hello again. great news malware bytes is executable again. first off the combofix log
ComboFix 09-06-09.06 - Kaitlin 06/10/2009 18:21.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.894.616 [GMT -6:00]
Running from: c:\documents and settings\Kaitlin\Desktop\ComboFix.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Autorun.inf
c:\windows\Fonts\MicRO Legacy Client.exe
c:\windows\Fonts\MicRO.exe
c:\windows\system32\AutoRun.inf
c:\windows\system32\drivers\gxvxcexuxdkmpbnrjemudpulnossfthqqvxfy.sys
c:\windows\system32\drivers\gxvxcmwmhabaiwyehdpxtjwkxfynloctikjkl.sys
c:\windows\system32\drivers\gxvxcvdymyqxmenkborgkcimblrsvxewdlrqh.sys
c:\windows\system32\gxvxccounter
c:\windows\system32\gxvxcmowqwklyxeohffkiblkbfagxwfgymfsk.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_GXVXCSERV.SYS
((((((((((((((((((((((((( Files Created from 2009-05-11 to 2009-06-11 )))))))))))))))))))))))))))))))
.
2009-06-11 00:03 . 2009-06-11 00:03 3371383 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-06-09 23:53 . 2009-06-09 23:53 152576 ----a-w- c:\documents and settings\Kaitlin\Application Data\Sun\Java\jre1.6.0_14\lzma.dll
2009-06-09 23:37 . 2009-06-09 23:37 -------- d-----w- C:\_OTM
2009-06-07 18:20 . 2009-06-07 18:20 -------- d-----w- c:\program files\Trend Micro
2009-05-25 02:49 . 2009-05-25 02:49 -------- d-----w- c:\documents and settings\Kaitlin\Local Settings\Application Data\Help
2009-05-25 02:38 . 2009-05-25 02:38 -------- d-----w- c:\documents and settings\Kaitlin\Application Data\Sierra
2009-05-25 02:23 . 1998-10-29 23:45 306688 ----a-w- c:\windows\IsUninst.exe
2009-05-24 03:49 . 2009-05-24 03:49 -------- d-----w- c:\documents and settings\Kaitlin\Application Data\AVGTOOLBAR
2009-05-24 03:49 . 2009-05-24 03:51 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-05-24 03:49 . 2009-05-24 03:49 -------- d-----w- c:\program files\AVG
2009-05-15 15:57 . 2009-05-15 23:56 -------- d-----w- c:\documents and settings\Kaitlin\Local Settings\Application Data\BingoCabin
2009-05-14 02:08 . 2008-02-22 11:30 334792 ----a-w- c:\windows\system32\_AxShlEx.dll
2009-05-14 00:58 . 2009-05-14 00:58 -------- d-----w- c:\program files\Alcohol Soft
2009-05-14 00:49 . 2009-05-14 00:49 716272 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-05-14 00:24 . 2009-05-19 01:56 -------- d-----w- c:\documents and settings\All Users\Application Data\STOPzilla!
2009-05-12 05:35 . 2009-05-12 05:35 -------- d-----w- c:\documents and settings\Kaitlin\Application Data\Dell
2009-05-12 05:35 . 2005-08-12 23:50 16128 ----a-w- c:\windows\system32\drivers\APPDRV.SYS
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-11 00:03 . 2009-02-24 06:43 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-09 23:53 . 2009-03-30 08:02 -------- d-----w- c:\program files\Java
2009-05-26 19:20 . 2009-02-24 06:43 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-26 19:19 . 2009-02-24 06:43 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-05-25 15:04 . 2009-02-20 02:37 45384 ----a-w- c:\documents and settings\Kaitlin\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-25 04:39 . 2009-04-18 23:32 29080 ---ha-w- c:\windows\system32\mlfcache.dat
2009-05-25 02:37 . 2009-05-25 02:37 -------- d-----w- c:\program files\Common Files\Sierra On-Line
2009-05-25 02:37 . 2009-05-25 02:24 -------- d-----w- c:\program files\Sierra
2009-05-25 02:37 . 2009-02-24 03:36 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-05-23 05:39 . 2009-04-19 01:31 -------- d-----w- c:\documents and settings\Kaitlin\Application Data\gtk-2.0
2009-05-21 17:33 . 2009-03-30 08:03 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-05-12 05:35 . 2009-02-23 06:28 -------- d-----w- c:\program files\Dell
2009-05-11 14:08 . 2009-05-11 14:08 -------- d-----w- c:\program files\MSXML 4.0
2009-05-10 03:01 . 2009-04-23 05:28 -------- d-----w- c:\documents and settings\Kaitlin\Application Data\mIRC
2009-05-10 02:59 . 2009-04-23 05:28 -------- d-----w- c:\program files\mIRC
2009-05-10 02:49 . 2009-05-10 02:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Hewlett-Packard
2009-05-10 02:48 . 2009-05-10 02:46 124404 ----a-w- c:\windows\hpoins14.dat
2009-05-10 02:47 . 2009-05-10 02:47 -------- d-----w- c:\program files\Hewlett-Packard
2009-05-10 02:47 . 2009-05-10 02:47 -------- d-----w- c:\program files\Common Files\Hewlett-Packard
2009-05-10 02:47 . 2009-05-10 02:47 -------- d-----w- c:\program files\HP
2009-05-09 14:34 . 2009-05-09 14:34 -------- d-----w- c:\program files\LibUSB-Win32-0.1.10.1
2009-05-09 02:15 . 2009-05-09 02:15 -------- d-----w- c:\program files\Synaptics
2009-05-07 03:26 . 2009-05-07 03:09 -------- d-----w- c:\program files\Project64 1.6
2009-05-07 03:09 . 2009-05-07 03:09 8854 ----a-r- c:\documents and settings\Kaitlin\Application Data\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\Uninstall_Project64__9559F7CA5E344237A2D9D856464AD727.exe
2009-05-07 03:09 . 2009-05-07 03:09 40960 ----a-r- c:\documents and settings\Kaitlin\Application Data\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\NewShortcut1_9559F7CA5E344237A2D9D856464AD727.exe
2009-05-07 03:09 . 2009-05-07 03:09 40960 ----a-r- c:\documents and settings\Kaitlin\Application Data\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\ARPPRODUCTICON.exe
2009-04-24 02:03 . 2009-04-24 02:03 -------- d-----w- c:\program files\Combined Community Codec Pack
2009-04-19 07:38 . 2009-04-19 06:23 684 ----a-w- c:\windows\Fonts\mpatch.txt
2009-04-19 07:38 . 2009-04-19 06:23 5 ----a-w- c:\windows\Fonts\mpatch_allow.txt
2009-04-19 06:28 . 2009-04-19 06:24 139264 ----a-w- c:\windows\Fonts\sakray.exe
2009-04-19 06:28 . 2009-04-19 06:24 135168 ----a-w- c:\windows\Fonts\Ragnarok.exe
2009-04-19 06:28 . 2009-04-19 06:24 32 ----a-w- c:\windows\Fonts\micd.ini
2009-04-19 06:26 . 2009-04-19 06:24 -------- d-----w- c:\windows\Fonts\BGM
2009-04-19 06:24 . 2009-04-19 06:24 -------- d-----w- c:\windows\Fonts\data
2009-04-19 06:24 . 2009-04-19 06:24 -------- d-----w- c:\windows\Fonts\PatchClient
2009-04-19 01:29 . 2009-04-19 01:29 -------- d-----w- c:\program files\GIMP-2.0
2009-04-18 20:46 . 2009-04-18 20:46 -------- d-----w- c:\documents and settings\Kaitlin\Application Data\Apple Computer
2009-04-18 20:46 . 2009-04-18 20:46 -------- d-----w- c:\program files\Safari
2009-04-18 20:45 . 2009-04-18 20:45 -------- d-----w- c:\program files\Bonjour
2009-04-18 20:45 . 2009-04-18 20:45 -------- d-----w- c:\program files\Apple Software Update
2009-04-18 20:45 . 2009-04-18 20:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2009-04-12 02:20 . 2009-04-09 02:28 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-03-30 08:02 . 2009-03-30 08:02 152576 ----a-w- c:\documents and settings\Kaitlin\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-07 3885408]
"DellAutomatedPCTuneUp"="c:\program files\DellAutomatedPCTuneUp\PTAgnt.exe" [2007-10-11 465136]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2009-05-14 4608]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-11-26 2289664]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 90112]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-05-10 405504]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-10-24 206064]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-10-26 1024000]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-21 148888]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Event Planner Reminders Tray Icon.lnk - c:\program files\Sierra\Planner\PLNRnote.exe [2009-5-24 184320]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \
0[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8007:TCP"= 8007:TCP:BitComet 8007 TCP
"8007:UDP"= 8007:UDP:BitComet 8007 UDP
"26585:TCP"= 26585:TCP:BitComet 26585 TCP
"26585:UDP"= 26585:UDP:BitComet 26585 UDP
R2 datunidr;DellAutomatedPCTuneUp UniDriver;c:\windows\system32\drivers\datunidr.sys [8/23/2007 8:29 PM 5376]
R2 libusbd;LibUsb-Win32 - Daemon, Version 0.1.10.1;system32\libusbd-nt.exe --> system32\libusbd-nt.exe [?]
R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;c:\windows\system32\drivers\libusb0.sys [5/7/2009 6:33 PM 33792]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - WMIAPSRV
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08
.
Contents of the 'Scheduled Tasks' folder
2009-06-08 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 23:57]
.
.
------- Supplementary Scan -------
.
uStart Page =
hxxp://www.google.ca/uInternet Connection Wizard,ShellNext = iexplore
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-06-10 18:24
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf104.tmp
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf104.tmp\[isoHunt] Nero 8 Ultra Edition 8.3.0 Multilanguage FULL Retail.torrent 40582 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf10F.tmp
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf10F.tmp\[isoHunt] f5436481d0041374311be582bdd190b3705ee1a6.torrent 1861 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf113.tmp
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf113.tmp\[isoHunt] f5436481d0041374311be582bdd190b3705ee1a6.torrent 1861 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf116.tmp
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf116.tmp\[isoHunt] f5436481d0041374311be582bdd190b3705ee1a6.torrent 1861 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf127.tmp
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf127.tmp\R165094.EXE 10204800 bytes executable
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf13.tmp
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf13.tmp\install_flash_player.exe 1878888 bytes executable
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf139.tmp
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf139.tmp\zsnesw151.zip 867785 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf13F.tmp
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf13F.tmp\Kaitlin's Order.doc 314880 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf14C.tmp
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf14C.tmp\BingoCabin_Downloader.Exe 343168 bytes executable
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf156.tmp
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf156.tmp\Shadowrun.zip 697678 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf159.tmp
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf159.tmp\Illusion of Gaia.zip 1657120 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf15C.tmp
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf15C.tmp\Mystic Quest Legend.zip 362164 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf17.tmp
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf17.tmp\b216.torrent 13794 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf173.tmp
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf173.tmp\b222.torrent 13814 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf18.tmp
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf18.tmp\RyoROskin_08.rar 1105180 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf186.tmp
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf186.tmp\Wolverine - Adamantium Rage.zip 1216500 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf19.tmp
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf19.tmp\wmp11-windowsxp-x86-enu.exe 25752376 bytes executable
c:\docume~1\Kaitlin\LOCALS~1\Temp\VGX1E8.tmp 26121 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\VGX1EA.tmp 0 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\VGX1EB.tmp 0 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\VGX1EC.tmp 6475 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\VGX1ED.tmp 15005 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\VideoTools.exe 87040 bytes executable
c:\docume~1\Kaitlin\LOCALS~1\Temp\WKP10C.tmp 28551 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\WKP11B.tmp 249543 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\WKP124.tmp 249543 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\WKP127.tmp 249543 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\WKP12D.tmp 707179 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\WKP1C9.tmp 653762 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\WKP1D6.tmp 28551 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\WKP1E0.tmp 85171 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\WKP1E3.tmp 707179 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\WKP1E7.tmp 1388048 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\WKP1EC.tmp 85171 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF4B35.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF4C2E.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF4E19.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF4E9F.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF4EE.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF4F57.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF4F68.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF504A.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF509D.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF51D.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF5550.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF566D.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF577.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF5897.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF596B.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF59E.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF5BE8.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF5D60.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF5DF.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF63A3.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF6BAE.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF6DD5.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF6F70.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF71EA.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF747F.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\SafB6.tmp
c:\docume~1\Kaitlin\LOCALS~1\Temp\SafB6.tmp\gmer.zip 278221 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\SafBD.tmp
c:\docume~1\Kaitlin\LOCALS~1\Temp\SafBD.tmp\install_flash_player.exe 1878888 bytes executable
c:\docume~1\Kaitlin\LOCALS~1\Temp\SafC0.tmp
c:\docume~1\Kaitlin\LOCALS~1\Temp\SafC0.tmp\b217.torrent 13814 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\SafC1.tmp
c:\docume~1\Kaitlin\LOCALS~1\Temp\SafC1.tmp\b221.torrent 13814 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\SafC2.tmp
c:\docume~1\Kaitlin\LOCALS~1\Temp\SafC2.tmp\SafC3.tmp.download 594411260 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\SafC3.tmp
c:\docume~1\Kaitlin\LOCALS~1\Temp\SafC3.tmp\VisualBoyAdvance-1.7.2.zip 611913 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\SafC7.tmp
c:\docume~1\Kaitlin\LOCALS~1\Temp\SafC7.tmp\[isoHunt] SNES ROMSET COMPLETE.torrent 218806 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\SafCA.tmp
c:\docume~1\Kaitlin\LOCALS~1\Temp\SafCA.tmp\Visual_Boy_Advance___13_Roms_.3969898.TPB.torrent 11473 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\SafD.tmp
c:\docume~1\Kaitlin\LOCALS~1\Temp\SafD.tmp\nero_8_ultra_edition_crack_zip-Fenopy.com.torrent 1043 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\SafD2.tmp
c:\docume~1\Kaitlin\LOCALS~1\Temp\SafD2.tmp\b220.torrent 13814 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\SafD3.tmp
c:\docume~1\Kaitlin\LOCALS~1\Temp\SafD3.tmp\gimp-2.6.6-i686-setup.exe 16070968 bytes executable
c:\docume~1\Kaitlin\LOCALS~1\Temp\SafF3.tmp
c:\docume~1\Kaitlin\LOCALS~1\Temp\SafF3.tmp\[isoHunt] NDS USA Roms 0000-2496.torrent 140905 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\SafF8.tmp
c:\docume~1\Kaitlin\LOCALS~1\Temp\SafF8.tmp\[isoHunt] GAMEBOY ADVANCE COMPLETE (U) [!] ROMSET.torrent 82175 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\SafFD.tmp
c:\docume~1\Kaitlin\LOCALS~1\Temp\SafFD.tmp\[isoHunt] download.torrent 270189 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\screenMicRO003-1.jpg 216950 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\screenMicRO013-1.jpg 99976 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\seneka000 0 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\setb0.tmp 299520 bytes executable
c:\docume~1\Kaitlin\LOCALS~1\Temp\setb1.tmp 408064 bytes executable
c:\docume~1\Kaitlin\LOCALS~1\Temp\setb2.tmp 230912 bytes executable
c:\docume~1\Kaitlin\LOCALS~1\Temp\setb3.tmp 151552 bytes executable
c:\docume~1\Kaitlin\LOCALS~1\Temp\setb4.tmp 2174976 bytes executable
c:\docume~1\Kaitlin\LOCALS~1\Temp\setb5.tmp 102400 bytes executable
c:\docume~1\Kaitlin\LOCALS~1\Temp\Setup0000.log 1912 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\setup_wm.exe 774144 bytes executable
c:\docume~1\Kaitlin\LOCALS~1\Temp\SKYNET000 0 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\spacer-1.gif 67 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\sta74.tmp 0 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\STOPzilla!
c:\docume~1\Kaitlin\LOCALS~1\Temp\STOPzilla!\SZPro5.msi 13225984 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\s734070972_2788788_7883627-1.jpg 5492 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf1AD.tmp
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf1AD.tmp\Terranigma.zip 2986637 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\SafB2.tmp
c:\docume~1\Kaitlin\LOCALS~1\Temp\SafB2.tmp\mirc635.exe 1751280 bytes executable
c:\docume~1\Kaitlin\LOCALS~1\Temp\sx6CE.tmp 0 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\VGX1E7.tmp 7633 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\WKP1F1.tmp 653762 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF10B0.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF2C3D.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF4815.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF7557.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFACD.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFE9DA.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFE9E.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFEAAA.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFEAE8.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFEB95.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFEC52.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFECA4.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFED8A.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFEF41.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFEFAB.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFF2A0.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFF354.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFF513.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFF5EC.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFF60.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFF674.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFF6AD.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFF6E3.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFF6FD.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFF738.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFF7B8.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFF839.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFF893.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFF9EA.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFFA84.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFFAC7.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFFB99.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFFC49.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFFD63.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFFE51.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFFE6.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFFE6A.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFFF44.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFFF66.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFFFE4.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~nsu.tmp
c:\docume~1\Kaitlin\LOCALS~1\Temp\~nsu.tmp\Au_.exe 355862 bytes executable
c:\docume~1\Kaitlin\LOCALS~1\Temp\tdss000 0 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\tmp162.tmp 42496 bytes executable
c:\docume~1\Kaitlin\LOCALS~1\Temp\tmp163.tmp 343040 bytes executable
c:\docume~1\Kaitlin\LOCALS~1\Temp\tmp2D.tmp 42496 bytes executable
c:\docume~1\Kaitlin\LOCALS~1\Temp\tmp2E.tmp 343040 bytes executable
c:\docume~1\Kaitlin\LOCALS~1\Temp\tmp38.tmp 42496 bytes executable
c:\docume~1\Kaitlin\LOCALS~1\Temp\tmp39.tmp 343040 bytes executable
c:\docume~1\Kaitlin\LOCALS~1\Temp\tmp4B.tmp 42496 bytes executable
c:\docume~1\Kaitlin\LOCALS~1\Temp\tmp4C.tmp 343040 bytes executable
c:\docume~1\Kaitlin\LOCALS~1\Temp\UAC000 0 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\UIRoundedImage-1.png 1652 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\UIRoundedImage-2.png 1652 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\UIRoundedImage-3.png 1652 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\UIRoundedImage-4.png 1652 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF122C.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF1282.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF1471.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF156B.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF164F.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF18B3.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF1A30.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF1A65.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF1BD5.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF1C78.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF1C99.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF1CC.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF1CF2.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF1D2.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF1D74.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF1D8C.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF1ED1.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF203.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF207D.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF21BD.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF21D0.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF24BE.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF25E7.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF27.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF2898.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF28E5.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\catchme.dll 53248 bytes executable
c:\docume~1\Kaitlin\LOCALS~1\Temp\hsperfdata_Kaitlin
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf1B.tmp
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf1B.tmp\Nero 8+crack.torrent 14821 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf1DD.tmp
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf1DD.tmp\legitcheck.hta 4812 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf1E3.tmp
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf1E3.tmp\legitcheck.hta 4812 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf1E5.tmp
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf1E5.tmp\SetupMusicnotesPluginNS.exe 204080 bytes executable
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf1E9.tmp
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf1E9.tmp\legitcheck.hta 4812 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf1F6.tmp
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf1F6.tmp\31870_Kaitlin_Grundy.doc 3866 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf2.tmp
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf2.tmp\bitcomet_setup.exe 5797624 bytes executable
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf20.tmp
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf20.tmp\fatfingers_0002.wmv 3360249 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf20A.tmp
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf20A.tmp\TGB_Dual_7.zip 198524 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf20C.tmp
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf20C.tmp\AHT FT Apr.doc 111104 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf21.tmp
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf21.tmp\legitcheck.hta 4821 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf239.tmp
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf239.tmp\vbalink172.zip 545610 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf28.tmp
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf28.tmp\Saf29.tmp.download 499973592 bytes executable
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf306.tmp
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf306.tmp\[isoHunt] Microsoft Office 2007 Premium Edition.torrent 11751 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf33.tmp
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf33.tmp\Saf34.tmp.download 570769408 bytes executable
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf37.tmp
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf37.tmp\FW New Sony Gadget.eml.mht 7286666 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf3B5.tmp
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf3B5.tmp\R175658.exe 14056879 bytes executable
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf44.tmp
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf44.tmp\BingoCabin_Downloader.Exe 343168 bytes executable
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf47.tmp
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf47.tmp\kellyanngothic.zip 45305 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf4D.tmp
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf4D.tmp\Aura Collection 3.rar 898177 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf52.tmp
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf52.tmp\[isoHunt] Final Fantasy collection by ga8i.torrent 421607 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf59.tmp
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf59.tmp\mbam-setup.exe 2967800 bytes executable
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf63.tmp
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf63.tmp\[isoHunt] Zoom Player Home MAX 6.00.torrent 3273 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf65.tmp
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf65.tmp\b219.torrent 13814 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf69.tmp
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf69.tmp\vlc-0.9.9-win32.exe 16742799 bytes executable
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf79.tmp
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf79.tmp\avg_free_stf_en_85_339a1525.exe 65103168 bytes executable
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf795.tmp
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf795.tmp\project64_1.6.exe 2080797 bytes executable
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf7B.tmp
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf7B.tmp\DJ_AIO_Corporate_NonNetwork_DVD.exe 53061336 bytes executable
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf80.tmp
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf80.tmp\STOPzilla_Setup.exe 349696 bytes executable
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf89.tmp
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf89.tmp\wmp10.exe 12754672 bytes executable
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf9A.tmp
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf9A.tmp\lspfix.zip 183158 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\SafAC.tmp
c:\docume~1\Kaitlin\LOCALS~1\Temp\SafAC.tmp\Mouse Freedom.rar 67859 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\SafAD.tmp
c:\docume~1\Kaitlin\LOCALS~1\Temp\SafAD.tmp\[isoHunt] SUPER NINTENDO-COMPLETE COLLECTION_700 ROMS.torrent 71749 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\SafB.tmp
c:\docume~1\Kaitlin\LOCALS~1\Temp\SafB.tmp\Combined-Community-Codec-Pack-2008-09-21.exe 6833525 bytes executable
c:\docume~1\Kaitlin\LOCALS~1\Temp\SafB0.tmp
c:\docume~1\Kaitlin\LOCALS~1\Temp\SafB0.tmp\[isoHunt] 1fab6c04cf9e7518308939a13bad40908020ad06.torrent 2469 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFAD6C.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFB101.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFB17.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFBDD0.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFBEA0.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFBEAB.tmp 512 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFBFF4.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFC10.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFC359.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFC53A.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFC6A.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFCDE.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFD0DA.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFD184.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFD3E.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFD488.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFD548.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFD58.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFD5D.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFD5F6.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFD72E.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFD744.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFD8F.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFD9AD.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFDC61.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFDE52.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFE0D6.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFE1B3.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFE1B4.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFE279.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFE304.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFE3A.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFE40E.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFE41.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFE5.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFE57D.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFE5B.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\Perflib_Perfdata_810.dat 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\Perflib_Perfdata_818.dat 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\Perflib_Perfdata_8e8.dat 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\Perflib_Perfdata_a44.dat 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\Perflib_Perfdata__755.dat 60416 bytes executable
c:\docume~1\Kaitlin\LOCALS~1\Temp\photolayout-1.gif 119568 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\quadra000 0 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\RarSFX0
c:\docume~1\Kaitlin\LOCALS~1\Temp\s1191210417_8272-1.jpg 3855 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\MessengerCache
c:\docume~1\Kaitlin\LOCALS~1\Temp\MessengerCache\
00arTvUDze9J6VWZ93RsGhtm2+k= 2321 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\MessengerCache\5oFrGo1Atfk4oN37w9a+smVuIUI= 4993 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\MessengerCache\6PXYc0MQ5iOxGO+HXUhfISGFJv4= 29929 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\MessengerCache\ErrorResponse.xml 1739 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\MessengerCache\G1nHGo3iEJj1e1kwo0hqZe4sT7A= 2788 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\MessengerCache\IT4riofb+YXxQxYyx0BpxEgQKCE= 2883 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\MessengerCache\K2FvGe2FGFmf627gaOpK4phIP9WNo= 2747 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\MessengerCache\QZ3KMCHEVtrqnEh39TywH7LlR2k= 2466 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\MessengerCache\Sounds
c:\docume~1\Kaitlin\LOCALS~1\Temp\MessengerCache\yhv657XcfaQTw2FjWhLY0fPNzOiQ= 19278 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\WKP1F5.tmp 28551 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\WKP27.tmp 928714 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\WKP2DF.tmp 653762 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\WKP305.tmp 3369046 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\WKP5F.tmp 653762 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\WKP63.tmp 113561 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\WKP65.tmp 104964 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\WKP67.tmp 121035 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\WKP74.tmp 50866 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\WKP81.tmp 337277 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\WKPAC.tmp 37891 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\WKPC2.tmp 191724 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\WKPC3.tmp 8295 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\wp00e2a32b-1.png 136892 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\xpz1B8.tmp 0 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\_add_ds.log 272 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\{E19E99D8-8C7F-4B54-926D-920550CBB20C}
c:\docume~1\Kaitlin\LOCALS~1\Temp\{E19E99D8-8C7F-4B54-926D-920550CBB20C}\{C5074CC4-0E26-4716-A307-960272A90040}
c:\docume~1\Kaitlin\LOCALS~1\Temp\{E19E99D8-8C7F-4B54-926D-920550CBB20C}\{C5074CC4-0E26-4716-A307-960272A90040}\difxapi.dll 337320 bytes executable
c:\docume~1\Kaitlin\LOCALS~1\Temp\{E19E99D8-8C7F-4B54-926D-920550CBB20C}\{C5074CC4-0E26-4716-A307-960272A90040}\setup.log 441 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF2E6D.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF2E7C.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF3091.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF310B.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF314D.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF31EE.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF327E.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF342F.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF34C2.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF34D2.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF34E3.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF350A.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF35C9.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF3627.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF36C2.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF38E0.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF3A63.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF3F63.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF4111.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF4247.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF426B.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF43E.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF43F4.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF45C0.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF46C0.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF77A.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF77F9.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF787E.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF78D8.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF7BB4.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF7C16.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF7DE1.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF7DF4.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF820.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF831.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF84D3.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF861.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF88B.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF8CF9.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF8D11.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF96C1.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF98B.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF9E2.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF9F1B.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFA186.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFA3.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFA79B.tmp 114688 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFA8E7.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFA989.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFAA16.tmp 16384 bytes
scan completed successfully
hidden files: 409
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(868)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2009-06-11 18:26
ComboFix-quarantined-files.txt 2009-06-11 00:25
Pre-Run: 60,116,615,168 bytes free
Post-Run: 60,105,465,856 bytes free
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect /usepmtimer
576 --- E O F --- 2009-05-14 01:40
now the MBAM log.
Malwarebytes' Anti-Malware 1.37
Database version: 2259
Windows 5.1.2600 Service Pack 3
6/10/2009 6:50:43 PM
mbam-log-2009-06-10 (18-50-43).txt
Scan type: Full Scan (C:\|)
Objects scanned: 117079
Time elapsed: 19 minute(s), 32 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 8
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\{NSINAME} (Trojan.Agent) -> Not selected for removal.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
c:\documents and settings\Kaitlin\local settings\Temp\tmp162.tmp (Trojan.Alureon) -> Not selected for removal.
c:\documents and settings\Kaitlin\local settings\Temp\tmp2D.tmp (Trojan.Alureon) -> Not selected for removal.
c:\documents and settings\Kaitlin\local settings\Temp\tmp38.tmp (Trojan.Alureon) -> Not selected for removal.
c:\documents and settings\Kaitlin\local settings\Temp\tmp4B.tmp (Trojan.Alureon) -> Not selected for removal.
C:\WINDOWS\system32\antiwpa.dll (Trojan.I.Stole.Windows) -> Quarantined and deleted successfully.
c:\documents and settings\Kaitlin\Local Settings\Temp\VideoTools.exe (Trojan.FakeAlert) -> Not selected for removal.
c:\WINDOWS\Fonts\Ragnarok.exe (Worm.Archive) -> Not selected for removal.
c:\WINDOWS\Fonts\sakray.exe (Worm.Archive) -> Not selected for removal.
i did not remove any of the selected and instead only quarantined them. should i have?
C:\WINDOWS\system32\antiwpa.dll (Trojan.I.Stole.Windows) -> Quarantined and deleted successfully.
^^^^^^^^^^^^^^ this however i was unable to uncheck...
lastly here is a new HJT log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:07:50 PM, on 6/10/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\libusbd-nt.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\DellAutomatedPCTuneUp\PTAgnt.exe
C:\Program Files\Sierra\Planner\PLNRnote.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.google.ca/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL (file missing)
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
O4 - HKLM\..\Run: [dellsupportcenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [DellAutomatedPCTuneUp] "C:\Program Files\DellAutomatedPCTuneUp\PTAgnt.exe" /startup
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - Global Startup: Event Planner Reminders Tray Icon.lnk = C:\Program Files\Sierra\Planner\PLNRnote.exe
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DellAMBrokerService - Unknown owner - C:\Program Files\DellAutomatedPCTuneUp\brkrsvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LibUsb-Win32 - Daemon, Version 0.1.10.1 (libusbd) -
http://libusb-win32.sourceforge.net - C:\WINDOWS\system32\libusbd-nt.exe
O23 - Service: SupportSoft Sprocket Service (DellSupportCenter) (sprtsvc_DellSupportCenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
--
End of file - 4912 bytes
Thanks again for your time this must be awfully painstaking. KEEP UP THE GOOD WORK