Welcome to Tech Support Forum home to more then 136,000 problems solved. Issues have included: Spyware, Malware, Virus Issues, Windows, Microsoft, Linux, Networking, Security, Hardware, and Gaming Getting your problem solved is as easy as:
1. Registering for a free account
2. Asking your question
3. Receiving an answer

Registered members:
* Get free support
* Communicate privately with other members (PM).
* Removal of this message
* See fewer ads.
* And much more..

 




Want to know how to post a question? click here Having problems with spyware and pop-ups? First Steps
Go Back   Tech Support Forum > Security Center > HijackThis Log Help > Resolved HJT Threads
Help with constant pop ups Help with constant pop ups
User Name
Password
Site Map Register Donate Rules Blogs Mark Forums Read

Resolved HJT Threads Resolved spyware and popup issues.

 
Page 2 of 2 < 1 2
 
Thread Tools
Old 07-08-2008, 04:38 PM   #21 (permalink)
Registered User
 
Join Date: Jun 2008
Posts: 21
OS: XP sp2


Re: Help with constant pop ups
Sorry about all the posts, when i was copy/paste it would tell me that I had 70+ images and were only allowed 25, I did it in pieces then saw that there were smilies in post, which I did not put in!! What is that??? so I am sure it is all there!! thanks
jimmydime is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 07-08-2008, 04:45 PM   #22 (permalink)
Manager, Security Center, TSF Academy; Analyst, Security Team
 
tetonbob's Avatar
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 25,547
OS: 2000 Pro; XP Pro; XP Home


Re: Help with constant pop ups
Sometimes, items within the logs get translated as smileys. There's a disable smileys in text box you can check in the reply window.

Another option if that happens is to attach the log.

Thanks, that's the log I wanted to see. It shows the deletions from the original script, and also gives me an idea of the name of the zipped file on your desktop. Let's try this again, please.

There should be a file on your desktop named as such:

[4]-Submit_2008-07-02@19.50.zip

Please upload it to this site:

http://www.bleepingcomputer.com/subm....php?channel=4

Use the Browse button to navigate to the file on your desktop.

Once it shows:
Quote:
Your file was successfully submitted. Please let the user helping you know that you have submitted the file.

Post back here and let me know. We'll continue then.
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of ASAP since 2005
Proud Member of UNITE since 2006
Our help is voluntary, but this site needs donations to operate.
Please consider Donating to the Forum.

Please do not ask for help via Private Message. Ask in the forums, so all may gain from the experience.
tetonbob is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 07-09-2008, 06:09 AM   #23 (permalink)
Registered User
 
Join Date: Jun 2008
Posts: 21
OS: XP sp2


Re: Help with constant pop ups
OK I sent the file and it confirmed!
thanks
jimmydime is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 07-09-2008, 08:51 AM   #24 (permalink)
Manager, Security Center, TSF Academy; Analyst, Security Team
 
tetonbob's Avatar
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 25,547
OS: 2000 Pro; XP Pro; XP Home


Re: Help with constant pop ups
Thanks for uploading the file. Please now delete [4]-Submit_2008-07-02@19.49.zip from your desktop.

Open HijackThis and click on 'Do a System Scan Only'. Place a check next to the following entries if they exist (make sure you do not miss any) and click Fix Checked


O4 - HKUS\S-1-5-21-1960408961-1220945662-682003330-1005\..\Run: [multibits] C:\DOCUME~1\Kody\APPLIC~1\PING01~1\4fast.exe (User '?')
O4 - S-1-5-21-1960408961-1220945662-682003330-1005 Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe (User '?')
O4 - S-1-5-21-1960408961-1220945662-682003330-1013 Startup: LimeWire On Startup.lnk = H:\Program Files\LimeWire\LimeWire.exe (User '?')
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbar...p=ZCxdm793MFCA



Close HijackThis now.

---------------------------------------------------------------------------------------------

ComboFix is updated frequently. Please delete your current version, and get a new copy from one of the links below, and save it to your desktop.

Download ComboFix from one of these locations:

Link 1
Link 2
Link 3

Open notepad and copy/paste the text in the quotebox below into it:

Quote:
Folder::
H:\Documents and Settings\Kody\Application Data\Ping 01 Settings
H:\Documents and Settings\Kyle-Family Computer\Application Data\Remote Spam Second
H:\Documents and Settings\Stacy\Application Data\Remote Spam Second
H:\Documents and Settings\Stacy\Application Data\Ping 01 Settings
H:\Documents and Settings\Kody.KYLE.001\Application Data\LimeWire
H:\Program Files\LimeWire
H:\Documents and Settings\Stacy\Application Data\LimeWire
H:\Documents and Settings\Kody\Application Data\LimeWire
H:\Documents and Settings\Kyle-Family Computer\Application Data\Limewire
H:\Documents and Settings\Tiara and Kody\Application Data\LimeWire

File::
H:\Documents and Settings\Tiara and Kody\Start Menu\Programs\Startup\LimeWire On Startup.lnk
H:\Documents and Settings\Kody.KYLE.000\Start Menu\Programs\Startup\LimeWire On Startup.lnk
H:\Documents and Settings\Kody.KYLE.001\Start Menu\Programs\Startup\LimeWire On Startup.lnk

Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"H:\\Program Files\\LimeWire\\LimeWire.exe"=-
Save this as CFScript.txt




Refering to the picture above, drag CFScript.txt into ComboFix.exe

When finished, it shall produce a log for you, C:\ComboFix.txt. Post that log in your next reply.

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

---------------------------------------------------------------------------------------------

Open HijackThis and click on 'Do a System Scan and save a Logfile'. Save the log file and post it here.

---------------------------------------------------------------------------------------------
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of ASAP since 2005
Proud Member of UNITE since 2006
Our help is voluntary, but this site needs donations to operate.
Please consider Donating to the Forum.

Please do not ask for help via Private Message. Ask in the forums, so all may gain from the experience.
tetonbob is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 07-10-2008, 05:13 AM   #25 (permalink)
Registered User
 
Join Date: Jun 2008
Posts: 21
OS: XP sp2


Re: Help with constant pop ups
Ok lets try this :

ComboFix 08-07-08.9 - Stacy 2008-07-10 7:19:09.4 - NTFSx86
Running from: H:\Documents and Settings\Stacy\Desktop\ComboFix.exe
Command switches used :: H:\Documents and Settings\Stacy\Desktop\CFScript.txt
* Created a new restore point

FILE ::
H:\Documents and Settings\Kody.KYLE.000\Start Menu\Programs\Startup\LimeWire On Startup.lnk
H:\Documents and Settings\Kody.KYLE.001\Start Menu\Programs\Startup\LimeWire On Startup.lnk
H:\Documents and Settings\Tiara and Kody\Start Menu\Programs\Startup\LimeWire On Startup.lnk
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

H:\Documents and Settings\Kody.KYLE.000\Start Menu\Programs\Startup\LimeWire On Startup.lnk
H:\Documents and Settings\Kody.KYLE.001\Application Data\LimeWire
H:\Documents and Settings\Kody.KYLE.001\Application Data\LimeWire\createtimes.cache
H:\Documents and Settings\Kody.KYLE.001\Application Data\LimeWire\downloads.dat
H:\Documents and Settings\Kody.KYLE.001\Application Data\LimeWire\fileurns.bak
H:\Documents and Settings\Kody.KYLE.001\Application Data\LimeWire\fileurns.cache
H:\Documents and Settings\Kody.KYLE.001\Application Data\LimeWire\filters.props
H:\Documents and Settings\Kody.KYLE.001\Application Data\LimeWire\gnutella.net
H:\Documents and Settings\Kody.KYLE.001\Application Data\LimeWire\installation.props
H:\Documents and Settings\Kody.KYLE.001\Application Data\LimeWire\library.dat
H:\Documents and Settings\Kody.KYLE.001\Application Data\LimeWire\limewire.props
H:\Documents and Settings\Kody.KYLE.001\Application Data\LimeWire\mojito.props
H:\Documents and Settings\Kody.KYLE.001\Application Data\LimeWire\promotion\promodb.data
H:\Documents and Settings\Kody.KYLE.001\Application Data\LimeWire\promotion\promodb.lck
H:\Documents and Settings\Kody.KYLE.001\Application Data\LimeWire\promotion\promodb.log
H:\Documents and Settings\Kody.KYLE.001\Application Data\LimeWire\promotion\promodb.properties
H:\Documents and Settings\Kody.KYLE.001\Application Data\LimeWire\promotion\promodb.script
H:\Documents and Settings\Kody.KYLE.001\Application Data\LimeWire\questions.props
H:\Documents and Settings\Kody.KYLE.001\Application Data\LimeWire\responses.cache
H:\Documents and Settings\Kody.KYLE.001\Application Data\LimeWire\simpp.xml
H:\Documents and Settings\Kody.KYLE.001\Application Data\LimeWire\spam.dat
H:\Documents and Settings\Kody.KYLE.001\Application Data\LimeWire\tables.props
H:\Documents and Settings\Kody.KYLE.001\Application Data\LimeWire\themes\windows_theme.lwtp
H:\Documents and Settings\Kody.KYLE.001\Application Data\LimeWire\themes\windows_theme\01_star.gif
H:\Documents and Settings\Kody.KYLE.001\Application Data\LimeWire\themes\windows_theme\02_star.gif
H:\Documents and Settings\Kody.KYLE.001\Application Data\LimeWire\themes\windows_theme\03_star.gif
H:\Documents and Settings\Kody.KYLE.001\Application Data\LimeWire\themes\windows_theme\04_star.gif
H:\Documents and Settings\Kody.KYLE.001\Application Data\LimeWire\themes\windows_theme\05_star.gif
H:\Documents and Settings\Kody.KYLE.001\Application Data\LimeWire\themes\windows_theme\chat.gif
H:\Documents and Settings\Kody.KYLE.001\Application Data\LimeWire\themes\windows_theme\forward_dn.gif
H:\Documents and Settings\Kody.KYLE.001\Application Data\LimeWire\themes\windows_theme\forward_up.gif
H:\Documents and Settings\Kody.KYLE.001\Application Data\LimeWire\themes\windows_theme\kill.gif
H:\Documents and Settings\Kody.KYLE.001\Application Data\LimeWire\themes\windows_theme\kill_on.gif
H:\Documents and Settings\Kody.KYLE.001\Application Data\LimeWire\themes\windows_theme\pause_dn.gif
H:\Documents and Settings\Kody.KYLE.001\Application Data\LimeWire\themes\windows_theme\pause_up.gif
H:\Documents and Settings\Kody.KYLE.001\Application Data\LimeWire\themes\windows_theme\play_dn.gif
H:\Documents and Settings\Kody.KYLE.001\Application Data\LimeWire\themes\windows_theme\play_up.gif
H:\Documents and Settings\Kody.KYLE.001\Application Data\LimeWire\themes\windows_theme\question.gif
H:\Documents and Settings\Kody.KYLE.001\Application Data\LimeWire\themes\windows_theme\rewind_dn.gif
H:\Documents and Settings\Kody.KYLE.001\Application Data\LimeWire\themes\windows_theme\rewind_up.gif
H:\Documents and Settings\Kody.KYLE.001\Application Data\LimeWire\themes\windows_theme\stop_dn.gif
H:\Documents and Settings\Kody.KYLE.001\Application Data\LimeWire\themes\windows_theme\stop_up.gif
H:\Documents and Settings\Kody.KYLE.001\Application Data\LimeWire\themes\windows_theme\theme.txt
H:\Documents and Settings\Kody.KYLE.001\Application Data\LimeWire\themes\windows_theme\version.txt
H:\Documents and Settings\Kody.KYLE.001\Application Data\LimeWire\themes\windows_theme\warning.gif
H:\Documents and Settings\Kody.KYLE.001\Application Data\LimeWire\version.xml
H:\Documents and Settings\Kody.KYLE.001\Application Data\LimeWire\versions.props
H:\Documents and Settings\Kody.KYLE.001\Application Data\LimeWire\xml\data\audio.sxml2
H:\Documents and Settings\Kody.KYLE.001\Start Menu\Programs\Startup\LimeWire On Startup.lnk
H:\Documents and Settings\Kody\Application Data\LimeWire
H:\Documents and Settings\Kody\Application Data\LimeWire\.NetworkShare\LimeWireWin4.14.7.exe
H:\Documents and Settings\Kody\Application Data\LimeWire\412splashfree.png
H:\Documents and Settings\Kody\Application Data\LimeWire\createtimes.cache
H:\Documents and Settings\Kody\Application Data\LimeWire\data.ser
H:\Documents and Settings\Kody\Application Data\LimeWire\fileurns.bak
H:\Documents and Settings\Kody\Application Data\LimeWire\fileurns.cache
H:\Documents and Settings\Kody\Application Data\LimeWire\filters.props
H:\Documents and Settings\Kody\Application Data\LimeWire\gnutella.net
H:\Documents and Settings\Kody\Application Data\LimeWire\installation.props
H:\Documents and Settings\Kody\Application Data\LimeWire\library.dat
H:\Documents and Settings\Kody\Application Data\LimeWire\limewire.props
H:\Documents and Settings\Kody\Application Data\LimeWire\pub1.key
H:\Documents and Settings\Kody\Application Data\LimeWire\public.key
H:\Documents and Settings\Kody\Application Data\LimeWire\questions.props
H:\Documents and Settings\Kody\Application Data\LimeWire\responses.cache
H:\Documents and Settings\Kody\Application Data\LimeWire\secureMessage.key
H:\Documents and Settings\Kody\Application Data\LimeWire\simpp.xml
H:\Documents and Settings\Kody\Application Data\LimeWire\spam.dat
H:\Documents and Settings\Kody\Application Data\LimeWire\tables.props
H:\Documents and Settings\Kody\Application Data\LimeWire\themes\black_theme.lwtp
H:\Documents and Settings\Kody\Application Data\LimeWire\themes\black_theme\01_star.gif
H:\Documents and Settings\Kody\Application Data\LimeWire\themes\black_theme\02_star.gif
H:\Documents and Settings\Kody\Application Data\LimeWire\themes\black_theme\03_star.gif
H:\Documents and Settings\Kody\Application Data\LimeWire\themes\black_theme\04_star.gif
H:\Documents and Settings\Kody\Application Data\LimeWire\themes\black_theme\05_star.gif
H:\Documents and Settings\Kody\Application Data\LimeWire\themes\black_theme\chat.gif
H:\Documents and Settings\Kody\Application Data\LimeWire\themes\black_theme\dir_closed.gif
H:\Documents and Settings\Kody\Application Data\LimeWire\themes\black_theme\dir_open.gif
H:\Documents and Settings\Kody\Application Data\LimeWire\themes\black_theme\forward_dn.gif
H:\Documents and Settings\Kody\Application Data\LimeWire\themes\black_theme\forward_up.gif
H:\Documents and Settings\Kody\Application Data\LimeWire\themes\black_theme\kill.gif
H:\Documents and Settings\Kody\Application Data\LimeWire\themes\black_theme\kill_on.gif
H:\Documents and Settings\Kody\Application Data\LimeWire\themes\black_theme\lime.gif
H:\Documents and Settings\Kody\Application Data\LimeWire\themes\black_theme\logo.gif
H:\Documents and Settings\Kody\Application Data\LimeWire\themes\black_theme\notsearching.gif
H:\Documents and Settings\Kody\Application Data\LimeWire\themes\black_theme\pause_dn.gif
H:\Documents and Settings\Kody\Application Data\LimeWire\themes\black_theme\pause_up.gif
H:\Documents and Settings\Kody\Application Data\LimeWire\themes\black_theme\play_dn.gif
H:\Documents and Settings\Kody\Application Data\LimeWire\themes\black_theme\play_up.gif
H:\Documents and Settings\Kody\Application Data\LimeWire\themes\black_theme\question.gif
H:\Documents and Settings\Kody\Application Data\LimeWire\themes\black_theme\rewind_dn.gif
H:\Documents and Settings\Kody\Application Data\LimeWire\themes\black_theme\rewind_up.gif
H:\Documents and Settings\Kody\Application Data\LimeWire\themes\black_theme\searching.gif
H:\Documents and Settings\Kody\Application Data\LimeWire\themes\black_theme\splash.png
H:\Documents and Settings\Kody\Application Data\LimeWire\themes\black_theme\splashpro.png
H:\Documents and Settings\Kody\Application Data\LimeWire\themes\black_theme\stop_dn.gif
H:\Documents and Settings\Kody\Application Data\LimeWire\themes\black_theme\stop_up.gif
H:\Documents and Settings\Kody\Application Data\LimeWire\themes\black_theme\theme.txt
H:\Documents and Settings\Kody\Application Data\LimeWire\themes\black_theme\warning.gif
H:\Documents and Settings\Kody\Application Data\LimeWire\themes\classic_theme.lwtp
H:\Documents and Settings\Kody\Application Data\LimeWire\themes\classic_theme\01_star.gif
H:\Documents and Settings\Kody\Application Data\LimeWire\themes\classic_theme\02_star.gif
H:\Documents and Settings\Kody\Application Data\LimeWire\themes\classic_theme\03_star.gif
H:\Documents and Settings\Kody\Application Data\LimeWire\themes\classic_theme\04_star.gif
H:\Documents and Settings\Kody\Application Data\LimeWire\themes\classic_theme\05_star.gif
H:\Documents and Settings\Kody\Application Data\LimeWire\themes\classic_theme\chat.gif
H:\Documents and Settings\Kody\Application Data\LimeWire\themes\classic_theme\dir_closed.gif
H:\Documents and Settings\Kody\Application Data\LimeWire\themes\classic_theme\dir_open.gif
H:\Documents and Settings\Kody\Application Data\LimeWire\themes\classic_theme\forward_dn.gif
H:\Documents and Settings\Kody\Application Data\LimeWire\themes\classic_theme\forward_up.gif
H:\Documents and Settings\Kody\Application Data\LimeWire\themes\classic_theme\kill.gif
H:\Documents and Settings\Kody\Application Data\LimeWire\themes\classic_theme\logo.gif
H:\Documents and Settings\Kody\Application Data\LimeWire\themes\classic_theme\notsearching.gif
H:\Documents and Settings\Kody\Application Data\LimeWire\themes\classic_theme\pause_dn.gif
H:\Documents and Settings\Kody\Application Data\LimeWire\themes\classic_theme\pause_up.gif
H:\Documents and Settings\Kody\Application Data\LimeWire\themes\classic_theme\play_dn.gif
H:\Documents and Settings\Kody\Application Data\LimeWire\themes\classic_theme\play_up.gif
H:\Documents and Settings\Kody\Application Data\LimeWire\themes\classic_theme\question.gif
H:\Documents and Settings\Kody\Application Data\LimeWire\themes\classic_theme\rewind_dn.gif
H:\Documents and Settings\Kody\Application Data\LimeWire\themes\classic_theme\rewind_up.gif
H:\Documents and Settings\Kody\Application Data\LimeWire\themes\classic_theme\search.gif
H:\Documents and Settings\Kody\Application Data\LimeWire\themes\classic_theme\searching.gif
H:\Documents and Settings\Kody\Application Data\LimeWire\themes\classic_theme\splash.png
H:\Documents and Settings\Kody\Application Data\LimeWire\themes\classic_theme\splashpro.png
H:\Documents and Settings\Kody\Application Data\LimeWire\themes\classic_theme\stop_dn.gif
H:\Documents and Settings\Kody\Application Data\LimeWire\themes\classic_theme\stop_up.gif
H:\Documents and Settings\Kody\Application Data\LimeWire\themes\classic_theme\theme.txt
H:\Documents and Settings\Kody\Application Data\LimeWire\themes\classic_theme\warning.gif
H:\Documents and Settings\Kody\Application Data\LimeWire\themes\limewire_theme.lwtp
H:\Documents and Settings\Kody\Application Data\LimeWire\themes\limewire_theme\01_star.gif
H:\Documents and Settings\Kody\Application Data\LimeWire\themes\limewire_theme\02_star.gif
H:\Documents and Settings\Kody\Application Data\LimeWire\themes\limewire_theme\03_star.gif
H:\Documents and Settings\Kody\Application Data\LimeWire\themes\limewire_theme\04_star.gif
H:\Documents and Settings\Kody\Application Data\LimeWire\themes\limewire_theme\05_star.gif
H:\Documents and Settings\Kody\Application Data\LimeWire\themes\limewire_theme\chat.gif
H:\Documents and Settings\Kody\Application Data\LimeWire\themes\limewire_theme\dir_closed.gif
H:\Documents and Settings\Kody\Application Data\LimeWire\themes\limewire_theme\dir_open.gif
H:\Documents and Settings\Kody\Application Data\LimeWire\themes\limewire_theme\forward_dn.gif
H:\Documents and Settings\Kody\Application Data\LimeWire\themes\limewire_theme\forward_up.gif
H:\Documents and Settings\Kody\Application Data\LimeWire\themes\limewire_theme\kill.gif
H:\Documents and Settings\Kody\Application Data\LimeWire\themes\limewire_theme\kill_on.gif
H:\Documents and Settings\Kody\Application Data\LimeWire\themes\limewire_theme\lime.gif
H:\Documents and Settings\Kody\Application Data\LimeWire\themes\limewire_theme\logo.gif
H:\Documents and Settings\Kody\Application Data\LimeWire\themes\limewire_theme\notsearching.gif
H:\Documents and Settings\Kody\Application Data\LimeWire\themes\limewire_theme\pause_dn.gif
H:\Documents and Settings\Kody\Application Data\LimeWire\themes\limewire_theme\pause_up.gif
H:\Documents and Settings\Kody\Application Data\LimeWire\themes\limewire_theme\play_dn.gif
H:\Documents and Settings\Kody\Application Data\LimeWire\themes\limewire_theme\play_up.gif
H:\Documents and Settings\Kody\Application Data\LimeWire\themes\limewire_theme\question.gif
H:\Documents and Settings\Kody\Application Data\LimeWire\themes\limewire_theme\rewind_dn.gif
H:\Documents and Settings\Kody\Application Data\LimeWire\themes\limewire_theme\rewind_up.gif
H:\Documents and Settings\Kody\Application Data\LimeWire\themes\limewire_theme\searching.gif
H:\Documents and Settings\Kody\Application Data\LimeWire\themes\limewire_theme\splash.png
H:\Documents and Settings\Kody\Application Data\LimeWire\themes\limewire_theme\splashpro.png
H:\Documents and Settings\Kody\Application Data\LimeWire\themes\limewire_theme\stop_dn.gif
H:\Documents and Settings\Kody\Application Data\LimeWire\themes\limewire_theme\stop_up.gif
H:\Documents and Settings\Kody\Application Data\LimeWire\themes\limewire_theme\theme.txt
H:\Documents and Settings\Kody\Application Data\LimeWire\themes\limewire_theme\warning.gif
H:\Documents and Settings\Kody\Application Data\LimeWire\themes\other_theme.lwtp
H:\Documents and Settings\Kody\Application Data\LimeWire\themes\other_theme\01_star.gif
H:\Documents and Settings\Kody\Application Data\LimeWire\themes\other_theme\02_star.gif
H:\Documents and Settings\Kody\Application Data\LimeWire\themes\other_theme\03_star.gif
H:\Documents and Settings\Kody\Application Data\LimeWire\themes\other_theme\04_star.gif
H:\Documents and Settings\Kody\Application Data\LimeWire\themes\other_theme\05_star.gif
H:\Documents and Settings\Kody\Application Data\LimeWire\themes\other_theme\chat.gif
H:\Documents and Settings\Kody\Application Data\LimeWire\themes\other_theme\forward_dn.gif
H:\Documents and Settings\Kody\Application Data\LimeWire\themes\other_theme\forward_up.gif
H:\Documents and Settings\Kody\Application Data\LimeWire\themes\other_theme\kill.gif
H:\Documents and Settings\Kody\Application Data\LimeWire\themes\other_theme\kill_on.gif
H:\Documents and Settings\Kody\Application Data\LimeWire\themes\other_theme\logo.png
H:\Documents and Settings\Kody\Application Data\LimeWire\themes\other_theme\notsearching.png
H:\Documents and Settings\Kody\Application Data\LimeWire\themes\other_theme\pause_dn.gif
H:\Documents and Settings\Kody\Application Data\LimeWire\themes\other_theme\pause_up.gif
H:\Documents and Settings\Kody\Application Data\LimeWire\themes\other_theme\play_dn.gif
H:\Documents and Settings\Kody\Application Data\LimeWire\themes\other_theme\play_up.gif
H:\Documents and Settings\Kody\Application Data\LimeWire\themes\other_theme\question.gif
H:\Documents and Settings\Kody\Application Data\LimeWire\themes\other_theme\rewind_dn.gif
H:\Documents and Settings\Kody\Application Data\LimeWire\themes\other_theme\rewind_up.gif
H:\Documents and Settings\Kody\Application Data\LimeWire\themes\other_theme\searching.gif
H:\Documents and Settings\Kody\Application Data\LimeWire\themes\other_theme\splash.png
H:\Documents and Settings\Kody\Application Data\LimeWire\themes\other_theme\splashpro.png
H:\Documents and Settings\Kody\Application Data\LimeWire\themes\other_theme\stop_dn.gif
H:\Documents and Settings\Kody\Application Data\LimeWire\themes\other_theme\stop_up.gif
H:\Documents and Settings\Kody\Application Data\LimeWire\themes\other_theme\theme.txt
H:\Documents and Settings\Kody\Application Data\LimeWire\themes\other_theme\warning.gif
H:\Documents and Settings\Kody\Application Data\LimeWire\themes\windows_theme.lwtp
H:\Documents and Settings\Kody\Application Data\LimeWire\themes\windows_theme\01_star.gif
H:\Documents and Settings\Kody\Application Data\LimeWire\themes\windows_theme\02_star.gif
H:\Documents and Settings\Kody\Application Data\LimeWire\themes\windows_theme\03_star.gif
H:\Documents and Settings\Kody\Application Data\LimeWire\themes\windows_theme\04_star.gif
H:\Documents and Settings\Kody\Application Data\LimeWire\themes\windows_theme\05_star.gif
H:\Documents and Settings\Kody\Application Data\LimeWire\themes\windows_theme\chat.gif
H:\Documents and Settings\Kody\Application Data\LimeWire\themes\windows_theme\forward_dn.gif
H:\Documents and Settings\Kody\Application Data\LimeWire\themes\windows_theme\forward_up.gif
H:\Documents and Settings\Kody\Application Data\LimeWire\themes\windows_theme\kill.gif
H:\Documents and Settings\Kody\Application Data\LimeWire\themes\windows_theme\kill_on.gif
H:\Documents and Settings\Kody\Application Data\LimeWire\themes\windows_theme\logo.png
H:\Documents and Settings\Kody\Application Data\LimeWire\themes\windows_theme\notsearching.png
H:\Documents and Settings\Kody\Application Data\LimeWire\themes\windows_theme\pause_dn.gif
H:\Documents and Settings\Kody\Application Data\LimeWire\themes\windows_theme\pause_up.gif
H:\Documents and Settings\Kody\Application Data\LimeWire\themes\windows_theme\play_dn.gif
H:\Documents and Settings\Kody\Application Data\LimeWire\themes\windows_theme\play_up.gif
H:\Documents and Settings\Kody\Application Data\LimeWire\themes\windows_theme\question.gif
H:\Documents and Settings\Kody\Application Data\LimeWire\themes\windows_theme\rewind_dn.gif
H:\Documents and Settings\Kody\Application Data\LimeWire\themes\windows_theme\rewind_up.gif
H:\Documents and Settings\Kody\Application Data\LimeWire\themes\windows_theme\searching.gif
H:\Documents and Settings\Kody\Application Data\LimeWire\themes\windows_theme\splash.png
H:\Documents and Settings\Kody\Application Data\LimeWire\themes\windows_theme\splashpro.png
H:\Documents and Settings\Kody\Application Data\LimeWire\themes\windows_theme\stop_dn.gif
H:\Documents and Settings\Kody\Application Data\LimeWire\themes\windows_theme\stop_up.gif
H:\Documents and Settings\Kody\Application Data\LimeWire\themes\windows_theme\theme.txt
H:\Documents and Settings\Kody\Application Data\LimeWire\themes\windows_theme\warning.gif
H:\Documents and Settings\Kody\Application Data\LimeWire\ttree.cache
H:\Documents and Settings\Kody\Application Data\LimeWire\update.xml
H:\Documents and Settings\Kody\Application Data\LimeWire\version.key
H:\Documents and Settings\Kody\Application Data\LimeWire\version.xml
H:\Documents and Settings\Kody\Application Data\LimeWire\xml\data\delete_me
H:\Documents and Settings\Kody\Application Data\LimeWire\xml\misc\application.gif
H:\Documents and Settings\Kody\Application Data\LimeWire\xml\misc\audio.gif
H:\Documents and Settings\Kody\Application Data\LimeWire\xml\misc\document.gif
H:\Documents and Settings\Kody\Application Data\LimeWire\xml\misc\image.gif
H:\Documents and Settings\Kody\Application Data\LimeWire\xml\misc\video.gif
H:\Documents and Settings\Kody\Application Data\LimeWire\xml\schemas\application.xsd
H:\Documents and Settings\Kody\Application Data\LimeWire\xml\schemas\audio.xsd
H:\Documents and Settings\Kody\Application Data\LimeWire\xml\schemas\document.xsd
H:\Documents and Settings\Kody\Application Data\LimeWire\xml\schemas\image.xsd
H:\Documents and Settings\Kody\Application Data\LimeWire\xml\schemas\video.xsd
H:\Documents and Settings\Kody\Application Data\Ping 01 Settings
H:\Documents and Settings\Kody\Application Data\Ping 01 Settings\39F188C4
H:\Documents and Settings\Kyle-Family Computer\Application Data\Limewire
H:\Documents and Settings\Kyle-Family Computer\Application Data\Limewire\.NetworkShare\LimeWireWin4.16.6.exe
H:\Documents and Settings\Kyle-Family Computer\Application Data\Limewire\createtimes.cache
H:\Documents and Settings\Kyle-Family Computer\Application Data\Limewire\data.ser
H:\Documents and Settings\Kyle-Family Computer\Application Data\Limewire\fileurns.bak
H:\Documents and Settings\Kyle-Family Computer\Application Data\Limewire\fileurns.cache
H:\Documents and Settings\Kyle-Family Computer\Application Data\Limewire\filters.props
H:\Documents and Settings\Kyle-Family Computer\Application Data\Limewire\gnutella.net
H:\Documents and Settings\Kyle-Family Computer\Application Data\Limewire\installation.props
H:\Documents and Settings\Kyle-Family Computer\Application Data\Limewire\library.dat
H:\Documents and Settings\Kyle-Family Computer\Application Data\Limewire\limewire.props
H:\Documents and Settings\Kyle-Family Computer\Application Data\Limewire\mojito.props
H:\Documents and Settings\Kyle-Family Computer\Application Data\Limewire\pub1.key
H:\Documents and Settings\Kyle-Family Computer\Application Data\Limewire\public.key
H:\Documents and Settings\Kyle-Family Computer\Application Data\Limewire\questions.props
H:\Documents and Settings\Kyle-Family Computer\Application Data\Limewire\responses.cache
H:\Documents and Settings\Kyle-Family Computer\Application Data\Limewire\secureMessage.key
H:\Documents and Settings\Kyle-Family Computer\Application Data\Limewire\simpp.xml
H:\Documents and Settings\Kyle-Family Computer\Application Data\Limewire\spam.dat
H:\Documents and Settings\Kyle-Family Computer\Application Data\Limewire\tables.props
H:\Documents and Settings\Kyle-Family Computer\Application Data\Limewire\themes\black_theme.lwtp
H:\Documents and Settings\Kyle-Family Computer\Application Data\Limewire\themes\black_theme\theme.txt
H:\Documents and Settings\Kyle-Family Computer\Application Data\Limewire\themes\classic_theme.lwtp
H:\Documents and Settings\Kyle-Family Computer\Application Data\Limewire\themes\classic_theme\theme.txt
H:\Documents and Settings\Kyle-Family Computer\Application Data\Limewire\themes\limewire_theme.lwtp
H:\Documents and Settings\Kyle-Family Computer\Application Data\Limewire\themes\limewire_theme\theme.txt
H:\Documents and Settings\Kyle-Family Computer\Application Data\Limewire\themes\other_theme.lwtp
H:\Documents and Settings\Kyle-Family Computer\Application Data\Limewire\themes\other_theme\theme.txt
H:\Documents and Settings\Kyle-Family Computer\Application Data\Limewire\themes\windows_theme.lwtp
H:\Documents and Settings\Kyle-Family Computer\Application Data\Limewire\themes\windows_theme\theme.txt
H:\Documents and Settings\Kyle-Family Computer\Application Data\Limewire\themes\windows_theme\version.txt
H:\Documents and Settings\Kyle-Family Computer\Application Data\Limewire\ttree.cache
H:\Documents and Settings\Kyle-Family Computer\Application Data\Limewire\ttrees.cache
H:\Documents and Settings\Kyle-Family Computer\Application Data\Limewire\ttroot.cache
H:\Documents and Settings\Kyle-Family Computer\Application Data\Limewire\update.xml
H:\Documents and Settings\Kyle-Family Computer\Application Data\Limewire\version.key
H:\Documents and Settings\Kyle-Family Computer\Application Data\Limewire\version.xml
H:\Documents and Settings\Kyle-Family Computer\Application Data\Limewire\xml\data\delete_me
H:\Documents and Settings\Kyle-Family Computer\Application Data\Limewire\xml\schemas\application.xsd
H:\Documents and Settings\Kyle-Family Computer\Application Data\Limewire\xml\schemas\audio.xsd
H:\Documents and Settings\Kyle-Family Computer\Application Data\Limewire\xml\schemas\document.xsd
H:\Documents and Settings\Kyle-Family Computer\Application Data\Limewire\xml\schemas\image.xsd
H:\Documents and Settings\Kyle-Family Computer\Application Data\Limewire\xml\schemas\video.xsd
H:\Documents and Settings\Kyle-Family Computer\Application Data\Remote Spam Second
H:\Documents and Settings\Stacy\Application Data\LimeWire
H:\Documents and Settings\Stacy\Application Data\LimeWire\414splashfree.png
H:\Documents and Settings\Stacy\Application Data\LimeWire\createtimes.cache
H:\Documents and Settings\Stacy\Application Data\LimeWire\data.ser
H:\Documents and Settings\Stacy\Application Data\LimeWire\fileurns.bak
H:\Documents and Settings\Stacy\Application Data\LimeWire\fileurns.cache
H:\Documents and Settings\Stacy\Application Data\LimeWire\filters.props
H:\Documents and Settings\Stacy\Application Data\LimeWire\gnutella.net
H:\Documents and Settings\Stacy\Application Data\LimeWire\installation.props
H:\Documents and Settings\Stacy\Application Data\LimeWire\library.dat
H:\Documents and Settings\Stacy\Application Data\LimeWire\limewire.props
H:\Documents and Settings\Stacy\Application Data\LimeWire\mojito.props
H:\Documents and Settings\Stacy\Application Data\LimeWire\pub1.key
H:\Documents and Settings\Stacy\Application Data\LimeWire\public.key
H:\Documents and Settings\Stacy\Application Data\LimeWire\questions.props
H:\Documents and Settings\Stacy\Application Data\LimeWire\responses.cache
H:\Documents and Settings\Stacy\Application Data\LimeWire\secureMessage.key
H:\Documents and Settings\Stacy\Application Data\LimeWire\simpp.xml
H:\Documents and Settings\Stacy\Application Data\LimeWire\spam.dat
H:\Documents and Settings\Stacy\Application Data\LimeWire\tables.props
H:\Documents and Settings\Stacy\Application Data\LimeWire\themes\black_theme.lwtp
H:\Documents and Settings\Stacy\Application Data\LimeWire\themes\black_theme\01_star.gif
H:\Documents and Settings\Stacy\Application Data\LimeWire\themes\black_theme\02_star.gif
H:\Documents and Settings\Stacy\Application Data\LimeWire\themes\black_theme\03_star.gif
H:\Documents and Settings\Stacy\Application Data\LimeWire\themes\black_theme\04_star.gif
H:\Documents and Settings\Stacy\Application Data\LimeWire\themes\black_theme\05_star.gif
H:\Documents and Settings\Stacy\Application Data\LimeWire\themes\black_theme\chat.gif
H:\Documents and Settings\Stacy\Application Data\LimeWire\themes\black_theme\dir_closed.gif
H:\Documents and Settings\Stacy\Application Data\LimeWire\themes\black_theme\dir_open.gif
H:\Documents and Settings\Stacy\Application Data\LimeWire\themes\black_theme\forward_dn.gif
H:\Documents and Settings\Stacy\Application Data\LimeWire\themes\black_theme\forward_up.gif
H:\Documents and Settings\Stacy\Application Data\LimeWire\themes\black_theme\kill.gif
H:\Documents and Settings\Stacy\Application Data\LimeWire\themes\black_theme\kill_on.gif
H:\Documents and Settings\Stacy\Application Data\LimeWire\themes\black_theme\lime.gif
H:\Documents and Settings\Stacy\Application Data\LimeWire\themes\black_theme\logo.gif
H:\Documents and Settings\Stacy\Application Data\LimeWire\themes\black_theme\notsearching.gif
H:\Documents and Settings\Stacy\Application Data\LimeWire\themes\black_theme\pause_dn.gif
H:\Documents and Settings\Stacy\Application Data\LimeWire\themes\black_theme\pause_up.gif
H:\Documents and Settings\Stacy\Application Data\LimeWire\themes\black_theme\play_dn.gif
H:\Documents and Settings\Stacy\Application Data\LimeWire\themes\black_theme\play_up.gif
H:\Documents and Settings\Stacy\Application Data\LimeWire\themes\black_theme\question.gif
H:\Documents and Settings\Stacy\Application Data\LimeWire\themes\black_theme\rewind_dn.gif
H:\Documents and Settings\Stacy\Application Data\LimeWire\themes\black_theme\rewind_up.gif
H:\Documents and Settings\Stacy\Application Data\LimeWire\themes\black_theme\searching.gif
H:\Documents and Settings\Stacy\Application Data\LimeWire\themes\black_theme\splash.png
H:\Documents and Settings\Stacy\Application Data\LimeWire\themes\black_theme\splashpro.png
H:\Documents and Settings\Stacy\Application Data\LimeWire\themes\black_theme\stop_dn.gif
H:\Documents and Settings\Stacy\Application Data\LimeWire\themes\black_theme\stop_up.gif
H:\Documents and Settings\Stacy\Application Data\LimeWire\themes\black_theme\theme.txt
H:\Documents and Settings\Stacy\Application Data\LimeWire\themes\black_theme\warning.gif
H:\Documents and Settings\Stacy\Application Data\LimeWire\themes\classic_theme.lwtp
H:\Documents and Settings\Stacy\Application Data\LimeWire\themes\classic_theme\01_star.gif
H:\Documents and Settings\Stacy\Application Data\LimeWire\themes\classic_theme\02_star.gif
H:\Documents and Settings\Stacy\Application Data\LimeWire\themes\classic_theme\03_star.gif
H:\Documents and Settings\Stacy\Application Data\LimeWire\themes\classic_theme\04_star.gif
H:\Documents and Settings\Stacy\Application Data\LimeWire\themes\classic_theme\05_star.gif
H:\Documents and Settings\Stacy\Application Data\LimeWire\themes\classic_theme\chat.gif
H:\Documents and Settings\Stacy\Application Data\LimeWire\themes\classic_theme\dir_closed.gif
H:\Documents and Settings\Stacy\Application Data\LimeWire\themes\classic_theme\dir_open.gif
H:\Documents and Settings\Stacy\Application Data\LimeWire\themes\classic_theme\forward_dn.gif
H:\Documents and Settings\Stacy\Application Data\LimeWire\themes\classic_theme\forward_up.gif
H:\Documents and Settings\Stacy\Application Data\LimeWire\themes\classic_theme\kill.gif
H:\Documents and Settings\Stacy\Application Data\LimeWire\themes\classic_theme\logo.gif
H:\Documents and Settings\Stacy\Application Data\LimeWire\themes\classic_theme\notsearching.gif
H:\Documents and Settings\Stacy\Application Data\LimeWire\themes\classic_theme\pause_dn.gif
H:\Documents and Settings\Stacy\Application Data\LimeWire\themes\classic_theme\pause_up.gif
H:\Documents and Settings\Stacy\Application Data\LimeWire\themes\classic_theme\play_dn.gif
H:\Documents and Settings\Stacy\Application Data\LimeWire\themes\classic_theme\play_up.gif
H:\Documents and Settings\Stacy\Application Data\LimeWire\themes\classic_theme\question.gif
H:\Documents and Settings\Stacy\Application Data\LimeWire\themes\classic_theme\rewind_dn.gif
H:\Documents and Settings\Stacy\Application Data\LimeWire\themes\classic_theme\rewind_up.gif
H:\Documents and Settings\Stacy\Application Data\LimeWire\themes\classic_theme\search.gif
H:\Documents and Settings\Stacy\Application Data\LimeWire\themes\classic_theme\searching.gif
H:\Documents and Settings\Stacy\Application Data\LimeWire\themes\classic_theme\splash.png
H:\Documents and Settings\Stacy\Application Data\LimeWire\themes\classic_theme\splashpro.png
H:\Documents and Settings\Stacy\Application Data\LimeWire\themes\classic_theme\stop_dn.gif
H:\Documents and Settings\Stacy\Application Data\LimeWire\themes\classic_theme\stop_up.gif
H:\Documents and Settings\Stacy\Application Data\LimeWire\themes\classic_theme\theme.txt
H:\Documents and Settings\Stacy\Application Data\LimeWire\themes\classic_theme\warning.gif
H:\Documents and Settings\Stacy\Application Data\LimeWire\themes\limewire_theme.lwtp
H:\Documents and Settings\Stacy\Application Data\LimeWire\themes\limewire_theme\01_star.gif
H:\Documents and Settings\Stacy\Application Data\LimeWire\themes\limewire_theme\02_star.gif
H:\Documents and Settings\Stacy\Application Data\LimeWire\themes\limewire_theme\03_star.gif
H:\Documents and Settings\Stacy\Application Data\LimeWire\themes\limewire_theme\04_star.gif
H:\Documents and Settings\Stacy\Application Data\LimeWire\themes\limewire_theme\05_star.gif
H:\Documents and Settings\Stacy\Application Data\LimeWire\themes\limewire_theme\chat.gif
H:\Documents and Settings\Stacy\Application Data\LimeWire\themes\limewire_theme\dir_closed.gif
H:\Documents and Settings\Stacy\Application Data\LimeWire\themes\limewire_theme\dir_open.gif
H:\Documents and Settings\Stacy\Application Data\LimeWire\themes\limewire_theme\forward_dn.gif
H:\Documents and Settings\Stacy\Application Data\LimeWire\themes\limewire_theme\forward_up.gif
H:\Documents and Settings\Stacy\Application Data\LimeWire\themes\limewire_theme\kill.gif
H:\Documents and Settings\Stacy\Application Data\LimeWire\themes\limewire_theme\kill_on.gif
H:\Documents and Settings\Stacy\Application Data\LimeWire\themes\limewire_theme\lime.gif
H:\Documents and Settings\Stacy\Application Data\LimeWire\themes\limewire_theme\logo.gif
H:\Documents and Settings\Stacy\Application Data\LimeWire\themes\limewire_theme\notsearching.gif
H:\Documents and Settings\Stacy\Application Data\LimeWire\themes\limewire_theme\pause_dn.gif
H:\Documents and Settings\Stacy\Application Data\LimeWire\themes\limewire_theme\pause_up.gif
H:\Documents and Settings\Stacy\Application Data\LimeWire\themes\limewire_theme\play_dn.gif
H:\Documents and Settings\Stacy\Application Data\LimeWire\themes\limewire_theme\play_up.gif
H:\Documents and Settings\Stacy\Application Data\LimeWire\themes\limewire_theme\question.gif
H:\Documents and Settings\Stacy\Application Data\LimeWire\themes\limewire_theme\rewind_dn.gif
H:\Documents and Settings\Stacy\Application Data\LimeWire\themes\limewire_theme\rewind_up.gif
H:\Documents and Settings\Stacy\Application Data\LimeWire\themes\limewire_theme\searching.gif
H:\Documents and Settings\Stacy\Application Data\LimeWire\themes\limewire_theme\splash.png
H:\Documents and Settings\Stacy\Application Data\LimeWire\themes\limewire_theme\splashpro.png
H:\Documents and Settings\Stacy\Application Data\LimeWire\themes\limewire_theme\stop_dn.gif
H:\Documents and Settings\Stacy\Application Data\LimeWire\themes\limewire_theme\stop_up.gif
H:\Documents and Settings\Stacy\Application Data\LimeWire\themes\limewire_theme\theme.txt
H:\Documents and Settings\Stacy\Application Data\LimeWire\themes\limewire_theme\warning.gif
H:\Documents and Settings\Stacy\Application Data\LimeWire\themes\other_theme.lwtp
H:\Documents and Settings\Stacy\Application Data\LimeWire\themes\other_theme\01_star.gif
H:\Documents and Settings\Stacy\Application Data\LimeWire\themes\other_theme\02_star.gif
H:\Documents and Settings\Stacy\Application Data\LimeWire\themes\other_theme\03_star.gif
H:\Documents and Settings\Stacy\Application Data\LimeWire\themes\other_theme\04_star.gif
H:\Documents and Settings\Stacy\Application Data\LimeWire\themes\other_theme\05_star.gif
H:\Documents and Settings\Stacy\Application Data\LimeWire\themes\other_theme\chat.gif
H:\Documents and Settings\Stacy\Application Data\LimeWire\themes\other_theme\forward_dn.gif
H:\Documents and Settings\Stacy\Application Data\LimeWire\themes\other_theme\forward_up.gif
H:\Documents and Settings\Stacy\Application Data\LimeWire\themes\other_theme\kill.gif
H:\Documents and Settings\Stacy\Application Data\LimeWire\themes\other_theme\kill_on.gif
H:\Documents and Settings\Stacy\Application Data\LimeWire\themes\other_theme\logo.png
H:\Documents and Settings\Stacy\Application Data\LimeWire\themes\other_theme\notsearching.png
H:\Documents and Settings\Stacy\Application Data\LimeWire\themes\other_theme\pause_dn.gif
H:\Documents and Settings\Stacy\Application Data\LimeWire\themes\other_theme\pause_up.gif
H:\Documents and Settings\Stacy\Application Data\LimeWire\themes\other_theme\play_dn.gif
H:\Documents and Settings\Stacy\Application Data\LimeWire\themes\other_theme\play_up.gif
H:\Documents and Settings\Stacy\Application Data\LimeWire\themes\other_theme\question.gif
H:\Documents and Settings\Stacy\Application Data\LimeWire\themes\other_theme\rewind_dn.gif
H:\Documents and Settings\Stacy\Application Data\LimeWire\themes\other_theme\rewind_up.gif
H:\Documents and Settings\Stacy\Application Data\LimeWire\themes\other_theme\searching.gif
H:\Documents and Settings\Stacy\Application Data\LimeWire\themes\other_theme\splash.png
H:\Documents and Settings\Stacy\Application Data\LimeWire\themes\other_theme\splashpro.png
H:\Documents and Settings\Stacy\Application Data\LimeWire\themes\other_theme\stop_dn.gif
H:\Documents and Settings\Stacy\Application Data\LimeWire\themes\other_theme\stop_up.gif
H:\Documents and Settings\Stacy\Application Data\LimeWire\themes\other_theme\theme.txt
H:\Documents and Settings\Stacy\Application Data\LimeWire\themes\other_theme\warning.gif
H:\Documents and Settings\Stacy\Application Data\LimeWire\themes\windows_theme.lwtp
H:\Documents and Settings\Stacy\Application Data\LimeWire\themes\windows_theme\01_star.gif
H:\Documents and Settings\Stacy\Application Data\LimeWire\themes\windows_theme\02_star.gif
H:\Documents and Settings\Stacy\Application Data\LimeWire\themes\windows_theme\03_star.gif
H:\Documents and Settings\Stacy\Application Data\LimeWire\themes\windows_theme\04_star.gif
H:\Documents and Settings\Stacy\Application Data\LimeWire\themes\windows_theme\05_star.gif
H:\Documents and Settings\Stacy\Application Data\LimeWire\themes\windows_theme\chat.gif
H:\Documents and Settings\Stacy\Application Data\LimeWire\themes\windows_theme\forward_dn.gif
H:\Documents and Settings\Stacy\Application Data\LimeWire\themes\windows_theme\forward_up.gif
H:\Documents and Settings\Stacy\Application Data\LimeWire\themes\windows_theme\kill.gif
H:\Documents and Settings\Stacy\Application Data\LimeWire\themes\windows_theme\kill_on.gif
H:\Documents and Settings\Stacy\Application Data\LimeWire\themes\windows_theme\logo.png
H:\Documents and Settings\Stacy\Application Data\LimeWire\themes\windows_theme\notsearching.png
H:\Documents and Settings\Stacy\Application Data\LimeWire\themes\windows_theme\pause_dn.gif
H:\Documents and Settings\Stacy\Application Data\LimeWire\themes\windows_theme\pause_up.gif
H:\Documents and Settings\Stacy\Application Data\LimeWire\themes\windows_theme\play_dn.gif
H:\Documents and Settings\Stacy\Application Data\LimeWire\themes\windows_theme\play_up.gif
H:\Documents and Settings\Stacy\Application Data\LimeWire\themes\windows_theme\question.gif
H:\Documents and Settings\Stacy\Application Data\LimeWire\themes\windows_theme\rewind_dn.gif
H:\Documents and Settings\Stacy\Application Data\LimeWire\themes\windows_theme\rewind_up.gif
H:\Documents and Settings\Stacy\Application Data\LimeWire\themes\windows_theme\searching.gif
H:\Documents and Settings\Stacy\Application Data\LimeWire\themes\windows_theme\splash.png
H:\Documents and Settings\Stacy\Application Data\LimeWire\themes\windows_theme\splashpro.png
H:\Documents and Settings\Stacy\Application Data\LimeWire\themes\windows_theme\stop_dn.gif
H:\Documents and Settings\Stacy\Application Data\LimeWire\themes\windows_theme\stop_up.gif
H:\Documents and Settings\Stacy\Application Data\LimeWire\themes\windows_theme\theme.txt
H:\Documents and Settings\Stacy\Application Data\LimeWire\themes\windows_theme\version.txt
H:\Documents and Settings\Stacy\Application Data\LimeWire\themes\windows_theme\warning.gif
H:\Documents and Settings\Stacy\Application Data\LimeWire\update.xml
H:\Documents and Settings\Stacy\Application Data\LimeWire\version.key
H:\Documents and Settings\Stacy\Application Data\LimeWire\version.xml
H:\Documents and Settings\Stacy\Application Data\LimeWire\xml\data\delete_me
H:\Documents and Settings\Stacy\Application Data\LimeWire\xml\misc\application.gif
H:\Documents and Settings\Stacy\Application Data\LimeWire\xml\misc\audio.gif
H:\Documents and Settings\Stacy\Application Data\LimeWire\xml\misc\document.gif
H:\Documents and Settings\Stacy\Application Data\LimeWire\xml\misc\image.gif
H:\Documents and Settings\Stacy\Application Data\LimeWire\xml\misc\video.gif
H:\Documents and Settings\Stacy\Application Data\LimeWire\xml\schemas\application.xsd
H:\Documents and Settings\Stacy\Application Data\LimeWire\xml\schemas\audio.xsd
H:\Documents and Settings\Stacy\Application Data\LimeWire\xml\schemas\document.xsd
H:\Documents and Settings\Stacy\Application Data\LimeWire\xml\schemas\image.xsd
H:\Documents and Settings\Stacy\Application Data\LimeWire\xml\schemas\video.xsd
H:\Documents and Settings\Stacy\Application Data\Ping 01 Settings
H:\Documents and Settings\Stacy\Application Data\Ping 01 Settings\39F188C4
H:\Documents and Settings\Stacy\Application Data\Remote Spam Second
H:\Documents and Settings\Tiara and Kody\Application Data\LimeWire
H:\Documents and Settings\Tiara and Kody\Application Data\LimeWire\414splashfree.png
H:\Documents and Settings\Tiara and Kody\Application Data\LimeWire\active.mojito
H:\Documents and Settings\Tiara and Kody\Application Data\LimeWire\createtimes.cache
H:\Documents and Settings\Tiara and Kody\Application Data\LimeWire\fileurns.bak
H:\Documents and Settings\Tiara and Kody\Application Data\LimeWire\fileurns.cache
H:\Documents and Settings\Tiara and Kody\Application Data\LimeWire\filters.props
H:\Documents and Settings\Tiara and Kody\Application Data\LimeWire\gnutella.net
H:\Documents and Settings\Tiara and Kody\Application Data\LimeWire\installation.props
H:\Documents and Settings\Tiara and Kody\Application Data\LimeWire\library.dat
H:\Documents and Settings\Tiara and Kody\Application Data\LimeWire\limewire.props
H:\Documents and Settings\Tiara and Kody\Application Data\LimeWire\mojito.props
H:\Documents and Settings\Tiara and Kody\Application Data\LimeWire\questions.props
H:\Documents and Settings\Tiara and Kody\Application Data\LimeWire\responses.cache
H:\Documents and Settings\Tiara and Kody\Application Data\LimeWire\simpp.xml
H:\Documents and Settings\Tiara and Kody\Application Data\LimeWire\spam.dat
H:\Documents and Settings\Tiara and Kody\Application Data\LimeWire\tables.props
H:\Documents and Settings\Tiara and Kody\Application Data\LimeWire\themes\windows_theme.lwtp
H:\Documents and Settings\Tiara and Kody\Application Data\LimeWire\themes\windows_theme\01_star.gif
H:\Documents and Settings\Tiara and Kody\Application Data\LimeWire\themes\windows_theme\02_star.gif
H:\Documents and Settings\Tiara and Kody\Application Data\LimeWire\themes\windows_theme\03_star.gif
H:\Documents and Settings\Tiara and Kody\Application Data\LimeWire\themes\windows_theme\04_star.gif
H:\Documents and Settings\Tiara and Kody\Application Data\LimeWire\themes\windows_theme\05_star.gif
H:\Documents and Settings\Tiara and Kody\Application Data\LimeWire\themes\windows_theme\chat.gif
H:\Documents and Settings\Tiara and Kody\Application Data\LimeWire\themes\windows_theme\forward_dn.gif
H:\Documents and Settings\Tiara and Kody\Application Data\LimeWire\themes\windows_theme\forward_up.gif
H:\Documents and Settings\Tiara and Kody\Application Data\LimeWire\themes\windows_theme\kill.gif
H:\Documents and Settings\Tiara and Kody\Application Data\LimeWire\themes\windows_theme\kill_on.gif
H:\Documents and Settings\Tiara and Kody\Application Data\LimeWire\themes\windows_theme\logo.png
H:\Documents and Settings\Tiara and Kody\Application Data\LimeWire\themes\windows_theme\notsearching.png
H:\Documents and Settings\Tiara and Kody\Application Data\LimeWire\themes\windows_theme\pause_dn.gif
H:\Documents and Settings\Tiara and Kody\Application Data\LimeWire\themes\windows_theme\pause_up.gif
H:\Documents and Settings\Tiara and Kody\Application Data\LimeWire\themes\windows_theme\play_dn.gif
H:\Documents and Settings\Tiara and Kody\Application Data\LimeWire\themes\windows_theme\play_up.gif
H:\Documents and Settings\Tiara and Kody\Application Data\LimeWire\themes\windows_theme\question.gif
H:\Documents and Settings\Tiara and Kody\Application Data\LimeWire\themes\windows_theme\rewind_dn.gif
H:\Documents and Settings\Tiara and Kody\Application Data\LimeWire\themes\windows_theme\rewind_up.gif
H:\Documents and Settings\Tiara and Kody\Application Data\LimeWire\themes\windows_theme\searching.gif
H:\Documents and Settings\Tiara and Kody\Application Data\LimeWire\themes\windows_theme\splash.png
H:\Documents and Settings\Tiara and Kody\Application Data\LimeWire\themes\windows_theme\splashpro.png
H:\Documents and Settings\Tiara and Kody\Application Data\LimeWire\themes\windows_theme\stop_dn.gif
H:\Documents and Settings\Tiara and Kody\Application Data\LimeWire\themes\windows_theme\stop_up.gif
H:\Documents and Settings\Tiara and Kody\Application Data\LimeWire\themes\windows_theme\theme.txt
H:\Documents and Settings\Tiara and Kody\Application Data\LimeWire\themes\windows_theme\version.txt
H:\Documents and Settings\Tiara and Kody\Application Data\LimeWire\themes\windows_theme\warning.gif
H:\Documents and Settings\Tiara and Kody\Application Data\LimeWire\ttree.cache
H:\Documents and Settings\Tiara and Kody\Application Data\LimeWire\version.xml
H:\Documents and Settings\Tiara and Kody\Application Data\LimeWire\xml\data\delete_me
H:\Documents and Settings\Tiara and Kody\Application Data\LimeWire\xml\misc\application.gif
H:\Documents and Settings\Tiara and Kody\Application Data\LimeWire\xml\misc\audio.gif
H:\Documents and Settings\Tiara and Kody\Application Data\LimeWire\xml\misc\document.gif
H:\Documents and Settings\Tiara and Kody\Application Data\LimeWire\xml\misc\image.gif
H:\Documents and Settings\Tiara and Kody\Application Data\LimeWire\xml\misc\video.gif
H:\Documents and Settings\Tiara and Kody\Application Data\LimeWire\xml\schemas\application.xsd
H:\Documents and Settings\Tiara and Kody\Application Data\LimeWire\xml\schemas\audio.xsd
H:\Documents and Settings\Tiara and Kody\Application Data\LimeWire\xml\schemas\document.xsd
H:\Documents and Settings\Tiara and Kody\Application Data\LimeWire\xml\schemas\image.xsd
H:\Documents and Settings\Tiara and Kody\Application Data\LimeWire\xml\schemas\video.xsd

.
((((((((((((((((((((((((( Files Created from 2008-06-10 to 2008-07-10 )))))))))))))))))))))))))))))))
.

2008-07-07 12:07 . 2008-07-07 12:08 <DIR> d-------- H:\Documents and Settings\Kody.KYLE.001\.frugoo_file_store_32
2008-07-02 11:07 . 2008-06-13 09:10 272,128 --------- H:\WINDOWS\system32\drivers\bthport.sys
2008-07-02 11:07 . 2008-06-13 09:10 272,128 -----c--- H:\WINDOWS\system32\dllcache\bthport.sys
2008-07-01 16:41 . 2008-07-07 12:04 23 --a------ H:\Documents and Settings\Kody.KYLE.001\jagex_runescape_preferences.dat
2008-06-24 21:55 . 2008-06-24 21:55 <DIR> d-------- H:\Deckard
2008-06-19 09:20 . 2008-06-19 09:20 <DIR> d-------- H:\Documents and Settings\Tiara\Application Data\Talkback
2008-06-19 09:11 . 2008-06-19 09:11 <DIR> d-------- H:\Documents and Settings\Tiara\Application Data\Nero
2008-06-19 09:10 . 2008-06-19 09:35 <DIR> d-------- H:\Documents and Settings\Tiara
2008-06-18 07:21 . 2008-06-18 07:21 <DIR> d-------- H:\Documents and Settings\Kody.KYLE.001\Application Data\Talkback
2008-06-16 20:21 . 2008-06-16 21:26 <DIR> d-------- H:\Documents and Settings\Kody.KYLE.001\Contacts
2008-06-16 19:53 . 2008-06-16 19:53 <DIR> d-------- H:\Documents and Settings\Kody.KYLE.001\Application Data\Nero
2008-06-16 19:52 . 2008-07-09 16:01 <DIR> d-------- H:\Documents and Settings\Kody.KYLE.001
2008-06-16 19:26 . 2008-06-16 19:26 <DIR> d-------- H:\Documents and Settings\Stacy\Application Data\Nero
2008-06-16 19:13 . 2008-06-16 19:17 <DIR> d-------- H:\Program Files\Common Files\Nero
2008-06-14 21:54 . 2008-06-14 21:54 <DIR> d-------- H:\Program Files\Trend Micro
2008-06-13 21:12 . 2008-06-19 08:39 1,300 --a------ H:\WINDOWS\mozver.dat
2008-06-13 12:36 . 2008-06-13 12:36 <DIR> d-------- H:\Documents and Settings\Stacy\Application Data\Talkback
2008-06-13 05:07 . 2008-07-02 11:18 1,355 --a------ H:\WINDOWS\imsins.BAK
2008-06-10 15:50 . 2008-06-10 16:11 96,966 --a------ H:\WINDOWS\system32\drivers\klin.dat
2008-06-10 15:50 . 2008-06-10 16:11 88,774 --a------ H:\WINDOWS\system32\drivers\klick.dat
2008-06-10 15:48 . 2008-06-10 15:48 <DIR> d-------- H:\Program Files\Kaspersky Lab
2008-06-10 15:48 . 2008-07-10 07:15 <DIR> d-------- H:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-06-10 15:47 . 2008-07-10 08:03 5,571,360 --ahs---- H:\WINDOWS\system32\drivers\fidbox.dat
2008-06-10 15:47 . 2008-07-10 08:01 183,072 --ahs---- H:\WINDOWS\system32\drivers\fidbox2.dat
2008-06-10 15:47 . 2008-07-10 07:24 75,572 --ahs---- H:\WINDOWS\system32\drivers\fidbox.idx
2008-06-10 15:47 . 2008-07-10 07:24 18,140 --ahs---- H:\WINDOWS\system32\drivers\fidbox2.idx

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-23 21:48 --------- d-----w H:\Program Files\Windows Live
2008-06-20 10:45 360,320 ----a-w H:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:44 138,368 ----a-w H:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:52 225,920 ----a-w H:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-16 23:13 --------- d-----w H:\Program Files\Nero
2008-06-16 23:13 --------- d-----w H:\Documents and Settings\All Users\Application Data\Nero
2008-06-15 02:02 7,885 ----a-w H:\Program Files\hijackthis.log
2008-06-13 09:04 --------- d-----w H:\Documents and Settings\All Users\Application Data\SiteAdvisor
2008-06-10 21:48 --------- d-----w H:\Program Files\Common Files\Wise Installation Wizard
2008-06-10 21:39 --------- d-----w H:\Program Files\Common Files\Symantec Shared
2008-06-10 20:59 --------- d-----w H:\Program Files\Norton 360
2008-06-10 20:14 112,144 ----a-w H:\WINDOWS\system32\drivers\kl1.sys
2008-06-09 21:31 --------- d-----w H:\Program Files\Panda Security
2008-06-09 01:32 --------- d-----w H:\Documents and Settings\Kodygh\Application Data\Symantec
2008-05-21 19:03 --------- d-----w H:\Program Files\Rogers
2008-05-18 19:27 --------- d-----w H:\Documents and Settings\All Users\Application Data\WLInstaller
2007-10-21 20:32 27,520 ----a-w H:\Documents and Settings\Kody.KYLE\Application Data\GDIPFONTCACHEV1.DAT
2007-06-21 00:24 24,928 ----a-w H:\Documents and Settings\Kyle-Family Computer\Application Data\GDIPFONTCACHEV1.DAT
2007-04-25 11:33 59,648 ----a-w H:\Documents and Settings\Kody\Application Data\GDIPFONTCACHEV1.DAT
2006-09-28 17:32 6,232 ----a-w H:\Documents and Settings\All Users\Application Data\ypinfo.bin
2005-10-29 20:59 0 ----a-w H:\Documents and Settings\Stacy\Application Data\wklnhst.dat
.

((((((((((((((((((((((((((((( snapshot_2008-07-02_19.55.08.21 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-07-02 21:38:28 2,048 --s-a-w H:\WINDOWS\bootstat.dat
+ 2008-07-10 11:25:37 2,048 --s-a-w H:\WINDOWS\bootstat.dat
- 2008-07-02 13:41:24 16,384 ----a-w H:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2008-07-07 12:15:38 16,384 ----a-w H:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2008-07-02 13:41:24 32,768 ----a-w H:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-07-07 12:15:38 32,768 ----a-w H:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-07-07 12:15:38 32,768 --sha-w H:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2004-08-04 12:00:00 138,496 -c--a-w H:\WINDOWS\system32\dllcache\afd.sys
+ 2008-06-20 10:44:38 138,368 -c--a-w H:\WINDOWS\system32\dllcache\afd.sys
- 2008-02-20 05:32:43 148,992 -c--a-w H:\WINDOWS\system32\dllcache\dnsapi.dll
+ 2008-06-20 17:41:10 148,992 -c--a-w H:\WINDOWS\system32\dllcache\dnsapi.dll
- 2004-08-04 12:00:00 245,248 -c--a-w H:\WINDOWS\system32\dllcache\mswsock.dll
+ 2008-06-20 17:41:10 245,248 -c--a-w H:\WINDOWS\system32\dllcache\mswsock.dll
- 2007-10-30 17:20:55 360,064 -c--a-w H:\WINDOWS\system32\dllcache\tcpip.sys
+ 2008-06-20 10:45:13 360,320 -c--a-w H:\WINDOWS\system32\dllcache\tcpip.sys
- 2006-08-16 09:37:30 225,664 -c--a-w H:\WINDOWS\system32\dllcache\tcpip6.sys
+ 2008-06-20 09:52:06 225,920 -c--a-w H:\WINDOWS\system32\dllcache\tcpip6.sys
- 2008-02-20 05:32:43 148,992 ----a-w H:\WINDOWS\system32\dnsapi.dll
+ 2008-06-20 17:41:10 148,992 ----a-w H:\WINDOWS\system32\dnsapi.dll
- 2008-05-29 23:35:11 17,486,968 ----a-w H:\WINDOWS\system32\MRT.exe
+ 2008-06-25 16:15:46 17,972,344 ----a-w H:\WINDOWS\system32\MRT.exe
- 2004-08-04 12:00:00 245,248 ----a-w H:\WINDOWS\system32\mswsock.dll
+ 2008-06-20 17:41:10 245,248 ----a-w H:\WINDOWS\system32\mswsock.dll
- 2007-11-30 11:18:51 17,272 ------w H:\WINDOWS\system32\spmsg.dll
+ 2007-11-30 12:39:22 17,272 ------w H:\WINDOWS\system32\spmsg.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="H:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-18 03:54 68856]
"ctfmon.exe"="H:\WINDOWS\system32\ctfmon.exe" [2004-08-04 08:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RemoteControl"="H:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 20:24 32768]
"EPSON Stylus CX4200 Series"="H:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEA.EXE" [2005-03-08 04:00 98304]
"HP Software Update"="H:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-03-29 23:16 49152]
"QuickTime Task"="H:\Program Files\QuickTime\qttask.exe" [2007-06-08 20:24 282624]
"Adobe Reader Speed Launcher"="H:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"SunJavaUpdateSched"="H:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"NeroFilterCheck"="H:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 14:57 153136]
"NBKeyScan"="H:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-12-03 14:21 2213160]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"H:\\Program Files\\Messenger\\msmsgs.exe"=

R3 klim5;Kaspersky Anti-Virus NDIS Filter;H:\WINDOWS\system32\DRIVERS\klim5.sys [2007-04-04 14:58]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{348ba13a-f76c-11db-918e-0013d3529847}]
\Shell\AutoRun\command - J:\.\Start.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{70ce5195-086f-11da-a586-806d6172696f}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480

.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-10 08:01:58
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
H:\WINDOWS\system32\ati2evxx.exe
H:\WINDOWS\system32\ati2evxx.exe
H:\WINDOWS\system32\netdde.exe
H:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
H:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
H:\WINDOWS\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2008-07-10 8:08:17 - machine was rebooted
ComboFix-quarantined-files.txt 2008-07-10 12:07:55
ComboFix2.txt 2008-07-07 15:24:10
ComboFix3.txt 2008-07-08 23:31:10
ComboFix4.txt 2008-07-02 14:51:14

Pre-Run: 179,726,364,672 bytes free
Post-Run: 179,766,419,456 bytes free

670 --- E O F --- 2008-07-08 23:01:20

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:09:33 AM, on 7/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
H:\WINDOWS\System32\smss.exe
H:\WINDOWS\system32\winlogon.exe
H:\WINDOWS\system32\services.exe
H:\WINDOWS\system32\lsass.exe
H:\WINDOWS\system32\Ati2evxx.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\System32\svchost.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\system32\Ati2evxx.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\system32\spoolsv.exe
H:\WINDOWS\system32\netdde.exe
H:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
H:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\system32\wscntfy.exe
H:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
H:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEA.EXE
H:\Program Files\HP\HP Software Update\HPWuSchd2.exe
H:\Program Files\QuickTime\qttask.exe
H:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
H:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
H:\WINDOWS\system32\ctfmon.exe
H:\WINDOWS\explorer.exe
H:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - H:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - H:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - H:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O4 - HKLM\..\Run: [RemoteControl] "H:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [EPSON Stylus CX4200 Series] H:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEA.EXE /P26 "EPSON Stylus CX4200 Series" /O6 "USB001" /M "Stylus CX4200"
O4 - HKLM\..\Run: [HP Software Update] H:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "H:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "H:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "H:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] H:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "H:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKCU\..\Run: [swg] H:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] H:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://H:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - H:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - H:\Documents and Settings\Kody.KYLE\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/...x/qtplugin.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/...oUploader5.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmart.com/WalmartActivia.cab
O16 - DPF: {4A116A80-85B6-4299-A018-A717FD7AC66A} (AXIDMDCP Class) - http://m1.cdn.gaiaonline.com/plugins/IDMFlash.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/pr02...s/MSNPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-CA/.../GAME_UNO1.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/...toUploader.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.easypix.ca/en/ImageUploader4.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary...o.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - http://upload.facebook.com/controls/...ploader4_5.cab
O16 - DPF: {F137B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin Class) - http://walmart.pnimedia.com/upload/a...v2.0.0.10.cab?
O18 - Protocol: intu-qt2007 - {026BF40D-BA05-467B-9F1F-AD0D7A3F5F11} - H:\Program Files\QuickTax 2007\ic2007pp.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - H:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - H:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - H:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: Google Updater Service (gusvc) - Google - H:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - H:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - H:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Symantec Core LC - Unknown owner - H:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 7405 bytes
jimmydime is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 07-10-2008, 07:31 AM   #26 (permalink)
Manager, Security Center, TSF Academy; Analyst, Security Team
 
tetonbob's Avatar
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 25,547
OS: 2000 Pro; XP Pro; XP Home


Re: Help with constant pop ups
Looks better. How's the machine behaving? A couple more tasks to perform....

There are remnants of a previous install of Norton AntiVirus present still.

Please use the instructions on this page to completely uninstall your Norton Products.

---------------------------------------------------------------------------------------------

Open HijackThis and click on 'Do a System Scan Only'. Place a check next to the following entries if they exist (make sure you do not miss any) and click Fix Checked

O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)

Close HijackThis now.

---------------------------------------------------------------------------------------------

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.
  • Download the latest version of Java Runtime Environment (JRE) 6 Update 7 and save it to your desktop.
  • Scroll down to where it says "Java Runtime Environment (JRE) 6 Update 7. The Java SE Runtime Environment (JRE) allows end-users to run Java applications."
  • Click the "Download" button to the right.
  • Select the Windows platform from the dropdown menu.
  • Read the License Agreement and then check the box that says: "Accept License Agreement". Click on Continue.The page will refresh.
  • Click on the link to download Windows Offline Installation and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u7-windows-i586-p.exe to install the newest version.
  • After the install is complete, go into the Control Panel (using Classic View) and double-click the Java Icon. (l