastAntispy.exe" /hide
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [Apoint] c:\program files\apoint2k\Apoint.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"
mRun: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe
mRun: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_03\bin\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [MSN Toolbar] "c:\program files\msn toolbar\platform\4.0.0379.0\mswinext.exe"
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [ddoctorv2] "c:\program files\comcast\desktop doctor\bin\sprtcmd.exe" /P ddoctorv2
mRun: [<NO NAME>]
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
StartupFolder: c:\users\keeghen\appdata\roaming\micros~1\windows\startm~1\programs\startup\nikonm~1.lnk - c:\program files\common files\nikon\monitor\NkMonitor.exe
StartupFolder: c:\users\keeghen\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_03\bin\ssv.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {EBD24BD3-E272-4FA3-A8BA-C5D709757CAB} - {EBD24BD3-E272-4FA3-A8BA-C5D709757CAB} - c:\program files\playsushi\PSText.dll
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
Notify: igfxcui - igfxdev.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\keeghen\appdata\roaming\mozilla\firefox\profiles\lla6vrs0.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1269415&SearchSource=3&q=
FF - prefs.js: browser.search.selectedEngine - P2P_Energy Customized Web Search
FF - component: c:\program files\microsoft\search enhancement pack\search helper\firefoxextension\searchhelperextension\components\SEPsearchhelperff.dll
FF - component: c:\users\keeghen\appdata\roaming\mozilla\extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@playsushi.com\components\PlaySushiFF.dll
FF - component: c:\users\keeghen\appdata\roaming\mozilla\firefox\profiles\lla6vrs0.default\extensions\{038cb5c7-48ea-4af9-94e0-a1646542e62b}\components\FFAlert.dll
FF - component: c:\users\keeghen\appdata\roaming\mozilla\firefox\profiles\lla6vrs0.default\extensions\{2bae58c2-79f9-45d1-a286-81f911301c3a}\components\FFAlert.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npzylomgamesplayer.dll
FF - plugin: c:\program files\msn toolbar\platform\4.0.0379.0\npwinext.dll
FF - plugin: c:\program files\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\programdata\zylom\zylomgamesplayer\npzylomgamesplayer.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
pref(dom.disable_open_during_load, false);
============= SERVICES / DRIVERS ===============

R2 AntiSpywareService;Comcast AntiSpyware;c:\program files\comcasttb\comcastspywarescan\ComcastAntiSpyService.exe [2009-6-17 616408]
R3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2008-11-17 3668480]
S2 gupdate1ca2bf0da1cdaf0;Google Update Service (gupdate1ca2bf0da1cdaf0);c:\program files\google\update\GoogleUpdate.exe [2009-9-2 133104]
S3 mr97310c;CIF Dual-Mode Camera;c:\windows\system32\drivers\mr97310c.sys [2008-3-27 116992]
S3 netr73;Linksys Compact Wireless-G USB Adapter Driver for Vista;c:\windows\system32\drivers\WUSB54GCx86.sys [2007-3-12 256000]

=============== Created Last 30 ================

2010-03-20 00:51:48 0 d-----w- c:\program files\Trend Micro
2010-03-19 22:35:47 0 d-----w- c:\users\keeghen\appdata\roaming\Malwarebytes
2010-03-19 22:35:41 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-19 22:35:39 0 d-----w- c:\programdata\Malwarebytes
2010-03-19 22:35:38 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-19 22:35:38 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-12 11:01:07 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-03-12 11:00:56 396800 ----a-w- c:\windows\system32\drivers\http.sys
2010-03-12 11:00:56 31232 ----a-w- c:\windows\system32\httpapi.dll
2010-02-25 16:59:04 0 d-----w- c:\program files\DivX
2010-02-25 16:59:04 0 d-----w- c:\program files\common files\DivX Shared

==================== Find3M ====================

2010-03-19 22:16:06 51200 ----a-w- c:\windows\inf\infpub.dat
2010-03-19 22:16:06 143360 ----a-w- c:\windows\inf\infstrng.dat
2010-03-19 22:16:03 86016 ----a-w- c:\windows\inf\infstor.dat
2010-02-24 17:16:06 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-01-25 12:58:44 473088 ----a-w- c:\windows\system32\secproc_isv.dll
2010-01-25 12:58:44 154624 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-01-25 12:58:44 154112 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-01-25 12:58:29 472576 ----a-w- c:\windows\system32\secproc.dll
2010-01-25 12:56:33 312320 ----a-w- c:\windows\system32\msdrm.dll
2010-01-25 08:36:22 435712 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-01-25 08:36:19 515584 ----a-w- c:\windows\system32\RMActivate.exe
2010-01-25 08:36:05 431104 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-01-25 08:35:58 523776 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-01-23 08:05:07 2048 ----a-w- c:\windows\system32\tzres.dll
2009-12-28 12:36:21 11776 ----a-w- c:\windows\system32\tsbyuv.dll
2009-12-28 12:35:48 1327616 ----a-w- c:\windows\system32\quartz.dll
2009-12-28 12:34:31 22528 ----a-w- c:\windows\system32\msyuv.dll
2009-12-28 12:34:29 31232 ----a-w- c:\windows\system32\msvidc32.dll
2009-12-28 12:34:29 123904 ----a-w- c:\windows\system32\msvfw32.dll
2009-12-28 12:34:24 13312 ----a-w- c:\windows\system32\msrle32.dll
2009-12-28 12:33:24 82944 ----a-w- c:\windows\system32\mciavi32.dll
2009-12-28 12:32:52 50176 ----a-w- c:\windows\system32\iyuv_32.dll
2009-12-28 12:30:47 88576 ----a-w- c:\windows\system32\avifil32.dll
2009-12-28 12:30:47 65024 ----a-w- c:\windows\system32\avicap32.dll
2008-12-13 11:18:14 174 --sha-w- c:\program files\desktop.ini
2008-06-11 10:11:20 665600 ----a-w- c:\windows\inf\drvindex.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2007-08-18 10:10:46 397312 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.0.6000.16480_none_ef1b6bb652cf8744\WinMail.exe

============= FINISH: 19:48:48.98 ===============

Aspen04
2010-03-26, 04:50
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 7/21/2007 11:51:32 AM
System Uptime: 3/25/2010 7:23:43 PM (0 hours ago)

Motherboard: Wistron | | 30CD
Processor: Intel(R) Core(TM)2 Duo CPU T5250 @ 1.50GHz | U2E1 | 1000/667mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 141 GiB total, 79.726 GiB free.
D: is FIXED (NTFS) - 8 GiB total, 1.953 GiB free.
E: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================


==== Installed Programs ======================

3D Ultra Lionel® TrainTown Deluxe
Activation Assistant for the 2007 Microsoft Office suites
ActiveCheck component for HP Active Support Library
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 8.1.3
Adobe Shockwave Player 11.5
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcSoft Panorama Maker 4
ArcSoft PhotoImpression 4
Ask Toolbar
Bob the Builder
Bonjour
CA Pest Patrol Realtime Protection
Cake Mania® 3
Camera Driver
CardRecovery 5.30
Comcast High-Speed Internet Install Wizard
Comcast Toolbar 3.0
Conexant HD Audio
Crazy Machines
Desktop Doctor
Diner Dash 2
Disney Pirates of the Caribbean Online
DivX Plus Web Player
ESU for Microsoft Vista
File Recover 7.5
GameHouse
GameSpy Arcade
Google Toolbar for Internet Explorer
Google Update Helper
HDAUDIO Soft Data Fax Modem with SmartCP
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Active Support Library
HP Active Support Library 32 bit components
HP Customer Experience Enhancements
HP Doc Viewer
HP Easy Setup - Frontend
HP Games
HP Help and Support
HP Photosmart Essential 2.0
HP Photosmart Essential2.5
HP Quick Launch Buttons 6.20 B1
HP QuickPlay 3.2
HP Update
HP User Guides 0060
HP Wireless Assistant
HPAsset component for HP Active Support Library
HPNetworkAssistant
Intel Matrix Storage Manager
Intel(R) Graphics Media Accelerator Driver
iPod for Windows 2006-01-10
iTunes
Java(TM) 6 Update 3
Java(TM) SE Runtime Environment 6
K'NEX
LightScribe 1.4.136.1
Malwarebytes' Anti-Malware
Marvell Miniport Driver
Mayawaka
Microsoft .NET Framework 3.5 SP1
Microsoft Default Manager
Microsoft Halo
Microsoft Halo Trial
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Small Business 2007
Microsoft Office Word MUI (English) 2007
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
Monopoly
Monopoly - SpongeBob SquarePants Edition
Monopoly®
MSCU for Microsoft Vista
MSN Toolbar
MSN Toolbar Platform
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
muvee autoProducer 6.0
My HP Games
NetWaiting
Nikon Message Center
Nikon Transfer
oggcodecs 0.71.0946
P2P_Energy Toolbar
Pet Shop Hop(TM)
Phonics 4 Kids
Playsushi
PSSWCORE
QuickTime
Rhapsody
Rhapsody Player Engine
Roblox for keeghen
RollerCoaster Tycoon 3 Platinum
Roxio Activation Module
Roxio Creator Audio
Roxio Creator Basic v9
Roxio Creator Copy
Roxio Creator Data
Roxio Creator EasyArchive
Roxio Creator Tools
Roxio Express Labeler 3
Roxio MyDVD Basic v9
Safari
Scrapbook Factory 3.0
Scrapbooks Plus
ShopperReports
Spelling Dictionaries Support For Adobe Reader 8
SpongeBob Diner Dash
SpongeBob Diner Dash 2
SpongeBob SquarePants Obstacle Odyssey 2
Stunt Track Driver
The Weather Channel Desktop 6
The Wild Thornberrys(TM) Rambler(TM)
ToggleEN Toolbar
Tonka Construction 2
Touch Pad Driver
Unity Web Player
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
VC80CRTRedist - 8.0.50727.4053
Web Games Player Plugin
Windows Live ID Sign-in Assistant
WONswap
Yahoo! Browser Services
Yahoo! Install Manager
Yahoo! Internet Mail
Yahoo! Messenger
Yahoo! Music Jukebox
Yahoo! Toolbar

==== End Of File ===========================

Aspen04
2010-03-26, 06:02
Ive tried running GMER twice now, after about 45minutes of scanning I get a blue screen saying .pll error or something like that. windows restarts to keep from damaging my system.

Blade81
2010-03-26, 07:44
Hi,

Please see if disabling sections and devices options in GMER menu help. If system still restarts try to run GMER in safe mode with those two options and protection software disabled.

Aspen04
2010-03-26, 23:19
system did restart with those 2 options unchecked. I am currently running in safemode it has been scanning for almost 3 hours...

is that normal?

I still physically see it scanning files so it is no frozen.

thanks for your help.

Aspen04
2010-03-26, 23:48
so GMER finished scanning, and just said GMER did not find any system modifications. I pressed OK. just incase I pressed copy aswell. just incase there was something there you needed.

awaiting next instructions.

again thank you for your help.

Blade81
2010-03-27, 12:22
Hi,

Yes, if there're lots of files then GMER process may take longer. Let's continue.


Please visit this webpage for download links, and instructions for running ComboFix tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please ensure you read this guide carefully first.


Please continue as follows:


Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link (http://www.bleepingcomputer.com/forums/topic114351.html)
Remember to re-enable them afterwards.


Click Yes to allow ComboFix to continue scanning for malware.


When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
New dds log.

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.

Aspen04
2010-03-28, 04:02
ComboFix 10-03-27.02 - keeghen 03/27/2010 17:36:59.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.2038.1030 [GMT -7:00]
Running from: c:\users\keeghen\Desktop\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-1016754701-758904463-1517448726-500
c:\$recycle.bin\S-1-5-21-1067740804-76663169-3044499816-500
c:\program files\PlaySushi\PSTExt.dll
c:\programdata\ntuser.dat{e8ad3aae-b1ac-11dc-a781-0016d3a67429}.TMContainer00000000000000000001.regtrans-ms
c:\programdata\ntuser.dat{e8ad3abe-b1ac-11dc-a781-0016d3a67429}.TMContainer00000000000000000001.regtrans-ms

.
((((((((((((((((((((((((( Files Created from 2010-02-28 to 2010-03-28 )))))))))))))))))))))))))))))))
.

2010-03-28 00:53 . 2010-03-28 00:55 -------- d-----w- c:\users\keeghen\AppData\Local\temp
2010-03-28 00:53 . 2010-03-28 00:53 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-03-20 00:51 . 2010-03-20 00:51 -------- d-----w- c:\program files\Trend Micro
2010-03-19 22:35 . 2010-03-19 22:35 -------- d-----w- c:\users\keeghen\AppData\Roaming\Malwarebytes
2010-03-19 22:35 . 2010-01-07 23:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-19 22:35 . 2010-03-19 22:35 -------- d-----w- c:\programdata\Malwarebytes
2010-03-19 22:35 . 2010-03-19 22:35 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-19 22:35 . 2010-01-07 23:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-19 22:31 . 2010-03-19 22:31 509552 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtb3B5D.tmp.exe
2010-03-12 11:01 . 2010-02-20 23:54 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-03-12 11:00 . 2010-02-20 23:51 31232 ----a-w- c:\windows\system32\httpapi.dll
2010-03-12 11:00 . 2010-02-20 21:30 396800 ----a-w- c:\windows\system32\drivers\http.sys
2010-02-28 18:57 . 2010-02-28 18:57 658184 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2010-02-27 08:48 . 2010-03-05 05:46 -------- d-----w- c:\users\keeghen\AppData\Local\niikyc

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-28 00:52 . 2009-12-22 03:59 -------- d-----w- c:\program files\PlaySushi
2010-03-27 01:58 . 2009-02-21 03:40 1356 ----a-w- c:\users\keeghen\AppData\Local\d3d9caps.dat
2010-03-23 01:22 . 2007-07-02 11:24 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-03-20 00:53 . 2007-12-23 19:16 -------- d-----w- c:\program files\Google
2010-03-19 21:55 . 2008-12-24 01:21 -------- d-----w- c:\users\keeghen\AppData\Roaming\LimeWireTurbo
2010-03-12 11:18 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-02-25 16:59 . 2010-02-25 16:59 -------- d-----w- c:\program files\DivX
2010-02-25 16:59 . 2010-02-25 16:59 -------- d-----w- c:\program files\Common Files\DivX Shared
2010-02-24 17:16 . 2009-10-06 00:02 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-24 11:22 . 2007-08-14 13:17 151240 ----a-w- c:\users\keeghen\AppData\Local\GDIPFONTCACHEV1.DAT
2010-02-11 09:41 . 2007-08-24 16:19 -------- d-----w- c:\program files\LimeWire
2010-02-11 07:37 . 2007-08-24 16:19 -------- d-----w- c:\users\keeghen\AppData\Roaming\LimeWire
2010-02-07 04:39 . 2007-07-02 11:04 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-02-07 04:38 . 2009-11-08 01:01 -------- d-----w- c:\program files\iPod
2010-01-25 12:58 . 2010-02-23 22:16 473088 ----a-w- c:\windows\system32\secproc_isv.dll
2010-01-25 12:58 . 2010-02-23 22:16 154624 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-01-25 12:58 . 2010-02-23 22:16 154112 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-01-25 12:58 . 2010-02-23 22:16 472576 ----a-w- c:\windows\system32\secproc.dll
2010-01-25 12:56 . 2010-02-23 22:16 312320 ----a-w- c:\windows\system32\msdrm.dll
2010-01-25 08:36 . 2010-02-23 22:16 435712 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-01-25 08:36 . 2010-02-23 22:16 515584 ----a-w- c:\windows\system32\RMActivate.exe
2010-01-25 08:36 . 2010-02-23 22:16 431104 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-01-25 08:35 . 2010-02-23 22:16 523776 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-01-23 08:05 . 2010-02-23 22:18 2048 ----a-w- c:\windows\system32\tzres.dll
2009-12-28 12:36 . 2010-02-10 12:42 11776 ----a-w- c:\windows\system32\tsbyuv.dll
2009-12-28 12:35 . 2010-02-10 12:42 1327616 ----a-w- c:\windows\system32\quartz.dll
2009-12-28 12:34 . 2010-02-10 12:42 22528 ----a-w- c:\windows\system32\msyuv.dll
2009-12-28 12:34 . 2010-02-10 12:42 31232 ----a-w- c:\windows\system32\msvidc32.dll
2009-12-28 12:34 . 2010-02-10 12:42 123904 ----a-w- c:\windows\system32\msvfw32.dll
2009-12-28 12:34 . 2010-02-10 12:42 13312 ----a-w- c:\windows\system32\msrle32.dll
2009-12-28 12:33 . 2010-02-10 12:42 82944 ----a-w- c:\windows\system32\mciavi32.dll
2009-12-28 12:32 . 2010-02-10 12:42 50176 ----a-w- c:\windows\system32\iyuv_32.dll
2009-12-28 12:30 . 2010-02-10 12:42 88576 ----a-w- c:\windows\system32\avifil32.dll
2009-12-28 12:30 . 2010-02-10 12:42 65024 ----a-w- c:\windows\system32\avicap32.dll
2007-08-18 10:10 . 2007-08-18 10:10 397312 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.0.6000.16480_none_ef1b6bb652cf8744\WinMail.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{2bae58c2-79f9-45d1-a286-81f911301c3a}"= "c:\program files\P2P_Energy\tbP2P0.dll" [2009-12-08 2166296]
"{038cb5c7-48ea-4af9-94e0-a1646542e62b}"= "c:\program files\ToggleEN\tbTog0.dll" [2008-11-24 1784856]

[HKEY_CLASSES_ROOT\clsid\{2bae58c2-79f9-45d1-a286-81f911301c3a}]

[HKEY_CLASSES_ROOT\clsid\{038cb5c7-48ea-4af9-94e0-a1646542e62b}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{038cb5c7-48ea-4af9-94e0-a1646542e62b}]
2008-11-24 07:03 1784856 ----a-w- c:\program files\ToggleEN\tbTog0.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-07-18 00:20 279944 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2bae58c2-79f9-45d1-a286-81f911301c3a}]
2009-12-08 04:33 2166296 ----a-w- c:\program files\P2P_Energy\tbP2P0.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-07-18 279944]
"{2bae58c2-79f9-45d1-a286-81f911301c3a}"= "c:\program files\P2P_Energy\tbP2P0.dll" [2009-12-08 2166296]
"{038cb5c7-48ea-4af9-94e0-a1646542e62b}"= "c:\program files\ToggleEN\tbTog0.dll" [2008-11-24 1784856]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CLASSES_ROOT\clsid\{2bae58c2-79f9-45d1-a286-81f911301c3a}]

[HKEY_CLASSES_ROOT\clsid\{038cb5c7-48ea-4af9-94e0-a1646542e62b}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{2BAE58C2-79F9-45D1-A286-81F911301C3A}"= "c:\program files\P2P_Energy\tbP2P0.dll" [2009-12-08 2166296]
"{038CB5C7-48EA-4AF9-94E0-A1646542E62B}"= "c:\program files\ToggleEN\tbTog0.dll" [2008-11-24 1784856]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-07-18 279944]

[HKEY_CLASSES_ROOT\clsid\{2bae58c2-79f9-45d1-a286-81f911301c3a}]

[HKEY_CLASSES_ROOT\clsid\{038cb5c7-48ea-4af9-94e0-a1646542e62b}]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-12 1232896]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440]
"CollaborationHost"="c:\windows\system32\p2phost.exe" [2006-11-02 191488]
"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-31 4670704]
"cdloader"="c:\users\keeghen\AppData\Roaming\mjusbsp\cdloader2.exe" [2009-04-10 50520]
"DW6"="c:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe" [2009-10-08 818288]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-05 39408]
"ComcastAntispyClient"="c:\program files\comcasttb\ComcastSpywareScan\ComcastAntispy.exe" [2009-08-19 1589208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2007-08-18 1006264]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-03-11 159744]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-02-12 174872]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2007-04-24 176128]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-02-13 159744]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2007-03-12 50696]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-03-01 472776]
"WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-10 317128]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-17 49152]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 132496]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-10-29 141600]
"MSN Toolbar"="c:\program files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe" [2009-12-09 240992]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-07-17 288080]
"ddoctorv2"="c:\program files\Comcast\Desktop Doctor\bin\sprtcmd.exe" [2008-04-24 202560]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-12 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-12 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-12 133656]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-01-07 1394000]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\windows\SMINST\launcher.exe" [2006-11-08 44128]

c:\users\keeghen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Nikon Monitor.lnk - c:\program files\Common Files\Nikon\Monitor\NkMonitor.exe [2007-5-15 479232]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

R2 gupdate1ca2bf0da1cdaf0;Google Update Service (gupdate1ca2bf0da1cdaf0);c:\program files\Google\Update\GoogleUpdate.exe [2009-09-02 133104]
R3 mr97310c;CIF Dual-Mode Camera;c:\windows\system32\DRIVERS\mr97310c.sys [2008-03-27 116992]
R3 netr73;Linksys Compact Wireless-G USB Adapter Driver for Vista;c:\windows\system32\DRIVERS\WUSB54GCx86.sys [2007-03-12 256000]
S2 AntiSpywareService;Comcast AntiSpyware;c:\program files\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe [2009-06-17 616408]
S3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-11-17 3668480]

.
Contents of the 'Scheduled Tasks' folder

2010-03-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-02 17:14]

2010-03-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-02 17:14]

2010-03-28 c:\windows\Tasks\User_Feed_Synchronization-{7E7675EB-E364-4B5A-9FC2-1EE67EEB0CA6}.job
- c:\windows\system32\msfeedssync.exe [2006-11-02 09:45]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.comcast.net/
mStart Page = hxxp://www.comcast.net/
mWindow Title = Windows Internet Explorer provided by Comcast
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
FF - ProfilePath - c:\users\keeghen\AppData\Roaming\Mozilla\Firefox\Profiles\lla6vrs0.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1269415&SearchSource=3&q=
FF - prefs.js: browser.search.selectedEngine - P2P_Energy Customized Web Search
FF - component: c:\program files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\components\SEPsearchhelperff.dll
FF - component: c:\users\keeghen\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@playsushi.com\components\PlaySushiFF.dll
FF - component: c:\users\keeghen\AppData\Roaming\Mozilla\Firefox\Profiles\lla6vrs0.default\extensions\{038cb5c7-48ea-4af9-94e0-a1646542e62b}\components\FFAlert.dll
FF - component: c:\users\keeghen\AppData\Roaming\Mozilla\Firefox\Profiles\lla6vrs0.default\extensions\{2bae58c2-79f9-45d1-a286-81f911301c3a}\components\FFAlert.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npzylomgamesplayer.dll
FF - plugin: c:\program files\MSN Toolbar\Platform\4.0.0379.0\npwinext.dll
FF - plugin: c:\program files\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: c:\programdata\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
pref(dom.disable_open_during_load, false);.
- - - - ORPHANS REMOVED - - - -

AddRemove-ShopperReportsSA - c:\program files\ShopperReports3\bin\3.0.268.0\ShopperReportsUninstaller.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-27 17:55
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(748)
c:\program files\CA\PPRT\bin\CACheck.dll
c:\program files\CA\PPRT\bin\CAHook.dll
c:\program files\CA\PPRT\bin\CAServer.dll
.
Completion time: 2010-03-27 18:01:06
ComboFix-quarantined-files.txt 2010-03-28 01:01

Pre-Run: 84,082,098,176 bytes free
Post-Run: 85,808,013,312 bytes free

- - End Of File - - 8B0B2DB36319DEAA415C1300EBFBD740

Aspen04
2010-03-28, 04:05
DDS (Ver_10-03-17.01) - NTFSx86
Run by keeghen at 18:03:54.24 on Sat 03/27/2010
Internet Explorer: 7.0.6000.16982 BrowserJavaVersion: 1.6.0_03
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.2038.848 [GMT -7:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe
C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\System32\p2phost.exe
C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntiSpy.exe
C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\explorer.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\keeghen\Downloads\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.comcast.net/
mStart Page = hxxp://www.comcast.net/
mWindow Title = Windows Internet Explorer provided by Comcast
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
uURLSearchHooks: P2P Energy Toolbar: {2bae58c2-79f9-45d1-a286-81f911301c3a} - c:\program files\p2p_energy\tbP2P0.dll
uURLSearchHooks: ToggleEN Toolbar: {038cb5c7-48ea-4af9-94e0-a1646542e62b} - c:\program files\toggleen\tbTog0.dll
uURLSearchHooks: H - No File
mURLSearchHooks: P2P Energy Toolbar: {2bae58c2-79f9-45d1-a286-81f911301c3a} - c:\program files\p2p_energy\tbP2P0.dll
mURLSearchHooks: ToggleEN Toolbar: {038cb5c7-48ea-4af9-94e0-a1646542e62b} - c:\program files\toggleen\tbTog0.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
BHO: ToggleEN Toolbar: {038cb5c7-48ea-4af9-94e0-a1646542e62b} - c:\program files\toggleen\tbTog0.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar.dll
BHO: P2P Energy Toolbar: {2bae58c2-79f9-45d1-a286-81f911301c3a} - c:\program files\p2p_energy\tbP2P0.dll
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_03\bin\ssv.dll
BHO: Comcast Toolbar: {79ceea4e-c231-4614-9e3b-53b2a02f39b7} - c:\program files\comcasttb\comcastdx.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.4723.1820\swg.dll
BHO: MSN Toolbar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\4.0.0379.0\npwinext.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll
TB: P2P Energy Toolbar: {2bae58c2-79f9-45d1-a286-81f911301c3a} - c:\program files\p2p_energy\tbP2P0.dll
TB: ToggleEN Toolbar: {038cb5c7-48ea-4af9-94e0-a1646542e62b} - c:\program files\toggleen\tbTog0.dll
TB: MSN Toolbar: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\4.0.0379.0\npwinext.dll
TB: Comcast Toolbar: {79ceea4e-c231-4614-9e3b-53b2a02f39b7} - c:\program files\comcasttb\comcastdx.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [CollaborationHost] c:\windows\system32\p2phost.exe -s
uRun: [Yahoo! Pager] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [cdloader] "c:\users\keeghen\appdata\roaming\mjusbsp\cdloader2.exe" MAGICJACK
uRun: [DW6] "c:\program files\the weather channel fw\desktop\DesktopWeather.exe"
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [ComcastAntispyClient] "c:\program files\comcasttb\comcastspywarescan\ComcastAntispy.exe" /hide
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [Apoint] c:\program files\apoint2k\Apoint.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"
mRun: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe
mRun: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_03\bin\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [MSN Toolbar] "c:\program files\msn toolbar\platform\4.0.0379.0\mswinext.exe"
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [ddoctorv2] "c:\program files\comcast\desktop doctor\bin\sprtcmd.exe" /P ddoctorv2
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
StartupFolder: c:\users\keeghen\appdata\roaming\micros~1\windows\startm~1\programs\startup\nikonm~1.lnk - c:\program files\common files\nikon\monitor\NkMonitor.exe
StartupFolder: c:\users\keeghen\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_03\bin\ssv.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
Notify: igfxcui - igfxdev.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\keeghen\appdata\roaming\mozilla\firefox\profiles\lla6vrs0.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1269415&SearchSource=3&q=
FF - prefs.js: browser.search.selectedEngine - P2P_Energy Customized Web Search
FF - component: c:\program files\microsoft\search enhancement pack\search helper\firefoxextension\searchhelperextension\components\SEPsearchhelperff.dll
FF - component: c:\users\keeghen\appdata\roaming\mozilla\extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@playsushi.com\components\PlaySushiFF.dll
FF - component: c:\users\keeghen\appdata\roaming\mozilla\firefox\profiles\lla6vrs0.default\extensions\{038cb5c7-48ea-4af9-94e0-a1646542e62b}\components\FFAlert.dll
FF - component: c:\users\keeghen\appdata\roaming\mozilla\firefox\profiles\lla6vrs0.default\extensions\{2bae58c2-79f9-45d1-a286-81f911301c3a}\components\FFAlert.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npzylomgamesplayer.dll
FF - plugin: c:\program files\msn toolbar\platform\4.0.0379.0\npwinext.dll
FF - plugin: c:\program files\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\programdata\zylom\zylomgamesplayer\npzylomgamesplayer.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
pref(dom.disable_open_during_load, false);
============= SERVICES / DRIVERS ===============

R2 AntiSpywareService;Comcast AntiSpyware;c:\program files\comcasttb\comcastspywarescan\ComcastAntiSpyService.exe [2009-6-17 616408]
R3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2008-11-17 3668480]
S2 gupdate1ca2bf0da1cdaf0;Google Update Service (gupdate1ca2bf0da1cdaf0);c:\program files\google\update\GoogleUpdate.exe [2009-9-2 133104]
S3 mr97310c;CIF Dual-Mode Camera;c:\windows\system32\drivers\mr97310c.sys [2008-3-27 116992]
S3 netr73;Linksys Compact Wireless-G USB Adapter Driver for Vista;c:\windows\system32\drivers\WUSB54GCx86.sys [2007-3-12 256000]

=============== Created Last 30 ================

2010-03-28 01:01:15 0 d-sh--w- C:\$RECYCLE.BIN
2010-03-28 00:34:14 98816 ----a-w- c:\windows\sed.exe
2010-03-28 00:34:14 77312 ----a-w- c:\windows\MBR.exe
2010-03-28 00:34:14 261632 ----a-w- c:\windows\PEV.exe
2010-03-28 00:34:14 161792 ----a-w- c:\windows\SWREG.exe
2010-03-20 00:51:48 0 d-----w- c:\program files\Trend Micro
2010-03-19 22:35:47 0 d-----w- c:\users\keeghen\appdata\roaming\Malwarebytes
2010-03-19 22:35:41 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-19 22:35:39 0 d-----w- c:\programdata\Malwarebytes
2010-03-19 22:35:38 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-19 22:35:38 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-12 11:01:07 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-03-12 11:00:56 396800 ----a-w- c:\windows\system32\drivers\http.sys
2010-03-12 11:00:56 31232 ----a-w- c:\windows\system32\httpapi.dll

==================== Find3M ====================

2010-03-19 22:16:06 51200 ----a-w- c:\windows\inf\infpub.dat
2010-03-19 22:16:06 143360 ----a-w- c:\windows\inf\infstrng.dat
2010-03-19 22:16:03 86016 ----a-w- c:\windows\inf\infstor.dat
2010-02-24 17:16:06 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-01-25 12:58:44 473088 ----a-w- c:\windows\system32\secproc_isv.dll
2010-01-25 12:58:44 154624 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-01-25 12:58:44 154112 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-01-25 12:58:29 472576 ----a-w- c:\windows\system32\secproc.dll
2010-01-25 12:56:33 312320 ----a-w- c:\windows\system32\msdrm.dll
2010-01-25 08:36:22 435712 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-01-25 08:36:19 515584 ----a-w- c:\windows\system32\RMActivate.exe
2010-01-25 08:36:05 431104 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-01-25 08:35:58 523776 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-01-23 08:05:07 2048 ----a-w- c:\windows\system32\tzres.dll
2009-12-28 12:36:21 11776 ----a-w- c:\windows\system32\tsbyuv.dll
2009-12-28 12:35:48 1327616 ----a-w- c:\windows\system32\quartz.dll
2009-12-28 12:34:31 22528 ----a-w- c:\windows\system32\msyuv.dll
2009-12-28 12:34:29 31232 ----a-w- c:\windows\system32\msvidc32.dll
2009-12-28 12:34:29 123904 ----a-w- c:\windows\system32\msvfw32.dll
2009-12-28 12:34:24 13312 ----a-w- c:\windows\system32\msrle32.dll
2009-12-28 12:33:24 82944 ----a-w- c:\windows\system32\mciavi32.dll
2009-12-28 12:32:52 50176 ----a-w- c:\windows\system32\iyuv_32.dll
2009-12-28 12:30:47 88576 ----a-w- c:\windows\system32\avifil32.dll
2009-12-28 12:30:47 65024 ----a-w- c:\windows\system32\avicap32.dll
2008-12-13 11:18:14 174 --sha-w- c:\program files\desktop.ini
2008-06-11 10:11:20 665600 ----a-w- c:\windows\inf\drvindex.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2007-08-18 10:10:46 397312 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.0.6000.16480_none_ef1b6bb652cf8744\WinMail.exe

============= FINISH: 18:04:31.43 ===============

Blade81
2010-03-28, 14:10
Hi again,

Uninstall Ask Toolbar if not installed on purpose. Uninstall also P2P_Energy Toolbar.


Open notepad and copy/paste the text in the quotebox below into it:



Folder::
c:\users\keeghen\AppData\Local\niikyc
c:\users\keeghen\AppData\Roaming\LimeWireTurbo
c:\program files\LimeWire
c:\users\keeghen\AppData\Roaming\LimeWire
DDS::
uURLSearchHooks: H - No File



Save this as
CFScript

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.

http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif

Close all browser windows and refering to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log.


Uninstall old Adobe Reader versions and get the latest one (9.3 + update 9.3.1) here (http://www.adobe.com/support/downloads/product.jsp?product=10&platform=Windows) or get Foxit Reader here (http://www.foxitsoftware.com/pdf/reader_2/down_reader.htm). Make sure you don't install toolbar if choose Foxit Reader! You may also check free readers introduced here (http://pdfreaders.org/).


Check here (http://www.adobe.com/software/flash/about/) to see if your Flash is up-to-date (do it separately with each of your browsers). If not, uninstall vulnerable versions by following instructions here (http://kb2.adobe.com/cps/141/tn_14157.html). Fresh version can be obtained here (http://get.adobe.com/flashplayer/).


Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update to the latest version...

Updating Java:

Download the latest version of Java Runtime Environment (JRE) 6 Update 18 (http://java.sun.com/javase/downloads/index.jsp).
Click the
Download
button to the right.
Select Windows on platform combobox and check the box that says:
Accept License Agreement. Click continue.

The page will refresh.
Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
Close any programs you may have running - especially your web browser.
Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
Check any item with Java Runtime Environment (JRE or J2SE) in the name.
Click the Remove or Change/Remove button.
Repeat as many times as necessary to remove each Java versions.
Reboot your computer once all Java components are removed.
Then from your desktop double-click on jre-6u18-windows-i586-p.exe to install the newest version. Uncheck Carbonite online backup trial if it's offered there.



Download ATF (Atribune Temp File) Cleaner© by Atribune (http://www.atribune.org/ccount/click.php?id=1) to your desktop.

Double-click ATF Cleaner.exe to open it

Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Java Cache
*The other boxes are optional*
Then click the Empty Selected button.

If you use Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

If you use Opera:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

Click Exit on the Main menu to close the program.


Please run an online scan with Kaspersky Online Scanner (http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html) as instructed in the screenshot here (http://i275.photobucket.com/albums/jj285/Bleeping/KAS/KAS9.gif).


Post back its report, a fresh dds.txt log and above mentioned ComboFix resultant log.

Aspen04
2010-03-29, 03:13
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Sunday, March 28, 2010
Operating system: Microsoft Windows Vista Home Premium Edition, 32-bit (build 6000)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Sunday, March 28, 2010 17:36:17
Records in database: 3892468
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\

Scan statistics:
Objects scanned: 160960
Threats found: 17
Infected objects found: 101
Suspicious objects found: 0
Scan duration: 04:11:03


File name / Threat / Threats count
C:\Users\keeghen\Documents\LimeWire\Incomplete\Preview-T-1395705-Racist Songs - Johnny Rebel - I Hate Niggers (The KKK Song).wma Infected: Trojan-Downloader.WMA.Wimad.v 1
C:\Users\keeghen\Documents\LimeWire\Incomplete\Preview-T-4304538-cray frog.wma Infected: Trojan-Downloader.WMA.Wimad.y 1
C:\Users\keeghen\Documents\LimeWire\Incomplete\Preview-T-4443088-feet pain.wma Infected: Trojan-Downloader.WMA.Wimad.y 1
C:\Users\keeghen\Documents\LimeWire\Incomplete\Preview-T-5190950-shove it santo gold.mp3 Infected: Trojan-Downloader.WMA.GetCodec.u 1
C:\Users\keeghen\Documents\LimeWire\Incomplete\Preview-T-5299854-shoreline broken social scene.mp3 Infected: Trojan-Downloader.WMA.GetCodec.af 1
C:\Users\keeghen\Documents\LimeWire\Incomplete\Preview-T-5846215-cray train.au Infected: Trojan-Downloader.WMA.GetCodec.s 1
C:\Users\keeghen\Documents\LimeWire\Incomplete\Preview-T-5854319-what ive done.au Infected: Trojan-Downloader.WMA.GetCodec.s 1
C:\Users\keeghen\Documents\LimeWire\Incomplete\Preview-T-5857600-feet pain.au Infected: Trojan-Downloader.WMA.GetCodec.s 1
C:\Users\keeghen\Documents\LimeWire\Incomplete\Preview-T-5874840-cray frog.au Infected: Trojan-Downloader.WMA.GetCodec.s 1
C:\Users\keeghen\Documents\LimeWire\Incomplete\T-1395705-Racist Songs - Johnny Rebel - I Hate Niggers (The KKK Song).wma Infected: Trojan-Downloader.WMA.Wimad.v 1
C:\Users\keeghen\Documents\LimeWire\Incomplete\T-2563347-blow whistle too short.mp3 Infected: Trojan-Downloader.WMA.Wimad.r 1
C:\Users\keeghen\Documents\LimeWire\Incomplete\T-2563347-last night strokes.mp3 Infected: Trojan-Downloader.WMA.Wimad.r 1
C:\Users\keeghen\Documents\LimeWire\Incomplete\T-2563347-re adduction though laber.mp3 Infected: Trojan-Downloader.WMA.Wimad.r 1
C:\Users\keeghen\Documents\LimeWire\Incomplete\T-2563347-somethings gotta give big boi.mp3 Infected: Trojan-Downloader.WMA.Wimad.r 1
C:\Users\keeghen\Documents\LimeWire\Incomplete\T-3209657-fat lip sum 41.mp3 Infected: Trojan-Downloader.WMA.GetCodec.aa 1
C:\Users\keeghen\Documents\LimeWire\Incomplete\T-3209657-freeze pepper.mp3 Infected: Trojan-Downloader.WMA.GetCodec.aa 1
C:\Users\keeghen\Documents\LimeWire\Incomplete\T-3303539-discovery channle bloodhopund.mp3 Infected: Trojan-Downloader.WMA.GetCodec.aa 1
C:\Users\keeghen\Documents\LimeWire\Incomplete\T-3424177-discovery channle bloodhound.mp3 Infected: Trojan-Downloader.WMA.GetCodec.aa 1
C:\Users\keeghen\Documents\LimeWire\Incomplete\T-3428740-kidz in the hall got it made 2009.mp3 Infected: Trojan-Downloader.WMA.GetCodec.aa 1
C:\Users\keeghen\Documents\LimeWire\Incomplete\T-3515163-gonna take it john butler trio.wma Infected: Trojan-Downloader.WMA.Wimad.n 1
C:\Users\keeghen\Documents\LimeWire\Incomplete\T-3515163-role call tenor saw - greatest hits.wma Infected: Trojan-Downloader.WMA.Wimad.n 1
C:\Users\keeghen\Documents\LimeWire\Incomplete\T-3515164-dumb medium troy.wma Infected: Trojan-Downloader.WMA.Wimad.n 1
C:\Users\keeghen\Documents\LimeWire\Incomplete\T-3515164-freshmen verve pipe.wma Infected: Trojan-Downloader.WMA.Wimad.n 1
C:\Users\keeghen\Documents\LimeWire\Incomplete\T-3515164-international players club ugk - greatest hits.wma Infected: Trojan-Downloader.WMA.Wimad.n 1
C:\Users\keeghen\Documents\LimeWire\Incomplete\T-3515164-mind playin tricks on me - greatest hits.wma Infected: Trojan-Downloader.WMA.Wimad.n 1
C:\Users\keeghen\Documents\LimeWire\Incomplete\T-3545427-gone going black eyed peas (256k 44800).mp3 Infected: Trojan-Downloader.WMA.GetCodec.u 1
C:\Users\keeghen\Documents\LimeWire\Incomplete\T-3545427-gonna take it john butler trio.mp3 Infected: Trojan-Downloader.WMA.GetCodec.ab 1
C:\Users\keeghen\Documents\LimeWire\Incomplete\T-3545427-house of broken nlove great.mp3 Infected: Trojan-Downloader.WMA.GetCodec.ab 1
C:\Users\keeghen\Documents\LimeWire\Incomplete\T-3555427-beat it micheal jackson [cd rip].mp3 Infected: Trojan-Downloader.WMA.GetCodec.u 1
C:\Users\keeghen\Documents\LimeWire\Incomplete\T-3555427-international players club ugk [dvd rip].mp3 Infected: Trojan-Downloader.WMA.GetCodec.u 1
C:\Users\keeghen\Documents\LimeWire\Incomplete\T-3615672-medium troy.mp3 Infected: Trojan-Downloader.WMA.GetCodec.c 1
C:\Users\keeghen\Documents\LimeWire\Incomplete\T-3870556-push acoustic matchbox twenty CD quality.mp3 Infected: Trojan-Downloader.WMA.GetCodec.f 1
C:\Users\keeghen\Documents\LimeWire\Incomplete\T-3877633-gonna take it john butler trio - greatest hits.mp3 Infected: Trojan-Downloader.WMA.GetCodec.n 1
C:\Users\keeghen\Documents\LimeWire\Incomplete\T-3877634-beautiful day medium troy - greatest hits.mp3 Infected: Trojan-Downloader.WMA.GetCodec.n 1
C:\Users\keeghen\Documents\LimeWire\Incomplete\T-3877634-freshmen verve pipe - greatest hits.mp3 Infected: Trojan-Downloader.WMA.GetCodec.n 1
C:\Users\keeghen\Documents\LimeWire\Incomplete\T-3877634-international players club ugk.mp3 Infected: Trojan-Downloader.WMA.GetCodec.n 1
C:\Users\keeghen\Documents\LimeWire\Incomplete\T-3877634-mind playin tricks on me.mp3 Infected: Trojan-Downloader.WMA.GetCodec.n 1
C:\Users\keeghen\Documents\LimeWire\Incomplete\T-3905427-gonna take it john butler trio (320k stereo).mp3 Infected: Trojan-Downloader.WMA.GetCodec.u 1
C:\Users\keeghen\Documents\LimeWire\Incomplete\T-4966553-trading places busy signal live.snd Infected: Trojan-Downloader.WMA.GetCodec.u 1
C:\Users\keeghen\Documents\LimeWire\Incomplete\T-5069516-no ones bettrer sake little new hot single.mp3 Infected: Trojan-Downloader.WMA.GetCodec.af 1
C:\Users\keeghen\Documents\LimeWire\Incomplete\T-5088466-gone going black eyed peas[256k quality].snd Infected: Trojan-Downloader.WMA.GetCodec.s 1
C:\Users\keeghen\Documents\LimeWire\Incomplete\T-5092646-shine collective soul.mp3 Infected: Trojan-Downloader.WMA.GetCodec.u 1
C:\Users\keeghen\Documents\LimeWire\Incomplete\T-5109030-trading places busy signal [extended concert version].mp3 Infected: Trojan-Downloader.WMA.GetCodec.u 1
C:\Users\keeghen\Documents\LimeWire\Incomplete\T-5188466-angel munica (44100 256k stereo).snd Infected: Trojan-Downloader.WMA.GetCodec.s 1
C:\Users\keeghen\Documents\LimeWire\Incomplete\T-5188466-beautiful day medium troy [very good quality].snd Infected: Trojan-Downloader.WMA.GetCodec.s 1
C:\Users\keeghen\Documents\LimeWire\Incomplete\T-5190950-shove it santo gold.mp3 Infected: Trojan-Downloader.WMA.GetCodec.u 1
C:\Users\keeghen\Documents\LimeWire\Incomplete\T-5299854-shoreline broken social scene.mp3 Infected: Trojan-Downloader.WMA.GetCodec.af 1
C:\Users\keeghen\Documents\LimeWire\Incomplete\T-5745425-role call tenor saw (unplugged version).mp3 Infected: Trojan-Downloader.WMA.GetCodec.r 1
C:\Users\keeghen\Documents\LimeWire\Incomplete\T-5745425-role call tenor saw.mp3 Infected: Trojan-Downloader.WMA.GetCodec.c 1
C:\Users\keeghen\Documents\LimeWire\Incomplete\T-5745425-young hollywood undead.mp3 Infected: Trojan-Downloader.WMA.GetCodec.c 1
C:\Users\keeghen\Documents\LimeWire\Incomplete\T-5846215-cray train.au Infected: Trojan-Downloader.WMA.GetCodec.s 1
C:\Users\keeghen\Documents\LimeWire\Incomplete\T-5854319-what ive done.au Infected: Trojan-Downloader.WMA.GetCodec.s 1
C:\Users\keeghen\Documents\LimeWire\Incomplete\T-5857600-feet pain.au Infected: Trojan-Downloader.WMA.GetCodec.s 1
C:\Users\keeghen\Documents\LimeWire\Incomplete\T-5872441-trading places busy signal extended version.mp3 Infected: Trojan-Downloader.WMA.GetCodec.u 1
C:\Users\keeghen\Documents\LimeWire\Incomplete\T-5874912-go your own way.au Infected: Trojan-Downloader.WMA.GetCodec.s 1
C:\Users\keeghen\Documents\LimeWire\Incomplete\T-5973609-day n night unedited kid cudi.au Infected: Trojan-Downloader.WMA.GetCodec.u 1
C:\Users\keeghen\Documents\LimeWire\Saved\angel manisa.mp3 Infected: Trojan-Downloader.WMA.Wimad.r 1
C:\Users\keeghen\Documents\LimeWire\Saved\ashes pepper.mp3 Infected: Trojan-Downloader.WMA.Wimad.r 1
C:\Users\keeghen\Documents\LimeWire\Saved\beat it michaeljackson.mp3 Infected: Trojan-Downloader.WMA.Wimad.r 1
C:\Users\keeghen\Documents\LimeWire\Saved\beautiful day medium troy.mp3 Infected: Trojan-Downloader.WMA.Wimad.r 1
C:\Users\keeghen\Documents\LimeWire\Saved\Benatar, Pat - Hit Me with Your Best Shot.mp3 Infected: Trojan-Downloader.WMA.GetCodec.c 1
C:\Users\keeghen\Documents\LimeWire\Saved\cray frog.au Infected: Trojan-Downloader.WMA.GetCodec.s 1
C:\Users\keeghen\Documents\LimeWire\Saved\cray frog.wma Infected: Trojan-Downloader.WMA.Wimad.y 1
C:\Users\keeghen\Documents\LimeWire\Saved\Def Leppard - Long, Long Way To Go.mp3 Infected: Trojan-Downloader.WMA.GetCodec.a 1
C:\Users\keeghen\Documents\LimeWire\Saved\eletric feel mgmt.mp3 Infected: Trojan-Downloader.WMA.GetCodec.r 1
C:\Users\keeghen\Documents\LimeWire\Saved\eye of tiger soriuor.mp3 Infected: Trojan-Downloader.WMA.GetCodec.aa 1
C:\Users\keeghen\Documents\LimeWire\Saved\eye of tiger sorviour.mp3 Infected: Trojan-Downloader.WMA.Wimad.r 1
C:\Users\keeghen\Documents\LimeWire\Saved\faraway wickelbacle.mp3 Infected: Trojan-Downloader.WMA.GetCodec.c 1
C:\Users\keeghen\Documents\LimeWire\Saved\feet pain.wma Infected: Trojan-Downloader.WMA.Wimad.y 1
C:\Users\keeghen\Documents\LimeWire\Saved\hope twista.wma Infected: Trojan-Downloader.WMA.GetCodec.x 1
C:\Users\keeghen\Documents\LimeWire\Saved\hot cold katieperry (cd rip).snd Infected: Trojan-Downloader.WMA.GetCodec.s 1
C:\Users\keeghen\Documents\LimeWire\Saved\hot cold katieperry(1).mp3 Infected: Trojan-Downloader.WMA.Wimad.r 1
C:\Users\keeghen\Documents\LimeWire\Saved\hot cold katieperry.mp3 Infected: Trojan-Downloader.WMA.Wimad.r 1
C:\Users\keeghen\Documents\LimeWire\Saved\kiss me tru phone.mpg Infected: Trojan-Downloader.WMA.GetCodec.ah 1
C:\Users\keeghen\Documents\LimeWire\Saved\kiss metru phone.wma Infected: Trojan-Downloader.WMA.Wimad.y 1
C:\Users\keeghen\Documents\LimeWire\Saved\let me be one def leppard.mp3 Infected: Trojan-Downloader.WMA.GetCodec.c 1
C:\Users\keeghen\Documents\LimeWire\Saved\livin on prayer bonjovi.wma Infected: Trojan-Downloader.WMA.Wimad.n 1
C:\Users\keeghen\Documents\LimeWire\Saved\martal kombat theme.mp3 Infected: Trojan-Downloader.WMA.GetCodec.w 1
C:\Users\keeghen\Documents\LimeWire\Saved\one drop bob marley - greatest hits.wma Infected: Trojan-Downloader.WMA.Wimad.n 1
C:\Users\keeghen\Documents\LimeWire\Saved\one drop bob marley.mp3 Infected: Trojan-Downloader.WMA.GetCodec.n 1
C:\Users\keeghen\Documents\LimeWire\Saved\Paul McCartney - Band On The Run - live (14-4-03).wma Infected: Trojan-Downloader.WMA.Wimad.y 1
C:\Users\keeghen\Documents\LimeWire\Saved\ramblin men.wma Infected: Trojan-Downloader.WMA.Wimad.y 1
C:\Users\keeghen\Documents\LimeWire\Saved\re adduction though laber.mp3 Infected: Trojan-Downloader.WMA.Wimad.r 1
C:\Users\keeghen\Documents\LimeWire\Saved\rockstar pink.mp3 Infected: Trojan-Downloader.WMA.GetCodec.c 1
C:\Users\keeghen\Documents\LimeWire\Saved\role call tenor saw.mp3 Infected: Trojan-Downloader.WMA.GetCodec.r 1
C:\Users\keeghen\Documents\LimeWire\Saved\roll call tenor saw - greatest hits.wma Infected: Trojan-Downloader.WMA.Wimad.n 1
C:\Users\keeghen\Documents\LimeWire\Saved\roll call tenor saw CD quality.mp3 Infected: Trojan-Downloader.WMA.GetCodec.f 1
C:\Users\keeghen\Documents\LimeWire\Saved\roll call tenor saw.mp3 Infected: Trojan-Downloader.WMA.GetCodec.r 1
C:\Users\keeghen\Documents\LimeWire\Saved\roll call tenor saw.wma Infected: Trojan-Downloader.WMA.Wimad.n 1
C:\Users\keeghen\Documents\LimeWire\Saved\say heym [new single].au Infected: Trojan-Downloader.WMA.GetCodec.u 1
C:\Users\keeghen\Documents\LimeWire\Saved\sorry buckchery.mp3 Infected: Trojan-Downloader.WMA.GetCodec.c 1
C:\Users\keeghen\Documents\LimeWire\Saved\three little birdies bobmarley.mp3 Infected: Trojan-Downloader.WMA.Wimad.r 1
C:\Users\keeghen\Documents\LimeWire\Saved\wake me up evanessance.mp3 Infected: Trojan-Downloader.WMA.GetCodec.c 1
C:\Users\keeghen\Documents\LimeWire\Saved\what ive done.au Infected: Trojan-Downloader.WMA.GetCodec.s 1
C:\Users\keeghen\Incomplete\T-4124974-kiss me throu tne phone.wma Infected: Trojan-Downloader.WMA.Wimad.y 1
C:\Users\keeghen\Incomplete\T-5358009-kiss me throtne phone.wma Infected: Trojan-Downloader.WMA.Wimad.y 1
C:\Users\keeghen\Shared\already gone kelly clackson.wma Infected: Trojan-Downloader.WMA.Wimad.y 1
C:\Users\keeghen\Shared\kiss me throu tne phone.wma Infected: Trojan-Downloader.WMA.Wimad.y 1
C:\Users\keeghen\Shared\kiss me through tne phone.wma Infected: Trojan-Downloader.WMA.Wimad.y 1
C:\Users\keeghen\Shared\numa numa.wma Infected: Trojan-Downloader.WMA.Wimad.y 1
C:\Users\keeghen\Shared\onetry.wma Infected: Trojan-Downloader.WMA.Wimad.y 1

Selected area has been scanned.

Aspen04
2010-03-29, 03:14
DDS (Ver_10-03-17.01) - NTFSx86
Run by keeghen at 17:10:03.70 on Sun 03/28/2010
Internet Explorer: 7.0.6000.16982
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.2038.1140 [GMT -7:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\Dwm.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe
C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\System32\p2phost.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntiSpy.exe
C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\notepad.exe
C:\Windows\explorer.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\keeghen\Downloads\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2077543
mStart Page = hxxp://www.comcast.net/
mWindow Title = Windows Internet Explorer provided by Comcast
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
uURLSearchHooks: H - No File
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Comcast Toolbar: {79ceea4e-c231-4614-9e3b-53b2a02f39b7} - c:\program files\comcasttb\comcastdx.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.4723.1820\swg.dll
BHO: MSN Toolbar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\4.0.0379.0\npwinext.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
TB: MSN Toolbar: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\4.0.0379.0\npwinext.dll
TB: Comcast Toolbar: {79ceea4e-c231-4614-9e3b-53b2a02f39b7} - c:\program files\comcasttb\comcastdx.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [CollaborationHost] c:\windows\system32\p2phost.exe -s
uRun: [Yahoo! Pager] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [cdloader] "c:\users\keeghen\appdata\roaming\mjusbsp\cdloader2.exe" MAGICJACK
uRun: [DW6] "c:\program files\the weather channel fw\desktop\DesktopWeather.exe"
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [ComcastAntispyClient] "c:\program files\comcasttb\comcastspywarescan\ComcastAntispy.exe" /hide
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [Apoint] c:\program files\apoint2k\Apoint.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"
mRun: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe
mRun: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [MSN Toolbar] "c:\program files\msn toolbar\platform\4.0.0379.0\mswinext.exe"
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [ddoctorv2] "c:\program files\comcast\desktop doctor\bin\sprtcmd.exe" /P ddoctorv2
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
mRunOnce: [Uninstall Adobe Download Manager] "c:\windows\system32\rundll32.exe" "c:\program files\nos\bin\getPlus_Helper.dll",Uninstall /IE2883E8F-472F-4fb0-9522-AC9BF37916A7 /Get1noarp
StartupFolder: c:\users\keeghen\appdata\roaming\micros~1\windows\startm~1\programs\startup\nikonm~1.lnk - c:\program files\common files\nikon\monitor\NkMonitor.exe
StartupFolder: c:\users\keeghen\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
Notify: igfxcui - igfxdev.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\keeghen\appdata\roaming\mozilla\firefox\profiles\lla6vrs0.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1269415&SearchSource=3&q=
FF - prefs.js: keyword.URL - hxxp://ws.infospace.com/playsushi_tbard/ws/redir?_iceUrl=true& user_id=&tool_id=60231&qkw=
FF - component: c:\program files\microsoft\search enhancement pack\search helper\firefoxextension\searchhelperextension\components\SEPsearchhelperff.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npzylomgamesplayer.dll
FF - plugin: c:\program files\msn toolbar\platform\4.0.0379.0\npwinext.dll
FF - plugin: c:\program files\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\users\keeghen\appdata\roaming\mozilla\firefox\profiles\lla6vrs0.default\extensions\{e2883e8f-472f-4fb0-9522-ac9bf37916a7}\plugins\np_gp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
pref(dom.disable_open_during_load, false);
============= SERVICES / DRIVERS ===============

R2 AntiSpywareService;Comcast AntiSpyware;c:\program files\comcasttb\comcastspywarescan\ComcastAntiSpyService.exe [2009-6-17 616408]
R3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2008-11-17 3668480]
S2 gupdate1ca2bf0da1cdaf0;Google Update Service (gupdate1ca2bf0da1cdaf0);c:\program files\google\update\GoogleUpdate.exe [2009-9-2 133104]
S3 mr97310c;CIF Dual-Mode Camera;c:\windows\system32\drivers\mr97310c.sys [2008-3-27 116992]
S3 netr73;Linksys Compact Wireless-G USB Adapter Driver for Vista;c:\windows\system32\drivers\WUSB54GCx86.sys [2007-3-12 256000]

=============== Created Last 30 ================

2010-03-28 19:11:46 0 d-----w- c:\programdata\Sun
2010-03-28 19:10:46 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-03-28 18:52:41 0 d-----w- c:\programdata\NOS
2010-03-28 18:48:11 0 d-sh--w- C:\$RECYCLE.BIN
2010-03-28 00:34:14 98816 ----a-w- c:\windows\sed.exe
2010-03-28 00:34:14 77312 ----a-w- c:\windows\MBR.exe
2010-03-28 00:34:14 261632 ----a-w- c:\windows\PEV.exe
2010-03-28 00:34:14 161792 ----a-w- c:\windows\SWREG.exe
2010-03-20 00:51:48 0 d-----w- c:\program files\Trend Micro
2010-03-19 22:35:47 0 d-----w- c:\users\keeghen\appdata\roaming\Malwarebytes
2010-03-19 22:35:41 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-19 22:35:39 0 d-----w- c:\programdata\Malwarebytes
2010-03-19 22:35:38 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-19 22:35:38 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-12 11:01:07 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-03-12 11:00:56 396800 ----a-w- c:\windows\system32\drivers\http.sys
2010-03-12 11:00:56 31232 ----a-w- c:\windows\system32\httpapi.dll

==================== Find3M ====================

2010-03-19 22:16:06 51200 ----a-w- c:\windows\inf\infpub.dat
2010-03-19 22:16:06 143360 ----a-w- c:\windows\inf\infstrng.dat
2010-03-19 22:16:03 86016 ----a-w- c:\windows\inf\infstor.dat
2010-02-24 17:16:06 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-01-25 12:58:44 473088 ----a-w- c:\windows\system32\secproc_isv.dll
2010-01-25 12:58:44 154624 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-01-25 12:58:44 154112 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-01-25 12:58:29 472576 ----a-w- c:\windows\system32\secproc.dll
2010-01-25 12:56:33 312320 ----a-w- c:\windows\system32\msdrm.dll
2010-01-25 08:36:22 435712 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-01-25 08:36:19 515584 ----a-w- c:\windows\system32\RMActivate.exe
2010-01-25 08:36:05 431104 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-01-25 08:35:58 523776 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-01-23 08:05:07 2048 ----a-w- c:\windows\system32\tzres.dll
2008-12-13 11:18:14 174 --sha-w- c:\program files\desktop.ini
2008-06-11 10:11:20 665600 ----a-w- c:\windows\inf\drvindex.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2007-08-18 10:10:46 397312 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.0.6000.16480_none_ef1b6bb652cf8744\WinMail.exe

============= FINISH: 17:11:22.77 ===============

Aspen04
2010-03-29, 03:14
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 7/21/2007 11:51:32 AM
System Uptime: 3/28/2010 10:50:26 AM (7 hours ago)

Motherboard: Wistron | | 30CD
Processor: Intel(R) Core(TM)2 Duo CPU T5250 @ 1.50GHz | U2E1 | 1000/667mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 141 GiB total, 78.084 GiB free.
D: is FIXED (NTFS) - 8 GiB total, 1.953 GiB free.
E: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP567: 2/22/2010 2:11:49 PM - Windows Update
RP569: 2/22/2010 2:20:13 PM - Windows Defender Checkpoint
RP570: 2/24/2010 3:00:22 AM - Windows Update
RP571: 2/25/2010 9:03:57 AM - Windows Update
RP572: 3/1/2010 5:29:41 PM - Windows Update
RP573: 3/4/2010 9:09:22 PM - Windows Update
RP575: 3/4/2010 9:45:53 PM - Windows Defender Checkpoint
RP576: 3/8/2010 8:04:07 PM - Windows Update
RP577: 3/11/2010 3:01:46 PM - Windows Update
RP578: 3/12/2010 3:00:19 AM - Windows Update
RP579: 3/16/2010 9:16:06 PM - Windows Update
RP580: 3/19/2010 2:51:36 PM - Windows Update
RP581: 3/19/2010 3:07:15 PM - Windows Update
RP583: 3/19/2010 3:27:01 PM - Windows Defender Checkpoint
RP584: 3/22/2010 6:28:21 PM - Windows Update
RP585: 3/25/2010 8:57:58 PM - Windows Update
RP587: 3/28/2010 10:59:36 AM - Removed RollerCoaster Tycoon 3 Platinum
RP589: 3/28/2010 11:09:08 AM - Removed Bob the Builder
RP591: 3/28/2010 11:10:25 AM - Removed Crazy Machines
RP592: 3/28/2010 11:19:05 AM - Removed Safari
RP593: 3/28/2010 11:49:03 AM - Removed Adobe Reader 8.1.3
RP594: 3/28/2010 11:57:47 AM - Installed Adobe Reader 9.3.
RP595: 3/28/2010 12:02:56 PM - Removed Java(TM) 6 Update 3
RP596: 3/28/2010 12:04:09 PM - Removed Java(TM) SE Runtime Environment 6
RP597: 3/28/2010 12:09:43 PM - Installed Java(TM) 6 Update 18

==== Installed Programs ======================

Acrobat.com
Activation Assistant for the 2007 Microsoft Office suites
ActiveCheck component for HP Active Support Library
Adobe AIR
Adobe Download Manager
Adobe Flash Player 10 Plugin
Adobe Reader 9.3
Adobe Shockwave Player 11.5
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcSoft Panorama Maker 4
ArcSoft PhotoImpression 4
Bonjour
CA Pest Patrol Realtime Protection
Camera Driver
CardRecovery 5.30
Comcast High-Speed Internet Install Wizard
Comcast Toolbar 3.0
Conexant HD Audio
Desktop Doctor
DivX Plus Web Player
ESU for Microsoft Vista
File Recover 7.5
GameHouse
Google Toolbar for Internet Explorer
Google Update Helper
HDAUDIO Soft Data Fax Modem with SmartCP
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Active Support Library
HP Active Support Library 32 bit components
HP Customer Experience Enhancements
HP Doc Viewer
HP Easy Setup - Frontend
HP Help and Support
HP Photosmart Essential 2.0
HP Photosmart Essential2.5
HP Quick Launch Buttons 6.20 B1
HP QuickPlay 3.2
HP Update
HP User Guides 0060
HP Wireless Assistant
HPAsset component for HP Active Support Library
HPNetworkAssistant
Intel Matrix Storage Manager
Intel(R) Graphics Media Accelerator Driver
iPod for Windows 2006-01-10
iTunes
Java Auto Updater
Java(TM) 6 Update 18
LightScribe 1.4.136.1
Malwarebytes' Anti-Malware
Marvell Miniport Driver
Microsoft .NET Framework 3.5 SP1
Microsoft Default Manager
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Small Business 2007
Microsoft Office Word MUI (English) 2007
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
MSCU for Microsoft Vista
MSN Toolbar
MSN Toolbar Platform
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
muvee autoProducer 6.0
NetWaiting
Nikon Message Center
Nikon Transfer
oggcodecs 0.71.0946
Phonics 4 Kids
PSSWCORE
QuickTime
Rhapsody
Rhapsody Player Engine
Roblox for keeghen
Roxio Activation Module
Roxio Creator Audio
Roxio Creator Basic v9
Roxio Creator Copy
Roxio Creator Data
Roxio Creator EasyArchive
Roxio Creator Tools
Roxio Express Labeler 3
Roxio MyDVD Basic v9
Scrapbook Factory 3.0
Scrapbooks Plus
Spelling Dictionaries Support For Adobe Reader 8
Stunt Track Driver
The Weather Channel Desktop 6
Touch Pad Driver
Unity Web Player
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
VC80CRTRedist - 8.0.50727.4053
Windows Live ID Sign-in Assistant
Yahoo! Browser Services
Yahoo! Install Manager
Yahoo! Internet Mail
Yahoo! Messenger
Yahoo! Music Jukebox
Yahoo! Toolbar

==== Event Viewer Messages From Past Week ========

3/27/2010 5:36:05 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
3/27/2010 5:35:35 PM, Error: Service Control Manager [7034] - The XAudioService service terminated unexpectedly. It has done this 1 time(s).
3/26/2010 6:47:09 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service BITS with arguments "" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}
3/26/2010 6:47:04 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service SeaPort with arguments "-Service" in order to run the server: {D6381B4A-D254-46EB-9018-A62E0F4BA6BA}
3/26/2010 12:55:41 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
3/26/2010 12:33:23 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
3/26/2010 12:33:01 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: spldr Wanarpv6
3/26/2010 12:33:01 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
3/26/2010 12:32:01 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
3/26/2010 12:31:58 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
3/26/2010 12:31:48 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
3/26/2010 12:31:37 PM, Error: EventLog [6008] - The previous system shutdown at 12:21:41 PM on 3/26/2010 was unexpected.
3/26/2010 12:14:14 PM, Error: Service Control Manager [7001] - The CyberLink Task Scheduler (CTS) service depends on the CyberLink Background Capture Service (CBCS) service which failed to start because of the following error: After starting, the service hung in a start-pending state.
3/26/2010 12:14:13 PM, Error: Service Control Manager [7022] - The CyberLink Background Capture Service (CBCS) service hung on starting.
3/26/2010 12:11:38 PM, Error: EventLog [6008] - The previous system shutdown at 12:10:12 PM on 3/26/2010 was unexpected.
3/25/2010 8:51:42 PM, Error: EventLog [6008] - The previous system shutdown at 8:39:16 PM on 3/25/2010 was unexpected.
3/22/2010 6:23:31 PM, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
3/21/2010 5:45:43 AM, Error: ACPI [10] - ACPI: ACPI BIOS is attempting to write to an illegal PCI Operation Region (0x5), Please contact your system vendor for technical assistance.

==== End Of File ===========================

Aspen04
2010-03-29, 03:18
ComboFix 10-03-27.02 - keeghen 03/28/2010 11:27:54.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.2038.939 [GMT -7:00]
Running from: c:\users\keeghen\Desktop\ComboFix.exe
Command switches used :: c:\users\keeghen\Desktop\CFScript.txt
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\LimeWire
c:\users\keeghen\AppData\Local\niikyc
c:\users\keeghen\AppData\Roaming\LimeWire
c:\users\keeghen\AppData\Roaming\LimeWire\414splashfree.png
c:\users\keeghen\AppData\Roaming\LimeWire\active.mojito
c:\users\keeghen\AppData\Roaming\LimeWire\certificate\limewire.keystore
c:\users\keeghen\AppData\Roaming\LimeWire\createtimes.cache
c:\users\keeghen\AppData\Roaming\LimeWire\downloads.dat
c:\users\keeghen\AppData\Roaming\LimeWire\fileurns.bak
c:\users\keeghen\AppData\Roaming\LimeWire\fileurns.cache
c:\users\keeghen\AppData\Roaming\LimeWire\filters.props
c:\users\keeghen\AppData\Roaming\LimeWire\gnutella.net
c:\users\keeghen\AppData\Roaming\LimeWire\installation.props
c:\users\keeghen\AppData\Roaming\LimeWire\library.dat
c:\users\keeghen\AppData\Roaming\LimeWire\limewire.props
c:\users\keeghen\AppData\Roaming\LimeWire\mojito.props
c:\users\keeghen\AppData\Roaming\LimeWire\passive.mojito
c:\users\keeghen\AppData\Roaming\LimeWire\promotion\promodb.backup
c:\users\keeghen\AppData\Roaming\LimeWire\promotion\promodb.data
c:\users\keeghen\AppData\Roaming\LimeWire\promotion\promodb.lck
c:\users\keeghen\AppData\Roaming\LimeWire\promotion\promodb.log
c:\users\keeghen\AppData\Roaming\LimeWire\promotion\promodb.properties
c:\users\keeghen\AppData\Roaming\LimeWire\promotion\promodb.script
c:\users\keeghen\AppData\Roaming\LimeWire\questions.props
c:\users\keeghen\AppData\Roaming\LimeWire\responses.cache
c:\users\keeghen\AppData\Roaming\LimeWire\simpp.xml
c:\users\keeghen\AppData\Roaming\LimeWire\spam.dat
c:\users\keeghen\AppData\Roaming\LimeWire\tables.props
c:\users\keeghen\AppData\Roaming\LimeWire\themes\windows_theme.lwtp
c:\users\keeghen\AppData\Roaming\LimeWire\themes\windows_theme\01_star.gif
c:\users\keeghen\AppData\Roaming\LimeWire\themes\windows_theme\02_star.gif
c:\users\keeghen\AppData\Roaming\LimeWire\themes\windows_theme\03_star.gif
c:\users\keeghen\AppData\Roaming\LimeWire\themes\windows_theme\04_star.gif
c:\users\keeghen\AppData\Roaming\LimeWire\themes\windows_theme\05_star.gif
c:\users\keeghen\AppData\Roaming\LimeWire\themes\windows_theme\chat.gif
c:\users\keeghen\AppData\Roaming\LimeWire\themes\windows_theme\forward_dn.gif
c:\users\keeghen\AppData\Roaming\LimeWire\themes\windows_theme\forward_up.gif
c:\users\keeghen\AppData\Roaming\LimeWire\themes\windows_theme\kill.gif
c:\users\keeghen\AppData\Roaming\LimeWire\themes\windows_theme\kill_on.gif
c:\users\keeghen\AppData\Roaming\LimeWire\themes\windows_theme\logo.png
c:\users\keeghen\AppData\Roaming\LimeWire\themes\windows_theme\notsearching.png
c:\users\keeghen\AppData\Roaming\LimeWire\themes\windows_theme\pause_dn.gif
c:\users\keeghen\AppData\Roaming\LimeWire\themes\windows_theme\pause_up.gif
c:\users\keeghen\AppData\Roaming\LimeWire\themes\windows_theme\play_dn.gif
c:\users\keeghen\AppData\Roaming\LimeWire\themes\windows_theme\play_up.gif
c:\users\keeghen\AppData\Roaming\LimeWire\themes\windows_theme\question.gif
c:\users\keeghen\AppData\Roaming\LimeWire\themes\windows_theme\rewind_dn.gif
c:\users\keeghen\AppData\Roaming\LimeWire\themes\windows_theme\rewind_up.gif
c:\users\keeghen\AppData\Roaming\LimeWire\themes\windows_theme\searching.gif
c:\users\keeghen\AppData\Roaming\LimeWire\themes\windows_theme\splash.png
c:\users\keeghen\AppData\Roaming\LimeWire\themes\windows_theme\splashpro.png
c:\users\keeghen\AppData\Roaming\LimeWire\themes\windows_theme\stop_dn.gif
c:\users\keeghen\AppData\Roaming\LimeWire\themes\windows_theme\stop_up.gif
c:\users\keeghen\AppData\Roaming\LimeWire\themes\windows_theme\theme.txt
c:\users\keeghen\AppData\Roaming\LimeWire\themes\windows_theme\version.txt
c:\users\keeghen\AppData\Roaming\LimeWire\themes\windows_theme\warning.gif
c:\users\keeghen\AppData\Roaming\LimeWire\version.xml
c:\users\keeghen\AppData\Roaming\LimeWire\versions.props
c:\users\keeghen\AppData\Roaming\LimeWire\xml\data\audio.sxml2
c:\users\keeghen\AppData\Roaming\LimeWire\xml\data\delete_me
c:\users\keeghen\AppData\Roaming\LimeWire\xml\data\video.sxml2
c:\users\keeghen\AppData\Roaming\LimeWire\xml\misc\application.gif
c:\users\keeghen\AppData\Roaming\LimeWire\xml\misc\audio.gif
c:\users\keeghen\AppData\Roaming\LimeWire\xml\misc\document.gif
c:\users\keeghen\AppData\Roaming\LimeWire\xml\misc\image.gif
c:\users\keeghen\AppData\Roaming\LimeWire\xml\misc\video.gif
c:\users\keeghen\AppData\Roaming\LimeWire\xml\schemas\application.xsd
c:\users\keeghen\AppData\Roaming\LimeWire\xml\schemas\audio.xsd
c:\users\keeghen\AppData\Roaming\LimeWire\xml\schemas\document.xsd
c:\users\keeghen\AppData\Roaming\LimeWire\xml\schemas\image.xsd
c:\users\keeghen\AppData\Roaming\LimeWire\xml\schemas\video.xsd
c:\users\keeghen\AppData\Roaming\LimeWireTurbo
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\createtimes.cache
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\fileurns.bak
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\fileurns.cache
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\filters.props
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\gnutella.net
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\installation.props
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\library.dat
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\LimeWireTurbo.props
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\questions.props
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\spam.dat
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\splash.png
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\tables.props
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\amber_theme.lwtp
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\amber_theme\01_star.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\amber_theme\02_star.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\amber_theme\03_star.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\amber_theme\04_star.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\amber_theme\05_star.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\amber_theme\chat.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\amber_theme\dir_closed.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\amber_theme\dir_open.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\amber_theme\forward_dn.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\amber_theme\forward_up.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\amber_theme\kill.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\amber_theme\kill_on.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\amber_theme\lime.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\amber_theme\pause_dn.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\amber_theme\pause_up.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\amber_theme\play_dn.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\amber_theme\play_up.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\amber_theme\question.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\amber_theme\rewind_dn.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\amber_theme\rewind_up.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\amber_theme\splash.png
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\amber_theme\stop_dn.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\amber_theme\stop_up.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\amber_theme\theme.txt
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\amber_theme\warning.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\black_theme.lwtp
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\black_theme\01_star.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\black_theme\02_star.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\black_theme\03_star.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\black_theme\04_star.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\black_theme\05_star.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\black_theme\chat.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\black_theme\dir_closed.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\black_theme\dir_open.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\black_theme\forward_dn.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\black_theme\forward_up.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\black_theme\kill.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\black_theme\kill_on.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\black_theme\lime.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\black_theme\pause_dn.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\black_theme\pause_up.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\black_theme\play_dn.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\black_theme\play_up.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\black_theme\question.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\black_theme\rewind_dn.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\black_theme\rewind_up.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\black_theme\splash.png
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\black_theme\stop_dn.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\black_theme\stop_up.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\black_theme\theme.txt
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\black_theme\warning.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\brown_and_pink_theme.lwtp
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\brown_and_pink_theme\01_star.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\brown_and_pink_theme\02_star.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\brown_and_pink_theme\03_star.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\brown_and_pink_theme\04_star.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\brown_and_pink_theme\05_star.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\brown_and_pink_theme\chat.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\brown_and_pink_theme\dir_closed.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\brown_and_pink_theme\dir_open.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\brown_and_pink_theme\forward_dn.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\brown_and_pink_theme\forward_up.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\brown_and_pink_theme\kill.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\brown_and_pink_theme\kill_on.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\brown_and_pink_theme\lime.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\brown_and_pink_theme\pause_dn.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\brown_and_pink_theme\pause_up.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\brown_and_pink_theme\play_dn.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\brown_and_pink_theme\play_up.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\brown_and_pink_theme\question.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\brown_and_pink_theme\rewind_dn.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\brown_and_pink_theme\rewind_up.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\brown_and_pink_theme\splash.png
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\brown_and_pink_theme\stop_dn.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\brown_and_pink_theme\stop_up.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\brown_and_pink_theme\theme.txt
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\brown_and_pink_theme\warning.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\brown_theme.lwtp
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\brown_theme\01_star.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\brown_theme\02_star.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\brown_theme\03_star.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\brown_theme\04_star.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\brown_theme\05_star.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\brown_theme\chat.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\brown_theme\dir_closed.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\brown_theme\dir_open.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\brown_theme\forward_dn.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\brown_theme\forward_up.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\brown_theme\kill.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\brown_theme\kill_on.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\brown_theme\lime.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\brown_theme\pause_dn.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\brown_theme\pause_up.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\brown_theme\play_dn.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\brown_theme\play_up.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\brown_theme\question.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\brown_theme\rewind_dn.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\brown_theme\rewind_up.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\brown_theme\splash.png
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\brown_theme\stop_dn.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\brown_theme\stop_up.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\brown_theme\theme.txt
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\brown_theme\warning.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\brushed_metal_theme_osx.lwtp
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\brushed_metal_theme_osx\01_star.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\brushed_metal_theme_osx\02_star.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\brushed_metal_theme_osx\03_star.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\brushed_metal_theme_osx\04_star.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\brushed_metal_theme_osx\05_star.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\brushed_metal_theme_osx\chat.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\brushed_metal_theme_osx\forward_dn.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\brushed_metal_theme_osx\forward_up.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\brushed_metal_theme_osx\kill.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\brushed_metal_theme_osx\kill_on.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\brushed_metal_theme_osx\lime.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\brushed_metal_theme_osx\pause_dn.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\brushed_metal_theme_osx\pause_up.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\brushed_metal_theme_osx\play_dn.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\brushed_metal_theme_osx\play_up.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\brushed_metal_theme_osx\question.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\brushed_metal_theme_osx\rewind_dn.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\brushed_metal_theme_osx\rewind_up.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\brushed_metal_theme_osx\splash.png
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\brushed_metal_theme_osx\stop_dn.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\brushed_metal_theme_osx\stop_up.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\brushed_metal_theme_osx\theme.txt
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\brushed_metal_theme_osx\warning.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\CarbonClassic_theme.lwtp
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\CarbonClassic_theme\01_star.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\CarbonClassic_theme\02_star.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\CarbonClassic_theme\03_star.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\CarbonClassic_theme\04_star.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\CarbonClassic_theme\05_star.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\CarbonClassic_theme\author.txt
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\CarbonClassic_theme\chat.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\CarbonClassic_theme\dir_closed.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\CarbonClassic_theme\dir_open.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\CarbonClassic_theme\forward_dn.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\CarbonClassic_theme\forward_up.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\CarbonClassic_theme\kill.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\CarbonClassic_theme\kill_on.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\CarbonClassic_theme\lime.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\CarbonClassic_theme\pause_dn.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\CarbonClassic_theme\pause_up.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\CarbonClassic_theme\play_dn.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\CarbonClassic_theme\play_up.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\CarbonClassic_theme\question.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\CarbonClassic_theme\rewind_dn.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\CarbonClassic_theme\rewind_up.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\CarbonClassic_theme\search.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\CarbonClassic_theme\splash.png
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\CarbonClassic_theme\stop_dn.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\CarbonClassic_theme\stop_up.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\CarbonClassic_theme\theme.txt
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\CarbonClassic_theme\warning.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\classic_theme.lwtp
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\classic_theme\01_star.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\classic_theme\02_star.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\classic_theme\03_star.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\classic_theme\04_star.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\classic_theme\05_star.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\classic_theme\chat.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\classic_theme\dir_closed.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\classic_theme\dir_open.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\classic_theme\forward_dn.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\classic_theme\forward_up.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\classic_theme\kill.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\classic_theme\lime.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\classic_theme\pause_dn.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\classic_theme\pause_up.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\classic_theme\play_dn.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\classic_theme\play_up.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\classic_theme\question.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\classic_theme\rewind_dn.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\classic_theme\rewind_up.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\classic_theme\search.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\classic_theme\splash.png
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\classic_theme\stop_dn.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\classic_theme\stop_up.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\classic_theme\theme.txt
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\classic_theme\warning.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\green_theme.lwtp
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\green_theme\01_star.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\green_theme\02_star.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\green_theme\03_star.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\green_theme\04_star.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\green_theme\05_star.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\green_theme\chat.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\green_theme\connections.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\green_theme\dir_closed.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\green_theme\dir_open.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\green_theme\forward_dn.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\green_theme\forward_up.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\green_theme\kill.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\green_theme\lime.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\green_theme\pause_dn.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\green_theme\pause_up.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\green_theme\play_dn.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\green_theme\play_up.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\green_theme\question.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\green_theme\rewind_dn.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\green_theme\rewind_up.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\green_theme\search.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\green_theme\splash.png
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\green_theme\stop_dn.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\green_theme\stop_up.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\green_theme\theme.txt
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\green_theme\warning.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\GTK_theme.lwtp
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\GTK_theme\01_star.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\GTK_theme\02_star.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\GTK_theme\03_star.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\GTK_theme\04_star.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\GTK_theme\05_star.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\GTK_theme\chat.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\GTK_theme\forward_dn.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\GTK_theme\forward_up.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\GTK_theme\kill.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\GTK_theme\kill_on.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\GTK_theme\lime.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\GTK_theme\pause_dn.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\GTK_theme\pause_up.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\GTK_theme\play_dn.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\GTK_theme\play_up.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\GTK_theme\question.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\GTK_theme\rewind_dn.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\GTK_theme\rewind_up.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\GTK_theme\splash.png
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\GTK_theme\stop_dn.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\GTK_theme\stop_up.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\GTK_theme\theme.txt
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\GTK_theme\warning.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\halloween_theme.lwtp
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\halloween_theme\01_star.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\halloween_theme\02_star.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\halloween_theme\03_star.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\halloween_theme\04_star.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\halloween_theme\05_star.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\halloween_theme\button1.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\halloween_theme\button1_press.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\halloween_theme\button2.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\halloween_theme\button2_press.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\halloween_theme\button3.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\halloween_theme\button3_press.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\halloween_theme\button4.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\halloween_theme\button4_press.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\halloween_theme\button5.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\halloween_theme\button5_press.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\halloween_theme\chat.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\halloween_theme\connections.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\halloween_theme\dir_closed.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\halloween_theme\dir_open.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\halloween_theme\forward_dn-lw.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\halloween_theme\forward_dn.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\halloween_theme\forward_up-lw.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\halloween_theme\forward_up.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\halloween_theme\kill.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\halloween_theme\kill_on.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\halloween_theme\library.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\halloween_theme\lime.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\halloween_theme\monitor.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\halloween_theme\pause_dn-lw.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\halloween_theme\pause_dn.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\halloween_theme\pause_up-lw.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\halloween_theme\pause_up.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\halloween_theme\play_dn-lw.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\halloween_theme\play_dn.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\halloween_theme\play_up-lw.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\halloween_theme\play_up.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\halloween_theme\plug.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\halloween_theme\question.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\halloween_theme\rewind_dn.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\halloween_theme\rewind_up.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\halloween_theme\search.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\halloween_theme\splash.png
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\halloween_theme\stop_dn.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\halloween_theme\stop_up.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\halloween_theme\theme.txt
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\halloween_theme\warning.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\holiday_theme.lwtp
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\holiday_theme\01_star.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\holiday_theme\02_star.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\holiday_theme\03_star.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\holiday_theme\04_star.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\holiday_theme\05_star.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\holiday_theme\chat.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\holiday_theme\dir_closed.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\holiday_theme\dir_open.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\holiday_theme\forward_dn.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\holiday_theme\forward_up.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\holiday_theme\kill.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\holiday_theme\kill_on.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\holiday_theme\lime.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\holiday_theme\pause_dn.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\holiday_theme\pause_up.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\holiday_theme\play_dn.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\holiday_theme\play_up.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\holiday_theme\question.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\holiday_theme\rewind_dn.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\holiday_theme\rewind_up.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\holiday_theme\splash.png
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\holiday_theme\stop_dn.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\holiday_theme\stop_up.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\holiday_theme\theme.txt
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\holiday_theme\warning.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\ocean_theme.lwtp
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\ocean_theme\01_star.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\ocean_theme\02_star.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\ocean_theme\03_star.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\ocean_theme\04_star.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\ocean_theme\05_star.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\ocean_theme\chat.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\ocean_theme\dir_closed.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\ocean_theme\dir_open.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\ocean_theme\forward_dn.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\ocean_theme\forward_up.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\ocean_theme\kill.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\ocean_theme\kill_on.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\ocean_theme\lime.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\ocean_theme\pause_dn.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\ocean_theme\pause_up.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\ocean_theme\play_dn.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\ocean_theme\play_up.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\ocean_theme\question.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\ocean_theme\rewind_dn.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\ocean_theme\rewind_up.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\ocean_theme\splash.png
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\ocean_theme\stop_dn.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\ocean_theme\stop_up.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\ocean_theme\theme.txt
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\ocean_theme\warning.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\other_theme.lwtp
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\other_theme\01_star.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\other_theme\02_star.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\other_theme\03_star.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\other_theme\04_star.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\other_theme\05_star.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\other_theme\chat.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\other_theme\forward_dn.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\other_theme\forward_up.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\other_theme\kill.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\other_theme\kill_on.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\other_theme\lime.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\other_theme\pause_dn.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\other_theme\pause_up.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\other_theme\play_dn.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\other_theme\play_up.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\other_theme\question.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\other_theme\rewind_dn.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\other_theme\rewind_up.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\other_theme\splash.png
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\other_theme\stop_dn.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\other_theme\stop_up.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\other_theme\theme.txt
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\other_theme\warning.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\party_theme.lwtp
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\party_theme\01_star.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\party_theme\02_star.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\party_theme\03_star.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\party_theme\04_star.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\party_theme\05_star.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\party_theme\chat.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\party_theme\dir_closed.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\party_theme\dir_open.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\party_theme\forward_dn.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\party_theme\forward_up.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\party_theme\kill.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\party_theme\kill_on.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\party_theme\lime.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\party_theme\pause_dn.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\party_theme\pause_up.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\party_theme\play_dn.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\party_theme\play_up.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\party_theme\question.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\party_theme\rewind_dn.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\party_theme\rewind_up.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\party_theme\splash.png
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\party_theme\stop_dn.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\party_theme\stop_up.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\party_theme\theme.txt
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\party_theme\warning.gif

Aspen04
2010-03-29, 03:18
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\patriotic_theme.lwtp
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\patriotic_theme\01_star.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\patriotic_theme\02_star.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\patriotic_theme\03_star.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\patriotic_theme\04_star.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\patriotic_theme\05_star.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\patriotic_theme\chat.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\patriotic_theme\dir_closed.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\patriotic_theme\dir_open.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\patriotic_theme\forward_dn.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\patriotic_theme\forward_up.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\patriotic_theme\kill.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\patriotic_theme\kill_on.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\patriotic_theme\lime.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\patriotic_theme\pause_dn.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\patriotic_theme\pause_up.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\patriotic_theme\play_dn.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\patriotic_theme\play_up.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\patriotic_theme\question.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\patriotic_theme\rewind_dn.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\patriotic_theme\rewind_up.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\patriotic_theme\splash.png
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\patriotic_theme\stop_dn.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\patriotic_theme\stop_up.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\patriotic_theme\theme.txt
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\patriotic_theme\warning.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\pink_and_black_theme.lwtp
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\pink_and_black_theme\01_star.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\pink_and_black_theme\02_star.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\pink_and_black_theme\03_star.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\pink_and_black_theme\04_star.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\pink_and_black_theme\05_star.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\pink_and_black_theme\author.txt
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\pink_and_black_theme\chat.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\pink_and_black_theme\dir_closed.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\pink_and_black_theme\dir_open.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\pink_and_black_theme\forward_dn.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\pink_and_black_theme\forward_up.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\pink_and_black_theme\kill.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\pink_and_black_theme\kill_on.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\pink_and_black_theme\lime.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\pink_and_black_theme\pause_dn.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\pink_and_black_theme\pause_up.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\pink_and_black_theme\play_dn.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\pink_and_black_theme\play_up.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\pink_and_black_theme\question.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\pink_and_black_theme\rewind_dn.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\pink_and_black_theme\rewind_up.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\pink_and_black_theme\splash.png
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\pink_and_black_theme\stop_dn.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\pink_and_black_theme\stop_up.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\pink_and_black_theme\theme.txt
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\pink_and_black_theme\warning.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\pink_theme.lwtp
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\pink_theme\01_star.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\pink_theme\02_star.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\pink_theme\03_star.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\pink_theme\04_star.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\pink_theme\05_star.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\pink_theme\chat.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\pink_theme\dir_closed.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\pink_theme\dir_open.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\pink_theme\forward_dn.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\pink_theme\forward_up.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\pink_theme\kill.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\pink_theme\kill_on.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\pink_theme\lime.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\pink_theme\pause_dn.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\pink_theme\pause_up.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\pink_theme\play_dn.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\pink_theme\play_up.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\pink_theme\question.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\pink_theme\rewind_dn.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\pink_theme\rewind_up.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\pink_theme\splash.png
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\pink_theme\stop_dn.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\pink_theme\stop_up.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\pink_theme\theme.txt
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\pink_theme\warning.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\pinstripes_theme_osx.lwtp
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\pinstripes_theme_osx\01_star.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\pinstripes_theme_osx\02_star.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\pinstripes_theme_osx\03_star.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\pinstripes_theme_osx\04_star.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\pinstripes_theme_osx\05_star.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\pinstripes_theme_osx\chat.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\pinstripes_theme_osx\forward_dn.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\pinstripes_theme_osx\forward_up.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\pinstripes_theme_osx\kill.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\pinstripes_theme_osx\kill_on.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\pinstripes_theme_osx\lime.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\pinstripes_theme_osx\pause_dn.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\pinstripes_theme_osx\pause_up.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\pinstripes_theme_osx\play_dn.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\pinstripes_theme_osx\play_up.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\pinstripes_theme_osx\question.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\pinstripes_theme_osx\rewind_dn.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\pinstripes_theme_osx\rewind_up.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\pinstripes_theme_osx\splash.png
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\pinstripes_theme_osx\stop_dn.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\pinstripes_theme_osx\stop_up.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\pinstripes_theme_osx\theme.txt
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\pinstripes_theme_osx\warning.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\red_theme.lwtp
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\red_theme\01_star.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\red_theme\02_star.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\red_theme\03_star.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\red_theme\04_star.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\red_theme\05_star.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\red_theme\chat.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\red_theme\dir_closed.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\red_theme\dir_open.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\red_theme\forward_dn.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\red_theme\forward_up.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\red_theme\kill.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\red_theme\kill_on.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\red_theme\lime.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\red_theme\pause_dn.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\red_theme\pause_up.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\red_theme\play_dn.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\red_theme\play_up.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\red_theme\question.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\red_theme\rewind_dn.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\red_theme\rewind_up.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\red_theme\splash.png
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\red_theme\stop_dn.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\red_theme\stop_up.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\red_theme\theme.txt
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\red_theme\warning.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\valentine_theme.lwtp
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\valentine_theme\01_star.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\valentine_theme\02_star.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\valentine_theme\03_star.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\valentine_theme\04_star.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\valentine_theme\05_star.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\valentine_theme\chat.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\valentine_theme\dir_closed.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\valentine_theme\dir_open.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\valentine_theme\forward_dn.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\valentine_theme\forward_up.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\valentine_theme\kill.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\valentine_theme\kill_on.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\valentine_theme\lime.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\valentine_theme\pause_dn.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\valentine_theme\pause_up.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\valentine_theme\play_dn.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\valentine_theme\play_up.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\valentine_theme\question.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\valentine_theme\rewind_dn.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\valentine_theme\rewind_up.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\valentine_theme\splash.png
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\valentine_theme\stop_dn.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\valentine_theme\stop_up.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\valentine_theme\theme.txt
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\valentine_theme\warning.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\white_theme.lwtp
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\white_theme\01_star.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\white_theme\02_star.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\white_theme\03_star.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\white_theme\04_star.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\white_theme\05_star.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\white_theme\chat.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\white_theme\dir_closed.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\white_theme\dir_open.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\white_theme\forward_dn.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\white_theme\forward_up.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\white_theme\kill.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\white_theme\kill_on.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\white_theme\lime.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\white_theme\pause_dn.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\white_theme\pause_up.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\white_theme\play_dn.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\white_theme\play_up.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\white_theme\question.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\white_theme\rewind_dn.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\white_theme\rewind_up.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\white_theme\splash.png
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\white_theme\stop_dn.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\white_theme\stop_up.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\white_theme\theme.txt
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\white_theme\warning.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\windows_theme.lwtp
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\windows_theme\01_star.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\windows_theme\02_star.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\windows_theme\03_star.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\windows_theme\04_star.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\windows_theme\05_star.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\windows_theme\chat.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\windows_theme\forward_dn.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\windows_theme\forward_up.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\windows_theme\kill.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\windows_theme\kill_on.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\windows_theme\lime.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\windows_theme\pause_dn.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\windows_theme\pause_up.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\windows_theme\play_dn.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\windows_theme\play_up.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\windows_theme\question.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\windows_theme\rewind_dn.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\windows_theme\rewind_up.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\windows_theme\splash.png
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\windows_theme\stop_dn.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\windows_theme\stop_up.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\windows_theme\theme.txt
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\windows_theme\warning.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\ttree.cache
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\xml\data\audio.sxml
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\xml\data\delete_me
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\xml\misc\application.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\xml\misc\audio.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\xml\misc\document.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\xml\misc\image.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\xml\misc\video.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\xml\schemas\application.xsd
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\xml\schemas\audio.xsd
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\xml\schemas\document.xsd
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\xml\schemas\image.xsd
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\xml\schemas\video.xsd

.
((((((((((((((((((((((((( Files Created from 2010-02-28 to 2010-03-28 )))))))))))))))))))))))))))))))
.

2010-03-28 18:42 . 2010-03-28 18:42 -------- d-----w- c:\users\keeghen\AppData\Local\temp
2010-03-28 18:42 . 2010-03-28 18:42 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-03-28 18:42 . 2010-03-28 18:42 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-03-28 18:23 . 2010-03-28 18:23 -------- d-----w- C:\32788R22FWJFW
2010-03-20 00:51 . 2010-03-20 00:51 -------- d-----w- c:\program files\Trend Micro
2010-03-19 22:35 . 2010-03-19 22:35 -------- d-----w- c:\users\keeghen\AppData\Roaming\Malwarebytes
2010-03-19 22:35 . 2010-01-07 23:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-19 22:35 . 2010-03-19 22:35 -------- d-----w- c:\programdata\Malwarebytes
2010-03-19 22:35 . 2010-03-19 22:35 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-19 22:35 . 2010-01-07 23:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-19 22:31 . 2010-03-19 22:31 509552 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtb3B5D.tmp.exe
2010-03-12 11:01 . 2010-02-20 23:54 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-03-12 11:00 . 2010-02-20 23:51 31232 ----a-w- c:\windows\system32\httpapi.dll
2010-03-12 11:00 . 2010-02-20 21:30 396800 ----a-w- c:\windows\system32\drivers\http.sys
2010-02-28 18:57 . 2010-02-28 18:57 658184 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-28 18:18 . 2007-07-02 12:03 -------- d-----w- c:\program files\HP Games
2010-03-28 18:18 . 2007-07-02 12:03 -------- d-----w- c:\programdata\WildTangent
2010-03-28 18:10 . 2007-07-02 11:04 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-03-28 18:08 . 2009-11-22 19:23 -------- d-----w- c:\program files\WON
2010-03-28 18:07 . 2009-09-02 17:15 -------- d-----w- c:\program files\Zylom Games
2010-03-28 18:07 . 2007-09-02 21:37 -------- d-----w- c:\program files\Hasbro Interactive
2010-03-28 18:05 . 2007-08-30 04:54 -------- d-----w- c:\program files\Nick Arcade
2010-03-28 18:02 . 2006-11-02 12:37 -------- d-----w- c:\program files\Microsoft Games
2010-03-28 17:59 . 2007-12-16 17:55 -------- d-----w- c:\users\keeghen\AppData\Roaming\Atari
2010-03-28 17:59 . 2009-09-02 17:11 -------- d-----w- c:\program files\RealArcade
2010-03-28 00:52 . 2009-12-22 03:59 -------- d-----w- c:\program files\PlaySushi
2010-03-27 01:58 . 2009-02-21 03:40 1356 ----a-w- c:\users\keeghen\AppData\Local\d3d9caps.dat
2010-03-23 01:22 . 2007-07-02 11:24 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-03-20 00:53 . 2007-12-23 19:16 -------- d-----w- c:\program files\Google
2010-03-12 11:18 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-02-25 16:59 . 2010-02-25 16:59 -------- d-----w- c:\program files\DivX
2010-02-25 16:59 . 2010-02-25 16:59 -------- d-----w- c:\program files\Common Files\DivX Shared
2010-02-24 17:16 . 2009-10-06 00:02 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-24 11:22 . 2007-08-14 13:17 151240 ----a-w- c:\users\keeghen\AppData\Local\GDIPFONTCACHEV1.DAT
2010-02-07 04:38 . 2009-11-08 01:01 -------- d-----w- c:\program files\iPod
2010-01-25 12:58 . 2010-02-23 22:16 473088 ----a-w- c:\windows\system32\secproc_isv.dll
2010-01-25 12:58 . 2010-02-23 22:16 154624 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-01-25 12:58 . 2010-02-23 22:16 154112 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-01-25 12:58 . 2010-02-23 22:16 472576 ----a-w- c:\windows\system32\secproc.dll
2010-01-25 12:56 . 2010-02-23 22:16 312320 ----a-w- c:\windows\system32\msdrm.dll
2010-01-25 08:36 . 2010-02-23 22:16 435712 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-01-25 08:36 . 2010-02-23 22:16 515584 ----a-w- c:\windows\system32\RMActivate.exe
2010-01-25 08:36 . 2010-02-23 22:16 431104 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-01-25 08:35 . 2010-02-23 22:16 523776 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-01-23 08:05 . 2010-02-23 22:18 2048 ----a-w- c:\windows\system32\tzres.dll
2007-08-18 10:10 . 2007-08-18 10:10 397312 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.0.6000.16480_none_ef1b6bb652cf8744\WinMail.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-12 1232896]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440]
"CollaborationHost"="c:\windows\system32\p2phost.exe" [2006-11-02 191488]
"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-31 4670704]
"cdloader"="c:\users\keeghen\AppData\Roaming\mjusbsp\cdloader2.exe" [2009-04-10 50520]
"DW6"="c:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe" [2009-10-08 818288]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-05 39408]
"ComcastAntispyClient"="c:\program files\comcasttb\ComcastSpywareScan\ComcastAntispy.exe" [2009-08-19 1589208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2007-08-18 1006264]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-03-11 159744]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-02-12 174872]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2007-04-24 176128]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-02-13 159744]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2007-03-12 50696]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-03-01 472776]
"WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-10 317128]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-17 49152]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 132496]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-10-29 141600]
"MSN Toolbar"="c:\program files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe" [2009-12-09 240992]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-07-17 288080]
"ddoctorv2"="c:\program files\Comcast\Desktop Doctor\bin\sprtcmd.exe" [2008-04-24 202560]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-12 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-12 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-12 133656]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-01-07 1394000]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\windows\SMINST\launcher.exe" [2006-11-08 44128]

c:\users\keeghen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Nikon Monitor.lnk - c:\program files\Common Files\Nikon\Monitor\NkMonitor.exe [2007-5-15 479232]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

R2 gupdate1ca2bf0da1cdaf0;Google Update Service (gupdate1ca2bf0da1cdaf0);c:\program files\Google\Update\GoogleUpdate.exe [2009-09-02 133104]
R3 mr97310c;CIF Dual-Mode Camera;c:\windows\system32\DRIVERS\mr97310c.sys [2008-03-27 116992]
R3 netr73;Linksys Compact Wireless-G USB Adapter Driver for Vista;c:\windows\system32\DRIVERS\WUSB54GCx86.sys [2007-03-12 256000]
S2 AntiSpywareService;Comcast AntiSpyware;c:\program files\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe [2009-06-17 616408]
S3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-11-17 3668480]


--- Other Services/Drivers In Memory ---

*Deregistered* - secdrv
.
Contents of the 'Scheduled Tasks' folder

2010-03-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-02 17:14]

2010-03-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-02 17:14]

2010-03-28 c:\windows\Tasks\User_Feed_Synchronization-{7E7675EB-E364-4B5A-9FC2-1EE67EEB0CA6}.job
- c:\windows\system32\msfeedssync.exe [2006-11-02 09:45]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2077543
mStart Page = hxxp://www.comcast.net/
mWindow Title = Windows Internet Explorer provided by Comcast
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
FF - ProfilePath - c:\users\keeghen\AppData\Roaming\Mozilla\Firefox\Profiles\lla6vrs0.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1269415&SearchSource=3&q=
FF - prefs.js: browser.search.selectedEngine - P2P_Energy Customized Web Search
FF - component: c:\program files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\components\SEPsearchhelperff.dll
FF - component: c:\users\keeghen\AppData\Roaming\Mozilla\Firefox\Profiles\lla6vrs0.default\extensions\{038cb5c7-48ea-4af9-94e0-a1646542e62b}\components\FFAlert.dll
FF - component: c:\users\keeghen\AppData\Roaming\Mozilla\Firefox\Profiles\lla6vrs0.default\extensions\{2bae58c2-79f9-45d1-a286-81f911301c3a}\components\FFAlert.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npzylomgamesplayer.dll
FF - plugin: c:\program files\MSN Toolbar\Platform\4.0.0379.0\npwinext.dll
FF - plugin: c:\program files\Unity\WebPlayer\loader\npUnity3D32.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
pref(dom.disable_open_during_load, false);.
- - - - ORPHANS REMOVED - - - -

AddRemove-WildTangent hplaptop Master Uninstall - c:\program files\HP Games\Uninstall.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-28 11:42
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(748)
c:\program files\CA\PPRT\bin\CACheck.dll
c:\program files\CA\PPRT\bin\CAHook.dll
c:\program files\CA\PPRT\bin\CAServer.dll
.
Completion time: 2010-03-28 11:48:02
ComboFix-quarantined-files.txt 2010-03-28 18:47
ComboFix2.txt 2010-03-28 01:01

Pre-Run: 91,744,428,032 bytes free
Post-Run: 90,150,326,272 bytes free

- - End Of File - - 14DD680BF082441B90C55706383461AD

Aspen04
2010-03-29, 03:20
combofix log posted in 2 separate posts due to length. I tried attaching. said file was to large.

Blade81
2010-03-29, 11:31
Hi,

You need to get Adobe Reader update 9.3.1 too.

Delete these folders:
C:\Users\keeghen\Documents\LimeWire
C:\Users\keeghen\Incomplete

and files:
C:\Users\keeghen\Shared\already gone kelly clackson.wma
C:\Users\keeghen\Shared\kiss me throu tne phone.wma
C:\Users\keeghen\Shared\kiss me through tne phone.wma
C:\Users\keeghen\Shared\numa numa.wma
C:\Users\keeghen\Shared\onetry.wma


How is the system running now?

Aspen04
2010-03-30, 03:27
I thought I downloaded the reader. I will try downloading the MUI one 279mb

I deleted the limewire folder.

I am attempting to delete the items in the shared folder under C:/users/keeghen/shared

as soon as I open the C:/ drive the computer freezes and i get a pop up that says windows explorer has stopped working. screen goes blank and then closes the window and shows the normal desktop.

I do have a few seconds to scroll down in the C:/ drive and it seems there are just TONS of random files. literally 1000s

Aspen04
2010-03-30, 03:29
sorry not the C:/ folder. its as soon as I open the users/keeghen folder there are a Few .ASC files have no idea what they are. then it freezes and does as described above.

Blade81
2010-03-30, 14:15
Hi,

Run a disk check for drive C: by following method 1 here (http://www.vistax64.com/tutorials/67612-check-disk-chkdsk.html). Then defrag the drive. See if freezing still occurs after that.

Aspen04
2010-03-31, 07:57
I attempted to run a disk check using option 1 from the link you posted. it got to 23% in stage 4 of 5 and froze.

this freezing issue is irritating, cant even enter the Keeghen folder without explorer stop responding/restarting.

I defragmented the volume, with no issues. seems it is scheduled to defrag every week at 1am. and has successfully ran defrag many times on the schedule.

Blade81
2010-03-31, 11:33
Hi,

It's possible that disk has some issues. Please try if you're able to run the check in safe mode.

Blade81
2010-04-07, 11:30
Due to inactivity, this thread will now be closed.

Note:If it has been four days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread. Please do not add any logs that might have been requested in the closed topic, you would be starting fresh.

If it has been less than four days since your last response and you need the thread re-opened, please send me or MOD a private message (pm). A valid, working link to the closed topic is required.