My SS+D picks up win32.FraudLoad.edt which I assume is why I'm unable to update any of my systems and am getting random redirects if I were to search for this forum via Google. Now, however, SS+D is not picking up the FraudLoad although it's clearly still there despite my having asked it to fix the problem.

Attached below please find an older log that reflects the win32.FraudLoad.edt and the most recent run that doesn't (although I'm stilll getting redirects which makes me think this later log is full of lies).

I've since turned off TeaTimer.

Thanks, Ann

OLDER LOG:

--- Report generated: 2011-03-25 16:44 ---

Win32.FraudLoad.edt: [SBI $8454102F] Settings (Registry key, nothing done)
HKEY_USERS\S-1-5-21-1123561945-73586283-682003330-1003\Software\NtWqIVLZEWZU

Win32.FraudLoad.edt: [SBI $666C83D9] Data (File, nothing done)
C:\WINDOWS\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
Properties.size=282
Properties.md5=6A587257D7B7EC587C41BE38EA050B4B
Properties.filedate=1301085870
Properties.filedatetext=2011-03-25 16:44:30

Win32.FraudLoad.edt: [SBI $1436A642] Data (File, nothing done)
C:\WINDOWS\Tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job
Properties.size=246
Properties.md5=F58FEC987E8B7999A405548C84870FAC
Properties.filedate=1301085703
Properties.filedatetext=2011-03-25 16:41:42

Win32.FraudLoad.edt: [SBI $354F3C2C] Data (File, nothing done)
C:\WINDOWS\Tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job
Properties.size=282
Properties.md5=66E8C8886E64384E64743B13BA8A6C43
Properties.filedate=1301083544
Properties.filedatetext=2011-03-25 16:05:44

Right Media: Tracking cookie (Internet Explorer: Owner) (Cookie, nothing done)

-------------------

MOST RECENT LOG:
--- Search result list ---
Microsoft.WindowsSecurityCenter_disabled: [SBI $2E20C9A9] Settings (Registry change, fixed)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc\Start

Right Media: Tracking cookie (Internet Explorer: Owner) (Cookie, fixed)

--------------------

Zipped attach from DDS:



---------------------
DDS:
.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Owner at 16:46:18.67 on Sat 03/26/2011
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.510.167 [GMT -4:00]
.
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
svchost.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\Crd.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Owner\Desktop\dds.scr
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com
uSearch Bar = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
uInternet Settings,ProxyOverride = 127.0.0.1
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
TB: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [Yahoo! Pager] 1
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [A9YA3MI1CF] c:\docume~1\owner\locals~1\temp\Crc.exe
uRun: [Z7HRPUZG3M] c:\windows\Csyqib.exe
uRun: [NtWqIVLZEWZU] c:\docume~1\owner\locals~1\temp\Crd.exe
uRunOnce: [SpybotDeletingB9112] command.com /c del "c:\windows\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job"
uRunOnce: [SpybotDeletingD9262] cmd.exe /c del "c:\windows\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job"
uRunOnce: [SpybotDeletingB8814] command.com /c del "c:\windows\tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job"
uRunOnce: [SpybotDeletingD484] cmd.exe /c del "c:\windows\tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job"
uRunOnce: [SpybotDeletingB9971] command.com /c del "c:\windows\tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job"
uRunOnce: [SpybotDeletingD8584] cmd.exe /c del "c:\windows\tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job"
mRun: [IntelMeM] c:\program files\intel\modem event monitor\IntelMEM.exe
mRun: [AOLDialer] c:\program files\common files\aol\acs\AOLDial.exe
mRun: [RealTray] c:\program files\real\realplayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [BJCFD] c:\program files\broadjump\client foundation\CFD.exe
mRun: [Motive SmartBridge] c:\progra~1\sbcsel~1\smartb~1\MotiveSB.exe
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRunOnce: [SpybotDeletingA4010] command.com /c del "c:\windows\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job"
mRunOnce: [SpybotDeletingC2165] cmd.exe /c del "c:\windows\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job"
mRunOnce: [SpybotDeletingA7841] command.com /c del "c:\windows\tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job"
mRunOnce: [SpybotDeletingC831] cmd.exe /c del "c:\windows\tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job"
mRunOnce: [SpybotDeletingA9130] command.com /c del "c:\windows\tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job"
mRunOnce: [SpybotDeletingC6744] cmd.exe /c del "c:\windows\tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\americ~1.lnk - c:\program files\america online 9.0\aoltray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\sbcsel~1.lnk - c:\program files\sbc self support tool\bin\matcli.exe
IE: &AOL Toolbar search - c:\program files\aol toolbar\toolbar.dll/SEARCH.HTML
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - {4982D40A-C53B-4615-B15B-B5B5E98D167C}
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper20073151.dll
Notify: igfxcui - igfxdev.dll
Hosts: 127.0.0.1 www.spywareinfo.com
.
============= SERVICES / DRIVERS ===============
.
.
=============== Created Last 30 ================
.
2011-03-24 14:39:53 125440 ----a-w- c:\windows\Csyqib.exe
2011-03-24 13:59:22 135168 --sha-r- c:\windows\system32\webfldrsz.dll
2011-03-24 13:58:15 125440 ----a-w- c:\windows\Csyqia.exe
.
==================== Find3M ====================
.
.
============= FINISH: 16:47:10.29 ===============