Not sure whats wrong,please take a look!!
 

there are so many things on my pc that have stopped working all at once which includes the system restore so i cant even try that!!Please can u take a look at my hijackthis log.Logfile of Trend Micro HijackThis v2.0.0 (BETA)Scan saved at 17:17:05, on 24/04/2007Platform: Windows XP SP2 (WinNT 5.01.2600)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exeC:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exeC:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exeC:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exeC:\Program Files\Common Files\AOL\ACS\AOLAcsd.exeC:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exeC:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exeC:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exeC:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\Program Files\Norton AntiVirus\navapsvc.exeC:\WINDOWS\system32\nvsvc32.exeC:\Program Files\Spyware Doctor\sdhelp.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exeC:\WINDOWS\Explorer.EXEC:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfsem.exeC:\WINDOWS\system32\LVCOMSX.EXEC:\WINDOWS\system32\rundll32.exeC:\Program Files\Common Files\AOL\1149184109\ee\aolsoftware.exeC:\PROGRA~1\LEXMAR~1\ACMonitor_X84-X85.exec:\program files\common files\aol\1149184109\ee\services\antiSpywareApp\ver2_0_12\AOLSP Scheduler.exeC:\Program Files\Java\jre1.6.0_01\bin\jusched.exeC:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exeC:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.0.419.0\QOELoader.exeC:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\MSN Messenger\msnmsgr.exeC:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exeC:\Program Files\Belkin\Bluetooth Software\BTTray.exeC:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exeC:\WINDOWS\system32\wuauclt.exeC:\Program Files\AOL 9.0a\waol.exeC:\Program Files\AOL 9.0a\shellmon.exeC:\Program Files\Common Files\AOL\aoltpspd.exeC:\Program Files\MSN Messenger\usnsvc.exeC:\Documents and Settings\Kristy\Local Settings\Temporary Internet Files\Content.IE5\RGH0V7I8\HiJackThis_v2[1].exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/.../search.htmlR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/...ww.yahoo.comR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?Link...w.yahoo.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/...ww.yahoo.comR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/.../search.htmlR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/...ww.yahoo.comR0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?Link...w.yahoo.com/R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/...ww.yahoo.comR1 - HKLM\Software\Microsoft\Internet Explorer\Main,First Home Page = C:\Program Files\AOL Toolbar\welcome.htmlR0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exeO1 - Hosts: 200.124.131.116 casinocontroller.comO1 - Hosts: 1.1.1.1 free.grisoft.comO1 - Hosts: 1.1.1.1 housecall.trendmicro.comO1 - Hosts: 1.1.1.1 usa.kaspersky.comO1 - Hosts: 1.1.1.1 ewido.netO1 - Hosts: 1.1.1.1 www.ewido.netO1 - Hosts: 1.1.1.1 zonelabs.comO1 - Hosts: 1.1.1.1 www.zonelabs.comO1 - Hosts: 1.1.1.1 bitdefender.comO1 - Hosts: 1.1.1.1 www.bitdefender.comO1 - Hosts: 1.1.1.1 download.bitdefender.comO1 - Hosts: 1.1.1.1 upgrade.bitdefender.comO1 - Hosts: 1.1.1.1 spywareinfo.comO1 - Hosts: 1.1.1.1 www.spywareinfo.comO1 - Hosts: 1.1.1.1 merijn.orgO1 - Hosts: 1.1.1.1 www.merijn.orgO1 - Hosts: 1.1.1.1 sysinternals.comO1 - Hosts: 1.1.1.1 www.sysinternals.comO1 - Hosts: 1.1.1.1 onguardonline.govO1 - Hosts: 1.1.1.1 www.onguardonline.govO1 - Hosts: 1.1.1.1 avast.comO1 - Hosts: 1.1.1.1 www.avast.comO1 - Hosts: 1.1.1.1 safety.live.comO1 - Hosts: 1.1.1.1 www.paretologic.comO1 - Hosts: 1.1.1.1 paretologic.comO1 - Hosts: 1.1.1.1 services.google.comO2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dllO2 - BHO: (no name) - {182B90A3-F372-438A-800C-6814B4DE417B} - C:\WINDOWS\system32\opnonkj.dll (file missing)O2 - BHO: (no name) - {1AEB2E21-6D7F-48F8-B6E9-828A78D12889} - C:\WINDOWS\system\ilbent.dll (file missing)O2 - BHO: (no name) - {2A498F09-890C-44DA-B8E3-BD1B1A5A28F5} - C:\WINDOWS\system32\awvtt.dll (file missing)O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\PROGRA~1\FlashGet\jccatch.dll (file missing)O2 - BHO: (no name) - {57E218E6-5A80-4f0c-AB25-83598F25D7E9} - C:\WINDOWS\system32\uvsmgbug.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dllO2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)O2 - BHO: IEHlprObj Class - {8CA5ED52-F3FB-4414-A105-2E3491156990} - C:\PROGRA~1\IWINGA~1\IWINGA~1.DLL (file missing)O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllO2 - BHO: Internet Security Class - {A75E294E-C047-4D29-B07E-37B792881BEF} - (no file)O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-gb\msntb.dllO2 - BHO: (no name) - {E7B36CEB-2A03-4A20-B99A-68E9E0CF4BC5} - C:\WINDOWS\system32\gebcy.dll (file missing)O2 - BHO: (no name) - {FDE5F6A2-F64B-4956-92C4-91256F3965A0} - C:\WINDOWS\system32\dfrgsnbp.dllO3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dllO3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-gb\msntb.dllO4 - HKLM\..\Run: [AOLDialer] "C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXEO4 - HKLM\..\Run: [BluetoothAuthenticationAgent] "rundll32.exe" bthprops.cpl,,BluetoothAuthenticationAgentO4 - HKLM\..\Run: [HostManager] "C:\Program Files\Common Files\AOL\1149184109\ee\AOLSoftware.exe"O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exeO4 - HKLM\..\Run: [Lexmark X84-X85 Button Monitor] C:\PROGRA~1\LEXMAR~1\ACMonitor_X84-X85.exeO4 - HKLM\..\Run: [Lexmark X84-X85 Button Manager] C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X84-X85.exeO4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exeO4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -kO4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"O4 - HKLM\..\Run: [QOELOADER] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.0.419.0\QOELoader.exe"O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe"O4 - HKLM\..\Run: [cafwc] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe -clO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /backgroundO4 - HKCU\..\Run: [LDM] "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe"O4 - HKCU\..\Run: [IpWins] C:\Program Files\Ipwindows\ipwins.exeO4 - HKCU\..\Run: [SetupVentureAfrica.exe] C:\DOCUME~1\Kristy\Desktop\SETUPV~1.EXE /rO4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')O4 - HKUS\S-1-5-18\..\Run: [Spyware Doctor] (User 'SYSTEM')O4 - HKUS\S-1-5-18\..\Run: [Nqnzqv] C:\DOCUME~1\Kristy\APPLIC~1\PPPATC~1\NPDB~1.EXE (User 'SYSTEM')O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [{54F0099A-0897-2057-1220-04101204002c}] "C:\Program Files\Common Files\{54F0099A-0897-2057-1220-04101204002c}\Update.exe" te-110-12-0000282 (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')O4 - HKUS\.DEFAULT\..\Policies\Explorer\Run: [{54F0099A-0897-2057-1220-04101204002c}] "C:\Program Files\Common Files\{54F0099A-0897-2057-1220-04101204002c}\Update.exe" te-110-12-0000282 (User 'Default user')O4 - Startup: .protectedO4 - Global Startup: .protectedO4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exeO4 - Global Startup: BTTray.lnk = ?O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTMLO8 - Extra context menu item: Download All by FlashGet - C:\PROGRA~1\FlashGet\jc_all.htmO8 - Extra context menu item: Download using FlashGet - C:\PROGRA~1\FlashGet\jc_link.htmO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie_ctx.htmO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dllO9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dllO9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dllO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLLO9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exeO9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exeO9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htmO9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htmO9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dllO9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Kristy\Start Menu\Programs\IMVU\Run IMVU.lnkO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dllO16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...ab31267.cabO16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dllO16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cabO16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/acti...-0-3-30.cabO16 - DPF: {6C6FE41A-0DA6-42A1-9AD8-792026B2B2A7} (FreeCell Control) - http://www.worldwinner.com/games/v40...reecell.cabO16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cabO16 - DPF: {AED98630-0251-4E83-917D-43A23D66D507} (Download Helper Class) - http://activex.microgaming.com/dlhel...lhelper.cabO16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.av.aolsvc.co.uk/molb...mcgdmgr.cabO16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cabO16 - DPF: {FFC0A381-8145-4CFD-A768-A2259776C179} (PTV xVectorMap Plugin 3.1) - http://xvectormap.ptv.de/xvectormap/...orMap31.cabO17 - HKLM\System\CCS\Services\Tcpip\..\{4A425570-C639-4A19-B1F0-33E12189899D}: NameServer = 85.255.115.155,85.255.112.77O17 - HKLM\System\CCS\Services\Tcpip\..\{57A31405-4E4A-41B6-B020-7E178A9A83BF}: NameServer = 85.255.115.155,85.255.112.77O17 - HKLM\System\CCS\Services\Tcpip\..\{63C51876-8072-45DB-A697-0F6D9275013A}: NameServer = 85.255.115.155,85.255.112.77O17 - HKLM\System\CCS\Services\Tcpip\..\{8222FEB4-9902-46A3-B0B2-524ABF83FEFB}: NameServer = 205.188.146.145O17 - HKLM\System\CCS\Services\Tcpip\..\{AEF35FFB-7FCD-40C3-ACD7-96194F3AF479}: NameServer = 85.255.115.155,85.255.112.77O17 - HKLM\System\CCS\Services\Tcpip\..\{C4E21EF9-28BF-4C01-8DC0-98557C1698BF}: NameServer = 85.255.115.155,85.255.112.77O17 - HKLM\System\CCS\Services\Tcpip\..\{DFC3F59C-CD1E-4A89-90A4-87A60219A88F}: NameServer = 85.255.115.155,85.255.112.77O17 - HKLM\System\CCS\Services\Tcpip\..\{E5E2F48C-43AA-4788-BB06-969FAA3BF304}: NameServer = 85.255.115.155,85.255.112.77O17 - HKLM\System\CCS\Services\Tcpip\..\{E6361592-35CC-4F87-B0D5-1C2BF5CBA273}: NameServer = 85.255.115.155,85.255.112.77O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.115.155 85.255.112.77O20 - Winlogon Notify: awvtt - C:\WINDOWS\system32\awvtt.dll (file missing)O20 - Winlogon Notify: gebcy - C:\WINDOWS\system32\gebcy.dll (file missing)O20 - Winlogon Notify: ilbent - C:\WINDOWS\system\ilbent.dll (file missing)O20 - Winlogon Notify: IPConfTSP - C:\WINDOWS\system32\enj8l11u1.dll (file missing)O20 - Winlogon Notify: opnonkj - opnonkj.dll (file missing)O20 - Winlogon Notify: urqronm - urqronm.dll (file missing)O20 - Winlogon Notify: winpsa32 - winpsa32.dll (file missing)O20 - Winlogon Notify: xxyyyay - xxyyyay.dll (file missing)O21 - SSODL: flammei - {9d635a36-6b3c-4146-8625-f3aaf507bbf8} - (no file)O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dllO22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dllO22 - SharedTaskScheduler: flammei - {9d635a36-6b3c-4146-8625-f3aaf507bbf8} - (no file)O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exeO23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation - C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exeO23 - Service: CA Personal Firewall ASEM - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exeO23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exeO23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exeO23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exeO23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exeO23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - NetGroup - Politecnico di Torino - C:\Program Files\WinPcap\rpcapd.exeO23 - Service: PC Tools Spyware Doctor (SDhelper) - Unknown owner - C:\Program Files\Spyware Doctor\sdhelp.exeO23 - Service: HIPS Event Manager (UmxAgent) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exeO23 - Service: HIPS Configuration Interpreter (UmxCfg) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exeO23 - Service: HIPS Firewall Helper (UmxFwHlp) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exeO23 - Service: HIPS Policy Manager (UmxPol) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exeO23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exeO24 - Desktop Component 0: (no name) - http://www.kablamo.co.uk/images/wall...lpaper1.jpgO24 - Desktop Component 2: (no name) - C:\Documents and Settings\Kristy\My Documents\ticker.htmlO24 - Desktop Component 3: (no name) - C:\Documents and Settings\Kristy\My Documents\babynew.htmlO24 - Desktop Component 4: (no name) - C:\Documents and Settings\Kristy\My Documents\baby_desktop.html--End of file - 18779 bytesThanks Kristy

Re: Not sure whats wrong,please take a look!!
 

Kristy.... you have to help us help you... check the log posts in a couple of other threads -your's does not look like them. Please format it correctly and repost. A start would be to turn off wordwrap in notepad, but I think you may have to do some manual work as well - I dunno. Sorry.

Re: Not sure whats wrong,please take a look!!
 

Ok, that is prob a bit harsh, cos it is very likely not your fault, but you owe me a beer for struggling a bit of the way into that log - my eyes died trying..... Do this:
==Download fixwareout from http://www.bleepingcomputer.com/file...Fixwareout.exe - and save it to your desktop.
Either: go Control panel > folder options OR: in an explorer window > tools>folder options;
- then view tab, press Show hidden files and folders, Apply and Ok.
Double click Fixwareout.exe to start the Fixwareout Setup Wizard, click next and then install. Ensure that Run fixit is checked, and click on Finish.
After the fix follow the prompts. You will be asked to reboot your computer, and it may take longer than usual to load - this is normal.

Next check some settings....In control panel select the Network and Internet Connections , rclick on your default connection, usually local area connection for cable and dsl, and lclick on properties. Click the Networking tab. Dclick on the Internet Protocol (TCP/IP) item and select Obtain DNS servers automatically. Press OK twice to get out of the properties screen and reboot if it asks.

Now we have to flush the DNS cache: Go Start > Run, type cmd and click OK.
In the command screen, type in cd\ and then press Enter. Now type in ipconfig /flushdns and then Enter. [space after ipconfig]. Type Exit.

HiJackThis - get a fresh copy, remove the one you have!!
===download hijackthis: http://216.180.233.162/~merijn/files/HijackThis.exe
-install it to a new folder alongside your program files and then rename the Hijackthis.exe to imabunny.exe.
-in that folder start HijackThis by dclicking the .exe; now close ALL other applications and any open windows including the explorer window containing HijackThis.
-Select Scan Only, place checkmarks against all the entries listed below that still exist, and then Fix Checked.

R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {182B90A3-F372-438A-800C-6814B4DE417B} - C:\WINDOWS\system32\opnonkj.dll (file missing)
O2 - BHO: (no name) - {1AEB2E21-6D7F-48F8-B6E9-828A78D12889} - C:\WINDOWS\system\ilbent.dll (file missing)
O2 - BHO: (no name) - {2A498F09-890C-44DA-B8E3-BD1B1A5A28F5} - C:\WINDOWS\system32\awvtt.dll (file missing)
O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\PROGRA~1\FlashGet\jccatch.dll (file missing)
O2 - BHO: (no name) - {57E218E6-5A80-4f0c-AB25-83598F25D7E9} - C:\WINDOWS\system32\uvsmgbug.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: IEHlprObj Class - {8CA5ED52-F3FB-4414-A105-2E3491156990} - C:\PROGRA~1\IWINGA~1\IWINGA~1.DLL (file missing)
O2 - BHO: Internet Security Class - {A75E294E-C047-4D29-B07E-37B792881BEF} - (no file)
O2 - BHO: (no name) - {E7B36CEB-2A03-4A20-B99A-68E9E0CF4BC5} - C:\WINDOWS\system32\gebcy.dll (file missing)
O2 - BHO: (no name) - {FDE5F6A2-F64B-4956-92C4-91256F3965A0} - C:\WINDOWS\system32\dfrgsnbp.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{4A425570-C639-4A19-B1F0-33E12189899D}: NameServer = 85.255.115.155,85.255.112.77
O17 - HKLM\System\CCS\Services\Tcpip\..\{57A31405-4E4A-41B6-B020-7E178A9A83BF}: NameServer = 85.255.115.155,85.255.112.77
O17 - HKLM\System\CCS\Services\Tcpip\..\{63C51876-8072-45DB-A697-0F6D9275013A}: NameServer = 85.255.115.155,85.255.112.77
O17 - HKLM\System\CCS\Services\Tcpip\..\{AEF35FFB-7FCD-40C3-ACD7-96194F3AF479}: NameServer = 85.255.115.155,85.255.112.77
O17 - HKLM\System\CCS\Services\Tcpip\..\{C4E21EF9-28BF-4C01-8DC0-98557C1698BF}: NameServer = 85.255.115.155,85.255.112.77
O17 - HKLM\System\CCS\Services\Tcpip\..\{DFC3F59C-CD1E-4A89-90A4-87A60219A88F}: NameServer = 85.255.115.155,85.255.112.77
O17 - HKLM\System\CCS\Services\Tcpip\..\{E5E2F48C-43AA-4788-BB06-969FAA3BF304}: NameServer = 85.255.115.155,85.255.112.77
O17 - HKLM\System\CCS\Services\Tcpip\..\{E6361592-35CC-4F87-B0D5-1C2BF5CBA273}: NameServer = 85.255.115.155,85.255.112.77
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.115.155 85.255.112.77
O20 - Winlogon Notify: awvtt - C:\WINDOWS\system32\awvtt.dll (file missing)
O20 - Winlogon Notify: gebcy - C:\WINDOWS\system32\gebcy.dll (file missing)
O20 - Winlogon Notify: ilbent - C:\WINDOWS\system\ilbent.dll (file missing)
O20 - Winlogon Notify: IPConfTSP - C:\WINDOWS\system32\enj8l11u1.dll (file missing)
O20 - Winlogon Notify: opnonkj - opnonkj.dll (file missing)
O20 - Winlogon Notify: urqronm - urqronm.dll (file missing)
O20 - Winlogon Notify: winpsa32 - winpsa32.dll (file missing)
O20 - Winlogon Notify: xxyyyay - xxyyyay.dll (file missing)
O21 - SSODL: flammei - {9d635a36-6b3c-4146-8625-f3aaf507bbf8} - (no file)

This may not be a complete list, but it will do for now. BE CAREFUL with checking the O17 entries -one in the middle of the HT list is valid [it has the shortest Nameserver number.. :)]
When you have done that do another HT scan, save a logfile and post it along with the fixwareoutlog.
Phew!

Re: Not sure whats wrong,please take a look!!
 

i cant get it to stop posting like that!
everytime i try to post my new logs it wraps them again??!!

Re: Not sure whats wrong,please take a look!!
 

Thanks for your help, ill attempt to post these again!!


HIJACKTHIS

Logfile of HijackThis v1.99.1
Scan saved at 10:15:27, on 25/04/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfsem.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Common Files\AOL\1149184109\ee\aolsoftware.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\LEXMAR~1\ACMonitor_X84-X85.exe
c:\program files\common files\aol\1149184109\ee\services\antiSpywareApp\ver2_0_12\AOLSP Scheduler.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.0.419.0\QOELoader.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\Program Files\Belkin\Bluetooth Software\BTTray.exe
C:\PROGRA~1\Belkin\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe
C:\Program Files\AOL 9.0a\waol.exe
C:\Program Files\AOL 9.0a\shellmon.exe
C:\Program Files\Common Files\AOL\aoltpspd.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\New Folder\imabunny.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?Link...www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?Link...www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,First Home Page = C:\Program Files\AOL Toolbar\welcome.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-gb\msntb.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-gb\msntb.dll
O4 - HKLM\..\Run: [AOLDialer] "C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] "rundll32.exe" bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [HostManager] "C:\Program Files\Common Files\AOL\1149184109\ee\AOLSoftware.exe"
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [Lexmark X84-X85 Button Monitor] C:\PROGRA~1\LEXMAR~1\ACMonitor_X84-X85.exe
O4 - HKLM\..\Run: [Lexmark X84-X85 Button Manager] C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X84-X85.exe
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"
O4 - HKLM\..\Run: [QOELOADER] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.0.419.0\QOELoader.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe"
O4 - HKLM\..\Run: [cafwc] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe -cl
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [LDM] "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe"
O4 - HKCU\..\Run: [IpWins] C:\Program Files\Ipwindows\ipwins.exe
O4 - HKCU\..\Run: [SetupVentureAfrica.exe] C:\DOCUME~1\Kristy\Desktop\SETUPV~1.EXE /r
O4 - Startup: .protected
O4 - Global Startup: .protected
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: Download All by FlashGet - C:\PROGRA~1\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\PROGRA~1\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Kristy\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/acti..._v1-0-3-30.cab
O16 - DPF: {6C6FE41A-0DA6-42A1-9AD8-792026B2B2A7} (FreeCell Control) - http://www.worldwinner.com/games/v40...l/freecell.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {8B6193F1-837F-11D4-89E6-0050DA666184} (Sol2axctl Class) - http://download.solitaire.com/download/solitaire.cab
O16 - DPF: {AED98630-0251-4E83-917D-43A23D66D507} (Download Helper Class) - http://activex.microgaming.com/dlhel...7/dlhelper.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.av.aolsvc.co.uk/molb...21/mcgdmgr.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {FFC0A381-8145-4CFD-A768-A2259776C179} (PTV xVectorMap Plugin 3.1) - http://xvectormap.ptv.de/xvectormap/PTVxVectorMap31.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{8222FEB4-9902-46A3-B0B2-524ABF83FEFB}: NameServer = 205.188.146.145
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\system32\btxppanel.dll
O20 - Winlogon Notify: PFW - C:\WINDOWS\SYSTEM32\UmxWnp.Dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation - C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
O23 - Service: CA Personal Firewall ASEM - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: HIPS Event Manager (UmxAgent) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
O23 - Service: HIPS Configuration Interpreter (UmxCfg) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
O23 - Service: HIPS Firewall Helper (UmxFwHlp) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
O23 - Service: HIPS Policy Manager (UmxPol) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe


FIXWAREOUT


Fixwareout Last edited 4/5/2007
Post this report in the forums please
...
»»»»»Prerun check
HKLM\SOFTWARE\~\Winlogon\ "System"="kdbny.exe"

»»»»» System restarted

»»»»» Postrun check
HKLM\SOFTWARE\~\Winlogon\ "system"=""
....
....
»»»»» Misc files.
C:\Casino Deleted
....
»»»»» Checking for older varients.
....

Search five digit cs, dm, kd, jb, other, files.
The following files NEED TO BE SUBMITTED to one of the following URL'S for further inspection.



Click browse, find the file then click submit.
http://www.virustotal.com/flash/index_en.html
Or http://virusscan.jotti.org/

»»»»» Other



»»»»» Current runs
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AOLDialer"="\"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe\""
"LVCOMSX"="C:\\WINDOWS\\system32\\LVCOMSX.EXE"
"BluetoothAuthenticationAgent"="\"rundll32.exe\" bthprops.cpl,,BluetoothAuthenticationAgent"
"HostManager"="\"C:\\Program Files\\Common Files\\AOL\\1149184109\\ee\\AOLSoftware.exe\""
"NvCplDaemon"="\"RUNDLL32.EXE\" C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"MCUpdateExe"="C:\\PROGRA~1\\mcafee.com\\agent\\mcupdate.exe"
"Lexmark X84-X85 Button Monitor"="C:\\PROGRA~1\\LEXMAR~1\\ACMonitor_X84-X85.exe"
"Lexmark X84-X85 Button Manager"="C:\\PROGRA~1\\LEXMAR~1\\AcBtnMgr_X84-X85.exe"
"PrinTray"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\printray.exe"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"KernelFaultCheck"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,\
65,6d,33,32,5c,64,75,6d,70,72,65,70,20,30,20,2d,6b,00
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0_01\\bin\\jusched.exe\""
"pmbvkxh"="c:\\windows\\system32\\pmbvkxh.exe pmbvkxh"
"cctray"="\"C:\\Program Files\\CA\\CA Internet Security Suite\\cctray\\cctray.exe\""
"QOELOADER"="\"C:\\Program Files\\CA\\CA Internet Security Suite\\CA Anti-Spam\\QSP-5.0.419.0\\QOELoader.exe\""
"CAVRID"="\"C:\\Program Files\\CA\\CA Internet Security Suite\\CA Anti-Virus\\CAVRID.exe\""
"cafwc"="C:\\Program Files\\CA\\CA Internet Security Suite\\CA Personal Firewall\\cafw.exe -cl"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"msnmsgr"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"
"LDM"="\"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\BackWeb-8876480.exe\""
"IpWins"="C:\\Program Files\\Ipwindows\\ipwins.exe"
"SetupVentureAfrica.exe"="C:\\DOCUME~1\\Kristy\\Desktop\\SETUPV~1.EXE /r"
....
Hosts file was reset, If you use a custom hosts file please replace it
C:\WINDOWS\repair\autoexec.nt missing
C:\WINDOWS\repair\Config.nt missing
»»»»» End report »»»»»


thanks

Re: Not sure whats wrong,please take a look!!
 

Kristy, when this cleanup is over you should do a backup of your system state cos a couple of files are missing [google for how...], note that this is not the same as a system restore!!
More work: go to add/remove pgms and remove this pgm, then into C:\program files and delete its folder:

IpWins

Good, now please fix these with hijackthis in normal mode:

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [LDM] "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe"
O4 - HKCU\..\Run: [IpWins] C:\Program Files\Ipwindows\ipwins.exe
O4 - HKCU\..\Run: [SetupVentureAfrica.exe] C:\DOCUME~1\Kristy\Desktop\SETUPV~1.EXE /r
O4 - Startup: .protected
O4 - Global Startup: .protected
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O16 - DPF: {FFC0A381-8145-4CFD-A768-A2259776C179} (PTV xVectorMap Plugin 3.1) - http://xvectormap.ptv.de/xvectormap/PTVxVectorMap31.cab

Now please do these runs in this order:
Combofix
===Download this file: http://www.techsupportforum.com/sect...s/ComboFix.exe
...or from here: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
-- to run it dclick combofix.exe and follow the prompts to start it. When finished, it will produce a log - post that log in your next reply.
A word of caution - do not touch your mouse/keyboard until the scan has completed. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop.
CCleaner
===Get CCleaner from http://www.ccleaner.com/ - and put it in a new folder. You should aim to keep this one for general use. I set it from the install checkboxes to only open from the recycle bin. It's neater that way.
Now run Ccleaner from the recycle bin rclick menu using its default settings [if you set up CCleaner as i suggested, rclicking the bin icon should give you the Open CCleaner option...]. Select the Cleaner icon and the Windows tab; press Run Cleaner. Next select the Applications tab and Run Cleaner again.
[For future quick temp file cleaning select the options you wish to use. Note that CCleaner is also a free registry cleaner. Explore all its options, but skip the prefetch folder cleaning option. That one is a furphy, much loved on some websites, but cleaning it is unnecessary because windows automatically dumps old unused entries anyway, they can do no harm, and further, if there is no prefetch entry for an app you wish to load then your sys will just be a lil bit slower loading it. And an entry will then be generated anyway.]
AVG - AS
===GET AVG antispyware 7.5 here.. http://free.grisoft.com/doc/5390/lng/us/tpl/v5 -the link is almost at the bottom of the page , avgas 7.5.0.50. Install it and UPDATE it.
Start AVG a-s 7.5; under Scanner/ Settings set Recommended actions to Quarantine, and run the scan. Save the log file and only then click Apply all actions. Post the log file.

There you go - a few logs to post [ include another HT log run at the conclusion of the AVG run.

[[a reminder to me - pmbvkxh]] -ignore this.

Re: Not sure whats wrong,please take a look!!
 

thanks againi have tried to do the first step of backup but it is not on my pc and i do not have a win xp disk either?? what can i do about this?
ITS OK ,I FOUND A WAY TO DOWNLOAD IT!!! :)

Re: Not sure whats wrong,please take a look!!
 

Good-oh. Kristy, but do that system state backup only after you are clean! [otherwise your reg backup may contain some dud entries..]
Do those cleanup steps first, in the order I wrote them.
Actually, you can just get those 2 files from your install cd. This is from M$:

1. Insert the CD into the CD drive or DVD drive.
2. Click Start, and then click Run.
3. In the Open box, type cmd, and then click OK.
4. At the command prompt, type the following commands, pressing ENTER after each command:


expand CD-ROM Drive Letter:\i386\config.nt_ c:\windows\system32\config.nt
expand CD-ROM Drive Letter:\i386\autoexec.nt_ c:\windows\system32\autoexec.nt

Simple! The full article is here:
http://support.microsoft.com/kb/324767

Re: Not sure whats wrong,please take a look!!
 

HIfirstly i could not find this IPwins anywhere??!!COMBOFIX"Kristy" - 07-04-25 18:01:46 Service Pack 2 ComboFix 07-04-25.4V - Running from: "C:\Program Files\AOL 9.0a\download\"(((((((((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))C:\WINDOWS\system32\ckvsdvkq.dllC:\WINDOWS\system32\uvsmgbug.dll* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))C:\WINDOWS\keyboard111.datC:\WINDOWS\keyboard121.datC:\WINDOWS\system32\ebgqppspe\winlogon.exeC:\WINDOWS\system32\ebgqppspe\winlogon.iniC:\WINDOWS\system32\packet.dllC:\WINDOWS\system32\pthreadVC.dllC:\WINDOWS\system32\wanpacket.dllC:\WINDOWS\system32\wpcap.dllC:\Program Files\winupdates\a.zipC:\WINDOWS\system32\components\flx0.dllC:\WINDOWS\system32\components\flx1.dllC:\WINDOWS\system32\components\flx10.dllC:\WINDOWS\system32\components\flx11.dllC:\WINDOWS\system32\components\flx12.dllC:\WINDOWS\system32\components\flx13.dllC:\WINDOWS\system32\components\flx14.dllC:\WINDOWS\system32\components\flx15.dllC:\WINDOWS\system32\components\flx16.dllC:\WINDOWS\system32\components\flx17.dllC:\WINDOWS\system32\components\flx18.dllC:\WINDOWS\system32\components\flx19.dllC:\WINDOWS\system32\components\flx2.dllC:\WINDOWS\system32\components\flx20.dllC:\WINDOWS\system32\components\flx21.dllC:\WINDOWS\system32\components\flx22.dllC:\WINDOWS\system32\components\flx23.dllC:\WINDOWS\system32\components\flx24.dllC:\WINDOWS\system32\components\flx25.dllC:\WINDOWS\system32\components\flx26.dllC:\WINDOWS\system32\components\flx27.dllC:\WINDOWS\system32\components\flx28.dllC:\WINDOWS\system32\components\flx29.dllC:\WINDOWS\system32\components\flx3.dllC:\WINDOWS\system32\components\flx30.dllC:\WINDOWS\system32\components\flx31.dllC:\WINDOWS\system32\components\flx32.dllC:\WINDOWS\system32\components\flx33.dllC:\WINDOWS\system32\components\flx34.dllC:\WINDOWS\system32\components\flx35.dllC:\WINDOWS\system32\components\flx36.dllC:\WINDOWS\system32\components\flx4.dllC:\WINDOWS\system32\components\flx5.dllC:\WINDOWS\system32\components\flx6.dllC:\WINDOWS\system32\components\flx7.dllC:\WINDOWS\system32\components\flx8.dllC:\WINDOWS\system32\components\flx9.dllC:\Program Files\Common Files\{54F00~1\system.dllC:\WINDOWS\system32\nvs2.infC:\install.logC:\WINDOWS\system32\drivers\npf.sysC:\Program Files\winupdatesC:\WINDOWS\system32\componentsC:\Program Files\Common Files\{34F00~1C:\Program Files\Common Files\{54F00~2C:\Program Files\Common Files\{54F00~1C:\WINDOWS\system32\pmbvkxh_navps.datC:\WINDOWS\system32\pmbvkxh.exeC:\WINDOWS\system32\pmbvkxh.dat~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~Folders Quarantined:C:\qoobox\purity\C\DOCUME~1C:\qoobox\purity\C\DOCUME~1\KristyC:\qoobox\purity\C\DOCUME~1\Kristy\APPLIC~1C:\qoobox\purity\C\DOCUME~1\Kristy\MYDOCU~1C:\qoobox\purity\C\DOCUME~1\Kristy\APPLIC~1\PPPATC~1C:\qoobox\purity\C\DOCUME~1\Kristy\MYDOCU~1\CROSOF~1C:\qoobox\purity\C\DOCUME~1\Kristy\MYDOCU~1\RACLE~1C:\qoobox\purity\C\DOCUME~1\Kristy\MYDOCU~1\SCURIT~1C:\qoobox\purity\C\Program Files\APPATC~1C:\qoobox\purity\C\Program Files\CURITY~1C:\qoobox\purity\C\Program Files\DOBE~1C:\qoobox\purity\C\Program Files\SCURIT~1C:\qoobox\purity\C\Program Files\WNSXS~1C:\qoobox\purity\C\Program Files\YMBOLS~1C:\qoobox\purity\C\Program Files\Common Files\DOBE~1C:\qoobox\purity\C\Program Files\Common Files\RACLE~1C:\qoobox\purity\C\Program Files\Common Files\SKS~1C:\qoobox\purity\C\WINDOWS\CROSOF~1.NETC:\qoobox\purity\C\WINDOWS\DOBE~1C:\qoobox\purity\C\WINDOWS\MANTEC~1C:\qoobox\purity\C\WINDOWS\MCROSO~1C:\qoobox\purity\C\WINDOWS\system32\DOBE~1C:\qoobox\purity\C\WINDOWS\system32\YMANTE~1((((((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))-------\nm-------\NPF-------\LEGACY_NETWORK_MONITOR-------\LEGACY_NM-------\LEGACY_NPF((((((((((((((((((((((((((((((( Files Created from 2007-03-25 to 2007-04-25 ))))))))))))))))))))))))))))))))))2007-04-25 14:42 d-------- C:\WINDOWS\system32\NtmsData2007-04-25 10:01 d-------- C:\Program Files\New Folder2007-04-24 18:46 d-------- C:\DOCUME~1\Kristy\APPLIC~1\Solitaire.Com2007-04-24 14:56 d-------- C:\Program Files\Big City Adventure - San Francisco2007-04-24 14:56 d-------- C:\Program Files\BFG2007-04-22 14:40 375,785 --a------ C:\WINDOWS\system32\ogycsrw.exe2007-04-20 14:40 373,160 --a------ C:\WINDOWS\system32\hzhkhdet.exe2007-04-15 18:19 65,536 --a------ C:\WINDOWS\IFinst27.exe2007-04-13 12:24 d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\InstallShield2007-04-13 12:19 d-------- C:\Program Files\GALA-NET2007-04-13 12:06 d-------- C:\WINDOWS\system32\FlashAX2007-04-11 18:47 d-------- C:\Program Files\Shockwave.com2007-04-09 22:46 d-------- C:\Program Files\MSXML 4.02007-04-09 22:46 d-------- C:\3b10545d3d62bb28bf60f37c2007-04-09 19:50 d-------- C:\WINDOWS\network diagnostic2007-04-09 19:10 d-------- C:\WINDOWS\CAVTemp2007-04-09 15:45 95,760 --a------ C:\WINDOWS\system32\isafeif.dll2007-04-09 15:45 75,280 --a------ C:\WINDOWS\system32\vetredir.dll2007-04-09 15:45 75,280 --a------ C:\WINDOWS\system32\isafprod.dll2007-04-09 15:45 629,216 --a------ C:\WINDOWS\system32\drivers\vetefile.sys2007-04-09 15:45 32,528 --a------ C:\WINDOWS\system32\drivers\vetmonnt.sys2007-04-09 15:45 26,640 --a------ C:\WINDOWS\system32\drivers\vet-filt.sys2007-04-09 15:45 21,648 --a------ C:\WINDOWS\system32\drivers\vetfddnt.sys2007-04-09 15:45 21,392 --a------ C:\WINDOWS\system32\drivers\vet-rec.sys2007-04-09 15:45 108,544 --a------ C:\WINDOWS\system32\drivers\veteboot.sys2007-04-09 15:44 d-------- C:\Program Files\CA2007-04-09 15:44 d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\CA2007-04-09 13:57 d-------- C:\Program Files\Smart PC Solutions2007-04-09 13:57 d-------- C:\DOCUME~1\Kristy\APPLIC~1\Smart PC Solutions2007-04-09 13:19 d-------- C:\Program Files\RegistrySmart2007-04-09 13:19 d-------- C:\DOCUME~1\Kristy\APPLIC~1\RegistrySmart2007-04-06 15:05 d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!2007-04-06 15:03 d-------- C:\Program Files\Messenger Plus! Live2007-04-06 14:37 d-------- C:\DOCUME~1\Kristy\APPLIC~1\MSNInstaller2007-04-06 13:15 241,066 --a------ C:\WINDOWS\system32\pmbvkxh_nav.dat2007-04-05 21:57 d-------- C:\DOCUME~1\Kristy\APPLIC~1\Screenshot Sender2007-04-04 18:48 77,160 --a------ C:\WINDOWS\DSETUP.dll2007-04-04 18:48 503,144 --a------ C:\WINDOWS\DXSETUP.exe2007-04-04 18:48 1,673,576 --a------ C:\WINDOWS\dsetup32.dll2007-04-03 14:27 1,246,096 ---hs---- C:\WINDOWS\system32\ttvwa.ini22007-03-31 19:47 d-------- C:\Program Files\Zylom Games2007-03-30 14:28 1,257,356 ---hs---- C:\WINDOWS\system32\ttvwa.bak22007-03-29 13:26 1,261,135 ---hs---- C:\WINDOWS\system32\ttvwa.bak12007-03-25 16:00 1,264,716 ---hs---- C:\WINDOWS\system\tnebli.ini2(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))2007-04-17 20:15 -------- d-------- C:\Program Files\morpheus2007-04-15 19:53 -------- d-------- C:\Program Files\msn games2007-04-15 18:23 -------- d-------- C:\Program Files\gpotato2007-04-15 14:22 874 --a------ C:\DOCUME~1\Kristy\APPLIC~1\adobedlm.log2007-04-15 14:22 6 --a------ C:\DOCUME~1\Kristy\APPLIC~1\dm.ini2007-04-14 16:46 -------- d--h----- C:\Program Files\installshield installation information2007-04-13 12:19 -------- d-------- C:\Program Files\Common Files\installshield2007-04-13 12:16 3583 --a--c--- C:\WINDOWS\mozver.dat2007-04-09 19:10 -------- d-------- C:\Program Files\windows nt2007-04-06 15:22 -------- d-------- C:\Program Files\Common Files\symantec shared2007-04-06 15:03 -------- d-------- C:\Program Files\msn messenger2007-03-31 19:59 -------- d-------- C:\DOCUME~1\Kristy\APPLIC~1\zylom2007-03-31 18:36 -------- d-------- C:\DOCUME~1\Kristy\APPLIC~1\mysterystudio2007-03-21 16:08 142568 --a------ C:\WINDOWS\system32linkprd.exe2007-03-20 12:13 -------- d-------- C:\DOCUME~1\Kristy\APPLIC~1\magic academy2007-03-19 13:26 -------- d-------- C:\Program Files\arthurian2007-03-19 00:43 155411 --a------ C:\WINDOWS\system32\drivers\dump_wmimmc.sys2007-03-17 14:43 292864 --a------ C:\WINDOWS\system32\winsrv.dll2007-03-16 09:30 -------- d-------- C:\Program Files\messengerskinner2007-03-16 02:54 1159320 ---hs---- C:\WINDOWS\system32\ycbeg.ini22007-03-15 17:42 1166408 ---hs---- C:\WINDOWS\system32\ycbeg.bak22007-03-15 13:12 -------- d-------- C:\Program Files\cyberlink2007-03-15 13:09 -------- d-------- C:\Program Files\epson2007-03-15 13:06 -------- d-------- C:\Program Files\logitech2007-03-15 12:55 -------- d--h----- C:\Program Files\zero g registry2007-03-14 21:27 -------- d-------- C:\DOCUME~1\Kristy\APPLIC~1\messengerskinner2007-03-14 13:49 23040 --a------ C:\symlcsv1.exe2007-03-10 19:24 -------- d-------- C:\Program Files\mythwar_en2007-03-09 23:51 -------- d-------- C:\DOCUME~1\Kristy\APPLIC~1\imvu2007-03-09 20:10 -------- d-------- C:\DOCUME~1\Kristy\APPLIC~1\utorrent2007-03-09 03:03 1189183 ---hs---- C:\WINDOWS\system32\ycbeg.bak12007-03-09 01:15 -------- d-------- C:\Program Files\iwin2007-03-08 16:36 577536 --a------ C:\WINDOWS\system32\user32.dll2007-03-08 16:36 40960 --a------ C:\WINDOWS\system32\mf3216.dll2007-03-08 16:36 281600 --a------ C:\WINDOWS\system32\gdi32.dll2007-03-08 14:47 1843584 --a------ C:\WINDOWS\system32\win32k.sys2007-03-06 01:23 -------- d-------- C:\Program Files\imvu2007-03-04 15:01 -------- d-------- C:\Program Files\webroot2007-03-04 14:28 1195546 ---hs---- C:\WINDOWS\system32\mlkkj.bak22007-03-04 14:28 1192247 ---hs---- C:\WINDOWS\system32\mlkkj.ini22007-03-03 11:04 1194788 ---hs---- C:\WINDOWS\system32\mlkkj.bak12007-02-26 11:53 164 --a------ C:\install.dat2007-02-14 02:27 28672 --a------ C:\WINDOWS\system32\f3pssavr.scr2007-02-08 00:39 6144 --ahs---- C:\Program Files\thumbs.db2007-02-05 21:17 185344 --a------ C:\WINDOWS\system32\upnphost.dll2007-02-02 18:31 311 --a------ C:\DOCUME~1\Kristy\APPLIC~1\bbbconfig.dat2007-01-24 00:50 25341718 --a------ C:\Program Files\imvu.zip(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll{9030D464-4C02-4ABF-8ECC-5164760863C6} C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-gb\msntb.dll[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]"AOLDialer"="\"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe\"""LVCOMSX"="C:\\WINDOWS\\system32\\LVCOMSX.EXE""BluetoothAuthenticationAgent"="\"rundll32.exe\" bthprops.cpl,,BluetoothAuthenticationAgent""HostManager"="\"C:\\Program Files\\Common Files\\AOL\\1149184109\\ee\\AOLSoftware.exe\"""NvCplDaemon"="\"RUNDLL32.EXE\" C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup""MCUpdateExe"="C:\\PROGRA~1\\mcafee.com\\agent\\mcupdate.exe""Lexmark X84-X85 Button Monitor"="C:\\PROGRA~1\\LEXMAR~1\\ACMonitor_X84-X85.exe""Lexmark X84-X85 Button Manager"="C:\\PROGRA~1\\LEXMAR~1\\AcBtnMgr_X84-X85.exe""PrinTray"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\printray.exe""SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0_01\\bin\\jusched.exe\"""cctray"="\"C:\\Program Files\\CA\\CA Internet Security Suite\\cctray\\cctray.exe\"""QOELOADER"="\"C:\\Program Files\\CA\\CA Internet Security Suite\\CA Anti-Spam\\QSP-5.0.419.0\\QOELoader.exe\"""CAVRID"="\"C:\\Program Files\\CA\\CA Internet Security Suite\\CA Anti-Virus\\CAVRID.exe\"""cafwc"="C:\\Program Files\\CA\\CA Internet Security Suite\\CA Personal Firewall\\cafw.exe -cl"[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe""msnmsgr"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]"Spyware Doctor"="""Nqnzqv"="C:\\DOCUME~1\\Kristy\\APPLIC~1\\PPPATC~1\\NPDB~1.EXE""DWQueuedReporting"="\"C:\\PROGRA~1\\COMMON~1\\MICROS~1\\DW\\dwtrig20.exe\" -t"[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0] Source REG_SZ http://www.kablamo.co.uk/images/wallpapers/wallpaper1.jpg[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\2] Source REG_SZ C:\Documents and Settings\Kristy\My Documents\ticker.html[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\3] Source REG_SZ C:\Documents and Settings\Kristy\My Documents\babynew.html[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\4] Source REG_SZ C:\Documents and Settings\Kristy\My Documents\baby_desktop.html[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]"{9d635a36-6b3c-4146-8625-f3aaf507bbf8}"="flammei"HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PFWHKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa Authentication Packages REG_MULTI_SZ msv1_0\0\0 Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0 Notification Packages REG_MULTI_SZ scecli\0\0[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder][HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AOL 9.0 Tray Icon.lnk]"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\AOL 9.0 Tray Icon.lnk""backup"="C:\\WINDOWS\\pss\\AOL 9.0 Tray Icon.lnkCommon Startup""location"="Common Startup""command"="C:\\PROGRA~1\\AOL9~1.0A\\aoltray.exe -check""item"="AOL 9.0 Tray Icon"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BTTray.lnk]"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\BTTray.lnk""backup"="C:\\WINDOWS\\pss\\BTTray.lnkCommon Startup""location"="Common Startup""command"="C:\\PROGRA~1\\Belkin\\BLUETO~1\\BTTray.exe ""item"="BTTray"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Microsoft Office.lnk""backup"="C:\\WINDOWS\\pss\\Microsoft Office.lnkCommon Startup""location"="Common Startup""command"="C:\\PROGRA~1\\MICROS~2\\Office10\\OSA.EXE -b -l""item"="Microsoft Office"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run""item"="TTRIB~1""hkey"="HKCU""command"="C:\\DOCUME~1\\Kristy\\MYDOCU~1\\SCURIT~1\\TTRIB~1.EXE""inimapping"="0"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\%FP%Friendly fts.exe]"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run""item"="fts""hkey"="HKLM""command"="\"C:\\Program Files\\VoyagerTest\\fts.exe\"""inimapping"="0"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ALServ]"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run""item"="ALServ""hkey"="HKLM""command"="\"C:\\Program Files\\Altec Lansing\\AMS\\ALServ.exe\"""inimapping"="0"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer]"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run""item"="AOLDial""hkey"="HKLM""command"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe""inimapping"="0"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BigDogPath]"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run""item"="VM_STI""hkey"="HKLM""command"="C:\\WINDOWS\\VM_STI.EXE Cammaestro 4.2GU build 1105""inimapping"="0"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run""item"="rundll32""hkey"="HKLM""command"="rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent""inimapping"="0"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CARPService]"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run""item"="carpserv""hkey"="HKLM""command"="carpserv.exe""inimapping"="0"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run""item"="ctfmon""hkey"="HKCU""command"="C:\\WINDOWS\\system32\\ctfmon.exe""inimapping"="0"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DSLAGENTEXE]"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run""item"="dslagent""hkey"="HKLM""command"="C:\\Program Files\\BT Voyager 105 ADSL Modem\\dslagent.exe""inimapping"="0"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DSLSTATEXE]"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run""item"="dslstat""hkey"="HKLM""command"="C:\\Program Files\\BT Voyager 105 ADSL Modem\\dslstat.exe icon""inimapping"="0"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gqxowron]"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run""item"="TTRIB~1""hkey"="HKCU""command"="C:\\DOCUME~1\\Kristy\\MYDOCU~1\\SCURIT~1\\TTRIB~1.EXE""inimapping"="0"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run""item"="AOLHostManager""hkey"="HKLM""command"="C:\\Program Files\\Common Files\\AOL\\1149184109\\ee\\AOLHostManager.exe""inimapping"="0"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark X84-X85 Button Manager]"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run""item"="AcBtnMgr_X84-X85""hkey"="HKLM""command"="C:\\PROGRA~1\\LEXMAR~1\\AcBtnMgr_X84-X85.exe""inimapping"="0"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark X84-X85 Button Monitor]"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run""item"="ACMonitor_X84-X85""hkey"="HKLM""command"="C:\\PROGRA~1\\LEXMAR~1\\ACMonitor_X84-X85.exe""inimapping"="0"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load]"key"="SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Windows""item"="????""hkey"="HKCU""command"="????""inimapping"="1"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCAgentExe]"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run""item"="McAgent""hkey"="HKLM""command"="c:\\PROGRA~1\\mcafee.com\\agent\\McAgent.exe""inimapping"="0"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCUpdateExe]"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run""item"="McUpdate""hkey"="HKLM""command"="C:\\PROGRA~1\\mcafee.com\\agent\\McUpdate.exe""inimapping"="0"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MessengerPlus3]"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run""item"="MsgPlus""hkey"="HKLM""command"="\"C:\\Program Files\\MessengerPlus! 3\\MsgPlus.exe\"""inimapping"="0"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MimBoot]"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run""item"="mimboot""hkey"="HKLM""command"="C:\\PROGRA~1\\MUSICM~1\\MUSICM~1\\mimboot.exe""inimapping"="0"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mousepad]"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run""item"="mousepad12""hkey"="HKLM""command"="C:\\windows\\mousepad12.exe""inimapping"="0"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run""item"="msnmsgr""hkey"="HKCU""command"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background""inimapping"="0"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run""item"="NeroCheck""hkey"="HKLM""command"="C:\\WINDOWS\\system32\\NeroCheck.exe""inimapping"="0"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run""item"="NvCpl""hkey"="HKLM""command"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup""inimapping"="0"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run""item"="RunDLL32""hkey"="HKLM""command"="RunDLL32.exe NvMCTray.dll,NvTaskbarInit""inimapping"="0"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run""item"="nwiz""hkey"="HKLM""command"="nwiz.exe /install""inimapping"="0"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpiStat]"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run""item"="OpiStat""hkey"="HKLM""command"="C:\\Program Files\\OpiStat\\OpiStat\\OpiStat.exe""inimapping"="0"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PrinTray]"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run""item"="printray""hkey"="HKLM""command"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\printray.exe""inimapping"="0"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run""item"="qttask""hkey"="HKLM""command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime""inimapping"="0"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run""item"="PDVDServ""hkey"="HKLM""command"="\"C:\\Program Files\\CyberLink\\PowerDVD\\PDVDServ.exe\"""inimapping"="0"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Run]"key"="SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Windows""item"="????""hkey"="HKCU""command"="????""inimapping"="1"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run""item"="Skype""hkey"="HKCU""command"="\"C:\\Program Files\\Skype\\Phone\\Skype.exe\" /nosplash /minimized""inimapping"="0"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run""item"="SOUNDMAN""hkey"="HKLM""command"="SOUNDMAN.EXE""inimapping"="0"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run""item"="jusched""hkey"="HKLM""command"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe""inimapping"="0"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SweetIM]"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run""item"="SweetIM""hkey"="HKLM""command"="C:\\Program Files\\Macrogaming\\SweetIM\\SweetIM.exe""inimapping"="0"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\type32]"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run""item"="type32""hkey"="HKLM""command"="\"C:\\Program Files\\Microsoft IntelliType Pro\\type32.exe\"""inimapping"="0"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirusScan Online]"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run""item"="mcvsshld""hkey"="HKLM""command"="\"c:\\PROGRA~1\\mcafee.com\\vso\\mcvsshld.exe\"""inimapping"="0"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VSOCheckTask]"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run""item"="mcmnhdlr""hkey"="HKLM""command"="\"c:\\PROGRA~1\\mcafee.com\\vso\\mcmnhdlr.exe\" /checktask""inimapping"="0"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\w03a1090.dll]"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run""item"="RUNDLL32""hkey"="HKLM""command"="RUNDLL32.EXE w03a1090.dll,I2 00085ca3003a1090""inimapping"="0" [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]HTTPFilter REG_MULTI_SZ HTTPFilter\0\0LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0NetworkService REG_MULTI_SZ DnsCache\0\0DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0rpcss REG_MULTI_SZ RpcSs\0\0imgsvc REG_MULTI_SZ StiSvc\0\0termsvcs REG_MULTI_SZ TermService\0\0bthsvcs REG_MULTI_SZ BthServ\0\0WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0Contents of the 'Scheduled Tasks' folderC:\WINDOWS\tasks\A68FA4CC91845D2C.jobC:\WINDOWS\tasks\AppleSoftwareUpdate.jobC:\WINDOWS\tasks\CAAntiSpywareScan_Daily as Kristy at 15 45.jobC:\WINDOWS\tasks\McAfee.com Update Check (COMPUTER-Ed).jobC:\WINDOWS\tasks\McAfee.com Update Check (COMPUTER-Kristy).jobC:\WINDOWS\tasks\RegistrySmart Scheduled Scan.job********************************************************************catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.netRootkit scan 2007-04-25 18:50:02Windows 5.1.2600 Service Pack 2 NTFSscanning hidden processes ...scanning hidden services ...scanning hidden autostart entries ...scanning hidden files ...scan completed successfullyhidden processes: 0hidden services: 0hidden files: 0********************************************************************Completion time: 07-04-25 18:53:31 - machine was rebootedC:\ComboFix-quarantined-files.txt ... 07-04-25 18:53AVG---------------------------------------------------------AVG Anti-Spyware - Scan Report--------------------------------------------------------- + Created at: 21:08:34 25/04/2007 + Scan result: C:\System Volume Information\_restore{D3D65D20-DEA0-4DB4-A0CF-7AF9EE08C2D2}\RP26\A0016619.exe -> Adware.Trymedia : No action taken.C:\Program Files\New Folder\backups\backup-20070425-100635-952.dll -> Downloader.Small.cgu : No action taken.C:\System Volume Information\_restore{D3D65D20-DEA0-4DB4-A0CF-7AF9EE08C2D2}\RP26\A0016657.dll -> Downloader.Small.cgu : No action taken.C:\Documents and Settings\Kristy\My Documents\Morpheus Shared\Downloads\Virtual_Villagers_A_New_Home_v1.00_Cracked-TNT.zip/Virtual_Villagers_A_New_Home_v1.00_Cracked-TNT/tntvva15/CRACK/VirtualVillagers.exe -> Dropper.Delf.xo : No action taken.C:\Documents and Settings\Kristy\My Documents\Morpheus Shared\Downloads\Virtual_Villagers_A_New_Home_v1.00_Cracked-TNT.zip/Virtual_Villagers_A_New_Home_v1.00_Cracked-TNT/tntvva15/SETUP/SETUP.EXE -> Dropper.Delf.xo : No action taken.C:\Documents and Settings\Kristy\My Documents\Morpheus Shared\Downloads\(full version) virtual villagers 53.zip/install.exe -> Hijacker.Agent.hi : No action taken.C:\Documents and Settings\Kristy\My Documents\Morpheus Shared\Downloads\Gilbert Goodmate and the Mushroom of Phungoria.exe -> Hijacker.Delf.dm : No action taken.C:\Documents and Settings\Kristy\My Documents\Morpheus Shared\Downloads\family feud online party crack.exe -> Hijacker.Delf.dm : No action taken.C:\Documents and Settings\Ed\Cookies\ed@aoluk.122.2o7[1].txt -> TrackingCookie.2o7 : No action taken.C:\Documents and Settings\Ed\Cookies\ed@digitalclarity.112.2o7[1].txt -> TrackingCookie.2o7 : No action taken.C:\Documents and Settings\Ed\Cookies\ed@adbrite[1].txt -> TrackingCookie.Adbrite : No action taken.:mozilla.28:C:\Documents and Settings\Ed\Application Data\Mozilla\Firefox\Profiles\2af060m2.default\cookies.txt -> TrackingCookie.Atdmt : No action taken.C:\Documents and Settings\Ed\Cookies\ed@atdmt[2].txt -> TrackingCookie.Atdmt : No action taken.C:\Documents and Settings\Ed\Cookies\ed@bfast[2].txt -> TrackingCookie.Bfast : No action taken.C:\Documents and Settings\Ed\Cookies\ed@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : No action taken.C:\Documents and Settings\Ed\Cookies\ed@doubleclick[2].txt -> TrackingCookie.Doubleclick : No action taken.C:\Documents and Settings\Ed\Cookies\ed@overture[2].txt -> TrackingCookie.Overture : No action taken.C:\Documents and Settings\Ed\Cookies\ed@stats1.reliablestats[1].txt -> TrackingCookie.Reliablestats : No action taken.C:\Documents and Settings\Ed\Cookies\ed@stats1.reliablestats[2].txt -> TrackingCookie.Reliablestats : No action taken.C:\Documents and Settings\Ed\Cookies\ed@login.tracking101[1].txt -> TrackingCookie.Tracking101 : No action taken.::Report endHIJACKTHISLogfile of HijackThis v1.99.1Scan saved at 21:36:24, on 25/04/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exeC:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exeC:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exeC:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exeC:\Program Files\Common Files\AOL\ACS\AOLAcsd.exeC:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exeC:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exeC:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exeC:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\Program Files\Norton AntiVirus\navapsvc.exeC:\WINDOWS\system32\nvsvc32.exeC:\Program Files\Spyware Doctor\sdhelp.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\wuauclt.exeC:\WINDOWS\system32\LVCOMSX.EXEC:\WINDOWS\system32\rundll32.exeC:\Program Files\Common Files\AOL\1149184109\ee\AOLSoftware.exeC:\PROGRA~1\LEXMAR~1\ACMonitor_X84-X85.exeC:\Program Files\Java\jre1.6.0_01\bin\jusched.exeC:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exeC:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.0.419.0\QOELoader.exeC:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exeC:\WINDOWS\system32\ctfmon.exec:\program files\common files\aol\1149184109\ee\services\antiSpywareApp\ver2_0_12\AOLSP Scheduler.exeC:\Program Files\MSN Messenger\msnmsgr.exeC:\Program Files\Belkin\Bluetooth Software\BTTray.exeC:\PROGRA~1\Belkin\BLUETO~1\BTSTAC~1.EXEC:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exeC:\Program Files\MSN Messenger\usnsvc.exeC:\WINDOWS\system32\NOTEPAD.EXEC:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exeC:\Program Files\AOL 9.0a\waol.exeC:\Program Files\AOL 9.0a\shellmon.exeC:\Program Files\Common Files\AOL\aoltpspd.exeC:\WINDOWS\system32\NOTEPAD.EXEC:\Program Files\New Folder\imabunny.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=56626&homepage=http://www.yahoo.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.comR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.htmlR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.comR1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.comR1 - HKLM\Software\Microsoft\Internet Explorer\Main,First Home Page = C:\Program Files\AOL Toolbar\welcome.htmlR0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dllO2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllO2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-gb\msntb.dllO3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dllO3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-gb\msntb.dllO4 - HKLM\..\Run: [AOLDialer] "C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXEO4 - HKLM\..\Run: [BluetoothAuthenticationAgent] "rundll32.exe" bthprops.cpl,,BluetoothAuthenticationAgentO4 - HKLM\..\Run: [HostManager] "C:\Program Files\Common Files\AOL\1149184109\ee\AOLSoftware.exe"O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exeO4 - HKLM\..\Run: [Lexmark X84-X85 Button Monitor] C:\PROGRA~1\LEXMAR~1\ACMonitor_X84-X85.exeO4 - HKLM\..\Run: [Lexmark X84-X85 Button Manager] C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X84-X85.exeO4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exeO4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"O4 - HKLM\..\Run: [QOELOADER] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.0.419.0\QOELoader.exe"O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe"O4 - HKLM\..\Run: [cafwc] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe -clO4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimizedO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /backgroundO4 - Startup: .protectedO4 - Global Startup: .protectedO4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exeO4 - Global Startup: BTTray.lnk = ?O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTMLO8 - Extra context menu item: Download All by FlashGet - C:\PROGRA~1\FlashGet\jc_all.htmO8 - Extra context menu item: Download using FlashGet - C:\PROGRA~1\FlashGet\jc_link.htmO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie_ctx.htmO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dllO9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dllO9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dllO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLLO9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exeO9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exeO9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htmO9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htmO9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dllO9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Kristy\Start Menu\Programs\IMVU\Run IMVU.lnkO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cabO16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dllO16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cabO16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-30.cabO16 - DPF: {6C6FE41A-0DA6-42A1-9AD8-792026B2B2A7} (FreeCell Control) - http://www.worldwinner.com/games/v40/freecell/freecell.cabO16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cabO16 - DPF: {8B6193F1-837F-11D4-89E6-0050DA666184} (Sol2axctl Class) - http://download.solitaire.com/download/solitaire.cabO16 - DPF: {AED98630-0251-4E83-917D-43A23D66D507} (Download Helper Class) - http://activex.microgaming.com/dlhelper/version7/dlhelper.cabO16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.av.aolsvc.co.uk/molbin/shared/mcgdmgr/en-us/1,0,0,21/mcgdmgr.cabO16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cabO17 - HKLM\System\CCS\Services\Tcpip\..\{8222FEB4-9902-46A3-B0B2-524ABF83FEFB}: NameServer = 205.188.146.145O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLLO18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLLO18 - Protocol: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\system32\btxppanel.dllO20 - Winlogon Notify: PFW - C:\WINDOWS\SYSTEM32\UmxWnp.DllO20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dllO21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dllO23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exeO23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exeO23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation - C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exeO23 - Service: CA Personal Firewall ASEM - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exeO23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exeO23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exeO23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exeO23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exeO23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exeO23 - Service: HIPS Event Manager (UmxAgent) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exeO23 - Service: HIPS Configuration Interpreter (UmxCfg) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exeO23 - Service: HIPS Firewall Helper (UmxFwHlp) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exeO23 - Service: HIPS Policy Manager (UmxPol) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exeO23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exeI wasnt too clear on the last bit about an install CD?? and im afraid i couldnt do the backup

Re: Not sure whats wrong,please take a look!!
 

oh im really sorry i dont know why it posts like that!!

Re: Not sure whats wrong,please take a look!!
 

My fault... del this one: C:\Program Files\Ipwindows\ipwins.exe

Re: Not sure whats wrong,please take a look!!
 

Kristy, did you set the AVG action to Quarantine as i wrote in my earlier post on running AVG A-S? It found heaps but did nothing about them..!!?? If it was not, then please set it correctly and re-run AVG AS.
Pls run this because there are virus traces in those logs:
Panda Online Scan:-
http://www.pandasoftware.com/products/activescan?
-select a link to the scan... free online virus scan...., enter a valid? email and follow through, choosing My Computer for a full system scan.
Post the log it produces here.
This next should get a couple of files that ComboFix pointed out:
===Download SDFix from here: http://downloads.andymanchesta.com/R...ools/SDFix.exe
and save it to your desktop. Dclick SDFix.exe and choose Run to extract it to %systemdrive%, which commonly will be C:\
=Restart your computer in Safe Mode:- press F8 several times while POST is running and before IDE detection completes.
- On the Windows Advanced Options Menu, select Safe Mode and press Enter.
- When the Boot Menu appears again, select Microsoft Windows XP and press Enter.
- Log in by using the Administrator account and password. NOTE: The password is blank by default unless you set a password.
=Open the extracted SDFix folder, C:\SDFix and double click RunThis.bat to start the script. Type Y to begin the cleanup.
You will be prompted to press any key to Reboot - the pc will then restart.
The tool will run again and complete the removal process then display Finished; press any key to end the script and load your desktop icons.
Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt.
Restart the pc in normal mode.
Post the contents of the file Report.txt here, along with the log of a fresh hijackthis scan run in normal mode.
If the formatting still will not work please at least put the logs into separate posts.

Re: Not sure whats wrong,please take a look!!
 

Kristy, run this one before you do the actions in my previous post #12....

Please download VundoFix.exe to your desktop from http://www.atribune.org/ccount/click.php?id=4
Double-click VundoFix.exe to start it, click the Scan for Vundo button.
When the scan completes click the Remove Vundo button.
You will receive a prompt asking if you want to remove the files - click YES
Your desktop will then go blank as the process of removing Vundo starts.
When completed it will prompt that it will restart your computer - click OK.
Note: It is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the
Scan for Vundo button." when VundoFix appears at reboot.
Post the contents of C:\vundofix.txt plus a new HijackThis log.

Re: Not sure whats wrong,please take a look!!
 

I'm sorry that this work is coming thru in bits and pieces, but it's not easy, and I'm just looking at things in snatches.... please as a matter of urgency choose just one resident AV product and uninstall any other[s]. Since you have the CA suite, dump the others. I can see CA, mcafee and Norton products in that mix... Online scanners do not matter i this regard.
You must use only ONE firewall, also. They should auto-detect each other and switch them off, but....
Ignore the missing system files atm - they are only backups for a system recovery, and then are just for 16-bit apps.

Re: Not sure whats wrong,please take a look!!
 

HiThe Vundofix didnt find any files and i cannot run this panda scan, when i open the page i am unable to click on the scan button,nothing happens??!!

Re: Not sure whats wrong,please take a look!!
 

and as for this SDFIX, i ran it but not sure it did anything, it finally came up with "the system cannot fin dthe path specified" and i didnt get any report at the end of it...

Re: Not sure whats wrong,please take a look!!
 

Kristy, just wait a mo while I check something, meanwhile please locate these and uninstall them; if they are not available in add/remove pgms then do a search and delete all their files/folders:
Funwebproducts or similar name
Messengerskinner
VirtualVillagers - the cracks are infected.
Gilbert Goodmate - infected
Family Feud - infected

Panda scan only runs in Internet Explorer.... when you hit the Scan my PC button a new window should open immediately to request a frew pers details....

Re: Not sure whats wrong,please take a look!!
 

i have removed as much as possible, the search function of windows doesnt work so i couldnt search for them too see if anything is leftand internet explorer isnt working properly, no new windows open in it!!

Re: Not sure whats wrong,please take a look!!
 

Pls try vundofix, sdfix and panda again. I think vundofix may need to run a few times... the reason I say this is that i can SEE the vundo files in your ComboFix log...

Re: Not sure whats wrong,please take a look!!
 

And I have found a smitfraud file...
===Download SmitfraudFix (by S!Ri) from http://siri.urz.free.fr/Fix/SmitfraudFix.zip
Extract the content (a folder named SmitfraudFix) to your Desktop.
- Open the SmitfraudFix folder and double-click smitfraudfix.cmd, select option #1 - Search [type 1 and Enter]; a text file will appear which lists infected files (if present). It will also create a log named rapport.txt in the root of your drive, eg: Local Disk C:.. Please paste the report in your next reply. DO NOT RUN OPTION 2 YET!!!

Re: Not sure whats wrong,please take a look!!
 

SmitFraudFix v2.171Scan done at 15:57:41.78, 26/04/2007Run from C:\Documents and Settings\Kristy\Desktop\SmitfraudFixOS: Microsoft Windows XP [Version 5.1.2600] - Windows_NTThe filesystem type is NTFSFix run in normal mode»»»»»»»»»»»»»»»»»»»»»»»» Process»»»»»»»»»»»»»»»»»»»»»»»» hosts»»»»»»»»»»»»»»»»»»»»»»»» C:\»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWSC:\WINDOWS\.protected FOUND !»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Kristy»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Kristy\Application Data»»»»»»»»»»»»»»»»»»»»»»»» Start Menu\.protected FOUND !\.protected FOUND !»»»»»»»»»»»»»»»»»»»»»»»» »»»»»»»»»»»»»»»»»»»»»»»» Desktop»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files »»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]"Source"="http://www.kablamo.co.uk/images/wallpapers/wallpaper1.jpg""SubscribedURL"="http://www.kablamo.co.uk/images/wallpapers/wallpaper1.jpg""FriendlyName"="" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\1]"Source"="About:Home""SubscribedURL"="About:Home""FriendlyName"="My Current Home Page"[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\2]"Source"="C:\\Documents and Settings\\Kristy\\My Documents\\ticker.html""SubscribedURL"="C:\\Documents and Settings\\Kristy\\My Documents\\ticker.html""FriendlyName"=""»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler!!!Attention, following keys are not inevitably infected!!!SrchSTS.exe by S!RiSearch SharedTaskScheduler's .dll[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]"{9d635a36-6b3c-4146-8625-f3aaf507bbf8}"="flammei"»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs!!!Attention, following keys are not inevitably infected!!![HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]"AppInit_DLLs"=""»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System!!!Attention, following keys are not inevitably infected!!![HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]"system"=""»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32-huy32»»»»»»»»»»»»»»»»»»»»»»»» DNS»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection»»»»»»»»»»»»»»»»»»»»»»»» End

Re: Not sure whats wrong,please take a look!!
 

i have run vundofix twice more now and still it didnt find anything

Re: Not sure whats wrong,please take a look!!
 

I cannot do the panda scan!!! :(SDFix: Version 1.79Run by Administrator - 26/04/2007 - 17:14:13.43Microsoft Windows XP [Version 5.1.2600]Running From: C:\SDFixSafe Mode:Checking Services: Restoring Windows Registry ValuesRestoring Windows Default Hosts FileRebooting...Normal Mode:Checking Files:Below files will be copied to Backups folder then removed:C:\WINDOWS\SYSTEM32\TASKKILL.EXE - DeletedRemoving Temp FilesADS Check:Checking if ADS is attached to system32 Folder C:\WINDOWS\system32No streams found.Checking if ADS is attached to svchost.exeC:\WINDOWS\system32\svchost.exeNo streams found. Final Check:Remaining Services:------------------Authorized Application Key Export:[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019""C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Messenger""C:\\Program Files\\Morpheus\\Morpheus.exe"="C:\\Program Files\\Morpheus\\Morpheus.exe:*:Enabled:M5Shell"[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"Remaining Files:---------------Checking For Files with Hidden Attributes:C:\Documents and Settings\Ed\Mercury\MSN\Resources\DisplayPictures\hax000r@hotmail.com\Thumbs.dbC:\Documents and Settings\Kristy\Local Settings\Application Data\Microsoft\Messenger\krisparmley@hotmail.com\Sharing Folders\birminghamnewstreet@hotmail.com\Thumbs.dbC:\Documents and Settings\Kristy\Local Settings\Application Data\Microsoft\Messenger\krisparmley@hotmail.com\Sharing Folders\charmedone87@gmail.com\Thumbs.dbC:\Documents and Settings\Kristy\Local Settings\Application Data\Microsoft\Messenger\krisparmley@hotmail.com\Sharing Folders\eddersgti@hotmail.com\Thumbs.dbC:\Documents and Settings\Kristy\Local Settings\Application Data\Microsoft\Messenger\krisparmley@hotmail.com\Sharing Folders\juliejay08@hotmail.com\Thumbs.dbC:\Documents and Settings\Kristy\Local Settings\Application Data\Microsoft\Messenger\krisparmley@hotmail.com\Sharing Folders\razorblade_1983@hotmail.com\Thumbs.dbC:\Documents and Settings\Kristy\Mercury\MSN\Resources\DisplayPictures\beno@dsl.pipex.com\Thumbs.dbC:\Documents and Settings\Kristy\Mercury\MSN\Resources\DisplayPictures\better_than_hammett@hotmail.com\Thumbs.dbC:\Documents and Settings\Kristy\Mercury\MSN\Resources\DisplayPictures\me_againsttheworld16@hotmail.com\Thumbs.dbC:\Documents and Settings\Kristy\My Documents\Mcfly - Wonderland (2005-Pop) .[WwW.LiMiTeDiVx.CoM].By KELOLO\Thumbs.dbC:\Program Files\Common Files\Ahead\AudioPlugins\lpaccodec.dllC:\Program Files\Common Files\Ahead\AudioPlugins\lpac_codec_api.dllC:\Program Files\Common Files\Ahead\AudioPlugins\PNCRT.dllC:\Program Files\Common Files\Ahead\AudioPlugins\AC3\AC3ENC.DLLC:\Program Files\Common Files\Ahead\AudioPlugins\AC3\AZID.DLLC:\Program Files\Common Files\Ahead\AudioPlugins\Common\atrc3260.dllC:\Program Files\Common Files\Ahead\AudioPlugins\Common\auth3260.dllC:\Program Files\Common Files\Ahead\AudioPlugins\Common\cook3260.dllC:\Program Files\Common Files\Ahead\AudioPlugins\Common\drv13260.dllC:\Program Files\Common Files\Ahead\AudioPlugins\Common\drv23260.dllC:\Program Files\Common Files\Ahead\AudioPlugins\Common\drv33260.dllC:\Program Files\Common Files\Ahead\AudioPlugins\Common\drv43260.dllC:\Program Files\Common Files\Ahead\AudioPlugins\Common\pnen3260.dllC:\Program Files\Common Files\Ahead\AudioPlugins\Common\pnvi3260.dllC:\Program Files\Common Files\Ahead\AudioPlugins\Common\pnxr3260.dllC:\Program Files\Common Files\Ahead\AudioPlugins\Common\ramf3260.dllC:\Program Files\Common Files\Ahead\AudioPlugins\Common\rare3260.dllC:\Program Files\Common Files\Ahead\AudioPlugins\Common\rims3290.dllC:\Program Files\Common Files\Ahead\AudioPlugins\Common\rmff3260.dllC:\Program Files\Common Files\Ahead\AudioPlugins\Common\rmse3290.dllC:\Program Files\Common Files\Ahead\AudioPlugins\Common\rmwr3260.dllC:\Program Files\Common Files\Ahead\AudioPlugins\Common\rnlt3260.dllC:\Program Files\Common Files\Ahead\AudioPlugins\Common\rorw3290.dllC:\Program Files\Common Files\Ahead\AudioPlugins\Common\rtae3290.dllC:\Program Files\Common Files\Ahead\AudioPlugins\Common\rtin3290.dllC:\Program Files\Common Files\Ahead\AudioPlugins\Common\rtve3290.dllC:\Program Files\Common Files\Ahead\AudioPlugins\Common\rv103260.dllC:\Program Files\Common Files\Ahead\AudioPlugins\Common\rv203260.dllC:\Program Files\Common Files\Ahead\AudioPlugins\Common\rv303260.dllC:\Program Files\Common Files\Ahead\AudioPlugins\Common\rv403260.dllC:\Program Files\Common Files\Ahead\AudioPlugins\Common\rvre3260.dllC:\Program Files\Common Files\Ahead\AudioPlugins\Common\sipr3260.dllC:\Program Files\Common Files\Ahead\AudioPlugins\Common\smpl3260.dllC:\Program Files\Common Files\Ahead\AudioPlugins\Common\vsrl3260.dllC:\Program Files\Common Files\Ahead\AudioPlugins\Common\xmlp3261.dllC:\Program Files\Common Files\Ahead\AudioPlugins\Common\zipf3260.dllC:\Program Files\AOL 9.0a\aolphx.exeC:\Program Files\AOL 9.0a\aoltray.exeC:\Program Files\AOL 9.0a\RBM.exeC:\Program Files\Common Files\Adobe\ESD\DLMCleanup.exeC:\Program Files\Common Files\Ahead\AudioPlugins\AACMP4.EXEC:\Program Files\Common Files\Ahead\AudioPlugins\OFR.EXEC:\Program Files\Common Files\Ahead\AudioPlugins\RMADEC.EXEC:\Program Files\Common Files\Ahead\AudioPlugins\MusePack\MPPDEC.EXEC:\Program Files\Common Files\Ahead\AudioPlugins\MusePack\MPPENC.EXEC:\Program Files\Internet Explorer\IEXPLORE.EXEC:\Program Files\Messenger\msmsgs.exeC:\WINDOWS\WSYS049.SYSC:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmpC:\WINDOWS\system\tnebli.tmpC:\WINDOWS\system32\ihhkj.tmpC:\WINDOWS\system32\mlkkj.tmpC:\WINDOWS\system32\ttvwa.tmpC:\WINDOWS\system32\ycbeg.tmpC:\WINDOWS\system32\config\default.tmp.LOGC:\WINDOWS\system32\config\SAM.tmp.LOGC:\WINDOWS\system32\config\SECURITY.tmp.LOGC:\WINDOWS\system32\config\software.tmp.LOGC:\WINDOWS\system32\config\system.tmp.LOG Finished

Re: Not sure whats wrong,please take a look!!
 

Ok, I'll format those posts, meanwhile run Smitfraudfix to clean:

- Go into safe mode.
- Start Smitfraudfix as before and press 2, Enter.
You will be prompted: "Registry cleaning - Do you want to clean the registry?"; answer Y and Enter [which will remove the desktop background and clean registry keys associated with the infection].
The tool will next check if wininet.dll is infected- if it is you will be prompted to replace the file ; type Y and press "Enter".
Reboot into normal Windows and post here the text file which will appear on your screen, along with a new HT log.

You may also have to restore your desktop background...
If so, go Start >run, type regedit and <enter>. Navigate to this key:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System
Please export that key: in the left pane highlight system with a lclick, go File, export... , save as bluewall with file type .txt. Close regedit and post that txt file.

And we can also do a bit of file removal, plus a rootkit check or two...
Please read thru the instructions on this page and then dl and run RooKitRevealer [link is at foot of page..]:
http://www.microsoft.com/technet/sys...tRevealer.mspx
And another:
F-Secure Blacklight Beta
===Download the latest trial version of Blacklight beta from http://www.f-secure.com/blacklight/
Dclick the .exe [they change the name occasionally when they update it so I am not giving it here...], click Run, agree to the terms and Scan. Post the results if positive.

Now to remove some files -you must be in an Administrator-privileged account to run this procedure...
==Download Avenger from http://swandog46.geekstogo.com/avenger.zip
-unzip it to your desktop and start it; select “Input script manually” and then click the magnifying glass icon. Paste into the box these lines as one block:-

C:\WINDOWS\system32\ogycsrw.exe
C:\WINDOWS\system32\hzhkhdet.exe
C:\WINDOWS\IFinst27.exe
C:\3b10545d3d62bb28bf60f37c
C:\WINDOWS\system32\pmbvkxh_nav.dat
C:\WINDOWS\system32\linkprd.exe
C:\WINDOWS\system32\ycbeg.ini2
C:\WINDOWS\system32\ycbeg.bak2
C:\WINDOWS\system32\ycbeg.bak1
C:\WINDOWS\system32\mlkkj.bak2
C:\WINDOWS\system32\mlkkj.ini2
C:\WINDOWS\system32\mlkkj.bak1
C:\WINDOWS\system32\f3pssavr.scr
C:\DOCUME~1\Kristy\APPLIC~1\bbbconfig.dat
C:\\DOCUME~1\\Kristy\\MYDOCU~1\\SCURIT~1\\TTRIB~1.EXE

...and click Done, and finally the green light.
Follow promps to reboot your machine.
[The files, etc., that you asked Avenger to delete are zipped to C:\avenger\backup.zip.]
Avenger creates a log file that should open with the results of its actions. This file is located at C:\avenger.txt

Please post that log file.

Re: Not sure whats wrong,please take a look!!
 

SmitFraudFix v2.171Scan done at 12:58:33.60, 28/04/2007Run from C:\Documents and Settings\Kristy\Desktop\SmitfraudFixOS: Microsoft Windows XP [Version 5.1.2600] - Windows_NTThe filesystem type is NTFSFix run in safe mode»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix!!!Attention, following keys are not inevitably infected!!!SrchSTS.exe by S!RiSearch SharedTaskScheduler's .dll[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]"{9d635a36-6b3c-4146-8625-f3aaf507bbf8}"="flammei"»»»»»»»»»»»»»»»»»»»»»»»» Killing process»»»»»»»»»»»»»»»»»»»»»»»» hosts127.0.0.1 localhost»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos FixGenericRenosFix by S!Ri»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected filesC:\WINDOWS\.protected Deleted\.protected Deleted»»»»»»»»»»»»»»»»»»»»»»»» DNS»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System!!!Attention, following keys are not inevitably infected!!![HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]"system"=""»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning Registry Cleaning done. »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix!!!Attention, following keys are not inevitably infected!!!SrchSTS.exe by S!RiSearch SharedTaskScheduler's .dll»»»»»»»»»»»»»»»»»»»»»»»» End

Re: Not sure whats wrong,please take a look!!
 

Logfile of HijackThis v1.99.1Scan saved at 13:48:42, on 28/04/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exeC:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exeC:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exeC:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exeC:\Program Files\Common Files\AOL\ACS\AOLAcsd.exeC:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exeC:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exeC:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exeC:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\Program Files\Norton AntiVirus\navapsvc.exeC:\WINDOWS\system32\nvsvc32.exeC:\Program Files\Spyware Doctor\sdhelp.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exeC:\WINDOWS\Explorer.EXEC:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfsem.exeC:\WINDOWS\system32\wuauclt.exeC:\WINDOWS\system32\LVCOMSX.EXEC:\WINDOWS\system32\rundll32.exeC:\Program Files\Common Files\AOL\1149184109\ee\AOLSoftware.exeC:\PROGRA~1\LEXMAR~1\ACMonitor_X84-X85.exeC:\Program Files\Java\jre1.6.0_01\bin\jusched.exeC:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exeC:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.0.419.0\QOELoader.exeC:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\MSN Messenger\msnmsgr.exec:\program files\common files\aol\1149184109\ee\services\antiSpywareApp\ver2_0_12\AOLSP Scheduler.exeC:\Program Files\Belkin\Bluetooth Software\BTTray.exeC:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exeC:\Program Files\AOL 9.0a\waol.exeC:\Program Files\AOL 9.0a\shellmon.exeC:\Program Files\Common Files\AOL\aoltpspd.exeC:\Program Files\MSN Messenger\usnsvc.exeC:\Program Files\Logitech\Video\FxSvr2.exeC:\Program Files\New Folder\imabunny.exeR1 - HKLM\Software\Microsoft\Internet Explorer\Main,First Home Page = C:\Program Files\AOL Toolbar\welcome.htmlR0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dllO2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllO2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-gb\msntb.dllO3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dllO3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-gb\msntb.dllO4 - HKLM\..\Run: [AOLDialer] "C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXEO4 - HKLM\..\Run: [BluetoothAuthenticationAgent] "rundll32.exe" bthprops.cpl,,BluetoothAuthenticationAgentO4 - HKLM\..\Run: [HostManager] "C:\Program Files\Common Files\AOL\1149184109\ee\AOLSoftware.exe"O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exeO4 - HKLM\..\Run: [Lexmark X84-X85 Button Monitor] C:\PROGRA~1\LEXMAR~1\ACMonitor_X84-X85.exeO4 - HKLM\..\Run: [Lexmark X84-X85 Button Manager] C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X84-X85.exeO4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exeO4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"O4 - HKLM\..\Run: [QOELOADER] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.0.419.0\QOELoader.exe"O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe"O4 - HKLM\..\Run: [cafwc] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe -clO4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimizedO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /backgroundO4 - Startup: .protectedO4 - Global Startup: .protectedO4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exeO4 - Global Startup: BTTray.lnk = ?O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTMLO8 - Extra context menu item: Download All by FlashGet - C:\PROGRA~1\FlashGet\jc_all.htmO8 - Extra context menu item: Download using FlashGet - C:\PROGRA~1\FlashGet\jc_link.htmO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie_ctx.htmO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dllO9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dllO9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dllO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLLO9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exeO9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exeO9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htmO9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htmO9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dllO9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Kristy\Start Menu\Programs\IMVU\Run IMVU.lnkO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...ab31267.cabO16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dllO16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cabO16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/acti...-0-3-30.cabO16 - DPF: {6C6FE41A-0DA6-42A1-9AD8-792026B2B2A7} (FreeCell Control) - http://www.worldwinner.com/games/v40...reecell.cabO16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cabO16 - DPF: {8B6193F1-837F-11D4-89E6-0050DA666184} (Sol2axctl Class) - http://download.solitaire.com/download/solitaire.cabO16 - DPF: {AED98630-0251-4E83-917D-43A23D66D507} (Download Helper Class) - http://activex.microgaming.com/dlhel...lhelper.cabO16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.av.aolsvc.co.uk/molb...mcgdmgr.cabO16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cabO17 - HKLM\System\CCS\Services\Tcpip\..\{8222FEB4-9902-46A3-B0B2-524ABF83FEFB}: NameServer = 205.188.146.145O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLLO18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLLO18 - Protocol: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\system32\btxppanel.dllO20 - Winlogon Notify: PFW - C:\WINDOWS\SYSTEM32\UmxWnp.DllO20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dllO21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dllO23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exeO23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exeO23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation - C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exeO23 - Service: CA Personal Firewall ASEM - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exeO23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exeO23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exeO23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exeO23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exeO23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exeO23 - Service: HIPS Event Manager (UmxAgent) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exeO23 - Service: HIPS Configuration Interpreter (UmxCfg) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exeO23 - Service: HIPS Firewall Helper (UmxFwHlp) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exeO23 - Service: HIPS Policy Manager (UmxPol) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exeO23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe

Re: Not sure whats wrong,please take a look!!
 

Key Name: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\SystemClass Name: Last Write Time: 25/04/2007 - 19:10Value 0 Name: DisableRegistryTools Type: REG_DWORD Data: 0x0

Re: Not sure whats wrong,please take a look!!
 

when i tried to paste that in avenger it says...error:selected file does not appear to be a valid script??!!

Re: Not sure whats wrong,please take a look!!
 

and what do i do after rootkitrevealer has run??

Re: Not sure whats wrong,please take a look!!
 

HKU\.DEFAULT\Control Panel\International 25/04/2007 18:53 0 bytes Security mismatch.HKU\.DEFAULT\Control Panel\International\Geo 25/04/2007 18:53 0 bytes Security mismatch.HKU\S-1-5-21-3434497008-1765790526-384228941-1007\Control Panel\International 25/04/2007 18:53 0 bytes Security mismatch.HKU\S-1-5-21-3434497008-1765790526-384228941-1007\Control Panel\International\Geo 25/04/2007 18:53 0 bytes Security mismatch.HKU\S-1-5-21-3434497008-1765790526-384228941-1007\Software\Patchou\Messenger Plus! Live\GlobalSettings\Scripts\Screenshot Sender 4\Settings\krisparmley@hotmail.com\sFileName 06/04/2007 15:05 255 bytes Data mismatch between Windows API and raw hive data.HKU\S-1-5-21-3434497008-1765790526-384228941-1007\Software\Patchou\Messenger Plus! Live\GlobalSettings\Scripts\Screenshot Sender 4\Settings\krisparmley@hotmail.com\sSaveDirectory 06/04/2007 15:05 255 bytes Data mismatch between Windows API and raw hive data.HKU\S-1-5-21-3434497008-1765790526-384228941-1007\Software\Patchou\Messenger Plus! Live\GlobalSettings\Scripts\Screenshot Sender 4\Settings\krisparmley@hotmail.com\sLanguage 06/04/2007 15:05 255 bytes Data mismatch between Windows API and raw hive data.HKU\S-1-5-21-3434497008-1765790526-384228941-1007\Software\Patchou\Messenger Plus! Live\GlobalSettings\Scripts\Screenshot Sender 4\Settings\krisparmley@hotmail.com\sFTPDirectory 06/04/2007 15:05 255 bytes Data mismatch between Windows API and raw hive data.HKU\S-1-5-18\Control Panel\International 25/04/2007 18:53 0 bytes Security mismatch.HKU\S-1-5-18\Control Panel\International\Geo 25/04/2007 18:53 0 bytes Security mismatch.HKLM\SECURITY\Policy\Secrets\SAC* 11/01/2005 01:06 0 bytes Key name contains embedded nulls (*)HKLM\SECURITY\Policy\Secrets\SAI* 11/01/2005 01:06 0 bytes Key name contains embedded nulls (*)HKLM\SOFTWARE\Classes\webcal\URL Protocol 25/07/2005 01:40 13 bytes Data mismatch between Windows API and raw hive data.HKLM\SOFTWARE\Microsoft\Cryptography\RNG\Seed 28/04/2007 13:52 80 bytes Data mismatch between Windows API and raw hive data.HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\F8E0B90689E0FB64589F17321D20D248\Usage\CA_AntiSpyware_Files 28/04/2007 13:52 4 bytes Data mismatch between Windows API and raw hive data.C:\Avenger 28/04/2007 13:58 0 bytes Hidden from Windows API.C:\Documents and Settings\Kristy\Application Data\Microsoft\Crypto\RSA\S-1-5-21-3434497008-1765790526-384228941-1007\6855e5dca62c8e81ff3d9accf4acb41d_009aee31-8467-4af5-b353-ad78a1aaf048 28/04/2007 14:20 1.28 KB Visible in directory index, but not Windows API or MFT.C:\Documents and Settings\Kristy\Application Data\Microsoft\Crypto\RSA\S-1-5-21-3434497008-1765790526-384228941-1007\8f0a4cf1260b551dae82a3fd6654dde5_009aee31-8467-4af5-b353-ad78a1aaf048 28/04/2007 14:08 1.28 KB Hidden from Windows API.C:\Documents and Settings\Kristy\Desktop\avenger.exe 25/02/2006 23:28 127.00 KB Hidden from Windows API.C:\Documents and Settings\Kristy\Desktop\avenger.zip 28/04/2007 13:57 124.39 KB Hidden from Windows API.C:\Documents and Settings\Kristy\Desktop\errorlog.txt 28/04/2007 14:00 398 bytes Hidden from Windows API.C:\Documents and Settings\Kristy\Desktop\fsbl-20070428125632.log 28/04/2007 13:56 670 bytes Hidden from Windows API.C:\Documents and Settings\Kristy\Desktop\fsblc.exe 28/04/2007 13:56 666.86 KB Hidden from Windows API.C:\Documents and Settings\Kristy\Local Settings\Application Data\Microsoft\Messenger\c-venn56@hotmail.com\SharingMetadata\danni-loo@hotmail.co.uk\DFSR\Staging\CS{21263296-7100-036F-4B68-42331D9E54B4}\01\10-{21263296-7100-036F-4B68-42331D9E54B4}-v1-{C1B33F 25/04/2007 22:06 8 bytes Hidden from Windows API.C:\Documents and Settings\Kristy\Local Settings\Application Data\Microsoft\Messenger\c-venn56@hotmail.com\SharingMetadata\hornydevil22@hotmail.co.uk\DFSR\Staging\CS{C64F122C-4311-C341-74A6-F5B45114CF88}\01\11-{C64F122C-4311-C341-74A6-F5B45114CF88}-v1-{C1B 25/04/2007 22:06 8 bytes Hidden from Windows API.C:\Documents and Settings\Kristy\Local Settings\Application Data\Microsoft\Messenger\krisparmley@hotmail.com\Sharing Folders\juliejay08@hotmail.com\Track01.cda 01/01/1995 01:00 44 bytes Visible in Windows API, MFT, but not in directory index.C:\Documents and Settings\Kristy\Local Settings\Application Data\Microsoft\Messenger\krisparmley@hotmail.com\Sharing Folders\juliejay08@hotmail.com\Track02.cda 01/01/1995 01:03 44 bytes Visible in Windows API, MFT, but not in directory index.C:\Documents and Settings\Kristy\Local Settings\Application Data\Microsoft\Messenger\krisparmley@hotmail.com\Sharing Folders\juliejay08@hotmail.com\Track03.cda 01/01/1995 01:06 44 bytes Visible in Windows API, MFT, but not in directory index.C:\Documents and Settings\Kristy\Local Settings\Application Data\Microsoft\Messenger\krisparmley@hotmail.com\Sharing Folders\juliejay08@hotmail.com\Track04.cda 01/01/1995 01:10 44 bytes Visible in Windows API, MFT, but not in directory index.C:\Documents and Settings\Kristy\Local Settings\Application Data\Microsoft\Messenger\krisparmley@hotmail.com\Sharing Folders\juliejay08@hotmail.com\Track05.cda 01/01/1995 01:13 44 bytes Visible in Windows API, MFT, but not in directory index.C:\Documents and Settings\Kristy\Local Settings\Application Data\Microsoft\Messenger\krisparmley@hotmail.com\Sharing Folders\juliejay08@hotmail.com\Track06.cda 01/01/1995 01:17 44 bytes Visible in Windows API, MFT, but not in directory index.C:\Documents and Settings\Kristy\Local Settings\Application Data\Microsoft\Messenger\krisparmley@hotmail.com\Sharing Folders\juliejay08@hotmail.com\Track07.cda 01/01/1995 01:20 44 bytes Visible in Windows API, MFT, but not in directory index.C:\Documents and Settings\Kristy\Local Settings\Application Data\Microsoft\Messenger\krisparmley@hotmail.com\Sharing Folders\juliejay08@hotmail.com\Track08.cda 01/01/1995 01:24 44 bytes Visible in Windows API, MFT, but not in directory index.C:\Documents and Settings\Kristy\Local Settings\Application Data\Microsoft\Messenger\krisparmley@hotmail.com\Sharing Folders\juliejay08@hotmail.com\Track09.cda 01/01/1995 01:27 44 bytes Visible in Windows API, MFT, but not in directory index.C:\Documents and Settings\Kristy\Local Settings\Application Data\Microsoft\Messenger\krisparmley@hotmail.com\Sharing Folders\juliejay08@hotmail.com\Track10.cda 01/01/1995 01:30 44 bytes Visible in Windows API, MFT, but not in directory index.C:\Documents and Settings\Kristy\Local Settings\Application Data\Microsoft\Messenger\krisparmley@hotmail.com\Sharing Folders\juliejay08@hotmail.com\Track11.cda 01/01/1995 01:33 44 bytes Visible in Windows API, MFT, but not in directory index.C:\Documents and Settings\Kristy\Local Settings\Application Data\Microsoft\Messenger\krisparmley@hotmail.com\Sharing Folders\juliejay08@hotmail.com\Track12.cda 01/01/1995 01:36 44 bytes Visible in Windows API, MFT, but not in directory index.C:\Documents and Settings\Kristy\Local Settings\Application Data\Microsoft\Messenger\krisparmley@hotmail.com\SharingMetadata\birminghamnewstreet@hotmail.com\DFSR\Staging\CS{79F3A72C-EDB2-2C44-97D1-AE089E332DD5}\01\1836-{79F3A72C-EDB2-2C44-97D1-AE089E332DD 25/04/2007 22:07 8 bytes Hidden from Windows API.C:\Documents and Settings\Kristy\Local Settings\Application Data\Microsoft\Messenger\krisparmley@hotmail.com\SharingMetadata\birminghamnewstreet@hotmail.com\DFSR\Staging\CS{79F3A72C-EDB2-2C44-97D1-AE089E332DD5}\11\11-{4C771369-B03C-4926-99BD-A17E60CA728F} 25/04/2007 22:07 952 bytes Hidden from Windows API.C:\Documents and Settings\Kristy\Local Settings\Application Data\Microsoft\Messenger\krisparmley@hotmail.com\SharingMetadata\birminghamnewstreet@hotmail.com\DFSR\Staging\CS{79F3A72C-EDB2-2C44-97D1-AE089E332DD5}\12\12-{4C771369-B03C-4926-99BD-A17E60CA728F} 25/04/2007 22:07 616 bytes Hidden from Windows API.C:\Documents and Settings\Kristy\Local Settings\Application Data\Microsoft\Messenger\krisparmley@hotmail.com\SharingMetadata\birminghamnewstreet@hotmail.com\DFSR\Staging\CS{79F3A72C-EDB2-2C44-97D1-AE089E332DD5}\13\13-{4C771369-B03C-4926-99BD-A17E60CA728F} 25/04/2007 22:07 1.05 KB Hidden from Windows API.C:\Documents and Settings\Kristy\Local Settings\Application Data\Microsoft\Messenger\krisparmley@hotmail.com\SharingMetadata\birminghamnewstreet@hotmail.com\DFSR\Staging\CS{79F3A72C-EDB2-2C44-97D1-AE089E332DD5}\14\14-{4C771369-B03C-4926-99BD-A17E60CA728F} 25/04/2007 22:07 944 bytes Hidden from Windows API.C:\Documents and Settings\Kristy\Local Settings\Application Data\Microsoft\Messenger\krisparmley@hotmail.com\SharingMetadata\birminghamnewstreet@hotmail.com\DFSR\Staging\CS{79F3A72C-EDB2-2C44-97D1-AE089E332DD5}\15\15-{4C771369-B03C-4926-99BD-A17E60CA728F} 25/04/2007 22:07 744 bytes Hidden from Windows API.C:\Documents and Settings\Kristy\Local Settings\Application Data\Microsoft\Messenger\krisparmley@hotmail.com\SharingMetadata\birminghamnewstreet@hotmail.com\DFSR\Staging\CS{79F3A72C-EDB2-2C44-97D1-AE089E332DD5}\16\16-{4C771369-B03C-4926-99BD-A17E60CA728F} 25/04/2007 22:07 576 bytes Hidden from Windows API.C:\Documents and Settings\Kristy\Local Settings\Application Data\Microsoft\Messenger\krisparmley@hotmail.com\SharingMetadata\charmedone87@gmail.com\DFSR\Staging\CS{8DCAC432-C117-387F-FBF2-85791BD4B01B}\01\78-{8DCAC432-C117-387F-FBF2-85791BD4B01B}-v1-{4E4E 25/04/2007 22:07 8 bytes Hidden from Windows API.C:\Documents and Settings\Kristy\Local Settings\Application Data\Microsoft\Messenger\krisparmley@hotmail.com\SharingMetadata\charmedone87@gmail.com\DFSR\Staging\CS{8DCAC432-C117-387F-FBF2-85791BD4B01B}\81\81-{4E4E2C28-736D-441D-BE63-1D1D18B65399}-v81-{4E4 25/04/2007 22:07 606 bytes Hidden from Windows API.C:\Documents and Settings\Kristy\Local Settings\Application Data\Microsoft\Messenger\krisparmley@hotmail.com\SharingMetadata\charmedone87@gmail.com\DFSR\Staging\CS{8DCAC432-C117-387F-FBF2-85791BD4B01B}\81\81-{4E4E2C28-736D-441D-BE63-1D1D18B65399}-v81-{4E4 25/04/2007 22:07 72 bytes Hidden from Windows API.C:\Documents and Settings\Kristy\Local Settings\Application Data\Microsoft\Messenger\krisparmley@hotmail.com\SharingMetadata\eddersgti@hotmail.com\DFSR\Staging\CS{6848B4EF-879E-385D-BC3A-FFD5C80BB8A6}\01\10-{6848B4EF-879E-385D-BC3A-FFD5C80BB8A6}-v1-{4E4E2 25/04/2007 22:07 8 bytes Hidden from Windows API.C:\Documents and Settings\Kristy\Local Settings\Application Data\Microsoft\Messenger\krisparmley@hotmail.com\SharingMetadata\eddersgti@hotmail.com\DFSR\Staging\CS{6848B4EF-879E-385D-BC3A-FFD5C80BB8A6}\12\11-{4E4E2C28-736D-441D-BE63-1D1D18B65399}-v12-{D703 25/04/2007 22:07 606 bytes Hidden from Windows API.C:\Documents and Settings\Kristy\Local Settings\Application Data\Microsoft\Messenger\krisparmley@hotmail.com\SharingMetadata\eddersgti@hotmail.com\DFSR\Staging\CS{6848B4EF-879E-385D-BC3A-FFD5C80BB8A6}\12\11-{4E4E2C28-736D-441D-BE63-1D1D18B65399}-v12-{D703 25/04/2007 22:07 72 bytes Hidden from Windows API.C:\Documents and Settings\Kristy\Local Settings\Application Data\Microsoft\Messenger\krisparmley@hotmail.com\SharingMetadata\eddersgti@hotmail.com\DFSR\Staging\CS{6848B4EF-879E-385D-BC3A-FFD5C80BB8A6}\15\15-{4E4E2C28-736D-441D-BE63-1D1D18B65399}-v15-{4E4E 25/04/2007 22:07 2.42 KB Hidden from Windows API.C:\Documents and Settings\Kristy\Local Settings\Application Data\Microsoft\Messenger\krisparmley@hotmail.com\SharingMetadata\eddersgti@hotmail.com\DFSR\Staging\CS{6848B4EF-879E-385D-BC3A-FFD5C80BB8A6}\15\15-{4E4E2C28-736D-441D-BE63-1D1D18B65399}-v15-{4E4E 25/04/2007 22:07 272 bytes Hidden from Windows API.C:\Documents and Settings\Kristy\Local Settings\Application Data\Microsoft\Messenger\krisparmley@hotmail.com\SharingMetadata\eddersgti@hotmail.com\DFSR\Staging\CS{6848B4EF-879E-385D-BC3A-FFD5C80BB8A6}\16\12-{4E4E2C28-736D-441D-BE63-1D1D18B65399}-v16-{D703 25/04/2007 22:07 2.46 KB Hidden from Windows API.C:\Documents and Settings\Kristy\Local Settings\Application Data\Microsoft\Messenger\krisparmley@hotmail.com\SharingMetadata\eddersgti@hotmail.com\DFSR\Staging\CS{6848B4EF-879E-385D-BC3A-FFD5C80BB8A6}\16\12-{4E4E2C28-736D-441D-BE63-1D1D18B65399}-v16-{D703 25/04/2007 22:07 272 bytes Hidden from Windows API.C:\Documents and Settings\Kristy\Local Settings\Application Data\Microsoft\Messenger\krisparmley@hotmail.com\SharingMetadata\eddersgti@hotmail.com\DFSR\Staging\CS{6848B4EF-879E-385D-BC3A-FFD5C80BB8A6}\17\13-{4E4E2C28-736D-441D-BE63-1D1D18B65399}-v17-{D703 25/04/2007 22:07 2.38 KB Hidden from Windows API.C:\Documents and Settings\Kristy\Local Settings\Application Data\Microsoft\Messenger\krisparmley@hotmail.com\SharingMetadata\eddersgti@hotmail.com\DFSR\Staging\CS{6848B4EF-879E-385D-BC3A-FFD5C80BB8A6}\17\13-{4E4E2C28-736D-441D-BE63-1D1D18B65399}-v17-{D703 25/04/2007 22:07 272 bytes Hidden from Windows API.C:\Documents and Settings\Kristy\Local Settings\Application Data\Microsoft\Messenger\krisparmley@hotmail.com\SharingMetadata\eddersgti@hotmail.com\DFSR\Staging\CS{6848B4EF-879E-385D-BC3A-FFD5C80BB8A6}\19\19-{4E4E2C28-736D-441D-BE63-1D1D18B65399}-v19-{4E4E 25/04/2007 22:07 1.84 KB Hidden from Windows API.C:\Documents and Settings\Kristy\Local Settings\Application Data\Microsoft\Messenger\krisparmley@hotmail.com\SharingMetadata\eddersgti@hotmail.com\DFSR\Staging\CS{6848B4EF-879E-385D-BC3A-FFD5C80BB8A6}\19\19-{4E4E2C28-736D-441D-BE63-1D1D18B65399}-v19-{4E4E 25/04/2007 22:07 208 bytes Hidden from Windows API.C:\Documents and Settings\Kristy\Local Settings\Application Data\Microsoft\Messenger\krisparmley@hotmail.com\SharingMetadata\eddersgti@hotmail.com\DFSR\Staging\CS{6848B4EF-879E-385D-BC3A-FFD5C80BB8A6}\20\20-{4E4E2C28-736D-441D-BE63-1D1D18B65399}-v20-{4E4E 25/04/2007 22:07 1.80 KB Hidden from Windows API.C:\Documents and Settings\Kristy\Local Settings\Application Data\Microsoft\Messenger\krisparmley@hotmail.com\SharingMetadata\eddersgti@hotmail.com\DFSR\Staging\CS{6848B4EF-879E-385D-BC3A-FFD5C80BB8A6}\20\20-{4E4E2C28-736D-441D-BE63-1D1D18B65399}-v20-{4E4E 25/04/2007 22:07 200 bytes Hidden from Windows API.C:\Documents and Settings\Kristy\Local Settings\Application Data\Microsoft\Messenger\krisparmley@hotmail.com\SharingMetadata\eddersgti@hotmail.com\DFSR\Staging\CS{6848B4EF-879E-385D-BC3A-FFD5C80BB8A6}\21\21-{4E4E2C28-736D-441D-BE63-1D1D18B65399}-v21-{4E4E 25/04/2007 22:07 1.63 KB Hidden from Windows API.C:\Documents and Settings\Kristy\Local Settings\Application Data\Microsoft\Messenger\krisparmley@hotmail.com\SharingMetadata\eddersgti@hotmail.com\DFSR\Staging\CS{6848B4EF-879E-385D-BC3A-FFD5C80BB8A6}\21\21-{4E4E2C28-736D-441D-BE63-1D1D18B65399}-v21-{4E4E 25/04/2007 22:07 200 bytes Hidden from Windows API.C:\Documents and Settings\Kristy\Local Settings\Application Data\Microsoft\Messenger\krisparmley@hotmail.com\SharingMetadata\eddersgti@hotmail.com\DFSR\Staging\CS{6848B4EF-879E-385D-BC3A-FFD5C80BB8A6}\22\22-{4E4E2C28-736D-441D-BE63-1D1D18B65399}-v22-{4E4E 25/04/2007 22:07 1020 bytes Hidden from Windows API.C:\Documents and Settings\Kristy\Local Settings\Application Data\Microsoft\Messenger\krisparmley@hotmail.com\SharingMetadata\eddersgti@hotmail.com\DFSR\Staging\CS{6848B4EF-879E-385D-BC3A-FFD5C80BB8A6}\22\22-{4E4E2C28-736D-441D-BE63-1D1D18B65399}-v22-{4E4E 25/04/2007 22:07 112 bytes Hidden from Windows API.C:\Documents and Settings\Kristy\Local Settings\Application Data\Microsoft\Messenger\krisparmley@hotmail.com\SharingMetadata\eddersgti@hotmail.com\DFSR\Staging\CS{6848B4EF-879E-385D-BC3A-FFD5C80BB8A6}\23\23-{4E4E2C28-736D-441D-BE63-1D1D18B65399}-v23-{4E4E 25/04/2007 22:07 1.82 KB Hidden from Windows API.C:\Documents and Settings\Kristy\Local Settings\Application Data\Microsoft\Messenger\krisparmley@hotmail.com\SharingMetadata\eddersgti@hotmail.com\DFSR\Staging\CS{6848B4EF-879E-385D-BC3A-FFD5C80BB8A6}\23\23-{4E4E2C28-736D-441D-BE63-1D1D18B65399}-v23-{4E4E 25/04/2007 22:07 200 bytes Hidden from Windows API.C:\Documents and Settings\Kristy\Local Settings\Application Data\Microsoft\Messenger\krisparmley@hotmail.com\SharingMetadata\eddersgti@hotmail.com\DFSR\Staging\CS{6848B4EF-879E-385D-BC3A-FFD5C80BB8A6}\24\24-{4E4E2C28-736D-441D-BE63-1D1D18B65399}-v24-{4E4E 25/04/2007 22:07 2.03 KB Hidden from Windows API.C:\Documents and Settings\Kristy\Local Settings\Application Data\Microsoft\Messenger\krisparmley@hotmail.com\SharingMetadata\eddersgti@hotmail.com\DFSR\Staging\CS{6848B4EF-879E-385D-BC3A-FFD5C80BB8A6}\24\24-{4E4E2C28-736D-441D-BE63-1D1D18B65399}-v24-{4E4E 25/04/2007 22:07 240 bytes Hidden from Windows API.C:\Documents and Settings\Kristy\Local Settings\Application Data\Microsoft\Messenger\krisparmley@hotmail.com\SharingMetadata\eddersgti@hotmail.com\DFSR\Staging\CS{6848B4EF-879E-385D-BC3A-FFD5C80BB8A6}\37\1837-{4E4E2C28-736D-441D-BE63-1D1D18B65399}-v1837-{ 25/04/2007 22:07 5.58 KB Hidden from Windows API.C:\Documents and Settings\Kristy\Local Settings\Application Data\Microsoft\Messenger\krisparmley@hotmail.com\SharingMetadata\eddersgti@hotmail.com\DFSR\Staging\CS{6848B4EF-879E-385D-BC3A-FFD5C80BB8A6}\37\1837-{4E4E2C28-736D-441D-BE63-1D1D18B65399}-v1837-{ 25/04/2007 22:07 640 bytes Hidden from Windows API.C:\Documents and Settings\Kristy\Local Settings\Application Data\Microsoft\Messenger\krisparmley@hotmail.com\SharingMetadata\eddersgti@hotmail.com\DFSR\Staging\CS{6848B4EF-879E-385D-BC3A-FFD5C80BB8A6}\37\37-{4E4E2C28-736D-441D-BE63-1D1D18B65399}-v37-{4E4E 25/04/2007 22:07 3.18 KB Hidden from Windows API.C:\Documents and Settings\Kristy\Local Settings\Application Data\Microsoft\Messenger\krisparmley@hotmail.com\SharingMetadata\eddersgti@hotmail.com\DFSR\Staging\CS{6848B4EF-879E-385D-BC3A-FFD5C80BB8A6}\37\37-{4E4E2C28-736D-441D-BE63-1D1D18B65399}-v37-{4E4E 25/04/2007 22:07 352 bytes Hidden from Windows API.C:\Documents and Settings\Kristy\Local Settings\Application Data\Microsoft\Messenger\krisparmley@hotmail.com\SharingMetadata\eddersgti@hotmail.com\DFSR\Staging\CS{6848B4EF-879E-385D-BC3A-FFD5C80BB8A6}\38\38-{4E4E2C28-736D-441D-BE63-1D1D18B65399}-v38-{4E4E 25/04/2007 22:07 3.14 KB Hidden from Windows API.C:\Documents and Settings\Kristy\Local Settings\Application Data\Microsoft\Messenger\krisparmley@hotmail.com\SharingMetadata\eddersgti@hotmail.com\DFSR\Staging\CS{6848B4EF-879E-385D-BC3A-FFD5C80BB8A6}\38\38-{4E4E2C28-736D-441D-BE63-1D1D18B65399}-v38-{4E4E 25/04/2007 22:07 360 bytes Hidden from Windows API.C:\Documents and Settings\Kristy\Local Settings\Application Data\Microsoft\Messenger\krisparmley@hotmail.com\SharingMetadata\eddersgti@hotmail.com\DFSR\Staging\CS{6848B4EF-879E-385D-BC3A-FFD5C80BB8A6}\40\40-{4E4E2C28-736D-441D-BE63-1D1D18B65399}-v40-{4E4E 25/04/2007 22:07 1002 bytes Hidden from Windows API.C:\Documents and Settings\Kristy\Local Settings\Application Data\Microsoft\Messenger\krisparmley@hotmail.com\SharingMetadata\eddersgti@hotmail.com\DFSR\Staging\CS{6848B4EF-879E-385D-BC3A-FFD5C80BB8A6}\40\40-{4E4E2C28-736D-441D-BE63-1D1D18B65399}-v40-{4E4E 25/04/2007 22:07 120 bytes Hidden from Windows API.C:\Documents and Settings\Kristy\Local Settings\Application Data\Microsoft\Messenger\krisparmley@hotmail.com\SharingMetadata\eddersgti@hotmail.com\DFSR\Staging\CS{6848B4EF-879E-385D-BC3A-FFD5C80BB8A6}\41\41-{4E4E2C28-736D-441D-BE63-1D1D18B65399}-v41-{4E4E 25/04/2007 22:07 2.07 KB Hidden from Windows API.C:\Documents and Settings\Kristy\Local Settings\Application Data\Microsoft\Messenger\krisparmley@hotmail.com\SharingMetadata\eddersgti@hotmail.com\DFSR\Staging\CS{6848B4EF-879E-385D-BC3A-FFD5C80BB8A6}\41\41-{4E4E2C28-736D-441D-BE63-1D1D18B65399}-v41-{4E4E 25/04/2007 22:07 232 bytes Hidden from Windows API.C:\Documents and Settings\Kristy\Local Settings\Application Data\Microsoft\Messenger\krisparmley@hotmail.com\SharingMetadata\eddersgti@hotmail.com\DFSR\Staging\CS{6848B4EF-879E-385D-BC3A-FFD5C80BB8A6}\43\43-{4E4E2C28-736D-441D-BE63-1D1D18B65399}-v43-{4E4E 25/04/2007 22:07 2.19 KB Hidden from Windows API.C:\Documents and Settings\Kristy\Local Settings\Application Data\Microsoft\Messenger\krisparmley@hotmail.com\SharingMetadata\eddersgti@hotmail.com\DFSR\Staging\CS{6848B4EF-879E-385D-BC3A-FFD5C80BB8A6}\43\43-{4E4E2C28-736D-441D-BE63-1D1D18B65399}-v43-{4E4E 25/04/2007 22:07 240 bytes Hidden from Windows API.C:\Documents and Settings\Kristy\Local Settings\Application Data\Microsoft\Messenger\krisparmley@hotmail.com\SharingMetadata\eddersgti@hotmail.com\DFSR\Staging\CS{6848B4EF-879E-385D-BC3A-FFD5C80BB8A6}\44\22-{4E4E2C28-736D-441D-BE63-1D1D18B65399}-v44-{D703 25/04/2007 22:07 1.75 KB Hidden from Windows API.C:\Documents and Settings\Kristy\Local Settings\Application Data\Microsoft\Messenger\krisparmley@hotmail.com\SharingMetadata\eddersgti@hotmail.com\DFSR\Staging\CS{6848B4EF-879E-385D-BC3A-FFD5C80BB8A6}\44\22-{4E4E2C28-736D-441D-BE63-1D1D18B65399}-v44-{D703 25/04/2007 22:07 200 bytes Hidden from Windows API.C:\Documents and Settings\Kristy\Local Settings\Application Data\Microsoft\Messenger\krisparmley@hotmail.com\SharingMetadata\eddersgti@hotmail.com\DFSR\Staging\CS{6848B4EF-879E-385D-BC3A-FFD5C80BB8A6}\45\23-{4E4E2C28-736D-441D-BE63-1D1D18B65399}-v45-{D703 25/04/2007 22:07 1.63 KB Hidden from Windows API.C:\Documents and Settings\Kristy\Local Settings\Application Data\Microsoft\Messenger\krisparmley@hotmail.com\SharingMetadata\eddersgti@hotmail.com\DFSR\Staging\CS{6848B4EF-879E-385D-BC3A-FFD5C80BB8A6}\45\23-{4E4E2C28-736D-441D-BE63-1D1D18B65399}-v45-{D703 25/04/2007 22:07 208 bytes Hidden from Windows API.C:\Documents and Settings\Kristy\Local Settings\Application Data\Microsoft\Messenger\krisparmley@hotmail.com\SharingMetadata\eddersgti@hotmail.com\DFSR\Staging\CS{6848B4EF-879E-385D-BC3A-FFD5C80BB8A6}\46\17-{4E4E2C28-736D-441D-BE63-1D1D18B65399}-v46-{D703 25/04/2007 22:07 2.54 KB Hidden from Windows API.C:\Documents and Settings\Kristy\Local Settings\Application Data\Microsoft\Messenger\krisparmley@hotmail.com\SharingMetadata\eddersgti@hotmail.com\DFSR\Staging\CS{6848B4EF-879E-385D-BC3A-FFD5C80BB8A6}\46\17-{4E4E2C28-736D-441D-BE63-1D1D18B65399}-v46-{D703 25/04/2007 22:07 296 bytes Hidden from Windows API.C:\Documents and Settings\Kristy\Local Settings\Application Data\Microsoft\Messenger\krisparmley@hotmail.com\SharingMetadata\eddersgti@hotmail.com\DFSR\Staging\CS{6848B4EF-879E-385D-BC3A-FFD5C80BB8A6}\47\47-{4E4E2C28-736D-441D-BE63-1D1D18B65399}-v47-{4E4E 25/04/2007 22:07 2.23 KB Hidden from Windows API.C:\Documents and Settings\Kristy\Local Settings\Application Data\Microsoft\Messenger\krisparmley@hotmail.com\SharingMetadata\eddersgti@hotmail.com\DFSR\Staging\CS{6848B4EF-879E-385D-BC3A-FFD5C80BB8A6}\47\47-{4E4E2C28-736D-441D-BE63-1D1D18B65399}-v47-{4E4E 25/04/2007 22:07 256 bytes Hidden from Windows API.C:\Documents and Settings\Kristy\Local Settings\Application Data\Microsoft\Messenger\krisparmley@hotmail.com\SharingMetadata\eddersgti@hotmail.com\DFSR\Staging\CS{6848B4EF-879E-385D-BC3A-FFD5C80BB8A6}\48\16-{4E4E2C28-736D-441D-BE63-1D1D18B65399}-v48-{D703 25/04/2007 22:07 1.88 KB Hidden from Windows API.C:\Documents and Settings\Kristy\Local Settings\Application Data\Microsoft\Messenger\krisparmley@hotmail.com\SharingMetadata\eddersgti@hotmail.com\DFSR\Staging\CS{6848B4EF-879E-385D-BC3A-FFD5C80BB8A6}\48\16-{4E4E2C28-736D-441D-BE63-1D1D18B65399}-v48-{D703 25/04/2007 22:07 232 bytes Hidden from Windows API.C:\Documents and Settings\Kristy\Local Settings\Application Data\Microsoft\Messenger\krisparmley@hotmail.com\SharingMetadata\eddersgti@hotmail.com\DFSR\Staging\CS{6848B4EF-879E-385D-BC3A-FFD5C80BB8A6}\49\24-{4E4E2C28-736D-441D-BE63-1D1D18B65399}-v49-{D703 25/04/2007 22:07 1.35 KB Hidden from Windows API.C:\Documents and Settings\Kristy\Local Settings\Application Data\Microsoft\Messenger\krisparmley@hotmail.com\SharingMetadata\eddersgti@hotmail.com\DFSR\Staging\CS{6848B4EF-879E-385D-BC3A-FFD5C80BB8A6}\49\24-{4E4E2C28-736D-441D-BE63-1D1D18B65399}-v49-{D703 25/04/2007 22:07 168 bytes Hidden from Windows API.C:\Documents and Settings\Kristy\Local Settings\Application Data\Microsoft\Messenger\krisparmley@hotmail.com\SharingMetadata\eddersgti@hotmail.com\DFSR\Staging\CS{6848B4EF-879E-385D-BC3A-FFD5C80BB8A6}\50\25-{4E4E2C28-736D-441D-BE63-1D1D18B65399}-v50-{D703 25/04/2007 22:07 1.84 KB Hidden from Windows API.C:\Documents and Settings\Kristy\Local Settings\Application Data\Microsoft\Messenger\krisparmley@hotmail.com\SharingMetadata\eddersgti@hotmail.com\DFSR\Staging\CS{6848B4EF-879E-385D-BC3A-FFD5C80BB8A6}\50\25-{4E4E2C28-736D-441D-BE63-1D1D18B65399}-v50-{D703 25/04/2007 22:07 224 bytes Hidden from Windows API.C:\Documents and Settings\Kristy\Local Settings\Application Data\Microsoft\Messenger\krisparmley@hotmail.com\SharingMetadata\eddersgti@hotmail.com\DFSR\Staging\CS{6848B4EF-879E-385D-BC3A-FFD5C80BB8A6}\51\51-{4E4E2C28-736D-441D-BE63-1D1D18B65399}-v51-{4E4E 25/04/2007 22:07 1.96 KB Hidden from Windows API.C:\Documents and Settings\Kristy\Local Settings\Application Data\Microsoft\Messenger\krisparmley@hotmail.com\SharingMetadata\eddersgti@hotmail.com\DFSR\Staging\CS{6848B4EF-879E-385D-BC3A-FFD5C80BB8A6}\51\51-{4E4E2C28-736D-441D-BE63-1D1D18B65399}-v51-{4E4E 25/04/2007 22:07 224 bytes Hidden from Windows API.C:\Documents and Settings\Kristy\Local Settings\Application Data\Microsoft\Messenger\krisparmley@hotmail.com\SharingMetadata\eddersgti@hotmail.com\DFSR\Staging\CS{6848B4EF-879E-385D-BC3A-FFD5C80BB8A6}\52\52-{4E4E2C28-736D-441D-BE63-1D1D18B65399}-v52-{4E4E 25/04/2007 22:07 1.52 KB Hidden from Windows API.C:\Documents and Settings\Kristy\Local Settings\Application Data\Microsoft\Messenger\krisparmley@hotmail.com\SharingMetadata\eddersgti@hotmail.com\DFSR\Staging\CS{6848B4EF-879E-385D-BC3A-FFD5C80BB8A6}\52\52-{4E4E2C28-736D-441D-BE63-1D1D18B65399}-v52-{4E4E 25/04/2007 22:07 176 bytes Hidden from Windows API.C:\Documents and Settings\Kristy\Local Settings\Application Data\Microsoft\Messenger\krisparmley@hotmail.com\SharingMetadata\eddersgti@hotmail.com\DFSR\Staging\CS{6848B4EF-879E-385D-BC3A-FFD5C80BB8A6}\53\53-{4E4E2C28-736D-441D-BE63-1D1D18B65399}-v53-{4E4E 25/04/2007 22:07 1.49 KB Hidden from Windows API.C:\Documents and Settings\Kristy\Local Settings\Application Data\Microsoft\Messenger\krisparmley@hotmail.com\SharingMetadata\eddersgti@hotmail.com\DFSR\Staging\CS{6848B4EF-879E-385D-BC3A-FFD5C80BB8A6}\53\53-{4E4E2C28-736D-441D-BE63-1D1D18B65399}-v53-{4E4E 25/04/2007 22:07 176 bytes Hidden from Windows API.C:\Documents and Settings\Kristy\Local Settings\Application Data\Microsoft\Messenger\krisparmley@hotmail.com\SharingMetadata\eddersgti@hotmail.com\DFSR\Staging\CS{6848B4EF-879E-385D-BC3A-FFD5C80BB8A6}\54\26-{4E4E2C28-736D-441D-BE63-1D1D18B65399}-v54-{D703 25/04/2007 22:07 2.28 KB Hidden from Windows API.C:\Documents and Settings\Kristy\Local Settings\Application Data\Microsoft\Messenger\krisparmley@hotmail.com\SharingMetadata\eddersgti@hotmail.com\DFSR\Staging\CS{6848B4EF-879E-385D-BC3A-FFD5C80BB8A6}\54\26-{4E4E2C28-736D-441D-BE63-1D1D18B65399}-v54-{D703 25/04/2007 22:07 248 bytes Hidden from Windows API.C:\Documents and Settings\Kristy\Local Settings\Application Data\Microsoft\Messenger\krisparmley@hotmail.com\SharingMetadata\eddersgti@hotmail.com\DFSR\Staging\CS{6848B4EF-879E-385D-BC3A-FFD5C80BB8A6}\55\27-{4E4E2C28-736D-441D-BE63-1D1D18B65399}-v55-{D703 25/04/2007 22:07 2.33 KB Hidden from Windows API.C:\Documents and Settings\Kristy\Local Settings\Application Data\Microsoft\Messenger\krisparmley@hotmail.com\SharingMetadata\eddersgti@hotmail.com\DFSR\Staging\CS{6848B4EF-879E-385D-BC3A-FFD5C80BB8A6}\55\27-{4E4E2C28-736D-441D-BE63-1D1D18B65399}-v55-{D703 25/04/2007 22:07 264 bytes Hidden from Windows API.C:\Documents and Settings\Kristy\Local Settings\Application Data\Microsoft\Messenger\krisparmley@hotmail.com\SharingMetadata\eddersgti@hotmail.com\DFSR\Staging\CS{6848B4EF-879E-385D-BC3A-FFD5C80BB8A6}\56\56-{4E4E2C28-736D-441D-BE63-1D1D18B65399}-v56-{4E4E 25/04/2007 22:07 2.51 KB Hidden from Windows API.C:\Documents and Settings\Kristy\Local Settings\Application Data\Microsoft\Messenger\krisparmley@hotmail.com\SharingMetadata\eddersgti@hotmail.com\DFSR\Staging\CS{6848B4EF-879E-385D-BC3A-FFD5C80BB8A6}\56\56-{4E4E2C28-736D-441D-BE63-1D1D18B65399}-v56-{4E4E 25/04/2007 22:07 280 bytes Hidden from Windows API.C:\Documents and Settings\Kristy\Local Settings\Application Data\Microsoft\Messenger\krisparmley@hotmail.com\SharingMetadata\eddersgti@hotmail.com\DFSR\Staging\CS{6848B4EF-879E-385D-BC3A-FFD5C80BB8A6}\57\28-{4E4E2C28-736D-441D-BE63-1D1D18B65399}-v57-{D703 25/04/2007 22:07 2.63 KB Hidden from Windows API.C:\Documents and Settings\Kristy\Local Settings\Application Data\Microsoft\Messenger\krisparmley@hotmail.com\SharingMetadata\eddersgti@hotmail.com\DFSR\Staging\CS{6848B4EF-879E-385D-BC3A-FFD5C80BB8A6}\57\28-{4E4E2C28-736D-441D-BE63-1D1D18B65399}-v57-{D703 25/04/2007 22:07 304 bytes Hidden from Windows API.C:\Documents and Settings\Kristy\Local Settings\Application Data\Microsoft\Messenger\krisparmley@hotmail.com\SharingMetadata\eddersgti@hotmail.com\DFSR\Staging\CS{6848B4EF-879E-385D-BC3A-FFD5C80BB8A6}\58\29-{4E4E2C28-736D-441D-BE63-1D1D18B65399}-v58-{D703 25/04/2007 22:07 2.09 KB Hidden from Windows API.C:\Documents and Settings\Kristy\Local Settings\Application Data\Microsoft\Messenger\krisparmley@hotmail.com\SharingMetadata\eddersgti@hotmail.com\DFSR\Staging\CS{6848B4EF-879E-385D-BC3A-FFD5C80BB8A6}\58\29-{4E4E2C28-736D-441D-BE63-1D1D18B65399}-v58-{D703 25/04/2007 22:07 232 bytes Hidden from Windows API.C:\Documents and Settings\Kristy\Local Settings\Application Data\Microsoft\Messenger\krisparmley@hotmail.com\SharingMetadata\eddersgti@hotmail.com\DFSR\Staging\CS{6848B4EF-879E-385D-BC3A-FFD5C80BB8A6}\59\59-{4E4E2C28-736D-441D-BE63-1D1D18B65399}-v59-{4E4E 25/04/2007 22:07 1.73 KB Hidden from Windows API.C:\Documents and Settings\Kristy\Local Settings\Application Data\Microsoft\Messenger\krisparmley@hotmail.com\SharingMetadata\eddersgti@hotmail.com\DFSR\Staging\CS{6848B4EF-879E-385D-BC3A-FFD5C80BB8A6}\59\59-{4E4E2C28-736D-441D-BE63-1D1D18B65399}-v59-{4E4E 25/04/2007 22:07 184 bytes Hidden from Windows API.C:\Documents and Settings\Kristy\Local Settings\Application Data\Microsoft\Messenger\krisparmley@hotmail.com\SharingMetadata\eddersgti@hotmail.com\DFSR\Staging\CS{6848B4EF-879E-385D-BC3A-FFD5C80BB8A6}\60\60-{4E4E2C28-736D-441D-BE63-1D1D18B65399}-v60-{4E4E 25/04/2007 22:07 1.84 KB Hidden from Windows API.C:\Documents and Settings\Kristy\Local Settings\Application Data\Microsoft\Messenger\krisparmley@hotmail.com\SharingMetadata\eddersgti@hotmail.com\DFSR\Staging\CS{6848B4EF-879E-385D-BC3A-FFD5C80BB8A6}\60\60-{4E4E2C28-736D-441D-BE63-1D1D18B65399}-v60-{4E4E 25/04/2007 22:07 216 bytes Hidden from Windows API.C:\Documents and Settings\Kristy\Local Settings\Application Data\Microsoft\Messenger\krisparmley@hotmail.com\SharingMetadata\eddersgti@hotmail.com\DFSR\Staging\CS{6848B4EF-879E-385D-BC3A-FFD5C80BB8A6}\61\61-{4E4E2C28-736D-441D-BE63-1D1D18B65399}-v61-{4E4E 25/04/2007 22:07 1.82 KB Hidden from Windows API.C:\Documents and Settings\Kristy\Local Settings\Application Data\Microsoft\Messenger\krisparmley@hotmail.com\SharingMetadata\eddersgti@hotmail.com\DFSR\Staging\CS{6848B4EF-879E-385D-BC3A-FFD5C80BB8A6}\61\61-{4E4E2C28-736D-441D-BE63-1D1D18B65399}-v61-{4E4E 25/04/2007 22:07 216 bytes Hidden from Windows API.C:\Documents and Settings\Kristy\Local Settings\Application Data\Microsoft\Messenger\krisparmley@hotmail.com\SharingMetadata\eddersgti@hotmail.com\DFSR\Staging\CS{6848B4EF-879E-385D-BC3A-FFD5C80BB8A6}\62\18-{4E4E2C28-736D-441D-BE63-1D1D18B65399}-v62-{D703 25/04/2007 22:07 2.37 KB Hidden from Windows API.C:\Documents and Settings\Kristy\Local Settings\Application Data\Microsoft\Messenger\krisparmley@hotmail.com\SharingMetadata\eddersgti@hotmail.com\DFSR\Staging\CS{6848B4EF-879E-385D-BC3A-FFD5C80BB8A6}\62\18-{4E4E2C28-736D-441D-BE63-1D1D18B65399}-v62-{D703 25/04/2007 22:07 272 bytes Hidden from Windows API.C:\Documents and Settings\Kristy\Local Settings\Application Data\Microsoft\Messenger\krisparmley@hotmail.com\SharingMetadata\eddersgti@hotmail.com\DFSR\Staging\CS{6848B4EF-879E-385D-BC3A-FFD5C80BB8A6}\63\19-{4E4E2C28-736D-441D-BE63-1D1D18B65399}-v63-{D703 25/04/2007 22:07 3.07 KB Hidden from Windows API.C:\Documents and Settings\Kristy\Local Settings\Application Data\Microsoft\Messenger\krisparmley@hotmail.com\SharingMetadata\eddersgti@hotmail.com\DFSR\Staging\CS{6848B4EF-879E-385D-BC3A-FFD5C80BB8A6}\63\19-{4E4E2C28-736D-441D-BE63-1D1D18B65399}-v63-{D703 25/04/2007 22:07 344 bytes Hidden from Windows API.C:\Documents and Settings\Kristy\Local Settings\Application Data\Microsoft\Messenger\krisparmley@hotmail.com\SharingMetadata\eddersgti@hotmail.com\DFSR\Staging\CS{6848B4EF-879E-385D-BC3A-FFD5C80BB8A6}\64\30-{4E4E2C28-736D-441D-BE63-1D1D18B65399}-v64-{D703 25/04/2007 22:07 3.04 KB Hidden from Windows API.C:\Documents and Settings\Kristy\Local Settings\Application Data\Microsoft\Messenger\krisparmley@hotmail.com\SharingMetadata\eddersgti@hotmail.com\DFSR\Staging\CS{6848B4EF-879E-385D-BC3A-FFD5C80BB8A6}\64\30-{4E4E2C28-736D-441D-BE63-1D1D18B65399}-v64-{D703 25/04/2007 22:07 352 bytes Hidden from Windows API.C:\Documents and Settings\Kristy\Local Settings\Application Data\Microsoft\Messenger\krisparmley@hotmail.com\SharingMetadata\eddersgti@hotmail.com\DFSR\Staging\CS{6848B4EF-879E-385D-BC3A-FFD5C80BB8A6}\65\31-{4E4E2C28-736D-441D-BE63-1D1D18B65399}-v65-{D703 25/04/2007 22:07 2.88 KB Hidden from Windows API.C:\Documents and Settings\Kristy\Local Settings\Application Data\Microsoft\Messenger\krisparmley@hotmail.com\SharingMetadata\eddersgti@hotmail.com\DFSR\Staging\CS{6848B4EF-879E-385D-BC3A-FFD5C80BB8A6}\65\31-{4E4E2C28-736D-441D-BE63-1D1D18B65399}-v65-{D703 25/04/2007 22:07 328 bytes Hidden from Windows API.C:\Documents and Settings\Kristy\Local Settings\Application Data\Microsoft\Messenger\krisparmley@hotmail.com\SharingMetadata\eddersgti@hotmail.com\DFSR\Staging\CS{6848B4EF-879E-385D-BC3A-FFD5C80BB8A6}\66\66-{4E4E2C28-736D-441D-BE63-1D1D18B65399}-v66-{4E4E 25/04/2007 22:07 1.54 KB Hidden from Windows API.C:\Documents and Settings\Kristy\Local Settings\Application Data\Microsoft\Messenger\krisparmley@hotmail.com\SharingMetadata\eddersgti@hotmail.com\DFSR\Staging\CS{6848B4EF-879E-385D-BC3A-FFD5C80BB8A6}\66\66-{4E4E2C28-736D-441D-BE63-1D1D18B65399}-v66-{4E4E 25/04/2007 22:07 176 bytes Hidden from Windows API.C:\Documents and Settings\Kristy\Local Settings\Application Data\Microsoft\Messenger\krisparmley@hotmail.com\SharingMetadata\eddersgti@hotmail.com\DFSR\Staging\CS{6848B4EF-879E-385D-BC3A-FFD5C80BB8A6}\67\67-{4E4E2C28-736D-441D-BE63-1D1D18B65399}-v67-{4E4E 25/04/2007 22:07 1.75 KB Hidden from Windows API.C:\Documents and Settings\Kristy\Local Settings\Application Data\Microsoft\Messenger\krisparmley@hotmail.com\SharingMetadata\eddersgti@hotmail.com\DFSR\Staging\CS{6848B4EF-879E-385D-BC3A-FFD5C80BB8A6}\67\67-{4E4E2C28-736D-441D-BE63-1D1D18B65399}-v67-{4E4E 25/04/2007 22:07 192 bytes Hidden from Windows API.C:\Documents and Settings\Kristy\Local Settings\Application Data\Microsoft\Messenger\krisparmley@hotmail.com\SharingMetadata\eddersgti@hotmail.com\DFSR\Staging\CS{6848B4EF-879E-385D-BC3A-FFD5C80BB8A6}\68\68-{4E4E2C28-736D-441D-BE63-1D1D18B65399}-v68-{4E4E 25/04/2007 22:07 2.23 KB Hidden from Windows API.C:\Documents and Settings\Kristy\Local Settings\Application Data\Microsoft\Messenger\krisparmley@hotmail.com\SharingMetadata\eddersgti@hotmail.com\DFSR\Staging\CS{6848B4EF-879E-385D-BC3A-FFD5C80BB8A6}\68\68-{4E4E2C28-736D-441D-BE63-1D1D18B65399}-v68-{4E4E 25/04/2007 22:07 256 bytes Hidden from Windows API.C:\Documents and Settings\Kristy\Local Settings\Application Data\Microsoft\Messenger\krisparmley@hotmail.com\SharingMetadata\eddersgti@hotmail.com\DFSR\Staging\CS{6848B4EF-879E-385D-BC3A-FFD5C80BB8A6}\69\69-{4E4E2C28-736D-441D-BE63-1D1D18B65399}-v69-{4E4E 25/04/2007 22:07 3.98 KB Hidden from Windows API.C:\Documents and Settings\Kristy\Local Settings\Application Data\Microsoft\Messenger\krisparmley@hotmail.com\SharingMetadata\eddersgti@hotmail.com\DFSR\Staging\CS{6848B4EF-879E-385D-BC3A-FFD5C80BB8A6}\69\69-{4E4E2C28-736D-441D-BE63-1D1D18B65399}-v69-{4E4E 25/04/2007 22:07 432 bytes Hidden from Windows API.C:\Documents and Settings\Kristy\Local Settings\Application Data\Microsoft\Messenger\krisparmley@hotmail.com\SharingMetadata\juliejay08@hotmail.com\DFSR\Staging\CS{AD32B7E6-29EF-1A44-EA96-C0DAC42CC13E}\01\1001-{4E4E2C28-736D-441D-BE63-1D1D18B65399}-v1001- 25/04/2007 22:07 8 bytes Hidden from Windows API.C:\Documents and Settings\Kristy\Local Settings\Application Data\Microsoft\Messenger\krisparmley@hotmail.com\SharingMetadata\juliejay08@hotmail.com\DFSR\Staging\CS{AD32B7E6-29EF-1A44-EA96-C0DAC42CC13E}\01\11-{AD32B7E6-29EF-1A44-EA96-C0DAC42CC13E}-v1-{B7A0 25/04/2007 22:07 8 bytes Hidden from Windows API.C:\Documents and Settings\Kristy\Local Settings\Application Data\Microsoft\Messenger\krisparmley@hotmail.com\SharingMetadata\juliejay08@hotmail.com\DFSR\Staging\CS{AD32B7E6-29EF-1A44-EA96-C0DAC42CC13E}\02\1002-{4E4E2C28-736D-441D-BE63-1D1D18B65399}-v1002- 25/04/2007 22:07 8 bytes Hidden from Windows API.C:\Documents and Settings\Kristy\Local Settings\Application Data\Microsoft\Messenger\krisparmley@hotmail.com\SharingMetadata\juliejay08@hotmail.com\DFSR\Staging\CS{AD32B7E6-29EF-1A44-EA96-C0DAC42CC13E}\02\602-{4E4E2C28-736D-441D-BE63-1D1D18B65399}-v602-{4 25/04/2007 22:07 8 bytes Hidden from Windows API.C:\Documents and Settings\Kristy\Local Settings\Application Data\Microsoft\Messenger\krisparmley@hotmail.com\SharingMetadata\juliejay08@hotmail.com\DFSR\Staging\CS{AD32B7E6-29EF-1A44-EA96-C0DAC42CC13E}\04\304-{4E4E2C28-736D-441D-BE63-1D1D18B65399}-v304-{4 25/04/2007 22:07 822 bytes Hidden from Windows API.C:\Documents and Settings\Kristy\Local Settings\Application Data\Microsoft\Messenger\krisparmley@hotmail.com\SharingMetadata\juliejay08@hotmail.com\DFSR\Staging\CS{AD32B7E6-29EF-1A44-EA96-C0DAC42CC13E}\04\304-{4E4E2C28-736D-441D-BE63-1D1D18B65399}-v304-{4 25/04/2007 22:07 120 bytes Hidden from Windows API.C:\Documents and Settings\Kristy\Local Settings\Application Data\Microsoft\Messenger\krisparmley@hotmail.com\SharingMetadata\juliejay08@hotmail.com\DFSR\Staging\CS{AD32B7E6-29EF-1A44-EA96-C0DAC42CC13E}\05\305-{4E4E2C28-736D-441D-BE63-1D1D18B65399}-v305-{4 25/04/2007 22:07 1.01 KB Hidden from Windows API.C:\Documents and Settings\Kristy\Local Settings\Application Data\Microsoft\Messenger\krisparmley@hotmail.com\SharingMetadata\juliejay08@hotmail.com\DFSR\Staging\CS{AD32B7E6-29EF-1A44-EA96-C0DAC42CC13E}\05\305-{4E4E2C28-736D-441D-BE63-1D1D18B65399}-v305-{4 25/04/2007 22:07 128 bytes Hidden from Windows API.C:\Documents and Settings\Kristy\Local Settings\Application Data\Microsoft\Messenger\krisparmley@hotmail.com\SharingMetadata\juliejay08@hotmail.com\DFSR\Staging\CS{AD32B7E6-29EF-1A44-EA96-C0DAC42CC13E}\06\1006-{4E4E2C28-736D-441D-BE63-1D1D18B65399}-v1006- 25/04/2007 22:07 8 bytes Hidden from Windows API.C:\Documents and Settings\Kristy\Local Settings\Application Data\Microsoft\Messenger\krisparmley@hotmail.com\SharingMetadata\juliejay08@hotmail.com\DFSR\Staging\CS{AD32B7E6-29EF-1A44-EA96-C0DAC42CC13E}\06\306-{4E4E2C28-736D-441D-BE63-1D1D18B65399}-v306-{4 25/04/2007 22:07 750 bytes Hidden from Windows API.C:\Documents and Settings\Kristy\Local Settings\Application Data\Microsoft\Messenger\krisparmley@hotmail.com\SharingMetadata\juliejay08@hotmail.com\DFSR\Staging\CS{AD32B7E6-29EF-1A44-EA96-C0DAC42CC13E}\06\306-{4E4E2C28-736D-441D-BE63-1D1D18B65399}-v306-{4 25/04/2007 22:07 96 bytes Hidden from Windows API.C:\Documents and Settings\Kristy\Local Settings\Application Data\Microsoft\Messenger\krisparmley@hotmail.com\SharingMetadata\juliejay08@hotmail.com\DFSR\Staging\CS{AD32B7E6-29EF-1A44-EA96-C0DAC42CC13E}\07\307-{4E4E2C28-736D-441D-BE63-1D1D18B65399}-v307-{4 25/04/2007 22:07 8 bytes Hidden from Windows API.C:\Documents and Settings\Kristy\Local Settings\Application Data\Microsoft\Messenger\krisparmley@hotmail.com\SharingMetadata\juliejay08@hotmail.com\DFSR\Staging\CS{AD32B7E6-29EF-1A44-EA96-C0DAC42CC13E}\07\407-{4E4E2C28-736D-441D-BE63-1D1D18B65399}-v407-{4 25/04/2007 22:07 138 bytes Hidden from Windows API.C:\Documents and Settings\Kristy\Local Settings\Application Data\Microsoft\Messenger\krisparmley@hotmail.com\SharingMetadata\juliejay08@hotmail.com\DFSR\Staging\CS{AD32B7E6-29EF-1A44-EA96-C0DAC42CC13E}\07\407-{4E4E2C28-736D-441D-BE63-1D1D18B65399}-v407-{4 25/04/2007 22:07 296 bytes Hidden from Windows API.C:\Documents and Settings\Kristy\Local Settings\Application Data\Microsoft\Messenger\krisparmley@hotmail.com\SharingMetadata\juliejay08@hotmail.com\DFSR\Staging\CS{AD32B7E6-29EF-1A44-EA96-C0DAC42CC13E}\08\1808-{4E4E2C28-736D-441D-BE63-1D1D18B65399}-v1808- 25/04/2007 22:07 8 bytes Hidden from Windows API.C:\Documents and Settings\Kristy\Local Settings\Application Data\Microsoft\Messenger\krisparmley@hotmail.com\SharingMetadata\juliejay08@hotmail.com\DFSR\Staging\CS{AD32B7E6-29EF-1A44-EA96-C0DAC42CC13E}\08\308-{4E4E2C28-736D-441D-BE63-1D1D18B65399}-v308-{4 25/04/2007 22:07 8 bytes Hidden from Windows API.C:\Documents and Settings\Kristy\Local Settings\Application Data\Microsoft\Messenger\krisparmley@hotmail.com\SharingMetadata\juliejay08@hotmail.com\DFSR\Staging\CS{AD32B7E6-29EF-1A44-EA96-C0DAC42CC13E}\08\708-{4E4E2C28-736D-441D-BE63-1D1D18B65399}-v708-{4 25/04/2007 22:07 1.45 KB Hidden from Windows API.C:\Documents and Settings\Kristy\Local Settings\Application Data\Microsoft\Messenger\krisparmley@hotmail.com\SharingMetadata\juliejay08@hotmail.com\DFSR\Staging\CS{AD32B7E6-29EF-1A44-EA96-C0DAC42CC13E}\08\708-{4E4E2C28-736D-441D-BE63-1D1D18B65399}-v708-{4 25/04/2007 22:07 296 bytes Hidden from Windows API.C:\Documents and Settings\Kristy\Local Settings\Application Data\Microsoft\Messenger\krisparmley@hotmail.com\SharingMetadata\juliejay08@hotmail.com\DFSR\Staging\CS{AD32B7E6-29EF-1A44-EA96-C0DAC42CC13E}\09\1809-{4E4E2C28-736D-441D-BE63-1D1D18B65399}-v1809- 25/04/2007 22:07 8 bytes Hidden from Windows API.C:\Documents and Settings\Kristy\Local Settings\Application Data\Microsoft\Messenger\krisparmley@hotmail.com\SharingMetadata\juliejay08@hotmail.com\DFSR\Staging\CS{AD32B7E6-29EF-1A44-EA96-C0DAC42CC13E}\09\309-{4E4E2C28-736D-441D-BE63-1D1D18B65399}-v309-{4 25/04/2007 22:07 8 bytes Hidden from Windows API.C:\Documents and Settings\Kristy\Local Settings\Application Data\Microsoft\Messenger\krisparmley@hotmail.com\SharingMetadata\juliejay08@hotmail.com\DFSR\Staging\CS{AD32B7E6-29EF-1A44-EA96-C0DAC42CC13E}\10\1810-{4E4E2C28-736D-441D-BE63-1D1D18B65399}-v1810- 25/04/2007 22:07 8 bytes Hidden from Windows API.C:\Documents and Settings\Kristy\Local Settings\Application Data\Microsoft\Messenger\krisparmley@hotmail.com\SharingMetadata\juliejay08@hotmail.com\DFSR\Staging\CS{AD32B7E6-29EF-1A44-EA96-C0DAC42CC13E}\10\310-{4E4E2C28-736D-441D-BE63-1D1D18B65399}-v310-{4 25/04/2007 22:07 8 bytes Hidden from Windows API.C:\Documents and Settings\Kristy\Local Settings\Application Data\Microsoft\Messenger\krisparmley@hotmail.com\SharingMetadata\juliejay08@hotmail.com\DFSR\Staging\CS{AD32B7E6-29EF-1A44-EA96-C0DAC42CC13E}\11\1811-{4E4E2C28-736D-441D-BE63-1D1D18B65399}-v1811- 25/04/2007 22:07 8 bytes Hidden from Windows API.C:\Documents and Settings\Kristy\Local Settings\Application Data\Microsoft\Messenger\krisparmley@hotmail.com\SharingMetadata\juliejay08@hotmail.com\DFSR\Staging\CS{AD32B7E6-29EF-1A44-EA96-C0DAC42CC13E}\13\213-{4E4E2C28-736D-441D-BE63-1D1D18B65399}-v213-{4 25/04/2007 22:07 1.29 MB Hidden from Windows API.C:\Documents and Settings\Kristy\Local Settings\Application Data\Microsoft\Messenger\krisparmley@hotmail.com\SharingMetadata\juliejay08@hotmail.com\DFSR\Staging\CS{AD32B7E6-29EF-1A44-EA96-C0DAC42CC13E}\13\213-{4E4E2C28-736D-441D-BE63-1D1D18B65399}-v213-{4 25/04/2007 22:07 94.32 KB Hidden from Windows API.C:\Documents and Settings\Kristy\Local Settings\Application Data\Microsoft\Messenger\krisparmley@hotmail.com\SharingMetadata\juliejay08@hotmail.com\DFSR\Staging\CS{AD32B7E6-29EF-1A44-EA96-C0DAC42CC13E}\13\213-{4E4E2C28-736D-441D-BE63-1D1D18B65399}-v213-{4 25/04/2007 22:07 6.60 KB Hidden from Windows API.C:\Documents and Settings\Kristy\Local Settings\Application Data\Microsoft\Messenger\krisparmley@hotmail.com\SharingMetadata\juliejay08@hotmail.com\DFSR\Staging\CS{AD32B7E6-29EF-1A44-EA96-C0DAC42CC13E}\13\213-{4E4E2C28-736D-441D-BE63-1D1D18B65399}-v213-{4 25/04/2007 22:07 147.26 KB Hidden from Windows API.C:\Documents and Settings\Kristy\Local Settings\Application Data\Microsoft\Messenger\krisparmley@hotmail.com\SharingMetadata\juliejay08@hotmail.com\DFSR\Staging\CS{AD32B7E6-29EF-1A44-EA96-C0DAC42CC13E}\14\214-{4E4E2C28-736D-441D-BE63-1D1D18B65399}-v214-{4 25/04/2007 22:07 63.80 KB Hidden from Windows API.C:\Documents and Settings\Kristy\Local Settings\Application Data\Microsoft\Messenger\krisparmley@hotmail.com\SharingMetadata\juliejay08@hotmail.com\DFSR\Staging\CS{AD32B7E6-29EF-1A44-EA96-C0DAC42CC13E}\14\214-{4E4E2C28-736D-441D-BE63-1D1D18B65399}-v214-{4 25/04/2007 22:07 4.51 KB Hidden from Windows API.C:\Documents and Settings\Kristy\Local Settings\Application Data\Microsoft\Messenger\krisparmley@hotmail.com\SharingMetadata\juliejay08@hotmail.com\DFSR\Staging\CS{AD32B7E6-29EF-1A44-EA96-C0DAC42CC13E}\14\214-{4E4E2C28-736D-441D-BE63-1D1D18B65399}-v214-{4 25/04/2007 22:07 7.09 KB Hidden from Windows API.C:\Documents and Settings\Kristy\Local Settings\Application Data\Microsoft\Messenger\krisparmley@hotmail.com\SharingMetadata\juliejay08@hotmail.com\DFSR\Staging\CS{AD32B7E6-29EF-1A44-EA96-C0DAC42CC13E}\15\215-{4E4E2C28-736D-441D-BE63-1D1D18B65399}-v215-{4 25/04/2007 22:07 45.93 KB Hidden from Windows API.C:\Documents and Settings\Kristy\Local Settings\Application Data\Microsoft\Messenger\krisparmley@hotmail.com\SharingMetadata\juliejay08@hotmail.com\DFSR\Staging\CS{AD32B7E6-29EF-1A44-EA96-C0DAC42CC13E}\15\215-{4E4E2C28-736D-441D-BE63-1D1D18B65399}-v215-{4 25/04/2007 22:07 3.23 KB Hidden from Windows API.C:\Documents and Settings\Kristy\Local Settings\Application Data\Microsoft\Messenger\krisparmley@hotmail.com\SharingMetadata\juliejay08@hotmail.com\DFSR\Staging\CS{AD32B7E6-29EF-1A44-EA96-C0DAC42CC13E}\15\215-{4E4E2C28-736D-441D-BE63-1D1D18B65399}-v215-{4 25/04/2007 22:07 5.13 KB Hidden from Windows API.C:\Documents and Settings\Kristy\Local Settings\Application Data\Microsoft\Messenger\krisparmley@hotmail.com\SharingMetadata\juliejay08@hotmail.com\DFSR\Staging\CS{AD32B7E6-29EF-1A44-EA96-C0DAC42CC13E}\15\725-{B7A0B38E-0473-4B3B-8B10-35F0CA6E3473}-v715-{B 25/04/2007 22:07 176 bytes Hidden from Windows API.C:\Documents and Settings\Kristy\Local Settings\Application Data\Microsoft\Messenger\krisparmley@hotmail.com\SharingMetadata\juliejay08@hotmail.com\DFSR\Staging\CS{AD32B7E6-29EF-1A44-EA96-C0DAC42CC13E}\16\216-{4E4E2C28-736D-441D-BE63-1D1D18B65399}-v216-{4 25/04/2007 22:07 40.49 KB Hidden from Windows API.C:\Documents and Settings\Kristy\Local Settings\Application Data\Microsoft\Messenger\krisparmley@hotmail.com\SharingMetadata\juliejay08@hotmail.com\DFSR\Staging\CS{AD32B7E6-29EF-1A44-EA96-C0DAC42CC13E}\16\216-{4E4E2C28-736D-441D-BE63-1D1D18B65399}-v216-{4 25/04/2007 22:07 2.91 KB Hidden from Windows API.C:\Documents and Settings\Kristy\Local Settings\Application Data\Microsoft\Messenger\krisparmley@hotmail.com\SharingMetadata\juliejay08@hotmail.com\DFSR\Staging\CS{AD32B7E6-29EF-1A44-EA96-C0DAC42CC13E}\16\216-{4E4E2C28-736D-441D-BE63-1D1D18B65399}-v216-{4 25/04/2007 22:07 4.43 KB Hidden from Windows API.C:\Documents and Settings\Kristy\Local Settings\Application Data\Microsoft\Messenger\krisparmley@hotmail.com\SharingMetadata\juliejay08@hotmail.com\DFSR\Staging\CS{AD32B7E6-29EF-1A44-EA96-C0DAC42CC13E}\17\217-{4E4E2C28-736D-441D-BE63-1D1D18B65399}-v217-{4 25/04/2007 22:07 39.86 KB Hidden from Windows API.C:\Documents and Settings\Kristy\Local Settings\Application Data\Microsoft\Messenger\krisparmley@hotmail.com\SharingMetadata\juliejay08@hotmail.com\DFSR\Staging\CS{AD32B7E6-29EF-1A44-EA96-C0DAC42CC13E}\17\217-{4E4E2C28-736D-441D-BE63-1D1D18B65399}-v217-{4 25/04/2007 22:07 2.93 KB Hidden from Windows API.C:\Documents and Settings\Kristy\Local Settings\Application Data\Microsoft\Messenger\krisparmley@hotmail.com\SharingMetadata\juliejay08@hotmail.com\DFSR\Staging\CS{AD32B7E6-29EF-1A44-EA96-C0DAC42CC13E}\17\217-{4E4E2C28-736D-441D-BE63-1D1D18B65399}-v217-{4 25/04/2007 22:07 4.44 KB Hidden from Windows API.C:\Documents and Settings\Kristy\Local Settings\Application Data\Microsoft\Messenger\krisparmley@hotmail.com\SharingMetadata\juliejay08@hotmail.com\DFSR\Staging\CS{AD32B7E6-29EF-1A44-EA96-C0DAC42CC13E}\18\218-{4E4E2C28-736D-441D-BE63-1D1D18B65399}-v218-{4 25/04/2007 22:07 56.53 KB Hidden from Windows API.C:\Documents and Settings\Kristy\Local Settings\Application Data\Microsoft\Messenger\krisparmley@hotmail.com\SharingMetadata\juliejay08@hotmail.com\DFSR\Staging\CS{AD32B7E6-29EF-1A44-EA96-C0DAC42CC13E}\18\218-{4E4E2C28-736D-441D-BE63-1D1D18B65399}-v218-{4 25/04/2007 22:07 3.93 KB Hidden from Windows API.C:\Documents and Settings\Kristy\Local Settings\Application Data\Microsoft\Messenger\krisparmley@hotmail.com\SharingMetadata\juliejay08@hotmail.com\DFSR\Staging\CS{AD32B7E6-29EF-1A44-EA96-C0DAC42CC13E}\18\218-{4E4E2C28-736D-441D-BE63-1D1D18B65399}-v218-{4 25/04/2007 22:07 6.30 KB Hidden from Windows API.C:\Documents and Settings\Kristy\Local Settings\Application Data\Microsoft\Messenger\krisparmley@hotmail.com\SharingMetadata\juliejay08@hotmail.com\DFSR\Staging\CS{AD32B7E6-29EF-1A44-EA96-C0DAC42CC13E}\19\219-{4E4E2C28-736D-441D-BE63-1D1D18B65399}-v219-{4 25/04/2007 22:07 40.92 KB Hidden from Windows API.C:\Documents and Settings\Kristy\Local Settings\Application Data\Microsoft\Messenger\krisparmley@hotmail.com\SharingMetadata\juliejay08@hotmail.com\DFSR\Staging\CS{AD32B7E6-29EF-1A44-EA96-C0DAC42CC13E}\19\219-{4E4E2C28-736D-441D-BE63-1D1D18B65399}-v219-{4 25/04/2007 22:07 2.89 KB Hidden from Windows API.C:\Documents and Settings\Kristy\Local Settings\Application Data\Microsoft\Messenger\krisparmley@hotmail.com\SharingMetadata\juliejay08@hotmail.com\DFSR\Staging\CS{AD32B7E6-29EF-1A44-EA96-C0DAC42CC13E}\19\219-{4E4E2C28-736D-441D-BE63-1D1D18B65399}-v219-{4 25/04/2007 22:07 4.57 KB Hidden from Windows API.C:\Documents and Settings\Kristy\Local Settings\Application Data\Microsoft\Messenger\krisparmley@hotmail.com\SharingMetadata\juliejay08@hotmail.com\DFSR\Staging\CS{AD32B7E6-29EF-1A44-EA96-C0DAC42CC13E}\20\220-{4E4E2C28-736D-441D-BE63-1D1D18B65399}-v220-{4 25/04/2007 22:07 40.93 KB Hidden from Windows API.C:\Documents and Settings\Kristy\Local Settings\Application Data\Microsoft\Messenger\krisparmley@hotmail.com\SharingMetadata\juliejay08@hotmail.com\DFSR\Staging\CS{AD32B7E6-29EF-1A44-EA96-C0DAC42CC13E}\20\220-{4E4E2C28-736D-441D-BE63-1D1D18B65399}-v220-{4 25/04/2007 22:07 3.00 KB Hidden from Windows API.C:\Documents and Settings\Kristy\Local Settings\Application Data\Microsoft\Messenger\krisparmley@hotmail.com\SharingMetadata\juliejay08@hotmail.com\DFSR\Staging\CS{AD32B7E6-29EF-1A44-EA96-C0DAC42CC13E}\20\220-{4E4E2C28-736D-441D-BE63-1D1D18B65399}-v220-{4 25/04/2007 22:07 4.53 KB Hidden from Windows API.C:\Documents and Settings\Kristy\Local Settings\Application Data\Microsoft\Messenger\krisparmley@hotmail.com\SharingMetadata\juliejay08@hotmail.com\DFSR\Staging\CS{AD32B7E6-29EF-1A44-EA96-C0DAC42CC13E}\21\1105-{B7A0B38E-0473-4B3B-8B10-35F0CA6E3473}-v721-{ 25/04/2007 22:07 2.06 KB Hidden from Windows API.C:\Documents and Settings\Kristy\Local Settings\Application Data\Microsoft\Messenger\krisparmley@hotmail.com\SharingMetadata\juliejay08@hotmail.com\DFSR\Staging\CS{AD32B7E6-29EF-1A44-EA96-C0DAC42CC13E}\21\221-{4E4E2C28-736D-441D-BE63-1D1D18B65399}-v221-{4 25/04/2007 22:07 52.54 KB Hidden from Windows API.C:\Documents and Settings\Kristy\Local Settings\Application Data\Microsoft\Messenger\krisparmley@hotmail.com\SharingMetadata\juliejay08@hotmail.com\DFSR\Staging\CS{AD32B7E6-29EF-1A44-EA96-C0DAC42CC13E}\21\221-{4E4E2C28-736D-441D-BE63-1D1D18B65399}-v221-{4 25/04/2007 22:07 3.69 KB Hidden from Windows API.C:\Documents and Settings\Kristy\Local Settings\Application Data\Microsoft\Messenger\krisparmley@hotmail.com\SharingMetadata\juliejay08@hotmail.com\DFSR\Staging\CS{AD32B7E6-29EF-1A44-EA96-C0DAC42CC13E}\21\221-{4E4E2C28-736D-441D-BE63-1D1D18B65399}-v221-{4 25/04/2007 22:07 5.88 KB Hidden from Windows API.C:\Documents and Settings\Kristy\Local Settings\Application Data\Microsoft\Messenger\krisparmley@hotmail.com\SharingMetadata\juliejay08@hotmail.com\DFSR\Staging\CS{AD32B7E6-29EF-1A44-EA96-C0DAC42CC13E}\22\222-{4E4E2C28-736D-441D-BE63-1D1D18B65399}-v222-{4 25/04/2007 22:07 50.53 KB Hidden from Windows API.C:\Documents and Settings\Kristy\Local Settings\Application Data\Microsoft\Messenger\krisparmley@hotmail.com\SharingMetadata\juliejay08@hotmail.com\DFSR\Staging\CS{AD32B7E6-29EF-1A44-EA96-C0DAC42CC13E}\22\222-{4E4E2C28-736D-441D-BE63-1D1D18B65399}-v222-{4 25/04/2007 22:07 3.60 KB Hidden from Windows API.C:\Documents and Settings\Kristy\Local Settings\Application Data\Microsoft\Messenger\krisparmley@hotmail.com\SharingMetadata\juliejay08@hotmail.com\DFSR\Staging\CS{AD32B7E6-29EF-1A44-EA96-C0DAC42CC13E}\22\222-{4E4E2C28-736D-441D-BE63-1D1D18B65399}-v222-{4 25/04/2007 22:07 5.60 KB Hidden from Windows API.C:\Documents and Settings\Kristy\Local Settings\Application Data\Microsoft\Messenger\krisparmley@hotmail.com\SharingMetadata\juliejay08@hotmail.com\DFSR\Staging\CS{AD32B7E6-29EF-1A44-EA96-C0DAC42CC13E}\23\223-{4E4E2C28-736D-441D-BE63-1D1D18B65399}-v223-{4 25/04/2007 22:07 52.62 KB Hidden from Windows API.C:\Documents and Settings\Kristy\Local Settings\Application Data\Microsoft\Messenger\krisparmley@hotmail.com\SharingMetadata\juliejay08@hotmail.com\DFSR\Staging\CS{AD32B7E6-29EF-1A44-EA96-C0DAC42CC13E}\23\223-{4E4E2C28-736D-441D-BE63-1D1D18B65399}-v223-{4 25/04/2007 22:07 3.63 KB Hidden from Windows API.C:\Documents and Settings\Kristy\Local Settings\Application Data\Microsoft\Messenger\krisparmley@hotmail.com\SharingMetadata\juliejay08@hotmail.com\DFSR\Staging\CS{AD32B7E6-29EF-1A44-EA96-C0DAC42CC13E}\23\223-{4E4E2C28-736D-441D-BE63-1D1D18B65399}-v223-{4 25/04/2007 22:07 5.89 KB Hidden from Windows API.C:\Documents and Settings\Kristy\Local Settings\Application Data\Microsoft\Messenger\krisparmley@hotmail.com\SharingMetadata\juliejay08@hotmail.com\DFSR\Staging\CS{AD32B7E6-29EF-1A44-EA96-C0DAC42CC13E}\24\1429-{B7A0B38E-0473-4B3B-8B10-35F0CA6E3473}-v1124- 25/04/2007 22:07 824 bytes Hidden from Windows API.C:\Documents and Settings\Kristy\Local Settings\Application Data\Microsoft\Messenger\krisparmley@hotmail.com\SharingMetadata\juliejay08@hotmail.com\DFSR\Staging\CS{AD32B7E6-29EF-1A44-EA96-C0DAC42CC13E}\24\224-{4E4E2C28-736D-441D-BE63-1D1D18B65399}-v224-{4 25/04/2007 22:07 67.11 KB Hidden from Windows API.C:\Documents and Settings\Kristy\Local Settings\Application Data\Microsoft\Messenger\krisparmley@hotmail.com\SharingMetadata\juliejay08@hotmail.com\DFSR\Staging\CS{AD32B7E6-29EF-1A44-EA96-C0DAC42CC13E}\24\224-{4E4E2C28-736D-441D-BE63-1D1D18B65399}-v224-{4 25/04/2007 22:07 4.85 KB Hidden from Windows API.C:\Documents and Settings\Kristy\Local Settings\Application Data\Microsoft\Messenger\krisparmley@hotmail.com\SharingMetadata\juliejay08@hotmail.com\DFSR\Staging\CS{AD32B7E6-29EF-1A44-EA96-C0DAC42CC13E}\24\224-{4E4E2C28-736D-441D-BE63-1D1D18B65399}-v224-{4 25/04/2007 22:07 10.79 KB Hidden from Windows API.C:\Documents and Settings\Kristy\Local Settings\Application Data\Microsoft\Messenger\krisparmley@hotmail.com\SharingMetadata\juliejay08@hotmail.com\DFSR\Staging\CS{AD32B7E6-29EF-1A44-EA96-C0DAC42CC13E}\25\1025-{4E4E2C28-736D-441D-BE63-1D1D18B65399}-v1025- 25/04/2007 22:07 8 bytes Hidden from Windows API.C:\Documents and Settings\Kristy\Local Settings\Application Data\Microsoft\Messenger\krisparmley@hotmail.com\SharingMetadata\juliejay08@hotmail.com\DFSR\Staging\CS{AD32B7E6-29EF-1A44-EA96-C0DAC42CC13E}\26\1726-{4E4E2C28-736D-441D-BE63-1D1D18B65399}-v1726- 25/04/2007 22:07 8 bytes Hidden from Windows API.C:\Documents and Settings\Kristy\Local Settings\Application Data\Microsoft\Messenger\krisparmley@hotmail.com\SharingMetadata\juliejay08@hotmail.com\DFSR\Staging\CS{AD32B7E6-29EF-1A44-EA96-C0DAC42CC13E}\27\1431-{B7A0B38E-0473-4B3B-8B10-35F0CA6E3473}-v1127- 25/04/2007 22:07 136 bytes Hidden from Windows API.C:\Documents and Settings\Kristy\Local Settings\Application Data\Microsoft\Messenger\krisparmley@hotmail.com\SharingMetadata\juliejay08@hotmail.com\DFSR\Staging\CS{AD32B7E6-29EF-1A44-EA96-C0DAC42CC13E}\27\1727-{4E4E2C28-736D-441D-BE63-1D1D18B65399}-v1727- 25/04/2007 22:07 8 bytes Hidden from Windows API.C:\Documents and Settings\Kristy\Local Settings\Application Data\Microsoft\Messenger\krisparmley@hotmail.com\SharingMetadata\juliejay08@hotmail.com\DFSR\Staging\CS{AD32B7E6-29EF-1A44-EA96-C0DAC42CC13E}\29\1729-{4E4E2C28-736D-441D-BE63-1D1D18B65399}-v1729- 25/04/2007 22:07 8 bytes Hidden from Windows API.C:\Documents and Settings\Kristy\Local Settings\Application Data\Microsoft\Messenger\krisparmley@hotmail.com\SharingMetadata\juliejay08@hotmail.com\DFSR\Staging\CS{AD32B7E6-29EF-1A44-EA96-C0DAC42CC13E}\29\829-{4E4E2C28-736D-441D-BE63-1D1D18B65399}-v829-{4 25/04/2007 22:07 8 bytes Hidden from Windows API.C:\Documents and Settings\Kristy\Local Settings\Application Data\Microsoft\Messenger\krisparmley@hotmail.com\SharingMetadata\juliejay08@hotmail.com\DFSR\Staging\CS{AD32B7E6-29EF-1A44-EA96-C0DAC42CC13E}\30\530-{4E4E2C28-736D-441D-BE63-1D1D18B65399}-v530-{4 25/04/2007 22:07 8 bytes Hidden from Windows API.C:\Documents and Settings\Kristy\Local Settings\Application Data\Microsoft\Messenger\krisparmley@hotmail.com\SharingMetadata\juliejay08@hotmail.com\DFSR\Staging\CS{AD32B7E6-29EF-1A44-EA96-C0DAC42CC13E}\33\1033-{4E4E2C28-736D-441D-BE63-1D1D18B65399}-v1033- 25/04/2007 22:07 8 bytes Hidden from Windows API.C:\Documents and Settings\Kristy\Local Settings\Application Data\Microsoft\Messenger\krisparmley@hotmail.com\SharingMetadata\juliejay08@hotmail.com\DFSR\Staging\CS{AD32B7E6-29EF-1A44-EA96-C0DAC42CC13E}\38\1133-{B7A0B38E-0473-4B3B-8B10-35F0CA6E3473}-v738-{ 25/04/2007 22:07 312 bytes Hidden from Windows API.C:\Documents and Settings\Kristy\Local Settings\Application Data\Microsoft\Messenger\krisparmley@hotmail.com\SharingMetadata\juliejay08@hotmail.com\DFSR\Staging\CS{AD32B7E6-29EF-1A44-EA96-C0DAC42CC13E}\42\1042-{4E4E2C28-736D-441D-BE63-1D1D18B65399}-v1042- 25/04/2007 22:07 8 bytes Hidden from Windows API.C:\Documents and Settings\Kristy\Local Settings\Application Data\Microsoft\Messenger\krisparmley@hotmail.com\SharingMetadata\juliejay08@hotmail.com\DFSR\Staging\CS{AD32B7E6-29EF-1A44-EA96-C0DAC42CC13E}\43\1043-{4E4E2C28-736D-441D-BE63-1D1D18B65399}-v1043- 25/04/2007 22:07 8 bytes Hidden from Windows API.C:\Documents and Settings\Kristy\Local Settings\Application Data\Microsoft\Messenger\krisparmley@hotmail.com\SharingMetadata\juliejay08@hotmail.com\DFSR\Staging\CS{AD32B7E6-29EF-1A44-EA96-C0DAC42CC13E}\44\1044-{4E4E2C28-736D-441D-BE63-1D1D18B65399}-v1044- 25/04/2007 22:07 8 bytes Hidden from Windows API.C:\Documents and Settings\Kristy\Local Settings\Application Data\Microsoft\Messenger\krisparmley@hotmail.com\SharingMetadata\juliejay08@hotmail.com\DFSR\Staging\CS{AD32B7E6-29EF-1A44-EA96-C0DAC42CC13E}\45\1045-{4E4E2C28-736D-441D-BE63-1D1D18B65399}-v1045- 25/04/2007 22:07 8 bytes Hidden from Windows API.C:\Documents and Settings\Kristy\Local Settings\Application Data\Microsoft\Messenger\krisparmley@hotmail.com\SharingMetadata\juliejay08@hotmail.com\DFSR\Staging\CS{AD32B7E6-29EF-1A44-EA96-C0DAC42CC13E}\46\1046-{4E4E2C28-736D-441D-BE63-1D1D18B65399}-v1046- 25/04/2007 22:07 8 bytes Hidden from Windows API.C:\Documents and Settings\Kristy\Local Settings\Application Data\Microsoft\Messenger\krisparmley@hotmail.com\SharingMetadata\juliejay08@hotmail.com\DFSR\Staging\CS{AD32B7E6-29EF-1A44-EA96-C0DAC42CC13E}\47\1547-{4E4E2C28-736D-441D-BE63-1D1D18B65399}-v1547- 25/04/2007 22:07 894 bytes Hidden from Windows API.C:\Documents and Settings\Kristy\Local Settings\Application Data\Microsoft\Messenger\krisparmley@hotmail.com\SharingMetadata\juliejay08@hotmail.com\DFSR\Staging\CS{AD32B7E6-29EF-1A44-EA96-C0DAC42CC13E}\47\1547-{4E4E2C28-736D-441D-BE63-1D1D18B65399}-v1547- 25/04/2007 22:07 112 bytes Hidden from Windows API.C:\Documents and Settings\Kristy\Local Settings\Application Data\Microsoft\Messenger\krisparmley@hotmail.com\SharingMetadata\juliejay08@hotmail.com\DFSR\Staging\CS{AD32B7E6-29EF-1A44-EA96-C0DAC42CC13E}\48\1248-{4E4E2C28-736D-441D-BE63-1D1D18B65399}-v1248- 25/04/2007 22:07 930 bytes Hidden from Windows API.C:\Documents and Settings\Kristy\Local Settings\Application Data\Microsoft\Messenger\krisparmley@hotmail.com\SharingMetadata\juliejay08@hotmail.com\DFSR\Staging\CS{AD32B7E6-29EF-1A44-EA96-C0DAC42CC13E}\48\1248-{4E4E2C28-736D-441D-BE63-1D1D18B65399}-v1248- 25/04/2007 22:07 112 bytes Hidden from Windows API.C:\Documents and Settings\Kristy\Local Settings\Application Data\Microsoft\Messenger\krisparmley@hotmail.com\SharingMetadata\juliejay08@hotmail.com\DFSR\Staging\CS{AD32B7E6-29EF-1A44-EA96-C0DAC42CC13E}\52\1052-{4E4E2C28-736D-441D-BE63-1D1D18B65399}-v1052- 25/04/2007 22:07 15.02 KB Hidden from Windows API.C:\Documents and Settings\Kristy\Local Settings\Application Data\Microsoft\Messenger\krisparmley@hotmail.com\SharingMetadata\juliejay08@hotmail.com\DFSR\Staging\CS{AD32B7E6-29EF-1A44-EA96-C0DAC42CC13E}\52\1052-{4E4E2C28-736D-441D-BE63-1D1D18B65399}-v1052- 25/04/2007 22:07 1.76 KB Hidden from Windows API.C:\Documents and Settings\Kristy\Local Settings\Application Data\Microsoft\Messenger\krisparmley@hotmail.com\SharingMetadata\juliejay08@hotmail.com\DFSR\Staging\CS{AD32B7E6-29EF-1A44-EA96-C0DAC42CC13E}\60\1060-{4E4E2C28-736D-441D-BE63-1D1D18B65399}-v1060- 25/04/2007 22:07 1.03 KB Hidden from Windows API.C:\Documents and Settings\Kristy\Local Settings\Application Data\Microsoft\Messenger\krisparmley@hotmail.com\SharingMetadata\juliejay08@hotmail.com\DFSR\Staging\CS{AD32B7E6-29EF-1A44-EA96-C0DAC42CC13E}\60\1060-{4E4E2C28-736D-441D-BE63-1D1D18B65399}-v1060- 25/04/2007 22:07 128 bytes Hidden from Windows API.C:\Documents and Settings\Kristy\Local Settings\Application Data\Microsoft\Messenger\krisparmley@hotmail.com\SharingMetadata\juliejay08@hotmail.com\DFSR\Staging\CS{AD32B7E6-29EF-1A44-EA96-C0DAC42CC13E}\60\160-{B7A0B38E-0473-4B3B-8B10-35F0CA6E3473}-v160-{B 25/04/2007 22:07 168 bytes Hidden from Windows API.C:\Documents and Settings\Kristy\Local Settings\Application Data\Microsoft\Messenger\krisparmley@hotmail.com\SharingMetadata\juliejay08@hotmail.com\DFSR\Staging\CS{AD32B7E6-29EF-1A44-EA96-C0DAC42CC13E}\60\260-{B7A0B38E-0473-4B3B-8B10-35F0CA6E3473}-v260-{B 25/04/2007 22:07 376 bytes Hidden from Windows API.C:\Documents and Settings\Kristy\Local Settings\Application Data\Microsoft\Messenger\krisparmley@hotmail.com\SharingMetadata\juliejay08@hotmail.com\DFSR\Staging\CS{AD32B7E6-29EF-1A44-EA96-C0DAC42CC13E}\60\60-{B7A0B38E-0473-4B3B-8B10-35F0CA6E3473}-v60-{B7A 25/04/2007 22:07 128 bytes Hidden from Windows API.C:\Documents and Settings\Kristy\Local Settings\Application Data\Microsoft\Messenger\krisparmley@hotmail.com\SharingMetadata\juliejay08@hotmail.com\DFSR\Staging\CS{AD32B7E6-29EF-1A44-EA96-C0DAC42CC13E}\60\960-{4E4E2C28-736D-441D-BE63-1D1D18B65399}-v960-{4 25/04/2007 22:07 8 bytes Hidden from Windows API.C:\Documents and Settings\Kristy\Local Settings\Application Data\Microsoft\Messenger\krisparmley@hotmail.com\SharingMetadata\juliejay08@hotmail.com\DFSR\Staging\CS{AD32B7E6-29EF-1A44-EA96-C0DAC42CC13E}\61\1061-{4E4E2C28-736D-441D-BE63-1D1D18B65399}-v1061- 25/04/2007 22:07 9.54 KB Hidden from Windows API.C:\Documents and Settings\Kristy\Local Settings\Application Data\Microsoft\Messenger\krisparmley@hotmail.com\SharingMetadata\juliejay08@hotmail.com\DFSR\Staging\CS{AD32B7E6-29EF-1A44-EA96-C0DAC42CC13E}\61\1061-{4E4E2C28-736D-441D-BE63-1D1D18B65399}-v1061- 25/04/2007 22:07 1.11 KB Hidden from Windows API.C:\Documents and Settings\Kristy\Local Settings\Application Data\Microsoft\Messenger\krisparmley@hotmail.com\SharingMetadata\juliejay08@hotmail.com\DFSR\Staging\CS{AD32B7E6-29EF-1A44-EA96-C0DAC42CC13E}\61\161-{4E4E2C28-736D-441D-BE63-1D1D18B65399}-v161-{4 25/04/2007 22:07 30.86 KB Hidden from Windows API.C:\Documents and Settings\Kristy\Local Settings\Application Data\Microsoft\Messenger\krisparmley@hotmail.com\SharingMetadata\juliejay08@hotmail.com\DFSR\Staging\CS{AD32B7E6-29EF-1A44-EA96-C0DAC42CC13E}\61\161-{4E4E2C28-736D-441D-BE63-1D1D18B65399}-v161-{4 25/04/2007 22:07 2.16 KB Hidden from Windows API.C:\Documents and Settings\Kristy\Local Settings\Application Data\Microsoft\Messenger\krisparmley@hotmail.com\SharingMetadata\juliejay08@hotmail.com\DFSR\Staging\CS{AD32B7E6-29EF-1A44-EA96-C0DAC42CC13E}\61\161-{4E4E2C28-736D-441D-BE63-1D1D18B65399}-v161-{4 25/04/2007 22:07 3.50 KB Hidden from Windows API.C:\Documents and Settings\Kristy\Local Settings\Application Data\Microsoft\Messenger\krisparmley@hotmail.com\SharingMetadata\juliejay08@hotmail.com\DFSR\Staging\CS{AD32B7E6-29EF-1A44-EA96-C0DAC42CC13E}\61\261-{B7A0B38E-0473-4B3B-8B10-35F0CA6E3473}-v261-{B 25/04/2007 22:07 384 bytes Hidden from Windows API.C:\Documents and Settings\Kristy\Local Settings\Application Data\Microsoft\Messenger\krisparmley@hotmail.com\SharingMetadata\juliejay08@hotmail.com\DFSR\Staging\CS{AD32B7E6-29EF-1A44-EA96-C0DAC42CC13E}\61\61-{B7A0B38E-0473-4B3B-8B10-35F0CA6E3473}-v61-{B7A 25/04/2007 22:07 128 bytes Hidden from Windows API.C:\Documents and Settings\Kristy\Local Settings\Application Data\Microsoft\Messenger\krisparmley@hotmail.com\SharingMetadata\juliejay08@hotmail.com\DFSR\Staging\CS{AD32B7E6-29EF-1A44-EA96-C0DAC42CC13E}\61\961-{4E4E2C28-736D-441D-BE63-1D1D18B65399}-v961-{4 25/04/2007 22:07 8 bytes Hidden from Windows API.C:\Documents and Settings\Kristy\Local Settings\Application Data\Microsoft\Messenger\krisparmley@hotmail.com\SharingMetadata\juliejay08@hotmail.com\DFSR\Staging\CS{AD32B7E6-29EF-1A44-EA96-C0DAC42CC13E}\62\1062-{4E4E2C28-736D-441D-BE63-1D1D18B65399}-v1062- 25/04/2007 22:07 8.43 KB Hidden from Windows API.C:\Documents and Settings\Kristy\Local Settings\Application Data\Microsoft\Messenger\krisparmley@hotmail.com\SharingMetadata\juliejay08@hotmail.com\DFSR\Staging\CS{AD32B7E6-29EF-1A44-EA96-C0DAC42CC13E}\62\1062-{4E4E2C28-736D-441D-BE63-1D1D18B65399}-v1062- 25/04/2007 22:07 1000 bytes Hidden from Windows API.C:\Documents and Settings\Kristy\Local Settings\Application Data\Microsoft\Messenger\krisparmley@hotmail.com\SharingMetadata\juliejay08@hotmail.com\DFSR\Staging\CS{AD32B7E6-29EF-1A44-EA96-C0DAC42CC13E}\62\162-{B7A0B38E-0473-4B3B-8B10-35F0CA6E3473}-v162-{B 25/04/2007 22:07 88 bytes Hidden from Windows API.C:\Documents and Settings\Kristy\Local Settings\Application Data\Microsoft\Messenger\krisparmley@hotmail.com\SharingMetadata\juliejay08@hotmail.com\DFSR\Staging\CS{AD32B7E6-29EF-1A44-EA96-C0DAC42CC13E}\62\201-{4E4E2C28-736D-441D-BE63-1D1D18B65399}-v162-{4 25/04/2007 22:07 29.84 KB Hidden from Windows API.C:\Documents and Settings\Kristy\Local Settings\Application Data\Microsoft\Messenger\krisparmley@hotmail.com\SharingMetadata\juliejay08@hotmail.com\DFSR\Staging\CS{AD32B7E6-29EF-1A44-EA96-C0DAC42CC13E}\62\201-{4E4E2C28-736D-441D-BE63-1D1D18B65399}-v162-{4 25/04/2007 22:07 2.09 KB Hidden from Windows API.C:\Documents and Settings\Kristy\Local Settings\Application Data\Microsoft\Messenger\krisparmley@hotmail.com\SharingMetadata\juliejay08@hotmail.com\DFSR\Staging\CS{AD32B7E6-29EF-1A44-EA96-C0DAC42CC13E}\62\201-{4E4E2C28-736D-441D-BE63-1D1D18B65399}-v162-{4 25/04/2007 22:07 3.30 KB Hidden from Windows API.C:\Documents and Settings\Kristy\Local Settings\Application Data\Microsoft\Messenger\krisparmley@hotmail.com\SharingMetadata\juliejay08@hotmail.com\DFSR\Staging\CS{AD32B7E6-29EF-1A44-EA96-C0DAC42CC13E}\62\62-{B7A0B38E-0473-4B3B-8B10-35F0CA6E3473}-v62-{B7A 25/04/2007 22:07 128 bytes Hidden from Windows API.C:\Documents and Settings\Kristy\Local Settings\Application Data\Microsoft\Messenger\krisparmley@hotmail.com\SharingMetadata\juliejay08@hotmail.com\DFSR\Staging\CS{AD32B7E6-29EF-1A44-EA96-C0DAC42CC13E}\63\163-{B7A0B38E-0473-4B3B-8B10-35F0CA6E3473}-v163-{B 25/04/2007 22:07 200 bytes Hidden from Windows API.C:\Documents and Settings\Kristy\Local Settings\Application Data\Microsoft\Messenger\krisparmley@hotmail.com\SharingMetadata\juliejay08@hotmail.com\DFSR\Staging\CS{AD32B7E6-29EF-1A44-EA96-C0DAC42CC13E}\63\202-{4E4E2C28-736D-441D-BE63-1D1D18B65399}-v163-{4 25/04/2007 22:07 33.59 KB Hidden from Windows API.C:\Documents and Settings\Kristy\Local Settings\Application Data\Microsoft\Messenger\krisparmley@hotmail.com\SharingMetadata\juliejay08@hotmail.com\DFSR\Staging\CS{AD32B7E6-29EF-1A44-EA96-C0DAC42CC13E}\63\202-{4E4E2C28-736D-441D-BE63-1D1D18B65399}-v163-{4 25/04/2007 22:07 2.40 KB Hidden from Windows API.C:\Documents and Settings\Kristy\Local Settings\Application Data\Microsoft\Messenger\krisparmley@hotmail.com\SharingMetadata\juliejay08@hotmail.com\DFSR\Staging\CS{AD32B7E6-29EF-1A44-EA96-C0DAC42CC13E}\63\202-{4E4E2C28-736D-441D-BE63-1D1D18B65399}-v163-{4 25/04/2007 22:07 3.72 KB Hidden from Windows API.C:\Documents and Settings\Kristy\Local Settings\Application Data\Microsoft\Messenger\krisparmley@hotmail.com\SharingMetadata\juliejay08@hotmail.com\DFSR\Staging\CS{AD32B7E6-29EF-1A44-EA96-C0DAC42CC13E}\63\63-{B7A0B38E-0473-4B3B-8B10-35F0CA6E3473}-v63-{B7A 25/04/2007 22:07 128 bytes Hidden from Windows API.C:\Documents and Settings\Kristy\Local Settings\Application Data\Microsoft\Messenger\krisparmley@hotmail.com\SharingMetadata\juliejay08@hotmail.com\DFSR\Staging\CS{AD32B7E6-29EF-1A44-EA96-C0DAC42CC13E}\63\963-{4E4E2C28-736D-441D-BE63-1D1D18B65399}-v963-{4 25/04/2007 22:07 8 bytes Hidden from Windows API.C:\Documents and Settings\Kristy\Local Settings\Application Data\Microsoft\Messenger\krisparmley@hotmail.com\SharingMetadata\juliejay08@hotmail.com\DFSR\Staging\CS{AD32B7E6-29EF-1A44-EA96-C0DAC42CC13E}\64\1364-{4E4E2C28-736D-441D-BE63-1D1D18B65399}-v1364- 25/04/2007 22:07 8 bytes Hidden from Windows API.C:\Documents and Settings\Kristy\Local Settings\Application Data\Microsoft\Messenger\krisparmley@hotmail.com\SharingMetadata\juliejay08@hotmail.com\DFSR\Staging\CS{AD32B7E6-29EF-1A44-EA96-C0DAC42CC13E}\64\164-{B7A0B38E-0473-4B3B-8B10-35F0CA6E3473}-v164-{B 25/04/2007 22:07 104 bytes Hidden from Windows API.C:\Documents and Settings\Kristy\Local Settings\Application Data\Microsoft\Messenger\krisparmley@hotmail.com\SharingMetadata\juliejay08@hotmail.com\DFSR\Staging\CS{AD32B7E6-29EF-1A44-EA96-C0DAC42CC13E}\64\203-{4E4E2C28-736D-441D-BE63-1D1D18B65399}-v164-{4 25/04/2007 22:07 24.85 KB Hidden from Windows API.C:\Documents and Settings\Kristy\Local Settings\Application Data\Microsoft\Messenger\krisparmley@hotmail.com\SharingMetadata\juliejay08@hotmail.com\DFSR\Staging\CS{AD32B7E6-29EF-1A44-EA96-C0DAC42CC13E}\64\203-{4E4E2C28-736D-441D-BE63-1D1D18B65399}-v164-{4 25/04/2007 22:07 1.80 KB Hidden from Windows API.C:\Documents and Settings\Kristy\Local Settings\Application Data\Microsoft\Messenger\krisparmley@hotmail.com\SharingMetadata\juliejay08@hotmail.com\DFSR\Staging\CS{AD32B7E6-29EF-1A44-EA96-C0DAC42CC13E}\64\203-{4E4E2C28-736D-441D-BE63-1D1D18B65399}-v164-{4 25/04/2007 22:07 2.77 KB Hidden from Windows API.C:\Documents and Settings\Kristy\Local Settings\Application Data\Microsoft\Messenger\krisparmley@hotmail.com\SharingMetadata\juliejay08@hotmail.com\DFSR\Staging\CS{AD32B7E6-29EF-1A44-EA96-C0DAC42CC13E}\64\64-{B7A0B38E-0473-4B3B-8B10-35F0CA6E3473}-v64-{B7A 25/04/2007 22:07 176 bytes Hidden from Windows API.C:\Documents and Settings\Kristy\Local Settings\Application Data\Microsoft\Messenger\krisparmley@hotmail.com\SharingMetadata\juliejay08@hotmail.com\DFSR\Staging\CS{AD32B7E6-29EF-1A44-EA96-C0DAC42CC13E}\65\1065-{4E4E2C28-736D-441D-BE63-1D1D18B65399}-v1065- 25/04/2007 22:07 660 bytes Hidden from Windows API.C:\Documents and Settings\Kristy\Local Settings\Application Data\Microsoft\Messenger\krisparmley@hotmail.com\SharingMetadata\juliejay08@hotmail.com\DFSR\Staging\CS{AD32B7E6-29EF-1A44-EA96-C0DAC42CC13E}\65\1065-{4E4E2C28-736D-441D-BE63-1D1D18B65399}-v1065- 25/04/2007 22:07 80 bytes Hidden from Windows API.C:\Documents and Settings\Kristy\Local Settings\Application Data\Microsoft\Messenger\krisparmley@hotmail.com\SharingMetadata\juliejay08@hotmail.com\DFSR\Staging\CS{AD32B7E6-29EF-1A44-EA96-C0DAC42CC13E}\65\165-{B7A0B38E-0473-4B3B-8B10-35F0CA6E3473}-v165-{B 25/04/2007 22:07 3.53 KB Hidden from Windows API.C:\Documents and Settings\Kristy\Local Settings\Application Data\Microsoft\Messenger\krisparmley@hotmail.com\SharingMetadata\juliejay08@hotmail.com\DFSR\Staging\CS{AD32B7E6-29EF-1A44-EA96-C0DAC42CC13E}\65\165-{B7A0B38E-0473-4B3B-8B10-35F0CA6E3473}-v165-{B 25/04/2007 22:07 384 bytes Hidden from Windows API.C:\Documents and Settings\Kristy\Local Settings\Application Data\Microsoft\Messenger\krisparmley@hotmail.com\SharingMetadata\juliejay08@hotmail.com\DFSR\Staging\CS{AD32B7E6-29EF-1A44-EA96-C0DAC42CC13E}\65\1765-{4E4E2C28-736D-441D-BE63-1D1D18B65399}-v1765- 25/04/2007 22:07 8 bytes Hidden from Windows API.C:\Documents and Settings\Kristy\Local Settings\Application Data\Microsoft\Messenger\krisparmley@hotmail.com\SharingMetadata\juliejay08@hotmail.com\DFSR\Staging\CS{AD32B7E6-29EF-1A44-EA96-C0DAC42CC13E}\65\204-{4E4E2C28-736D-441D-BE63-1D1D18B65399}-v165-{4 25/04/2007 22:07 60.09 KB Hidden from Windows API.C:\Documents and Settings\Kristy\Local Settings\Application Data\Microsoft\Messenger\krisparmley@hotmail.com\SharingMetadata\juliejay08@hotmail.com\DFSR\Staging\CS{AD32B7E6-29EF-1A44-EA96-C0DAC42CC13E}\65\204-{4E4E2C28-736D-441D-BE63-1D1D18B65399}-v165-{4 25/04/2007 22:07 4.20 KB Hidden from Windows API.C:\Documents and Settings\Kristy\Local Settings\Application Data\Microsoft\Messenger\krisparmley@hotmail.com\SharingMetadata\juliejay08@hotmail.com\DFSR\Staging\CS{AD32B7E6-29EF-1A44-EA96-C0DAC42CC13E}\65\204-{4E4E2C28-736D-441D-BE63-1D1D18B65399}-v165-{4 25/04/2007 22:07 6.78 KB Hidden from Windows API.C:\Documents and Settings\Kristy\Local Settings\Application Data\Microsoft\Messenger\krisparmley@hotmail.com\SharingMetadata\juliejay08@hotmail.com\DFSR\Staging\CS{AD32B7E6-29EF-1A44-EA96-C0DAC42CC13E}\65\265-{B7A0B38E-0473-4B3B-8B10-35F0CA6E3473}-v265-{B 25/04/2007 22:07 240 bytes Hidden from Windows API.C:\Documents and Settings\Kristy\Local Settings\Application Data\Microsoft\Messenger\krisparmley@hotmail.com\SharingMetadata\juliejay08@hotmail.com\DFSR\Staging\CS{AD32B7E6-29EF-1A44-EA96-C0DAC42CC13E}\65\65-{B7A0B38E-0473-4B3B-8B10-35F0CA6E3473}-v65-{B7A 25/04/2007 22:07 152 bytes Hidden from Windows API.C:\Documents and Settings\Kristy\Local Settings\Application Data\Microsoft\Messenger\krisparmley@hotmail.com\SharingMetadata\juliejay08@hotmail.com\DFSR\Staging\CS{AD32B7E6-29EF-1A44-EA96-C0DAC42CC13E}\66\166-{B7A0B38E-0473-4B3B-8B10-35F0CA6E3473}-v166-{B 25/04/2007 22:07 400 bytes Hidden from Windows API.C:\Documents and Settings\Kristy\Local Settings\Application Data\Microsoft\Messenger\krisparmley@hotmail.com\SharingMetadata\juliejay08@hotmail.com\DFSR\Staging\CS{AD32B7E6-29EF-1A44-EA96-C0DAC42CC13E}\66\205-{4E4E2C28-736D-441D-BE63-1D1D18B65399}-v166-{4 25/04/2007 22:07 72.29 KB Hidden from Windows API.C:\Documents and Settings\Kristy\Local Settings\Application Data\Microsoft\Messenger\krisparmley@hotmail.com\SharingMetadata\juliejay08@hotmail.com\DFSR\Staging\CS{AD32B7E6-29EF-1A44-EA96-C0DAC42CC13E}\66\205-{4E4E2C28-736D-441D-BE63-1D1D18B65399}-v166-{4 25/04/2007 22:07 5.11 KB Hidden from Windows API.C:\Documents and Settings\Kristy\Local Settings\Application Data\Microsoft\Messenger\krisparmley@hotmail.com\SharingMetadata\juliejay08@hotmail.com\DFSR\Staging\CS{AD32B7E6-29EF-1A44-EA96-C0DAC42CC13E}\66\205-{4E4E2C28-736D-441D-BE63-1D1D18B65399}-v166-{4 25/04/2007 22:07 8.02 KB Hidden from Windows API.C:\Documents and Settings\Kristy\Local Settings\Application Data\Microsoft\Messenger\krisparmley@hotmail.com\SharingMetadata\juliejay08@hotmail.com\DFSR\Staging\CS{AD32B7E6-29EF-1A44-EA96-C0DAC42CC13E}\66\266-{B7A0B38E-0473-4B3B-8B10-35F0CA6E3473}-v266-{B 25/04/2007 22:07 3.11 KB Hidden from Windows API.C:\Documents and Settings\Kristy\Local Settings\Application Data\Microsoft\Messenger\krisparmley@hotmail.com\SharingMetadata\juliejay08@hotmail.com\DFSR\Staging\CS{AD32B7E6-29EF-1A44-EA96-C0DAC42CC13E}\66\266-{B7A0B38E-0473-4B3B-8B10-35F0CA6E3473}-v266-{B 25/04/2007 22:07 376 bytes Hidden from Windows API.C:\Documents and Settings\Kristy\Local Settings\Application Data\Microsoft\Messenger\krisparmley@hotmail.com\SharingMetadata\juliejay08@hotmail.com\DFSR\Staging\CS{AD32B7E6-29EF-1A44-EA96-C0DAC42CC13E}\66\66-{B7A0B38E-0473-4B3B-8B10-35F0CA6E3473}-v66-{B7A 25/04/2007 22:07 152 bytes Hidden from Windows API.C:\Documents and Settings\Kristy\Local Settings\Application Data\Microsoft\Messenger\krisparmley@hotmail.com\SharingMetadata\juliejay08@hotmail.com\DFSR\Staging\CS{AD32B7E6-29EF-1A44-EA96-C0DAC42CC13E}\67\167-{B7A0B38E-0473-4B3B-8B10-35F0CA6E3473}-v167-{B 25/04/2007 22:07 384 bytes Hidden from Windows API.C:\Documents and Settings\Kristy\Local Settings\Application Data\Microsoft\Messenger\krisparmley@hotmail.com\SharingMetadata\juliejay08@hotmail.com\DFSR\Staging\CS{AD32B7E6-29EF-1A44-EA96-C0DAC42CC13E}\67\1767-{4E4E2C28-736D-441D-BE63-1D1D18B65399}-v1767- 25/04/2007 22:07 8 bytes Hidden from Windows API.C:\Documents and Settings\Kristy\Local Settings\Application Data\Microsoft\Messenger\krisparmley@hotmail.com\SharingMetadata\juliejay08@hotmail.com\DFSR\Staging\CS{AD32B7E6-29EF-1A44-EA96-C0DAC42CC13E}\67\206-{4E4E2C28-736D-441D-BE63-1D1D18B65399}-v167-{4 25/04/2007 22:07 39.58 KB Hidden from Windows API.C:\Documents and Settings\Kristy\Local Settings\Application Data\Microsoft\Messenger\krisparmley@hotmail.com\SharingMetadata\juliejay08@hotmail.com\DFSR\Staging\CS{AD32B7E6-29EF-1A44-EA96-C0DAC42CC13E}\67\206-{4E4E2C28-736D-441D-BE63-1D1D18B65399}-v167-{4 25/04/2007 22:07 2.84 KB Hidden from Windows API.C:\Documents and Settings\Kristy\Local Settings\Application Data\Microsoft\Messenger\krisparmley@hotmail.com\SharingMetadata\juliejay08@hotmail.com\DFSR\Staging\CS{AD32B7E6-29EF-1A44-EA96-C0DAC42CC13E}\67\206-{4E4E2C28-736D-441D-BE63-1D1D18B65399}-v167-{4 25/04/2007 22:07 4.49 KB Hidden from Windows API.C:\Documents and Settings\Kristy\Local Settings\Application Data\Microsoft\Messenger\krisparmley@hotmail.com\SharingMetadata\juliejay08@hotmail.com\DFSR\Staging\CS{AD32B7E6-29EF-1A44-EA96-C0DAC42CC13E}\67\267-{B7A0B38E-0473-4B3B-8B10-35F0CA6E3473}-v267-{B 25/04/2007 22:07 376 bytes Hidden from Windows API.C:\Documents and Settings\Kristy\Local Settings\Application Data\Microsoft\Messenger\krisparmley@hotmail.com\SharingMetadata\juliejay08@hotmail.com\DFSR\Staging\CS{AD32B7E6-29EF-1A44-EA96-C0DAC42CC13E}\68\1368-{4E4E2C28-736D-441D-BE63-1D1D18B65399}-v1368- 25/04/2007 22:07 8 bytes Hidden from Windows API.C:\Documents and Settings\Kristy\Local Settings\Application Data\Microsoft\Messenger\krisparmley@hotmail.com\SharingMetadata\juliejay08@hotmail.com\DFSR\Staging\CS{AD32B7E6-29EF-1A44-EA96-C0DAC42CC13E}\68\1768-{4E4E2C28-736D-441D-BE63-1D1D18B65399}-v1768- 25/04/2007 22:07 8 bytes Hidden from Windows API.C:\Documents and Settings\Kristy\Local Settings\Application Data\Microsoft\Messenger\krisparmley@hotmail.com\SharingMetadata\juliejay08@hotmail.com\DFSR\Staging\CS{AD32B7E6-29EF-1A44-EA96-C0DAC42CC13E}\68\207-{4E4E2C28-736D-441D-BE63-1D1D18B65399}-v168-{4 25/04/2007 22:07 36.98 KB Hidden from Windows API.C:\Documents and Settings\Kristy\Local Settings\Application Data\Microsoft\Messenger\krisparmley@hotmail.com\SharingMetadata\juliejay08@hotmail.com\DFSR\Staging\CS{AD32B7E6-29EF-1A44-EA96-C0DAC42CC13E}\68\207-{4E4E2C28-736D-441D-BE63-1D1D18B65399}-v168-{4 25/04/2007 22:07 2.74 KB Hidden from Windows API.C:\Documents and Settings\Kristy\Local Settings\Application Data\Microsoft\Messenger\krisparmley@hotmail.com\SharingMetadata\juliejay08@hotmail.com\DFSR\Staging\CS{AD32B7E6-29EF-1A44-EA96-C0DAC42CC13E}\68\207-{4E4E2C28-736D-441D-BE63-1D1D18B65399}-v168-{4 25/04/2007 22:07 4.10 KB Hidden from Windows API.C:\Documents and Settings\Kristy\Local Settings\Application Data\Microsoft\Messenger\krisparmley@hotmail.com\SharingMetadata\juliejay08@hotmail.com\DFSR\Staging\CS{AD32B7E6-29EF-1A44-EA96-C0DAC42CC13E}\68\268-{B7A0B38E-0473-4B3B-8B10-35F0CA6E3473}-v268-{B 25/04/2007 22:07 368 bytes Hidden from Windows API.C:\Documents and Settings\Kristy\Local Settings\Application Data\Microsoft\Messenger\krisparmley@hotmail.com\SharingMetadata\juliejay08@hotmail.com\DFSR\Staging\CS{AD32B7E6-29EF-1A44-EA96-C0DAC42CC13E}\69\208-{4E4E2C28-736D-441D-BE63-1D1D18B65399}-v169-{4 25/04/2007 22:07 30.42 KB Hidden from Windows API.C:\Documents and Settings\Kristy\Local Settings\Application Data\Microsoft\Messenger\krisparmley@hotmail.com\SharingMetadata\juliejay08@hotmail.com\DFSR\Staging\CS{AD32B7E6-29EF-1A44-EA96-C0DAC42CC13E}\69\208-{4E4E2C28-736D-441D-BE63-1D1D18B65399}-v169-{4 25/04/2007 22:07 2.23 KB Hidden from Windows API.C:\Documents and Settings\Kristy\Local Settings\Application Data\Microsoft\Messenger\krisparmley@hotmail.com\SharingMetadata\juliejay08@hotmail.com\DFSR\Staging\CS{AD32B7E6-29EF-1A44-EA96-C0DAC42CC13E}\69\208-{4E4E2C28-736D-441D-BE63-1D1D18B65399}-v169-{4 25/04/2007 22:07 3.36 KB Hidden from Windows API.C:\Documents and Settings\Kristy\Local Settings\Application Data\Microsoft\Messenger\krisparmley@hotmail.com\SharingMetadata\juliejay08@hotmail.com\DFSR\Staging\CS{AD32B7E6-29EF-1A44-EA96-C0DAC42CC13E}\69\269-{B7A0B38E-0473-4B3B-8B10-35F0CA6E3473}-v269-{B 25/04/2007 22:07 368 bytes Hidden from Windows API.C:\Documents and Settings\Kristy\Local Settings\Application Data\Microsoft\Messenger\krisparmley@hotmail.com\SharingMetadata\juliejay08@hotmail.com\DFSR\Staging\CS{AD32B7E6-29EF-1A44-EA96-C0DAC42CC13E}\70\1070-{4E4E2C28-736D-441D-BE63-1D1D18B65399}-v1070- 25/04/2007 22:07 822 bytes Hidden from Windows API.C:\Documents and Settings\Kristy\Local Settings\Application Data\Microsoft\Messenger\krisparmley@hotmail.com\SharingMetadata\juliejay08@hotmail.com\DFSR\Staging\CS{AD32B7E6-29EF-1A44-EA96-C0DAC42CC13E}\70\1070-{4E4E2C28-736D-441D-BE63-1D1D18B65399}-v1070- 25/04/2007 22:07 120 bytes Hidden from Windows API.C:\Documents and Settings\Kristy\Local Settings\Application Data\Microsoft\Messenger\krisparmley@hotmail.com\SharingMetadata\juliejay08@hotmail.com\DFSR\Staging\CS{AD32B7E6-29EF-1A44-EA96-C0DAC42CC13E}\70\170-{B7A0B38E-0473-4B3B-8B10-35F0CA6E3473}-v170-{B 25/04/2007 22:07 392 bytes Hidden from Windows API.C:\Documents and Settings\Kristy\Local Settings\Application Data\Microsoft\Messenger\krisparmley@hotmail.com\SharingMetadata\juliejay08@hotmail.com\DFSR\Staging\CS{AD32B7E6-29EF-1A44-EA96-C0DAC42CC13E}\70\209-{4E4E2C28-736D-441D-BE63-1D1D18B65399}-v170-{4 25/04/2007 22:07 34.82 KB Hidden from Windows API.C:\Documents and Settings\Kristy\Local Settings\Application Data\Microsoft\Messenger\krisparmley@hotmail.com\SharingMetadata\juliejay08@hotmail.com\DFSR\Staging\CS{AD32B7E6-29EF-1A44-EA96-C0DAC42CC13E}\70\209-{4E4E2C28-736D-441D-BE63-1D1D18B65399}-v170-{4 25/04/2007 22:07 2.44 KB Hidden from Windows API.C:\Documents and Settings\Kristy\Local Settings\Application Data\Microsoft\Messenger\krisparmley@hotmail.com\SharingMetadata\juliejay08@hotmail.com\DFSR\Staging\CS{AD32B7E6-29EF-1A44-EA96-C0DAC42CC13E}\70\209-{4E4E2C28-736D-441D-BE63-1D1D18B65399}-v170-{4 25/04/2007 22:07 3.88 KB Hidden from Windows API.C:\Documents and Settings\Kristy\Local Settings\Application Data\Microsoft\Messenger\krisparmley@hotmail.com\SharingMetadata\juliejay08@hotmail.com\DFSR\Staging\CS{AD32B7E6-29EF-1A44-EA96-C0DAC42CC13E}\70\270-{B7A0B38E-0473-4B3B-8B10-35F0CA6E3473}-v270-{B 25/04/2007 22:07 360 bytes Hidden from Windows API.C:\Documents and Settings\Kristy\Local Settings\Application Data\Microsoft\Messenger\krisparmley@hotmail.com\SharingMetadata\juliejay08@hotmail.com\DFSR\Staging\CS{AD32B7E6-29EF-1A44-EA96-C0DAC42CC13E}\70\70-{B7A0B38E-0473-4B3B-8B10-35F0CA6E3473}-v70-{B7A 25/04/2007 22:07 1.88 KB Hidden from Windows API.C:\Documents and Settings\Kristy\Local Settings\Application Data\Microsoft\Messenger\krisparmley@hotmail.com\SharingMetadata\juliejay08@hotmail.com\DFSR\Staging\CS{AD32B7E6-29EF-1A44-EA96-C0DAC42CC13E}\70\70-{B7A0B38E-0473-4B3B-8B10-35F0CA6E3473}-v70-{B7A 25/04/2007 22:07 216 bytes Hidden from Windows API.C:\Documents and Settings\Kristy\Local Settings\Application Data\Microsoft\Messenger\krisparmley@hotmail.com\SharingMetadata\juliejay08@hotmail.com\DFSR\Staging\CS{AD32B7E6-29EF-1A44-EA96-C0DAC42CC13E}\71\1071-{4E4E2C28-736D-441D-BE63-1D1D18B65399}-v1071- 25/04/2007 22:07 1.01 KB Hidden from Windows API.C:\Documents and Settings\Kristy\Local Settings\Application Data\Microsoft\Messenger\krisparmley@hotmail.com\SharingMetadata\juliejay08@hotmail.com\DFSR\Staging\CS{AD32B7E6-29EF-1A44-EA96-C0DAC42CC13E}\71\1071-{4E4E2C28-736D-441D-BE63-1D1D18B65399}-v1071- 25/04/2007 22:07 128 bytes Hidden from Windows API.C:\Documents and Settings\Kristy\Local Settings\Application Data\Microsoft\Messenger\krisparmley@hotmail.com\SharingMetadata\juliejay08@hotmail.com\DFSR\Staging\CS{AD32B7E6-29EF-1A44-EA96-C0DAC42CC13E}\71\171-{B7A0B38E-0473-4B3B-8B10-35F0CA6E3473}-v171-{B 25/04/2007 22:07 392 bytes Hidden from Windows API.C:\Documents and Settings\Kristy\Local Settings\Application Data\Microsoft\Messenger\krisparmley@hotmail.com\SharingMetadata\juliejay08@hotmail.com\DFSR\Staging\CS{AD32B7E6-29EF-1A44-EA96-C0DAC42CC13E}\71\211-{4E4E2C28-736D-441D-BE63-1D1D18B65399}-v171-{4 25/04/2007 22:07 26.22 KB Hidden from Windows API.C:\Documents and Settings\Kristy\Local Settings\Application Data\Microsoft\Messenger\krisparmley@hotmail.com\SharingMetadata\juliejay08@hotmail.com\DFSR\Staging\CS{AD32B7E6-29EF-1A44-EA96-C0DAC42CC13E}\71\211-{4E4E2C28-736D-441D-BE63-1D1D18B65399}-v171-{4 25/04/2007 22:07 1.80 KB Hidden from Windows API.C:\Documents and Settings\Kristy\Local Settings\Application Data\Microsoft\Messenger\krisparmley@hotmail.com\SharingMetadata\juliejay08@hotmail.com\DFSR\Staging\CS{AD32B7E6-29EF-1A44-EA96-C0DAC42CC13E}\71\211-{4E4E2C28-736D-441D-BE63-1D1D18B65399}-v171-{4 25/04/2007 22:07 2.95 KB Hidden from Windows API.C:\Documents and Settings\Kristy\Local Settings\Application Data\Microsoft\Messenger\krisparmley@hotmail.com\SharingMetadata\juliejay08@hotmail.com\DFSR\Staging\CS{AD32B7E6-29EF-1A44-EA96-C0DAC42CC13E}\71\271-{B7A0B38E-0473-4B3B-8B10-35F0CA6E3473}-v271-{B 25/04/2007 22:07 384 bytes Hidden from Windows API.C:\Documents and Settings\Kristy\Local Settings\Application Data\Microsoft\Messenger\krisparmley@hotmail.com\SharingMetadata\juliejay08@hotmail.com\DFSR\Staging\CS{AD32B7E6-29EF-1A44-EA96-C0DAC42CC13E}\71\71-{B7A0B38E-0473-4B3B-8B10-35F0CA6E3473}-v71-{B7A 25/04/2007 22:07 360 bytes Hidden from Windows API.C:\Documents and Settings\Kristy\Local Settings\Application Data\Microsoft\Messenger\krisparmley@hotmail.com\SharingMetadata\juliejay08@hotmail.com\DFSR\Staging\CS{AD32B7E6-29EF-1A44-EA96-C0DAC42CC13E}\72\1072-{4E4E2C28-736D-441D-BE63-1D1D18B65399}-v1072- 25/04/2007 22:07 750 bytes Hidden from Windows API.C:\Documents and Settings\Kristy\Local Settings\Application Data\Microsoft\Messenger\krisparmley@hotmail.com\SharingMetadata\juliejay08@hotmail.com\DFSR\Staging\CS{AD32B7E6-29EF-1A44-EA96-C0DAC42CC13E}\72\1072-{4E4E2C28-736D-441D-BE63-1D1D18B65399}-v1072- 25/04/2007 22:07 96 bytes Hidden from Windows API.C:\Documents and Settings\Kristy\Local Settings\Application Data\Microsoft\Messenger\krisparmley@hotmail.com\SharingMetadata\juliejay08@hotmail.com\DFSR\Staging\CS{AD32B7E6-29EF-1A44-EA96-C0DAC42CC13E}\72\172-{B7A0B38E-0473-4B3B-8B10-35F0CA6E3473}-v172-{B 25/04/2007 22:07 384 bytes Hidden from Windows API.C:\Documents and Settings\Kristy\Local Settings\Application Data\Microsoft\Messenger\krisparmley@hotmail.com\SharingMetadata\juliejay08@hotmail.com\DFSR\Staging\CS{AD32B7E6-29EF-1A44-EA96-C0DAC42CC13E}\72\1772-{4E4E2C28-736D-441D-BE63-1D1D18B65399}-v1772- 25/04/2007 22:07 8 bytes Hidden from Windows API.C:\Documents and Settings\Kristy\Local Settings\Application Data\Microsoft\Messenger\krisparmley@hotmail.com\SharingMetadata\juliejay08@hotmail.com\DFSR\Staging\CS{AD32B7E6-29EF-1A44-EA96-C0DAC42CC13E}\72\212-{4E4E2C28-736D-441D-BE63-1D1D18B65399}-v172-{4 25/04/2007 22:07 30.12 KB Hidden from Windows API.C:\Documents and Settings\Kristy\Local Settings\Application Data\Microsoft\Messenger\krisparmley@hotmail.com\SharingMetadata\juliejay08@hotmail.com\DFSR\Staging\CS{AD32B7E6-29EF-1A44-EA96-C0DAC42CC13E}\72\212-{4E4E2C28-736D-441D-BE63-1D1D18B65399}-v172-{4 25/04/2007 22:07 2.14 KB Hidden from Windows API.C:\Documents and Settings\Kristy\Local Settings\Application Data\Microsoft\Messenger\krisparmley@hotmail.com\SharingMetadata\juliejay08@hotmail.com\DFSR\Staging\CS{AD32B7E6-29EF-1A44-EA96-C0DAC42CC13E}\72\212-{4E4E2C28-736D-441D-BE63-1D1D18B65399}-v172-{4 25/04/2007 22:07 3.33 KB Hidden from Windows API.C:\Documents and Settings\Kristy\Local Settings\Application Data\Microsoft\Messenger\krisparmley@hotmail.com\SharingMetadata\juliejay08@hotmail.com\DFSR\Staging\CS{AD32B7E6-29EF-1A44-EA96-C0DAC42CC13E}\72\272-{B7A0B38E-0473-4B3B-8B10-35F0CA6E3473}-v272-{B 25/04/2007 22:07 376 bytes Hidden from Windows API.C:\Documents and Settings\Kristy\Local Settings\Application Data\Microsoft\Messenger\krisparmley@hotmail.com\SharingMetadata\juliejay08@hotmail.com\DFSR\Staging\CS{AD32B7E6-29EF-1A44-EA96-C0DAC42CC13E}\72\72-{B7A0B38E-0473-4B3B-8B10-35F0CA6E3473}-v72-{B7A 25/04/2007 22:07 384 bytes Hidden from Windows API.C:\Documents and Settings\Kristy\Local Settings\Application Data\Microsoft\Messenger\krisparmley@hotmail.com\SharingMetadata\juliejay08@hotmail.com\DFSR\Staging\CS{AD32B7E6-29EF-1A44-EA96-C0DAC42CC13E}\73\1073-{4E4E2C28-736D-441D-BE63-1D1D18B65399}-v1073- 25/04/2007 22:07 8 bytes Hidden from Windows API.C:\Documents and Settings\Kristy\Local Settings\Application Data\Microsoft\Messenger\krisparmley@hotmail.com\SharingMetadata\juliejay08@hotmail.com\DFSR\Staging\CS{AD32B7E6-29EF-1A44-EA96-C0DAC42CC13E}\73\1173-{4E4E2C28-736D-441D-BE63-1D1D18B65399}-v1173- 25/04/2007 22:07 138 bytes Hidden from Windows API.C:\Documents and Settings\Kristy\Local Settings\Application Data\Microsoft\Messenger\krisparmley@hotmail.com\SharingMetadata\juliejay08@hotmail.com\DFSR\Staging\CS{AD32B7E6-29EF-1A44-EA96-C0DAC42CC13E}\73\1173-{4E4E2C28-736D-441D-BE63-1D1D18B65399}-v1173- 25/04/2007 22:07 296 bytes Hidden from Windows API.C:\Documents and Settings\Kristy\Local Settings\Application Data\Microsoft\Messenger\krisparmley@hotmail.com\SharingMetadata\juliejay08@hotmail.com\DFSR\Staging\CS{AD32B7E6-29EF-1A44-EA96-C0DAC42CC13E}\73\173-{B7A0B38E-0473-4B3B-8B10-35F0CA6E3473}-v173-{B 25/04/2007 22:07 264 bytes Hidden from Windows API.C:\Documents and Settings\Kristy\Local Settings\Application Data\Microsoft\Messenger\krisparmley@hotmail.com\SharingMetadata\juliejay08@hotmail.com\DFSR\Staging\CS{AD32B7E6-29EF-1A44-EA96-C0DAC42CC13E}\73\210-{4E4E2C28-736D-441D-BE63-1D1D18B65399}-v173-{4 25/04/2007 22:07 37.45 KB Hidden from Windows API.C:\Documents and Settings\Kristy\Local Settings\Application Data\Microsoft\Messenger\krisparmley@hotmail.com\SharingMetadata\juliejay08@hotmail.com\DFSR\Staging\CS{AD32B7E6-29EF-1A44-EA96-C0DAC42CC13E}\73\210-{4E4E2C28-736D-441D-BE63-1D1D18B65399}-v173-{4 25/04/2007 22:07 2.74 KB Hidden from Windows API.C:\Documents and Settings\Kristy\Local Settings\Application Data\Microsoft\Messenger\krisparmley@hotmail.com\SharingMetadata\juliejay08@hotmail.com\DFSR\Staging\CS{AD32B7E6-29EF-1A44-EA96-C0DAC42CC13E}\73\210-{4E4E2C28-736D-441D-BE63-1D1D18B65399}-v173-{4 25/04/2007 22:07 4.20 KB Hidden from Windows API.C:\Documents and Settings\Kristy\Local Settings\Application Data\Microsoft\Messenger\krisparmley@hotmail.com\SharingMetadata\juliejay08@hotmail.com\DFSR\Staging\CS{AD32B7E6-29EF-1A44-EA96-C0DAC42CC13E}\73\273-{B7A0B38E-0473-4B3B-8B10-35F0CA6E3473}-v273-{B 25/04/2007 22:07 376 bytes Hidden from Windows API.C:\Documents and Settings\Kristy\Local Settings\Application Data\Microsoft\Messenger\krisparmley@hotmail.com\SharingMetadata\juliejay08@hotmail.com\DFSR\Staging\CS{AD32B7E6-29EF-1A44-EA96-C0DAC42CC13E}\73\73-{B7A0B38E-0473-4B3B-8B10-35F0CA6E3473}-v73-{B7A 25/04/2007 22:07 384 bytes Hidden from Windows API.C:\Documents and Settings\Kristy\Local Settings\Application Data\Microsoft\Messenger\krisparmley@hotmail.com\SharingMetadata\juliejay08@hotmail.com\DFSR\Staging\CS{AD32B7E6-29EF-1A44-EA96-C0DAC42CC13E}\74\1074-{4E4E2C28-736D-441D-BE63-1D1D18B65399}-v1074- 25/04/2007 22:07 8 bytes Hidden from Windows API.C:\Documents and Settings\Kristy\Local Settings\Application Data\Microsoft\Messenger\krisparmley@hotmail.com\SharingMetadata\juliejay08@hotmail.com\DFSR\Staging\CS{AD32B7E6-29EF-1A44-EA96-C0DAC42CC13E}\74\1474-{4E4E2C28-736D-441D-BE63-1D1D18B65399}-v1474- 25/04/2007 22:07 1.45 KB Hidden from Windows API.C:\Documents and Settings\Kristy\Local Settings\Application Data\Microsoft\Messenger\krisparmley@hotmail.com\SharingMetadata\juliejay08@hotmail.com\DFSR\Staging\CS{AD32B7E6-29EF-1A44-EA96-C0DAC42CC13E}\74\1474-{4E4E2C28-736D-441D-BE63-1D1D18B65399}-v1474- 25/04/2007 22:07 296 bytes Hidden from Windows API.C:\Documents and Settings\Kristy\Local Settings\Application Data\Microsoft\Messenger\krisparmley@hotmail.com\SharingMetadata\juliejay08@hotmail.com\DFSR\Staging\CS{AD32B7E6-29EF-1A44-EA96-C0DAC42CC13E}\74\174-{B7A0B38E-0473-4B3B-8B10-35F0CA6E3473}-v174-{B 25/04/2007 22:07 384 bytes Hidden from Windows API.C:\Documents and Settings\Kristy\Local Settings\Application Data\Microsoft\Messenger\krisparmley@hotmail.com\SharingMetadata\juliejay08@hotmail.com\DFSR\Staging\CS{AD32B7E6-29EF-1A44-EA96-C0DAC42CC13E}\74\197-{4E4E2C28-736D-441D-BE63-1D1D18B65399}-v174-{4 25/04/2007 22:07 43.03 KB Hidden from Windows API.C:\Documents and Settings\Kristy\Local Settings\Application Data\Microsoft\Messenger\krisparmley@hotmail.com\SharingMetadata\juliejay08@ho

Re: Not sure whats wrong,please take a look!!
 

Kristy, my apologies, I missed an important line with my cut and paste.... I have corrected the instruction, and taken the opp to add more files:
-you must be in an Administrator-privileged account to run this procedure...
Start Avenger; select “Input script manually” and then click the magnifying glass icon. Paste into the box these lines as one block:-

Files to delete:
C:\WINDOWS\system32\ogycsrw.exe
C:\WINDOWS\system32\hzhkhdet.exe
C:\WINDOWS\IFinst27.exe
C:\3b10545d3d62bb28bf60f37c
C:\WINDOWS\system32\pmbvkxh_nav.dat
C:\WINDOWS\system32\linkprd.exe
C:\WINDOWS\system32\ycbeg.ini2
C:\WINDOWS\system32\ycbeg.bak2
C:\WINDOWS\system32\ycbeg.bak1
C:\WINDOWS\system32\mlkkj.bak2
C:\WINDOWS\system32\mlkkj.ini2
C:\WINDOWS\system32\mlkkj.bak1
C:\WINDOWS\system32\f3pssavr.scr
C:\DOCUME~1\Kristy\APPLIC~1\bbbconfig.dat
C:\\DOCUME~1\\Kristy\\MYDOCU~1\\SCURIT~1\\TTRIB~1.EXE
C:\WINDOWS\WSYS049.SYS
C:\WINDOWS\system\tnebli.tmp
C:\WINDOWS\system32\ihhkj.tmp
C:\WINDOWS\system32\mlkkj.tmp
C:\WINDOWS\system32\ttvwa.tmp
C:\WINDOWS\system32\ycbeg.tmp

...and click Done, and finally the green light.
Follow promps to reboot your machine.
[The files, etc., that you asked Avenger to delete are zipped to C:\avenger\backup.zip.]
Avenger creates a log file that should open with the results of its actions. This file is located at C:\avenger.txt

===I want you to do a manual search for this file [i don't have a path for it...]; if you find it, delete it:
w03a1090.dll

Next do a Scan Only with hijackthis and check these two entries for fixing, and press Fix Checked:

O4 - Startup: .protected
O4 - Global Startup: .protected

See how you go..

Re: Not sure whats wrong,please take a look!!
 

it still says this is not a valid script and i cannot search for this file as the search function on windows doesnt work:( and with hijack this it said these 2 files are in use so cannot be deleted.

Re: Not sure whats wrong,please take a look!!
 

Kristy, re Avenger... did you enter the whole block including the files to delete label? I can enter it into avenger on my machine and it tis quite happy about it.
Try this online scanner... we'll have to give up on panda for the while. : http://www.kaspersky.com/virusscanner post the results.
Perhaps you can try Avenger on this file- paste in this block:

Files to delete:
C:\windows\.protected

Did you manage to run f-secure's blacklight?

Re: Not sure whats wrong,please take a look!!
 

One other thing, i asked earlier for you to remove Norton/Symantec from your sys - I then assumed that this file detected by combfix was a relic from that AV - it is likely a problem file, it IS in the wrong area, and you don't want it. Please paste these two lines into the Avenger text box:

Files to delete:
C:\symlcsv1.exe

If Avenger still is not working for you, then we can try this manual way: download Unlocker 1.8.5 from http://ccollomb.free.fr/unlocker/ -install it.
You will then have to navigate to every single one of those files and rclick them and select Delete. All 23 of them. :|
Run ComboFix again and post its log.

Re: Not sure whats wrong,please take a look!!
 

Status: 0xc0000034File C:\WINDOWS\system32\ycbeg.ini2 deleted successfully.File C:\WINDOWS\system32\ycbeg.bak2 deleted successfully.File C:\WINDOWS\system32\ycbeg.bak1 deleted successfully.File C:\WINDOWS\system32\mlkkj.bak2 deleted successfully.File C:\WINDOWS\system32\mlkkj.ini2 deleted successfully.File C:\WINDOWS\system32\mlkkj.bak1 deleted successfully.File C:\WINDOWS\system32\f3pssavr.scr deleted successfully.File C:\DOCUME~1\Kristy\APPLIC~1\bbbconfig.dat deleted successfully.Could not open file C:\\DOCUME~1\\Kristy\\MYDOCU~1\\SCURIT~1\\TTRIB~1.EXE for deletionDeletion of file C:\\DOCUME~1\\Kristy\\MYDOCU~1\\SCURIT~1\\TTRIB~1.EXE failed!Could not process line:C:\\DOCUME~1\\Kristy\\MYDOCU~1\\SCURIT~1\\TTRIB~1.EXEStatus: 0xc000003aFile C:\WINDOWS\WSYS049.SYS deleted successfully.File C:\WINDOWS\system\tnebli.tmp deleted successfully.File C:\WINDOWS\system32\ihhkj.tmp deleted successfully.File C:\WINDOWS\system32\mlkkj.tmp deleted successfully.File C:\WINDOWS\system32\ttvwa.tmp deleted successfully.File C:\WINDOWS\system32\ycbeg.tmp deleted successfully.Completed script processing.*******************Finished! Terminate.

Re: Not sure whats wrong,please take a look!!
 

i cannot run kapersky either as no new window opens:(

Re: Not sure whats wrong,please take a look!!
 

"Kristy" - 07-04-30 12:54:42 Service Pack 2 ComboFix 07-04-25.4V - Running from: "C:\Program Files\AOL 9.0a\download\"(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~Folders Quarantined:C:\qoobox\purity\C\DOCUME~1C:\qoobox\purity\C\DOCUME~1\KristyC:\qoobox\purity\C\DOCUME~1\Kristy\APPLIC~1C:\qoobox\purity\C\DOCUME~1\Kristy\MYDOCU~1C:\qoobox\purity\C\DOCUME~1\Kristy\APPLIC~1\PPPATC~1C:\qoobox\purity\C\DOCUME~1\Kristy\MYDOCU~1\CROSOF~1C:\qoobox\purity\C\DOCUME~1\Kristy\MYDOCU~1\RACLE~1C:\qoobox\purity\C\DOCUME~1\Kristy\MYDOCU~1\SCURIT~1C:\qoobox\purity\C\Program Files\APPATC~1C:\qoobox\purity\C\Program Files\CURITY~1C:\qoobox\purity\C\Program Files\DOBE~1C:\qoobox\purity\C\Program Files\SCURIT~1C:\qoobox\purity\C\Program Files\WNSXS~1C:\qoobox\purity\C\Program Files\YMBOLS~1C:\qoobox\purity\C\Program Files\Common Files\DOBE~1C:\qoobox\purity\C\Program Files\Common Files\RACLE~1C:\qoobox\purity\C\Program Files\Common Files\SKS~1C:\qoobox\purity\C\WINDOWS\CROSOF~1.NETC:\qoobox\purity\C\WINDOWS\DOBE~1C:\qoobox\purity\C\WINDOWS\MANTEC~1C:\qoobox\purity\C\WINDOWS\MCROSO~1C:\qoobox\purity\C\WINDOWS\system32\DOBE~1C:\qoobox\purity\C\WINDOWS\system32\YMANTE~1((((((((((((((((((((((((((((((( Files Created from 2007-03-28 to 2007-04-30 ))))))))))))))))))))))))))))))))))2007-04-30 09:22 d-------- C:\avenger2007-04-30 09:20 60,416 --a------ C:\WINDOWS\system32\drivers\oryeobyk.sys2007-04-30 09:19 60,416 --a------ C:\WINDOWS\system32\drivers\ovygriae.sys2007-04-30 09:19 60,416 --a------ C:\WINDOWS\system32\drivers\fakofips.sys2007-04-30 09:16 126,976 --a------ C:\zip.exe2007-04-26 15:59 3,606 --a------ C:\WINDOWS\system32\tmp.reg2007-04-26 15:57 53,248 --a------ C:\WINDOWS\system32\Process.exe2007-04-26 15:57 51,200 --a------ C:\WINDOWS\system32\dumphive.exe2007-04-26 15:57 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe2007-04-26 09:19 d-------- C:\VundoFix Backups2007-04-25 19:10 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys2007-04-25 18:58 d-------- C:\Program Files\cc2007-04-25 18:53 49,152 --a------ C:\WINDOWS\nircmd.exe2007-04-25 14:42 d-------- C:\WINDOWS\system32\NtmsData2007-04-25 10:01 d-------- C:\Program Files\New Folder2007-04-24 18:46 d-------- C:\DOCUME~1\Kristy\APPLIC~1\Solitaire.Com2007-04-13 12:24 d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\InstallShield2007-04-13 12:06 d-------- C:\WINDOWS\system32\FlashAX2007-04-09 22:46 d-------- C:\Program Files\MSXML 4.02007-04-09 22:46 d-------- C:\3b10545d3d62bb28bf60f37c2007-04-09 19:50 d-------- C:\WINDOWS\network diagnostic2007-04-09 19:10 d-------- C:\WINDOWS\CAVTemp2007-04-09 15:45 95,760 --a------ C:\WINDOWS\system32\isafeif.dll2007-04-09 15:45 75,280 --a------ C:\WINDOWS\system32\vetredir.dll2007-04-09 15:45 75,280 --a------ C:\WINDOWS\system32\isafprod.dll2007-04-09 15:45 629,216 --a------ C:\WINDOWS\system32\drivers\vetefile.sys2007-04-09 15:45 32,528 --a------ C:\WINDOWS\system32\drivers\vetmonnt.sys2007-04-09 15:45 26,640 --a------ C:\WINDOWS\system32\drivers\vet-filt.sys2007-04-09 15:45 21,648 --a------ C:\WINDOWS\system32\drivers\vetfddnt.sys2007-04-09 15:45 21,392 --a------ C:\WINDOWS\system32\drivers\vet-rec.sys2007-04-09 15:45 108,544 --a------ C:\WINDOWS\system32\drivers\veteboot.sys2007-04-09 15:44 d-------- C:\Program Files\CA2007-04-09 15:44 d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\CA2007-04-09 13:57 d-------- C:\Program Files\Smart PC Solutions2007-04-09 13:57 d-------- C:\DOCUME~1\Kristy\APPLIC~1\Smart PC Solutions2007-04-09 13:19 d-------- C:\Program Files\RegistrySmart2007-04-09 13:19 d-------- C:\DOCUME~1\Kristy\APPLIC~1\RegistrySmart2007-04-06 15:05 d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!2007-04-06 15:03 d-------- C:\Program Files\Messenger Plus! Live2007-04-06 14:37 d-------- C:\DOCUME~1\Kristy\APPLIC~1\MSNInstaller2007-04-05 21:57 d-------- C:\DOCUME~1\Kristy\APPLIC~1\Screenshot Sender2007-04-04 18:48 77,160 --a------ C:\WINDOWS\DSETUP.dll2007-04-04 18:48 503,144 --a------ C:\WINDOWS\DXSETUP.exe2007-04-04 18:48 1,673,576 --a------ C:\WINDOWS\dsetup32.dll2007-04-03 14:27 1,246,096 ---hs---- C:\WINDOWS\system32\ttvwa.ini22007-03-30 14:28 1,257,356 ---hs---- C:\WINDOWS\system32\ttvwa.bak22007-03-29 13:26 1,261,135 ---hs---- C:\WINDOWS\system32\ttvwa.bak1(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))2007-04-29 20:17 -------- d-------- C:\Program Files\morpheus2007-04-26 09:26 -------- d-------- C:\Program Files\norton antivirus2007-04-15 18:23 -------- d-------- C:\Program Files\gpotato2007-04-15 14:22 874 --a------ C:\DOCUME~1\Kristy\APPLIC~1\adobedlm.log2007-04-15 14:22 6 --a------ C:\DOCUME~1\Kristy\APPLIC~1\dm.ini2007-04-14 16:46 -------- d--h----- C:\Program Files\installshield installation information2007-04-13 12:16 3583 --a--c--- C:\WINDOWS\mozver.dat2007-04-09 19:10 -------- d-------- C:\Program Files\windows nt2007-04-06 15:03 -------- d-------- C:\Program Files\msn messenger2007-03-31 19:59 -------- d-------- C:\DOCUME~1\Kristy\APPLIC~1\zylom2007-03-31 18:36 -------- d-------- C:\DOCUME~1\Kristy\APPLIC~1\mysterystudio2007-03-21 16:08 142568 --a------ C:\WINDOWS\system32linkprd.exe2007-03-20 12:13 -------- d-------- C:\DOCUME~1\Kristy\APPLIC~1\magic academy2007-03-19 00:43 155411 --a------ C:\WINDOWS\system32\drivers\dump_wmimmc.sys2007-03-17 14:43 292864 --a------ C:\WINDOWS\system32\winsrv.dll2007-03-15 13:12 -------- d-------- C:\Program Files\cyberlink2007-03-15 13:09 -------- d-------- C:\Program Files\epson2007-03-15 13:06 -------- d-------- C:\Program Files\logitech2007-03-15 12:55 -------- d--h----- C:\Program Files\zero g registry2007-03-14 21:27 -------- d-------- C:\DOCUME~1\Kristy\APPLIC~1\messengerskinner2007-03-10 19:24 -------- d-------- C:\Program Files\mythwar_en2007-03-09 23:51 -------- d-------- C:\DOCUME~1\Kristy\APPLIC~1\imvu2007-03-09 20:10 -------- d-------- C:\DOCUME~1\Kristy\APPLIC~1\utorrent2007-03-08 16:36 577536 --a------ C:\WINDOWS\system32\user32.dll2007-03-08 16:36 40960 --a------ C:\WINDOWS\system32\mf3216.dll2007-03-08 16:36 281600 --a------ C:\WINDOWS\system32\gdi32.dll2007-03-08 14:47 1843584 --a------ C:\WINDOWS\system32\win32k.sys2007-03-06 01:23 -------- d-------- C:\Program Files\imvu2007-03-04 15:01 -------- d-------- C:\Program Files\webroot2007-02-26 11:53 164 --a------ C:\install.dat2007-02-08 00:39 6144 --ahs---- C:\Program Files\thumbs.db2007-02-05 21:17 185344 --a------ C:\WINDOWS\system32\upnphost.dll(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll{9030D464-4C02-4ABF-8ECC-5164760863C6} C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-gb\msntb.dll[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]"AOLDialer"="\"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe\"""LVCOMSX"="C:\\WINDOWS\\system32\\LVCOMSX.EXE""BluetoothAuthenticationAgent"="\"rundll32.exe\" bthprops.cpl,,BluetoothAuthenticationAgent""HostManager"="\"C:\\Program Files\\Common Files\\AOL\\1149184109\\ee\\AOLSoftware.exe\"""NvCplDaemon"="\"RUNDLL32.EXE\" C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup""MCUpdateExe"="C:\\PROGRA~1\\mcafee.com\\agent\\mcupdate.exe""Lexmark X84-X85 Button Monitor"="C:\\PROGRA~1\\LEXMAR~1\\ACMonitor_X84-X85.exe""Lexmark X84-X85 Button Manager"="C:\\PROGRA~1\\LEXMAR~1\\AcBtnMgr_X84-X85.exe""PrinTray"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\printray.exe""SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0_01\\bin\\jusched.exe\"""cctray"="\"C:\\Program Files\\CA\\CA Internet Security Suite\\cctray\\cctray.exe\"""QOELOADER"="\"C:\\Program Files\\CA\\CA Internet Security Suite\\CA Anti-Spam\\QSP-5.0.419.0\\QOELoader.exe\"""CAVRID"="\"C:\\Program Files\\CA\\CA Internet Security Suite\\CA Anti-Virus\\CAVRID.exe\"""cafwc"="C:\\Program Files\\CA\\CA Internet Security Suite\\CA Personal Firewall\\cafw.exe -cl""wskveucd"="C:\\fbbqkmik.bat"[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe""msnmsgr"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]"Spyware Doctor"="""Nqnzqv"="C:\\DOCUME~1\\Kristy\\APPLIC~1\\PPPATC~1\\NPDB~1.EXE""DWQueuedReporting"="\"C:\\PROGRA~1\\COMMON~1\\MICROS~1\\DW\\dwtrig20.exe\" -t"[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]"NoCDBurning"=dword:00000000[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run][HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\2] Source REG_SZ C:\Documents and Settings\Kristy\My Documents\ticker.html[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\3] Source REG_SZ C:\Documents and Settings\Kristy\My Documents\babynew.html[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\4] Source REG_SZ C:\Documents and Settings\Kristy\My Documents\baby_desktop.html[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PFWHKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa Authentication Packages REG_MULTI_SZ msv1_0\0\0 Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0 Notification Packages REG_MULTI_SZ scecli\0\0[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder][HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AOL 9.0 Tray Icon.lnk]"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\AOL 9.0 Tray Icon.lnk""backup"="C:\\WINDOWS\\pss\\AOL 9.0 Tray Icon.lnkCommon Startup""location"="Common Startup""command"="C:\\PROGRA~1\\AOL9~1.0A\\aoltray.exe -check""item"="AOL 9.0 Tray Icon"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BTTray.lnk]"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\BTTray.lnk""backup"="C:\\WINDOWS\\pss\\BTTray.lnkCommon Startup""location"="Common Startup""command"="C:\\PROGRA~1\\Belkin\\BLUETO~1\\BTTray.exe ""item"="BTTray"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Microsoft Office.lnk""backup"="C:\\WINDOWS\\pss\\Microsoft Office.lnkCommon Startup""location"="Common Startup""command"="C:\\PROGRA~1\\MICROS~2\\Office10\\OSA.EXE -b -l""item"="Microsoft Office"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run""item"="TTRIB~1""hkey"="HKCU""command"="C:\\DOCUME~1\\Kristy\\MYDOCU~1\\SCURIT~1\\TTRIB~1.EXE""inimapping"="0"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\%FP%Friendly fts.exe]"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run""item"="fts""hkey"="HKLM""command"="\"C:\\Program Files\\VoyagerTest\\fts.exe\"""inimapping"="0"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ALServ]"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run""item"="ALServ""hkey"="HKLM""command"="\"C:\\Program Files\\Altec Lansing\\AMS\\ALServ.exe\"""inimapping"="0"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer]"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run""item"="AOLDial""hkey"="HKLM""command"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe""inimapping"="0"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BigDogPath]"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run""item"="VM_STI""hkey"="HKLM""command"="C:\\WINDOWS\\VM_STI.EXE Cammaestro 4.2GU build 1105""inimapping"="0"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run""item"="rundll32""hkey"="HKLM""command"="rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent""inimapping"="0"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CARPService]"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run""item"="carpserv""hkey"="HKLM""command"="carpserv.exe""inimapping"="0"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run""item"="ctfmon""hkey"="HKCU""command"="C:\\WINDOWS\\system32\\ctfmon.exe""inimapping"="0"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DSLAGENTEXE]"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run""item"="dslagent""hkey"="HKLM""command"="C:\\Program Files\\BT Voyager 105 ADSL Modem\\dslagent.exe""inimapping"="0"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DSLSTATEXE]"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run""item"="dslstat""hkey"="HKLM""command"="C:\\Program Files\\BT Voyager 105 ADSL Modem\\dslstat.exe icon""inimapping"="0"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gqxowron]"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run""item"="TTRIB~1""hkey"="HKCU""command"="C:\\DOCUME~1\\Kristy\\MYDOCU~1\\SCURIT~1\\TTRIB~1.EXE""inimapping"="0"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run""item"="AOLHostManager""hkey"="HKLM""command"="C:\\Program Files\\Common Files\\AOL\\1149184109\\ee\\AOLHostManager.exe""inimapping"="0"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark X84-X85 Button Manager]"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run""item"="AcBtnMgr_X84-X85""hkey"="HKLM""command"="C:\\PROGRA~1\\LEXMAR~1\\AcBtnMgr_X84-X85.exe""inimapping"="0"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark X84-X85 Button Monitor]"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run""item"="ACMonitor_X84-X85""hkey"="HKLM""command"="C:\\PROGRA~1\\LEXMAR~1\\ACMonitor_X84-X85.exe""inimapping"="0"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load]"key"="SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Windows""item"="????""hkey"="HKCU""command"="????""inimapping"="1"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCAgentExe]"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run""item"="McAgent""hkey"="HKLM""command"="c:\\PROGRA~1\\mcafee.com\\agent\\McAgent.exe""inimapping"="0"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCUpdateExe]"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run""item"="McUpdate""hkey"="HKLM""command"="C:\\PROGRA~1\\mcafee.com\\agent\\McUpdate.exe""inimapping"="0"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MessengerPlus3]"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run""item"="MsgPlus""hkey"="HKLM""command"="\"C:\\Program Files\\MessengerPlus! 3\\MsgPlus.exe\"""inimapping"="0"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MimBoot]"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run""item"="mimboot""hkey"="HKLM""command"="C:\\PROGRA~1\\MUSICM~1\\MUSICM~1\\mimboot.exe""inimapping"="0"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mousepad]"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run""item"="mousepad12""hkey"="HKLM""command"="C:\\windows\\mousepad12.exe""inimapping"="0"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run""item"="msnmsgr""hkey"="HKCU""command"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background""inimapping"="0"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run""item"="NeroCheck""hkey"="HKLM""command"="C:\\WINDOWS\\system32\\NeroCheck.exe""inimapping"="0"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run""item"="NvCpl""hkey"="HKLM""command"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup""inimapping"="0"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run""item"="RunDLL32""hkey"="HKLM""command"="RunDLL32.exe NvMCTray.dll,NvTaskbarInit""inimapping"="0"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run""item"="nwiz""hkey"="HKLM""command"="nwiz.exe /install""inimapping"="0"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpiStat]"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run""item"="OpiStat""hkey"="HKLM""command"="C:\\Program Files\\OpiStat\\OpiStat\\OpiStat.exe""inimapping"="0"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PrinTray]"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run""item"="printray""hkey"="HKLM""command"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\printray.exe""inimapping"="0"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run""item"="qttask""hkey"="HKLM""command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime""inimapping"="0"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run""item"="PDVDServ""hkey"="HKLM""command"="\"C:\\Program Files\\CyberLink\\PowerDVD\\PDVDServ.exe\"""inimapping"="0"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Run]"key"="SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Windows""item"="????""hkey"="HKCU""command"="????""inimapping"="1"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run""item"="Skype""hkey"="HKCU""command"="\"C:\\Program Files\\Skype\\Phone\\Skype.exe\" /nosplash /minimized""inimapping"="0"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run""item"="SOUNDMAN""hkey"="HKLM""command"="SOUNDMAN.EXE""inimapping"="0"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run""item"="jusched""hkey"="HKLM""command"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe""inimapping"="0"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SweetIM]"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run""item"="SweetIM""hkey"="HKLM""command"="C:\\Program Files\\Macrogaming\\SweetIM\\SweetIM.exe""inimapping"="0"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\type32]"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run""item"="type32""hkey"="HKLM""command"="\"C:\\Program Files\\Microsoft IntelliType Pro\\type32.exe\"""inimapping"="0"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirusScan Online]"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run""item"="mcvsshld""hkey"="HKLM""command"="\"c:\\PROGRA~1\\mcafee.com\\vso\\mcvsshld.exe\"""inimapping"="0"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VSOCheckTask]"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run""item"="mcmnhdlr""hkey"="HKLM""command"="\"c:\\PROGRA~1\\mcafee.com\\vso\\mcmnhdlr.exe\" /checktask""inimapping"="0"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\w03a1090.dll]"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run""item"="RUNDLL32""hkey"="HKLM""command"="RUNDLL32.EXE w03a1090.dll,I2 00085ca3003a1090""inimapping"="0" [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]HTTPFilter REG_MULTI_SZ HTTPFilter\0\0LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0NetworkService REG_MULTI_SZ DnsCache\0\0DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0rpcss REG_MULTI_SZ RpcSs\0\0imgsvc REG_MULTI_SZ StiSvc\0\0termsvcs REG_MULTI_SZ TermService\0\0bthsvcs REG_MULTI_SZ BthServ\0\0WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0*newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_ATWPKT2Contents of the 'Scheduled Tasks' folderC:\WINDOWS\tasks\A68FA4CC91845D2C.jobC:\WINDOWS\tasks\AppleSoftwareUpdate.jobC:\WINDOWS\tasks\CAAntiSpywareScan_Daily as Kristy at 15 45.jobC:\WINDOWS\tasks\McAfee.com Update Check (COMPUTER-Ed).jobC:\WINDOWS\tasks\McAfee.com Update Check (COMPUTER-Kristy).jobC:\WINDOWS\tasks\RegistrySmart Scheduled Scan.job********************************************************************catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.netRootkit scan 2007-04-30 13:11:46Windows 5.1.2600 Service Pack 2 NTFSscanning hidden processes ...scanning hidden services ...scanning hidden autostart entries ...scanning hidden files ...scan completed successfullyhidden processes: 0hidden services: 0hidden files: 0********************************************************************Completion time: 07-04-30 13:13:04C:\ComboFix-quarantined-files.txt ... 07-04-30 13:13C:\ComboFix2.txt ... 07-04-25 18:53

Re: Not sure whats wrong,please take a look!!
 

Kristy, do you have, or can you borrow, a windows installation CD? cos I think to get explorer working better you need to run system file checker. That is, start, run, type sfc /scannow -and Enter. That would/should fix any errors that some components may have.
Checking those logs you provided now...
Meanwhile, could you pls run Avenger again with this script to be pasted in?

Files to delete:
C:\windows\.protected
C:\symlcsv1.exe
C:\WINDOWS\IFinst27.exe
C:\3b10545d3d62bb28bf60f37c
C:\WINDOWS\system32\pmbvkxh_nav.dat
C:\WINDOWS\system32\linkprd.exe
C:\WINDOWS\system32\pmbvkxh_nav.dat
C:\DOCUME~1\Kristy\MYDOCU~1\SCURIT~1\TTRIB~1.EXE

Re: Not sure whats wrong,please take a look!!
 

Hi everyone, my pc is running slower than usual. It keeps reading the hard disk and takes more than 10 sec to load a webpage.

Pls kindly advise and let me know if you need more info. Thanks a million :) Pls see the spykill's system analyzer log (not sure if this is same as hijackthis)below:

Report generated on 5/1/2007 4:41:02 AM

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.yahoo.com/?.intl=sg
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qsg10.hpwis.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/cust...arch.yahoo.com
HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cust...arch.yahoo.com
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cust...ch/search.html
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = iexplore
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://qsg10.hpwis.com/
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qsg10.hpwis.com/
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/cust...arch.yahoo.com
HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
BrowserHelperObject: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [ file size: 399,424 bytes ]
BrowserHelperObject: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll [ file size: 50,376 bytes ]
BrowserHelperObject: name not found - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - [ file size: File not found! ]
BrowserHelperObject: name not found - {A5366673-E8CA-11D3-9CD9-0090271D075B} - [ file size: File not found! ]
IE Toolbar: name not found - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - [ file size: File not found! ]
IE Toolbar: name not found - {8E718888-423F-11D2-876E-00A0C9082467} - [ file size: File not found! ]
IE Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [ file size: 399,424 bytes ]
HKLM\...\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [ file size: 48,752 bytes ]
HKLM\...\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe [ file size: 85,696 bytes ]
HKLM\...\Run: [Zone Labs Client] C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe [ file size: 693,528 bytes ]
HKCU\...\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background [ file size: 145,056,491 bytes ]
HKCU\...\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet [ file size: 3,334,144 bytes ]
HKCU\...\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe [ file size: 13,312 bytes ]
HKCU\...\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background [ file size: 145,056,491 bytes ]
Local user startup: Shortcut to BitComet.lnk = C:\Program Files\BitComet\BitComet.exe [ file size: 2,600,960 bytes ]
Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - [ file size: File not found! ]
Extra 'Tools' menu item: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - [ file size: File not found! ]
Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmestw.dll [ file size: 316,552 bytes ]
Extra 'Tools' menu item: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmestw.dll [ file size: 316,552 bytes ]
Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe [ file size: 1,482,752 bytes]
Extra 'Tools' menu item: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe [ file size: 1,482,752 bytes ]
DownloadedProgramFiles: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (name not found) - http://www.lizardtech.com/download/f...trol_en_US.cab
DownloadedProgramFiles: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
DownloadedProgramFiles: {D27CDB6E-AE6D-11CF-96B8-444553540000} (name not found) - http://download.macromedia.com/pub/s...sh/swflash.cab
Protocol handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll"
Protocol handler: vnd.ms.radio - {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - C:\WINDOWS\System32\msdxm.ocx
Winlogon Notify: igfxcui - igfxsrvc.dll (file missing)
Winlogon Notify: MCPClient - C:\PROGRA~1\COMMON~1\Stardock\mcpstub.dll
Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
ShellServiceObjectDelayLoad: 0aMCPClient - {F5DF91F9-15E9-416B-A7C3-7519B11ECBFC} - C:\PROGRA~1\COMMON~1\Stardock\MCPCore.dll
ShellServiceObjectDelayLoad: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - %SystemRoot%\system32\SHELL32.dll
ShellServiceObjectDelayLoad: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - %SystemRoot%\system32\SHELL32.dll
ShellServiceObjectDelayLoad: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - %SystemRoot%\System32\webcheck.dll
ShellServiceObjectDelayLoad: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\System32\stobject.dll
SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - %SystemRoot%\System32\browseui.dll
SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - %SystemRoot%\System32\browseui.dll
Service: Symantec Event Manager (ccEvtMgr) - Description: Symantec Event Manager Service - Company: Symantec Corporation - Filename: C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
Service: Symantec Settings Manager (ccSetMgr) - Description: Symantec Settings Manager Service - Company: Symantec Corporation - Filename: C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
Service: Symantec AntiVirus Definition Watcher (DefWatch) - Description: Virus Definition Daemon - Company: Symantec Corporation - Filename: C:\Program Files\Symantec AntiVirus\DefWatch.exe
Service: Remote Procedure Call (RPC) (RpcSs) - Description: Unknown - Company: Unknown - Filename: Unknown
Service: StarWind iSCSI Service (StarWindService) - Description: StarWind iSCSI Target (Alcohol Edition) - Company: Rocket Division Software - Filename: C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
Service: Windows Image Acquisition (WIA) (stisvc) - Description: Unknown - Company: Unknown - Filename: Unknown
Service: Symantec AntiVirus (Symantec AntiVirus) - Description: Symantec AntiVirus - Company: Symantec Corporation - Filename: C:\Program Files\Symantec AntiVirus\Rtvscan.exe
Service: TrueVector Internet Monitor (vsmon) - Description: TrueVector Service - Company: Zone Labs Inc. - Filename: C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Re: Not sure whats wrong,please take a look!!
 

Kristy, it is not important but you can skip my last post #38 to you re avenger - a more complete version follows this.
Please make a restore point before you do the next step..... I need you to run this batch file - it will list several registry keys to a text file in your C:\ root folder, C:\krquery.txt, and then remove them from the registry. To run the batchfile simply copy all the text between the stars below to a notepad [turn OFF wordwrap!!], name it bugremv.bat and save it [as All files] to your desktop. Then just dclick the icon to run it. Post me the txt file please.

******************************************************************
REM file to test if all entries exist and then delete them

reg query "HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run" /v wskveucd >c:\krquery.txt
reg query "HKEY_USERS\.default\software\microsoft\windows\currentversion\run" /v Nqnzqv >> c:\krquery.txt
reg query "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg" >> c:\krquery.txt
reg query "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gqxowron" >> c:\krquery.txt
reg query "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load" >> c:\krquery.txt
reg query "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Run" >> c:\krquery.txt
reg query "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\w03a1090.dll" >> c:\krquery.txt

reg delete "HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run" /v wskveucd /f
reg delete "HKEY_USERS\.default\software\microsoft\windows\currentversion\run" /v Nqnzqv /f
reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg" /va /f
reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gqxowron" /f
reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load" /f
reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Run" /f
reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\w03a1090.dll" /f

******************************************************************
Now, do you have a task scheduled such as a regular backup? I can see Apple, CA, McAfee and RegistrySmart, but there is another one....? Please check Scheduled Tasks via control panel and check this one:
[C:\WINDOWS\tasks\] A68FA4CC91845D2C.job -use detail view, tell me if it is yours; if it is not, or it looks doubtful, remove it [rclick, delete].

What is this? Do you know it? No? - then delete it.
C:\zip.exe

Delete C:\qoobox folder