Find your solution!

Kiri P · 16-Jun-2008, 07:36 PM #1

im not really sure what happened, but one day i wanted to install a download accelerator plus and my pc would not let me do it. so i thought not a big deal, but when i try to install anything else it just would not let me do it.

so no i cant install anything even update my windows to SP3.

im pretty sure its ether a virus or malware of some sort. i just don't know how to get rid of it.

please, any help would be greatly appreciated.

Ki

P.S. sorry if i posted it in a wrong section im just desperate to get rid of junk, so i can get ready for school year, because i need some 3d software installed. thank you

**cybertech** · 18-Jun-2008, 05:36 PM #2

Hi, Welcome to TSG!!

Click here to download HJTInstall.exe

Save HJTInstall.exe to your desktop.
Doubleclick on the HJTInstall.exe icon on your desktop.
By default it will install to C:\Program Files\Trend Micro\HijackThis .
Click on Install.
It will create a HijackThis icon on the desktop.
Once installed, it will launch Hijackthis.
Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
Come back here to this thread and Paste the log in your next reply.
DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

Kiri P · 18-Jun-2008, 10:01 PM #3

here is the log file, thank you so much for helping out, i greatly appreciate this.

ki

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:58:16 PM, on 6/18/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Nhksrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\MMKeybd.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\Netropa\OSD.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBUA.EXE
C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\Program Files\DNA\btdna.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
F2 - REG:system.ini: Shell=Explorer.exe
O2 - BHO: (no name) - {71D0CDBD-253A-4796-8C69-A09B5625D300} - C:\WINDOWS\system32\nnnnNDWp.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll
O2 - BHO: (no name) - {81EA3F36-357A-435A-8741-52C27CCC9F21} - C:\WINDOWS\system32\rqRIxyyX.dll (file missing)
O2 - BHO: {ebd2921e-6b08-b1da-89b4-2b637814dc2b} - {b2cd4187-36b2-4b98-ad1b-80b6e1292dbe} - C:\WINDOWS\system32\heavsbsq.dll (file missing)
O2 - BHO: (no name) - {B61C9796-71D8-474D-89A4-F5AD6A958B28} - C:\WINDOWS\system32\yayXPFUk.dll (file missing)
O2 - BHO: (no name) - {D6CF2CB5-1857-4924-901E-28239AB2EBCC} - C:\WINDOWS\system32\rqrqpqPH.dll (file missing)
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [DellTouch] C:\WINDOWS\MMKeybd.exe
O4 - HKLM\..\Run: [SpeedBitVideoAccelerator] "C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe"
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Microsoft] Setup.exe
O4 - HKLM\..\RunServices: [Microsoft] Setup.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [EPSON Stylus Photo 1400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBUA.EXE /FU "C:\DOCUME~1\Kirill\LOCALS~1\Temp\E_S245.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/Driver...sysreqlab2.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: rqRIxyyX - rqRIxyyX.dll (file missing)
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: Netropa NHK Server (Nhksrv) - Unknown owner - C:\WINDOWS\Nhksrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 9729 bytes

**cybertech** · 19-Jun-2008, 10:21 AM #4

Please visit this webpage for instructions for downloading and running ComboFix.

Post the log from ComboFix when you've accomplished that, along with a new HijackThis log.

Kiri P · 19-Jun-2008, 08:58 PM #5

here it is, thank you so much

ComboFix 08-06-19.1 - Kirill 2008-06-19 20:42:04.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1425 [GMT -4:00]
Running from: C:\Documents and Settings\Kirill\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Kirill\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\BMe7ff0160.xml
C:\WINDOWS\cookies.ini
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\cpckgtgr.ini
C:\WINDOWS\system32\HPqpqrqr.ini
C:\WINDOWS\system32\HPqpqrqr.ini2
C:\WINDOWS\system32\iktagubs.ini
C:\WINDOWS\system32\kUFPXyay.ini
C:\WINDOWS\system32\kUFPXyay.ini2
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\pWDNnnnn.ini
C:\WINDOWS\system32\pWDNnnnn.ini2
C:\WINDOWS\system32\setup.exe.tmp
C:\WINDOWS\system32\ydohigbo.ini

.
((((((((((((((((((((((((( Files Created from 2008-05-20 to 2008-06-20 )))))))))))))))))))))))))))))))
.

2008-06-19 00:57 . 2008-06-19 01:00 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-06-18 21:57 . 2008-06-18 21:57 <DIR> d-------- C:\Program Files\Trend Micro
2008-06-18 14:28 . 2008-06-18 21:46 1,905 --a------ C:\WINDOWS\diagwrn.xml
2008-06-18 14:28 . 2008-06-18 21:46 1,905 --a------ C:\WINDOWS\diagerr.xml
2008-06-16 19:19 . 2008-06-18 15:00 <DIR> d-------- C:\Program Files\DAP
2008-06-16 18:09 . 2008-06-16 18:10 3,151 --a------ C:\WINDOWS\system32\spupdsvc.inf
2008-06-16 18:00 . 2008-06-16 18:00 <DIR> d-------- C:\WINDOWS\system32\scripting
2008-06-16 17:59 . 2008-06-16 17:59 <DIR> d-------- C:\WINDOWS\system32\en
2008-06-16 17:59 . 2008-06-16 18:02 <DIR> d-------- C:\WINDOWS\system32\bits
2008-06-16 17:59 . 2008-06-16 17:59 <DIR> d-------- C:\WINDOWS\l2schemas
2008-06-16 17:46 . 2007-10-25 23:36 8,454,656 --a------ C:\WINDOWS\system32\dllcache\shell32.dll
2008-06-16 17:39 . 2008-04-13 20:12 507,904 --a------ C:\WINDOWS\system32\SET196.tmp
2008-06-16 17:38 . 2008-04-13 20:12 8,461,312 --a------ C:\WINDOWS\system32\SET210.tmp
2008-06-16 17:37 . 2008-04-13 20:11 2,113,536 --a------ C:\WINDOWS\system32\SET1255.tmp
2008-06-16 17:22 . 2008-06-16 18:00 <DIR> d-------- C:\WINDOWS\system32\CatRoot_bak
2008-06-16 16:36 . 2008-06-16 16:36 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Avg7
2008-06-14 16:53 . 2008-06-16 16:29 <DIR> d-------- C:\Program Files\LimeWire
2008-06-12 09:18 . 2008-06-12 09:18 2,560 --a------ C:\WINDOWS\_MSRSTRT.EXE
2008-06-12 08:32 . 2008-06-16 18:59 <DIR> d-------- C:\Program Files\Eudemons Online
2008-06-11 10:59 . 2008-06-11 10:59 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Office Genuine Advantage
2008-06-10 08:47 . 2008-06-10 10:13 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Autodesk
2008-06-09 14:54 . 2008-06-09 14:54 <DIR> d-------- C:\Documents and Settings\Kirill\Application Data\Malwarebytes
2008-06-09 14:53 . 2008-06-09 14:53 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes
2008-06-09 14:48 . 2008-06-16 19:06 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Lavasoft
2008-06-09 11:38 . 2007-02-22 20:50 170,408 --a------ C:\WINDOWS\system32\drivers\mfehidk.sys
2008-06-09 11:38 . 2006-11-30 08:50 72,264 --a------ C:\WINDOWS\system32\drivers\mfeavfk.sys
2008-06-09 11:38 . 2006-11-30 08:50 64,360 --a------ C:\WINDOWS\system32\drivers\mfeapfk.sys
2008-06-09 11:38 . 2006-11-30 08:50 52,136 --a------ C:\WINDOWS\system32\drivers\mfetdik.sys
2008-06-09 11:38 . 2006-11-30 08:50 34,152 --a------ C:\WINDOWS\system32\drivers\mfebopk.sys
2008-06-09 11:38 . 2006-12-19 15:06 280 --a------ C:\WINDOWS\system32\epoPGPsdk.dll.sig
2008-06-08 23:04 . 2008-06-19 15:53 <DIR> d-------- C:\QUARANTINE
2008-06-08 21:42 . 2008-06-08 21:42 <DIR> d-------- C:\Program Files\Common Files\Cisco Systems
2008-06-08 21:42 . 2008-06-09 11:38 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\McAfee
2008-06-08 21:42 . 2006-12-19 15:06 1,495,552 --a------ C:\WINDOWS\system32\epoPGPsdk.dll
2008-06-08 21:39 . 2008-06-09 11:38 <DIR> d-------- C:\Program Files\McAfee
2008-06-08 21:39 . 2008-06-08 21:39 <DIR> d-------- C:\Program Files\Common Files\McAfee
2008-06-08 21:10 . 2008-06-19 01:00 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-08 10:04 . 2008-06-08 10:04 <DIR> d-------- C:\Program Files\Microsoft.NET
2008-06-06 14:15 . 2008-06-06 14:15 <DIR> d-------- C:\Program Files\AmbiCom
2008-06-06 03:32 . 2008-06-08 11:13 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help
2008-06-05 23:53 . 2008-06-19 01:00 <DIR> d-------- C:\Gamigo Games
2008-06-05 23:14 . 2008-06-05 23:14 124,688 --a------ C:\WINDOWS\system32\MSWINSCK.OCX
2008-05-27 23:11 . 2002-08-20 01:41 413,760 --a------ C:\WINDOWS\system32\MPG4c32.dll
2008-05-27 16:41 . 2008-05-27 21:26 <DIR> d-------- C:\Program Files\SpeedBit Video Accelerator
2008-05-27 16:38 . 2008-05-27 16:39 <DIR> d-------- C:\Documents and Settings\Kirill\Application Data\Software Informer
2008-05-27 16:37 . 2008-06-12 09:17 <DIR> d-a------ C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-20 00:46 --------- d-----w C:\Documents and Settings\Kirill\Application Data\Skype
2008-06-20 00:43 --------- d-----w C:\Documents and Settings\Kirill\Application Data\DNA
2008-06-19 05:00 --------- d-----w C:\Documents and Settings\Kirill\Application Data\SUPERAntiSpyware.com
2008-06-18 15:52 --------- d-----w C:\Documents and Settings\Kirill\Application Data\BitTorrent
2008-06-16 22:59 --------- d-----w C:\Program Files\DIFX
2008-06-16 20:02 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-13 16:54 --------- d-----w C:\Documents and Settings\Kirill\Application Data\dvdcss
2008-06-13 13:42 --------- d-----w C:\Program Files\Microsoft ActiveSync
2008-06-11 23:59 --------- d-----w C:\Program Files\Sword of The New World
2008-06-10 22:55 --------- d-----w C:\Program Files\Common Files\Real
2008-06-10 14:13 --------- d-----w C:\Documents and Settings\Kirill\Application Data\Autodesk
2008-06-10 14:06 --------- d-----w C:\Program Files\Common Files\Autodesk Shared
2008-06-10 14:02 --------- d-----w C:\Program Files\Autodesk
2008-05-19 23:07 --------- d-----w C:\Documents and Settings\Kirill\Application Data\skypePM
2008-05-16 04:14 --------- d-----w C:\Program Files\DivX
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-07 15:56 --------- d-----w C:\Program Files\Codemasters
2008-05-05 09:49 --------- d-----w C:\Program Files\Netropa
2008-05-02 16:23 --------- d-----w C:\Program Files\DNA
2008-05-02 16:23 --------- d-----w C:\Program Files\BitTorrent
2008-05-02 07:21 --------- d-----w C:\Program Files\Common Files\INCA Shared
2008-04-24 16:05 --------- d-----w C:\Program Files\Sierra
2008-04-14 00:15 218,134 ----a-w C:\WINDOWS\AppPatch\SET540.tmp
2008-04-14 00:15 204,396 ----a-w C:\WINDOWS\AppPatch\SET53F.tmp
2008-04-14 00:15 1,202,774 ----a-w C:\WINDOWS\AppPatch\SET53E.tmp
2008-04-14 00:12 1,033,728 ----a-w C:\WINDOWS\SET474.tmp
2008-04-14 00:11 451,072 ----a-w C:\WINDOWS\AppPatch\SET544.tmp
2008-04-14 00:11 39,424 ------w C:\WINDOWS\AppPatch\SET128A.tmp
2008-04-14 00:11 245,248 ----a-w C:\WINDOWS\AppPatch\SET542.tmp
2008-04-14 00:11 141,312 ----a-w C:\WINDOWS\AppPatch\SET543.tmp
2008-04-14 00:11 116,224 ----a-w C:\WINDOWS\AppPatch\SET541.tmp
2008-04-14 00:11 1,852,928 ----a-w C:\WINDOWS\AppPatch\SET545.tmp
2008-03-10 09:23 32 ----a-w C:\Documents and Settings\All Users.WINDOWS\Application Data\ezsid.dat
2007-09-18 23:31 4,300,800 ----a-w C:\Program Files\mplayerc.exe
2008-03-09 22:48 8 --sha-r C:\WINDOWS\system32\8B6FE28B0E.sys
2008-03-09 22:48 952 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{71D0CDBD-253A-4796-8C69-A09B5625D300}]
C:\WINDOWS\system32\nnnnNDWp.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b2cd4187-36b2-4b98-ad1b-80b6e1292dbe}]
C:\WINDOWS\system32\heavsbsq.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B61C9796-71D8-474D-89A4-F5AD6A958B28}]
C:\WINDOWS\system32\yayXPFUk.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D6CF2CB5-1857-4924-901E-28239AB2EBCC}]
C:\WINDOWS\system32\rqrqpqPH.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-02-28 08:00 15360]
"RocketDock"="C:\Program Files\RocketDock\RocketDock.exe" [2007-09-02 14:58 495616]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-02-01 21:22 21898024]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2008-03-13 11:12 5724184]
"LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2005-06-08 14:44 196608]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 13:39 1289000]
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2008-05-02 12:23 289088]
"fsm"="" []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Broadcom Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY.exe" [2007-03-16 19:10 1392640]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-02-21 12:19 819200]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-02-21 12:17 970752]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-03-23 00:32 7561216]
"nwiz"="nwiz.exe" [2006-03-23 00:32 1519616 C:\WINDOWS\system32\nwiz.exe]
"NVHotkey"="nvHotkey.dll" [2006-03-23 00:32 73728 C:\WINDOWS\system32\nvhotkey.dll]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 19:30 249856]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 19:30 81920]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-03-07 18:08 185896]
"NvMediaCenter"="NvMCTray.dll" [2006-03-23 00:32 86016 C:\WINDOWS\system32\nvmctray.dll]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-07-19 17:32 221184]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2005-06-08 15:24 458752]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2005-06-08 15:14 217088]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"DellTouch"="C:\WINDOWS\MMKeybd.exe" [2002-01-16 23:49 163840]
"SpeedBitVideoAccelerator"="C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe" [ ]
"ShStatEXE"="C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.exe" [2007-02-22 20:50 112216]
"McAfeeUpdaterUI"="C:\Program Files\McAfee\Common Framework\UdaterUI.exe" [2006-12-19 11:27 136768]

C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\
TabUserW.exe.lnk - C:\WINDOWS\system32\WTablet\TabUserW.exe [2008-03-08 12:34:20 114688]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\rqRIxyyX]
rqRIxyyX.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Auth orizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\GALA-NET\\Rappelz_USA\\Launcher.exe"=
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"C:\\Program Files\\Common Files\\Autodesk Shared\\DirectConnect2.0\\java\\jre1.5.0_08\\bin\\javaw.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\DNA\\btdna.exe"=
"C:\\Program Files\\BitTorrent\\bittorrent.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"=
"C:\\Program Files\\Autodesk\\Showcase2009\\bin\\Showcase.exe"=
"C:\\Program Files\\Common Files\\Autodesk Shared\\DirectConnect2009\\java\\jre1.6.0_03\\bin\\javaw.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Glob allyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R2 Nhksrv;Netropa NHK Server;C:\WINDOWS\Nhksrv.exe [2002-01-16 23:49]
R3 Msikbd2k;DellTouch;C:\WINDOWS\system32\DRIVERS\msikbd2k.sys [2002-01-16 23:49]
S3 ATIXPGAA;ATIXPGAA;C:\Dell\Drivers\R101351\ATIXPGAA.SYS [2004-02-20 13:31]
S3 XDva090;XDva090;C:\WINDOWS\system32\XDva090.sys []
S3 XDva134;XDva134;C:\WINDOWS\system32\XDva134.sys []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountp oints2\F]
\Shell\AutoRun\command - F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountp oints2\{73a94b35-037f-11dd-b970-00123fd10501}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a

.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-19 20:46:20
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe
C:\WINDOWS\system32\WLTRYSVC.EXE
C:\WINDOWS\system32\BCMWLTRY.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Netropa\OSD.exe
C:\Program Files\McAfee\Common Framework\Mctray.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
.
**************************************************************************
.
Completion time: 2008-06-19 20:50:00 - machine was rebooted [Kirill]
ComboFix-quarantined-files.txt 2008-06-20 00:49:41

Pre-Run: 18,927,702,016 bytes free
Post-Run: 22,645,313,536 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /noexecute=optin
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

237 --- E O F --- 2008-06-13 07:04:42

**cybertech** · 20-Jun-2008, 10:04 AM #6

Open Notepad and copy and paste the text in the quote box below into it:

Quote:

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{71D0CDBD-253A-4796-8C69-A09B5625D300}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b2cd4187-36b2-4b98-ad1b-80b6e1292dbe}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B61C9796-71D8-474D-89A4-F5AD6A958B28}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D6CF2CB5-1857-4924-901E-28239AB2EBCC}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"fsm"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\rqRIxyyX]

Save the file to you desktop and name it CFScript.txt

Then drag the CFScript.txt into the ComboFix.exe as shown in the screenshot below.

This will start ComboFix again. It may ask to reboot. Post the contents of Combofix.txt in your next reply.

Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 only

Double-click ATF-Cleaner.exe to run the program.
Under Select Files to Delete choose: Select All
Click the Empty Selected button.

Click Exit on the Main menu to close the program.

Download (save and select your desktop to save it to) SUPERAntiSpyware Free for Home Users

Double-click SUPERAntiSpyware.exe and use the default settings for installation.
An icon will be created on your desktop. Double-click that icon to launch the program.
If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
Under "Configuration and Preferences", click the Preferences button.
Click the Scanning Control tab.
Under Scanner Options make sure the following are checked (leave all others unchecked):
- Close browsers before scanning.
- Scan for tracking cookies.
- Terminate memory threats before quarantining.
Click the "Close" button to leave the control center screen.
Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
On the left, make sure you check C:\Fixed Drive and all other fixed drives..
On the right, under "Complete Scan", choose Perform Complete Scan.
Click "Next" to start the scan. Please be patient while it scans your computer.
After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
Make sure everything has a checkmark next to it and click "Next".
A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
If asked if you want to reboot, click "Yes".
To retrieve the removal information after reboot, launch SUPERAntispyware again.
- Click Preferences, then click the Statistics/Logs tab.
- Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
- If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
- Please copy and paste the Scan Log results in your next reply with a new hijackthis log.
Click Close to exit the program.

Please perform a scan with Kaspersky Webscan Online Virus Scanner

Read the Requirements and Privacy statement, then select "Accept".
A new window will appear promting you to install an ActiveX component from Kaspersky - "Do you want to install this software?".
Click "Yes" or select "Install" to download the ActiveX controls that allows ActiveScan to run.
When the download is complete it will say ready, click "Next".
Click "Scan Settings" and check the option to use the Extended Database if available otherwise Standard).
Click "Scan Options" and select both "Scan Archives" and "Scan Mail Bases".
Click "OK".
Under "Select a target to scan", click on "My Computer".
When the scan is complete choose to save the results as "Save as Text" named kaspersky.txt to your desktop and post them in your next reply.

Kaspersky does not remove anything but will provide a log of anything it finds. On August 8th, 2006 Kaspersky updated the software used for Free Online Virus Scanner. In order to continue using the online scanner you will need to uninstall the old version (if previously used) from your Add/Remove Programs list and then install the latest version. To do this, follow the steps here and reboot afterwards if your system does not reboot automatically or it will show 'Kaspersky Online Scanner license key was not found!

Kiri P · 20-Jun-2008, 06:31 PM #7

Hijackthis log

ComboFix 08-06-19.4 - Kirill 2008-06-20 13:59:49.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1446 [GMT -4:00]
Running from: C:\Documents and Settings\Kirill\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Kirill\Desktop\CFScript.txt
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\_004772_.tmp.dll
C:\WINDOWS\system32\_004773_.tmp.dll
C:\WINDOWS\system32\_004774_.tmp.dll
C:\WINDOWS\system32\_004775_.tmp.dll
C:\WINDOWS\system32\_004782_.tmp.dll
C:\WINDOWS\system32\_004783_.tmp.dll
C:\WINDOWS\system32\_004784_.tmp.dll
C:\WINDOWS\system32\_004785_.tmp.dll
C:\WINDOWS\system32\_004787_.tmp.dll
C:\WINDOWS\system32\_004788_.tmp.dll
C:\WINDOWS\system32\_004791_.tmp.dll
C:\WINDOWS\system32\_004792_.tmp.dll
C:\WINDOWS\system32\_004794_.tmp.dll
C:\WINDOWS\system32\_004795_.tmp.dll
C:\WINDOWS\system32\_004796_.tmp.dll
C:\WINDOWS\system32\_004798_.tmp.dll
C:\WINDOWS\system32\_004801_.tmp.dll
C:\WINDOWS\system32\_004802_.tmp.dll
C:\WINDOWS\system32\_004806_.tmp.dll
C:\WINDOWS\system32\_004807_.tmp.dll
C:\WINDOWS\system32\_004809_.tmp.dll
C:\WINDOWS\system32\_004812_.tmp.dll
C:\WINDOWS\system32\_004815_.tmp.dll
C:\WINDOWS\system32\_004816_.tmp.dll
C:\WINDOWS\system32\_004817_.tmp.dll
C:\WINDOWS\system32\_004818_.tmp.dll
C:\WINDOWS\system32\_004819_.tmp.dll
C:\WINDOWS\system32\_004822_.tmp.dll
C:\WINDOWS\system32\_004823_.tmp.dll
C:\WINDOWS\system32\_004824_.tmp.dll
C:\WINDOWS\system32\_004825_.tmp.dll
C:\WINDOWS\system32\_004826_.tmp.dll
C:\WINDOWS\system32\_004831_.tmp.dll
C:\WINDOWS\system32\_004833_.tmp.dll
C:\WINDOWS\system32\_004834_.tmp.dll
C:\WINDOWS\system32\CMMGR32.EXE

.
((((((((((((((((((((((((( Files Created from 2008-05-20 to 2008-06-20 )))))))))))))))))))))))))))))))
.

2008-06-20 04:58 . 2008-06-20 05:01 <DIR> d-------- C:\Program Files\DriftCity
2008-06-20 04:27 . 2008-06-20 04:27 <DIR> d--h----- C:\Documents and Settings\Kirill\Application Data\ijjigame
2008-06-20 04:17 . 2008-06-20 04:17 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\IJJIGame
2008-06-19 00:57 . 2008-06-19 01:00 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-06-18 21:57 . 2008-06-18 21:57 <DIR> d-------- C:\Program Files\Trend Micro
2008-06-18 14:28 . 2008-06-18 21:46 1,905 --a------ C:\WINDOWS\diagwrn.xml
2008-06-18 14:28 . 2008-06-18 21:46 1,905 --a------ C:\WINDOWS\diagerr.xml
2008-06-16 18:09 . 2008-06-16 18:10 3,151 --a------ C:\WINDOWS\system32\spupdsvc.inf
2008-06-16 18:00 . 2008-06-16 18:00 <DIR> d-------- C:\WINDOWS\system32\scripting
2008-06-16 17:59 . 2008-06-16 17:59 <DIR> d-------- C:\WINDOWS\system32\en
2008-06-16 17:59 . 2008-06-16 18:02 <DIR> d-------- C:\WINDOWS\system32\bits
2008-06-16 17:59 . 2008-06-16 17:59 <DIR> d-------- C:\WINDOWS\l2schemas
2008-06-16 17:46 . 2007-10-25 23:36 8,454,656 --a------ C:\WINDOWS\system32\dllcache\shell32.dll
2008-06-16 17:39 . 2008-04-13 20:12 507,904 --a------ C:\WINDOWS\system32\SET196.tmp
2008-06-16 17:38 . 2008-04-13 20:12 8,461,312 --a------ C:\WINDOWS\system32\SET210.tmp
2008-06-16 17:37 . 2008-04-13 20:11 2,113,536 --a------ C:\WINDOWS\system32\SET1255.tmp
2008-06-16 17:22 . 2008-06-16 18:00 <DIR> d-------- C:\WINDOWS\system32\CatRoot_bak
2008-06-16 16:36 . 2008-06-16 16:36 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Avg7
2008-06-12 09:18 . 2008-06-12 09:18 2,560 --a------ C:\WINDOWS\_MSRSTRT.EXE
2008-06-11 10:59 . 2008-06-11 10:59 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Office Genuine Advantage
2008-06-10 08:47 . 2008-06-10 10:13 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Autodesk
2008-06-09 14:54 . 2008-06-09 14:54 <DIR> d-------- C:\Documents and Settings\Kirill\Application Data\Malwarebytes
2008-06-09 14:53 . 2008-06-09 14:53 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes
2008-06-09 14:48 . 2008-06-16 19:06 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Lavasoft
2008-06-09 11:38 . 2007-02-22 20:50 170,408 --a------ C:\WINDOWS\system32\drivers\mfehidk.sys
2008-06-09 11:38 . 2006-11-30 08:50 72,264 --a------ C:\WINDOWS\system32\drivers\mfeavfk.sys
2008-06-09 11:38 . 2006-11-30 08:50 64,360 --a------ C:\WINDOWS\system32\drivers\mfeapfk.sys
2008-06-09 11:38 . 2006-11-30 08:50 52,136 --a------ C:\WINDOWS\system32\drivers\mfetdik.sys
2008-06-09 11:38 . 2006-11-30 08:50 34,152 --a------ C:\WINDOWS\system32\drivers\mfebopk.sys
2008-06-09 11:38 . 2006-12-19 15:06 280 --a------ C:\WINDOWS\system32\epoPGPsdk.dll.sig
2008-06-08 23:04 . 2008-06-20 05:05 <DIR> d-------- C:\QUARANTINE
2008-06-08 21:42 . 2008-06-08 21:42 <DIR> d-------- C:\Program Files\Common Files\Cisco Systems
2008-06-08 21:42 . 2008-06-09 11:38 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\McAfee
2008-06-08 21:42 . 2006-12-19 15:06 1,495,552 --a------ C:\WINDOWS\system32\epoPGPsdk.dll
2008-06-08 21:39 . 2008-06-09 11:38 <DIR> d-------- C:\Program Files\McAfee
2008-06-08 21:39 . 2008-06-08 21:39 <DIR> d-------- C:\Program Files\Common Files\McAfee
2008-06-08 21:10 . 2008-06-19 01:00 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-08 10:04 . 2008-06-08 10:04 <DIR> d-------- C:\Program Files\Microsoft.NET
2008-06-06 14:15 . 2008-06-06 14:15 <DIR> d-------- C:\Program Files\AmbiCom
2008-06-06 03:32 . 2008-06-08 11:13 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help
2008-06-05 23:53 . 2008-06-19 01:00 <DIR> d-------- C:\Gamigo Games
2008-06-05 23:14 . 2008-06-05 23:14 124,688 --a------ C:\WINDOWS\system32\MSWINSCK.OCX
2008-05-27 23:11 . 2002-08-20 01:41 413,760 --a------ C:\WINDOWS\system32\MPG4c32.dll
2008-05-27 16:41 . 2008-05-27 21:26 <DIR> d-------- C:\Program Files\SpeedBit Video Accelerator
2008-05-27 16:38 . 2008-05-27 16:39 <DIR> d-------- C:\Documents and Settings\Kirill\Application Data\Software Informer
2008-05-27 16:37 . 2008-06-12 09:17 <DIR> d-a------ C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-20 17:59 --------- d-----w C:\Documents and Settings\Kirill\Application Data\Skype
2008-06-20 17:54 --------- d-----w C:\Documents and Settings\Kirill\Application Data\DNA
2008-06-20 08:51 --------- d-----w C:\Documents and Settings\Kirill\Application Data\BitTorrent
2008-06-19 05:00 --------- d-----w C:\Documents and Settings\Kirill\Application Data\SUPERAntiSpyware.com
2008-06-16 22:59 --------- d-----w C:\Program Files\DIFX
2008-06-16 20:02 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-13 16:54 --------- d-----w C:\Documents and Settings\Kirill\Application Data\dvdcss
2008-06-13 13:42 --------- d-----w C:\Program Files\Microsoft ActiveSync
2008-06-11 23:59 --------- d-----w C:\Program Files\Sword of The New World
2008-06-10 22:55 --------- d-----w C:\Program Files\Common Files\Real
2008-06-10 14:13 --------- d-----w C:\Documents and Settings\Kirill\Application Data\Autodesk
2008-06-10 14:06 --------- d-----w C:\Program Files\Common Files\Autodesk Shared
2008-06-10 14:02 --------- d-----w C:\Program Files\Autodesk
2008-05-19 23:07 --------- d-----w C:\Documents and Settings\Kirill\Application Data\skypePM
2008-05-16 04:14 --------- d-----w C:\Program Files\DivX
2008-05-13 01:51 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2008-05-13 01:51 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\dllcache\rmcast.sys
2008-05-07 15:56 --------- d-----w C:\Program Files\Codemasters
2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\system32\dllcache\quartz.dll
2008-05-05 09:49 --------- d-----w C:\Program Files\Netropa
2008-05-02 16:23 --------- d-----w C:\Program Files\DNA
2008-05-02 16:23 --------- d-----w C:\Program Files\BitTorrent
2008-05-02 07:21 --------- d-----w C:\Program Files\Common Files\INCA Shared
2008-04-24 16:30 98,304 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-04-24 16:05 --------- d-----w C:\Program Files\Sierra
2008-04-23 04:16 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-04-14 11:01 272,128 ----a-w C:\WINDOWS\system32\dllcache\bthport.sys
2008-04-14 00:15 218,134 ----a-w C:\WINDOWS\AppPatch\SET540.tmp
2008-04-14 00:15 204,396 ----a-w C:\WINDOWS\AppPatch\SET53F.tmp
2008-04-14 00:15 1,202,774 ----a-w C:\WINDOWS\AppPatch\SET53E.tmp
2008-04-14 00:11 997,376 ----a-w C:\WINDOWS\system32\SET2EE.tmp
2008-04-14 00:10 53,279 ----a-w C:\WINDOWS\system32\SET288.tmp
2008-04-14 00:10 177,152 ----a-w C:\WINDOWS\system32\SET121D.tmp
2008-04-14 00:09 3,584 ----a-w C:\WINDOWS\system32\SET36F.tmp
2008-04-14 00:09 290,816 ----a-w C:\WINDOWS\system32\SET336.tmp
2008-04-14 00:09 285,696 ----a-w C:\WINDOWS\system32\SET43D.tmp
2008-04-14 00:09 16,896 ----a-w C:\WINDOWS\system32\SET421.tmp
2008-04-13 17:37 208,384 ----a-w C:\WINDOWS\system32\SET238.tmp
2008-04-13 17:37 138,752 ----a-w C:\WINDOWS\system32\SET3A3.tmp
2008-04-13 17:26 94,208 ----a-w C:\WINDOWS\system32\SET289.tmp
2008-04-13 17:26 90,112 ----a-w C:\WINDOWS\system32\SET1F3.tmp
2008-04-13 17:26 12,288 ----a-w C:\WINDOWS\system32\SET2FC.tmp
2008-04-13 17:26 12,288 ----a-w C:\WINDOWS\system32\SET286.tmp
2008-04-13 17:24 20,480 ----a-w C:\WINDOWS\system32\SET2DC.tmp
2008-04-13 17:03 63,488 ----a-w C:\WINDOWS\system32\SET431.tmp
2008-04-13 16:23 48,128 ----a-w C:\WINDOWS\system32\SET2D8.tmp
2008-04-13 16:22 48,128 ----a-w C:\WINDOWS\system32\SET35E.tmp
2008-04-13 15:42 16,896 ----a-w C:\WINDOWS\system32\SET1E2.tmp
2008-04-13 15:39 884,736 ----a-w C:\WINDOWS\system32\SET2E4.tmp
2008-03-27 08:12 151,583 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-27 08:12 151,583 ----a-w C:\WINDOWS\system32\dllcache\msjint40.dll
2008-03-10 09:23 32 ----a-w C:\Documents and Settings\All Users.WINDOWS\Application Data\ezsid.dat
2007-09-18 23:31 4,300,800 ----a-w C:\Program Files\mplayerc.exe
2008-03-09 22:48 8 --sha-r C:\WINDOWS\system32\8B6FE28B0E.sys
2008-03-09 22:48 952 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((( snapshot@2008-06-19_20.49.25.48 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-20 00:44:57 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-20 08:52:43 2,048 --s-a-w C:\WINDOWS\bootstat.dat
- 2008-06-20 00:45:28 26,921 ----a-w C:\WINDOWS\system32\tablet.dat
+ 2008-06-20 08:53:30 26,921 ----a-w C:\WINDOWS\system32\tablet.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-02-28 08:00 15360]
"RocketDock"="C:\Program Files\RocketDock\RocketDock.exe" [2007-09-02 14:58 495616]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-02-01 21:22 21898024]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2008-03-13 11:12 5724184]
"LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2005-06-08 14:44 196608]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 13:39 1289000]
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2008-05-02 12:23 289088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Broadcom Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY.exe" [2007-03-16 19:10 1392640]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-02-21 12:19 819200]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-02-21 12:17 970752]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-03-23 00:32 7561216]
"nwiz"="nwiz.exe" [2006-03-23 00:32 1519616 C:\WINDOWS\system32\nwiz.exe]
"NVHotkey"="nvHotkey.dll" [2006-03-23 00:32 73728 C:\WINDOWS\system32\nvhotkey.dll]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 19:30 249856]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 19:30 81920]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-03-07 18:08 185896]
"NvMediaCenter"="NvMCTray.dll" [2006-03-23 00:32 86016 C:\WINDOWS\system32\nvmctray.dll]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-07-19 17:32 221184]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2005-06-08 15:24 458752]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2005-06-08 15:14 217088]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"DellTouch"="C:\WINDOWS\MMKeybd.exe" [2002-01-16 23:49 163840]
"SpeedBitVideoAccelerator"="C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe" [ ]
"ShStatEXE"="C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2007-02-22 20:50 112216]
"McAfeeUpdaterUI"="C:\Program Files\McAfee\Common Framework\UdaterUI.exe" [2006-12-19 11:27 136768]

C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\
TabUserW.exe.lnk - C:\WINDOWS\system32\WTablet\TabUserW.exe [2008-03-08 12:34:20 114688]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Auth orizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\GALA-NET\\Rappelz_USA\\Launcher.exe"=
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"C:\\Program Files\\Common Files\\Autodesk Shared\\DirectConnect2.0\\java\\jre1.5.0_08\\bin\\javaw.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\DNA\\btdna.exe"=
"C:\\Program Files\\BitTorrent\\bittorrent.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"=
"C:\\Program Files\\Autodesk\\Showcase2009\\bin\\Showcase.exe"=
"C:\\Program Files\\Common Files\\Autodesk Shared\\DirectConnect2009\\java\\jre1.6.0_03\\bin\\javaw.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Glob allyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R2 Nhksrv;Netropa NHK Server;C:\WINDOWS\Nhksrv.exe [2002-01-16 23:49]
R3 Msikbd2k;DellTouch;C:\WINDOWS\system32\DRIVERS\msikbd2k.sys [2002-01-16 23:49]
S3 ATIXPGAA;ATIXPGAA;C:\Dell\Drivers\R101351\ATIXPGAA.SYS [2004-02-20 13:31]
S3 XDva090;XDva090;C:\WINDOWS\system32\XDva090.sys []
S3 XDva134;XDva134;C:\WINDOWS\system32\XDva134.sys []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountp oints2\F]
\Shell\AutoRun\command - F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountp oints2\{73a94b35-037f-11dd-b970-00123fd10501}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a

*Newly Created Service* - CATCHME
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-20 14:01:45
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-06-20 14:03:06
ComboFix-quarantined-files.txt 2008-06-20 18:02:53
ComboFix2.txt 2008-06-20 00:50:01

Pre-Run: 20,782,108,672 bytes free
Post-Run: 20,752,842,752 bytes free

245 --- E O F --- 2008-06-13 07:04:42

Kiri P · 20-Jun-2008, 06:32 PM #8

Super anty spyware log

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 06/20/2008 at 03:26 PM

Application Version : 4.15.1000

Core Rules Database Version : 3469
Trace Rules Database Version: 1460

Scan type : Complete Scan
Total Scan Time : 01:15:36

Memory items scanned : 440
Memory threats detected : 0
Registry items scanned : 5178
Registry threats detected : 0
File items scanned : 76471
File threats detected : 0

Adware.Tracking Cookie
.doubleclick.net [ C:\Documents and Settings\Kirill\Application Data\Mozilla\Firefox\Profiles\bt64k404.default\cookies.txt ]
.atdmt.com [ C:\Documents and Settings\Kirill\Application Data\Mozilla\Firefox\Profiles\bt64k404.default\cookies.txt ]
.advertising.com [ C:\Documents and Settings\Kirill\Application Data\Mozilla\Firefox\Profiles\bt64k404.default\cookies.txt ]
.advertising.com [ C:\Documents and Settings\Kirill\Application Data\Mozilla\Firefox\Profiles\bt64k404.default\cookies.txt ]
.advertising.com [ C:\Documents and Settings\Kirill\Application Data\Mozilla\Firefox\Profiles\bt64k404.default\cookies.txt ]
.advertising.com [ C:\Documents and Settings\Kirill\Application Data\Mozilla\Firefox\Profiles\bt64k404.default\cookies.txt ]
.advertising.com [ C:\Documents and Settings\Kirill\Application Data\Mozilla\Firefox\Profiles\bt64k404.default\cookies.txt ]
.mediaplex.com [ C:\Documents and Settings\Kirill\Application Data\Mozilla\Firefox\Profiles\bt64k404.default\cookies.txt ]
ads2.sdcentral.net [ C:\Documents and Settings\Kirill\Application Data\Mozilla\Firefox\Profiles\bt64k404.default\cookies.txt ]
.overture.com [ C:\Documents and Settings\Kirill\Application Data\Mozilla\Firefox\Profiles\bt64k404.default\cookies.txt ]
ad.yieldmanager.com [ C:\Documents and Settings\Kirill\Application Data\Mozilla\Firefox\Profiles\bt64k404.default\cookies.txt ]
ad.yieldmanager.com [ C:\Documents and Settings\Kirill\Application Data\Mozilla\Firefox\Profiles\bt64k404.default\cookies.txt ]
ad.yieldmanager.com [ C:\Documents and Settings\Kirill\Application Data\Mozilla\Firefox\Profiles\bt64k404.default\cookies.txt ]
ad.yieldmanager.com [ C:\Documents and Settings\Kirill\Application Data\Mozilla\Firefox\Profiles\bt64k404.default\cookies.txt ]
ad.yieldmanager.com [ C:\Documents and Settings\Kirill\Application Data\Mozilla\Firefox\Profiles\bt64k404.default\cookies.txt ]
ad.yieldmanager.com [ C:\Documents and Settings\Kirill\Application Data\Mozilla\Firefox\Profiles\bt64k404.default\cookies.txt ]
ad.yieldmanager.com [ C:\Documents and Settings\Kirill\Application Data\Mozilla\Firefox\Profiles\bt64k404.default\cookies.txt ]
ad.yieldmanager.com [ C:\Documents and Settings\Kirill\Application Data\Mozilla\Firefox\Profiles\bt64k404.default\cookies.txt ]
.ad.yieldmanager.com [ C:\Documents and Settings\Kirill\Application Data\Mozilla\Firefox\Profiles\bt64k404.default\cookies.txt ]
.ad.yieldmanager.com [ C:\Documents and Settings\Kirill\Application Data\Mozilla\Firefox\Profiles\bt64k404.default\cookies.txt ]
.collective-media.net [ C:\Documents and Settings\Kirill\Application Data\Mozilla\Firefox\Profiles\bt64k404.default\cookies.txt ]
.collective-media.net [ C:\Documents and Settings\Kirill\Application Data\Mozilla\Firefox\Profiles\bt64k404.default\cookies.txt ]
.collective-media.net [ C:\Documents and Settings\Kirill\Application Data\Mozilla\Firefox\Profiles\bt64k404.default\cookies.txt ]
.cgm.adbureau.net [ C:\Documents and Settings\Kirill\Application Data\Mozilla\Firefox\Profiles\bt64k404.default\cookies.txt ]
.cgm.adbureau.net [ C:\Documents and Settings\Kirill\Application Data\Mozilla\Firefox\Profiles\bt64k404.default\cookies.txt ]
.cgm.adbureau.net [ C:\Documents and Settings\Kirill\Application Data\Mozilla\Firefox\Profiles\bt64k404.default\cookies.txt ]
.collective-media.net [ C:\Documents and Settings\Kirill\Application Data\Mozilla\Firefox\Profiles\bt64k404.default\cookies.txt ]
.cgm.adbureau.net [ C:\Documents and Settings\Kirill\Application Data\Mozilla\Firefox\Profiles\bt64k404.default\cookies.txt ]
.tribalfusion.com [ C:\Documents and Settings\Kirill\Application Data\Mozilla\Firefox\Profiles\bt64k404.default\cookies.txt ]
.tribalfusion.com [ C:\Documents and Settings\Kirill\Application Data\Mozilla\Firefox\Profiles\bt64k404.default\cookies.txt ]
.tribalfusion.com [ C:\Documents and Settings\Kirill\Application Data\Mozilla\Firefox\Profiles\bt64k404.default\cookies.txt ]
.tribalfusion.com [ C:\Documents and Settings\Kirill\Application Data\Mozilla\Firefox\Profiles\bt64k404.default\cookies.txt ]
.questionmarket.com [ C:\Documents and Settings\Kirill\Application Data\Mozilla\Firefox\Profiles\bt64k404.default\cookies.txt ]
.questionmarket.com [ C:\Documents and Settings\Kirill\Application Data\Mozilla\Firefox\Profiles\bt64k404.default\cookies.txt ]
.adlegend.com [ C:\Documents and Settings\Kirill\Application Data\Mozilla\Firefox\Profiles\bt64k404.default\cookies.txt ]
.tremor.adbureau.net [ C:\Documents and Settings\Kirill\Application Data\Mozilla\Firefox\Profiles\bt64k404.default\cookies.txt ]
.ads.addynamix.com [ C:\Documents and Settings\Kirill\Application Data\Mozilla\Firefox\Profiles\bt64k404.default\cookies.txt ]
.ads.addynamix.com [ C:\Documents and Settings\Kirill\Application Data\Mozilla\Firefox\Profiles\bt64k404.default\cookies.txt ]
.fastclick.net [ C:\Documents and Settings\Kirill\Application Data\Mozilla\Firefox\Profiles\bt64k404.default\cookies.txt ]
.fastclick.net [ C:\Documents and Settings\Kirill\Application Data\Mozilla\Firefox\Profiles\bt64k404.default\cookies.txt ]
.fastclick.net [ C:\Documents and Settings\Kirill\Application Data\Mozilla\Firefox\Profiles\bt64k404.default\cookies.txt ]
.fastclick.net [ C:\Documents and Settings\Kirill\Application Data\Mozilla\Firefox\Profiles\bt64k404.default\cookies.txt ]
.fastclick.net [ C:\Documents and Settings\Kirill\Application Data\Mozilla\Firefox\Profiles\bt64k404.default\cookies.txt ]
.fastclick.net [ C:\Documents and Settings\Kirill\Application Data\Mozilla\Firefox\Profiles\bt64k404.default\cookies.txt ]
.realmedia.com [ C:\Documents and Settings\Kirill\Application Data\Mozilla\Firefox\Profiles\bt64k404.default\cookies.txt ]
.realmedia.com [ C:\Documents and Settings\Kirill\Application Data\Mozilla\Firefox\Profiles\bt64k404.default\cookies.txt ]
.realmedia.com [ C:\Documents and Settings\Kirill\Application Data\Mozilla\Firefox\Profiles\bt64k404.default\cookies.txt ]
.realmedia.com [ C:\Documents and Settings\Kirill\Application Data\Mozilla\Firefox\Profiles\bt64k404.default\cookies.txt ]
.network.realmedia.com [ C:\Documents and Settings\Kirill\Application Data\Mozilla\Firefox\Profiles\bt64k404.default\cookies.txt ]
.realmedia.com [ C:\Documents and Settings\Kirill\Application Data\Mozilla\Firefox\Profiles\bt64k404.default\cookies.txt ]
.realmedia.com [ C:\Documents and Settings\Kirill\Application Data\Mozilla\Firefox\Profiles\bt64k404.default\cookies.txt ]
.adbrite.com [ C:\Documents and Settings\Kirill\Application Data\Mozilla\Firefox\Profiles\bt64k404.default\cookies.txt ]
ads.adbrite.com [ C:\Documents and Settings\Kirill\Application Data\Mozilla\Firefox\Profiles\bt64k404.default\cookies.txt ]
.adbrite.com [ C:\Documents and Settings\Kirill\Application Data\Mozilla\Firefox\Profiles\bt64k404.default\cookies.txt ]
.adbrite.com [ C:\Documents and Settings\Kirill\Application Data\Mozilla\Firefox\Profiles\bt64k404.default\cookies.txt ]
.adbrite.com [ C:\Documents and Settings\Kirill\Application Data\Mozilla\Firefox\Profiles\bt64k404.default\cookies.txt ]
.zedo.com [ C:\Documents and Settings\Kirill\Application Data\Mozilla\Firefox\Profiles\bt64k404.default\cookies.txt ]
.zedo.com [ C:\Documents and Settings\Kirill\Application Data\Mozilla\Firefox\Profiles\bt64k404.default\cookies.txt ]
.zedo.com [ C:\Documents and Settings\Kirill\Application Data\Mozilla\Firefox\Profiles\bt64k404.default\cookies.txt ]
.zedo.com [ C:\Documents and Settings\Kirill\Application Data\Mozilla\Firefox\Profiles\bt64k404.default\cookies.txt ]
.zedo.com [ C:\Documents and Settings\Kirill\Application Data\Mozilla\Firefox\Profiles\bt64k404.default\cookies.txt ]
.zedo.com [ C:\Documents and Settings\Kirill\Application Data\Mozilla\Firefox\Profiles\bt64k404.default\cookies.txt ]
.zedo.com [ C:\Documents and Settings\Kirill\Application Data\Mozilla\Firefox\Profiles\bt64k404.default\cookies.txt ]
.zedo.com [ C:\Documents and Settings\Kirill\Application Data\Mozilla\Firefox\Profiles\bt64k404.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Kirill\Application Data\Mozilla\Firefox\Profiles\bt64k404.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Kirill\Application Data\Mozilla\Firefox\Profiles\bt64k404.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Kirill\Application Data\Mozilla\Firefox\Profiles\bt64k404.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Kirill\Application Data\Mozilla\Firefox\Profiles\bt64k404.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Kirill\Application Data\Mozilla\Firefox\Profiles\bt64k404.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Kirill\Application Data\Mozilla\Firefox\Profiles\bt64k404.default\cookies.txt ]
.ads.pointroll.com [ C:\Documents and Settings\Kirill\Application Data\Mozilla\Firefox\Profiles\bt64k404.default\cookies.txt ]
.ads.pointroll.com [ C:\Documents and Settings\Kirill\Application Data\Mozilla\Firefox\Profiles\bt64k404.default\cookies.txt ]
.ads.pointroll.com [ C:\Documents and Settings\Kirill\Application Data\Mozilla\Firefox\Profiles\bt64k404.default\cookies.txt ]
.ads.pointroll.com [ C:\Documents and Settings\Kirill\Application Data\Mozilla\Firefox\Profiles\bt64k404.default\cookies.txt ]
.ads.pointroll.com [ C:\Documents and Settings\Kirill\Application Data\Mozilla\Firefox\Profiles\bt64k404.default\cookies.txt ]
.ads.pointroll.com [ C:\Documents and Settings\Kirill\Application Data\Mozilla\Firefox\Profiles\bt64k404.default\cookies.txt ]
.ads.pointroll.com [ C:\Documents and Settings\Kirill\Application Data\Mozilla\Firefox\Profiles\bt64k404.default\cookies.txt ]
www.googleadservices.com [ C:\Documents and Settings\Kirill\Application Data\Mozilla\Firefox\Profiles\bt64k404.default\cookies.txt ]
.interclick.com [ C:\Documents and Settings\Kirill\Application Data\Mozilla\Firefox\Profiles\bt64k404.default\cookies.txt ]
.interclick.com [ C:\Documents and Settings\Kirill\Application Data\Mozilla\Firefox\Profiles\bt64k404.default\cookies.txt ]
.interclick.com [ C:\Documents and Settings\Kirill\Application Data\Mozilla\Firefox\Profiles\bt64k404.default\cookies.txt ]
.interclick.com [ C:\Documents and Settings\Kirill\Application Data\Mozilla\Firefox\Profiles\bt64k404.default\cookies.txt ]
.interclick.com [ C:\Documents and Settings\Kirill\Application Data\Mozilla\Firefox\Profiles\bt64k404.default\cookies.txt ]
.statcounter.com [ C:\Documents and Settings\Kirill\Application Data\Mozilla\Firefox\Profiles\bt64k404.default\cookies.txt ]
.statcounter.com [ C:\Documents and Settings\Kirill\Application Data\Mozilla\Firefox\Profiles\bt64k404.default\cookies.txt ]
.statcounter.com [ C:\Documents and Settings\Kirill\Application Data\Mozilla\Firefox\Profiles\bt64k404.default\cookies.txt ]
.statcounter.com [ C:\Documents and Settings\Kirill\Application Data\Mozilla\Firefox\Profiles\bt64k404.default\cookies.txt ]
.statcounter.com [ C:\Documents and Settings\Kirill\Application Data\Mozilla\Firefox\Profiles\bt64k404.default\cookies.txt ]
.statcounter.com [ C:\Documents and Settings\Kirill\Application Data\Mozilla\Firefox\Profiles\bt64k404.default\cookies.txt ]
.statcounter.com [ C:\Documents and Settings\Kirill\Application Data\Mozilla\Firefox\Profiles\bt64k404.default\cookies.txt ]
.atwola.com [ C:\Documents and Settings\Kirill\Application Data\Mozilla\Firefox\Profiles\bt64k404.default\cookies.txt ]
.tacoda.net [ C:\Documents and Settings\Kirill\Application Data\Mozilla\Firefox\Profiles\bt64k404.default\cookies.txt ]
.tacoda.net [ C:\Documents and Settings\Kirill\Application Data\Mozilla\Firefox\Profiles\bt64k404.default\cookies.txt ]
.tacoda.net [ C:\Documents and Settings\Kirill\Application Data\Mozilla\Firefox\Profiles\bt64k404.default\cookies.txt ]
.tacoda.net [ C:\Documents and Settings\Kirill\Application Data\Mozilla\Firefox\Profiles\bt64k404.default\cookies.txt ]
.tacoda.net [ C:\Documents and Settings\Kirill\Application Data\Mozilla\Firefox\Profiles\bt64k404.default\cookies.txt ]
anad.tacoda.net [ C:\Documents and Settings\Kirill\Application Data\Mozilla\Firefox\Profiles\bt64k404.default\cookies.txt ]
.tacoda.net [ C:\Documents and Settings\Kirill\Application Data\Mozilla\Firefox\Profiles\bt64k404.default\cookies.txt ]
.tacoda.net [ C:\Documents and Settings\Kirill\Application Data\Mozilla\Firefox\Profiles\bt64k404.default\cookies.txt ]
.imrworldwide.com [ C:\Documents and Settings\Kirill\Application Data\Mozilla\Firefox\Profiles\bt64k404.default\cookies.txt ]
.imrworldwide.com [ C:\Documents and Settings\Kirill\Application Data\Mozilla\Firefox\Profiles\bt64k404.default\cookies.txt ]
.adecn.com [ C:\Documents and Settings\Kirill\Application Data\Mozilla\Firefox\Profiles\bt64k404.default\cookies.txt ]
.adecn.com [ C:\Documents and Settings\Kirill\Application Data\Mozilla\Firefox\Profiles\bt64k404.default\cookies.txt ]
adopt.euroclick.com [ C:\Documents and Settings\Kirill\Application Data\Mozilla\Firefox\Profiles\bt64k404.default\cookies.txt ]
.adopt.euroclick.com [ C:\Documents and Settings\Kirill\Application Data\Mozilla\Firefox\Profiles\bt64k404.default\cookies.txt ]
.adopt.euroclick.com [ C:\Documents and Settings\Kirill\Application Data\Mozilla\Firefox\Profiles\bt64k404.default\cookies.txt ]
.adopt.euroclick.com [ C:\Documents and Settings\Kirill\Application Data\Mozilla\Firefox\Profiles\bt64k404.default\cookies.txt ]
.adopt.euroclick.com [ C:\Documents and Settings\Kirill\Application Data\Mozilla\Firefox\Profiles\bt64k404.default\cookies.txt ]
.adopt.euroclick.com [ C:\Documents and Settings\Kirill\Application Data\Mozilla\Firefox\Profiles\bt64k404.default\cookies.txt ]
media.adrevolver.com [ C:\Documents and Settings\Kirill\Application Data\Mozilla\Firefox\Profiles\bt64k404.default\cookies.txt ]
media.adrevolver.com [ C:\Documents and Settings\Kirill\Application Data\Mozilla\Firefox\Profiles\bt64k404.default\cookies.txt ]
.adrevolver.com [ C:\Documents and Settings\Kirill\Application Data\Mozilla\Firefox\Profiles\bt64k404.default\cookies.txt ]
.adrevolver.com [ C:\Documents and Settings\Kirill\Application Data\Mozilla\Firefox\Profiles\bt64k404.default\cookies.txt ]
.adrevolver.com [ C:\Documents and Settings\Kirill\Application Data\Mozilla\Firefox\Profiles\bt64k404.default\cookies.txt ]
.adrevolver.com [ C:\Documents and Settings\Kirill\Application Data\Mozilla\Firefox\Profiles\bt64k404.default\cookies.txt ]
.adrevolver.com [ C:\Documents and Settings\Kirill\Application Data\Mozilla\Firefox\Profiles\bt64k404.default\cookies.txt ]
media.adrevolver.com [ C:\Documents and Settings\Kirill\Application Data\Mozilla\Firefox\Profiles\bt64k404.default\cookies.txt ]
.adrevolver.com [ C:\Documents and Settings\Kirill\Application Data\Mozilla\Firefox\Profiles\bt64k404.default\cookies.txt ]
media.adrevolver.com [ C:\Documents and Settings\Kirill\Application Data\Mozilla\Firefox\Profiles\bt64k404.default\cookies.txt ]
media.adrevolver.com [ C:\Documents and Settings\Kirill\Application Data\Mozilla\Firefox\Profiles\bt64k404.default\cookies.txt ]
media.adrevolver.com [ C:\Documents and Settings\Kirill\Application Data\Mozilla\Firefox\Profiles\bt64k404.default\cookies.txt ]
.dynamic.media.adrevolver.com [ C:\Documents and Settings\Kirill\Application Data\Mozilla\Firefox\Profiles\bt64k404.default\cookies.txt ]
.dynamic.media.adrevolver.com [ C:\Documents and Settings\Kirill\Application Data\Mozilla\Firefox\Profiles\bt64k404.default\cookies.txt ]
.list.ru [ C:\Documents and Settings\Kirill\Application Data\Mozilla\Firefox\Profiles\bt64k404.default\cookies.txt ]
.azjmp.com [ C:\Documents and Settings\Kirill\Application Data\Mozilla\Firefox\Profiles\bt64k404.default\cookies.txt ]
.azjmp.com [ C:\Documents and Settings\Kirill\Application Data\Mozilla\Firefox\Profiles\bt64k404.default\cookies.txt ]
.azjmp.com [ C:\Documents and Settings\Kirill\Application Data\Mozilla\Firefox\Profiles\bt64k404.default\cookies.txt ]
.azjmp.com [ C:\Documents and Settings\Kirill\Application Data\Mozilla\Firefox\Profiles\bt64k404.default\cookies.txt ]
adserver.adreactor.com [ C:\Documents and Settings\Kirill\Application Data\Mozilla\Firefox\Profiles\bt64k404.default\cookies.txt ]
.burstnet.com [ C:\Documents and Settings\Kirill\Application Data\Mozilla\Firefox\Profiles\bt64k404.default\cookies.txt ]
.burstnet.com [ C:\Documents and Settings\Kirill\Application Data\Mozilla\Firefox\Profiles\bt64k404.default\cookies.txt ]
.burstnet.com [ C:\Documents and Settings\Kirill\Application Data\Mozilla\Firefox\Profiles\bt64k404.default\cookies.txt ]
www.burstnet.com [ C:\Documents and Settings\Kirill\Application Data\Mozilla\Firefox\Profiles\bt64k404.default\cookies.txt ]
.casalemedia.com [ C:\Documents and Settings\Kirill\Application Data\Mozilla\Firefox\Profiles\bt64k404.default\cookies.txt ]
.casalemedia.com [ C:\Documents and Settings\Kirill\Application Data\Mozilla\Firefox\Profiles\bt64k404.default\cookies.txt ]
.casalemedia.com [ C:\Documents and Settings\Kirill\Application Data\Mozilla\Firefox\Profiles\bt64k404.default\cookies.txt ]
.casalemedia.com [ C:\Documents and Settings\Kirill\Application Data\Mozilla\Firefox\Profiles\bt64k404.default\cookies.txt ]
.casalemedia.com [ C:\Documents and Settings\Kirill\Application Data\Mozilla\Firefox\Profiles\bt64k404.default\cookies.txt ]
.casalemedia.com [ C:\Documents and Settings\Kirill\Application Data\Mozilla\Firefox\Profiles\bt64k404.default\cookies.txt ]
.casalemedia.com [ C:\Documents and Settings\Kirill\Application Data\Mozilla\Firefox\Profiles\bt64k404.default\cookies.txt ]
statse.webtrendslive.com [ C:\Documents and Settings\Kirill\Application Data\Mozilla\Firefox\Profiles\bt64k404.default\cookies.txt ]
test.coremetrics.com [ C:\Documents and Settings\Kirill\Application Data\Mozilla\Firefox\Profiles\bt64k404.default\cookies.txt ]
.xiti.com [ C:\Documents and Settings\Kirill\Application Data\Mozilla\Firefox\Profiles\bt64k404.default\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\Kirill\Application Data\Mozilla\Firefox\Profiles\bt64k404.default\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\Kirill\Application Data\Mozilla\Firefox\Profiles\bt64k404.default\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\Kirill\Application Data\Mozilla\Firefox\Profiles\bt64k404.default\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\Kirill\Application Data\Mozilla\Firefox\Profiles\bt64k404.default\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\Kirill\Application Data\Mozilla\Firefox\Profiles\bt64k404.default\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\Kirill\Application Data\Mozilla\Firefox\Profiles\bt64k404.default\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\Kirill\Application Data\Mozilla\Firefox\Profiles\bt64k404.default\cookies.txt ]
.adopt.specificclick.net [ C:\Documents and Settings\Kirill\Application Data\Mozilla\Firefox\Profiles\bt64k404.default\cookies.txt ]
ads.revsci.net [ C:\Documents and Settings\Kirill\Application Data\Mozilla\Firefox\Profiles\bt64k404.default\cookies.txt ]
.revsci.net [ C:\Documents and Settings\Kirill\Application Data\Mozilla\Firefox\Profiles\bt64k404.default\cookies.txt ]
.revsci.net [ C:\Documents and Settings\Kirill\Application Data\Mozilla\Firefox\Profiles\bt64k404.default\cookies.txt ]
.revsci.net [ C:\Documents and Settings\Kirill\Application Data\Mozilla\Firefox\Profiles\bt64k404.default\cookies.txt ]
.revsci.net [ C:\Documents and Settings\Kirill\Application Data\Mozilla\Firefox\Profiles\bt64k404.default\cookies.txt ]
.adopt.specificclick.net [ C:\Documents and Settings\Kirill\Application Data\Mozilla\Firefox\Profiles\bt64k404.default\cookies.txt ]
.microsoftwlsearchcrm.112.2o7.net [ C:\Documents and Settings\Kirill\Application Data\Mozilla\Firefox\Profiles\bt64k404.default\cookies.txt ]
server.cpmstar.com [ C:\Documents and Settings\Kirill\Application

Kiri P · 20-Jun-2008, 06:33 PM #9

Data\Mozilla\Firefox\Profiles\bt64k404.default\cookies.txt ]
server.cpmstar.com [ C:\Documents and Settings\Kirill\Application Data\Mozilla\Firefox\Profiles\bt64k404.default\cookies.txt ]
server.cpmstar.com [ C:\Documents and Settings\Kirill\Application Data\Mozilla\Firefox\Profiles\bt64k404.default\cookies.txt ]
server.cpmstar.com [ C:\Documents and Settings\Kirill\Application Data\Mozilla\Firefox\Profiles\bt64k404.default\cookies.txt ]
server.cpmstar.com [ C:\Documents and Settings\Kirill\Application Data\Mozilla\Firefox\Profiles\bt64k404.default\cookies.txt ]
server.cpmstar.com [ C:\Documents and Settings\Kirill\Application Data\Mozilla\Firefox\Profiles\bt64k404.default\cookies.txt ]
server.cpmstar.com [ C:\Documents and Settings\Kirill\Application Data\Mozilla\Firefox\Profiles\bt64k404.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Kirill\Application Data\Mozilla\Firefox\Profiles\bt64k404.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Kirill\Application Data\Mozilla\Firefox\Profiles\bt64k404.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Kirill\Application Data\Mozilla\Firefox\Profiles\bt64k404.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Kirill\Application Data\Mozilla\Firefox\Profiles\bt64k404.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Kirill\Application Data\Mozilla\Firefox\Profiles\bt64k404.default\cookies.txt ]
.rambler.ru [ C:\Documents and Settings\Kirill\Application Data\Mozilla\Firefox\Profiles\bt64k404.default\cookies.txt ]
.yadro.ru [ C:\Documents and Settings\Kirill\Application Data\Mozilla\Firefox\Profiles\bt64k404.default\cookies.txt ]
.tns-counter.ru [ C:\Documents and Settings\Kirill\Application Data\Mozilla\Firefox\Profiles\bt64k404.default\cookies.txt ]
.adultfriendfinder.com [ C:\Documents and Settings\Kirill\Application Data\Mozilla\Firefox\Profiles\bt64k404.default\cookies.txt ]
.adultfriendfinder.com [ C:\Documents and Settings\Kirill\Application Data\Mozilla\Firefox\Profiles\bt64k404.default\cookies.txt ]
.adultfriendfinder.com [ C:\Documents and Settings\Kirill\Application Data\Mozilla\Firefox\Profiles\bt64k404.default\cookies.txt ]
.adultfriendfinder.com [ C:\Documents and Settings\Kirill\Application Data\Mozilla\Firefox\Profiles\bt64k404.default\cookies.txt ]
anat.tacoda.net [ C:\Documents and Settings\Kirill\Application Data\Mozilla\Firefox\Profiles\bt64k404.default\cookies.txt ]
.kontera.com [ C:\Documents and Settings\Kirill\Application Data\Mozilla\Firefox\Profiles\bt64k404.default\cookies.txt ]
.kontera.com [ C:\Documents and Settings\Kirill\Application Data\Mozilla\Firefox\Profiles\bt64k404.default\cookies.txt ]
.indextools.com [ C:\Documents and Settings\Kirill\Application Data\Mozilla\Firefox\Profiles\bt64k404.default\cookies.txt ]
www.burstbeacon.com [ C:\Documents and Settings\Kirill\Application Data\Mozilla\Firefox\Profiles\bt64k404.default\cookies.txt ]
.trafficmp.com [ C:\Documents and Settings\Kirill\Application Data\Mozilla\Firefox\Profiles\bt64k404.default\cookies.txt ]
.trafficmp.com [ C:\Documents and Settings\Kirill\Application Data\Mozilla\Firefox\Profiles\bt64k404.default\cookies.txt ]
.trafficmp.com [ C:\Documents and Settings\Kirill\Application Data\Mozilla\Firefox\Profiles\bt64k404.default\cookies.txt ]
.trafficmp.com [ C:\Documents and Settings\Kirill\Application Data\Mozilla\Firefox\Profiles\bt64k404.default\cookies.txt ]
.trafficmp.com [ C:\Documents and Settings\Kirill\Application Data\Mozilla\Firefox\Profiles\bt64k404.default\cookies.txt ]
.adserving.clicksector.com [ C:\Documents and Settings\Kirill\Application Data\Mozilla\Firefox\Profiles\bt64k404.default\cookies.txt ]
ad1.clickhype.com [ C:\Documents and Settings\Kirill\Application Data\Mozilla\Firefox\Profiles\bt64k404.default\cookies.txt ]
.adultadworld.com [ C:\Documents and Settings\Kirill\Application Data\Mozilla\Firefox\Profiles\bt64k404.default\cookies.txt ]
.adultadworld.com [ C:\Documents and Settings\Kirill\Application Data\Mozilla\Firefox\Profiles\bt64k404.default\cookies.txt ]
.adultadworld.com [ C:\Documents and Settings\Kirill\Application Data\Mozilla\Firefox\Profiles\bt64k404.default\cookies.txt ]
.adultadworld.com [ C:\Documents and Settings\Kirill\Application Data\Mozilla\Firefox\Profiles\bt64k404.default\cookies.txt ]
.adultadworld.com [ C:\Documents and Settings\Kirill\Application Data\Mozilla\Firefox\Profiles\bt64k404.default\cookies.txt ]
www.tqlkg.net [ C:\Documents and Settings\Kirill\Application Data\Mozilla\Firefox\Profiles\bt64k404.default\cookies.txt ]
.toplist.cz [ C:\Documents and Settings\Kirill\Application Data\Mozilla\Firefox\Profiles\bt64k404.default\cookies.txt ]
2008adult2008.com [ C:\Documents and Settings\Kirill\Application Data\Mozilla\Firefox\Profiles\bt64k404.default\cookies.txt ]
2008adult2008.com [ C:\Documents and Settings\Kirill\Application Data\Mozilla\Firefox\Profiles\bt64k404.default\cookies.txt ]
www.googleadservices.com [ C:\Documents and Settings\Kirill\Application Data\Mozilla\Firefox\Profiles\bt64k404.default\cookies.txt ]
.motricity.122.2o7.net [ C:\Documents and Settings\Kirill\Application Data\Mozilla\Firefox\Profiles\bt64k404.default\cookies.txt ]
.microsoftwga.112.2o7.net [ C:\Documents and Settings\Kirill\Application Data\Mozilla\Firefox\Profiles\bt64k404.default\cookies.txt ]
.hitbox.com [ C:\Documents and Settings\Kirill\Application Data\Mozilla\Firefox\Profiles\bt64k404.default\cookies.txt ]
.ehg-techtarget.hitbox.com [ C:\Documents and Settings\Kirill\Application Data\Mozilla\Firefox\Profiles\bt64k404.default\cookies.txt ]
.ehg-techtarget.hitbox.com [ C:\Documents and Settings\Kirill\Application Data\Mozilla\Firefox\Profiles\bt64k404.default\cookies.txt ]
.ehg-techtarget.hitbox.com [ C:\Documents and Settings\Kirill\Application Data\Mozilla\Firefox\Profiles\bt64k404.default\cookies.txt ]
.clickbank.net [ C:\Documents and Settings\Kirill\Application Data\Mozilla\Firefox\Profiles\bt64k404.default\cookies.txt ]
ad2.clickhype.com [ C:\Documents and Settings\Kirill\Application Data\Mozilla\Firefox\Profiles\bt64k404.default\cookies.txt ]
.media6degrees.com [ C:\Documents and Settings\Kirill\Application Data\Mozilla\Firefox\Profiles\bt64k404.default\cookies.txt ]
rotator.adjuggler.com [ C:\Documents and Settings\Kirill\Application Data\Mozilla\Firefox\Profiles\bt64k404.default\cookies.txt ]
rotator.adjuggler.com [ C:\Documents and Settings\Kirill\Application Data\Mozilla\Firefox\Profiles\bt64k404.default\cookies.txt ]
.reduxads.valuead.com [ C:\Documents and Settings\Kirill\Application Data\Mozilla\Firefox\Profiles\bt64k404.default\cookies.txt ]
.reduxads.valuead.com [ C:\Documents and Settings\Kirill\Application Data\Mozilla\Firefox\Profiles\bt64k404.default\cookies.txt ]
.reduxads.valuead.com [ C:\Documents and Settings\Kirill\Application Data\Mozilla\Firefox\Profiles\bt64k404.default\cookies.txt ]
.reduxads.valuead.com [ C:\Documents and Settings\Kirill\Application Data\Mozilla\Firefox\Profiles\bt64k404.default\cookies.txt ]
.reduxads.valuead.com [ C:\Documents and Settings\Kirill\Application Data\Mozilla\Firefox\Profiles\bt64k404.default\cookies.txt ]
.reduxads.valuead.com [ C:\Documents and Settings\Kirill\Application Data\Mozilla\Firefox\Profiles\bt64k404.default\cookies.txt ]
.adfi.adbureau.net [ C:\Documents and Settings\Kirill\Application Data\Mozilla\Firefox\Profiles\bt64k404.default\cookies.txt ]
.apmebf.com [ C:\Documents and Settings\Kirill\Application Data\Mozilla\Firefox\Profiles\bt64k404.default\cookies.txt ]
.hornymatches.com [ C:\Documents and Settings\Kirill\Application Data\Mozilla\Firefox\Profiles\bt64k404.default\cookies.txt ]
.hornymatches.com [ C:\Documents and Settings\Kirill\Application Data\Mozilla\Firefox\Profiles\bt64k404.default\cookies.txt ]
.hornymatches.com [ C:\Documents and Settings\Kirill\Application Data\Mozilla\Firefox\Profiles\bt64k404.default\cookies.txt ]
.hornymatches.com [ C:\Documents and Settings\Kirill\Application Data\Mozilla\Firefox\Profiles\bt64k404.default\cookies.txt ]
.hornymatches.com [ C:\Documents and Settings\Kirill\Application Data\Mozilla\Firefox\Profiles\bt64k404.default\cookies.txt ]
.hornymatches.com [ C:\Documents and Settings\Kirill\Application Data\Mozilla\Firefox\Profiles\bt64k404.default\cookies.txt ]
.porncreeper.com [ C:\Documents and Settings\Kirill\Application Data\Mozilla\Firefox\Profiles\bt64k404.default\cookies.txt ]
.porncreeper.com [ C:\Documents and Settings\Kirill\Application Data\Mozilla\Firefox\Profiles\bt64k404.default\cookies.txt ]
.ads.clicksor.com [ C:\Documents and Settings\Kirill\Application Data\Mozilla\Firefox\Profiles\bt64k404.default\cookies.txt ]
.ads.clicksor.com [ C:\Documents and Settings\Kirill\Application Data\Mozilla\Firefox\Profiles\bt64k404.default\cookies.txt ]
.clicksor.com [ C:\Documents and Settings\Kirill\Application Data\Mozilla\Firefox\Profiles\bt64k404.default\cookies.txt ]
.myroitracking.com [ C:\Documents and Settings\Kirill\Application Data\Mozilla\Firefox\Profiles\bt64k404.default\cookies.txt ]
.k2network.112.2o7.net [ C:\Documents and Settings\Kirill\Application Data\Mozilla\Firefox\Profiles\bt64k404.default\cookies.txt ]
.elitepvpers.de [ C:\Documents and Settings\Kirill\Application Data\Mozilla\Firefox\Profiles\bt64k404.default\cookies.txt ]
.elitepvpers.de [ C:\Documents and Settings\Kirill\Application Data\Mozilla\Firefox\Profiles\bt64k404.default\cookies.txt ]
www.elitepvpers.de [ C:\Documents and Settings\Kirill\Application Data\Mozilla\Firefox\Profiles\bt64k404.default\cookies.txt ]
www.elitepvpers.de [ C:\Documents and Settings\Kirill\Application Data\Mozilla\Firefox\Profiles\bt64k404.default\cookies.txt ]
ad.zanox.com [ C:\Documents and Settings\Kirill\Application Data\Mozilla\Firefox\Profiles\bt64k404.default\cookies.txt ]
promo.elitepvpers.com [ C:\Documents and Settings\Kirill\Application Data\Mozilla\Firefox\Profiles\bt64k404.default\cookies.txt ]
adserver.mmoga.de [ C:\Documents and Settings\Kirill\Application Data\Mozilla\Firefox\Profiles\bt64k404.default\cookies.txt ]

I was not able to do the Kaspersky Scan due to an error

Program is starting. Please wait...
Update source selected: http://www.kaspersky.com
Downloading file: packages/kos-extras.jar

Program has failed to start. Program has failed to start. Close the Kaspersky Online Scanner 7.0 window and open it again to install the program. [ERROR: java.lang.UnsatisfiedLinkError: C

ocuments and SettingsKirillLocal SettingsTempjkos-Kirillinarieskosglue-7.0.25.0.dll: Access is denied]

i tryed to do this a few times but the result is the same it doest let me.

thank you

**cybertech** · 20-Jun-2008, 06:57 PM **#10**

Do this instead,

Click here to download Dr.Web CureIt and save it to your desktop.

Doubleclick the drweb-cureit.exe file and Allow to run the express scan
This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
Once the short scan has finished, mark the drives that you want to scan.
Select all drives. A red dot shows which drives have been chosen.
Click the green arrow at the right, and the scan will start.
Click 'Yes to all' if it asks if you want to cure/move the file.
When the scan has finished, look if you can click next icon next to the files found:
If so, click it and then click the next icon right below and select Move incurable as you'll see in next image:

This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured. (this in case if we need samples)
After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
Save the report to your desktop. The report will be called DrWeb.csv
Close Dr.Web Cureit.
Reboot your computer!! Because it could be possible that files in use will be moved/deleted during reboot.
After reboot, post the contents of the log from Dr.Web you saved previously in your next reply along with a new Hijack This log.

Kiri P · 21-Jun-2008, 04:31 AM **#11**

the good news is that i the new virus scan worked and did find 9 threats. the bad new s is that every time i try to save report list, it freezes my computer every time X(.

here is a new hijack this log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:31:14 AM, on 6/21/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Nhksrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\MMKeybd.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\Program Files\DNA\btdna.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Netropa\OSD.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [DellTouch] C:\WINDOWS\MMKeybd.exe
O4 - HKLM\..\Run: [SpeedBitVideoAccelerator] "C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe"
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/Driver...sysreqlab2.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: Netropa NHK Server (Nhksrv) - Unknown owner - C:\WINDOWS\Nhksrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 8869 bytes

**cybertech** · 22-Jun-2008, 01:34 PM **#12**

Your Java is out of date. Use Secunia software inspector & update checker and remove all old versions from add/remove programs.

How is it running now? Any problems?

Follow these steps to uninstall Combofix and tools used in the removal of malware

Click START then RUN
Now type Combofix /u in the runbox and click OK. Note the space between the X and the U, it needs to be there.

Kiri P · 23-Jun-2008, 06:40 AM **#13**

hello, yes i think that was one of the reasons. but the main reason why my comp would not let me install anything is because of McAfee anti virus, it blocks certain softwares from being installed, all i had to do is disable it and everything works fine.

thank you so much for you help, i will definetly donate some money once i get a paycheck.
thank you

ki

**cybertech** · 23-Jun-2008, 11:51 AM **#14**

It's a good idea to Flush your System Restore after removing malware:
Turn off system restore and then turn it back on: http://support.microsoft.com/kb/310405

Now you should Clean up your PC

Here are some additional links for you to check out to help you with your computer security.

How did I get infected in the first place. by Tony Klein

Good free tools and advice on how to tighten your security settings.

Security Help Tools

You're welcome!

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)

Search
Search for: