oki, i decided to go with Avast this time. so far its nice and quick.
heres the CBfix log
ComboFix 09-06-17.02 - Kaitlin 06/17/2009 18:27.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.894.620 [GMT -6:00]
Running from: c:\documents and settings\Kaitlin\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Kaitlin\Desktop\CFScript.txt
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users\Application Data\avg8
c:\documents and settings\Kaitlin\Application Data\AVGTOOLBAR
c:\program files\AVG
c:\documents and settings\All Users\Application Data\avg8\emc\Log\emc.log
c:\documents and settings\All Users\Application Data\avg8\Log\avgcfg.log
c:\documents and settings\All Users\Application Data\avg8\Log\avgcfg.log.lock
c:\documents and settings\All Users\Application Data\avg8\Log\avgcore.log
c:\documents and settings\All Users\Application Data\avg8\Log\avgcore.log.lock
c:\documents and settings\All Users\Application Data\avg8\Log\avglng.log
c:\documents and settings\All Users\Application Data\avg8\Log\avglng.log.lock
c:\documents and settings\All Users\Application Data\avg8\Log\avgsrm.log
c:\documents and settings\All Users\Application Data\avg8\Log\avgsrm.log.lock
c:\documents and settings\All Users\Application Data\avg8\Log\avgwd.log
c:\documents and settings\All Users\Application Data\avg8\Log\avgwd.log.lock
c:\documents and settings\All Users\Application Data\avg8\Log\avgwdsvc.log
c:\documents and settings\All Users\Application Data\avg8\Log\avgwdsvc.log.lock
c:\documents and settings\All Users\Application Data\avg8\Log\commonpriv.log
c:\documents and settings\All Users\Application Data\avg8\Log\commonpriv.log.lock
c:\documents and settings\All Users\Application Data\avg8\Log\history.xml
c:\program files\AVG\AVG8\cfg\mail.cfg
c:\program files\AVG\AVG8\log\history.xml
.
((((((((((((((((((((((((( Files Created from 2009-05-18 to 2009-06-18 )))))))))))))))))))))))))))))))
.
2009-06-15 17:20 . 2009-06-15 17:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Motive
2009-06-14 18:17 . 2009-06-14 18:17 -------- d-----w- c:\documents and settings\Kaitlin\Local Settings\Application Data\WMTools Downloaded Files
2009-06-11 23:20 . 2009-06-11 23:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2009-06-11 02:34 . 2009-06-11 02:34 -------- d-----w- c:\program files\Windows Media Connect 2
2009-06-11 02:32 . 2009-06-11 02:33 -------- d-----w- C:\2f962a79417bd2753c14b925a38ddfd8
2009-06-11 02:32 . 2009-06-11 02:33 -------- d-----w- c:\windows\system32\drivers\UMDF
2009-06-11 02:32 . 2009-06-11 02:32 -------- d-----w- C:\30257a82ba8bda1b5c
2009-06-11 02:17 . 2009-06-11 02:17 -------- d-sh--w- c:\documents and settings\Kaitlin\IECompatCache
2009-06-11 02:16 . 2009-06-11 02:16 -------- d-sh--w- c:\documents and settings\Kaitlin\PrivacIE
2009-06-11 02:15 . 2009-06-11 02:15 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2009-06-11 02:14 . 2009-06-11 02:14 -------- d-sh--w- c:\documents and settings\Kaitlin\IETldCache
2009-06-11 02:01 . 2009-06-11 02:01 -------- d-----w- c:\windows\system32\XPSViewer
2009-06-11 02:01 . 2009-06-11 02:01 -------- d-----w- c:\program files\MSBuild
2009-06-11 02:00 . 2009-06-11 02:00 -------- d-----w- c:\program files\Reference Assemblies
2009-06-11 02:00 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-06-11 02:00 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2009-06-11 02:00 . 2009-06-11 02:00 -------- d-----w- C:\b2db2028b15ce0cad8313e
2009-06-11 02:00 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2009-06-11 02:00 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2009-06-11 02:00 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2009-06-11 02:00 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2009-06-11 02:00 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-06-11 01:55 . 2009-04-30 21:22 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-06-11 01:55 . 2009-04-30 21:22 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-06-11 01:55 . 2009-06-11 01:55 -------- d-----w- c:\windows\ie8updates
2009-06-11 01:54 . 2009-05-12 05:11 102912 -c----w- c:\windows\system32\dllcache\iecompat.dll
2009-06-11 01:51 . 2009-06-11 01:54 -------- dc-h--w- c:\windows\ie8
2009-06-11 00:03 . 2009-06-11 00:03 3371383 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-06-09 23:53 . 2009-06-17 01:07 152576 ----a-w- c:\documents and settings\Kaitlin\Application Data\Sun\Java\jre1.6.0_14\lzma.dll
2009-06-09 23:37 . 2009-06-09 23:37 -------- d-----w- C:\_OTM
2009-06-07 18:20 . 2009-06-07 18:20 -------- d-----w- c:\program files\Trend Micro
2009-05-25 02:49 . 2009-05-25 02:49 -------- d-----w- c:\documents and settings\Kaitlin\Local Settings\Application Data\Help
2009-05-25 02:38 . 2009-05-25 02:38 -------- d-----w- c:\documents and settings\Kaitlin\Application Data\Sierra
2009-05-25 02:23 . 1998-10-29 23:45 306688 ----a-w- c:\windows\IsUninst.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-17 01:09 . 2009-03-30 08:03 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-06-11 02:15 . 2009-02-20 02:37 45384 ----a-w- c:\documents and settings\Kaitlin\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-11 00:03 . 2009-02-24 06:43 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-09 23:53 . 2009-03-30 08:02 -------- d-----w- c:\program files\Java
2009-05-26 19:20 . 2009-02-24 06:43 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-26 19:19 . 2009-02-24 06:43 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-05-25 04:39 . 2009-04-18 23:32 29080 ---ha-w- c:\windows\system32\mlfcache.dat
2009-05-25 02:37 . 2009-05-25 02:37 -------- d-----w- c:\program files\Common Files\Sierra On-Line
2009-05-25 02:37 . 2009-05-25 02:24 -------- d-----w- c:\program files\Sierra
2009-05-25 02:37 . 2009-02-24 03:36 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-05-23 05:39 . 2009-04-19 01:31 -------- d-----w- c:\documents and settings\Kaitlin\Application Data\gtk-2.0
2009-05-19 01:56 . 2009-05-14 00:24 -------- d-----w- c:\documents and settings\All Users\Application Data\STOPzilla!
2009-05-14 00:58 . 2009-05-14 00:58 -------- d-----w- c:\program files\Alcohol Soft
2009-05-14 00:49 . 2009-05-14 00:49 716272 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-05-13 05:15 . 2004-08-04 12:00 915456 ----a-w- c:\windows\system32\wininet.dll
2009-05-12 05:35 . 2009-05-12 05:35 -------- d-----w- c:\documents and settings\Kaitlin\Application Data\Dell
2009-05-12 05:35 . 2009-02-23 06:28 -------- d-----w- c:\program files\Dell
2009-05-11 14:08 . 2009-05-11 14:08 -------- d-----w- c:\program files\MSXML 4.0
2009-05-10 03:01 . 2009-04-23 05:28 -------- d-----w- c:\documents and settings\Kaitlin\Application Data\mIRC
2009-05-10 02:59 . 2009-04-23 05:28 -------- d-----w- c:\program files\mIRC
2009-05-10 02:49 . 2009-05-10 02:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Hewlett-Packard
2009-05-10 02:48 . 2009-05-10 02:46 124404 ----a-w- c:\windows\hpoins14.dat
2009-05-10 02:47 . 2009-05-10 02:47 -------- d-----w- c:\program files\Hewlett-Packard
2009-05-10 02:47 . 2009-05-10 02:47 -------- d-----w- c:\program files\Common Files\Hewlett-Packard
2009-05-10 02:47 . 2009-05-10 02:47 -------- d-----w- c:\program files\HP
2009-05-09 14:34 . 2009-05-09 14:34 -------- d-----w- c:\program files\LibUSB-Win32-0.1.10.1
2009-05-09 02:15 . 2009-05-09 02:15 -------- d-----w- c:\program files\Synaptics
2009-05-07 15:32 . 2004-08-04 12:00 345600 ----a-w- c:\windows\system32\localspl.dll
2009-05-07 03:26 . 2009-05-07 03:09 -------- d-----w- c:\program files\Project64 1.6
2009-05-07 03:09 . 2009-05-07 03:09 8854 ----a-r- c:\documents and settings\Kaitlin\Application Data\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\Uninstall_Project64__9559F7CA5E344237A2D9D856464AD727.exe
2009-05-07 03:09 . 2009-05-07 03:09 40960 ----a-r- c:\documents and settings\Kaitlin\Application Data\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\NewShortcut1_9559F7CA5E344237A2D9D856464AD727.exe
2009-05-07 03:09 . 2009-05-07 03:09 40960 ----a-r- c:\documents and settings\Kaitlin\Application Data\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\ARPPRODUCTICON.exe
2009-04-29 04:55 . 2009-04-29 04:55 78336 ------w- c:\windows\system32\ieencode.dll
2009-04-24 02:03 . 2009-04-24 02:03 -------- d-----w- c:\program files\Combined Community Codec Pack
2009-04-19 07:38 . 2009-04-19 06:23 684 ----a-w- c:\windows\Fonts\mpatch.txt
2009-04-19 07:38 . 2009-04-19 06:23 5 ----a-w- c:\windows\Fonts\mpatch_allow.txt
2009-04-19 06:28 . 2009-04-19 06:24 32 ----a-w- c:\windows\Fonts\micd.ini
2009-04-19 06:26 . 2009-04-19 06:24 -------- d-----w- c:\windows\Fonts\BGM
2009-04-19 06:24 . 2009-04-19 06:24 -------- d-----w- c:\windows\Fonts\data
2009-04-19 06:24 . 2009-04-19 06:24 -------- d-----w- c:\windows\Fonts\PatchClient
2009-04-19 01:29 . 2009-04-19 01:29 -------- d-----w- c:\program files\GIMP-2.0
2009-04-17 12:26 . 2004-08-04 12:00 1847168 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 14:51 . 2004-08-04 12:00 585216 ----a-w- c:\windows\system32\rpcrt4.dll
2009-03-30 08:02 . 2009-03-30 08:02 152576 ----a-w- c:\documents and settings\Kaitlin\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
.
((((((((((((((((((((((((((((( SnapShot_2009-06-17_00.44.06 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-06-18 00:25 . 2009-06-18 00:25 16384 c:\windows\Temp\Perflib_Perfdata_764.dat
- 2009-06-17 00:38 . 2009-06-17 00:38 16384 c:\windows\Temp\Perflib_Perfdata_764.dat
+ 2009-06-17 01:09 . 2009-06-17 01:09 148888 c:\windows\system32\javaws.exe
- 2009-06-09 23:53 . 2009-05-21 17:34 148888 c:\windows\system32\javaws.exe
+ 2009-06-17 01:09 . 2009-06-17 01:09 144792 c:\windows\system32\javaw.exe
- 2009-06-09 23:53 . 2009-05-21 17:34 144792 c:\windows\system32\javaw.exe
+ 2009-06-17 01:09 . 2009-06-17 01:09 144792 c:\windows\system32\java.exe
- 2009-06-09 23:53 . 2009-05-21 17:34 144792 c:\windows\system32\java.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-07 3885408]
"DellAutomatedPCTuneUp"="c:\program files\DellAutomatedPCTuneUp\PTAgnt.exe" [2007-10-11 465136]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2009-05-14 4608]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-11-26 2289664]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 90112]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-05-10 405504]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-10-24 206064]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-10-26 1024000]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-06-17 148888]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Event Planner Reminders Tray Icon.lnk - c:\program files\Sierra\Planner\PLNRnote.exe [2009-5-24 184320]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \
0[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
R2 datunidr;DellAutomatedPCTuneUp UniDriver;c:\windows\system32\drivers\datunidr.sys [8/23/2007 8:29 PM 5376]
R2 libusbd;LibUsb-Win32 - Daemon, Version 0.1.10.1;system32\libusbd-nt.exe --> system32\libusbd-nt.exe [?]
R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;c:\windows\system32\drivers\libusb0.sys [5/7/2009 6:33 PM 33792]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder
2009-06-15 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 23:57]
.
.
------- Supplementary Scan -------
.
uStart Page =
hxxp://www.google.ca/uInternet Connection Wizard,ShellNext = iexplore
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-06-17 18:30
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf104.tmp
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf104.tmp\[isoHunt] Nero 8 Ultra Edition 8.3.0 Multilanguage FULL Retail.torrent 40582 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf10F.tmp
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf10F.tmp\[isoHunt] f5436481d0041374311be582bdd190b3705ee1a6.torrent 1861 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf113.tmp
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf113.tmp\[isoHunt] f5436481d0041374311be582bdd190b3705ee1a6.torrent 1861 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf116.tmp
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf116.tmp\[isoHunt] f5436481d0041374311be582bdd190b3705ee1a6.torrent 1861 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf127.tmp
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf127.tmp\R165094.EXE 10204800 bytes executable
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf13.tmp
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf13.tmp\install_flash_player.exe 1878888 bytes executable
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf139.tmp
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf139.tmp\zsnesw151.zip 867785 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf13F.tmp
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf13F.tmp\Kaitlin's Order.doc 314880 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf14C.tmp
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf14C.tmp\BingoCabin_Downloader.Exe 343168 bytes executable
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf156.tmp
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf156.tmp\Shadowrun.zip 697678 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf159.tmp
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf159.tmp\Illusion of Gaia.zip 1657120 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf15C.tmp
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf15C.tmp\Mystic Quest Legend.zip 362164 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf17.tmp
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf17.tmp\b216.torrent 13794 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf173.tmp
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf173.tmp\b222.torrent 13814 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf18.tmp
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf18.tmp\RyoROskin_08.rar 1105180 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf186.tmp
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf186.tmp\Wolverine - Adamantium Rage.zip 1216500 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf19.tmp
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf19.tmp\wmp11-windowsxp-x86-enu.exe 25752376 bytes executable
c:\docume~1\Kaitlin\LOCALS~1\Temp\VGX1E8.tmp 26121 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\VGX1EA.tmp 0 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\VGX1EB.tmp 0 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\VGX1EC.tmp 6475 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\VGX1ED.tmp 15005 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\WKP10C.tmp 28551 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\WKP11B.tmp 249543 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\WKP124.tmp 249543 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\WKP127.tmp 249543 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\WKP12D.tmp 707179 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\WKP1C9.tmp 653762 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\WKP1D6.tmp 28551 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\WKP1E0.tmp 85171 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\WKP1E3.tmp 707179 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\WKP1E7.tmp 1388048 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\WKP1EC.tmp 85171 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\MSIVX000 0 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\msqpdx000 0 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\ovfsth000 0 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\ovfsthx000 0 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF4B35.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF4BFE.tmp 32768 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF4C09.tmp 512 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF4C2E.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF4C62.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF4CA7.tmp 512 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF4CD6.tmp 32768 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF4CE1.tmp 512 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF4E19.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF4E9F.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF4EE.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF4F57.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF4F68.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF504A.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF509D.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF50D3.tmp 0 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF51D.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF5550.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF566D.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFD5F6.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFD72E.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFD744.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFD8F.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFD9AD.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFDC61.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFDE52.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFDFC.tmp 0 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFE0D6.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFE117.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFE159.tmp 512 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFE1B3.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFE1B4.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFE279.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFE304.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFE3A.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFE40E.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFE41.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFE5.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFE57D.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFE5B.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFE7C.tmp 32768 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFE840.tmp 0 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFE87.tmp 512 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\SafB6.tmp
c:\docume~1\Kaitlin\LOCALS~1\Temp\SafB6.tmp\gmer.zip 278221 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\SafBD.tmp
c:\docume~1\Kaitlin\LOCALS~1\Temp\SafBD.tmp\install_flash_player.exe 1878888 bytes executable
c:\docume~1\Kaitlin\LOCALS~1\Temp\SafC0.tmp
c:\docume~1\Kaitlin\LOCALS~1\Temp\SafC0.tmp\b217.torrent 13814 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\SafC1.tmp
c:\docume~1\Kaitlin\LOCALS~1\Temp\SafC1.tmp\b221.torrent 13814 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\SafC2.tmp
c:\docume~1\Kaitlin\LOCALS~1\Temp\SafC2.tmp\SafC3.tmp.download 594411260 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\SafC3.tmp
c:\docume~1\Kaitlin\LOCALS~1\Temp\SafC3.tmp\VisualBoyAdvance-1.7.2.zip 611913 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\SafC7.tmp
c:\docume~1\Kaitlin\LOCALS~1\Temp\SafC7.tmp\[isoHunt] SNES ROMSET COMPLETE.torrent 218806 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\SafCA.tmp
c:\docume~1\Kaitlin\LOCALS~1\Temp\SafCA.tmp\Visual_Boy_Advance___13_Roms_.3969898.TPB.torrent 11473 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\SafD.tmp
c:\docume~1\Kaitlin\LOCALS~1\Temp\SafD.tmp\nero_8_ultra_edition_crack_zip-Fenopy.com.torrent 1043 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\SafD2.tmp
c:\docume~1\Kaitlin\LOCALS~1\Temp\SafD2.tmp\b220.torrent 13814 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\SafD3.tmp
c:\docume~1\Kaitlin\LOCALS~1\Temp\SafD3.tmp\gimp-2.6.6-i686-setup.exe 16070968 bytes executable
c:\docume~1\Kaitlin\LOCALS~1\Temp\SafF3.tmp
c:\docume~1\Kaitlin\LOCALS~1\Temp\SafF3.tmp\[isoHunt] NDS USA Roms 0000-2496.torrent 140905 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\SafF8.tmp
c:\docume~1\Kaitlin\LOCALS~1\Temp\SafF8.tmp\[isoHunt] GAMEBOY ADVANCE COMPLETE (U) [!] ROMSET.torrent 82175 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\SafFD.tmp
c:\docume~1\Kaitlin\LOCALS~1\Temp\SafFD.tmp\[isoHunt] download.torrent 270189 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\screenMicRO003-1.jpg 216950 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\screenMicRO013-1.jpg 99976 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\jinstall.cfg 931 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\Microsoft .NET Framework 3.5-KB958484_20090611_020607296.html 92608 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\s734070972_2788788_7883627-1.jpg 5492 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf1AD.tmp
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf1AD.tmp\Terranigma.zip 2986637 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf3B5.tmp
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf3B5.tmp\R175658.exe 14056879 bytes executable
c:\docume~1\Kaitlin\LOCALS~1\Temp\SafB2.tmp
c:\docume~1\Kaitlin\LOCALS~1\Temp\SafB2.tmp\mirc635.exe 1751280 bytes executable
c:\docume~1\Kaitlin\LOCALS~1\Temp\seneka000 0 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\sx6CE.tmp 0 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\VGX1E7.tmp 7633 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\WKP1F1.tmp 653762 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\WKPC3.tmp 8295 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF10B0.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF2C3D.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF4815.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF577.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF7557.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF8D11.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFACD.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFBDD4.tmp 512 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFD5D.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFE9DA.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFF6E3.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFE9E.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFEAAA.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFEAE8.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFEB95.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFEC52.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFECA4.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFED8A.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFEDF.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFEEA.tmp 512 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFEF41.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFEFAB.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFF19.tmp 32768 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFF24.tmp 512 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFF2A0.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFF354.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFF446.tmp 0 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFF513.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFF5EC.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFF60.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFF674.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFF6AD.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\tdss000 0 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\tmp163.tmp 343040 bytes executable
c:\docume~1\Kaitlin\LOCALS~1\Temp\tmp2E.tmp 343040 bytes executable
c:\docume~1\Kaitlin\LOCALS~1\Temp\tmp39.tmp 343040 bytes executable
c:\docume~1\Kaitlin\LOCALS~1\Temp\tmp4C.tmp 343040 bytes executable
c:\docume~1\Kaitlin\LOCALS~1\Temp\UAC000 0 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\UIRoundedImage-1.png 1652 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\UIRoundedImage-2.png 1652 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\UIRoundedImage-3.png 1652 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\UIRoundedImage-4.png 1652 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\update000.log 612 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\update001.log 607 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\update002.log 549 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\update003.log 578 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\update004.log 574 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\uxeventlog.txt 602644 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\setb0.tmp 299520 bytes executable
c:\docume~1\Kaitlin\LOCALS~1\Temp\setb1.tmp 408064 bytes executable
c:\docume~1\Kaitlin\LOCALS~1\Temp\setb2.tmp 230912 bytes executable
c:\docume~1\Kaitlin\LOCALS~1\Temp\setb3.tmp 151552 bytes executable
c:\docume~1\Kaitlin\LOCALS~1\Temp\setb4.tmp 2174976 bytes executable
c:\docume~1\Kaitlin\LOCALS~1\Temp\setb5.tmp 102400 bytes executable
c:\docume~1\Kaitlin\LOCALS~1\Temp\setb6.tmp 396528 bytes executable
c:\docume~1\Kaitlin\LOCALS~1\Temp\setb7.tmp 227328 bytes executable
c:\docume~1\Kaitlin\LOCALS~1\Temp\setb8.tmp 2376760 bytes executable
c:\docume~1\Kaitlin\LOCALS~1\Temp\Setup0000.log 1912 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\setup_wm.exe 774144 bytes executable
c:\docume~1\Kaitlin\LOCALS~1\Temp\SKYNET000 0 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\spacer-1.gif 67 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\sta74.tmp 0 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\STOPzilla!
c:\docume~1\Kaitlin\LOCALS~1\Temp\STOPzilla!\SZPro5.msi 13225984 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFBEA0.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFBEAB.tmp 512 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFBFF4.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFC10.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFC359.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFC53A.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFC6A.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFCDE.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFD0DA.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFD184.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFD3E.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFD488.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFD548.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFD56E.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFD57C.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFD58.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF9297.tmp 32768 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF92A2.tmp 512 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF92FA.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF9305.tmp 512 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF9334.tmp 32768 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF933F.tmp 512 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF938A.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF941C.tmp 32768 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF9427.tmp 512 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF94A9.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF94B4.tmp 512 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF9651.tmp 32768 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF965C.tmp 512 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF96C1.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF98B.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF9E2.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF9F1B.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFA186.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFA3.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFA79B.tmp 114688 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFA8E7.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFA989.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFAA16.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFF6FD.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFF738.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFF7B8.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFF839.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFF893.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFF9EA.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFFA84.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFFAC7.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFFB99.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFFC49.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFFD63.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFFE51.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFFE6.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFFE6A.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFFF44.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFFF66.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFFFE4.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~nsu.tmp
c:\docume~1\Kaitlin\LOCALS~1\Temp\~nsu.tmp\Au_.exe 355862 bytes executable
c:\docume~1\Kaitlin\LOCALS~1\Temp\wmplog00.sqm 1384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\wp00e2a32b-1.png 136892 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\WPDNSE
c:\docume~1\Kaitlin\LOCALS~1\Temp\xpz1B8.tmp 0 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\_add_ds.log 272 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\{E19E99D8-8C7F-4B54-926D-920550CBB20C}
c:\docume~1\Kaitlin\LOCALS~1\Temp\{E19E99D8-8C7F-4B54-926D-920550CBB20C}\{C5074CC4-0E26-4716-A307-960272A90040}
c:\docume~1\Kaitlin\LOCALS~1\Temp\{E19E99D8-8C7F-4B54-926D-920550CBB20C}\{C5074CC4-0E26-4716-A307-960272A90040}\difxapi.dll 337320 bytes executable
c:\docume~1\Kaitlin\LOCALS~1\Temp\{E19E99D8-8C7F-4B54-926D-920550CBB20C}\{C5074CC4-0E26-4716-A307-960272A90040}\setup.log 441 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF122C.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF1282.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF1471.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF156B.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF164F.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF18B3.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF1A30.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF1A65.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF1BD5.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF1C78.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF1C99.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF1CC.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF1CF2.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF1D2.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF1D74.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF1D8C.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF1ED1.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF203.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF207D.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF21BD.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF21D0.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF24BE.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF25E7.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF27.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF2898.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF28E5.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF29A5.tmp 0 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF5897.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF596B.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF59E.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF5BE8.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF5C41.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF5D60.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF5DF.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF63A3.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF6BAE.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF6C7A.tmp 0 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF6DD5.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF6F70.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF71EA.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF747F.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf44.tmp
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf44.tmp\BingoCabin_Downloader.Exe 343168 bytes executable
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf47.tmp
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf47.tmp\kellyanngothic.zip 45305 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf4D.tmp
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf4D.tmp\Aura Collection 3.rar 898177 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf52.tmp
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf52.tmp\[isoHunt] Final Fantasy collection by ga8i.torrent 421607 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf59.tmp
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf59.tmp\mbam-setup.exe 2967800 bytes executable
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf63.tmp
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf63.tmp\[isoHunt] Zoom Player Home MAX 6.00.torrent 3273 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf65.tmp
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf65.tmp\b219.torrent 13814 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf69.tmp
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf69.tmp\vlc-0.9.9-win32.exe 16742799 bytes executable
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf79.tmp
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf79.tmp\avg_free_stf_en_85_339a1525.exe 65103168 bytes executable
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf795.tmp
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf795.tmp\project64_1.6.exe 2080797 bytes executable
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf7B.tmp
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf7B.tmp\DJ_AIO_Corporate_NonNetwork_DVD.exe 53061336 bytes executable
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf80.tmp
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf80.tmp\STOPzilla_Setup.exe 349696 bytes executable
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf89.tmp
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf89.tmp\wmp10.exe 12754672 bytes executable
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf9A.tmp
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf9A.tmp\lspfix.zip 183158 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\SafAC.tmp
c:\docume~1\Kaitlin\LOCALS~1\Temp\SafAC.tmp\Mouse Freedom.rar 67859 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\SafAD.tmp
c:\docume~1\Kaitlin\LOCALS~1\Temp\SafAD.tmp\[isoHunt] SUPER NINTENDO-COMPLETE COLLECTION_700 ROMS.torrent 71749 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\SafB.tmp
c:\docume~1\Kaitlin\LOCALS~1\Temp\SafB.tmp\Combined-Community-Codec-Pack-2008-09-21.exe 6833525 bytes executable
c:\docume~1\Kaitlin\LOCALS~1\Temp\SafB0.tmp
c:\docume~1\Kaitlin\LOCALS~1\Temp\SafB0.tmp\[isoHunt] 1fab6c04cf9e7518308939a13bad40908020ad06.torrent 2469 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\jusched.log 2178 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\kungsf000 0 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\log.txt 138905 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\MessengerCache
c:\docume~1\Kaitlin\LOCALS~1\Temp\Microsoft .NET Framework 2.0-KB958481_20090611_020304281.html 498172 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\Microsoft .NET Framework 3.0-KB958483_20090611_020533546-Msi0.txt 2118688 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\Microsoft .NET Framework 3.0-KB958483_20090611_020533546.html 111624 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\Microsoft .NET Framework 3.5-KB958484_20090611_020607296-Msi0.txt 753122 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf1B.tmp
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf1B.tmp\Nero 8+crack.torrent 14821 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf1DD.tmp
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf1DD.tmp\legitcheck.hta 4812 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf1E3.tmp
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf1E3.tmp\legitcheck.hta 4812 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf1E5.tmp
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf1E5.tmp\SetupMusicnotesPluginNS.exe 204080 bytes executable
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf1E9.tmp
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf1E9.tmp\legitcheck.hta 4812 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf1F6.tmp
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf1F6.tmp\31870_Kaitlin_Grundy.doc 3866 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf2.tmp
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf2.tmp\bitcomet_setup.exe 5797624 bytes executable
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf20.tmp
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf20.tmp\fatfingers_0002.wmv 3360249 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf20A.tmp
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf20A.tmp\TGB_Dual_7.zip 198524 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf20C.tmp
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf20C.tmp\AHT FT Apr.doc 111104 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf21.tmp
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf21.tmp\legitcheck.hta 4821 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf239.tmp
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf239.tmp\vbalink172.zip 545610 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf28.tmp
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf28.tmp\Saf29.tmp.download 499973592 bytes executable
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf306.tmp
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf306.tmp\[isoHunt] Microsoft Office 2007 Premium Edition.torrent 11751 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf33.tmp
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf33.tmp\Saf34.tmp.download 570769408 bytes executable
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf37.tmp
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf37.tmp\FW New Sony Gadget.eml.mht 7286666 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFAD6C.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFB101.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFB17.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFBACE.tmp 32768 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFBAD9.tmp 512 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFBB76.tmp 32768 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFBB81.tmp 512 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFBD2C.tmp 32768 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFBD37.tmp 512 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFBD8F.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFBD9A.tmp 512 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFBDC9.tmp 32768 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFBDD0.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\Perflib_Perfdata_810.dat 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\Perflib_Perfdata_818.dat 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\Perflib_Perfdata_8e8.dat 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\Perflib_Perfdata_a44.dat 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\Perflib_Perfdata__755.dat 60416 bytes executable
c:\docume~1\Kaitlin\LOCALS~1\Temp\photolayout-1.gif 119568 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\quadra000 0 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\RarSFX0
c:\docume~1\Kaitlin\LOCALS~1\Temp\s1191210417_8272-1.jpg 3855 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\1b1df5.mst 985088 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\1c1d64.mst 985088 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\AUInst.log 268 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\Av-test.txt 72 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\catchme.dll 53248 bytes executable
c:\docume~1\Kaitlin\LOCALS~1\Temp\dgm000 0 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\gaopdx000 0 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\gxvxc000 0 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\java_install.log 26974 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\java_install_reg.log 7573 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\java_install_sp.log 2494 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\WKP1F5.tmp 28551 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\WKP27.tmp 928714 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\WKP2DF.tmp 653762 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\WKP305.tmp 3369046 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\WKP5F.tmp 653762 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\WKP63.tmp 113561 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\WKP65.tmp 104964 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\WKP67.tmp 121035 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\WKP74.tmp 50866 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\WKP81.tmp 337277 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\WKPAC.tmp 37891 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\WKPC2.tmp 191724 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF2E6D.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF2E7C.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF3091.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF310B.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF314D.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF31EE.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF327E.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF3379.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF342F.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF34C2.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF34D2.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF34E3.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF350A.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF35C9.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF35EF.tmp 0 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF3627.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF36C2.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF38E0.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF3A63.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF3F63.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF4111.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF4247.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF426B.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF43E.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF43F4.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF45C0.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF46C0.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF76F7.tmp 0 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF77A.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF77F9.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF787E.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF78D8.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF7B54.tmp 0 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF7BB4.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF7C16.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF7DE1.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF7DF4.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF820.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF82E5.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF831.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF84D3.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF861.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF88B.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF8CF9.tmp 16384 bytes
scan completed successfully
hidden files: 478
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(808)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2009-06-18 18:32
ComboFix-quarantined-files.txt 2009-06-18 00:31
ComboFix2.txt 2009-06-17 00:45
ComboFix3.txt 2009-06-11 00:26
Pre-Run: 58,774,347,776 bytes free
Post-Run: 58,763,718,656 bytes free
675 --- E O F --- 2009-06-14 18:20
and the new JT log