DaniWeb IT Discussion Community - View Single Post - Not sure whats wrong,please take a look!!

Re: Not sure whats wrong,please take a look!!

Apr 25th, 2007

HIfirstly i could not find this IPwins anywhere??!!COMBOFIX"Kristy" - 07-04-25 18:01:46 Service Pack 2 ComboFix 07-04-25.4V - Running from: "C:\Program Files\AOL 9.0a\download\"(((((((((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))C:\WINDOWS\system32\ckvsdvkq.dllC:\WINDOWS\system32\uvsmgbug.dll* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))C:\WINDOWS\keyboard111.datC:\WINDOWS\keyboard121.datC:\WINDOWS\system32\ebgqppspe\winlogon.exeC:\WINDOWS\system32\ebgqppspe\winlogon.iniC:\WINDOWS\system32\packet.dllC:\WINDOWS\system32\pthreadVC.dllC:\WINDOWS\system32\wanpacket.dllC:\WINDOWS\system32\wpcap.dllC:\Program Files\winupdates\a.zipC:\WINDOWS\system32\components\flx0.dllC:\WINDOWS\system32\components\flx1.dllC:\WINDOWS\system32\components\flx10.dllC:\WINDOWS\system32\components\flx11.dllC:\WINDOWS\system32\components\flx12.dllC:\WINDOWS\system32\components\flx13.dllC:\WINDOWS\system32\components\flx14.dllC:\WINDOWS\system32\components\flx15.dllC:\WINDOWS\system32\components\flx16.dllC:\WINDOWS\system32\components\flx17.dllC:\WINDOWS\system32\components\flx18.dllC:\WINDOWS\system32\components\flx19.dllC:\WINDOWS\system32\components\flx2.dllC:\WINDOWS\system32\components\flx20.dllC:\WINDOWS\system32\components\flx21.dllC:\WINDOWS\system32\components\flx22.dllC:\WINDOWS\system32\components\flx23.dllC:\WINDOWS\system32\components\flx24.dllC:\WINDOWS\system32\components\flx25.dllC:\WINDOWS\system32\components\flx26.dllC:\WINDOWS\system32\components\flx27.dllC:\WINDOWS\system32\components\flx28.dllC:\WINDOWS\system32\components\flx29.dllC:\WINDOWS\system32\components\flx3.dllC:\WINDOWS\system32\components\flx30.dllC:\WINDOWS\system32\components\flx31.dllC:\WINDOWS\system32\components\flx32.dllC:\WINDOWS\system32\components\flx33.dllC:\WINDOWS\system32\components\flx34.dllC:\WINDOWS\system32\components\flx35.dllC:\WINDOWS\system32\components\flx36.dllC:\WINDOWS\system32\components\flx4.dllC:\WINDOWS\system32\components\flx5.dllC:\WINDOWS\system32\components\flx6.dllC:\WINDOWS\system32\components\flx7.dllC:\WINDOWS\system32\components\flx8.dllC:\WINDOWS\system32\components\flx9.dllC:\Program Files\Common Files\{54F00~1\system.dllC:\WINDOWS\system32\nvs2.infC:\install.logC:\WINDOWS\system32\drivers\npf.sysC:\Program Files\winupdatesC:\WINDOWS\system32\componentsC:\Program Files\Common Files\{34F00~1C:\Program Files\Common Files\{54F00~2C:\Program Files\Common Files\{54F00~1C:\WINDOWS\system32\pmbvkxh_navps.datC:\WINDOWS\system32\pmbvkxh.exeC:\WINDOWS\system32\pmbvkxh.dat~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~Folders Quarantined:C:\qoobox\purity\C\DOCUME~1C:\qoobox\purity\C\DOCUME~1\KristyC:\qoobox\purity\C\DOCUME~1\Kristy\APPLIC~1C:\qoobox\purity\C\DOCUME~1\Kristy\MYDOCU~1C:\qoobox\purity\C\DOCUME~1\Kristy\APPLIC~1\PPPATC~1C:\qoobox\purity\C\DOCUME~1\Kristy\MYDOCU~1\CROSOF~1C:\qoobox\purity\C\DOCUME~1\Kristy\MYDOCU~1\RACLE~1C:\qoobox\purity\C\DOCUME~1\Kristy\MYDOCU~1\SCURIT~1C:\qoobox\purity\C\Program Files\APPATC~1C:\qoobox\purity\C\Program Files\CURITY~1C:\qoobox\purity\C\Program Files\DOBE~1C:\qoobox\purity\C\Program Files\SCURIT~1C:\qoobox\purity\C\Program Files\WNSXS~1C:\qoobox\purity\C\Program Files\YMBOLS~1C:\qoobox\purity\C\Program Files\Common Files\DOBE~1C:\qoobox\purity\C\Program Files\Common Files\RACLE~1C:\qoobox\purity\C\Program Files\Common Files\SKS~1C:\qoobox\purity\C\WINDOWS\CROSOF~1.NETC:\qoobox\purity\C\WINDOWS\DOBE~1C:\qoobox\purity\C\WINDOWS\MANTEC~1C:\qoobox\purity\C\WINDOWS\MCROSO~1C:\qoobox\purity\C\WINDOWS\system32\DOBE~1C:\qoobox\purity\C\WINDOWS\system32\YMANTE~1((((((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))-------\nm-------\NPF-------\LEGACY_NETWORK_MONITOR-------\LEGACY_NM-------\LEGACY_NPF((((((((((((((((((((((((((((((( Files Created from 2007-03-25 to 2007-04-25 ))))))))))))))))))))))))))))))))))2007-04-25 14:42 d-------- C:\WINDOWS\system32\NtmsData2007-04-25 10:01 d-------- C:\Program Files\New Folder2007-04-24 18:46 d-------- C:\DOCUME~1\Kristy\APPLIC~1\Solitaire.Com2007-04-24 14:56 d-------- C:\Program Files\Big City Adventure - San Francisco2007-04-24 14:56 d-------- C:\Program Files\BFG2007-04-22 14:40 375,785 --a------ C:\WINDOWS\system32\ogycsrw.exe2007-04-20 14:40 373,160 --a------ C:\WINDOWS\system32\hzhkhdet.exe2007-04-15 18:19 65,536 --a------ C:\WINDOWS\IFinst27.exe2007-04-13 12:24 d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\InstallShield2007-04-13 12:19 d-------- C:\Program Files\GALA-NET2007-04-13 12:06 d-------- C:\WINDOWS\system32\FlashAX2007-04-11 18:47 d-------- C:\Program Files\Shockwave.com2007-04-09 22:46 d-------- C:\Program Files\MSXML 4.02007-04-09 22:46 d-------- C:\3b10545d3d62bb28bf60f37c2007-04-09 19:50 d-------- C:\WINDOWS\network diagnostic2007-04-09 19:10 d-------- C:\WINDOWS\CAVTemp2007-04-09 15:45 95,760 --a------ C:\WINDOWS\system32\isafeif.dll2007-04-09 15:45 75,280 --a------ C:\WINDOWS\system32\vetredir.dll2007-04-09 15:45 75,280 --a------ C:\WINDOWS\system32\isafprod.dll2007-04-09 15:45 629,216 --a------ C:\WINDOWS\system32\drivers\vetefile.sys2007-04-09 15:45 32,528 --a------ C:\WINDOWS\system32\drivers\vetmonnt.sys2007-04-09 15:45 26,640 --a------ C:\WINDOWS\system32\drivers\vet-filt.sys2007-04-09 15:45 21,648 --a------ C:\WINDOWS\system32\drivers\vetfddnt.sys2007-04-09 15:45 21,392 --a------ C:\WINDOWS\system32\drivers\vet-rec.sys2007-04-09 15:45 108,544 --a------ C:\WINDOWS\system32\drivers\veteboot.sys2007-04-09 15:44 d-------- C:\Program Files\CA2007-04-09 15:44 d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\CA2007-04-09 13:57 d-------- C:\Program Files\Smart PC Solutions2007-04-09 13:57 d-------- C:\DOCUME~1\Kristy\APPLIC~1\Smart PC Solutions2007-04-09 13:19 d-------- C:\Program Files\RegistrySmart2007-04-09 13:19 d-------- C:\DOCUME~1\Kristy\APPLIC~1\RegistrySmart2007-04-06 15:05 d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!2007-04-06 15:03 d-------- C:\Program Files\Messenger Plus! Live2007-04-06 14:37 d-------- C:\DOCUME~1\Kristy\APPLIC~1\MSNInstaller2007-04-06 13:15 241,066 --a------ C:\WINDOWS\system32\pmbvkxh_nav.dat2007-04-05 21:57 d-------- C:\DOCUME~1\Kristy\APPLIC~1\Screenshot Sender2007-04-04 18:48 77,160 --a------ C:\WINDOWS\DSETUP.dll2007-04-04 18:48 503,144 --a------ C:\WINDOWS\DXSETUP.exe2007-04-04 18:48 1,673,576 --a------ C:\WINDOWS\dsetup32.dll2007-04-03 14:27 1,246,096 ---hs---- C:\WINDOWS\system32\ttvwa.ini22007-03-31 19:47 d-------- C:\Program Files\Zylom Games2007-03-30 14:28 1,257,356 ---hs---- C:\WINDOWS\system32\ttvwa.bak22007-03-29 13:26 1,261,135 ---hs---- C:\WINDOWS\system32\ttvwa.bak12007-03-25 16:00 1,264,716 ---hs---- C:\WINDOWS\system\tnebli.ini2(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))2007-04-17 20:15 -------- d-------- C:\Program Files\morpheus2007-04-15 19:53 -------- d-------- C:\Program Files\msn games2007-04-15 18:23 -------- d-------- C:\Program Files\gpotato2007-04-15 14:22 874 --a------ C:\DOCUME~1\Kristy\APPLIC~1\adobedlm.log2007-04-15 14:22 6 --a------ C:\DOCUME~1\Kristy\APPLIC~1\dm.ini2007-04-14 16:46 -------- d--h----- C:\Program Files\installshield installation information2007-04-13 12:19 -------- d-------- C:\Program Files\Common Files\installshield2007-04-13 12:16 3583 --a--c--- C:\WINDOWS\mozver.dat2007-04-09 19:10 -------- d-------- C:\Program Files\windows nt2007-04-06 15:22 -------- d-------- C:\Program Files\Common Files\symantec shared2007-04-06 15:03 -------- d-------- C:\Program Files\msn messenger2007-03-31 19:59 -------- d-------- C:\DOCUME~1\Kristy\APPLIC~1\zylom2007-03-31 18:36 -------- d-------- C:\DOCUME~1\Kristy\APPLIC~1\mysterystudio2007-03-21 16:08 142568 --a------ C:\WINDOWS\system32linkprd.exe2007-03-20 12:13 -------- d-------- C:\DOCUME~1\Kristy\APPLIC~1\magic academy2007-03-19 13:26 -------- d-------- C:\Program Files\arthurian2007-03-19 00:43 155411 --a------ C:\WINDOWS\system32\drivers\dump_wmimmc.sys2007-03-17 14:43 292864 --a------ C:\WINDOWS\system32\winsrv.dll2007-03-16 09:30 -------- d-------- C:\Program Files\messengerskinner2007-03-16 02:54 1159320 ---hs---- C:\WINDOWS\system32\ycbeg.ini22007-03-15 17:42 1166408 ---hs---- C:\WINDOWS\system32\ycbeg.bak22007-03-15 13:12 -------- d-------- C:\Program Files\cyberlink2007-03-15 13:09 -------- d-------- C:\Program Files\epson2007-03-15 13:06 -------- d-------- C:\Program Files\logitech2007-03-15 12:55 -------- d--h----- C:\Program Files\zero g registry2007-03-14 21:27 -------- d-------- C:\DOCUME~1\Kristy\APPLIC~1\messengerskinner2007-03-14 13:49 23040 --a------ C:\symlcsv1.exe2007-03-10 19:24 -------- d-------- C:\Program Files\mythwar_en2007-03-09 23:51 -------- d-------- C:\DOCUME~1\Kristy\APPLIC~1\imvu2007-03-09 20:10 -------- d-------- C:\DOCUME~1\Kristy\APPLIC~1\utorrent2007-03-09 03:03 1189183 ---hs---- C:\WINDOWS\system32\ycbeg.bak12007-03-09 01:15 -------- d-------- C:\Program Files\iwin2007-03-08 16:36 577536 --a------ C:\WINDOWS\system32\user32.dll2007-03-08 16:36 40960 --a------ C:\WINDOWS\system32\mf3216.dll2007-03-08 16:36 281600 --a------ C:\WINDOWS\system32\gdi32.dll2007-03-08 14:47 1843584 --a------ C:\WINDOWS\system32\win32k.sys2007-03-06 01:23 -------- d-------- C:\Program Files\imvu2007-03-04 15:01 -------- d-------- C:\Program Files\webroot2007-03-04 14:28 1195546 ---hs---- C:\WINDOWS\system32\mlkkj.bak22007-03-04 14:28 1192247 ---hs---- C:\WINDOWS\system32\mlkkj.ini22007-03-03 11:04 1194788 ---hs---- C:\WINDOWS\system32\mlkkj.bak12007-02-26 11:53 164 --a------ C:\install.dat2007-02-14 02:27 28672 --a------ C:\WINDOWS\system32\f3pssavr.scr2007-02-08 00:39 6144 --ahs---- C:\Program Files\thumbs.db2007-02-05 21:17 185344 --a------ C:\WINDOWS\system32\upnphost.dll2007-02-02 18:31 311 --a------ C:\DOCUME~1\Kristy\APPLIC~1\bbbconfig.dat2007-01-24 00:50 25341718 --a------ C:\Program Files\imvu.zip(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll{9030D464-4C02-4ABF-8ECC-5164760863C6} C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-gb\msntb.dll[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]"AOLDialer"="\"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe\"""LVCOMSX"="C:\\WINDOWS\\system32\\LVCOMSX.EXE""BluetoothAuthenticationAgent"="\"rundll32.exe\" bthprops.cpl,,BluetoothAuthenticationAgent""HostManager"="\"C:\\Program Files\\Common Files\\AOL\\1149184109\\ee\\AOLSoftware.exe\"""NvCplDaemon"="\"RUNDLL32.EXE\" C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup""MCUpdateExe"="C:\\PROGRA~1\\mcafee.com\\agent\\mcupdate.exe""Lexmark X84-X85 Button Monitor"="C:\\PROGRA~1\\LEXMAR~1\\ACMonitor_X84-X85.exe""Lexmark X84-X85 Button Manager"="C:\\PROGRA~1\\LEXMAR~1\\AcBtnMgr_X84-X85.exe""PrinTray"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\printray.exe""SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0_01\\bin\\jusched.exe\"""cctray"="\"C:\\Program Files\\CA\\CA Internet Security Suite\\cctray\\cctray.exe\"""QOELOADER"="\"C:\\Program Files\\CA\\CA Internet Security Suite\\CA Anti-Spam\\QSP-5.0.419.0\\QOELoader.exe\"""CAVRID"="\"C:\\Program Files\\CA\\CA Internet Security Suite\\CA Anti-Virus\\CAVRID.exe\"""cafwc"="C:\\Program Files\\CA\\CA Internet Security Suite\\CA Personal Firewall\\cafw.exe -cl"[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe""msnmsgr"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]"Spyware Doctor"="""Nqnzqv"="C:\\DOCUME~1\\Kristy\\APPLIC~1\\PPPATC~1\\NPDB~1.EXE""DWQueuedReporting"="\"C:\\PROGRA~1\\COMMON~1\\MICROS~1\\DW\\dwtrig20.exe\" -t"[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0] Source REG_SZ http://www.kablamo.co.uk/images/wallpapers/wallpaper1.jpg[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\2] Source REG_SZ C:\Documents and Settings\Kristy\My Documents\ticker.html[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\3] Source REG_SZ C:\Documents and Settings\Kristy\My Documents\babynew.html[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\4] Source REG_SZ C:\Documents and Settings\Kristy\My Documents\baby_desktop.html[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]"{9d635a36-6b3c-4146-8625-f3aaf507bbf8}"="flammei"HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PFWHKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa Authentication Packages REG_MULTI_SZ msv1_0\0\0 Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0 Notification Packages REG_MULTI_SZ scecli\0\0[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder][HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AOL 9.0 Tray Icon.lnk]"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\AOL 9.0 Tray Icon.lnk""backup"="C:\\WINDOWS\\pss\\AOL 9.0 Tray Icon.lnkCommon Startup""location"="Common Startup""command"="C:\\PROGRA~1\\AOL9~1.0A\\aoltray.exe -check""item"="AOL 9.0 Tray Icon"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BTTray.lnk]"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\BTTray.lnk""backup"="C:\\WINDOWS\\pss\\BTTray.lnkCommon Startup""location"="Common Startup""command"="C:\\PROGRA~1\\Belkin\\BLUETO~1\\BTTray.exe ""item"="BTTray"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Microsoft Office.lnk""backup"="C:\\WINDOWS\\pss\\Microsoft Office.lnkCommon Startup""location"="Common Startup""command"="C:\\PROGRA~1\\MICROS~2\\Office10\\OSA.EXE -b -l""item"="Microsoft Office"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run""item"="TTRIB~1""hkey"="HKCU""command"="C:\\DOCUME~1\\Kristy\\MYDOCU~1\\SCURIT~1\\TTRIB~1.EXE""inimapping"="0"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\%FP%Friendly fts.exe]"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run""item"="fts""hkey"="HKLM""command"="\"C:\\Program Files\\VoyagerTest\\fts.exe\"""inimapping"="0"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ALServ]"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run""item"="ALServ""hkey"="HKLM""command"="\"C:\\Program Files\\Altec Lansing\\AMS\\ALServ.exe\"""inimapping"="0"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer]"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run""item"="AOLDial""hkey"="HKLM""command"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe""inimapping"="0"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BigDogPath]"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run""item"="VM_STI""hkey"="HKLM""command"="C:\\WINDOWS\\VM_STI.EXE Cammaestro 4.2GU build 1105""inimapping"="0"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run""item"="rundll32""hkey"="HKLM""command"="rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent""inimapping"="0"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CARPService]"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run""item"="carpserv""hkey"="HKLM""command"="carpserv.exe""inimapping"="0"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run""item"="ctfmon""hkey"="HKCU""command"="C:\\WINDOWS\\system32\\ctfmon.exe""inimapping"="0"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DSLAGENTEXE]"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run""item"="dslagent""hkey"="HKLM""command"="C:\\Program Files\\BT Voyager 105 ADSL Modem\\dslagent.exe""inimapping"="0"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DSLSTATEXE]"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run""item"="dslstat""hkey"="HKLM""command"="C:\\Program Files\\BT Voyager 105 ADSL Modem\\dslstat.exe icon""inimapping"="0"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gqxowron]"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run""item"="TTRIB~1""hkey"="HKCU""command"="C:\\DOCUME~1\\Kristy\\MYDOCU~1\\SCURIT~1\\TTRIB~1.EXE""inimapping"="0"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run""item"="AOLHostManager""hkey"="HKLM""command"="C:\\Program Files\\Common Files\\AOL\\1149184109\\ee\\AOLHostManager.exe""inimapping"="0"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark X84-X85 Button Manager]"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run""item"="AcBtnMgr_X84-X85""hkey"="HKLM""command"="C:\\PROGRA~1\\LEXMAR~1\\AcBtnMgr_X84-X85.exe""inimapping"="0"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark X84-X85 Button Monitor]"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run""item"="ACMonitor_X84-X85""hkey"="HKLM""command"="C:\\PROGRA~1\\LEXMAR~1\\ACMonitor_X84-X85.exe""inimapping"="0"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load]"key"="SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Windows""item"="????""hkey"="HKCU""command"="????""inimapping"="1"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCAgentExe]"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run""item"="McAgent""hkey"="HKLM""command"="c:\\PROGRA~1\\mcafee.com\\agent\\McAgent.exe""inimapping"="0"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCUpdateExe]"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run""item"="McUpdate""hkey"="HKLM""command"="C:\\PROGRA~1\\mcafee.com\\agent\\McUpdate.exe""inimapping"="0"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MessengerPlus3]"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run""item"="MsgPlus""hkey"="HKLM""command"="\"C:\\Program Files\\MessengerPlus! 3\\MsgPlus.exe\"""inimapping"="0"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MimBoot]"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run""item"="mimboot""hkey"="HKLM""command"="C:\\PROGRA~1\\MUSICM~1\\MUSICM~1\\mimboot.exe""inimapping"="0"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mousepad]"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run""item"="mousepad12""hkey"="HKLM""command"="C:\\windows\\mousepad12.exe""inimapping"="0"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run""item"="msnmsgr""hkey"="HKCU""command"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background""inimapping"="0"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run""item"="NeroCheck""hkey"="HKLM""command"="C:\\WINDOWS\\system32\\NeroCheck.exe""inimapping"="0"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run""item"="NvCpl""hkey"="HKLM""command"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup""inimapping"="0"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run""item"="RunDLL32""hkey"="HKLM""command"="RunDLL32.exe NvMCTray.dll,NvTaskbarInit""inimapping"="0"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run""item"="nwiz""hkey"="HKLM""command"="nwiz.exe /install""inimapping"="0"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpiStat]"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run""item"="OpiStat""hkey"="HKLM""command"="C:\\Program Files\\OpiStat\\OpiStat\\OpiStat.exe""inimapping"="0"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PrinTray]"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run""item"="printray""hkey"="HKLM""command"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\printray.exe""inimapping"="0"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run""item"="qttask""hkey"="HKLM""command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime""inimapping"="0"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run""item"="PDVDServ""hkey"="HKLM""command"="\"C:\\Program Files\\CyberLink\\PowerDVD\\PDVDServ.exe\"""inimapping"="0"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Run]"key"="SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Windows""item"="????""hkey"="HKCU""command"="????""inimapping"="1"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run""item"="Skype""hkey"="HKCU""command"="\"C:\\Program Files\\Skype\\Phone\\Skype.exe\" /nosplash /minimized""inimapping"="0"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run""item"="SOUNDMAN""hkey"="HKLM""command"="SOUNDMAN.EXE""inimapping"="0"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run""item"="jusched""hkey"="HKLM""command"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe""inimapping"="0"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SweetIM]"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run""item"="SweetIM""hkey"="HKLM""command"="C:\\Program Files\\Macrogaming\\SweetIM\\SweetIM.exe""inimapping"="0"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\type32]"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run""item"="type32""hkey"="HKLM""command"="\"C:\\Program Files\\Microsoft IntelliType Pro\\type32.exe\"""inimapping"="0"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirusScan Online]"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run""item"="mcvsshld""hkey"="HKLM""command"="\"c:\\PROGRA~1\\mcafee.com\\vso\\mcvsshld.exe\"""inimapping"="0"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VSOCheckTask]"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run""item"="mcmnhdlr""hkey"="HKLM""command"="\"c:\\PROGRA~1\\mcafee.com\\vso\\mcmnhdlr.exe\" /checktask""inimapping"="0"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\w03a1090.dll]"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run""item"="RUNDLL32""hkey"="HKLM""command"="RUNDLL32.EXE w03a1090.dll,I2 00085ca3003a1090""inimapping"="0" [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]HTTPFilter REG_MULTI_SZ HTTPFilter\0\0LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0NetworkService REG_MULTI_SZ DnsCache\0\0DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0rpcss REG_MULTI_SZ RpcSs\0\0imgsvc REG_MULTI_SZ StiSvc\0\0termsvcs REG_MULTI_SZ TermService\0\0bthsvcs REG_MULTI_SZ BthServ\0\0WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0Contents of the 'Scheduled Tasks' folderC:\WINDOWS\tasks\A68FA4CC91845D2C.jobC:\WINDOWS\tasks\AppleSoftwareUpdate.jobC:\WINDOWS\tasks\CAAntiSpywareScan_Daily as Kristy at 15 45.jobC:\WINDOWS\tasks\McAfee.com Update Check (COMPUTER-Ed).jobC:\WINDOWS\tasks\McAfee.com Update Check (COMPUTER-Kristy).jobC:\WINDOWS\tasks\RegistrySmart Scheduled Scan.job********************************************************************catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.netRootkit scan 2007-04-25 18:50:02Windows 5.1.2600 Service Pack 2 NTFSscanning hidden processes ...scanning hidden services ...scanning hidden autostart entries ...scanning hidden files ...scan completed successfullyhidden processes: 0hidden services: 0hidden files: 0********************************************************************Completion time: 07-04-25 18:53:31 - machine was rebootedC:\ComboFix-quarantined-files.txt ... 07-04-25 18:53AVG---------------------------------------------------------AVG Anti-Spyware - Scan Report--------------------------------------------------------- + Created at: 21:08:34 25/04/2007 + Scan result: C:\System Volume Information\_restore{D3D65D20-DEA0-4DB4-A0CF-7AF9EE08C2D2}\RP26\A0016619.exe -> Adware.Trymedia : No action taken.C:\Program Files\New Folder\backups\backup-20070425-100635-952.dll -> Downloader.Small.cgu : No action taken.C:\System Volume Information\_restore{D3D65D20-DEA0-4DB4-A0CF-7AF9EE08C2D2}\RP26\A0016657.dll -> Downloader.Small.cgu : No action taken.C:\Documents and Settings\Kristy\My Documents\Morpheus Shared\Downloads\Virtual_Villagers_A_New_Home_v1.00_Cracked-TNT.zip/Virtual_Villagers_A_New_Home_v1.00_Cracked-TNT/tntvva15/CRACK/VirtualVillagers.exe -> Dropper.Delf.xo : No action taken.C:\Documents and Settings\Kristy\My Documents\Morpheus Shared\Downloads\Virtual_Villagers_A_New_Home_v1.00_Cracked-TNT.zip/Virtual_Villagers_A_New_Home_v1.00_Cracked-TNT/tntvva15/SETUP/SETUP.EXE -> Dropper.Delf.xo : No action taken.C:\Documents and Settings\Kristy\My Documents\Morpheus Shared\Downloads\(full version) virtual villagers 53.zip/install.exe -> Hijacker.Agent.hi : No action taken.C:\Documents and Settings\Kristy\My Documents\Morpheus Shared\Downloads\Gilbert Goodmate and the Mushroom of Phungoria.exe -> Hijacker.Delf.dm : No action taken.C:\Documents and Settings\Kristy\My Documents\Morpheus Shared\Downloads\family feud online party crack.exe -> Hijacker.Delf.dm : No action taken.C:\Documents and Settings\Ed\Cookies\ed@aoluk.122.2o7[1].txt -> TrackingCookie.2o7 : No action taken.C:\Documents and Settings\Ed\Cookies\ed@digitalclarity.112.2o7[1].txt -> TrackingCookie.2o7 : No action taken.C:\Documents and Settings\Ed\Cookies\ed@adbrite[1].txt -> TrackingCookie.Adbrite : No action taken.:mozilla.28:C:\Documents and Settings\Ed\Application Data\Mozilla\Firefox\Profiles\2af060m2.default\cookies.txt -> TrackingCookie.Atdmt : No action taken.C:\Documents and Settings\Ed\Cookies\ed@atdmt[2].txt -> TrackingCookie.Atdmt : No action taken.C:\Documents and Settings\Ed\Cookies\ed@bfast[2].txt -> TrackingCookie.Bfast : No action taken.C:\Documents and Settings\Ed\Cookies\ed@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : No action taken.C:\Documents and Settings\Ed\Cookies\ed@doubleclick[2].txt -> TrackingCookie.Doubleclick : No action taken.C:\Documents and Settings\Ed\Cookies\ed@overture[2].txt -> TrackingCookie.Overture : No action taken.C:\Documents and Settings\Ed\Cookies\ed@stats1.reliablestats[1].txt -> TrackingCookie.Reliablestats : No action taken.C:\Documents and Settings\Ed\Cookies\ed@stats1.reliablestats[2].txt -> TrackingCookie.Reliablestats : No action taken.C:\Documents and Settings\Ed\Cookies\ed@login.tracking101[1].txt -> TrackingCookie.Tracking101 : No action taken.::Report endHIJACKTHISLogfile of HijackThis v1.99.1Scan saved at 21:36:24, on 25/04/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exeC:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exeC:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exeC:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exeC:\Program Files\Common Files\AOL\ACS\AOLAcsd.exeC:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exeC:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exeC:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exeC:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\Program Files\Norton AntiVirus\navapsvc.exeC:\WINDOWS\system32\nvsvc32.exeC:\Program Files\Spyware Doctor\sdhelp.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\wuauclt.exeC:\WINDOWS\system32\LVCOMSX.EXEC:\WINDOWS\system32\rundll32.exeC:\Program Files\Common Files\AOL\1149184109\ee\AOLSoftware.exeC:\PROGRA~1\LEXMAR~1\ACMonitor_X84-X85.exeC:\Program Files\Java\jre1.6.0_01\bin\jusched.exeC:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exeC:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.0.419.0\QOELoader.exeC:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exeC:\WINDOWS\system32\ctfmon.exec:\program files\common files\aol\1149184109\ee\services\antiSpywareApp\ver2_0_12\AOLSP Scheduler.exeC:\Program Files\MSN Messenger\msnmsgr.exeC:\Program Files\Belkin\Bluetooth Software\BTTray.exeC:\PROGRA~1\Belkin\BLUETO~1\BTSTAC~1.EXEC:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exeC:\Program Files\MSN Messenger\usnsvc.exeC:\WINDOWS\system32\NOTEPAD.EXEC:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exeC:\Program Files\AOL 9.0a\waol.exeC:\Program Files\AOL 9.0a\shellmon.exeC:\Program Files\Common Files\AOL\aoltpspd.exeC:\WINDOWS\system32\NOTEPAD.EXEC:\Program Files\New Folder\imabunny.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=56626&homepage=http://www.yahoo.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.comR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.htmlR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.comR1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.comR1 - HKLM\Software\Microsoft\Internet Explorer\Main,First Home Page = C:\Program Files\AOL Toolbar\welcome.htmlR0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dllO2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllO2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-gb\msntb.dllO3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dllO3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-gb\msntb.dllO4 - HKLM\..\Run: [AOLDialer] "C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXEO4 - HKLM\..\Run: [BluetoothAuthenticationAgent] "rundll32.exe" bthprops.cpl,,BluetoothAuthenticationAgentO4 - HKLM\..\Run: [HostManager] "C:\Program Files\Common Files\AOL\1149184109\ee\AOLSoftware.exe"O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exeO4 - HKLM\..\Run: [Lexmark X84-X85 Button Monitor] C:\PROGRA~1\LEXMAR~1\ACMonitor_X84-X85.exeO4 - HKLM\..\Run: [Lexmark X84-X85 Button Manager] C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X84-X85.exeO4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exeO4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"O4 - HKLM\..\Run: [QOELOADER] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.0.419.0\QOELoader.exe"O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe"O4 - HKLM\..\Run: [cafwc] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe -clO4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimizedO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /backgroundO4 - Startup: .protectedO4 - Global Startup: .protectedO4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exeO4 - Global Startup: BTTray.lnk = ?O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTMLO8 - Extra context menu item: Download All by FlashGet - C:\PROGRA~1\FlashGet\jc_all.htmO8 - Extra context menu item: Download using FlashGet - C:\PROGRA~1\FlashGet\jc_link.htmO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie_ctx.htmO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dllO9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dllO9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dllO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLLO9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exeO9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exeO9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htmO9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htmO9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dllO9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Kristy\Start Menu\Programs\IMVU\Run IMVU.lnkO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cabO16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dllO16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cabO16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-30.cabO16 - DPF: {6C6FE41A-0DA6-42A1-9AD8-792026B2B2A7} (FreeCell Control) - http://www.worldwinner.com/games/v40/freecell/freecell.cabO16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cabO16 - DPF: {8B6193F1-837F-11D4-89E6-0050DA666184} (Sol2axctl Class) - http://download.solitaire.com/download/solitaire.cabO16 - DPF: {AED98630-0251-4E83-917D-43A23D66D507} (Download Helper Class) - http://activex.microgaming.com/dlhelper/version7/dlhelper.cabO16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.av.aolsvc.co.uk/molbin/shared/mcgdmgr/en-us/1,0,0,21/mcgdmgr.cabO16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cabO17 - HKLM\System\CCS\Services\Tcpip\..\{8222FEB4-9902-46A3-B0B2-524ABF83FEFB}: NameServer = 205.188.146.145O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLLO18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLLO18 - Protocol: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\system32\btxppanel.dllO20 - Winlogon Notify: PFW - C:\WINDOWS\SYSTEM32\UmxWnp.DllO20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dllO21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dllO23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exeO23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exeO23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation - C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exeO23 - Service: CA Personal Firewall ASEM - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exeO23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exeO23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exeO23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exeO23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exeO23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exeO23 - Service: HIPS Event Manager (UmxAgent) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exeO23 - Service: HIPS Configuration Interpreter (UmxCfg) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exeO23 - Service: HIPS Firewall Helper (UmxFwHlp) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exeO23 - Service: HIPS Policy Manager (UmxPol) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exeO23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exeI wasnt too clear on the last bit about an install CD?? and im afraid i couldnt do the backup

Last edited by krisparmley; Apr 25th, 2007 at 5:41 pm.