Hi all
I have a PC running Windows XP. Had no trouble until recently. It all started when my PC would restart itself just as windows ran. When windows finally started up, this screen appeared:
http://img291.imageshack.us/img291/5743/sdgsdgdfghk9.png
I ran AVG and downloaded Spybot S&G. This screen appeared during search :
http://img291.imageshack.us/img291/4503/dfgdfgdfgrb6.png
http://img502.imageshack.us/img502/1318/werwergy6.png

Im a complete beginner when it comes to this sort of stuff, so any help would be much appreciated.
Thanks
Kelly.

Sorry, i forgot to mention.
I cannot start Firefox, an error message appears... AVG also has the same probelm now.

Hello.

Can you produce a HJT log as shown in the topic here: "BEFORE you POST" Mandatory Steps Before Requesting Assistance (http://forums.spybot.info/showthread.php?t=288)

Post the requested information into this topic, and a helper will advise you as soon as available.

Regards.

i ran eTrust and Panda online and they both came up clear, but somethings definately not right.

I ran HiJackthis, and this is the log report:

Logfile of HijackThis v1.99.1
Scan saved at 21:08:38, on 07/03/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\CyberLink\PowerCinema\PCMService.exe
C:\WINDOWS\CTHELPER.EXE
C:\Program Files\Creative\SBAudigy4\DVDAudio\CTDVDDET.EXE
C:\Program Files\Creative\SBAudigy4\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\PRISMSVR.EXE
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIABE.EXE
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\BT Voyager Wireless Adapter\PRISMCFG.EXE
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\System32\logon.scr
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.meshcomputers.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\CyberLink\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [{1290A33C-85F5-4164-A1BE-7DD299D4986A}] "C:\Program Files\CyberLink\PowerBackup\PBKScheduler.exe"
O4 - HKLM\..\Run: [Ptipbmf] rundll32.exe ptipbmf.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\SBAudigy4\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy4\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [PRISMSVR.EXE] "C:\WINDOWS\system32\PRISMSVR.EXE" /APPLY
O4 - HKLM\..\Run: [V0220Mon.exe] C:\WINDOWS\V0220Mon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Openwares LiveUpdate] C:\Program Files\LiveUpdate\LiveUpdate.exe
O4 - HKLM\..\Run: [EPSON Stylus D88 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIABE.EXE /P23 "EPSON Stylus D88 Series" /O6 "USB001" /M "Stylus D88"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: BT Voyager Wireless Utility.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZJfox000
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.meshcomputers.com
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe



Thanks in advance for any help :)

Hi Kellyisonfire and welcome to the Forums :)

Hupigon is a backdoor which may steal information. If this system is used for online banking or has credit card information on it, all passwords should be changed immediately by using a different computer (not the infected one!) to make the changes. Banking and credit card institutions, if any, should be notified of the possible security breech. I suggest that you read this (http://www.dslreports.com/faq/10451) article too.

We'll begin the cleaning.

You should print these instructions or save these to a text file. Follow these instructions carefully.

Run HijackThis, click Do a system scan only, and check the box next to each of these entries if still present. Close all other windows and press Fix checked. If something isn't there, please continue with the next entry in the list.

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbar...tml?p=ZJfox000


Download Dr.Web CureIt to the desktop -> ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe

Restart your computer to the safe mode:
Restart your computer
Start tapping the F8 key when the computer restarts.
When the start menu opens, choose Safe mode
Press Enter. The computer then begins to start in Safe mode.
Run a scan with Dr.Web CureIt Doubleclick the drweb-cureit.exe file and Allow to run the express scan
This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
Once the short scan has finished, you should now mark the drives that you want to scan.
Select all drives. A red dot shows which drives have been chosen.
Click the green arrow at the right, and the scan will start.
Click 'Yes to all' if it asks if you want to cure/move the file.

When the scan has finished, look if you can click next icon next to the files found http://users.telenet.be/bluepatchy/miekiemoes/images/check.gif
If so, click it and then click the next icon right below and select Move incurable
After the scan, in the menu, click file and choose save report list
Save the report to your desktop. The report will be called DrWeb.csv
Close Dr.Web Cureit.
Reboot the computer in Normal Mode,
Post the Cure-it report and a fresh HijackThis log

Mr_JAk3, thank you for replying.

I followed your instructions, however when i started my computer in safe mode and began to run the virus scanner, it got to about a third (maybe less) of the way through of the full scan of my C drive and my computer restarted itself. I tried several times and still the same thing happened.. Is there another way?
Thank you
Kelly

Hi and sorry for the delay, I had a busy day.

Ok that is interesting...

Please run a GMER Rootkit scan:

Download GMER's application from here:
http://www.gmer.net/gmer.zip

Unzip it and start the GMER.exe
Click the Rootkit tab and click the Scan button.

Once done, click the Copy button.
This will copy the results to your clipboard.
Paste the results in your next reply.

Warning ! Please, do not select the "Show all" checkbox during the scan.

:bigthumb:

Hey Mr Jake.
Thanks for your reply.
Here's the report you requested
cheers
kelly
ps its too long to fit in one post so ill split it



GMER 1.0.12.12086 - http://www.gmer.net
Rootkit scan 2007-03-14 21:51:22
Windows 5.1.2600 Service Pack 2


---- User code sections - GMER 1.0.12 ----

.text C:\Program Files\MSN Messenger\msnmsgr.exe[2348] kernel32.dll!SetUnhandledExceptionFilter 7C84479D 5 Bytes JMP 004DE392 C:\Program Files\MSN Messenger\MsnMsgr.Exe
.text C:\Program Files\Internet Explorer\iexplore.exe[3936] USER32.dll!DialogBoxParamW 77D5662C 5 Bytes JMP 7E1FF205 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3936] USER32.dll!DialogBoxIndirectParamW 77D62043 5 Bytes JMP 7E38FEBF C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3936] USER32.dll!MessageBoxIndirectA 77D6A05A 5 Bytes JMP 7E38FE40 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3936] USER32.dll!DialogBoxParamA 77D6B11C 5 Bytes JMP 7E38FE84 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3936] USER32.dll!MessageBoxExW 77D80538 5 Bytes JMP 7E38FDCC C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3936] USER32.dll!MessageBoxExA 77D8055C 5 Bytes JMP 7E38FE06 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3936] USER32.dll!DialogBoxIndirectParamA 77D86CAD 5 Bytes JMP 7E38FEFA C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3936] USER32.dll!MessageBoxIndirectW 77D96093 5 Bytes JMP 7E2215DA C:\WINDOWS\system32\IEFRAME.dll

---- Files - GMER 1.0.12 ----

File C:\Documents and Settings\Guest\Cookies\guest@connextra[3].txt
File C:\Documents and Settings\Guest\Cookies\guest@coolest-gadgets[2].txt
File C:\Documents and Settings\Guest\Cookies\guest@counter.hitslink[1].txt
File C:\Documents and Settings\Guest\Cookies\guest@dailyhaha[2].txt
File C:\Documents and Settings\Guest\Cookies\guest@data.qvcuk[1].txt
File C:\Documents and Settings\Guest\Cookies\guest@debr.myspace[2].txt
File C:\Documents and Settings\Guest\Cookies\guest@decdna[1].txt
File C:\Documents and Settings\Guest\Cookies\guest@dehp.myspace[1].txt
File C:\Documents and Settings\Guest\Cookies\guest@delb.myspace[2].txt
File C:\Documents and Settings\Guest\Cookies\guest@delb2.myspace[1].txt
File C:\Documents and Settings\Guest\Cookies\guest@demr.myspace[2].txt
File C:\Documents and Settings\Guest\Cookies\guest@desk.myspace[2].txt
File C:\Documents and Settings\Guest\Cookies\guest@disastermb[1].txt
File C:\Documents and Settings\Guest\Cookies\guest@doubleclick[1].txt
File C:\Documents and Settings\Guest\Cookies\guest@e-2dj6wakykncpmfo.stats.esomniture[2].txt
File C:\Documents and Settings\Guest\Cookies\guest@e-2dj6wfk4kic5alo.stats.esomniture[2].txt
File C:\Documents and Settings\Guest\Cookies\guest@e-2dj6wfk4qjcjiap.stats.esomniture[2].txt
File C:\Documents and Settings\Guest\Cookies\guest@e-2dj6wfkisndzmfo.stats.esomniture[1].txt
File C:\Documents and Settings\Guest\Cookies\guest@e-2dj6wfkoopdjalq.stats.esomniture[2].txt
File C:\Documents and Settings\Guest\Cookies\guest@e-2dj6wfkoqlajmbp.stats.esomniture[2].txt
File C:\Documents and Settings\Guest\Cookies\guest@e-2dj6wflikndpifq.stats.esomniture[2].txt
File C:\Documents and Settings\Guest\Cookies\guest@e-2dj6wgmyeoc5eao.stats.esomniture[2].txt
File C:\Documents and Settings\Guest\Cookies\guest@e-2dj6whkicid5cdq.stats.esomniture[1].txt
File C:\Documents and Settings\Guest\Cookies\guest@e-2dj6whkyqidjwlo.stats.esomniture[2].txt

File C:\Documents and Settings\Guest\Cookies\guest@e-2dj6wjlosldzwap.stats.esomniture[2].txt
File C:\Documents and Settings\Guest\Cookies\guest@ebay.co[1].txt
File C:\Documents and Settings\Guest\Cookies\guest@ebayobjects[1].txt
File C:\Documents and Settings\Guest\Cookies\guest@ebay[1].txt
File C:\Documents and Settings\Guest\Cookies\guest@ecustomeropinions[2].txt
File C:\Documents and Settings\Guest\Cookies\guest@edinburghnews.scotsman[1].txt
File C:\Documents and Settings\Guest\Cookies\guest@ehg-debenhams.hitbox[2].txt
File C:\Documents and Settings\Guest\Cookies\guest@fastclick[1].txt
File C:\Documents and Settings\Guest\Cookies\guest@find-me-a-gift.co[2].txt
File C:\Documents and Settings\Guest\Cookies\guest@firebox[2].txt
File C:\Documents and Settings\Guest\Cookies\guest@forum.interference[1].txt
File C:\Documents and Settings\Guest\Cookies\guest@frappr[1].txt
File C:\Documents and Settings\Guest\Cookies\guest@freeads[1].txt
File C:\Documents and Settings\Guest\Cookies\guest@friendsreunited.co[1].txt
File C:\Documents and Settings\Guest\Cookies\guest@gardensandhomesdirect.co[1].txt
File C:\Documents and Settings\Guest\Cookies\guest@google.co[1].txt
File C:\Documents and Settings\Guest\Cookies\guest@google[1].txt
File C:\Documents and Settings\Guest\Cookies\guest@greenfingers[1].txt
File C:\Documents and Settings\Guest\Cookies\guest@grovelands[2].txt
File C:\Documents and Settings\Guest\Cookies\guest@HarrodSite[1].txt
File C:\Documents and Settings\Guest\Cookies\guest@haxnicks.co[2].txt
File C:\Documents and Settings\Guest\Cookies\guest@hitbox[1].txt
File C:\Documents and Settings\Guest\Cookies\guest@hotmail.msn[1].txt
File C:\Documents and Settings\Guest\Cookies\guest@indexstats[2].txt
File C:\Documents and Settings\Guest\Cookies\guest@initgroup[1].txt
File C:\Documents and Settings\Guest\Cookies\guest@interference[1].txt
File C:\Documents and Settings\Guest\Cookies\guest@keywordmax[1].txt
File C:\Documents and Settings\Guest\Cookies\guest@lauraashley[2].txt
File C:\Documents and Settings\Guest\Cookies\guest@live[2].txt
File C:\Documents and Settings\Guest\Cookies\guest@login.live[2].txt
File C:\Documents and Settings\Guest\Cookies\guest@m.webtrends[2].txt
File C:\Documents and Settings\Guest\Cookies\guest@main.ebayrtm[1].txt
File C:\Documents and Settings\Guest\Cookies\guest@marksandspencer.122.2o7[1].txt ---- EOF - GMER 1.0.12 ----

File C:\Documents and Settings\Guest\Cookies\guest@media.adrevolver[2].txt
File C:\Documents and Settings\Guest\Cookies\guest@mediaplex[2].txt
File C:\Documents and Settings\Guest\Cookies\guest@messenger.msn[2].txt
File C:\Documents and Settings\Guest\Cookies\guest@metrixlab61.customers.luna[1].txt
File C:\Documents and Settings\Guest\Cookies\guest@metrixlablw.customers.luna[1].txt
File C:\Documents and Settings\Guest\Cookies\guest@msn[2].txt
File C:\Documents and Settings\Guest\Cookies\guest@mybloglog[1].txt
File C:\Documents and Settings\Guest\Cookies\guest@mygardengreen.co[1].txt
File C:\Documents and Settings\Guest\Cookies\guest@myspace[2].txt
File C:\Documents and Settings\Guest\Cookies\guest@mywebsearch[1].txt
File C:\Documents and Settings\Guest\Cookies\guest@nationalplastics.co[2].txt
File C:\Documents and Settings\Guest\Cookies\guest@news.scotsman[1].txt
File C:\Documents and Settings\Guest\Cookies\guest@od2[1].txt
File C:\Documents and Settings\Guest\Cookies\guest@paypal.112.2o7[1].txt

File C:\Documents and Settings\Guest\Cookies\guest@paypal[1].txt
File C:\Documents and Settings\Guest\Cookies\guest@pier.co[2].txt
File C:\Documents and Settings\Guest\Cookies\guest@pond-solutions.co[2].txt
File C:\Documents and Settings\Guest\Cookies\guest@prezziesplus.co[2].txt
File C:\Documents and Settings\Guest\Cookies\guest@qksrv[2].txt
File C:\Documents and Settings\Guest\Cookies\guest@quartzinteractive.co[1].txt
File C:\Documents and Settings\Guest\Cookies\guest@questionmarket[2].txt
File C:\Documents and Settings\Guest\Cookies\guest@qvcuk[1].txt
File C:\Documents and Settings\Guest\Cookies\guest@rad.msn[2].txt
File C:\Documents and Settings\Guest\Cookies\guest@realmedia[1].txt
File C:\Documents and Settings\Guest\Cookies\guest@reporting.tvlicensing.co[2].txt
File C:\Documents and Settings\Guest\Cookies\guest@s2d6[1].txt


File C:\Documents and Settings\Guest\Cookies\guest@sa47.boden.co[1].txt
File C:\Documents and Settings\Guest\Cookies\guest@scottishblog.squarespace[1].txt
File C:\Documents and Settings\Guest\Cookies\guest@sdc.bookreporter[1].txt
File C:\Documents and Settings\Guest\Cookies\guest@sdc.bookreporter[2].txt
File C:\Documents and Settings\Guest\Cookies\guest@search.msn.co[1].txt
File C:\Documents and Settings\Guest\Cookies\guest@serviceswitching[1].txt
File C:\Documents and Settings\Guest\Cookies\guest@serving-sys[2].txt
File C:\Documents and Settings\Guest\Cookies\guest@serv[1].txt
File C:\Documents and Settings\Guest\Cookies\guest@shop.vodafone.co[1].txt
File C:\Documents and Settings\Guest\Cookies\guest@slide[1].txt
File C:\Documents and Settings\Guest\Cookies\guest@stat.onestat[2].txt
File C:\Documents and Settings\Guest\Cookies\guest@statcounter[2].txt
File C:\Documents and Settings\Guest\Cookies\guest@superstore[1].txt
File C:\Documents and Settings\Guest\Cookies\guest@surprise[1].txt
File C:\Documents and Settings\Guest\Cookies\guest@tacoda[1].txt
File C:\Documents and Settings\Guest\Cookies\guest@tbrewer.co[2].txt
File C:\Documents and Settings\Guest\Cookies\guest@track.webgains[2].txt

File C:\Documents and Settings\Guest\Cookies\guest@tracking.summitmedia.co[1].txt
File C:\Documents and Settings\Guest\Cookies\guest@tradedoubler[1].txt
File C:\Documents and Settings\Guest\Cookies\guest@tradekey[2].txt
File C:\Documents and Settings\Guest\Cookies\guest@trakzor[1].txt
File C:\Documents and Settings\Guest\Cookies\guest@tribalfusion[1].txt
File C:\Documents and Settings\Guest\Cookies\guest@uk.ebayrtm[1].txt
File C:\Documents and Settings\Guest\Cookies\guest@uk.freeads[1].txt
File C:\Documents and Settings\Guest\Cookies\guest@visitors.dooyoo.co[1].txt
File C:\Documents and Settings\Guest\Cookies\guest@ww2.kitchenscience.co[1].txt
File C:\Documents and Settings\Guest\Cookies\guest@www.agirlsworld.co[1].txt
File C:\Documents and Settings\Guest\Cookies\guest@www.authorsontheweb[1].txt
File C:\Documents and Settings\Guest\Cookies\guest@www.awin1[1].txt
File C:\Documents and Settings\Guest\Cookies\guest@www.boden.co[1].txt
File C:\Documents and Settings\Guest\Cookies\guest@www.boysstuff.co[1].txt
File C:\Documents and Settings\Guest\Cookies\guest@www.chindwelldoors.co[1].txt
File C:\Documents and Settings\Guest\Cookies\guest@www.daltons.co[1].txt
File C:\Documents and Settings\Guest\Cookies\guest@www.daltonsproperty[1].txt
File C:\Documents and Settings\Guest\Cookies\guest@www.debenhams[2].txt
File C:\Documents and Settings\Guest\Cookies\guest@www.elginontheweb.co[1].txt
File C:\Documents and Settings\Guest\Cookies\guest@www.friendsreunited.co[2].txt
File C:\Documents and Settings\Guest\Cookies\guest@www.gardensandhomesdirect.co[2].txt
File C:\Documents and Settings\Guest\Cookies\guest@www.google.co[2].txt
File C:\Documents and Settings\Guest\Cookies\guest@www.googleadservices[1].txt
File C:\Documents and Settings\Guest\Cookies\guest@www.greendayforum.co[2].txt
File C:\Documents and Settings\Guest\Cookies\guest@www.hedgesdirect.co[1].txt

File C:\Documents and Settings\Guest\Cookies\guest@www.kitchenscience.co[1].txt
File C:\Documents and Settings\Guest\Cookies\guest@www.lauraashley[2].txt
File C:\Documents and Settings\Guest\Cookies\guest@www.marksandspencer[2].txt
File C:\Documents and Settings\Guest\Cookies\guest@www.meshcomputers[1].txt
File C:\Documents and Settings\Guest\Cookies\guest@www.paypal[1].txt
File C:\Documents and Settings\Guest\Cookies\guest@www.pier.co[2].txt
File C:\Documents and Settings\Guest\Cookies\guest@www.premdoruk[2].txt
File C:\Documents and Settings\Guest\Cookies\guest@www.scaringbirds[2].txt File C:\Documents and Settings\Guest\Cookies\guest@www.sptag2[1].txt
File C:\Documents and Settings\Guest\Cookies\guest@www.thekidswindow.co[1].txt
File C:\Documents and Settings\Guest\Cookies\guest@yahoo[1].txt
File C:\Documents and Settings\Guest\Cookies\index.dat
File C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\AYGX1P2F\sl[1].gif
File C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\AYGX1P2F\sm_search_but[1].gif
File C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\AYGX1P2F\SonyaHamlin[1].jpg
File C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\AYGX1P2F\spotlit_dolphin35_d900_234x60[1].swf
File C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\AYGX1P2F\statusbar-bg[1].gif
File C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\AYGX1P2F\STC_120x600[1].gif
File C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\AYGX1P2F\std_5b27ac98c155caba5cecf6dc80dc838d[1].mp3
File C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\AYGX1P2F\stephen098[1].jpg
File C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\AYGX1P2F\sticker-contactme[1].gif
File C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\AYGX1P2F\stickyfingerz[1].gif
File C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\AYGX1P2F\story6823696t0[1].htm
File C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\AYGX1P2F\structure[1].css
File C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\AYGX1P2F\st[1]
File C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\AYGX1P2F\st[1].htm

File C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\AYGX1P2F\st[2]
File C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\AYGX1P2F\subHeader[1].gif
File C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\AYGX1P2F\swf_728x90[1].swf
File C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\AYGX1P2F\s_04aa4ea7d8e5e1e76ed5605f614b8914[1].jpg
File C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\AYGX1P2F\s_0cfab425741a085c8b7ee193db45f44b[1].jpg
File C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\AYGX1P2F\s_1859bf7cd5a7c299c2e10c5f28ac9a9e[1].jpg
File C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\AYGX1P2F\s_1d4bf9c2ee5be6721f6b91882abc3686[1].jpg
File C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\AYGX1P2F\s_1fc0f741ff058e082fbf9df77fcd9e28[1].jpg
File C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\AYGX1P2F\s_220b2eb42f5a5f76ca67fe9c2b8c78e8[1].gif
File C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\AYGX1P2F\s_2212199bc66c85302ae80376f7b8a8d8[1].jpg
File C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\AYGX1P2F\s_3bef4064f3487a798d714ca1fe7c1455[1].jpg
File C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\AYGX1P2F\s_49511cb4de275c7b222cfe475c74a99b[1].jpg
File C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\AYGX1P2F\s_572279d2921d332cee9bb3853969219c[1].jpg
File C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\AYGX1P2F\s_573836ae114e28b5355bdc9a8f5bb142[1].jpg
File C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\AYGX1P2F\s_577b1693f121b6fc30240ce2c93ffc25[1].jpg
File C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\AYGX1P2F\s_5e032e3858bb9d97e137dedadb2eec12[1].jpg
File C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\AYGX1P2F\s_5e8e04af683ca3f70a89ae6960c10583[1].jpg
File C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\AYGX1P2F\s_5fa405d8b27c6c1e28daf032aa32dbdc[1].jpg
File C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\AYGX1P2F\s_6473f441352cbdc532fbcd43207b7b61[1].jpg
File C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\AYGX1P2F\s_670f07055d37a7d8f1227352fcda58ea[1].jpg
File C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\AYGX1P2F\s_68da94a427cb7ad782d69ac87940001d[1].jpg
File C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\AYGX1P2F\s_69ed1ae7141ed3daf2647c0fd57d8d2c[1].jpg
File C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\AYGX1P2F\s_7364f0fe2d1defd6462a4a33402aee48[1].jpg

File C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\AYGX1P2F\s_7684f5a7cf6339dce556096e21a4e9b2[1].jpg
File C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\AYGX1P2F\s_7afade47c7c4392edc177b3273fcd3da[1].gif
File C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\AYGX1P2F\s_839751798e22999be5daf97df28df5e8[1].jpg
File C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\AYGX1P2F\s_8990fba7407f92bb95de41acd9a70a63[1].jpg
File C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\AYGX1P2F\s_90a0307ff824cd380b4fea210fc11dda[1].jpg
File C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\AYGX1P2F\s_918b35262e35dadf51ea0347ff678e39[1].jpg
File C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\AYGX1P2F\s_940fd5aafc9e1ca3f574b3dc01ee22d9[1].jpg
File C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\AYGX1P2F\s_96333dc55cde568a552ea5591a0344ea[1].jpg
File C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\AYGX1P2F\s_99bb444ecd92335bee114351bc2205e3[1].jpg
File C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\AYGX1P2F\s_9bed4a69e8b2c0b1158119e8df7fe091[1].jpg
File C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\AYGX1P2F\s_9d7f0ccd988d4e5db3f74850d7dd538c[1].gif
File C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\AYGX1P2F\s_9d9edf5ececf78f5dcfafa205396a354[1].jpg
File C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\AYGX1P2F\s_aaca892d8d7e65a95bd20f99617538be[1].jpg
File C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\AYGX1P2F\s_aea5388714a1e1a546dea8eca2f58ca9[1].jpg
File C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\AYGX1P2F\s_b0f029ad77d34e37074c904ed664eef0[1].jpg
File C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\AYGX1P2F\s_ba545e53d37c43faca57157b7950adae[1].jpg
File C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\AYGX1P2F\s_bc19c8cb8210ee14a00c097a6257189a[1].jpg
File C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\AYGX1P2F\s_cee018d1e57777ad82439a9fe850bf9d[1].jpg
File C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\AYGX1P2F\s_d4cb3bae409e0f6c9334bbf267eb369d[1].jpg
File C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\AYGX1P2F\s_e09d769f57a43ea3ff9f492ca721d7ae[1].jpg
File C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\AYGX1P2F\s_e0d5b80f5de82485291e6e183f22851f[1].jpg
File C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\AYGX1P2F\s_e3312d64b0aadca1dbccfb9c96c4a460[1].jpg
File C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\AYGX1P2F\s_e661a4e3f471e4b1b68bb083e0f03817[1].jpg

File C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\AYGX1P2F\s_ef1ea897acbbb7b6ac4f8e038c79d094[1].jpg
File C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\AYGX1P2F\s_f14e81250db048e54e7f0293f130ba8b[1].jpg
File C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\AYGX1P2F\tagger_v02[1].htm
File C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\AYGX1P2F\thanxfor85[1].gif
File C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\AYGX1P2F\th_156120279_l[1].jpg
File C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\AYGX1P2F\th_189875466_l[1].jpg
File C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\AYGX1P2F\th_258317358_l[1].jpg
File C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\AYGX1P2F\th_357108575_l[1].jpg
File C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\AYGX1P2F\th_487743267_l[1].jpg
File C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\AYGX1P2F\th_619467538_l[1].jpg
File C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\AYGX1P2F\th_700255699_l[1].jpg
File C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\AYGX1P2F\th_794639597_l[1].jpg
File C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\AYGX1P2F\th_833885165_l[1].jpg
File C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\AYGX1P2F\th_835499722_l[1].jpg
File C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\AYGX1P2F\th_893813939_l[1].jpg
File C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\AYGX1P2F\th_camheroes[1].jpg
File C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\AYGX1P2F\th_dani[1].jpg
File C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\AYGX1P2F\th_DSC04629[1].jpg
File C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\AYGX1P2F\th_Grayson[1].jpg
File C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\AYGX1P2F\th_lockedrawing15[1].jpg

File C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\AYGX1P2F\th_stephen098[1].jpg
File C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\AYGX1P2F\tiny[1].gif
File C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\AYGX1P2F\title_bg[1].jpg
File C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\AYGX1P2F\title_search[1].gif
File C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\AYGX1P2F\TM3234_wk8_flext35_120x600[1].swf
File C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\AYGX1P2F\TM3234_wk8_flext35_120x600[2].swf
File C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\AYGX1P2F\TM3234_wk8_flext35_120x600[3].swf
File C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\AYGX1P2F\token[1].xml
File C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\AYGX1P2F\topleft_02[1].gif
File C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\AYGX1P2F\topnav-bg[1].gif
File C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\AYGX1P2F\topright[1].gif
File C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\AYGX1P2F\trace[1].htm
File C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\AYGX1P2F\trace[2].htm
File C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\AYGX1P2F\treenice[1].gif
File C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\AYGX1P2F\treeXsell_lg[1].gif
File C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\AYGX1P2F\t[1].gif
File C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\AYGX1P2F\v=4%3Bm=2%3Bl=4572%3Bc=8215%3Bb=36934%3Bts=20070223223708%3Bdct=;ord=20070223223708[1]
File C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\AYGX1P2F\v=4;m=2;l=4573;ts=[1]
File C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\AYGX1P2F\v=4;m=2;l=4573;ts=[2]
File C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\AYGX1P2F\v=4;m=2;l=5585;ts=1172268357484[1]
File C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\AYGX1P2F\valentine[1].gif
File C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\AYGX1P2F\valentine[1].jpg
File C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\AYGX1P2F\vdayBoxBlack[1].jpg
File C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\AYGX1P2F\VictoriaLustbader[1].jpg
File C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\AYGX1P2F\warn0[1].gif
File C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\AYGX1P2F\weemee[1].jpg
File C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\AYGX1P2F\willy-mason[1].jpg
File C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\AYGX1P2F\worlds[1].gif
File C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\AYGX1P2F\WWWMEMPICN[1].jpg
File C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\AYGX1P2F\xslide1[1].gif
File C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\AYGX1P2F\xslide6[1].gif
File C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\AYGX1P2F\zoomerCAAISOPA.jpg
File C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\AYGX1P2F\zoomerCABNAME0.jpg
File C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\AYGX1P2F\zoomerCAI3D18W.jpg
File C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\AYGX1P2F\zoomerCALSER9E.jpg
File C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\AYGX1P2F\zoomerCARVOLJ7.jpg
File C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\AYGX1P2F\zoomerCASSGGY4.jpg
File C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\AYGX1P2F\zoomerCAU3FF53.jpg
File C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\AYGX1P2F\zoomerCAWTW0IY.jpg
File C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\AYGX1P2F\zoomer[10].jpg
File C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\AYGX1P2F\zoomer[11].jpg
File C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\AYGX1P2F\zoomer[1].jpg
File C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\AYGX1P2F\zoomer[2].jpg
File C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\AYGX1P2F\zoomer[3].jpg
File C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\AYGX1P2F\zoomer[4].jpg
File C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\AYGX1P2F\zoomer[5].jpg
File C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\AYGX1P2F\zoomer[6].jpg
File C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\AYGX1P2F\zoomer[7].jpg
File C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\AYGX1P2F\zoomer[8].jpg
File C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\AYGX1P2F\zoomer[9].jpg
ADS C:\Documents and Settings\Kelly\Local Settings\Application Data\Microsoft\Messenger\imurderedpunk@hotmail.com\SharingMetadata\takenoprisoners89@hotmail.com\DFSR\Staging\CS{EBE67AC7-70B7-CB63-E7AD-086D555837C1}\01\10-{EBE67AC7-70B7-CB63-E7AD-086D555837C1}-v1-{F9E9B693-5925-4B00-831C-EFAD6201BF8C}-v10-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS

Hi again :)

Nothing bad there. How is the computer running at the moment?

Generate a HijackThis Startup list:
Open HijackThis: Click on "Open the Misc Tools Section"
Check the following boxes to the right of "Generate StartupList Log": List also minor sections (Full)
List empty sections (Complete)
Click "Generate StartupListLog"
Click "Yes" at the prompt.
A Notepad window will open with the contents of the HijackThis Startup list displayed
Copy & Paste that log to here
:bigthumb:

StartupList report, 15/03/2007, 18:20:17
StartupList version: 1.52.2
Started from : C:\HijackThis\HijackThis.EXE
Detected: Windows XP SP2 (WinNT 5.01.2600)
Detected: Internet Explorer v7.00 (7.00.6000.16414)
* Using default options
* Including empty and uninteresting sections
* Showing rarely important sections
==================================================

Running processes:

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CyberLink\PowerCinema\PCMService.exe
C:\WINDOWS\CTHELPER.EXE
C:\Program Files\Creative\SBAudigy4\DVDAudio\CTDVDDET.EXE
C:\Program Files\Creative\SBAudigy4\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\PRISMSVR.EXE
C:\WINDOWS\V0220Mon.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIABE.EXE
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\BT Voyager Wireless Adapter\PRISMCFG.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HijackThis\HijackThis.exe

--------------------------------------------------

Listing of startup folders:

Shell folders Startup:
[C:\Documents and Settings\Kelly\Start Menu\Programs\Startup]
Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

Shell folders AltStartup:
*Folder not found*

User shell folders Startup:
*Folder not found*

User shell folders AltStartup:
*Folder not found*

Shell folders Common Startup:
[C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
BT Voyager Wireless Utility.lnk = ?
Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

Shell folders Common AltStartup:
*Folder not found*

User shell folders Common Startup:
*Folder not found*

User shell folders Alternate Common Startup:
*Folder not found*

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,

[HKLM\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*

[HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
*Registry value not found*

[HKCU\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

PCMService = "C:\Program Files\CyberLink\PowerCinema\PCMService.exe"
{1290A33C-85F5-4164-A1BE-7DD299D4986A} = "C:\Program Files\CyberLink\PowerBackup\PBKScheduler.exe"
Ptipbmf = rundll32.exe ptipbmf.dll,SetWriteCacheMode
CTHelper = CTHELPER.EXE
CTDVDDET = "C:\Program Files\Creative\SBAudigy4\DVDAudio\CTDVDDET.EXE"
CTSysVol = C:\Program Files\Creative\SBAudigy4\Surround Mixer\CTSysVol.exe /r
AudioDrvEmulator = "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
UpdReg = C:\WINDOWS\UpdReg.EXE
ATICCC = "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
PRISMSVR.EXE = "C:\WINDOWS\system32\PRISMSVR.EXE" /APPLY
V0220Mon.exe = C:\WINDOWS\V0220Mon.exe
SunJavaUpdateSched = C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
TkBellExe = "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
Adobe Photo Downloader = "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
PCSuiteTrayApplication = C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
QuickTime Task = "C:\Program Files\QuickTime\qttask.exe" -atboottime
iTunesHelper = "C:\Program Files\iTunes\iTunesHelper.exe"
Openwares LiveUpdate = C:\Program Files\LiveUpdate\LiveUpdate.exe
EPSON Stylus D88 Series = C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIABE.EXE /P23 "EPSON Stylus D88 Series" /O6 "USB001" /M "Stylus D88"
AVG7_CC = C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

MsnMsgr = "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
Power2GoExpress =
BitTorrent = "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

[OptionalComponents]
*No values found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*

--------------------------------------------------

File association entry for .EXE:
HKEY_CLASSES_ROOT\exefile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .COM:
HKEY_CLASSES_ROOT\comfile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .BAT:
HKEY_CLASSES_ROOT\batfile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .PIF:
HKEY_CLASSES_ROOT\piffile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .SCR:
HKEY_CLASSES_ROOT\scrfile\shell\open\command

(Default) = "%1" /S

--------------------------------------------------

File association entry for .HTA:
HKEY_CLASSES_ROOT\htafile\shell\open\command

(Default) = C:\WINDOWS\system32\mshta.exe "%1" %*

--------------------------------------------------

File association entry for .TXT:
HKEY_CLASSES_ROOT\txtfile\shell\open\command

(Default) = %SystemRoot%\system32\NOTEPAD.EXE %1

--------------------------------------------------

Enumerating Active Setup stub paths:
HKLM\Software\Microsoft\Active Setup\Installed Components
(* = disabled by HKCU twin)

[<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}] *
StubPath = C:\WINDOWS\system32\ieudinit.exe

[>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
StubPath = C:\WINDOWS\inf\unregmp2.exe /ShowWMP

[>{26923b43-4d38-484f-9b9e-de460746276c}] *
StubPath = C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig

[>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] *
StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

[>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] *
StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

[{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] *
StubPath = %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

[{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install

[{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT

[{5945c046-1e7d-11d1-bc44-00c04fd912be}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser

[{6BF52A52-394A-11d3-B153-00C04F79FAA6}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp10.inf,PerUserStub

[{7790769C-0471-11d2-AF11-00C04FA35D02}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install

[{89820200-ECBD-11cf-8B85-00AA005B4340}] *
StubPath = regsvr32.exe /s /n /i:U shell32.dll

[{89820200-ECBD-11cf-8B85-00AA005B4383}] *
StubPath = C:\WINDOWS\system32\ie4uinit.exe -BaseSettings

[{89B4C1CD-B018-4511-B0A1-5476DBF70820}] *
StubPath = C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install

[{8b15971b-5355-4c82-8c07-7e181ea07608}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser

--------------------------------------------------

Enumerating ICQ Agent Autostart apps:
HKCU\Software\Mirabilis\ICQ\Agent\Apps

*Registry key not found*

--------------------------------------------------

Load/Run keys from C:\WINDOWS\WIN.INI:

load=*INI section not found*
run=*INI section not found*

Load/Run keys from Registry:

HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\Windows: load=
HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=Explorer.exe
SCRNSAVE.EXE=C:\WINDOWS\System32\logon.scr
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry key not found*
HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------

Checking for EXPLORER.EXE instances:

C:\WINDOWS\Explorer.exe: PRESENT!

C:\Explorer.exe: not present
C:\WINDOWS\Explorer\Explorer.exe: not present
C:\WINDOWS\System\Explorer.exe: not present
C:\WINDOWS\System32\Explorer.exe: not present
C:\WINDOWS\Command\Explorer.exe: not present
C:\WINDOWS\Fonts\Explorer.exe: not present

--------------------------------------------------

Checking for superhidden extensions:

.lnk: HIDDEN! (arrow overlay: yes)
.pif: HIDDEN! (arrow overlay: yes)
.exe: not hidden
.com: not hidden
.bat: not hidden
.hta: not hidden
.scr: not hidden
.shs: HIDDEN!
.shb: HIDDEN!
.vbs: not hidden
.vbe: not hidden
.wsh: not hidden
.scf: HIDDEN! (arrow overlay: NO!)
.url: HIDDEN! (arrow overlay: yes)
.js: not hidden
.jse: not hidden

--------------------------------------------------

Verifying REGEDIT.EXE integrity:

- Regedit.exe found in C:\WINDOWS
- .reg open command is normal (regedit.exe %1)
- Company name OK: 'Microsoft Corporation'
- Original filename OK: 'REGEDIT.EXE'
- File description: 'Registry Editor'

Registry check passed

--------------------------------------------------

Enumerating Browser Helper Objects:

(no name) - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A}

--------------------------------------------------

Enumerating Task Scheduler jobs:

AppleSoftwareUpdate.job

--------------------------------------------------

Enumerating Download Program Files:

[Checkers Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\msgrchkr.dll
CODEBASE = http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab

[MessengerStatsClient Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\MessengerStatsPAClient.dll
CODEBASE = http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab

[Trend Micro ActiveX Scan Agent 6.6]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\Housecall_ActiveX.dll
CODEBASE = http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab

[Minesweeper Flags Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\minesweeper.dll
CODEBASE = http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab

[WScanCtl Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\webscan.dll
CODEBASE = http://www3.ca.com/securityadvisor/virusinfo/webscan.cab

[Java Plug-in 1.5.0_03]
InProcServer32 = C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
CODEBASE = http://java.sun.com/update/1.5.0/jinstall-1_5_0_03-windows-i586.cab

[MessengerStatsClient Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\messengerstatsclient.dll
CODEBASE = http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab

[ActiveScan Installer Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\asinst.dll
CODEBASE = http://acs.pandasoftware.com/activescan/as5free/asinst.cab

[ZoneIntro Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\ZIntro.ocx
CODEBASE = http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab

[CBreakshotControl Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\Banksht2.dll
CODEBASE = http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab

[Java Plug-in 1.5.0_03]
InProcServer32 = C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
CODEBASE = http://java.sun.com/update/1.5.0/jinstall-1_5_0_03-windows-i586.cab

[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\system32\Macromed\Flash\Flash9.ocx
CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

--------------------------------------------------

Enumerating Winsock LSP files:

NameSpace #1: C:\WINDOWS\System32\mswsock.dll
NameSpace #2: C:\WINDOWS\System32\winrnr.dll
NameSpace #3: C:\WINDOWS\System32\mswsock.dll
Protocol #1: C:\WINDOWS\system32\mswsock.dll
Protocol #2: C:\WINDOWS\system32\mswsock.dll
Protocol #3: C:\WINDOWS\system32\mswsock.dll
Protocol #4: C:\WINDOWS\system32\rsvpsp.dll
Protocol #5: C:\WINDOWS\system32\rsvpsp.dll
Protocol #6: C:\WINDOWS\system32\mswsock.dll
Protocol #7: C:\WINDOWS\system32\mswsock.dll
Protocol #8: C:\WINDOWS\system32\mswsock.dll
Protocol #9: C:\WINDOWS\system32\mswsock.dll
Protocol #10: C:\WINDOWS\system32\mswsock.dll
Protocol #11: C:\WINDOWS\system32\mswsock.dll
Protocol #12: C:\WINDOWS\system32\mswsock.dll
Protocol #13: C:\WINDOWS\system32\mswsock.dll
Protocol #14: C:\WINDOWS\system32\mswsock.dll
Protocol #15: C:\WINDOWS\system32\mswsock.dll
Protocol #16: C:\WINDOWS\system32\mswsock.dll
Protocol #17: C:\WINDOWS\system32\mswsock.dll
Protocol #18: C:\WINDOWS\system32\mswsock.dll
Protocol #19: C:\WINDOWS\system32\mswsock.dll
Protocol #20: C:\WINDOWS\system32\mswsock.dll
Protocol #21: C:\WINDOWS\system32\mswsock.dll

--------------------------------------------------

Enumerating Windows NT/2000/XP services

abp480n5: \SystemRoot\system32\DRIVERS\ABP480N5.SYS (disabled)
Microsoft ACPI Driver: system32\DRIVERS\ACPI.sys (system)
Adobe LM Service: "C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe" (manual start)
adpu160m: \SystemRoot\system32\DRIVERS\adpu160m.sys (disabled)
Microsoft Kernel Acoustic Echo Canceller: system32\drivers\aec.sys (manual start)
AFD: \SystemRoot\System32\drivers\afd.sys (system)
Intel AGP Bus Filter: \SystemRoot\system32\DRIVERS\agp440.sys (disabled)
Compaq AGP Bus Filter: \SystemRoot\system32\DRIVERS\agpCPQ.sys (disabled)
Aha154x: \SystemRoot\system32\DRIVERS\aha154x.sys (disabled)
aic78u2: \SystemRoot\system32\DRIVERS\aic78u2.sys (disabled)
aic78xx: \SystemRoot\system32\DRIVERS\aic78xx.sys (disabled)
Alerter: %SystemRoot%\system32\svchost.exe -k LocalService (disabled)
Application Layer Gateway Service: %SystemRoot%\System32\alg.exe (manual start)
AliIde: system32\DRIVERS\aliide.sys (system)
ALI AGP Bus Filter: \SystemRoot\system32\DRIVERS\alim1541.sys (disabled)
AMD AGP Bus Filter Driver: \SystemRoot\system32\DRIVERS\amdagp.sys (disabled)
amsint: \SystemRoot\system32\DRIVERS\amsint.sys (disabled)
Application Management: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
1394 ARP Client Protocol: system32\DRIVERS\arp1394.sys (manual start)
asc: \SystemRoot\system32\DRIVERS\asc.sys (disabled)
asc3350p: \SystemRoot\system32\DRIVERS\asc3350p.sys (disabled)
asc3550: \SystemRoot\system32\DRIVERS\asc3550.sys (disabled)
ASP.NET State Service: %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (manual start)
RAS Asynchronous Media Driver: system32\DRIVERS\asyncmac.sys (manual start)
Standard IDE/ESDI Hard Disk Controller: system32\DRIVERS\atapi.sys (system)
Ati HotKey Poller: %SystemRoot%\system32\Ati2evxx.exe (autostart)
ATI Smart: C:\WINDOWS\system32\ati2sgag.exe (disabled)
ati2mtag: system32\DRIVERS\ati2mtag.sys (manual start)
ATM ARP Client Protocol: system32\DRIVERS\atmarpc.sys (manual start)
Windows Audio: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Audio Stub Driver: system32\DRIVERS\audstub.sys (manual start)
AVG7 Alert Manager Server: C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe (autostart)
AVG7 Kernel: \SystemRoot\System32\Drivers\avg7core.sys (system)
AVG7 Wrap Driver: \SystemRoot\System32\Drivers\avg7rsw.sys (system)
AVG7 Resident Driver XP: \SystemRoot\System32\Drivers\avg7rsxp.sys (system)
AVG7 Update Service: C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe (autostart)
AVG7 Clean Driver: \SystemRoot\System32\Drivers\avgclean.sys (system)
Background Intelligent Transfer Service: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
Computer Browser: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
cbidf: \SystemRoot\system32\DRIVERS\cbidf2k.sys (disabled)
Closed Caption Decoder: system32\DRIVERS\CCDECODE.sys (manual start)
cd20xrnt: \SystemRoot\system32\DRIVERS\cd20xrnt.sys (disabled)
CD-ROM Driver: system32\DRIVERS\cdrom.sys (system)
Indexing Service: %SystemRoot%\system32\cisvc.exe (manual start)
CyberLink Background Capture Service (CBCS): "C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe" (autostart)
ClipBook: %SystemRoot%\system32\clipsrv.exe (disabled)
.NET Runtime Optimization Service v2.0.50727_X86: C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (disabled)
CyberLink Task Scheduler (CTS): "C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe" (autostart)
CmdIde: \SystemRoot\system32\DRIVERS\cmdide.sys (disabled)
COM+ System Application: C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} (manual start)
Cpqarray: \SystemRoot\system32\DRIVERS\cpqarray.sys (disabled)
Creative Service for CDROM Access: C:\WINDOWS\system32\CTsvcCDA.EXE (disabled)
Cryptographic Services: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Creative AC3 Software Decoder: system32\drivers\ctac32k.sys (manual start)
Creative Audio Driver (WDM): system32\drivers\ctaud2k.sys (manual start)
Creative DVD-Audio Device Driver: system32\drivers\ctdvda2k.sys (manual start)
Creative Proxy Driver: system32\drivers\ctprxy2k.sys (manual start)
Creative SoundFont Management Device Driver: system32\drivers\ctsfm2k.sys (manual start)
CyberLink Media Library Service: "C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe" (autostart)
dac2w2k: \SystemRoot\system32\DRIVERS\dac2w2k.sys (disabled)
dac960nt: \SystemRoot\system32\DRIVERS\dac960nt.sys (disabled)
DCOM Server Process Launcher: %SystemRoot%\system32\svchost -k DcomLaunch (autostart)
DHCP Client: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Disk Driver: system32\DRIVERS\disk.sys (system)
Logical Disk Manager Administrative Service: %SystemRoot%\System32\dmadmin.exe /com (manual start)
dmboot: System32\drivers\dmboot.sys (disabled)
dmio: System32\drivers\dmio.sys (disabled)
dmload: System32\drivers\dmload.sys (disabled)
Logical Disk Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Microsoft Kernel DLS Syntheiszer: system32\drivers\DMusic.sys (manual start)
DNS Client: %SystemRoot%\system32\svchost.exe -k NetworkService (autostart)
dpti2o: \SystemRoot\system32\DRIVERS\dpti2o.sys (disabled)
Microsoft Kernel DRM Audio Descrambler: system32\drivers\drmkaud.sys (manual start)
E-mu Plug-in Architecture Driver: system32\drivers\emupia2k.sys (manual start)
Error Reporting Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Event Log: %SystemRoot%\system32\services.exe (autostart)
COM+ Event System: C:\WINDOWS\system32\svchost.exe -k netsvcs (manual start)
fasttx2k: \SystemRoot\system32\DRIVERS\fasttx2k.sys (disabled)
Fast User Switching Compatibility: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Fax: %systemroot%\system32\fxssvc.exe (autostart)
Floppy Disk Controller Driver: system32\DRIVERS\fdc.sys (manual start)
FltMgr: system32\DRIVERS\fltMgr.sys (system)
Volume Manager Driver: system32\DRIVERS\ftdisk.sys (system)
GEAR CDRom Filter: SYSTEM32\DRIVERS\GEARAspiWDM.sys (manual start)
gmer: System32\DRIVERS\gmer.sys (manual start)
Generic Packet Classifier: system32\DRIVERS\msgpc.sys (manual start)
Creative Hardware Abstract Layer Driver: system32\drivers\ha10kx2k.sys (manual start)
Hamachi Network Interface: system32\DRIVERS\hamachi.sys (manual start)
Creative P16V HAL Driver: system32\drivers\hap16v2k.sys (manual start)
Creative P17V HAL Driver: system32\drivers\hap17v2k.sys (manual start)
Help and Support: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
HID Input Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Microsoft HID Class Driver: system32\DRIVERS\hidusb.sys (manual start)
hpn: \SystemRoot\system32\DRIVERS\hpn.sys (disabled)
HTTP: System32\Drivers\HTTP.sys (manual start)
HTTP SSL: %SystemRoot%\System32\svchost.exe -k HTTPFilter (manual start)
i2omp: \SystemRoot\system32\DRIVERS\i2omp.sys (disabled)
i8042 Keyboard and PS/2 Mouse Port Driver: system32\DRIVERS\i8042prt.sys (system)
Intel AHCI Controller: \SystemRoot\system32\DRIVERS\iaStor.sys (disabled)
InstallDriver Table Manager: "C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe" (manual start)
CD-Burning Filter Driver: system32\DRIVERS\imapi.sys (system)
IMAPI CD-Burning COM Service: C:\WINDOWS\system32\imapi.exe (disabled)
ini910u: \SystemRoot\system32\DRIVERS\ini910u.sys (disabled)
IntelIde: \SystemRoot\system32\DRIVERS\intelide.sys (disabled)
Intel Processor Driver: system32\DRIVERS\intelppm.sys (system)
IPv6 Windows Firewall Driver: system32\DRIVERS\Ip6Fw.sys (manual start)
IP Traffic Filter Driver: system32\DRIVERS\ipfltdrv.sys (manual start)
IP in IP Tunnel Driver: system32\DRIVERS\ipinip.sys (manual start)
IP Network Address Translator: system32\DRIVERS\ipnat.sys (manual start)
iPod Service: "C:\Program Files\iPod\bin\iPodService.exe" (manual start)
IPSEC driver: system32\DRIVERS\ipsec.sys (system)
IR Enumerator Service: system32\DRIVERS\irenum.sys (manual start)
PnP ISA/EISA Bus Driver: system32\DRIVERS\isapnp.sys (system)
Keyboard Class Driver: system32\DRIVERS\kbdclass.sys (system)
Keyboard HID Driver: system32\DRIVERS\kbdhid.sys (system)
Microsoft Kernel Wave Audio Mixer: system32\drivers\kmixer.sys (manual start)
Server: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Workstation: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
TCP/IP NetBIOS Helper: %SystemRoot%\system32\svchost.exe -k LocalService (autostart)
m5287: \SystemRoot\system32\DRIVERS\m5287.sys (disabled)
m5289: \SystemRoot\system32\DRIVERS\m5289.sys (disabled)
AEGIS Protocol (IEEE 802.1x) v2.3.1.9: system32\DRIVERS\mdc8021x.sys (autostart)
Messenger: %SystemRoot%\system32\svchost.exe -k netsvcs (disabled)
NetMeeting Remote Desktop Sharing: C:\WINDOWS\system32\mnmsrvc.exe (disabled)
Mouse Class Driver: system32\DRIVERS\mouclass.sys (system)
Mouse HID Driver: system32\DRIVERS\mouhid.sys (manual start)
mraid35x: \SystemRoot\system32\DRIVERS\mraid35x.sys (disabled)
WebDav Client Redirector: system32\DRIVERS\mrxdav.sys (manual start)
MRXSMB: system32\DRIVERS\mrxsmb.sys (system)
Distributed Transaction Coordinator: C:\WINDOWS\system32\msdtc.exe (disabled)
Windows Installer: C:\WINDOWS\system32\msiexec.exe /V (manual start)
Microsoft Streaming Service Proxy: system32\drivers\MSKSSRV.sys (manual start)
Microsoft Streaming Clock Proxy: system32\drivers\MSPCLOCK.sys (manual start)
Microsoft Streaming Quality Manager Proxy: system32\drivers\MSPQM.sys (manual start)
Microsoft System Management BIOS Driver: system32\DRIVERS\mssmbios.sys (manual start)
Microsoft Streaming Tee/Sink-to-Sink Converter: system32\drivers\MSTEE.sys (manual start)
ATK0110 ACPI UTILITY: system32\DRIVERS\ASACPI.sys (manual start)
NABTS/FEC VBI Codec: system32\DRIVERS\NABTSFEC.sys (manual start)
Microsoft TV/Video Connection: system32\DRIVERS\NdisIP.sys (manual start)
Remote Access NDIS TAPI Driver: system32\DRIVERS\ndistapi.sys (manual start)
NDIS Usermode I/O Protocol: system32\DRIVERS\ndisuio.sys (manual start)
Remote Access NDIS WAN Driver: system32\DRIVERS\ndiswan.sys (manual start)
NetBIOS Interface: system32\DRIVERS\netbios.sys (system)
NetBios over Tcpip: system32\DRIVERS\netbt.sys (system)
Network DDE: %SystemRoot%\system32\netdde.exe (disabled)
Network DDE DSDM: %SystemRoot%\system32\netdde.exe (disabled)
Net Logon: %SystemRoot%\system32\lsass.exe (manual start)
Network Connections: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
1394 Net Driver: system32\DRIVERS\nic1394.sys (manual start)
Network Location Awareness (NLA): %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
Nokia USB Generic: system32\drivers\nmwcdc.sys (manual start)
Nokia USB Modem: system32\drivers\nmwcdcm.sys (manual start)
Nokia USB Phone Parent: system32\drivers\nmwcd.sys (manual start)
Nokia USB Port: system32\drivers\nmwcdcj.sys (manual start)
NT LM Security Support Provider: %SystemRoot%\system32\lsass.exe (manual start)
Removable Storage: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
IPX Traffic Filter Driver: system32\DRIVERS\nwlnkflt.sys (manual start)
IPX Traffic Forwarder Driver: system32\DRIVERS\nwlnkfwd.sys (manual start)
VIA OHCI Compliant IEEE 1394 Host Controller: system32\DRIVERS\ohci1394.sys (system)
Office Source Engine: "C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE" (manual start)
Creative OS Services Driver: system32\drivers\ctoss2k.sys (manual start)
Parallel port driver: system32\DRIVERS\parport.sys (manual start)
PCI Bus Driver: system32\DRIVERS\pci.sys (system)
PCIIde: system32\DRIVERS\pciide.sys (system)
perc2: \SystemRoot\system32\DRIVERS\perc2.sys (disabled)
perc2hib: \SystemRoot\system32\DRIVERS\perc2hib.sys (disabled)
PfModNT: \??\C:\WINDOWS\system32\drivers\PfModNT.sys (autostart)
Plug and Play: %SystemRoot%\system32\services.exe (autostart)
IPSEC Services: %SystemRoot%\system32\lsass.exe (autostart)
WAN Miniport (PPTP): system32\DRIVERS\raspptp.sys (manual start)
Processor Driver: system32\DRIVERS\processr.sys (system)
Protected Storage: %SystemRoot%\system32\lsass.exe (autostart)
QoS Packet Scheduler: system32\DRIVERS\psched.sys (manual start)
Direct Parallel Link Driver: system32\DRIVERS\ptilink.sys (manual start)
ql1080: \SystemRoot\system32\DRIVERS\ql1080.sys (disabled)
Ql10wnt: \SystemRoot\system32\DRIVERS\ql10wnt.sys (disabled)
ql12160: \SystemRoot\system32\DRIVERS\ql12160.sys (disabled)
ql1240: \SystemRoot\system32\DRIVERS\ql1240.sys (disabled)
ql1280: \SystemRoot\system32\DRIVERS\ql1280.sys (disabled)
Remote Access Auto Connection Driver: system32\DRIVERS\rasacd.sys (system)
Remote Access Auto Connection Manager: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
WAN Miniport (L2TP): system32\DRIVERS\rasl2tp.sys (manual start)
Remote Access Connection Manager: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
Remote Access PPPOE Driver: system32\DRIVERS\raspppoe.sys (manual start)
Direct Parallel: system32\DRIVERS\raspti.sys (manual start)
Rdbss: system32\DRIVERS\rdbss.sys (system)
RDPCDD: System32\DRIVERS\RDPCDD.sys (system)
Terminal Server Device Redirector Driver: system32\DRIVERS\rdpdr.sys (manual start)
Remote Desktop Help Session Manager: C:\WINDOWS\system32\sessmgr.exe (disabled)
Digital CD Audio Playback Filter Driver: system32\DRIVERS\redbook.sys (system)
Routing and Remote Access: %SystemRoot%\system32\svchost.exe -k netsvcs (disabled)
Remote Procedure Call (RPC) Locator: %SystemRoot%\system32\locator.exe (manual start)
Remote Procedure Call (RPC): %SystemRoot%\system32\svchost -k rpcss (autostart)
QoS RSVP: %SystemRoot%\system32\rsvp.exe (manual start)
Realtek 10/100/1000 NIC Family all in one NDIS XP Driver: system32\DRIVERS\Rtenicxp.sys (manual start)
Security Accounts Manager: %SystemRoot%\system32\lsass.exe (autostart)
SBP-2 Transport/Protocol Bus Driver: system32\DRIVERS\sbp2port.sys (system)
Smart Card: %SystemRoot%\System32\SCardSvr.exe (manual start)
Task Scheduler: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Secdrv: system32\DRIVERS\secdrv.sys (manual start)
Secondary Logon: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
System Event Notification: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Serenum Filter Driver: system32\DRIVERS\serenum.sys (manual start)
Serial port driver: system32\DRIVERS\serial.sys (system)
ServiceLayer: "C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe" (manual start)
Windows Firewall/Internet Connection Sharing (ICS): %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Shell Hardware Detection: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
SIS AGP Bus Filter: \SystemRoot\system32\DRIVERS\sisagp.sys (disabled)
BDA Slip De-Framer: system32\DRIVERS\SLIP.sys (manual start)
Sparrow: \SystemRoot\system32\DRIVERS\sparrow.sys (disabled)
Microsoft Kernel Audio Splitter: system32\drivers\splitter.sys (manual start)
Print Spooler: %SystemRoot%\system32\spoolsv.exe (autostart)
System Restore Filter Driver: system32\DRIVERS\sr.sys (system)
System Restore Service: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Srv: system32\DRIVERS\srv.sys (manual start)
SSDP Discovery Service: %SystemRoot%\system32\svchost.exe -k LocalService (manual start)
Windows Image Acquisition (WIA): %SystemRoot%\system32\svchost.exe -k imgsvc (autostart)
BDA IPSink: system32\DRIVERS\StreamIP.sys (manual start)
Software Bus Driver: system32\DRIVERS\swenum.sys (manual start)
Microsoft Kernel GS Wavetable Synthesizer: system32\drivers\swmidi.sys (manual start)

MS Software Shadow Copy Provider: C:\WINDOWS\system32\dllhost.exe /Processid:{D6BA0A5F-33A5-4E1B-AFFB-E59C1D2ECBD0} (manual start)
symc810: \SystemRoot\system32\DRIVERS\symc810.sys (disabled)
symc8xx: \SystemRoot\system32\DRIVERS\symc8xx.sys (disabled)
sym_hi: \SystemRoot\system32\DRIVERS\sym_hi.sys (disabled)
sym_u3: \SystemRoot\system32\DRIVERS\sym_u3.sys (disabled)
Microsoft Kernel System Audio Device: system32\drivers\sysaudio.sys (manual start)
Performance Logs and Alerts: %SystemRoot%\system32\smlogsvc.exe (manual start)
Telephony: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
TCP/IP Protocol Driver: system32\DRIVERS\tcpip.sys (system)
Terminal Device Driver: system32\DRIVERS\termdd.sys (system)
Terminal Services: %SystemRoot%\System32\svchost -k DComLaunch (manual start)
Themes: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
tmcomm: \??\C:\WINDOWS\system32\drivers\tmcomm.sys (autostart)
TosIde: \SystemRoot\system32\DRIVERS\toside.sys (disabled)
Distributed Link Tracking Client: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
ultra: \SystemRoot\system32\DRIVERS\ultra.sys (disabled)
Windows User Mode Driver Framework: C:\WINDOWS\system32\wdfmgr.exe (disabled)
Microcode Update Driver: system32\DRIVERS\update.sys (manual start)
Universal Plug and Play Device Host: %SystemRoot%\system32\svchost.exe -k LocalService (manual start)
Uninterruptible Power Supply: %SystemRoot%\System32\ups.exe (manual start)
Microsoft USB Generic Parent Driver: system32\DRIVERS\usbccgp.sys (manual start)
Microsoft USB 2.0 Enhanced Host Controller Miniport Driver: system32\DRIVERS\usbehci.sys (manual start)
Microsoft USB Standard Hub Driver: system32\DRIVERS\usbhub.sys (manual start)
Microsoft USB Open Host Controller Miniport Driver: system32\DRIVERS\usbohci.sys (manual start)
Microsoft USB PRINTER Class: system32\DRIVERS\usbprint.sys (manual start)
USB Scanner Driver: system32\DRIVERS\usbscan.sys (manual start)
USB Mass Storage Driver: system32\DRIVERS\USBSTOR.SYS (manual start)
Messenger Sharing Folders USN Journal Reader service: "C:\Program Files\MSN Messenger\usnsvc.exe" (manual start)
Live! Cam Video IM: system32\DRIVERS\V0220Dev.sys (manual start)
V0220VFX: system32\DRIVERS\V0220Vfx.sys (manual start)
VgaSave: \SystemRoot\System32\drivers\vga.sys (system)
VIA AGP Bus Filter: \SystemRoot\system32\DRIVERS\viaagp.sys (disabled)
ViaIde: \SystemRoot\system32\DRIVERS\viaide.sys (disabled)
viamraid: \SystemRoot\system32\DRIVERS\viamraid.sys (disabled)
Volume Shadow Copy: %SystemRoot%\System32\vssvc.exe (manual start)
Windows Time: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Remote Access IP ARP Driver: system32\DRIVERS\wanarp.sys (manual start)
Microsoft WINMM WDM Audio Compatibility Driver: system32\drivers\wdmaud.sys (manual start)
WebClient: %SystemRoot%\system32\svchost.exe -k LocalService (autostart)
Windows Management Instrumentation: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
2Wire 802.11g USB Driver: system32\DRIVERS\WlanUIG.sys (manual start)
Windows Media Connect (WMC): c:\program files\windows media connect\mswmccds.exe (manual start)
Windows Media Connect (WMC) Helper: C:\Program Files\Windows Media Connect\mswmcls.exe (manual start)
Portable Media Serial Number Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
WMI Performance Adapter: C:\WINDOWS\system32\wbem\wmiapsrv.exe (disabled)
Security Center: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
World Standard Teletext Codec: system32\DRIVERS\WSTCODEC.SYS (manual start)
Automatic Updates: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
Wireless Zero Configuration: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Network Provisioning Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)


--------------------------------------------------

Enumerating Windows NT logon/logoff scripts:
*No scripts set to run*

Windows NT checkdisk command:
BootExecute = autocheck autochk *

Windows NT 'Wininit.ini':
PendingFileRenameOperations: *Registry value not found*

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\system32\webcheck.dll
SysTray: C:\WINDOWS\system32\stobject.dll

--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

*Registry key not found*

--------------------------------------------------

End of report, 41,391 bytes
Report generated in 0.219 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only




Hey
Thanks for your reply
the computer is still acting weird, every time i start it up the blue disk check screen appears and runs, I also get "corrupt file" warnings from windows from the bottom right toolbar - and AVG constantly gets errors. I also still cannot run Firefox and the computer restarts occasionally.
Cheers
Kelly

Ok nothing specific there...

Let's make sure that all the system files are on the pc. Follow these instructions -> Link (http://dwightblackburn.com/winxp/)

Please do an online scan with Kaspersky WebScanner (http://www.kaspersky.com/virusscanner)

Click on Kaspersky Online Scanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
The program will launch and then begin downloading the latest definition files:
Once the files have been downloaded click on NEXT

Now click on Scan Settings
In the scan settings make that the following are selected:
Scan using the following Anti-Virus database:
Extended (if available otherwise Standard)

Scan Options:
Scan Archives
Scan Mail Bases

Click OK
Now under select a target to scan:Select My Computer

This will program will start and scan your system.
The scan will take a while so be patient and let it run.
Once the scan is complete it will display if your system has been infected.
Now click on the Save as Text button:
Save the file to your desktop.
Copy and paste that information in your next post.

:scratch:

This topic has been archived due to lack of a response.

If you need it re-opened please send me a private message (pm) and provide a link to the thread. Applies only to the original poster, anyone else with similar problems please start a new topic.