Sis in Law got hit. Not knowing all of the programs she uses exactly it's hard for me to verify I've cleaned it out as completely as it needs to be. She has a game dear to her heart installed and really didn't want a complete reload... I'd set her up with AVG anti-virus (updated to avg8 last year), the intruder tried to install an anti-virus override... & the computer began to crash regularly ....then when that failed, they seem to have tried to re-program her bios.. this forced her video to go black w/ANSI chars..AND it wouldn't restart.....this is when she finally involved me... Somewhere along the way, they managed to get & use a Limewire version in her tmp directory... Compounding the issue, she only ran HP's updates not Microsoft's in a misguided attempt to be pro-active about safety. Sigh. As it turns out intruder tried to get full control....but, failed and failed and failed.... bad for her & them both...Better for me (able save her comp w/o reload).... I didn't re-install Bios but rather, ran a reset of settings. which cleared up the restart issue. Need help to verify I've closed all the door's (& windows) left open by the intruder.... besides the limewire EXE, I came across a cmdconsole directory in her %user% directory. I've saved copies of her mini-dumps for my reference & can post if you want to see. them. Most of the repair, I'm doing through a third-party remote console. (Which I suspect also tripped them up for their own efforts) But, this makes it hard for me to effectively run Gmer without an internet connection. It did complete & the rootkit/malware it reported all looked good to me (That said, I am here for advice.) I'm posting the required logs in a reply to this post.