Hupignon - Help Please?

K

Kellyisonfire

New member
Hi all
I have a PC running Windows XP. Had no trouble until recently. It all started when my PC would restart itself just as windows ran. When windows finally started up, this screen appeared:
sdgsdgdfghk9.png

I ran AVG and downloaded Spybot S&G. This screen appeared during search :
dfgdfgdfgrb6.png

werwergy6.png


Im a complete beginner when it comes to this sort of stuff, so any help would be much appreciated.
Thanks
Kelly.
 
I ran HiJackthis, and this is the log report:

Logfile of HijackThis v1.99.1
Scan saved at 21:08:38, on 07/03/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\CyberLink\PowerCinema\PCMService.exe
C:\WINDOWS\CTHELPER.EXE
C:\Program Files\Creative\SBAudigy4\DVDAudio\CTDVDDET.EXE
C:\Program Files\Creative\SBAudigy4\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\PRISMSVR.EXE
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIABE.EXE
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\BT Voyager Wireless Adapter\PRISMCFG.EXE
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\System32\logon.scr
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.meshcomputers.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\CyberLink\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [{1290A33C-85F5-4164-A1BE-7DD299D4986A}] "C:\Program Files\CyberLink\PowerBackup\PBKScheduler.exe"
O4 - HKLM\..\Run: [Ptipbmf] rundll32.exe ptipbmf.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\SBAudigy4\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy4\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [PRISMSVR.EXE] "C:\WINDOWS\system32\PRISMSVR.EXE" /APPLY
O4 - HKLM\..\Run: [V0220Mon.exe] C:\WINDOWS\V0220Mon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Openwares LiveUpdate] C:\Program Files\LiveUpdate\LiveUpdate.exe
O4 - HKLM\..\Run: [EPSON Stylus D88 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIABE.EXE /P23 "EPSON Stylus D88 Series" /O6 "USB001" /M "Stylus D88"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: BT Voyager Wireless Utility.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZJfox000
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.meshcomputers.com
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe



Thanks in advance for any help :)
 
Hi Kellyisonfire and welcome to the Forums :)

Hupigon is a backdoor which may steal information. If this system is used for online banking or has credit card information on it, all passwords should be changed immediately by using a different computer (not the infected one!) to make the changes. Banking and credit card institutions, if any, should be notified of the possible security breech. I suggest that you read this article too.

We'll begin the cleaning.

You should print these instructions or save these to a text file. Follow these instructions carefully.

Run HijackThis, click Do a system scan only, and check the box next to each of these entries if still present. Close all other windows and press Fix checked. If something isn't there, please continue with the next entry in the list.

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbar...tml?p=ZJfox000


Download Dr.Web CureIt to the desktop -> ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe

Restart your computer to the safe mode:
  • Restart your computer
  • Start tapping the F8 key when the computer restarts.
  • When the start menu opens, choose Safe mode
  • Press Enter. The computer then begins to start in Safe mode.
Run a scan with Dr.Web CureIt
  • Doubleclick the drweb-cureit.exe file and Allow to run the express scan
  • This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
  • Once the short scan has finished, you should now mark the drives that you want to scan.
  • Select all drives. A red dot shows which drives have been chosen.
  • Click the green arrow at the right, and the scan will start.
  • Click 'Yes to all' if it asks if you want to cure/move the file.
  • When the scan has finished, look if you can click next icon next to the files found
    check.gif
  • If so, click it and then click the next icon right below and select Move incurable
  • After the scan, in the menu, click file and choose save report list
  • Save the report to your desktop. The report will be called DrWeb.csv
  • Close Dr.Web Cureit.
  • Reboot the computer in Normal Mode,
  • Post the Cure-it report and a fresh HijackThis log
 
Mr_JAk3, thank you for replying.

I followed your instructions, however when i started my computer in safe mode and began to run the virus scanner, it got to about a third (maybe less) of the way through of the full scan of my C drive and my computer restarted itself. I tried several times and still the same thing happened.. Is there another way?
Thank you
Kelly
 
Hi and sorry for the delay, I had a busy day.

Ok that is interesting...

Please run a GMER Rootkit scan:

Download GMER's application from here:
http://www.gmer.net/gmer.zip

Unzip it and start the GMER.exe
Click the Rootkit tab and click the Scan button.

Once done, click the Copy button.
This will copy the results to your clipboard.
Paste the results in your next reply.

Warning ! Please, do not select the "Show all" checkbox during the scan.

:bigthumb:
 
Hey Mr Jake.
Thanks for your reply.
Here's the report you requested
cheers
kelly
ps its too long to fit in one post so ill split it



GMER 1.0.12.12086 - http://www.gmer.net
Rootkit scan 2007-03-14 21:51:22
Windows 5.1.2600 Service Pack 2


---- User code sections - GMER 1.0.12 ----

.text C:\Program Files\MSN Messenger\msnmsgr.exe[2348] kernel32.dll!SetUnhandledExceptionFilter 7C84479D 5 Bytes JMP 004DE392 C:\Program Files\MSN Messenger\MsnMsgr.Exe
.text C:\Program Files\Internet Explorer\iexplore.exe[3936] USER32.dll!DialogBoxParamW 77D5662C 5 Bytes JMP 7E1FF205 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3936] USER32.dll!DialogBoxIndirectParamW 77D62043 5 Bytes JMP 7E38FEBF C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3936] USER32.dll!MessageBoxIndirectA 77D6A05A 5 Bytes JMP 7E38FE40 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3936] USER32.dll!DialogBoxParamA 77D6B11C 5 Bytes JMP 7E38FE84 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3936] USER32.dll!MessageBoxExW 77D80538 5 Bytes JMP 7E38FDCC C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3936] USER32.dll!MessageBoxExA 77D8055C 5 Bytes JMP 7E38FE06 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3936] USER32.dll!DialogBoxIndirectParamA 77D86CAD 5 Bytes JMP 7E38FEFA C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3936] USER32.dll!MessageBoxIndirectW 77D96093 5 Bytes JMP 7E2215DA C:\WINDOWS\system32\IEFRAME.dll

---- Files - GMER 1.0.12 ----

File C:\Documents and Settings\Guest\Cookies\guest@connextra[3].txt
File C:\Documents and Settings\Guest\Cookies\guest@coolest-gadgets[2].txt
File C:\Documents and Settings\Guest\Cookies\guest@counter.hitslink[1].txt
File C:\Documents and Settings\Guest\Cookies\guest@dailyhaha[2].txt
File C:\Documents and Settings\Guest\Cookies\guest@data.qvcuk[1].txt
File C:\Documents and Settings\Guest\Cookies\guest@debr.myspace[2].txt
File C:\Documents and Settings\Guest\Cookies\guest@decdna[1].txt
File C:\Documents and Settings\Guest\Cookies\guest@dehp.myspace[1].txt
File C:\Documents and Settings\Guest\Cookies\guest@delb.myspace[2].txt
File C:\Documents and Settings\Guest\Cookies\guest@delb2.myspace[1].txt
File C:\Documents and Settings\Guest\Cookies\guest@demr.myspace[2].txt
File C:\Documents and Settings\Guest\Cookies\guest@desk.myspace[2].txt
File C:\Documents and Settings\Guest\Cookies\guest@disastermb[1].txt
File C:\Documents and Settings\Guest\Cookies\guest@doubleclick[1].txt
File C:\Documents and Settings\Guest\Cookies\guest@e-2dj6wakykncpmfo.stats.esomniture[2].txt
File C:\Documents and Settings\Guest\Cookies\guest@e-2dj6wfk4kic5alo.stats.esomniture[2].txt
File C:\Documents and Settings\Guest\Cookies\guest@e-2dj6wfk4qjcjiap.stats.esomniture[2].txt
File C:\Documents and Settings\Guest\Cookies\guest@e-2dj6wfkisndzmfo.stats.esomniture[1].txt
File C:\Documents and Settings\Guest\Cookies\guest@e-2dj6wfkoopdjalq.stats.esomniture[2].txt
File C:\Documents and Settings\Guest\Cookies\guest@e-2dj6wfkoqlajmbp.stats.esomniture[2].txt
File C:\Documents and Settings\Guest\Cookies\guest@e-2dj6wflikndpifq.stats.esomniture[2].txt
File C:\Documents and Settings\Guest\Cookies\guest@e-2dj6wgmyeoc5eao.stats.esomniture[2].txt
File C:\Documents and Settings\Guest\Cookies\guest@e-2dj6whkicid5cdq.stats.esomniture[1].txt
File C:\Documents and Settings\Guest\Cookies\guest@e-2dj6whkyqidjwlo.stats.esomniture[2].txt
 
File C:\Documents and Settings\Guest\Cookies\guest@e-2dj6wjlosldzwap.stats.esomniture[2].txt
File C:\Documents and Settings\Guest\Cookies\guest@ebay.co[1].txt
File C:\Documents and Settings\Guest\Cookies\guest@ebayobjects[1].txt
File C:\Documents and Settings\Guest\Cookies\guest@ebay[1].txt
File C:\Documents and Settings\Guest\Cookies\guest@ecustomeropinions[2].txt
File C:\Documents and Settings\Guest\Cookies\guest@edinburghnews.scotsman[1].txt
File C:\Documents and Settings\Guest\Cookies\guest@ehg-debenhams.hitbox[2].txt
File C:\Documents and Settings\Guest\Cookies\guest@fastclick[1].txt
File C:\Documents and Settings\Guest\Cookies\guest@find-me-a-gift.co[2].txt
File C:\Documents and Settings\Guest\Cookies\guest@firebox[2].txt
File C:\Documents and Settings\Guest\Cookies\guest@forum.interference[1].txt
File C:\Documents and Settings\Guest\Cookies\guest@frappr[1].txt
File C:\Documents and Settings\Guest\Cookies\guest@freeads[1].txt
File C:\Documents and Settings\Guest\Cookies\guest@friendsreunited.co[1].txt
File C:\Documents and Settings\Guest\Cookies\guest@gardensandhomesdirect.co[1].txt
File C:\Documents and Settings\Guest\Cookies\guest@google.co[1].txt
File C:\Documents and Settings\Guest\Cookies\guest@google[1].txt
File C:\Documents and Settings\Guest\Cookies\guest@greenfingers[1].txt
File C:\Documents and Settings\Guest\Cookies\guest@grovelands[2].txt
File C:\Documents and Settings\Guest\Cookies\guest@HarrodSite[1].txt
File C:\Documents and Settings\Guest\Cookies\guest@haxnicks.co[2].txt
File C:\Documents and Settings\Guest\Cookies\guest@hitbox[1].txt
File C:\Documents and Settings\Guest\Cookies\guest@hotmail.msn[1].txt
File C:\Documents and Settings\Guest\Cookies\guest@indexstats[2].txt
File C:\Documents and Settings\Guest\Cookies\guest@initgroup[1].txt
File C:\Documents and Settings\Guest\Cookies\guest@interference[1].txt
File C:\Documents and Settings\Guest\Cookies\guest@keywordmax[1].txt
File C:\Documents and Settings\Guest\Cookies\guest@lauraashley[2].txt
File C:\Documents and Settings\Guest\Cookies\guest@live[2].txt
File C:\Documents and Settings\Guest\Cookies\guest@login.live[2].txt
File C:\Documents and Settings\Guest\Cookies\guest@m.webtrends[2].txt
File C:\Documents and Settings\Guest\Cookies\guest@main.ebayrtm[1].txt
File C:\Documents and Settings\Guest\Cookies\guest@marksandspencer.122.2o7[1].txt ---- EOF - GMER 1.0.12 ----
 
File C:\Documents and Settings\Guest\Cookies\guest@media.adrevolver[2].txt
File C:\Documents and Settings\Guest\Cookies\guest@mediaplex[2].txt
File C:\Documents and Settings\Guest\Cookies\guest@messenger.msn[2].txt
File C:\Documents and Settings\Guest\Cookies\guest@metrixlab61.customers.luna[1].txt
File C:\Documents and Settings\Guest\Cookies\guest@metrixlablw.customers.luna[1].txt
File C:\Documents and Settings\Guest\Cookies\guest@msn[2].txt
File C:\Documents and Settings\Guest\Cookies\guest@mybloglog[1].txt
File C:\Documents and Settings\Guest\Cookies\guest@mygardengreen.co[1].txt
File C:\Documents and Settings\Guest\Cookies\guest@myspace[2].txt
File C:\Documents and Settings\Guest\Cookies\guest@mywebsearch[1].txt
File C:\Documents and Settings\Guest\Cookies\guest@nationalplastics.co[2].txt
File C:\Documents and Settings\Guest\Cookies\guest@news.scotsman[1].txt
File C:\Documents and Settings\Guest\Cookies\guest@od2[1].txt
File C:\Documents and Settings\Guest\Cookies\guest@paypal.112.2o7[1].txt

File C:\Documents and Settings\Guest\Cookies\guest@paypal[1].txt
File C:\Documents and Settings\Guest\Cookies\guest@pier.co[2].txt
File C:\Documents and Settings\Guest\Cookies\guest@pond-solutions.co[2].txt
File C:\Documents and Settings\Guest\Cookies\guest@prezziesplus.co[2].txt
File C:\Documents and Settings\Guest\Cookies\guest@qksrv[2].txt
File C:\Documents and Settings\Guest\Cookies\guest@quartzinteractive.co[1].txt
File C:\Documents and Settings\Guest\Cookies\guest@questionmarket[2].txt
File C:\Documents and Settings\Guest\Cookies\guest@qvcuk[1].txt
File C:\Documents and Settings\Guest\Cookies\guest@rad.msn[2].txt
File C:\Documents and Settings\Guest\Cookies\guest@realmedia[1].txt
File C:\Documents and Settings\Guest\Cookies\guest@reporting.tvlicensing.co[2].txt
File C:\Documents and Settings\Guest\Cookies\guest@s2d6[1].txt


File C:\Documents and Settings\Guest\Cookies\guest@sa47.boden.co[1].txt
File C:\Documents and Settings\Guest\Cookies\guest@scottishblog.squarespace[1].txt
File C:\Documents and Settings\Guest\Cookies\guest@sdc.bookreporter[1].txt
File C:\Documents and Settings\Guest\Cookies\guest@sdc.bookreporter[2].txt
File C:\Documents and Settings\Guest\Cookies\guest@search.msn.co[1].txt
File C:\Documents and Settings\Guest\Cookies\guest@serviceswitching[1].txt
File C:\Documents and Settings\Guest\Cookies\guest@serving-sys[2].txt
File C:\Documents and Settings\Guest\Cookies\guest@serv[1].txt
File C:\Documents and Settings\Guest\Cookies\guest@shop.vodafone.co[1].txt
File C:\Documents and Settings\Guest\Cookies\guest@slide[1].txt
File C:\Documents and Settings\Guest\Cookies\guest@stat.onestat[2].txt
File C:\Documents and Settings\Guest\Cookies\guest@statcounter[2].txt
File C:\Documents and Settings\Guest\Cookies\guest@superstore[1].txt
File C:\Documents and Settings\Guest\Cookies\guest@surprise[1].txt
File C:\Documents and Settings\Guest\Cookies\guest@tacoda[1].txt
File C:\Documents and Settings\Guest\Cookies\guest@tbrewer.co[2].txt
File C:\Documents and Settings\Guest\Cookies\guest@track.webgains[2].txt
 
File C:\Documents and Settings\Guest\Cookies\guest@tracking.summitmedia.co[1].txt
File C:\Documents and Settings\Guest\Cookies\guest@tradedoubler[1].txt
File C:\Documents and Settings\Guest\Cookies\guest@tradekey[2].txt
File C:\Documents and Settings\Guest\Cookies\guest@trakzor[1].txt
File C:\Documents and Settings\Guest\Cookies\guest@tribalfusion[1].txt
File C:\Documents and Settings\Guest\Cookies\guest@uk.ebayrtm[1].txt
File C:\Documents and Settings\Guest\Cookies\guest@uk.freeads[1].txt
File C:\Documents and Settings\Guest\Cookies\guest@visitors.dooyoo.co[1].txt
File C:\Documents and Settings\Guest\Cookies\guest@ww2.kitchenscience.co[1].txt
File C:\Documents and Settings\Guest\Cookies\guest@www.agirlsworld.co[1].txt
File C:\Documents and Settings\Guest\Cookies\guest@www.authorsontheweb[1].txt
File C:\Documents and Settings\Guest\Cookies\guest@www.awin1[1].txt
File C:\Documents and Settings\Guest\Cookies\guest@www.boden.co[1].txt
File C:\Documents and Settings\Guest\Cookies\guest@www.boysstuff.co[1].txt
File C:\Documents and Settings\Guest\Cookies\guest@www.chindwelldoors.co[1].txt
File C:\Documents and Settings\Guest\Cookies\guest@www.daltons.co[1].txt
File C:\Documents and Settings\Guest\Cookies\guest@www.daltonsproperty[1].txt
File C:\Documents and Settings\Guest\Cookies\guest@www.debenhams[2].txt
File C:\Documents and Settings\Guest\Cookies\guest@www.elginontheweb.co[1].txt
File C:\Documents and Settings\Guest\Cookies\guest@www.friendsreunited.co[2].txt
File C:\Documents and Settings\Guest\Cookies\guest@www.gardensandhomesdirect.co[2].txt
File C:\Documents and Settings\Guest\Cookies\guest@www.google.co[2].txt
File C:\Documents and Settings\Guest\Cookies\guest@www.googleadservices[1].txt
File C:\Documents and Settings\Guest\Cookies\guest@www.greendayforum.co[2].txt
File C:\Documents and Settings\Guest\Cookies\guest@www.hedgesdirect.co[1].txt
 
File C:\Documents and Settings\Guest\Cookies\guest@www.kitchenscience.co[1].txt
File C:\Documents and Settings\Guest\Cookies\guest@www.lauraashley[2].txt
File C:\Documents and Settings\Guest\Cookies\guest@www.marksandspencer[2].txt
File C:\Documents and Settings\Guest\Cookies\guest@www.meshcomputers[1].txt
File C:\Documents and Settings\Guest\Cookies\guest@www.paypal[1].txt
File C:\Documents and Settings\Guest\Cookies\guest@www.pier.co[2].txt
File C:\Documents and Settings\Guest\Cookies\guest@www.premdoruk[2].txt
File C:\Documents and Settings\Guest\Cookies\guest@www.scaringbirds[2].txt File C:\Documents and Settings\Guest\Cookies\guest@www.sptag2[1].txt
File C:\Documents and Settings\Guest\Cookies\guest@www.thekidswindow.co[1].txt
File C:\Documents and Settings\Guest\Cookies\guest@yahoo[1].txt
File C:\Documents and Settings\Guest\Cookies\index.dat
File C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\AYGX1P2F\sl[1].gif
File C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\AYGX1P2F\sm_search_but[1].gif
File C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\AYGX1P2F\SonyaHamlin[1].jpg
File C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\AYGX1P2F\spotlit_dolphin35_d900_234x60[1].swf
File C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\AYGX1P2F\statusbar-bg[1].gif
File C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\AYGX1P2F\STC_120x600[1].gif
File C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\AYGX1P2F\std_5b27ac98c155caba5cecf6dc80dc838d[1].mp3
File C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\AYGX1P2F\stephen098[1].jpg
File C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\AYGX1P2F\sticker-contactme[1].gif
File C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\AYGX1P2F\stickyfingerz[1].gif
File C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\AYGX1P2F\story6823696t0[1].htm
File C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\AYGX1P2F\structure[1].css
File C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\AYGX1P2F\st[1]
File C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\AYGX1P2F\st[1].htm
 
File C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\AYGX1P2F\st[2]
File C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\AYGX1P2F\subHeader[1].gif
File C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\AYGX1P2F\swf_728x90[1].swf
File C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\AYGX1P2F\s_04aa4ea7d8e5e1e76ed5605f614b8914[1].jpg
File C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\AYGX1P2F\s_0cfab425741a085c8b7ee193db45f44b[1].jpg
File C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\AYGX1P2F\s_1859bf7cd5a7c299c2e10c5f28ac9a9e[1].jpg
File C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\AYGX1P2F\s_1d4bf9c2ee5be6721f6b91882abc3686[1].jpg
File C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\AYGX1P2F\s_1fc0f741ff058e082fbf9df77fcd9e28[1].jpg
File C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\AYGX1P2F\s_220b2eb42f5a5f76ca67fe9c2b8c78e8[1].gif
File C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\AYGX1P2F\s_2212199bc66c85302ae80376f7b8a8d8[1].jpg
File C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\AYGX1P2F\s_3bef4064f3487a798d714ca1fe7c1455[1].jpg
File C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\AYGX1P2F\s_49511cb4de275c7b222cfe475c74a99b[1].jpg
File C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\AYGX1P2F\s_572279d2921d332cee9bb3853969219c[1].jpg
File C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\AYGX1P2F\s_573836ae114e28b5355bdc9a8f5bb142[1].jpg
File C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\AYGX1P2F\s_577b1693f121b6fc30240ce2c93ffc25[1].jpg
File C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\AYGX1P2F\s_5e032e3858bb9d97e137dedadb2eec12[1].jpg
File C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\AYGX1P2F\s_5e8e04af683ca3f70a89ae6960c10583[1].jpg
File C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\AYGX1P2F\s_5fa405d8b27c6c1e28daf032aa32dbdc[1].jpg
File C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\AYGX1P2F\s_6473f441352cbdc532fbcd43207b7b61[1].jpg
File C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\AYGX1P2F\s_670f07055d37a7d8f1227352fcda58ea[1].jpg
File C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\AYGX1P2F\s_68da94a427cb7ad782d69ac87940001d[1].jpg
File C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\AYGX1P2F\s_69ed1ae7141ed3daf2647c0fd57d8d2c[1].jpg
File C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\AYGX1P2F\s_7364f0fe2d1defd6462a4a33402aee48[1].jpg
 
File C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\AYGX1P2F\s_7684f5a7cf6339dce556096e21a4e9b2[1].jpg
File C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\AYGX1P2F\s_7afade47c7c4392edc177b3273fcd3da[1].gif
File C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\AYGX1P2F\s_839751798e22999be5daf97df28df5e8[1].jpg
File C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\AYGX1P2F\s_8990fba7407f92bb95de41acd9a70a63[1].jpg
File C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\AYGX1P2F\s_90a0307ff824cd380b4fea210fc11dda[1].jpg
File C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\AYGX1P2F\s_918b35262e35dadf51ea0347ff678e39[1].jpg
File C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\AYGX1P2F\s_940fd5aafc9e1ca3f574b3dc01ee22d9[1].jpg
File C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\AYGX1P2F\s_96333dc55cde568a552ea5591a0344ea[1].jpg
File C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\AYGX1P2F\s_99bb444ecd92335bee114351bc2205e3[1].jpg
File C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\AYGX1P2F\s_9bed4a69e8b2c0b1158119e8df7fe091[1].jpg
File C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\AYGX1P2F\s_9d7f0ccd988d4e5db3f74850d7dd538c[1].gif
File C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\AYGX1P2F\s_9d9edf5ececf78f5dcfafa205396a354[1].jpg
File C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\AYGX1P2F\s_aaca892d8d7e65a95bd20f99617538be[1].jpg
File C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\AYGX1P2F\s_aea5388714a1e1a546dea8eca2f58ca9[1].jpg
File C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\AYGX1P2F\s_b0f029ad77d34e37074c904ed664eef0[1].jpg
File C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\AYGX1P2F\s_ba545e53d37c43faca57157b7950adae[1].jpg
File C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\AYGX1P2F\s_bc19c8cb8210ee14a00c097a6257189a[1].jpg
File C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\AYGX1P2F\s_cee018d1e57777ad82439a9fe850bf9d[1].jpg
File C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\AYGX1P2F\s_d4cb3bae409e0f6c9334bbf267eb369d[1].jpg
File C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\AYGX1P2F\s_e09d769f57a43ea3ff9f492ca721d7ae[1].jpg
File C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\AYGX1P2F\s_e0d5b80f5de82485291e6e183f22851f[1].jpg
File C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\AYGX1P2F\s_e3312d64b0aadca1dbccfb9c96c4a460[1].jpg
File C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\AYGX1P2F\s_e661a4e3f471e4b1b68bb083e0f03817[1].jpg
 
File C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\AYGX1P2F\s_ef1ea897acbbb7b6ac4f8e038c79d094[1].jpg
File C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\AYGX1P2F\s_f14e81250db048e54e7f0293f130ba8b[1].jpg
File C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\AYGX1P2F\tagger_v02[1].htm
File C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\AYGX1P2F\thanxfor85[1].gif
File C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\AYGX1P2F\th_156120279_l[1].jpg
File C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\AYGX1P2F\th_189875466_l[1].jpg
File C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\AYGX1P2F\th_258317358_l[1].jpg
File C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\AYGX1P2F\th_357108575_l[1].jpg
File C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\AYGX1P2F\th_487743267_l[1].jpg
File C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\AYGX1P2F\th_619467538_l[1].jpg
File C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\AYGX1P2F\th_700255699_l[1].jpg
File C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\AYGX1P2F\th_794639597_l[1].jpg
File C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\AYGX1P2F\th_833885165_l[1].jpg
File C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\AYGX1P2F\th_835499722_l[1].jpg
File C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\AYGX1P2F\th_893813939_l[1].jpg
File C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\AYGX1P2F\th_camheroes[1].jpg
File C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\AYGX1P2F\th_dani[1].jpg
File C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\AYGX1P2F\th_DSC04629[1].jpg
File C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\AYGX1P2F\th_Grayson[1].jpg
File C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\AYGX1P2F\th_lockedrawing15[1].jpg
 
File C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\AYGX1P2F\th_stephen098[1].jpg
File C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\AYGX1P2F\tiny[1].gif
File C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\AYGX1P2F\title_bg[1].jpg
File C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\AYGX1P2F\title_search[1].gif
File C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\AYGX1P2F\TM3234_wk8_flext35_120x600[1].swf
File C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\AYGX1P2F\TM3234_wk8_flext35_120x600[2].swf
File C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\AYGX1P2F\TM3234_wk8_flext35_120x600[3].swf
File C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\AYGX1P2F\token[1].xml
File C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\AYGX1P2F\topleft_02[1].gif
File C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\AYGX1P2F\topnav-bg[1].gif
File C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\AYGX1P2F\topright[1].gif
File C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\AYGX1P2F\trace[1].htm
File C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\AYGX1P2F\trace[2].htm
File C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\AYGX1P2F\treenice[1].gif
File C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\AYGX1P2F\treeXsell_lg[1].gif
File C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\AYGX1P2F\t[1].gif
File C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\AYGX1P2F\v=4%3Bm=2%3Bl=4572%3Bc=8215%3Bb=36934%3Bts=20070223223708%3Bdct=;ord=20070223223708[1]
File C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\AYGX1P2F\v=4;m=2;l=4573;ts=[1]
File C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\AYGX1P2F\v=4;m=2;l=4573;ts=[2]
File C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\AYGX1P2F\v=4;m=2;l=5585;ts=1172268357484[1]
File C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\AYGX1P2F\valentine[1].gif
File C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\AYGX1P2F\valentine[1].jpg
File C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\AYGX1P2F\vdayBoxBlack[1].jpg
File C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\AYGX1P2F\VictoriaLustbader[1].jpg
File C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\AYGX1P2F\warn0[1].gif
File C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\AYGX1P2F\weemee[1].jpg
File C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\AYGX1P2F\willy-mason[1].jpg
File C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\AYGX1P2F\worlds[1].gif
File C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\AYGX1P2F\WWWMEMPICN[1].jpg
File C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\AYGX1P2F\xslide1[1].gif
File C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\AYGX1P2F\xslide6[1].gif
File C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\AYGX1P2F\zoomerCAAISOPA.jpg
File C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\AYGX1P2F\zoomerCABNAME0.jpg
File C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\AYGX1P2F\zoomerCAI3D18W.jpg
File C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\AYGX1P2F\zoomerCALSER9E.jpg
File C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\AYGX1P2F\zoomerCARVOLJ7.jpg
File C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\AYGX1P2F\zoomerCASSGGY4.jpg
File C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\AYGX1P2F\zoomerCAU3FF53.jpg
File C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\AYGX1P2F\zoomerCAWTW0IY.jpg
File C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\AYGX1P2F\zoomer[10].jpg
File C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\AYGX1P2F\zoomer[11].jpg
File C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\AYGX1P2F\zoomer[1].jpg
File C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\AYGX1P2F\zoomer[2].jpg
File C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\AYGX1P2F\zoomer[3].jpg
File C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\AYGX1P2F\zoomer[4].jpg
File C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\AYGX1P2F\zoomer[5].jpg
File C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\AYGX1P2F\zoomer[6].jpg
File C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\AYGX1P2F\zoomer[7].jpg
File C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\AYGX1P2F\zoomer[8].jpg
File C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\AYGX1P2F\zoomer[9].jpg
ADS C:\Documents and Settings\Kelly\Local Settings\Application Data\Microsoft\Messenger\imurderedpunk@hotmail.com\SharingMetadata\takenoprisoners89@hotmail.com\DFSR\Staging\CS{EBE67AC7-70B7-CB63-E7AD-086D555837C1}\01\10-{EBE67AC7-70B7-CB63-E7AD-086D555837C1}-v1-{F9E9B693-5925-4B00-831C-EFAD6201BF8C}-v10-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
 
Hi again :)

Nothing bad there. How is the computer running at the moment?

Generate a HijackThis Startup list:
Open HijackThis:
  • Click on "Open the Misc Tools Section"
  • Check the following boxes to the right of "Generate StartupList Log":
    • List also minor sections (Full)
    • List empty sections (Complete)
  • Click "Generate StartupListLog"
  • Click "Yes" at the prompt.
  • A Notepad window will open with the contents of the HijackThis Startup list displayed
  • Copy & Paste that log to here
:bigthumb:
 
StartupList report, 15/03/2007, 18:20:17
StartupList version: 1.52.2
Started from : C:\HijackThis\HijackThis.EXE
Detected: Windows XP SP2 (WinNT 5.01.2600)
Detected: Internet Explorer v7.00 (7.00.6000.16414)
* Using default options
* Including empty and uninteresting sections
* Showing rarely important sections
==================================================

Running processes:

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CyberLink\PowerCinema\PCMService.exe
C:\WINDOWS\CTHELPER.EXE
C:\Program Files\Creative\SBAudigy4\DVDAudio\CTDVDDET.EXE
C:\Program Files\Creative\SBAudigy4\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\PRISMSVR.EXE
C:\WINDOWS\V0220Mon.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIABE.EXE
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\BT Voyager Wireless Adapter\PRISMCFG.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HijackThis\HijackThis.exe

--------------------------------------------------

Listing of startup folders:

Shell folders Startup:
[C:\Documents and Settings\Kelly\Start Menu\Programs\Startup]
Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

Shell folders AltStartup:
*Folder not found*

User shell folders Startup:
*Folder not found*

User shell folders AltStartup:
*Folder not found*

Shell folders Common Startup:
[C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
BT Voyager Wireless Utility.lnk = ?
Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

Shell folders Common AltStartup:
*Folder not found*

User shell folders Common Startup:
*Folder not found*

User shell folders Alternate Common Startup:
*Folder not found*

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,

[HKLM\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*

[HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
*Registry value not found*

[HKCU\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

PCMService = "C:\Program Files\CyberLink\PowerCinema\PCMService.exe"
{1290A33C-85F5-4164-A1BE-7DD299D4986A} = "C:\Program Files\CyberLink\PowerBackup\PBKScheduler.exe"
Ptipbmf = rundll32.exe ptipbmf.dll,SetWriteCacheMode
CTHelper = CTHELPER.EXE
CTDVDDET = "C:\Program Files\Creative\SBAudigy4\DVDAudio\CTDVDDET.EXE"
CTSysVol = C:\Program Files\Creative\SBAudigy4\Surround Mixer\CTSysVol.exe /r
AudioDrvEmulator = "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
UpdReg = C:\WINDOWS\UpdReg.EXE
ATICCC = "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
PRISMSVR.EXE = "C:\WINDOWS\system32\PRISMSVR.EXE" /APPLY
V0220Mon.exe = C:\WINDOWS\V0220Mon.exe
SunJavaUpdateSched = C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
TkBellExe = "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
Adobe Photo Downloader = "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
PCSuiteTrayApplication = C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
QuickTime Task = "C:\Program Files\QuickTime\qttask.exe" -atboottime
iTunesHelper = "C:\Program Files\iTunes\iTunesHelper.exe"
Openwares LiveUpdate = C:\Program Files\LiveUpdate\LiveUpdate.exe
EPSON Stylus D88 Series = C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIABE.EXE /P23 "EPSON Stylus D88 Series" /O6 "USB001" /M "Stylus D88"
AVG7_CC = C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

MsnMsgr = "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
Power2GoExpress =
BitTorrent = "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

[OptionalComponents]
*No values found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*

--------------------------------------------------

File association entry for .EXE:
HKEY_CLASSES_ROOT\exefile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .COM:
HKEY_CLASSES_ROOT\comfile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .BAT:
HKEY_CLASSES_ROOT\batfile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .PIF:
HKEY_CLASSES_ROOT\piffile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .SCR:
HKEY_CLASSES_ROOT\scrfile\shell\open\command

(Default) = "%1" /S

--------------------------------------------------

File association entry for .HTA:
HKEY_CLASSES_ROOT\htafile\shell\open\command

(Default) = C:\WINDOWS\system32\mshta.exe "%1" %*

--------------------------------------------------

File association entry for .TXT:
HKEY_CLASSES_ROOT\txtfile\shell\open\command

(Default) = %SystemRoot%\system32\NOTEPAD.EXE %1

--------------------------------------------------

Enumerating Active Setup stub paths:
HKLM\Software\Microsoft\Active Setup\Installed Components
(* = disabled by HKCU twin)

[<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}] *
StubPath = C:\WINDOWS\system32\ieudinit.exe

[>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
StubPath = C:\WINDOWS\inf\unregmp2.exe /ShowWMP

[>{26923b43-4d38-484f-9b9e-de460746276c}] *
StubPath = C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig

[>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] *
StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

[>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] *
StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

[{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] *
StubPath = %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

[{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install

[{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT

[{5945c046-1e7d-11d1-bc44-00c04fd912be}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser

[{6BF52A52-394A-11d3-B153-00C04F79FAA6}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp10.inf,PerUserStub

[{7790769C-0471-11d2-AF11-00C04FA35D02}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install

[{89820200-ECBD-11cf-8B85-00AA005B4340}] *
StubPath = regsvr32.exe /s /n /i:U shell32.dll

[{89820200-ECBD-11cf-8B85-00AA005B4383}] *
StubPath = C:\WINDOWS\system32\ie4uinit.exe -BaseSettings

[{89B4C1CD-B018-4511-B0A1-5476DBF70820}] *
StubPath = C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install

[{8b15971b-5355-4c82-8c07-7e181ea07608}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser

--------------------------------------------------

Enumerating ICQ Agent Autostart apps:
HKCU\Software\Mirabilis\ICQ\Agent\Apps

*Registry key not found*

--------------------------------------------------

Load/Run keys from C:\WINDOWS\WIN.INI:

load=*INI section not found*
run=*INI section not found*

Load/Run keys from Registry:

HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\Windows: load=
HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=Explorer.exe
SCRNSAVE.EXE=C:\WINDOWS\System32\logon.scr
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry key not found*
HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------

Checking for EXPLORER.EXE instances:

C:\WINDOWS\Explorer.exe: PRESENT!

C:\Explorer.exe: not present
C:\WINDOWS\Explorer\Explorer.exe: not present
C:\WINDOWS\System\Explorer.exe: not present
C:\WINDOWS\System32\Explorer.exe: not present
C:\WINDOWS\Command\Explorer.exe: not present
C:\WINDOWS\Fonts\Explorer.exe: not present

--------------------------------------------------

Checking for superhidden extensions:

.lnk: HIDDEN! (arrow overlay: yes)
.pif: HIDDEN! (arrow overlay: yes)
.exe: not hidden
.com: not hidden
.bat: not hidden
.hta: not hidden
.scr: not hidden
.shs: HIDDEN!
.shb: HIDDEN!
.vbs: not hidden
.vbe: not hidden
.wsh: not hidden
.scf: HIDDEN! (arrow overlay: NO!)
.url: HIDDEN! (arrow overlay: yes)
.js: not hidden
.jse: not hidden

--------------------------------------------------

Verifying REGEDIT.EXE integrity:

- Regedit.exe found in C:\WINDOWS
- .reg open command is normal (regedit.exe %1)
- Company name OK: 'Microsoft Corporation'
- Original filename OK: 'REGEDIT.EXE'
- File description: 'Registry Editor'

Registry check passed

--------------------------------------------------

Enumerating Browser Helper Objects:

(no name) - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A}
 
--------------------------------------------------

Enumerating Task Scheduler jobs:

AppleSoftwareUpdate.job

--------------------------------------------------

Enumerating Download Program Files:

[Checkers Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\msgrchkr.dll
CODEBASE = http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab

[MessengerStatsClient Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\MessengerStatsPAClient.dll
CODEBASE = http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab

[Trend Micro ActiveX Scan Agent 6.6]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\Housecall_ActiveX.dll
CODEBASE = http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab

[Minesweeper Flags Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\minesweeper.dll
CODEBASE = http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab

[WScanCtl Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\webscan.dll
CODEBASE = http://www3.ca.com/securityadvisor/virusinfo/webscan.cab

[Java Plug-in 1.5.0_03]
InProcServer32 = C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
CODEBASE = http://java.sun.com/update/1.5.0/jinstall-1_5_0_03-windows-i586.cab

[MessengerStatsClient Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\messengerstatsclient.dll
CODEBASE = http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab

[ActiveScan Installer Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\asinst.dll
CODEBASE = http://acs.pandasoftware.com/activescan/as5free/asinst.cab

[ZoneIntro Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\ZIntro.ocx
CODEBASE = http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab

[CBreakshotControl Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\Banksht2.dll
CODEBASE = http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab

[Java Plug-in 1.5.0_03]
InProcServer32 = C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
CODEBASE = http://java.sun.com/update/1.5.0/jinstall-1_5_0_03-windows-i586.cab

[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\system32\Macromed\Flash\Flash9.ocx
CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

--------------------------------------------------

Enumerating Winsock LSP files:

NameSpace #1: C:\WINDOWS\System32\mswsock.dll
NameSpace #2: C:\WINDOWS\System32\winrnr.dll
NameSpace #3: C:\WINDOWS\System32\mswsock.dll
Protocol #1: C:\WINDOWS\system32\mswsock.dll
Protocol #2: C:\WINDOWS\system32\mswsock.dll
Protocol #3: C:\WINDOWS\system32\mswsock.dll
Protocol #4: C:\WINDOWS\system32\rsvpsp.dll
Protocol #5: C:\WINDOWS\system32\rsvpsp.dll
Protocol #6: C:\WINDOWS\system32\mswsock.dll
Protocol #7: C:\WINDOWS\system32\mswsock.dll
Protocol #8: C:\WINDOWS\system32\mswsock.dll
Protocol #9: C:\WINDOWS\system32\mswsock.dll
Protocol #10: C:\WINDOWS\system32\mswsock.dll
Protocol #11: C:\WINDOWS\system32\mswsock.dll
Protocol #12: C:\WINDOWS\system32\mswsock.dll
Protocol #13: C:\WINDOWS\system32\mswsock.dll
Protocol #14: C:\WINDOWS\system32\mswsock.dll
Protocol #15: C:\WINDOWS\system32\mswsock.dll
Protocol #16: C:\WINDOWS\system32\mswsock.dll
Protocol #17: C:\WINDOWS\system32\mswsock.dll
Protocol #18: C:\WINDOWS\system32\mswsock.dll
Protocol #19: C:\WINDOWS\system32\mswsock.dll
Protocol #20: C:\WINDOWS\system32\mswsock.dll
Protocol #21: C:\WINDOWS\system32\mswsock.dll

--------------------------------------------------

Enumerating Windows NT/2000/XP services

abp480n5: \SystemRoot\system32\DRIVERS\ABP480N5.SYS (disabled)
Microsoft ACPI Driver: system32\DRIVERS\ACPI.sys (system)
Adobe LM Service: "C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe" (manual start)
adpu160m: \SystemRoot\system32\DRIVERS\adpu160m.sys (disabled)
Microsoft Kernel Acoustic Echo Canceller: system32\drivers\aec.sys (manual start)
AFD: \SystemRoot\System32\drivers\afd.sys (system)
Intel AGP Bus Filter: \SystemRoot\system32\DRIVERS\agp440.sys (disabled)
Compaq AGP Bus Filter: \SystemRoot\system32\DRIVERS\agpCPQ.sys (disabled)
Aha154x: \SystemRoot\system32\DRIVERS\aha154x.sys (disabled)
aic78u2: \SystemRoot\system32\DRIVERS\aic78u2.sys (disabled)
aic78xx: \SystemRoot\system32\DRIVERS\aic78xx.sys (disabled)
Alerter: %SystemRoot%\system32\svchost.exe -k LocalService (disabled)
Application Layer Gateway Service: %SystemRoot%\System32\alg.exe (manual start)
AliIde: system32\DRIVERS\aliide.sys (system)
ALI AGP Bus Filter: \SystemRoot\system32\DRIVERS\alim1541.sys (disabled)
AMD AGP Bus Filter Driver: \SystemRoot\system32\DRIVERS\amdagp.sys (disabled)
amsint: \SystemRoot\system32\DRIVERS\amsint.sys (disabled)
Application Management: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
1394 ARP Client Protocol: system32\DRIVERS\arp1394.sys (manual start)
asc: \SystemRoot\system32\DRIVERS\asc.sys (disabled)
asc3350p: \SystemRoot\system32\DRIVERS\asc3350p.sys (disabled)
asc3550: \SystemRoot\system32\DRIVERS\asc3550.sys (disabled)
ASP.NET State Service: %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (manual start)
RAS Asynchronous Media Driver: system32\DRIVERS\asyncmac.sys (manual start)
Standard IDE/ESDI Hard Disk Controller: system32\DRIVERS\atapi.sys (system)
Ati HotKey Poller: %SystemRoot%\system32\Ati2evxx.exe (autostart)
ATI Smart: C:\WINDOWS\system32\ati2sgag.exe (disabled)
ati2mtag: system32\DRIVERS\ati2mtag.sys (manual start)
ATM ARP Client Protocol: system32\DRIVERS\atmarpc.sys (manual start)
Windows Audio: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Audio Stub Driver: system32\DRIVERS\audstub.sys (manual start)
AVG7 Alert Manager Server: C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe (autostart)
AVG7 Kernel: \SystemRoot\System32\Drivers\avg7core.sys (system)
AVG7 Wrap Driver: \SystemRoot\System32\Drivers\avg7rsw.sys (system)
AVG7 Resident Driver XP: \SystemRoot\System32\Drivers\avg7rsxp.sys (system)
AVG7 Update Service: C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe (autostart)
AVG7 Clean Driver: \SystemRoot\System32\Drivers\avgclean.sys (system)
Background Intelligent Transfer Service: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
Computer Browser: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
cbidf: \SystemRoot\system32\DRIVERS\cbidf2k.sys (disabled)
Closed Caption Decoder: system32\DRIVERS\CCDECODE.sys (manual start)
cd20xrnt: \SystemRoot\system32\DRIVERS\cd20xrnt.sys (disabled)
CD-ROM Driver: system32\DRIVERS\cdrom.sys (system)
Indexing Service: %SystemRoot%\system32\cisvc.exe (manual start)
CyberLink Background Capture Service (CBCS): "C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe" (autostart)
ClipBook: %SystemRoot%\system32\clipsrv.exe (disabled)
.NET Runtime Optimization Service v2.0.50727_X86: C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (disabled)
CyberLink Task Scheduler (CTS): "C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe" (autostart)
CmdIde: \SystemRoot\system32\DRIVERS\cmdide.sys (disabled)
COM+ System Application: C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} (manual start)
Cpqarray: \SystemRoot\system32\DRIVERS\cpqarray.sys (disabled)
Creative Service for CDROM Access: C:\WINDOWS\system32\CTsvcCDA.EXE (disabled)
Cryptographic Services: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Creative AC3 Software Decoder: system32\drivers\ctac32k.sys (manual start)
Creative Audio Driver (WDM): system32\drivers\ctaud2k.sys (manual start)
Creative DVD-Audio Device Driver: system32\drivers\ctdvda2k.sys (manual start)
Creative Proxy Driver: system32\drivers\ctprxy2k.sys (manual start)
Creative SoundFont Management Device Driver: system32\drivers\ctsfm2k.sys (manual start)
CyberLink Media Library Service: "C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe" (autostart)
dac2w2k: \SystemRoot\system32\DRIVERS\dac2w2k.sys (disabled)
dac960nt: \SystemRoot\system32\DRIVERS\dac960nt.sys (disabled)
DCOM Server Process Launcher: %SystemRoot%\system32\svchost -k DcomLaunch (autostart)
DHCP Client: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Disk Driver: system32\DRIVERS\disk.sys (system)
Logical Disk Manager Administrative Service: %SystemRoot%\System32\dmadmin.exe /com (manual start)
dmboot: System32\drivers\dmboot.sys (disabled)
dmio: System32\drivers\dmio.sys (disabled)
dmload: System32\drivers\dmload.sys (disabled)
Logical Disk Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Microsoft Kernel DLS Syntheiszer: system32\drivers\DMusic.sys (manual start)
DNS Client: %SystemRoot%\system32\svchost.exe -k NetworkService (autostart)
dpti2o: \SystemRoot\system32\DRIVERS\dpti2o.sys (disabled)
Microsoft Kernel DRM Audio Descrambler: system32\drivers\drmkaud.sys (manual start)
E-mu Plug-in Architecture Driver: system32\drivers\emupia2k.sys (manual start)
Error Reporting Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Event Log: %SystemRoot%\system32\services.exe (autostart)
COM+ Event System: C:\WINDOWS\system32\svchost.exe -k netsvcs (manual start)
fasttx2k: \SystemRoot\system32\DRIVERS\fasttx2k.sys (disabled)
Fast User Switching Compatibility: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Fax: %systemroot%\system32\fxssvc.exe (autostart)
Floppy Disk Controller Driver: system32\DRIVERS\fdc.sys (manual start)
FltMgr: system32\DRIVERS\fltMgr.sys (system)
Volume Manager Driver: system32\DRIVERS\ftdisk.sys (system)
GEAR CDRom Filter: SYSTEM32\DRIVERS\GEARAspiWDM.sys (manual start)
gmer: System32\DRIVERS\gmer.sys (manual start)
Generic Packet Classifier: system32\DRIVERS\msgpc.sys (manual start)
Creative Hardware Abstract Layer Driver: system32\drivers\ha10kx2k.sys (manual start)
Hamachi Network Interface: system32\DRIVERS\hamachi.sys (manual start)
Creative P16V HAL Driver: system32\drivers\hap16v2k.sys (manual start)
Creative P17V HAL Driver: system32\drivers\hap17v2k.sys (manual start)
Help and Support: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
HID Input Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Microsoft HID Class Driver: system32\DRIVERS\hidusb.sys (manual start)
hpn: \SystemRoot\system32\DRIVERS\hpn.sys (disabled)
HTTP: System32\Drivers\HTTP.sys (manual start)
HTTP SSL: %SystemRoot%\System32\svchost.exe -k HTTPFilter (manual start)
i2omp: \SystemRoot\system32\DRIVERS\i2omp.sys (disabled)
i8042 Keyboard and PS/2 Mouse Port Driver: system32\DRIVERS\i8042prt.sys (system)
Intel AHCI Controller: \SystemRoot\system32\DRIVERS\iaStor.sys (disabled)
InstallDriver Table Manager: "C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe" (manual start)
CD-Burning Filter Driver: system32\DRIVERS\imapi.sys (system)
IMAPI CD-Burning COM Service: C:\WINDOWS\system32\imapi.exe (disabled)
ini910u: \SystemRoot\system32\DRIVERS\ini910u.sys (disabled)
IntelIde: \SystemRoot\system32\DRIVERS\intelide.sys (disabled)
Intel Processor Driver: system32\DRIVERS\intelppm.sys (system)
IPv6 Windows Firewall Driver: system32\DRIVERS\Ip6Fw.sys (manual start)
IP Traffic Filter Driver: system32\DRIVERS\ipfltdrv.sys (manual start)
IP in IP Tunnel Driver: system32\DRIVERS\ipinip.sys (manual start)
IP Network Address Translator: system32\DRIVERS\ipnat.sys (manual start)
iPod Service: "C:\Program Files\iPod\bin\iPodService.exe" (manual start)
IPSEC driver: system32\DRIVERS\ipsec.sys (system)
IR Enumerator Service: system32\DRIVERS\irenum.sys (manual start)
PnP ISA/EISA Bus Driver: system32\DRIVERS\isapnp.sys (system)
Keyboard Class Driver: system32\DRIVERS\kbdclass.sys (system)
Keyboard HID Driver: system32\DRIVERS\kbdhid.sys (system)
Microsoft Kernel Wave Audio Mixer: system32\drivers\kmixer.sys (manual start)
Server: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Workstation: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
TCP/IP NetBIOS Helper: %SystemRoot%\system32\svchost.exe -k LocalService (autostart)
m5287: \SystemRoot\system32\DRIVERS\m5287.sys (disabled)
m5289: \SystemRoot\system32\DRIVERS\m5289.sys (disabled)
AEGIS Protocol (IEEE 802.1x) v2.3.1.9: system32\DRIVERS\mdc8021x.sys (autostart)
Messenger: %SystemRoot%\system32\svchost.exe -k netsvcs (disabled)
NetMeeting Remote Desktop Sharing: C:\WINDOWS\system32\mnmsrvc.exe (disabled)
Mouse Class Driver: system32\DRIVERS\mouclass.sys (system)
Mouse HID Driver: system32\DRIVERS\mouhid.sys (manual start)
mraid35x: \SystemRoot\system32\DRIVERS\mraid35x.sys (disabled)
WebDav Client Redirector: system32\DRIVERS\mrxdav.sys (manual start)
MRXSMB: system32\DRIVERS\mrxsmb.sys (system)
Distributed Transaction Coordinator: C:\WINDOWS\system32\msdtc.exe (disabled)
Windows Installer: C:\WINDOWS\system32\msiexec.exe /V (manual start)
Microsoft Streaming Service Proxy: system32\drivers\MSKSSRV.sys (manual start)
Microsoft Streaming Clock Proxy: system32\drivers\MSPCLOCK.sys (manual start)
Microsoft Streaming Quality Manager Proxy: system32\drivers\MSPQM.sys (manual start)
Microsoft System Management BIOS Driver: system32\DRIVERS\mssmbios.sys (manual start)
Microsoft Streaming Tee/Sink-to-Sink Converter: system32\drivers\MSTEE.sys (manual start)
ATK0110 ACPI UTILITY: system32\DRIVERS\ASACPI.sys (manual start)
NABTS/FEC VBI Codec: system32\DRIVERS\NABTSFEC.sys (manual start)
Microsoft TV/Video Connection: system32\DRIVERS\NdisIP.sys (manual start)
Remote Access NDIS TAPI Driver: system32\DRIVERS\ndistapi.sys (manual start)
NDIS Usermode I/O Protocol: system32\DRIVERS\ndisuio.sys (manual start)
Remote Access NDIS WAN Driver: system32\DRIVERS\ndiswan.sys (manual start)
NetBIOS Interface: system32\DRIVERS\netbios.sys (system)
NetBios over Tcpip: system32\DRIVERS\netbt.sys (system)
Network DDE: %SystemRoot%\system32\netdde.exe (disabled)
Network DDE DSDM: %SystemRoot%\system32\netdde.exe (disabled)
Net Logon: %SystemRoot%\system32\lsass.exe (manual start)
Network Connections: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
1394 Net Driver: system32\DRIVERS\nic1394.sys (manual start)
Network Location Awareness (NLA): %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
Nokia USB Generic: system32\drivers\nmwcdc.sys (manual start)
Nokia USB Modem: system32\drivers\nmwcdcm.sys (manual start)
Nokia USB Phone Parent: system32\drivers\nmwcd.sys (manual start)
Nokia USB Port: system32\drivers\nmwcdcj.sys (manual start)
NT LM Security Support Provider: %SystemRoot%\system32\lsass.exe (manual start)
Removable Storage: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
IPX Traffic Filter Driver: system32\DRIVERS\nwlnkflt.sys (manual start)
IPX Traffic Forwarder Driver: system32\DRIVERS\nwlnkfwd.sys (manual start)
VIA OHCI Compliant IEEE 1394 Host Controller: system32\DRIVERS\ohci1394.sys (system)
Office Source Engine: "C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE" (manual start)
Creative OS Services Driver: system32\drivers\ctoss2k.sys (manual start)
Parallel port driver: system32\DRIVERS\parport.sys (manual start)
PCI Bus Driver: system32\DRIVERS\pci.sys (system)
PCIIde: system32\DRIVERS\pciide.sys (system)
perc2: \SystemRoot\system32\DRIVERS\perc2.sys (disabled)
perc2hib: \SystemRoot\system32\DRIVERS\perc2hib.sys (disabled)
PfModNT: \??\C:\WINDOWS\system32\drivers\PfModNT.sys (autostart)
Plug and Play: %SystemRoot%\system32\services.exe (autostart)
IPSEC Services: %SystemRoot%\system32\lsass.exe (autostart)
WAN Miniport (PPTP): system32\DRIVERS\raspptp.sys (manual start)
Processor Driver: system32\DRIVERS\processr.sys (system)
Protected Storage: %SystemRoot%\system32\lsass.exe (autostart)
QoS Packet Scheduler: system32\DRIVERS\psched.sys (manual start)
Direct Parallel Link Driver: system32\DRIVERS\ptilink.sys (manual start)
ql1080: \SystemRoot\system32\DRIVERS\ql1080.sys (disabled)
Ql10wnt: \SystemRoot\system32\DRIVERS\ql10wnt.sys (disabled)
ql12160: \SystemRoot\system32\DRIVERS\ql12160.sys (disabled)
ql1240: \SystemRoot\system32\DRIVERS\ql1240.sys (disabled)
ql1280: \SystemRoot\system32\DRIVERS\ql1280.sys (disabled)
Remote Access Auto Connection Driver: system32\DRIVERS\rasacd.sys (system)
Remote Access Auto Connection Manager: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
WAN Miniport (L2TP): system32\DRIVERS\rasl2tp.sys (manual start)
Remote Access Connection Manager: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
Remote Access PPPOE Driver: system32\DRIVERS\raspppoe.sys (manual start)
Direct Parallel: system32\DRIVERS\raspti.sys (manual start)
Rdbss: system32\DRIVERS\rdbss.sys (system)
RDPCDD: System32\DRIVERS\RDPCDD.sys (system)
Terminal Server Device Redirector Driver: system32\DRIVERS\rdpdr.sys (manual start)
Remote Desktop Help Session Manager: C:\WINDOWS\system32\sessmgr.exe (disabled)
Digital CD Audio Playback Filter Driver: system32\DRIVERS\redbook.sys (system)
Routing and Remote Access: %SystemRoot%\system32\svchost.exe -k netsvcs (disabled)
Remote Procedure Call (RPC) Locator: %SystemRoot%\system32\locator.exe (manual start)
Remote Procedure Call (RPC): %SystemRoot%\system32\svchost -k rpcss (autostart)
QoS RSVP: %SystemRoot%\system32\rsvp.exe (manual start)
Realtek 10/100/1000 NIC Family all in one NDIS XP Driver: system32\DRIVERS\Rtenicxp.sys (manual start)
Security Accounts Manager: %SystemRoot%\system32\lsass.exe (autostart)
SBP-2 Transport/Protocol Bus Driver: system32\DRIVERS\sbp2port.sys (system)
Smart Card: %SystemRoot%\System32\SCardSvr.exe (manual start)
Task Scheduler: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Secdrv: system32\DRIVERS\secdrv.sys (manual start)
Secondary Logon: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
System Event Notification: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Serenum Filter Driver: system32\DRIVERS\serenum.sys (manual start)
Serial port driver: system32\DRIVERS\serial.sys (system)
ServiceLayer: "C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe" (manual start)
Windows Firewall/Internet Connection Sharing (ICS): %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Shell Hardware Detection: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
SIS AGP Bus Filter: \SystemRoot\system32\DRIVERS\sisagp.sys (disabled)
BDA Slip De-Framer: system32\DRIVERS\SLIP.sys (manual start)
Sparrow: \SystemRoot\system32\DRIVERS\sparrow.sys (disabled)
Microsoft Kernel Audio Splitter: system32\drivers\splitter.sys (manual start)
Print Spooler: %SystemRoot%\system32\spoolsv.exe (autostart)
System Restore Filter Driver: system32\DRIVERS\sr.sys (system)
System Restore Service: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Srv: system32\DRIVERS\srv.sys (manual start)
SSDP Discovery Service: %SystemRoot%\system32\svchost.exe -k LocalService (manual start)
Windows Image Acquisition (WIA): %SystemRoot%\system32\svchost.exe -k imgsvc (autostart)
BDA IPSink: system32\DRIVERS\StreamIP.sys (manual start)
Software Bus Driver: system32\DRIVERS\swenum.sys (manual start)
Microsoft Kernel GS Wavetable Synthesizer: system32\drivers\swmidi.sys (manual start)
 
You must log in or register to reply here.
Back
Top