Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

2 Different Pop-ups In Ie7


  • This topic is locked This topic is locked
6 replies to this topic

#1 RonGee

RonGee

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:07:23 PM

Posted 18 January 2008 - 05:22 PM

Hello - This is my first post, if I am doing it wrong please let me know.
I am regularly getting two different pop-ups when ever I open IE7 and every time I change pages during the session. The pop-ups are Perfect lover calculator and Search STT. I have run Adaware and also Spybot search and destroy, not help. My system is: WinXP SP2 on a Dell Demension 2400. Here is my HJT Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:55:59 PM, on 1/18/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\System32\msiexec.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-21-3252186945-3652441217-3865337161-1008\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'JOHN')
O4 - HKUS\S-1-5-21-3252186945-3652441217-3865337161-1008\..\Run: [Microsoft Works Update Detection] ???????\WkDetect.exe (User 'JOHN')
O4 - HKUS\S-1-5-21-3252186945-3652441217-3865337161-1008\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'JOHN')
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.windowsupdate.com
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://crucial.com/controls/cpcScanner.cab
O16 - DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} - https://a248.e.akamai.net/f/248/5462/2h/www...ol/SymDlBrg.cab
O20 - Winlogon Notify: __c00BBFBC - C:\WINDOWS\system32\__c00BBFBC.dat
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 6368 bytes

BC AdBot (Login to Remove)

 


m

#2 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:07:23 PM

Posted 18 January 2008 - 09:39 PM

Hello RonGee,

Welcome to Bleeping Computer :thumbsup:

1. Download this file - combofix.exe
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe
2. Double click combofix.exe & follow the prompts.
3. When finished, it will produce a log for you. Post that log in your next reply please, along with a new HijackThis log.

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall.

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#3 RonGee

RonGee
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:07:23 PM

Posted 18 January 2008 - 10:52 PM

This is new Hjt log after running combofix.exe. I will be followed by the log file generated by Combofix

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:42:32 PM, on 1/18/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\notepad.exe
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
C:\Program Files\Symantec\LiveUpdate\AUPDATE.EXE
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.windowsupdate.com
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://crucial.com/controls/cpcScanner.cab
O16 - DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} - https://a248.e.akamai.net/f/248/5462/2h/www...ol/SymDlBrg.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O20 - Winlogon Notify: __c00BBFBC - C:\WINDOWS\system32\__c00BBFBC.dat (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 6897 bytes


Combofix Log File:
ComboFix 08-01-18.5 - JOY 2008-01-18 21:31:13.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.209 [GMT -6:00]
Running from: C:\Documents and Settings\JOY\Local Settings\Temporary Internet Files\Content.IE5\O0D6Y1T6\ComboFix[1].exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\JOHN\Application Data\ShoppingReport
C:\Documents and Settings\JOHN\Application Data\ShoppingReport\cs\Config.xml
C:\Documents and Settings\JOHN\Application Data\ShoppingReport\cs\db\Aliases.dbs
C:\Documents and Settings\JOHN\Application Data\ShoppingReport\cs\db\Sites.dbs
C:\Documents and Settings\JOHN\Application Data\ShoppingReport\cs\dwld\WhiteList.xip
C:\Documents and Settings\JOHN\Application Data\ShoppingReport\cs\report\aggr_storage.xml
C:\Documents and Settings\JOHN\Application Data\ShoppingReport\cs\report\send_storage.xml
C:\Documents and Settings\JOHN\Application Data\ShoppingReport\cs\res1\WhiteList.dbs
C:\Documents and Settings\JOHN\Application Data\SpamBlockerUtility
C:\Documents and Settings\JOHN\Application Data\SpamBlockerUtility\SpamBlockerUtility.log
C:\Documents and Settings\JOHN\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\1.sdf
C:\Documents and Settings\JOHN\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\1386476.sdf
C:\Documents and Settings\JOHN\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\1389182.sdf
C:\Documents and Settings\JOHN\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\3893642.sdf
C:\Documents and Settings\JOHN\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\819382.sdf
C:\Documents and Settings\JOHN\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\domains.txt
C:\Documents and Settings\JOHN\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\17040
C:\Documents and Settings\JOHN\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\20501
C:\Documents and Settings\JOHN\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\20517
C:\Documents and Settings\JOHN\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\20570
C:\Documents and Settings\JOHN\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\23149
C:\Documents and Settings\JOHN\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\27503
C:\Documents and Settings\JOHN\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\279564
C:\Documents and Settings\JOHN\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\281075
C:\Documents and Settings\JOHN\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\39289
C:\Documents and Settings\JOHN\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\449626
C:\Documents and Settings\JOHN\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\481176
C:\Documents and Settings\JOHN\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\531510
C:\Documents and Settings\JOHN\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\547723
C:\Documents and Settings\JOHN\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\578081
C:\Documents and Settings\JOHN\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\578140
C:\Documents and Settings\JOHN\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\6292
C:\Documents and Settings\JOHN\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\64446
C:\Documents and Settings\JOHN\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\66836
C:\Documents and Settings\JOHN\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\67469
C:\Documents and Settings\JOHN\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\744260
C:\Documents and Settings\JOHN\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\745175
C:\Documents and Settings\JOHN\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\745751
C:\Documents and Settings\JOHN\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\747343
C:\Documents and Settings\JOHN\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\753335
C:\Documents and Settings\JOHN\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\79806
C:\Documents and Settings\JOHN\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\82292
C:\Documents and Settings\JOHN\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\85062
C:\Documents and Settings\JOHN\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\90358
C:\Documents and Settings\JOHN\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\95615
C:\Documents and Settings\JOHN\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\97734
C:\Documents and Settings\JOHN\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\ustat\3645.dat
C:\Documents and Settings\JOHN\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\ads.cdf
C:\Documents and Settings\JOHN\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\btntrans.idx
C:\Documents and Settings\JOHN\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\btntrans1.dat
C:\Documents and Settings\JOHN\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\business_promo.htm
C:\Documents and Settings\JOHN\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\buttondir.txt
C:\Documents and Settings\JOHN\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\components.cdf
C:\Documents and Settings\JOHN\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\cursors.res
C:\Documents and Settings\JOHN\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\d_icons_buttons_1000.res
C:\Documents and Settings\JOHN\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\d_icons_buttons_2000.res
C:\Documents and Settings\JOHN\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\d_icons_buttons_3000.res
C:\Documents and Settings\JOHN\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\d_icons_buttons_bar.res
C:\Documents and Settings\JOHN\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\d_icons_buttons_bbar1.res
C:\Documents and Settings\JOHN\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\d_icons_buttons_logos.res
C:\Documents and Settings\JOHN\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\d_icons_buttons_other.res
C:\Documents and Settings\JOHN\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\d_icons_weather.res
C:\Documents and Settings\JOHN\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\default.cdf
C:\Documents and Settings\JOHN\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_bidz.mnu
C:\Documents and Settings\JOHN\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_bidz1.mnu
C:\Documents and Settings\JOHN\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_bidz10.mnu
C:\Documents and Settings\JOHN\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_bidz11.mnu
C:\Documents and Settings\JOHN\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_bidz12.mnu
C:\Documents and Settings\JOHN\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_bidz13.mnu
C:\Documents and Settings\JOHN\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_bidz14.mnu
C:\Documents and Settings\JOHN\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_bidz15.mnu
C:\Documents and Settings\JOHN\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_bidz16.mnu
C:\Documents and Settings\JOHN\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_bidz17.mnu
C:\Documents and Settings\JOHN\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_bidz18.mnu
C:\Documents and Settings\JOHN\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_bidz19.mnu
C:\Documents and Settings\JOHN\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_bidz2.mnu
C:\Documents and Settings\JOHN\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_bidz20.mnu
C:\Documents and Settings\JOHN\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_bidz3.mnu
C:\Documents and Settings\JOHN\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_bidz4.mnu
C:\Documents and Settings\JOHN\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_bidz5.mnu
C:\Documents and Settings\JOHN\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_bidz6.mnu
C:\Documents and Settings\JOHN\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_bidz7.mnu
C:\Documents and Settings\JOHN\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_bidz8.mnu
C:\Documents and Settings\JOHN\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_bidz9.mnu
C:\Documents and Settings\JOHN\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_categorize.mnu
C:\Documents and Settings\JOHN\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_comparison.mnu
C:\Documents and Settings\JOHN\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_em_PROFL_CA_flow_b_IEB.mnu
C:\Documents and Settings\JOHN\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_explorer-Mails.mnu
C:\Documents and Settings\JOHN\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_explorer-people.mnu
C:\Documents and Settings\JOHN\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_fastutilities.mnu
C:\Documents and Settings\JOHN\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_favorites.mnu
C:\Documents and Settings\JOHN\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_Games.mnu
C:\Documents and Settings\JOHN\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_Hide.mnu
C:\Documents and Settings\JOHN\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_hotbarcom.mnu
C:\Documents and Settings\JOHN\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_Hotmail.mnu
C:\Documents and Settings\JOHN\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_hsskin.mnu
C:\Documents and Settings\JOHN\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_jemster.mnu
C:\Documents and Settings\JOHN\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_jemsterie.mnu
C:\Documents and Settings\JOHN\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_jemsteruk.mnu
C:\Documents and Settings\JOHN\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_jobsearch.mnu
C:\Documents and Settings\JOHN\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_Mails.mnu
C:\Documents and Settings\JOHN\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_new.mnu
C:\Documents and Settings\JOHN\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_premium.mnu
C:\Documents and Settings\JOHN\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_reun.mnu
C:\Documents and Settings\JOHN\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_ringtones.mnu
C:\Documents and Settings\JOHN\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_SearchBoxTrapper.mnu
C:\Documents and Settings\JOHN\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_searchfor.mnu
C:\Documents and Settings\JOHN\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_searchgo.mnu
C:\Documents and Settings\JOHN\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_weather.mnu
C:\Documents and Settings\JOHN\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_yellowpages.mnu
C:\Documents and Settings\JOHN\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\email-def-511724-9595.mnu
C:\Documents and Settings\JOHN\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\email-t1-bg.res
C:\Documents and Settings\JOHN\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\hb_ie_menu.res
C:\Documents and Settings\JOHN\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\hotbar-premium-hotbar-premium.mnu
C:\Documents and Settings\JOHN\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\hotbar-premium.cdf
C:\Documents and Settings\JOHN\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\hotbar_promo.htm
C:\Documents and Settings\JOHN\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\icons2.res
C:\Documents and Settings\JOHN\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\ie_games_icon.res
C:\Documents and Settings\JOHN\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\ie_video.res
C:\Documents and Settings\JOHN\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\keywords.idx
C:\Documents and Settings\JOHN\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\keywords1.dat
C:\Documents and Settings\JOHN\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\layout.cdf
C:\Documents and Settings\JOHN\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\linkpathlegal.txt
C:\Documents and Settings\JOHN\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\progress.res
C:\Documents and Settings\JOHN\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\s_icons_buttons.res
C:\Documents and Settings\JOHN\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\sales_buttons.res
C:\Documents and Settings\JOHN\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\sbu_icon.res
C:\Documents and Settings\JOHN\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\t2_bg.res
C:\Documents and Settings\JOHN\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\theweb.mnu
C:\Documents and Settings\JOHN\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\top7.cdf
C:\Documents and Settings\JOHN\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Top7_theweb.mnu
C:\Documents and Settings\JOHN\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\tsd_bg.res
C:\Documents and Settings\JOHN\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\weathericon.res
C:\Documents and Settings\JOHN\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\ads.cdf
C:\Documents and Settings\JOHN\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\btntrans.idx
C:\Documents and Settings\JOHN\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\btntrans1.dat
C:\Documents and Settings\JOHN\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\business_promo.htm
C:\Documents and Settings\JOHN\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\buttondir.txt
C:\Documents and Settings\JOHN\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\components.cdf
C:\Documents and Settings\JOHN\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\cursors.res
C:\Documents and Settings\JOHN\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\d_icons_buttons_1000.res
C:\Documents and Settings\JOHN\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\d_icons_buttons_2000.res
C:\Documents and Settings\JOHN\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\d_icons_buttons_3000.res
C:\Documents and Settings\JOHN\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\d_icons_buttons_bar.res
C:\Documents and Settings\JOHN\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\d_icons_buttons_bbar1.res
C:\Documents and Settings\JOHN\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\d_icons_buttons_logos.res
C:\Documents and Settings\JOHN\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\d_icons_buttons_other.res
C:\Documents and Settings\JOHN\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\d_icons_weather.res
C:\Documents and Settings\JOHN\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\default.cdf
C:\Documents and Settings\JOHN\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_bidz.mnu
C:\Documents and Settings\JOHN\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_bidz1.mnu
C:\Documents and Settings\JOHN\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_bidz10.mnu
C:\Documents and Settings\JOHN\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_bidz11.mnu
C:\Documents and Settings\JOHN\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_bidz12.mnu
C:\Documents and Settings\JOHN\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_bidz13.mnu
C:\Documents and Settings\JOHN\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_bidz14.mnu
C:\Documents and Settings\JOHN\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_bidz15.mnu
C:\Documents and Settings\JOHN\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_bidz16.mnu
C:\Documents and Settings\JOHN\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_bidz17.mnu
C:\Documents and Settings\JOHN\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_bidz18.mnu
C:\Documents and Settings\JOHN\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_bidz19.mnu
C:\Documents and Settings\JOHN\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_bidz2.mnu
C:\Documents and Settings\JOHN\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_bidz20.mnu
C:\Documents and Settings\JOHN\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_bidz3.mnu
C:\Documents and Settings\JOHN\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_bidz4.mnu
C:\Documents and Settings\JOHN\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_bidz5.mnu
C:\Documents and Settings\JOHN\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_bidz6.mnu
C:\Documents and Settings\JOHN\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_bidz7.mnu
C:\Documents and Settings\JOHN\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_bidz8.mnu
C:\Documents and Settings\JOHN\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_bidz9.mnu
C:\Documents and Settings\JOHN\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_categorize.mnu
C:\Documents and Settings\JOHN\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_comparison.mnu
C:\Documents and Settings\JOHN\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_em_PROFL_CA_flow_b_IEB.mnu
C:\Documents and Settings\JOHN\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_explorer-Mails.mnu
C:\Documents and Settings\JOHN\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_explorer-people.mnu
C:\Documents and Settings\JOHN\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_fastutilities.mnu
C:\Documents and Settings\JOHN\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_favorites.mnu
C:\Documents and Settings\JOHN\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_Games.mnu
C:\Documents and Settings\JOHN\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_Hide.mnu
C:\Documents and Settings\JOHN\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_hotbarcom.mnu
C:\Documents and Settings\JOHN\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_Hotmail.mnu
C:\Documents and Settings\JOHN\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_hsskin.mnu
C:\Documents and Settings\JOHN\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_jemster.mnu
C:\Documents and Settings\JOHN\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_jemsterie.mnu
C:\Documents and Settings\JOHN\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_jemsteruk.mnu
C:\Documents and Settings\JOHN\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_jobsearch.mnu
C:\Documents and Settings\JOHN\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_Mails.mnu
C:\Documents and Settings\JOHN\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_new.mnu
C:\Documents and Settings\JOHN\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_premium.mnu
C:\Documents and Settings\JOHN\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_reun.mnu
C:\Documents and Settings\JOHN\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_ringtones.mnu
C:\Documents and Settings\JOHN\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_SearchBoxTrapper.mnu
C:\Documents and Settings\JOHN\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_searchfor.mnu
C:\Documents and Settings\JOHN\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_searchgo.mnu
C:\Documents and Settings\JOHN\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_weather.mnu
C:\Documents and Settings\JOHN\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_yellowpages.mnu
C:\Documents and Settings\JOHN\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\email-def-511724-9595.mnu
C:\Documents and Settings\JOHN\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\email-t1-bg.res
C:\Documents and Settings\JOHN\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\hb_ie_menu.res
C:\Documents and Settings\JOHN\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\hotbar-premium-hotbar-premium.mnu
C:\Documents and Settings\JOHN\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\hotbar-premium.cdf
C:\Documents and Settings\JOHN\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\hotbar_promo.htm
C:\Documents and Settings\JOHN\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\icons2.res
C:\Documents and Settings\JOHN\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\ie_games_icon.res
C:\Documents and Settings\JOHN\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\ie_video.res
C:\Documents and Settings\JOHN\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\keywords.idx
C:\Documents and Settings\JOHN\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\keywords1.dat
C:\Documents and Settings\JOHN\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\layout.cdf
C:\Documents and Settings\JOHN\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\linkpathlegal.txt
C:\Documents and Settings\JOHN\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\progress.res
C:\Documents and Settings\JOHN\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\s_icons_buttons.res
C:\Documents and Settings\JOHN\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\sales_buttons.res
C:\Documents and Settings\JOHN\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\sbu_icon.res
C:\Documents and Settings\JOHN\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\t2_bg.res
C:\Documents and Settings\JOHN\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\theweb.mnu
C:\Documents and Settings\JOHN\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\top7.cdf
C:\Documents and Settings\JOHN\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Top7_theweb.mnu
C:\Documents and Settings\JOHN\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\tsd_bg.res
C:\Documents and Settings\JOHN\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\weathericon.res
C:\Documents and Settings\JOHN\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\ads.xip
C:\Documents and Settings\JOHN\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\BtnTrans.xip
C:\Documents and Settings\JOHN\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\BtnTrans1.xip
C:\Documents and Settings\JOHN\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\business_promo.xip
C:\Documents and Settings\JOHN\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\buttondir.xip
C:\Documents and Settings\JOHN\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\cursors.xip
C:\Documents and Settings\JOHN\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\d_icons_buttons_1000.xip
C:\Documents and Settings\JOHN\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\d_icons_buttons_2000.xip
C:\Documents and Settings\JOHN\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\d_icons_buttons_3000.xip
C:\Documents and Settings\JOHN\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\d_icons_buttons_bar.xip
C:\Documents and Settings\JOHN\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\d_icons_buttons_bbar1.xip
C:\Documents and Settings\JOHN\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\d_icons_buttons_logos.xip
C:\Documents and Settings\JOHN\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\d_icons_buttons_other.xip
C:\Documents and Settings\JOHN\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\d_icons_weather.xip
C:\Documents and Settings\JOHN\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\default.xip
C:\Documents and Settings\JOHN\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\email-t1-bg.xip
C:\Documents and Settings\JOHN\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\hb_ie_menu.xip
C:\Documents and Settings\JOHN\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\hotbar-premium.xip
C:\Documents and Settings\JOHN\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\hotbar_promo.xip
C:\Documents and Settings\JOHN\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\icons2.xip
C:\Documents and Settings\JOHN\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\ie_games_icon.xip
C:\Documents and Settings\JOHN\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\ie_video.xip
C:\Documents and Settings\JOHN\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\keywords.xip
C:\Documents and Settings\JOHN\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\keywords1.xip
C:\Documents and Settings\JOHN\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\layout.xip
C:\Documents and Settings\JOHN\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\linkpathlegal.xip
C:\Documents and Settings\JOHN\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\s_icons_buttons.xip
C:\Documents and Settings\JOHN\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\sales_buttons.xip
C:\Documents and Settings\JOHN\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\samplegroups2.txt
C:\Documents and Settings\JOHN\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\samplegroups2.xip
C:\Documents and Settings\JOHN\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\sbu_icon.xip
C:\Documents and Settings\JOHN\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\t2_bg.xip
C:\Documents and Settings\JOHN\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\top7.xip
C:\Documents and Settings\JOHN\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\tsd_bg.xip
C:\Documents and Settings\JOHN\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\weathericon.xip
C:\Documents and Settings\JOHN\Application Data\SpamBlockerUtility_Icons
C:\Documents and Settings\JOHN\Application Data\SpamBlockerUtility_Icons\Registryrepair.ico
C:\Documents and Settings\JOHN\Application Data\SpamBlockerUtility_Icons\Software_Online_8.ico
C:\Documents and Settings\JOHN\Application Data\SpamBlockerUtility_Icons\wallpapere1.ico
C:\Documents and Settings\JOHN\Desktop\Free PC Wallpapers.lnk
C:\Documents and Settings\JOY\Application Data\ShoppingReport
C:\Documents and Settings\JOY\Application Data\ShoppingReport\cs\Config.xml
C:\Documents and Settings\JOY\Application Data\ShoppingReport\cs\db\Aliases.dbs
C:\Documents and Settings\JOY\Application Data\ShoppingReport\cs\db\Sites.dbs
C:\Documents and Settings\JOY\Application Data\ShoppingReport\cs\dwld\WhiteList.xip
C:\Documents and Settings\JOY\Application Data\ShoppingReport\cs\report\aggr_storage.xml
C:\Documents and Settings\JOY\Application Data\ShoppingReport\cs\report\send_storage.xml
C:\Documents and Settings\JOY\Application Data\ShoppingReport\cs\res1\WhiteList.dbs
C:\Program Files\ShoppingReport
C:\Redemption.ECF
C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\__c0054640.dat
C:\WINDOWS\system32\__c00BBFBC.dat
C:\WINDOWS\system32\_000006_.tmp.dll
C:\WINDOWS\system32\_000019_.tmp.dll
C:\WINDOWS\system32\config\systemprofile\Application Data\ShoppingReport
C:\WINDOWS\system32\config\systemprofile\Application Data\ShoppingReport\cs\Config.xml
C:\WINDOWS\system32\config\systemprofile\Application Data\ShoppingReport\cs\dwld\WhiteList.xip
C:\WINDOWS\system32\config\systemprofile\Application Data\ShoppingReport\cs\report\aggr_storage.xml
C:\WINDOWS\system32\config\systemprofile\Application Data\ShoppingReport\cs\report\send_storage.xml
C:\WINDOWS\system32\config\systemprofile\Application Data\ShoppingReport\cs\res1\WhiteList.dbs
C:\WINDOWS\system32\drivers\fad.sys
C:\WINDOWS\system32\mcrh.tmp
C:\xcrashdump.dat

.
((((((((((((((((((((((((( Files Created from 2007-12-19 to 2008-01-19 )))))))))))))))))))))))))))))))
.

2008-01-18 21:30 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-18 21:16 . 2008-01-18 21:17 <DIR> d-------- C:\WINDOWS\SYSTEM32\ActiveScan
2008-01-18 21:16 . 2008-01-18 21:16 30,590 --a------ C:\WINDOWS\SYSTEM32\pavas.ico
2008-01-18 21:16 . 2008-01-18 21:16 2,550 --a------ C:\WINDOWS\SYSTEM32\Uninstall.ico
2008-01-18 21:16 . 2008-01-18 21:16 1,406 --a------ C:\WINDOWS\SYSTEM32\Help.ico
2008-01-18 16:43 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\SYSTEM32\javacpl.cpl
2008-01-18 16:42 . 2008-01-18 16:43 <DIR> d-------- C:\Program Files\Java
2008-01-18 16:42 . 2008-01-18 16:42 <DIR> d-------- C:\Program Files\Common Files\Java
2008-01-18 15:01 . 2008-01-18 15:01 <DIR> d-------- C:\Program Files\Trend Micro
2008-01-17 22:10 . 2008-01-17 22:10 <DIR> d-------- C:\Program Files\Lavasoft
2008-01-17 22:10 . 2008-01-17 22:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-01-17 22:09 . 2008-01-17 22:09 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-01-17 20:38 . 2008-01-17 20:38 <DIR> d-------- C:\Program Files\Windows Defender
2008-01-17 20:10 . 2008-01-18 05:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-01-15 18:55 . 2008-01-15 18:55 <DIR> d-------- C:\JOY
2008-01-15 18:55 . 2008-01-15 18:55 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Symantec
2008-01-15 18:55 . 2008-01-15 18:55 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Jasc Software Inc
2008-01-15 18:54 . 2008-01-15 18:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\MSN6
2008-01-15 18:41 . 2004-03-09 13:57 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Sonic
2008-01-01 19:15 . 2008-01-17 19:48 <DIR> d-------- C:\Documents and Settings\JOY\Application Data\MSN6
2007-12-31 13:59 . 2008-01-04 10:46 1,039,868 ---hs---- C:\WINDOWS\SYSTEM32\0164C00c__.ini
2007-12-27 15:10 . 2007-12-31 12:20 1,031,835 ---hs---- C:\WINDOWS\SYSTEM32\951A800c__.ini
2007-12-19 21:01 . 2007-12-26 18:07 1,027,978 ---hs---- C:\WINDOWS\SYSTEM32\0EBD400c__.ini

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-19 03:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-01-18 01:41 --------- d-----w C:\Program Files\Greetings Workshop
2008-01-04 07:26 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-01-01 00:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\Napster
2008-01-01 00:50 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-31 17:29 --------- d-----w C:\Documents and Settings\JOY\Application Data\mail.com Toolbar
2007-12-26 23:58 --------- d-----w C:\Program Files\Norton 360
2007-12-05 05:24 --------- d-----w C:\Program Files\Symantec
2007-12-05 05:23 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
2007-12-05 05:23 60,800 ----a-w C:\WINDOWS\SYSTEM32\S32EVNT1.DLL
2007-12-05 05:23 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2007-12-05 05:23 10,740 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2007-12-01 05:57 43,696 ----a-w C:\WINDOWS\system32\drivers\srtspx.sys
2007-12-01 05:57 317,616 ----a-w C:\WINDOWS\system32\drivers\srtspl.sys
2007-12-01 05:57 279,088 ----a-w C:\WINDOWS\system32\drivers\srtsp.sys
2007-12-01 05:57 10,549 ----a-w C:\WINDOWS\system32\drivers\srtspx.cat
2007-12-01 05:57 10,549 ----a-w C:\WINDOWS\system32\drivers\srtspl.cat
2007-12-01 05:57 10,545 ----a-w C:\WINDOWS\system32\drivers\srtsp.cat
2007-12-01 05:57 1,430 ----a-w C:\WINDOWS\system32\drivers\srtspl.inf
2007-12-01 05:57 1,421 ----a-w C:\WINDOWS\system32\drivers\srtspx.inf
2007-12-01 05:57 1,415 ----a-w C:\WINDOWS\system32\drivers\srtsp.inf
2007-11-26 22:43 --------- d-----w C:\Documents and Settings\JOY\Application Data\Roxio
2007-11-07 09:26 721,920 ----a-w C:\WINDOWS\SYSTEM32\lsasrv.dll
2007-11-07 09:26 721,920 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\lsasrv.dll
2007-10-30 23:42 3,590,656 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\mshtml.dll
2007-10-30 17:20 360,064 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\tcpip.sys
2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\SYSTEM32\quartz.dll
2007-10-29 22:43 1,287,680 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\quartz.dll
2007-10-27 23:39 230,912 ----a-w C:\WINDOWS\SYSTEM32\wmasf.dll
2007-10-27 23:39 230,912 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\wmasf.dll
2007-10-27 23:37 2,109,440 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\wmvcore.dll
2007-10-26 03:34 8,460,288 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\shell32.dll
2003-08-27 19:19 36,963 ----a-r C:\Program Files\Common Files\SM1updtr.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 10:24 1694208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DwlClient"="C:\Program Files\Common Files\Dell\EUSW\Support.exe" [2005-10-13 22:26 69632]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 17:30 517768]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20 866584]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 23:59 115816]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\__c00BBFBC]
C:\WINDOWS\system32\__c00BBFBC.dat

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Works Calendar Reminders.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Works Calendar Reminders.lnk
backup=C:\WINDOWS\pss\Microsoft Works Calendar Reminders.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^JOY^Start Menu^Programs^Startup^Greetings Workshop Reminders.lnk]
path=C:\Documents and Settings\JOY\Start Menu\Programs\Startup\Greetings Workshop Reminders.lnk
backup=C:\WINDOWS\pss\Greetings Workshop Reminders.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^JOY^Start Menu^Programs^Startup^Picture Motion Browser Media Check Tool.lnk]
path=C:\Documents and Settings\JOY\Start Menu\Programs\Startup\Picture Motion Browser Media Check Tool.lnk
backup=C:\WINDOWS\pss\Picture Motion Browser Media Check Tool.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\A00F55570BCF.exe]
C:\DOCUME~1\JOY\LOCALS~1\Temp\_A00F55570BCF.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2007-10-10 19:51 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCMSMMSG]
--a------ 2003-08-29 04:59 122880 C:\WINDOWS\BCMSMMSG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
--a------ 2007-01-09 23:59 115816 C:\Program Files\Common Files\Symantec Shared\ccApp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
--a------ 2003-08-06 01:04 114741 C:\WINDOWS\system32\dla\tfswctrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
--a------ 2003-04-07 00:07 114688 C:\WINDOWS\System32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
--a------ 2003-04-07 00:19 155648 C:\WINDOWS\System32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\kvnkikfk]
C:\WINDOWS\System32\alpcdrqn.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoneyAgent]
--a------ 2003-06-18 12:00 200704 C:\Program Files\Microsoft Money\System\mnyexpr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-10-13 10:24 1694208 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
--------- 2003-08-26 19:47 204800 C:\Program Files\Dell\Media Experience\PCMService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2004-03-09 13:53 77824 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]
--a------ 2004-01-27 15:39 1179648 C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SM1BG]
-ra------ 2003-08-27 13:20 94208 C:\WINDOWS\SM1BG.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sonic RecordNow!]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spam Blocker for Outlook Express]
C:\PROGRA~1\SPAMBL~1\Bin\484~1.0\SBInst.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpamBlocker]
C:\Program Files\SpamBlockerUtility\Bin\4.8.4.0\SbOEAddOn.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StorageGuard]
--a------ 2003-02-13 01:01 155648 C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2004-03-09 13:54 151597 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

S3 Wdm1;USB Bridge Cable Driver;C:\WINDOWS\system32\Drivers\usbbc.sys [2003-07-01 12:51]

*Newly Created Service* - COMHOST
*Newly Created Service* - HTTPFILTER
.
Contents of the 'Scheduled Tasks' folder
"2008-01-19 03:39:23 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-18 21:37:12
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-18 21:41:08 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-19 03:41:05
.
2008-01-15 09:01:33 --- E O F ---

#4 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:07:23 PM

Posted 19 January 2008 - 11:49 AM

Hello,

* Open notepad - don't use any other text editor than notepad or the script will fail.
Copy/paste the text in the quote box below into notepad:

File::
C:\DOCUME~1\JOY\LOCALS~1\Temp\_A00F55570BCF.exe
C:\WINDOWS\System32\alpcdrqn.exe
C:\WINDOWS\system32\__c00BBFBC.dat


Save this as txtfile CFScript

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

Posted Image

This will start ComboFix again.

After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThis log.

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#5 RonGee

RonGee
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:07:23 PM

Posted 20 January 2008 - 01:42 PM

Tea, Thank you so very much for all your help. Shortly after I posted the last Combofix log, the computer crashed, I worked trying to get it started again with no luck. I did a low lever format, then reinstalled the OS. I am bringing it back up now. Thanks again for all your help. RonGee

#6 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:07:23 PM

Posted 20 January 2008 - 01:46 PM

Hi Ron,

I'm sorry to hear it, but thank you so much for letting me know. :blink: Do you know what made it crash? no biggie if you don't, but knowledge is key, and I like to know all I can for future reference. :thumbsup:

tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#7 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:07:23 PM

Posted 28 January 2008 - 08:05 PM

Since this issue appears resolved ... this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users