Tech Support Forum - View Single Post

Oz_Law · 10-14-2007, 03:52 PM

ComboFix 07-10-14.4 - Oz 2007-10-14 21:11:22.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1578 [GMT 1:00]
Running from: C:\Documents and Settings\Oz\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Oz\Desktop\CFScript.txt
* Created a new restore point

FILE::
C:\WINDOWS\system32\fcfceaaada_g.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\fcfceaaada_g.dll

.
((((((((((((((((((((((((( Files Created from 2007-09-14 to 2007-10-14 )))))))))))))))))))))))))))))))
.

2007-10-14 20:01 <DIR> d-------- C:\Documents and Settings\Oz\Application Data\InstallShield Installation Information
2007-10-14 19:59 <DIR> d-------- C:\Program Files\Unreal Tournament 3 Demo
2007-10-14 19:58 3,727,720 --a------ C:\WINDOWS\system32\d3dx9_35.dll
2007-10-14 19:58 1,358,192 --a------ C:\WINDOWS\system32\D3DCompiler_35.dll
2007-10-14 19:58 444,776 --a------ C:\WINDOWS\system32\d3dx10_35.dll
2007-10-14 19:04 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-14 18:07 <DIR> d-------- C:\Deckard
2007-10-14 00:20 <DIR> d-------- C:\Program Files\SystemRequirementsLab
2007-10-14 00:20 <DIR> d-------- C:\Documents and Settings\Oz\Application Data\SystemRequirementsLab
2007-10-14 00:13 <DIR> d-------- C:\WINDOWS\Sun
2007-10-14 00:12 <DIR> d-------- C:\Program Files\Java
2007-10-14 00:12 <DIR> d-------- C:\Program Files\Common Files\Java
2007-10-12 10:25 3,497,832 --a------ C:\WINDOWS\system32\d3dx9_34.dll
2007-10-12 10:25 1,124,720 --a------ C:\WINDOWS\system32\D3DCompiler_34.dll
2007-10-12 10:25 443,752 --a------ C:\WINDOWS\system32\d3dx10_34.dll
2007-10-12 10:25 266,088 --a------ C:\WINDOWS\system32\xactengine2_8.dll
2007-10-12 10:25 261,480 --a------ C:\WINDOWS\system32\xactengine2_7.dll
2007-10-12 10:25 255,848 --a------ C:\WINDOWS\system32\xactengine2_6.dll
2007-10-12 10:25 18,280 --a------ C:\WINDOWS\system32\x3daudio1_2.dll
2007-10-12 10:22 <DIR> d-------- C:\Program Files\Activision
2007-10-11 22:54 <DIR> d-------- C:\VundoFix Backups
2007-10-11 22:35 <DIR> d-------- C:\Program Files\Trend Micro
2007-10-08 09:05 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2007-10-07 14:34 <DIR> d-------- C:\Program Files\RivaTuner v2.05
2007-10-07 00:42 <DIR> d-------- C:\WINDOWS\nview
2007-10-07 00:42 356,352 --a------ C:\WINDOWS\system32\nvudisp.exe
2007-10-07 00:41 <DIR> d-------- C:\NVIDIA
2007-10-07 00:41 356,352 --a------ C:\WINDOWS\system32\NVUNINST.EXE
2007-10-07 00:05 53,248 --a------ C:\WINDOWS\system32\CSVer.dll
2007-10-02 14:40 <DIR> d-------- C:\Program Files\Asus
2007-10-02 11:04 <DIR> d-------- C:\Program Files\Bonjour
2007-10-02 10:57 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared
2007-10-02 10:14 <DIR> d-------- C:\Program Files\VirtualDJ
2007-10-02 09:55 <DIR> d-------- C:\Program Files\MagicISO
2007-09-30 19:46 <DIR> d-------- C:\Documents and Settings\Oz\.assistant
2007-09-30 19:38 <DIR> d-------- C:\Program Files\Marvell
2007-09-27 22:24 <DIR> d-------- C:\Program Files\Sierra Entertainment
2007-09-27 22:24 <DIR> d-------- C:\Documents and Settings\Oz\Application Data\InstallShield
2007-09-27 22:23 <DIR> d-------- C:\Program Files\DAEMON Tools
2007-09-25 14:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2007-09-24 10:26 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2007-09-24 10:26 47,357 --a------ C:\WINDOWS\system32\Keygen.exe
2007-09-21 19:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Screaming Bee
2007-09-21 19:32 <DIR> d-------- C:\Documents and Settings\Oz\Application Data\Screaming Bee
2007-09-21 19:24 <DIR> d-------- C:\Program Files\Common Files\Screaming Bee
2007-09-21 19:10 <DIR> d-------- C:\Program Files\AV Vcs 6.0 GOLD
2007-09-18 16:38 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Xfire
2007-09-17 19:50 <DIR> d-------- C:\Program Files\Xfire
2007-09-17 19:50 <DIR> d-------- C:\Documents and Settings\Oz\Application Data\Xfire
2007-09-15 16:50 6,853,088 --a------ C:\WINDOWS\system32\drivers\nv4_mini.sys
2007-09-15 16:50 6,853,088 --a--c--- C:\WINDOWS\system32\dllcache\nv4_mini.sys
2007-09-15 16:50 5,783,040 --a------ C:\WINDOWS\system32\nv4_disp.dll
2007-09-15 16:50 5,783,040 --a--c--- C:\WINDOWS\system32\dllcache\nv4_disp.dll
2007-09-14 23:54 <DIR> d-------- C:\Program Files\RegSupreme Pro

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-14 19:06 --------- d-----w C:\Documents and Settings\Oz\Application Data\uTorrent
2007-10-14 18:58 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-10-14 18:57 --------- d-----w C:\Program Files\AGEIA Technologies
2007-10-14 11:36 --------- d-----w C:\Program Files\Steam
2007-10-12 09:24 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-10-08 11:52 --------- d-----w C:\Program Files\Microsoft Works
2007-10-06 23:55 --------- d-----w C:\Program Files\NVIDIA Corporation
2007-10-05 09:17 --------- d-----w C:\Program Files\a-squared Anti-Malware
2007-10-02 10:03 --------- d-----w C:\Program Files\Common Files\Adobe
2007-09-25 13:37 --------- d-----w C:\Program Files\QuickTime
2007-09-25 13:37 --------- d-----w C:\Program Files\Apple Software Update
2007-09-16 18:27 --------- d-----w C:\Documents and Settings\Oz\Application Data\Bioshock
2007-09-16 13:48 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2007-09-10 18:58 278,728 ----a-w C:\WINDOWS\system32\drivers\atksgt.sys
2007-09-10 18:58 25,416 ----a-w C:\WINDOWS\system32\drivers\lirsgt.sys
2007-09-10 17:57 --------- d-----w C:\Documents and Settings\Oz\Application Data\DAEMON Tools Pro
2007-09-10 15:47 685,816 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2007-09-09 13:37 --------- d-----w C:\Program Files\NT Registry Optimizer
2007-09-08 16:45 --------- d-----w C:\Program Files\Diskeeper Corporation
2007-09-06 10:39 --------- d-----w C:\Program Files\Creative
2007-09-05 17:41 --------- d-----w C:\Program Files\Google
2007-09-05 13:09 --------- d-----w C:\Program Files\SiSoftware
2007-09-05 12:30 --------- d-----w C:\Documents and Settings\Oz\Application Data\Uniblue
2007-09-04 00:08 --------- d-----w C:\Program Files\Xvid
2007-09-03 19:30 --------- d-----w C:\Program Files\CyberLink
2007-09-02 07:56 --------- d-----w C:\Documents and Settings\Bill\Application Data\VersionTracker Pro
2007-08-30 19:00 --------- d-----w C:\Documents and Settings\Oz\Application Data\VersionTracker Pro
2007-08-30 18:59 --------- d-----w C:\Program Files\Winamp
2007-08-29 13:47 --------- d-----w C:\Program Files\TechTracker
2007-08-27 20:37 --------- d-----w C:\Program Files\CCleaner
2005-06-07 12:58 765,952 ----a-w C:\WINDOWS\system32\config\systemprofile\CRLDS3D.DLL
2005-06-07 12:58 765,952 ----a-w C:\Documents and Settings\Oz\CRLDS3D.DLL
2005-06-07 12:58 765,952 ----a-w C:\Documents and Settings\Default User\CRLDS3D.DLL
2005-06-07 12:58 765,952 ----a-w C:\Documents and Settings\Bill\CRLDS3D.DLL
.

((((((((((((((((((((((((((((( snapshot@2007-10-14_19.07.34.57 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-10-14 19:01:13 10,134 ----a-r C:\WINDOWS\Installer\{3266FEA9-98E9-448B-B235-DAC63D4CE781}\ARPPRODUCTICON.exe
+ 2007-10-14 19:01:13 8,854 ----a-r C:\WINDOWS\Installer\{3266FEA9-98E9-448B-B235-DAC63D4CE781}\UNINST_Uninstall_U_60A1F671743240AA8B648B7E9493FFD4.exe
- 2007-07-22 16:39:56 199,885 ----a-w C:\WINDOWS\system32\ageia\AG1011\app.bin
+ 2007-07-24 07:20:06 207,405 ----a-w C:\WINDOWS\system32\ageia\AG1011\app.bin
- 2007-06-25 19:37:06 114,217 ----a-w C:\WINDOWS\system32\ageia\AG1021\diag.bin
+ 2007-05-16 07:42:44 105,981 ----a-w C:\WINDOWS\system32\ageia\AG1021\diag.bin
+ 2007-09-13 06:43:00 120,320 -c--a-w C:\WINDOWS\system32\DRVSTORE\PhysX32_FFB51AAB1A2BF852A002A5B1138133BBA89337D4\physX32.sys
- 2007-06-19 07:59:36 70,400 ----a-w C:\WINDOWS\system32\PhysXLoader.dll
+ 2007-09-13 08:45:50 70,944 ----a-w C:\WINDOWS\system32\PhysXLoader.dll
+ 2007-10-14 20:16:26 35,850,501 ----a-w C:\WINDOWS\Temp\a2cache_0F850D93.dat
+ 2007-10-14 20:16:04 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_6a0.dat
+ 2007-10-14 20:16:08 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_714.dat
.
((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
----a-w 331,776 2006-03-20 19:43:16 C:\Program Files\AGEIA Technologies\bak\TrayIcon.exe

----a-w 102,400 2004-12-02 17:23:34 C:\Program Files\Creative\MediaSource\Detector\bak\CTDetect.exe
------w 102,400 2004-12-02 17:23:34 C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe

----a-w 35,328 2005-12-08 19:18:40 C:\Program Files\Winamp\bak\winampa.exe
----a-w 39,424 2007-08-22 02:50:34 C:\Program Files\Winamp\winampa.exe

----a-w 15,360 2004-08-04 12:00:00 C:\WINDOWS\system32\bak\ctfmon.exe
----a-w 15,360 2004-08-04 12:00:00 C:\WINDOWS\system32\ctfmon.exe

----a-w 155,648 2001-07-09 18:50:42 C:\WINDOWS\system32\bak\NeroCheck.exe

.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 18:20]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 01:00]
"RTHDCPL"="RTHDCPL.EXE" [2006-04-17 08:34 C:\WINDOWS\RTHDCPL.exe]
"P17Helper"="P17.dll" [2005-05-03 12:38 C:\WINDOWS\system32\P17.dll]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-03-02 20:13]
"CTHelper"="CTHELPER.EXE" [2005-06-18 07:01 C:\WINDOWS\CTHELPER.EXE]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
"a-squared"="C:\Program Files\a-squared Anti-Malware\a2guard.exe" [2007-09-02 16:02]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-09-17 01:07]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-09-17 01:07]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00]
"NVIDIA nTune"="C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-07-03 12:32]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Creative Detector"=C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Lexmark 1200 Series"="C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe"
"Alcmtr"=ALCMTR.EXE
"NvCplDaemon"=RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" -atboottime

R3 P17;Sound Blaster Audigy;C:\WINDOWS\system32\drivers\P17.sys
S3 BTNetFilter;Bluetooth Network Filter;\??\C:\WINDOWS\system32\drivers\BTNetFilter.sys
S3 RivaTuner32;RivaTuner32;\??\C:\Program Files\RivaTuner v2.05\RivaTuner32.sys
S3 RTLWUSB;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter;C:\WINDOWS\system32\DRIVERS\RTL8187.sys
S3 scrcap;scrcap;C:\WINDOWS\system32\DRIVERS\scrcap.sys
S3 SCREAMINGBDRIVER;Screaming Bee Audio;C:\WINDOWS\system32\drivers\ScreamingBAudio.sys

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ac91ba86-d572-11db-9bdb-009096cd6312}]
AutoRun\command - J:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ac91ba9e-d572-11db-9bdb-009096cd6312}]
AutoRun\command - J:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{aca780e2-4300-11db-841e-806d6172696f}]
AutoRun\command - D:\bootcd\autorun.com

.
Contents of the 'Scheduled Tasks' folder
"2007-10-09 20:13:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
"2007-10-14 20:19:03 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
"2007-10-05 12:17:00 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
"2007-09-05 12:17:31 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
.
**************************************************************************

catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-14 21:16:25
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-10-14 21:29:33 - machine was rebooted
C:\ComboFix2.txt ... 2007-10-14 19:09
.
--- E O F ---

Incident Status Location

Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Bill\Application Data\Mozilla\Firefox\Profiles\7wl9dcaw.default\cookies.txt[.doubleclick.net/]
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Bill\Application Data\Mozilla\Firefox\Profiles\7wl9dcaw.default\cookies.txt[.questionmarket.com/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Bill\Application Data\Mozilla\Firefox\Profiles\7wl9dcaw.default\cookies.txt[.atdmt.com/]
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Bill\Application Data\Mozilla\Firefox\Profiles\7wl9dcaw.default\cookies.txt[.mediaplex.com/]
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Bill\Application Data\Mozilla\Firefox\Profiles\7wl9dcaw.default\cookies.txt[.adrevolver.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Bill\Application Data\Mozilla\Firefox\Profiles\7wl9dcaw.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Bill\Application Data\Mozilla\Firefox\Profiles\7wl9dcaw.default\cookies.txt[.serving-sys.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Bill\Application Data\Mozilla\Firefox\Profiles\7wl9dcaw.default\cookies.txt[.bs.serving-sys.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Bill\Application Data\Mozilla\Firefox\Profiles\7wl9dcaw.default\cookies.txt[.serving-sys.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Bill\Application Data\Mozilla\Firefox\Profiles\7wl9dcaw.default\cookies.txt[.advertising.com/]
Spyware:Cookie/Adtech Not disinfected C:\Documents and Settings\Bill\Application Data\Mozilla\Firefox\Profiles\7wl9dcaw.default\cookies.txt[.adtech.de/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Bill\Application Data\Mozilla\Firefox\Profiles\7wl9dcaw.default\cookies.txt[.advertising.com/]
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Bill\Application Data\Mozilla\Firefox\Profiles\7wl9dcaw.default\cookies.txt[.ads.pointroll.com/]
Spyware:Cookie/Adviva Not disinfected C:\Documents and Settings\Bill\Application Data\Mozilla\Firefox\Profiles\7wl9dcaw.default\cookies.txt[.adviva.net/]
Spyware:Cookie/NewMedia Not disinfected C:\Documents and Settings\Bill\Application Data\Mozilla\Firefox\Profiles\7wl9dcaw.default\cookies.txt[.anm.co.uk/]
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\Bill\Application Data\Mozilla\Firefox\Profiles\7wl9dcaw.default\cookies.txt[.bluestreak.com/]
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Bill\Application Data\Mozilla\Firefox\Profiles\7wl9dcaw.default\cookies.txt[statse.webtrendslive.com/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Bill\Application Data\Mozilla\Firefox\Profiles\7wl9dcaw.default\cookies.txt[.112.2o7.net/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Bill\Application Data\Mozilla\Firefox\Profiles\7wl9dcaw.default\cookies.txt[.2o7.net/]
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Bill\Application Data\Mozilla\Firefox\Profiles\7wl9dcaw.default\cookies.txt[.statcounter.com/]
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Bill\Application Data\Mozilla\Firefox\Profiles\7wl9dcaw.default\cookies.txt[.apmebf.com/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Bill\Application Data\Mozilla\Firefox\Profiles\7wl9dcaw.default\cookies.txt[.overture.com/]
Spyware:Cookie/Tradedoubler Not disinfected C:\Documents and Settings\Bill\Application Data\Mozilla\Firefox\Profiles\7wl9dcaw.default\cookies.txt[.tradedoubler.com/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Bill\Application Data\Mozilla\Firefox\Profiles\7wl9dcaw.default\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Bill\Application Data\Mozilla\Firefox\Profiles\7wl9dcaw.default\cookies.txt[.xiti.com/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Bill\Application Data\Mozilla\Firefox\Profiles\7wl9dcaw.default\cookies.txt[.perf.overture.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Bill\Cookies\bill@ad.yieldmanager[2].txt
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Bill\Cookies\bill@apmebf[1].txt
Spyware:Cookie/Casinotropez Not disinfected C:\Documents and Settings\Bill\Cookies\bill@casinotropez[1].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Oz\Application Data\Mozilla\Firefox\Profiles\y3puy4vo.default\cookies-1.txt[ad.yieldmanager.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Oz\Application Data\Mozilla\Firefox\Profiles\y3puy4vo.default\cookies-1.txt[.ad.yieldmanager.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Oz\Application Data\Mozilla\Firefox\Profiles\y3puy4vo.default\cookies-1.txt[ad.yieldmanager.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Oz\Application Data\Mozilla\Firefox\Profiles\y3puy4vo.default\cookies-1.txt[.247realmedia.com/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Oz\Application Data\Mozilla\Firefox\Profiles\y3puy4vo.default\cookies-1.txt[.atdmt.com/]
Spyware:Cookie/Adtech Not disinfected C:\Documents and Settings\Oz\Application Data\Mozilla\Firefox\Profiles\y3puy4vo.default\cookies-1.txt[.adtech.de/]
Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\Oz\Application Data\Mozilla\Firefox\Profiles\y3puy4vo.default\cookies-1.txt[.adserver.easyad.info/]
Spyware:Cookie/Adtech Not disinfected C:\Documents and Settings\Oz\Application Data\Mozilla\Firefox\Profiles\y3puy4vo.default\cookies-1.txt[.adtech.de/]
Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\Oz\Application Data\Mozilla\Firefox\Profiles\y3puy4vo.default\cookies-1.txt[.adserver.easyad.info/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Oz\Application Data\Mozilla\Firefox\Profiles\y3puy4vo.default\cookies-1.txt[.doubleclick.net/]
Spyware:Cookie/Azjmp Not disinfected C:\Documents and Settings\Oz\Application Data\Mozilla\Firefox\Profiles\y3puy4vo.default\cookies-1.txt[.azjmp.com/]
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Oz\Application Data\Mozilla\Firefox\Profiles\y3puy4vo.default\cookies-1.txt[.adrevolver.com/]
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Oz\Application Data\Mozilla\Firefox\Profiles\y3puy4vo.default\cookies-1.txt[.as-eu.falkag.net/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Oz\Application Data\Mozilla\Firefox\Profiles\y3puy4vo.default\cookies-1.txt[.2o7.net/]
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Oz\Application Data\Mozilla\Firefox\Profiles\y3puy4vo.default\cookies-1.txt[.statcounter.com/]
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\Oz\Application Data\Mozilla\Firefox\Profiles\y3puy4vo.default\cookies-1.txt[.bluestreak.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Oz\Application Data\Mozilla\Firefox\Profiles\y3puy4vo.default\cookies-1.txt[.bs.serving-sys.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Oz\Application Data\Mozilla\Firefox\Profiles\y3puy4vo.default\cookies-1.txt[.serving-sys.com/]
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Oz\Application Data\Mozilla\Firefox\Profiles\y3puy4vo.default\cookies-1.txt[.questionmarket.com/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Oz\Application Data\Mozilla\Firefox\Profiles\y3puy4vo.default\cookies-1.txt[.fastclick.net/]
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Oz\Application Data\Mozilla\Firefox\Profiles\y3puy4vo.default\cookies-1.txt[.mediaplex.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Oz\Application Data\Mozilla\Firefox\Profiles\y3puy4vo.default\cookies-1.txt[.advertising.com/]
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Oz\Application Data\Mozilla\Firefox\Profiles\y3puy4vo.default\cookies-1.txt[statse.webtrendslive.com/]
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Oz\Application Data\Mozilla\Firefox\Profiles\y3puy4vo.default\cookies-1.txt[.zedo.com/]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Oz\Application Data\Mozilla\Firefox\Profiles\y3puy4vo.default\cookies-1.txt[.com.com/]
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Oz\Application Data\Mozilla\Firefox\Profiles\y3puy4vo.default\cookies-1.txt[.zedo.com/]
Spyware:Cookie/Clickbank Not disinfected C:\Documents and Settings\Oz\Application Data\Mozilla\Firefox\Profiles\y3puy4vo.default\cookies-1.txt[.clickbank.net/]
Spyware:Cookie/SpyLog Not disinfected C:\Documents and Settings\Oz\Application Data\Mozilla\Firefox\Profiles\y3puy4vo.default\cookies-1.txt[.spylog.com/]
Spyware:Cookie/HotLog Not disinfected C:\Documents and Settings\Oz\Application Data\Mozilla\Firefox\Profiles\y3puy4vo.default\cookies-1.txt[.hotlog.ru/]
Spyware:Cookie/SexList Not disinfected C:\Documents and Settings\Oz\Application Data\Mozilla\Firefox\Profiles\y3puy4vo.default\cookies-1.txt[.sexlist.com/]
Spyware:Cookie/7search Not disinfected C:\Documents and Settings\Oz\Application Data\Mozilla\Firefox\Profiles\y3puy4vo.default\cookies-1.txt[.7search.com/]
Spyware:Cookie/Tradedoubler Not disinfected C:\Documents and Settings\Oz\Application Data\Mozilla\Firefox\Profiles\y3puy4vo.default\cookies-1.txt[.tradedoubler.com/]
Spyware:Cookie/Systemdoctor Not disinfected C:\Documents and Settings\Oz\Application Data\Mozilla\Firefox\Profiles\y3puy4vo.default\cookies-1.txt[.systemdoctor.com/]
Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\Oz\Application Data\Mozilla\Firefox\Profiles\y3puy4vo.default\cookies-1.txt[searchportal.information.com/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Oz\Application Data\Mozilla\Firefox\Profiles\y3puy4vo.default\cookies-1.txt[.tribalfusion.com/]
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Oz\Application Data\Mozilla\Firefox\Profiles\y3puy4vo.default\cookies-1.txt[.burstnet.com/]
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Oz\Application Data\Mozilla\Firefox\Profiles\y3puy4vo.default\cookies-1.txt[.apmebf.com/]
Spyware:Cookie/Hitslink Not disinfected C:\Documents and Settings\Oz\Application Data\Mozilla\Firefox\Profiles\y3puy4vo.default\cookies-1.txt[counter.hitslink.com/]
Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\Oz\Application Data\Mozilla\Firefox\Profiles\y3puy4vo.default\cookies-1.txt[.toplist.cz/]
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Oz\Application Data\Mozilla\Firefox\Profiles\y3puy4vo.default\cookies-1.txt[.ads.pointroll.com/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Oz\Application Data\Mozilla\Firefox\Profiles\y3puy4vo.default\cookies-1.txt[.overture.com/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Oz\Application Data\Mozilla\Firefox\Profiles\y3puy4vo.default\cookies-1.txt[.perf.overture.com/]
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Oz\Application Data\Mozilla\Firefox\Profiles\y3puy4vo.default\cookies-1.txt[.xiti.com/]
Spyware:Cookie/PayCounter Not disinfected C:\Documents and Settings\Oz\Application Data\Mozilla\Firefox\Profiles\y3puy4vo.default\cookies-1.txt[.paycounter.com/]
Spyware:Cookie/Yadro Not disinfected C:\Documents and Settings\Oz\Application Data\Mozilla\Firefox\Profiles\y3puy4vo.default\cookies-1.txt[.yadro.ru/]
Spyware:Cookie/Findwhat Not disinfected C:\Documents and Settings\Oz\Application Data\Mozilla\Firefox\Profiles\y3puy4vo.default\cookies-1.txt[.findwhat.com/]
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Oz\Application Data\Mozilla\Firefox\Profiles\y3puy4vo.default\cookies-1.txt[statse.webtrendslive.com/S152628]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Oz\Application Data\Mozilla\Firefox\Profiles\y3puy4vo.default\cookies.txt[.112.2o7.net/]
Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\Oz\Application Data\Mozilla\Firefox\Profiles\y3puy4vo.default\cookies.txt[.toplist.cz/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Oz\Application Data\Mozilla\Firefox\Profiles\y3puy4vo.default\cookies.txt[.doubleclick.net/]
Spyware:Cookie/Tickle Not disinfected C:\Documents and Settings\Oz\Application Data\Mozilla\Firefox\Profiles\y3puy4vo.default\cookies.txt[.tickle.com/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Oz\Application Data\Mozilla\Firefox\Profiles\y3puy4vo.default\cookies.txt[.atdmt.com/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Oz\Application Data\Mozilla\Firefox\Profiles\y3puy4vo.default\cookies.txt[.fastclick.net/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Oz\Application Data\Mozilla\Firefox\Profiles\y3puy4vo.default\cookies.txt[.overture.com/]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Oz\Application Data\Mozilla\Firefox\Profiles\y3puy4vo.default\cookies.txt[.com.com/]
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Oz\Application Data\Mozilla\Firefox\Profiles\y3puy4vo.default\cookies.txt[.mediaplex.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Oz\Application Data\Mozilla\Firefox\Profiles\y3puy4vo.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Oz\Application Data\Mozilla\Firefox\Profiles\y3puy4vo.default\cookies.txt[.adrevolver.com/]
Spyware:Cookie/Adtech Not disinfected C:\Documents and Settings\Oz\Application Data\Mozilla\Firefox\Profiles\y3puy4vo.default\cookies.txt[.adtech.de/]
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Oz\Application Data\Mozilla\Firefox\Profiles\y3puy4vo.default\cookies.txt[.statcounter.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Oz\Application Data\Mozilla\Firefox\Profiles\y3puy4vo.default\cookies.txt[.serving-sys.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Oz\Application Data\Mozilla\Firefox\Profiles\y3puy4vo.default\cookies.txt[.bs.serving-sys.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Oz\Application Data\Mozilla\Firefox\Profiles\y3puy4vo.default\cookies.txt[.serving-sys.com/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Oz\Application Data\Mozilla\Firefox\Profiles\y3puy4vo.default\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Oz\Application Data\Mozilla\Firefox\Profiles\y3puy4vo.default\cookies.txt[.trafficmp.com/]
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Oz\Application Data\Mozilla\Firefox\Profiles\y3puy4vo.default\cookies.txt[.casalemedia.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Oz\Application Data\Mozilla\Firefox\Profiles\y3puy4vo.default\cookies.txt[.realmedia.com/]
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Oz\Application Data\Mozilla\Firefox\Profiles\y3puy4vo.default\cookies.txt[.questionmarket.com/]
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Oz\Cookies\oz@adrevolver[2].txt
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Oz\Cookies\oz@ads.pointroll[1].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Oz\Cookies\oz@advertising[2].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Oz\Cookies\oz@atdmt[2].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Oz\Cookies\oz@com[1].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Oz\Cookies\oz@doubleclick[2].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Oz\Cookies\oz@media.adrevolver[3].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Oz\Cookies\oz@mediaplex[1].txt
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Oz\Cookies\oz@questionmarket[2].txt
Spyware:Cookie/Tradedoubler Not disinfected C:\Documents and Settings\Oz\Cookies\oz@tradedoubler[2].txt
Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\Documents and Settings\Oz\Desktop\ComboFix.exe[nircmd.exe]
Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\Documents and Settings\Oz\Desktop\ComboFix.exe[nircmd.cfexe]
Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\Documents and Settings\Oz\Local Settings\Application Data\Mozilla\Firefox\Profiles\y3puy4vo.default\Cache\7ED6F4AAd01[nircmd.exe]
Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\Documents and Settings\Oz\Local Settings\Application Data\Mozilla\Firefox\Profiles\y3puy4vo.default\Cache\7ED6F4AAd01[nircmd.cfexe]
Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\WINDOWS\NirCmd.exe

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:51:00, on 14/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\a-squared Anti-Malware\a2service.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\CTHELPER.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [a-squared] "C:\Program Files\a-squared Anti-Malware\a2guard.exe" /d=60
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.google.co.uk
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1191752884906
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {97E71027-0BA2-44F2-97DB-F84D808ED0B6} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab55762.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary...o.cab56649.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary...t.cab57213.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Unknown owner - C:\Program Files\Bonjour\mDNSResponder.exe (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe (file missing)
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Professional Business XII\Win32\RpcDataSrv.exe
O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Professional Business XII\RpcSandraSrv.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

--
End of file - 8188 bytes

10-14-2007, 03:52 PM	#8 (permalink)
Oz_Law Registered User Join Date: Oct 2007 Posts: 10 OS: xp sp2	Re: ad.yieldmanager.com ComboFix 07-10-14.4 - Oz 2007-10-14 21:11:22.2 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1578 [GMT 1:00] Running from: C:\Documents and Settings\Oz\Desktop\ComboFix.exe Command switches used :: C:\Documents and Settings\Oz\Desktop\CFScript.txt * Created a new restore point FILE:: C:\WINDOWS\system32\fcfceaaada_g.dll . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\fcfceaaada_g.dll . ((((((((((((((((((((((((( Files Created from 2007-09-14 to 2007-10-14 ))))))))))))))))))))))))))))))) . 2007-10-14 20:01 <DIR> d-------- C:\Documents and Settings\Oz\Application Data\InstallShield Installation Information 2007-10-14 19:59 <DIR> d-------- C:\Program Files\Unreal Tournament 3 Demo 2007-10-14 19:58 3,727,720 --a------ C:\WINDOWS\system32\d3dx9_35.dll 2007-10-14 19:58 1,358,192 --a------ C:\WINDOWS\system32\D3DCompiler_35.dll 2007-10-14 19:58 444,776 --a------ C:\WINDOWS\system32\d3dx10_35.dll 2007-10-14 19:04 51,200 --a------ C:\WINDOWS\NirCmd.exe 2007-10-14 18:07 <DIR> d-------- C:\Deckard 2007-10-14 00:20 <DIR> d-------- C:\Program Files\SystemRequirementsLab 2007-10-14 00:20 <DIR> d-------- C:\Documents and Settings\Oz\Application Data\SystemRequirementsLab 2007-10-14 00:13 <DIR> d-------- C:\WINDOWS\Sun 2007-10-14 00:12 <DIR> d-------- C:\Program Files\Java 2007-10-14 00:12 <DIR> d-------- C:\Program Files\Common Files\Java 2007-10-12 10:25 3,497,832 --a------ C:\WINDOWS\system32\d3dx9_34.dll 2007-10-12 10:25 1,124,720 --a------ C:\WINDOWS\system32\D3DCompiler_34.dll 2007-10-12 10:25 443,752 --a------ C:\WINDOWS\system32\d3dx10_34.dll 2007-10-12 10:25 266,088 --a------ C:\WINDOWS\system32\xactengine2_8.dll 2007-10-12 10:25 261,480 --a------ C:\WINDOWS\system32\xactengine2_7.dll 2007-10-12 10:25 255,848 --a------ C:\WINDOWS\system32\xactengine2_6.dll 2007-10-12 10:25 18,280 --a------ C:\WINDOWS\system32\x3daudio1_2.dll 2007-10-12 10:22 <DIR> d-------- C:\Program Files\Activision 2007-10-11 22:54 <DIR> d-------- C:\VundoFix Backups 2007-10-11 22:35 <DIR> d-------- C:\Program Files\Trend Micro 2007-10-08 09:05 271,224 --a------ C:\WINDOWS\system32\mucltui.dll 2007-10-07 14:34 <DIR> d-------- C:\Program Files\RivaTuner v2.05 2007-10-07 00:42 <DIR> d-------- C:\WINDOWS\nview 2007-10-07 00:42 356,352 --a------ C:\WINDOWS\system32\nvudisp.exe 2007-10-07 00:41 <DIR> d-------- C:\NVIDIA 2007-10-07 00:41 356,352 --a------ C:\WINDOWS\system32\NVUNINST.EXE 2007-10-07 00:05 53,248 --a------ C:\WINDOWS\system32\CSVer.dll 2007-10-02 14:40 <DIR> d-------- C:\Program Files\Asus 2007-10-02 11:04 <DIR> d-------- C:\Program Files\Bonjour 2007-10-02 10:57 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared 2007-10-02 10:14 <DIR> d-------- C:\Program Files\VirtualDJ 2007-10-02 09:55 <DIR> d-------- C:\Program Files\MagicISO 2007-09-30 19:46 <DIR> d-------- C:\Documents and Settings\Oz\.assistant 2007-09-30 19:38 <DIR> d-------- C:\Program Files\Marvell 2007-09-27 22:24 <DIR> d-------- C:\Program Files\Sierra Entertainment 2007-09-27 22:24 <DIR> d-------- C:\Documents and Settings\Oz\Application Data\InstallShield 2007-09-27 22:23 <DIR> d-------- C:\Program Files\DAEMON Tools 2007-09-25 14:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple 2007-09-24 10:26 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet 2007-09-24 10:26 47,357 --a------ C:\WINDOWS\system32\Keygen.exe 2007-09-21 19:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Screaming Bee 2007-09-21 19:32 <DIR> d-------- C:\Documents and Settings\Oz\Application Data\Screaming Bee 2007-09-21 19:24 <DIR> d-------- C:\Program Files\Common Files\Screaming Bee 2007-09-21 19:10 <DIR> d-------- C:\Program Files\AV Vcs 6.0 GOLD 2007-09-18 16:38 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Xfire 2007-09-17 19:50 <DIR> d-------- C:\Program Files\Xfire 2007-09-17 19:50 <DIR> d-------- C:\Documents and Settings\Oz\Application Data\Xfire 2007-09-15 16:50 6,853,088 --a------ C:\WINDOWS\system32\drivers\nv4_mini.sys 2007-09-15 16:50 6,853,088 --a--c--- C:\WINDOWS\system32\dllcache\nv4_mini.sys 2007-09-15 16:50 5,783,040 --a------ C:\WINDOWS\system32\nv4_disp.dll 2007-09-15 16:50 5,783,040 --a--c--- C:\WINDOWS\system32\dllcache\nv4_disp.dll 2007-09-14 23:54 <DIR> d-------- C:\Program Files\RegSupreme Pro . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-10-14 19:06 --------- d-----w C:\Documents and Settings\Oz\Application Data\uTorrent 2007-10-14 18:58 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2007-10-14 18:57 --------- d-----w C:\Program Files\AGEIA Technologies 2007-10-14 11:36 --------- d-----w C:\Program Files\Steam 2007-10-12 09:24 --------- d--h--w C:\Program Files\InstallShield Installation Information 2007-10-08 11:52 --------- d-----w C:\Program Files\Microsoft Works 2007-10-06 23:55 --------- d-----w C:\Program Files\NVIDIA Corporation 2007-10-05 09:17 --------- d-----w C:\Program Files\a-squared Anti-Malware 2007-10-02 10:03 --------- d-----w C:\Program Files\Common Files\Adobe 2007-09-25 13:37 --------- d-----w C:\Program Files\QuickTime 2007-09-25 13:37 --------- d-----w C:\Program Files\Apple Software Update 2007-09-16 18:27 --------- d-----w C:\Documents and Settings\Oz\Application Data\Bioshock 2007-09-16 13:48 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP 2007-09-10 18:58 278,728 ----a-w C:\WINDOWS\system32\drivers\atksgt.sys 2007-09-10 18:58 25,416 ----a-w C:\WINDOWS\system32\drivers\lirsgt.sys 2007-09-10 17:57 --------- d-----w C:\Documents and Settings\Oz\Application Data\DAEMON Tools Pro 2007-09-10 15:47 685,816 ----a-w C:\WINDOWS\system32\drivers\sptd.sys 2007-09-09 13:37 --------- d-----w C:\Program Files\NT Registry Optimizer 2007-09-08 16:45 --------- d-----w C:\Program Files\Diskeeper Corporation 2007-09-06 10:39 --------- d-----w C:\Program Files\Creative 2007-09-05 17:41 --------- d-----w C:\Program Files\Google 2007-09-05 13:09 --------- d-----w C:\Program Files\SiSoftware 2007-09-05 12:30 --------- d-----w C:\Documents and Settings\Oz\Application Data\Uniblue 2007-09-04 00:08 --------- d-----w C:\Program Files\Xvid 2007-09-03 19:30 --------- d-----w C:\Program Files\CyberLink 2007-09-02 07:56 --------- d-----w C:\Documents and Settings\Bill\Application Data\VersionTracker Pro 2007-08-30 19:00 --------- d-----w C:\Documents and Settings\Oz\Application Data\VersionTracker Pro 2007-08-30 18:59 --------- d-----w C:\Program Files\Winamp 2007-08-29 13:47 --------- d-----w C:\Program Files\TechTracker 2007-08-27 20:37 --------- d-----w C:\Program Files\CCleaner 2005-06-07 12:58 765,952 ----a-w C:\WINDOWS\system32\config\systemprofile\CRLDS3D.DLL 2005-06-07 12:58 765,952 ----a-w C:\Documents and Settings\Oz\CRLDS3D.DLL 2005-06-07 12:58 765,952 ----a-w C:\Documents and Settings\Default User\CRLDS3D.DLL 2005-06-07 12:58 765,952 ----a-w C:\Documents and Settings\Bill\CRLDS3D.DLL . ((((((((((((((((((((((((((((( snapshot@2007-10-14_19.07.34.57 ))))))))))))))))))))))))))))))))))))))))) . + 2007-10-14 19:01:13 10,134 ----a-r C:\WINDOWS\Installer\{3266FEA9-98E9-448B-B235-DAC63D4CE781}\ARPPRODUCTICON.exe + 2007-10-14 19:01:13 8,854 ----a-r C:\WINDOWS\Installer\{3266FEA9-98E9-448B-B235-DAC63D4CE781}\UNINST_Uninstall_U_60A1F671743240AA8B648B7E9493FFD4.exe - 2007-07-22 16:39:56 199,885 ----a-w C:\WINDOWS\system32\ageia\AG1011\app.bin + 2007-07-24 07:20:06 207,405 ----a-w C:\WINDOWS\system32\ageia\AG1011\app.bin - 2007-06-25 19:37:06 114,217 ----a-w C:\WINDOWS\system32\ageia\AG1021\diag.bin + 2007-05-16 07:42:44 105,981 ----a-w C:\WINDOWS\system32\ageia\AG1021\diag.bin + 2007-09-13 06:43:00 120,320 -c--a-w C:\WINDOWS\system32\DRVSTORE\PhysX32_FFB51AAB1A2BF852A002A5B1138133BBA89337D4\physX32.sys - 2007-06-19 07:59:36 70,400 ----a-w C:\WINDOWS\system32\PhysXLoader.dll + 2007-09-13 08:45:50 70,944 ----a-w C:\WINDOWS\system32\PhysXLoader.dll + 2007-10-14 20:16:26 35,850,501 ----a-w C:\WINDOWS\Temp\a2cache_0F850D93.dat + 2007-10-14 20:16:04 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_6a0.dat + 2007-10-14 20:16:08 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_714.dat . ((((((((((((((((((((((((((((((((((((((((((((( AWF )))))))))))))))))))))))))))))))))))))))))))))))))))))))))) . ----a-w 331,776 2006-03-20 19:43:16 C:\Program Files\AGEIA Technologies\bak\TrayIcon.exe ----a-w 102,400 2004-12-02 17:23:34 C:\Program Files\Creative\MediaSource\Detector\bak\CTDetect.exe ------w 102,400 2004-12-02 17:23:34 C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe ----a-w 35,328 2005-12-08 19:18:40 C:\Program Files\Winamp\bak\winampa.exe ----a-w 39,424 2007-08-22 02:50:34 C:\Program Files\Winamp\winampa.exe ----a-w 15,360 2004-08-04 12:00:00 C:\WINDOWS\system32\bak\ctfmon.exe ----a-w 15,360 2004-08-04 12:00:00 C:\WINDOWS\system32\ctfmon.exe ----a-w 155,648 2001-07-09 18:50:42 C:\WINDOWS\system32\bak\NeroCheck.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 18:20] "UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 01:00] "RTHDCPL"="RTHDCPL.EXE" [2006-04-17 08:34 C:\WINDOWS\RTHDCPL.exe] "P17Helper"="P17.dll" [2005-05-03 12:38 C:\WINDOWS\system32\P17.dll] "nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-03-02 20:13] "CTHelper"="CTHELPER.EXE" [2005-06-18 07:01 C:\WINDOWS\CTHELPER.EXE] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06] "a-squared"="C:\Program Files\a-squared Anti-Malware\a2guard.exe" [2007-09-02 16:02] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-09-17 01:07] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-09-17 01:07] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00] "NVIDIA nTune"="C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-07-03 12:32] [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "Creative Detector"=C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" /background [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "Lexmark 1200 Series"="C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe" "Alcmtr"=ALCMTR.EXE "NvCplDaemon"=RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" -atboottime R3 P17;Sound Blaster Audigy;C:\WINDOWS\system32\drivers\P17.sys S3 BTNetFilter;Bluetooth Network Filter;\??\C:\WINDOWS\system32\drivers\BTNetFilter.sys S3 RivaTuner32;RivaTuner32;\??\C:\Program Files\RivaTuner v2.05\RivaTuner32.sys S3 RTLWUSB;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter;C:\WINDOWS\system32\DRIVERS\RTL8187.sys S3 scrcap;scrcap;C:\WINDOWS\system32\DRIVERS\scrcap.sys S3 SCREAMINGBDRIVER;Screaming Bee Audio;C:\WINDOWS\system32\drivers\ScreamingBAudio.sys [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ac91ba86-d572-11db-9bdb-009096cd6312}] AutoRun\command - J:\autorun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ac91ba9e-d572-11db-9bdb-009096cd6312}] AutoRun\command - J:\autorun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{aca780e2-4300-11db-841e-806d6172696f}] AutoRun\command - D:\bootcd\autorun.com . Contents of the 'Scheduled Tasks' folder "2007-10-09 20:13:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" "2007-10-14 20:19:03 C:\WINDOWS\Tasks\MP Scheduled Scan.job" - C:\Program Files\Windows Defender\MpCmdRun.exe "2007-10-05 12:17:00 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job" - C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe "2007-09-05 12:17:31 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job" - C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe . ************************************************************************ catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-10-14 21:16:25 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . Completion time: 2007-10-14 21:29:33 - machine was rebooted C:\ComboFix2.txt ... 2007-10-14 19:09 . --- E O F --- Incident Status Location Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Bill\Application Data\Mozilla\Firefox\Profiles\7wl9dcaw.default\cookies.txt[.doubleclick.net/] Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Bill\Application Data\Mozilla\Firefox\Profiles\7wl9dcaw.default\cookies.txt[.questionmarket.com/] Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Bill\Application Data\Mozilla\Firefox\Profiles\7wl9dcaw.default\cookies.txt[.atdmt.com/] Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Bill\Application Data\Mozilla\Firefox\Profiles\7wl9dcaw.default\cookies.txt[.mediaplex.com/] Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Bill\Application Data\Mozilla\Firefox\Profiles\7wl9dcaw.default\cookies.txt[.adrevolver.com/] Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Bill\Application Data\Mozilla\Firefox\Profiles\7wl9dcaw.default\cookies.txt[ad.yieldmanager.com/] Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Bill\Application Data\Mozilla\Firefox\Profiles\7wl9dcaw.default\cookies.txt[.serving-sys.com/] Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Bill\Application Data\Mozilla\Firefox\Profiles\7wl9dcaw.default\cookies.txt[.bs.serving-sys.com/] Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Bill\Application Data\Mozilla\Firefox\Profiles\7wl9dcaw.default\cookies.txt[.serving-sys.com/] Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Bill\Application Data\Mozilla\Firefox\Profiles\7wl9dcaw.default\cookies.txt[.advertising.com/] Spyware:Cookie/Adtech Not disinfected C:\Documents and Settings\Bill\Application Data\Mozilla\Firefox\Profiles\7wl9dcaw.default\cookies.txt[.adtech.de/] Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Bill\Application Data\Mozilla\Firefox\Profiles\7wl9dcaw.default\cookies.txt[.advertising.com/] Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Bill\Application Data\Mozilla\Firefox\Profiles\7wl9dcaw.default\cookies.txt[.ads.pointroll.com/] Spyware:Cookie/Adviva Not disinfected C:\Documents and Settings\Bill\Application Data\Mozilla\Firefox\Profiles\7wl9dcaw.default\cookies.txt[.adviva.net/] Spyware:Cookie/NewMedia Not disinfected C:\Documents and Settings\Bill\Application Data\Mozilla\Firefox\Profiles\7wl9dcaw.default\cookies.txt[.anm.co.uk/] Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\Bill\Application Data\Mozilla\Firefox\Profiles\7wl9dcaw.default\cookies.txt[.bluestreak.com/] Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Bill\Application Data\Mozilla\Firefox\Profiles\7wl9dcaw.default\cookies.txt[statse.webtrendslive.com/] Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Bill\Application Data\Mozilla\Firefox\Profiles\7wl9dcaw.default\cookies.txt[.112.2o7.net/] Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Bill\Application Data\Mozilla\Firefox\Profiles\7wl9dcaw.default\cookies.txt[.2o7.net/] Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Bill\Application Data\Mozilla\Firefox\Profiles\7wl9dcaw.default\cookies.txt[.statcounter.com/] Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Bill\Application Data\Mozilla\Firefox\Profiles\7wl9dcaw.default\cookies.txt[.apmebf.com/] Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Bill\Application Data\Mozilla\Firefox\Profiles\7wl9dcaw.default\cookies.txt[.overture.com/] Spyware:Cookie/Tradedoubler Not disinfected C:\Documents and Settings\Bill\Application Data\Mozilla\Firefox\Profiles\7wl9dcaw.default\cookies.txt[.tradedoubler.com/] Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Bill\Application Data\Mozilla\Firefox\Profiles\7wl9dcaw.default\cookies.txt[.tribalfusion.com/] Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Bill\Application Data\Mozilla\Firefox\Profiles\7wl9dcaw.default\cookies.txt[.xiti.com/] Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Bill\Application Data\Mozilla\Firefox\Profiles\7wl9dcaw.default\cookies.txt[.perf.overture.com/] Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Bill\Cookies\bill@ad.yieldmanager[2].txt Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Bill\Cookies\bill@apmebf[1].txt Spyware:Cookie/Casinotropez Not disinfected C:\Documents and Settings\Bill\Cookies\bill@casinotropez[1].txt Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Oz\Application Data\Mozilla\Firefox\Profiles\y3puy4vo.default\cookies-1.txt[ad.yieldmanager.com/] Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Oz\Application Data\Mozilla\Firefox\Profiles\y3puy4vo.default\cookies-1.txt[.ad.yieldmanager.com/] Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Oz\Application Data\Mozilla\Firefox\Profiles\y3puy4vo.default\cookies-1.txt[ad.yieldmanager.com/] Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Oz\Application Data\Mozilla\Firefox\Profiles\y3puy4vo.default\cookies-1.txt[.247realmedia.com/] Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Oz\Application Data\Mozilla\Firefox\Profiles\y3puy4vo.default\cookies-1.txt[.atdmt.com/] Spyware:Cookie/Adtech Not disinfected C:\Documents and Settings\Oz\Application Data\Mozilla\Firefox\Profiles\y3puy4vo.default\cookies-1.txt[.adtech.de/] Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\Oz\Application Data\Mozilla\Firefox\Profiles\y3puy4vo.default\cookies-1.txt[.adserver.easyad.info/] Spyware:Cookie/Adtech Not disinfected C:\Documents and Settings\Oz\Application Data\Mozilla\Firefox\Profiles\y3puy4vo.default\cookies-1.txt[.adtech.de/] Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\Oz\Application Data\Mozilla\Firefox\Profiles\y3puy4vo.default\cookies-1.txt[.adserver.easyad.info/] Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Oz\Application Data\Mozilla\Firefox\Profiles\y3puy4vo.default\cookies-1.txt[.doubleclick.net/] Spyware:Cookie/Azjmp Not disinfected C:\Documents and Settings\Oz\Application Data\Mozilla\Firefox\Profiles\y3puy4vo.default\cookies-1.txt[.azjmp.com/] Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Oz\Application Data\Mozilla\Firefox\Profiles\y3puy4vo.default\cookies-1.txt[.adrevolver.com/] Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Oz\Application Data\Mozilla\Firefox\Profiles\y3puy4vo.default\cookies-1.txt[.as-eu.falkag.net/] Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Oz\Application Data\Mozilla\Firefox\Profiles\y3puy4vo.default\cookies-1.txt[.2o7.net/] Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Oz\Application Data\Mozilla\Firefox\Profiles\y3puy4vo.default\cookies-1.txt[.statcounter.com/] Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\Oz\Application Data\Mozilla\Firefox\Profiles\y3puy4vo.default\cookies-1.txt[.bluestreak.com/] Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Oz\Application Data\Mozilla\Firefox\Profiles\y3puy4vo.default\cookies-1.txt[.bs.serving-sys.com/] Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Oz\Application Data\Mozilla\Firefox\Profiles\y3puy4vo.default\cookies-1.txt[.serving-sys.com/] Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Oz\Application Data\Mozilla\Firefox\Profiles\y3puy4vo.default\cookies-1.txt[.questionmarket.com/] Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Oz\Application Data\Mozilla\Firefox\Profiles\y3puy4vo.default\cookies-1.txt[.fastclick.net/] Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Oz\Application Data\Mozilla\Firefox\Profiles\y3puy4vo.default\cookies-1.txt[.mediaplex.com/] Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Oz\Application Data\Mozilla\Firefox\Profiles\y3puy4vo.default\cookies-1.txt[.advertising.com/] Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Oz\Application Data\Mozilla\Firefox\Profiles\y3puy4vo.default\cookies-1.txt[statse.webtrendslive.com/] Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Oz\Application Data\Mozilla\Firefox\Profiles\y3puy4vo.default\cookies-1.txt[.zedo.com/] Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Oz\Application Data\Mozilla\Firefox\Profiles\y3puy4vo.default\cookies-1.txt[.com.com/] Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Oz\Application Data\Mozilla\Firefox\Profiles\y3puy4vo.default\cookies-1.txt[.zedo.com/] Spyware:Cookie/Clickbank Not disinfected C:\Documents and Settings\Oz\Application Data\Mozilla\Firefox\Profiles\y3puy4vo.default\cookies-1.txt[.clickbank.net/] Spyware:Cookie/SpyLog Not disinfected C:\Documents and Settings\Oz\Application Data\Mozilla\Firefox\Profiles\y3puy4vo.default\cookies-1.txt[.spylog.com/] Spyware:Cookie/HotLog Not disinfected C:\Documents and Settings\Oz\Application Data\Mozilla\Firefox\Profiles\y3puy4vo.default\cookies-1.txt[.hotlog.ru/] Spyware:Cookie/SexList Not disinfected C:\Documents and Settings\Oz\Application Data\Mozilla\Firefox\Profiles\y3puy4vo.default\cookies-1.txt[.sexlist.com/] Spyware:Cookie/7search Not disinfected C:\Documents and Settings\Oz\Application Data\Mozilla\Firefox\Profiles\y3puy4vo.default\cookies-1.txt[.7search.com/] Spyware:Cookie/Tradedoubler Not disinfected C:\Documents and Settings\Oz\Application Data\Mozilla\Firefox\Profiles\y3puy4vo.default\cookies-1.txt[.tradedoubler.com/] Spyware:Cookie/Systemdoctor Not disinfected C:\Documents and Settings\Oz\Application Data\Mozilla\Firefox\Profiles\y3puy4vo.default\cookies-1.txt[.systemdoctor.com/] Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\Oz\Application Data\Mozilla\Firefox\Profiles\y3puy4vo.default\cookies-1.txt[searchportal.information.com/] Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Oz\Application Data\Mozilla\Firefox\Profiles\y3puy4vo.default\cookies-1.txt[.tribalfusion.com/] Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Oz\Application Data\Mozilla\Firefox\Profiles\y3puy4vo.default\cookies-1.txt[.burstnet.com/] Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Oz\Application Data\Mozilla\Firefox\Profiles\y3puy4vo.default\cookies-1.txt[.apmebf.com/] Spyware:Cookie/Hitslink Not disinfected C:\Documents and Settings\Oz\Application Data\Mozilla\Firefox\Profiles\y3puy4vo.default\cookies-1.txt[counter.hitslink.com/] Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\Oz\Application Data\Mozilla\Firefox\Profiles\y3puy4vo.default\cookies-1.txt[.toplist.cz/] Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Oz\Application Data\Mozilla\Firefox\Profiles\y3puy4vo.default\cookies-1.txt[.ads.pointroll.com/] Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Oz\Application Data\Mozilla\Firefox\Profiles\y3puy4vo.default\cookies-1.txt[.overture.com/] Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Oz\Application Data\Mozilla\Firefox\Profiles\y3puy4vo.default\cookies-1.txt[.perf.overture.com/] Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Oz\Application Data\Mozilla\Firefox\Profiles\y3puy4vo.default\cookies-1.txt[.xiti.com/] Spyware:Cookie/PayCounter Not disinfected C:\Documents and Settings\Oz\Application Data\Mozilla\Firefox\Profiles\y3puy4vo.default\cookies-1.txt[.paycounter.com/] Spyware:Cookie/Yadro Not disinfected C:\Documents and Settings\Oz\Application Data\Mozilla\Firefox\Profiles\y3puy4vo.default\cookies-1.txt[.yadro.ru/] Spyware:Cookie/Findwhat Not disinfected C:\Documents and Settings\Oz\Application Data\Mozilla\Firefox\Profiles\y3puy4vo.default\cookies-1.txt[.findwhat.com/] Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Oz\Application Data\Mozilla\Firefox\Profiles\y3puy4vo.default\cookies-1.txt[statse.webtrendslive.com/S152628] Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Oz\Application Data\Mozilla\Firefox\Profiles\y3puy4vo.default\cookies.txt[.112.2o7.net/] Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\Oz\Application Data\Mozilla\Firefox\Profiles\y3puy4vo.default\cookies.txt[.toplist.cz/] Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Oz\Application Data\Mozilla\Firefox\Profiles\y3puy4vo.default\cookies.txt[.doubleclick.net/] Spyware:Cookie/Tickle Not disinfected C:\Documents and Settings\Oz\Application Data\Mozilla\Firefox\Profiles\y3puy4vo.default\cookies.txt[.tickle.com/] Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Oz\Application Data\Mozilla\Firefox\Profiles\y3puy4vo.default\cookies.txt[.atdmt.com/] Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Oz\Application Data\Mozilla\Firefox\Profiles\y3puy4vo.default\cookies.txt[.fastclick.net/] Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Oz\Application Data\Mozilla\Firefox\Profiles\y3puy4vo.default\cookies.txt[.overture.com/] Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Oz\Application Data\Mozilla\Firefox\Profiles\y3puy4vo.default\cookies.txt[.com.com/] Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Oz\Application Data\Mozilla\Firefox\Profiles\y3puy4vo.default\cookies.txt[.mediaplex.com/] Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Oz\Application Data\Mozilla\Firefox\Profiles\y3puy4vo.default\cookies.txt[ad.yieldmanager.com/] Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Oz\Application Data\Mozilla\Firefox\Profiles\y3puy4vo.default\cookies.txt[.adrevolver.com/] Spyware:Cookie/Adtech Not disinfected C:\Documents and Settings\Oz\Application Data\Mozilla\Firefox\Profiles\y3puy4vo.default\cookies.txt[.adtech.de/] Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Oz\Application Data\Mozilla\Firefox\Profiles\y3puy4vo.default\cookies.txt[.statcounter.com/] Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Oz\Application Data\Mozilla\Firefox\Profiles\y3puy4vo.default\cookies.txt[.serving-sys.com/] Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Oz\Application Data\Mozilla\Firefox\Profiles\y3puy4vo.default\cookies.txt[.bs.serving-sys.com/] Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Oz\Application Data\Mozilla\Firefox\Profiles\y3puy4vo.default\cookies.txt[.serving-sys.com/] Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Oz\Application Data\Mozilla\Firefox\Profiles\y3puy4vo.default\cookies.txt[.tribalfusion.com/] Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Oz\Application Data\Mozilla\Firefox\Profiles\y3puy4vo.default\cookies.txt[.trafficmp.com/] Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Oz\Application Data\Mozilla\Firefox\Profiles\y3puy4vo.default\cookies.txt[.casalemedia.com/] Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Oz\Application Data\Mozilla\Firefox\Profiles\y3puy4vo.default\cookies.txt[.realmedia.com/] Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Oz\Application Data\Mozilla\Firefox\Profiles\y3puy4vo.default\cookies.txt[.questionmarket.com/] Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Oz\Cookies\oz@adrevolver[2].txt Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Oz\Cookies\oz@ads.pointroll[1].txt Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Oz\Cookies\oz@advertising[2].txt Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Oz\Cookies\oz@atdmt[2].txt Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Oz\Cookies\oz@com[1].txt Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Oz\Cookies\oz@doubleclick[2].txt Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Oz\Cookies\oz@media.adrevolver[3].txt Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Oz\Cookies\oz@mediaplex[1].txt Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Oz\Cookies\oz@questionmarket[2].txt Spyware:Cookie/Tradedoubler Not disinfected C:\Documents and Settings\Oz\Cookies\oz@tradedoubler[2].txt Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\Documents and Settings\Oz\Desktop\ComboFix.exe[nircmd.exe] Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\Documents and Settings\Oz\Desktop\ComboFix.exe[nircmd.cfexe] Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\Documents and Settings\Oz\Local Settings\Application Data\Mozilla\Firefox\Profiles\y3puy4vo.default\Cache\7ED6F4AAd01[nircmd.exe] Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\Documents and Settings\Oz\Local Settings\Application Data\Mozilla\Firefox\Profiles\y3puy4vo.default\Cache\7ED6F4AAd01[nircmd.cfexe] Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\WINDOWS\NirCmd.exe Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 22:51:00, on 14/10/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16544) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\Program Files\a-squared Anti-Malware\a2service.exe C:\WINDOWS\system32\CTsvcCDA.EXE C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Eset\nod32krn.exe C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\wltrysvc.exe C:\WINDOWS\System32\bcmwltry.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\WINDOWS\system32\Rundll32.exe C:\Program Files\Eset\nod32kui.exe C:\WINDOWS\CTHELPER.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = .local O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [a-squared] "C:\Program Files\a-squared Anti-Malware\a2guard.exe" /d=60 O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.google.co.uk O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1191752884906 O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab O16 - DPF: {97E71027-0BA2-44F2-97DB-F84D808ED0B6} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab55762.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary...o.cab56649.cab O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary...t.cab57213.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Unknown owner - C:\Program Files\Bonjour\mDNSResponder.exe (file missing) O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing) O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe (file missing) O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Professional Business XII\Win32\RpcDataSrv.exe O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Professional Business XII\RpcSandraSrv.exe O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe -- End of file - 8188 bytes Last edited by Oz_Law; 10-14-2007 at 03:53 PM.*