CastleCops® Antivirus 2008 xp

Need help? Click here to register for free! Absolutely zero advertisements on this site!

	Donation/Premium

	Donations. Become Premium Today!

	Security Central

	· Home · PIRT/Fried Phish · MIRT · SIRT · Deutsch · Wiki · Newsletter · O16/ActiveX · CLSID List · Contest2007 · Downloads · Feedback (send) · Forums · HijackThis · Hijacktrend · LSPs · My Downloads · O18 · O20 · O21 · O22 · O23 · O9 · Premium · Private Messages · Proxomitron · Reviews · Search · StartupList · Stories Archive · Submit News · WsIRT · Your Account · Acceptable Use Policy

Forum FAQ

Usergroups

Profile

Select FavForums

[FIXED]Antivirus 2008 xp

This topic is locked you cannot edit posts or make replies

All -> FavForums -> Trend Micro HijackThis Logs

[del.icio.us!] [digg it!] [reddit!]

View previous topic :: View next topic

Author

Message

Browning

Cadet
Cadet

Joined: Aug 15, 2008
Posts: 7
Location: USA

Posted: Sun Aug 17, 2008 1:25 am Post subject: Antivirus 2008 xp

1. I accidentaly downloaded and installed Antivirus 2008 XP and now get pop ups every 3-5 minutes stating that my system is infected. 2. Ran Ccleaner, ATF Cleaner and Spybot S&D. Nothing unusual was encountered. 3. Only followed the Mailware Removal procedure. 4. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 6:13:48 AM, on 8/16/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\CTsvcCDA.exe C:\WINDOWS\System32\inetsrv\inetinfo.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\BroadJump\Client Foundation\CFD.exe C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Documents and Settings\All Users.WINDOWS\Application Data\SoftLand Ltd\Antivirus 2008 XP\av2008xp.exe C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe C:\Program Files\Yahoo!\Yahoo! Music Engine\ymetray.exe C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe C:\Program Files\Java\jre1.5.0_06\bin\jucheck.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1 O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: CableRouting module - {18CB1A7B-94CD-4582-8022-ADA16851E44B} - (no file) O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll O2 - BHO: mxlivemedia browser optimizer - {fb41e1df-8564-42b0-e873-bca56d41b838} - C:\WINDOWS\system32\dgzfjlzugy.dll (file missing) O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe O4 - HKLM\..\Run: [IPInSightLAN 01] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe"-l O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [ymetray] "C:\Program Files\Yahoo!\Yahoo! Music Engine\YahooMusicEngine.exe" -preload O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [{119c9179-c913-1aa3-cfbe-ce4bb4b4165d}] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\dgzfjlzugy.dll" DllStart O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe" O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1 O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [s9201] "C:\Documents and Settings\All Users.WINDOWS\Application Data\SoftLand Ltd\Antivirus 2008 XP\av2008xp.exe" /autorun O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://files.member.yahoo.com/dl/installs/sbc/yinst.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1133332220057 O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} - http://a19.g.akamai.net/7/19/7125/4058/ftp.coupons.com/r3302/Coupons.cab O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- End of file - 6654 bytes 5. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 9:02:28 PM, on 8/16/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\BroadJump\Client Foundation\CFD.exe C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Documents and Settings\All Users.WINDOWS\Application Data\SoftLand Ltd\Antivirus 2008 XP\av2008xp.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\WINDOWS\system32\CTsvcCDA.exe C:\WINDOWS\System32\inetsrv\inetinfo.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Yahoo!\Yahoo! Music Engine\ymetray.exe C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe C:\Program Files\Java\jre1.5.0_06\bin\jucheck.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1 O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: CableRouting module - {18CB1A7B-94CD-4582-8022-ADA16851E44B} - (no file) O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll O2 - BHO: mxlivemedia browser optimizer - {fb41e1df-8564-42b0-e873-bca56d41b838} - C:\WINDOWS\system32\dgzfjlzugy.dll (file missing) O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe O4 - HKLM\..\Run: [IPInSightLAN 01] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe"-l O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [ymetray] "C:\Program Files\Yahoo!\Yahoo! Music Engine\YahooMusicEngine.exe" -preload O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [{119c9179-c913-1aa3-cfbe-ce4bb4b4165d}] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\dgzfjlzugy.dll" DllStart O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe" O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1 O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [s9201] "C:\Documents and Settings\All Users.WINDOWS\Application Data\SoftLand Ltd\Antivirus 2008 XP\av2008xp.exe" /autorun O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://files.member.yahoo.com/dl/installs/sbc/yinst.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1133332220057 O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} - http://a19.g.akamai.net/7/19/7125/4058/ftp.coupons.com/r3302/Coupons.cab O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- End of file - 6600 bytes

YounGun

1st Responder
Site Moderator

Joined: Dec 11, 2004
Posts: 4369

Posted: Sun Aug 17, 2008 3:09 pm Post subject:

Hi, my name is Victor and I will be helping you. Please take your time to read thru my instructions and follow them carefully. I am not going to be able to reply immediately so please wait patiently for my reply. Please download Combofix from one of these locations: http://download.bleepingcomputer.com/sUBs/ComboFix.exe http://www.forospyware.com/sUBs/ComboFix.exe http://subs.geekstogo.com/ComboFix.exe Take note that the links are case sensitive Save ComboFix to the desktop. Note: It is important that it is saved directly to, and run from your desktop. In the event you already have Combofix, please delete it as this is a new version. Close any open browsers. Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix. 1. Double click on combo.exe & follow the prompts. 2. When finished, it will produce a logfile located at C:\ComboFix.txt. 3. Post the contents of that log in your next reply with a new hijackthis log. Note: Do not mouseclick combofix's window while it is running. That may cause your system to stall/hang. Do not proceed with the rest of the fix if you fail to run combofix _________________ IT Stuff

Browning

Cadet
Cadet

Joined: Aug 15, 2008
Posts: 7
Location: USA

Posted: Sun Aug 17, 2008 8:26 pm Post subject:

First of all thank you for your help. The only problem I had with Combofix was when it re-booted Spybot detected several changes. I allowed the changes after Combofix finished creating its log. Hopefully, I did the right thing. It appears that the pop ups from Antivirus 2008 XP have stopped since running Combofix. Combofix Log below: ComboFix 08-08-16.01 - Rogers 2008-08-17 11:52:27.1 - NTFSx86 Running from: C:\Documents and Settings\Rogers.ROGERSDELL\Desktop\ComboFix.exe * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\Administrator\Application Data\Microsoft\SystemCertificates\My C:\Documents and Settings\Default User.WINDOWS\Application Data\Microsoft\SystemCertificates\My C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Microsoft\SystemCertificates\My C:\Documents and Settings\NetworkService.NT AUTHORITY\Application Data\Microsoft\SystemCertificates\My C:\Documents and Settings\Rogers.ROGERSDELL\Application Data\Microsoft\SystemCertificates\My C:\Documents and Settings\Rogers.ROGERSDELL\Cookies\rogers@a.findarticles[1].txt C:\Documents and Settings\Rogers.ROGERSDELL\Cookies\rogers@ad.associatedcontent[1].txt C:\Documents and Settings\Rogers.ROGERSDELL\Cookies\rogers@ads.pointroll[2].txt C:\Documents and Settings\Rogers.ROGERSDELL\Cookies\rogers@adserver[1].txt C:\Documents and Settings\Rogers.ROGERSDELL\Cookies\rogers@advertising[1].txt C:\Documents and Settings\Rogers.ROGERSDELL\Cookies\rogers@allrecipes[1].txt C:\Documents and Settings\Rogers.ROGERSDELL\Cookies\rogers@barnesandnoble[1].txt C:\Documents and Settings\Rogers.ROGERSDELL\Cookies\rogers@ebay[1].txt C:\Documents and Settings\Rogers.ROGERSDELL\Cookies\rogers@gandermountain.shoplocal[2].txt C:\Documents and Settings\Rogers.ROGERSDELL\Cookies\rogers@go[1].txt C:\Documents and Settings\Rogers.ROGERSDELL\Cookies\rogers@homedepot[2].txt C:\Documents and Settings\Rogers.ROGERSDELL\Cookies\rogers@insightexpressai[2].txt C:\Documents and Settings\Rogers.ROGERSDELL\Cookies\rogers@mapquest[2].txt C:\Documents and Settings\Rogers.ROGERSDELL\Cookies\rogers@reciperewards.aavalue[1].txt C:\Documents and Settings\Rogers.ROGERSDELL\Cookies\rogers@revsci[2].txt C:\Documents and Settings\Rogers.ROGERSDELL\Cookies\rogers@trafficmp[1].txt C:\Documents and Settings\Rogers.ROGERSDELL\Cookies\rogers@web.checkm8[2].txt C:\Documents and Settings\Rogers\Application Data\Microsoft\SystemCertificates\My C:\WINDOWS\system32\Cache . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_IPRIP -------\Service_Iprip ((((((((((((((((((((((((( Files Created from 2008-07-17 to 2008-08-17 ))))))))))))))))))))))))))))))) . 2008-08-16 07:18 . 2008-08-16 07:18 <DIR> d-------- C:\Program Files\CCleaner 2008-08-15 07:09 . 2008-08-15 07:09 <DIR> d-------- C:\Program Files\Trend Micro 2008-08-14 08:14 . 2008-08-14 09:04 <DIR> d-a------ C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP 2008-08-13 18:55 . 2008-08-13 18:59 <DIR> d-------- C:\Program Files\Enigma Software Group 2008-08-11 08:54 . 2008-08-11 08:54 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy 2008-08-11 08:54 . 2008-08-16 20:14 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy 2008-08-11 08:44 . 2008-08-11 08:44 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\SoftLand Ltd 2008-08-11 08:44 . 2008-08-11 08:44 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\services 2008-08-11 08:44 . 2008-08-11 08:44 64,362 --a------ C:\WINDOWS\SYSTEM32\dhxycxobvjdnb.exe . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2005-11-28 00:13 266 --sh--w C:\Program Files\desktop.ini 2005-11-28 00:13 11,079 ---ha-w C:\Program Files\folder.htt . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\ypager.exe" [2005-12-08 14:55 3096576] "CTSyncU.exe"="C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe" [2006-06-12 15:32 700416] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-19 20:14 68856] "updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 17:45 313472] "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-07-07 09:42 2156368] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IPInSightLAN 01"="C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe-l" [X] "BJCFD"="C:\Program Files\BroadJump\Client Foundation\CFD.exe" [2002-09-11 01:26 368706] "Motive SmartBridge"="C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe" [2003-12-10 08:52 380928] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 15:50 155648] "IPInSightMonitor 01"="C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe" [2003-06-11 05:52 122880] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 14:03 36975] "ymetray"="C:\Program Files\Yahoo!\Yahoo! Music Engine\YahooMusicEngine.exe" [2006-04-06 17:17 5541888] "Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-07 00:46 57344] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-01-30 21:16 185896] C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 23:05:26 29696] SBC Self Support Tool.lnk - C:\Program Files\SBC Self Support Tool\bin\matcli.exe [2005-11-30 01:09:30 217088] [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"= "C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"= "C:\\Program Files\\Yahoo!\\Yahoo! Music Engine\\YahooMusicEngine.exe"= R3 epstw2k;SCM Parallel Port SCSI Driver;C:\WINDOWS\system32\DRIVERS\epstw2k.sys [2001-08-17 17:50] R3 scsiscan;SCSI Scanner Driver;C:\WINDOWS\system32\DRIVERS\scsiscan.sys [2001-08-17 17:53] S2 SHARSHTL;Shuttle Sharer;C:\WINDOWS\system32\Drivers\sharshtl.sys [1998-01-26 06:17] . - - - - ORPHANS REMOVED - - - - BHO-{18CB1A7B-94CD-4582-8022-ADA16851E44B} - (no file) BHO-{fb41e1df-8564-42b0-e873-bca56d41b838} - C:\WINDOWS\system32\dgzfjlzugy.dll HKLM-Run-{119c9179-c913-1aa3-cfbe-ce4bb4b4165d} - C:\WINDOWS\system32\dgzfjlzugy.dll HKLM-Run-NWEReboot - (no file) . ------- Supplementary Scan ------- . FireFox -: Profile - C:\Documents and Settings\Rogers.ROGERSDELL\Application Data\Mozilla\Firefox\Profiles\hyx6t4tq.default\ FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official ************************************************************************ catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-08-17 12:02:30 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\WINDOWS\SYSTEM32\CTSVCCDA.EXE C:\WINDOWS\SYSTEM32\inetsrv\inetinfo.exe C:\WINDOWS\SYSTEM32\wdfmgr.exe C:\WINDOWS\SYSTEM32\rundll32.exe C:\WINDOWS\SYSTEM32\wscntfy.exe C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe C:\Program Files\Yahoo!\Yahoo! Music Engine\ymetray.exe C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe C:\Program Files\Java\jre1.5.0_06\bin\jucheck.exe . ************************************************************************ . Completion time: 2008-08-17 12:17:29 - machine was rebooted ComboFix-quarantined-files.txt 2008-08-17 16:17:14 Pre-Run: 11,905,549,312 bytes free Post-Run: 11,915,187,200 bytes free 125 Highjackthis Log below: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:32:59 PM, on 8/17/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\CTsvcCDA.exe C:\WINDOWS\System32\inetsrv\inetinfo.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\BroadJump\Client Foundation\CFD.exe C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe C:\Program Files\Yahoo!\Yahoo! Music Engine\ymetray.exe C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe C:\Program Files\Java\jre1.5.0_06\bin\jucheck.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1 O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe O4 - HKLM\..\Run: [IPInSightLAN 01] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe"-l O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [ymetray] "C:\Program Files\Yahoo!\Yahoo! Music Engine\YahooMusicEngine.exe" -preload O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe" O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1 O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://files.member.yahoo.com/dl/installs/sbc/yinst.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1133332220057 O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- End of file - 6304 bytes

YounGun

1st Responder
Site Moderator

Joined: Dec 11, 2004
Posts: 4369

Posted: Mon Aug 18, 2008 7:14 am Post subject:

Hi Go to Microsoft's website => http://support.microsoft.com/kb/310994 Select the download that's appropriate for your Operating System Download the file & save it as it's originally named, next to ComboFix.exe. Now close all open windows and programs, then drag the setup package onto ComboFix.exe and drop it. Follow the prompts to start ComboFix and when prompted, agree to the End-User License Agreement to install the Microsoft Recovery Console. When complete, a log named CF_RC.txt will open. Please post the contents of that log than reboot your computer. _________________ IT Stuff

Browning

Cadet
Cadet

Joined: Aug 15, 2008
Posts: 7
Location: USA

Posted: Tue Aug 19, 2008 10:48 am Post subject:

Below is my log after dropping the XP SP2 into Combofix. ComboFix 08-08-16.01 - Rogers 2008-08-19 6:20:56.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.60 [GMT -4:00] Running from: C:\Documents and Settings\Rogers.ROGERSDELL\Desktop\ComboFix.exe Command switches used :: C:\Documents and Settings\Rogers.ROGERSDELL\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\Rogers.ROGERSDELL\Application Data\Microsoft\SystemCertificates\My . ((((((((((((((((((((((((( Files Created from 2008-07-19 to 2008-08-19 ))))))))))))))))))))))))))))))) . 2008-08-16 07:18 . 2008-08-16 07:18 <DIR> d-------- C:\Program Files\CCleaner 2008-08-15 07:09 . 2008-08-15 07:09 <DIR> d-------- C:\Program Files\Trend Micro 2008-08-14 08:14 . 2008-08-14 09:04 <DIR> d-a------ C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP 2008-08-13 18:55 . 2008-08-13 18:59 <DIR> d-------- C:\Program Files\Enigma Software Group 2008-08-11 08:54 . 2008-08-11 08:54 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy 2008-08-11 08:54 . 2008-08-16 20:14 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy 2008-08-11 08:44 . 2008-08-11 08:44 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\SoftLand Ltd 2008-08-11 08:44 . 2008-08-11 08:44 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\services 2008-08-11 08:44 . 2008-08-11 08:44 64,362 --a------ C:\WINDOWS\SYSTEM32\dhxycxobvjdnb.exe . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2005-11-28 00:13 266 --sh--w C:\Program Files\desktop.ini 2005-11-28 00:13 11,079 ---ha-w C:\Program Files\folder.htt . ((((((((((((((((((((((((((((( snapshot@2008-08-17_12.16.04.08 ))))))))))))))))))))))))))))))))))))))))) . - 2008-08-16 11:06:40 58,632 ----a-w C:\WINDOWS\SYSTEM32\perfc009.dat + 2008-08-17 16:09:03 58,632 ----a-w C:\WINDOWS\SYSTEM32\perfc009.dat - 2008-08-16 11:06:40 367,534 ----a-w C:\WINDOWS\SYSTEM32\perfh009.dat + 2008-08-17 16:09:04 367,534 ----a-w C:\WINDOWS\SYSTEM32\perfh009.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\ypager.exe" [2005-12-08 14:55 3096576] "CTSyncU.exe"="C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe" [2006-06-12 15:32 700416] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-19 20:14 68856] "updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 17:45 313472] "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-07-07 09:42 2156368] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IPInSightLAN 01"="C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe-l" [X] "BJCFD"="C:\Program Files\BroadJump\Client Foundation\CFD.exe" [2002-09-11 01:26 368706] "Motive SmartBridge"="C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe" [2003-12-10 08:52 380928] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 15:50 155648] "IPInSightMonitor 01"="C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe" [2003-06-11 05:52 122880] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 14:03 36975] "ymetray"="C:\Program Files\Yahoo!\Yahoo! Music Engine\YahooMusicEngine.exe" [2006-04-06 17:17 5541888] "Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-07 00:46 57344] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-01-30 21:16 185896] C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 23:05:26 29696] SBC Self Support Tool.lnk - C:\Program Files\SBC Self Support Tool\bin\matcli.exe [2005-11-30 01:09:30 217088] [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"= "C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"= "C:\\Program Files\\Yahoo!\\Yahoo! Music Engine\\YahooMusicEngine.exe"= R3 epstw2k;SCM Parallel Port SCSI Driver;C:\WINDOWS\system32\DRIVERS\epstw2k.sys [2001-08-17 17:50] R3 scsiscan;SCSI Scanner Driver;C:\WINDOWS\system32\DRIVERS\scsiscan.sys [2001-08-17 17:53] S2 SHARSHTL;Shuttle Sharer;C:\WINDOWS\system32\Drivers\sharshtl.sys [1998-01-26 06:17] . . ------- Supplementary Scan ------- . FireFox -: Profile - C:\Documents and Settings\Rogers.ROGERSDELL\Application Data\Mozilla\Firefox\Profiles\hyx6t4tq.default\ FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official ************************************************************************ catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-08-19 06:25:00 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . Completion time: 2008-08-19 6:30:30 ComboFix-quarantined-files.txt 2008-08-19 10:29:42 ComboFix2.txt 2008-08-17 16:17:33 Pre-Run: 11,978,908,160 bytes free Post-Run: 11,954,552,832 bytes free WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn 95

YounGun

1st Responder
Site Moderator

Joined: Dec 11, 2004
Posts: 4369

Posted: Wed Aug 20, 2008 6:58 am Post subject:

Hi Smile

Download SDFix and save it to your Desktop.

Double click SDFix.exe and choose Install to extract it to its own folder on the Desktop. Please then reboot your computer in Safe Mode by doing the following :

Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, a menu with options should appear;
Select the first option, to run Windows in Safe Mode, then press "Enter".
Choose your usual account.

In Safe Mode, right click the SDFix.zip folder and choose Extract All,
Open the extracted folder and double click RunThis.bat to start the script.
Type Y to begin the script.
It will remove the Trojan Services then make some repairs to the registry and prompt you to press any key to Reboot.
Press any Key and it will restart the PC.
Your system will take longer that normal to restart as the fixtool will be running and removing files.
When the desktop loads the Fixtool will complete the removal and display Finished, then press any key to end the script and load your desktop icons.
Finally open the SDFix folder on your desktop and copy and paste the contents of the results file Report.txt back onto the forum with a new HijackThis log

Download and scan with SUPERAntiSpyware Free for Home Users

Double-click SUPERAntiSpyware.exe and use the default settings for installation.
An icon will be created on your desktop. Double-click that icon to launch the program.
If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
Under "Configuration and Preferences", click the Preferences button.
Click the Scanning Control tab.
Under Scanner Options make sure the following are checked (leave all others unchecked):
- Close browsers before scanning.
- Scan for tracking cookies.
- Terminate memory threats before quarantining.
Click the "Close" button to leave the control center screen.
Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
On the left, make sure you check C:\Fixed Drive.
On the right, under "Complete Scan", choose Perform Complete Scan.
Click "Next" to start the scan. Please be patient while it scans your computer.
After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
Make sure everything has a checkmark next to it and click "Next".
A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
If asked if you want to reboot, click "Yes".
To retrieve the removal information after reboot, launch SUPERAntispyware again.
- Click Preferences, then click the Statistics/Logs tab.
- Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
- If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
- Please copy and paste the Scan Log results in your next reply.
Click Close to exit the program.

_________________
IT Stuff

Browning

Cadet
Cadet

Joined: Aug 15, 2008
Posts: 7
Location: USA

Posted: Thu Aug 21, 2008 3:02 am Post subject:

Below is the SDfix report, new hijack log, & superantispyware log: SDFix: Version 1.218 Run by Rogers on Wed 08/20/2008 at 08:20 PM Microsoft Windows XP [Version 5.1.2600] Running From: C:\Documents and Settings\Rogers.ROGERSDELL\Desktop\SDFix Checking Services : Restoring Default Security Values Restoring Default Hosts File Rebooting Checking Files : Trojan Files Found: C:\WINDOWS\system32\dhxycxobvjdnb.exe - Deleted C:\Documents and Settings\All Users.WINDOWS\Application Data\SoftLand Ltd\Antivirus 2008 XP\av2008xp.exe - Deleted C:\Documents and Settings\All Users.WINDOWS\Application Data\SoftLand Ltd\Antivirus 2008 XP\LOG\20080811084443741.log - Deleted C:\Documents and Settings\All Users.WINDOWS\Application Data\SoftLand Ltd\Antivirus 2008 XP\LOG\20080811191130472.log - Deleted C:\Documents and Settings\All Users.WINDOWS\Application Data\SoftLand Ltd\Antivirus 2008 XP\LOG\20080813184018644.log - Deleted C:\Documents and Settings\All Users.WINDOWS\Application Data\SoftLand Ltd\Antivirus 2008 XP\LOG\20080814080142405.log - Deleted C:\Documents and Settings\All Users.WINDOWS\Application Data\SoftLand Ltd\Antivirus 2008 XP\LOG\20080814091710484.log - Deleted C:\Documents and Settings\All Users.WINDOWS\Application Data\SoftLand Ltd\Antivirus 2008 XP\LOG\20080816070241835.log - Deleted C:\Documents and Settings\All Users.WINDOWS\Application Data\services\services.dll - Deleted C:\WINDOWS\browser.exe - Deleted Folder C:\Documents and Settings\All Users.WINDOWS\Application Data\SoftLand Ltd - Removed Folder C:\Documents and Settings\All Users.WINDOWS\Application Data\services - Removed Removing Temp Files ADS Check : Final Check : catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-08-20 20:29:01 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden services & system hive ... [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch] "Epoch"=dword:00003575 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{46159315-1F88-4463-B4A0-D3690651EF18}] "LeaseObtainedTime"=dword:48acb6c2 "T1"=dword:48acb6d1 "T2"=dword:48acb6dc "LeaseTerminatesTime"=dword:48acb6e0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\{46159315-1F88-4463-B4A0-D3690651EF18}\Parameters\Tcpip] "LeaseObtainedTime"=dword:48acb6c2 "T1"=dword:48acb6d1 "T2"=dword:48acb6dc "LeaseTerminatesTime"=dword:48acb6e0 scanning hidden registry entries ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 Remaining Services : Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe::enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe::Enabled:Yahoo! Messenger" "C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe::Enabled:Yahoo! FT Server" "C:\\Program Files\\Yahoo!\\Yahoo! Music Engine\\YahooMusicEngine.exe"="C:\\Program Files\\Yahoo!\\Yahoo! Music Engine\\YahooMusicEngine.exe::Enabled:Yahoo! Music Engine" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" Remaining Files : File Backups: - C:\DOCUME~1\ROGERS~1.ROG\Desktop\SDFix\backups\backups.zip Files with Hidden Attributes : Fri 23 Apr 1999 93,890 ..SH. --- "C:\COMMAND.COM" Mon 7 Jul 2008 1,429,840 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe" Mon 7 Jul 2008 4,891,472 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" Mon 7 Jul 2008 2,156,368 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" Thu 15 May 2008 20,480 ...H. --- "C:\Documents and Settings\Rogers.ROGERSDELL\My Documents\~WRL0005.tmp" Sat 5 Sep 1998 19,456 ...H. --- "C:\Documents and Settings\Rogers.ROGERSDELL\My Documents\Dawn's Documents\~WRL0003.tmp" Sat 29 Mar 2003 25,088 ...H. --- "C:\Documents and Settings\Rogers.ROGERSDELL\My Documents\Dawn's Documents\~WRL0004.tmp" Sat 5 Sep 1998 24,576 ...H. --- "C:\Documents and Settings\Rogers.ROGERSDELL\My Documents\Dawn's Documents\~WRL0103.tmp" Sun 16 Nov 2003 32,256 ...H. --- "C:\Documents and Settings\Rogers.ROGERSDELL\My Documents\Dawn's Documents\~WRL0185.tmp" Sat 5 Sep 1998 19,968 ...H. --- "C:\Documents and Settings\Rogers.ROGERSDELL\My Documents\Dawn's Documents\~WRL0286.tmp" Sun 16 Nov 2003 31,232 ...H. --- "C:\Documents and Settings\Rogers.ROGERSDELL\My Documents\Dawn's Documents\~WRL0387.tmp" Sun 16 Nov 2003 33,792 ...H. --- "C:\Documents and Settings\Rogers.ROGERSDELL\My Documents\Dawn's Documents\~WRL0411.tmp" Sat 5 Sep 1998 23,040 ...H. --- "C:\Documents and Settings\Rogers.ROGERSDELL\My Documents\Dawn's Documents\~WRL0539.tmp" Mon 26 Jul 1999 19,456 ...H. --- "C:\Documents and Settings\Rogers.ROGERSDELL\My Documents\Dawn's Documents\~WRL0563.tmp" Sun 16 Nov 2003 31,744 ...H. --- "C:\Documents and Settings\Rogers.ROGERSDELL\My Documents\Dawn's Documents\~WRL0762.tmp" Sun 7 Sep 2003 20,480 ...H. --- "C:\Documents and Settings\Rogers.ROGERSDELL\My Documents\Dawn's Documents\~WRL0765.tmp" Mon 22 Nov 1999 26,112 ...H. --- "C:\Documents and Settings\Rogers.ROGERSDELL\My Documents\Dawn's Documents\~WRL0802.tmp" Mon 22 Nov 1999 21,504 ...H. --- "C:\Documents and Settings\Rogers.ROGERSDELL\My Documents\Dawn's Documents\~WRL0815.tmp" Sun 7 Sep 2003 19,456 ...H. --- "C:\Documents and Settings\Rogers.ROGERSDELL\My Documents\Dawn's Documents\~WRL0816.tmp" Sat 5 Sep 1998 27,648 ...H. --- "C:\Documents and Settings\Rogers.ROGERSDELL\My Documents\Dawn's Documents\~WRL0892.tmp" Sat 5 Sep 1998 23,040 ...H. --- "C:\Documents and Settings\Rogers.ROGERSDELL\My Documents\Dawn's Documents\~WRL1082.tmp" Sat 24 Oct 1998 20,992 ...H. --- "C:\Documents and Settings\Rogers.ROGERSDELL\My Documents\Dawn's Documents\~WRL1127.tmp" Sat 5 Sep 1998 24,576 ...H. --- "C:\Documents and Settings\Rogers.ROGERSDELL\My Documents\Dawn's Documents\~WRL1401.tmp" Mon 22 Nov 1999 27,136 ...H. --- "C:\Documents and Settings\Rogers.ROGERSDELL\My Documents\Dawn's Documents\~WRL1509.tmp" Sat 5 Sep 1998 26,112 ...H. --- "C:\Documents and Settings\Rogers.ROGERSDELL\My Documents\Dawn's Documents\~WRL1574.tmp" Sun 16 Nov 2003 19,456 ...H. --- "C:\Documents and Settings\Rogers.ROGERSDELL\My Documents\Dawn's Documents\~WRL1606.tmp" Sat 24 Oct 1998 20,992 ...H. --- "C:\Documents and Settings\Rogers.ROGERSDELL\My Documents\Dawn's Documents\~WRL1609.tmp" Sun 16 Nov 2003 78,848 ...H. --- "C:\Documents and Settings\Rogers.ROGERSDELL\My Documents\Dawn's Documents\~WRL1803.tmp" Sat 5 Sep 1998 26,624 ...H. --- "C:\Documents and Settings\Rogers.ROGERSDELL\My Documents\Dawn's Documents\~WRL1969.tmp" Sun 7 Sep 2003 19,456 ...H. --- "C:\Documents and Settings\Rogers.ROGERSDELL\My Documents\Dawn's Documents\~WRL1979.tmp" Sun 16 Nov 2003 33,792 ...H. --- "C:\Documents and Settings\Rogers.ROGERSDELL\My Documents\Dawn's Documents\~WRL2022.tmp" Sun 16 Nov 2003 31,744 ...H. --- "C:\Documents and Settings\Rogers.ROGERSDELL\My Documents\Dawn's Documents\~WRL2034.tmp" Sat 5 Sep 1998 24,064 ...H. --- "C:\Documents and Settings\Rogers.ROGERSDELL\My Documents\Dawn's Documents\~WRL2088.tmp" Mon 22 Nov 1999 19,456 ...H. --- "C:\Documents and Settings\Rogers.ROGERSDELL\My Documents\Dawn's Documents\~WRL2140.tmp" Sun 7 Sep 2003 19,968 ...H. --- "C:\Documents and Settings\Rogers.ROGERSDELL\My Documents\Dawn's Documents\~WRL2272.tmp" Mon 26 Jul 1999 20,480 ...H. --- "C:\Documents and Settings\Rogers.ROGERSDELL\My Documents\Dawn's Documents\~WRL2284.tmp" Mon 22 Nov 1999 20,480 ...H. --- "C:\Documents and Settings\Rogers.ROGERSDELL\My Documents\Dawn's Documents\~WRL2753.tmp" Sun 16 Nov 2003 27,136 ...H. --- "C:\Documents and Settings\Rogers.ROGERSDELL\My Documents\Dawn's Documents\~WRL2871.tmp" Sat 5 Sep 1998 25,088 ...H. --- "C:\Documents and Settings\Rogers.ROGERSDELL\My Documents\Dawn's Documents\~WRL2914.tmp" Sun 16 Nov 2003 31,744 ...H. --- "C:\Documents and Settings\Rogers.ROGERSDELL\My Documents\Dawn's Documents\~WRL2940.tmp" Sat 24 Oct 1998 19,456 ...H. --- "C:\Documents and Settings\Rogers.ROGERSDELL\My Documents\Dawn's Documents\~WRL2970.tmp" Tue 6 Aug 2002 20,992 ...H. --- "C:\Documents and Settings\Rogers.ROGERSDELL\My Documents\Dawn's Documents\~WRL3158.tmp" Sun 16 Nov 2003 32,768 ...H. --- "C:\Documents and Settings\Rogers.ROGERSDELL\My Documents\Dawn's Documents\~WRL3202.tmp" Sun 16 Nov 2003 33,280 ...H. --- "C:\Documents and Settings\Rogers.ROGERSDELL\My Documents\Dawn's Documents\~WRL3232.tmp" Mon 22 Nov 1999 25,088 ...H. --- "C:\Documents and Settings\Rogers.ROGERSDELL\My Documents\Dawn's Documents\~WRL3309.tmp" Sun 16 Nov 2003 33,280 ...H. --- "C:\Documents and Settings\Rogers.ROGERSDELL\My Documents\Dawn's Documents\~WRL3600.tmp" Sat 5 Sep 1998 25,600 ...H. --- "C:\Documents and Settings\Rogers.ROGERSDELL\My Documents\Dawn's Documents\~WRL3692.tmp" Sun 11 Feb 2007 1,863,680 ...H. --- "C:\Documents and Settings\Rogers.ROGERSDELL\My Documents\Dawn's Documents\~WRL3743.tmp" Mon 22 Nov 1999 19,456 ...H. --- "C:\Documents and Settings\Rogers.ROGERSDELL\My Documents\Dawn's Documents\~WRL3827.tmp" Sun 16 Nov 2003 21,504 ...H. --- "C:\Documents and Settings\Rogers.ROGERSDELL\My Documents\Dawn's Documents\~WRL4022.tmp" Mon 26 Jul 1999 22,016 ...H. --- "C:\Documents and Settings\Rogers.ROGERSDELL\My Documents\Dawn's Documents\~WRL4030.tmp" Mon 26 Jul 1999 22,016 ...H. --- "C:\Documents and Settings\Rogers.ROGERSDELL\My Documents\Dawn's Documents\~WRL4041.tmp" Sat 4 Sep 2004 143,360 ...H. --- "C:\Documents and Settings\Rogers.ROGERSDELL\My Documents\Dawn's Documents\WINE LABELS\~WRL0380.tmp" Sat 4 Sep 2004 143,872 ...H. --- "C:\Documents and Settings\Rogers.ROGERSDELL\My Documents\Dawn's Documents\WINE LABELS\~WRL1440.tmp" Sat 4 Sep 2004 143,872 ...H. --- "C:\Documents and Settings\Rogers.ROGERSDELL\My Documents\Dawn's Documents\WINE LABELS\~WRL2681.tmp" Sun 25 Oct 1998 24,064 ...H. --- "C:\Documents and Settings\Rogers.ROGERSDELL\My Documents\Jim's Documents\Conf Methods\~WRL0121.tmp" Thu 29 Oct 1998 23,552 ...H. --- "C:\Documents and Settings\Rogers.ROGERSDELL\My Documents\Jim's Documents\Conf Methods\~WRL1940.tmp" Thu 29 Oct 1998 25,088 ...H. --- "C:\Documents and Settings\Rogers.ROGERSDELL\My Documents\Jim's Documents\Conf Methods\~WRL2268.tmp" Thu 29 Oct 1998 25,088 ...H. --- "C:\Documents and Settings\Rogers.ROGERSDELL\My Documents\Jim's Documents\Conf Methods\~WRL3230.tmp" Thu 29 Oct 1998 24,576 ...H. --- "C:\Documents and Settings\Rogers.ROGERSDELL\My Documents\Jim's Documents\Conf Methods\~WRL3311.tmp" Thu 21 Aug 2003 38,912 ...H. --- "C:\Documents and Settings\Rogers.ROGERSDELL\My Documents\RENTAL PROPERTY\RENTAL FORMS\lease forms\~WRL1273.tmp" Thu 21 Aug 2003 37,376 ...H. --- "C:\Documents and Settings\Rogers.ROGERSDELL\My Documents\RENTAL PROPERTY\RENTAL FORMS\lease forms\~WRL1393.tmp" Thu 21 Aug 2003 41,472 ...H. --- "C:\Documents and Settings\Rogers.ROGERSDELL\My Documents\RENTAL PROPERTY\RENTAL FORMS\lease forms\~WRL1403.tmp" Thu 21 Aug 2003 41,472 ...H. --- "C:\Documents and Settings\Rogers.ROGERSDELL\My Documents\RENTAL PROPERTY\RENTAL FORMS\lease forms\~WRL1518.tmp" Fri 22 Aug 2003 44,032 ...H. --- "C:\Documents and Settings\Rogers.ROGERSDELL\My Documents\RENTAL PROPERTY\RENTAL FORMS\lease forms\~WRL1561.tmp" Thu 21 Aug 2003 41,472 ...H. --- "C:\Documents and Settings\Rogers.ROGERSDELL\My Documents\RENTAL PROPERTY\RENTAL FORMS\lease forms\~WRL1822.tmp" Thu 21 Aug 2003 35,840 ...H. --- "C:\Documents and Settings\Rogers.ROGERSDELL\My Documents\RENTAL PROPERTY\RENTAL FORMS\lease forms\~WRL2620.tmp" Fri 22 Aug 2003 43,008 ...H. --- "C:\Documents and Settings\Rogers.ROGERSDELL\My Documents\RENTAL PROPERTY\RENTAL FORMS\lease forms\~WRL2810.tmp" Thu 21 Aug 2003 40,960 ...H. --- "C:\Documents and Settings\Rogers.ROGERSDELL\My Documents\RENTAL PROPERTY\RENTAL FORMS\lease forms\~WRL2843.tmp" Fri 22 Aug 2003 43,520 ...H. --- "C:\Documents and Settings\Rogers.ROGERSDELL\My Documents\RENTAL PROPERTY\RENTAL FORMS\lease forms\~WRL2980.tmp" Thu 21 Aug 2003 38,912 ...H. --- "C:\Documents and Settings\Rogers.ROGERSDELL\My Documents\RENTAL PROPERTY\RENTAL FORMS\lease forms\~WRL3006.tmp" Fri 22 Aug 2003 45,568 ...H. --- "C:\Documents and Settings\Rogers.ROGERSDELL\My Documents\RENTAL PROPERTY\RENTAL FORMS\lease forms\~WRL3329.tmp" Finished! Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 8:54:37 PM, on 8/20/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\CTsvcCDA.exe C:\WINDOWS\System32\inetsrv\inetinfo.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\BroadJump\Client Foundation\CFD.exe C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe C:\Program Files\Yahoo!\Yahoo! Music Engine\ymetray.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1 O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe O4 - HKLM\..\Run: [IPInSightLAN 01] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe"-l O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [ymetray] "C:\Program Files\Yahoo!\Yahoo! Music Engine\YahooMusicEngine.exe" -preload O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe" O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1 O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://files.member.yahoo.com/dl/installs/sbc/yinst.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1133332220057 O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- End of file - 6144 bytes SUPERAntiSpyware Scan Log http://www.superantispyware.com Generated 08/20/2008 at 10:47 PM Application Version : 4.15.1000 Core Rules Database Version : 3542 Trace Rules Database Version: 1531 Scan type : Complete Scan Total Scan Time : 01:37:40 Memory items scanned : 410 Memory threats detected : 0 Registry items scanned : 4657 Registry threats detected : 6 File items scanned : 37069 File threats detected : 152 Adware.Tracking Cookie C:\Documents and Settings\Rogers.ROGERSDELL\Cookies\rogers@ads.addynamix[1].txt C:\Documents and Settings\Rogers.ROGERSDELL\Cookies\rogers@dist.belnk[2].txt C:\Documents and Settings\Rogers.ROGERSDELL\Cookies\rogers@iacas.adbureau[1].txt C:\Documents and Settings\Rogers.ROGERSDELL\Cookies\rogers@richmedia.yahoo[1].txt C:\Documents and Settings\Rogers.ROGERSDELL\Cookies\rogers@insightexpresserdd[1].txt C:\Documents and Settings\Rogers.ROGERSDELL\Cookies\rogers@adbrite[2].txt C:\Documents and Settings\Rogers.ROGERSDELL\Cookies\rogers@ads.realtechnetwork[1].txt C:\Documents and Settings\Rogers.ROGERSDELL\Cookies\rogers@adlegend[2].txt C:\Documents and Settings\Rogers.ROGERSDELL\Cookies\rogers@adserver2.teracent[1].txt C:\Documents and Settings\Rogers.ROGERSDELL\Cookies\rogers@media.ntsserve[2].txt C:\Documents and Settings\Rogers.ROGERSDELL\Cookies\rogers@medianewsgroup[2].txt C:\Documents and Settings\Rogers.ROGERSDELL\Cookies\rogers@57386690[1].txt C:\Documents and Settings\Rogers.ROGERSDELL\Cookies\rogers@ads3.blastro[2].txt C:\Documents and Settings\Rogers.ROGERSDELL\Cookies\rogers@findwhat[1].txt C:\Documents and Settings\Rogers.ROGERSDELL\Cookies\rogers@atdmt[2].txt C:\Documents and Settings\Rogers.ROGERSDELL\Cookies\rogers@gadget[2].txt C:\Documents and Settings\Rogers.ROGERSDELL\Cookies\rogers@myaccount.buckeye-express[2].txt C:\Documents and Settings\Rogers.ROGERSDELL\Cookies\rogers@ads.as4x.tmcs[2].txt C:\Documents and Settings\Rogers.ROGERSDELL\Cookies\rogers@ads.nebuadserving[1].txt C:\Documents and Settings\Rogers.ROGERSDELL\Cookies\rogers@axxessads.valuead[1].txt C:\Documents and Settings\Rogers.ROGERSDELL\Cookies\rogers@a.websponsors[1].txt C:\Documents and Settings\Rogers.ROGERSDELL\Cookies\rogers@atwola[1].txt C:\Documents and Settings\Rogers.ROGERSDELL\Cookies\rogers@couponmountain[1].txt C:\Documents and Settings\Rogers.ROGERSDELL\Cookies\rogers@cracked[1].txt C:\Documents and Settings\Rogers.ROGERSDELL\Cookies\rogers@38678905[2].txt C:\Documents and Settings\Rogers.ROGERSDELL\Cookies\rogers@ads.us.e-planning[1].txt C:\Documents and Settings\Rogers.ROGERSDELL\Cookies\rogers@counter.surfcounters[1].txt C:\Documents and Settings\Rogers.ROGERSDELL\Cookies\rogers@adopt.specificclick[2].txt C:\Documents and Settings\Rogers.ROGERSDELL\Cookies\rogers@ads.bridgetrack[2].txt C:\Documents and Settings\Rogers.ROGERSDELL\Cookies\rogers@exitexchange[2].txt C:\Documents and Settings\Rogers.ROGERSDELL\Cookies\rogers@ads4.blastro[2].txt C:\Documents and Settings\Rogers.ROGERSDELL\Cookies\rogers@doubleclick.hertz[1].txt C:\Documents and Settings\Rogers.ROGERSDELL\Cookies\rogers@azjmp[1].txt C:\Documents and Settings\Rogers.ROGERSDELL\Cookies\rogers@ads.netrition[1].txt C:\Documents and Settings\Rogers.ROGERSDELL\Cookies\rogers@eas.apm.emediate[1].txt C:\Documents and Settings\Rogers.ROGERSDELL\Cookies\rogers@adv.webmd[1].txt C:\Documents and Settings\Rogers.ROGERSDELL\Cookies\rogers@antispywaredeluxe[1].txt C:\Documents and Settings\Rogers.ROGERSDELL\Cookies\rogers@creview.adbureau[2].txt C:\Documents and Settings\Rogers.ROGERSDELL\Cookies\rogers@enhance[2].txt C:\Documents and Settings\Rogers.ROGERSDELL\Cookies\rogers@anat.tacoda[1].txt C:\Documents and Settings\Rogers.ROGERSDELL\Cookies\rogers@bs.serving-sys[2].txt C:\Documents and Settings\Rogers.ROGERSDELL\Cookies\rogers@1072714740[1].txt C:\Documents and Settings\Rogers.ROGERSDELL\Cookies\rogers@1068092597[1].txt C:\Documents and Settings\Rogers.ROGERSDELL\Cookies\rogers@ad1.clickhype[2].txt C:\Documents and Settings\Rogers.ROGERSDELL\Cookies\rogers@media6degrees[1].txt C:\Documents and Settings\Rogers.ROGERSDELL\Cookies\rogers@anad.tacoda[2].txt C:\Documents and Settings\Rogers.ROGERSDELL\Cookies\rogers@partner2profit[2].txt C:\Documents and Settings\Rogers.ROGERSDELL\Cookies\rogers@1065831662[1].txt C:\Documents and Settings\Rogers.ROGERSDELL\Cookies\rogers@84706971[2].txt C:\Documents and Settings\Rogers.ROGERSDELL\Cookies\rogers@belnk[2].txt C:\Documents and Settings\Rogers.ROGERSDELL\Cookies\rogers@findownersearch[2].txt C:\Documents and Settings\Rogers.ROGERSDELL\Cookies\rogers@adfi.adbureau[2].txt C:\Documents and Settings\Rogers.ROGERSDELL\Cookies\rogers@rotator.adjuggler[2].txt C:\Documents and Settings\Rogers.ROGERSDELL\Cookies\rogers@1069111054[1].txt C:\Documents and Settings\Rogers.ROGERSDELL\Cookies\rogers@adecn[2].txt C:\Documents and Settings\Rogers.ROGERSDELL\Cookies\rogers@findlaw[2].txt C:\Documents and Settings\Rogers.ROGERSDELL\Cookies\rogers@1071868927[2].txt C:\Documents and Settings\Rogers.ROGERSDELL\Cookies\rogers@hornytoad[2].txt C:\Documents and Settings\Rogers.ROGERSDELL\Cookies\rogers@interclick[1].txt C:\Documents and Settings\Rogers.ROGERSDELL\Cookies\rogers@indexstats[2].txt C:\Documents and Settings\Rogers.ROGERSDELL\Cookies\rogers@bridge.admarketplace[1].txt C:\Documents and Settings\Rogers.ROGERSDELL\Cookies\rogers@1072722440[1].txt C:\Documents and Settings\Rogers.ROGERSDELL\Cookies\rogers@ads.pgatour[2].txt C:\Documents and Settings\Rogers.ROGERSDELL\Cookies\rogers@cgm.adbureau[1].txt C:\Documents and Settings\Rogers.ROGERSDELL\Cookies\rogers@adopt.euroclick[2].txt C:\Documents and Settings\Rogers.ROGERSDELL\Cookies\rogers@ads.cnn[1].txt C:\Documents and Settings\Rogers.ROGERSDELL\Cookies\rogers@ads.trashypretty[2].txt C:\Documents and Settings\Rogers.ROGERSDELL\Cookies\rogers@cgi-bin[2].txt C:\Documents and Settings\Rogers.ROGERSDELL\Cookies\rogers@itxt.vibrantmedia[1].txt C:\Documents and Settings\Rogers.ROGERSDELL\Cookies\rogers@adinterax[1].txt C:\Documents and Settings\Rogers.ROGERSDELL\Cookies\rogers@ad[2].txt C:\Documents and Settings\Rogers.ROGERSDELL\Cookies\rogers@carbohydrate-counter[2].txt C:\Documents and Settings\Rogers.ROGERSDELL\Cookies\rogers@ig[1].txt C:\Documents and Settings\Rogers.ROGERSDELL\Cookies\rogers@19000694[1].txt C:\Documents and Settings\Rogers.ROGERSDELL\Cookies\rogers@adserver.adtechus[1].txt C:\Documents and Settings\Rogers.ROGERSDELL\Cookies\rogers@adknowledge[2].txt C:\Documents and Settings\Rogers.ROGERSDELL\Cookies\rogers@collective-media[2].txt C:\Documents and Settings\Rogers.ROGERSDELL\Cookies\rogers@2o7[1].txt C:\Documents and Settings\Rogers.ROGERSDELL\Cookies\rogers@adserver.easyad[1].txt C:\Documents and Settings\Rogers.ROGERSDELL\Cookies\rogers@findarticles[2].txt C:\Documents and Settings\Rogers.ROGERSDELL\Cookies\rogers@www.findlaw[1].txt C:\Documents and Settings\Rogers.ROGERSDELL\Cookies\rogers@www.ipstats[1].txt C:\Documents and Settings\Rogers.ROGERSDELL\Cookies\rogers@msnportal.112.2o7[1].txt C:\Documents and Settings\Rogers.ROGERSDELL\Cookies\rogers@nextag[1].txt C:\Documents and Settings\Rogers.ROGERSDELL\Cookies\rogers@kontera[1].txt C:\Documents and Settings\Rogers.ROGERSDELL\Cookies\rogers@nextstat[2].txt C:\Documents and Settings\Rogers.ROGERSDELL\Cookies\rogers@pagead[1].txt C:\Documents and Settings\Rogers.ROGERSDELL\Cookies\rogers@mediaonenetwork[1].txt C:\Documents and Settings\Rogers.ROGERSDELL\Cookies\rogers@sixapart.adbureau[1].txt C:\Documents and Settings\Rogers.ROGERSDELL\Cookies\rogers@creativeby.viewpoint[1].txt C:\Documents and Settings\Rogers.ROGERSDELL\Cookies\rogers@qnsr[1].txt C:\Documents and Settings\Rogers.ROGERSDELL\Cookies\rogers@www.tqlkg[1].txt C:\Documents and Settings\Rogers.ROGERSDELL\Cookies\rogers@realmedia[1].txt C:\Documents and Settings\Rogers.ROGERSDELL\Cookies\rogers@kanoodle[1].txt C:\Documents and Settings\Rogers.ROGERSDELL\Cookies\rogers@tacoda[2].txt C:\Documents and Settings\Rogers.ROGERSDELL\Cookies\rogers@tracking.foundry42[1].txt C:\Documents and Settings\Rogers.ROGERSDELL\Cookies\rogers@servlet[1].txt C:\Documents and Settings\Rogers.ROGERSDELL\Cookies\rogers@perf.overture[1].txt C:\Documents and Settings\Rogers.ROGERSDELL\Cookies\rogers@offers.intermediainteractive[1].txt C:\Documents and Settings\Rogers.ROGERSDELL\Cookies\rogers@rotator.its.adjuggler[2].txt C:\Documents and Settings\Rogers.ROGERSDELL\Cookies\rogers@ohioamishcountry[2].txt C:\Documents and Settings\Rogers.ROGERSDELL\Cookies\rogers@www.mediate[1].txt C:\Documents and Settings\Rogers.ROGERSDELL\Cookies\rogers@scanner[2].txt C:\Documents and Settings\Rogers.ROGERSDELL\Cookies\rogers@partner.finditquick[1].txt C:\Documents and Settings\Rogers.ROGERSDELL\Cookies\rogers@pathfinder[1].txt C:\Documents and Settings\Rogers.ROGERSDELL\Cookies\rogers@server.iad.liveperson[2].txt C:\Documents and Settings\Rogers.ROGERSDELL\Cookies\rogers@specificclick[1].txt C:\Documents and Settings\Rogers.ROGERSDELL\Cookies\rogers@overture[2].txt C:\Documents and Settings\Rogers.ROGERSDELL\Cookies\rogers@www.clickmanage[2].txt C:\Documents and Settings\Rogers.ROGERSDELL\Cookies\rogers@sales.liveperson[1].txt C:\Documents and Settings\Rogers.ROGERSDELL\Cookies\rogers@questionmarket[2].txt C:\Documents and Settings\Rogers.ROGERSDELL\Cookies\rogers@track.trackads[1].txt C:\Documents and Settings\Rogers.ROGERSDELL\Cookies\rogers@icc.intellisrv[2].txt C:\Documents and Settings\Rogers.ROGERSDELL\Cookies\rogers@sitestat.mayoclinic[1].txt C:\Documents and Settings\Rogers.ROGERSDELL\Cookies\rogers@toseeka[1].txt C:\Documents and Settings\Rogers.ROGERSDELL\Cookies\rogers@serving-sys[1].txt C:\Documents and Settings\Rogers.ROGERSDELL\Cookies\rogers@lsmtracker[1].txt C:\Documents and Settings\Rogers.ROGERSDELL\Cookies\rogers@pt.crossmediaservices[2].txt C:\Documents and Settings\Rogers.ROGERSDELL\Cookies\rogers@indextools[1].txt C:\Documents and Settings\Rogers.ROGERSDELL\Cookies\rogers@m1.webstats4u[1].txt C:\Documents and Settings\Rogers.ROGERSDELL\Cookies\rogers@dcsn3k5o910000086aqymxzgy_6w7r[2].txt C:\Documents and Settings\Rogers.ROGERSDELL\Cookies\rogers@ecnext.advertserve[1].txt C:\Documents and Settings\Rogers.ROGERSDELL\Cookies\rogers@roiservice[1].txt C:\Documents and Settings\Rogers.ROGERSDELL\Cookies\rogers@www.cracked[1].txt C:\Documents and Settings\Rogers.ROGERSDELL\Cookies\rogers@www.zango[1].txt C:\Documents and Settings\Rogers.ROGERSDELL\Cookies\rogers@tribalfusion[2].txt C:\Documents and Settings\Rogers.ROGERSDELL\Cookies\rogers@www.awltovhc[1].txt C:\Documents and Settings\Rogers.ROGERSDELL\Cookies\rogers@yieldmanager[1].txt C:\Documents and Settings\Rogers.ROGERSDELL\Cookies\rogers@ads.pointroll[1].txt C:\Documents and Settings\Rogers.ROGERSDELL\Cookies\rogers@zillow.adbureau[2].txt C:\Documents and Settings\Rogers.ROGERSDELL\Cookies\rogers@yadro[1].txt C:\Documents and Settings\Rogers.ROGERSDELL\Cookies\rogers@webstat[2].txt C:\Documents and Settings\Rogers.ROGERSDELL\Cookies\rogers@yx0banners[1].txt C:\Documents and Settings\Rogers.ROGERSDELL\Cookies\rogers@tremor.adbureau[2].txt C:\Documents and Settings\Rogers.ROGERSDELL\Cookies\rogers@www.burstbeacon[1].txt C:\Documents and Settings\Rogers.ROGERSDELL\Cookies\rogers@ad.yieldmanager[1].txt C:\Documents and Settings\Rogers.ROGERSDELL\Cookies\rogers@www.findarticles[2].txt .247realmedia.com [ C:\Documents and Settings\Rogers.ROGERSDELL\Application Data\Mozilla\Firefox\Profiles\hyx6t4tq.default\cookies.txt ] .adopt.euroclick.com [ C:\Documents and Settings\Rogers.ROGERSDELL\Application Data\Mozilla\Firefox\Profiles\hyx6t4tq.default\cookies.txt ] .tribalfusion.com [ C:\Documents and Settings\Rogers.ROGERSDELL\Application Data\Mozilla\Firefox\Profiles\hyx6t4tq.default\cookies.txt ] ads.revsci.net [ C:\Documents and Settings\Rogers.ROGERSDELL\Application Data\Mozilla\Firefox\Profiles\hyx6t4tq.default\cookies.txt ] .adopt.specificclick.net [ C:\Documents and Settings\Rogers.ROGERSDELL\Application Data\Mozilla\Firefox\Profiles\hyx6t4tq.default\cookies.txt ] .adopt.euroclick.com [ C:\Documents and Settings\Rogers.ROGERSDELL\Application Data\Mozilla\Firefox\Profiles\hyx6t4tq.default\cookies.txt ] .tribalfusion.com [ C:\Documents and Settings\Rogers.ROGERSDELL\Application Data\Mozilla\Firefox\Profiles\hyx6t4tq.default\cookies.txt ] .adopt.euroclick.com [ C:\Documents and Settings\Rogers.ROGERSDELL\Application Data\Mozilla\Firefox\Profiles\hyx6t4tq.default\cookies.txt ] .realmedia.com [ C:\Documents and Settings\Rogers.ROGERSDELL\Application Data\Mozilla\Firefox\Profiles\hyx6t4tq.default\cookies.txt ] .realmedia.com [ C:\Documents and Settings\Rogers.ROGERSDELL\Application Data\Mozilla\Firefox\Profiles\hyx6t4tq.default\cookies.txt ] .realmedia.com [ C:\Documents and Settings\Rogers.ROGERSDELL\Application Data\Mozilla\Firefox\Profiles\hyx6t4tq.default\cookies.txt ] .adopt.specificclick.net [ C:\Documents and Settings\Rogers.ROGERSDELL\Application Data\Mozilla\Firefox\Profiles\hyx6t4tq.default\cookies.txt ] .realmedia.com [ C:\Documents and Settings\Rogers.ROGERSDELL\Application Data\Mozilla\Firefox\Profiles\hyx6t4tq.default\cookies.txt ] .specificclick.net [ C:\Documents and Settings\Rogers.ROGERSDELL\Application Data\Mozilla\Firefox\Profiles\hyx6t4tq.default\cookies.txt ] .specificclick.net [ C:\Documents and Settings\Rogers.ROGERSDELL\Application Data\Mozilla\Firefox\Profiles\hyx6t4tq.default\cookies.txt ] .specificclick.net [ C:\Documents and Settings\Rogers.ROGERSDELL\Application Data\Mozilla\Firefox\Profiles\hyx6t4tq.default\cookies.txt ] .specificclick.net [ C:\Documents and Settings\Rogers.ROGERSDELL\Application Data\Mozilla\Firefox\Profiles\hyx6t4tq.default\cookies.txt ] .revsci.net [ C:\Documents and Settings\Rogers.ROGERSDELL\Application Data\Mozilla\Firefox\Profiles\hyx6t4tq.default\cookies.txt ] .revsci.net [ C:\Documents and Settings\Rogers.ROGERSDELL\Application Data\Mozilla\Firefox\Profiles\hyx6t4tq.default\cookies.txt ] .revsci.net