Help - Search - Members - Calendar
Full Version: Help!!!
Gladiator Security Forum > Malware Help Forum > HELP! Think you are Infected?
mnbvc521
Apr 9 2007, 08:28 PM
I'm getting tons of popups. when i try to access task manager i get the following message: Another program is currently using this file.


Thank You

Logfile of HijackThis v1.99.1
Scan saved at 1:26:34 PM, on 4/9/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\eManager\anbmServ.exe
C:\Program Files\Yahoo!\Antivirus\ISafe.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Arcade\PCMService.exe
C:\Program Files\Launch Manager\QtZgAcer.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2L1.EXE
C:\Program Files\Yahoo!\Antivirus\CAVTray.exe
C:\Program Files\Yahoo!\Antivirus\CAVRID.exe
C:\PROGRA~1\YAHOO!\YOP\yop.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\ms04189268397.exe
C:\WINDOWS\Sloopy7.exe
C:\PROGRA~1\MICROS~4\wcescomm.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\sistray.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\dllhost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\PROGRA~1\YAHOO!\browser\ycommon.exe
C:\Program Files\acer\eRecovery\Monitor.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\MANUEL~1\LOCALS~1\Temp\Rar$EX01.562\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://dsl.sbc.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://global.acer.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R3 - URLSearchHook: (no name) - {A55581DC-2CDB-4089-8878-71A080B22342} - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {73AF93C6-53DF-4D60-A24C-D6CCB6E5DD2A} - \
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: CVirtualDNSObj Object - {86C510E9-97EF-4749-914F-0280247BE3A6} - C:\WINDOWS\VirtualDNS.dll
O2 - BHO: (no name) - {8D1121D6-CA28-4C66-9B46-F1F34EF51012} - \
O2 - BHO: 0 - {971BCF00-039A-4C4B-9397-245C2D85C6F4} - C:\Program Files\Internet Explorer\zymihazu.dll
O2 - BHO: Plugin - {C318CD44-E327-4377-A28E-6EC16A921AE8} - C:\Program Files\Web Buying\v1.6.8\webbuying.dll (file missing)
O2 - BHO: (no name) - {E3FF71D2-F453-438E-BBBF-46EA28ADAF3D} - \
O2 - BHO: (no name) - {E5964129-AC99-46B2-BD38-C9F1EE6BED95} - \
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Arcade\PCMService.exe"
O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE
O4 - HKLM\..\Run: [eRecoveryService] C:\Windows\System32\Check.exe
O4 - HKLM\..\Run: [EPSON Stylus CX6400] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2L1.EXE /P19 "EPSON Stylus CX6400" /O6 "USB001" /M "Stylus CX6400"
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\Yahoo!\Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\Yahoo!\Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\YAHOO!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [mmnext06] C:\WINDOWS\next06.exe
O4 - HKLM\..\Run: [ExploreUpdSched] C:\WINDOWS\system32\nwinlpes.exe ELT001
O4 - HKLM\..\Run: [{D1-18-80-0E-ZN}] c:\windows\system32\dwdsregt.exe ELT001
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [hcsystray] C:\Program Files\Kuma Games\hcsystray\hc_tray.exe
O4 - HKLM\..\Run: [p2p networking] p2pnetworking.exe
O4 - HKLM\..\Run: [ms04189268397] C:\WINDOWS\ms04189268397.exe
O4 - HKLM\..\Run: [TheMonitor] C:\WINDOWS\Sloopy7.exe
O4 - HKLM\..\RunServices: [p2p networking] p2pnetworking.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRA~1\MICROS~4\wcescomm.exe"
O4 - HKCU\..\Run: [ziru] C:\Program Files\Common Files\ziru\zirum.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8
O4 - Startup: TA_Start.lnk = C:\WINDOWS\TIELT001.exe
O4 - Startup: Think-Adz.lnk = C:\WINDOWS\system32\nwinlpes.exe
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O4 - Global Startup: DING!.lnk = C:\Program Files\Southwest Airlines\Ding\Ding.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: dllhost.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O15 - Trusted Zone: *.adgate.info
O15 - Trusted Zone: *.ad-- The nicest hobby on Earth ;) --tend.net
O15 - Trusted Zone: *.dollarrevenue.com
O15 - Trusted Zone: *.elitemediagroup.net
O15 - Trusted Zone: *.errorsafe.com
O15 - Trusted Zone: *.imagesrvr.com
O15 - Trusted Zone: *.matcash.com
O15 - Trusted Zone: *.media-motor.com
O15 - Trusted Zone: *.mediatickets.net
O15 - Trusted Zone: *.mt-download.com
O15 - Trusted Zone: *.snipernet.biz
O15 - Trusted Zone: *.systemdoctor.com
O15 - Trusted Zone: *.winantivirus.com
O15 - Trusted Zone: *.winfixer.com
O15 - Trusted Zone: *.adgate.info (HKLM)
O15 - Trusted Zone: *.ad-- The nicest hobby on Earth ;) --tend.net (HKLM)
O15 - Trusted Zone: *.dollarrevenue.com (HKLM)
O15 - Trusted Zone: *.elitemediagroup.net (HKLM)
O15 - Trusted Zone: *.errorsafe.com (HKLM)
O15 - Trusted Zone: http://click.getmirar.com (HKLM)
O15 - Trusted Zone: *.imagesrvr.com (HKLM)
O15 - Trusted Zone: *.matcash.com (HKLM)
O15 - Trusted Zone: *.media-motor.com (HKLM)
O15 - Trusted Zone: *.media-motor.net (HKLM)
O15 - Trusted Zone: *.mediatickets.net (HKLM)
O15 - Trusted Zone: http://click.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM)
O15 - Trusted Zone: *.mt-download.com (HKLM)
O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
O15 - Trusted Zone: *.snipernet.biz (HKLM)
O15 - Trusted Zone: *.systemdoctor.com (HKLM)
O15 - Trusted Zone: *.winantivirus.com (HKLM)
O15 - Trusted Zone: *.winfixer.com (HKLM)
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file://C:\Program Files\AutoCAD 2002\AcDcToday.ocx
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {94EB57FE-2720-496C-B33F-D9353C6E23F7} (F-Secure Online Scanner 2.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://C:\Program Files\AutoCAD 2002\InstBanr.ocx
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab34246.cab
O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred) - file://C:\Program Files\AutoCAD 2002\InstFred.ocx
O16 - DPF: {E473A65C-8087-49A3-AFFD-C5BC4A10669B} (Quantum Streaming IE Player Class) - http://mvnet.xlontech.net/qm/fox/06071909/qsp2ie06071909.cab
O16 - DPF: {E4C29FDC-F547-4219-ACFD-571F2A7A564A} (WebCamTest Class) - http://awbeta.net-nucleus.com/CABUPDATES/winwcd.cab
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://C:\Program Files\AutoCAD 2002\AcPreview.ocx
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\ISafe.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE
teacup61
Apr 10 2007, 02:24 AM
Hello mnbvc521,

Welcome to Gladiator Security Forum hello.gif

Youch......got yourself in quite the pickle. Let's fix it. :)

Please download WinHelp2002's DelDomains by right-clicking on the following link, and choosing "Save Target As":
http://www.mvps.org/winhelp2002/DelDomains.inf
Save the file to the desktop. Then go to the desktop, right click on DelDomains.inf, and choose Install. You may not see any noticeable changes or prompts; this is normal.

1. Download AVG Anti-Spyware (formerly Ewido) from HERE and save that file to your desktop.
This is a 30 day trial of the program
  • Once you have downloaded AVG anti-spyware, locate the icon on the desktop and double-click it to launch the set up program.
  • Once the setup is complete, run AVG and update the definition files.
  • On the main screen select the icon "Update" then select the "Update now" link.
    • Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
  • Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
  • Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
  • Under "Reports"
    • Select "Automatically generate report after every scan"
    • Un-Select "Only if threats were found"
Close AVG anti-spyware, Do Not run a scan just yet

2. Please download Brute Force Uninstaller to your desktop.
  • Right click the BFU folder on your desktop, and choose Extract All
  • Click "Next"
  • In the box to choose where to extract the files to,
  • Click "Browse"
  • Click on the + sign next to "My Computer"
  • Click on "Local Disk (C:) or whatever your primary drive is
  • Click "Make New Folder"
  • Type in BFU
  • Click "Next", and Uncheck the "Show Extracted Files" box and then click "Finish".
3. RIGHT-CLICK HERE and choose "Save As" (in IE it's "Save Target As") in order to download Alcra PLUS Remover.
Save it in the same folder you made earlier (c:\BFU).

Do not do anything with these yet!

4. Reboot your computer into SafeMode. You can do this by restarting your computer and tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter.

5. IMPORTANT: Do not open any other windows or programs while AVG is scanning, it may interfere with the scanning proccess:
  • Lauch AVG Anti-spyware by double-clicking the icon on your desktop.
  • Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
  • AVG will now begin the scanning process, be patient this may take a little time.
    Once the scan is complete do the following:
  • If you have any infections you will prompted, then select "Apply all actions"
  • Next select the "Reports" icon at the top.
  • Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your desktop (This is important)
  • Close AVG and reboot your system back into Normal Mode.

6. Then, please go to Start > My Computer and navigate to the C:\BFU folder.
  • Start the Brute Force Uninstaller by doubleclicking BFU.exe
  • Behind the scriptline to execute field click the folder icon and select alcanshorty.bfu
  • Press Execute and let it do it’s job. (You ought to see a progress bar if you did this correctly.)
  • Wait for the complete script execution box to pop up and press OK.
  • Press exit to terminate the BFU program.
Reboot into normal windows and post the contents of AVG text report that you saved and a new HiJackThis log.

Thanks,
tea
mnbvc521
Apr 10 2007, 04:13 AM
Thank You, here's what I get now.



Logfile of HijackThis v1.99.1
Scan saved at 9:08:55 PM, on 4/9/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\eManager\anbmServ.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Yahoo!\Antivirus\ISafe.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Arcade\PCMService.exe
C:\Program Files\Launch Manager\QtZgAcer.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2L1.EXE
C:\Program Files\Yahoo!\Antivirus\CAVTray.exe
C:\Program Files\Yahoo!\Antivirus\CAVRID.exe
C:\PROGRA~1\YAHOO!\YOP\yop.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\MICROS~4\wcescomm.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\sistray.exe
C:\Program Files\Southwest Airlines\Ding\Ding.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\YAHOO!\browser\ycommon.exe
C:\Program Files\acer\eRecovery\Monitor.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\MANUEL~1\LOCALS~1\Temp\Rar$EX00.109\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://dsl.sbc.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://global.acer.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R3 - URLSearchHook: (no name) - {A55581DC-2CDB-4089-8878-71A080B22342} - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {4CCA0961-B5F1-491C-97E4-015EEC884528} - \
O2 - BHO: (no name) - {52CD6BC6-6FDD-4154-9B5C-A75D2D9F568B} - \
O2 - BHO: (no name) - {73AF93C6-53DF-4D60-A24C-D6CCB6E5DD2A} - \
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {7A68B0B7-6F2F-4FF0-B708-8FFBAF93DEA6} - \
O2 - BHO: CVirtualDNSObj Object - {86C510E9-97EF-4749-914F-0280247BE3A6} - C:\WINDOWS\VirtualDNS.dll
O2 - BHO: (no name) - {8D1121D6-CA28-4C66-9B46-F1F34EF51012} - \
O2 - BHO: 0 - {971BCF00-039A-4C4B-9397-245C2D85C6F4} - C:\Program Files\Internet Explorer\zymihazu.dll
O2 - BHO: Plugin - {C318CD44-E327-4377-A28E-6EC16A921AE8} - C:\Program Files\Web Buying\v1.6.8\webbuying.dll (file missing)
O2 - BHO: (no name) - {E3FF71D2-F453-438E-BBBF-46EA28ADAF3D} - \
O2 - BHO: (no name) - {E5964129-AC99-46B2-BD38-C9F1EE6BED95} - \
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Arcade\PCMService.exe"
O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE
O4 - HKLM\..\Run: [eRecoveryService] C:\Windows\System32\Check.exe
O4 - HKLM\..\Run: [EPSON Stylus CX6400] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2L1.EXE /P19 "EPSON Stylus CX6400" /O6 "USB001" /M "Stylus CX6400"
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\Yahoo!\Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\Yahoo!\Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\YAHOO!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [mmnext06] C:\WINDOWS\next06.exe
O4 - HKLM\..\Run: [{D1-18-80-0E-ZN}] c:\windows\system32\dwdsregt.exe ELT001
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [hcsystray] C:\Program Files\Kuma Games\hcsystray\hc_tray.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRA~1\MICROS~4\wcescomm.exe"
O4 - HKCU\..\Run: [ziru] C:\Program Files\Common Files\ziru\zirum.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O4 - Global Startup: DING!.lnk = C:\Program Files\Southwest Airlines\Ding\Ding.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file://C:\Program Files\AutoCAD 2002\AcDcToday.ocx
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {94EB57FE-2720-496C-B33F-D9353C6E23F7} (F-Secure Online Scanner 2.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://C:\Program Files\AutoCAD 2002\InstBanr.ocx
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab34246.cab
O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred) - file://C:\Program Files\AutoCAD 2002\InstFred.ocx
O16 - DPF: {E473A65C-8087-49A3-AFFD-C5BC4A10669B} (Quantum Streaming IE Player Class) - http://mvnet.xlontech.net/qm/fox/06071909/qsp2ie06071909.cab
O16 - DPF: {E4C29FDC-F547-4219-ACFD-571F2A7A564A} (WebCamTest Class) - http://awbeta.net-nucleus.com/CABUPDATES/winwcd.cab
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://C:\Program Files\AutoCAD 2002\AcPreview.ocx
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\ISafe.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE











---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 8:50:06 PM 4/9/2007

+ Scan result:



C:\System Volume Information\_restore{B6387AD4-48E1-4511-AA40-A245D4C401AE}\RP381\A0034843.exe/AutoSearch.dll -> Adware.AutoSearch : No action taken.
HKU\S-1-5-21-1037663847-1275608690-149830823-1005\Software\Classes\AutoSearch.AutoSearchObj -> Adware.CoolWebSearch : No action taken.
HKU\S-1-5-21-1037663847-1275608690-149830823-1005\Software\Classes\AutoSearch.AutoSearchObj.1 -> Adware.CoolWebSearch : No action taken.
HKU\S-1-5-21-1037663847-1275608690-149830823-1005\Software\Classes\AutoSearch.AutoSearchObj\CLSID -> Adware.CoolWebSearch : No action taken.
HKU\S-1-5-21-1037663847-1275608690-149830823-1005\Software\Classes\AutoSearch.AutoSearchObj\CurVer -> Adware.CoolWebSearch : No action taken.
C:\System Volume Information\_restore{B6387AD4-48E1-4511-AA40-A245D4C401AE}\RP373\A0030715.exe -> Adware.MediaMotor : No action taken.
C:\WINDOWS\system32\micro1\a1.exe -> Adware.NewDotNet : No action taken.
HKU\S-1-5-21-1037663847-1275608690-149830823-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4A2AACF3-ADF6-11D5-98A9-00E018981B9E} -> Adware.NewDotNet : No action taken.
C:\WINDOWS\VirtualDNS.dll -> Adware.Webdir : No action taken.
C:\System Volume Information\_restore{B6387AD4-48E1-4511-AA40-A245D4C401AE}\RP381\A0032718.dll -> Adware.WebHancer : No action taken.
C:\System Volume Information\_restore{B6387AD4-48E1-4511-AA40-A245D4C401AE}\RP381\A0032719.dll -> Adware.WebHancer : No action taken.
C:\System Volume Information\_restore{B6387AD4-48E1-4511-AA40-A245D4C401AE}\RP381\A0032720.exe -> Adware.WebHancer : No action taken.
C:\System Volume Information\_restore{B6387AD4-48E1-4511-AA40-A245D4C401AE}\RP381\A0032729.dll -> Adware.WebHancer : No action taken.
C:\System Volume Information\_restore{B6387AD4-48E1-4511-AA40-A245D4C401AE}\RP381\A0032730.dll -> Adware.WebHancer : No action taken.
C:\System Volume Information\_restore{B6387AD4-48E1-4511-AA40-A245D4C401AE}\RP381\A0032731.exe -> Adware.WebHancer : No action taken.
C:\System Volume Information\_restore{B6387AD4-48E1-4511-AA40-A245D4C401AE}\RP381\A0032717.exe -> Adware.Webhancer.a : No action taken.
C:\System Volume Information\_restore{B6387AD4-48E1-4511-AA40-A245D4C401AE}\RP381\A0032728.exe -> Adware.Webhancer.a : No action taken.
C:\WINDOWS\system32\okdsregp.exe -> Adware.ZenoSearch : No action taken.
C:\Program Files\Internet Explorer\zymihazu.dll -> Adware.ZQuest : No action taken.
C:\WINDOWS\system32\micro1\a3.exe -> Adware.ZQuest : No action taken.
C:\System Volume Information\_restore{B6387AD4-48E1-4511-AA40-A245D4C401AE}\RP381\A0032715.exe -> Downloader.Adload.jm : No action taken.
C:\System Volume Information\_restore{B6387AD4-48E1-4511-AA40-A245D4C401AE}\RP381\A0032714.EXE -> Downloader.Agent.ac : No action taken.
C:\WINDOWS\system32\micro1\win5.exe -> Dropper.Agent.bfr : No action taken.
C:\WINDOWS\Downloaded Program Files\USDR6_0001_D08M0404NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.l : No action taken.
C:\WINDOWS\system32\drivers\core.sys -> Rootkit.Agent.eq : No action taken.
C:\Documents and Settings\Manuel Guzman\Cookies\manuel_guzman@aavalue[1].txt -> TrackingCookie.Aavalue : No action taken.
C:\Documents and Settings\Manuel Guzman\Cookies\manuel_guzman@arn.aavalue[2].txt -> TrackingCookie.Aavalue : No action taken.
C:\Documents and Settings\Manuel Guzman\Cookies\manuel_guzman@getmusicfree.aavalue[1].txt -> TrackingCookie.Aavalue : No action taken.
C:\Documents and Settings\Manuel Guzman\Cookies\manuel_guzman@prizeamerica.aavalue[1].txt -> TrackingCookie.Aavalue : No action taken.
C:\Documents and Settings\Manuel Guzman\Cookies\manuel_guzman@adbrite[2].txt -> TrackingCookie.Adbrite : No action taken.
C:\Documents and Settings\Manuel Guzman\Cookies\manuel_guzman@rotator.its.adjuggler[1].txt -> TrackingCookie.Adjuggler : No action taken.
C:\Documents and Settings\Manuel Guzman\Cookies\manuel_guzman@adrevolver[2].txt -> TrackingCookie.Adrevolver : No action taken.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqD.tmp -> TrackingCookie.Casalemedia : No action taken.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqC.tmp -> TrackingCookie.Com : No action taken.
C:\Documents and Settings\Manuel Guzman\Cookies\manuel_guzman@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : No action taken.
C:\Documents and Settings\Manuel Guzman\Cookies\manuel_guzman@as-eu.falkag[1].txt -> TrackingCookie.Falkag : No action taken.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqA.tmp -> TrackingCookie.Realmedia : No action taken.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqE.tmp -> TrackingCookie.Statcounter : No action taken.
C:\Documents and Settings\Manuel Guzman\Cookies\manuel_guzman@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : No action taken.
C:\Documents and Settings\Manuel Guzman\Cookies\manuel_guzman@yieldmanager[2].txt -> TrackingCookie.Yieldmanager : No action taken.
C:\Documents and Settings\Manuel Guzman\Cookies\manuel_guzman@zedo[1].txt -> TrackingCookie.Zedo : No action taken.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqB.tmp -> TrackingCookie.Zedo : No action taken.
C:\WINDOWS\system32\unsvchosts.exe -> Trojan.Small.mf : No action taken.
C:\System Volume Information\_restore{B6387AD4-48E1-4511-AA40-A245D4C401AE}\RP373\A0030713.exe -> Trojan.VB.tg : No action taken.
C:\System Volume Information\_restore{B6387AD4-48E1-4511-AA40-A245D4C401AE}\RP373\A0030714.exe -> Trojan.VB.tg : No action taken.


::Report end
teacup61
Apr 10 2007, 04:40 PM
Hello,

AVG didn't clean anything.....open AVG back up and set it to clean (quarantine) like I asked you to before and scan again. Please post the report again, and we'll go from there. Looking better already! :)
mnbvc521
Apr 10 2007, 07:24 PM
Sorry about that, I thought I had done it.


This is what I'm now getting:




---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 11:35:26 AM 4/10/2007

+ Scan result:



C:\System Volume Information\_restore{B6387AD4-48E1-4511-AA40-A245D4C401AE}\RP381\A0034843.exe/AutoSearch.dll -> Adware.AutoSearch : Cleaned with backup (quarantined).
HKU\S-1-5-21-1037663847-1275608690-149830823-1005\Software\Classes\AutoSearch.AutoSearchObj -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKU\S-1-5-21-1037663847-1275608690-149830823-1005\Software\Classes\AutoSearch.AutoSearchObj.1 -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKU\S-1-5-21-1037663847-1275608690-149830823-1005\Software\Classes\AutoSearch.AutoSearchObj\CLSID -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKU\S-1-5-21-1037663847-1275608690-149830823-1005\Software\Classes\AutoSearch.AutoSearchObj\CurVer -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B6387AD4-48E1-4511-AA40-A245D4C401AE}\RP373\A0030715.exe -> Adware.MediaMotor : Cleaned with backup (quarantined).
C:\WINDOWS\system32\micro1\a1.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
HKU\S-1-5-21-1037663847-1275608690-149830823-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4A2AACF3-ADF6-11D5-98A9-00E018981B9E} -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\WINDOWS\VirtualDNS.dll -> Adware.Webdir : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B6387AD4-48E1-4511-AA40-A245D4C401AE}\RP381\A0032718.dll -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B6387AD4-48E1-4511-AA40-A245D4C401AE}\RP381\A0032719.dll -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B6387AD4-48E1-4511-AA40-A245D4C401AE}\RP381\A0032720.exe -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B6387AD4-48E1-4511-AA40-A245D4C401AE}\RP381\A0032729.dll -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B6387AD4-48E1-4511-AA40-A245D4C401AE}\RP381\A0032730.dll -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B6387AD4-48E1-4511-AA40-A245D4C401AE}\RP381\A0032731.exe -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B6387AD4-48E1-4511-AA40-A245D4C401AE}\RP381\A0032717.exe -> Adware.Webhancer.a : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B6387AD4-48E1-4511-AA40-A245D4C401AE}\RP381\A0032728.exe -> Adware.Webhancer.a : Cleaned with backup (quarantined).
C:\WINDOWS\system32\okdsregp.exe -> Adware.ZenoSearch : Cleaned with backup (quarantined).
C:\Program Files\Internet Explorer\zymihazu.dll -> Adware.ZQuest : Cleaned with backup (quarantined).
C:\WINDOWS\system32\micro1\a3.exe -> Adware.ZQuest : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B6387AD4-48E1-4511-AA40-A245D4C401AE}\RP381\A0032715.exe -> Downloader.Adload.jm : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B6387AD4-48E1-4511-AA40-A245D4C401AE}\RP381\A0032714.EXE -> Downloader.Agent.ac : Cleaned with backup (quarantined).
C:\WINDOWS\system32\micro1\win5.exe -> Dropper.Agent.bfr : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B6387AD4-48E1-4511-AA40-A245D4C401AE}\RP381\A0034902.exe -> Hijacker.Small.jf : Cleaned with backup (quarantined).
C:\Documents and Settings\Manuel Guzman\Local Settings\Temporary Internet Files\Content.IE5\WEZ716YA\SystemDoctorNewReleaseInstall[1].cab/USDR6_9999_N18M1603NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.l : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\USDR6_0001_D08M0404NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.l : Cleaned with backup (quarantined).
C:\WINDOWS\system32\drivers\core.sys -> Rootkit.Agent.eq : Cleaned with backup (quarantined).
C:\Documents and Settings\Manuel Guzman\Cookies\manuel_guzman@adbrite[1].txt -> TrackingCookie.Adbrite : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqD.tmp -> TrackingCookie.Casalemedia : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqC.tmp -> TrackingCookie.Com : Cleaned.
C:\Documents and Settings\Manuel Guzman\Cookies\manuel_guzman@cpvfeed[1].txt -> TrackingCookie.Cpvfeed : Cleaned.
C:\Documents and Settings\Manuel Guzman\Cookies\manuel_guzman@as-eu.falkag[2].txt -> TrackingCookie.Falkag : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqA.tmp -> TrackingCookie.Realmedia : Cleaned.
C:\Documents and Settings\Manuel Guzman\Cookies\manuel_guzman@stats1.reliablestats[1].txt -> TrackingCookie.Reliablestats : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqE.tmp -> TrackingCookie.Statcounter : Cleaned.
C:\Documents and Settings\Manuel Guzman\Cookies\manuel_guzman@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\Manuel Guzman\Cookies\manuel_guzman@yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\Manuel Guzman\Cookies\manuel_guzman@zedo[1].txt -> TrackingCookie.Zedo : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqB.tmp -> TrackingCookie.Zedo : Cleaned.
C:\WINDOWS\system32\unsvchosts.exe -> Trojan.Small.mf : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B6387AD4-48E1-4511-AA40-A245D4C401AE}\RP373\A0030713.exe -> Trojan.VB.tg : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B6387AD4-48E1-4511-AA40-A245D4C401AE}\RP373\A0030714.exe -> Trojan.VB.tg : Cleaned with backup (quarantined).


::Report end







Logfile of HijackThis v1.99.1
Scan saved at 12:22:04 PM, on 4/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\eManager\anbmServ.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Yahoo!\Antivirus\ISafe.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Arcade\PCMService.exe
C:\Program Files\Launch Manager\QtZgAcer.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2L1.EXE
C:\Program Files\Yahoo!\Antivirus\CAVTray.exe
C:\Program Files\Yahoo!\Antivirus\CAVRID.exe
C:\PROGRA~1\YAHOO!\YOP\yop.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\MICROS~4\wcescomm.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\sistray.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\PROGRA~1\YAHOO!\browser\ycommon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\acer\eRecovery\Monitor.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\MANUEL~1\LOCALS~1\Temp\Rar$EX13.687\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://dsl.sbc.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://global.acer.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R3 - URLSearchHook: (no name) - {A55581DC-2CDB-4089-8878-71A080B22342} - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {4CCA0961-B5F1-491C-97E4-015EEC884528} - \
O2 - BHO: (no name) - {52CD6BC6-6FDD-4154-9B5C-A75D2D9F568B} - \
O2 - BHO: (no name) - {73AF93C6-53DF-4D60-A24C-D6CCB6E5DD2A} - \
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {7A68B0B7-6F2F-4FF0-B708-8FFBAF93DEA6} - \
O2 - BHO: CVirtualDNSObj Object - {86C510E9-97EF-4749-914F-0280247BE3A6} - C:\WINDOWS\VirtualDNS.dll (file missing)
O2 - BHO: (no name) - {8D1121D6-CA28-4C66-9B46-F1F34EF51012} - \
O2 - BHO: 0 - {971BCF00-039A-4C4B-9397-245C2D85C6F4} - C:\Program Files\Internet Explorer\zymihazu.dll (file missing)
O2 - BHO: Plugin - {C318CD44-E327-4377-A28E-6EC16A921AE8} - C:\Program Files\Web Buying\v1.6.8\webbuying.dll (file missing)
O2 - BHO: (no name) - {E3FF71D2-F453-438E-BBBF-46EA28ADAF3D} - \
O2 - BHO: (no name) - {E5964129-AC99-46B2-BD38-C9F1EE6BED95} - \
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Arcade\PCMService.exe"
O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE
O4 - HKLM\..\Run: [eRecoveryService] C:\Windows\System32\Check.exe
O4 - HKLM\..\Run: [EPSON Stylus CX6400] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2L1.EXE /P19 "EPSON Stylus CX6400" /O6 "USB001" /M "Stylus CX6400"
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\Yahoo!\Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\Yahoo!\Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\YAHOO!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [mmnext06] C:\WINDOWS\next06.exe
O4 - HKLM\..\Run: [{D1-18-80-0E-ZN}] c:\windows\system32\dwdsregt.exe ELT001
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [hcsystray] C:\Program Files\Kuma Games\hcsystray\hc_tray.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRA~1\MICROS~4\wcescomm.exe"
O4 - HKCU\..\Run: [ziru] C:\Program Files\Common Files\ziru\zirum.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O4 - Global Startup: DING!.lnk = C:\Program Files\Southwest Airlines\Ding\Ding.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file://C:\Program Files\AutoCAD 2002\AcDcToday.ocx
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {94EB57FE-2720-496C-B33F-D9353C6E23F7} (F-Secure Online Scanner 2.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://C:\Program Files\AutoCAD 2002\InstBanr.ocx
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab34246.cab
O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred) - file://C:\Program Files\AutoCAD 2002\InstFred.ocx
O16 - DPF: {E473A65C-8087-49A3-AFFD-C5BC4A10669B} (Quantum Streaming IE Player Class) - http://mvnet.xlontech.net/qm/fox/06071909/qsp2ie06071909.cab
O16 - DPF: {E4C29FDC-F547-4219-ACFD-571F2A7A564A} (WebCamTest Class) - http://awbeta.net-nucleus.com/CABUPDATES/winwcd.cab
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://C:\Program Files\AutoCAD 2002\AcPreview.ocx
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\ISafe.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE



THANK YOU
teacup61
Apr 10 2007, 09:50 PM
Hello,

Much better indeed! :thumbup: Let's tidy it up now.

Please run HijackThis! and click "Scan." Place checks next to the following entries, if present:

R3 - URLSearchHook: (no name) - {A55581DC-2CDB-4089-8878-71A080B22342} - (no file)
O2 - BHO: (no name) - {4CCA0961-B5F1-491C-97E4-015EEC884528} - \
O2 - BHO: (no name) - {52CD6BC6-6FDD-4154-9B5C-A75D2D9F568B} - \
O2 - BHO: (no name) - {73AF93C6-53DF-4D60-A24C-D6CCB6E5DD2A} - \
O2 - BHO: (no name) - {7A68B0B7-6F2F-4FF0-B708-8FFBAF93DEA6} - \
O2 - BHO: CVirtualDNSObj Object - {86C510E9-97EF-4749-914F-0280247BE3A6} - C:\WINDOWS\VirtualDNS.dll (file missing)
O2 - BHO: (no name) - {8D1121D6-CA28-4C66-9B46-F1F34EF51012} - \
O2 - BHO: 0 - {971BCF00-039A-4C4B-9397-245C2D85C6F4} - C:\Program Files\Internet Explorer\zymihazu.dll (file missing)
O2 - BHO: Plugin - {C318CD44-E327-4377-A28E-6EC16A921AE8} - C:\Program Files\Web Buying\v1.6.8\webbuying.dll (file missing)
O2 - BHO: (no name) - {E3FF71D2-F453-438E-BBBF-46EA28ADAF3D} - \
O2 - BHO: (no name) - {E5964129-AC99-46B2-BD38-C9F1EE6BED95} - \
O4 - HKLM\..\Run: [mmnext06] C:\WINDOWS\next06.exe
O4 - HKLM\..\Run: [{D1-18-80-0E-ZN}] c:\windows\system32\dwdsregt.exe ELT001
O4 - HKCU\..\Run: [ziru] C:\Program Files\Common Files\ziru\zirum.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE <---this is a resource hog.

Close all browsers and other windows except for HijackThis!, and click "Fix checked".

Delete the following files/folders, if present:

C:\Program Files\Common Files\ziru<---this folder
c:\windows\system32\dwdsregt.exe
C:\WINDOWS\next06.exe
C:\Program Files\Web Buying<---this folder

Reboot your computer.

Please download ATF Cleaner by Atribune.
    Double-click ATF-Cleaner.exe to run the program.
    Under Main choose: Select All
    Click the Empty Selected button.
If you use Firefox browser
    Click Firefox at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser
    Click Opera at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

Please go Here to run Panda's ActiveScan. (You must use IE for this one). http://www.pandasoftware.com/products/activescan.htm
Once you are on the Panda site click the Scan your PC button

A new window will open...click the Check Now button.
Enter your State/Providence
Enter your E-mail address and click send.
Select either Home user or Company.

Click the big Scan Now button

* If it wants to install an ActiveX component allow it
* It will start downloading the files it requires for the scan (Note: It may take a few minutes)

When the download is complete, click on My Computer to start the scan.

When the scan completes, if anything malicious is detected, click the See Report button, then Save report and save it to a convenient location (activescan.txt to desktop).

Post the contents of the ActiveScan report, please, and a new HijackThis log. How is it running? :)

Thanks,
tea
mnbvc521
Apr 11 2007, 03:41 AM
it running better. Thanks.

this is what I'm getting:



Incident Status Location

Spyware:spyware/media-motor Not disinfected Windows Registry
Adware:adware/sqwire Not disinfected Windows Registry
Adware:adware/mirar Not disinfected Windows Registry
Adware:adware/webhancer Not disinfected Windows Registry
Spyware:Spyware/New.net Not disinfected C:\WINDOWS\SYSTEM32\BUND1\ClientBundle1.exe[a1.exe]
Adware:Adware/WebBuying Not disinfected C:\WINDOWS\SYSTEM32\BUND1\ClientBundle1.exe[web2.exe]
Adware:Adware/TTC Not disinfected C:\WINDOWS\SYSTEM32\BUND1\ClientBundle1.exe[a3.exe]
Adware:Adware/DeluxeComunications Not disinfected C:\WINDOWS\SYSTEM32\BUND1\ClientBundle1.exe[a4.exe]
Adware:Adware/DigInk Not disinfected C:\WINDOWS\SYSTEM32\BUND1\ClientBundle1.exe[mc8.exe][111uninst.exe]
Adware:Adware/DigInk Not disinfected C:\WINDOWS\SYSTEM32\MICRO1\MC8.EXE[111uninst.exe]
Adware:Adware/WebHancer Not disinfected C:\WINDOWS\HANCERMM.EXE[whCC-GIANT2.exe][whAgent.exe]
Adware:Adware/WebHancer Not disinfected C:\WINDOWS\HANCERMM.EXE[whCC-GIANT2.exe][whInstaller.exe]
Adware:Adware/WebHancer Not disinfected C:\WINDOWS\HANCERMM.EXE[whCC-GIANT2.exe][webhdll.dll]
Adware:Adware/WebHancer Not disinfected C:\WINDOWS\HANCERMM.EXE[whCC-GIANT2.exe][whiehlpr.dll]
Adware:Adware/WebHancer Not disinfected C:\WINDOWS\hancerdoem.exe[whCC-GIANT3.exe][whAgent.exe]
Adware:Adware/WebHancer Not disinfected C:\WINDOWS\hancerdoem.exe[whCC-GIANT3.exe][whInstaller.exe]
Adware:Adware/WebHancer Not disinfected C:\WINDOWS\hancerdoem.exe[whCC-GIANT3.exe][webhdll.dll]
Adware:Adware/WebHancer Not disinfected C:\WINDOWS\hancerdoem.exe[whCC-GIANT3.exe][whiehlpr.dll]
Spyware:Cookie/bravenetA Not disinfected C:\Documents and Settings\\Cookies\manuel_@bravenet[2].txt
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\\Cookies\manuel_@zedo[1].txt
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\\Cookies\manuel_@casalemedia[1].txt
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\\Cookies\manuel_@as-eu.falkag[2].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\\Cookies\manuel_@ad.yieldmanager[1].txt
Virus:Trj/Vb.TT Disinfected C:\Documents and Settings\\.limewire\downloads\Buck Owens - Act Naturally.mp3.zip[Setup.exe]
Virus:Trj/Vb.TT Disinfected C:\Documents and Settings\\.limewire\downloads\CCR - Bad Moon Rising.mp3.zip[Setup.exe]
Virus:Trj/Vb.TT Disinfected C:\Documents and Settings\\.limewire\downloads\Chamillionaire - Ridding Dirty.mp3.zip[Setup.exe]
Virus:Trj/Vb.TT Disinfected C:\Documents and Settings\\.limewire\downloads\Grease - Those Magic Changes.mp3.zip[Setup.exe]
Virus:Trj/Vb.TT Disinfected C:\Documents and Settings\\.limewire\downloads\Kumbia All Stars - Chiquilla.mp3.zip[Setup.exe]
Virus:Trj/Vb.TT Disinfected C:\Documents and Settings\\.limewire\downloads\Lil Scrappy & Trillville ft Cutty - Some Cut.mp3.zip[Setup.exe]
Virus:Trj/Vb.TT Disinfected C:\Documents and Settings\\.limewire\downloads\Mariano Barba - Aliado del tiempo.mp3.zip[Setup.exe]
Virus:Trj/Vb.TT Disinfected C:\Documents and Settings\\.limewire\downloads\Shaggy - It Wasnt Me.mp3.zip[Setup.exe]
Virus:Trj/Vb.TT Disinfected C:\Documents and Settings\\.limewire\downloads\Human League - Don't you want me Baby.mp3.zip[Setup.exe]
Virus:Trj/Vb.TT Disinfected C:\Documents and Settings\\.limewire\downloads\Beach Boys - Dont Worry Baby.mp3.zip[Setup.exe]
Virus:Trj/Vb.TT Disinfected C:\Documents and Settings\\.limewire\downloads\Oldies - The Temptations - Sugar Pie, Honey Bunch.mp3.zip[Setup.exe]
Virus:Trj/Vb.TT Disinfected C:\Documents and Settings\\.limewire\downloads\oldies - It's My Party And I'll Cry If I Want To.mp3.zip[Setup.exe]
Virus:Trj/Vb.TT Disinfected C:\Documents and Settings\\.limewire\downloads\Son By Four - Cuando Seas Mia .mp3.zip[Setup.exe]
Virus:Trj/Vb.TT Disinfected C:\Documents and Settings\\.limewire\downloads\Temptations - The Way You Do The Things You Do (OLDIES 70s).mp3.zip[Setup.exe]
Virus:Trj/Vb.TT Disinfected C:\Documents and Settings\\.limewire\downloads\Big boy - Big boy - Mis ojos lloran por ti spanish reggae.mp3.zip[Setup.exe]
Virus:Trj/Vb.TT Disinfected C:\Documents and Settings\\.limewire\downloads\50 Cent - 21 Questions.mp3.zip[Setup.exe]
Virus:Trj/Vb.TT Disinfected C:\Documents and Settings\\.limewire\downloads\Francisco Cespedes - Señora.mp3.zip[Setup.exe]
Virus:Trj/Vb.TT Disinfected C:\Documents and Settings\\.limewire\downloads\Aventura - Los Infieles.mp3.zip[Setup.exe]
Virus:Trj/Vb.TT Disinfected C:\Documents and Settings\\.limewire\downloads\Boys 2 Men - I'll Make Love to You.mp3.zip[Setup.exe]
Virus:Trj/Vb.TT Disinfected C:\Documents and Settings\\.limewire\downloads\Diana Ross & The Supremes - I Hear A Symphony.mp3.zip[Setup.exe]
Virus:Trj/Vb.TT Disinfected C:\Documents and Settings\\.limewire\downloads\_\Young And Tasty 6 © Legal Pink DVDRiP XViD .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\Documents and Settings\\.limewire\downloads\_\Milf Pov 6 © Devils-Films DVDRiP XViD .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\Documents and Settings\\.limewire\downloads\_\Pros Vs Hos © Cherry Boxxx DVDRiP XViD .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\Documents and Settings\\.limewire\downloads\_\Big Butt Smashdown 9 © Evasive Angles DVDRiP XViD .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\Documents and Settings\\.limewire\downloads\_\Teen Idol Allstars © Smash Pictures DVDRiP XViD .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\Documents and Settings\\.limewire\downloads\_\Real Rookies 4 © Northstar DVDRiP XViD .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\Documents and Settings\\.limewire\downloads\_\Boobsvilles Young And Busty 3 © Big-Top DVDRiP XViD .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\Documents and Settings\\.limewire\downloads\_\Good Whores Take It In The Ass 3 © Venon DVDRiP XViD .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\Documents and Settings\\.limewire\downloads\_\POVerted 6 © Juicy DVDRiP XViD .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\Documents and Settings\\.limewire\downloads\_\Belladonnas Iodinegirl © Evil-Angel DVDRiP XViD .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\Documents and Settings\\.limewire\downloads\_\Young And Full Of Cum © 18-Carat DVDRiP XViD .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\Documents and Settings\\.limewire\downloads\_\Cream Pie POV 8 © Devils-Films DVDRiP XViD .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\Documents and Settings\\.limewire\downloads\_\Teen Kreme 3 © Sinsational DVDRiP XViD .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\Documents and Settings\\.limewire\downloads\_\Hot Indian Pussy 2 © Devils-Films DVDRiP XViD .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\Documents and Settings\\.limewire\downloads\_\Housewives Need Cash 4 © Freaky-Deaky DVDRiP XViD .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\Documents and Settings\\.limewire\downloads\_\Russian Teen Obsession © Evil-Angel DVDRiP XViD .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\Documents and Settings\\.limewire\downloads\_\Farmers Daughters Make You Go Yee Haw © Kick-Ass DVDRiP XViD .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\Documents and Settings\\.limewire\downloads\_\Evil Vault 3 © Evil-Angel DVDRiP XViD DiSC1 .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\Documents and Settings\\.limewire\downloads\_\-- The nicest hobby on Earth ;) -- Fiends 4 © Platinum-X DVDRiP XViD .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\Documents and Settings\\.limewire\downloads\_\Pu-Tang Dynasty © 5th Element DVDRiP XViD .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\Documents and Settings\\.limewire\downloads\_\Its All About The Pink © 5th Element DVDRiP XViD .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\Documents and Settings\\.limewire\downloads\_\Done In 60 Seconds 4 © Damaged DVDRiP XViD .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\Documents and Settings\\.limewire\downloads\_\Cum Stained Casting Couch 8 © Red-Light DVDRiP XViD .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\Documents and Settings\\.limewire\downloads\_\MILF And Cookies 6 © Damaged DVDRiP XViD .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\Documents and Settings\\.limewire\downloads\_\Reform School Girls © Wicked DVDRiP XViD .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\Documents and Settings\\.limewire\downloads\_\Bad 2 The Bone © Penthouse DVDRiP XViD .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\Documents and Settings\\.limewire\downloads\_\The Teacher Volume 6 © Flashpoint DVDRiP XViD .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\Documents and Settings\\.limewire\downloads\_\Jungle Love 8 © DVSX DVDRiP XViD .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\Documents and Settings\\.limewire\downloads\_\MILF And Cookies 5 © Damaged DVDRiP XViD .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\Documents and Settings\\.limewire\downloads\_\Mini Van Moms 4 © Northstar DVDRiP XViD .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\Documents and Settings\\.limewire\downloads\_\No Boys Allowed All Girl Fantasies © VCA DVDRiP XViD .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\Documents and Settings\\.limewire\downloads\_\Latina Anal Heartbreakers © Hustler DVDRiP XViD .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\Documents and Settings\\.limewire\downloads\_\Mothers In Heat © Colossal DVDRiP XViD .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\Documents and Settings\\.limewire\downloads\_\Busty College Coeds POV 3 © Greedy DVDRiP XViD .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\Documents and Settings\\.limewire\downloads\_\Invalid Entry © Cherry Boxxx DVDRiP XViD .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\Documents and Settings\\.limewire\downloads\_\Double Jeopardy © Vivid DVDRiP XViD .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\Documents and Settings\\.limewire\downloads\_\12 Nasty Girls Masturbating 10 © Madness DVDRiP XViD .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\Documents and Settings\\.limewire\downloads\_\Shag The Hag © Anarchy Films DVDRiP XViD .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\Documents and Settings\\.limewire\downloads\_\Cum Filled Throats 19 © Devils-Films DVDRiP XViD .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\Documents and Settings\\.limewire\downloads\_\Big Breast Amateur Girls 4 © Xplor DVDRiP XViD .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\Documents and Settings\\.limewire\downloads\_\Barely Legal Princess Diaries 2 © Hustler DVDRiP XViD .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\Documents and Settings\\.limewire\downloads\_\Black Fanny Pack © Black Doll DVDRiP XViD .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\Documents and Settings\\.limewire\downloads\_\Teens Goin Wild 17 © Legend DVDRiP XViD .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\Documents and Settings\\.limewire\downloads\_\The Girl Next Door 3 © Combat-Zone DVDRiP XViD .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\Documents and Settings\\.limewire\downloads\_\Mouth Meat 6 © Powersville-Inc DVDRiP XViD .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\Documents and Settings\\.limewire\downloads\_\Attention Whores 9 © JM-Productions DVDRiP XViD .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\Documents and Settings\\.limewire\downloads\_\Blazin Asians © West-Coast DVDRiP XViD .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\Documents and Settings\\.limewire\downloads\_\Smokin Hot 2 © Platinum-X DVDRiP XViD .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\Documents and Settings\\.limewire\downloads\_\The Roommate Vol 02 DVDRiP XViD HENTAI .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\Documents and Settings\\.limewire\downloads\_\Deja Vu (2006) NTSC .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\Documents and Settings\\.limewire\downloads\_\The Fabric Of Time (2007) NTSC STV COMPLETE .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\Documents and Settings\\.limewire\downloads\_\Because I Said So (2007) NTSC R5 .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\Documents and Settings\\.limewire\downloads\_\Unnatural And Accidental (2006) NTSC LIMITED .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\Documents and Settings\\.limewire\downloads\_\Unaccompanied Minors (2006) NTSC .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\Documents and Settings\\.limewire\downloads\_\Perfume The Story Of A Murderer (2006) NTSC .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\Documents and Settings\\.limewire\downloads\_\Off The Black (2006) NTSC LIMITED .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\Documents and Settings\\.limewire\downloads\_\Notes On A Scandal (2006) NTSC .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\Documents and Settings\\.limewire\downloads\_\The Last King Of Scotland (2006) NTSC .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\Documents and Settings\\.limewire\downloads\_\10 Items Or Less (2006) LIMITED .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\Documents and Settings\\.limewire\downloads\_\Epic Movie (2007) DVDSCR NTSC WS R1 .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\Documents and Settings\\.limewire\downloads\_\Fear And Loathing In Las Vegas (1998) HDDVDRip 720p 5.1 XBOX360 WMV-HD .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\Documents and Settings\\.limewire\downloads\_\Copying Beethoven (2006) NTSC LIMITED .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\Documents and Settings\\.limewire\downloads\_\The Hamiltons (2006) NTSC .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\Documents and Settings\\.limewire\downloads\_\Freedom Writers (2007) NTSC .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\Documents and Settings\\.limewire\downloads\_\Smokin Aces (2007) NTSC .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\Documents and Settings\\.limewire\downloads\_\Death Of A President (2006) NTSC LIMITED .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\Documents and Settings\\.limewire\downloads\_\The Horrors Strange House 2007 BONUS DVD PAL .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\Documents and Settings\\.limewire\downloads\_\The Devil Wears Prada (2006) PAL MULTi .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\Documents and Settings\\.limewire\downloads\_\Perfume The Story Of A Murderer (2006) PAL .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\Documents and Settings\\.limewire\downloads\_\Happily Never After (2007) R5 .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\Documents and Settings\\.limewire\downloads\_\Ghostrider (2007) R5 .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\Documents and Settings\\.limewire\downloads\_\Jump In (2007) NTSC .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\Documents and Settings\\.limewire\downloads\_\300 (2006) DVDSCR PROPER .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\Documents and Settings\\.limewire\downloads\_\Curse Of The Golden Flower (2006) NTSC R1 .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\Documents and Settings\\.limewire\downloads\_\300 (2006) DVDSCR .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\Documents and Settings\\.limewire\downloads\_\The Holiday (2006) PAL .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\Documents and Settings\\.limewire\downloads\_\Facing The Giants (2006) PAL MULTISUBS .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\Documents and Settings\\.limewire\downloads\_\Black Christmas (2006) NTSC UNRATED .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\Documents and Settings\\.limewire\downloads\_\Catch Me If You Can (2002) 2DISC PAL MULTISUBS SE .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\Documents and Settings\\.limewire\downloads\_\Cinderella Man (2005) PAL MULTiSUBS .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\Documents and Settings\\.limewire\downloads\_\Bobby (2006) NTSC .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\Documents and Settings\\.limewire\downloads\_\The Prestige (2006) NTSC DTS .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\Documents and Settings\\.limewire\downloads\_\Ghost Son (2006) PAL .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\Documents and Settings\\.limewire\downloads\_\Entourage S03D02 PAL .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\Documents and Settings\\.limewire\downloads\_\Entourage S03D01 PAL .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\Documents and Settings\\.limewire\downloads\_\Happy Feet (2006) NO DK ENG PAL .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\Documents and Settings\\.limewire\downloads\_\Hollywoodland (2006) PAL .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\Documents and Settings\\.limewire\downloads\_\-- Look for another playground -- Royale (2006) PAL REPACK .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\Documents and Settings\\.limewire\downloads\_\The Good Sheperd (2006) NTSC .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\Documents and Settings\\.limewire\downloads\_\Charlottes Web (2006) NTSC .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\Documents and Settings\\.limewire\downloads\_\The Who Live In Locarno (2006) PAL COMPLETE .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\Documents and Settings\\.limewire\downloads\_\Kaiser Chiefs Live De La Semaine (2007) PAL DVB .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\Documents and Settings\\.limewire\downloads\_\-- Look for another playground -- Royale (2006) PAL PROPER .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\Documents and Settings\\.limewire\downloads\_\Something New (2006) PAL REPACK .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\Documents and Settings\\.limewire\downloads\_\Deep Sea (2006) NTSC .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\Documents and Settings\\.limewire\downloads\_\-- Look for another playground -- Royale (2006) PAL .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\Documents and Settings\\.limewire\downloads\_\Stephen Kings Desperation (2006) PAL .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\Documents and Settings\\.limewire\downloads\_\Penn And Teller Bullshit S05E03 PDTV XViD .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\Documents and Settings\\.limewire\downloads\_\Desperate Housewives S03 Special The Juiciest Bites HDTV XViD .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\Documents and Settings\\.limewire\downloads\_\Shark S01E18 HDTV XViD .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\Documents and Settings\\.limewire\downloads\_\Andy Barker P.I. S01E04 HDTV XViD .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\Documents and Settings\\.limewire\downloads\_\Scrubs S06E15 PDTV XViD .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\Documents and Settings\\.limewire\downloads\_\CSI S07E19 HDTV XViD .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\Documents and Settings\\.limewire\downloads\_\Survivor S14E08 PDTV XViD .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\Documents and Settings\\.limewire\downloads\_\30 Rock S01E18 HDTV XViD .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\Documents and Settings\\.limewire\downloads\_\The Office US S03E19 HDTV XViD .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\Documents and Settings\\.limewire\downloads\_\Nick Cannon Presents Short Circuitz S01E01 DSR XViD .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\Documents and Settings\\.limewire\downloads\_\Lost S03E15 Left Behind HDTV PROPER XViD .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\Documents and Settings\\.limewire\downloads\_\Conan O Brien 2007.04.04 Ice Cube HDTV XViD .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\Documents and Settings\\.limewire\downloads\_\Jay Leno 2007.04.04 Jennifer Love Hewitt HDTV XViD .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\Documents and Settings\\.limewire\downloads\_\Return Of The 707 PDTV WS XViD .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\Documents and Settings\\.limewire\downloads\_\Halfway Home S01E04 XViD DSR .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\Documents and Settings\\.limewire\downloads\_\Medium S03E17 HDTV XViD .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\Documents and Settings\\.limewire\downloads\_\South Park S11E05 XViD DSR .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\Documents and Settings\\.limewire\downloads\_\Mythbusters S03E29 PDTV WS XViD .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\Documents and Settings\\.limewire\downloads\_\Til Death S01E20 HDTV XViD .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\Documents and Settings\\.limewire\downloads\_\Crossing Jordan S06E11 HDTV XViD .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\Documents and Settings\\.limewire\downloads\_\In Case Of Emergency S01E11 HDTV XViD .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\Documents and Settings\\.limewire\downloads\_\American Idol S06E27 HDTV XViD .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\Documents and Settings\\.limewire\downloads\_\According To Jim S06E13 HDTV XViD .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\Documents and Settings\\.limewire\downloads\_\Bones S02E18 HDTV XViD .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\Documents and Settings\\.limewire\downloads\_\George Lopez S06E11 HDTV XViD .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\Documents and Settings\\.limewire\downloads\_\George Lopez S06E10 HDTV XViD .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\Documents and Settings\\.limewire\downloads\_\Friday Night Lights S01E21 HDTV XViD .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected








Logfile of HijackThis v1.99.1
Scan saved at 8:39:21 PM, on 4/10/2007
Platfo
mnbvc521
Apr 11 2007, 03:46 AM
`Logfile of HijackThis v1.99.1
Scan saved at 8:39:21 PM, on 4/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\eManager\anbmServ.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Yahoo!\Antivirus\ISafe.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Arcade\PCMService.exe
C:\Program Files\Launch Manager\QtZgAcer.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2L1.EXE
C:\Program Files\Yahoo!\Antivirus\CAVTray.exe
C:\Program Files\Yahoo!\Antivirus\CAVRID.exe
C:\PROGRA~1\YAHOO!\YOP\yop.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\MICROS~4\wcescomm.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Southwest Airlines\Ding\Ding.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\acer\eRecovery\Monitor.exe
C:\PROGRA~1\YAHOO!\browser\ycommon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\MANUEL~1\LOCALS~1\Temp\Rar$EX01.344\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://dsl.sbc.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://global.acer.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: Plugin - {C318CD44-E327-4377-A28E-6EC16A921AE8} - C:\Program Files\Web Buying\v1.6.8\webbuying.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Arcade\PCMService.exe"
O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE
O4 - HKLM\..\Run: [eRecoveryService] C:\Windows\System32\Check.exe
O4 - HKLM\..\Run: [EPSON Stylus CX6400] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2L1.EXE /P19 "EPSON Stylus CX6400" /O6 "USB001" /M "Stylus CX6400"
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\Yahoo!\Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\Yahoo!\Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\YAHOO!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [hcsystray] C:\Program Files\Kuma Games\hcsystray\hc_tray.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRA~1\MICROS~4\wcescomm.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8
O4 - Global Startup: DING!.lnk = C:\Program Files\Southwest Airlines\Ding\Ding.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file://C:\Program Files\AutoCAD 2002\AcDcToday.ocx
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {94EB57FE-2720-496C-B33F-D9353C6E23F7} (F-Secure Online Scanner 2.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://C:\Program Files\AutoCAD 2002\InstBanr.ocx
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab34246.cab
O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred) - file://C:\Program Files\AutoCAD 2002\InstFred.ocx
O16 - DPF: {E473A65C-8087-49A3-AFFD-C5BC4A10669B} (Quantum Streaming IE Player Class) - http://mvnet.xlontech.net/qm/fox/06071909/qsp2ie06071909.cab
O16 - DPF: {E4C29FDC-F547-4219-ACFD-571F2A7A564A} (WebCamTest Class) - http://awbeta.net-nucleus.com/CABUPDATES/winwcd.cab
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://C:\Program Files\AutoCAD 2002\AcPreview.ocx
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\ISafe.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE
teacup61
Apr 11 2007, 01:00 PM
Hello,

Glad it's running better. :) Let's clean out that registry.

Download the trial version of Spy Sweeper from
Here

Install it using the Standard Install option. (You will be asked for your e-mail address, it is safe to give it. If you receive alerts from your firewall, allow all activities for Spy Sweeper)

You will be prompted to check for updated definitions, please do so.
(This may take several minutes)

Click on Options > Sweep Options and check Sweep all Folders on Selected drives. Check Local Disc C. Under What to Sweep, check every box.

Click on Sweep and allow it to fully scan your system.

When the sweep has finished, click Remove. Click Select All and then Next

From 'Results', select the Session Log tab. Click Save to File and save the log somewhere convenient.

Exit Spy Sweeper.

Restart your computer, and then please copy and paste the SpySweeper log into this thread. Popups gone?

Thanks,
tea
mnbvc521
Apr 11 2007, 06:50 PM
I'm not getting any popups. Thank You

This is what I'm getting:


Logfile of HijackThis v1.99.1
Scan saved at 11:45:18 AM, on 4/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\eManager\anbmServ.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Yahoo!\Antivirus\ISafe.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Arcade\PCMService.exe
C:\Program Files\Launch Manager\QtZgAcer.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2L1.EXE
C:\Program Files\Yahoo!\Antivirus\CAVTray.exe
C:\Program Files\Yahoo!\Antivirus\CAVRID.exe
C:\PROGRA~1\YAHOO!\YOP\yop.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\PROGRA~1\MICROS~4\wcescomm.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Southwest Airlines\Ding\Ding.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\acer\eRecovery\Monitor.exe
C:\PROGRA~1\YAHOO!\browser\ycommon.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\DOCUME~1\MANUEL~1\LOCALS~1\Temp\Rar$EX02.140\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://dsl.sbc.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://global.acer.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [SynTPLpr] "C:\Program Files\Synaptics\SynTP\SynTPLpr.exe"
O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SiSPower] "Rundll32.exe" SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] "C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /SYNC
O4 - HKLM\..\Run: [PHIME2002A] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /IMEName
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Arcade\PCMService.exe"
O4 - HKLM\..\Run: [LManager] "C:\Program Files\Launch Manager\QtZgAcer.EXE"
O4 - HKLM\..\Run: [eRecoveryService] C:\Windows\System32\Check.exe
O4 - HKLM\..\Run: [EPSON Stylus CX6400] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2L1.EXE" /P19 "EPSON Stylus CX6400" /O6 "USB001" /M "Stylus CX6400"
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\Yahoo!\Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\Yahoo!\Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [YOP] "C:\PROGRA~1\YAHOO!\YOP\yop.exe" /autostart
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [hcsystray] C:\Program Files\Kuma Games\hcsystray\hc_tray.exe
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRA~1\MICROS~4\wcescomm.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8
O4 - Global Startup: DING!.lnk = C:\Program Files\Southwest Airlines\Ding\Ding.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file://C:\Program Files\AutoCAD 2002\AcDcToday.ocx
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {94EB57FE-2720-496C-B33F-D9353C6E23F7} (F-Secure Online Scanner 2.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://C:\Program Files\AutoCAD 2002\InstBanr.ocx
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab34246.cab
O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred) - file://C:\Program Files\AutoCAD 2002\InstFred.ocx
O16 - DPF: {E473A65C-8087-49A3-AFFD-C5BC4A10669B} (Quantum Streaming IE Player Class) - http://mvnet.xlontech.net/qm/fox/06071909/qsp2ie06071909.cab
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://C:\Program Files\AutoCAD 2002\AcPreview.ocx
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\ISafe.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE






11:25 AM: Removal process completed. Elapsed time 00:00:44
11:24 AM: Quarantining All Traces: yieldmanager cookie
11:24 AM: Quarantining All Traces: falkag cookie
11:24 AM: Quarantining All Traces: casalemedia cookie
11:24 AM: Quarantining All Traces: tacoda cookie
11:24 AM: Quarantining All Traces: realmedia cookie
11:24 AM: Quarantining All Traces: burstbeacon cookie
11:24 AM: Quarantining All Traces: zedo cookie
11:24 AM: Quarantining All Traces: adbureau cookie
11:24 AM: Quarantining All Traces: burstnet cookie
11:24 AM: Quarantining All Traces: imrworldwide.com cookie
11:24 AM: Quarantining All Traces: adjuggler cookie
11:24 AM: Quarantining All Traces: askmen cookie
11:24 AM: Quarantining All Traces: reliablestats cookie
11:24 AM: Quarantining All Traces: server.iad.liveperson cookie
11:24 AM: Quarantining All Traces: bravenet cookie
11:24 AM: Quarantining All Traces: webhancer
11:24 AM: Quarantining All Traces: web buying
11:24 AM: Quarantining All Traces: webdir
11:24 AM: Quarantining All Traces: mirar webband
11:24 AM: Quarantining All Traces: core adware
11:24 AM: Quarantining All Traces: elitemediagroup-mediamotor
11:24 AM: Quarantining All Traces: purityscan
11:24 AM: Quarantining All Traces: enbrowser
11:24 AM: Quarantining All Traces: trojan-backdoor-spabot
11:24 AM: Removal process initiated
11:21 AM: Traces Found: 93
11:21 AM: Full Sweep has completed. Elapsed time 00:23:48
11:21 AM: HKLM\software\classes\plugin.plugin.1\ (ID = 2118116)
11:21 AM: HKLM\software\classes\appid\popengine.dll\ (ID = 2118115)
11:21 AM: HKCR\plugin.plugin\ (ID = 2110955)
11:21 AM: HKLM\software\classes\plugin.plugin\ (ID = 2110949)
11:21 AM: File Sweep Complete, Elapsed Time: 00:18:44
11:21 AM: The Internet Communication shield has blocked access to: MEDIA.DESKWIZZ.COM
11:20 AM: The Internet Communication shield has blocked access to: ADS.Z-QUEST.COM
11:20 AM: The Internet Communication shield has blocked access to: ADS.Z-QUEST.COM
11:20 AM: The Internet Communication shield has blocked access to: K8L.INFO
11:20 AM: The Internet Communication shield has blocked access to: ADS.Z-QUEST.COM
11:17 AM: Warning: SweepDirectories: Cannot find directory "e:". This directory was not added to the list of paths to be scanned.
11:11 AM: C:\Program Files\Common Files\Yazzle1281OinUninstaller.exe (ID = 385232)
11:11 AM: Found Adware: purityscan
11:10 AM: The Internet Communication shield has blocked access to: ADS.Z-QUEST.COM
11:10 AM: The Internet Communication shield has blocked access to: ADS.Z-QUEST.COM
11:10 AM: Warning: Failed to open file "c:\documents and settings\ \local settings\application data\microsoft\windows\usrclass.dat". The process cannot access the file because it is being used by another process
11:10 AM: Warning: Failed to open file "c:\documents and settings\ \local settings\application data\microsoft\windows\usrclass.dat.log". The process cannot access the file because it is being used by another process
11:10 AM: The Internet Communication shield has blocked access to: ADS.Z-QUEST.COM
11:10 AM: The Internet Communication shield has blocked access to: ADS.Z-QUEST.COM
11:10 AM: The Internet Communication shield has blocked access to: K8L.INFO
11:09 AM: The Internet Communication shield has blocked access to: K8L.INFO
11:09 AM: The Internet Communication shield has blocked access to: ADS.Z-QUEST.COM
11:09 AM: The Internet Communication shield has blocked access to: ADS.Z-QUEST.COM
11:08 AM: Warning: Failed to open file "c:\documents and settings\ \ntuser.dat.log". The process cannot access the file because it is being used by another process
11:08 AM: Warning: Failed to open file "c:\documents and settings\ \ntuser.dat". The process cannot access the file because it is being used by another process
11:08 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\data\settings.dat". The process cannot access the file because it is being used by another process
11:08 AM: Warning: Failed to open file "c:\documents and settings\localservice\local settings\application data\microsoft\windows\usrclass.dat.log". The process cannot access the file because it is being used by another process
11:08 AM: Warning: Failed to open file "c:\documents and settings\localservice\local settings\application data\microsoft\windows\usrclass.dat". The process cannot access the file because it is being used by another process
11:08 AM: Warning: Failed to open file "c:\documents and settings\localservice\ntuser.dat.log". The process cannot access the file because it is being used by another process
11:08 AM: Warning: Failed to open file "c:\documents and settings\localservice\ntuser.dat". The process cannot access the file because it is being used by another process
11:08 AM: Warning: Failed to open file "c:\documents and settings\networkservice\local settings\application data\microsoft\windows\usrclass.dat.log". The process cannot access the file because it is being used by another process
11:08 AM: Warning: Failed to open file "c:\documents and settings\networkservice\local settings\application data\microsoft\windows\usrclass.dat". The process cannot access the file because it is being used by another process
11:08 AM: Warning: Failed to open file "c:\documents and settings\networkservice\ntuser.dat.log". The process cannot access the file because it is being used by another process
11:08 AM: Warning: Failed to open file "c:\documents and settings\networkservice\ntuser.dat". The process cannot access the file because it is being used by another process
11:05 AM: Warning: Failed to open file "c:\windows\system32\config\default". The process cannot access the file because it is being used by another process
11:05 AM: Warning: Failed to open file "c:\windows\system32\config\software". The process cannot access the file because it is being used by another process
11:05 AM: Warning: Failed to open file "c:\windows\system32\config\system". The process cannot access the file because it is being used by another process
11:05 AM: Warning: Failed to open file "c:\windows\system32\config\security.log". The process cannot access the file because it is being used by another process
11:05 AM: Warning: Failed to open file "c:\windows\system32\config\sam.log". The process cannot access the file because it is being used by another process
11:05 AM: Warning: Failed to open file "c:\windows\system32\config\sam". The process cannot access the file because it is being used by another process
11:05 AM: Warning: Failed to open file "c:\windows\system32\config\security". The process cannot access the file because it is being used by another process
11:05 AM: Warning: Failed to open file "c:\windows\system32\config\default.log". The process cannot access the file because it is being used by another process
11:05 AM: Warning: Failed to open file "c:\windows\system32\config\software.log". The process cannot access the file because it is being used by another process
11:05 AM: Warning: Failed to open file "c:\windows\system32\config\system.log". The process cannot access the file because it is being used by another process
11:05 AM: C:\WINDOWS\system32\Winwcd.dll (ID = 383662)
11:04 AM: C:\WINDOWS\hancerdoem.exe (ID = 378334)
11:04 AM: C:\WINDOWS\hancermm.exe (ID = 382686)
11:04 AM: Found Adware: webhancer
11:03 AM: Warning: Failed to open file "c:\hiberfil.sys". Access is denied
11:03 AM: Warning: Failed to open file "c:\pagefile.sys". Access is denied
11:02 AM: Starting File Sweep
11:02 AM: Cookie Sweep Complete, Elapsed Time: 00:00:02
11:02 AM: c:\documents and settings\ \cookies\_@bravenet[3].txt (ID = 2322)
11:02 AM: c:\documents and settings\ \cookies\_@ad.yieldmanager[2].txt (ID = 3751)
11:02 AM: c:\documents and settings\ \cookies\_@ad.yieldmanager[1].txt (ID = 3751)
11:02 AM: Found Spy Cookie: yieldmanager cookie
11:02 AM: c:\documents and settings\ \cookies\_@as-eu.falkag[2].txt (ID = 2650)
11:02 AM: Found Spy Cookie: falkag cookie
11:02 AM: c:\documents and settings\ \cookies\_@casalemedia[2].txt (ID = 2354)
11:02 AM: Found Spy Cookie: casalemedia cookie
11:02 AM: c:\documents and settings\ \cookies\_@zedo[2].txt (ID = 3762)
11:02 AM: c:\documents and settings\ \cookies\_@rotator.its.adjuggler[1].txt (ID = 2070)
11:02 AM: c:\documents and settings\ \cookies\_@www.askmen[2].txt (ID = 2248)
11:02 AM: c:\documents and settings\ \cookies\_@tacoda[1].txt (ID = 6444)
11:02 AM: Found Spy Cookie: tacoda cookie
11:02 AM: c:\documents and settings\ \cookies\_@realmedia[2].txt (ID = 3235)
11:02 AM: Found Spy Cookie: realmedia cookie
11:02 AM: c:\documents and settings\ \cookies\_@www.burstbeacon[1].txt (ID = 2335)
11:02 AM: Found Spy Cookie: burstbeacon cookie
11:02 AM: c:\documents and settings\ \cookies\_@zedo[1].txt (ID = 3762)
11:02 AM: Found Spy Cookie: zedo cookie
11:02 AM: c:\documents and settings\ \cookies\_@tremor.adbureau[1].txt (ID = 2060)
11:02 AM: Found Spy Cookie: adbureau cookie
11:02 AM: c:\documents and settings\ \cookies\_@www.burstnet[2].txt (ID = 2337)
11:02 AM: Found Spy Cookie: burstnet cookie
11:02 AM: c:\documents and settings\ \cookies\_@imrworldwide[2].txt (ID = 2845)
11:02 AM: Found Spy Cookie: imrworldwide.com cookie
11:02 AM: c:\documents and settings\ \cookies\_@rotator.adjuggler[1].txt (ID = 2071)
11:02 AM: Found Spy Cookie: adjuggler cookie
11:02 AM: c:\documents and settings\ \cookies\_@www.askmen[1].txt (ID = 2248)
11:02 AM: c:\documents and settings\ \cookies\_@askmen[1].txt (ID = 2247)
11:02 AM: Found Spy Cookie: askmen cookie
11:02 AM: c:\documents and settings\ \cookies\_@server.iad.liveperson[1].txt (ID = 3341)
11:02 AM: c:\documents and settings\ \cookies\_@stats1.reliablestats[1].txt (ID = 3254)
11:02 AM: Found Spy Cookie: reliablestats cookie
11:02 AM: c:\documents and settings\ \cookies\_@server.iad.liveperson[2].txt (ID = 3341)
11:02 AM: Found Spy Cookie: server.iad.liveperson cookie
11:02 AM: c:\documents and settings\ \cookies\_@mercury.bravenet[2].txt (ID = 2323)
11:02 AM: c:\documents and settings\ \cookies\_@bravenet[2].txt (ID = 2322)
11:02 AM: Found Spy Cookie: bravenet cookie
11:02 AM: Starting Cookie Sweep
11:02 AM: Registry Sweep Complete, Elapsed Time:00:00:28
11:02 AM: HKU\S-1-5-21-1037663847-1275608690-149830823-1005\software\webbuying\ (ID = 2110957)
11:02 AM: HKU\S-1-5-21-1037663847-1275608690-149830823-1005\software\system\sysuid\ (ID = 731748)
11:02 AM: Found Adware: enbrowser
11:02 AM: HKU\S-1-5-21-1037663847-1275608690-149830823-1005\software\microsoft\internet explorer\toolbar\webbrowser\ || {9a9c9b68-f908-4aab-8d0c-10ea8997f37e} (ID = 135102)
11:02 AM: HKLM\system\controlset003\services\core\ (ID = 2152521)
11:02 AM: HKLM\system\controlset003\enum\root\legacy_core\ (ID = 2152512)
11:02 AM: HKLM\system\controlset001\services\core\ (ID = 2118343)
11:02 AM: HKLM\system\controlset001\enum\root\legacy_core\ (ID = 2118323)
11:02 AM: HKCR\typelib\{20e65ac6-c457-484d-b386-ad2db3753865}\ (ID = 2110956)
11:02 AM: HKCR\clsid\{c318cd44-e327-4377-a28e-6ec16a921ae8}\ (ID = 2110954)
11:02 AM: HKCR\appid\{4886e1bd-560b-4d75-ad85-d66cce2ddf53}\ (ID = 2110953)
11:02 AM: HKLM\software\microsoft\windows\currentversion\explorer\browser helper objects\{c318cd44-e327-4377-a28e-6ec16a921ae8}\ (ID = 2110951)
11:02 AM: HKLM\software\classes\typelib\{20e65ac6-c457-484d-b386-ad2db3753865}\ (ID = 2110950)
11:02 AM: HKLM\software\classes\clsid\{c318cd44-e327-4377-a28e-6ec16a921ae8}\ (ID = 2110948)
11:02 AM: HKLM\software\classes\appid\{4886e1bd-560b-4d75-ad85-d66cce2ddf53}\ (ID = 2110947)
11:02 AM: Found Adware: web buying
11:02 AM: HKLM\software\microsoft\code store database\distribution units\{e4c29fdc-f547-4219-acfd-571f2a7a564a}\ (ID = 1777101)
11:02 AM: HKLM\software\classes\webcamdet.webcamtest.1\ (ID = 1777097)
11:02 AM: HKLM\software\classes\webcamdet.webcamtest\ (ID = 1777091)
11:02 AM: HKLM\software\classes\typelib\{42298ff7-5dcd-4dff-825a-225eee6ff0c7}\ (ID = 1777081)
11:02 AM: HKLM\software\classes\clsid\{e4c29fdc-f547-4219-acfd-571f2a7a564a}\ (ID = 1777060)
11:02 AM: HKCR\webcamdet.webcamtest.1\ (ID = 1777055)
11:02 AM: HKCR\webcamdet.webcamtest\ (ID = 1777049)
11:02 AM: HKCR\typelib\{42298ff7-5dcd-4dff-825a-225eee6ff0c7}\ (ID = 1777039)
11:02 AM: HKCR\clsid\{e4c29fdc-f547-4219-acfd-571f2a7a564a}\ (ID = 1777018)
11:02 AM: HKLM\software\classes\interface\{db312456-e762-4369-844a-aed9006b1b2f}\ (ID = 1502064)
11:02 AM: HKLM\software\classes\interface\{41e1565d-b7a8-4251-bd79-e6c5facb2b5f}\ (ID = 1502038)
11:02 AM: HKCR\interface\{db312456-e762-4369-844a-aed9006b1b2f}\ (ID = 1497938)
11:02 AM: HKCR\interface\{41e1565d-b7a8-4251-bd79-e6c5facb2b5f}\ (ID = 1497876)
11:02 AM: HKLM\software\microsoft\nvchost\ || test (ID = 1389688)
11:02 AM: Found Trojan Horse: trojan-backdoor-spabot
11:02 AM: HKLM\software\classes\typelib\{d13decbb-52f8-4bf4-ba6c-b0cc603963c9}\ (ID = 1323842)
11:02 AM: HKCR\typelib\{d13decbb-52f8-4bf4-ba6c-b0cc603963c9}\ (ID = 1323794)
11:02 AM: HKLM\software\classes\typelib\{143414d1-c324-4d6f-9756-5075d9a4a485}\ (ID = 1220038)
11:02 AM: HKLM\software\classes\appid\virtualdns.dll\ (ID = 1220015)
11:02 AM: HKLM\software\classes\virtualdns.virtualdnsobj.1\ (ID = 1220010)
11:02 AM: HKLM\software\classes\virtualdns.virtualdnsobj\ (ID = 1220004)
11:02 AM: HKCR\typelib\{143414d1-c324-4d6f-9756-5075d9a4a485}\ (ID = 1219994)
11:02 AM: HKCR\appid\virtualdns.dll\ (ID = 1219962)
11:02 AM: HKCR\virtualdns.virtualdnsobj.1\ (ID = 1219957)
11:02 AM: HKCR\virtualdns.virtualdnsobj\ (ID = 1219951)
11:02 AM: Found Adware: webdir
11:02 AM: HKLM\software\classes\mirar_dummy_ats.mirar_dummy_ats1.1\clsid\ (ID = 1055293)
11:02 AM: HKLM\software\classes\mirar_dummy_ats.mirar_dummy_ats1.1\ (ID = 1055291)
11:02 AM: HKCR\mirar_dummy_ats.mirar_dummy_ats1.1\clsid\ (ID = 1055250)
11:02 AM: HKCR\mirar_dummy_ats.mirar_dummy_ats1.1\ (ID = 1055248)
11:02 AM: HKLM\software\mm\ (ID = 140211)
11:02 AM: Found Adware: elitemediagroup-mediamotor
11:02 AM: HKCR\typelib\{f8310e7d-4c4d-46a4-a068-b5bb99411cc7}\ (ID = 135122)
11:02 AM: HKCR\typelib\{566dede9-9ed8-45da-9be6-9b2eeab17f49}\ (ID = 135121)
11:02 AM: HKLM\software\classes\typelib\{f8310e7d-4c4d-46a4-a068-b5bb99411cc7}\ (ID = 135093)
11:02 AM: HKLM\software\classes\typelib\{566dede9-9ed8-45da-9be6-9b2eeab17f49}\ (ID = 135092)
11:02 AM: HKLM\software\classes\nn_bar_dummy.nn_bardummy\curver\ (ID = 135091)
11:02 AM: HKLM\software\classes\nn_bar_dummy.nn_bardummy\clsid\ (ID = 135090)
11:02 AM: HKLM\software\classes\nn_bar_dummy.nn_bardummy\ (ID = 135089)
11:02 AM: HKLM\software\classes\nn_bar_dummy.nn_bardummy.1\ (ID = 135088)
11:02 AM: HKLM\software\classes\interface\{224302b0-94e9-45c2-9e5b-ba989ee556e1}\ (ID = 135085)
11:02 AM: HKLM\software\classes\interface\{1037b06c-84b7-4240-8d80-485810a0497d}\ (ID = 135084)
11:02 AM: HKLM\software\classes\interface\{54b287f9-fd90-4457-b65e-cb91560c021d}\ (ID = 135083)
11:02 AM: HKLM\software\classes\interface\{6e4c7afc-9915-4036-b7f9-8b3f1710788f}\ (ID = 135082)
11:02 AM: HKCR\nn_bar_dummy.nn_bardummy\ (ID = 135076)
11:02 AM: HKCR\nn_bar_dummy.nn_bardummy.1\ (ID = 135075)
11:02 AM: HKCR\interface\{224302b0-94e9-45c2-9e5b-ba989ee556e1}\ (ID = 135072)
11:02 AM: HKCR\interface\{1037b06c-84b7-4240-8d80-485810a0497d}\ (ID = 135071)
11:02 AM: HKCR\interface\{54b287f9-fd90-4457-b65e-cb91560c021d}\ (ID = 135070)
11:02 AM: HKCR\interface\{6e4c7afc-9915-4036-b7f9-8b3f1710788f}\ (ID = 135069)
11:02 AM: Found Adware: mirar webband
11:02 AM: Starting Registry Sweep
11:02 AM: Memory Sweep Complete, Elapsed Time: 00:04:25
10:58 AM: The Internet Communication shield has blocked access to: ADS.Z-QUEST.COM
10:58 AM: The Internet Communication shield has blocked access to: ADS.Z-QUEST.COM
10:58 AM: The Internet Communication shield has blocked access to: ADS.Z-QUEST.COM
10:58 AM: The Internet Communication shield has blocked access to: ADS.Z-QUEST.COM
10:58 AM: Starting Memory Sweep
10:58 AM: HKLM\system\controlset001\services\core\ || imagepath (ID = 2149724)
10:58 AM: Found Adware: core adware
10:58 AM: Warning: DDAFileExists: Unexpected volume type
10:58 AM: Warning: TVolumeInfo.GetHandle: INVALID_HANDLE_VALUE
10:57 AM: Start Full Sweep
10:57 AM: Sweep initiated using definitions version 894
10:55 AM: The Internet Communication shield has blocked access to: ADS.Z-QUEST.COM
10:55 AM: The Internet Communication shield has blocked access to: ADS.Z-QUEST.COM
10:55 AM: The Internet Communication shield has blocked access to: ADS.Z-QUEST.COM
10:55 AM: The Internet Communication shield has blocked access to: ADS.Z-QUEST.COM
10:55 AM: The Internet Communication shield has blocked access to: ADS.Z-QUEST.COM
Keylogger: Off
BHO Shield: On
IE Security Shield: On
Alternate Data Stream (ADS) Execution Shield: On
Startup Shield: On
Common Ad Sites: Off
Hosts File Shield: On
Internet Communication Shield: On
ActiveX Shield: On
Windows Messenger Service Shield: On
IE Favorites Shield: On
Spy Installation Shield: On
Memory Shield: Off
IE Hijack Shield: On
IE Tracking Cookies Shield: Off
10:54 AM: Shield States
10:54 AM: Spyware Definitions: 894
10:54 AM: Spy Sweeper 5.3.2.2361 started
10:54 AM: Spy Sweeper 5.3.2.2361 started
10:54 AM: | Start of Session, Wednesday, April 11, 2007 |
***************
teacup61
Apr 12 2007, 03:23 AM
Hello there...I see you! hello.gif

Everything looks perfect. :) How is it running? If there are no further problems :

Below I have included a number of recommendations on how to protect your computer in order to prevent future malware infections. Please take these recommendations seriously! These few simple steps can stave off the vast majority of spyware problems.

Regularly go to http://windowsupdate.microsoft.com and download all the "critical updates" for Windows, including the latest version of Internet Explorer. This can patch many of the security holes through which attackers can gain access to your computer. You should also turn on the Windows automatic update feature.

You should definitely maintain a firewall. Some good free firewalls are Kerio, ZoneAlarm, or Outpost
A tutorial on understanding and using firewalls may be found here.

In order to protect yourself against spyware, you should consider installing and running the following free programs:

SpywareBlaster
A tutorial on using SpywareBlaster to prevent spyware from ever installing on your computer may be found here.

SpywareGuard
A tutorial on using SpywareGuard for realtime protection against spyware and hijackers may be found here.

Spybot-Search & Destroy
A tutorial on using Spybot to remove spyware from your computer may be found here. Please also remember to enable Spybot's "Immunize" and "TeaTimer" features.

IE/Spyad:
It places over 5000 malicious websites and domains in your IE's restricted zone.
IE/Spyad

Make sure to keep these programs up-to-date and to run them regularly, as this can prevent a great deal of spyware hassle.

* Avoid illegal sites, because that's where most malware is present.
* Don't click on links inside popups.
* Don't click on links in spam messages claiming to offer anti-spyware software; because most of these so called removers ARE spyware.
* Download free software only from sites you know and trust. A lot of free software can bundle other software, including spyware.

Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in popup blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from here:
http://www.mozilla.org/products/firefox/

Please make sure to run your antivirus software regularly, and to keep it up-to-date.

Take care!
tea
mnbvc521
Apr 13 2007, 02:50 AM
it's running great. THANK YOU!
teacup61
Apr 13 2007, 03:41 AM
You're most welcome. hello.gif
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
Invision Power Board © 2001-2009 Invision Power Services, Inc.