-
DDS (Ver_10-03-17.01) - NTFSx86
Run by keeghen at 18:03:54.24 on Sat 03/27/2010
Internet Explorer: 7.0.6000.16982 BrowserJavaVersion: 1.6.0_03
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.2038.848 [GMT -7:00]
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
============== Running Processes ===============
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe
C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\System32\p2phost.exe
C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntiSpy.exe
C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\explorer.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\keeghen\Downloads\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.comcast.net/
mStart Page = hxxp://www.comcast.net/
mWindow Title = Windows Internet Explorer provided by Comcast
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
uURLSearchHooks: P2P Energy Toolbar: {2bae58c2-79f9-45d1-a286-81f911301c3a} - c:\program files\p2p_energy\tbP2P0.dll
uURLSearchHooks: ToggleEN Toolbar: {038cb5c7-48ea-4af9-94e0-a1646542e62b} - c:\program files\toggleen\tbTog0.dll
uURLSearchHooks: H - No File
mURLSearchHooks: P2P Energy Toolbar: {2bae58c2-79f9-45d1-a286-81f911301c3a} - c:\program files\p2p_energy\tbP2P0.dll
mURLSearchHooks: ToggleEN Toolbar: {038cb5c7-48ea-4af9-94e0-a1646542e62b} - c:\program files\toggleen\tbTog0.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
BHO: ToggleEN Toolbar: {038cb5c7-48ea-4af9-94e0-a1646542e62b} - c:\program files\toggleen\tbTog0.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar.dll
BHO: P2P Energy Toolbar: {2bae58c2-79f9-45d1-a286-81f911301c3a} - c:\program files\p2p_energy\tbP2P0.dll
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_03\bin\ssv.dll
BHO: Comcast Toolbar: {79ceea4e-c231-4614-9e3b-53b2a02f39b7} - c:\program files\comcasttb\comcastdx.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.4723.1820\swg.dll
BHO: MSN Toolbar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\4.0.0379.0\npwinext.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll
TB: P2P Energy Toolbar: {2bae58c2-79f9-45d1-a286-81f911301c3a} - c:\program files\p2p_energy\tbP2P0.dll
TB: ToggleEN Toolbar: {038cb5c7-48ea-4af9-94e0-a1646542e62b} - c:\program files\toggleen\tbTog0.dll
TB: MSN Toolbar: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\4.0.0379.0\npwinext.dll
TB: Comcast Toolbar: {79ceea4e-c231-4614-9e3b-53b2a02f39b7} - c:\program files\comcasttb\comcastdx.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [CollaborationHost] c:\windows\system32\p2phost.exe -s
uRun: [Yahoo! Pager] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [cdloader] "c:\users\keeghen\appdata\roaming\mjusbsp\cdloader2.exe" MAGICJACK
uRun: [DW6] "c:\program files\the weather channel fw\desktop\DesktopWeather.exe"
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [ComcastAntispyClient] "c:\program files\comcasttb\comcastspywarescan\ComcastAntispy.exe" /hide
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [Apoint] c:\program files\apoint2k\Apoint.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"
mRun: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe
mRun: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_03\bin\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [MSN Toolbar] "c:\program files\msn toolbar\platform\4.0.0379.0\mswinext.exe"
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [ddoctorv2] "c:\program files\comcast\desktop doctor\bin\sprtcmd.exe" /P ddoctorv2
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
StartupFolder: c:\users\keeghen\appdata\roaming\micros~1\windows\startm~1\programs\startup\nikonm~1.lnk - c:\program files\common files\nikon\monitor\NkMonitor.exe
StartupFolder: c:\users\keeghen\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_03\bin\ssv.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
Notify: igfxcui - igfxdev.dll
================= FIREFOX ===================
FF - ProfilePath - c:\users\keeghen\appdata\roaming\mozilla\firefox\profiles\lla6vrs0.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1269415&SearchSource=3&q=
FF - prefs.js: browser.search.selectedEngine - P2P_Energy Customized Web Search
FF - component: c:\program files\microsoft\search enhancement pack\search helper\firefoxextension\searchhelperextension\components\SEPsearchhelperff.dll
FF - component: c:\users\keeghen\appdata\roaming\mozilla\extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@playsushi.com\components\PlaySushiFF.dll
FF - component: c:\users\keeghen\appdata\roaming\mozilla\firefox\profiles\lla6vrs0.default\extensions\{038cb5c7-48ea-4af9-94e0-a1646542e62b}\components\FFAlert.dll
FF - component: c:\users\keeghen\appdata\roaming\mozilla\firefox\profiles\lla6vrs0.default\extensions\{2bae58c2-79f9-45d1-a286-81f911301c3a}\components\FFAlert.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npzylomgamesplayer.dll
FF - plugin: c:\program files\msn toolbar\platform\4.0.0379.0\npwinext.dll
FF - plugin: c:\program files\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\programdata\zylom\zylomgamesplayer\npzylomgamesplayer.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
---- FIREFOX POLICIES ----
pref(dom.disable_open_during_load, false);
============= SERVICES / DRIVERS ===============
R2 AntiSpywareService;Comcast AntiSpyware;c:\program files\comcasttb\comcastspywarescan\ComcastAntiSpyService.exe [2009-6-17 616408]
R3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2008-11-17 3668480]
S2 gupdate1ca2bf0da1cdaf0;Google Update Service (gupdate1ca2bf0da1cdaf0);c:\program files\google\update\GoogleUpdate.exe [2009-9-2 133104]
S3 mr97310c;CIF Dual-Mode Camera;c:\windows\system32\drivers\mr97310c.sys [2008-3-27 116992]
S3 netr73;Linksys Compact Wireless-G USB Adapter Driver for Vista;c:\windows\system32\drivers\WUSB54GCx86.sys [2007-3-12 256000]
=============== Created Last 30 ================
2010-03-28 01:01:15 0 d-sh--w- C:\$RECYCLE.BIN
2010-03-28 00:34:14 98816 ----a-w- c:\windows\sed.exe
2010-03-28 00:34:14 77312 ----a-w- c:\windows\MBR.exe
2010-03-28 00:34:14 261632 ----a-w- c:\windows\PEV.exe
2010-03-28 00:34:14 161792 ----a-w- c:\windows\SWREG.exe
2010-03-20 00:51:48 0 d-----w- c:\program files\Trend Micro
2010-03-19 22:35:47 0 d-----w- c:\users\keeghen\appdata\roaming\Malwarebytes
2010-03-19 22:35:41 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-19 22:35:39 0 d-----w- c:\programdata\Malwarebytes
2010-03-19 22:35:38 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-19 22:35:38 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-12 11:01:07 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-03-12 11:00:56 396800 ----a-w- c:\windows\system32\drivers\http.sys
2010-03-12 11:00:56 31232 ----a-w- c:\windows\system32\httpapi.dll
==================== Find3M ====================
2010-03-19 22:16:06 51200 ----a-w- c:\windows\inf\infpub.dat
2010-03-19 22:16:06 143360 ----a-w- c:\windows\inf\infstrng.dat
2010-03-19 22:16:03 86016 ----a-w- c:\windows\inf\infstor.dat
2010-02-24 17:16:06 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-01-25 12:58:44 473088 ----a-w- c:\windows\system32\secproc_isv.dll
2010-01-25 12:58:44 154624 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-01-25 12:58:44 154112 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-01-25 12:58:29 472576 ----a-w- c:\windows\system32\secproc.dll
2010-01-25 12:56:33 312320 ----a-w- c:\windows\system32\msdrm.dll
2010-01-25 08:36:22 435712 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-01-25 08:36:19 515584 ----a-w- c:\windows\system32\RMActivate.exe
2010-01-25 08:36:05 431104 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-01-25 08:35:58 523776 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-01-23 08:05:07 2048 ----a-w- c:\windows\system32\tzres.dll
2009-12-28 12:36:21 11776 ----a-w- c:\windows\system32\tsbyuv.dll
2009-12-28 12:35:48 1327616 ----a-w- c:\windows\system32\quartz.dll
2009-12-28 12:34:31 22528 ----a-w- c:\windows\system32\msyuv.dll
2009-12-28 12:34:29 31232 ----a-w- c:\windows\system32\msvidc32.dll
2009-12-28 12:34:29 123904 ----a-w- c:\windows\system32\msvfw32.dll
2009-12-28 12:34:24 13312 ----a-w- c:\windows\system32\msrle32.dll
2009-12-28 12:33:24 82944 ----a-w- c:\windows\system32\mciavi32.dll
2009-12-28 12:32:52 50176 ----a-w- c:\windows\system32\iyuv_32.dll
2009-12-28 12:30:47 88576 ----a-w- c:\windows\system32\avifil32.dll
2009-12-28 12:30:47 65024 ----a-w- c:\windows\system32\avicap32.dll
2008-12-13 11:18:14 174 --sha-w- c:\program files\desktop.ini
2008-06-11 10:11:20 665600 ----a-w- c:\windows\inf\drvindex.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2007-08-18 10:10:46 397312 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.0.6000.16480_none_ef1b6bb652cf8744\WinMail.exe
============= FINISH: 18:04:31.43 ===============
-
Hi again,
Uninstall Ask Toolbar if not installed on purpose. Uninstall also P2P_Energy Toolbar.
Open notepad and copy/paste the text in the quotebox below into it:
Code:
Folder::
c:\users\keeghen\AppData\Local\niikyc
c:\users\keeghen\AppData\Roaming\LimeWireTurbo
c:\program files\LimeWire
c:\users\keeghen\AppData\Roaming\LimeWire
DDS::
uURLSearchHooks: H - No File
Save this as
CFScript
A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.
http://img.photobucket.com/albums/v6...FScriptB-4.gif
Close all browser windows and refering to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log.
Uninstall old Adobe Reader versions and get the latest one (9.3 + update 9.3.1) here or get Foxit Reader here. Make sure you don't install toolbar if choose Foxit Reader! You may also check free readers introduced here.
Check here to see if your Flash is up-to-date (do it separately with each of your browsers). If not, uninstall vulnerable versions by following instructions here. Fresh version can be obtained here.
Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update to the latest version...
Updating Java:
- Download the latest version of Java Runtime Environment (JRE) 6 Update 18.
- Click the
Download
button to the right. - Select Windows on platform combobox and check the box that says:
Accept License Agreement. Click continue.
- The page will refresh.
- Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
- Close any programs you may have running - especially your web browser.
- Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
- Check any item with Java Runtime Environment (JRE or J2SE) in the name.
- Click the Remove or Change/Remove button.
- Repeat as many times as necessary to remove each Java versions.
- Reboot your computer once all Java components are removed.
- Then from your desktop double-click on jre-6u18-windows-i586-p.exe to install the newest version. Uncheck Carbonite online backup trial if it's offered there.
Download ATF (Atribune Temp File) Cleaner© by Atribune to your desktop.
Double-click ATF Cleaner.exe to open it
Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Java Cache
*The other boxes are optional*
Then click the Empty Selected button.
If you use Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.
If you use Opera:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.
Click Exit on the Main menu to close the program.
Please run an online scan with Kaspersky Online Scanner as instructed in the screenshot here.
Post back its report, a fresh dds.txt log and above mentioned ComboFix resultant log.
-
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Sunday, March 28, 2010
Operating system: Microsoft Windows Vista Home Premium Edition, 32-bit (build 6000)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Sunday, March 28, 2010 17:36:17
Records in database: 3892468
--------------------------------------------------------------------------------
Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes
Scan area - My Computer:
C:\
D:\
E:\
Scan statistics:
Objects scanned: 160960
Threats found: 17
Infected objects found: 101
Suspicious objects found: 0
Scan duration: 04:11:03
File name / Threat / Threats count
C:\Users\keeghen\Documents\LimeWire\Incomplete\Preview-T-1395705-Racist Songs - Johnny Rebel - I Hate Niggers (The KKK Song).wma Infected: Trojan-Downloader.WMA.Wimad.v 1
C:\Users\keeghen\Documents\LimeWire\Incomplete\Preview-T-4304538-cray frog.wma Infected: Trojan-Downloader.WMA.Wimad.y 1
C:\Users\keeghen\Documents\LimeWire\Incomplete\Preview-T-4443088-feet pain.wma Infected: Trojan-Downloader.WMA.Wimad.y 1
C:\Users\keeghen\Documents\LimeWire\Incomplete\Preview-T-5190950-shove it santo gold.mp3 Infected: Trojan-Downloader.WMA.GetCodec.u 1
C:\Users\keeghen\Documents\LimeWire\Incomplete\Preview-T-5299854-shoreline broken social scene.mp3 Infected: Trojan-Downloader.WMA.GetCodec.af 1
C:\Users\keeghen\Documents\LimeWire\Incomplete\Preview-T-5846215-cray train.au Infected: Trojan-Downloader.WMA.GetCodec.s 1
C:\Users\keeghen\Documents\LimeWire\Incomplete\Preview-T-5854319-what ive done.au Infected: Trojan-Downloader.WMA.GetCodec.s 1
C:\Users\keeghen\Documents\LimeWire\Incomplete\Preview-T-5857600-feet pain.au Infected: Trojan-Downloader.WMA.GetCodec.s 1
C:\Users\keeghen\Documents\LimeWire\Incomplete\Preview-T-5874840-cray frog.au Infected: Trojan-Downloader.WMA.GetCodec.s 1
C:\Users\keeghen\Documents\LimeWire\Incomplete\T-1395705-Racist Songs - Johnny Rebel - I Hate Niggers (The KKK Song).wma Infected: Trojan-Downloader.WMA.Wimad.v 1
C:\Users\keeghen\Documents\LimeWire\Incomplete\T-2563347-blow whistle too short.mp3 Infected: Trojan-Downloader.WMA.Wimad.r 1
C:\Users\keeghen\Documents\LimeWire\Incomplete\T-2563347-last night strokes.mp3 Infected: Trojan-Downloader.WMA.Wimad.r 1
C:\Users\keeghen\Documents\LimeWire\Incomplete\T-2563347-re adduction though laber.mp3 Infected: Trojan-Downloader.WMA.Wimad.r 1
C:\Users\keeghen\Documents\LimeWire\Incomplete\T-2563347-somethings gotta give big boi.mp3 Infected: Trojan-Downloader.WMA.Wimad.r 1
C:\Users\keeghen\Documents\LimeWire\Incomplete\T-3209657-fat lip sum 41.mp3 Infected: Trojan-Downloader.WMA.GetCodec.aa 1
C:\Users\keeghen\Documents\LimeWire\Incomplete\T-3209657-freeze pepper.mp3 Infected: Trojan-Downloader.WMA.GetCodec.aa 1
C:\Users\keeghen\Documents\LimeWire\Incomplete\T-3303539-discovery channle bloodhopund.mp3 Infected: Trojan-Downloader.WMA.GetCodec.aa 1
C:\Users\keeghen\Documents\LimeWire\Incomplete\T-3424177-discovery channle bloodhound.mp3 Infected: Trojan-Downloader.WMA.GetCodec.aa 1
C:\Users\keeghen\Documents\LimeWire\Incomplete\T-3428740-kidz in the hall got it made 2009.mp3 Infected: Trojan-Downloader.WMA.GetCodec.aa 1
C:\Users\keeghen\Documents\LimeWire\Incomplete\T-3515163-gonna take it john butler trio.wma Infected: Trojan-Downloader.WMA.Wimad.n 1
C:\Users\keeghen\Documents\LimeWire\Incomplete\T-3515163-role call tenor saw - greatest hits.wma Infected: Trojan-Downloader.WMA.Wimad.n 1
C:\Users\keeghen\Documents\LimeWire\Incomplete\T-3515164-dumb medium troy.wma Infected: Trojan-Downloader.WMA.Wimad.n 1
C:\Users\keeghen\Documents\LimeWire\Incomplete\T-3515164-freshmen verve pipe.wma Infected: Trojan-Downloader.WMA.Wimad.n 1
C:\Users\keeghen\Documents\LimeWire\Incomplete\T-3515164-international players club ugk - greatest hits.wma Infected: Trojan-Downloader.WMA.Wimad.n 1
C:\Users\keeghen\Documents\LimeWire\Incomplete\T-3515164-mind playin tricks on me - greatest hits.wma Infected: Trojan-Downloader.WMA.Wimad.n 1
C:\Users\keeghen\Documents\LimeWire\Incomplete\T-3545427-gone going black eyed peas (256k 44800).mp3 Infected: Trojan-Downloader.WMA.GetCodec.u 1
C:\Users\keeghen\Documents\LimeWire\Incomplete\T-3545427-gonna take it john butler trio.mp3 Infected: Trojan-Downloader.WMA.GetCodec.ab 1
C:\Users\keeghen\Documents\LimeWire\Incomplete\T-3545427-house of broken nlove great.mp3 Infected: Trojan-Downloader.WMA.GetCodec.ab 1
C:\Users\keeghen\Documents\LimeWire\Incomplete\T-3555427-beat it micheal jackson [cd rip].mp3 Infected: Trojan-Downloader.WMA.GetCodec.u 1
C:\Users\keeghen\Documents\LimeWire\Incomplete\T-3555427-international players club ugk [dvd rip].mp3 Infected: Trojan-Downloader.WMA.GetCodec.u 1
C:\Users\keeghen\Documents\LimeWire\Incomplete\T-3615672-medium troy.mp3 Infected: Trojan-Downloader.WMA.GetCodec.c 1
C:\Users\keeghen\Documents\LimeWire\Incomplete\T-3870556-push acoustic matchbox twenty CD quality.mp3 Infected: Trojan-Downloader.WMA.GetCodec.f 1
C:\Users\keeghen\Documents\LimeWire\Incomplete\T-3877633-gonna take it john butler trio - greatest hits.mp3 Infected: Trojan-Downloader.WMA.GetCodec.n 1
C:\Users\keeghen\Documents\LimeWire\Incomplete\T-3877634-beautiful day medium troy - greatest hits.mp3 Infected: Trojan-Downloader.WMA.GetCodec.n 1
C:\Users\keeghen\Documents\LimeWire\Incomplete\T-3877634-freshmen verve pipe - greatest hits.mp3 Infected: Trojan-Downloader.WMA.GetCodec.n 1
C:\Users\keeghen\Documents\LimeWire\Incomplete\T-3877634-international players club ugk.mp3 Infected: Trojan-Downloader.WMA.GetCodec.n 1
C:\Users\keeghen\Documents\LimeWire\Incomplete\T-3877634-mind playin tricks on me.mp3 Infected: Trojan-Downloader.WMA.GetCodec.n 1
C:\Users\keeghen\Documents\LimeWire\Incomplete\T-3905427-gonna take it john butler trio (320k stereo).mp3 Infected: Trojan-Downloader.WMA.GetCodec.u 1
C:\Users\keeghen\Documents\LimeWire\Incomplete\T-4966553-trading places busy signal live.snd Infected: Trojan-Downloader.WMA.GetCodec.u 1
C:\Users\keeghen\Documents\LimeWire\Incomplete\T-5069516-no ones bettrer sake little new hot single.mp3 Infected: Trojan-Downloader.WMA.GetCodec.af 1
C:\Users\keeghen\Documents\LimeWire\Incomplete\T-5088466-gone going black eyed peas[256k quality].snd Infected: Trojan-Downloader.WMA.GetCodec.s 1
C:\Users\keeghen\Documents\LimeWire\Incomplete\T-5092646-shine collective soul.mp3 Infected: Trojan-Downloader.WMA.GetCodec.u 1
C:\Users\keeghen\Documents\LimeWire\Incomplete\T-5109030-trading places busy signal [extended concert version].mp3 Infected: Trojan-Downloader.WMA.GetCodec.u 1
C:\Users\keeghen\Documents\LimeWire\Incomplete\T-5188466-angel munica (44100 256k stereo).snd Infected: Trojan-Downloader.WMA.GetCodec.s 1
C:\Users\keeghen\Documents\LimeWire\Incomplete\T-5188466-beautiful day medium troy [very good quality].snd Infected: Trojan-Downloader.WMA.GetCodec.s 1
C:\Users\keeghen\Documents\LimeWire\Incomplete\T-5190950-shove it santo gold.mp3 Infected: Trojan-Downloader.WMA.GetCodec.u 1
C:\Users\keeghen\Documents\LimeWire\Incomplete\T-5299854-shoreline broken social scene.mp3 Infected: Trojan-Downloader.WMA.GetCodec.af 1
C:\Users\keeghen\Documents\LimeWire\Incomplete\T-5745425-role call tenor saw (unplugged version).mp3 Infected: Trojan-Downloader.WMA.GetCodec.r 1
C:\Users\keeghen\Documents\LimeWire\Incomplete\T-5745425-role call tenor saw.mp3 Infected: Trojan-Downloader.WMA.GetCodec.c 1
C:\Users\keeghen\Documents\LimeWire\Incomplete\T-5745425-young hollywood undead.mp3 Infected: Trojan-Downloader.WMA.GetCodec.c 1
C:\Users\keeghen\Documents\LimeWire\Incomplete\T-5846215-cray train.au Infected: Trojan-Downloader.WMA.GetCodec.s 1
C:\Users\keeghen\Documents\LimeWire\Incomplete\T-5854319-what ive done.au Infected: Trojan-Downloader.WMA.GetCodec.s 1
C:\Users\keeghen\Documents\LimeWire\Incomplete\T-5857600-feet pain.au Infected: Trojan-Downloader.WMA.GetCodec.s 1
C:\Users\keeghen\Documents\LimeWire\Incomplete\T-5872441-trading places busy signal extended version.mp3 Infected: Trojan-Downloader.WMA.GetCodec.u 1
C:\Users\keeghen\Documents\LimeWire\Incomplete\T-5874912-go your own way.au Infected: Trojan-Downloader.WMA.GetCodec.s 1
C:\Users\keeghen\Documents\LimeWire\Incomplete\T-5973609-day n night unedited kid cudi.au Infected: Trojan-Downloader.WMA.GetCodec.u 1
C:\Users\keeghen\Documents\LimeWire\Saved\angel manisa.mp3 Infected: Trojan-Downloader.WMA.Wimad.r 1
C:\Users\keeghen\Documents\LimeWire\Saved\ashes pepper.mp3 Infected: Trojan-Downloader.WMA.Wimad.r 1
C:\Users\keeghen\Documents\LimeWire\Saved\beat it michaeljackson.mp3 Infected: Trojan-Downloader.WMA.Wimad.r 1
C:\Users\keeghen\Documents\LimeWire\Saved\beautiful day medium troy.mp3 Infected: Trojan-Downloader.WMA.Wimad.r 1
C:\Users\keeghen\Documents\LimeWire\Saved\Benatar, Pat - Hit Me with Your Best Shot.mp3 Infected: Trojan-Downloader.WMA.GetCodec.c 1
C:\Users\keeghen\Documents\LimeWire\Saved\cray frog.au Infected: Trojan-Downloader.WMA.GetCodec.s 1
C:\Users\keeghen\Documents\LimeWire\Saved\cray frog.wma Infected: Trojan-Downloader.WMA.Wimad.y 1
C:\Users\keeghen\Documents\LimeWire\Saved\Def Leppard - Long, Long Way To Go.mp3 Infected: Trojan-Downloader.WMA.GetCodec.a 1
C:\Users\keeghen\Documents\LimeWire\Saved\eletric feel mgmt.mp3 Infected: Trojan-Downloader.WMA.GetCodec.r 1
C:\Users\keeghen\Documents\LimeWire\Saved\eye of tiger soriuor.mp3 Infected: Trojan-Downloader.WMA.GetCodec.aa 1
C:\Users\keeghen\Documents\LimeWire\Saved\eye of tiger sorviour.mp3 Infected: Trojan-Downloader.WMA.Wimad.r 1
C:\Users\keeghen\Documents\LimeWire\Saved\faraway wickelbacle.mp3 Infected: Trojan-Downloader.WMA.GetCodec.c 1
C:\Users\keeghen\Documents\LimeWire\Saved\feet pain.wma Infected: Trojan-Downloader.WMA.Wimad.y 1
C:\Users\keeghen\Documents\LimeWire\Saved\hope twista.wma Infected: Trojan-Downloader.WMA.GetCodec.x 1
C:\Users\keeghen\Documents\LimeWire\Saved\hot cold katieperry (cd rip).snd Infected: Trojan-Downloader.WMA.GetCodec.s 1
C:\Users\keeghen\Documents\LimeWire\Saved\hot cold katieperry(1).mp3 Infected: Trojan-Downloader.WMA.Wimad.r 1
C:\Users\keeghen\Documents\LimeWire\Saved\hot cold katieperry.mp3 Infected: Trojan-Downloader.WMA.Wimad.r 1
C:\Users\keeghen\Documents\LimeWire\Saved\kiss me tru phone.mpg Infected: Trojan-Downloader.WMA.GetCodec.ah 1
C:\Users\keeghen\Documents\LimeWire\Saved\kiss metru phone.wma Infected: Trojan-Downloader.WMA.Wimad.y 1
C:\Users\keeghen\Documents\LimeWire\Saved\let me be one def leppard.mp3 Infected: Trojan-Downloader.WMA.GetCodec.c 1
C:\Users\keeghen\Documents\LimeWire\Saved\livin on prayer bonjovi.wma Infected: Trojan-Downloader.WMA.Wimad.n 1
C:\Users\keeghen\Documents\LimeWire\Saved\martal kombat theme.mp3 Infected: Trojan-Downloader.WMA.GetCodec.w 1
C:\Users\keeghen\Documents\LimeWire\Saved\one drop bob marley - greatest hits.wma Infected: Trojan-Downloader.WMA.Wimad.n 1
C:\Users\keeghen\Documents\LimeWire\Saved\one drop bob marley.mp3 Infected: Trojan-Downloader.WMA.GetCodec.n 1
C:\Users\keeghen\Documents\LimeWire\Saved\Paul McCartney - Band On The Run - live (14-4-03).wma Infected: Trojan-Downloader.WMA.Wimad.y 1
C:\Users\keeghen\Documents\LimeWire\Saved\ramblin men.wma Infected: Trojan-Downloader.WMA.Wimad.y 1
C:\Users\keeghen\Documents\LimeWire\Saved\re adduction though laber.mp3 Infected: Trojan-Downloader.WMA.Wimad.r 1
C:\Users\keeghen\Documents\LimeWire\Saved\rockstar pink.mp3 Infected: Trojan-Downloader.WMA.GetCodec.c 1
C:\Users\keeghen\Documents\LimeWire\Saved\role call tenor saw.mp3 Infected: Trojan-Downloader.WMA.GetCodec.r 1
C:\Users\keeghen\Documents\LimeWire\Saved\roll call tenor saw - greatest hits.wma Infected: Trojan-Downloader.WMA.Wimad.n 1
C:\Users\keeghen\Documents\LimeWire\Saved\roll call tenor saw CD quality.mp3 Infected: Trojan-Downloader.WMA.GetCodec.f 1
C:\Users\keeghen\Documents\LimeWire\Saved\roll call tenor saw.mp3 Infected: Trojan-Downloader.WMA.GetCodec.r 1
C:\Users\keeghen\Documents\LimeWire\Saved\roll call tenor saw.wma Infected: Trojan-Downloader.WMA.Wimad.n 1
C:\Users\keeghen\Documents\LimeWire\Saved\say heym [new single].au Infected: Trojan-Downloader.WMA.GetCodec.u 1
C:\Users\keeghen\Documents\LimeWire\Saved\sorry buckchery.mp3 Infected: Trojan-Downloader.WMA.GetCodec.c 1
C:\Users\keeghen\Documents\LimeWire\Saved\three little birdies bobmarley.mp3 Infected: Trojan-Downloader.WMA.Wimad.r 1
C:\Users\keeghen\Documents\LimeWire\Saved\wake me up evanessance.mp3 Infected: Trojan-Downloader.WMA.GetCodec.c 1
C:\Users\keeghen\Documents\LimeWire\Saved\what ive done.au Infected: Trojan-Downloader.WMA.GetCodec.s 1
C:\Users\keeghen\Incomplete\T-4124974-kiss me throu tne phone.wma Infected: Trojan-Downloader.WMA.Wimad.y 1
C:\Users\keeghen\Incomplete\T-5358009-kiss me throtne phone.wma Infected: Trojan-Downloader.WMA.Wimad.y 1
C:\Users\keeghen\Shared\already gone kelly clackson.wma Infected: Trojan-Downloader.WMA.Wimad.y 1
C:\Users\keeghen\Shared\kiss me throu tne phone.wma Infected: Trojan-Downloader.WMA.Wimad.y 1
C:\Users\keeghen\Shared\kiss me through tne phone.wma Infected: Trojan-Downloader.WMA.Wimad.y 1
C:\Users\keeghen\Shared\numa numa.wma Infected: Trojan-Downloader.WMA.Wimad.y 1
C:\Users\keeghen\Shared\onetry.wma Infected: Trojan-Downloader.WMA.Wimad.y 1
Selected area has been scanned.
-
DDS (Ver_10-03-17.01) - NTFSx86
Run by keeghen at 17:10:03.70 on Sun 03/28/2010
Internet Explorer: 7.0.6000.16982
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.2038.1140 [GMT -7:00]
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
============== Running Processes ===============
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\Dwm.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe
C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\System32\p2phost.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntiSpy.exe
C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\notepad.exe
C:\Windows\explorer.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\keeghen\Downloads\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe
============== Pseudo HJT Report ===============
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2077543
mStart Page = hxxp://www.comcast.net/
mWindow Title = Windows Internet Explorer provided by Comcast
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
uURLSearchHooks: H - No File
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Comcast Toolbar: {79ceea4e-c231-4614-9e3b-53b2a02f39b7} - c:\program files\comcasttb\comcastdx.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.4723.1820\swg.dll
BHO: MSN Toolbar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\4.0.0379.0\npwinext.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
TB: MSN Toolbar: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\4.0.0379.0\npwinext.dll
TB: Comcast Toolbar: {79ceea4e-c231-4614-9e3b-53b2a02f39b7} - c:\program files\comcasttb\comcastdx.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [CollaborationHost] c:\windows\system32\p2phost.exe -s
uRun: [Yahoo! Pager] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [cdloader] "c:\users\keeghen\appdata\roaming\mjusbsp\cdloader2.exe" MAGICJACK
uRun: [DW6] "c:\program files\the weather channel fw\desktop\DesktopWeather.exe"
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [ComcastAntispyClient] "c:\program files\comcasttb\comcastspywarescan\ComcastAntispy.exe" /hide
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [Apoint] c:\program files\apoint2k\Apoint.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"
mRun: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe
mRun: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [MSN Toolbar] "c:\program files\msn toolbar\platform\4.0.0379.0\mswinext.exe"
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [ddoctorv2] "c:\program files\comcast\desktop doctor\bin\sprtcmd.exe" /P ddoctorv2
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
mRunOnce: [Uninstall Adobe Download Manager] "c:\windows\system32\rundll32.exe" "c:\program files\nos\bin\getPlus_Helper.dll",Uninstall /IE2883E8F-472F-4fb0-9522-AC9BF37916A7 /Get1noarp
StartupFolder: c:\users\keeghen\appdata\roaming\micros~1\windows\startm~1\programs\startup\nikonm~1.lnk - c:\program files\common files\nikon\monitor\NkMonitor.exe
StartupFolder: c:\users\keeghen\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
Notify: igfxcui - igfxdev.dll
================= FIREFOX ===================
FF - ProfilePath - c:\users\keeghen\appdata\roaming\mozilla\firefox\profiles\lla6vrs0.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1269415&SearchSource=3&q=
FF - prefs.js: keyword.URL - hxxp://ws.infospace.com/playsushi_tbard/ws/redir?_iceUrl=true& user_id=&tool_id=60231&qkw=
FF - component: c:\program files\microsoft\search enhancement pack\search helper\firefoxextension\searchhelperextension\components\SEPsearchhelperff.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npzylomgamesplayer.dll
FF - plugin: c:\program files\msn toolbar\platform\4.0.0379.0\npwinext.dll
FF - plugin: c:\program files\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\users\keeghen\appdata\roaming\mozilla\firefox\profiles\lla6vrs0.default\extensions\{e2883e8f-472f-4fb0-9522-ac9bf37916a7}\plugins\np_gp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
---- FIREFOX POLICIES ----
pref(dom.disable_open_during_load, false);
============= SERVICES / DRIVERS ===============
R2 AntiSpywareService;Comcast AntiSpyware;c:\program files\comcasttb\comcastspywarescan\ComcastAntiSpyService.exe [2009-6-17 616408]
R3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2008-11-17 3668480]
S2 gupdate1ca2bf0da1cdaf0;Google Update Service (gupdate1ca2bf0da1cdaf0);c:\program files\google\update\GoogleUpdate.exe [2009-9-2 133104]
S3 mr97310c;CIF Dual-Mode Camera;c:\windows\system32\drivers\mr97310c.sys [2008-3-27 116992]
S3 netr73;Linksys Compact Wireless-G USB Adapter Driver for Vista;c:\windows\system32\drivers\WUSB54GCx86.sys [2007-3-12 256000]
=============== Created Last 30 ================
2010-03-28 19:11:46 0 d-----w- c:\programdata\Sun
2010-03-28 19:10:46 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-03-28 18:52:41 0 d-----w- c:\programdata\NOS
2010-03-28 18:48:11 0 d-sh--w- C:\$RECYCLE.BIN
2010-03-28 00:34:14 98816 ----a-w- c:\windows\sed.exe
2010-03-28 00:34:14 77312 ----a-w- c:\windows\MBR.exe
2010-03-28 00:34:14 261632 ----a-w- c:\windows\PEV.exe
2010-03-28 00:34:14 161792 ----a-w- c:\windows\SWREG.exe
2010-03-20 00:51:48 0 d-----w- c:\program files\Trend Micro
2010-03-19 22:35:47 0 d-----w- c:\users\keeghen\appdata\roaming\Malwarebytes
2010-03-19 22:35:41 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-19 22:35:39 0 d-----w- c:\programdata\Malwarebytes
2010-03-19 22:35:38 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-19 22:35:38 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-12 11:01:07 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-03-12 11:00:56 396800 ----a-w- c:\windows\system32\drivers\http.sys
2010-03-12 11:00:56 31232 ----a-w- c:\windows\system32\httpapi.dll
==================== Find3M ====================
2010-03-19 22:16:06 51200 ----a-w- c:\windows\inf\infpub.dat
2010-03-19 22:16:06 143360 ----a-w- c:\windows\inf\infstrng.dat
2010-03-19 22:16:03 86016 ----a-w- c:\windows\inf\infstor.dat
2010-02-24 17:16:06 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-01-25 12:58:44 473088 ----a-w- c:\windows\system32\secproc_isv.dll
2010-01-25 12:58:44 154624 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-01-25 12:58:44 154112 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-01-25 12:58:29 472576 ----a-w- c:\windows\system32\secproc.dll
2010-01-25 12:56:33 312320 ----a-w- c:\windows\system32\msdrm.dll
2010-01-25 08:36:22 435712 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-01-25 08:36:19 515584 ----a-w- c:\windows\system32\RMActivate.exe
2010-01-25 08:36:05 431104 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-01-25 08:35:58 523776 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-01-23 08:05:07 2048 ----a-w- c:\windows\system32\tzres.dll
2008-12-13 11:18:14 174 --sha-w- c:\program files\desktop.ini
2008-06-11 10:11:20 665600 ----a-w- c:\windows\inf\drvindex.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2007-08-18 10:10:46 397312 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.0.6000.16480_none_ef1b6bb652cf8744\WinMail.exe
============= FINISH: 17:11:22.77 ===============
-
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_10-03-17.01)
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 7/21/2007 11:51:32 AM
System Uptime: 3/28/2010 10:50:26 AM (7 hours ago)
Motherboard: Wistron | | 30CD
Processor: Intel(R) Core(TM)2 Duo CPU T5250 @ 1.50GHz | U2E1 | 1000/667mhz
==== Disk Partitions =========================
C: is FIXED (NTFS) - 141 GiB total, 78.084 GiB free.
D: is FIXED (NTFS) - 8 GiB total, 1.953 GiB free.
E: is CDROM ()
==== Disabled Device Manager Items =============
==== System Restore Points ===================
RP567: 2/22/2010 2:11:49 PM - Windows Update
RP569: 2/22/2010 2:20:13 PM - Windows Defender Checkpoint
RP570: 2/24/2010 3:00:22 AM - Windows Update
RP571: 2/25/2010 9:03:57 AM - Windows Update
RP572: 3/1/2010 5:29:41 PM - Windows Update
RP573: 3/4/2010 9:09:22 PM - Windows Update
RP575: 3/4/2010 9:45:53 PM - Windows Defender Checkpoint
RP576: 3/8/2010 8:04:07 PM - Windows Update
RP577: 3/11/2010 3:01:46 PM - Windows Update
RP578: 3/12/2010 3:00:19 AM - Windows Update
RP579: 3/16/2010 9:16:06 PM - Windows Update
RP580: 3/19/2010 2:51:36 PM - Windows Update
RP581: 3/19/2010 3:07:15 PM - Windows Update
RP583: 3/19/2010 3:27:01 PM - Windows Defender Checkpoint
RP584: 3/22/2010 6:28:21 PM - Windows Update
RP585: 3/25/2010 8:57:58 PM - Windows Update
RP587: 3/28/2010 10:59:36 AM - Removed RollerCoaster Tycoon 3 Platinum
RP589: 3/28/2010 11:09:08 AM - Removed Bob the Builder
RP591: 3/28/2010 11:10:25 AM - Removed Crazy Machines
RP592: 3/28/2010 11:19:05 AM - Removed Safari
RP593: 3/28/2010 11:49:03 AM - Removed Adobe Reader 8.1.3
RP594: 3/28/2010 11:57:47 AM - Installed Adobe Reader 9.3.
RP595: 3/28/2010 12:02:56 PM - Removed Java(TM) 6 Update 3
RP596: 3/28/2010 12:04:09 PM - Removed Java(TM) SE Runtime Environment 6
RP597: 3/28/2010 12:09:43 PM - Installed Java(TM) 6 Update 18
==== Installed Programs ======================
Acrobat.com
Activation Assistant for the 2007 Microsoft Office suites
ActiveCheck component for HP Active Support Library
Adobe AIR
Adobe Download Manager
Adobe Flash Player 10 Plugin
Adobe Reader 9.3
Adobe Shockwave Player 11.5
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcSoft Panorama Maker 4
ArcSoft PhotoImpression 4
Bonjour
CA Pest Patrol Realtime Protection
Camera Driver
CardRecovery 5.30
Comcast High-Speed Internet Install Wizard
Comcast Toolbar 3.0
Conexant HD Audio
Desktop Doctor
DivX Plus Web Player
ESU for Microsoft Vista
File Recover 7.5
GameHouse
Google Toolbar for Internet Explorer
Google Update Helper
HDAUDIO Soft Data Fax Modem with SmartCP
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Active Support Library
HP Active Support Library 32 bit components
HP Customer Experience Enhancements
HP Doc Viewer
HP Easy Setup - Frontend
HP Help and Support
HP Photosmart Essential 2.0
HP Photosmart Essential2.5
HP Quick Launch Buttons 6.20 B1
HP QuickPlay 3.2
HP Update
HP User Guides 0060
HP Wireless Assistant
HPAsset component for HP Active Support Library
HPNetworkAssistant
Intel Matrix Storage Manager
Intel(R) Graphics Media Accelerator Driver
iPod for Windows 2006-01-10
iTunes
Java Auto Updater
Java(TM) 6 Update 18
LightScribe 1.4.136.1
Malwarebytes' Anti-Malware
Marvell Miniport Driver
Microsoft .NET Framework 3.5 SP1
Microsoft Default Manager
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Small Business 2007
Microsoft Office Word MUI (English) 2007
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
MSCU for Microsoft Vista
MSN Toolbar
MSN Toolbar Platform
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
muvee autoProducer 6.0
NetWaiting
Nikon Message Center
Nikon Transfer
oggcodecs 0.71.0946
Phonics 4 Kids
PSSWCORE
QuickTime
Rhapsody
Rhapsody Player Engine
Roblox for keeghen
Roxio Activation Module
Roxio Creator Audio
Roxio Creator Basic v9
Roxio Creator Copy
Roxio Creator Data
Roxio Creator EasyArchive
Roxio Creator Tools
Roxio Express Labeler 3
Roxio MyDVD Basic v9
Scrapbook Factory 3.0
Scrapbooks Plus
Spelling Dictionaries Support For Adobe Reader 8
Stunt Track Driver
The Weather Channel Desktop 6
Touch Pad Driver
Unity Web Player
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
VC80CRTRedist - 8.0.50727.4053
Windows Live ID Sign-in Assistant
Yahoo! Browser Services
Yahoo! Install Manager
Yahoo! Internet Mail
Yahoo! Messenger
Yahoo! Music Jukebox
Yahoo! Toolbar
==== Event Viewer Messages From Past Week ========
3/27/2010 5:36:05 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
3/27/2010 5:35:35 PM, Error: Service Control Manager [7034] - The XAudioService service terminated unexpectedly. It has done this 1 time(s).
3/26/2010 6:47:09 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service BITS with arguments "" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}
3/26/2010 6:47:04 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service SeaPort with arguments "-Service" in order to run the server: {D6381B4A-D254-46EB-9018-A62E0F4BA6BA}
3/26/2010 12:55:41 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
3/26/2010 12:33:23 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
3/26/2010 12:33:01 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: spldr Wanarpv6
3/26/2010 12:33:01 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
3/26/2010 12:32:01 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
3/26/2010 12:31:58 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
3/26/2010 12:31:48 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
3/26/2010 12:31:37 PM, Error: EventLog [6008] - The previous system shutdown at 12:21:41 PM on 3/26/2010 was unexpected.
3/26/2010 12:14:14 PM, Error: Service Control Manager [7001] - The CyberLink Task Scheduler (CTS) service depends on the CyberLink Background Capture Service (CBCS) service which failed to start because of the following error: After starting, the service hung in a start-pending state.
3/26/2010 12:14:13 PM, Error: Service Control Manager [7022] - The CyberLink Background Capture Service (CBCS) service hung on starting.
3/26/2010 12:11:38 PM, Error: EventLog [6008] - The previous system shutdown at 12:10:12 PM on 3/26/2010 was unexpected.
3/25/2010 8:51:42 PM, Error: EventLog [6008] - The previous system shutdown at 8:39:16 PM on 3/25/2010 was unexpected.
3/22/2010 6:23:31 PM, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
3/21/2010 5:45:43 AM, Error: ACPI [10] - ACPI: ACPI BIOS is attempting to write to an illegal PCI Operation Region (0x5), Please contact your system vendor for technical assistance.
==== End Of File ===========================
-
ComboFix 10-03-27.02 - keeghen 03/28/2010 11:27:54.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.2038.939 [GMT -7:00]
Running from: c:\users\keeghen\Desktop\ComboFix.exe
Command switches used :: c:\users\keeghen\Desktop\CFScript.txt
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\LimeWire
c:\users\keeghen\AppData\Local\niikyc
c:\users\keeghen\AppData\Roaming\LimeWire
c:\users\keeghen\AppData\Roaming\LimeWire\414splashfree.png
c:\users\keeghen\AppData\Roaming\LimeWire\active.mojito
c:\users\keeghen\AppData\Roaming\LimeWire\certificate\limewire.keystore
c:\users\keeghen\AppData\Roaming\LimeWire\createtimes.cache
c:\users\keeghen\AppData\Roaming\LimeWire\downloads.dat
c:\users\keeghen\AppData\Roaming\LimeWire\fileurns.bak
c:\users\keeghen\AppData\Roaming\LimeWire\fileurns.cache
c:\users\keeghen\AppData\Roaming\LimeWire\filters.props
c:\users\keeghen\AppData\Roaming\LimeWire\gnutella.net
c:\users\keeghen\AppData\Roaming\LimeWire\installation.props
c:\users\keeghen\AppData\Roaming\LimeWire\library.dat
c:\users\keeghen\AppData\Roaming\LimeWire\limewire.props
c:\users\keeghen\AppData\Roaming\LimeWire\mojito.props
c:\users\keeghen\AppData\Roaming\LimeWire\passive.mojito
c:\users\keeghen\AppData\Roaming\LimeWire\promotion\promodb.backup
c:\users\keeghen\AppData\Roaming\LimeWire\promotion\promodb.data
c:\users\keeghen\AppData\Roaming\LimeWire\promotion\promodb.lck
c:\users\keeghen\AppData\Roaming\LimeWire\promotion\promodb.log
c:\users\keeghen\AppData\Roaming\LimeWire\promotion\promodb.properties
c:\users\keeghen\AppData\Roaming\LimeWire\promotion\promodb.script
c:\users\keeghen\AppData\Roaming\LimeWire\questions.props
c:\users\keeghen\AppData\Roaming\LimeWire\responses.cache
c:\users\keeghen\AppData\Roaming\LimeWire\simpp.xml
c:\users\keeghen\AppData\Roaming\LimeWire\spam.dat
c:\users\keeghen\AppData\Roaming\LimeWire\tables.props
c:\users\keeghen\AppData\Roaming\LimeWire\themes\windows_theme.lwtp
c:\users\keeghen\AppData\Roaming\LimeWire\themes\windows_theme\01_star.gif
c:\users\keeghen\AppData\Roaming\LimeWire\themes\windows_theme\02_star.gif
c:\users\keeghen\AppData\Roaming\LimeWire\themes\windows_theme\03_star.gif
c:\users\keeghen\AppData\Roaming\LimeWire\themes\windows_theme\04_star.gif
c:\users\keeghen\AppData\Roaming\LimeWire\themes\windows_theme\05_star.gif
c:\users\keeghen\AppData\Roaming\LimeWire\themes\windows_theme\chat.gif
c:\users\keeghen\AppData\Roaming\LimeWire\themes\windows_theme\forward_dn.gif
c:\users\keeghen\AppData\Roaming\LimeWire\themes\windows_theme\forward_up.gif
c:\users\keeghen\AppData\Roaming\LimeWire\themes\windows_theme\kill.gif
c:\users\keeghen\AppData\Roaming\LimeWire\themes\windows_theme\kill_on.gif
c:\users\keeghen\AppData\Roaming\LimeWire\themes\windows_theme\logo.png
c:\users\keeghen\AppData\Roaming\LimeWire\themes\windows_theme\notsearching.png
c:\users\keeghen\AppData\Roaming\LimeWire\themes\windows_theme\pause_dn.gif
c:\users\keeghen\AppData\Roaming\LimeWire\themes\windows_theme\pause_up.gif
c:\users\keeghen\AppData\Roaming\LimeWire\themes\windows_theme\play_dn.gif
c:\users\keeghen\AppData\Roaming\LimeWire\themes\windows_theme\play_up.gif
c:\users\keeghen\AppData\Roaming\LimeWire\themes\windows_theme\question.gif
c:\users\keeghen\AppData\Roaming\LimeWire\themes\windows_theme\rewind_dn.gif
c:\users\keeghen\AppData\Roaming\LimeWire\themes\windows_theme\rewind_up.gif
c:\users\keeghen\AppData\Roaming\LimeWire\themes\windows_theme\searching.gif
c:\users\keeghen\AppData\Roaming\LimeWire\themes\windows_theme\splash.png
c:\users\keeghen\AppData\Roaming\LimeWire\themes\windows_theme\splashpro.png
c:\users\keeghen\AppData\Roaming\LimeWire\themes\windows_theme\stop_dn.gif
c:\users\keeghen\AppData\Roaming\LimeWire\themes\windows_theme\stop_up.gif
c:\users\keeghen\AppData\Roaming\LimeWire\themes\windows_theme\theme.txt
c:\users\keeghen\AppData\Roaming\LimeWire\themes\windows_theme\version.txt
c:\users\keeghen\AppData\Roaming\LimeWire\themes\windows_theme\warning.gif
c:\users\keeghen\AppData\Roaming\LimeWire\version.xml
c:\users\keeghen\AppData\Roaming\LimeWire\versions.props
c:\users\keeghen\AppData\Roaming\LimeWire\xml\data\audio.sxml2
c:\users\keeghen\AppData\Roaming\LimeWire\xml\data\delete_me
c:\users\keeghen\AppData\Roaming\LimeWire\xml\data\video.sxml2
c:\users\keeghen\AppData\Roaming\LimeWire\xml\misc\application.gif
c:\users\keeghen\AppData\Roaming\LimeWire\xml\misc\audio.gif
c:\users\keeghen\AppData\Roaming\LimeWire\xml\misc\document.gif
c:\users\keeghen\AppData\Roaming\LimeWire\xml\misc\image.gif
c:\users\keeghen\AppData\Roaming\LimeWire\xml\misc\video.gif
c:\users\keeghen\AppData\Roaming\LimeWire\xml\schemas\application.xsd
c:\users\keeghen\AppData\Roaming\LimeWire\xml\schemas\audio.xsd
c:\users\keeghen\AppData\Roaming\LimeWire\xml\schemas\document.xsd
c:\users\keeghen\AppData\Roaming\LimeWire\xml\schemas\image.xsd
c:\users\keeghen\AppData\Roaming\LimeWire\xml\schemas\video.xsd
c:\users\keeghen\AppData\Roaming\LimeWireTurbo
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\createtimes.cache
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\fileurns.bak
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\fileurns.cache
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\filters.props
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\gnutella.net
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\installation.props
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\library.dat
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\LimeWireTurbo.props
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\questions.props
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\spam.dat
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\splash.png
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\tables.props
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\amber_theme.lwtp
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\amber_theme\01_star.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\amber_theme\02_star.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\amber_theme\03_star.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\amber_theme\04_star.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\amber_theme\05_star.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\amber_theme\chat.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\amber_theme\dir_closed.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\amber_theme\dir_open.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\amber_theme\forward_dn.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\amber_theme\forward_up.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\amber_theme\kill.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\amber_theme\kill_on.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\amber_theme\lime.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\amber_theme\pause_dn.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\amber_theme\pause_up.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\amber_theme\play_dn.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\amber_theme\play_up.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\amber_theme\question.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\amber_theme\rewind_dn.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\amber_theme\rewind_up.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\amber_theme\splash.png
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\amber_theme\stop_dn.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\amber_theme\stop_up.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\amber_theme\theme.txt
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\amber_theme\warning.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\black_theme.lwtp
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\black_theme\01_star.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\black_theme\02_star.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\black_theme\03_star.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\black_theme\04_star.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\black_theme\05_star.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\black_theme\chat.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\black_theme\dir_closed.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\black_theme\dir_open.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\black_theme\forward_dn.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\black_theme\forward_up.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\black_theme\kill.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\black_theme\kill_on.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\black_theme\lime.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\black_theme\pause_dn.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\black_theme\pause_up.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\black_theme\play_dn.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\black_theme\play_up.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\black_theme\question.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\black_theme\rewind_dn.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\black_theme\rewind_up.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\black_theme\splash.png
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\black_theme\stop_dn.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\black_theme\stop_up.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\black_theme\theme.txt
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\black_theme\warning.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\brown_and_pink_theme.lwtp
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\brown_and_pink_theme\01_star.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\brown_and_pink_theme\02_star.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\brown_and_pink_theme\03_star.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\brown_and_pink_theme\04_star.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\brown_and_pink_theme\05_star.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\brown_and_pink_theme\chat.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\brown_and_pink_theme\dir_closed.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\brown_and_pink_theme\dir_open.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\brown_and_pink_theme\forward_dn.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\brown_and_pink_theme\forward_up.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\brown_and_pink_theme\kill.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\brown_and_pink_theme\kill_on.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\brown_and_pink_theme\lime.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\brown_and_pink_theme\pause_dn.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\brown_and_pink_theme\pause_up.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\brown_and_pink_theme\play_dn.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\brown_and_pink_theme\play_up.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\brown_and_pink_theme\question.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\brown_and_pink_theme\rewind_dn.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\brown_and_pink_theme\rewind_up.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\brown_and_pink_theme\splash.png
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\brown_and_pink_theme\stop_dn.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\brown_and_pink_theme\stop_up.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\brown_and_pink_theme\theme.txt
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\brown_and_pink_theme\warning.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\brown_theme.lwtp
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\brown_theme\01_star.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\brown_theme\02_star.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\brown_theme\03_star.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\brown_theme\04_star.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\brown_theme\05_star.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\brown_theme\chat.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\brown_theme\dir_closed.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\brown_theme\dir_open.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\brown_theme\forward_dn.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\brown_theme\forward_up.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\brown_theme\kill.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\brown_theme\kill_on.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\brown_theme\lime.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\brown_theme\pause_dn.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\brown_theme\pause_up.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\brown_theme\play_dn.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\brown_theme\play_up.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\brown_theme\question.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\brown_theme\rewind_dn.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\brown_theme\rewind_up.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\brown_theme\splash.png
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\brown_theme\stop_dn.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\brown_theme\stop_up.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\brown_theme\theme.txt
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\brown_theme\warning.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\brushed_metal_theme_osx.lwtp
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\brushed_metal_theme_osx\01_star.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\brushed_metal_theme_osx\02_star.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\brushed_metal_theme_osx\03_star.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\brushed_metal_theme_osx\04_star.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\brushed_metal_theme_osx\05_star.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\brushed_metal_theme_osx\chat.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\brushed_metal_theme_osx\forward_dn.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\brushed_metal_theme_osx\forward_up.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\brushed_metal_theme_osx\kill.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\brushed_metal_theme_osx\kill_on.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\brushed_metal_theme_osx\lime.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\brushed_metal_theme_osx\pause_dn.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\brushed_metal_theme_osx\pause_up.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\brushed_metal_theme_osx\play_dn.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\brushed_metal_theme_osx\play_up.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\brushed_metal_theme_osx\question.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\brushed_metal_theme_osx\rewind_dn.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\brushed_metal_theme_osx\rewind_up.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\brushed_metal_theme_osx\splash.png
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\brushed_metal_theme_osx\stop_dn.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\brushed_metal_theme_osx\stop_up.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\brushed_metal_theme_osx\theme.txt
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\brushed_metal_theme_osx\warning.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\CarbonClassic_theme.lwtp
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\CarbonClassic_theme\01_star.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\CarbonClassic_theme\02_star.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\CarbonClassic_theme\03_star.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\CarbonClassic_theme\04_star.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\CarbonClassic_theme\05_star.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\CarbonClassic_theme\author.txt
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\CarbonClassic_theme\chat.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\CarbonClassic_theme\dir_closed.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\CarbonClassic_theme\dir_open.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\CarbonClassic_theme\forward_dn.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\CarbonClassic_theme\forward_up.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\CarbonClassic_theme\kill.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\CarbonClassic_theme\kill_on.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\CarbonClassic_theme\lime.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\CarbonClassic_theme\pause_dn.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\CarbonClassic_theme\pause_up.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\CarbonClassic_theme\play_dn.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\CarbonClassic_theme\play_up.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\CarbonClassic_theme\question.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\CarbonClassic_theme\rewind_dn.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\CarbonClassic_theme\rewind_up.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\CarbonClassic_theme\search.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\CarbonClassic_theme\splash.png
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\CarbonClassic_theme\stop_dn.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\CarbonClassic_theme\stop_up.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\CarbonClassic_theme\theme.txt
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\CarbonClassic_theme\warning.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\classic_theme.lwtp
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\classic_theme\01_star.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\classic_theme\02_star.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\classic_theme\03_star.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\classic_theme\04_star.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\classic_theme\05_star.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\classic_theme\chat.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\classic_theme\dir_closed.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\classic_theme\dir_open.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\classic_theme\forward_dn.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\classic_theme\forward_up.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\classic_theme\kill.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\classic_theme\lime.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\classic_theme\pause_dn.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\classic_theme\pause_up.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\classic_theme\play_dn.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\classic_theme\play_up.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\classic_theme\question.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\classic_theme\rewind_dn.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\classic_theme\rewind_up.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\classic_theme\search.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\classic_theme\splash.png
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\classic_theme\stop_dn.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\classic_theme\stop_up.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\classic_theme\theme.txt
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\classic_theme\warning.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\green_theme.lwtp
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\green_theme\01_star.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\green_theme\02_star.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\green_theme\03_star.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\green_theme\04_star.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\green_theme\05_star.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\green_theme\chat.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\green_theme\connections.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\green_theme\dir_closed.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\green_theme\dir_open.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\green_theme\forward_dn.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\green_theme\forward_up.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\green_theme\kill.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\green_theme\lime.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\green_theme\pause_dn.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\green_theme\pause_up.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\green_theme\play_dn.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\green_theme\play_up.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\green_theme\question.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\green_theme\rewind_dn.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\green_theme\rewind_up.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\green_theme\search.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\green_theme\splash.png
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\green_theme\stop_dn.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\green_theme\stop_up.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\green_theme\theme.txt
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\green_theme\warning.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\GTK_theme.lwtp
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\GTK_theme\01_star.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\GTK_theme\02_star.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\GTK_theme\03_star.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\GTK_theme\04_star.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\GTK_theme\05_star.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\GTK_theme\chat.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\GTK_theme\forward_dn.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\GTK_theme\forward_up.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\GTK_theme\kill.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\GTK_theme\kill_on.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\GTK_theme\lime.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\GTK_theme\pause_dn.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\GTK_theme\pause_up.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\GTK_theme\play_dn.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\GTK_theme\play_up.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\GTK_theme\question.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\GTK_theme\rewind_dn.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\GTK_theme\rewind_up.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\GTK_theme\splash.png
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\GTK_theme\stop_dn.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\GTK_theme\stop_up.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\GTK_theme\theme.txt
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\GTK_theme\warning.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\halloween_theme.lwtp
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\halloween_theme\01_star.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\halloween_theme\02_star.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\halloween_theme\03_star.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\halloween_theme\04_star.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\halloween_theme\05_star.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\halloween_theme\button1.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\halloween_theme\button1_press.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\halloween_theme\button2.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\halloween_theme\button2_press.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\halloween_theme\button3.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\halloween_theme\button3_press.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\halloween_theme\button4.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\halloween_theme\button4_press.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\halloween_theme\button5.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\halloween_theme\button5_press.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\halloween_theme\chat.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\halloween_theme\connections.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\halloween_theme\dir_closed.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\halloween_theme\dir_open.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\halloween_theme\forward_dn-lw.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\halloween_theme\forward_dn.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\halloween_theme\forward_up-lw.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\halloween_theme\forward_up.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\halloween_theme\kill.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\halloween_theme\kill_on.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\halloween_theme\library.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\halloween_theme\lime.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\halloween_theme\monitor.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\halloween_theme\pause_dn-lw.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\halloween_theme\pause_dn.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\halloween_theme\pause_up-lw.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\halloween_theme\pause_up.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\halloween_theme\play_dn-lw.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\halloween_theme\play_dn.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\halloween_theme\play_up-lw.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\halloween_theme\play_up.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\halloween_theme\plug.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\halloween_theme\question.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\halloween_theme\rewind_dn.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\halloween_theme\rewind_up.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\halloween_theme\search.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\halloween_theme\splash.png
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\halloween_theme\stop_dn.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\halloween_theme\stop_up.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\halloween_theme\theme.txt
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\halloween_theme\warning.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\holiday_theme.lwtp
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\holiday_theme\01_star.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\holiday_theme\02_star.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\holiday_theme\03_star.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\holiday_theme\04_star.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\holiday_theme\05_star.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\holiday_theme\chat.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\holiday_theme\dir_closed.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\holiday_theme\dir_open.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\holiday_theme\forward_dn.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\holiday_theme\forward_up.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\holiday_theme\kill.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\holiday_theme\kill_on.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\holiday_theme\lime.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\holiday_theme\pause_dn.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\holiday_theme\pause_up.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\holiday_theme\play_dn.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\holiday_theme\play_up.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\holiday_theme\question.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\holiday_theme\rewind_dn.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\holiday_theme\rewind_up.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\holiday_theme\splash.png
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\holiday_theme\stop_dn.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\holiday_theme\stop_up.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\holiday_theme\theme.txt
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\holiday_theme\warning.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\ocean_theme.lwtp
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\ocean_theme\01_star.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\ocean_theme\02_star.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\ocean_theme\03_star.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\ocean_theme\04_star.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\ocean_theme\05_star.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\ocean_theme\chat.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\ocean_theme\dir_closed.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\ocean_theme\dir_open.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\ocean_theme\forward_dn.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\ocean_theme\forward_up.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\ocean_theme\kill.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\ocean_theme\kill_on.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\ocean_theme\lime.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\ocean_theme\pause_dn.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\ocean_theme\pause_up.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\ocean_theme\play_dn.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\ocean_theme\play_up.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\ocean_theme\question.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\ocean_theme\rewind_dn.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\ocean_theme\rewind_up.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\ocean_theme\splash.png
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\ocean_theme\stop_dn.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\ocean_theme\stop_up.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\ocean_theme\theme.txt
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\ocean_theme\warning.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\other_theme.lwtp
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\other_theme\01_star.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\other_theme\02_star.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\other_theme\03_star.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\other_theme\04_star.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\other_theme\05_star.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\other_theme\chat.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\other_theme\forward_dn.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\other_theme\forward_up.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\other_theme\kill.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\other_theme\kill_on.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\other_theme\lime.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\other_theme\pause_dn.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\other_theme\pause_up.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\other_theme\play_dn.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\other_theme\play_up.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\other_theme\question.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\other_theme\rewind_dn.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\other_theme\rewind_up.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\other_theme\splash.png
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\other_theme\stop_dn.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\other_theme\stop_up.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\other_theme\theme.txt
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\other_theme\warning.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\party_theme.lwtp
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\party_theme\01_star.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\party_theme\02_star.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\party_theme\03_star.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\party_theme\04_star.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\party_theme\05_star.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\party_theme\chat.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\party_theme\dir_closed.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\party_theme\dir_open.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\party_theme\forward_dn.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\party_theme\forward_up.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\party_theme\kill.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\party_theme\kill_on.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\party_theme\lime.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\party_theme\pause_dn.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\party_theme\pause_up.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\party_theme\play_dn.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\party_theme\play_up.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\party_theme\question.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\party_theme\rewind_dn.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\party_theme\rewind_up.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\party_theme\splash.png
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\party_theme\stop_dn.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\party_theme\stop_up.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\party_theme\theme.txt
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\party_theme\warning.gif
-
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\patriotic_theme.lwtp
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\patriotic_theme\01_star.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\patriotic_theme\02_star.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\patriotic_theme\03_star.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\patriotic_theme\04_star.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\patriotic_theme\05_star.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\patriotic_theme\chat.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\patriotic_theme\dir_closed.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\patriotic_theme\dir_open.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\patriotic_theme\forward_dn.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\patriotic_theme\forward_up.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\patriotic_theme\kill.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\patriotic_theme\kill_on.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\patriotic_theme\lime.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\patriotic_theme\pause_dn.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\patriotic_theme\pause_up.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\patriotic_theme\play_dn.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\patriotic_theme\play_up.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\patriotic_theme\question.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\patriotic_theme\rewind_dn.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\patriotic_theme\rewind_up.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\patriotic_theme\splash.png
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\patriotic_theme\stop_dn.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\patriotic_theme\stop_up.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\patriotic_theme\theme.txt
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\patriotic_theme\warning.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\pink_and_black_theme.lwtp
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\pink_and_black_theme\01_star.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\pink_and_black_theme\02_star.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\pink_and_black_theme\03_star.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\pink_and_black_theme\04_star.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\pink_and_black_theme\05_star.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\pink_and_black_theme\author.txt
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\pink_and_black_theme\chat.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\pink_and_black_theme\dir_closed.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\pink_and_black_theme\dir_open.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\pink_and_black_theme\forward_dn.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\pink_and_black_theme\forward_up.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\pink_and_black_theme\kill.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\pink_and_black_theme\kill_on.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\pink_and_black_theme\lime.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\pink_and_black_theme\pause_dn.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\pink_and_black_theme\pause_up.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\pink_and_black_theme\play_dn.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\pink_and_black_theme\play_up.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\pink_and_black_theme\question.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\pink_and_black_theme\rewind_dn.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\pink_and_black_theme\rewind_up.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\pink_and_black_theme\splash.png
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\pink_and_black_theme\stop_dn.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\pink_and_black_theme\stop_up.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\pink_and_black_theme\theme.txt
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\pink_and_black_theme\warning.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\pink_theme.lwtp
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\pink_theme\01_star.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\pink_theme\02_star.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\pink_theme\03_star.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\pink_theme\04_star.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\pink_theme\05_star.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\pink_theme\chat.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\pink_theme\dir_closed.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\pink_theme\dir_open.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\pink_theme\forward_dn.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\pink_theme\forward_up.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\pink_theme\kill.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\pink_theme\kill_on.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\pink_theme\lime.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\pink_theme\pause_dn.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\pink_theme\pause_up.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\pink_theme\play_dn.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\pink_theme\play_up.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\pink_theme\question.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\pink_theme\rewind_dn.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\pink_theme\rewind_up.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\pink_theme\splash.png
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\pink_theme\stop_dn.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\pink_theme\stop_up.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\pink_theme\theme.txt
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\pink_theme\warning.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\pinstripes_theme_osx.lwtp
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\pinstripes_theme_osx\01_star.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\pinstripes_theme_osx\02_star.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\pinstripes_theme_osx\03_star.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\pinstripes_theme_osx\04_star.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\pinstripes_theme_osx\05_star.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\pinstripes_theme_osx\chat.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\pinstripes_theme_osx\forward_dn.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\pinstripes_theme_osx\forward_up.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\pinstripes_theme_osx\kill.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\pinstripes_theme_osx\kill_on.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\pinstripes_theme_osx\lime.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\pinstripes_theme_osx\pause_dn.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\pinstripes_theme_osx\pause_up.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\pinstripes_theme_osx\play_dn.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\pinstripes_theme_osx\play_up.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\pinstripes_theme_osx\question.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\pinstripes_theme_osx\rewind_dn.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\pinstripes_theme_osx\rewind_up.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\pinstripes_theme_osx\splash.png
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\pinstripes_theme_osx\stop_dn.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\pinstripes_theme_osx\stop_up.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\pinstripes_theme_osx\theme.txt
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\pinstripes_theme_osx\warning.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\red_theme.lwtp
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\red_theme\01_star.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\red_theme\02_star.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\red_theme\03_star.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\red_theme\04_star.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\red_theme\05_star.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\red_theme\chat.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\red_theme\dir_closed.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\red_theme\dir_open.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\red_theme\forward_dn.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\red_theme\forward_up.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\red_theme\kill.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\red_theme\kill_on.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\red_theme\lime.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\red_theme\pause_dn.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\red_theme\pause_up.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\red_theme\play_dn.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\red_theme\play_up.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\red_theme\question.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\red_theme\rewind_dn.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\red_theme\rewind_up.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\red_theme\splash.png
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\red_theme\stop_dn.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\red_theme\stop_up.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\red_theme\theme.txt
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\red_theme\warning.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\valentine_theme.lwtp
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\valentine_theme\01_star.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\valentine_theme\02_star.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\valentine_theme\03_star.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\valentine_theme\04_star.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\valentine_theme\05_star.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\valentine_theme\chat.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\valentine_theme\dir_closed.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\valentine_theme\dir_open.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\valentine_theme\forward_dn.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\valentine_theme\forward_up.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\valentine_theme\kill.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\valentine_theme\kill_on.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\valentine_theme\lime.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\valentine_theme\pause_dn.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\valentine_theme\pause_up.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\valentine_theme\play_dn.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\valentine_theme\play_up.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\valentine_theme\question.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\valentine_theme\rewind_dn.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\valentine_theme\rewind_up.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\valentine_theme\splash.png
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\valentine_theme\stop_dn.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\valentine_theme\stop_up.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\valentine_theme\theme.txt
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\valentine_theme\warning.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\white_theme.lwtp
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\white_theme\01_star.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\white_theme\02_star.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\white_theme\03_star.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\white_theme\04_star.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\white_theme\05_star.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\white_theme\chat.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\white_theme\dir_closed.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\white_theme\dir_open.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\white_theme\forward_dn.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\white_theme\forward_up.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\white_theme\kill.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\white_theme\kill_on.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\white_theme\lime.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\white_theme\pause_dn.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\white_theme\pause_up.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\white_theme\play_dn.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\white_theme\play_up.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\white_theme\question.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\white_theme\rewind_dn.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\white_theme\rewind_up.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\white_theme\splash.png
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\white_theme\stop_dn.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\white_theme\stop_up.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\white_theme\theme.txt
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\white_theme\warning.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\windows_theme.lwtp
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\windows_theme\01_star.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\windows_theme\02_star.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\windows_theme\03_star.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\windows_theme\04_star.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\windows_theme\05_star.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\windows_theme\chat.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\windows_theme\forward_dn.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\windows_theme\forward_up.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\windows_theme\kill.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\windows_theme\kill_on.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\windows_theme\lime.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\windows_theme\pause_dn.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\windows_theme\pause_up.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\windows_theme\play_dn.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\windows_theme\play_up.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\windows_theme\question.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\windows_theme\rewind_dn.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\windows_theme\rewind_up.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\windows_theme\splash.png
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\windows_theme\stop_dn.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\windows_theme\stop_up.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\windows_theme\theme.txt
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\themes\windows_theme\warning.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\ttree.cache
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\xml\data\audio.sxml
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\xml\data\delete_me
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\xml\misc\application.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\xml\misc\audio.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\xml\misc\document.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\xml\misc\image.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\xml\misc\video.gif
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\xml\schemas\application.xsd
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\xml\schemas\audio.xsd
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\xml\schemas\document.xsd
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\xml\schemas\image.xsd
c:\users\keeghen\AppData\Roaming\LimeWireTurbo\xml\schemas\video.xsd
.
((((((((((((((((((((((((( Files Created from 2010-02-28 to 2010-03-28 )))))))))))))))))))))))))))))))
.
2010-03-28 18:42 . 2010-03-28 18:42 -------- d-----w- c:\users\keeghen\AppData\Local\temp
2010-03-28 18:42 . 2010-03-28 18:42 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-03-28 18:42 . 2010-03-28 18:42 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-03-28 18:23 . 2010-03-28 18:23 -------- d-----w- C:\32788R22FWJFW
2010-03-20 00:51 . 2010-03-20 00:51 -------- d-----w- c:\program files\Trend Micro
2010-03-19 22:35 . 2010-03-19 22:35 -------- d-----w- c:\users\keeghen\AppData\Roaming\Malwarebytes
2010-03-19 22:35 . 2010-01-07 23:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-19 22:35 . 2010-03-19 22:35 -------- d-----w- c:\programdata\Malwarebytes
2010-03-19 22:35 . 2010-03-19 22:35 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-19 22:35 . 2010-01-07 23:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-19 22:31 . 2010-03-19 22:31 509552 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtb3B5D.tmp.exe
2010-03-12 11:01 . 2010-02-20 23:54 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-03-12 11:00 . 2010-02-20 23:51 31232 ----a-w- c:\windows\system32\httpapi.dll
2010-03-12 11:00 . 2010-02-20 21:30 396800 ----a-w- c:\windows\system32\drivers\http.sys
2010-02-28 18:57 . 2010-02-28 18:57 658184 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-28 18:18 . 2007-07-02 12:03 -------- d-----w- c:\program files\HP Games
2010-03-28 18:18 . 2007-07-02 12:03 -------- d-----w- c:\programdata\WildTangent
2010-03-28 18:10 . 2007-07-02 11:04 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-03-28 18:08 . 2009-11-22 19:23 -------- d-----w- c:\program files\WON
2010-03-28 18:07 . 2009-09-02 17:15 -------- d-----w- c:\program files\Zylom Games
2010-03-28 18:07 . 2007-09-02 21:37 -------- d-----w- c:\program files\Hasbro Interactive
2010-03-28 18:05 . 2007-08-30 04:54 -------- d-----w- c:\program files\Nick Arcade
2010-03-28 18:02 . 2006-11-02 12:37 -------- d-----w- c:\program files\Microsoft Games
2010-03-28 17:59 . 2007-12-16 17:55 -------- d-----w- c:\users\keeghen\AppData\Roaming\Atari
2010-03-28 17:59 . 2009-09-02 17:11 -------- d-----w- c:\program files\RealArcade
2010-03-28 00:52 . 2009-12-22 03:59 -------- d-----w- c:\program files\PlaySushi
2010-03-27 01:58 . 2009-02-21 03:40 1356 ----a-w- c:\users\keeghen\AppData\Local\d3d9caps.dat
2010-03-23 01:22 . 2007-07-02 11:24 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-03-20 00:53 . 2007-12-23 19:16 -------- d-----w- c:\program files\Google
2010-03-12 11:18 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-02-25 16:59 . 2010-02-25 16:59 -------- d-----w- c:\program files\DivX
2010-02-25 16:59 . 2010-02-25 16:59 -------- d-----w- c:\program files\Common Files\DivX Shared
2010-02-24 17:16 . 2009-10-06 00:02 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-24 11:22 . 2007-08-14 13:17 151240 ----a-w- c:\users\keeghen\AppData\Local\GDIPFONTCACHEV1.DAT
2010-02-07 04:38 . 2009-11-08 01:01 -------- d-----w- c:\program files\iPod
2010-01-25 12:58 . 2010-02-23 22:16 473088 ----a-w- c:\windows\system32\secproc_isv.dll
2010-01-25 12:58 . 2010-02-23 22:16 154624 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-01-25 12:58 . 2010-02-23 22:16 154112 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-01-25 12:58 . 2010-02-23 22:16 472576 ----a-w- c:\windows\system32\secproc.dll
2010-01-25 12:56 . 2010-02-23 22:16 312320 ----a-w- c:\windows\system32\msdrm.dll
2010-01-25 08:36 . 2010-02-23 22:16 435712 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-01-25 08:36 . 2010-02-23 22:16 515584 ----a-w- c:\windows\system32\RMActivate.exe
2010-01-25 08:36 . 2010-02-23 22:16 431104 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-01-25 08:35 . 2010-02-23 22:16 523776 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-01-23 08:05 . 2010-02-23 22:18 2048 ----a-w- c:\windows\system32\tzres.dll
2007-08-18 10:10 . 2007-08-18 10:10 397312 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.0.6000.16480_none_ef1b6bb652cf8744\WinMail.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-12 1232896]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440]
"CollaborationHost"="c:\windows\system32\p2phost.exe" [2006-11-02 191488]
"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-31 4670704]
"cdloader"="c:\users\keeghen\AppData\Roaming\mjusbsp\cdloader2.exe" [2009-04-10 50520]
"DW6"="c:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe" [2009-10-08 818288]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-05 39408]
"ComcastAntispyClient"="c:\program files\comcasttb\ComcastSpywareScan\ComcastAntispy.exe" [2009-08-19 1589208]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2007-08-18 1006264]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-03-11 159744]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-02-12 174872]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2007-04-24 176128]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-02-13 159744]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2007-03-12 50696]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-03-01 472776]
"WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-10 317128]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-17 49152]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 132496]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-10-29 141600]
"MSN Toolbar"="c:\program files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe" [2009-12-09 240992]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-07-17 288080]
"ddoctorv2"="c:\program files\Comcast\Desktop Doctor\bin\sprtcmd.exe" [2008-04-24 202560]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-12 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-12 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-12 133656]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-01-07 1394000]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\windows\SMINST\launcher.exe" [2006-11-08 44128]
c:\users\keeghen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Nikon Monitor.lnk - c:\program files\Common Files\Nikon\Monitor\NkMonitor.exe [2007-5-15 479232]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
R2 gupdate1ca2bf0da1cdaf0;Google Update Service (gupdate1ca2bf0da1cdaf0);c:\program files\Google\Update\GoogleUpdate.exe [2009-09-02 133104]
R3 mr97310c;CIF Dual-Mode Camera;c:\windows\system32\DRIVERS\mr97310c.sys [2008-03-27 116992]
R3 netr73;Linksys Compact Wireless-G USB Adapter Driver for Vista;c:\windows\system32\DRIVERS\WUSB54GCx86.sys [2007-03-12 256000]
S2 AntiSpywareService;Comcast AntiSpyware;c:\program files\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe [2009-06-17 616408]
S3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-11-17 3668480]
--- Other Services/Drivers In Memory ---
*Deregistered* - secdrv
.
Contents of the 'Scheduled Tasks' folder
2010-03-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-02 17:14]
2010-03-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-02 17:14]
2010-03-28 c:\windows\Tasks\User_Feed_Synchronization-{7E7675EB-E364-4B5A-9FC2-1EE67EEB0CA6}.job
- c:\windows\system32\msfeedssync.exe [2006-11-02 09:45]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2077543
mStart Page = hxxp://www.comcast.net/
mWindow Title = Windows Internet Explorer provided by Comcast
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
FF - ProfilePath - c:\users\keeghen\AppData\Roaming\Mozilla\Firefox\Profiles\lla6vrs0.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1269415&SearchSource=3&q=
FF - prefs.js: browser.search.selectedEngine - P2P_Energy Customized Web Search
FF - component: c:\program files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\components\SEPsearchhelperff.dll
FF - component: c:\users\keeghen\AppData\Roaming\Mozilla\Firefox\Profiles\lla6vrs0.default\extensions\{038cb5c7-48ea-4af9-94e0-a1646542e62b}\components\FFAlert.dll
FF - component: c:\users\keeghen\AppData\Roaming\Mozilla\Firefox\Profiles\lla6vrs0.default\extensions\{2bae58c2-79f9-45d1-a286-81f911301c3a}\components\FFAlert.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npzylomgamesplayer.dll
FF - plugin: c:\program files\MSN Toolbar\Platform\4.0.0379.0\npwinext.dll
FF - plugin: c:\program files\Unity\WebPlayer\loader\npUnity3D32.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
pref(dom.disable_open_during_load, false);.
- - - - ORPHANS REMOVED - - - -
AddRemove-WildTangent hplaptop Master Uninstall - c:\program files\HP Games\Uninstall.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-28 11:42
Windows 6.0.6000 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(748)
c:\program files\CA\PPRT\bin\CACheck.dll
c:\program files\CA\PPRT\bin\CAHook.dll
c:\program files\CA\PPRT\bin\CAServer.dll
.
Completion time: 2010-03-28 11:48:02
ComboFix-quarantined-files.txt 2010-03-28 18:47
ComboFix2.txt 2010-03-28 01:01
Pre-Run: 91,744,428,032 bytes free
Post-Run: 90,150,326,272 bytes free
- - End Of File - - 14DD680BF082441B90C55706383461AD
-
combofix log posted in 2 separate posts due to length. I tried attaching. said file was to large.
-
Hi,
You need to get Adobe Reader update 9.3.1 too.
Delete these folders:
C:\Users\keeghen\Documents\LimeWire
C:\Users\keeghen\Incomplete
and files:
C:\Users\keeghen\Shared\already gone kelly clackson.wma
C:\Users\keeghen\Shared\kiss me throu tne phone.wma
C:\Users\keeghen\Shared\kiss me through tne phone.wma
C:\Users\keeghen\Shared\numa numa.wma
C:\Users\keeghen\Shared\onetry.wma
How is the system running now?
-
I thought I downloaded the reader. I will try downloading the MUI one 279mb
I deleted the limewire folder.
I am attempting to delete the items in the shared folder under C:/users/keeghen/shared
as soon as I open the C:/ drive the computer freezes and i get a pop up that says windows explorer has stopped working. screen goes blank and then closes the window and shows the normal desktop.
I do have a few seconds to scroll down in the C:/ drive and it seems there are just TONS of random files. literally 1000s