Kristy.... you have to help us help you... check the log posts in a couple of other threads -your's does not look like them. Please format it correctly and repost. A start would be to turn off wordwrap in notepad, but I think you may have to do some manual work as well - I dunno. Sorry.

Ok, that is prob a bit harsh, cos it is very likely not your fault, but you owe me a beer for struggling a bit of the way into that log - my eyes died trying..... Do this:
==Download fixwareout from http://www.bleepingcomputer.com/file...Fixwareout.exe - and save it to your desktop.
Either: go Control panel > folder options OR: in an explorer window > tools>folder options;
- then view tab, press Show hidden files and folders, Apply and Ok.
Double click Fixwareout.exe to start the Fixwareout Setup Wizard, click next and then install. Ensure that Run fixit is checked, and click on Finish.
After the fix follow the prompts. You will be asked to reboot your computer, and it may take longer than usual to load - this is normal.

Next check some settings....In control panel select the Network and Internet Connections , rclick on your default connection, usually local area connection for cable and dsl, and lclick on properties. Click the Networking tab. Dclick on the Internet Protocol (TCP/IP) item and select Obtain DNS servers automatically. Press OK twice to get out of the properties screen and reboot if it asks.

Now we have to flush the DNS cache: Go Start > Run, type cmd and click OK.
In the command screen, type in cd\ and then press Enter. Now type in ipconfig /flushdns and then Enter. [space after ipconfig]. Type Exit.

HiJackThis - get a fresh copy, remove the one you have!!
===download hijackthis: http://216.180.233.162/~merijn/files/HijackThis.exe
-install it to a new folder alongside your program files and then rename the Hijackthis.exe to imabunny.exe.
-in that folder start HijackThis by dclicking the .exe; now close ALL other applications and any open windows including the explorer window containing HijackThis.
-Select Scan Only, place checkmarks against all the entries listed below that still exist, and then Fix Checked.

R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {182B90A3-F372-438A-800C-6814B4DE417B} - C:\WINDOWS\system32\opnonkj.dll (file missing)
O2 - BHO: (no name) - {1AEB2E21-6D7F-48F8-B6E9-828A78D12889} - C:\WINDOWS\system\ilbent.dll (file missing)
O2 - BHO: (no name) - {2A498F09-890C-44DA-B8E3-BD1B1A5A28F5} - C:\WINDOWS\system32\awvtt.dll (file missing)
O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\PROGRA~1\FlashGet\jccatch.dll (file missing)
O2 - BHO: (no name) - {57E218E6-5A80-4f0c-AB25-83598F25D7E9} - C:\WINDOWS\system32\uvsmgbug.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: IEHlprObj Class - {8CA5ED52-F3FB-4414-A105-2E3491156990} - C:\PROGRA~1\IWINGA~1\IWINGA~1.DLL (file missing)
O2 - BHO: Internet Security Class - {A75E294E-C047-4D29-B07E-37B792881BEF} - (no file)
O2 - BHO: (no name) - {E7B36CEB-2A03-4A20-B99A-68E9E0CF4BC5} - C:\WINDOWS\system32\gebcy.dll (file missing)
O2 - BHO: (no name) - {FDE5F6A2-F64B-4956-92C4-91256F3965A0} - C:\WINDOWS\system32\dfrgsnbp.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{4A425570-C639-4A19-B1F0-33E12189899D}: NameServer = 85.255.115.155,85.255.112.77
O17 - HKLM\System\CCS\Services\Tcpip\..\{57A31405-4E4A-41B6-B020-7E178A9A83BF}: NameServer = 85.255.115.155,85.255.112.77
O17 - HKLM\System\CCS\Services\Tcpip\..\{63C51876-8072-45DB-A697-0F6D9275013A}: NameServer = 85.255.115.155,85.255.112.77
O17 - HKLM\System\CCS\Services\Tcpip\..\{AEF35FFB-7FCD-40C3-ACD7-96194F3AF479}: NameServer = 85.255.115.155,85.255.112.77
O17 - HKLM\System\CCS\Services\Tcpip\..\{C4E21EF9-28BF-4C01-8DC0-98557C1698BF}: NameServer = 85.255.115.155,85.255.112.77
O17 - HKLM\System\CCS\Services\Tcpip\..\{DFC3F59C-CD1E-4A89-90A4-87A60219A88F}: NameServer = 85.255.115.155,85.255.112.77
O17 - HKLM\System\CCS\Services\Tcpip\..\{E5E2F48C-43AA-4788-BB06-969FAA3BF304}: NameServer = 85.255.115.155,85.255.112.77
O17 - HKLM\System\CCS\Services\Tcpip\..\{E6361592-35CC-4F87-B0D5-1C2BF5CBA273}: NameServer = 85.255.115.155,85.255.112.77
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.115.155 85.255.112.77
O20 - Winlogon Notify: awvtt - C:\WINDOWS\system32\awvtt.dll (file missing)
O20 - Winlogon Notify: gebcy - C:\WINDOWS\system32\gebcy.dll (file missing)
O20 - Winlogon Notify: ilbent - C:\WINDOWS\system\ilbent.dll (file missing)
O20 - Winlogon Notify: IPConfTSP - C:\WINDOWS\system32\enj8l11u1.dll (file missing)
O20 - Winlogon Notify: opnonkj - opnonkj.dll (file missing)
O20 - Winlogon Notify: urqronm - urqronm.dll (file missing)
O20 - Winlogon Notify: winpsa32 - winpsa32.dll (file missing)
O20 - Winlogon Notify: xxyyyay - xxyyyay.dll (file missing)
O21 - SSODL: flammei - {9d635a36-6b3c-4146-8625-f3aaf507bbf8} - (no file)

This may not be a complete list, but it will do for now. BE CAREFUL with checking the O17 entries -one in the middle of the HT list is valid [it has the shortest Nameserver number.. ]
When you have done that do another HT scan, save a logfile and post it along with the fixwareoutlog.
Phew!

i cant get it to stop posting like that!
everytime i try to post my new logs it wraps them again??!!

Thanks for your help, ill attempt to post these again!!


HIJACKTHIS

Logfile of HijackThis v1.99.1
Scan saved at 10:15:27, on 25/04/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfsem.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Common Files\AOL\1149184109\ee\aolsoftware.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\LEXMAR~1\ACMonitor_X84-X85.exe
c:\program files\common files\aol\1149184109\ee\services\antiSpywareApp\ver2_0_12\AOLSP Scheduler.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.0.419.0\QOELoader.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\Program Files\Belkin\Bluetooth Software\BTTray.exe
C:\PROGRA~1\Belkin\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe
C:\Program Files\AOL 9.0a\waol.exe
C:\Program Files\AOL 9.0a\shellmon.exe
C:\Program Files\Common Files\AOL\aoltpspd.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\New Folder\imabunny.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?Link...www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?Link...www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,First Home Page = C:\Program Files\AOL Toolbar\welcome.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-gb\msntb.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-gb\msntb.dll
O4 - HKLM\..\Run: [AOLDialer] "C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] "rundll32.exe" bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [HostManager] "C:\Program Files\Common Files\AOL\1149184109\ee\AOLSoftware.exe"
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [Lexmark X84-X85 Button Monitor] C:\PROGRA~1\LEXMAR~1\ACMonitor_X84-X85.exe
O4 - HKLM\..\Run: [Lexmark X84-X85 Button Manager] C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X84-X85.exe
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"
O4 - HKLM\..\Run: [QOELOADER] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.0.419.0\QOELoader.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe"
O4 - HKLM\..\Run: [cafwc] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe -cl
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [LDM] "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe"
O4 - HKCU\..\Run: [IpWins] C:\Program Files\Ipwindows\ipwins.exe
O4 - HKCU\..\Run: [SetupVentureAfrica.exe] C:\DOCUME~1\Kristy\Desktop\SETUPV~1.EXE /r
O4 - Startup: .protected
O4 - Global Startup: .protected
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: Download All by FlashGet - C:\PROGRA~1\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\PROGRA~1\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Kristy\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/acti..._v1-0-3-30.cab
O16 - DPF: {6C6FE41A-0DA6-42A1-9AD8-792026B2B2A7} (FreeCell Control) - http://www.worldwinner.com/games/v40...l/freecell.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {8B6193F1-837F-11D4-89E6-0050DA666184} (Sol2axctl Class) - http://download.solitaire.com/download/solitaire.cab
O16 - DPF: {AED98630-0251-4E83-917D-43A23D66D507} (Download Helper Class) - http://activex.microgaming.com/dlhel...7/dlhelper.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.av.aolsvc.co.uk/molb...21/mcgdmgr.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {FFC0A381-8145-4CFD-A768-A2259776C179} (PTV xVectorMap Plugin 3.1) - http://xvectormap.ptv.de/xvectormap/PTVxVectorMap31.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{8222FEB4-9902-46A3-B0B2-524ABF83FEFB}: NameServer = 205.188.146.145
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\system32\btxppanel.dll
O20 - Winlogon Notify: PFW - C:\WINDOWS\SYSTEM32\UmxWnp.Dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation - C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
O23 - Service: CA Personal Firewall ASEM - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: HIPS Event Manager (UmxAgent) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
O23 - Service: HIPS Configuration Interpreter (UmxCfg) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
O23 - Service: HIPS Firewall Helper (UmxFwHlp) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
O23 - Service: HIPS Policy Manager (UmxPol) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe


FIXWAREOUT


Fixwareout Last edited 4/5/2007
Post this report in the forums please
...
»»»»»Prerun check
HKLM\SOFTWARE\~\Winlogon\ "System"="kdbny.exe"

»»»»» System restarted

»»»»» Postrun check
HKLM\SOFTWARE\~\Winlogon\ "system"=""
....
....
»»»»» Misc files.
C:\Casino Deleted
....
»»»»» Checking for older varients.
....

Search five digit cs, dm, kd, jb, other, files.
The following files NEED TO BE SUBMITTED to one of the following URL'S for further inspection.



Click browse, find the file then click submit.
http://www.virustotal.com/flash/index_en.html
Or http://virusscan.jotti.org/

»»»»» Other



»»»»» Current runs
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AOLDialer"="\"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe\""
"LVCOMSX"="C:\\WINDOWS\\system32\\LVCOMSX.EXE"
"BluetoothAuthenticationAgent"="\"rundll32.exe\" bthprops.cpl,,BluetoothAuthenticationAgent"
"HostManager"="\"C:\\Program Files\\Common Files\\AOL\\1149184109\\ee\\AOLSoftware.exe\""
"NvCplDaemon"="\"RUNDLL32.EXE\" C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"MCUpdateExe"="C:\\PROGRA~1\\mcafee.com\\agent\\mcupdate.exe"
"Lexmark X84-X85 Button Monitor"="C:\\PROGRA~1\\LEXMAR~1\\ACMonitor_X84-X85.exe"
"Lexmark X84-X85 Button Manager"="C:\\PROGRA~1\\LEXMAR~1\\AcBtnMgr_X84-X85.exe"
"PrinTray"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\printray.exe"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"KernelFaultCheck"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,\
65,6d,33,32,5c,64,75,6d,70,72,65,70,20,30,20,2d,6b,00
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0_01\\bin\\jusched.exe\""
"pmbvkxh"="c:\\windows\\system32\\pmbvkxh.exe pmbvkxh"
"cctray"="\"C:\\Program Files\\CA\\CA Internet Security Suite\\cctray\\cctray.exe\""
"QOELOADER"="\"C:\\Program Files\\CA\\CA Internet Security Suite\\CA Anti-Spam\\QSP-5.0.419.0\\QOELoader.exe\""
"CAVRID"="\"C:\\Program Files\\CA\\CA Internet Security Suite\\CA Anti-Virus\\CAVRID.exe\""
"cafwc"="C:\\Program Files\\CA\\CA Internet Security Suite\\CA Personal Firewall\\cafw.exe -cl"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"msnmsgr"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"
"LDM"="\"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\BackWeb-8876480.exe\""
"IpWins"="C:\\Program Files\\Ipwindows\\ipwins.exe"
"SetupVentureAfrica.exe"="C:\\DOCUME~1\\Kristy\\Desktop\\SETUPV~1.EXE /r"
....
Hosts file was reset, If you use a custom hosts file please replace it
C:\WINDOWS\repair\autoexec.nt missing
C:\WINDOWS\repair\Config.nt missing
»»»»» End report »»»»»


thanks

Kristy, when this cleanup is over you should do a backup of your system state cos a couple of files are missing [google for how...], note that this is not the same as a system restore!!
More work: go to add/remove pgms and remove this pgm, then into C:\program files and delete its folder:

IpWins

Good, now please fix these with hijackthis in normal mode:

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [LDM] "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe"
O4 - HKCU\..\Run: [IpWins] C:\Program Files\Ipwindows\ipwins.exe
O4 - HKCU\..\Run: [SetupVentureAfrica.exe] C:\DOCUME~1\Kristy\Desktop\SETUPV~1.EXE /r
O4 - Startup: .protected
O4 - Global Startup: .protected
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O16 - DPF: {FFC0A381-8145-4CFD-A768-A2259776C179} (PTV xVectorMap Plugin 3.1) - http://xvectormap.ptv.de/xvectormap/PTVxVectorMap31.cab

Now please do these runs in this order:
Combofix
===Download this file: http://www.techsupportforum.com/sect...s/ComboFix.exe
...or from here: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
-- to run it dclick combofix.exe and follow the prompts to start it. When finished, it will produce a log - post that log in your next reply.
A word of caution - do not touch your mouse/keyboard until the scan has completed. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop.
CCleaner
===Get CCleaner from http://www.ccleaner.com/ - and put it in a new folder. You should aim to keep this one for general use. I set it from the install checkboxes to only open from the recycle bin. It's neater that way.
Now run Ccleaner from the recycle bin rclick menu using its default settings [if you set up CCleaner as i suggested, rclicking the bin icon should give you the Open CCleaner option...]. Select the Cleaner icon and the Windows tab; press Run Cleaner. Next select the Applications tab and Run Cleaner again.
[For future quick temp file cleaning select the options you wish to use. Note that CCleaner is also a free registry cleaner. Explore all its options, but skip the prefetch folder cleaning option. That one is a furphy, much loved on some websites, but cleaning it is unnecessary because windows automatically dumps old unused entries anyway, they can do no harm, and further, if there is no prefetch entry for an app you wish to load then your sys will just be a lil bit slower loading it. And an entry will then be generated anyway.]
AVG - AS
===GET AVG antispyware 7.5 here.. http://free.grisoft.com/doc/5390/lng/us/tpl/v5 -the link is almost at the bottom of the page , avgas 7.5.0.50. Install it and UPDATE it.
Start AVG a-s 7.5; under Scanner/ Settings set Recommended actions to Quarantine, and run the scan. Save the log file and only then click Apply all actions. Post the log file.

There you go - a few logs to post [ include another HT log run at the conclusion of the AVG run.

[[a reminder to me - pmbvkxh]] -ignore this.

thanks againi have tried to do the first step of backup but it is not on my pc and i do not have a win xp disk either?? what can i do about this?
ITS OK ,I FOUND A WAY TO DOWNLOAD IT!!!

Good-oh. Kristy, but do that system state backup only after you are clean! [otherwise your reg backup may contain some dud entries..]
Do those cleanup steps first, in the order I wrote them.
Actually, you can just get those 2 files from your install cd. This is from M$:

1. Insert the CD into the CD drive or DVD drive.
2. Click Start, and then click Run.
3. In the Open box, type cmd, and then click OK.
4. At the command prompt, type the following commands, pressing ENTER after each command:


expand CD-ROM Drive Letter:\i386\config.nt_ c:\windows\system32\config.nt
expand CD-ROM Drive Letter:\i386\autoexec.nt_ c:\windows\system32\autoexec.nt

Simple! The full article is here:
http://support.microsoft.com/kb/324767

HIfirstly i could not find this IPwins anywhere??!!COMBOFIX"Kristy" - 07-04-25 18:01:46 Service Pack 2 ComboFix 07-04-25.4V - Running from: "C:\Program Files\AOL 9.0a\download\"(((((((((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))C:\WINDOWS\system32\ckvsdvkq.dllC:\WINDOWS\system32\uvsmgbug.dll* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))C:\WINDOWS\keyboard111.datC:\WINDOWS\keyboard121.datC:\WINDOWS\system32\ebgqppspe\winlogon.exeC:\WINDOWS\system32\ebgqppspe\winlogon.iniC:\WINDOWS\system32\packet.dllC:\WINDOWS\system32\pthreadVC.dllC:\WINDOWS\system32\wanpacket.dllC:\WINDOWS\system32\wpcap.dllC:\Program Files\winupdates\a.zipC:\WINDOWS\system32\components\flx0.dllC:\WINDOWS\system32\components\flx1.dllC:\WINDOWS\system32\components\flx10.dllC:\WINDOWS\system32\components\flx11.dllC:\WINDOWS\system32\components\flx12.dllC:\WINDOWS\system32\components\flx13.dllC:\WINDOWS\system32\components\flx14.dllC:\WINDOWS\system32\components\flx15.dllC:\WINDOWS\system32\components\flx16.dllC:\WINDOWS\system32\components\flx17.dllC:\WINDOWS\system32\components\flx18.dllC:\WINDOWS\system32\components\flx19.dllC:\WINDOWS\system32\components\flx2.dllC:\WINDOWS\system32\components\flx20.dllC:\WINDOWS\system32\components\flx21.dllC:\WINDOWS\system32\components\flx22.dllC:\WINDOWS\system32\components\flx23.dllC:\WINDOWS\system32\components\flx24.dllC:\WINDOWS\system32\components\flx25.dllC:\WINDOWS\system32\components\flx26.dllC:\WINDOWS\system32\components\flx27.dllC:\WINDOWS\system32\components\flx28.dllC:\WINDOWS\system32\components\flx29.dllC:\WINDOWS\system32\components\flx3.dllC:\WINDOWS\system32\components\flx30.dllC:\WINDOWS\system32\components\flx31.dllC:\WINDOWS\system32\components\flx32.dllC:\WINDOWS\system32\components\flx33.dllC:\WINDOWS\system32\components\flx34.dllC:\WINDOWS\system32\components\flx35.dllC:\WINDOWS\system32\components\flx36.dllC:\WINDOWS\system32\components\flx4.dllC:\WINDOWS\system32\components\flx5.dllC:\WINDOWS\system32\components\flx6.dllC:\WINDOWS\system32\components\flx7.dllC:\WINDOWS\system32\components\flx8.dllC:\WINDOWS\system32\components\flx9.dllC:\Program Files\Common Files\{54F00~1\system.dllC:\WINDOWS\system32\nvs2.infC:\install.logC:\WINDOWS\system32\drivers\npf.sysC:\Program Files\winupdatesC:\WINDOWS\system32\componentsC:\Program Files\Common Files\{34F00~1C:\Program Files\Common Files\{54F00~2C:\Program Files\Common Files\{54F00~1C:\WINDOWS\system32\pmbvkxh_navps.datC:\WINDOWS\system32\pmbvkxh.exeC:\WINDOWS\system32\pmbvkxh.dat~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~Folders Quarantined:C:\qoobox\purity\C\DOCUME~1C:\qoobox\purity\C\DOCUME~1\KristyC:\qoobox\purity\C\DOCUME~1\Kristy\APPLIC~1C:\qoobox\purity\C\DOCUME~1\Kristy\MYDOCU~1C:\qoobox\purity\C\DOCUME~1\Kristy\APPLIC~1\PPPATC~1C:\qoobox\purity\C\DOCUME~1\Kristy\MYDOCU~1\CROSOF~1C:\qoobox\purity\C\DOCUME~1\Kristy\MYDOCU~1\RACLE~1C:\qoobox\purity\C\DOCUME~1\Kristy\MYDOCU~1\SCURIT~1C:\qoobox\purity\C\Program Files\APPATC~1C:\qoobox\purity\C\Program Files\CURITY~1C:\qoobox\purity\C\Program Files\DOBE~1C:\qoobox\purity\C\Program Files\SCURIT~1C:\qoobox\purity\C\Program Files\WNSXS~1C:\qoobox\purity\C\Program Files\YMBOLS~1C:\qoobox\purity\C\Program Files\Common Files\DOBE~1C:\qoobox\purity\C\Program Files\Common Files\RACLE~1C:\qoobox\purity\C\Program Files\Common Files\SKS~1C:\qoobox\purity\C\WINDOWS\CROSOF~1.NETC:\qoobox\purity\C\WINDOWS\DOBE~1C:\qoobox\purity\C\WINDOWS\MANTEC~1C:\qoobox\purity\C\WINDOWS\MCROSO~1C:\qoobox\purity\C\WINDOWS\system32\DOBE~1C:\qoobox\purity\C\WINDOWS\system32\YMANTE~1((((((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))-------\nm-------\NPF-------\LEGACY_NETWORK_MONITOR-------\LEGACY_NM-------\LEGACY_NPF((((((((((((((((((((((((((((((( Files Created from 2007-03-25 to 2007-04-25 ))))))))))))))))))))))))))))))))))2007-04-25 14:42 d-------- C:\WINDOWS\system32\NtmsData2007-04-25 10:01 d-------- C:\Program Files\New Folder2007-04-24 18:46 d-------- C:\DOCUME~1\Kristy\APPLIC~1\Solitaire.Com2007-04-24 14:56 d-------- C:\Program Files\Big City Adventure - San Francisco2007-04-24 14:56 d-------- C:\Program Files\BFG2007-04-22 14:40 375,785 --a------ C:\WINDOWS\system32\ogycsrw.exe2007-04-20 14:40 373,160 --a------ C:\WINDOWS\system32\hzhkhdet.exe2007-04-15 18:19 65,536 --a------ C:\WINDOWS\IFinst27.exe2007-04-13 12:24 d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\InstallShield2007-04-13 12:19 d-------- C:\Program Files\GALA-NET2007-04-13 12:06 d-------- C:\WINDOWS\system32\FlashAX2007-04-11 18:47 d-------- C:\Program Files\Shockwave.com2007-04-09 22:46 d-------- C:\Program Files\MSXML 4.02007-04-09 22:46 d-------- C:\3b10545d3d62bb28bf60f37c2007-04-09 19:50 d-------- C:\WINDOWS\network diagnostic2007-04-09 19:10 d-------- C:\WINDOWS\CAVTemp2007-04-09 15:45 95,760 --a------ C:\WINDOWS\system32\isafeif.dll2007-04-09 15:45 75,280 --a------ C:\WINDOWS\system32\vetredir.dll2007-04-09 15:45 75,280 --a------ C:\WINDOWS\system32\isafprod.dll2007-04-09 15:45 629,216 --a------ C:\WINDOWS\system32\drivers\vetefile.sys2007-04-09 15:45 32,528 --a------ C:\WINDOWS\system32\drivers\vetmonnt.sys2007-04-09 15:45 26,640 --a------ C:\WINDOWS\system32\drivers\vet-filt.sys2007-04-09 15:45 21,648 --a------ C:\WINDOWS\system32\drivers\vetfddnt.sys2007-04-09 15:45 21,392 --a------ C:\WINDOWS\system32\drivers\vet-rec.sys2007-04-09 15:45 108,544 --a------ C:\WINDOWS\system32\drivers\veteboot.sys2007-04-09 15:44 d-------- C:\Program Files\CA2007-04-09 15:44 d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\CA2007-04-09 13:57 d-------- C:\Program Files\Smart PC Solutions2007-04-09 13:57 d-------- C:\DOCUME~1\Kristy\APPLIC~1\Smart PC Solutions2007-04-09 13:19 d-------- C:\Program Files\RegistrySmart2007-04-09 13:19 d-------- C:\DOCUME~1\Kristy\APPLIC~1\RegistrySmart2007-04-06 15:05 d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!2007-04-06 15:03 d-------- C:\Program Files\Messenger Plus! Live2007-04-06 14:37 d-------- C:\DOCUME~1\Kristy\APPLIC~1\MSNInstaller2007-04-06 13:15 241,066 --a------ C:\WINDOWS\system32\pmbvkxh_nav.dat2007-04-05 21:57 d-------- C:\DOCUME~1\Kristy\APPLIC~1\Screenshot Sender2007-04-04 18:48 77,160 --a------ C:\WINDOWS\DSETUP.dll2007-04-04 18:48 503,144 --a------ C:\WINDOWS\DXSETUP.exe2007-04-04 18:48 1,673,576 --a------ C:\WINDOWS\dsetup32.dll2007-04-03 14:27 1,246,096 ---hs---- C:\WINDOWS\system32\ttvwa.ini22007-03-31 19:47 d-------- C:\Program Files\Zylom Games2007-03-30 14:28 1,257,356 ---hs---- C:\WINDOWS\system32\ttvwa.bak22007-03-29 13:26 1,261,135 ---hs---- C:\WINDOWS\system32\ttvwa.bak12007-03-25 16:00 1,264,716 ---hs---- C:\WINDOWS\system\tnebli.ini2(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))2007-04-17 20:15 -------- d-------- C:\Program Files\morpheus2007-04-15 19:53 -------- d-------- C:\Program Files\msn games2007-04-15 18:23 -------- d-------- C:\Program Files\gpotato2007-04-15 14:22 874 --a------ C:\DOCUME~1\Kristy\APPLIC~1\adobedlm.log2007-04-15 14:22 6 --a------ C:\DOCUME~1\Kristy\APPLIC~1\dm.ini2007-04-14 16:46 -------- d--h----- C:\Program Files\installshield installation information2007-04-13 12:19 -------- d-------- C:\Program Files\Common Files\installshield2007-04-13 12:16 3583 --a--c--- C:\WINDOWS\mozver.dat2007-04-09 19:10 -------- d-------- C:\Program Files\windows nt2007-04-06 15:22 -------- d-------- C:\Program Files\Common Files\symantec shared2007-04-06 15:03 -------- d-------- C:\Program Files\msn messenger2007-03-31 19:59 -------- d-------- C:\DOCUME~1\Kristy\APPLIC~1\zylom2007-03-31 18:36 -------- d-------- C:\DOCUME~1\Kristy\APPLIC~1\mysterystudio2007-03-21 16:08 142568 --a------ C:\WINDOWS\system32linkprd.exe2007-03-20 12:13 -------- d-------- C:\DOCUME~1\Kristy\APPLIC~1\magic academy2007-03-19 13:26 -------- d-------- C:\Program Files\arthurian2007-03-19 00:43 155411 --a------ C:\WINDOWS\system32\drivers\dump_wmimmc.sys2007-03-17 14:43 292864 --a------ C:\WINDOWS\system32\winsrv.dll2007-03-16 09:30 -------- d-------- C:\Program Files\messengerskinner2007-03-16 02:54 1159320 ---hs---- C:\WINDOWS\system32\ycbeg.ini22007-03-15 17:42 1166408 ---hs---- C:\WINDOWS\system32\ycbeg.bak22007-03-15 13:12 -------- d-------- C:\Program Files\cyberlink2007-03-15 13:09 -------- d-------- C:\Program Files\epson2007-03-15 13:06 -------- d-------- C:\Program Files\logitech2007-03-15 12:55 -------- d--h----- C:\Program Files\zero g registry2007-03-14 21:27 -------- d-------- C:\DOCUME~1\Kristy\APPLIC~1\messengerskinner2007-03-14 13:49 23040 --a------ C:\symlcsv1.exe2007-03-10 19:24 -------- d-------- C:\Program Files\mythwar_en2007-03-09 23:51 -------- d-------- C:\DOCUME~1\Kristy\APPLIC~1\imvu2007-03-09 20:10 -------- d-------- C:\DOCUME~1\Kristy\APPLIC~1\utorrent2007-03-09 03:03 1189183 ---hs---- C:\WINDOWS\system32\ycbeg.bak12007-03-09 01:15 -------- d-------- C:\Program Files\iwin2007-03-08 16:36 577536 --a------ C:\WINDOWS\system32\user32.dll2007-03-08 16:36 40960 --a------ C:\WINDOWS\system32\mf3216.dll2007-03-08 16:36 281600 --a------ C:\WINDOWS\system32\gdi32.dll2007-03-08 14:47 1843584 --a------ C:\WINDOWS\system32\win32k.sys2007-03-06 01:23 -------- d-------- C:\Program Files\imvu2007-03-04 15:01 -------- d-------- C:\Program Files\webroot2007-03-04 14:28 1195546 ---hs---- C:\WINDOWS\system32\mlkkj.bak22007-03-04 14:28 1192247 ---hs---- C:\WINDOWS\system32\mlkkj.ini22007-03-03 11:04 1194788 ---hs---- C:\WINDOWS\system32\mlkkj.bak12007-02-26 11:53 164 --a------ C:\install.dat2007-02-14 02:27 28672 --a------ C:\WINDOWS\system32\f3pssavr.scr2007-02-08 00:39 6144 --ahs---- C:\Program Files\thumbs.db2007-02-05 21:17 185344 --a------ C:\WINDOWS\system32\upnphost.dll2007-02-02 18:31 311 --a------ C:\DOCUME~1\Kristy\APPLIC~1\bbbconfig.dat2007-01-24 00:50 25341718 --a------ C:\Program Files\imvu.zip(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll{9030D464-4C02-4ABF-8ECC-5164760863C6} C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-gb\msntb.dll[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]"AOLDialer"="\"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe\"""LVCOMSX"="C:\\WINDOWS\\system32\\LVCOMSX.EXE""BluetoothAuthenticationAgent"="\"rundll32.exe\" bthprops.cpl,,BluetoothAuthenticationAgent""HostManager"="\"C:\\Program Files\\Common Files\\AOL\\1149184109\\ee\\AOLSoftware.exe\"""NvCplDaemon"="\"RUNDLL32.EXE\" C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup""MCUpdateExe"="C:\\PROGRA~1\\mcafee.com\\agent\\mcupdate.exe""Lexmark X84-X85 Button Monitor"="C:\\PROGRA~1\\LEXMAR~1\\ACMonitor_X84-X85.exe""Lexmark X84-X85 Button Manager"="C:\\PROGRA~1\\LEXMAR~1\\AcBtnMgr_X84-X85.exe""PrinTray"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\printray.exe""SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0_01\\bin\\jusched.exe\"""cctray"="\"C:\\Program Files\\CA\\CA Internet Security Suite\\cctray\\cctray.exe\"""QOELOADER"="\"C:\\Program Files\\CA\\CA Internet Security Suite\\CA Anti-Spam\\QSP-5.0.419.0\\QOELoader.exe\"""CAVRID"="\"C:\\Program Files\\CA\\CA Internet Security Suite\\CA Anti-Virus\\CAVRID.exe\"""cafwc"="C:\\Program Files\\CA\\CA Internet Security Suite\\CA Personal Firewall\\cafw.exe -cl"[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe""msnmsgr"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]"Spyware Doctor"="""Nqnzqv"="C:\\DOCUME~1\\Kristy\\APPLIC~1\\PPPATC~1\\NPDB~1.EXE""DWQueuedReporting"="\"C:\\PROGRA~1\\COMMON~1\\MICROS~1\\DW\\dwtrig20.exe\" -t"[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0] Source REG_SZ http://www.kablamo.co.uk/images/wallpapers/wallpaper1.jpg[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\2] Source REG_SZ C:\Documents and Settings\Kristy\My Documents\ticker.html[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\3] Source REG_SZ C:\Documents and Settings\Kristy\My Documents\babynew.html[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\4] Source REG_SZ C:\Documents and Settings\Kristy\My Documents\baby_desktop.html[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]"{9d635a36-6b3c-4146-8625-f3aaf507bbf8}"="flammei"HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PFWHKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa Authentication Packages REG_MULTI_SZ msv1_0\0\0 Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0 Notification Packages REG_MULTI_SZ scecli\0\0[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder][HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AOL 9.0 Tray Icon.lnk]"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\AOL 9.0 Tray Icon.lnk""backup"="C:\\WINDOWS\\pss\\AOL 9.0 Tray Icon.lnkCommon Startup""location"="Common Startup""command"="C:\\PROGRA~1\\AOL9~1.0A\\aoltray.exe -check""item"="AOL 9.0 Tray Icon"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BTTray.lnk]"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\BTTray.lnk""backup"="C:\\WINDOWS\\pss\\BTTray.lnkCommon Startup""location"="Common Startup""command"="C:\\PROGRA~1\\Belkin\\BLUETO~1\\BTTray.exe ""item"="BTTray"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Microsoft Office.lnk""backup"="C:\\WINDOWS\\pss\\Microsoft Office.lnkCommon Startup""location"="Common Startup""command"="C:\\PROGRA~1\\MICROS~2\\Office10\\OSA.EXE -b -l""item"="Microsoft Office"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run""item"="TTRIB~1""hkey"="HKCU""command"="C:\\DOCUME~1\\Kristy\\MYDOCU~1\\SCURIT~1\\TTRIB~1.EXE""inimapping"="0"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\%FP%Friendly fts.exe]"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run""item"="fts""hkey"="HKLM""command"="\"C:\\Program Files\\VoyagerTest\\fts.exe\"""inimapping"="0"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ALServ]"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run""item"="ALServ""hkey"="HKLM""command"="\"C:\\Program Files\\Altec Lansing\\AMS\\ALServ.exe\"""inimapping"="0"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer]"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run""item"="AOLDial""hkey"="HKLM""command"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe""inimapping"="0"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BigDogPath]"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run""item"="VM_STI""hkey"="HKLM""command"="C:\\WINDOWS\\VM_STI.EXE Cammaestro 4.2GU build 1105""inimapping"="0"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run""item"="rundll32""hkey"="HKLM""command"="rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent""inimapping"="0"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CARPService]"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run""item"="carpserv""hkey"="HKLM""command"="carpserv.exe""inimapping"="0"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run""item"="ctfmon""hkey"="HKCU""command"="C:\\WINDOWS\\system32\\ctfmon.exe""inimapping"="0"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DSLAGENTEXE]"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run""item"="dslagent""hkey"="HKLM""command"="C:\\Program Files\\BT Voyager 105 ADSL Modem\\dslagent.exe""inimapping"="0"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DSLSTATEXE]"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run""item"="dslstat""hkey"="HKLM""command"="C:\\Program Files\\BT Voyager 105 ADSL Modem\\dslstat.exe icon""inimapping"="0"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gqxowron]"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run""item"="TTRIB~1""hkey"="HKCU""command"="C:\\DOCUME~1\\Kristy\\MYDOCU~1\\SCURIT~1\\TTRIB~1.EXE""inimapping"="0"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run""item"="AOLHostManager""hkey"="HKLM""command"="C:\\Program Files\\Common Files\\AOL\\1149184109\\ee\\AOLHostManager.exe""inimapping"="0"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark X84-X85 Button Manager]"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run""item"="AcBtnMgr_X84-X85""hkey"="HKLM""command"="C:\\PROGRA~1\\LEXMAR~1\\AcBtnMgr_X84-X85.exe""inimapping"="0"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark X84-X85 Button Monitor]"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run""item"="ACMonitor_X84-X85""hkey"="HKLM""command"="C:\\PROGRA~1\\LEXMAR~1\\ACMonitor_X84-X85.exe""inimapping"="0"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load]"key"="SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Windows""item"="????""hkey"="HKCU""command"="????""inimapping"="1"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCAgentExe]"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run""item"="McAgent""hkey"="HKLM""command"="c:\\PROGRA~1\\mcafee.com\\agent\\McAgent.exe""inimapping"="0"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCUpdateExe]"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run""item"="McUpdate""hkey"="HKLM""command"="C:\\PROGRA~1\\mcafee.com\\agent\\McUpdate.exe""inimapping"="0"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MessengerPlus3]"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run""item"="MsgPlus""hkey"="HKLM""command"="\"C:\\Program Files\\MessengerPlus! 3\\MsgPlus.exe\"""inimapping"="0"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MimBoot]"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run""item"="mimboot""hkey"="HKLM""command"="C:\\PROGRA~1\\MUSICM~1\\MUSICM~1\\mimboot.exe""inimapping"="0"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mousepad]"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run""item"="mousepad12""hkey"="HKLM""command"="C:\\windows\\mousepad12.exe""inimapping"="0"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run""item"="msnmsgr""hkey"="HKCU""command"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background""inimapping"="0"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run""item"="NeroCheck""hkey"="HKLM""command"="C:\\WINDOWS\\system32\\NeroCheck.exe""inimapping"="0"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run""item"="NvCpl""hkey"="HKLM""command"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup""inimapping"="0"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run""item"="RunDLL32""hkey"="HKLM""command"="RunDLL32.exe NvMCTray.dll,NvTaskbarInit""inimapping"="0"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run""item"="nwiz""hkey"="HKLM""command"="nwiz.exe /install""inimapping"="0"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpiStat]"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run""item"="OpiStat""hkey"="HKLM""command"="C:\\Program Files\\OpiStat\\OpiStat\\OpiStat.exe""inimapping"="0"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PrinTray]"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run""item"="printray""hkey"="HKLM""command"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\printray.exe""inimapping"="0"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run""item"="qttask""hkey"="HKLM""command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime""inimapping"="0"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run""item"="PDVDServ""hkey"="HKLM""command"="\"C:\\Program Files\\CyberLink\\PowerDVD\\PDVDServ.exe\"""inimapping"="0"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Run]"key"="SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Windows""item"="????""hkey"="HKCU""command"="????""inimapping"="1"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run""item"="Skype""hkey"="HKCU""command"="\"C:\\Program Files\\Skype\\Phone\\Skype.exe\" /nosplash /minimized""inimapping"="0"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run""item"="SOUNDMAN""hkey"="HKLM""command"="SOUNDMAN.EXE""inimapping"="0"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run""item"="jusched""hkey"="HKLM""command"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe""inimapping"="0"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SweetIM]"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run""item"="SweetIM""hkey"="HKLM""command"="C:\\Program Files\\Macrogaming\\SweetIM\\SweetIM.exe""inimapping"="0"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\type32]"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run""item"="type32""hkey"="HKLM""command"="\"C:\\Program Files\\Microsoft IntelliType Pro\\type32.exe\"""inimapping"="0"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirusScan Online]"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run""item"="mcvsshld""hkey"="HKLM""command"="\"c:\\PROGRA~1\\mcafee.com\\vso\\mcvsshld.exe\"""inimapping"="0"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VSOCheckTask]"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run""item"="mcmnhdlr""hkey"="HKLM""command"="\"c:\\PROGRA~1\\mcafee.com\\vso\\mcmnhdlr.exe\" /checktask""inimapping"="0"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\w03a1090.dll]"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run""item"="RUNDLL32""hkey"="HKLM""command"="RUNDLL32.EXE w03a1090.dll,I2 00085ca3003a1090""inimapping"="0" [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]HTTPFilter REG_MULTI_SZ HTTPFilter\0\0LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0NetworkService REG_MULTI_SZ DnsCache\0\0DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0rpcss REG_MULTI_SZ RpcSs\0\0imgsvc REG_MULTI_SZ StiSvc\0\0termsvcs REG_MULTI_SZ TermService\0\0bthsvcs REG_MULTI_SZ BthServ\0\0WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0Contents of the 'Scheduled Tasks' folderC:\WINDOWS\tasks\A68FA4CC91845D2C.jobC:\WINDOWS\tasks\AppleSoftwareUpdate.jobC:\WINDOWS\tasks\CAAntiSpywareScan_Daily as Kristy at 15 45.jobC:\WINDOWS\tasks\McAfee.com Update Check (COMPUTER-Ed).jobC:\WINDOWS\tasks\McAfee.com Update Check (COMPUTER-Kristy).jobC:\WINDOWS\tasks\RegistrySmart Scheduled Scan.job********************************************************************catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.netRootkit scan 2007-04-25 18:50:02Windows 5.1.2600 Service Pack 2 NTFSscanning hidden processes ...scanning hidden services ...scanning hidden autostart entries ...scanning hidden files ...scan completed successfullyhidden processes: 0hidden services: 0hidden files: 0********************************************************************Completion time: 07-04-25 18:53:31 - machine was rebootedC:\ComboFix-quarantined-files.txt ... 07-04-25 18:53AVG---------------------------------------------------------AVG Anti-Spyware - Scan Report--------------------------------------------------------- + Created at: 21:08:34 25/04/2007 + Scan result: C:\System Volume Information\_restore{D3D65D20-DEA0-4DB4-A0CF-7AF9EE08C2D2}\RP26\A0016619.exe -> Adware.Trymedia : No action taken.C:\Program Files\New Folder\backups\backup-20070425-100635-952.dll -> Downloader.Small.cgu : No action taken.C:\System Volume Information\_restore{D3D65D20-DEA0-4DB4-A0CF-7AF9EE08C2D2}\RP26\A0016657.dll -> Downloader.Small.cgu : No action taken.C:\Documents and Settings\Kristy\My Documents\Morpheus Shared\Downloads\Virtual_Villagers_A_New_Home_v1.00_Cracked-TNT.zip/Virtual_Villagers_A_New_Home_v1.00_Cracked-TNT/tntvva15/CRACK/VirtualVillagers.exe -> Dropper.Delf.xo : No action taken.C:\Documents and Settings\Kristy\My Documents\Morpheus Shared\Downloads\Virtual_Villagers_A_New_Home_v1.00_Cracked-TNT.zip/Virtual_Villagers_A_New_Home_v1.00_Cracked-TNT/tntvva15/SETUP/SETUP.EXE -> Dropper.Delf.xo : No action taken.C:\Documents and Settings\Kristy\My Documents\Morpheus Shared\Downloads\(full version) virtual villagers 53.zip/install.exe -> Hijacker.Agent.hi : No action taken.C:\Documents and Settings\Kristy\My Documents\Morpheus Shared\Downloads\Gilbert Goodmate and the Mushroom of Phungoria.exe -> Hijacker.Delf.dm : No action taken.C:\Documents and Settings\Kristy\My Documents\Morpheus Shared\Downloads\family feud online party crack.exe -> Hijacker.Delf.dm : No action taken.C:\Documents and Settings\Ed\Cookies\ed@aoluk.122.2o7[1].txt -> TrackingCookie.2o7 : No action taken.C:\Documents and Settings\Ed\Cookies\ed@digitalclarity.112.2o7[1].txt -> TrackingCookie.2o7 : No action taken.C:\Documents and Settings\Ed\Cookies\ed@adbrite[1].txt -> TrackingCookie.Adbrite : No action taken.:mozilla.28:C:\Documents and Settings\Ed\Application Data\Mozilla\Firefox\Profiles\2af060m2.default\cookies.txt -> TrackingCookie.Atdmt : No action taken.C:\Documents and Settings\Ed\Cookies\ed@atdmt[2].txt -> TrackingCookie.Atdmt : No action taken.C:\Documents and Settings\Ed\Cookies\ed@bfast[2].txt -> TrackingCookie.Bfast : No action taken.C:\Documents and Settings\Ed\Cookies\ed@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : No action taken.C:\Documents and Settings\Ed\Cookies\ed@doubleclick[2].txt -> TrackingCookie.Doubleclick : No action taken.C:\Documents and Settings\Ed\Cookies\ed@overture[2].txt -> TrackingCookie.Overture : No action taken.C:\Documents and Settings\Ed\Cookies\ed@stats1.reliablestats[1].txt -> TrackingCookie.Reliablestats : No action taken.C:\Documents and Settings\Ed\Cookies\ed@stats1.reliablestats[2].txt -> TrackingCookie.Reliablestats : No action taken.C:\Documents and Settings\Ed\Cookies\ed@login.tracking101[1].txt -> TrackingCookie.Tracking101 : No action taken.::Report endHIJACKTHISLogfile of HijackThis v1.99.1Scan saved at 21:36:24, on 25/04/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exeC:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exeC:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exeC:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exeC:\Program Files\Common Files\AOL\ACS\AOLAcsd.exeC:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exeC:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exeC:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exeC:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\Program Files\Norton AntiVirus\navapsvc.exeC:\WINDOWS\system32\nvsvc32.exeC:\Program Files\Spyware Doctor\sdhelp.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\wuauclt.exeC:\WINDOWS\system32\LVCOMSX.EXEC:\WINDOWS\system32\rundll32.exeC:\Program Files\Common Files\AOL\1149184109\ee\AOLSoftware.exeC:\PROGRA~1\LEXMAR~1\ACMonitor_X84-X85.exeC:\Program Files\Java\jre1.6.0_01\bin\jusched.exeC:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exeC:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.0.419.0\QOELoader.exeC:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exeC:\WINDOWS\system32\ctfmon.exec:\program files\common files\aol\1149184109\ee\services\antiSpywareApp\ver2_0_12\AOLSP Scheduler.exeC:\Program Files\MSN Messenger\msnmsgr.exeC:\Program Files\Belkin\Bluetooth Software\BTTray.exeC:\PROGRA~1\Belkin\BLUETO~1\BTSTAC~1.EXEC:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exeC:\Program Files\MSN Messenger\usnsvc.exeC:\WINDOWS\system32\NOTEPAD.EXEC:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exeC:\Program Files\AOL 9.0a\waol.exeC:\Program Files\AOL 9.0a\shellmon.exeC:\Program Files\Common Files\AOL\aoltpspd.exeC:\WINDOWS\system32\NOTEPAD.EXEC:\Program Files\New Folder\imabunny.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=56626&homepage=http://www.yahoo.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.comR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.htmlR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.comR1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.comR1 - HKLM\Software\Microsoft\Internet Explorer\Main,First Home Page = C:\Program Files\AOL Toolbar\welcome.htmlR0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dllO2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllO2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-gb\msntb.dllO3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dllO3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-gb\msntb.dllO4 - HKLM\..\Run: [AOLDialer] "C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXEO4 - HKLM\..\Run: [BluetoothAuthenticationAgent] "rundll32.exe" bthprops.cpl,,BluetoothAuthenticationAgentO4 - HKLM\..\Run: [HostManager] "C:\Program Files\Common Files\AOL\1149184109\ee\AOLSoftware.exe"O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exeO4 - HKLM\..\Run: [Lexmark X84-X85 Button Monitor] C:\PROGRA~1\LEXMAR~1\ACMonitor_X84-X85.exeO4 - HKLM\..\Run: [Lexmark X84-X85 Button Manager] C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X84-X85.exeO4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exeO4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"O4 - HKLM\..\Run: [QOELOADER] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.0.419.0\QOELoader.exe"O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe"O4 - HKLM\..\Run: [cafwc] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe -clO4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimizedO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /backgroundO4 - Startup: .protectedO4 - Global Startup: .protectedO4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exeO4 - Global Startup: BTTray.lnk = ?O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTMLO8 - Extra context menu item: Download All by FlashGet - C:\PROGRA~1\FlashGet\jc_all.htmO8 - Extra context menu item: Download using FlashGet - C:\PROGRA~1\FlashGet\jc_link.htmO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie_ctx.htmO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dllO9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dllO9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dllO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLLO9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exeO9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exeO9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htmO9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htmO9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dllO9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Kristy\Start Menu\Programs\IMVU\Run IMVU.lnkO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cabO16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dllO16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cabO16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-30.cabO16 - DPF: {6C6FE41A-0DA6-42A1-9AD8-792026B2B2A7} (FreeCell Control) - http://www.worldwinner.com/games/v40/freecell/freecell.cabO16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cabO16 - DPF: {8B6193F1-837F-11D4-89E6-0050DA666184} (Sol2axctl Class) - http://download.solitaire.com/download/solitaire.cabO16 - DPF: {AED98630-0251-4E83-917D-43A23D66D507} (Download Helper Class) - http://activex.microgaming.com/dlhelper/version7/dlhelper.cabO16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.av.aolsvc.co.uk/molbin/shared/mcgdmgr/en-us/1,0,0,21/mcgdmgr.cabO16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cabO17 - HKLM\System\CCS\Services\Tcpip\..\{8222FEB4-9902-46A3-B0B2-524ABF83FEFB}: NameServer = 205.188.146.145O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLLO18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLLO18 - Protocol: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\system32\btxppanel.dllO20 - Winlogon Notify: PFW - C:\WINDOWS\SYSTEM32\UmxWnp.DllO20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dllO21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dllO23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exeO23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exeO23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation - C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exeO23 - Service: CA Personal Firewall ASEM - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exeO23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exeO23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exeO23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exeO23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exeO23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exeO23 - Service: HIPS Event Manager (UmxAgent) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exeO23 - Service: HIPS Configuration Interpreter (UmxCfg) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exeO23 - Service: HIPS Firewall Helper (UmxFwHlp) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exeO23 - Service: HIPS Policy Manager (UmxPol) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exeO23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exeI wasnt too clear on the last bit about an install CD?? and im afraid i couldnt do the backup

oh im really sorry i dont know why it posts like that!!