Problems with spyware! - Free Antivirus Forum

Problems with spyware!

BullGuard Antivirus Forum > General Security > Spyware > Problems with spyware!

Forum Quick Jump

[ << Previous Thread | Next Thread >> ]

Johannes
New Member

Date Joined Aug 2007
Total Posts : 8

Posted 8-18-2007 8:01 (GMT +1)

Hello!

I've been having problems with some type of a virus or spyware. Every time I use the computer a number of pop-ups keep showing up telling me that my comptuer is infected and that I need to download and install THEIR anti-virus program to get rid of it. Very frustrating! I hope someone here can help me remove it! Very thankful for help.

Here's my log:

Logfile of HijackThis v1.99.1
Scan saved at 20:57:24, on 2007-08-18
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\sm56hlpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\BullGuard\bdmcon.exe
C:\Program Files\BullGuard\bgnewsag.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\SPYWAREfighter\spftray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Personal\bin\Personal.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\BullGuard\BullGuard Communicator\xcommsvr.exe
C:\Program Files\Common Files\BullGuard\BullGuard Scan Server\bdss.exe
C:\Program Files\BullGuard\vsserv.exe
C:\Program Files\SPYWAREfighter\spfprc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\alternativ.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Länkhjälp till Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {34E6F97C-34E0-4CE5-B92B-F83634BEDC01} - C:\Program Files\Video ActiveX Access\iesplg.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: MSVPS System - {AF12CF13-DC3B-461C-B5CE-894806C15303} - C:\WINDOWS\sconf32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Protection Bar - {29C5A3B6-9A8D-4FA0-B5AD-3E20F4AA5C00} - C:\Program Files\Video ActiveX Access\iesbpl.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [RaidTool] C:\Program Files\VIA\RAID\raid_tool.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [BDMCon] C:\Program Files\BullGuard\\bdmcon.exe
O4 - HKLM\..\Run: [BGNewsAgent] C:\Program Files\BullGuard\bgnewsag.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SNM] C:\Program Files\SpyNoMore\SNM.exe /startup
O4 - HKLM\..\Run: [AntiSpywareBot] C:\Program Files\AntiSpywareBot\AntiSpywareBot.exe -boot
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [spywarefighterguard] C:\Program Files\SPYWAREfighter\spftray.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [DrAntispy] C:\Program Files\DrAntispy\DrAntispy.exe
O4 - Global Startup: Personal.lnk = C:\Program Files\Personal\bin\Personal.exe
O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1162730027546
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O21 - SSODL: wmplayer - {50A9AE07-D595-4BFC-AEA0-AF588C25A50D} - C:\WINDOWS\wmplayer.dll
O21 - SSODL: wmsound - {6FDAE430-978E-4470-8707-0CA11C7C0A71} - C:\WINDOWS\wmsound.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BullGuard Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\BullGuard\BullGuard Scan Server\bdss.exe" /service (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\Norman\Nvc\BIN\nipsvc.exe (file missing)
O23 - Service: SPYWAREfighterRP - SpamFighter APS - C:\Program Files\SPYWAREfighter\spfprc.exe
O23 - Service: BullGuard Virus Shield (VSSERV) - Unknown owner - C:\Program Files\BullGuard\vsserv.exe" /service (file missing)
O23 - Service: BullGuard Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\BullGuard\BullGuard Communicator\xcommsvr.exe" /service (file missing)

Now I hope I did that correctly!

Thanks again,

Johannes

Tina Karol
Trusted Member

Date Joined May 2006
Total Posts : 176

Posted 8-21-2007 1:11 (GMT +1)

ok, you definitely have an adware and maybe some kind of trojan. it's not a virus, you should be able to remove it with any antispyware. if you don't use any antispyware, download spyware doctor.

tc;)

Johannes
New Member

Date Joined Aug 2007
Total Posts : 8

Posted 8-23-2007 6:53 (GMT +1)

Thanks for your help!

I tried downloading spyware doctor, but it ends up with me having to pay for their services. Isn't there a cheaper option? This is what it found when I scanned using spyware doctor:

Adware.Agent.BN

Application.TrackingCookies

Adware.Advertising

RogueAntiSpyware.Ultimate_Defender

Trojan.Popuper

RogueAntiSpyware.VirusProtect_Pro

RogueAntiSpyware.SpywareNo

RogueAntiSpyware.Drive_Cleaner

RogueAntiSpyware.SpyAxe

Adware.WinFixer

I've tried Ad-Aware, AVG Anti-Spyware and Spyware Fighter but they all find things to delete, but it never takes away the problem.

Bullguard also keeps blocking viruses such as Trojan.Downloader.Zlob.BEF, does this have anything to do with my problems? I also get a Spyware Alert message saying that Trojan.W32.Looksky has been detected on my machine.

Somebody please help me confused

Here's a new log:

Logfile of HijackThis v1.99.1
Scan saved at 19:51:51, on 2007-08-23
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\sm56hlpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\program files\bullguard\bgnewsag.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Personal\bin\Personal.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\SPYWAREfighter\spfprc.exe
C:\Program Files\Common Files\BullGuard\BullGuard Communicator\xcommsvr.exe
C:\Program Files\Common Files\BullGuard\BullGuard Scan Server\bdss.exe
C:\Program Files\BullGuard\vsserv.exe
c:\program files\bullguard\bdmcon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Administrator\Desktop\alternativ.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Länkhjälp till Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {34E6F97C-34E0-4CE5-B92B-F83634BEDC01} - C:\Program Files\Video ActiveX Access\iesplg.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: MSVPS System - {AF12CF13-DC3B-461C-B5CE-894806C15303} - C:\WINDOWS\sconf32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [RaidTool] C:\Program Files\VIA\RAID\raid_tool.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [BDMCon] C:\Program Files\BullGuard\\bdmcon.exe
O4 - HKLM\..\Run: [BGNewsAgent] c:\program files\bullguard\bgnewsag.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SNM] C:\Program Files\SpyNoMore\SNM.exe /startup
O4 - HKLM\..\Run: [AntiSpywareBot] C:\Program Files\AntiSpywareBot\AntiSpywareBot.exe -boot
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [spywarefighterguard] C:\Program Files\SPYWAREfighter\spftray.exe
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [DrAntispy] C:\Program Files\DrAntispy\DrAntispy.exe
O4 - Global Startup: Personal.lnk = C:\Program Files\Personal\bin\Personal.exe
O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1162730027546
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O21 - SSODL: wmplayer - {50A9AE07-D595-4BFC-AEA0-AF588C25A50D} - C:\WINDOWS\wmplayer.dll
O21 - SSODL: wmsound - {6FDAE430-978E-4470-8707-0CA11C7C0A71} - C:\WINDOWS\wmsound.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BullGuard Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\BullGuard\BullGuard Scan Server\bdss.exe" /service (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\Norman\Nvc\BIN\nipsvc.exe (file missing)
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: SPYWAREfighterRP - SpamFighter APS - C:\Program Files\SPYWAREfighter\spfprc.exe
O23 - Service: BullGuard Virus Shield (VSSERV) - Unknown owner - C:\Program Files\BullGuard\vsserv.exe" /service (file missing)
O23 - Service: BullGuard Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\BullGuard\BullGuard Communicator\xcommsvr.exe" /service (file missing)

Touch
Forum Moderator

Date Joined Jun 2004
Total Posts : 13861

Posted 8-24-2007 3:55 (GMT +1)

Hello Johannes smile

Click here - ->> Before posting a log

After You have run the scan tools -

Reboot normally

Post Hijackthis log along with AVG Anti-Spyware log, C: Rootlog TXT, C: combofix txt in this topic

Do NOT post your problem in someone elses thread.

Start a new topic so that it may receive proper attention.

Member of - Alliance of Security Analysis Professionals

Johannes
New Member

Date Joined Aug 2007
Total Posts : 8

Posted 8-24-2007 10:45 (GMT +1)

Hi!

I downloaded the combofix and the rootlog and the computer seems to be running much smoother now!

Here are the different logs:

ComboFix 07-08-17.2 - "Administrator" 2007-08-24 16:20:54.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.46.1033.18.1265 [GMT 2:00]

* Created a new restore point

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

C:\DOCUME~1\ADMINI~1\APPLIC~1\AntiSpywareBot

C:\DOCUME~1\ADMINI~1\APPLIC~1\AntiSpywareBot\Log\log_2007_08_16_15_36_28.log

C:\DOCUME~1\ADMINI~1\APPLIC~1\AntiSpywareBot\Log\log_2007_08_16_15_36_48.log

C:\DOCUME~1\ADMINI~1\APPLIC~1\AntiSpywareBot\Settings\CustomScan.stg

C:\DOCUME~1\ADMINI~1\APPLIC~1\AntiSpywareBot\Settings\IgnoreList.stg

C:\DOCUME~1\ADMINI~1\APPLIC~1\AntiSpywareBot\Settings\ScanInfo.stg

C:\DOCUME~1\ADMINI~1\APPLIC~1\AntiSpywareBot\Settings\ScanResults.stg

C:\DOCUME~1\ADMINI~1\APPLIC~1\AntiSpywareBot\Settings\SelectedFolders.stg

C:\DOCUME~1\ADMINI~1\APPLIC~1\AntiSpywareBot\Settings\Settings.stg

C:\DOCUME~1\ADMINI~1\Desktop.\Spyware&Malware Protection.url

C:\DOCUME~1\ADMINI~1\Desktop\Error Cleaner.url

C:\DOCUME~1\ADMINI~1\Desktop\internet.lnk

C:\DOCUME~1\ADMINI~1\Desktop\Privacy Protector.url

C:\DOCUME~1\ADMINI~1\FAVORI~1.\Error Cleaner.url

C:\DOCUME~1\ADMINI~1\FAVORI~1.\Privacy Protector.url

C:\DOCUME~1\ADMINI~1\FAVORI~1.\Spyware&Malware Protection.url

C:\WINDOWS\dat.txt

C:\WINDOWS\main_uninstaller.exe

C:\WINDOWS\sconf32.dll

C:\WINDOWS\Tasks.\AntiSpywareBot Scheduled Scan.job

C:\WINDOWS\wmplayer.dll

C:\WINDOWS\wmsound.dll

((((((((((((((((((((((((( Files Created from 2007-07-24 to 2007-08-24 )))))))))))))))))))))))))))))))

2007-08-24 16:18 51,200 --a------ C:\WINDOWS\nircmd.exe

2007-08-24 16:10 <KAT> d-------- C:\WINDOWS\LastGood.Tmp

2007-08-22 23:08 82,248 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys

2007-08-22 23:08 57,672 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys

2007-08-22 23:08 40,264 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys

2007-08-22 23:08 29,000 --a------ C:\WINDOWS\system32\drivers\kcom.sys

2007-08-22 23:07 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll

2007-08-22 23:07 <KAT> d-------- C:\Program Files\Spyware Doctor

2007-08-22 23:07 <KAT> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\PC Tools

2007-08-22 22:05 <KAT> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Lavasoft

2007-08-22 22:04 <KAT> d-------- C:\Program Files\Lavasoft

2007-08-18 20:56 218,112 --a------ C:\alternativ.exe

2007-08-16 22:46 <KAT> d-------- C:\WINDOWS\system32\appmgmt

2007-08-16 21:09 <KAT> d-------- C:\Program Files\SPYWAREfighter

2007-08-16 21:09 <KAT> d-------- C:\Program Files\Common Files\Application

2007-08-14 15:31 <KAT> d-------- C:\Program Files\CCleaner

2007-08-14 14:59 <KAT> d-------- C:\WINDOWS\network diagnostic

2007-08-07 00:04 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys

2007-08-06 17:11 1,152 --a------ C:\WINDOWS\system32\windrv.sys

2007-08-06 17:10 <KAT> d-------- C:\Program Files\Common Files\Download Manager

2007-08-06 16:03 <KAT> d-a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP

2007-08-05 21:29 <KAT> d-------- C:\Program Files\iTunes

2007-08-05 21:29 <KAT> d-------- C:\Program Files\iPod

2007-07-31 14:37 <KAT> d-------- C:\Program Files\Personal

2007-07-31 14:37 <KAT> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Personal

2007-07-31 14:37 <KAT> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Netscape

2007-07-31 14:32 <KAT> d-------- C:\DOCUME~1\ADMINI~1\cbt

2007-07-24 23:34 <KAT> d-------- C:\Program Files\traffic3D

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-08-24 16:24 --------- d-------- C:\Program Files\BullGuard

2007-08-05 21:28 --------- d-------- C:\Program Files\Apple Software Update

2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll

2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll

2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe

2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll

2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll

2007-07-30 19:19 271224 --a------ C:\WINDOWS\system32\mucltui.dll

2007-07-30 19:19 207736 --a------ C:\WINDOWS\system32\muweb.dll

2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll

2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll

2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll

2007-07-16 00:08 --------- d-------- C:\Program Files\QuickTime

2007-07-16 00:05 --------- d-------- C:\Program Files\Common Files\Apple

2007-07-01 17:00 --------- d-------- C:\Program Files\DivX

2007-06-26 08:08 1104896 --a------ C:\WINDOWS\system32\msxml3.dll

2007-06-19 15:31 282112 --a------ C:\WINDOWS\system32\gdi32.dll

2007-06-13 12:23 1033216 --a------ C:\WINDOWS\explorer.exe

2007-06-08 11:52 947096 --a------ C:\WINDOWS\system32\_ISource30.dll

2007-05-31 08:45 524288 --a------ C:\WINDOWS\system32\DivXsm.exe

2007-05-31 08:44 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll

2007-05-31 08:44 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll

2007-05-31 08:44 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll

2007-05-31 08:44 740442 --a------ C:\WINDOWS\system32\DivX.dll

2007-05-27 22:32 3676952 --a------ C:\Program Files\DivXWebPlayerInstaller.exe

2007-04-11 23:28 1823624 --a------ C:\Program Files\WindowsXP-KB925902-x86-ENU.exe

2007-04-02 17:42 37860928 --a------ C:\Program Files\iTunesSetup.exe

2007-03-11 15:47 14730232 --a------ C:\Program Files\DivXInstaller.exe

2006-12-15 22:53 5926912 --a------ C:\Program Files\pokerclient.exe

2006-11-20 17:08 2005504 --ahs---- C:\Program Files\ehthumbs.db

2006-11-10 18:27 359112 --a------ C:\Program Files\LimeWireWin.exe

2006-11-08 17:49 16193832 --a------ C:\Program Files\Install_Messenger.exe

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{34E6F97C-34E0-4CE5-B92B-F83634BEDC01}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 14:56]

"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 18:07 C:\WINDOWS\system32\HdAShCut.exe]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]

"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-10 21:00 C:\WINDOWS\system32\bthprops.cpl]

"RaidTool"="C:\Program Files\VIA\RAID\raid_tool.exe" [2005-08-12 17:38]

"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 18:41]

"RTHDCPL"="RTHDCPL.EXE" [2006-02-27 18:28 C:\WINDOWS\RTHDCPL.exe]

"SMSERIAL"="sm56hlpr.exe" [2005-09-16 15:01 C:\WINDOWS\sm56hlpr.exe]

"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-08-25 16:25]

"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2005-04-15 17:13]

"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-11-29 22:55]

"BDMCon"="C:\Program Files\BullGuard\\bdmcon.exe" [2004-08-09 16:11]

"BGNewsAgent"="C:\Program Files\BullGuard\bgnewsag.exe" [2004-05-03 14:28]

"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-07-07 19:41]

"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]

"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24]

"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-07-31 18:44]

"SNM"="C:\Program Files\SpyNoMore\SNM.exe" []

"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25]

"spywarefighterguard"="C:\Program Files\SPYWAREfighter\spftray.exe" [2007-06-08 11:52]

"SDTray"="C:\Program Files\Spyware Doctor\SDTrayApp.exe" [2007-08-14 17:02]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 21:00]

"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 13:55]

"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-30 20:41]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\

Personal.lnk - C:\Program Files\Personal\bin\Personal.exe [2007-07-31 14:37:34]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles

"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]

"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"appinit_dlls"=sockspy.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"

R0 viamraid;viamraid;C:\WINDOWS\system32\DRIVERS\viamraid.sys

R2 FILESpy;FILESpy;\??\C:\Program Files\BullGuard\filespy.sys

R2 REGSpy;REGSpy;\??\C:\Program Files\BullGuard\regspy.sys

R3 SpyFighter;SpyFighter Guard Device;\??\C:\Program Files\SPYWAREfighter\spyfighter.sys

R3 SPYWAREfighterRP;SPYWAREfighterRP;"C:\Program Files\SPYWAREfighter\spfprc.exe"

S3 BVRPMPR5;BVRPMPR5 NDIS Protocol Driver;\??\C:\WINDOWS\system32\drivers\BVRPMPR5.SYS

S3 MOD3700;XM400I Analog/DVB-T;C:\WINDOWS\system32\Drivers\xm400i.sys

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f0315784-e99a-11db-b4fa-001060d019ae}]

AutoRun\command- F:\Installer.exe

Contents of the 'Scheduled Tasks' folder

2007-08-18 19:47:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Program Files\Apple Software Update\SoftwareUpdate.exe

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2007-08-24 16:29:14

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

BGNewsAgent = C:\Program Files\BullGuard\bgnewsag.exe?????????????8???8??? ??????????|x??|????q??|????????`???????????????????????????`???????????b?oc????j?oc????????????????????05?????????|i'pc???????????????????????????? ?(_?k?w1???????tl?w????H???p*@??????*@?????1??????

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

Completion time: 2007-08-24 16:33:00 - machine was rebooted

C:\ComboFix-quarantined-files.txt ... 2007-08-24 16:32

--- E O F ---

********************************* ROOTCHK-(22-08-07)-LOG, by ejvindh

2007-08-24 16:16:08,01

The rootkits that are detected by this tool were not found.

********************************* ROOTCHK-LOG-end

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2007-08-24 16:16:08

Windows 5.1.2600 Service Pack 2

detected NTDLL code modification:

ZwClose

scanning hidden processes ...

detected NTDLL code modification:

ZwClose

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001060d019ae]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001060d019ae]

detected NTDLL code modification:

ZwClose

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher]

"TracesProcessed"=dword:00000214

detected NTDLL code modification:

ZwClose

scanning hidden files ...

hidden processes: 0

hidden files: 0

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 23:41:43 2007-08-24

+ Scan result:

C:\Documents and Settings\Administrator\Cookies\administrator@connextra[1].txt -> TrackingCookie.Connextra : Cleaned.
C:\Documents and Settings\Administrator\Cookies\administrator@connextra[3].txt -> TrackingCookie.Connextra : Cleaned.
C:\Documents and Settings\Administrator\Cookies\administrator@revsci[2].txt -> TrackingCookie.Revsci : Cleaned.

::Report end

Thank you so much for your help!!

Johannes

Touch
Forum Moderator

Date Joined Jun 2004
Total Posts : 13861

Posted 8-25-2007 6:15 (GMT +1)

Sounds good smile

Please post new hijackthis log

Do NOT post your problem in someone elses thread.

Start a new topic so that it may receive proper attention.

Member of - Alliance of Security Analysis Professionals

Johannes
New Member

Date Joined Aug 2007
Total Posts : 8

Posted 8-25-2007 9:47 (GMT +1)

Hi!

Does this look good?

Logfile of HijackThis v1.99.1
Scan saved at 10:46:52, on 2007-08-25
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)