Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

IE crashes computer/win update blocked/malwarebytes blocked

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: IE crashes computer/win update blocked/malwarebytes blocked

Unread postby muppy03 » June 11th, 2009, 4:29 pm

Thank you :cheers:
User avatar
muppy03
MRU Emeritus
MRU Emeritus
 
Posts: 4782
Joined: December 4th, 2007, 5:30 am
Location: Australia
Advertisement
Register to Remove

Re: IE crashes computer/win update blocked/malwarebytes blocked

Unread postby Apollo » June 11th, 2009, 7:21 pm

Hi again Muppy. here is the validation results, which is a ginormous relive if i must say.

Diagnostic Report (1.9.0006.1):
-----------------------------------------
WGA Data-->
Validation Status: Genuine
Validation Code: 0
Online Validation Code: N/A
Cached Validation Code: N/A
Windows Product Key: *****-*****-XM46G-6JD6V-BHMDD
Windows Product Key Hash: pLEUimjAWZ5RJZWifQe4x7qNuMw=
Windows Product ID: 76477-OEM-2142561-11289
Windows Product ID Type: 3
Windows License Type: OEM System Builder
Windows OS version: 5.1.2600.2.00010300.3.0.hom
ID: {3FA36FD6-6DC8-4E55-ADAF-8B30EBC85C78}(3)
Is Admin: Yes
TestCab: 0x0
WGA Version: Registered, 1.7.69.2
Signed By: Microsoft
Product Name: N/A
Architecture: N/A
Build lab: N/A
TTS Error: N/A
Validation Diagnostic: 025D1FF3-230-1_E2AD56EA-765-b036_E2AD56EA-766-0_E2AD56EA-134-80004005
Resolution Status: N/A

WgaER Data-->
ThreatID(s): N/A
Version: N/A

WGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
WGATray.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 109 N/A
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: B4D0AA8B-543-80070002_025D1FF3-230-1

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: N/A, hr=0x80070002
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{3FA36FD6-6DC8-4E55-ADAF-8B30EBC85C78}</UGUID><Version>1.9.0006.1</Version><OS>5.1.2600.2.00010300.3.0.hom</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-BHMDD</PKey><PID>76477-OEM-2142561-11289</PID><PIDType>3</PIDType><SID>S-1-5-21-583907252-1425521274-1801674531</SID><SYSTEM><Manufacturer>Dell Inc.</Manufacturer><Model>Vostro 1000 </Model></SYSTEM><BIOS><Manufacturer>Dell Inc.</Manufacturer><Version>2.6.3 </Version><SMBIOSVersion major="2" minor="4"/><Date>20071207000000.000000+000</Date></BIOS><HWID>DB7836E701842E6E</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Mountain Standard Time(GMT-07:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM/><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>

Licensing Data-->
N/A

HWID Data-->
N/A

OEM Activation 1.0 Data-->
BIOS string matches: yes
Marker string from BIOS: 1E832:Dell Inc|1075C:Dell Inc|1075C:Microsoft Corporation
Marker string from OEMBIOS.DAT: N/A, hr = 0x80004005

OEM Activation 2.0 Data-->
N/A
Apollo
Regular Member
 
Posts: 17
Joined: June 3rd, 2009, 11:13 pm

Re: IE crashes computer/win update blocked/malwarebytes blocked

Unread postby Apollo » June 12th, 2009, 10:35 am

hi muppy, i'm going to be away for the rest of the weekend so i wont be able to reply to your next post untill sunday sometime.
Apollo
Regular Member
 
Posts: 17
Joined: June 3rd, 2009, 11:13 pm

Re: IE crashes computer/win update blocked/malwarebytes blocked

Unread postby muppy03 » June 13th, 2009, 6:11 am

Hi Apollo,

Unfortunately the results are not good and as per Forum Policy I will be unable to assist you any longer. I realize you bought this computer second hand and in good faith but that does not change the rules and accordingly this topic will be closed.

The policy wrote:It is this forum's policy to decline help to those who are either using illegal copies of software and/or are attempting to circumvent the software's restrictions in order to use said software without lawfully purchasing the product, in violation of the EULA (End User License Agreement).
To do otherwise would put us in the position of aiding and abetting an unlawful act.
The forum's policy on invalid copies of Windows or Other Software is here : http://forum.malwareremoval.com/viewtopic.php?t=550

As the information you have posted indicates that your system falls into this category, we are unable to offer assistance until it can be conclusively demonstrated that this situation has been rectified.
User avatar
muppy03
MRU Emeritus
MRU Emeritus
 
Posts: 4782
Joined: December 4th, 2007, 5:30 am
Location: Australia

Re: IE crashes computer/win update blocked/malwarebytes blocked

Unread postby Apollo » June 15th, 2009, 11:38 am

Could you please give me some direction as to where i should go to resolve this issue? I'd like to finish cleaning this computer but i'm fairly upset finding out my windows isnt legitimate. i have the activation code that came with the computer if that helps.
Apollo
Regular Member
 
Posts: 17
Joined: June 3rd, 2009, 11:13 pm

Re: IE crashes computer/win update blocked/malwarebytes blocked

Unread postby muppy03 » June 15th, 2009, 10:14 pm

dell puts the proof of authenticity on a sticker right at the bottom with activation code and all


Hi Apollo, Lets see if we can get to the bottom of this.
You bought the comp 2nd hand already with XP installed. Were you supplied any disks?

Can you give me all the information on the sticker including the key code and what operating system is listed on it. Send me that information privately we don’t want everyone knowing your details.

Since you have had the computer have you had any reason for getting it fixed, like reformatted in a repair shop?

Let me know what you can and hopefully all will be straightened out.
User avatar
muppy03
MRU Emeritus
MRU Emeritus
 
Posts: 4782
Joined: December 4th, 2007, 5:30 am
Location: Australia

Re: IE crashes computer/win update blocked/malwarebytes blocked

Unread postby muppy03 » June 16th, 2009, 5:38 pm

Hi Apollo,
IE is now working now so i went ahead and updated as much as possible
Are you able to get your MS updates now? How is the computer running, what problems are you still having?

Download and Run ATF Cleaner
Download ATF (Atribune Temp File) Cleaner© by Atribune to your desktop.
Make sure that all browser windows are closed.

    Double-click ATF-Cleaner.exe to run the program.
    Under Main choose: Select All
    Uncheck Cookies if you do not want them deleted. (If deleted, you will likely need to re-enter your passwords at all sites where a cookie is used to recognize you when you visit). Click the Empty Selected button.

If you use Firefox browser
    Click Firefox at the top and choose: Select All
    Uncheck Cookies if you do not want them deleted.
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.


If you use Opera browser
    Click Opera at the top and choose: Select All
    Uncheck Cookies if you do not want them deleted
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.


Next Please update and re-run MBAM. This time when it is finished
make sure that everything is checked, and click Remove Selected.


COMBOFIX-Script
A word of warning: Please do not run ComboFix on your own. This tool is not a toy and not for everyday use.


  • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

    Code: Select all
    Registry::
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "8007:TCP"=-
    "8007:UDP"=-
    "26585:TCP"=-
    "26585:UDP"=-
     
    

  • Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.

    Image
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • If you need help to disable your protection programs see here.
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

Kaspersky Online Scan
Do an online scan with >Kaspersky Online Scanner<
  • Read through the requirements and privacy statement and click on Accept button
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run
  • When the downloads have finished, click on Settings
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
      Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  • Click on My Computer under Scan
  • Once the scan is complete, it will display the results. Click on View Scan Report
  • You will see a list of infected items there. Click on Save Report As...
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button
  • Please post this log in your next reply


Please reply with:-
  • Combofix log
  • Kaspersky report
  • New HJT log
  • Answers to questions
User avatar
muppy03
MRU Emeritus
MRU Emeritus
 
Posts: 4782
Joined: December 4th, 2007, 5:30 am
Location: Australia

Re: IE crashes computer/win update blocked/malwarebytes blocked

Unread postby Apollo » June 17th, 2009, 12:27 am

ok, i've attached the CBFix log and Kaspersky logs, they are FAR too long to post in 100k chrs.

And as for your questions, as soon as IE stopped crashing i was able to update. I also tried doing the online validation and got 2 failures, the last 2 on the list (i cant remember what they were described as) but pressing the resolve this button, IE downloaded a few active x controls and the failures went away.

Um the computer seems to be running much better, if still a little slow, but a few weird things have been happening. i went looking for my AVG8 and the folder in program files is completely empty now... also, when using combofix or any program for that matter that requires an automatic restart, the computer doesnt progress past the "windows is now shutting down" screen. It restarts fine when using -start- turn off computer, but i waited nearly an hour after combofix tried to restart the computer, and finally just did a hard reset.

Thanks again for your continued help,

Apollo

here is the HJT log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:18:03 PM, on 6/16/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\WINDOWS\system32\libusbd-nt.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Windows NT\Accessories\WORDPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL (file missing)
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
O4 - HKLM\..\Run: [dellsupportcenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [DellAutomatedPCTuneUp] "C:\Program Files\DellAutomatedPCTuneUp\PTAgnt.exe" /startup
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - Global Startup: Event Planner Reminders Tray Icon.lnk = C:\Program Files\Sierra\Planner\PLNRnote.exe
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DellAMBrokerService - Unknown owner - C:\Program Files\DellAutomatedPCTuneUp\brkrsvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LibUsb-Win32 - Daemon, Version 0.1.10.1 (libusbd) - http://libusb-win32.sourceforge.net - C:\WINDOWS\system32\libusbd-nt.exe
O23 - Service: SupportSoft Sprocket Service (DellSupportCenter) (sprtsvc_DellSupportCenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 4914 bytes
You do not have the required permissions to view the files attached to this post.
Apollo
Regular Member
 
Posts: 17
Joined: June 3rd, 2009, 11:13 pm

Re: IE crashes computer/win update blocked/malwarebytes blocked

Unread postby muppy03 » June 17th, 2009, 4:56 pm

Hi Apollo,

1. I just want to revisit an earlier question of yours regarding the MBAM scan. You quarantined the items found instead of removing. These can be safely deleted from the MBAM quarantine folder.
2. I would say AVG has been gone since before we started. It is not in your original uninstall list. We will remedy that this post.

TFC(Temp File Cleaner):

  • Please download TFC to your desktop,
  • Save any unsaved work. TFC will close all open application windows.
  • Double-click TFC.exe to run the program.
  • If prompted, click "Yes" to reboot.
(make sure the computer does reboot before continuing)

Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted. It shouldn't take longer take a couple of minutes, and may only take a few seconds. Only if needed will you be prompted to reboot.


COMBOFIX-Script
A word of warning: Please do not run ComboFix on your own. This tool is not a toy and not for everyday use.


  • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

    Code: Select all
    File:
    C:\Documents and Settings\Kaitlin\Local Settings\Temp\Av-test.txt
    
    Folder::
    c:\program files\AVG	
    c:\documents and settings\All Users\Application Data\avg8
    c:\documents and settings\Kaitlin\Application Data\AVGTOOLBAR
    
    

  • Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.

    Image
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • If you need help to disable your protection programs see here.
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

Open Hijack This and select Do a System Scan Only place a check next to the below lines if still present

    O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL (file missing)
    O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL (file missing)


Once selected close all windows except HJT an click on Fix Checked

REBOOT

Ok lets get a working Antivirus happening. You can go with AVG8 again if that’s what you want or below is a couple of other good free ones.

Please download a free anti-virus software from one these excellent vendors NOW:
1) Antivir PersonalEdition Classic- Free anti-virus software for Windows. Detects and removes more than 50,000 viruses. Free support.
Please note the following if you decide on Antivir Personal Edition
Avira AntiVir Personal - FREE Antivirus is only available for single computer use for home and non commercial use.

2) avast! 4.8 Home Edition - Anti-virus program for Windows. The home edition is freeware for noncommercial users.

It is strongly recommended that you run only one antivirus program at a time. Having more than one antivirus program active in memory uses additional resources and can result in program conflicts and false virus alerts. If you choose to install more than one antivirus program on your computer then only one of them should be active in memory at a time.

Once you have downloaded one of the above please update it and run a full scan

Update Java Runtime

You are using an old version of Java. Sun's Java is sometimes updated in order to eliminate the exploitation of vulnerabilities in an existing version. For this reason, it's extremely important that you keep the program up to date, and also remove the older more vulnerable versions from your system. The most current version of Sun Java is: Java Runtime Environment Version 6 Update 14.
  • Go to Java Site
  • Click to Download Java SE Runtime Environment (JRE) 6 Update 14
  • In Platform box choose Windows.
  • Check the box to Accept License Agreement and click Continue.
  • Click on Windows Offline Installation, click on the link under it which says "jre-6u14-windows-i586-p.exe" and save the downloaded file to your desktop.
  • Go to Start => Control Panel => Add or Remove Programs
  • Uninstall all old versions of Java (Java 3 Runtime Environment, JRE or JSE)
  • Install the new version by running the newly-downloaded file with the java icon which will be at your desktop, and follow the on-screen instructions.
  • Reboot your computer

Please reply with:-
  • Combofix log
  • New HJT log
User avatar
muppy03
MRU Emeritus
MRU Emeritus
 
Posts: 4782
Joined: December 4th, 2007, 5:30 am
Location: Australia

Re: IE crashes computer/win update blocked/malwarebytes blocked

Unread postby Apollo » June 18th, 2009, 2:21 am

oki, i decided to go with Avast this time. so far its nice and quick.

heres the CBfix log

ComboFix 09-06-17.02 - Kaitlin 06/17/2009 18:27.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.894.620 [GMT -6:00]
Running from: c:\documents and settings\Kaitlin\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Kaitlin\Desktop\CFScript.txt
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\avg8
c:\documents and settings\Kaitlin\Application Data\AVGTOOLBAR
c:\program files\AVG
c:\documents and settings\All Users\Application Data\avg8\emc\Log\emc.log
c:\documents and settings\All Users\Application Data\avg8\Log\avgcfg.log
c:\documents and settings\All Users\Application Data\avg8\Log\avgcfg.log.lock
c:\documents and settings\All Users\Application Data\avg8\Log\avgcore.log
c:\documents and settings\All Users\Application Data\avg8\Log\avgcore.log.lock
c:\documents and settings\All Users\Application Data\avg8\Log\avglng.log
c:\documents and settings\All Users\Application Data\avg8\Log\avglng.log.lock
c:\documents and settings\All Users\Application Data\avg8\Log\avgsrm.log
c:\documents and settings\All Users\Application Data\avg8\Log\avgsrm.log.lock
c:\documents and settings\All Users\Application Data\avg8\Log\avgwd.log
c:\documents and settings\All Users\Application Data\avg8\Log\avgwd.log.lock
c:\documents and settings\All Users\Application Data\avg8\Log\avgwdsvc.log
c:\documents and settings\All Users\Application Data\avg8\Log\avgwdsvc.log.lock
c:\documents and settings\All Users\Application Data\avg8\Log\commonpriv.log
c:\documents and settings\All Users\Application Data\avg8\Log\commonpriv.log.lock
c:\documents and settings\All Users\Application Data\avg8\Log\history.xml
c:\program files\AVG\AVG8\cfg\mail.cfg
c:\program files\AVG\AVG8\log\history.xml

.
((((((((((((((((((((((((( Files Created from 2009-05-18 to 2009-06-18 )))))))))))))))))))))))))))))))
.

2009-06-15 17:20 . 2009-06-15 17:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Motive
2009-06-14 18:17 . 2009-06-14 18:17 -------- d-----w- c:\documents and settings\Kaitlin\Local Settings\Application Data\WMTools Downloaded Files
2009-06-11 23:20 . 2009-06-11 23:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2009-06-11 02:34 . 2009-06-11 02:34 -------- d-----w- c:\program files\Windows Media Connect 2
2009-06-11 02:32 . 2009-06-11 02:33 -------- d-----w- C:\2f962a79417bd2753c14b925a38ddfd8
2009-06-11 02:32 . 2009-06-11 02:33 -------- d-----w- c:\windows\system32\drivers\UMDF
2009-06-11 02:32 . 2009-06-11 02:32 -------- d-----w- C:\30257a82ba8bda1b5c
2009-06-11 02:17 . 2009-06-11 02:17 -------- d-sh--w- c:\documents and settings\Kaitlin\IECompatCache
2009-06-11 02:16 . 2009-06-11 02:16 -------- d-sh--w- c:\documents and settings\Kaitlin\PrivacIE
2009-06-11 02:15 . 2009-06-11 02:15 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2009-06-11 02:14 . 2009-06-11 02:14 -------- d-sh--w- c:\documents and settings\Kaitlin\IETldCache
2009-06-11 02:01 . 2009-06-11 02:01 -------- d-----w- c:\windows\system32\XPSViewer
2009-06-11 02:01 . 2009-06-11 02:01 -------- d-----w- c:\program files\MSBuild
2009-06-11 02:00 . 2009-06-11 02:00 -------- d-----w- c:\program files\Reference Assemblies
2009-06-11 02:00 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-06-11 02:00 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2009-06-11 02:00 . 2009-06-11 02:00 -------- d-----w- C:\b2db2028b15ce0cad8313e
2009-06-11 02:00 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2009-06-11 02:00 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2009-06-11 02:00 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2009-06-11 02:00 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2009-06-11 02:00 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-06-11 01:55 . 2009-04-30 21:22 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-06-11 01:55 . 2009-04-30 21:22 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-06-11 01:55 . 2009-06-11 01:55 -------- d-----w- c:\windows\ie8updates
2009-06-11 01:54 . 2009-05-12 05:11 102912 -c----w- c:\windows\system32\dllcache\iecompat.dll
2009-06-11 01:51 . 2009-06-11 01:54 -------- dc-h--w- c:\windows\ie8
2009-06-11 00:03 . 2009-06-11 00:03 3371383 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-06-09 23:53 . 2009-06-17 01:07 152576 ----a-w- c:\documents and settings\Kaitlin\Application Data\Sun\Java\jre1.6.0_14\lzma.dll
2009-06-09 23:37 . 2009-06-09 23:37 -------- d-----w- C:\_OTM
2009-06-07 18:20 . 2009-06-07 18:20 -------- d-----w- c:\program files\Trend Micro
2009-05-25 02:49 . 2009-05-25 02:49 -------- d-----w- c:\documents and settings\Kaitlin\Local Settings\Application Data\Help
2009-05-25 02:38 . 2009-05-25 02:38 -------- d-----w- c:\documents and settings\Kaitlin\Application Data\Sierra
2009-05-25 02:23 . 1998-10-29 23:45 306688 ----a-w- c:\windows\IsUninst.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-17 01:09 . 2009-03-30 08:03 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-06-11 02:15 . 2009-02-20 02:37 45384 ----a-w- c:\documents and settings\Kaitlin\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-11 00:03 . 2009-02-24 06:43 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-09 23:53 . 2009-03-30 08:02 -------- d-----w- c:\program files\Java
2009-05-26 19:20 . 2009-02-24 06:43 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-26 19:19 . 2009-02-24 06:43 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-05-25 04:39 . 2009-04-18 23:32 29080 ---ha-w- c:\windows\system32\mlfcache.dat
2009-05-25 02:37 . 2009-05-25 02:37 -------- d-----w- c:\program files\Common Files\Sierra On-Line
2009-05-25 02:37 . 2009-05-25 02:24 -------- d-----w- c:\program files\Sierra
2009-05-25 02:37 . 2009-02-24 03:36 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-05-23 05:39 . 2009-04-19 01:31 -------- d-----w- c:\documents and settings\Kaitlin\Application Data\gtk-2.0
2009-05-19 01:56 . 2009-05-14 00:24 -------- d-----w- c:\documents and settings\All Users\Application Data\STOPzilla!
2009-05-14 00:58 . 2009-05-14 00:58 -------- d-----w- c:\program files\Alcohol Soft
2009-05-14 00:49 . 2009-05-14 00:49 716272 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-05-13 05:15 . 2004-08-04 12:00 915456 ----a-w- c:\windows\system32\wininet.dll
2009-05-12 05:35 . 2009-05-12 05:35 -------- d-----w- c:\documents and settings\Kaitlin\Application Data\Dell
2009-05-12 05:35 . 2009-02-23 06:28 -------- d-----w- c:\program files\Dell
2009-05-11 14:08 . 2009-05-11 14:08 -------- d-----w- c:\program files\MSXML 4.0
2009-05-10 03:01 . 2009-04-23 05:28 -------- d-----w- c:\documents and settings\Kaitlin\Application Data\mIRC
2009-05-10 02:59 . 2009-04-23 05:28 -------- d-----w- c:\program files\mIRC
2009-05-10 02:49 . 2009-05-10 02:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Hewlett-Packard
2009-05-10 02:48 . 2009-05-10 02:46 124404 ----a-w- c:\windows\hpoins14.dat
2009-05-10 02:47 . 2009-05-10 02:47 -------- d-----w- c:\program files\Hewlett-Packard
2009-05-10 02:47 . 2009-05-10 02:47 -------- d-----w- c:\program files\Common Files\Hewlett-Packard
2009-05-10 02:47 . 2009-05-10 02:47 -------- d-----w- c:\program files\HP
2009-05-09 14:34 . 2009-05-09 14:34 -------- d-----w- c:\program files\LibUSB-Win32-0.1.10.1
2009-05-09 02:15 . 2009-05-09 02:15 -------- d-----w- c:\program files\Synaptics
2009-05-07 15:32 . 2004-08-04 12:00 345600 ----a-w- c:\windows\system32\localspl.dll
2009-05-07 03:26 . 2009-05-07 03:09 -------- d-----w- c:\program files\Project64 1.6
2009-05-07 03:09 . 2009-05-07 03:09 8854 ----a-r- c:\documents and settings\Kaitlin\Application Data\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\Uninstall_Project64__9559F7CA5E344237A2D9D856464AD727.exe
2009-05-07 03:09 . 2009-05-07 03:09 40960 ----a-r- c:\documents and settings\Kaitlin\Application Data\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\NewShortcut1_9559F7CA5E344237A2D9D856464AD727.exe
2009-05-07 03:09 . 2009-05-07 03:09 40960 ----a-r- c:\documents and settings\Kaitlin\Application Data\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\ARPPRODUCTICON.exe
2009-04-29 04:55 . 2009-04-29 04:55 78336 ------w- c:\windows\system32\ieencode.dll
2009-04-24 02:03 . 2009-04-24 02:03 -------- d-----w- c:\program files\Combined Community Codec Pack
2009-04-19 07:38 . 2009-04-19 06:23 684 ----a-w- c:\windows\Fonts\mpatch.txt
2009-04-19 07:38 . 2009-04-19 06:23 5 ----a-w- c:\windows\Fonts\mpatch_allow.txt
2009-04-19 06:28 . 2009-04-19 06:24 32 ----a-w- c:\windows\Fonts\micd.ini
2009-04-19 06:26 . 2009-04-19 06:24 -------- d-----w- c:\windows\Fonts\BGM
2009-04-19 06:24 . 2009-04-19 06:24 -------- d-----w- c:\windows\Fonts\data
2009-04-19 06:24 . 2009-04-19 06:24 -------- d-----w- c:\windows\Fonts\PatchClient
2009-04-19 01:29 . 2009-04-19 01:29 -------- d-----w- c:\program files\GIMP-2.0
2009-04-17 12:26 . 2004-08-04 12:00 1847168 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 14:51 . 2004-08-04 12:00 585216 ----a-w- c:\windows\system32\rpcrt4.dll
2009-03-30 08:02 . 2009-03-30 08:02 152576 ----a-w- c:\documents and settings\Kaitlin\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
.

((((((((((((((((((((((((((((( SnapShot_2009-06-17_00.44.06 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-06-18 00:25 . 2009-06-18 00:25 16384 c:\windows\Temp\Perflib_Perfdata_764.dat
- 2009-06-17 00:38 . 2009-06-17 00:38 16384 c:\windows\Temp\Perflib_Perfdata_764.dat
+ 2009-06-17 01:09 . 2009-06-17 01:09 148888 c:\windows\system32\javaws.exe
- 2009-06-09 23:53 . 2009-05-21 17:34 148888 c:\windows\system32\javaws.exe
+ 2009-06-17 01:09 . 2009-06-17 01:09 144792 c:\windows\system32\javaw.exe
- 2009-06-09 23:53 . 2009-05-21 17:34 144792 c:\windows\system32\javaw.exe
+ 2009-06-17 01:09 . 2009-06-17 01:09 144792 c:\windows\system32\java.exe
- 2009-06-09 23:53 . 2009-05-21 17:34 144792 c:\windows\system32\java.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-07 3885408]
"DellAutomatedPCTuneUp"="c:\program files\DellAutomatedPCTuneUp\PTAgnt.exe" [2007-10-11 465136]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2009-05-14 4608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-11-26 2289664]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 90112]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-05-10 405504]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-10-24 206064]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-10-26 1024000]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-06-17 148888]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Event Planner Reminders Tray Icon.lnk - c:\program files\Sierra\Planner\PLNRnote.exe [2009-5-24 184320]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \0

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=

R2 datunidr;DellAutomatedPCTuneUp UniDriver;c:\windows\system32\drivers\datunidr.sys [8/23/2007 8:29 PM 5376]
R2 libusbd;LibUsb-Win32 - Daemon, Version 0.1.10.1;system32\libusbd-nt.exe --> system32\libusbd-nt.exe [?]
R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;c:\windows\system32\drivers\libusb0.sys [5/7/2009 6:33 PM 33792]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-06-15 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 23:57]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.ca/
uInternet Connection Wizard,ShellNext = iexplore
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-17 18:30
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf104.tmp
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf104.tmp\[isoHunt] Nero 8 Ultra Edition 8.3.0 Multilanguage FULL Retail.torrent 40582 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf10F.tmp
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf10F.tmp\[isoHunt] f5436481d0041374311be582bdd190b3705ee1a6.torrent 1861 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf113.tmp
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf113.tmp\[isoHunt] f5436481d0041374311be582bdd190b3705ee1a6.torrent 1861 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf116.tmp
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf116.tmp\[isoHunt] f5436481d0041374311be582bdd190b3705ee1a6.torrent 1861 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf127.tmp
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf127.tmp\R165094.EXE 10204800 bytes executable
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf13.tmp
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf13.tmp\install_flash_player.exe 1878888 bytes executable
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf139.tmp
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf139.tmp\zsnesw151.zip 867785 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf13F.tmp
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf13F.tmp\Kaitlin's Order.doc 314880 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf14C.tmp
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf14C.tmp\BingoCabin_Downloader.Exe 343168 bytes executable
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf156.tmp
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf156.tmp\Shadowrun.zip 697678 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf159.tmp
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf159.tmp\Illusion of Gaia.zip 1657120 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf15C.tmp
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf15C.tmp\Mystic Quest Legend.zip 362164 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf17.tmp
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf17.tmp\b216.torrent 13794 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf173.tmp
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf173.tmp\b222.torrent 13814 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf18.tmp
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf18.tmp\RyoROskin_08.rar 1105180 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf186.tmp
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf186.tmp\Wolverine - Adamantium Rage.zip 1216500 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf19.tmp
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf19.tmp\wmp11-windowsxp-x86-enu.exe 25752376 bytes executable
c:\docume~1\Kaitlin\LOCALS~1\Temp\VGX1E8.tmp 26121 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\VGX1EA.tmp 0 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\VGX1EB.tmp 0 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\VGX1EC.tmp 6475 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\VGX1ED.tmp 15005 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\WKP10C.tmp 28551 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\WKP11B.tmp 249543 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\WKP124.tmp 249543 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\WKP127.tmp 249543 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\WKP12D.tmp 707179 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\WKP1C9.tmp 653762 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\WKP1D6.tmp 28551 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\WKP1E0.tmp 85171 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\WKP1E3.tmp 707179 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\WKP1E7.tmp 1388048 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\WKP1EC.tmp 85171 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\MSIVX000 0 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\msqpdx000 0 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\ovfsth000 0 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\ovfsthx000 0 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF4B35.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF4BFE.tmp 32768 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF4C09.tmp 512 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF4C2E.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF4C62.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF4CA7.tmp 512 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF4CD6.tmp 32768 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF4CE1.tmp 512 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF4E19.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF4E9F.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF4EE.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF4F57.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF4F68.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF504A.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF509D.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF50D3.tmp 0 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF51D.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF5550.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF566D.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFD5F6.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFD72E.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFD744.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFD8F.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFD9AD.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFDC61.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFDE52.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFDFC.tmp 0 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFE0D6.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFE117.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFE159.tmp 512 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFE1B3.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFE1B4.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFE279.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFE304.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFE3A.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFE40E.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFE41.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFE5.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFE57D.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFE5B.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFE7C.tmp 32768 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFE840.tmp 0 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFE87.tmp 512 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\SafB6.tmp
c:\docume~1\Kaitlin\LOCALS~1\Temp\SafB6.tmp\gmer.zip 278221 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\SafBD.tmp
c:\docume~1\Kaitlin\LOCALS~1\Temp\SafBD.tmp\install_flash_player.exe 1878888 bytes executable
c:\docume~1\Kaitlin\LOCALS~1\Temp\SafC0.tmp
c:\docume~1\Kaitlin\LOCALS~1\Temp\SafC0.tmp\b217.torrent 13814 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\SafC1.tmp
c:\docume~1\Kaitlin\LOCALS~1\Temp\SafC1.tmp\b221.torrent 13814 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\SafC2.tmp
c:\docume~1\Kaitlin\LOCALS~1\Temp\SafC2.tmp\SafC3.tmp.download 594411260 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\SafC3.tmp
c:\docume~1\Kaitlin\LOCALS~1\Temp\SafC3.tmp\VisualBoyAdvance-1.7.2.zip 611913 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\SafC7.tmp
c:\docume~1\Kaitlin\LOCALS~1\Temp\SafC7.tmp\[isoHunt] SNES ROMSET COMPLETE.torrent 218806 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\SafCA.tmp
c:\docume~1\Kaitlin\LOCALS~1\Temp\SafCA.tmp\Visual_Boy_Advance___13_Roms_.3969898.TPB.torrent 11473 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\SafD.tmp
c:\docume~1\Kaitlin\LOCALS~1\Temp\SafD.tmp\nero_8_ultra_edition_crack_zip-Fenopy.com.torrent 1043 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\SafD2.tmp
c:\docume~1\Kaitlin\LOCALS~1\Temp\SafD2.tmp\b220.torrent 13814 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\SafD3.tmp
c:\docume~1\Kaitlin\LOCALS~1\Temp\SafD3.tmp\gimp-2.6.6-i686-setup.exe 16070968 bytes executable
c:\docume~1\Kaitlin\LOCALS~1\Temp\SafF3.tmp
c:\docume~1\Kaitlin\LOCALS~1\Temp\SafF3.tmp\[isoHunt] NDS USA Roms 0000-2496.torrent 140905 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\SafF8.tmp
c:\docume~1\Kaitlin\LOCALS~1\Temp\SafF8.tmp\[isoHunt] GAMEBOY ADVANCE COMPLETE (U) [!] ROMSET.torrent 82175 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\SafFD.tmp
c:\docume~1\Kaitlin\LOCALS~1\Temp\SafFD.tmp\[isoHunt] download.torrent 270189 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\screenMicRO003-1.jpg 216950 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\screenMicRO013-1.jpg 99976 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\jinstall.cfg 931 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\Microsoft .NET Framework 3.5-KB958484_20090611_020607296.html 92608 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\s734070972_2788788_7883627-1.jpg 5492 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf1AD.tmp
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf1AD.tmp\Terranigma.zip 2986637 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf3B5.tmp
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf3B5.tmp\R175658.exe 14056879 bytes executable
c:\docume~1\Kaitlin\LOCALS~1\Temp\SafB2.tmp
c:\docume~1\Kaitlin\LOCALS~1\Temp\SafB2.tmp\mirc635.exe 1751280 bytes executable
c:\docume~1\Kaitlin\LOCALS~1\Temp\seneka000 0 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\sx6CE.tmp 0 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\VGX1E7.tmp 7633 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\WKP1F1.tmp 653762 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\WKPC3.tmp 8295 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF10B0.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF2C3D.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF4815.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF577.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF7557.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF8D11.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFACD.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFBDD4.tmp 512 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFD5D.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFE9DA.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFF6E3.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFE9E.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFEAAA.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFEAE8.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFEB95.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFEC52.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFECA4.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFED8A.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFEDF.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFEEA.tmp 512 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFEF41.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFEFAB.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFF19.tmp 32768 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFF24.tmp 512 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFF2A0.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFF354.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFF446.tmp 0 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFF513.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFF5EC.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFF60.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFF674.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFF6AD.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\tdss000 0 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\tmp163.tmp 343040 bytes executable
c:\docume~1\Kaitlin\LOCALS~1\Temp\tmp2E.tmp 343040 bytes executable
c:\docume~1\Kaitlin\LOCALS~1\Temp\tmp39.tmp 343040 bytes executable
c:\docume~1\Kaitlin\LOCALS~1\Temp\tmp4C.tmp 343040 bytes executable
c:\docume~1\Kaitlin\LOCALS~1\Temp\UAC000 0 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\UIRoundedImage-1.png 1652 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\UIRoundedImage-2.png 1652 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\UIRoundedImage-3.png 1652 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\UIRoundedImage-4.png 1652 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\update000.log 612 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\update001.log 607 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\update002.log 549 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\update003.log 578 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\update004.log 574 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\uxeventlog.txt 602644 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\setb0.tmp 299520 bytes executable
c:\docume~1\Kaitlin\LOCALS~1\Temp\setb1.tmp 408064 bytes executable
c:\docume~1\Kaitlin\LOCALS~1\Temp\setb2.tmp 230912 bytes executable
c:\docume~1\Kaitlin\LOCALS~1\Temp\setb3.tmp 151552 bytes executable
c:\docume~1\Kaitlin\LOCALS~1\Temp\setb4.tmp 2174976 bytes executable
c:\docume~1\Kaitlin\LOCALS~1\Temp\setb5.tmp 102400 bytes executable
c:\docume~1\Kaitlin\LOCALS~1\Temp\setb6.tmp 396528 bytes executable
c:\docume~1\Kaitlin\LOCALS~1\Temp\setb7.tmp 227328 bytes executable
c:\docume~1\Kaitlin\LOCALS~1\Temp\setb8.tmp 2376760 bytes executable
c:\docume~1\Kaitlin\LOCALS~1\Temp\Setup0000.log 1912 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\setup_wm.exe 774144 bytes executable
c:\docume~1\Kaitlin\LOCALS~1\Temp\SKYNET000 0 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\spacer-1.gif 67 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\sta74.tmp 0 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\STOPzilla!
c:\docume~1\Kaitlin\LOCALS~1\Temp\STOPzilla!\SZPro5.msi 13225984 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFBEA0.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFBEAB.tmp 512 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFBFF4.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFC10.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFC359.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFC53A.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFC6A.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFCDE.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFD0DA.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFD184.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFD3E.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFD488.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFD548.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFD56E.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFD57C.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFD58.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF9297.tmp 32768 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF92A2.tmp 512 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF92FA.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF9305.tmp 512 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF9334.tmp 32768 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF933F.tmp 512 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF938A.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF941C.tmp 32768 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF9427.tmp 512 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF94A9.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF94B4.tmp 512 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF9651.tmp 32768 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF965C.tmp 512 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF96C1.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF98B.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF9E2.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF9F1B.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFA186.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFA3.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFA79B.tmp 114688 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFA8E7.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFA989.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFAA16.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFF6FD.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFF738.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFF7B8.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFF839.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFF893.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFF9EA.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFFA84.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFFAC7.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFFB99.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFFC49.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFFD63.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFFE51.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFFE6.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFFE6A.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFFF44.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFFF66.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFFFE4.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~nsu.tmp
c:\docume~1\Kaitlin\LOCALS~1\Temp\~nsu.tmp\Au_.exe 355862 bytes executable
c:\docume~1\Kaitlin\LOCALS~1\Temp\wmplog00.sqm 1384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\wp00e2a32b-1.png 136892 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\WPDNSE
c:\docume~1\Kaitlin\LOCALS~1\Temp\xpz1B8.tmp 0 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\_add_ds.log 272 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\{E19E99D8-8C7F-4B54-926D-920550CBB20C}
c:\docume~1\Kaitlin\LOCALS~1\Temp\{E19E99D8-8C7F-4B54-926D-920550CBB20C}\{C5074CC4-0E26-4716-A307-960272A90040}
c:\docume~1\Kaitlin\LOCALS~1\Temp\{E19E99D8-8C7F-4B54-926D-920550CBB20C}\{C5074CC4-0E26-4716-A307-960272A90040}\difxapi.dll 337320 bytes executable
c:\docume~1\Kaitlin\LOCALS~1\Temp\{E19E99D8-8C7F-4B54-926D-920550CBB20C}\{C5074CC4-0E26-4716-A307-960272A90040}\setup.log 441 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF122C.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF1282.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF1471.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF156B.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF164F.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF18B3.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF1A30.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF1A65.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF1BD5.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF1C78.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF1C99.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF1CC.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF1CF2.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF1D2.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF1D74.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF1D8C.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF1ED1.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF203.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF207D.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF21BD.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF21D0.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF24BE.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF25E7.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF27.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF2898.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF28E5.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF29A5.tmp 0 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF5897.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF596B.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF59E.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF5BE8.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF5C41.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF5D60.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF5DF.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF63A3.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF6BAE.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF6C7A.tmp 0 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF6DD5.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF6F70.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF71EA.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF747F.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf44.tmp
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf44.tmp\BingoCabin_Downloader.Exe 343168 bytes executable
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf47.tmp
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf47.tmp\kellyanngothic.zip 45305 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf4D.tmp
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf4D.tmp\Aura Collection 3.rar 898177 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf52.tmp
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf52.tmp\[isoHunt] Final Fantasy collection by ga8i.torrent 421607 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf59.tmp
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf59.tmp\mbam-setup.exe 2967800 bytes executable
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf63.tmp
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf63.tmp\[isoHunt] Zoom Player Home MAX 6.00.torrent 3273 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf65.tmp
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf65.tmp\b219.torrent 13814 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf69.tmp
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf69.tmp\vlc-0.9.9-win32.exe 16742799 bytes executable
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf79.tmp
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf79.tmp\avg_free_stf_en_85_339a1525.exe 65103168 bytes executable
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf795.tmp
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf795.tmp\project64_1.6.exe 2080797 bytes executable
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf7B.tmp
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf7B.tmp\DJ_AIO_Corporate_NonNetwork_DVD.exe 53061336 bytes executable
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf80.tmp
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf80.tmp\STOPzilla_Setup.exe 349696 bytes executable
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf89.tmp
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf89.tmp\wmp10.exe 12754672 bytes executable
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf9A.tmp
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf9A.tmp\lspfix.zip 183158 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\SafAC.tmp
c:\docume~1\Kaitlin\LOCALS~1\Temp\SafAC.tmp\Mouse Freedom.rar 67859 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\SafAD.tmp
c:\docume~1\Kaitlin\LOCALS~1\Temp\SafAD.tmp\[isoHunt] SUPER NINTENDO-COMPLETE COLLECTION_700 ROMS.torrent 71749 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\SafB.tmp
c:\docume~1\Kaitlin\LOCALS~1\Temp\SafB.tmp\Combined-Community-Codec-Pack-2008-09-21.exe 6833525 bytes executable
c:\docume~1\Kaitlin\LOCALS~1\Temp\SafB0.tmp
c:\docume~1\Kaitlin\LOCALS~1\Temp\SafB0.tmp\[isoHunt] 1fab6c04cf9e7518308939a13bad40908020ad06.torrent 2469 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\jusched.log 2178 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\kungsf000 0 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\log.txt 138905 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\MessengerCache
c:\docume~1\Kaitlin\LOCALS~1\Temp\Microsoft .NET Framework 2.0-KB958481_20090611_020304281.html 498172 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\Microsoft .NET Framework 3.0-KB958483_20090611_020533546-Msi0.txt 2118688 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\Microsoft .NET Framework 3.0-KB958483_20090611_020533546.html 111624 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\Microsoft .NET Framework 3.5-KB958484_20090611_020607296-Msi0.txt 753122 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf1B.tmp
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf1B.tmp\Nero 8+crack.torrent 14821 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf1DD.tmp
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf1DD.tmp\legitcheck.hta 4812 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf1E3.tmp
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf1E3.tmp\legitcheck.hta 4812 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf1E5.tmp
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf1E5.tmp\SetupMusicnotesPluginNS.exe 204080 bytes executable
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf1E9.tmp
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf1E9.tmp\legitcheck.hta 4812 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf1F6.tmp
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf1F6.tmp\31870_Kaitlin_Grundy.doc 3866 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf2.tmp
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf2.tmp\bitcomet_setup.exe 5797624 bytes executable
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf20.tmp
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf20.tmp\fatfingers_0002.wmv 3360249 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf20A.tmp
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf20A.tmp\TGB_Dual_7.zip 198524 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf20C.tmp
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf20C.tmp\AHT FT Apr.doc 111104 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf21.tmp
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf21.tmp\legitcheck.hta 4821 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf239.tmp
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf239.tmp\vbalink172.zip 545610 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf28.tmp
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf28.tmp\Saf29.tmp.download 499973592 bytes executable
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf306.tmp
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf306.tmp\[isoHunt] Microsoft Office 2007 Premium Edition.torrent 11751 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf33.tmp
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf33.tmp\Saf34.tmp.download 570769408 bytes executable
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf37.tmp
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf37.tmp\FW New Sony Gadget.eml.mht 7286666 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFAD6C.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFB101.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFB17.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFBACE.tmp 32768 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFBAD9.tmp 512 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFBB76.tmp 32768 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFBB81.tmp 512 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFBD2C.tmp 32768 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFBD37.tmp 512 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFBD8F.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFBD9A.tmp 512 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFBDC9.tmp 32768 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFBDD0.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\Perflib_Perfdata_810.dat 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\Perflib_Perfdata_818.dat 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\Perflib_Perfdata_8e8.dat 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\Perflib_Perfdata_a44.dat 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\Perflib_Perfdata__755.dat 60416 bytes executable
c:\docume~1\Kaitlin\LOCALS~1\Temp\photolayout-1.gif 119568 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\quadra000 0 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\RarSFX0
c:\docume~1\Kaitlin\LOCALS~1\Temp\s1191210417_8272-1.jpg 3855 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\1b1df5.mst 985088 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\1c1d64.mst 985088 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\AUInst.log 268 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\Av-test.txt 72 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\catchme.dll 53248 bytes executable
c:\docume~1\Kaitlin\LOCALS~1\Temp\dgm000 0 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\gaopdx000 0 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\gxvxc000 0 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\java_install.log 26974 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\java_install_reg.log 7573 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\java_install_sp.log 2494 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\WKP1F5.tmp 28551 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\WKP27.tmp 928714 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\WKP2DF.tmp 653762 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\WKP305.tmp 3369046 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\WKP5F.tmp 653762 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\WKP63.tmp 113561 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\WKP65.tmp 104964 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\WKP67.tmp 121035 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\WKP74.tmp 50866 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\WKP81.tmp 337277 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\WKPAC.tmp 37891 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\WKPC2.tmp 191724 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF2E6D.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF2E7C.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF3091.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF310B.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF314D.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF31EE.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF327E.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF3379.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF342F.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF34C2.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF34D2.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF34E3.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF350A.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF35C9.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF35EF.tmp 0 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF3627.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF36C2.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF38E0.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF3A63.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF3F63.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF4111.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF4247.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF426B.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF43E.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF43F4.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF45C0.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF46C0.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF76F7.tmp 0 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF77A.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF77F9.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF787E.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF78D8.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF7B54.tmp 0 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF7BB4.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF7C16.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF7DE1.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF7DF4.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF820.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF82E5.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF831.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF84D3.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF861.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF88B.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF8CF9.tmp 16384 bytes

scan completed successfully
hidden files: 478

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(808)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2009-06-18 18:32
ComboFix-quarantined-files.txt 2009-06-18 00:31
ComboFix2.txt 2009-06-17 00:45
ComboFix3.txt 2009-06-11 00:26

Pre-Run: 58,774,347,776 bytes free
Post-Run: 58,763,718,656 bytes free

675 --- E O F --- 2009-06-14 18:20

and the new JT log
Apollo
Regular Member
 
Posts: 17
Joined: June 3rd, 2009, 11:13 pm

Re: IE crashes computer/win update blocked/malwarebytes blocked

Unread postby Apollo » June 18th, 2009, 2:23 am

Logfile of HijackThis v1.99.1
Scan saved at 6:01:13 PM, on 6/3/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\libusbd-nt.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\BitComet\BitComet.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\DellAutomatedPCTuneUp\PTAgnt.exe
C:\Program Files\Sierra\Planner\PLNRnote.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Safari\Safari.exe
C:\Documents and Settings\Kaitlin\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.3.3.2.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL (file missing)
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
O4 - HKLM\..\Run: [dellsupportcenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe" /tray
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [DellAutomatedPCTuneUp] "C:\Program Files\DellAutomatedPCTuneUp\PTAgnt.exe" /startup
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - Global Startup: Event Planner Reminders Tray Icon.lnk = C:\Program Files\Sierra\Planner\PLNRnote.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.3.3.2.dll/206 (file missing)
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{67F35166-FB4B-4749-A1C5-06AA1DF4C8F1}: NameServer = 85.255.112.21,85.255.112.89
O17 - HKLM\System\CCS\Services\Tcpip\..\{7C9BF986-973A-429F-84C4-126106F50860}: NameServer = 85.255.112.21,85.255.112.89
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.112.21,85.255.112.89
O17 - HKLM\System\CS1\Services\Tcpip\..\{67F35166-FB4B-4749-A1C5-06AA1DF4C8F1}: NameServer = 85.255.112.21,85.255.112.89
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.21,85.255.112.89
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DellAMBrokerService - Unknown owner - C:\Program Files\DellAutomatedPCTuneUp\brkrsvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)
O23 - Service: LibUsb-Win32 - Daemon, Version 0.1.10.1 (libusbd) - http://libusb-win32.sourceforge.net - C:\WINDOWS\system32\libusbd-nt.exe
O23 - Service: SupportSoft Sprocket Service (DellSupportCenter) (sprtsvc_DellSupportCenter) - Unknown owner - C:\Program Files\Dell Support Center\bin\sprtsvc.exe" /service /P DellSupportCenter (file missing)
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
Apollo
Regular Member
 
Posts: 17
Joined: June 3rd, 2009, 11:13 pm

Re: IE crashes computer/win update blocked/malwarebytes blocked

Unread postby muppy03 » June 18th, 2009, 6:41 am

Hi Apollo, Nearly done, things are looking good. You scared the ‘you know what’ out of me with the HJT log you posted. It is full of infection, then I noticed it was an old one. Please don’t scare me again, I am getting old after all :roll: .

Please click on Start then run. Copy and paste what is in the below code box and then click ok

Code: Select all
cmd /c del /F /Q  "C:\Documents and Settings\Kaitlin\Local Settings\Temp\*.*"

You will see a brief flash of black, that is ok.

REBOOT This is very important, please confirm that you do reboot.

Next click Start->Run, copy/paste the following command into the box and press OK:
cmd /c dir "C:\Documents and Settings\Kaitlin\Local Settings\Temp\*.*" /A >> "%userprofile%\desktop\look.txt"

A blank command window will open on your desktop, then close in a minute or two. This is normal.
A file called look.txt should appear on your Desktop. Please post the contents of this file, along with a NEW HJT Log

Also how is the computer running now?
User avatar
muppy03
MRU Emeritus
MRU Emeritus
 
Posts: 4782
Joined: December 4th, 2007, 5:30 am
Location: Australia

Re: IE crashes computer/win update blocked/malwarebytes blocked

Unread postby Apollo » June 21st, 2009, 2:57 pm

hello again, sorry for the delay.
so the computer seems to be running completely normal,
here is the look.txt

Volume in drive C has no label.
Volume Serial Number is F0BA-BD47

Directory of C:\Documents and Settings\Kaitlin\Local Settings\Temp

06/21/2009 12:49 PM <DIR> .

and the new HJT ( :oops: lol i have no idea how i did that last time)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:52:28 PM, on 6/21/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\libusbd-nt.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\WINDOWS\system32\MMTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\DellAutomatedPCTuneUp\PTAgnt.exe
C:\Program Files\Sierra\Planner\PLNRnote.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
O4 - HKLM\..\Run: [dellsupportcenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [MMTray] MMTray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [DellAutomatedPCTuneUp] "C:\Program Files\DellAutomatedPCTuneUp\PTAgnt.exe" /startup
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - Global Startup: Event Planner Reminders Tray Icon.lnk = C:\Program Files\Sierra\Planner\PLNRnote.exe
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (file missing)
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DellAMBrokerService - Unknown owner - C:\Program Files\DellAutomatedPCTuneUp\brkrsvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LibUsb-Win32 - Daemon, Version 0.1.10.1 (libusbd) - http://libusb-win32.sourceforge.net - C:\WINDOWS\system32\libusbd-nt.exe
O23 - Service: SupportSoft Sprocket Service (DellSupportCenter) (sprtsvc_DellSupportCenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 5600 bytes
Apollo
Regular Member
 
Posts: 17
Joined: June 3rd, 2009, 11:13 pm

Re: IE crashes computer/win update blocked/malwarebytes blocked

Unread postby muppy03 » June 21st, 2009, 7:02 pm

Hi Apollo,

Glad the computer is running well, logs are looking good. :cheers:

Lets clean up!

Open Hijack This and select Do a System Scan Only place a check next to the below lines if still present

    O3 - Toolbar: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)

Once selected close all windows except HJT an click on Fix Checked

Time for some housekeeping
  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK
  • Image
The above procedure will reset your System Restore and clear out the backups and quarantines created during the course of this fix.

Next
  • Double-click OTM.exe. (Vista users, please right click on OTM.exe and select "Run as an Administrator")
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes, if not delete it by yourself.

So now that the computer is clean, lets try and keep it that way by following the below recommendations.

You aren't running Firewall Software. Please download and install one

Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is susceptible to being hacked and taken over. If you use the Windows Firewall you might think that's sufficient but it only controls one way of the traffic (inbound). Simply using a Firewall in its default configuration can lower your risk greatly. Here are some firewalls which are free for personal use and most used:
Comodo (Uncheck during installation "Install COMODO Antivirus (Recommended)", "Install Comodo SafeSurf", "Make Comodo my default search provider" and "Make Comodo Search my homepage")
ZoneAlarm

Make your Internet Explorer more secure - This can be done by following these simple instructions:
  • From within Internet Explorer click on the Tools menu and then click on Options.
  • Click once on the Security tab
  • Click once on the Internet icon so it becomes highlighted.
  • Click once on the Custom Level button.
    • Change the Download signed ActiveX controls to Prompt
    • Change the Download unsigned ActiveX controls to Disable
    • Change the Initialise and script ActiveX controls not marked as safe to Disable
    • Change the Installation of desktop items to Prompt
    • Change the Launching programs and files in an IFRAME to Prompt
    • Change the Navigate sub-frames across different domains to Prompt
    • When all these settings have been made, click on the OK button.
    • If it prompts you as to whether or not you want to save the settings, press the Yes button.

Here are some free programs I recommend that could help you improve your computer's security.

Update your Antivirus programs and other security products regularly to avoid new threats that could infect your system. If you do not update your anti virus software then it will not be able to catch any of the new variants that may come out.

You can use one of these sites to check if any updates are needed for your pc.
Secunia Software Inspector
F-secure Health Check


Install SpyWare Blaster 4.0
Download it from here
Find here the tutorial on how to use Spyware Blaster here

Install WinPatrol
Download it from here
Here you can find information about how WinPatrol works here

Install MVPS Hosts File from here
The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer.
Find Tutorial here : http://www.mvps.org/winhelp2002/hosts.htm

Read some information here how to prevent Malware.

Happy Safe Surfing :flower:
User avatar
muppy03
MRU Emeritus
MRU Emeritus
 
Posts: 4782
Joined: December 4th, 2007, 5:30 am
Location: Australia

Re: IE crashes computer/win update blocked/malwarebytes blocked

Unread postby Apollo » June 21st, 2009, 7:23 pm

wowza its all taken care of. I just wanna say thank you so much again for all your help.
and now that i'm finally all clean its off to the acadamy i go, i'd love to be able to help somone out as much as you have.

Appreciate all your hard work.

Apollo,
Apollo
Regular Member
 
Posts: 17
Joined: June 3rd, 2009, 11:13 pm
Advertisement
Register to Remove

PreviousNext

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 25 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware