Hello again Rodav,
Just completed the online scan...took over an hour to complete...I definitely will be having a long talk with them about the issues with Limewire and other P2P software! Hopefully they listen and dont do it again! If not, my grandmother is just going to have to put a password on her computer and not allow them on it or monitor them if they dont respect her rules! I'm not here as often so it will be up to her to follow through!
Anyways, , The computer seems to be running much better. All of the websites that previously wouldnt work or load, are now running smoothly! I truly cannot say thank you enough for all of your help and efforts on this!Here is the new Combofix log...ComboFix 09-05-26.02 - Paulette 05/26/2009 21:13.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.894.546 [GMT -4:00]
Running from: c:\documents and settings\Paulette\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Paulette\Desktop\CFScript.txt
AV: Trend Micro Internet Security *On-access scanning disabled* (Updated) {7D2296BC-32CC-4519-917E-52E652474AF5}
FILE ::
"c:\windows\system32\9C.tmp"
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Paulette\Application Data\LimeWire
c:\documents and settings\Paulette\Application Data\LimeWire\active.mojito
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xul-v2.0b2.4-do-not-remove
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\AccessibleMarshal.dll
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\chrome\branding.jar
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\chrome\branding.manifest
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\chrome\classic.jar
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\chrome\classic.manifest
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\chrome\comm.jar
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\chrome\comm.manifest
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\chrome\en-US.jar
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\chrome\en-US.manifest
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\chrome\limewire.jar
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\chrome\limewire.manifest
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\chrome\pippki.jar
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\chrome\pippki.manifest
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\chrome\toolkit.jar
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\chrome\toolkit.manifest
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\components\accessibility-msaa.xpt
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\components\accessibility.xpt
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\components\alerts.xpt
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\components\appshell.xpt
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\components\appshell_modal.dll
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\components\appshell_modal.xpt
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\components\appstartup.xpt
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\components\auth.dll
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\components\autocomplete.xpt
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\components\autoconfig.dll
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\components\autoconfig.xpt
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\components\caps.xpt
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\components\chardet.xpt
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\components\chrome.xpt
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\components\commandhandler.xpt
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\components\commandlines.xpt
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\components\composer.xpt
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\components\content_base.xpt
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\components\content_html.xpt
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\components\content_htmldoc.xpt
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\components\content_xmldoc.xpt
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\components\content_xslt.xpt
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\components\content_xtf.xpt
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\components\contentprefs.xpt
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\components\cookie.xpt
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\components\directory.xpt
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\components\docshell_base.xpt
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\components\dom.xpt
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\components\dom_base.xpt
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\components\dom_canvas.xpt
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\components\dom_core.xpt
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\components\dom_css.xpt
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\components\dom_events.xpt
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\components\dom_html.xpt
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\components\dom_json.xpt
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\components\dom_loadsave.xpt
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\components\dom_offline.xpt
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\components\dom_range.xpt
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\components\dom_sidebar.xpt
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\components\dom_storage.xpt
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\components\dom_stylesheets.xpt
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\components\dom_svg.xpt
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\components\dom_traversal.xpt
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\components\dom_views.xpt
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\components\dom_xbl.xpt
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\components\dom_xpath.xpt
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\components\dom_xul.xpt
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\components\downloads.xpt
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\components\editor.xpt
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\components\embed_base.xpt
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\components\extensions.xpt
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\components\exthandler.xpt
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\components\exthelper.xpt
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\components\fastfind.xpt
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\components\FeedProcessor.js
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\components\feeds.xpt
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\components\find.xpt
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\components\gfx.xpt
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\components\htmlparser.xpt
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\components\imgicon.xpt
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\components\imglib2.xpt
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\components\inspector.xpt
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\components\intl.xpt
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\components\jar.xpt
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\components\jsconsole-clhandler.js
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\components\jsdservice.xpt
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\components\layout_base.xpt
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\components\layout_printing.xpt
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\components\layout_xul.xpt
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\components\layout_xul_tree.xpt
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\components\locale.xpt
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\components\loginmgr.xpt
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\components\lwbrk.xpt
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\components\mimetype.xpt
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\components\mozbrwsr.xpt
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\components\mozfind.xpt
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\components\necko.xpt
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\components\necko_about.xpt
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\components\necko_cache.xpt
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\components\necko_cookie.xpt
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\components\necko_dns.xpt
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\components\necko_file.xpt
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\components\necko_ftp.xpt
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\components\necko_http.xpt
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\components\necko_res.xpt
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\components\necko_socket.xpt
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\components\necko_strconv.xpt
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\components\necko_viewsource.xpt
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\components\nsAddonRepository.js
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\components\nsBadCertHandler.js
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\components\nsBlocklistService.js
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\components\nsContentDispatchChooser.js
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\components\nsContentPrefService.js
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\components\nsDefaultCLH.js
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\components\nsDictionary.js
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\components\nsDownloadManagerUI.js
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\components\nsExtensionManager.js
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\components\nsHandlerService.js
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\components\nsHelperAppDlg.js
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\components\nsLivemarkService.js
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\components\nsLoginInfo.js
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\components\nsLoginManager.js
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\components\nsLoginManagerPrompter.js
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\components\nsPostUpdateWin.js
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\components\nsProgressDialog.js
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\components\nsProxyAutoConfig.js
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\components\nsResetPref.js
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\components\nsTaggingService.js
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\components\nsTryToClose.js
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\components\nsUpdateService.js
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\components\nsURLFormatter.js
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\components\nsWebHandlerApp.js
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\components\nsXmlRpcClient.js
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\components\nsXULAppInstall.js
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\components\oji.xpt
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\components\parentalcontrols.xpt
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\components\pipboot.dll
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\components\pipboot.xpt
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\components\pipnss.dll
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\components\pipnss.xpt
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\components\pippki.dll
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\components\pippki.xpt
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\components\places.xpt
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\components\plugin.xpt
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\components\pluginGlue.js
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\components\pref.xpt
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\components\prefetch.xpt
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\components\profile.xpt
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\components\proxyObject.xpt
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\components\rdf.xpt
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\components\satchel.xpt
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\components\saxparser.xpt
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\components\shistory.xpt
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\components\spellchecker.xpt
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\components\storage-Legacy.js
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\components\storage.xpt
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\components\toolkitprofile.xpt
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\components\transformiix.dll
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\components\txEXSLTRegExFunctions.js
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\components\txmgr.xpt
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\components\txtsvc.xpt
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\components\uconv.xpt
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\components\unicharutil.xpt
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\components\universalchardet.dll
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\components\update.xpt
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\components\uriloader.xpt
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\components\urlformatter.xpt
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\components\webBrowser_core.xpt
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\components\webbrowserpersist.xpt
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\components\webshell_idls.xpt
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\components\websrvcs.dll
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\components\widget.xpt
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\components\windowds.xpt
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\components\windowwatcher.xpt
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\components\xml-rpc.xpt
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\components\xmlextras.dll
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\components\xpcom_base.xpt
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\components\xpcom_components.xpt
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\components\xpcom_ds.xpt
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\components\xpcom_io.xpt
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\components\xpcom_system.xpt
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\components\xpcom_thread.xpt
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\components\xpcom_xpti.xpt
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\components\xpconnect.xpt
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\components\xpinstall.xpt
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\components\xulapp.xpt
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\components\xulapp_setup.xpt
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\components\xuldoc.xpt
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\components\xultmpl.xpt
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\components\xulutil.dll
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\components\zipwriter.xpt
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\crashreporter.exe
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\crashreporter.ini
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\defaults\autoconfig\platform.js
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\defaults\autoconfig\prefcalls.js
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\defaults\pref\xulrunner.js
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\defaults\profile\chrome\userChrome-example.css
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\defaults\profile\chrome\userContent-example.css
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\defaults\profile\localstore.rdf
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\defaults\profile\US\chrome\userChrome-example.css
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\defaults\profile\US\chrome\userContent-example.css
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\defaults\profile\US\localstore.rdf
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\dependentlibs.list
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\dictionaries\en-US.aff
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\dictionaries\en-US.dic
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\freebl3.chk
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\freebl3.dll
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\greprefs\all.js
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\greprefs\security-prefs.js
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\greprefs\xpinstall.js
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\IA2Marshal.dll
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\javaxpcom.jar
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\javaxpcomglue.dll
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\js3250.dll
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\LICENSE
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\modules\debug.js
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\modules\DownloadUtils.jsm
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\modules\ISO8601DateUtils.jsm
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\modules\JSON.jsm
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\modules\Microformats.js
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\modules\PluralForm.jsm
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\modules\utils.js
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\modules\XPCOMUtils.jsm
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\mozctl.dll
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\mozctlx.dll
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\MSVCP71.DLL
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\msvcr71.dll
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\nspr4.dll
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\nss3.dll
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\nssckbi.dll
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\nssdbm3.dll
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\nssutil3.dll
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\platform.ini
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\plc4.dll
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\plds4.dll
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\plugins\npnul32.dll
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\README.txt
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\res\arrow.gif
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\res\arrowd.gif
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\res\broken-image.gif
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\res\charsetalias.properties
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\res\charsetData.properties
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\res\contenteditable.css
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\res\designmode.css
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\res\dtd\mathml.dtd
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\res\dtd\xhtml11.dtd
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\res\EditorOverride.css
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\res\entityTables\html40Latin1.properties
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\res\entityTables\html40Special.properties
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\res\entityTables\html40Symbols.properties
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\res\entityTables\htmlEntityVersions.properties
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\res\entityTables\mathml20.properties
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\res\entityTables\transliterate.properties
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfont.properties
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfontStandardSymbolsL.properties
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfontSTIXNonUnicode.properties
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfontSTIXSize1.properties
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfontSymbol.properties
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfontUnicode.properties
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\res\forms.css
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\res\grabber.gif
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\res\hiddenWindow.html
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\res\html.css
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\res\html\folder.png
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\res\langGroups.properties
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\res\language.properties
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\res\loading-image.gif
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\res\mathml.css
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\res\quirk.css
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\res\svg.css
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\res\table-add-column-after-active.gif
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\res\table-add-column-after-hover.gif
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\res\table-add-column-after.gif
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\res\table-add-column-before-active.gif
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\res\table-add-column-before-hover.gif
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\res\table-add-column-before.gif
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\res\table-add-row-after-active.gif
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\res\table-add-row-after-hover.gif
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\res\table-add-row-after.gif
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\res\table-add-row-before-active.gif
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\res\table-add-row-before-hover.gif
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\res\table-add-row-before.gif
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\res\table-remove-column-active.gif
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\res\table-remove-column-hover.gif
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\res\table-remove-column.gif
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\res\table-remove-row-active.gif
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\res\table-remove-row-hover.gif
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\res\table-remove-row.gif
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\res\ua.css
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\res\viewsource.css
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\res\wincharset.properties
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\smime3.dll
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\softokn3.chk
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\softokn3.dll
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\sqlite3.dll
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\ssl3.dll
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\updater.exe
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\version.properties
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\xpcom.dll
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\xpcshell.exe
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\xpicleanup.exe
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\xpidl.exe
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\xpt_dump.exe
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\xpt_link.exe
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\xul.dll
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\xulrunner-stub.exe
c:\documents and settings\Paulette\Application Data\LimeWire\browser\xulrunner\xulrunner.exe
c:\documents and settings\Paulette\Application Data\LimeWire\certificate\limewire.keystore
c:\documents and settings\Paulette\Application Data\LimeWire\createtimes.cache
c:\documents and settings\Paulette\Application Data\LimeWire\downloads.dat
c:\documents and settings\Paulette\Application Data\LimeWire\fileurns.bak
c:\documents and settings\Paulette\Application Data\LimeWire\fileurns.cache
c:\documents and settings\Paulette\Application Data\LimeWire\filters.props
c:\documents and settings\Paulette\Application Data\LimeWire\gnutella.net
c:\documents and settings\Paulette\Application Data\LimeWire\installation.props
c:\documents and settings\Paulette\Application Data\LimeWire\library.dat
c:\documents and settings\Paulette\Application Data\LimeWire\library5.dat
c:\documents and settings\Paulette\Application Data\LimeWire\limewire.props
c:\documents and settings\Paulette\Application Data\LimeWire\mojito.props
c:\documents and settings\Paulette\Application Data\LimeWire\mozilla-profile\.autoreg
c:\documents and settings\Paulette\Application Data\LimeWire\mozilla-profile\Cache\_CACHE_001_
c:\documents and settings\Paulette\Application Data\LimeWire\mozilla-profile\Cache\_CACHE_002_
c:\documents and settings\Paulette\Application Data\LimeWire\mozilla-profile\Cache\_CACHE_003_
c:\documents and settings\Paulette\Application Data\LimeWire\mozilla-profile\Cache\_CACHE_MAP_
c:\documents and settings\Paulette\Application Data\LimeWire\mozilla-profile\Cache\3816C1E5d01
c:\documents and settings\Paulette\Application Data\LimeWire\mozilla-profile\Cache\7BD6A121d01
c:\documents and settings\Paulette\Application Data\LimeWire\mozilla-profile\Cache\AE98BDF8d01
c:\documents and settings\Paulette\Application Data\LimeWire\mozilla-profile\Cache\BAFF9A98d01
c:\documents and settings\Paulette\Application Data\LimeWire\mozilla-profile\cert8.db
c:\documents and settings\Paulette\Application Data\LimeWire\mozilla-profile\compreg.dat
c:\documents and settings\Paulette\Application Data\LimeWire\mozilla-profile\cookies.sqlite
c:\documents and settings\Paulette\Application Data\LimeWire\mozilla-profile\downloads.sqlite
c:\documents and settings\Paulette\Application Data\LimeWire\mozilla-profile\extensions.cache
c:\documents and settings\Paulette\Application Data\LimeWire\mozilla-profile\extensions.ini
c:\documents and settings\Paulette\Application Data\LimeWire\mozilla-profile\history.dat
c:\documents and settings\Paulette\Application Data\LimeWire\mozilla-profile\key3.db
c:\documents and settings\Paulette\Application Data\LimeWire\mozilla-profile\permissions.sqlite
c:\documents and settings\Paulette\Application Data\LimeWire\mozilla-profile\places.sqlite-journal
c:\documents and settings\Paulette\Application Data\LimeWire\mozilla-profile\places.sqlite-stmtjrnl
c:\documents and settings\Paulette\Application Data\LimeWire\mozilla-profile\places.sqlite
c:\documents and settings\Paulette\Application Data\LimeWire\mozilla-profile\pluginreg.dat
c:\documents and settings\Paulette\Application Data\LimeWire\mozilla-profile\prefs.js
c:\documents and settings\Paulette\Application Data\LimeWire\mozilla-profile\secmod.db
c:\documents and settings\Paulette\Application Data\LimeWire\mozilla-profile\XPC.mfl
c:\documents and settings\Paulette\Application Data\LimeWire\mozilla-profile\xpti.dat
c:\documents and settings\Paulette\Application Data\LimeWire\passive.mojito
c:\documents and settings\Paulette\Application Data\LimeWire\promotion\promodb.backup
c:\documents and settings\Paulette\Application Data\LimeWire\promotion\promodb.data
c:\documents and settings\Paulette\Application Data\LimeWire\promotion\promodb.lck
c:\documents and settings\Paulette\Application Data\LimeWire\promotion\promodb.log
c:\documents and settings\Paulette\Application Data\LimeWire\promotion\promodb.properties
c:\documents and settings\Paulette\Application Data\LimeWire\promotion\promodb.script
c:\documents and settings\Paulette\Application Data\LimeWire\questions.props
c:\documents and settings\Paulette\Application Data\LimeWire\responses.cache
c:\documents and settings\Paulette\Application Data\LimeWire\simpp.xml
c:\documents and settings\Paulette\Application Data\LimeWire\spam.dat
c:\documents and settings\Paulette\Application Data\LimeWire\tables.props
c:\documents and settings\Paulette\Application Data\LimeWire\themes\windows_theme.lwtp
c:\documents and settings\Paulette\Application Data\LimeWire\themes\windows_theme\
01_star.gif
c:\documents and settings\Paulette\Application Data\LimeWire\themes\windows_theme\
02_star.gif
c:\documents and settings\Paulette\Application Data\LimeWire\themes\windows_theme\
03_star.gif
c:\documents and settings\Paulette\Application Data\LimeWire\themes\windows_theme\
04_star.gif
c:\documents and settings\Paulette\Application Data\LimeWire\themes\windows_theme\
05_star.gif
c:\documents and settings\Paulette\Application Data\LimeWire\themes\windows_theme\chat.gif
c:\documents and settings\Paulette\Application Data\LimeWire\themes\windows_theme\forward_dn.gif
c:\documents and settings\Paulette\Application Data\LimeWire\themes\windows_theme\forward_up.gif
c:\documents and settings\Paulette\Application Data\LimeWire\themes\windows_theme\kill.gif
c:\documents and settings\Paulette\Application Data\LimeWire\themes\windows_theme\kill_on.gif
c:\documents and settings\Paulette\Application Data\LimeWire\themes\windows_theme\pause_dn.gif
c:\documents and settings\Paulette\Application Data\LimeWire\themes\windows_theme\pause_up.gif
c:\documents and settings\Paulette\Application Data\LimeWire\themes\windows_theme\play_dn.gif
c:\documents and settings\Paulette\Application Data\LimeWire\themes\windows_theme\play_up.gif
c:\documents and settings\Paulette\Application Data\LimeWire\themes\windows_theme\question.gif
c:\documents and settings\Paulette\Application Data\LimeWire\themes\windows_theme\rewind_dn.gif
c:\documents and settings\Paulette\Application Data\LimeWire\themes\windows_theme\rewind_up.gif
c:\documents and settings\Paulette\Application Data\LimeWire\themes\windows_theme\stop_dn.gif
c:\documents and settings\Paulette\Application Data\LimeWire\themes\windows_theme\stop_up.gif
c:\documents and settings\Paulette\Application Data\LimeWire\themes\windows_theme\theme.txt
c:\documents and settings\Paulette\Application Data\LimeWire\themes\windows_theme\version.txt
c:\documents and settings\Paulette\Application Data\LimeWire\themes\windows_theme\warning.gif
c:\documents and settings\Paulette\Application Data\LimeWire\ttrees.cache
c:\documents and settings\Paulette\Application Data\LimeWire\ttroot.cache
c:\documents and settings\Paulette\Application Data\LimeWire\version.xml
c:\documents and settings\Paulette\Application Data\LimeWire\versions.props
c:\documents and settings\Paulette\Application Data\LimeWire\xml\data\audio.sxml2
c:\documents and settings\Paulette\Application Data\LimeWire\xml\data\audio.sxml3
c:\windows\system32\9C.tmp
c:\windows\system32\SystemService32(2)
c:\windows\system32\SystemService32(2)\C.tmp
c:\windows\system32\SystemService32(2)\D.tmp
.
((((((((((((((((((((((((( Files Created from 2009-04-27 to 2009-05-27 )))))))))))))))))))))))))))))))
.
2009-05-26 16:01 . 2009-05-26 16:01 10752 ----a-w c:\windows\DCEBoot.exe
2009-05-26 00:22 . 2009-05-06 18:06 4784464 ----a-w c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{C604865B-4EFE-4997-BB3E-AE6DFEDEFC24}\mpengine.dll
2009-05-23 06:30 . 2009-03-19 20:32 23400 ----a-w c:\windows\system32\drivers\GEARAspiWDM.sys
2009-05-23 06:30 . 2008-04-17 16:12 107368 ----a-w c:\windows\system32\GEARAspi.dll
2009-05-23 06:30 . 2009-05-23 06:30 -------- d-----w c:\program files\iPod
2009-05-23 06:29 . 2009-05-23 06:30 -------- d-----w c:\program files\iTunes
2009-05-23 06:29 . 2009-05-23 06:30 -------- d-----w c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-05-23 06:29 . 2009-05-23 06:29 -------- d-----w c:\program files\Bonjour
2009-05-23 06:27 . 2009-05-23 06:27 -------- d-----w c:\program files\Apple Software Update
2009-05-23 06:26 . 2009-05-23 06:26 -------- d-----w c:\program files\Common Files\Apple
2009-05-23 06:26 . 2009-05-23 06:26 -------- d-----w c:\documents and settings\All Users\Application Data\Apple
2009-05-22 06:00 . 2009-05-22 06:00 -------- d-----w c:\documents and settings\Paulette\Local Settings\Application Data\stellarium
2009-05-19 15:21 . 2009-05-19 15:21 -------- d-----w c:\documents and settings\Paulette\Application Data\MySpace
2009-05-18 22:01 . 2009-05-18 22:01 -------- d-sh--w C:\found.003
2009-05-15 06:30 . 2009-05-23 06:38 -------- d-----w c:\program files\Common Files\Blizzard Entertainment
2009-05-12 06:06 . 2009-05-22 06:07 -------- d-----w c:\documents and settings\Paulette\Application Data\Stellarium
2009-05-11 18:02 . 2009-05-11 18:02 -------- d-----w c:\documents and settings\Paulette\Application Data\Enchanted Katya
2009-05-11 17:01 . 2009-05-11 17:01 -------- d-----w c:\documents and settings\All Users\Application Data\XLab
2009-05-10 07:23 . 2009-05-10 07:23 -------- d-----w c:\documents and settings\Paulette\Application Data\Namco
2009-05-10 07:23 . 2009-05-10 07:23 -------- d-----w c:\documents and settings\All Users\Application Data\Namco
2009-05-09 00:09 . 2009-05-09 00:09 -------- d-----w c:\documents and settings\All Users\Application Data\Sonic
2009-05-09 00:07 . 2009-05-09 00:07 -------- d-----w c:\program files\Common Files\Sonic Shared
2009-05-09 00:07 . 2009-05-09 00:07 -------- d-----w c:\program files\Roxio
2009-05-09 00:07 . 2009-05-09 00:07 -------- d-----w c:\documents and settings\All Users\Application Data\Roxio
2009-05-09 00:07 . 2009-05-09 00:07 -------- d-----w c:\program files\Common Files\Roxio Shared
2009-05-08 23:59 . 2009-05-08 23:59 -------- d-----w c:\program files\MSXML 6.0
2009-05-08 23:40 . 2009-05-09 00:02 -------- d-----w c:\program files\Research In Motion
2009-05-08 23:40 . 2009-05-08 23:40 -------- d-----w C:\Research In Motion
2009-05-08 23:33 . 2007-01-18 14:24 26496 ----a-r c:\windows\system32\drivers\RimSerial.sys
2009-05-08 23:33 . 2009-05-08 23:33 26694 ----a-r c:\documents and settings\Paulette\Application Data\Microsoft\Installer\{ACB24CAB-6D48-4B65-8CCB-03938F7541AF}\BlackBerry.exe
2009-05-08 23:14 . 2009-05-08 23:14 10134 ----a-r c:\documents and settings\Paulette\Application Data\Microsoft\Installer\{2877881B-0736-42AB-B312-D4457D57E56D}\ARPPRODUCTICON.exe
2009-05-08 23:14 . 2009-05-09 00:03 -------- d-----w c:\program files\Common Files\Research In Motion
2009-05-07 19:34 . 2009-05-07 19:34 -------- d-----w c:\program files\Stellarium
2009-05-01 08:10 . 2009-05-01 08:10 -------- d-----w c:\documents and settings\Paulette\Application Data\funkitron
2009-04-30 21:13 . 2009-04-30 21:13 -------- d-----w c:\windows\Cache
2009-04-30 03:07 . 2009-04-30 03:07 -------- d-----w c:\documents and settings\All Users\Application Data\Trymedia
2009-04-30 02:38 . 2009-05-19 23:04 -------- d-----w c:\documents and settings\All Users\Application Data\GameHouse
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-23 06:35 . 2008-12-25 02:28 -------- d-----w c:\program files\QuickTime
2009-05-23 06:28 . 2008-12-25 02:28 -------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer
2009-05-21 00:43 . 2008-12-22 22:21 -------- d-----w c:\program files\Trend Micro
2009-05-19 23:08 . 2009-01-20 06:54 -------- d-----w c:\documents and settings\Paulette\Application Data\Move Networks
2009-05-14 02:02 . 2008-12-23 22:23 -------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-05-14 01:58 . 2008-12-28 01:58 -------- d-----w c:\program files\iWin.com
2009-05-13 05:47 . 2008-12-23 21:56 -------- d-----w c:\documents and settings\All Users\Application Data\BigFishGamesCache
2009-05-11 04:12 . 2009-04-13 15:36 256 ----a-w c:\windows\system32\pool.bin
2009-05-10 06:21 . 2009-03-18 05:15 -------- d-----w c:\documents and settings\All Users\Application Data\PlayFirst
2009-05-10 06:21 . 2008-12-23 22:14 -------- d-----w c:\documents and settings\Paulette\Application Data\PlayFirst
2009-05-10 06:20 . 2009-03-18 05:16 466944 ----a-w c:\documents and settings\All Users\Application Data\PlayFirst\Games\pfHarness\pfHarness.dll
2009-05-09 04:27 . 2008-12-25 02:29 -------- d-----w c:\documents and settings\Paulette\Application Data\Apple Computer
2009-05-09 04:26 . 2008-12-22 20:30 71880 ----a-w c:\documents and settings\Paulette\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-09 00:07 . 2008-12-22 20:40 -------- d-----w c:\program files\Common Files\InstallShield
2009-05-07 14:49 . 2009-03-18 05:15 139264 ----a-w c:\documents and settings\All Users\Application Data\PlayFirst\Games\PlayFirst.EXE
2009-05-06 18:06 . 2008-12-22 22:10 4784464 ----a-w c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2009-04-29 05:44 . 2008-12-28 01:42 -------- d-----w c:\program files\iWin Games
2009-04-23 04:08 . 2009-04-23 04:08 -------- d-----w c:\documents and settings\Paulette\Application Data\Be a King
2009-04-23 03:06 . 2009-04-23 03:06 -------- d-----w c:\documents and settings\Paulette\Application Data\SpinTop
2009-04-23 01:01 . 2009-04-23 01:01 -------- d-----w c:\documents and settings\Paulette\Application Data\ShinyTales
2009-04-23 00:00 . 2009-04-23 00:00 -------- d-----w c:\documents and settings\Paulette\Application Data\TikGames
2009-04-23 00:00 . 2009-04-23 00:00 -------- d-----w c:\documents and settings\All Users\Application Data\TikGames
2009-04-13 15:36 . 2009-04-13 15:36 -------- d-----w c:\documents and settings\Paulette\Application Data\Research In Motion
2009-04-10 02:56 . 2008-12-22 15:13 90112 ----a-w c:\windows\DUMP3ad6.tmp
2009-04-09 07:28 . 2009-04-09 07:28 -------- d-----w c:\documents and settings\Paulette\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2009-04-09 06:21 . 2009-04-09 06:09 -------- d-----w c:\program files\Windows Live Safety Center
2009-04-09 05:43 . 2009-04-09 05:43 -------- d-----w c:\program files\CCleaner
2009-04-02 20:29 . 2009-04-02 20:29 75048 ----a-w c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.1.1.10\SetupAdmin.exe
2009-04-02 20:00 . 2008-12-22 22:24 52752 ----a-w c:\windows\system32\drivers\tmactmon.sys
2009-04-02 20:00 . 2008-12-22 22:24 52624 ----a-w c:\windows\system32\drivers\tmevtmgr.sys
2009-04-02 20:00 . 2008-12-22 22:24 142864 ----a-w c:\windows\system32\drivers\tmcomm.sys
2009-03-25 07:21 . 2009-03-18 05:16 249856 ----a-w c:\documents and settings\All Users\Application Data\PlayFirst\Games\components\pfMultiplayer.dll
2009-03-19 20:32 . 2009-03-19 20:32 23400 ----a-w c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}\x86\x86\GEARAspiWDM.sys
2009-03-06 14:44 . 2004-08-04 12:00 283648 ----a-w c:\windows\system32\pdh.dll
2009-03-03 00:18 . 2004-08-04 12:00 826368 ----a-w c:\windows\system32\wininet.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-07-12 7626752]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\iWin Games\\iWinGames.exe"=
"c:\\Program Files\\iWin Games\\WebUpdater.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [12/22/2008 4:40 PM 13696]
R2 iWinTrusted;iWinTrusted;c:\program files\iWin Games\iWinTrusted.exe [4/27/2009 9:49 AM 78104]
R2 tmpreflt;tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [12/16/2007 5:28 AM 36368]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [1/19/2009 11:50 PM 24652]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 8:19 PM 13592]
S2 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [12/22/2008 6:24 PM 52624]
S3 se3ebus;Sony Ericsson Device 062 (WDM);c:\windows\system32\drivers\se3ebus.sys [4/10/2007 2:14 PM 83080]
S3 se3emdfl;Sony Ericsson Device 062 USB WMC Modem Filter;c:\windows\system32\drivers\se3emdfl.sys [4/10/2007 2:14 PM 15112]
S3 se3emdm;Sony Ericsson Device 062 USB WMC Modem Driver;c:\windows\system32\drivers\se3emdm.sys [4/10/2007 2:14 PM 108552]
S3 se3emgmt;Sony Ericsson Device 062 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\se3emgmt.sys [4/10/2007 2:14 PM 100360]
S3 se3eobex;Sony Ericsson Device 062 USB WMC OBEX Interface;c:\windows\system32\drivers\se3eobex.sys [4/10/2007 2:14 PM 98568]
S3 tmproxy;Trend Micro Proxy Service;c:\program files\Trend Micro\Internet Security\TmProxy.exe [12/22/2008 6:24 PM 648456]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
2009-05-23 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]
2009-05-26 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 00:20]
.
.
------- Supplementary Scan -------
.
uStart Page =
hxxp://www.myspace.com/uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\Paulette\Start Menu\Programs\IMVU\Run IMVU.lnk
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-05-26 21:15
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2009-05-27 21:16
ComboFix-quarantined-files.txt 2009-05-27 01:16
ComboFix2.txt 2009-05-26 22:03
Pre-Run: 144,696,070,144 bytes free
Post-Run: 144,688,914,432 bytes free
546 --- E O F --- 2009-05-26 00:22
Here is the Kaspersky Scan Report....--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0 REPORT
Tuesday, May 26, 2009
Operating System: Microsoft Windows XP Home Edition Service Pack 2 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Program database last update: Wednesday, May 27, 2009 04:03:29
Records in database: 2255911
--------------------------------------------------------------------------------
Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes
Scan area - My Computer:
C:\
D:\
E:\
Scan statistics:
Files scanned: 52214
Threat name: 10
Infected objects: 24
Suspicious objects: 0
Duration of the scan: 01:02:34
File name / Threat name / Threats count
C:\Qoobox\Quarantine\C\WINDOWS\system32\d3dxof32.dll.vir Infected: P2P-Worm.Win32.Nugg.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\SystemService32\149.crack.zip.vir Infected: Trojan-Dropper.Win32.Agent.apig 2
C:\Qoobox\Quarantine\C\WINDOWS\system32\SystemService32\150.keygen.zip.vir Infected: Trojan-Dropper.Win32.Agent.apig 2
C:\Qoobox\Quarantine\C\WINDOWS\system32\SystemService32\151.serial.zip.vir Infected: Trojan-Dropper.Win32.Agent.apig 2
C:\Qoobox\Quarantine\C\WINDOWS\system32\SystemService32\152.setup.zip.vir Infected: Trojan-Dropper.Win32.Agent.apig 2
C:\Qoobox\Quarantine\C\WINDOWS\system32\SystemService32\153.music.au.vir Infected: Trojan-Downloader.WMA.GetCodec.u 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\SystemService32\154.music.mp3.vir Infected: Trojan-Downloader.WMA.GetCodec.u 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\SystemService32\155.music.wma.vir Infected: Trojan-Downloader.WMA.GetCodec.u 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\SystemService32\156.music.snd.vir Infected: Trojan-Downloader.WMA.GetCodec.u 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\_d3dxof32_.dll.zip Infected: P2P-Worm.Win32.Nugg.bc 1
C:\System Volume Information\_restore{1B1FD70C-EABD-48A6-97FF-8B5F1D582546}\RP115\A0066609.DLL Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.et 1
C:\System Volume Information\_restore{1B1FD70C-EABD-48A6-97FF-8B5F1D582546}\RP115\A0066623.DLL Infected: not-a-virus:WebToolbar.Win32.MyWebSearch 1
C:\System Volume Information\_restore{1B1FD70C-EABD-48A6-97FF-8B5F1D582546}\RP115\A0066627.DLL Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.ax 1
C:\System Volume Information\_restore{1B1FD70C-EABD-48A6-97FF-8B5F1D582546}\RP115\A0066636.EXE Infected: not-a-virus:AdTool.Win32.MyWebSearch.cl 1
C:\System Volume Information\_restore{1B1FD70C-EABD-48A6-97FF-8B5F1D582546}\RP115\A0066638.DLL Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.ew 1
C:\System Volume Information\_restore{1B1FD70C-EABD-48A6-97FF-8B5F1D582546}\RP115\A0066641.DLL Infected: not-a-virus:AdWare.Win32.FunWeb.q 1
C:\System Volume Information\_restore{1B1FD70C-EABD-48A6-97FF-8B5F1D582546}\RP116\A0066668.DLL Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.et 1
C:\System Volume Information\_restore{1B1FD70C-EABD-48A6-97FF-8B5F1D582546}\RP116\A0067665.dll Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.et 1
C:\System Volume Information\_restore{1B1FD70C-EABD-48A6-97FF-8B5F1D582546}\RP182\A0199346.ocx Infected: not-a-virus:AdWare.Win32.BHO.gkp 1
C:\System Volume Information\_restore{1B1FD70C-EABD-48A6-97FF-8B5F1D582546}\RP202\A0218891.dll Infected: P2P-Worm.Win32.Nugg.bc 1
The selected area was scanned.
And here is the new HJT log....Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:28:36 PM, on 5/26/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iWin Games\iWinTrusted.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\HP\Smart Web Printing\hpswp_clipbook.exe
C:\Program Files\Java\jre6\bin\java.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceHelper.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\distnoted.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.myspace.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Paulette\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) -
http://dl8-cdn-01.sun.com/s/ESD5/JSCDL/ ... 586-jc.cabO23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: iWinTrusted - iWin Inc. - C:\Program Files\iWin Games\iWinTrusted.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
--
End of file - 6427 bytes
Thank You!
Jenna