Free Malware Removal Forum

by **Jennanicole** » May 21st, 2009, 1:44 am

Need help with my grandmothers computer...

Hope Im posting in the right area. I apologize if Im not...

Not really sure what you will need to know as I am not very knowledgable in this area...

Any time that you open the IE browser, another IE window opens up to a website " sameshitasiteverwas.com "

She uses Trend Micro, so when this opens up... instead of "this website" opening, it reads that Trend Micro is blocking it.

Since this has started happening... The internet also hangs when you try to go to different websites. However, websites such as Google, MSN, etc.. do come up quickly. I called her service provider (Atlantic Broadband) and they told me that it looked fine and was working properly from what they could see.

I've also ran the Trend Micro "full system scan" and it doesnt register any viruses, spyware, etc.

Also, does anyone know of any issues with the Trend Micro. She gets popup notifications on a regular basis stating that there are problems with the latest Trend Micro Security update? Ive searched online for any information pertaining to this, but have come up empty handed...

I'm at loss at what to do and at a dead end because I have absolutely no idea as to how to fix this. I saw on another closed post, that someone else had a problem with this as well. As I stated earlier, I am a "dummy" when it comes to in depth things such as this.... so any help would be greatly appreciated!

Here is the HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:43:42 PM, on 5/20/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

[b]Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iWin Games\iWinTrusted.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HP\Smart Web Printing\hpswp_clipbook.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: IEHlprObj Class - {8CA5ED52-F3FB-4414-A105-2E3491156990} - C:\Program Files\iWin Games\iWinGamesHookIE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [BlackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe /background
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Paulette\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD5/JSCDL/ ... 586-jc.cab
O20 - AppInit_DLLs: C:\WINDOWS\System32\d3dxof32.dll
O20 - Winlogon Notify: 6cd382dd598 - C:\WINDOWS\System32\d3dxof32.dll
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iWinTrusted - iWin Inc. - C:\Program Files\iWin Games\iWinTrusted.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 6701 bytes[/b]

Thanks,
Jenna

by **MWR 3 day Mod** » May 24th, 2009, 4:42 am

Hi,

We are sorry to see your topic is over three days old and no one has yet been able to respond and offer help.

If you still require assistance, please post a link to your topic in our Waiting for help with malware removal? forum, and our staff will make an effort to assist you as promptly as possible. Only post a LINK to this topic, DO NOT post your DDS log!

Please do not reply to this topic.

If you haven't posted within two days in the "Waiting for help with malware removal?" forum, we will assume you have been able to get assistance in other ways and this topic will be closed.

by **Rodav** » May 26th, 2009, 5:12 pm

Hello!

and welcome to the Malware Removal forums.
I would be glad to take a look at your log and help you with solving any malware problems. HijackThis logs can take a while to research so please be patient while I work on your log and I will post back here with any recommendations.

I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
The fixes are specific to your problem and should only be used for this issue on this machine.
Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
It's often worth reading through these instructions and printing them for ease of reference.
If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
Please reply to this thread. Do not start a new topic.

by **Rodav** » May 26th, 2009, 5:15 pm

Hi Jenna,

Step 1:
We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review along with a new HijackThis log.

by **Jennanicole** » May 26th, 2009, 6:11 pm

Thank you for helping, Rodav!

Just finished the ComboFix, heres the log for that...

ComboFix 09-05-26.02 - Paulette 05/26/2009 17:55.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.894.517 [GMT -4:00]
Running from: c:\documents and settings\Paulette\Desktop\ComboFix.exe
AV: Trend Micro Internet Security *On-access scanning disabled* (Updated) {7D2296BC-32CC-4519-917E-52E652474AF5}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\documents and settings\Paulette\Application Data\.#
c:\documents and settings\Paulette\Application Data\02000000d387b036598C.manifest
c:\documents and settings\Paulette\Application Data\02000000d387b036598O.manifest
c:\documents and settings\Paulette\Application Data\02000000d387b036598P.manifest
c:\documents and settings\Paulette\Application Data\02000000d387b036598S.manifest
c:\windows\system32\78TGA.vbs
c:\windows\system32\AutoRun.inf
c:\windows\system32\d3dxof32.dll
c:\windows\system32\GroupPolicy000.dat
c:\windows\system32\mdm.exe
c:\windows\system32\SystemService32
c:\windows\system32\SystemService32\149.crack.zip
c:\windows\system32\SystemService32\149.crack.zip.kwd
c:\windows\system32\SystemService32\150.keygen.zip
c:\windows\system32\SystemService32\150.keygen.zip.kwd
c:\windows\system32\SystemService32\151.serial.zip
c:\windows\system32\SystemService32\151.serial.zip.kwd
c:\windows\system32\SystemService32\152.setup.zip
c:\windows\system32\SystemService32\152.setup.zip.kwd
c:\windows\system32\SystemService32\153.music.au
c:\windows\system32\SystemService32\153.music.au.kwd
c:\windows\system32\SystemService32\154.music.mp3
c:\windows\system32\SystemService32\154.music.mp3.kwd
c:\windows\system32\SystemService32\155.music.wma
c:\windows\system32\SystemService32\155.music.wma.kwd
c:\windows\system32\SystemService32\156.music.snd
c:\windows\system32\SystemService32\156.music.snd.kwd
c:\windows\system32\SystemService32\2C.tmp

----- BITS: Possible infected sites -----

hxxp://au.download.windowsupdate.comj+|Cv+@J:NGD_DQ{ztHG.XkN&OA@CIT248813-HPU-REDBOX-v4.exe,S-1-5-21-790525478-789336058-725345543-1004XtD$?&v
.
((((((((((((((((((((((((( Files Created from 2009-04-26 to 2009-05-26 )))))))))))))))))))))))))))))))
.

2009-05-26 16:01 . 2009-05-26 16:01 10752 ----a-w c:\windows\DCEBoot.exe
2009-05-26 00:22 . 2009-05-06 18:06 4784464 ----a-w c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{C604865B-4EFE-4997-BB3E-AE6DFEDEFC24}\mpengine.dll
2009-05-23 06:30 . 2009-03-19 20:32 23400 ----a-w c:\windows\system32\drivers\GEARAspiWDM.sys
2009-05-23 06:30 . 2008-04-17 16:12 107368 ----a-w c:\windows\system32\GEARAspi.dll
2009-05-23 06:30 . 2009-05-23 06:30 -------- d-----w c:\program files\iPod
2009-05-23 06:29 . 2009-05-23 06:30 -------- d-----w c:\program files\iTunes
2009-05-23 06:29 . 2009-05-23 06:30 -------- d-----w c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-05-23 06:29 . 2009-05-23 06:29 -------- d-----w c:\program files\Bonjour
2009-05-23 06:27 . 2009-05-23 06:27 -------- d-----w c:\program files\Apple Software Update
2009-05-23 06:26 . 2009-05-23 06:26 -------- d-----w c:\program files\Common Files\Apple
2009-05-23 06:26 . 2009-05-23 06:26 -------- d-----w c:\documents and settings\All Users\Application Data\Apple
2009-05-22 06:00 . 2009-05-22 06:00 -------- d-----w c:\documents and settings\Paulette\Local Settings\Application Data\stellarium
2009-05-19 17:23 . 2009-05-19 17:42 -------- d-----w c:\windows\system32\SystemService32(2)
2009-05-19 15:21 . 2009-05-19 15:21 -------- d-----w c:\documents and settings\Paulette\Application Data\MySpace
2009-05-18 22:01 . 2009-05-18 22:01 -------- d-sh--w C:\found.003
2009-05-15 06:30 . 2009-05-23 06:38 -------- d-----w c:\program files\Common Files\Blizzard Entertainment
2009-05-12 06:06 . 2009-05-22 06:07 -------- d-----w c:\documents and settings\Paulette\Application Data\Stellarium
2009-05-11 18:02 . 2009-05-11 18:02 -------- d-----w c:\documents and settings\Paulette\Application Data\Enchanted Katya
2009-05-11 17:01 . 2009-05-11 17:01 -------- d-----w c:\documents and settings\All Users\Application Data\XLab
2009-05-10 07:23 . 2009-05-10 07:23 -------- d-----w c:\documents and settings\Paulette\Application Data\Namco
2009-05-10 07:23 . 2009-05-10 07:23 -------- d-----w c:\documents and settings\All Users\Application Data\Namco
2009-05-09 00:09 . 2009-05-09 00:09 -------- d-----w c:\documents and settings\All Users\Application Data\Sonic
2009-05-09 00:07 . 2009-05-09 00:07 -------- d-----w c:\program files\Common Files\Sonic Shared
2009-05-09 00:07 . 2009-05-09 00:07 -------- d-----w c:\program files\Roxio
2009-05-09 00:07 . 2009-05-09 00:07 -------- d-----w c:\documents and settings\All Users\Application Data\Roxio
2009-05-09 00:07 . 2009-05-09 00:07 -------- d-----w c:\program files\Common Files\Roxio Shared
2009-05-08 23:59 . 2009-05-08 23:59 -------- d-----w c:\program files\MSXML 6.0
2009-05-08 23:40 . 2009-05-09 00:02 -------- d-----w c:\program files\Research In Motion
2009-05-08 23:40 . 2009-05-08 23:40 -------- d-----w C:\Research In Motion
2009-05-08 23:33 . 2007-01-18 14:24 26496 ----a-r c:\windows\system32\drivers\RimSerial.sys
2009-05-08 23:33 . 2009-05-08 23:33 26694 ----a-r c:\documents and settings\Paulette\Application Data\Microsoft\Installer\{ACB24CAB-6D48-4B65-8CCB-03938F7541AF}\BlackBerry.exe
2009-05-08 23:14 . 2009-05-08 23:14 10134 ----a-r c:\documents and settings\Paulette\Application Data\Microsoft\Installer\{2877881B-0736-42AB-B312-D4457D57E56D}\ARPPRODUCTICON.exe
2009-05-08 23:14 . 2009-05-09 00:03 -------- d-----w c:\program files\Common Files\Research In Motion
2009-05-07 19:34 . 2009-05-07 19:34 -------- d-----w c:\program files\Stellarium
2009-05-01 08:10 . 2009-05-01 08:10 -------- d-----w c:\documents and settings\Paulette\Application Data\funkitron
2009-04-30 21:13 . 2009-04-30 21:13 -------- d-----w c:\windows\Cache
2009-04-30 03:07 . 2009-04-30 03:07 -------- d-----w c:\documents and settings\All Users\Application Data\Trymedia
2009-04-30 02:38 . 2009-05-19 23:04 -------- d-----w c:\documents and settings\All Users\Application Data\GameHouse

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-26 21:44 . 2008-12-27 00:11 -------- d-----w c:\program files\LimeWire
2009-05-23 06:52 . 2008-12-27 00:11 -------- d-----w c:\documents and settings\Paulette\Application Data\LimeWire
2009-05-23 06:35 . 2008-12-25 02:28 -------- d-----w c:\program files\QuickTime
2009-05-23 06:28 . 2008-12-25 02:28 -------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer
2009-05-23 00:51 . 2009-05-16 04:29 5517 --sha-w c:\windows\system32\9C.tmp
2009-05-21 00:43 . 2008-12-22 22:21 -------- d-----w c:\program files\Trend Micro
2009-05-19 23:08 . 2009-01-20 06:54 -------- d-----w c:\documents and settings\Paulette\Application Data\Move Networks
2009-05-14 02:02 . 2008-12-23 22:23 -------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-05-14 01:58 . 2008-12-28 01:58 -------- d-----w c:\program files\iWin.com
2009-05-13 05:47 . 2008-12-23 21:56 -------- d-----w c:\documents and settings\All Users\Application Data\BigFishGamesCache
2009-05-11 04:12 . 2009-04-13 15:36 256 ----a-w c:\windows\system32\pool.bin
2009-05-10 06:21 . 2009-03-18 05:15 -------- d-----w c:\documents and settings\All Users\Application Data\PlayFirst
2009-05-10 06:21 . 2008-12-23 22:14 -------- d-----w c:\documents and settings\Paulette\Application Data\PlayFirst
2009-05-10 06:20 . 2009-03-18 05:16 466944 ----a-w c:\documents and settings\All Users\Application Data\PlayFirst\Games\pfHarness\pfHarness.dll
2009-05-09 04:27 . 2008-12-25 02:29 -------- d-----w c:\documents and settings\Paulette\Application Data\Apple Computer
2009-05-09 04:26 . 2008-12-22 20:30 71880 ----a-w c:\documents and settings\Paulette\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-09 00:07 . 2008-12-22 20:40 -------- d-----w c:\program files\Common Files\InstallShield
2009-05-07 14:49 . 2009-03-18 05:15 139264 ----a-w c:\documents and settings\All Users\Application Data\PlayFirst\Games\PlayFirst.EXE
2009-05-06 18:06 . 2008-12-22 22:10 4784464 ----a-w c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2009-04-29 05:44 . 2008-12-28 01:42 -------- d-----w c:\program files\iWin Games
2009-04-23 04:08 . 2009-04-23 04:08 -------- d-----w c:\documents and settings\Paulette\Application Data\Be a King
2009-04-23 03:06 . 2009-04-23 03:06 -------- d-----w c:\documents and settings\Paulette\Application Data\SpinTop
2009-04-23 01:01 . 2009-04-23 01:01 -------- d-----w c:\documents and settings\Paulette\Application Data\ShinyTales
2009-04-23 00:00 . 2009-04-23 00:00 -------- d-----w c:\documents and settings\Paulette\Application Data\TikGames
2009-04-23 00:00 . 2009-04-23 00:00 -------- d-----w c:\documents and settings\All Users\Application Data\TikGames
2009-04-13 15:36 . 2009-04-13 15:36 -------- d-----w c:\documents and settings\Paulette\Application Data\Research In Motion
2009-04-10 02:56 . 2008-12-22 15:13 90112 ----a-w c:\windows\DUMP3ad6.tmp
2009-04-09 07:28 . 2009-04-09 07:28 -------- d-----w c:\documents and settings\Paulette\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2009-04-09 06:21 . 2009-04-09 06:09 -------- d-----w c:\program files\Windows Live Safety Center
2009-04-09 05:43 . 2009-04-09 05:43 -------- d-----w c:\program files\CCleaner
2009-04-02 20:29 . 2009-04-02 20:29 75048 ----a-w c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.1.1.10\SetupAdmin.exe
2009-04-02 20:00 . 2008-12-22 22:24 52752 ----a-w c:\windows\system32\drivers\tmactmon.sys
2009-04-02 20:00 . 2008-12-22 22:24 52624 ----a-w c:\windows\system32\drivers\tmevtmgr.sys
2009-04-02 20:00 . 2008-12-22 22:24 142864 ----a-w c:\windows\system32\drivers\tmcomm.sys
2009-03-25 07:21 . 2009-03-18 05:16 249856 ----a-w c:\documents and settings\All Users\Application Data\PlayFirst\Games\components\pfMultiplayer.dll
2009-03-19 20:32 . 2009-03-19 20:32 23400 ----a-w c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}\x86\x86\GEARAspiWDM.sys
2009-03-06 14:44 . 2004-08-04 12:00 283648 ----a-w c:\windows\system32\pdh.dll
2009-03-03 00:18 . 2004-08-04 12:00 826368 ----a-w c:\windows\system32\wininet.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"OE"="c:\program files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe" [2007-12-16 492808]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-07-12 7626752]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\iWin Games\\iWinGames.exe"=
"c:\\Program Files\\iWin Games\\WebUpdater.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [12/22/2008 4:40 PM 13696]
R2 iWinTrusted;iWinTrusted;c:\program files\iWin Games\iWinTrusted.exe [4/27/2009 9:49 AM 78104]
R2 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [12/22/2008 6:24 PM 52624]
R2 tmpreflt;tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [12/16/2007 5:28 AM 36368]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [1/19/2009 11:50 PM 24652]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 8:19 PM 13592]
R3 tmproxy;Trend Micro Proxy Service;c:\program files\Trend Micro\Internet Security\TmProxy.exe [12/22/2008 6:24 PM 648456]
S3 se3ebus;Sony Ericsson Device 062 (WDM);c:\windows\system32\drivers\se3ebus.sys [4/10/2007 2:14 PM 83080]
S3 se3emdfl;Sony Ericsson Device 062 USB WMC Modem Filter;c:\windows\system32\drivers\se3emdfl.sys [4/10/2007 2:14 PM 15112]
S3 se3emdm;Sony Ericsson Device 062 USB WMC Modem Driver;c:\windows\system32\drivers\se3emdm.sys [4/10/2007 2:14 PM 108552]
S3 se3emgmt;Sony Ericsson Device 062 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\se3emgmt.sys [4/10/2007 2:14 PM 100360]
S3 se3eobex;Sony Ericsson Device 062 USB WMC OBEX Interface;c:\windows\system32\drivers\se3eobex.sys [4/10/2007 2:14 PM 98568]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2009-05-23 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

2009-05-26 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 00:20]
.
- - - - ORPHANS REMOVED - - - -

SafeBoot-procexp90.Sys

.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.myspace.com/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\Paulette\Start Menu\Programs\IMVU\Run IMVU.lnk
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-26 18:00
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2536)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Trend Micro\Internet Security\SfCtlCom.exe
c:\program files\Trend Micro\BM\TMBMSRV.exe
c:\program files\Trend Micro\Internet Security\UfSeAgnt.exe
.
**************************************************************************
.
Completion time: 2009-05-26 18:03 - machine was rebooted
ComboFix-quarantined-files.txt 2009-05-26 22:03

Pre-Run: 144,730,185,728 bytes free
Post-Run: 144,742,424,576 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

222 --- E O F --- 2009-05-26 00:22

And heres the new HJT log....

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:07:38 PM, on 5/26/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iWin Games\iWinTrusted.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\HP\Smart Web Printing\hpswp_clipbook.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [OE] "C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe"
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Paulette\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD5/JSCDL/ ... 586-jc.cab
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: iWinTrusted - iWin Inc. - C:\Program Files\iWin Games\iWinTrusted.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 6499 bytes

Thanks again,

Jenna

by **Jennanicole** » May 26th, 2009, 6:28 pm

Oh, and I just wanted to add that I had to uninstall the Limewire program today....AGAIN... I have 2 young cousins that visit with my grandmother often and after I uninstalled the P2P software a week ago from her computer, they again reinstalled it when I wasnt here! So I have uninstalled the program! Looks like I will need to have a conversation with them so that it isnt installed a third time!

Thanks,
Jenna

by **Rodav** » May 26th, 2009, 8:18 pm

I think you should have a stern conversation with your cousins, chances are the infections came via Limewire.

Things are looking better, how is the computer running now?

Step 1:
1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

File::
c:\windows\system32\9C.tmp
Folder::
c:\windows\system32\SystemService32(2)
c:\program files\LimeWire
c:\documents and settings\Paulette\Application Data\LimeWire
Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000000

Save this as "CFScript.txt", and as Type: All Files (*.*) in the same location as ComboFix.exe

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Step 2:
Note: Internet Explorer should be used.

Please go to Kaspersky website and perform an online antivirus scan.

Read through the requirements and privacy statement and click on Accept button.
It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
When the downloads have finished, click on Settings.
Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
- Spyware, Adware, Dialers, and other potentially dangerous programs
- Archives
- Mail databases
Click on My Computer under Scan and then put the kettle on!
Once the scan is complete, it will display the results. Click on View Scan Report.
You will see a list of infected items there. Click on Save Report As....
Save this report to a convenient place like your Desktop. Change the Files of type to Text file (.txt) before clicking on the Save button.
Copy and paste the report into your next reply along with a fresh HJT log and a description of how your PC is behaving.

Step 3:
Run HijackThis, do a system scan and post the following:

The ComboFix report (C:\ComboFix.txt)
The Kaspersky scan results
A new HijackThis log

Also let me know how the computer is running.

by **Jennanicole** » May 26th, 2009, 11:44 pm

Hello again Rodav,

Just completed the online scan...took over an hour to complete...I definitely will be having a long talk with them about the issues with Limewire and other P2P software! Hopefully they listen and dont do it again! If not, my grandmother is just going to have to put a password on her computer and not allow them on it or monitor them if they dont respect her rules! I'm not here as often so it will be up to her to follow through!

Anyways,

, The computer seems to be running much better. All of the websites that previously wouldnt work or load, are now running smoothly! I truly cannot say thank you enough for all of your help and efforts on this!

Here is the new Combofix log...

ComboFix 09-05-26.02 - Paulette 05/26/2009 21:13.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.894.546 [GMT -4:00]
Running from: c:\documents and settings\Paulette\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Paulette\Desktop\CFScript.txt
AV: Trend Micro Internet Security *On-access scanning disabled* (Updated) {7D2296BC-32CC-4519-917E-52E652474AF5}

FILE ::
"c:\windows\system32\9C.tmp"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Paulette\Application Data\LimeWire
c:\documents and settings\Paulette\Application Data\LimeWire\active.mojito
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xul-v2.0b2.4-do-not-remove
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\AccessibleMarshal.dll
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\chrome\branding.jar
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\chrome\branding.manifest
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\chrome\classic.jar
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\chrome\classic.manifest
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\chrome\comm.jar
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\chrome\comm.manifest
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\chrome\en-US.jar
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\chrome\en-US.manifest
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\chrome\limewire.jar
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\chrome\limewire.manifest
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\chrome\pippki.jar
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\chrome\pippki.manifest
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\chrome\toolkit.jar
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\chrome\toolkit.manifest
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\components\accessibility-msaa.xpt
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\components\accessibility.xpt
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\components\alerts.xpt
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\components\appshell.xpt
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\components\appshell_modal.dll
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\components\appshell_modal.xpt
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\components\appstartup.xpt
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\components\auth.dll
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\components\autocomplete.xpt
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\components\autoconfig.dll
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\components\autoconfig.xpt
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\components\caps.xpt
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\components\chardet.xpt
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\components\chrome.xpt
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\components\commandhandler.xpt
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\components\commandlines.xpt
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\components\composer.xpt
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\components\content_base.xpt
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\components\content_html.xpt
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\components\content_htmldoc.xpt
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\components\content_xmldoc.xpt
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\components\content_xslt.xpt
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\components\content_xtf.xpt
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\components\contentprefs.xpt
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\components\cookie.xpt
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\components\directory.xpt
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\components\docshell_base.xpt
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\components\dom.xpt
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\components\dom_base.xpt
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\components\dom_canvas.xpt
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\components\dom_core.xpt
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\components\dom_css.xpt
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\components\dom_events.xpt
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\components\dom_html.xpt
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\components\dom_json.xpt
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\components\dom_loadsave.xpt
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\components\dom_offline.xpt
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\components\dom_range.xpt
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\components\dom_sidebar.xpt
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\components\dom_storage.xpt
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\components\dom_stylesheets.xpt
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\components\dom_svg.xpt
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\components\dom_traversal.xpt
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\components\dom_views.xpt
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\components\dom_xbl.xpt
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\components\dom_xpath.xpt
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\components\dom_xul.xpt
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\components\downloads.xpt
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\components\editor.xpt
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\components\embed_base.xpt
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\components\extensions.xpt
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\components\exthandler.xpt
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\components\exthelper.xpt
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\components\fastfind.xpt
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\components\FeedProcessor.js
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\components\feeds.xpt
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\components\find.xpt
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\components\gfx.xpt
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\components\htmlparser.xpt
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\components\imgicon.xpt
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\components\imglib2.xpt
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\components\inspector.xpt
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\components\intl.xpt
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\components\jar.xpt
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\components\jsconsole-clhandler.js
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\components\jsdservice.xpt
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\components\layout_base.xpt
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\components\layout_printing.xpt
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\components\layout_xul.xpt
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\components\layout_xul_tree.xpt
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\components\locale.xpt
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\components\loginmgr.xpt
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\components\lwbrk.xpt
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\components\mimetype.xpt
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\components\mozbrwsr.xpt
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\components\mozfind.xpt
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\components\necko.xpt
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\components\necko_about.xpt
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\components\necko_cache.xpt
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\components\necko_cookie.xpt
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\components\necko_dns.xpt
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\components\necko_file.xpt
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\components\necko_ftp.xpt
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\components\necko_http.xpt
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\components\necko_res.xpt
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\components\necko_socket.xpt
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\components\necko_strconv.xpt
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\components\necko_viewsource.xpt
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\components\nsAddonRepository.js
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\components\nsBadCertHandler.js
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\components\nsBlocklistService.js
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\components\nsContentDispatchChooser.js
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\components\nsContentPrefService.js
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\components\nsDefaultCLH.js
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\components\nsDictionary.js
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\components\nsDownloadManagerUI.js
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\components\nsExtensionManager.js
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\components\nsHandlerService.js
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\components\nsHelperAppDlg.js
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\components\nsLivemarkService.js
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\components\nsLoginInfo.js
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\components\nsLoginManager.js
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\components\nsLoginManagerPrompter.js
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\components\nsPostUpdateWin.js
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\components\nsProgressDialog.js
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\components\nsProxyAutoConfig.js
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\components\nsResetPref.js
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\components\nsTaggingService.js
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\components\nsTryToClose.js
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\components\nsUpdateService.js
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\components\nsURLFormatter.js
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\components\nsWebHandlerApp.js
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\components\nsXmlRpcClient.js
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\components\nsXULAppInstall.js
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\components\oji.xpt
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\components\parentalcontrols.xpt
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\components\pipboot.dll
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\components\pipboot.xpt
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\components\pipnss.dll
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\components\pipnss.xpt
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\components\pippki.dll
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\components\pippki.xpt
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\components\places.xpt
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\components\plugin.xpt
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\components\pluginGlue.js
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\components\pref.xpt
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\components\prefetch.xpt
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\components\profile.xpt
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\components\proxyObject.xpt
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\components\rdf.xpt
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\components\satchel.xpt
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\components\saxparser.xpt
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\components\shistory.xpt
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\components\spellchecker.xpt
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\components\storage-Legacy.js
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\components\storage.xpt
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\components\toolkitprofile.xpt
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\components\transformiix.dll
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\components\txEXSLTRegExFunctions.js
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\components\txmgr.xpt
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\components\txtsvc.xpt
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\components\uconv.xpt
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\components\unicharutil.xpt
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\components\universalchardet.dll
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\components\update.xpt
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\components\uriloader.xpt
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\components\urlformatter.xpt
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\components\webBrowser_core.xpt
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\components\webbrowserpersist.xpt
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\components\webshell_idls.xpt
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\components\websrvcs.dll
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\components\widget.xpt
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\components\windowds.xpt
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\components\windowwatcher.xpt
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\components\xml-rpc.xpt
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\components\xmlextras.dll
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\components\xpcom_base.xpt
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\components\xpcom_components.xpt
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\components\xpcom_ds.xpt
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\components\xpcom_io.xpt
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\components\xpcom_system.xpt
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\components\xpcom_thread.xpt
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\components\xpcom_xpti.xpt
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\components\xpconnect.xpt
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\components\xpinstall.xpt
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\components\xulapp.xpt
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\components\xulapp_setup.xpt
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\components\xuldoc.xpt
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\components\xultmpl.xpt
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\components\xulutil.dll
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\components\zipwriter.xpt
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\crashreporter.exe
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\crashreporter.ini
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\defaults\autoconfig\platform.js
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\defaults\autoconfig\prefcalls.js
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\defaults\pref\xulrunner.js
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\defaults\profile\chrome\userChrome-example.css
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\defaults\profile\chrome\userContent-example.css
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\defaults\profile\localstore.rdf
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\defaults\profile\US\chrome\userChrome-example.css
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\defaults\profile\US\chrome\userContent-example.css
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\defaults\profile\US\localstore.rdf
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\dependentlibs.list
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\dictionaries\en-US.aff
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\dictionaries\en-US.dic
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\freebl3.chk
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\freebl3.dll
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\greprefs\all.js
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\greprefs\security-prefs.js
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\greprefs\xpinstall.js
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\IA2Marshal.dll
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\javaxpcom.jar
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\javaxpcomglue.dll
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\js3250.dll
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\LICENSE
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\modules\debug.js
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\modules\DownloadUtils.jsm
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\modules\ISO8601DateUtils.jsm
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\modules\JSON.jsm
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\modules\Microformats.js
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\modules\PluralForm.jsm
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\modules\utils.js
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\modules\XPCOMUtils.jsm
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\mozctl.dll
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\mozctlx.dll
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\MSVCP71.DLL
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\msvcr71.dll
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\nspr4.dll
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\nss3.dll
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\nssckbi.dll
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\nssdbm3.dll
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\nssutil3.dll
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\platform.ini
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\plc4.dll
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\plds4.dll
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\plugins\npnul32.dll
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\README.txt
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\res\arrow.gif
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\res\arrowd.gif
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\res\broken-image.gif
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\res\charsetalias.properties
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\res\charsetData.properties
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\res\contenteditable.css
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\res\designmode.css
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\res\dtd\mathml.dtd
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\res\dtd\xhtml11.dtd
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\res\EditorOverride.css
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\res\entityTables\html40Latin1.properties
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\res\entityTables\html40Special.properties
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\res\entityTables\html40Symbols.properties
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\res\entityTables\htmlEntityVersions.properties
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\res\entityTables\mathml20.properties
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\res\entityTables\transliterate.properties
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfont.properties
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfontStandardSymbolsL.properties
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfontSTIXNonUnicode.properties
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfontSTIXSize1.properties
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfontSymbol.properties
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfontUnicode.properties
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\res\forms.css
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\res\grabber.gif
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\res\hiddenWindow.html
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\res\html.css
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\res\html\folder.png
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\res\langGroups.properties
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\res\language.properties
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\res\loading-image.gif
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\res\mathml.css
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\res\quirk.css
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\res\svg.css
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\res\table-add-column-after-active.gif
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\res\table-add-column-after-hover.gif
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\res\table-add-column-after.gif
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\res\table-add-column-before-active.gif
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\res\table-add-column-before-hover.gif
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\res\table-add-column-before.gif
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\res\table-add-row-after-active.gif
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\res\table-add-row-after-hover.gif
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\res\table-add-row-after.gif
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\res\table-add-row-before-active.gif
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\res\table-add-row-before-hover.gif
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\res\table-add-row-before.gif
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\res\table-remove-column-active.gif
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\res\table-remove-column-hover.gif
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\res\table-remove-column.gif
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\res\table-remove-row-active.gif
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\res\table-remove-row-hover.gif
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\res\table-remove-row.gif
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\res\ua.css
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\res\viewsource.css
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\res\wincharset.properties
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\smime3.dll
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\softokn3.chk
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\softokn3.dll
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\sqlite3.dll
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\ssl3.dll
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\updater.exe
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\version.properties
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\xpcom.dll
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\xpcshell.exe
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\xpicleanup.exe
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\xpidl.exe
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\xpt_dump.exe
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\xpt_link.exe
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\xul.dll
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\xulrunner-stub.exe
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\xulrunner.exe
c:\documents and settings\Paulette\Application Data\LimeWire\certificate\limewire.keystore
c:\documents and settings\Paulette\Application Data\LimeWire\createtimes.cache
c:\documents and settings\Paulette\Application Data\LimeWire\downloads.dat
c:\documents and settings\Paulette\Application Data\LimeWire\fileurns.bak
c:\documents and settings\Paulette\Application Data\LimeWire\fileurns.cache
c:\documents and settings\Paulette\Application Data\LimeWire\filters.props
c:\documents and settings\Paulette\Application Data\LimeWire\gnutella.net
c:\documents and settings\Paulette\Application Data\LimeWire\installation.props
c:\documents and settings\Paulette\Application Data\LimeWire\library.dat
c:\documents and settings\Paulette\Application Data\LimeWire\library5.dat
c:\documents and settings\Paulette\Application Data\LimeWire\limewire.props
c:\documents and settings\Paulette\Application Data\LimeWire\mojito.props
c:\documents and settings\Paulette\Application Data\LimeWire\mozilla-profile\.autoreg
c:\documents and settings\Paulette\Application Data\LimeWire\mozilla-profile\Cache\_CACHE_001_
c:\documents and settings\Paulette\Application Data\LimeWire\mozilla-profile\Cache\_CACHE_002_
c:\documents and settings\Paulette\Application Data\LimeWire\mozilla-profile\Cache\_CACHE_003_
c:\documents and settings\Paulette\Application Data\LimeWire\mozilla-profile\Cache\_CACHE_MAP_
c:\documents and settings\Paulette\Application Data\LimeWire\mozilla-profile\Cache\3816C1E5d01
c:\documents and settings\Paulette\Application Data\LimeWire\mozilla-profile\Cache\7BD6A121d01
c:\documents and settings\Paulette\Application Data\LimeWire\mozilla-profile\Cache\AE98BDF8d01
c:\documents and settings\Paulette\Application Data\LimeWire\mozilla-profile\Cache\BAFF9A98d01
c:\documents and settings\Paulette\Application Data\LimeWire\mozilla-profile\cert8.db
c:\documents and settings\Paulette\Application Data\LimeWire\mozilla-profile\compreg.dat
c:\documents and settings\Paulette\Application Data\LimeWire\mozilla-profile\cookies.sqlite
c:\documents and settings\Paulette\Application Data\LimeWire\mozilla-profile\downloads.sqlite
c:\documents and settings\Paulette\Application Data\LimeWire\mozilla-profile\extensions.cache
c:\documents and settings\Paulette\Application Data\LimeWire\mozilla-profile\extensions.ini
c:\documents and settings\Paulette\Application Data\LimeWire\mozilla-profile\history.dat
c:\documents and settings\Paulette\Application Data\LimeWire\mozilla-profile\key3.db
c:\documents and settings\Paulette\Application Data\LimeWire\mozilla-profile\permissions.sqlite
c:\documents and settings\Paulette\Application Data\LimeWire\mozilla-profile\places.sqlite-journal
c:\documents and settings\Paulette\Application Data\LimeWire\mozilla-profile\places.sqlite-stmtjrnl
c:\documents and settings\Paulette\Application Data\LimeWire\mozilla-profile\places.sqlite
c:\documents and settings\Paulette\Application Data\LimeWire\mozilla-profile\pluginreg.dat
c:\documents and settings\Paulette\Application Data\LimeWire\mozilla-profile\prefs.js
c:\documents and settings\Paulette\Application Data\LimeWire\mozilla-profile\secmod.db
c:\documents and settings\Paulette\Application Data\LimeWire\mozilla-profile\XPC.mfl
c:\documents and settings\Paulette\Application Data\LimeWire\mozilla-profile\xpti.dat
c:\documents and settings\Paulette\Application Data\LimeWire\passive.mojito
c:\documents and settings\Paulette\Application Data\LimeWire\promotion\promodb.backup
c:\documents and settings\Paulette\Application Data\LimeWire\promotion\promodb.data
c:\documents and settings\Paulette\Application Data\LimeWire\promotion\promodb.lck
c:\documents and settings\Paulette\Application Data\LimeWire\promotion\promodb.log
c:\documents and settings\Paulette\Application Data\LimeWire\promotion\promodb.properties
c:\documents and settings\Paulette\Application Data\LimeWire\promotion\promodb.script
c:\documents and settings\Paulette\Application Data\LimeWire\questions.props
c:\documents and settings\Paulette\Application Data\LimeWire\responses.cache
c:\documents and settings\Paulette\Application Data\LimeWire\simpp.xml
c:\documents and settings\Paulette\Application Data\LimeWire\spam.dat
c:\documents and settings\Paulette\Application Data\LimeWire\tables.props
c:\documents and settings\Paulette\Application Data\LimeWire\themes\windows_theme.lwtp
c:\documents and settings\Paulette\Application Data\LimeWire\themes\windows_theme\01_star.gif
c:\documents and settings\Paulette\Application Data\LimeWire\themes\windows_theme\02_star.gif
c:\documents and settings\Paulette\Application Data\LimeWire\themes\windows_theme\03_star.gif
c:\documents and settings\Paulette\Application Data\LimeWire\themes\windows_theme\04_star.gif
c:\documents and settings\Paulette\Application Data\LimeWire\themes\windows_theme\05_star.gif
c:\documents and settings\Paulette\Application Data\LimeWire\themes\windows_theme\chat.gif
c:\documents and settings\Paulette\Application Data\LimeWire\themes\windows_theme\forward_dn.gif
c:\documents and settings\Paulette\Application Data\LimeWire\themes\windows_theme\forward_up.gif
c:\documents and settings\Paulette\Application Data\LimeWire\themes\windows_theme\kill.gif
c:\documents and settings\Paulette\Application Data\LimeWire\themes\windows_theme\kill_on.gif
c:\documents and settings\Paulette\Application Data\LimeWire\themes\windows_theme\pause_dn.gif
c:\documents and settings\Paulette\Application Data\LimeWire\themes\windows_theme\pause_up.gif
c:\documents and settings\Paulette\Application Data\LimeWire\themes\windows_theme\play_dn.gif
c:\documents and settings\Paulette\Application Data\LimeWire\themes\windows_theme\play_up.gif
c:\documents and settings\Paulette\Application Data\LimeWire\themes\windows_theme\question.gif
c:\documents and settings\Paulette\Application Data\LimeWire\themes\windows_theme\rewind_dn.gif
c:\documents and settings\Paulette\Application Data\LimeWire\themes\windows_theme\rewind_up.gif
c:\documents and settings\Paulette\Application Data\LimeWire\themes\windows_theme\stop_dn.gif
c:\documents and settings\Paulette\Application Data\LimeWire\themes\windows_theme\stop_up.gif
c:\documents and settings\Paulette\Application Data\LimeWire\themes\windows_theme\theme.txt
c:\documents and settings\Paulette\Application Data\LimeWire\themes\windows_theme\version.txt
c:\documents and settings\Paulette\Application Data\LimeWire\themes\windows_theme\warning.gif
c:\documents and settings\Paulette\Application Data\LimeWire\ttrees.cache
c:\documents and settings\Paulette\Application Data\LimeWire\ttroot.cache
c:\documents and settings\Paulette\Application Data\LimeWire\version.xml
c:\documents and settings\Paulette\Application Data\LimeWire\versions.props
c:\documents and settings\Paulette\Application Data\LimeWire\xml\data\audio.sxml2
c:\documents and settings\Paulette\Application Data\LimeWire\xml\data\audio.sxml3
c:\windows\system32\9C.tmp
c:\windows\system32\SystemService32(2)
c:\windows\system32\SystemService32(2)\C.tmp
c:\windows\system32\SystemService32(2)\D.tmp

.
((((((((((((((((((((((((( Files Created from 2009-04-27 to 2009-05-27 )))))))))))))))))))))))))))))))
.

2009-05-26 16:01 . 2009-05-26 16:01 10752 ----a-w c:\windows\DCEBoot.exe
2009-05-26 00:22 . 2009-05-06 18:06 4784464 ----a-w c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{C604865B-4EFE-4997-BB3E-AE6DFEDEFC24}\mpengine.dll
2009-05-23 06:30 . 2009-03-19 20:32 23400 ----a-w c:\windows\system32\drivers\GEARAspiWDM.sys
2009-05-23 06:30 . 2008-04-17 16:12 107368 ----a-w c:\windows\system32\GEARAspi.dll
2009-05-23 06:30 . 2009-05-23 06:30 -------- d-----w c:\program files\iPod
2009-05-23 06:29 . 2009-05-23 06:30 -------- d-----w c:\program files\iTunes
2009-05-23 06:29 . 2009-05-23 06:30 -------- d-----w c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-05-23 06:29 . 2009-05-23 06:29 -------- d-----w c:\program files\Bonjour
2009-05-23 06:27 . 2009-05-23 06:27 -------- d-----w c:\program files\Apple Software Update
2009-05-23 06:26 . 2009-05-23 06:26 -------- d-----w c:\program files\Common Files\Apple
2009-05-23 06:26 . 2009-05-23 06:26 -------- d-----w c:\documents and settings\All Users\Application Data\Apple
2009-05-22 06:00 . 2009-05-22 06:00 -------- d-----w c:\documents and settings\Paulette\Local Settings\Application Data\stellarium
2009-05-19 15:21 . 2009-05-19 15:21 -------- d-----w c:\documents and settings\Paulette\Application Data\MySpace
2009-05-18 22:01 . 2009-05-18 22:01 -------- d-sh--w C:\found.003
2009-05-15 06:30 . 2009-05-23 06:38 -------- d-----w c:\program files\Common Files\Blizzard Entertainment
2009-05-12 06:06 . 2009-05-22 06:07 -------- d-----w c:\documents and settings\Paulette\Application Data\Stellarium
2009-05-11 18:02 . 2009-05-11 18:02 -------- d-----w c:\documents and settings\Paulette\Application Data\Enchanted Katya
2009-05-11 17:01 . 2009-05-11 17:01 -------- d-----w c:\documents and settings\All Users\Application Data\XLab
2009-05-10 07:23 . 2009-05-10 07:23 -------- d-----w c:\documents and settings\Paulette\Application Data\Namco
2009-05-10 07:23 . 2009-05-10 07:23 -------- d-----w c:\documents and settings\All Users\Application Data\Namco
2009-05-09 00:09 . 2009-05-09 00:09 -------- d-----w c:\documents and settings\All Users\Application Data\Sonic
2009-05-09 00:07 . 2009-05-09 00:07 -------- d-----w c:\program files\Common Files\Sonic Shared
2009-05-09 00:07 . 2009-05-09 00:07 -------- d-----w c:\program files\Roxio
2009-05-09 00:07 . 2009-05-09 00:07 -------- d-----w c:\documents and settings\All Users\Application Data\Roxio
2009-05-09 00:07 . 2009-05-09 00:07 -------- d-----w c:\program files\Common Files\Roxio Shared
2009-05-08 23:59 . 2009-05-08 23:59 -------- d-----w c:\program files\MSXML 6.0
2009-05-08 23:40 . 2009-05-09 00:02 -------- d-----w c:\program files\Research In Motion
2009-05-08 23:40 . 2009-05-08 23:40 -------- d-----w C:\Research In Motion
2009-05-08 23:33 . 2007-01-18 14:24 26496 ----a-r c:\windows\system32\drivers\RimSerial.sys
2009-05-08 23:33 . 2009-05-08 23:33 26694 ----a-r c:\documents and settings\Paulette\Application Data\Microsoft\Installer\{ACB24CAB-6D48-4B65-8CCB-03938F7541AF}\BlackBerry.exe
2009-05-08 23:14 . 2009-05-08 23:14 10134 ----a-r c:\documents and settings\Paulette\Application Data\Microsoft\Installer\{2877881B-0736-42AB-B312-D4457D57E56D}\ARPPRODUCTICON.exe
2009-05-08 23:14 . 2009-05-09 00:03 -------- d-----w c:\program files\Common Files\Research In Motion
2009-05-07 19:34 . 2009-05-07 19:34 -------- d-----w c:\program files\Stellarium
2009-05-01 08:10 . 2009-05-01 08:10 -------- d-----w c:\documents and settings\Paulette\Application Data\funkitron
2009-04-30 21:13 . 2009-04-30 21:13 -------- d-----w c:\windows\Cache
2009-04-30 03:07 . 2009-04-30 03:07 -------- d-----w c:\documents and settings\All Users\Application Data\Trymedia
2009-04-30 02:38 . 2009-05-19 23:04 -------- d-----w c:\documents and settings\All Users\Application Data\GameHouse

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-23 06:35 . 2008-12-25 02:28 -------- d-----w c:\program files\QuickTime
2009-05-23 06:28 . 2008-12-25 02:28 -------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer
2009-05-21 00:43 . 2008-12-22 22:21 -------- d-----w c:\program files\Trend Micro
2009-05-19 23:08 . 2009-01-20 06:54 -------- d-----w c:\documents and settings\Paulette\Application Data\Move Networks
2009-05-14 02:02 . 2008-12-23 22:23 -------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-05-14 01:58 . 2008-12-28 01:58 -------- d-----w c:\program files\iWin.com
2009-05-13 05:47 . 2008-12-23 21:56 -------- d-----w c:\documents and settings\All Users\Application Data\BigFishGamesCache
2009-05-11 04:12 . 2009-04-13 15:36 256 ----a-w c:\windows\system32\pool.bin
2009-05-10 06:21 . 2009-03-18 05:15 -------- d-----w c:\documents and settings\All Users\Application Data\PlayFirst
2009-05-10 06:21 . 2008-12-23 22:14 -------- d-----w c:\documents and settings\Paulette\Application Data\PlayFirst
2009-05-10 06:20 . 2009-03-18 05:16 466944 ----a-w c:\documents and settings\All Users\Application Data\PlayFirst\Games\pfHarness\pfHarness.dll
2009-05-09 04:27 . 2008-12-25 02:29 -------- d-----w c:\documents and settings\Paulette\Application Data\Apple Computer
2009-05-09 04:26 . 2008-12-22 20:30 71880 ----a-w c:\documents and settings\Paulette\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-09 00:07 . 2008-12-22 20:40 -------- d-----w c:\program files\Common Files\InstallShield
2009-05-07 14:49 . 2009-03-18 05:15 139264 ----a-w c:\documents and settings\All Users\Application Data\PlayFirst\Games\PlayFirst.EXE
2009-05-06 18:06 . 2008-12-22 22:10 4784464 ----a-w c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2009-04-29 05:44 . 2008-12-28 01:42 -------- d-----w c:\program files\iWin Games
2009-04-23 04:08 . 2009-04-23 04:08 -------- d-----w c:\documents and settings\Paulette\Application Data\Be a King
2009-04-23 03:06 . 2009-04-23 03:06 -------- d-----w c:\documents and settings\Paulette\Application Data\SpinTop
2009-04-23 01:01 . 2009-04-23 01:01 -------- d-----w c:\documents and settings\Paulette\Application Data\ShinyTales
2009-04-23 00:00 . 2009-04-23 00:00 -------- d-----w c:\documents and settings\Paulette\Application Data\TikGames
2009-04-23 00:00 . 2009-04-23 00:00 -------- d-----w c:\documents and settings\All Users\Application Data\TikGames
2009-04-13 15:36 . 2009-04-13 15:36 -------- d-----w c:\documents and settings\Paulette\Application Data\Research In Motion
2009-04-10 02:56 . 2008-12-22 15:13 90112 ----a-w c:\windows\DUMP3ad6.tmp
2009-04-09 07:28 . 2009-04-09 07:28 -------- d-----w c:\documents and settings\Paulette\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2009-04-09 06:21 . 2009-04-09 06:09 -------- d-----w c:\program files\Windows Live Safety Center
2009-04-09 05:43 . 2009-04-09 05:43 -------- d-----w c:\program files\CCleaner
2009-04-02 20:29 . 2009-04-02 20:29 75048 ----a-w c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.1.1.10\SetupAdmin.exe
2009-04-02 20:00 . 2008-12-22 22:24 52752 ----a-w c:\windows\system32\drivers\tmactmon.sys
2009-04-02 20:00 . 2008-12-22 22:24 52624 ----a-w c:\windows\system32\drivers\tmevtmgr.sys
2009-04-02 20:00 . 2008-12-22 22:24 142864 ----a-w c:\windows\system32\drivers\tmcomm.sys
2009-03-25 07:21 . 2009-03-18 05:16 249856 ----a-w c:\documents and settings\All Users\Application Data\PlayFirst\Games\components\pfMultiplayer.dll
2009-03-19 20:32 . 2009-03-19 20:32 23400 ----a-w c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}\x86\x86\GEARAspiWDM.sys
2009-03-06 14:44 . 2004-08-04 12:00 283648 ----a-w c:\windows\system32\pdh.dll
2009-03-03 00:18 . 2004-08-04 12:00 826368 ----a-w c:\windows\system32\wininet.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-07-12 7626752]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\iWin Games\\iWinGames.exe"=
"c:\\Program Files\\iWin Games\\WebUpdater.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [12/22/2008 4:40 PM 13696]
R2 iWinTrusted;iWinTrusted;c:\program files\iWin Games\iWinTrusted.exe [4/27/2009 9:49 AM 78104]
R2 tmpreflt;tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [12/16/2007 5:28 AM 36368]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [1/19/2009 11:50 PM 24652]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 8:19 PM 13592]
S2 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [12/22/2008 6:24 PM 52624]
S3 se3ebus;Sony Ericsson Device 062 (WDM);c:\windows\system32\drivers\se3ebus.sys [4/10/2007 2:14 PM 83080]
S3 se3emdfl;Sony Ericsson Device 062 USB WMC Modem Filter;c:\windows\system32\drivers\se3emdfl.sys [4/10/2007 2:14 PM 15112]
S3 se3emdm;Sony Ericsson Device 062 USB WMC Modem Driver;c:\windows\system32\drivers\se3emdm.sys [4/10/2007 2:14 PM 108552]
S3 se3emgmt;Sony Ericsson Device 062 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\se3emgmt.sys [4/10/2007 2:14 PM 100360]
S3 se3eobex;Sony Ericsson Device 062 USB WMC OBEX Interface;c:\windows\system32\drivers\se3eobex.sys [4/10/2007 2:14 PM 98568]
S3 tmproxy;Trend Micro Proxy Service;c:\program files\Trend Micro\Internet Security\TmProxy.exe [12/22/2008 6:24 PM 648456]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2009-05-23 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

2009-05-26 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 00:20]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.myspace.com/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\Paulette\Start Menu\Programs\IMVU\Run IMVU.lnk
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-26 21:15
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2009-05-27 21:16
ComboFix-quarantined-files.txt 2009-05-27 01:16
ComboFix2.txt 2009-05-26 22:03

Pre-Run: 144,696,070,144 bytes free
Post-Run: 144,688,914,432 bytes free

546 --- E O F --- 2009-05-26 00:22

Here is the Kaspersky Scan Report....

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0 REPORT
Tuesday, May 26, 2009
Operating System: Microsoft Windows XP Home Edition Service Pack 2 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Program database last update: Wednesday, May 27, 2009 04:03:29
Records in database: 2255911
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\

Scan statistics:
Files scanned: 52214
Threat name: 10
Infected objects: 24
Suspicious objects: 0
Duration of the scan: 01:02:34

File name / Threat name / Threats count
C:\Qoobox\Quarantine\C\WINDOWS\system32\d3dxof32.dll.vir Infected: P2P-Worm.Win32.Nugg.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\SystemService32\149.crack.zip.vir Infected: Trojan-Dropper.Win32.Agent.apig 2
C:\Qoobox\Quarantine\C\WINDOWS\system32\SystemService32\150.keygen.zip.vir Infected: Trojan-Dropper.Win32.Agent.apig 2
C:\Qoobox\Quarantine\C\WINDOWS\system32\SystemService32\151.serial.zip.vir Infected: Trojan-Dropper.Win32.Agent.apig 2
C:\Qoobox\Quarantine\C\WINDOWS\system32\SystemService32\152.setup.zip.vir Infected: Trojan-Dropper.Win32.Agent.apig 2
C:\Qoobox\Quarantine\C\WINDOWS\system32\SystemService32\153.music.au.vir Infected: Trojan-Downloader.WMA.GetCodec.u 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\SystemService32\154.music.mp3.vir Infected: Trojan-Downloader.WMA.GetCodec.u 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\SystemService32\155.music.wma.vir Infected: Trojan-Downloader.WMA.GetCodec.u 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\SystemService32\156.music.snd.vir Infected: Trojan-Downloader.WMA.GetCodec.u 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\_d3dxof32_.dll.zip Infected: P2P-Worm.Win32.Nugg.bc 1
C:\System Volume Information\_restore{1B1FD70C-EABD-48A6-97FF-8B5F1D582546}\RP115\A0066609.DLL Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.et 1
C:\System Volume Information\_restore{1B1FD70C-EABD-48A6-97FF-8B5F1D582546}\RP115\A0066623.DLL Infected: not-a-virus:WebToolbar.Win32.MyWebSearch 1
C:\System Volume Information\_restore{1B1FD70C-EABD-48A6-97FF-8B5F1D582546}\RP115\A0066627.DLL Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.ax 1
C:\System Volume Information\_restore{1B1FD70C-EABD-48A6-97FF-8B5F1D582546}\RP115\A0066636.EXE Infected: not-a-virus:AdTool.Win32.MyWebSearch.cl 1
C:\System Volume Information\_restore{1B1FD70C-EABD-48A6-97FF-8B5F1D582546}\RP115\A0066638.DLL Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.ew 1
C:\System Volume Information\_restore{1B1FD70C-EABD-48A6-97FF-8B5F1D582546}\RP115\A0066641.DLL Infected: not-a-virus:AdWare.Win32.FunWeb.q 1
C:\System Volume Information\_restore{1B1FD70C-EABD-48A6-97FF-8B5F1D582546}\RP116\A0066668.DLL Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.et 1
C:\System Volume Information\_restore{1B1FD70C-EABD-48A6-97FF-8B5F1D582546}\RP116\A0067665.dll Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.et 1
C:\System Volume Information\_restore{1B1FD70C-EABD-48A6-97FF-8B5F1D582546}\RP182\A0199346.ocx Infected: not-a-virus:AdWare.Win32.BHO.gkp 1
C:\System Volume Information\_restore{1B1FD70C-EABD-48A6-97FF-8B5F1D582546}\RP202\A0218891.dll Infected: P2P-Worm.Win32.Nugg.bc 1

The selected area was scanned.

And here is the new HJT log....

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:28:36 PM, on 5/26/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iWin Games\iWinTrusted.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\HP\Smart Web Printing\hpswp_clipbook.exe
C:\Program Files\Java\jre6\bin\java.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceHelper.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\distnoted.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Paulette\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD5/JSCDL/ ... 586-jc.cab
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: iWinTrusted - iWin Inc. - C:\Program Files\iWin Games\iWinTrusted.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 6427 bytes

Thank You! :cheers:

Jenna

by **Rodav** » May 27th, 2009, 6:50 am

Hi Jenna,

If you haven't done so already you may also like to create a limited account on your Grandmothers computer for your cousins to use and password protect her main administrator account. There is some information on how to do that here: http://www.microsoft.com/windowsxp/usin ... ounts.mspx

The logs look good now, all that Kaspersky found has already been dealt with or else is in system restore which we will deal with shortly.

Step 1:

Run HijackThis
Click on the Scan button
Put a check beside all of the items listed below (if present):

O23 - Service: iWinTrusted - iWin Inc. - C:\Program Files\iWin Games\iWinTrusted.exe <== not required to start up with Windows
Close all open windows and browsers/email, etc...
Click on the "Fix Checked" button
When completed, close the application and Restart your computer.

Step 2:
The following will implement some cleanup procedures as well as reset System Restore points:

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /u

=================================================

Your logs are now clean.

If you still feel you are having any issues please let me know now, otherwise read through the following:

Please take the time to tell us what you would like to be done about the people who are behind all the problems you have had. We can only get something done about this if the people that we help, like you, are prepared to complain. We have a dedicated forum for collecting these complaints Malware Complaints, you need to be registered to post as unfortunately we were hit with too many spam posting to allow guest posting to continue just find your country room and register your complaint.

Below are some steps to follow in order to dramatically lower the chances of reinfection
You may have already implemented some of the steps below, however you can follow any steps that you have not already implemented

Make sure you install all the security updates for Windows, Internet explorer & Microsoft Office
Whenever a security problem in its software is found, Microsoft will usually create a patch for it to that after the patch is installed, attackers can't use the vulnerability to install malicious software on your PC, so keeping up with these patches will help to prevent malicious software being installed on your PC
Go here to check for & install updates to Microsoft applications
Note: The update process uses activex, so you will need to use internet explorer for it, and allow the activex control that it wants to install
Keep your non-Microsoft applications updated as well
Microsoft isn't the only company whose products can contain security vulnerabilities, to check for other vulnerable programs running on your PC that are in need of an update, you can use the Secunia Software Inspector - I suggest that you run it at least once a month
Make Internet Explorer more secure
Click Start > Run
Type Inetcpl.cpl & click OK
Click on the Security tab
Click Reset all zones to default level
Make sure the Internet Zone is selected & Click Custom level
In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
Next Click OK, then Apply button and then OK to exit the Internet Properties page.
Install a Hosts File
I recommend MVPS Hosts File
Every version of windows includes a hosts file as part of them. A hosts file is a bit like a phone book, it points to the actual numeric address (i.e. the IP address) from the human friendly name of a website. This feature can be used to block malicious websites
On some PCs, having a custom HOSTS file installed can cause a significant slowdown. Following these instructions should resolve the issue
- Click Start > Run
- Type services.msc & click OK
- In the list, find the service called DNS Client & double click on it.
- On the dropdown box, change the setting from automatic to manual.
- Click OK & then close the Services window
For a more detailed explanation of the HOSTS file, click here
Download and install the free version of WinPatrol. This program protects your computer in a variety of ways and will work well with your existing security software. Have a look at this tutorial to help you get started with the program. If you want to help the developer of the program and get more information about what the programs that you see in Winpatrol please check out Winpatrol Plus. It does not need a new download.
Install Malwarebytes & update and scan with it regularly
Malwarebytes is a free for personal use on demand scanner which is developed by active members of the Malware Removal community. It detects and removes many modern infections. The paid version offers realtime protection.
The last and most important thing I can tell you is UPDATE, UPDATE, UPDATE.
If you don't update your security programs (Antivirus, Antispyware, even Windows) then you are at risk.
Malware changes on a day to day basis. You should update every week at the very least.

Miekiemoes an expert in malware removal has a fantastic article on how to prevent Malware for further tips, it's well worth a read. http://users.telenet.be/bluepatchy/miek ... ntion.html

Please reply to this topic one more time so I know you have read through it or with any questions you may have.

by **Jennanicole** » May 27th, 2009, 4:52 pm

Hello again!

I followed all of your instructions,

- I did step 1 & 2... Combofix was uninstalled...

- I used Windows update, and now have the SP3 pack and Internet Explorer 8...

- I installed the hosts file...

- I also followed the "Make IE more secure"

- Installed WinPatrol

- Installed Malwarebytes and did a scan...

--- these were the results.... so I removed them.....

Malwarebytes' Anti-Malware 1.37
Database version: 2186
Windows 5.1.2600 Service Pack 3

5/27/2009 4:24:31 PM
mbam-log-2009-05-27 (16-24-27).txt

Scan type: Full Scan (C:\|D:\|E:\|)
Objects scanned: 131416
Time elapsed: 24 minute(s), 37 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 13
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{cf54be1c-9359-4395-8533-1657cf209cfe} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{d518921a-4a03-425e-9873-b9a71756821e} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWay) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> No action taken.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

-I also read the prevention link that you provided at the bottom of your post by Miekiemoes and installed the Spyware blaster program....

- Everything seems to be running great now, although that on startup, I get an error message that reads as follows…. Dont know whats causing it though....It started after I did all of the Windows updates...

-“An exception occurred while trying to run “C:\WINDOWS\system32\NvCpL.dll,NvStartup"

Thanks again!
Jenna

by **Rodav** » May 27th, 2009, 7:44 pm

All Malwarebytes found were leftovers (mostly from mywebsearch) which were harmless in isolation.

The message you are receiving is from your Nvidia video card drivers, by reinstalling or updating them should fix he error message. If you aren't sure how to do this I reccomend asking at the Nvidia forums: http://forums.nvidia.com/index.php?showforum=24

All in all, I think it's safe to say malware is no longer an issue.

by **Jennanicole** » May 28th, 2009, 12:49 am

Thank you so very much for all of your time and effort in helping me! Words and thank you's just arent enough! My grandmother says to thank you too lol! Shes happy to have her computer back and running! She says to tell you that she will be donating to your site here! Thank you for all that you and the others here do! It's very much appreciated!!!

THANK YOU!!! :flower:

Jenna

by **Rodav** » May 28th, 2009, 5:09 pm

You're very welcome.

by **markkhunt** » May 28th, 2009, 5:21 pm

Since this issue appears resolved, this topic is now closed.

We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.

Free Malware Removal Forum

Help..."sameshitasiteverwas.com?"...No idea whats goin on..

Help..."sameshitasiteverwas.com?"...No idea whats goin on..

Re: Help..."sameshitasiteverwas.com?"...No idea whats goin on..

Re: Help..."sameshitasiteverwas.com?"...No idea whats goin on..

Re: Help..."sameshitasiteverwas.com?"...No idea whats goin on..

Re: Help..."sameshitasiteverwas.com?"...No idea whats goin on..

Re: Help..."sameshitasiteverwas.com?"...No idea whats goin on..

Re: Help..."sameshitasiteverwas.com?"...No idea whats goin on..

Re: Help..."sameshitasiteverwas.com?"...No idea whats goin on..

Re: Help..."sameshitasiteverwas.com?"...No idea whats goin on..

Re: Help..."sameshitasiteverwas.com?"...No idea whats goin on..

Re: Help..."sameshitasiteverwas.com?"...No idea whats goin on..

Re: Help..."sameshitasiteverwas.com?"...No idea whats goin on..

Re: Help..."sameshitasiteverwas.com?"...No idea whats goin on..

Re: Help..."sameshitasiteverwas.com?"...No idea whats goin on..

Who is online