Help with redirect problems

m_c_5_7 · 03-11-2009, 01:16 PM

Hello,

My problems are:

1) Clicking on search results in Yahoo in IE will display google-redirect.com in status bar and bring me to a totally non-related search engine site. Same result with Firefox. I note when hovering mouse over links in Yahoo results page, all the urls start with google-redirect.com

2) Some news sites, which I've used many times, now display "The page cannot be displayed" in IE. In Firefox, I get the page but it's totally munged -- the status bar first displays connecting to seocash.us

This started on Friday, 3/6/07. I've tried other virus/malware/trojan cleaners which detected some items but were not able to complete the task.

Below is copy of dds.txt, attached is zip file of attach.txt and ark.txt.

Thank you in advance.

DDS (Ver_09-02-01.01) - NTFSx86
Run by Dad at 10:16:47.14 on Wed 03/11/2009
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2046.1458 [GMT -4:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated)
FW: McAfee Personal Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
SVCHOST.EXE
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
SVCHOST.EXE
SVCHOST.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\Program Files\McAfee\MBK\MBackMonitor.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe
C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Informix\SBClient\sbopen\BIN\sbclient.exe
C:\Documents and Settings\Dad\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
mDefault_Page_URL = hxxp://www.yahoo.com
mStart Page = hxxp://www.yahoo.com
uInternet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
uSearchURL,(Default) = hxxp://red.clientapps.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn2\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn2\yt.dll
BHO: NoExplorer - No File
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\acrobat\activex\AcroIEHelper.dll
BHO: {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - No File
BHO: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: AcroIEToolbarHelper Class: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn2\YTSingleInstance.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn2\yt.dll
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [autochk] rundll32.exe c:\docume~1\networ~1\protect.dll,_IWMPEvents@16
mRun: [IAAnotif] c:\program files\intel\intel application accelerator\iaanotif.exe
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [IntelMeM] c:\program files\intel\modem event monitor\IntelMEM.exe
mRun: [CTSysVol] c:\program files\creative\sound blaster live! 24-bit\surround mixer\CTSysVol.exe /r
mRun: [P17Helper] Rundll32 P17.dll,P17Helper
mRun: [UpdReg] c:\windows\UpdReg.EXE
mRun: [UpdateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /r
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [DXM6Patch_981116] c:\windows\p_981116.exe /Q:A
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [OpwareSE4] "c:\program files\scansoft\omnipagese4\OpwareSE4.exe"
mRun: [McAfee Backup] c:\program files\mcafee\mbk\McAfeeDataBackup.exe
mRun: [MBkLogOnHook] c:\program files\mcafee\mbk\LogOnHook.exe
mRun: [mcagent_exe] c:\program files\mcafee.com\agent\mcagent.exe /runkey
mRun: [Zune Launcher] "c:\program files\zune\ZuneLauncher.exe"
mRun: [Framework Windows] frmwrk32.exe
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
mRun: [autochk] rundll32.exe c:\windows\system32\autochk.dll,_IWMPEvents@16
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\documents and settings\dad\start menu\programs\startup\ChkDisk.dll
StartupFolder: c:\docume~1\dad\startm~1\programs\startup\chkdisk.lnk - c:\windows\system32\rundll32.exe
StartupFolder: c:\docume~1\dad\startm~1\programs\startup\lunabar.lnk - c:\program files\lunar almanack\Lunabar.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\acroba~1.lnk - c:\program files\adobe\acrobat 6.0\distillr\acrotray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
uPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
uPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office10\EXCEL.EXE/3000
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1105886720812
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {924C1588-90C3-4910-B6CA-D57A1C0418FE} - hxxp://download.yahoo.com/dl/bookmarks/ybconvfav030408.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - hxxp://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} - hxxp://www.live365.com/players/play365.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} - hxxp://fdl.msn.com/zone/datafiles/heartbeat.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: {E8DEC8EA-8D80-4ec6-AF6B-190A765F1D2F} - No File
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\window~4\MpShHook.dll
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\dad\applic~1\mozilla\firefox\profiles\7kh5abo9.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - about:blank
FF - component: c:\program files\mozilla firefox\components\qfaservices.dll

---- FIREFOX POLICIES ----
FF - user.js: dom.disable_open_during_load - false // Popupblocker control handled by McAfee Privacy Service
c:\program files\mozilla firefox\greprefs\all.js - pref("backups.number_of_prefs_copies", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.link.open_newwindow.ui", 3); // prefs UI version
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.default.Window.closed", "allAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.default.Window.document", "allAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.default.Window.frames", "allAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.default.Window.history", "allAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.default.Window.length", "allAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.default.Window.opener", "allAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.default.Window.parent", "allAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.default.Window.self", "allAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.default.Window.top", "allAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.default.Window.window", "allAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.DOMParser,parseFromString", "noAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.DOMParser,parseFromStream", "noAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.disable_window_open_feature.status", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("advanced.always_load_images", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.protocol-handler.external.help", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.http.connect.timeout", 30); // in seconds
c:\program files\mozilla firefox\greprefs\all.js - pref("network.http.request.timeout", 120); // in seconds
c:\program files\mozilla firefox\greprefs\all.js - pref("network.http.accept.default", "application/x-shockwave-flash,text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5");
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN_show_punycode", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.image.imageBehavior", 0); // 0-Accept, 1-dontAcceptForeign, 2-dontUse
c:\program files\mozilla firefox\greprefs\all.js - pref("network.cookie.cookieBehavior", 3); // 0-Accept, 1-dontAcceptForeign, 2-dontUse, 3-p3p
c:\program files\mozilla firefox\greprefs\all.js - pref("network.cookie.p3plevel", 1); // 0=low, 1=medium, 2=high, 3=custom
c:\program files\mozilla firefox\greprefs\all.js - pref("network.enablePad", false); // Allow client to do proxy autodiscovery
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDFE0BD779-44EE-4A4B-AA2E-743C63F2E5E6", "AllAccess");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDFE0BD779-44EE-4A4B-AA2E-743C63F2E5E6", "AllAccess");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDFE0BD779-44EE-4A4B-AA2E-743C63F2E5E6", "AllAccess");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("app.id", "{ec8030f7-c20a-464f-9b0e-13a3a9e97384}");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("app.version",
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("app.extensions.version", "1.0");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("app.build_id",
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("app.update.autoUpdateEnabled", true); // Whether or not background app updates
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("app.update.url", "chrome://mozapps/locale/update/update.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("app.update.updatesAvailable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("app.update.lastUpdateDate", 0); // UTC offset when last App update was
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("app.update.performed", false); // Whether or not an update has been
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.update.autoUpdateEnabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.update.autoUpdate", false); // Automatically download and install
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.update.interval", 604800000); // Check for updates to Extensions and
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.update.lastUpdateDate", 0); // UTC offset when last Extension/Theme
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.update.severity.threshold", 5);// The number of pending Extension/Theme
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.update.count", 0); // The number of extension/theme/etc
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("update.interval", 3600000); // Check each of the above intervals
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("update.showSlidingNotification", true); // Windows-only slide-up taskbar
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("update.severity", 0);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("general.useragent.vendor", "Firefox");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("general.useragent.vendorSub",
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.update.resetHomepage", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.startup.homepage_override.1", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.turbo.enabled", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.default", "chrome://browser/content/searchconfig.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.custom", "chrome://browser/content/searchconfig.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("update_notifications.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("update_notifications.provider.0.frequency", 7); // number of days
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.xul.error_pages.enabled", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("pfs.datasource.url", "chrome://mozapps/locale/plugins/plugins.properties");

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-3-9 64160]
R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2008-1-14 201320]
R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2008-1-14 359248]
R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2008-1-14 144704]
R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
R2 YahooAUService;Yahoo! Updater;c:\program files\yahoo!\softwareupdate\YahooAUService.exe [2008-11-9 602392]
R3 Eacfilt;Eacfilt Miniport;c:\windows\system32\drivers\eacfilt.sys [2006-11-16 9817]
R3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2008-1-14 695624]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2008-1-14 79304]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2008-1-14 35240]
R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2008-1-14 40488]
S1 vcdrom;Virtual CD-ROM Device Driver;\??\c:\documents and settings\all users\documents\vcd\vcdrom.sys --> c:\documents and settings\all users\documents\vcd\VCdRom.sys [?]
S2 IPSECEXT;Nortel Extranet Access Protocol;c:\windows\system32\drivers\ipsecw2k.sys [2006-11-16 137392]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-1-18 951120]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\86.tmp --> c:\windows\system32\86.tmp [?]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2008-1-14 33832]
S3 NPF;Netgroup Packet Filter;c:\windows\system32\drivers\npf.sys [2002-3-20 14448]

=============== Created Last 30 ================

2009-03-09 17:20 <DIR> --d----- c:\program files\Sophos
2009-03-09 16:59 <DIR> --d----- c:\program files\CCleaner
2009-03-09 12:55 15,688 a------- c:\windows\system32\lsdelete.exe
2009-03-09 12:44 64,160 a------- c:\windows\system32\drivers\Lbd.sys
2009-03-09 12:04 <DIR> -cd-h--- c:\docume~1\alluse~1\applic~1\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-03-09 12:04 <DIR> --d----- c:\program files\Lavasoft
2009-03-07 10:49 16,220 a------- c:\windows\system32\Config.MPF
2009-03-06 23:40 22,016 a--sh--- c:\windows\system32\autochk.dll
2009-03-06 23:40 22,016 a--sh--- c:\documents and settings\dad\protect.dll
2009-02-24 10:40 54,156 a---h--- c:\windows\QTFont.qfn
2009-02-24 10:40 1,409 a------- c:\windows\QTFont.for

==================== Find3M ====================

2009-01-23 23:11 0 a---h--- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2008-12-12 13:41 243,840 a------- c:\windows\system32\ZuneWlanCfgSvc.exe
2008-12-12 13:41 60,032 a------- c:\windows\system32\ZuneBusEnum.exe
2008-12-12 13:33 3,060,224 -------- c:\windows\system32\dllcache\mshtml.dll
2008-11-09 15:18 44,768 ac------ c:\docume~1\dad\applic~1\GDIPFONTCACHEV1.DAT
2007-09-04 16:45 16,384 a------- c:\program files\Randmusic.exe
2005-11-23 19:56 417,828 -c-sh--- c:\windows\java\pisod.bak2

============= FINISH: 10:17:20.21 ===============

tetonbob · 03-12-2009, 09:58 AM

Hello and Welcome. Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

---------------------------------------------------------------------------------------------

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Stay with me until given the 'all clear' even if symptoms diminish. Lack of symptoms does not always mean the job is complete.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by me or another helper at this forum.

---------------------------------------------------------------------------------------------

Please visit this webpage for download links, and instructions for running combofix:

http://www.bleepingcomputer.com/comb...o-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

McAfee:

Double-click the taskbar icon to open the Security Center
Click Advanced Menu (lower left)
Click Configure (left)
Click Computer & Files (upper left)
VirusScan can be disabled on the right.

Please include the C:\ComboFix.txt in your next reply for further review.

m_c_5_7 · 03-12-2009, 02:21 PM

Thank you, below please see results from ComboFix.txt:

ComboFix 09-03-10.03 - Dad 2009-03-12 16:58:27.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2046.1563 [GMT -4:00]
Running from: c:\documents and settings\Dad\Desktop\ComboFix.exe
AV: McAfee VirusScan *On-access scanning disabled* (Updated)
FW: McAfee Personal Firewall *enabled*
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\Dad\LOCALS~1\Temp\n.dll
c:\documents and settings\Dad\Application Data\SpamBlocker
c:\documents and settings\Dad\Application Data\SpamBlockerUtility
c:\documents and settings\Dad\Application Data\SpamBlockerUtility\SpamBlockerUtility.log
c:\documents and settings\Dad\Application Data\SpamBlockerUtility\SpamBlockerUtility_1158239239.log
c:\documents and settings\Dad\Application Data\SpamBlockerUtility\SpamBlockerUtility_1158870950.log
c:\documents and settings\Dad\Application Data\SpamBlockerUtility\SpamBlockerUtility_1159758044.log
c:\documents and settings\Dad\Application Data\SpamBlockerUtility\SpamBlockerUtility_1159989512.log
c:\documents and settings\Dad\Application Data\SpamBlockerUtility\SpamBlockerUtility_1160673280.log
c:\documents and settings\Dad\Application Data\SpamBlockerUtility\SpamBlockerUtility_1161354119.log
c:\documents and settings\Dad\Application Data\SpamBlockerUtility\SpamBlockerUtility_1162162040.log
c:\documents and settings\Dad\Application Data\SpamBlockerUtility\SpamBlockerUtility_1163002501.log
c:\documents and settings\Dad\Application Data\SpamBlockerUtility\SpamBlockerUtility_1164082074.log
c:\documents and settings\Dad\Application Data\SpamBlockerUtility\SpamBlockerUtility_1164982682.log
c:\documents and settings\Dad\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\ads.cdf
c:\documents and settings\Dad\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\business_promo.htm
c:\documents and settings\Dad\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\buttondir.txt
c:\documents and settings\Dad\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\components.cdf
c:\documents and settings\Dad\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\d_icons_buttons_1000.res
c:\documents and settings\Dad\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\d_icons_buttons_2000.res
c:\documents and settings\Dad\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\d_icons_buttons_3000.res
c:\documents and settings\Dad\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\d_icons_buttons_bar.res
c:\documents and settings\Dad\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\d_icons_buttons_bbar1.res
c:\documents and settings\Dad\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\d_icons_buttons_logos.res
c:\documents and settings\Dad\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\d_icons_buttons_other.res
c:\documents and settings\Dad\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\d_icons_weather.res
c:\documents and settings\Dad\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\default.cdf
c:\documents and settings\Dad\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_bidz.mnu
c:\documents and settings\Dad\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_bidz1.mnu
c:\documents and settings\Dad\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_bidz10.mnu
c:\documents and settings\Dad\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_bidz11.mnu
c:\documents and settings\Dad\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_bidz12.mnu
c:\documents and settings\Dad\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_bidz13.mnu
c:\documents and settings\Dad\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_bidz14.mnu
c:\documents and settings\Dad\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_bidz15.mnu
c:\documents and settings\Dad\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_bidz16.mnu
c:\documents and settings\Dad\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_bidz17.mnu
c:\documents and settings\Dad\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_bidz18.mnu
c:\documents and settings\Dad\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_bidz19.mnu
c:\documents and settings\Dad\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_bidz2.mnu
c:\documents and settings\Dad\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_bidz20.mnu
c:\documents and settings\Dad\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_bidz3.mnu
c:\documents and settings\Dad\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_bidz4.mnu
c:\documents and settings\Dad\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_bidz5.mnu
c:\documents and settings\Dad\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_bidz6.mnu
c:\documents and settings\Dad\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_bidz7.mnu
c:\documents and settings\Dad\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_bidz8.mnu
c:\documents and settings\Dad\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_bidz9.mnu
c:\documents and settings\Dad\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_categorize.mnu
c:\documents and settings\Dad\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_comparison.mnu
c:\documents and settings\Dad\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_em_PROFL_CA_flow_b_IEB.mnu
c:\documents and settings\Dad\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_explorer-Mails.mnu
c:\documents and settings\Dad\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_explorer-people.mnu
c:\documents and settings\Dad\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_fastutilities.mnu
c:\documents and settings\Dad\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_favorites.mnu
c:\documents and settings\Dad\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_Games.mnu
c:\documents and settings\Dad\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_Hide.mnu
c:\documents and settings\Dad\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_hotbarcom.mnu
c:\documents and settings\Dad\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_Hotmail.mnu
c:\documents and settings\Dad\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_hsskin.mnu
c:\documents and settings\Dad\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_jemster.mnu
c:\documents and settings\Dad\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_jemsterie.mnu
c:\documents and settings\Dad\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_jemsteruk.mnu
c:\documents and settings\Dad\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_jobsearch.mnu
c:\documents and settings\Dad\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_Mails.mnu
c:\documents and settings\Dad\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_new.mnu
c:\documents and settings\Dad\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_premium.mnu
c:\documents and settings\Dad\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_reun.mnu
c:\documents and settings\Dad\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_ringtones.mnu
c:\documents and settings\Dad\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_SearchBoxTrapper.mnu
c:\documents and settings\Dad\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_searchfor.mnu
c:\documents and settings\Dad\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_searchgo.mnu
c:\documents and settings\Dad\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_weather.mnu
c:\documents and settings\Dad\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_yellowpages.mnu
c:\documents and settings\Dad\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\email-def-511724-9595.mnu
c:\documents and settings\Dad\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\email-t1-bg.res
c:\documents and settings\Dad\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\hotbar-premium-hotbar-premium.mnu
c:\documents and settings\Dad\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\hotbar-premium.cdf
c:\documents and settings\Dad\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\hotbar_promo.htm
c:\documents and settings\Dad\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\icons2.res
c:\documents and settings\Dad\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\layout.cdf
c:\documents and settings\Dad\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\linkpathlegal.txt
c:\documents and settings\Dad\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\progress.res
c:\documents and settings\Dad\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\s_icons_buttons.res
c:\documents and settings\Dad\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\sales_buttons.res
c:\documents and settings\Dad\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\t2_bg.res
c:\documents and settings\Dad\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\theweb.mnu
c:\documents and settings\Dad\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\top7.cdf
c:\documents and settings\Dad\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Top7_theweb.mnu
c:\documents and settings\Dad\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\tsd_bg.res
c:\documents and settings\Dad\Application Data\SpamBlockerUtility_Icons
c:\documents and settings\Dad\Application Data\SpamBlockerUtility_Icons\Registryrepair.ico
c:\documents and settings\Dad\Application Data\SpamBlockerUtility_Icons\Software_Online_8.ico
c:\documents and settings\Dad\Application Data\SpamBlockerUtility_Icons\wallpapere1.ico
c:\documents and settings\Dad\protect.dll
c:\documents and settings\Dad\Start Menu\Programs\Startup\ChkDisk.dll
c:\documents and settings\Dad\Start Menu\Programs\Startup\ChkDisk.lnk
c:\documents and settings\David\Application Data\SpamBlocker
c:\documents and settings\David\Application Data\SpamBlockerUtility
c:\documents and settings\David\Application Data\SpamBlockerUtility\SpamBlockerUtility.log
c:\documents and settings\David\Application Data\SpamBlockerUtility\SpamBlockerUtility_1157806450.log
c:\documents and settings\David\Application Data\SpamBlockerUtility\SpamBlockerUtility_1157913006.log
c:\documents and settings\David\Application Data\SpamBlockerUtility\SpamBlockerUtility_1158092658.log
c:\documents and settings\David\Application Data\SpamBlockerUtility\SpamBlockerUtility_1158261335.log
c:\documents and settings\David\Application Data\SpamBlockerUtility\SpamBlockerUtility_1158607533.log
c:\documents and settings\David\Application Data\SpamBlockerUtility\SpamBlockerUtility_1158693275.log
c:\documents and settings\David\Application Data\SpamBlockerUtility\SpamBlockerUtility_1159132566.log
c:\documents and settings\David\Application Data\SpamBlockerUtility\SpamBlockerUtility_1159212037.log
c:\documents and settings\David\Application Data\SpamBlockerUtility\SpamBlockerUtility_1159307013.log
c:\documents and settings\David\Application Data\SpamBlockerUtility\SpamBlockerUtility_1159560345.log
c:\documents and settings\David\Application Data\SpamBlockerUtility\SpamBlockerUtility_1159903144.log
c:\documents and settings\David\Application Data\SpamBlockerUtility\SpamBlockerUtility_1160011510.log
c:\documents and settings\David\Application Data\SpamBlockerUtility\SpamBlockerUtility_1160164264.log
c:\documents and settings\David\Application Data\SpamBlockerUtility\SpamBlockerUtility_1160313687.log
c:\documents and settings\David\Application Data\SpamBlockerUtility\SpamBlockerUtility_1160577289.log
c:\documents and settings\David\Application Data\SpamBlockerUtility\SpamBlockerUtility_1160938503.log
c:\documents and settings\David\Application Data\SpamBlockerUtility\SpamBlockerUtility_1161116661.log
c:\documents and settings\David\Application Data\SpamBlockerUtility\SpamBlockerUtility_1161285606.log
c:\documents and settings\David\Application Data\SpamBlockerUtility\SpamBlockerUtility_1161558349.log
c:\documents and settings\David\Application Data\SpamBlockerUtility\SpamBlockerUtility_1161717299.log
c:\documents and settings\David\Application Data\SpamBlockerUtility\SpamBlockerUtility_1162153196.log
c:\documents and settings\David\Application Data\SpamBlockerUtility\SpamBlockerUtility_1162414547.log
c:\documents and settings\David\Application Data\SpamBlockerUtility\SpamBlockerUtility_1162577744.log
c:\documents and settings\David\Application Data\SpamBlockerUtility\SpamBlockerUtility_1162760857.log
c:\documents and settings\David\Application Data\SpamBlockerUtility\SpamBlockerUtility_1163449126.log
c:\documents and settings\David\Application Data\SpamBlockerUtility\SpamBlockerUtility_1163625517.log
c:\documents and settings\David\Application Data\SpamBlockerUtility\SpamBlockerUtility_1163816495.log
c:\documents and settings\David\Application Data\SpamBlockerUtility\SpamBlockerUtility_1163960709.log
c:\documents and settings\David\Application Data\SpamBlockerUtility\SpamBlockerUtility_1164219335.log
c:\documents and settings\David\Application Data\SpamBlockerUtility\SpamBlockerUtility_1164315667.log
c:\documents and settings\David\Application Data\SpamBlockerUtility\SpamBlockerUtility_1164589664.log
c:\documents and settings\David\Application Data\SpamBlockerUtility\SpamBlockerUtility_1165007107.log
c:\documents and settings\David\Application Data\SpamBlockerUtility\SpamBlockerUtility_1165180336.log
c:\documents and settings\David\Application Data\SpamBlockerUtility\SpamBlockerUtility_1165436446.log
c:\documents and settings\David\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\ads.cdf
c:\documents and settings\David\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\business_promo.htm
c:\documents and settings\David\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\buttondir.txt
c:\documents and settings\David\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\components.cdf
c:\documents and settings\David\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\d_icons_buttons_1000.res
c:\documents and settings\David\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\d_icons_buttons_2000.res
c:\documents and settings\David\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\d_icons_buttons_3000.res
c:\documents and settings\David\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\d_icons_buttons_bar.res
c:\documents and settings\David\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\d_icons_buttons_bbar1.res
c:\documents and settings\David\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\d_icons_buttons_logos.res
c:\documents and settings\David\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\d_icons_buttons_other.res
c:\documents and settings\David\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\d_icons_weather.res
c:\documents and settings\David\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\default.cdf
c:\documents and settings\David\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_bidz.mnu
c:\documents and settings\David\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_bidz1.mnu
c:\documents and settings\David\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_bidz10.mnu
c:\documents and settings\David\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_bidz11.mnu
c:\documents and settings\David\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_bidz12.mnu
c:\documents and settings\David\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_bidz13.mnu
c:\documents and settings\David\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_bidz14.mnu
c:\documents and settings\David\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_bidz15.mnu
c:\documents and settings\David\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_bidz16.mnu
c:\documents and settings\David\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_bidz17.mnu
c:\documents and settings\David\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_bidz18.mnu
c:\documents and settings\David\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_bidz19.mnu
c:\documents and settings\David\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_bidz2.mnu
c:\documents and settings\David\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_bidz20.mnu
c:\documents and settings\David\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_bidz3.mnu
c:\documents and settings\David\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_bidz4.mnu
c:\documents and settings\David\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_bidz5.mnu
c:\documents and settings\David\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_bidz6.mnu
c:\documents and settings\David\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_bidz7.mnu
c:\documents and settings\David\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_bidz8.mnu
c:\documents and settings\David\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_bidz9.mnu
c:\documents and settings\David\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_categorize.mnu
c:\documents and settings\David\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_comparison.mnu
c:\documents and settings\David\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_em_PROFL_CA_flow_b_IEB.mnu
c:\documents and settings\David\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_explorer-Mails.mnu
c:\documents and settings\David\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_explorer-people.mnu
c:\documents and settings\David\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_fastutilities.mnu
c:\documents and settings\David\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_favorites.mnu
c:\documents and settings\David\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_Games.mnu
c:\documents and settings\David\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_Hide.mnu
c:\documents and settings\David\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_hotbarcom.mnu
c:\documents and settings\David\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_Hotmail.mnu
c:\documents and settings\David\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_hsskin.mnu
c:\documents and settings\David\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_jemster.mnu
c:\documents and settings\David\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_jemsterie.mnu
c:\documents and settings\David\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_jemsteruk.mnu
c:\documents and settings\David\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_jobsearch.mnu
c:\documents and settings\David\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_Mails.mnu
c:\documents and settings\David\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_new.mnu
c:\documents and settings\David\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_premium.mnu
c:\documents and settings\David\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_reun.mnu
c:\documents and settings\David\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_ringtones.mnu
c:\documents and settings\David\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_SearchBoxTrapper.mnu
c:\documents and settings\David\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_searchfor.mnu
c:\documents and settings\David\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_searchgo.mnu
c:\documents and settings\David\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_weather.mnu
c:\documents and settings\David\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_yellowpages.mnu
c:\documents and settings\David\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\email-def-511724-9595.mnu
c:\documents and settings\David\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\email-t1-bg.res
c:\documents and settings\David\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\hotbar-premium-hotbar-premium.mnu
c:\documents and settings\David\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\hotbar-premium.cdf
c:\documents and settings\David\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\hotbar_promo.htm
c:\documents and settings\David\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\icons2.res
c:\documents and settings\David\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\layout.cdf
c:\documents and settings\David\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\linkpathlegal.txt
c:\documents and settings\David\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\progress.res
c:\documents and settings\David\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\s_icons_buttons.res
c:\documents and settings\David\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\sales_buttons.res
c:\documents and settings\David\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\t2_bg.res
c:\documents and settings\David\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\theweb.mnu
c:\documents and settings\David\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\top7.cdf
c:\documents and settings\David\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Top7_theweb.mnu
c:\documents and settings\David\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\tsd_bg.res
c:\documents and settings\David\Application Data\SpamBlockerUtility_Icons
c:\documents and settings\David\Application Data\SpamBlockerUtility_Icons\Registryrepair.ico
c:\documents and settings\David\Application Data\SpamBlockerUtility_Icons\Software_Online_8.ico
c:\documents and settings\David\Application Data\SpamBlockerUtility_Icons\wallpapere1.ico
c:\documents and settings\David\protect.dll
c:\documents and settings\David\Start Menu\Programs\Startup\ChkDisk.dll
c:\documents and settings\David\Start Menu\Programs\Startup\ChkDisk.lnk
c:\documents and settings\Laura\Application Data\SpamBlocker
c:\documents and settings\Laura\Application Data\SpamBlockerUtility
c:\documents and settings\Laura\Application Data\SpamBlockerUtility\SpamBlockerUtility.log
c:\documents and settings\Laura\Application Data\SpamBlockerUtility\SpamBlockerUtility_1158955584.log
c:\documents and settings\Laura\Application Data\SpamBlockerUtility\SpamBlockerUtility_1160396773.log
c:\documents and settings\Laura\Application Data\SpamBlockerUtility\SpamBlockerUtility_1161633472.log
c:\documents and settings\Laura\Application Data\SpamBlockerUtility\SpamBlockerUtility_1162433110.log
c:\documents and settings\Laura\Application Data\SpamBlockerUtility\SpamBlockerUtility_1163805966.log
c:\documents and settings\Laura\Application Data\SpamBlockerUtility\SpamBlockerUtility_1164238707.log
c:\documents and settings\Laura\Application Data\SpamBlockerUtility\SpamBlockerUtility_1164550664.log
c:\documents and settings\Laura\Application Data\SpamBlockerUtility\SpamBlockerUtility_1164673174.log
c:\documents and settings\Laura\Application Data\SpamBlockerUtility\SpamBlockerUtility_1164852243.log
c:\documents and settings\Laura\Application Data\SpamBlockerUtility\SpamBlockerUtility_1165070785.log
c:\documents and settings\Laura\Application Data\SpamBlockerUtility\SpamBlockerUtility_1165181822.log
c:\documents and settings\Laura\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\ads.cdf
c:\documents and settings\Laura\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\business_promo.htm
c:\documents and settings\Laura\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\buttondir.txt
c:\documents and settings\Laura\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\components.cdf
c:\documents and settings\Laura\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\d_icons_buttons_1000.res
c:\documents and settings\Laura\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\d_icons_buttons_2000.res
c:\documents and settings\Laura\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\d_icons_buttons_3000.res
c:\documents and settings\Laura\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\d_icons_buttons_bar.res
c:\documents and settings\Laura\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\d_icons_buttons_bbar1.res
c:\documents and settings\Laura\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\d_icons_buttons_logos.res
c:\documents and settings\Laura\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\d_icons_buttons_other.res
c:\documents and settings\Laura\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\d_icons_weather.res
c:\documents and settings\Laura\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\default.cdf
c:\documents and settings\Laura\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_bidz.mnu
c:\documents and settings\Laura\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_bidz1.mnu
c:\documents and settings\Laura\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_bidz10.mnu
c:\documents and settings\Laura\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_bidz11.mnu
c:\documents and settings\Laura\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_bidz12.mnu
c:\documents and settings\Laura\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_bidz13.mnu
c:\documents and settings\Laura\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_bidz14.mnu
c:\documents and settings\Laura\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_bidz15.mnu
c:\documents and settings\Laura\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_bidz16.mnu
c:\documents and settings\Laura\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_bidz17.mnu
c:\documents and settings\Laura\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_bidz18.mnu
c:\documents and settings\Laura\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_bidz19.mnu
c:\documents and settings\Laura\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_bidz2.mnu
c:\documents and settings\Laura\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_bidz20.mnu
c:\documents and settings\Laura\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_bidz3.mnu
c:\documents and settings\Laura\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_bidz4.mnu
c:\documents and settings\Laura\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_bidz5.mnu
c:\documents and settings\Laura\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_bidz6.mnu
c:\documents and settings\Laura\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_bidz7.mnu
c:\documents and settings\Laura\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_bidz8.mnu
c:\documents and settings\Laura\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_bidz9.mnu
c:\documents and settings\Laura\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_categorize.mnu
c:\documents and settings\Laura\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_comparison.mnu
c:\documents and settings\Laura\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_em_PROFL_CA_flow_b_IEB.mnu
c:\documents and settings\Laura\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_explorer-Mails.mnu
c:\documents and settings\Laura\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_explorer-people.mnu
c:\documents and settings\Laura\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_fastutilities.mnu
c:\documents and settings\Laura\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_favorites.mnu
c:\documents and settings\Laura\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_Games.mnu
c:\documents and settings\Laura\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_Hide.mnu
c:\documents and settings\Laura\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_hotbarcom.mnu
c:\documents and settings\Laura\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_Hotmail.mnu
c:\documents and settings\Laura\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_hsskin.mnu
c:\documents and settings\Laura\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_jemster.mnu
c:\documents and settings\Laura\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_jemsterie.mnu
c:\documents and settings\Laura\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_jemsteruk.mnu
c:\documents and settings\Laura\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_jobsearch.mnu
c:\documents and settings\Laura\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_Mails.mnu
c:\documents and settings\Laura\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_new.mnu
c:\documents and settings\Laura\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_premium.mnu
c:\documents and settings\Laura\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_reun.mnu
c:\documents and settings\Laura\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_ringtones.mnu
c:\documents and settings\Laura\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_SearchBoxTrapper.mnu
c:\documents and settings\Laura\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_searchfor.mnu
c:\documents and settings\Laura\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_searchgo.mnu
c:\documents and settings\Laura\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_weather.mnu
c:\documents and settings\Laura\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_yellowpages.mnu
c:\documents and settings\Laura\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\email-def-511724-9595.mnu
c:\documents and settings\Laura\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\email-t1-bg.res
c:\documents and settings\Laura\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\hotbar-premium-hotbar-premium.mnu
c:\documents and settings\Laura\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\hotbar-premium.cdf
c:\documents and settings\Laura\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\hotbar_promo.htm
c:\documents and settings\Laura\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\icons2.res
c:\documents and settings\Laura\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\layout.cdf
c:\documents and settings\Laura\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\linkpathlegal.txt
c:\documents and settings\Laura\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\progress.res
c:\documents and settings\Laura\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\s_icons_buttons.res
c:\documents and settings\Laura\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\sales_buttons.res
c:\documents and settings\Laura\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\t2_bg.res
c:\documents and settings\Laura\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\theweb.mnu
c:\documents and settings\Laura\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\top7.cdf
c:\documents and settings\Laura\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Top7_theweb.mnu
c:\documents and settings\Laura\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\tsd_bg.res
c:\documents and settings\Laura\Application Data\SpamBlockerUtility_Icons
c:\documents and settings\Laura\Application Data\SpamBlockerUtility_Icons\Registryrepair.ico
c:\documents and settings\Laura\Application Data\SpamBlockerUtility_Icons\Software_Online_8.ico
c:\documents and settings\Laura\Application Data\SpamBlockerUtility_Icons\wallpapere1.ico
c:\documents and settings\Laura\protect.dll
c:\documents and settings\Laura\Start Menu\Programs\Startup\ChkDisk.dll
c:\documents and settings\Laura\Start Menu\Programs\Startup\ChkDisk.lnk
c:\documents and settings\Mom\Application Data\SpamBlocker
c:\documents and settings\Mom\Application Data\SpamBlockerUtility
c:\documents and settings\Mom\Application Data\SpamBlockerUtility\SpamBlockerUtility.log
c:\documents and settings\Mom\Application Data\SpamBlockerUtility_Icons
c:\documents and settings\Mom\Application Data\SpamBlockerUtility_Icons\Registryrepair.ico
c:\documents and settings\Mom\Application Data\SpamBlockerUtility_Icons\Software_Online_8.ico
c:\documents and settings\Mom\Application Data\SpamBlockerUtility_Icons\wallpapere1.ico
c:\documents and settings\Mom\protect.dll
c:\documents and settings\Mom\Start Menu\Programs\Startup\ChkDisk.dll
c:\documents and settings\Mom\Start Menu\Programs\Startup\ChkDisk.lnk
c:\documents and settings\NetworkService\protect.dll
c:\windows\system32\autochk.dll
c:\windows\system32\drivers\npf.sys
c:\windows\system32\init32.exe
c:\windows\system32\packet.dll
c:\windows\system32\wpcap.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_NPF

((((((((((((((((((((((((( Files Created from 2009-02-12 to 2009-03-12 )))))))))))))))))))))))))))))))
.

2009-03-09 17:20 . 2009-03-09 17:20 <DIR> d-------- c:\program files\Sophos
2009-03-09 16:59 . 2009-03-09 16:59 <DIR> d-------- c:\program files\CCleaner
2009-03-09 12:55 . 2009-03-09 12:44 15,688 --a------ c:\windows\SYSTEM32\lsdelete.exe
2009-03-09 12:44 . 2009-03-09 12:44 <DIR> d----c--- c:\windows\SYSTEM32\DRVSTORE
2009-03-09 12:44 . 2009-03-09 12:44 64,160 --a------ c:\windows\SYSTEM32\DRIVERS\Lbd.sys
2009-03-09 12:04 . 2009-03-09 12:04 <DIR> d-------- c:\program files\Lavasoft
2009-03-09 12:04 . 2009-03-09 12:44 <DIR> d-------- c:\documents and settings\All Users\Application Data\Lavasoft
2009-03-09 12:04 . 2009-03-09 12:26 <DIR> d--h-c--- c:\documents and settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-03-07 10:49 . 2009-03-12 17:04 16,362 --a------ c:\windows\SYSTEM32\Config.MPF
2009-02-24 10:40 . 2009-02-24 10:40 54,156 --ah----- c:\windows\QTFont.qfn
2009-02-24 10:40 . 2009-02-24 10:40 1,409 --a------ c:\windows\QTFont.for

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-11 00:49 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-03-09 20:37 --------- d-----w c:\program files\Hijack This
2009-03-09 16:08 --------- d-----w c:\program files\SpywareBlaster
2009-03-09 16:01 --------- d-----w c:\documents and settings\Dad\Application Data\Lavasoft
2009-02-13 21:54 34 ----a-w c:\documents and settings\David\jagex_runescape_preferences.dat
2009-01-24 03:11 0 ---ha-w c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2009-01-05 00:08 31 ----a-w c:\documents and settings\Mom\jagex_runescape_preferences.dat
2008-11-25 22:30 44,768 -c--a-w c:\documents and settings\Laura\Application Data\GDIPFONTCACHEV1.DAT
2008-11-09 19:18 44,768 -c--a-w c:\documents and settings\Dad\Application Data\GDIPFONTCACHEV1.DAT
2008-09-28 23:40 44,768 ----a-w c:\documents and settings\David\Application Data\GDIPFONTCACHEV1.DAT
2008-02-03 15:52 43,392 ----a-w c:\documents and settings\Mom\Application Data\GDIPFONTCACHEV1.DAT
2007-09-04 20:45 16,384 ----a-w c:\program files\Randmusic.exe
2005-07-16 09:41 94,208 ----a-w c:\program files\mozilla firefox\components\BrandRes.dll
2005-07-16 09:41 150,912 ----a-w c:\program files\mozilla firefox\components\fullsoft.dll
2005-07-16 09:41 41,573 ----a-w c:\program files\mozilla firefox\components\jar50.dll
2005-07-16 09:41 48,223 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll
2005-07-16 09:41 8,813 ----a-w c:\program files\mozilla firefox\components\qfaservices.dll
2005-07-16 09:41 160,871 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll
2005-11-23 23:56 417,828 -csh--w c:\windows\JAVA\pisod.bak2
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Application Accelerator\iaanotif.exe" [2004-03-23 135168]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-08-25 339968]
"IntelMeM"="c:\program files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-03 221184]
"CTSysVol"="c:\program files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe" [2003-09-17 57344]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-07 110592]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-08-13 122939]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2005-04-29 180269]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2006-02-23 278528]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-06-21 155648]
"DXM6Patch_981116"="c:\windows\p_981116.exe" [1998-11-30 497376]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-03 866584]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-03 1603152]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 79400]
"McAfee Backup"="c:\program files\McAfee\MBK\McAfeeDataBackup.exe" [2007-01-16 4838952]
"MBkLogOnHook"="c:\program files\McAfee\MBK\LogOnHook.exe" [2007-01-08 20480]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2007-11-01 582992]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2008-12-12 157312]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-03-09 515416]
"P17Helper"="P17.dll" [2004-06-10 c:\windows\SYSTEM32\P17.dll]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

c:\documents and settings\Dad\Start Menu\Programs\Startup\
Lunabar.lnk - c:\program files\Lunar Almanack\Lunabar.exe [2005-01-12 135168]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-05-15 217193]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\Total War\\Medieval - Total War\\Medieval_TW.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Documents and Settings\\Dad\\My Documents\\P2P\\Soulseek\\slsk.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Microsoft SQL Server\\MSSQL.1\\MSSQL\\Binn\\sqlservr.exe"=
"c:\\Program Files\\Microsoft SQL Server\\90\\Shared\\sqlbrowser.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"c:\\Program Files\\McAfee\\MBK\\McAfeeDataBackup.exe"=

R0 Lbd;Lbd;c:\windows\SYSTEM32\DRIVERS\Lbd.sys [2009-03-09 64160]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-01-18 951120]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
R2 YahooAUService;Yahoo! Updater;c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe [2008-11-09 602392]
R3 Eacfilt;Eacfilt Miniport;c:\windows\SYSTEM32\DRIVERS\eacfilt.sys [2006-11-16 9817]
S1 vcdrom;Virtual CD-ROM Device Driver;\??\c:\documents and settings\All Users\Documents\VCD\VCdRom.sys --> c:\documents and settings\All Users\Documents\VCD\VCdRom.sys [?]
S2 IPSECEXT;Nortel Extranet Access Protocol;c:\windows\SYSTEM32\DRIVERS\ipsecw2k.sys [2006-11-16 137392]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\86.tmp --> c:\windows\system32\86.tmp [?]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\Z]
\Shell\AutoRun\command - Z:\autorun.exe
.
Contents of the 'Scheduled Tasks' folder

2009-03-09 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 12:44]

2008-01-14 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2007-12-04 13:32]

2008-01-14 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2007-12-04 13:32]

2009-03-12 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 19:20]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-autochk - c:\windows\system32\autochk.dll

.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
mStart Page = hxxp://www.yahoo.com
uInternet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
uSearchURL,(Default) = hxxp://red.clientapps.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Dad\Application Data\Mozilla\Firefox\Profiles\7kh5abo9.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - about:blank
FF - component: c:\program files\Mozilla Firefox\components\qfaservices.dll

---- FIREFOX POLICIES ----
FF - user.js: dom.disable_open_during_load - false // Popupblocker control handled by McAfee Privacy Service
c:\program files\Mozilla Firefox\greprefs\all.js - pref("backups.number_of_prefs_copies", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.link.open_newwindow.ui", 3); // prefs UI version
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.closed", "allAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.document", "allAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.frames", "allAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.history", "allAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.length", "allAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.opener", "allAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.parent", "allAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.self", "allAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.top", "allAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.window", "allAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.DOMParser,parseFromString", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.DOMParser,parseFromStream", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.disable_window_open_feature.status", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("advanced.always_load_images", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.protocol-handler.external.help", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.connect.timeout", 30); // in seconds
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.request.timeout", 120); // in seconds
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.accept.default", "application/x-shockwave-flash,text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN_show_punycode", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.image.imageBehavior", 0); // 0-Accept, 1-dontAcceptForeign, 2-dontUse
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.cookie.cookieBehavior", 3); // 0-Accept, 1-dontAcceptForeign, 2-dontUse, 3-p3p
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.cookie.p3plevel", 1); // 0=low, 1=medium, 2=high, 3=custom
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.enablePad", false); // Allow client to do proxy autodiscovery
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDFE0BD779-44EE-4A4B-AA2E-743C63F2E5E6", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDFE0BD779-44EE-4A4B-AA2E-743C63F2E5E6", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDFE0BD779-44EE-4A4B-AA2E-743C63F2E5E6", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("app.id", "{ec8030f7-c20a-464f-9b0e-13a3a9e97384}");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("app.version",
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("app.extensions.version", "1.0");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("app.build_id",
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("app.update.autoUpdateEnabled", true); // Whether or not background app updates
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("app.update.url", "chrome://mozapps/locale/update/update.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("app.update.updatesAvailable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("app.update.lastUpdateDate", 0); // UTC offset when last App update was
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("app.update.performed", false); // Whether or not an update has been
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.update.autoUpdateEnabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.update.autoUpdate", false); // Automatically download and install
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.update.interval", 604800000); // Check for updates to Extensions and
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.update.lastUpdateDate", 0); // UTC offset when last Extension/Theme
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.update.severity.threshold", 5);// The number of pending Extension/Theme
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.update.count", 0); // The number of extension/theme/etc
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("update.interval", 3600000); // Check each of the above intervals
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("update.showSlidingNotification", true); // Windows-only slide-up taskbar
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("update.severity", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("general.useragent.vendor", "Firefox");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("general.useragent.vendorSub",
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.update.resetHomepage", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.startup.homepage_override.1", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.turbo.enabled", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.default", "chrome://browser/content/searchconfig.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.custom", "chrome://browser/content/searchconfig.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("update_notifications.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("update_notifications.provider.0.frequency", 7); // number of days
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.xul.error_pages.enabled", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("pfs.datasource.url", "chrome://mozapps/locale/plugins/plugins.properties");
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-12 17:11:40
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
McAfee Backup = c:\program files\McAfee\MBK\McAfeeDataBackup.exe?????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\86.tmp"
.
------------------------ Other Running Processes ------------------------
.
c:\windows\SYSTEM32\ati2evxx.exe
c:\progra~1\COMMON~1\AOL\ACS\AOLacsd.exe
c:\windows\SYSTEM32\CTSVCCDA.EXE
c:\program files\Intel\Intel Application Accelerator\IAANTmon.exe
c:\program files\McAfee\MBK\MBackMonitor.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\progra~1\COMMON~1\McAfee\MNA\McNASvc.exe
c:\progra~1\COMMON~1\McAfee\McProxy\McProxy.exe
c:\progra~1\McAfee\VIRUSS~1\Mcshield.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\program files\McAfee\MPF\MpfSrv.exe
c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\windows\SYSTEM32\MsPMSPSv.exe
c:\windows\SYSTEM32\ZuneBusEnum.exe
c:\windows\SYSTEM32\WBEM\UNSECAPP.EXE
c:\progra~1\McAfee\VIRUSS~1\mcsysmon.exe
c:\windows\SYSTEM32\RUNDLL32.EXE
c:\program files\iPod\bin\iPodService.exe
c:\progra~1\McAfee\MSC\mcuimgr.exe
.
**************************************************************************
.
Completion time: 2009-03-12 17:15:17 - machine was rebooted
ComboFix-quarantined-files.txt 2009-03-12 21:15:14

Pre-Run: 96,412,446,720 bytes free
Post-Run: 98,798,649,344 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

586 --- E O F --- 2007-12-01 05:59:03

tetonbob · 03-12-2009, 03:53 PM

We'll have more work to do, but before we continue....how is the machine behaving? Still being redirected?

m_c_5_7 · 03-12-2009, 05:22 PM

No, I am not seeing any of the bad behavior noted in original request. I am not being re-directed, hovering over the yahoo links shows a valid url, and the pages are accessible and rendering clearly in both IE and Firefox.

tetonbob · 03-12-2009, 05:33 PM

Ok, great.

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.

Download the latest version of Java Runtime Environment (JRE) 6 and save it to your desktop.
Scroll down to where it says "Java SE Runtime Environment (JRE) 6 Update 12. The Java SE Runtime Environment (JRE) allows end-users to run Java applications."
Click the "Download" button to the right.
Select the Windows platform from the dropdown menu.
Read the License Agreement and then check the box that says: " I agree to the Java SE Runtime Environment 6 with JavaFX License Agreement". Click on Continue.The page will refresh.
Click on the link to download Windows Offline Installation and save the file to your desktop.
Close any programs you may have running - especially your web browser.
Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
Check (highlight) any item with Java Runtime Environment (JRE or J2SE or Java(TM) 6) in the name.
Click the Remove or Change/Remove button.
Repeat as many times as necessary to remove each Java versions.
Reboot your computer once all Java components are removed.
Then from your desktop double-click on jre-6u12-windows-i586-p.exe to install the newest version.

After the install is complete, go into the Control Panel (using Classic View) and double-click the Java Icon. (looks like a coffee cup)
- On the General tab, under Temporary Internet Files, click the Settings button.
- Next, click on the Delete Files button
- There are two options in the window to clear the cache - Leave BOTH Checked
  - Applications and Applets
    Trace and Log Files
- Click OK on Delete Temporary Files Window
  Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
- Click OK to leave the Temporary Files Window
- Click OK to leave the Java Control Panel.

---------------------------------------------------------------------------------------------

Please download ATF Cleaner by Atribune.

Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

If you use Firefox browser

Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

---------------------------------------------------------------------------------------------

Please run this online scan to help look for remnants.

Perform an online scan with Panda ActiveScan

Click on Scan Your PC Now
A "pop up" window will appear, or a new tab will open.
Click on Register
Choose the option you like most, but we recommend the Free Registration.
Click on Register
Enter your e-mail address, and create a password.
Select "I do not want to receive any type of information". (unless you want to receive such information)
Click on Send
Confirm registration, and continue by entering your user name and password, then click on Enter
Select Full Scan, then Click on Scan Now
Wait for the components to be loaded and installed. Don't close this window or go to another page while it is downloading. You can continue using the Internet by opening another window in your browser.
If it finds any malware it can disinfect, the Disinfect button will be enabled. Click on Disinfect
Please ignore the offer to buy the program. Click on Export To
Export the log and save it to your desktop.
Please attach the contents of that log to your reply.

* Turn off the real time scanner of any existing antivirus program while performing the online scan

---------------------------------------------------------------------------------------------

m_c_5_7 · 03-13-2009, 08:58 AM

Attached is Panda Activescan results.

tetonbob · 03-13-2009, 11:41 AM

Open NOTEPAD.exe and copy/paste the text in the codebox below into it:

Code:

@echo off
if exist "%temp%\log.txt" del "%temp%\log.txt"

for %%g in (

"C:\Documents and Settings\Dad\My Documents\Garbage\Local Settings - Temp\UUEt.exe"
"C:\Documents and Settings\Dad\My Documents\Garbage\Windows - System32\frmwrk32.exe"

) do (
del /a/f %%g >nul 2>&1
if exist %%g echo.%%g>>"%temp%\log.txt"
)

if exist "%temp%\log.txt" ( start notepad "%temp%\log.txt"
) else echo.Deleted Successfully !!

pause
del %0

Save this as fix.bat Choose to "Save type as - All Files"
It should look like this:

Double click on fix.bat & allow it to run

Post back to tell me what it says

m_c_5_7 · 03-13-2009, 12:33 PM

I saved it the desktop then clicked on it to run....results cut-and-pasted here:

Deleted Successfully !!
Press any key to continue . . .

tetonbob · 03-13-2009, 01:25 PM

Good, that's what we want...

Many of the other items found were Firefox cookies.

Cookies get installed on your computer everytime you visit any webpage. Now, some of those are good cookies that get installed for ease of use for next time you visit the same page, but some cookies are spyware used for tracking users surfing habits.

Most of those cookies are third party cookies that can be blocked:

In Firefox go to Tools > Options > Privacy > Cookies

Click Exceptions, identify the site you want to block, and click on Block.

In IE go to Tools > Internet Options > Privacy and click on Advanced in the Privacy tab

Now put a check next to "Override automatic cookie handling"

Set first party cookies to Accept and third party cookies to Block

Also put a check to "Always allow session cookies" OK your way out.

This won't prevent all bad cookies from being installed, but will reduce the amount.

Also there is another program you can use.

Spywareblaster Prevents the installation of ActiveX-based spyware, adware, browser hijackers, dialers, and other potentially unwanted software. Blocks spyware/tracking cookies in Internet Explorer and Mozilla/Firefox. Restricts the actions of potentially unwanted sites in Internet Explorer.

You can read more about cookies at the Cookie Concept

You can tidy up with this tool:

Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 only

Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

If you use Firefox browser

Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

---------------------------------------------------------------------------------------------

The other items Panda found are in System Restore points, and will be addressed by uninstalling ComboFix as instructed below

Other than that....

Your logs appear clean.You should be good to go. We still have a few items to address.

Go to

-> Run -> copy/paste in the following single line command & click OK

combofix /u

This will uninstall ComboFix. It will also implement some cleanup procedures and reset System Restore points.

Now that your system is clean, to help protect your computer in the future I recommend that you follow these steps and look into the following free programs:

Microsoft Windows Update - http://www.windowsupdate.com
Visit regularly. This will ensure your computer always has the latest security updates. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
SpywareBlaster to help prevent spyware from installing in the first place.
- Install & update SpywareBlaster with the latest definitions.
  After you have updated, click the button - enable protection for all unprotected items
McAfee Site Advisor--free version. The folks there check out websites and based on their findings, rate it as Safe, Unknown, Caution, or Bad.
Winpatrol

Winpatrol is heuristic protection program, meaning it looks for patterns in codes that work like malware. It also takes a snapshot of your system's critical resources and alerts you to any changes that may occur without you knowing. You can read more about Winpatrol's features here.

You can get a free copy of Winpatrol or use the Plus version for more features.

You can read Winpatrol's FAQ if you run into problems.
MVPS HOST FILE
The MVPS Hosts file replaces your current HOSTS file with one that will restrict known ad sites form serving you unsolicited advertisements. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is the IP of your local computer.
- Download Host.zip to your desktop.
- From your Desktop right-click (hosts.zip) and select:
  Extract All from the menu.
- Click Next, click Next, select the option:
  "Show Extracted files", click Finish
- This will open the newly created hosts folder on your Desktop.
- Double-click on the included mvps.bat file, this will rename the existing HOSTS file to HOSTS.MVP, then it will copy the included updated HOSTS file to the correct location on your machine.
- Once updated you should see another prompt that the task was completed.
ANTIVIRUS SOFTWARE
It is very important that you have anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future. It is imperative that you update your antivirus software at least once a week (even more if you wish). If you do not update your antivirus software then it will not be able to catch new malware that may have come out.

Do not install more than one AntiVirus program because they will conflict with each other.
Scan here http://secunia.com/software_inspector/ for out of date & vulnerable common applications on your computer
http://www.trillian.cc ? Trillian or http://www.miranda-im.com ? Miranda-IM - These are Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN)
http://www.aumha.org/downloads/erunt-setup.exe - ERUNT - A useful freeware utility for users of Windows 2000/XP//Vista. It's made up of two parts - ERUNT & NTREGOPT.

ERUNT will create daily complete backups of your computer's Registry. Whilst System Restore does the same thing, a corrupt registry file may prevent Windows from booting & this effectively renders disables System Restore. With ERUNT, you're able to restore the damaged Registry.

NTREGOPT works by recreating each registry hive "from scratch", thus removing any slack space that may be left from previously modified or deleted keys. In other words, it compacts the Registry to a small size which allows Windows to load & perform faster.

In light of your recent troubles, I'm sure you'll like to avoid any future infections. Please take a look at these well written articles

If you want to fight back the Malware Writers that have made your life a misery, please take a look here and read what you can do against it.

Please respond to this thread one more time so we can mark this thread as resolved.

m_c_5_7 · 03-13-2009, 07:14 PM

I am following the instructions. The Secunia scanner has reported a lot of software as out-of-date so I need to update those. Thanks for the help.

tetonbob · 03-13-2009, 07:53 PM

Glad to help.

Surf Safely, and Think Prevention!

Since this issue is resolved, this topic will be archived.

03-12-2009, 09:58 AM	#2 (permalink)
tetonbob Manager, Security Center, TSF Academy; Analyst, Security Team Join Date: Jan 2005 Location: Transylvania County, North Carolina, USA Posts: 39,397 OS: 2000 Pro; XP Pro; XP Home	Re: Help with redirect problems Hello and Welcome. Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe. Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence. Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed. --------------------------------------------------------------------------------------------- Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate. Stay with me until given the 'all clear' even if symptoms diminish. Lack of symptoms does not always mean the job is complete. Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by me or another helper at this forum. --------------------------------------------------------------------------------------------- Please visit this webpage for download links, and instructions for running combofix: http://www.bleepingcomputer.com/comb...o-use-combofix * Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix. McAfee: Double-click the taskbar icon to open the Security Center Click Advanced Menu (lower left) Click Configure (left) Click Computer & Files (upper left) VirusScan can be disabled on the right. Please include the C:\ComboFix.txt in your next reply for further review. __________________ Practice Safe Surfing PC Safety and Security--What Do I Need? Because what you don't know, CAN hurt you. Proud Member of ASAP since 2005 Proud Member of UNITE since 2006 Microsoft MVP - Consumer Security 2009

03-12-2009, 02:21 PM	#3 (permalink)
m_c_5_7 Registered User Join Date: Mar 2009 Posts: 6 OS: XP Home Edition Version 2002 Service Pack 2	Re: Help with redirect problems Thank you, below please see results from ComboFix.txt: ComboFix 09-03-10.03 - Dad 2009-03-12 16:58:27.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2046.1563 [GMT -4:00] Running from: c:\documents and settings\Dad\Desktop\ComboFix.exe AV: McAfee VirusScan On-access scanning disabled (Updated) FW: McAfee Personal Firewall enabled * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\docume~1\Dad\LOCALS~1\Temp\n.dll c:\documents and settings\Dad\Application Data\SpamBlocker c:\documents and settings\Dad\Application Data\SpamBlockerUtility c:\documents and settings\Dad\Application Data\SpamBlockerUtility\SpamBlockerUtility.log c:\documents and settings\Dad\Application Data\SpamBlockerUtility\SpamBlockerUtility_1158239239.log c:\documents and settings\Dad\Application Data\SpamBlockerUtility\SpamBlockerUtility_1158870950.log c:\documents and settings\Dad\Application Data\SpamBlockerUtility\SpamBlockerUtility_1159758044.log c:\documents and settings\Dad\Application Data\SpamBlockerUtility\SpamBlockerUtility_1159989512.log c:\documents and settings\Dad\Application Data\SpamBlockerUtility\SpamBlockerUtility_1160673280.log c:\documents and settings\Dad\Application Data\SpamBlockerUtility\SpamBlockerUtility_1161354119.log c:\documents and settings\Dad\Application Data\SpamBlockerUtility\SpamBlockerUtility_1162162040.log c:\documents and settings\Dad\Application Data\SpamBlockerUtility\SpamBlockerUtility_1163002501.log c:\documents and settings\Dad\Application Data\SpamBlockerUtility\SpamBlockerUtility_1164082074.log c:\documents and settings\Dad\Application Data\SpamBlockerUtility\SpamBlockerUtility_1164982682.log c:\documents and settings\Dad\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\ads.cdf c:\documents and settings\Dad\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\business_promo.htm c:\documents and settings\Dad\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\buttondir.txt c:\documents and settings\Dad\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\components.cdf c:\documents and settings\Dad\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\d_icons_buttons_1000.res c:\documents and settings\Dad\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\d_icons_buttons_2000.res c:\documents and settings\Dad\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\d_icons_buttons_3000.res c:\documents and settings\Dad\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\d_icons_buttons_bar.res c:\documents and settings\Dad\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\d_icons_buttons_bbar1.res c:\documents and settings\Dad\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\d_icons_buttons_logos.res c:\documents and settings\Dad\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\d_icons_buttons_other.res c:\documents and settings\Dad\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\d_icons_weather.res c:\documents and settings\Dad\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\default.cdf c:\documents and settings\Dad\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_bidz.mnu c:\documents and settings\Dad\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_bidz1.mnu c:\documents and settings\Dad\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_bidz10.mnu c:\documents and settings\Dad\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_bidz11.mnu c:\documents and settings\Dad\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_bidz12.mnu c:\documents and settings\Dad\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_bidz13.mnu c:\documents and settings\Dad\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_bidz14.mnu c:\documents and settings\Dad\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_bidz15.mnu c:\documents and settings\Dad\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_bidz16.mnu c:\documents and settings\Dad\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_bidz17.mnu c:\documents and settings\Dad\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_bidz18.mnu c:\documents and settings\Dad\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_bidz19.mnu c:\documents and settings\Dad\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_bidz2.mnu c:\documents and settings\Dad\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_bidz20.mnu c:\documents and settings\Dad\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_bidz3.mnu c:\documents and settings\Dad\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_bidz4.mnu c:\documents and settings\Dad\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_bidz5.mnu c:\documents and settings\Dad\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_bidz6.mnu c:\documents and settings\Dad\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_bidz7.mnu c:\documents and settings\Dad\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_bidz8.mnu c:\documents and settings\Dad\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_bidz9.mnu c:\documents and settings\Dad\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_categorize.mnu c:\documents and settings\Dad\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_comparison.mnu c:\documents and settings\Dad\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_em_PROFL_CA_flow_b_IEB.mnu c:\documents and settings\Dad\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_explorer-Mails.mnu c:\documents and settings\Dad\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_explorer-people.mnu c:\documents and settings\Dad\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_fastutilities.mnu c:\documents and settings\Dad\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_favorites.mnu c:\documents and settings\Dad\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_Games.mnu c:\documents and settings\Dad\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_Hide.mnu c:\documents and settings\Dad\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_hotbarcom.mnu c:\documents and settings\Dad\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_Hotmail.mnu c:\documents and settings\Dad\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_hsskin.mnu c:\documents and settings\Dad\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_jemster.mnu c:\documents and settings\Dad\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_jemsterie.mnu c:\documents and settings\Dad\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_jemsteruk.mnu c:\documents and settings\Dad\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_jobsearch.mnu c:\documents and settings\Dad\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_Mails.mnu c:\documents and settings\Dad\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_new.mnu c:\documents and settings\Dad\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_premium.mnu c:\documents and settings\Dad\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_reun.mnu c:\documents and settings\Dad\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_ringtones.mnu c:\documents and settings\Dad\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_SearchBoxTrapper.mnu c:\documents and settings\Dad\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_searchfor.mnu c:\documents and settings\Dad\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_searchgo.mnu c:\documents and settings\Dad\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_weather.mnu c:\documents and settings\Dad\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_yellowpages.mnu c:\documents and settings\Dad\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\email-def-511724-9595.mnu c:\documents and settings\Dad\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\email-t1-bg.res c:\documents and settings\Dad\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\hotbar-premium-hotbar-premium.mnu c:\documents and settings\Dad\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\hotbar-premium.cdf c:\documents and settings\Dad\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\hotbar_promo.htm c:\documents and settings\Dad\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\icons2.res c:\documents and settings\Dad\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\layout.cdf c:\documents and settings\Dad\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\linkpathlegal.txt c:\documents and settings\Dad\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\progress.res c:\documents and settings\Dad\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\s_icons_buttons.res c:\documents and settings\Dad\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\sales_buttons.res c:\documents and settings\Dad\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\t2_bg.res c:\documents and settings\Dad\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\theweb.mnu c:\documents and settings\Dad\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\top7.cdf c:\documents and settings\Dad\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Top7_theweb.mnu c:\documents and settings\Dad\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\tsd_bg.res c:\documents and settings\Dad\Application Data\SpamBlockerUtility_Icons c:\documents and settings\Dad\Application Data\SpamBlockerUtility_Icons\Registryrepair.ico c:\documents and settings\Dad\Application Data\SpamBlockerUtility_Icons\Software_Online_8.ico c:\documents and settings\Dad\Application Data\SpamBlockerUtility_Icons\wallpapere1.ico c:\documents and settings\Dad\protect.dll c:\documents and settings\Dad\Start Menu\Programs\Startup\ChkDisk.dll c:\documents and settings\Dad\Start Menu\Programs\Startup\ChkDisk.lnk c:\documents and settings\David\Application Data\SpamBlocker c:\documents and settings\David\Application Data\SpamBlockerUtility c:\documents and settings\David\Application Data\SpamBlockerUtility\SpamBlockerUtility.log c:\documents and settings\David\Application Data\SpamBlockerUtility\SpamBlockerUtility_1157806450.log c:\documents and settings\David\Application Data\SpamBlockerUtility\SpamBlockerUtility_1157913006.log c:\documents and settings\David\Application Data\SpamBlockerUtility\SpamBlockerUtility_1158092658.log c:\documents and settings\David\Application Data\SpamBlockerUtility\SpamBlockerUtility_1158261335.log c:\documents and settings\David\Application Data\SpamBlockerUtility\SpamBlockerUtility_1158607533.log c:\documents and settings\David\Application Data\SpamBlockerUtility\SpamBlockerUtility_1158693275.log c:\documents and settings\David\Application Data\SpamBlockerUtility\SpamBlockerUtility_1159132566.log c:\documents and settings\David\Application Data\SpamBlockerUtility\SpamBlockerUtility_1159212037.log c:\documents and settings\David\Application Data\SpamBlockerUtility\SpamBlockerUtility_1159307013.log c:\documents and settings\David\Application Data\SpamBlockerUtility\SpamBlockerUtility_1159560345.log c:\documents and settings\David\Application Data\SpamBlockerUtility\SpamBlockerUtility_1159903144.log c:\documents and settings\David\Application Data\SpamBlockerUtility\SpamBlockerUtility_1160011510.log c:\documents and settings\David\Application Data\SpamBlockerUtility\SpamBlockerUtility_1160164264.log c:\documents and settings\David\Application Data\SpamBlockerUtility\SpamBlockerUtility_1160313687.log c:\documents and settings\David\Application Data\SpamBlockerUtility\SpamBlockerUtility_1160577289.log c:\documents and settings\David\Application Data\SpamBlockerUtility\SpamBlockerUtility_1160938503.log c:\documents and settings\David\Application Data\SpamBlockerUtility\SpamBlockerUtility_1161116661.log c:\documents and settings\David\Application Data\SpamBlockerUtility\SpamBlockerUtility_1161285606.log c:\documents and settings\David\Application Data\SpamBlockerUtility\SpamBlockerUtility_1161558349.log c:\documents and settings\David\Application Data\SpamBlockerUtility\SpamBlockerUtility_1161717299.log c:\documents and settings\David\Application Data\SpamBlockerUtility\SpamBlockerUtility_1162153196.log c:\documents and settings\David\Application Data\SpamBlockerUtility\SpamBlockerUtility_1162414547.log c:\documents and settings\David\Application Data\SpamBlockerUtility\SpamBlockerUtility_1162577744.log c:\documents and settings\David\Application Data\SpamBlockerUtility\SpamBlockerUtility_1162760857.log c:\documents and settings\David\Application Data\SpamBlockerUtility\SpamBlockerUtility_1163449126.log c:\documents and settings\David\Application Data\SpamBlockerUtility\SpamBlockerUtility_1163625517.log c:\documents and settings\David\Application Data\SpamBlockerUtility\SpamBlockerUtility_1163816495.log c:\documents and settings\David\Application Data\SpamBlockerUtility\SpamBlockerUtility_1163960709.log c:\documents and settings\David\Application Data\SpamBlockerUtility\SpamBlockerUtility_1164219335.log c:\documents and settings\David\Application Data\SpamBlockerUtility\SpamBlockerUtility_1164315667.log c:\documents and settings\David\Application Data\SpamBlockerUtility\SpamBlockerUtility_1164589664.log c:\documents and settings\David\Application Data\SpamBlockerUtility\SpamBlockerUtility_1165007107.log c:\documents and settings\David\Application Data\SpamBlockerUtility\SpamBlockerUtility_1165180336.log c:\documents and settings\David\Application Data\SpamBlockerUtility\SpamBlockerUtility_1165436446.log c:\documents and settings\David\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\ads.cdf c:\documents and settings\David\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\business_promo.htm c:\documents and settings\David\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\buttondir.txt c:\documents and settings\David\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\components.cdf c:\documents and settings\David\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\d_icons_buttons_1000.res c:\documents and settings\David\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\d_icons_buttons_2000.res c:\documents and settings\David\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\d_icons_buttons_3000.res c:\documents and settings\David\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\d_icons_buttons_bar.res c:\documents and settings\David\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\d_icons_buttons_bbar1.res c:\documents and settings\David\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\d_icons_buttons_logos.res c:\documents and settings\David\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\d_icons_buttons_other.res c:\documents and settings\David\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\d_icons_weather.res c:\documents and settings\David\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\default.cdf c:\documents and settings\David\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_bidz.mnu c:\documents and settings\David\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_bidz1.mnu c:\documents and settings\David\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_bidz10.mnu c:\documents and settings\David\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_bidz11.mnu c:\documents and settings\David\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_bidz12.mnu c:\documents and settings\David\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_bidz13.mnu c:\documents and settings\David\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_bidz14.mnu c:\documents and settings\David\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_bidz15.mnu c:\documents and settings\David\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_bidz16.mnu c:\documents and settings\David\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_bidz17.mnu c:\documents and settings\David\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_bidz18.mnu c:\documents and settings\David\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_bidz19.mnu c:\documents and settings\David\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_bidz2.mnu c:\documents and settings\David\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_bidz20.mnu c:\documents and settings\David\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_bidz3.mnu c:\documents and settings\David\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_bidz4.mnu c:\documents and settings\David\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_bidz5.mnu c:\documents and settings\David\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_bidz6.mnu c:\documents and settings\David\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_bidz7.mnu c:\documents and settings\David\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_bidz8.mnu c:\documents and settings\David\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_bidz9.mnu c:\documents and settings\David\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_categorize.mnu c:\documents and settings\David\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_comparison.mnu c:\documents and settings\David\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_em_PROFL_CA_flow_b_IEB.mnu c:\documents and settings\David\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_explorer-Mails.mnu c:\documents and settings\David\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_explorer-people.mnu c:\documents and settings\David\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_fastutilities.mnu c:\documents and settings\David\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_favorites.mnu c:\documents and settings\David\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_Games.mnu c:\documents and settings\David\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_Hide.mnu c:\documents and settings\David\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_hotbarcom.mnu c:\documents and settings\David\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_Hotmail.mnu c:\documents and settings\David\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_hsskin.mnu c:\documents and settings\David\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_jemster.mnu c:\documents and settings\David\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_jemsterie.mnu c:\documents and settings\David\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_jemsteruk.mnu c:\documents and settings\David\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_jobsearch.mnu c:\documents and settings\David\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_Mails.mnu c:\documents and settings\David\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_new.mnu c:\documents and settings\David\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_premium.mnu c:\documents and settings\David\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_reun.mnu c:\documents and settings\David\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_ringtones.mnu c:\documents and settings\David\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_SearchBoxTrapper.mnu c:\documents and settings\David\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_searchfor.mnu c:\documents and settings\David\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_searchgo.mnu c:\documents and settings\David\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_weather.mnu c:\documents and settings\David\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_yellowpages.mnu c:\documents and settings\David\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\email-def-511724-9595.mnu c:\documents and settings\David\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\email-t1-bg.res c:\documents and settings\David\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\hotbar-premium-hotbar-premium.mnu c:\documents and settings\David\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\hotbar-premium.cdf c:\documents and settings\David\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\hotbar_promo.htm c:\documents and settings\David\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\icons2.res c:\documents and settings\David\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\layout.cdf c:\documents and settings\David\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\linkpathlegal.txt c:\documents and settings\David\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\progress.res c:\documents and settings\David\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\s_icons_buttons.res c:\documents and settings\David\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\sales_buttons.res c:\documents and settings\David\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\t2_bg.res c:\documents and settings\David\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\theweb.mnu c:\documents and settings\David\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\top7.cdf c:\documents and settings\David\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Top7_theweb.mnu c:\documents and settings\David\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\tsd_bg.res c:\documents and settings\David\Application Data\SpamBlockerUtility_Icons c:\documents and settings\David\Application Data\SpamBlockerUtility_Icons\Registryrepair.ico c:\documents and settings\David\Application Data\SpamBlockerUtility_Icons\Software_Online_8.ico c:\documents and settings\David\Application Data\SpamBlockerUtility_Icons\wallpapere1.ico c:\documents and settings\David\protect.dll c:\documents and settings\David\Start Menu\Programs\Startup\ChkDisk.dll c:\documents and settings\David\Start Menu\Programs\Startup\ChkDisk.lnk c:\documents and settings\Laura\Application Data\SpamBlocker c:\documents and settings\Laura\Application Data\SpamBlockerUtility c:\documents and settings\Laura\Application Data\SpamBlockerUtility\SpamBlockerUtility.log c:\documents and settings\Laura\Application Data\SpamBlockerUtility\SpamBlockerUtility_1158955584.log c:\documents and settings\Laura\Application Data\SpamBlockerUtility\SpamBlockerUtility_1160396773.log c:\documents and settings\Laura\Application Data\SpamBlockerUtility\SpamBlockerUtility_1161633472.log c:\documents and settings\Laura\Application Data\SpamBlockerUtility\SpamBlockerUtility_1162433110.log c:\documents and settings\Laura\Application Data\SpamBlockerUtility\SpamBlockerUtility_1163805966.log c:\documents and settings\Laura\Application Data\SpamBlockerUtility\SpamBlockerUtility_1164238707.log c:\documents and settings\Laura\Application Data\SpamBlockerUtility\SpamBlockerUtility_1164550664.log c:\documents and settings\Laura\Application Data\SpamBlockerUtility\SpamBlockerUtility_1164673174.log c:\documents and settings\Laura\Application Data\SpamBlockerUtility\SpamBlockerUtility_1164852243.log c:\documents and settings\Laura\Application Data\SpamBlockerUtility\SpamBlockerUtility_1165070785.log c:\documents and settings\Laura\Application Data\SpamBlockerUtility\SpamBlockerUtility_1165181822.log c:\documents and settings\Laura\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\ads.cdf c:\documents and settings\Laura\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\business_promo.htm c:\documents and settings\Laura\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\buttondir.txt c:\documents and settings\Laura\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\components.cdf c:\documents and settings\Laura\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\d_icons_buttons_1000.res c:\documents and settings\Laura\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\d_icons_buttons_2000.res c:\documents and settings\Laura\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\d_icons_buttons_3000.res c:\documents and settings\Laura\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\d_icons_buttons_bar.res c:\documents and settings\Laura\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\d_icons_buttons_bbar1.res c:\documents and settings\Laura\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\d_icons_buttons_logos.res c:\documents and settings\Laura\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\d_icons_buttons_other.res c:\documents and settings\Laura\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\d_icons_weather.res c:\documents and settings\Laura\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\default.cdf c:\documents and settings\Laura\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_bidz.mnu c:\documents and settings\Laura\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_bidz1.mnu c:\documents and settings\Laura\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_bidz10.mnu c:\documents and settings\Laura\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_bidz11.mnu c:\documents and settings\Laura\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_bidz12.mnu c:\documents and settings\Laura\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_bidz13.mnu c:\documents and settings\Laura\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_bidz14.mnu c:\documents and settings\Laura\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_bidz15.mnu c:\documents and settings\Laura\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_bidz16.mnu c:\documents and settings\Laura\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_bidz17.mnu c:\documents and settings\Laura\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_bidz18.mnu c:\documents and settings\Laura\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_bidz19.mnu c:\documents and settings\Laura\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_bidz2.mnu c:\documents and settings\Laura\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_bidz20.mnu c:\documents and settings\Laura\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_bidz3.mnu c:\documents and settings\Laura\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_bidz4.mnu c:\documents and settings\Laura\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_bidz5.mnu c:\documents and settings\Laura\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_bidz6.mnu c:\documents and settings\Laura\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_bidz7.mnu c:\documents and settings\Laura\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_bidz8.mnu c:\documents and settings\Laura\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_bidz9.mnu c:\documents and settings\Laura\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_categorize.mnu c:\documents and settings\Laura\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_comparison.mnu c:\documents and settings\Laura\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_em_PROFL_CA_flow_b_IEB.mnu c:\documents and settings\Laura\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_explorer-Mails.mnu c:\documents and settings\Laura\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_explorer-people.mnu c:\documents and settings\Laura\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_fastutilities.mnu c:\documents and settings\Laura\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_favorites.mnu c:\documents and settings\Laura\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_Games.mnu c:\documents and settings\Laura\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_Hide.mnu c:\documents and settings\Laura\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_hotbarcom.mnu c:\documents and settings\Laura\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_Hotmail.mnu c:\documents and settings\Laura\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_hsskin.mnu c:\documents and settings\Laura\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_jemster.mnu c:\documents and settings\Laura\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_jemsterie.mnu c:\documents and settings\Laura\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_jemsteruk.mnu c:\documents and settings\Laura\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_jobsearch.mnu c:\documents and settings\Laura\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_Mails.mnu c:\documents and settings\Laura\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_new.mnu c:\documents and settings\Laura\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_premium.mnu c:\documents and settings\Laura\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_reun.mnu c:\documents and settings\Laura\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_ringtones.mnu c:\documents and settings\Laura\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_SearchBoxTrapper.mnu c:\documents and settings\Laura\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_searchfor.mnu c:\documents and settings\Laura\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_searchgo.mnu c:\documents and settings\Laura\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_weather.mnu c:\documents and settings\Laura\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_yellowpages.mnu c:\documents and settings\Laura\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\email-def-511724-9595.mnu c:\documents and settings\Laura\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\email-t1-bg.res c:\documents and settings\Laura\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\hotbar-premium-hotbar-premium.mnu c:\documents and settings\Laura\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\hotbar-premium.cdf c:\documents and settings\Laura\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\hotbar_promo.htm c:\documents and settings\Laura\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\icons2.res c:\documents and settings\Laura\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\layout.cdf c:\documents and settings\Laura\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\linkpathlegal.txt c:\documents and settings\Laura\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\progress.res c:\documents and settings\Laura\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\s_icons_buttons.res c:\documents and settings\Laura\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\sales_buttons.res c:\documents and settings\Laura\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\t2_bg.res c:\documents and settings\Laura\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\theweb.mnu c:\documents and settings\Laura\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\top7.cdf c:\documents and settings\Laura\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Top7_theweb.mnu c:\documents and settings\Laura\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\tsd_bg.res c:\documents and settings\Laura\Application Data\SpamBlockerUtility_Icons c:\documents and settings\Laura\Application Data\SpamBlockerUtility_Icons\Registryrepair.ico c:\documents and settings\Laura\Application Data\SpamBlockerUtility_Icons\Software_Online_8.ico c:\documents and settings\Laura\Application Data\SpamBlockerUtility_Icons\wallpapere1.ico c:\documents and settings\Laura\protect.dll c:\documents and settings\Laura\Start Menu\Programs\Startup\ChkDisk.dll c:\documents and settings\Laura\Start Menu\Programs\Startup\ChkDisk.lnk c:\documents and settings\Mom\Application Data\SpamBlocker c:\documents and settings\Mom\Application Data\SpamBlockerUtility c:\documents and settings\Mom\Application Data\SpamBlockerUtility\SpamBlockerUtility.log c:\documents and settings\Mom\Application Data\SpamBlockerUtility_Icons c:\documents and settings\Mom\Application Data\SpamBlockerUtility_Icons\Registryrepair.ico c:\documents and settings\Mom\Application Data\SpamBlockerUtility_Icons\Software_Online_8.ico c:\documents and settings\Mom\Application Data\SpamBlockerUtility_Icons\wallpapere1.ico c:\documents and settings\Mom\protect.dll c:\documents and settings\Mom\Start Menu\Programs\Startup\ChkDisk.dll c:\documents and settings\Mom\Start Menu\Programs\Startup\ChkDisk.lnk c:\documents and settings\NetworkService\protect.dll c:\windows\system32\autochk.dll c:\windows\system32\drivers\npf.sys c:\windows\system32\init32.exe c:\windows\system32\packet.dll c:\windows\system32\wpcap.dll . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_NPF ((((((((((((((((((((((((( Files Created from 2009-02-12 to 2009-03-12 ))))))))))))))))))))))))))))))) . 2009-03-09 17:20 . 2009-03-09 17:20 <DIR> d-------- c:\program files\Sophos 2009-03-09 16:59 . 2009-03-09 16:59 <DIR> d-------- c:\program files\CCleaner 2009-03-09 12:55 . 2009-03-09 12:44 15,688 --a------ c:\windows\SYSTEM32\lsdelete.exe 2009-03-09 12:44 . 2009-03-09 12:44 <DIR> d----c--- c:\windows\SYSTEM32\DRVSTORE 2009-03-09 12:44 . 2009-03-09 12:44 64,160 --a------ c:\windows\SYSTEM32\DRIVERS\Lbd.sys 2009-03-09 12:04 . 2009-03-09 12:04 <DIR> d-------- c:\program files\Lavasoft 2009-03-09 12:04 . 2009-03-09 12:44 <DIR> d-------- c:\documents and settings\All Users\Application Data\Lavasoft 2009-03-09 12:04 . 2009-03-09 12:26 <DIR> d--h-c--- c:\documents and settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800} 2009-03-07 10:49 . 2009-03-12 17:04 16,362 --a------ c:\windows\SYSTEM32\Config.MPF 2009-02-24 10:40 . 2009-02-24 10:40 54,156 --ah----- c:\windows\QTFont.qfn 2009-02-24 10:40 . 2009-02-24 10:40 1,409 --a------ c:\windows\QTFont.for . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-03-11 00:49 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP 2009-03-09 20:37 --------- d-----w c:\program files\Hijack This 2009-03-09 16:08 --------- d-----w c:\program files\SpywareBlaster 2009-03-09 16:01 --------- d-----w c:\documents and settings\Dad\Application Data\Lavasoft 2009-02-13 21:54 34 ----a-w c:\documents and settings\David\jagex_runescape_preferences.dat 2009-01-24 03:11 0 ---ha-w c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf 2009-01-05 00:08 31 ----a-w c:\documents and settings\Mom\jagex_runescape_preferences.dat 2008-11-25 22:30 44,768 -c--a-w c:\documents and settings\Laura\Application Data\GDIPFONTCACHEV1.DAT 2008-11-09 19:18 44,768 -c--a-w c:\documents and settings\Dad\Application Data\GDIPFONTCACHEV1.DAT 2008-09-28 23:40 44,768 ----a-w c:\documents and settings\David\Application Data\GDIPFONTCACHEV1.DAT 2008-02-03 15:52 43,392 ----a-w c:\documents and settings\Mom\Application Data\GDIPFONTCACHEV1.DAT 2007-09-04 20:45 16,384 ----a-w c:\program files\Randmusic.exe 2005-07-16 09:41 94,208 ----a-w c:\program files\mozilla firefox\components\BrandRes.dll 2005-07-16 09:41 150,912 ----a-w c:\program files\mozilla firefox\components\fullsoft.dll 2005-07-16 09:41 41,573 ----a-w c:\program files\mozilla firefox\components\jar50.dll 2005-07-16 09:41 48,223 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll 2005-07-16 09:41 8,813 ----a-w c:\program files\mozilla firefox\components\qfaservices.dll 2005-07-16 09:41 160,871 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll 2005-11-23 23:56 417,828 -csh--w c:\windows\JAVA\pisod.bak2 . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IAAnotif"="c:\program files\Intel\Intel Application Accelerator\iaanotif.exe" [2004-03-23 135168] "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-08-25 339968] "IntelMeM"="c:\program files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-03 221184] "CTSysVol"="c:\program files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe" [2003-09-17 57344] "UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112] "UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-07 110592] "dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-08-13 122939] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2005-04-29 180269] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2006-02-23 278528] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-06-21 155648] "DXM6Patch_981116"="c:\windows\p_981116.exe" [1998-11-30 497376] "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-03 866584] "CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-03 1603152] "SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472] "OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 79400] "McAfee Backup"="c:\program files\McAfee\MBK\McAfeeDataBackup.exe" [2007-01-16 4838952] "MBkLogOnHook"="c:\program files\McAfee\MBK\LogOnHook.exe" [2007-01-08 20480] "mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2007-11-01 582992] "Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2008-12-12 157312] "Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-03-09 515416] "P17Helper"="P17.dll" [2004-06-10 c:\windows\SYSTEM32\P17.dll] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160] c:\documents and settings\Dad\Start Menu\Programs\Startup\ Lunabar.lnk - c:\program files\Lunar Almanack\Lunabar.exe [2005-01-12 135168] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-05-15 217193] Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"= "c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"= "c:\\Program Files\\America Online 9.0\\waol.exe"= "c:\\Program Files\\Total War\\Medieval - Total War\\Medieval_TW.exe"= "c:\\Program Files\\Real\\RealPlayer\\realplay.exe"= "c:\\Documents and Settings\\Dad\\My Documents\\P2P\\Soulseek\\slsk.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Microsoft SQL Server\\MSSQL.1\\MSSQL\\Binn\\sqlservr.exe"= "c:\\Program Files\\Microsoft SQL Server\\90\\Shared\\sqlbrowser.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"= "c:\\Program Files\\McAfee\\MBK\\McAfeeDataBackup.exe"= R0 Lbd;Lbd;c:\windows\SYSTEM32\DRIVERS\Lbd.sys [2009-03-09 64160] R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-01-18 951120] R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [2006-11-03 13592] R2 YahooAUService;Yahoo! Updater;c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe [2008-11-09 602392] R3 Eacfilt;Eacfilt Miniport;c:\windows\SYSTEM32\DRIVERS\eacfilt.sys [2006-11-16 9817] S1 vcdrom;Virtual CD-ROM Device Driver;\??\c:\documents and settings\All Users\Documents\VCD\VCdRom.sys --> c:\documents and settings\All Users\Documents\VCD\VCdRom.sys [?] S2 IPSECEXT;Nortel Extranet Access Protocol;c:\windows\SYSTEM32\DRIVERS\ipsecw2k.sys [2006-11-16 137392] S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\86.tmp --> c:\windows\system32\86.tmp [?] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\Z] \Shell\AutoRun\command - Z:\autorun.exe . Contents of the 'Scheduled Tasks' folder 2009-03-09 c:\windows\Tasks\Ad-Aware Update (Weekly).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 12:44] 2008-01-14 c:\windows\Tasks\McDefragTask.job - c:\progra~1\mcafee\mqc\QcConsol.exe [2007-12-04 13:32] 2008-01-14 c:\windows\Tasks\McQcTask.job - c:\progra~1\mcafee\mqc\QcConsol.exe [2007-12-04 13:32] 2009-03-12 c:\windows\Tasks\MP Scheduled Scan.job - c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 19:20] . - - - - ORPHANS REMOVED - - - - HKLM-Run-autochk - c:\windows\system32\autochk.dll . ------- Supplementary Scan ------- . uStart Page = hxxp://www.yahoo.com/ mStart Page = hxxp://www.yahoo.com uInternet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch uSearchURL,(Default) = hxxp://red.clientapps.yahoo.com/customize/ycomp/defaults/su/http://www.yahoo.com IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000 FF - ProfilePath - c:\documents and settings\Dad\Application Data\Mozilla\Firefox\Profiles\7kh5abo9.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - about:blank FF - component: c:\program files\Mozilla Firefox\components\qfaservices.dll ---- FIREFOX POLICIES ---- FF - user.js: dom.disable_open_during_load - false // Popupblocker control handled by McAfee Privacy Service c:\program files\Mozilla Firefox\greprefs\all.js - pref("backups.number_of_prefs_copies", 1); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.link.open_newwindow.ui", 3); // prefs UI version c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.closed", "allAccess"); c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.document", "allAccess"); c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.frames", "allAccess"); c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.history", "allAccess"); c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.length", "allAccess"); c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.opener", "allAccess"); c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.parent", "allAccess"); c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.self", "allAccess"); c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.top", "allAccess"); c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.window", "allAccess"); c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.DOMParser,parseFromString", "noAccess"); c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.DOMParser,parseFromStream", "noAccess"); c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.disable_window_open_feature.status", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("advanced.always_load_images", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.protocol-handler.external.help", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.connect.timeout", 30); // in seconds c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.request.timeout", 120); // in seconds c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.accept.default", "application/x-shockwave-flash,text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,/;q=0.5"); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN_show_punycode", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.image.imageBehavior", 0); // 0-Accept, 1-dontAcceptForeign, 2-dontUse c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.cookie.cookieBehavior", 3); // 0-Accept, 1-dontAcceptForeign, 2-dontUse, 3-p3p c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.cookie.p3plevel", 1); // 0=low, 1=medium, 2=high, 3=custom c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.enablePad", false); // Allow client to do proxy autodiscovery c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDFE0BD779-44EE-4A4B-AA2E-743C63F2E5E6", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDFE0BD779-44EE-4A4B-AA2E-743C63F2E5E6", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDFE0BD779-44EE-4A4B-AA2E-743C63F2E5E6", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("app.id", "{ec8030f7-c20a-464f-9b0e-13a3a9e97384}"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("app.version", c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("app.extensions.version", "1.0"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("app.build_id", c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("app.update.autoUpdateEnabled", true); // Whether or not background app updates c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("app.update.url", "chrome://mozapps/locale/update/update.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("app.update.updatesAvailable", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("app.update.lastUpdateDate", 0); // UTC offset when last App update was c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("app.update.performed", false); // Whether or not an update has been c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.update.autoUpdateEnabled", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.update.autoUpdate", false); // Automatically download and install c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.update.interval", 604800000); // Check for updates to Extensions and c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.update.lastUpdateDate", 0); // UTC offset when last Extension/Theme c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.update.severity.threshold", 5);// The number of pending Extension/Theme c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.update.count", 0); // The number of extension/theme/etc c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("update.interval", 3600000); // Check each of the above intervals c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("update.showSlidingNotification", true); // Windows-only slide-up taskbar c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("update.severity", 0); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("general.useragent.vendor", "Firefox"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("general.useragent.vendorSub", c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.update.resetHomepage", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.startup.homepage_override.1", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.turbo.enabled", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.default", "chrome://browser/content/searchconfig.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.custom", "chrome://browser/content/searchconfig.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("update_notifications.enabled", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("update_notifications.provider.0.frequency", 7); // number of days c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.xul.error_pages.enabled", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("pfs.datasource.url", "chrome://mozapps/locale/plugins/plugins.properties"); . *********************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-03-12 17:11:40 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run McAfee Backup = c:\program files\McAfee\MBK\McAfeeDataBackup.exe????????????????????????????????????????????????????????????????????????????????? scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2] "ImagePath"="\??\c:\windows\system32\86.tmp" . ------------------------ Other Running Processes ------------------------ . c:\windows\SYSTEM32\ati2evxx.exe c:\progra~1\COMMON~1\AOL\ACS\AOLacsd.exe c:\windows\SYSTEM32\CTSVCCDA.EXE c:\program files\Intel\Intel Application Accelerator\IAANTmon.exe c:\program files\McAfee\MBK\MBackMonitor.exe c:\progra~1\McAfee\MSC\mcmscsvc.exe c:\progra~1\COMMON~1\McAfee\MNA\McNASvc.exe c:\progra~1\COMMON~1\McAfee\McProxy\McProxy.exe c:\progra~1\McAfee\VIRUSS~1\Mcshield.exe c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe c:\program files\McAfee\MPF\MpfSrv.exe c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe c:\windows\SYSTEM32\MsPMSPSv.exe c:\windows\SYSTEM32\ZuneBusEnum.exe c:\windows\SYSTEM32\WBEM\UNSECAPP.EXE c:\progra~1\McAfee\VIRUSS~1\mcsysmon.exe c:\windows\SYSTEM32\RUNDLL32.EXE c:\program files\iPod\bin\iPodService.exe c:\progra~1\McAfee\MSC\mcuimgr.exe . ************************************************************************ . Completion time: 2009-03-12 17:15:17 - machine was rebooted ComboFix-quarantined-files.txt 2009-03-12 21:15:14 Pre-Run: 96,412,446,720 bytes free Post-Run: 98,798,649,344 bytes free WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect 586 --- E O F --- 2007-12-01 05:59:03

03-12-2009, 03:53 PM	#4 (permalink)
tetonbob Manager, Security Center, TSF Academy; Analyst, Security Team Join Date: Jan 2005 Location: Transylvania County, North Carolina, USA Posts: 39,397 OS: 2000 Pro; XP Pro; XP Home	Re: Help with redirect problems We'll have more work to do, but before we continue....how is the machine behaving? Still being redirected? __________________ Practice Safe Surfing PC Safety and Security--What Do I Need? Because what you don't know, CAN hurt you. Proud Member of ASAP since 2005 Proud Member of UNITE since 2006 Microsoft MVP - Consumer Security 2009

03-12-2009, 05:22 PM	#5 (permalink)
m_c_5_7 Registered User Join Date: Mar 2009 Posts: 6 OS: XP Home Edition Version 2002 Service Pack 2	Re: Help with redirect problems No, I am not seeing any of the bad behavior noted in original request. I am not being re-directed, hovering over the yahoo links shows a valid url, and the pages are accessible and rendering clearly in both IE and Firefox.

03-12-2009, 05:33 PM	#6 (permalink)
tetonbob Manager, Security Center, TSF Academy; Analyst, Security Team Join Date: Jan 2005 Location: Transylvania County, North Carolina, USA Posts: 39,397 OS: 2000 Pro; XP Pro; XP Home	Re: Help with redirect problems Ok, great. Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update. Download the latest version of Java Runtime Environment (JRE) 6 and save it to your desktop. Scroll down to where it says "Java SE Runtime Environment (JRE) 6 Update 12. The Java SE Runtime Environment (JRE) allows end-users to run Java applications." Click the "Download" button to the right. Select the Windows platform from the dropdown menu. Read the License Agreement and then check the box that says: " I agree to the Java SE Runtime Environment 6 with JavaFX License Agreement". Click on Continue.The page will refresh. Click on the link to download Windows Offline Installation and save the file to your desktop. Close any programs you may have running - especially your web browser. Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java. Check (highlight) any item with Java Runtime Environment (JRE or J2SE or Java(TM) 6) in the name. Click the Remove or Change/Remove button. Repeat as many times as necessary to remove each Java versions. Reboot your computer once all Java components are removed. Then from your desktop double-click on jre-6u12-windows-i586-p.exe to install the newest version. After the install is complete, go into the Control Panel (using Classic View) and double-click the Java Icon. (looks like a coffee cup) On the General tab, under Temporary Internet Files, click the Settings button. Next, click on the Delete Files button There are two options in the window to clear the cache - Leave BOTH Checked Applications and Applets Trace and Log Files Click OK on Delete Temporary Files Window Note: This deletes ALL the Downloaded Applications and Applets from the CACHE. Click OK to leave the Temporary Files Window Click OK to leave the Java Control Panel. --------------------------------------------------------------------------------------------- Please download ATF Cleaner by Atribune. Double-click ATF-Cleaner.exe to run the program. Under Main choose: Select All Click the Empty Selected button. If you use Firefox browser Click Firefox at the top and choose: Select All Click the Empty Selected button. NOTE: If you would like to keep your saved passwords, please click No at the prompt. If you use Opera browser Click Opera at the top and choose: Select All Click the Empty Selected button. NOTE: If you would like to keep your saved passwords, please click No at the prompt. Click Exit on the Main menu to close the program. For Technical Support, double-click the e-mail address located at the bottom of each menu. --------------------------------------------------------------------------------------------- Please run this online scan to help look for remnants. Perform an online scan with Panda ActiveScan Click on Scan Your PC Now A "pop up" window will appear, or a new tab will open. Click on Register Choose the option you like most, but we recommend the Free Registration. Click on Register Enter your e-mail address, and create a password. Select "I do not want to receive any type of information". (unless you want to receive such information) Click on Send Confirm registration, and continue by entering your user name and password, then click on Enter Select Full Scan, then Click on Scan Now Wait for the components to be loaded and installed. Don't close this window or go to another page while it is downloading. You can continue using the Internet by opening another window in your browser. If it finds any malware it can disinfect, the Disinfect button will be enabled. Click on Disinfect Please ignore the offer to buy the program. Click on Export To Export the log and save it to your desktop. Please attach the contents of that log to your reply. * Turn off the real time scanner of any existing antivirus program while performing the online scan --------------------------------------------------------------------------------------------- __________________ Practice Safe Surfing PC Safety and Security--What Do I Need? Because what you don't know, CAN hurt you. Proud Member of ASAP since 2005 Proud Member of UNITE since 2006 Microsoft MVP - Consumer Security 2009

03-13-2009, 11:41 AM	#8 (permalink)
tetonbob Manager, Security Center, TSF Academy; Analyst, Security Team Join Date: Jan 2005 Location: Transylvania County, North Carolina, USA Posts: 39,397 OS: 2000 Pro; XP Pro; XP Home	Re: Help with redirect problems Open NOTEPAD.exe and copy/paste the text in the codebox below into it: Code: @echo off if exist "%temp%\log.txt" del "%temp%\log.txt" for %%g in ( "C:\Documents and Settings\Dad\My Documents\Garbage\Local Settings - Temp\UUEt.exe" "C:\Documents and Settings\Dad\My Documents\Garbage\Windows - System32\frmwrk32.exe" ) do ( del /a/f %%g >nul 2>&1 if exist %%g echo.%%g>>"%temp%\log.txt" ) if exist "%temp%\log.txt" ( start notepad "%temp%\log.txt" ) else echo.Deleted Successfully !! pause del %0 Save this as fix.bat Choose to "Save type as - All Files" It should look like this: Double click on fix.bat & allow it to run Post back to tell me what it says __________________ Practice Safe Surfing PC Safety and Security--What Do I Need? Because what you don't know, CAN hurt you. Proud Member of ASAP since 2005 Proud Member of UNITE since 2006 Microsoft MVP - Consumer Security 2009

03-13-2009, 12:33 PM	#9 (permalink)
m_c_5_7 Registered User Join Date: Mar 2009 Posts: 6 OS: XP Home Edition Version 2002 Service Pack 2	Re: Help with redirect problems I saved it the desktop then clicked on it to run....results cut-and-pasted here: Deleted Successfully !! Press any key to continue . . .

03-13-2009, 01:25 PM	#10 (permalink)
tetonbob Manager, Security Center, TSF Academy; Analyst, Security Team Join Date: Jan 2005 Location: Transylvania County, North Carolina, USA Posts: 39,397 OS: 2000 Pro; XP Pro; XP Home	Re: Help with redirect problems Good, that's what we want... Many of the other items found were Firefox cookies. Cookies get installed on your computer everytime you visit any webpage. Now, some of those are good cookies that get installed for ease of use for next time you visit the same page, but some cookies are spyware used for tracking users surfing habits. Most of those cookies are third party cookies that can be blocked: In Firefox go to Tools > Options > Privacy > Cookies Click Exceptions, identify the site you want to block, and click on Block. In IE go to Tools > Internet Options > Privacy and click on Advanced in the Privacy tab Now put a check next to "Override automatic cookie handling" Set first party cookies to Accept and third party cookies to Block Also put a check to "Always allow session cookies" OK your way out. This won't prevent all bad cookies from being installed, but will reduce the amount. Also there is another program you can use. Spywareblaster Prevents the installation of ActiveX-based spyware, adware, browser hijackers, dialers, and other potentially unwanted software. Blocks spyware/tracking cookies in Internet Explorer and Mozilla/Firefox. Restricts the actions of potentially unwanted sites in Internet Explorer. You can read more about cookies at the Cookie Concept You can tidy up with this tool: Please download ATF Cleaner by Atribune. This program is for XP and Windows 2000 only Double-click ATF-Cleaner.exe to run the program. Under Main choose: Select All Click the Empty Selected button. If you use Firefox browser Click Firefox at the top and choose: Select All Click the Empty Selected button. NOTE: If you would like to keep your saved passwords, please click No at the prompt. If you use Opera browser Click Opera at the top and choose: Select All Click the Empty Selected button. NOTE: If you would like to keep your saved passwords, please click No at the prompt. Click Exit on the Main menu to close the program. For Technical Support, double-click the e-mail address located at the bottom of each menu. --------------------------------------------------------------------------------------------- The other items Panda found are in System Restore points, and will be addressed by uninstalling ComboFix as instructed below Other than that.... Your logs appear clean.You should be good to go. We still have a few items to address. Go to -> Run -> copy/paste in the following single line command & click OK combofix /u This will uninstall ComboFix. It will also implement some cleanup procedures and reset System Restore points. Now that your system is clean, to help protect your computer in the future I recommend that you follow these steps and look into the following free programs: Microsoft Windows Update - http://www.windowsupdate.com Visit regularly. This will ensure your computer always has the latest security updates. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates. SpywareBlaster to help prevent spyware from installing in the first place. Install & update SpywareBlaster with the latest definitions. After you have updated, click the button - enable protection for all unprotected items McAfee Site Advisor--free version. The folks there check out websites and based on their findings, rate it as Safe, Unknown, Caution, or Bad. Winpatrol Winpatrol is heuristic protection program, meaning it looks for patterns in codes that work like malware. It also takes a snapshot of your system's critical resources and alerts you to any changes that may occur without you knowing. You can read more about Winpatrol's features here. You can get a free copy of Winpatrol or use the Plus version for more features. You can read Winpatrol's FAQ if you run into problems. MVPS HOST FILE The MVPS Hosts file replaces your current HOSTS file with one that will restrict known ad sites form serving you unsolicited advertisements. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is the IP of your local computer. Download Host.zip to your desktop. From your Desktop right-click (hosts.zip) and select: Extract All from the menu. Click Next, click Next, select the option: "Show Extracted files", click Finish This will open the newly created hosts folder on your Desktop. Double-click on the included mvps.bat file, this will rename the existing HOSTS file to HOSTS.MVP, then it will copy the included updated HOSTS file to the correct location on your machine. Once updated you should see another prompt that the task was completed. ANTIVIRUS SOFTWARE It is very important that you have anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future. It is imperative that you update your antivirus software at least once a week (even more if you wish). If you do not update your antivirus software then it will not be able to catch new malware that may have come out. Do not install more than one AntiVirus program because they will conflict with each other. Scan here http://secunia.com/software_inspector/ for out of date & vulnerable common applications on your computer http://www.trillian.cc ? Trillian or http://www.miranda-im.com ? Miranda-IM - These are Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN) http://www.aumha.org/downloads/erunt-setup.exe - ERUNT - A useful freeware utility for users of Windows 2000/XP//Vista. It's made up of two parts - ERUNT & NTREGOPT. ERUNT will create daily complete backups of your computer's Registry. Whilst System Restore does the same thing, a corrupt registry file may prevent Windows from booting & this effectively renders disables System Restore. With ERUNT, you're able to restore the damaged Registry. NTREGOPT works by recreating each registry hive "from scratch", thus removing any slack space that may be left from previously modified or deleted keys. In other words, it compacts the Registry to a small size which allows Windows to load & perform faster. In light of your recent troubles, I'm sure you'll like to avoid any future infections. Please take a look at these well written articles How did I get infected in the first place? PC Safety and Security--What Do I Need? If you want to fight back the Malware Writers that have made your life a misery, please take a look here and read what you can do against it. Please respond to this thread one more time so we can mark this thread as resolved. __________________ Practice Safe Surfing PC Safety and Security--What Do I Need? Because what you don't know, CAN hurt you. Proud Member of ASAP since 2005 Proud Member of UNITE since 2006 Microsoft MVP - Consumer Security 2009

03-13-2009, 07:14 PM	#11 (permalink)
m_c_5_7 Registered User Join Date: Mar 2009 Posts: 6 OS: XP Home Edition Version 2002 Service Pack 2	Re: Help with redirect problems I am following the instructions. The Secunia scanner has reported a lot of software as out-of-date so I need to update those. Thanks for the help.

03-13-2009, 07:53 PM	#12 (permalink)
tetonbob Manager, Security Center, TSF Academy; Analyst, Security Team Join Date: Jan 2005 Location: Transylvania County, North Carolina, USA Posts: 39,397 OS: 2000 Pro; XP Pro; XP Home	Re: Help with redirect problems Glad to help. Surf Safely, and Think Prevention! Since this issue is resolved, this topic will be archived. __________________ Practice Safe Surfing PC Safety and Security--What Do I Need? Because what you don't know, CAN hurt you. Proud Member of ASAP since 2005 Proud Member of UNITE since 2006 Microsoft MVP - Consumer Security 2009