Help with Kid's Computer

chipatkinsonchipatkinson San Antonio Texas
edited December 2008 in Spyware & Virus Removal
Not sure what the problem is here. When I try to access some sites like yahoo email on my kid's computer I get the "internet explorer cannot display this webpage" error. Other sites like google can be accessed with no problem.

I ran virus and spyware scans but they came up clean.

I posted a HJT log below. Would you please review it and tell me if I need to correct any entries or perhaps you can suggest a fix.

Thanks!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:36:38 PM, on 12/5/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Webroot\Spy Sweeper\WRConsumerService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\folding\FAH502-Console.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Cisco Systems\Secure Desktop\Storage.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\MEDIC\bin\sprtcmd.exe
C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Nero\data\Xtras\mssysmgr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\folding\FahCore_78.exe
C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://rd.yahoo.com/customize/sbcydsl/defaults/su/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://rd.yahoo.com/customize/sbcydsl/defaults/sb/*http://www.yahoo.com/search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://rd.yahoo.com/customize/sbcydsl/defaults/sp/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://rd.yahoo.com/customize/sbcydsl/defaults/su/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 168.94.74.68:8080
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Common\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] "C:\PROGRA~1\SYMANT~1\VPTray.exe"
O4 - HKLM\..\Run: [MEDIC] "C:\Program Files\MEDIC\bin\sprtcmd.exe" /P MEDIC
O4 - HKLM\..\Run: [NeroFilterCheck] "C:\WINDOWS\system32\NeroCheck.exe"
O4 - HKLM\..\Run: [TrueImageMonitor.exe] "C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe"
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [UserFaultCheck] "C:\WINDOWS\system32\dumprep.exe" 0 -u
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] "C:\WINDOWS\system32\dumprep.exe" 0 -k
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [ctfmon.exe] "C:\WINDOWS\system32\ctfmon.exe"
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] "C:\PROGRA~1\Nero\data\Xtras\mssysmgr.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Yahoo! Canasta - http://download2.games.yahoo.com/games/clients/y/yt2_x.cab
O16 - DPF: Yahoo! Spades - http://download2.games.yahoo.com/games/clients/y/st3_x.cab
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://supportcenter.rr.com/sdccommon/download/tgctlcm.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmart.com/WalmartActivia.cab
O16 - DPF: {639658F3-B141-4D6B-B936-226F75A5EAC3} (CPlayFirstDinerDash2Control Object) - http://www.shockwave.com/content/dinerdash2/sis/DinerDash2.1.0.0.67.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?978394753296
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD44/JSCDL/jdk/6u7/jinstall-6u7-windows-i586-jc.cab?e=1222451974064&h=3cb26dcda6e0fe92fe8da7c09b885a0f/&filename=jinstall-6u7-windows-i586-jc.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {BAE1D8DF-0B35-47E3-A1E7-EEB3FF2ECD19} (CPlayFirstddfotgControl Object) - http://www.shockwave.com/content/dinerdashfloonthego/sis/ddfotg.1.0.0.33.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.shockwave.com/content/insaniquarium/sis/popcaploader_v10.cab
O16 - DPF: {E7D2588A-7FB5-47DC-8830-832605661009} (Live Collaboration) - https://livewc02.custhelp.com/7560-b440h-turbotax__promote/rnl/java/RntX.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: [email]FAH@C:+folding+FAH502-Console.exe[/email] - Stanford University - C:\folding\FAH502-Console.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Cisco Systems Secure Desktop (TwingoStorageService) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\Secure Desktop\Storage.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. (www.webroot.com) - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: Webroot Client Service (WRConsumerService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRConsumerService.exe

--
End of file - 12793 bytes

Comments

  • edited December 2008
    Hello and Welcome to the forums!

    My name is Carolyn and I'll be glad to help you with your computer problems. HijackThis logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that it happens.

    Please do not run any other tool untill instructed to do so!
    Please reply to this thread, do not start another!
    Please tell me about any problems that have occurred during the fix.
    Please tell me of any other symptoms you may be having as these can help also.
    Please try as much as possible not to run anything while executing a fix.


    If you follow these instructions, everything should go smoothly.


    Please download Malwarebytes' Anti-Malware and save it to a convenient location.
    1. Double click on mbam-setup.exe to install it.
    2. Before clicking the Finish button, make sure that these 2 boxes are checked (ticked):
        Update Malwarebytes' Anti-Malware
        Launch Malwarebytes' Anti-Malware
      [*]Malwarebytes' Anti-Malware will now check for updates. If your firewall prompts, please allow it. If you can't update it, select the Update tab. Under Update Mirror, select one of the websites and click on Check for Updates.
      [*]Select the Scanner tab. Click on Perform full scan, then click on Scan.
      [*]Leave the default options as it is and click on Start Scan.
      [*]When done, you will be prompted. Click OK, then click on Show Results.
      [*]Checked (ticked) all items and click on Remove Selected.
      [*]After it has removed the items, Notepad will open. Please post this log in your next reply. You can also find the log in the Logs tab. The bottom most log is the latest.

      Next,
      • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
      • Double click on RSIT.exe to run RSIT.
      • Click Continue at the disclaimer screen.
      • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

      Please post the following:
      1. The Malwarebyte's Anti-Malware log
      2. The contents of log.txt
      3. The contents of info.txt
    3. chipatkinsonchipatkinson San Antonio Texas
      edited December 2008
      Thanks for your help Carolyn! I followed your instructions and have posted the three requested logs in separate posts because they exceeded the post length limit.

      info.txt logfile of random's system information tool 1.04 2008-12-06 10:35:02

      ======Uninstall list======

      -->C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
      -->C:\WINDOWS\UNNMP.exe /UNINSTALL
      -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
      Acronis*True*Image-->MsiExec.exe /X{CA83357B-931E-44DC-AD43-9996FEEB8116}
      Ad-Aware-->MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
      Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
      Adobe InDesign 1.5-->C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Adobe\InDesign 1.5\Uninst.isu" -c"C:\Program Files\Adobe\InDesign 1.5\Uninst.dll"
      Adobe Photoshop 6.0-->C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Adobe\Photoshop 6.0\Uninst.isu" -c"C:\Program Files\Adobe\Photoshop 6.0\Uninst.dll"
      Adobe Reader 7.0.8-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70500000002}
      Adobe SVG Viewer-->C:\WINDOWS\IsUninst.exe -f"C:\WINDOWS\System32\Adobe\SVG Viewer\Uninst.isu"
      AOL Instant Messenger-->C:\Program Files\AIM\uninstll.exe -LOG= C:\Program Files\AIM\install.log -OEM=
      AOL Uninstaller (Choose which Products to Remove)-->C:\Program Files\Common Files\AOL\uninstaller.exe
      Apple Mobile Device Support-->MsiExec.exe /I{B5C209B1-8DDB-4642-A573-375B951514CB}
      Apple Software Update-->MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
      Avanquest update-->C:\Program Files\InstallShield Installation Information\{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}\setup.exe -runfromtemp -l0x0009 -removeonly
      CardRd81-->MsiExec.exe /I{54C8FE84-89C4-40E8-976C-439EB0729BD6}
      CCScore-->MsiExec.exe /I{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}
      Cisco Secure Desktop-->C:\Program Files\Cisco Systems\Secure Desktop\Uninstall.exe
      CR2-->MsiExec.exe /I{432C3720-37BF-4BD7-8E49-F38E090246D0}
      ESSBrwr-->MsiExec.exe /I{643EAE81-920C-4931-9F0B-4B343B225CA6}
      ESSCDBK-->MsiExec.exe /I{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}
      ESScore-->MsiExec.exe /I{9D8FEE90-0377-49A9-AEFB-525BDE549BA4}
      ESSCT-->MsiExec.exe /I{8BB4B58A-A402-4DE8-8FCD-287E60B88DD8}
      ESSEMAIL-->MsiExec.exe /I{FEDE2483-87B7-44C1-A5BB-D75AEB8B6340}
      ESSgui-->MsiExec.exe /I{91517631-A9F3-4B7C-B482-43E0068FD55A}
      ESShelp-->MsiExec.exe /I{87843A41-7808-4F2E-B13F-25C1E67CF2FD}
      ESSini-->MsiExec.exe /I{8E92D746-CD9F-4B90-9668-42B74C14F765}
      ESSPCD-->MsiExec.exe /I{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}
      ESSPDock-->MsiExec.exe /I{FCDB1C92-03C6-4C76-8625-371224256091}
      ESSSONIC-->MsiExec.exe /I{4F677FC7-7AA8-412B-A957-F13CBE1C7331}
      ESSTOOLS-->MsiExec.exe /I{8A502E38-29C9-49FA-BCFA-D727CA062589}
      ESSTUTOR-->MsiExec.exe /I{CA60320D-6A16-49C8-A34F-84EEF4799567}
      ESSvpaht-->MsiExec.exe /I{A5B3EB8A-4071-42F0-8E8E-7A8342AA8E69}
      ESSvpot-->MsiExec.exe /I{48C82F7A-F100-4DAB-A310-8E18BF2159E1}
      Family Tree Maker 2005-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B136E4A4-7660-4F15-9752-EF8E6BA7866D}\setup.exe" -l0x9
      Glary Registry Repair 2.9-->"C:\Program Files\Glary Registry Repair\unins000.exe"
      Glary Utilities 2.6-->"C:\Program Files\Glary Utilities\unins000.exe"
      HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
      HLPIndex-->MsiExec.exe /I{38441BE7-79B0-42B8-8297-833704F949FE}
      HLPPDOCK-->MsiExec.exe /I{154508C0-07C5-4659-A7A0-E49968750D21}
      HLPSFO-->MsiExec.exe /I{8DD94CA3-BCD2-49C0-B537-F3B5D95FF0C8}
      Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
      Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
      HP Extended Capabilities 4.7-->C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat
      HP Image Zone 4.7-->C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
      HP Imaging Device Functions 6.0-->C:\Program Files\HP\Digital Imaging\DigitalImagingMonitor\hpzscr01.exe -datfile hpqbud01.dat
      HP Photosmart Cameras 6.0-->C:\Program Files\HP\Digital Imaging\{61CF89F5-5175-4b3b-ABB8-C89821252D50}\setup\hpzscr01.exe -datfile hpiscr01.dat
      HP PSC & OfficeJet 4.7-->"C:\Program Files\HP\Digital Imaging\{342C7C88-D335-4bc2-8CF1-281857629CE2}\setup\hpzscr01.exe" -datfile hposcr05.dat
      HP Software Update-->MsiExec.exe /X{ECFDD6BD-E0C0-41CC-A171-E6D6AF4C0E93}
      HP Solution Center and Imaging Support Tools 6.0-->C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
      InterActual Player-->C:\Program Files\InterActual\InterActual Player\inuninst.exe
      iTunes-->MsiExec.exe /I{4F5CE18C-D97D-48FF-A510-A0D90C918294}
      Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
      KSU-->MsiExec.exe /I{B997C2A0-4383-41BF-B76E-9B8B7ECFB267}
      Linksys Wireless-G USB Network Adapter-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C7EEF2B9-8C16-4A04-B98D-B1A952A47E55}\setup.exe" -l0x9
      LiveUpdate 2.0 (Symantec Corporation)-->C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
      Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
      Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
      Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
      Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
      Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
      Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
      Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
      Microsoft Office Access MUI (English) 2007-->MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
      Microsoft Office Access Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
      Microsoft Office Enterprise 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISER /dll OSETUP.DLL
      Microsoft Office Enterprise 2007-->MsiExec.exe /X{91120000-0030-0000-0000-0000000FF1CE}
      Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
      Microsoft Office Groove MUI (English) 2007-->MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
      Microsoft Office Groove Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
      Microsoft Office InfoPath MUI (English) 2007-->MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
      Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
      Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
      Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
      Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
      Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
      Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
      Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
      Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
      Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
      Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
      Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
      Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
      Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
      Microsoft Web Publishing Wizard 1.52-->RunDll32 ADVPACK.DLL,LaunchINFSection C:\WINDOWS\INF\wpie4x86.inf,WebPostUninstall
      Move Networks Player for Internet Explorer-->"C:\Documents and Settings\Charles\Application Data\Move Networks\ie_bin\unins000.exe"
      MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
      MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
      MySpaceIM-->MsiExec.exe /I{FE242C4A-4AF0-4E9F-ABFF-92CA3CEE8761}
      Nero PhotoShow Express-->"C:\Program Files\Nero\data\Xtras\Uninstall.exe"
      Nero Suite-->C:\Program Files\Common Files\Nero\Uninstall\Setupx.exe /uninstall ExtraUninstallID=""
      Notifier-->MsiExec.exe /I{0008546E-DF6E-4CC1-AFD0-2CB8E16C95A2}
      OfotoXMI-->MsiExec.exe /I{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}
      OTtBP-->MsiExec.exe /I{F71760CD-0F8B-4DCC-B7B7-6B223CC3843C}
      OTtBPSDK-->MsiExec.exe /I{3CA39B0C-BA85-4D42-AC0F-1FF5F60C3353}
      Outlook Express Backup Wizard version 1.1-->"C:\Program Files\Outlook Express Backup Wizard\unins000.exe"
      Panda ActiveScan-->C:\WINDOWS\system32\ASUninst.exe Panda ActiveScan
      QuickTime-->MsiExec.exe /I{BFD96B89-B769-4CD6-B11E-E79FFD46F067}
      Realtek AC'97 Audio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" REMOVE
      Rhapsody Player Engine-->MsiExec.exe /I{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}
      Road Runner Medic 6.0.0.6-->MsiExec.exe /I{3964B238-02DC-425E-B025-3B007C8ECCF7}
      RoadRunner-->MsiExec.exe /I{A73EFA95-4872-4AE3-8EE9-10D2E2D713CF}
      Security Update for Windows Internet Explorer 7 (KB929969)-->"C:\WINDOWS\ie7updates\KB929969\spuninst\spuninst.exe"
      Security Update for Windows Internet Explorer 7 (KB931768)-->"C:\WINDOWS\ie7updates\KB931768-IE7\spuninst\spuninst.exe"
      Security Update for Windows Internet Explorer 7 (KB933566)-->"C:\WINDOWS\ie7updates\KB933566-IE7\spuninst\spuninst.exe"
      Security Update for Windows Internet Explorer 7 (KB937143)-->"C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe"
      Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
      Security Update for Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
      Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
      Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
      Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
      Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
      Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
      Security Update for Windows Media Player 9 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP9$\spuninst\spuninst.exe"
      Security Update for Windows XP (KB913433)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB913433.inf
      Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
      Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
      Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
      Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
      Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
      Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
      Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
      Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
      Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
      Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
      Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
      Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
      Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
      Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
      Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
      Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
      Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
      Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
      Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
      SFR-->MsiExec.exe /I{DB02F716-6275-42E9-B8D2-83BA2BF5100B}
      SHASTA-->MsiExec.exe /I{605A4E39-613C-4A12-B56F-DEFBE6757237}
      SKIN0001-->MsiExec.exe /I{FDF9943A-3D5C-46B3-9679-586BD237DDEE}
      SKINXSDK-->MsiExec.exe /I{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}
      Sony Ericsson PC Suite 4.006.00-->C:\Program Files\InstallShield Installation Information\{2FFE93F0-BB72-4E52-8761-354D1AAA9387}\ISAdmin.exe -runfromtemp -l0x0009 -removeonly
      Spy Sweeper Core-->MsiExec.exe /I{3F5B6210-0903-4DC6-8034-8F488AA3A782}
      Spy Sweeper-->"C:\Program Files\Webroot\Spy Sweeper\unins000.exe"
      SpywareBlaster 4.1-->"C:\Program Files\SpywareBlaster\unins000.exe"
      Symantec AntiVirus-->MsiExec.exe /I{848AC794-8B81-440A-81AE-6474337DB527}
      Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
      Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u
      VPRINTOL-->MsiExec.exe /I{999D43F4-9709-4887-9B1A-83EBB15A8370}
      Web Pictures Downloader 1.9-->"C:\Program Files\Keronsoft\Iphoto\unins000.exe"
      Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
      Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
      WIRELESS-->MsiExec.exe /I{F9593CFB-D836-49BC-BFF1-0E669A411D9F}
      XP TCP/IP Repair 1.0-->"C:\Program Files\XP TCPIP Repair\unins000.exe"
      Yahoo! Install Manager-->C:\WINDOWS\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL
      Yahoo! Login-->C:\WINDOWS\system32\regsvr32 /u /s C:\PROGRA~1\Yahoo!\Common\ylogin.dll
      Yahoo! Messenger Explorer Bar-->C:\WINDOWS\system32\regsvr32 /u /s C:\PROGRA~1\Yahoo!\MESSEN~1\yhexbmes.dll
      Yahoo! Messenger-->C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
      Yahoo! Toolbar-->C:\PROGRA~1\Yahoo!\Common\unyt.exe

      ======Hosts File======

      127.0.0.1 localhost

      ======Environment variables======

      "ComSpec"=%SystemRoot%\system32\cmd.exe
      "Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\QuickTime\QTSystem\
      "windir"=%SystemRoot%
      "OS"=Windows_NT
      "PROCESSOR_ARCHITECTURE"=x86
      "PROCESSOR_LEVEL"=6
      "PROCESSOR_IDENTIFIER"=x86 Family 6 Model 10 Stepping 0, AuthenticAMD
      "PROCESSOR_REVISION"=0a00
      "NUMBER_OF_PROCESSORS"=1
      "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
      "TEMP"=%SystemRoot%\TEMP
      "TMP"=%SystemRoot%\TEMP
      "FP_NO_HOST_CHECK"=NO
      "CLASSPATH"=.;C:\Program Files\QuickTime\QTSystem\QTJava.zip
      "QTJAVA"=C:\Program Files\QuickTime\QTSystem\QTJava.zip

      EOF


      Logfile of random's system information tool 1.04 (written by random/random)
      Run by Charles at 2008-12-06 10:34:41
      Microsoft Windows XP Home Edition Service Pack 3
      System drive C: has 88 GB (77%) free of 114 GB
      Total RAM: 1471 MB (49% free)

      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 10:34:51 AM, on 12/6/2008
      Platform: Windows XP SP3 (WinNT 5.01.2600)
      MSIE: Internet Explorer v7.00 (7.00.6000.16735)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\Program Files\Webroot\Spy Sweeper\WRConsumerService.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\Explorer.EXE
      C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
      C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
      C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
      C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
      C:\Program Files\Symantec AntiVirus\DefWatch.exe
      C:\folding\FAH502-Console.exe
      C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
      C:\WINDOWS\System32\svchost.exe
      C:\folding\FahCore_78.exe
      C:\Program Files\Symantec AntiVirus\Rtvscan.exe
      C:\Program Files\Cisco Systems\Secure Desktop\Storage.exe
      C:\Program Files\Viewpoint\Common\ViewpointService.exe
      C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
      C:\WINDOWS\system32\wscntfy.exe
      C:\PROGRA~1\SYMANT~1\VPTray.exe
      C:\Program Files\MEDIC\bin\sprtcmd.exe
      C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
      C:\Program Files\iTunes\iTunesHelper.exe
      C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
      C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
      C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\PROGRA~1\Nero\data\Xtras\mssysmgr.exe
      C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
      C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
      C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
      C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
      C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
      C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
      C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
      C:\Program Files\Internet Explorer\iexplore.exe
      C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
      C:\Program Files\iPod\bin\iPodService.exe
      C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe
      C:\Documents and Settings\Charles\Desktop\RSIT.exe
      C:\Program Files\Trend Micro\HijackThis\Charles.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace.com/
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://rd.yahoo.com/customize/sbcydsl/defaults/su/*http://www.yahoo.com
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://rd.yahoo.com/customize/sbcydsl/defaults/sb/*http://www.yahoo.com/search/ie.html
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://rd.yahoo.com/customize/sbcydsl/defaults/sp/*http://www.yahoo.com
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
      R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://rd.yahoo.com/customize/sbcydsl/defaults/su/*http://www.yahoo.com
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 168.94.74.68:8080
      R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\Companion\Installs\cpn0\yt.dll
      O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Common\Companion\Installs\cpn0\yt.dll
      O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
      O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
      O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\Companion\Installs\cpn0\yt.dll
      O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
      O4 - HKLM\..\Run: [vptray] "C:\PROGRA~1\SYMANT~1\VPTray.exe"
      O4 - HKLM\..\Run: [MEDIC] "C:\Program Files\MEDIC\bin\sprtcmd.exe" /P MEDIC
      O4 - HKLM\..\Run: [NeroFilterCheck] "C:\WINDOWS\system32\NeroCheck.exe"
      O4 - HKLM\..\Run: [TrueImageMonitor.exe] "C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe"
      O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
      O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
      O4 - HKLM\..\Run: [UserFaultCheck] "C:\WINDOWS\system32\dumprep.exe" 0 -u
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
      O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
      O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
      O4 - HKCU\..\Run: [ctfmon.exe] "C:\WINDOWS\system32\ctfmon.exe"
      O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] "C:\PROGRA~1\Nero\data\Xtras\mssysmgr.exe"
      O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
      O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
      O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon
      O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
      O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
      O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
      O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
      O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
      O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
      O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
      O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
      O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
      O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
      O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
      O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
      O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
      O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
      O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
      O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
      O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O16 - DPF: Yahoo! Canasta - http://download2.games.yahoo.com/games/clients/y/yt2_x.cab
      O16 - DPF: Yahoo! Spades - http://download2.games.yahoo.com/games/clients/y/st3_x.cab
      O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://supportcenter.rr.com/sdccommon/download/tgctlcm.cab
      O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
      O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmart.com/WalmartActivia.cab
      O16 - DPF: {639658F3-B141-4D6B-B936-226F75A5EAC3} (CPlayFirstDinerDash2Control Object) - http://www.shockwave.com/content/dinerdash2/sis/DinerDash2.1.0.0.67.cab
      O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?978394753296
      O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD44/JSCDL/jdk/6u7/jinstall-6u7-windows-i586-jc.cab?e=1222451974064&h=3cb26dcda6e0fe92fe8da7c09b885a0f/&filename=jinstall-6u7-windows-i586-jc.cab
      O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
      O16 - DPF: {BAE1D8DF-0B35-47E3-A1E7-EEB3FF2ECD19} (CPlayFirstddfotgControl Object) - http://www.shockwave.com/content/dinerdashfloonthego/sis/ddfotg.1.0.0.33.cab
      O16 - DPF: {E7D2588A-7FB5-47DC-8830-832605661009} (Live Collaboration) - https://livewc02.custhelp.com/7560-b440h-turbotax__promote/rnl/java/RntX.cab
      O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
      O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
      O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
      O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
      O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
      O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
      O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
      O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
      O23 - Service: [email]FAH@C:+folding+FAH502-Console.exe[/email] - Stanford University - C:\folding\FAH502-Console.exe
      O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
      O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
      O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
      O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
      O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
      O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
      O23 - Service: Cisco Systems Secure Desktop (TwingoStorageService) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\Secure Desktop\Storage.exe
      O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
      O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. (www.webroot.com) - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
      O23 - Service: Webroot Client Service (WRConsumerService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRConsumerService.exe

      --
      End of file - 12646 bytes

      ======Scheduled tasks folder======

      C:\WINDOWS\tasks\AppleSoftwareUpdate.job
      C:\WINDOWS\tasks\GlaryInitialize.job
      C:\WINDOWS\tasks\wrSpySweeper_L72EC90D722634BC991A9FE32F5A45CD0.job

      ======Registry dump======

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
      Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Common\Companion\Installs\cpn0\yt.dll [2006-10-26 440384]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
      Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-01-12 63128]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
      Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-27 2210608]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
      SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
      {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Common\Companion\Installs\cpn0\yt.dll [2006-10-26 440384]

      [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
      "ccApp"=C:\Program Files\Common Files\Symantec Shared\ccApp.exe [2004-02-29 66680]
      "vptray"=C:\PROGRA~1\SYMANT~1\VPTray.exe [2004-03-12 124128]
      "MEDIC"=C:\Program Files\MEDIC\bin\sprtcmd.exe [2006-07-06 192512]
      "NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
      "TrueImageMonitor.exe"=C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe [2005-11-28 988701]
      "Acronis Scheduler2 Service"=C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe [2005-11-28 118784]
      "iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2007-11-15 267048]
      "UserFaultCheck"=C:\WINDOWS\system32\dumprep.exe [2008-04-13 10752]
      "QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-01-31 385024]
      "SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
      "GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2006-10-27 31016]
      "SpySweeper"=C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe [2008-10-12 6272888]

      [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
      "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
      "PhotoShow Deluxe Media Manager"=C:\PROGRA~1\Nero\data\Xtras\mssysmgr.exe [2004-11-11 212992]
      "Yahoo! Pager"=C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [2006-11-30 4662776]
      "updateMgr"=C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe [2006-03-30 313472]
      "Sony Ericsson PC Suite"=C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe [2008-06-18 393216]

      C:\Documents and Settings\All Users\Start Menu\Programs\Startup
      Adobe Gamma Loader.exe.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
      Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
      Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
      HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
      HP Image Zone Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
      Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
      Kodak software updater.lnk - C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon]
      C:\WINDOWS\system32\NavLogon.dll [2004-03-12 83176]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
      C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
      "{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-27 2210608]

      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
      "authentication packages"=msv1_0
      relog_ap

      [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
      "SecurityProviders"=msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, msansspc.dll

      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]

      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRConsumerService]

      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WebrootSpySweeperService]

      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WRConsumerService]

      [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
      "dontdisplaylastusername"=0
      "legalnoticecaption"=
      "legalnoticetext"=
      "shutdownwithoutlogon"=1
      "undockwithoutlogon"=1

      [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
      "NoDriveTypeAutoRun"=145

      [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
      "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
      "C:\PROGRA~1\Yahoo!\MESSEN~1\YPAGER.EXE"="C:\PROGRA~1\Yahoo!\MESSEN~1\YPAGER.EXE:*:Enabled:Yahoo! Messenger"
      "C:\PROGRA~1\Yahoo!\MESSEN~1\yserver.exe"="C:\PROGRA~1\Yahoo!\MESSEN~1\yserver.exe:*:Enabled:Yahoo! FT Server"
      "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
      "C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
      "C:\Program Files\TurboTax\Deluxe 2006\32bit\ttax.exe"="C:\Program Files\TurboTax\Deluxe 2006\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax"
      "C:\Program Files\TurboTax\Deluxe 2006\32bit\updatemgr.exe"="C:\Program Files\TurboTax\Deluxe 2006\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager"
      "C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
      "C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe"="C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe:*:Enabled:Kodak Software Updater"
      "C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe"="C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare"
      "C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
      "C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
      "C:\Program Files\AIM6\aim6.exe"="C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM"
      "C:\Program Files\AIM\aim.exe"="C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger"
      "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
      "C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
      "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
      "C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
      "C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
      "C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"

      [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
      "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
      "C:\Program Files\AIM\aim.exe"="C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger"
      "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
      "C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
      "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6fba628f-dfaf-11d4-bbaf-00119562caef}]
      shell\AutoRun\command - L:\PCConnect.exe

      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8b4e58da-dfab-11d4-b988-00119562caef}]
      shell\AutoRun\command - J:\LaunchU3.exe


      ======List of files/folders created in the last 1 months======

      2008-12-06 10:34:41 ----D---- C:\rsit
      2008-12-06 09:23:57 ----D---- C:\Documents and Settings\Charles\Application Data\Malwarebytes
      2008-12-06 09:23:49 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
      2008-12-06 09:23:49 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
      2008-12-05 17:36:25 ----D---- C:\Program Files\Trend Micro
      2008-12-05 01:02:56 ----D---- C:\Documents and Settings\Charles\Application Data\Sony Setup
      2008-12-05 01:01:46 ----D---- C:\Program Files\Sony Setup
      2008-12-05 01:01:40 ----D---- C:\Program Files\Avanquest update
      2008-12-05 01:01:38 ----D---- C:\Documents and Settings\All Users\Application Data\BVRP Software
      2008-12-05 01:00:59 ----D---- C:\Program Files\Sony Ericsson
      2008-12-05 01:00:59 ----D---- C:\Documents and Settings\All Users\Application Data\Sony Ericsson
      2008-11-23 14:36:40 ----D---- C:\Program Files\Common Files\DESIGNER
      2008-11-23 14:26:50 ----A---- C:\WINDOWS\system32\msonpmon.dll
      2008-11-23 14:23:36 ----D---- C:\Program Files\Microsoft Works
      2008-11-23 14:23:21 ----D---- C:\Program Files\MSBuild
      2008-11-23 14:21:15 ----D---- C:\Program Files\Microsoft.NET
      2008-11-23 14:10:43 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help

      ======List of files/folders modified in the last 1 months======

      2008-12-06 10:34:51 ----D---- C:\WINDOWS\Prefetch
      2008-12-06 10:33:44 ----D---- C:\WINDOWS\system32
      2008-12-06 10:23:32 ----D---- C:\WINDOWS\Temp
      2008-12-06 09:27:38 ----D---- C:\WINDOWS\Minidump
      2008-12-06 09:25:37 ----D---- C:\WINDOWS
      2008-12-06 09:23:53 ----D---- C:\WINDOWS\system32\drivers
      2008-12-06 09:23:49 ----RD---- C:\Program Files
      2008-12-06 09:23:43 ----D---- C:\Program Files\Symantec AntiVirus
      2008-12-05 18:03:37 ----D---- C:\Program Files\LimeWire
      2008-12-05 17:47:17 ----D---- C:\WINDOWS\network diagnostic
      2008-12-05 17:36:11 ----D---- C:\hijack this
      2008-12-05 03:05:27 ----RSD---- C:\WINDOWS\assembly
      2008-12-05 03:05:27 ----D---- C:\WINDOWS\Microsoft.NET
      2008-12-05 02:14:31 ----HD---- C:\WINDOWS\inf
      2008-12-05 01:11:54 ----D---- C:\WINDOWS\system32\CatRoot2
      2008-12-05 01:11:35 ----SHD---- C:\WINDOWS\Installer
      2008-12-05 01:11:35 ----HD---- C:\Config.Msi
      2008-12-05 01:11:34 ----D---- C:\Program Files\Common Files\Microsoft Shared
      2008-12-05 01:11:33 ----D---- C:\WINDOWS\WinSxS
      2008-12-05 01:08:52 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
      2008-12-05 01:01:38 ----HD---- C:\Program Files\InstallShield Installation Information
      2008-11-23 14:46:05 ----SD---- C:\Documents and Settings\Charles\Application Data\Microsoft
      2008-11-23 14:36:40 ----D---- C:\Program Files\Common Files
      2008-11-23 14:36:33 ----RSD---- C:\WINDOWS\Fonts
      2008-11-23 14:23:02 ----D---- C:\Program Files\Microsoft Office
      2008-11-23 14:22:23 ----D---- C:\WINDOWS\SHELLNEW
      2008-11-23 14:18:13 ----D---- C:\WINDOWS\Help
      2008-11-23 14:11:30 ----A---- C:\WINDOWS\win.ini
      2008-11-22 22:14:54 ----D---- C:\Documents and Settings\Charles\Application Data\LimeWire
      2008-11-18 16:19:55 ----D---- C:\Documents and Settings\Charles\Application Data\Ahead
      2008-11-11 15:11:22 ----A---- C:\WINDOWS\DUMPc10e.tmp

      ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

      R1 AmdK7;AMD K7 Processor Driver; C:\WINDOWS\System32\DRIVERS\amdk7.sys [2008-04-13 37760]
      R1 DcCam;Kodak Camera Proxy; C:\WINDOWS\system32\DRIVERS\DcCam.sys [2005-06-16 37150]
      R1 SAVRT;SAVRT; \??\C:\Program Files\Symantec AntiVirus\savrt.sys []
      R1 SYMTDI;SYMTDI; C:\WINDOWS\System32\Drivers\SYMTDI.SYS [2004-03-11 263616]
      R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.2.0.3; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2008-06-08 17801]
      R2 DCFS2K;Kodak DCFS2K Driver; C:\WINDOWS\system32\drivers\dcfs2k.sys [2005-03-31 38673]
      R2 SAVRTPEL;SAVRTPEL; \??\C:\Program Files\Symantec AntiVirus\Savrtpel.sys []
      R2 tifsfilter;Acronis TrueImage FS Filter; C:\WINDOWS\system32\DRIVERS\tifsfilt.sys [2007-07-13 30688]
      R2 TwingoStorageDriver;TwingoStorageDriver; \??\C:\Program Files\Cisco Systems\Secure Desktop\Storage.sys []
      R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2004-10-01 2279424]
      R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2008-04-13 60800]
      R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2006-09-19 15664]
      R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-13 10368]
      R3 ltmodem5;LT Modem Driver; C:\WINDOWS\System32\DRIVERS\ltmdmnt.sys [2004-08-03 606684]
      R3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
      R3 NAVENG;NAVENG; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20081205.008\naveng.sys []
      R3 NAVEX15;NAVEX15; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20081205.008\navex15.sys []
      R3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2008-04-13 61824]
      R3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]
      R3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
      R3 SymEvent;SymEvent; \??\C:\Program Files\Symantec\SYMEVENT.SYS []
      R3 USB_RNDIS;Linksys Wireless-G USB Network Adapter with SpeedBooster Driver v2; C:\WINDOWS\system32\DRIVERS\usb8023.sys [2008-04-13 12800]
      R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208]
      R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
      R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbohci.sys [2008-04-13 17152]
      R3 usbstor;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
      S1 Exportit;Exportit; C:\WINDOWS\system32\DRIVERS\exportit.sys [2005-03-31 152081]
      S1 wceusbsh;Windows CE USB Serial Host Driver; C:\WINDOWS\system32\DRIVERS\wceusbsh.sys [2008-04-13 31744]
      S3 BCM42RLY;BCM42RLY; \??\C:\WINDOWS\System32\BCM42RLY.SYS []
      S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
      S3 DcFpoint;DcFpoint; C:\WINDOWS\system32\DRIVERS\DcFpoint.sys [2005-03-31 61564]
      S3 DcLps;Legacy Polling Service; C:\WINDOWS\system32\DRIVERS\DcLps.sys [2005-03-31 8022]
      S3 DcPTP;dcptp; C:\WINDOWS\system32\DRIVERS\DcPTP.sys [2005-03-31 70262]
      S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\DNINDIS5.SYS []
      S3 GTNDIS5;GTNDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\GTNDIS5.SYS []
      S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2004-12-14 51120]
      S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2004-12-14 16496]
      S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2004-12-14 21744]
      S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
      S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
      S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
      S3 NETGEAR NETGEAR_MA101_USB_Adapter(R);NETGEAR NETGEAR_MA101_USB_Adapter(R) Service for NETGEAR MA101 USB Adapter; C:\WINDOWS\system32\DRIVERS\ma1012kr.sys []
      S3 QCDonner;Logitech QuickCam Express; C:\WINDOWS\system32\DRIVERS\OVCD.sys [2001-08-17 28032]
      S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
      S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
      S3 SYMREDRV;SYMREDRV; C:\WINDOWS\System32\Drivers\SYMREDRV.SYS [2004-03-11 16288]
      S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2008-04-13 32128]
      S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
      S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
      S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
      S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

      ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

      R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-10-26 611664]
      R2 AcrSch2Svc;Acronis Scheduler2 Service; C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe [2005-11-28 172032]
      R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2007-10-31 110592]
      R2 ccEvtMgr;Symantec Event Manager; C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe [2004-02-29 255096]
      R2 ccSetMgr;Symantec Settings Manager; C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe [2004-02-29 242808]
      R2 DefWatch;Symantec AntiVirus Definition Watcher; C:\Program Files\Symantec AntiVirus\DefWatch.exe [2004-03-12 29928]
      R2 [email]FAH@C:+folding+FAH502-Console.exe;FAH@C:+folding+FAH502-Console.exe[/email]; C:\folding\FAH502-Console.exe [2006-08-19 253952]
      R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
      R2 Symantec AntiVirus;Symantec AntiVirus; C:\Program Files\Symantec AntiVirus\Rtvscan.exe [2004-03-12 1221864]
      R2 TwingoStorageService;Cisco Systems Secure Desktop; C:\Program Files\Cisco Systems\Secure Desktop\Storage.exe [2007-01-23 34576]
      R2 Viewpoint Manager Service;Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
      R2 WebrootSpySweeperService;Webroot Spy Sweeper Engine; C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe [2008-10-02 3667304]
      R2 WRConsumerService;Webroot Client Service; C:\Program Files\Webroot\Spy Sweeper\WRConsumerService.exe [2008-10-12 1066360]
      R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2007-11-15 504104]
      S2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2006-03-02 69632]
      S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
      S3 ccPwdSvc;Symantec Password Validation; C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe [2004-02-29 87160]
      S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
      S3 KodakCCS;Kodak Camera Connection Software; C:\WINDOWS\system32\drivers\KodakCCS.exe [2005-03-30 411920]
      S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-27 65824]
      S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
      S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
      S3 SavRoam;SAVRoam; C:\Program Files\Symantec AntiVirus\SavRoam.exe [2004-03-12 169192]
      S3 SNDSrvc;Symantec Network Drivers Service; C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe [2004-03-11 193760]

      EOF
    4. chipatkinsonchipatkinson San Antonio Texas
      edited December 2008
      Malwarebytes' Anti-Malware 1.31
      Database version: 1466
      Windows 5.1.2600 Service Pack 3

      12/6/2008 10:33:44 AM
      mbam-log-2008-12-06 (10-33-44).txt

      Scan type: Full Scan (C:\|F:\|)
      Objects scanned: 146967
      Time elapsed: 1 hour(s), 2 minute(s), 51 second(s)

      Memory Processes Infected: 0
      Memory Modules Infected: 0
      Registry Keys Infected: 9
      Registry Values Infected: 1
      Registry Data Items Infected: 0
      Folders Infected: 1
      Files Infected: 6

      Memory Processes Infected:
      (No malicious items detected)

      Memory Modules Infected:
      (No malicious items detected)

      Registry Keys Infected:
      HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2 (Adware.PopCap) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\c:/windows/downloaded program files/popcaploader.dll (Adware.PopCap) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\TypeLib\{c9c5deaf-0a1f-4660-8279-9edfad6fefe1} (Adware.PopCap) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\Interface\{e4e3e0f8-cd30-4380-8ce9-b96904bdefca} (Adware.PopCap) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\Interface\{fe8a736f-4124-4d9c-b4b1-3b12381efabe} (Adware.PopCap) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\CLSID\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2.1 (Adware.PopCap) -> Quarantined and deleted successfully.

      Registry Values Infected:
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\Downloaded Program Files\popcaploader.dll (Adware.PopCap) -> Quarantined and deleted successfully.

      Registry Data Items Infected:
      (No malicious items detected)

      Folders Infected:
      C:\Documents and Settings\Charles\Application Data\GetModule (Trojan.Agent) -> Quarantined and deleted successfully.

      Files Infected:
      C:\WINDOWS\Downloaded Program Files\popcaploader.dll (Adware.PopCap) -> Quarantined and deleted successfully.
      C:\Documents and Settings\Charles\Application Data\GetModule\dicik.gz (Trojan.Agent) -> Quarantined and deleted successfully.
      C:\Documents and Settings\Charles\Application Data\GetModule\kwdik.gz (Trojan.Agent) -> Quarantined and deleted successfully.
      C:\Documents and Settings\Charles\Application Data\GetModule\ofadik.gz (Trojan.Agent) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\tdssinit.dll (Trojan.Agent) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\tdssservers.dat (Trojan.Agent) -> Quarantined and deleted successfully.
    5. edited December 2008
      Hello,

      Registry Cleaners

      I notice the presence of Glary Registry Repair Registry Cleaner on your pc.

      I don't personally recommend the use of ANY registry cleaners.
      Here is an excerpt from a discussion on regcleaners
      Most reg cleaners aren't "bad" as such, but they aren't perfect and even the best have been known to cause problems.
      The point we are trying to make is that the risk of using one far outweighs any benefit.
      If it does work perfectly you will not see any difference
      If it doesn't work properly you may end up with an expensive doorstop.
      http://forums.whatthetech.com/Regcleaner_t42862.html


      Download and Run ComboFix (by sUBs)
      Please visit this webpage for instructions for downloading and running ComboFix:

      Bleeping Computer ComboFix Tutorial

      Post the log from ComboFix when you've accomplished that, along with a new HijackThis log.

      A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own.
      This tool is not a toy and not for everyday use.
      ComboFix SHOULD NOT be used unless requested by a forum helper



      Please post the ComboFix log along with a fresh HijackThis log.
    6. chipatkinsonchipatkinson San Antonio Texas
      edited December 2008
      I followed your instructions and the combofix program proceeded until it showed "completed stage 4". It then stalled for over an hour. The computer tried to reboot but now it is locked in a loop trying to sucessfully reboot but failing and then trying again and again.

      The instructions had me do the recovery console before running combofix. Will this help me be able to boot the computer again?
    7. chipatkinsonchipatkinson San Antonio Texas
      edited December 2008
      Carolyn, thanks for your help. The computer finally rebooted and I ran combofix again. I've posted the log below followed by a new HJT log.

      ComboFix 08-12-06.04 - Charles 2008-12-06 19:11:40.2 - NTFSx86
      Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.782 [GMT -6:00]
      Running from: c:\documents and settings\Charles\Desktop\ComboFix.exe
      .

      ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      ---- Previous Run
      .
      c:\windows\wiaservv.log

      .
      ((((((((((((((((((((((((( Files Created from 2008-11-07 to 2008-12-07 )))))))))))))))))))))))))))))))
      .

      2008-12-06 10:34 . 2008-12-06 10:35 <DIR> d
      C:\rsit
      2008-12-06 09:23 . 2008-12-06 09:23 <DIR> d
      c:\program files\Malwarebytes' Anti-Malware
      2008-12-06 09:23 . 2008-12-06 09:23 <DIR> d
      c:\documents and settings\Charles\Application Data\Malwarebytes
      2008-12-06 09:23 . 2008-12-06 09:23 <DIR> d
      c:\documents and settings\All Users\Application Data\Malwarebytes
      2008-12-06 09:23 . 2008-12-03 19:52 38,496 --a
      c:\windows\system32\drivers\mbamswissarmy.sys
      2008-12-06 09:23 . 2008-12-03 19:52 15,504 --a
      c:\windows\system32\drivers\mbam.sys
      2008-12-05 17:36 . 2008-12-05 17:36 <DIR> d
      c:\program files\Trend Micro
      2008-12-05 01:02 . 2008-12-05 01:02 <DIR> d
      c:\documents and settings\Charles\Application Data\Sony Setup
      2008-12-05 01:01 . 2008-12-05 01:01 <DIR> d
      c:\program files\Sony Setup
      2008-12-05 01:01 . 2008-12-05 01:01 <DIR> d
      c:\program files\Avanquest update
      2008-12-05 01:01 . 2008-12-05 01:01 <DIR> d
      c:\documents and settings\All Users\Application Data\BVRP Software
      2008-12-05 01:00 . 2008-12-05 01:00 <DIR> d
      c:\program files\Sony Ericsson
      2008-12-05 01:00 . 2008-12-05 01:00 <DIR> d
      c:\documents and settings\All Users\Application Data\Sony Ericsson
      2008-11-23 14:26 . 2006-10-26 19:56 32,592 --a
      c:\windows\system32\msonpmon.dll
      2008-11-23 14:23 . 2008-11-23 14:23 <DIR> d
      c:\program files\MSBuild
      2008-11-23 14:23 . 2008-11-23 14:23 <DIR> d
      c:\program files\Microsoft Works
      2008-11-23 14:21 . 2008-11-23 14:21 <DIR> d
      c:\program files\Microsoft.NET
      2008-11-23 14:10 . 2008-11-23 14:46 <DIR> d
      c:\documents and settings\All Users\Application Data\Microsoft Help

      .
      (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2008-12-07 01:23
      d
      w c:\program files\Symantec AntiVirus
      2008-12-06 00:03
      d
      w c:\program files\LimeWire
      2008-12-05 07:01
      d--h--w c:\program files\InstallShield Installation Information
      2008-11-23 04:14
      d
      w c:\documents and settings\Charles\Application Data\LimeWire
      2008-11-18 22:19
      d
      w c:\documents and settings\Charles\Application Data\Ahead
      2008-11-11 21:11 90,112 ----a-w c:\windows\DUMPc10e.tmp
      2008-10-26 17:44
      d---a-w c:\documents and settings\All Users\Application Data\TEMP
      2008-10-26 17:44
      d
      w c:\program files\SpywareBlaster
      2008-10-26 17:38
      d
      w c:\documents and settings\All Users\Application Data\Lavasoft
      2008-10-26 17:37
      d
      w c:\program files\Lavasoft
      2008-10-26 17:37
      d
      w c:\documents and settings\Charles\Application Data\Lavasoft
      2008-10-26 17:36
      d
      w c:\program files\Common Files\Wise Installation Wizard
      2008-10-25 10:43
      d
      w c:\program files\Google
      2008-10-25 09:12
      d
      w c:\documents and settings\All Users\Application Data\Webroot
      2008-10-25 09:08 164 ----a-w C:\install.dat
      2008-10-24 12:03
      d
      w c:\program files\Shockwave.com
      2008-10-24 11:03
      d
      w c:\documents and settings\Charles\Application Data\PlayFirst
      2008-10-24 11:03
      d
      w c:\documents and settings\All Users\Application Data\PlayFirst
      2008-10-22 08:25 90,112 ----a-w c:\windows\DUMPcc0a.tmp
      2008-10-12 18:18 1,553,272 ----a-w c:\windows\WRSetup.dll
      2008-09-15 12:12 1,846,400 ----a-w c:\windows\system32\win32k.sys
      2007-08-07 06:17 7,028,144 ----a-w c:\documents and settings\Charles\medic6.exe
      .

      ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      *Note* empty entries & legit default entries are not shown
      REGEDIT4

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
      "PhotoShow Deluxe Media Manager"="c:\progra~1\Nero\data\Xtras\mssysmgr.exe" [2004-11-11 212992]
      "Yahoo! Pager"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2006-11-30 4662776]
      "updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
      "Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [2008-06-18 393216]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2004-02-29 66680]
      "vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2004-03-12 124128]
      "MEDIC"="c:\program files\MEDIC\bin\sprtcmd.exe" [2006-07-06 192512]
      "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
      "TrueImageMonitor.exe"="c:\program files\Acronis\TrueImage\TrueImageMonitor.exe" [2005-11-28 988701]
      "Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2005-11-28 118784]
      "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2007-11-15 267048]
      "UserFaultCheck"="c:\windows\system32\dumprep.exe" [2008-04-13 10752]
      "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-01-31 385024]
      "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
      "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
      "SpySweeper"="c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe" [2008-10-12 6272888]

      c:\documents and settings\All Users\Start Menu\Programs\Startup\
      Adobe Gamma Loader.exe.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-08-19 113664]
      Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-08-19 113664]
      Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696]
      HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-09-24 282624]
      HP Image Zone Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2004-11-04 53248]
      Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2005-07-22 151552]
      Kodak software updater.lnk - c:\program files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe [2004-02-13 16423]

      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRConsumerService]
      @=&quot;Service"

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
      "%windir%\\system32\\sessmgr.exe"=
      "c:\\PROGRA~1\\Yahoo!\\MESSEN~1\\yserver.exe"=
      "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
      "c:\\Program Files\\Messenger\\msmsgs.exe"=
      "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
      "c:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=
      "c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
      "c:\\Program Files\\iTunes\\iTunes.exe"=
      "c:\\Program Files\\AIM\\aim.exe"=
      "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
      "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
      "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
      "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

      R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\DRIVERS\ssfs0bbc.sys [2008-10-02 29808]
      R2 [email]FAH@C:+folding+FAH502-Console.exe;FAH@C:+folding+FAH502-Console.exe;c:\folding\FAH502-Console.exe[/email] -svcstart []
      R2 TwingoStorageDriver;TwingoStorageDriver;\??\c:\program files\Cisco Systems\Secure Desktop\Storage.sys [2007-01-23 73728]
      R2 TwingoStorageService;Cisco Systems Secure Desktop;c:\program files\Cisco Systems\Secure Desktop\Storage.exe [2007-01-23 34576]
      R2 Viewpoint Manager Service;Viewpoint Manager Service;"c:\program files\Viewpoint\Common\ViewpointService.exe" [2007-08-09 24652]
      R2 WRConsumerService;Webroot Client Service;"c:\program files\Webroot\Spy Sweeper\WRConsumerService.exe" [2008-10-25 1066360]
      S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;\??\c:\windows\system32\DNINDIS5.SYS [2001-01-01 17149]
      S3 NETGEAR NETGEAR_MA101_USB_Adapter(R);NETGEAR NETGEAR_MA101_USB_Adapter(R) Service for NETGEAR MA101 USB Adapter;c:\windows\system32\DRIVERS\ma1012kr.sys []
      S3 SavRoam;SAVRoam;"c:\program files\Symantec AntiVirus\SavRoam.exe" [2004-03-12 169192]

      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6fba628f-dfaf-11d4-bbaf-00119562caef}]
      \Shell\AutoRun\command - L:\PCConnect.exe

      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8b4e58da-dfab-11d4-b988-00119562caef}]
      \Shell\AutoRun\command - J:\LaunchU3.exe
      .
      Contents of the 'Scheduled Tasks' folder

      2008-11-20 c:\windows\Tasks\AppleSoftwareUpdate.job
      - c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 14:57]

      2008-12-07 c:\windows\Tasks\GlaryInitialize.job
      - c:\program files\Glary Utilities\initialize.exe [2008-07-18 11:08]

      2008-12-05 c:\windows\Tasks\wrSpySweeper_L72EC90D722634BC991A9FE32F5A45CD0.job
      - c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe [2008-10-12 12:18]

      2008-12-05 c:\windows\Tasks\wrSpySweeper_L72EC90D722634BC991A9FE32F5A45CD0.job
      - c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe [2008-10-12 12:18]

      2008-12-05 c:\windows\Tasks\wrSpySweeper_L72EC90D722634BC991A9FE32F5A45CD0.job
      - a:\","c:\","d:\","e:\","f:\","g:\","h:\","i:\","J:\" []
      .
      .
      Supplementary Scan
      .
      uStart Page = hxxp://www.myspace.com/
      uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&fr=yie7c
      mDefault_Page_URL = hxxp://yahoo.sbc.com/dsl
      mDefault_Search_URL = hxxp://rd.yahoo.com/customize/sbcydsl/defaults/su/*http://www.yahoo.com
      mSearch Page = hxxp://rd.yahoo.com/customize/sbcydsl/defaults/sp/*http://www.yahoo.com
      mStart Page = hxxp://yahoo.sbc.com/dsl
      mSearch Bar = hxxp://rd.yahoo.com/customize/sbcydsl/defaults/sb/*http://www.yahoo.com/search/ie.html
      uInternet Settings,ProxyServer = 168.94.74.68:8080
      uSearchURL,(Default) = hxxp://rd.yahoo.com/customize/sbcydsl/defaults/su/*http://www.yahoo.com
      IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

      O16 -: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
      c:\windows\Downloaded Program Files\DirectAnimation Java Classes.osd

      O16 -: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
      c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd

      c:\windows\Downloaded Program Files\ddfotg.1.0.0.33.dll - O16 -: {BAE1D8DF-0B35-47E3-A1E7-EEB3FF2ECD19}
      hxxp://www.shockwave.com/content/dinerdashfloonthego/sis/ddfotg.1.0.0.33.cab
      c:\windows\Downloaded Program Files\ddfotg.1.0.0.33.inf
      .

      **************************************************************************

      catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2008-12-06 19:21:25
      Windows 5.1.2600 Service Pack 3 NTFS

      scanning hidden processes ...

      scanning hidden autostart entries ...

      scanning hidden files ...


      c:\documents and settings\Charles\Application Data\Cisco Systems\Secure Desktop\!\Charles.vault 2293760 bytes

      scan completed successfully
      hidden files: 1

      **************************************************************************
      "ImagePath"="system32\DRIVERS\exportit.sys"

      [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\FAH@C:+folding+FAH502-Console.exe]
      .
      DLLs Loaded Under Running Processes

      - - - - - - - > 'winlogon.exe'(964)
      c:\program files\Cisco Systems\Secure Desktop\System.dll

      - - - - - - - > 'lsass.exe'(1028)
      c:\windows\system32\relog_ap.dll
      c:\program files\Cisco Systems\Secure Desktop\System.dll

      - - - - - - - > 'csrss.exe'(940)
      c:\program files\Cisco Systems\Secure Desktop\System.dll
      .
      Other Running Processes
      .
      c:\program files\Common Files\Symantec Shared\ccSetMgr.exe
      c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe
      c:\program files\Lavasoft\Ad-Aware\aawservice.exe
      c:\program files\Common Files\Acronis\Schedule2\schedul2.exe
      c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
      c:\program files\Symantec AntiVirus\DefWatch.exe
      c:\folding\FAH502-Console.exe
      c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
      c:\program files\Symantec AntiVirus\Rtvscan.exe
      c:\folding\FahCore_78.exe
      c:\program files\Webroot\Spy Sweeper\SpySweeper.exe
      c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe
      c:\windows\system32\wscntfy.exe
      c:\program files\HP\Digital Imaging\bin\hpqgalry.exe
      c:\program files\Yahoo!\Messenger\Ymsgr_tray.exe
      c:\program files\iPod\bin\iPodService.exe
      c:\program files\Webroot\Spy Sweeper\SSU.exe
      .
      **************************************************************************
      .
      Completion time: 2008-12-06 19:26:27 - machine was rebooted [Charles]
      ComboFix-quarantined-files.txt 2008-12-07 01:26:21

      Pre-Run: 92,347,682,816 bytes free
      Post-Run: 93,233,012,736 bytes free

      201 --- E O F --- 2008-10-25 09:59:00



      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 7:30:32 PM, on 12/6/2008
      Platform: Windows XP SP3 (WinNT 5.01.2600)
      MSIE: Internet Explorer v7.00 (7.00.6000.16735)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\Program Files\Webroot\Spy Sweeper\WRConsumerService.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
      C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
      C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
      C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
      C:\Program Files\Symantec AntiVirus\DefWatch.exe
      C:\folding\FAH502-Console.exe
      C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Symantec AntiVirus\Rtvscan.exe
      C:\folding\FahCore_78.exe
      C:\Program Files\Cisco Systems\Secure Desktop\Storage.exe
      C:\Program Files\Viewpoint\Common\ViewpointService.exe
      C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
      C:\PROGRA~1\SYMANT~1\VPTray.exe
      C:\Program Files\MEDIC\bin\sprtcmd.exe
      C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe
      C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
      C:\Program Files\iTunes\iTunesHelper.exe
      C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
      C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
      C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\PROGRA~1\Nero\data\Xtras\mssysmgr.exe
      C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
      C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
      C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
      C:\WINDOWS\system32\wscntfy.exe
      C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
      C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
      C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
      C:\Program Files\iPod\bin\iPodService.exe
      C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
      C:\WINDOWS\explorer.exe
      C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe
      C:\Program Files\internet explorer\iexplore.exe
      C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace.com/
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://rd.yahoo.com/customize/sbcydsl/defaults/su/*http://www.yahoo.com
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://rd.yahoo.com/customize/sbcydsl/defaults/sb/*http://www.yahoo.com/search/ie.html
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://rd.yahoo.com/customize/sbcydsl/defaults/sp/*http://www.yahoo.com
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
      R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://rd.yahoo.com/customize/sbcydsl/defaults/su/*http://www.yahoo.com
      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 168.94.74.68:8080
      R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\Companion\Installs\cpn0\yt.dll
      O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Common\Companion\Installs\cpn0\yt.dll
      O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
      O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
      O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\Companion\Installs\cpn0\yt.dll
      O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
      O4 - HKLM\..\Run: [vptray] "C:\PROGRA~1\SYMANT~1\VPTray.exe"
      O4 - HKLM\..\Run: [MEDIC] "C:\Program Files\MEDIC\bin\sprtcmd.exe" /P MEDIC
      O4 - HKLM\..\Run: [NeroFilterCheck] "C:\WINDOWS\system32\NeroCheck.exe"
      O4 - HKLM\..\Run: [TrueImageMonitor.exe] "C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe"
      O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
      O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
      O4 - HKLM\..\Run: [UserFaultCheck] "C:\WINDOWS\system32\dumprep.exe" 0 -u
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
      O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
      O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
      O4 - HKCU\..\Run: [ctfmon.exe] "C:\WINDOWS\system32\ctfmon.exe"
      O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] "C:\PROGRA~1\Nero\data\Xtras\mssysmgr.exe"
      O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
      O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
      O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon
      O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
      O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
      O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
      O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
      O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
      O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
      O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
      O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
      O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
      O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
      O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
      O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
      O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
      O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
      O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
      O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
      O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O16 - DPF: Yahoo! Canasta - http://download2.games.yahoo.com/games/clients/y/yt2_x.cab
      O16 - DPF: Yahoo! Spades - http://download2.games.yahoo.com/games/clients/y/st3_x.cab
      O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://supportcenter.rr.com/sdccommon/download/tgctlcm.cab
      O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
      O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmart.com/WalmartActivia.cab
      O16 - DPF: {639658F3-B141-4D6B-B936-226F75A5EAC3} (CPlayFirstDinerDash2Control Object) - http://www.shockwave.com/content/dinerdash2/sis/DinerDash2.1.0.0.67.cab
      O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?978394753296
      O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD44/JSCDL/jdk/6u7/jinstall-6u7-windows-i586-jc.cab?e=1222451974064&h=3cb26dcda6e0fe92fe8da7c09b885a0f/&filename=jinstall-6u7-windows-i586-jc.cab
      O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
      O16 - DPF: {BAE1D8DF-0B35-47E3-A1E7-EEB3FF2ECD19} (CPlayFirstddfotgControl Object) - http://www.shockwave.com/content/dinerdashfloonthego/sis/ddfotg.1.0.0.33.cab
      O16 - DPF: {E7D2588A-7FB5-47DC-8830-832605661009} (Live Collaboration) - https://livewc02.custhelp.com/7560-b440h-turbotax__promote/rnl/java/RntX.cab
      O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
      O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
      O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
      O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
      O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
      O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
      O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
      O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
      O23 - Service: [email]FAH@C:+folding+FAH502-Console.exe[/email] - Stanford University - C:\folding\FAH502-Console.exe
      O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
      O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
      O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
      O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
      O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
      O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
      O23 - Service: Cisco Systems Secure Desktop (TwingoStorageService) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\Secure Desktop\Storage.exe
      O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
      O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. (www.webroot.com) - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
      O23 - Service: Webroot Client Service (WRConsumerService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRConsumerService.exe

      --
      End of file - 12383 bytes
    8. edited December 2008
      Hello,

      I see that Viewpoint is installed. Viewpoint, Viewpoint Manager, Viewpoint Media Player are Viewpoint components which are installed as a side effect of installing other software, most notably AOL and AOL Instant Messenger (AIM). Viewpoint Manager is responsible for managing and updating Viewpoint Media Player’s components. You can disable this using the Viewpoint Manager Control Panel found in the Windows Control Panel menu. By selecting Disable auto-updating for the Viewpoint Manager -- the player will no longer attempt to check for updates. Anything that is installed without your consent is suspect. Read what Viewpoint says and make your own decision.
      To provide a satisfying consumer experience and to operate effectively, the Viewpoint Media Player periodically sends information to servers at Viewpoint. Each installation of the Viewpoint Media Player is identifiable to Viewpoint via a Customer Unique Identifier (CUID), an alphanumeric identifier embedded in the Viewpoint Media Player. The Viewpoint Media Player randomly generates the CUID during installation and uses it to indicate a unique installation of the product. A CUID is never connected to a user's name, email address, or other personal contact information. CUIDs are used for the sole purpose of filtering redundant information. Each of these information exchanges occurs anonymously.
      Viewpoint Manager is considered as foistware instead of malware since it is installed without user's approval but doesn't spy or do anything "bad". This may change, read Viewpoint to Plunge Into Adware.
      I recommend that you remove the Viewpoint products; however, decide for yourself. To uninstall the the Viewpoint components (Viewpoint, Viewpoint Manager, Viewpoint Media Player):
      1. Click Start, point to Settings, and then click Control Panel.
      2. In Control Panel, double-click Add or Remove Programs.
      3. In Add or Remove Programs, highlight >>Viewpoint component<< , click Remove.
      4. Do the same for each Viewpoint component.


      I would like to see the output from the first time you ran ComboFix, if any exists.

      Step 1:
      Using Windows Explore by right-clicking the Start button and left clicking Explore navigate to and find the following folders:

      C:\qoobox

      Please post the contents of the files in that folder.


      Step 2:
      Using Windows Explore by right-clicking the Start button and left clicking Explore navigate to and find the following folders:

      C:\QooBox\LastRun

      If there are any log files in that folder, please post them in your next reply as well.
    9. chipatkinsonchipatkinson San Antonio Texas
      edited December 2008
      Thanks Carolyn. I uninstalled viewpoint media player. That was the only viewpoint component I found.

      I did not find a C:/qoobox/lastrun folder so couldn't paste contents for you. However, I've pasted contents of C:/qoobox folder below.

      I still get the same error message trying to access yahoo mail and some other sites like usaa.com and myfamily.com.

      contents of combofix-quarantined-files.txt
      2008-10-25 13:52:36 A
      12 C:\Qoobox\Quarantine\C\WINDOWS\wiaservv.log.vir
      2008-12-06 17:37:19 A
      166 C:\Qoobox\Quarantine\catchme.log
      2008-12-06 19:15:16 A
      9,266 C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
      2008-12-06 19:25:09 A
      0 C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-CFSServ.exe.reg.dat
      2008-12-06 19:25:09 A
      0 C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-NDSTray.exe.reg.dat
      2008-12-06 19:25:09 A
      0 C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-TFncKy.reg.dat

      contents of c:/qoobox/add-remove programs.txt
      6200
      6200_Help
      6200Trb
      Acronis*True*Image
      Ad-Aware
      Adobe Flash Player ActiveX
      Adobe InDesign 1.5
      Adobe Photoshop 6.0
      Adobe Reader 7.0.8
      Adobe SVG Viewer
      AiO_Scan
      AiOSoftware
      AOL Instant Messenger
      AOL Uninstaller (Choose which Products to Remove)
      Apple Mobile Device Support
      Apple Software Update
      Avanquest update
      BufferChm
      CameraDrivers
      CameraUserGuides
      CardRd81
      CCScore
      Cisco Secure Desktop
      Copy
      CP_AtenaShokunin1Config
      cp_dwShrek2Albums1
      cp_dwShrek2Cards1
      CR2
      CreativeProjects
      CreativeProjectsTemplates
      CueTour
      Destinations
      DeviceManagementQFolder
      DocProc
      DocumentViewer
      ESSBrwr
      ESSCDBK
      ESScore
      ESSCT
      ESSEMAIL
      ESSgui
      ESShelp
      ESSini
      ESSPCD
      ESSPDock
      ESSSONIC
      ESSTOOLS
      ESSTUTOR
      ESSvpaht
      ESSvpot
      eSupportQFolder
      Family Tree Maker 2005
      Fax
      Glary Registry Repair 2.9
      Glary Utilities 2.6
      HijackThis 2.0.2
      HLPIndex
      HLPPDOCK
      HLPSFO
      Hotfix for Windows Internet Explorer 7 (KB947864)
      Hotfix for Windows XP (KB952287)
      HP Extended Capabilities 4.7
      HP Image Zone 4.7
      HP Imaging Device Functions 6.0
      HP Photosmart Cameras 6.0
      HP PSC & OfficeJet 4.7
      HP Software Update
      HP Solution Center and Imaging Support Tools 6.0
      hpiCamDrvQFolder
      HPProductAssistant
      HPSystemDiagnostics
      InstantShare
      InterActual Player
      iTunes
      Java(TM) 6 Update 7
      KSU
      Linksys Wireless-G USB Network Adapter
      LiveUpdate 2.0 (Symantec Corporation)
      Malwarebytes' Anti-Malware
      MarketResearch
      Medic Patch 6.0.0.8
      Microsoft .NET Framework 1.1
      Microsoft .NET Framework 1.1 Hotfix (KB928366)
      Microsoft .NET Framework 2.0
      Microsoft Internationalized Domain Names Mitigation APIs
      Microsoft National Language Support Downlevel APIs
      Microsoft Office Access MUI (English) 2007
      Microsoft Office Access Setup Metadata MUI (English) 2007
      Microsoft Office Enterprise 2007
      Microsoft Office Excel MUI (English) 2007
      Microsoft Office Groove MUI (English) 2007
      Microsoft Office Groove Setup Metadata MUI (English) 2007
      Microsoft Office InfoPath MUI (English) 2007
      Microsoft Office OneNote MUI (English) 2007
      Microsoft Office Outlook MUI (English) 2007
      Microsoft Office PowerPoint MUI (English) 2007
      Microsoft Office Proof (English) 2007
      Microsoft Office Proof (French) 2007
      Microsoft Office Proof (Spanish) 2007
      Microsoft Office Proofing (English) 2007
      Microsoft Office Publisher MUI (English) 2007
      Microsoft Office Shared MUI (English) 2007
      Microsoft Office Shared Setup Metadata MUI (English) 2007
      Microsoft Office Word MUI (English) 2007
      Microsoft Software Update for Web Folders (English) 12
      Microsoft SQL Server 2005 Compact Edition [ENU]
      Microsoft Visual C++ 2005 Redistributable
      Microsoft Web Publishing Wizard 1.52
      Move Networks Player for Internet Explorer
      MSXML 4.0 SP2 (KB927978)
      MSXML 4.0 SP2 (KB936181)
      MySpaceIM
      Nero PhotoShow Express
      Nero Suite
      Notifier
      OfotoXMI
      OTtBP
      OTtBPSDK
      Outlook Express Backup Wizard version 1.1
      Panda ActiveScan
      PanoStandAlone
      PhotoGallery
      ProductContext
      QFolder
      QuickTime
      Readme
      Realtek AC'97 Audio
      Rhapsody Player Engine
      Road Runner Medic 6.0.0.6
      RoadRunner
      Scan
      ScannerCopy
      Security Update for Windows Internet Explorer 7 (KB929969)
      Security Update for Windows Internet Explorer 7 (KB931768)
      Security Update for Windows Internet Explorer 7 (KB933566)
      Security Update for Windows Internet Explorer 7 (KB937143)
      Security Update for Windows Internet Explorer 7 (KB938127)
      Security Update for Windows Internet Explorer 7 (KB939653)
      Security Update for Windows Internet Explorer 7 (KB942615)
      Security Update for Windows Internet Explorer 7 (KB944533)
      Security Update for Windows Internet Explorer 7 (KB950759)
      Security Update for Windows Internet Explorer 7 (KB953838)
      Security Update for Windows Internet Explorer 7 (KB956390)
      Security Update for Windows Media Player 9 (KB917734)
      Security Update for Windows XP (KB913433)
      Security Update for Windows XP (KB938464)
      Security Update for Windows XP (KB941569)
      Security Update for Windows XP (KB946648)
      Security Update for Windows XP (KB950760)
      Security Update for Windows XP (KB950762)
      Security Update for Windows XP (KB950974)
      Security Update for Windows XP (KB951066)
      Security Update for Windows XP (KB951376-v2)
      Security Update for Windows XP (KB951376)
      Security Update for Windows XP (KB951698)
      Security Update for Windows XP (KB951748)
      Security Update for Windows XP (KB952954)
      Security Update for Windows XP (KB953839)
      Security Update for Windows XP (KB954211)
      Security Update for Windows XP (KB956391)
      Security Update for Windows XP (KB956803)
      Security Update for Windows XP (KB956841)
      Security Update for Windows XP (KB957095)
      Security Update for Windows XP (KB958644)
      SFR
      SHASTA
      SKIN0001
      SkinsHP1
      SKINXSDK
      SolutionCenter
      Sony Ericsson PC Suite 4.006.00
      Spy Sweeper
      Spy Sweeper Core
      SpywareBlaster 4.1
      Status
      Symantec AntiVirus
      TrayApp
      Unload
      Update for Windows XP (KB951072-v2)
      Viewpoint Media Player
      VPRINTOL
      Web Pictures Downloader 1.9
      WebFldrs XP
      WebReg
      Windows Genuine Advantage Notifications (KB905474)
      Windows Genuine Advantage Validation Tool (KB892130)
      Windows Imaging Component
      Windows Internet Explorer 7
      Windows XP Service Pack 3
      WIRELESS
      XP TCP/IP Repair 1.0
      Yahoo! Install Manager
      Yahoo! Login
      Yahoo! Messenger
      Yahoo! Messenger Explorer Bar
      Yahoo! Toolbar

      C/qoobox folder also contains backenv folder and quarantine folder. It also has two files named snapshot@2008-12.06.19.25.08.29.dat and [email]snapshot@2008-12-06_19.25.08.29_B.dat[/email]. Couldn't open those files so couldn't paste them for you.
    10. edited December 2008
      Hello,

      Did you, or someone you know set this proxy server:
      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 168.94.74.68:8080

      168.94.74.68 belongs to Best Buy Co., Inc.

      If you do not know how that proxy server was set on your computer, remove it using HijackThis:

      Remove bad HijackThis entriy
      • Run HijackThis
      • Click on the Scan button
      • Put a check beside the items listed below (if present):

        R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 168.94.74.68:8080 <<only delete this if you do not know it's origin

      • Close all open windows and browsers/email, etc...
      • Click on the "Fix Checked" button
      • When completed, close the application.


      Registry Cleaners

      I notice the presence of Glary Registry Repair 2.9 Registry Cleaner on your pc.

      I don't personally recommend the use of ANY registry cleaners.
      Here is an excerpt from a discussion on regcleaners
      Most reg cleaners aren't "bad" as such, but they aren't perfect and even the best have been known to cause problems.
      The point we are trying to make is that the risk of using one far outweighs any benefit.
      If it does work perfectly you will not see any difference
      If it doesn't work properly you may end up with an expensive doorstop.
      http://forums.whatthetech.com/Regcleaner_t42862.html


      Please go to Kaspersky website and perform an online antivirus scan.
      1. Read through the requirements and privacy statement and click on Accept button.
      2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
      3. When the downloads have finished, click on Settings.
      4. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
          Spyware, Adware, Dialers, and other potentially dangerous programs
          Archives
          Mail databases
        [*]Click on My Computer under Scan.
        [*]Once the scan is complete, it will display the results. Click on View Scan Report.
        [*]You will see a list of infected items there. Click on Save Report As....
        [*]Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
        [*]Please post this log in your next reply along with a fresh HijackThis log and a description of how your computer is behaving.
      5. chipatkinsonchipatkinson San Antonio Texas
        edited December 2008
        Thanks for the help Carolyn! I deleted the proxy server entry and unistalled the Glary Registry Repair. The computer seems to run at normal speed; however, I still have the original problem. I can't access sites like yahoo mail, usaa.com, myfamily.com but can access this site and many others. Not sure why I can't access the other sites.

        I've posted a new HJT log and the Kaspersky log below. I appreciate any suggestions you have.

        Thanks!
        Chip
        Logfile of Trend Micro HijackThis v2.0.2
        Scan saved at 10:22:15 PM, on 12/10/2008
        Platform: Windows XP SP3 (WinNT 5.01.2600)
        MSIE: Internet Explorer v7.00 (7.00.6000.16735)
        Boot mode: Normal

        Running processes:
        C:\WINDOWS\System32\smss.exe
        C:\WINDOWS\system32\winlogon.exe
        C:\WINDOWS\system32\services.exe
        C:\WINDOWS\system32\lsass.exe
        C:\Program Files\Webroot\Spy Sweeper\WRConsumerService.exe
        C:\WINDOWS\system32\svchost.exe
        C:\WINDOWS\System32\svchost.exe
        C:\WINDOWS\Explorer.EXE
        C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
        C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
        C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
        C:\WINDOWS\system32\spoolsv.exe
        C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
        C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
        C:\Program Files\Symantec AntiVirus\DefWatch.exe
        C:\folding\FAH502-Console.exe
        C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
        C:\WINDOWS\System32\svchost.exe
        C:\Program Files\Symantec AntiVirus\Rtvscan.exe
        C:\Program Files\Cisco Systems\Secure Desktop\Storage.exe
        C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
        C:\WINDOWS\system32\wscntfy.exe
        C:\PROGRA~1\SYMANT~1\VPTray.exe
        C:\Program Files\MEDIC\bin\sprtcmd.exe
        C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe
        C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
        C:\Program Files\iTunes\iTunesHelper.exe
        C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
        C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
        C:\WINDOWS\system32\ctfmon.exe
        C:\PROGRA~1\Nero\data\Xtras\mssysmgr.exe
        C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
        C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
        C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
        C:\WINDOWS\System32\svchost.exe
        C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
        C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
        C:\Program Files\iPod\bin\iPodService.exe
        C:\folding\FahCore_81.exe
        C:\Program Files\internet explorer\iexplore.exe
        C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

        R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace.com/
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://rd.yahoo.com/customize/sbcydsl/defaults/su/*http://www.yahoo.com
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://rd.yahoo.com/customize/sbcydsl/defaults/sb/*http://www.yahoo.com/search/ie.html
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://rd.yahoo.com/customize/sbcydsl/defaults/sp/*http://www.yahoo.com
        R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
        R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://rd.yahoo.com/customize/sbcydsl/defaults/su/*http://www.yahoo.com
        R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\Companion\Installs\cpn0\yt.dll
        O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Common\Companion\Installs\cpn0\yt.dll
        O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
        O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
        O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
        O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\Companion\Installs\cpn0\yt.dll
        O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
        O4 - HKLM\..\Run: [vptray] "C:\PROGRA~1\SYMANT~1\VPTray.exe"
        O4 - HKLM\..\Run: [MEDIC] "C:\Program Files\MEDIC\bin\sprtcmd.exe" /P MEDIC
        O4 - HKLM\..\Run: [NeroFilterCheck] "C:\WINDOWS\system32\NeroCheck.exe"
        O4 - HKLM\..\Run: [TrueImageMonitor.exe] "C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe"
        O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
        O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
        O4 - HKLM\..\Run: [UserFaultCheck] "C:\WINDOWS\system32\dumprep.exe" 0 -u
        O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
        O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
        O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
        O4 - HKLM\..\Run: [KernelFaultCheck] "C:\WINDOWS\system32\dumprep.exe" 0 -k
        O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
        O4 - HKCU\..\Run: [ctfmon.exe] "C:\WINDOWS\system32\ctfmon.exe"
        O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] "C:\PROGRA~1\Nero\data\Xtras\mssysmgr.exe"
        O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
        O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
        O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon
        O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
        O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
        O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
        O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
        O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
        O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
        O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
        O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
        O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
        O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
        O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
        O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
        O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
        O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
        O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
        O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
        O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
        O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
        O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
        O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
        O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
        O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
        O16 - DPF: Yahoo! Canasta - http://download2.games.yahoo.com/games/clients/y/yt2_x.cab
        O16 - DPF: Yahoo! Spades - http://download2.games.yahoo.com/games/clients/y/st3_x.cab
        O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://supportcenter.rr.com/sdccommon/download/tgctlcm.cab
        O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
        O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmart.com/WalmartActivia.cab
        O16 - DPF: {639658F3-B141-4D6B-B936-226F75A5EAC3} (CPlayFirstDinerDash2Control Object) - http://www.shockwave.com/content/dinerdash2/sis/DinerDash2.1.0.0.67.cab
        O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?978394753296
        O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD44/JSCDL/jdk/6u7/jinstall-6u7-windows-i586-jc.cab?e=1222451974064&h=3cb26dcda6e0fe92fe8da7c09b885a0f/&filename=jinstall-6u7-windows-i586-jc.cab
        O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
        O16 - DPF: {BAE1D8DF-0B35-47E3-A1E7-EEB3FF2ECD19} (CPlayFirstddfotgControl Object) - http://www.shockwave.com/content/dinerdashfloonthego/sis/ddfotg.1.0.0.33.cab
        O16 - DPF: {E7D2588A-7FB5-47DC-8830-832605661009} (Live Collaboration) - https://livewc02.custhelp.com/7560-b440h-turbotax__promote/rnl/java/RntX.cab
        O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
        O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
        O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
        O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
        O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
        O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
        O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
        O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
        O23 - Service: [email]FAH@C:+folding+FAH502-Console.exe[/email] - Stanford University - C:\folding\FAH502-Console.exe
        O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
        O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
        O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
        O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
        O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
        O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
        O23 - Service: Cisco Systems Secure Desktop (TwingoStorageService) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\Secure Desktop\Storage.exe
        O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. (www.webroot.com) - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
        O23 - Service: Webroot Client Service (WRConsumerService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRConsumerService.exe

        --
        End of file - 12003 bytes


        KASPERSKY ONLINE SCANNER 7 REPORT
        Wednesday, December 10, 2008
        Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
        Kaspersky Online Scanner 7 version: 7.0.25.0
        Program database last update: Wednesday, December 10, 2008 22:20:53
        Records in database: 1450451

        Scan settings:
        Scan using the following database: extended
        Scan archives: yes
        Scan mail databases: yes

        Scan area - My Computer:
        A:\
        C:\
        D:\
        E:\
        F:\
        G:\
        H:\
        I:\
        J:\

        Scan statistics:
        Files scanned: 61377
        Threat name: 29
        Infected objects: 52
        Suspicious objects: 8
        Duration of the scan: 01:17:45


        File name / Threat name / Threats count
        C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07980000.VBN Infected: Trojan-Downloader.SWF.Gida.a 1
        C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08F00000.VBN Infected: Trojan-Downloader.JS.Agent.kd 1
        C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08FC0000.VBN Infected: Trojan-Downloader.JS.Small.eo 1
        C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08FC0001.VBN Infected: Trojan-Downloader.JS.Psyme.dy 1
        C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08FC0002.VBN Infected: Trojan-Downloader.JS.Small.eo 1
        C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08FC0003.VBN Infected: Trojan-Downloader.JS.Small.eo 1
        C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08FC0004.VBN Infected: Trojan-Downloader.JS.Psyme.dy 1
        C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08FC0005.VBN Infected: Trojan-Downloader.JS.Small.eo 1
        C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09140000.VBN Infected: Trojan.Win32.Patched.dy 1
        C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09E80000.VBN Infected: Backdoor.Win32.UltimateDefender.gen 1
        C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09E80001.VBN Infected: Backdoor.Win32.Agent.rfv 1
        C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09E80002.VBN Infected: Trojan-Downloader.Win32.FraudLoad.vbxt 1
        C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09E80003.VBN Infected: Trojan-Downloader.Win32.FraudLoad.vbxt 1
        C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09E80004.VBN Infected: Backdoor.Win32.Agent.roc 1
        C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09E80005.VBN Infected: Backdoor.Win32.Agent.rfw 1
        C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A040000.VBN Infected: Backdoor.Win32.UltimateDefender.gen 1
        C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A040001.VBN Infected: Backdoor.Win32.Agent.rfv 1
        C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A040002.VBN Infected: Trojan-Downloader.Win32.FraudLoad.vbxt 1
        C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A040003.VBN Infected: Backdoor.Win32.Agent.roc 1
        C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A040004.VBN Infected: Backdoor.Win32.Agent.rfw 1
        C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A280000.VBN Suspicious: Password-protected-EXE 1
        C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A2C0000.VBN Infected: Trojan.Win32.Pakes.lka 1
        C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A2C0001.VBN Infected: Trojan.Win32.Pakes.lka 1
        C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0ACC0000.VBN Infected: Trojan.Win32.Pakes.lka 1
        C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0ACC0002.VBN Infected: Trojan.Win32.Pakes.lka 1
        C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0ACC0003.VBN Infected: Trojan.Win32.Pakes.lka 1
        C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0AF00000.VBN Infected: Trojan-Downloader.SWF.Gida.a 1
        C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0AF80000.VBN Infected: Trojan-Downloader.Win32.Agent.ajmq 1
        C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0AF80001.VBN Infected: Trojan-Downloader.Win32.Agent.ajmq 1
        C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D240000.VBN Infected: Rootkit.Win32.Clbd.kf 1
        C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D240001.VBN Infected: Rootkit.Win32.Clbd.kf 1
        C:\Documents and Settings\Charles\Application Data\Sun\Java\Deployment\cache\6.0\27\3aaec1db-65f42af2 Infected: Trojan-Downloader.Java.OpenConnection.aj 2
        C:\Documents and Settings\Charles\Application Data\Sun\Java\Deployment\cache\6.0\27\3aaec1db-65f42af2 Infected: Exploit.Java.ByteVerify 2
        C:\Documents and Settings\Charles\Application Data\Sun\Java\Deployment\cache\6.0\63\36b2e4bf-3910a3da Infected: Trojan-Downloader.Java.OpenStream.c 1
        C:\Documents and Settings\Charles\Application Data\Sun\Java\Deployment\cache\6.0\63\36b2e4bf-3910a3da Infected: Trojan.Java.ClassLoader.h 1
        C:\Documents and Settings\Charles\Application Data\Sun\Java\Deployment\cache\6.0\63\36b2e4bf-3910a3da Infected: Trojan.Java.ClassLoader.d 1
        C:\Documents and Settings\Charles\Local Settings\Application Data\Identities\{33233FAC-3899-45FA-9E88-C74F4E19CEF4}\Microsoft\Outlook Express\Deleted Items.dbx Suspicious: Trojan-Spy.HTML.Fraud.gen 1
        C:\Documents and Settings\Charles\Local Settings\Application Data\Identities\{33233FAC-3899-45FA-9E88-C74F4E19CEF4}\Microsoft\Outlook Express\Sent Items.dbx Suspicious: Trojan-Spy.HTML.Fraud.gen 1
        C:\Documents and Settings\Charles\Local Settings\Application Data\Identities\{5D55C9E8-C7AD-49FF-A592-8C37DE838436}\Microsoft\Outlook Express\Sent Items.dbx Suspicious: Trojan-Spy.HTML.Fraud.gen 1
        C:\Documents and Settings\Charles\Local Settings\Application Data\Identities\{A6E54DDC-A8F5-40A7-BE48-62DFE7534E6A}\Microsoft\Outlook Express\Deleted Items.dbx Suspicious: Exploit.HTML.Iframe.FileDownload 1
        C:\Documents and Settings\Charles\Local Settings\Application Data\Identities\{A6E54DDC-A8F5-40A7-BE48-62DFE7534E6A}\Microsoft\Outlook Express\Deleted Items.dbx Infected: Email-Worm.Win32.Klez.h 1
        C:\Documents and Settings\Charles\Local Settings\Application Data\Identities\{A6E54DDC-A8F5-40A7-BE48-62DFE7534E6A}\Microsoft\Outlook Express\Deleted Items.dbx Infected: Email-Worm.Win32.Magistr.b 1
        C:\Documents and Settings\Charles\Local Settings\Application Data\Identities\{A6E54DDC-A8F5-40A7-BE48-62DFE7534E6A}\Microsoft\Outlook Express\Deleted Items.dbx Infected: Email-Worm.Win32.Mabutu.a 1
        C:\Documents and Settings\Charles\Local Settings\Application Data\Identities\{A6E54DDC-A8F5-40A7-BE48-62DFE7534E6A}\Microsoft\Outlook Express\Deleted Items.dbx Infected: Trojan-Spy.HTML.Fiffraud.m 1
        C:\Documents and Settings\Charles\Local Settings\Application Data\Identities\{A6E54DDC-A8F5-40A7-BE48-62DFE7534E6A}\Microsoft\Outlook Express\Inbox.dbx Suspicious: Exploit.HTML.Iframe.FileDownload 1
        C:\Documents and Settings\Charles\Local Settings\Application Data\Identities\{A6E54DDC-A8F5-40A7-BE48-62DFE7534E6A}\Microsoft\Outlook Express\Inbox.dbx Infected: Email-Worm.Win32.Tanatos.a 1
        C:\Documents and Settings\Charles\Local Settings\Application Data\Identities\{A6E54DDC-A8F5-40A7-BE48-62DFE7534E6A}\Microsoft\Outlook Express\Inbox.dbx Infected: Email-Worm.Win32.Bagle.g 1
        C:\Documents and Settings\Charles\Local Settings\Application Data\Identities\{A6E54DDC-A8F5-40A7-BE48-62DFE7534E6A}\Microsoft\Outlook Express\Inbox.dbx Infected: Net-Worm.Win32.Mytob.bj 1
        C:\Documents and Settings\Charles\Local Settings\Application Data\Identities\{B2F316C9-BC69-4B28-9E03-187738460796}\Microsoft\Outlook Express\Deleted Items.dbx Suspicious: Exploit.HTML.Iframe.FileDownload 1
        C:\Documents and Settings\Charles\Local Settings\Application Data\Identities\{B2F316C9-BC69-4B28-9E03-187738460796}\Microsoft\Outlook Express\Deleted Items.dbx Infected: Email-Worm.Win32.Klez.h 1
        C:\Documents and Settings\Charles\Local Settings\Application Data\Identities\{B2F316C9-BC69-4B28-9E03-187738460796}\Microsoft\Outlook Express\Deleted Items.dbx Infected: Email-Worm.Win32.Magistr.b 1
        C:\Documents and Settings\Charles\Local Settings\Application Data\Identities\{B2F316C9-BC69-4B28-9E03-187738460796}\Microsoft\Outlook Express\Deleted Items.dbx Infected: Email-Worm.Win32.Mabutu.a 1
        C:\Documents and Settings\Charles\Local Settings\Application Data\Identities\{B2F316C9-BC69-4B28-9E03-187738460796}\Microsoft\Outlook Express\Deleted Items.dbx Infected: Email-Worm.Win32.Warezov.eu 1
        C:\Documents and Settings\Charles\Local Settings\Application Data\Identities\{B2F316C9-BC69-4B28-9E03-187738460796}\Microsoft\Outlook Express\Inbox.dbx Suspicious: Exploit.HTML.Iframe.FileDownload 1
        C:\Documents and Settings\Charles\Local Settings\Application Data\Identities\{B2F316C9-BC69-4B28-9E03-187738460796}\Microsoft\Outlook Express\Inbox.dbx Infected: Email-Worm.Win32.Tanatos.a 1
        C:\Documents and Settings\Charles\Local Settings\Application Data\Identities\{B2F316C9-BC69-4B28-9E03-187738460796}\Microsoft\Outlook Express\Inbox.dbx Infected: Email-Worm.Win32.Bagle.g 1
        C:\Documents and Settings\Charles\Local Settings\Application Data\Identities\{B2F316C9-BC69-4B28-9E03-187738460796}\Microsoft\Outlook Express\Inbox.dbx Infected: Net-Worm.Win32.Mytob.bj 1
        C:\Documents and Settings\Charles\Local Settings\Application Data\Identities\{B2F316C9-BC69-4B28-9E03-187738460796}\Microsoft\Outlook Express\Inbox.dbx Infected: Email-Worm.Win32.Warezov.eu 1

        The selected area was scanned.
      6. edited December 2008
        Hello,

        Empty Symantec Quarantine Files

        Open the Symantec Control Panel

        Click View | Quarantine.

        Select the file or group of files.

        Do one of the following:
          *Right click the file and choose
        Delete Permanently
        *Click the X Delete button.

        Click Start Delete


        CLEAN JAVA CACHE FOLDER
        Please follow these instructions carefully to clean java cache:
        how to clean java cache


        The Kaspersky log indicates that there are quite a few infected emails in Outlook Express.

        Go to the "Sent Items" folder. Delete any emails that you do not absolutely need to keep. Next do the same for the "Inbox" folder.

        Lastly, please empty your "Deleted Items" folder. To do this right click on the Deleted Items folder and click "Empty 'Deleted Items' Folder".

        Having removed all your unwanted Emails completely it is now wise to Compact all your remaining Emails. Compacting makes the size of the folders smaller by compacting the files contained within them. All the Emails are still readable and still intact just smaller.

        To do this click from the top toolbar File / Folder / Compact All Folders


        Reboot your computer, then try those problem web sites again.

        If you are still unable to get to those sites with Internet Explorer, let's see if you can reach those problem web sites with an alternate browser:

        Please download and install FireFox.

        Try to access those web sites using FireFox. Let me know what happens.
      7. chipatkinsonchipatkinson San Antonio Texas
        edited December 2008
        Thanks again Carolyn for your help!

        I emptied the quarantine files, cleaned the java cache, deleted all the outlook express identities kapersky scan indicated contained infected or suspicious files, and rebooted the computer. I still had the same problem.

        I downloaded firefox and I can access all sites with that browser.

        I opened IE 7 again and did the following in sequence (testing for site access after each step) deleted browsing history, reset security settings, ran IE in "no add on" mode, and reset internet explorer setting using the tools/internet options/advance tab. None of this solved the problem. Still get the internet explorer can't access this webpage when trying to access yahoo mail, usaa.com, or myfamily.com.

        Suggestions???
      8. edited December 2008
        Go to Internet Options and select the Privacy tab.

        Click on Sites.

        Scroll through the Managed Websites. If any of the problem sites are listed and the setting for that site is Always Block, click on the site name once to highlight it, then click Remove.

        Next, in the Address of website window, type the site names in one by one and blick Allow.

        When done, click Okay to close the Sites window, and click Okay again to close the Internet Options window.

        Close Internet Explorer, then open it again.

        Let me know if you are now able to access those sites using IE.
      9. chipatkinsonchipatkinson San Antonio Texas
        edited December 2008
        Thanks Carolyn. I didn't have any sites listed as blocked in the privacy tab. I typed the addresses for the three sites into the window and clicked allow. Closed and opened the browser, but still get the same message and can't access the sites.
      10. edited December 2008
        One more thing to try...

        Close all web browser windows.

        Open SpywareBlaster and Click on the "Disable All Protection" link under Quick Tasks, then exit the program.

        Give Internet Explorer a try, see if you can get to those web sites now.
      11. chipatkinsonchipatkinson San Antonio Texas
        edited December 2008
        Thanks Carolyn. I disabled all protection for Spywareblaster but that didn't allow me to access the sites with IE.
      12. edited December 2008
        Well, I am at a loss as to what is preventing Internet Explorer from accessing those web sites. I can tell you that it is not malware related.

        For continued assistance, I recommend that you post in one of the General Computer Troubleshooting Forums below:

        http://forums.whatthetech.com/forums.html
        http://www.techguy.org/
        http://www.bleepingcomputer.com/forums/


        This is my general post for when your logs show no signs of malware ;)-

        Protection Programs
        Don't forget to re-enable any protection programs we disabled during your fix.

        General Security and Computer Health
        Below are some steps to follow in order to dramatically lower the chances of reinfection. You may have already implemented some of the steps below, however you should follow any steps that you have not already implemented.

        • Clear Infected System Restore Points
          • Turn System Restore off
          • On the Desktop, right click on the My Computer icon.
          • Click Properties.
          • Click the System Restore tab.
          • Check Turn off System Restore.
          • Click Apply, and then click OK.
            Restart your computer
          • Turn System Restore on
          • On the Desktop, right click on the My Computer icon.
          • Click Properties.
          • Click the System Restore tab.
          • Uncheck *Turn off System Restore*.
          • Click Apply, and then click OK.
          Note: only do this once,and not on a regular basis
        • Set correct settings for files
          • Click Start > My Computer > Tools menu (at top of page) > Folder Options > View tab.
          • Under Hidden files and folders if necessary select Do not show hidden files and folders.
          • If unchecked please check Hide protected operating system files (Recommended)
          • If necessary check Display content of system folders
          • If necessary Uncheck Hide file extensions for known file types.
          • Click OK

        • Make sure that you keep your antivirus updated
          New viruses come out every minute, so it is essential that you have the latest signatures for your antivirus program to provide you with the best possible protection from malicious software.
          Note: You should only have one antivirus installed at a time. Having more than one antivirus program installed at once is likely to cause conflicts and may well decrease your overall protection as well as impairing the performance of your PC.
        • Security Updates for Windows, Internet Explorer & Microsoft Office
          Whenever a security problem in its software is found, Microsoft will usually create a patch so that after the patch is installed, attackers can't use the vulnerability to install malicious software on your PC. Keeping up with these patches will help to prevent malicious software being installed on your PC. Ensure you are registered for Windows updates via Start > right-click on My Computer > Properties > Automatic Updates tab or visit the Microsoft Update site on a regular basis.
          Note: The update process uses ActiveX, so you will need to use internet explorer for it and allow the ActiveX control to install.
        • Update Non-Microsoft Programs
          Microsoft isn't the only company whose products can contain security vulnerabilities. To check whether other programs running on your PC are in need of an update, you can use the Secunia Software Inspector - I suggest that you run it at least once a month.
        • Make Internet Explorer More Secure
          You are using Internet Explorer v. 7. Therefore please read and follow the recommendations at this SITE



        Recommended Programs

        I would recommend the download and installation of some or all of the following programs (if not already present), and the updating of them on a regular basis.

        • WinPatrol
          As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge. For more information, please visit HERE.
        • SpywareBlaster
          SpywareBlaster sets killbits in the registry to prevent known malicious ActiveX controls from installing on your computer. If you don't know what ActiveX controls are, see HERE. You can download SpywareBlaster from HERE.
        • Malwarebytes' Anti-Malware or SuperAntiSpyware
          These are anti-malware applications that can thoroughly remove even the most advanced malware. They include a number of features, including a built in protection monitor that blocks malicious processes before they even start.
          You can download Malwarebytes' Anti-Malware from HERE. You can find a tutorial HERE.
          You can download SuperAntiSpyware from HERE.
        • Hosts File
          For added protection you may also like to add a host file. A simple explanation of what a Hosts file does is HERE and for more information regarding host files read HERE.

          Be sure to disable the service "DNS Client" FIRST to allow the use of large HOSTS files without slowdowns.
          If this isn't done first, the next reboot may take a VERY LONG TIME.
          This is how to do it. First be sure you are signed in as a user with administrative privileges:
          Stop and Disable the DNS Client Service
          Go to Start, Run and type Services.msc and click OK.
          Under the Extended Tab, Scroll down and find this service.
          DNS Client
          Right-Click on the DNS Client Service. Choose Properties
          Select the General tab. Click on the Stop button.
          Click the Arrow-down tab on the right-hand side at the Start-up Type box.
          From the drop-down menu, click on Manual
          Click the Apply tab, then click OK
        • Use an alternative Internet Browser
          Many of the exploits are directed to users of Internet Explorer. Try using a different browser instead:
          Firefox
          Opera



        Finally I am trying to make one point very clear. It is absolutely essential to keep all of your security programs up to date.

        Also please read this great article by Tony Klein So How Did I Get Infected In First Place

        I'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can be closed.
      13. chipatkinsonchipatkinson San Antonio Texas
        edited December 2008
        Thanks for trying to fix my problem Carolyn. I'll post in one of the sites you recommended.
      14. TroganTrogan London, UK
        edited December 2008
        Glad we could be of assistance! The help you received here was free.

        This topic is now closed. If you wish it reopened, please send a Private Message to Trogan with a link to your thread.

        If you are not the user who started this thread, you must start your own Thread instead (grin)
      Sign In or Register to comment.