I have had a flood of popup adds.
SB finds
burstmedia
casalemedia
directtrack
doubleclick
fastclick
mediaplex
statcounter
but when i restart the computer most of them reload. I updated SB and i have to run an 14-18 min scan every time to delete the cookies listed above.
is-B2KV6.exe keeps trying to install and i'm having problems with CTF Loader and TeaTimer errors at shut down. any help will be help full.
Allen

Hi gatorsaver

Click here (http://www.trendsecure.com/portal/en-US/threat_analytics/HJTInstall.exe) to download HJTInstall.exe
Save HJTInstall.exe to your desktop.
Doubleclick on the HJTInstall.exe icon on your desktop.
By default it will install to C:\Program Files\Trend Micro\HijackThis .
Click on Install.
It will create a HijackThis icon on the desktop.
Once installed, it will launch Hijackthis.
Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
Come back here to this thread and Paste the log in your next reply.
DO NOT use the AnalyseThis button, its findings are dangerous if misinterpreted.
DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:03:13 AM, on 11/6/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\arservice.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE
C:\PROGRA~1\RETROS~1\RETROS~1.0\retrorun.exe
C:\Program Files\RentRight4\RentRight_Login_Server.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Nortel Networks\TunnelGuard\CueAgent_srv.exe
C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\ARPWRMSG.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\WDBtnMgr.exe
C:\PROGRA~1\RETROS~1\RETROS~1.0\RetroExpress.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\GEICO\GSG\DsaTray.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files\Nortel Networks\TunnelGuard\platforms\win32\TGIconApp.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\GEICO\GSG\DsaServ.exe
C:\WINDOWS\RTHDCPL.EXE
c:\windows\system\hpsysdrv.exe
C:\Program Files\Intuit\QuickBooks 2007\qbw32.exe
C:\Program Files\Common Files\Intuit\QuickBooks\axlbridge.exe
C:\PROGRA~1\Intuit\QUICKB~1\QBDBMgr.exe
C:\Program Files\Intuit\QuickBooks 2007\QBGDSPlugin.exe
C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
O4 - HKLM\..\Run: [RetroExpress] C:\PROGRA~1\RETROS~1\RETROS~1.0\RetroExpress.exe /h
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [GEICOSecurityGuard] C:\Program Files\GEICO\GSG\DsaTray.exe /logon
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\RunOnce: [*SPRTRA] rundll32.exe "C:\PROGRA~1\COMMON~1\SYMANT~1\SUPPOR~1\tgctlcm.dll",JoinBackIssue
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: TunnelGuard Tray Monitor.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/FacebookPhotoUploader5.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmart.com/WalmartActivia.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1186419805875
O16 - DPF: {6F750202-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://adobe.kodakgallery.com/downloads/BUM/BUM_WIN_IE_2/axofupld.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - http://upload.facebook.com/controls/FacebookPhotoUploader4_5.cab
O16 - DPF: {F137B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin Class) - http://cvs.pnimedia.com/upload/activex/v2_0_0_10/PCAXSetupv2.0.0.10.cab?
O18 - Protocol: x-owacid - {0215258F-F0A8-49DE-BF1B-0FF02EDA8807} - C:\Program Files\Microsoft\Outlook Web Access SMIME Client\mimectl.dll
O20 - Winlogon Notify: __c0011A40 - C:\WINDOWS\system32\__c0011A40.dat
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: GEICO Security Guard (DsaServ) - GEICO - C:\Program Files\GEICO\GSG\DsaServ.exe
O23 - Service: Intel® Quick Resume Technology Drivers (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: Retrospect Express HD Helper (RetroExp Helper) - EMC Corporation - C:\PROGRA~1\RETROS~1\RETROS~1.0\rthlpsvc.exe
O23 - Service: Retrospect Express HD Launcher (RetroExpLauncher) - EMC Corporation - C:\PROGRA~1\RETROS~1\RETROS~1.0\retrorun.exe
O23 - Service: RentRight Login Server Service (RrLS) - Unknown owner - C:\Program Files\RentRight4\RentRight_Login_Server.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe
O23 - Service: Nortel Networks TunnelGuard (tunnelguardservice) - Alexandria Software Consulting - C:\Program Files\Nortel Networks\TunnelGuard\CueAgent_srv.exe

--
End of file - 13945 bytes

I also have IE7 with a runonce that i can not get rid of.

That is likely due to TeaTimer.

Download ComboFix from one of these locations:

Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link 2 (http://www.forospyware.com/sUBs/ComboFix.exe)
Link 3 (http://subs.geekstogo.com/ComboFix.exe)

* IMPORTANT !!! Save ComboFix.exe to your Desktop


Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

We need first to disable TeaTimer that it doesn't interfere with fixes. You can re-enable it when you're clean again:

1. Run Spybot-S&D in Advanced Mode.
2. If it is not already set to do this Go to the Mode menu select "Advanced Mode"
3. On the left hand side, Click on Tools
4. Then click on the Resident Icon in the List
5. Uncheck "Resident TeaTimer" and OK any prompts.
6. Restart your computer.


Double click on ComboFix.exe & follow the prompts.


As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.


Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.



http://img.photobucket.com/albums/v706/ried7/RcAuto1.gif


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

http://img.photobucket.com/albums/v706/ried7/whatnext.png


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply along with a fresh HijackThis log.

ComboFix 08-11-05.02 - HP_Administrator 2008-11-06 10:47:57.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1403 [GMT -5:00]
Running from: c:\documents and settings\HP_Administrator\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\moffice.lnk
c:\windows\system32\__c0011A40.dat
c:\windows\system32\__c003E403.dat
c:\windows\system32\__c00F22F1.dat
c:\windows\system32\~.exe
C:\xcrashdump.dat

.
((((((((((((((((((((((((( Files Created from 2008-10-06 to 2008-11-06 )))))))))))))))))))))))))))))))
.

2008-10-26 18:29 . 2008-10-26 21:19 <DIR> d-------- c:\program files\RogueRemover FREE
2008-10-23 14:49 . 2008-10-15 11:34 337,408 --------- c:\windows\system32\dllcache\netapi32.dll
2008-10-15 21:44 . 2008-09-08 05:41 333,824 --------- c:\windows\system32\dllcache\srv.sys
2008-10-15 21:43 . 2008-09-15 07:12 1,846,400 --------- c:\windows\system32\dllcache\win32k.sys
2008-10-15 21:42 . 2008-08-14 05:11 2,189,184 --------- c:\windows\system32\dllcache\ntoskrnl.exe
2008-10-15 21:42 . 2008-08-14 05:09 2,145,280 --------- c:\windows\system32\dllcache\ntkrnlmp.exe
2008-10-15 21:42 . 2008-08-14 04:33 2,066,048 --------- c:\windows\system32\dllcache\ntkrnlpa.exe
2008-10-15 21:42 . 2008-08-14 04:33 2,023,936 --------- c:\windows\system32\dllcache\ntkrpamp.exe
2008-10-10 21:44 . 2008-10-10 21:44 <DIR> d-------- c:\documents and settings\HP_Administrator\HODObjs
2008-10-10 21:40 . 2008-10-10 21:40 <DIR> d-------- c:\documents and settings\HP_Administrator\HODCChod10
2008-10-10 09:37 . 2008-10-10 09:37 <DIR> d-------- c:\documents and settings\All Users\Application Data\GEICO
2008-10-10 09:30 . 2008-10-10 09:30 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2008-10-10 09:24 . 2008-11-04 23:46 <DIR> d-------- c:\program files\Nortel Networks
2008-10-06 16:18 . 2008-10-06 16:18 <DIR> d-------- c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-06 15:59 --------- d-----w c:\documents and settings\All Users\Application Data\RetroExp
2008-11-06 15:46 --------- d-----w c:\program files\Common Files\Symantec Shared
2008-11-05 21:43 --------- d-----w c:\documents and settings\All Users\Application Data\Symantec
2008-11-05 19:28 --------- d-----w c:\documents and settings\HP_Administrator\Application Data\Symantec
2008-11-05 18:24 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
2008-11-05 02:44 --------- d-----w c:\program files\RentRight4
2008-10-26 15:02 --------- d-----w c:\program files\Spybot - Search & Destroy
2008-10-16 18:15 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2008-10-10 14:24 --------- d--h--w c:\program files\InstallShield Installation Information
2008-10-08 13:18 --------- d-----w c:\program files\Norton 360
2008-09-25 01:54 56,912 ----a-w c:\documents and settings\HP_Administrator\g2mdlhlpx.exe
2008-09-25 00:35 5,470,219 ----a-w c:\program files\holiday_road.flv
2008-09-23 21:48 8,563 ----a-w c:\program files\gsak.ini
2008-09-23 21:48 607 ----a-w c:\program files\GSAK.DBF
2008-09-23 21:48 40 ----a-w c:\program files\dbfindex.bif
2008-09-23 21:48 3,072 ----a-w c:\program files\GSAK.NSX
2008-09-23 21:48 159,877 ----a-w c:\program files\gsak.elf
2008-09-23 21:48 15,224 ----a-w c:\program files\GSAK.SMT
2008-09-23 20:57 --------- d-----w c:\program files\temp
2008-09-23 20:51 --------- d-----w c:\program files\data
2008-09-23 19:59 --------- d-----w c:\program files\Garmin GPS Plugin
2008-09-23 19:59 --------- d-----w c:\documents and settings\HP_Administrator\Application Data\GARMIN
2008-09-23 14:26 9 ----a-w c:\program files\GsakData.txt
2008-09-23 14:26 19 ----a-w c:\program files\GSAKValid.txt
2008-09-23 14:26 --------- d-----w c:\program files\Backup
2008-09-23 14:10 68 ----a-w c:\program files\BABEL.BAT
2008-09-23 14:10 0 ----a-w c:\program files\data.txt
2008-09-23 13:20 --------- d-----w c:\documents and settings\HP_Administrator\Application Data\EurekaLog
2008-09-22 21:32 5,120 ----a-w c:\program files\POST.NSX
2008-09-22 21:32 290 ----a-w c:\program files\MACROS.DBF
2008-09-22 21:32 226 ----a-w c:\program files\POST.DBF
2008-09-22 21:32 15,360 ----a-w c:\program files\MACROS.NSX
2008-09-22 21:32 12,409 ----a-w c:\program files\unins000.dat
2008-09-22 21:32 --------- d-----w c:\program files\UserImages
2008-09-22 21:32 --------- d-----w c:\program files\spell
2008-09-22 21:32 --------- d-----w c:\program files\Macros
2008-09-22 21:32 --------- d-----w c:\program files\locations
2008-09-22 21:32 --------- d-----w c:\program files\images
2008-09-22 21:32 --------- d-----w c:\program files\cmconvert
2008-09-22 21:32 --------- d-----w c:\program files\cm2gpx
2008-09-22 21:31 682,266 ----a-w c:\program files\unins000.exe
2008-09-17 14:35 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-09-17 12:51 15,083,520 ----a-w c:\program files\spybotsd160.exe
2008-09-16 13:13 --------- d-----w c:\program files\Java
2008-09-12 15:53 --------- d-----w c:\program files\MSECache
2008-09-08 10:41 333,824 ----a-w c:\windows\system32\drivers\srv.sys
2008-09-07 23:34 8,078,336 ----a-w c:\program files\gsak.exe
2008-09-07 23:34 10 ----a-w c:\program files\usbdrive.bin
2008-09-07 23:34 10 ----a-w c:\program files\crc32.bin
2008-09-07 14:02 --------- d-----w c:\program files\Trend Micro
2008-09-07 13:29 3,700,166 ----a-w c:\program files\GSAK.chm
2008-09-03 21:33 29,696 ----a-w c:\program files\static.db3
2008-06-25 15:44 407,010,384 ----a-w c:\program files\Microsoft Office trial.exe
2008-05-04 22:33 976,896 ----a-w c:\program files\gpsbabel.exe
2008-03-30 06:05 92,064 ------w c:\documents and settings\HP_Administrator\mqdmmdm.sys
2008-03-30 06:05 9,232 ------w c:\documents and settings\HP_Administrator\mqdmmdfl.sys
2008-03-30 06:05 79,328 ------w c:\documents and settings\HP_Administrator\mqdmserd.sys
2008-03-30 06:05 66,656 ------w c:\documents and settings\HP_Administrator\mqdmbus.sys
2008-03-30 06:05 6,208 ------w c:\documents and settings\HP_Administrator\mqdmcmnt.sys
2008-03-30 06:05 5,936 ------w c:\documents and settings\HP_Administrator\mqdmwhnt.sys
2008-03-30 06:05 4,048 ------w c:\documents and settings\HP_Administrator\mqdmcr.sys
2008-03-30 06:05 25,600 ------w c:\documents and settings\HP_Administrator\usbsermptxp.sys
2008-03-30 06:05 22,768 ------w c:\documents and settings\HP_Administrator\usbsermpt.sys
2008-03-23 02:36 219,517 ----a-w c:\program files\P2KCommander.4.9.D.zip
2008-02-07 11:29 314,368 ----a-w c:\program files\MacroEditor.exe
2007-12-18 15:19 3,460,820 ----a-w c:\program files\PIXresizer.zip
2007-12-01 20:03 673,496 ----a-w c:\program files\ict_usEN.exe
2007-12-01 10:41 9,728 ----a-w c:\program files\gsakactive.exe
2007-11-21 23:39 20,803,032 ----a-w c:\program files\Ebay Turbo Lister.exe
2007-10-01 00:40 1,514 ----a-w c:\program files\CACHE.HTM
2007-08-06 14:02 24,562,613 ----a-w c:\program files\install.exe
2007-02-14 00:18 727 ----a-w c:\program files\CacheDescr.htm
2007-01-07 16:43 143,360 ----a-w c:\program files\libexpat.dll
2006-09-10 14:26 48 ----a-w c:\program files\Children.htm
2006-07-08 19:36 273,408 ----a-w c:\program files\cweudf.dll
2006-07-05 16:36 672 ----a-w c:\program files\Lowrance.txt
2006-06-29 21:36 1 ----a-w c:\program files\nil.bin
2006-06-13 14:03 2,251 ----a-w c:\program files\Delorme.txt
2006-02-13 13:09 389 ----a-w c:\program files\PRINT.HTM
2005-11-30 16:37 883 ----a-w c:\program files\GSAK.STL
2005-08-07 21:24 1,212 ----a-w c:\program files\SearchDefault.txt
2005-02-03 20:34 18,349 ----a-w c:\program files\BabelGPL.txt
2004-11-23 12:00 374 ----a-w c:\program files\ToolDefault.txt
2004-11-16 13:51 402 ----a-w c:\program files\PRINTH.HTM
2004-11-15 16:31 248 ----a-w c:\program files\mmap.txt
2004-11-10 15:48 429 ----a-w c:\program files\CacheLogs.htm
2004-11-08 01:33 15 ----a-w c:\program files\MiniLogs.htm
2004-11-08 01:32 53 ----a-w c:\program files\LogActivity.htm
2004-11-08 01:30 95 ----a-w c:\program files\logs.htm
2004-06-11 12:43 288,040 ----a-w c:\program files\sample.gpx
2004-06-09 22:49 967 ----a-w c:\program files\babel.pif
2004-04-22 13:56 137,728 ----a-w c:\program files\oziapi.dll
2004-03-03 18:23 268 ----a-w c:\program files\ARC.STL
2004-01-12 13:54 1,812 ----a-w c:\program files\GARMIN.TXT
2004-01-11 04:07 416 ----a-w c:\program files\MAGELLAN.TXT
2004-01-06 21:18 40 ----a-w c:\program files\BLANK.HTM
2003-12-09 20:14 8 ----a-w c:\program files\LogDescr.htm
2003-11-02 14:18 65,024 ----a-w c:\program files\ssleay32.dll
2003-11-02 14:18 296,960 ----a-w c:\program files\libeay32.dll
2003-10-14 03:45 364 ----a-w c:\program files\hints.htm
.

((((((((((((((((((((((((((((( snapshot@2008-09-13_14.24.23.21 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-08-26 09:08:35 124,928 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\advpack.dll
+ 2008-08-26 09:08:36 347,136 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\dxtmsft.dll
+ 2008-08-26 09:08:36 214,528 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\dxtrans.dll
+ 2008-08-26 09:08:36 132,608 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\extmgr.dll
+ 2008-08-26 09:08:36 63,488 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\icardie.dll
+ 2008-08-25 08:43:21 70,656 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\ie4uinit.exe
+ 2008-08-26 09:08:36 153,088 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\ieakeng.dll
+ 2008-08-26 09:08:36 230,400 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\ieaksie.dll
+ 2008-08-23 05:54:50 161,792 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\ieakui.dll
+ 2007-04-17 09:28:12 2,455,488 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\ieapfltr.dat
+ 2008-08-26 09:08:36 380,928 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\ieapfltr.dll
+ 2008-08-26 09:08:37 388,608 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\iedkcs32.dll
+ 2008-10-03 17:26:50 6,068,224 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\ieframe.dll
+ 2008-08-26 09:08:39 44,544 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\iernonce.dll
+ 2008-08-26 09:08:39 267,776 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\iertutil.dll
+ 2008-08-25 08:43:21 13,824 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\ieudinit.exe
+ 2008-08-23 05:56:16 635,848 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\iexplore.exe
+ 2008-08-26 09:08:40 27,648 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\jsproxy.dll
+ 2008-08-26 09:08:40 459,264 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\msfeeds.dll
+ 2008-08-26 09:08:40 52,224 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\msfeedsbs.dll
+ 2008-08-26 09:08:43 3,594,752 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\mshtml.dll
+ 2008-08-26 09:08:43 477,696 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\mshtmled.dll
+ 2008-08-26 09:08:44 193,024 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\msrating.dll
+ 2008-08-26 09:08:44 671,232 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\mstime.dll
+ 2008-08-26 09:08:44 102,912 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\occache.dll
+ 2008-08-26 09:08:44 44,544 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\pngfilt.dll
+ 2008-08-26 09:08:44 105,984 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\url.dll
+ 2008-08-26 09:08:45 1,162,752 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\urlmon.dll
+ 2008-08-26 09:08:45 233,472 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\webcheck.dll
+ 2008-08-26 09:08:45 827,904 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\wininet.dll
+ 2007-03-06 01:22:34 14,048 ----a-w c:\windows\$hf_mig$\KB956390-IE7\spmsg.dll
+ 2007-03-06 01:22:40 213,216 ----a-w c:\windows\$hf_mig$\KB956390-IE7\spuninst.exe
+ 2007-03-06 01:22:32 22,752 ----a-w c:\windows\$hf_mig$\KB956390-IE7\update\spcustom.dll
+ 2007-03-06 01:23:00 716,000 ----a-w c:\windows\$hf_mig$\KB956390-IE7\update\update.exe
+ 2007-03-06 01:23:52 371,424 ----a-w c:\windows\$hf_mig$\KB956390-IE7\update\updspapi.dll
+ 2008-08-14 10:09:26 2,145,280 ------w c:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2008-08-14 09:33:16 2,066,048 ------w c:\windows\Driver Cache\i386\ntkrnlpa.exe
+ 2008-08-14 09:33:16 2,023,936 ------w c:\windows\Driver Cache\i386\ntkrpamp.exe
+ 2008-08-14 10:11:02 2,189,184 ------w c:\windows\Driver Cache\i386\ntoskrnl.exe
- 2005-10-21 00:02:28 163,328 ----a-w c:\windows\erdnt\Hiv-backup\ERDNT.EXE
+ 2005-10-21 01:02:28 163,328 ----a-w c:\windows\erdnt\Hiv-backup\ERDNT.EXE
+ 2008-06-23 16:57:27 124,928 -c----w c:\windows\ie7updates\KB956390-IE7\advpack.dll
+ 2008-06-23 16:57:27 347,136 -c----w c:\windows\ie7updates\KB956390-IE7\dxtmsft.dll
+ 2008-06-23 16:57:27 214,528 -c----w c:\windows\ie7updates\KB956390-IE7\dxtrans.dll
+ 2008-06-23 16:57:27 133,120 -c----w c:\windows\ie7updates\KB956390-IE7\extmgr.dll
+ 2008-06-23 16:57:28 63,488 -c----w c:\windows\ie7updates\KB956390-IE7\icardie.dll
+ 2008-06-23 09:20:25 70,656 -c----w c:\windows\ie7updates\KB956390-IE7\ie4uinit.exe
+ 2008-06-23 16:57:29 153,088 -c----w c:\windows\ie7updates\KB956390-IE7\ieakeng.dll
+ 2008-06-23 16:57:29 230,400 -c----w c:\windows\ie7updates\KB956390-IE7\ieaksie.dll
+ 2008-06-21 05:23:54 161,792 -c----w c:\windows\ie7updates\KB956390-IE7\ieakui.dll
+ 2008-06-23 16:57:29 383,488 -c----w c:\windows\ie7updates\KB956390-IE7\ieapfltr.dll
+ 2008-06-23 16:57:29 384,512 -c----w c:\windows\ie7updates\KB956390-IE7\iedkcs32.dll
+ 2008-06-23 16:57:33 6,066,176 -c----w c:\windows\ie7updates\KB956390-IE7\ieframe.dll
+ 2008-06-23 16:57:33 44,544 -c----w c:\windows\ie7updates\KB956390-IE7\iernonce.dll
+ 2008-06-23 16:57:34 267,776 -c----w c:\windows\ie7updates\KB956390-IE7\iertutil.dll
+ 2008-06-23 09:20:26 13,824 -c----w c:\windows\ie7updates\KB956390-IE7\ieudinit.exe
+ 2008-06-23 09:20:52 625,664 -c----w c:\windows\ie7updates\KB956390-IE7\iexplore.exe
+ 2008-06-23 16:57:35 27,648 -c----w c:\windows\ie7updates\KB956390-IE7\jsproxy.dll
+ 2008-06-23 16:57:36 459,264 -c----w c:\windows\ie7updates\KB956390-IE7\msfeeds.dll
+ 2008-06-23 16:57:36 52,224 -c----w c:\windows\ie7updates\KB956390-IE7\msfeedsbs.dll
+ 2008-06-24 14:57:40 3,592,192 -c----w c:\windows\ie7updates\KB956390-IE7\mshtml.dll
+ 2008-06-23 16:57:39 477,696 -c----w c:\windows\ie7updates\KB956390-IE7\mshtmled.dll
+ 2008-06-23 16:57:39 193,024 -c----w c:\windows\ie7updates\KB956390-IE7\msrating.dll
+ 2008-06-23 16:57:40 671,232 -c----w c:\windows\ie7updates\KB956390-IE7\mstime.dll
+ 2008-06-23 16:57:40 102,912 -c----w c:\windows\ie7updates\KB956390-IE7\occache.dll
+ 2008-06-23 16:57:40 44,544 -c----w c:\windows\ie7updates\KB956390-IE7\pngfilt.dll
+ 2007-03-06 01:22:41 213,216 -c----w c:\windows\ie7updates\KB956390-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w c:\windows\ie7updates\KB956390-IE7\spuninst\updspapi.dll
+ 2008-06-23 16:57:40 105,984 -c----w c:\windows\ie7updates\KB956390-IE7\url.dll
+ 2008-06-23 16:57:40 1,159,680 -c----w c:\windows\ie7updates\KB956390-IE7\urlmon.dll
+ 2008-06-23 16:57:41 233,472 -c----w c:\windows\ie7updates\KB956390-IE7\webcheck.dll
+ 2008-06-23 16:57:41 826,368 -c----w c:\windows\ie7updates\KB956390-IE7\wininet.dll
+ 2008-10-10 14:37:11 8,192 ----a-r c:\windows\Installer\{5650A422-0789-473F-B2C7-6C3D10CC9FFB}\Icon079d381e2.exe
+ 2008-10-10 14:37:11 5,120 ----a-r c:\windows\Installer\{5650A422-0789-473F-B2C7-6C3D10CC9FFB}\Icon079d381e3.exe
- 2008-09-11 07:03:17 38,240 ----a-r c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
+ 2008-10-16 07:01:39 38,240 ----a-r c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
- 2008-09-11 07:04:01 1,165,584 ----a-r c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\accicons.exe
+ 2008-10-16 18:15:11 1,165,584 ----a-r c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\accicons.exe
- 2008-09-11 07:04:02 20,240 ----a-r c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\cagicon.exe
+ 2008-10-16 18:15:12 20,240 ----a-r c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\cagicon.exe
- 2008-09-11 07:04:02 217,864 ----a-r c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\misc.exe
+ 2008-10-16 18:15:12 217,864 ----a-r c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\misc.exe
- 2008-09-11 07:04:02 18,704 ----a-r c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\mspicons.exe
+ 2008-10-16 18:15:12 18,704 ----a-r c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\mspicons.exe
- 2008-09-11 07:04:02 35,088 ----a-r c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\oisicon.exe
+ 2008-10-16 18:15:12 35,088 ----a-r c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\oisicon.exe
- 2008-09-11 07:04:01 845,584 ----a-r c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\outicon.exe
+ 2008-10-16 18:15:12 845,584 ----a-r c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\outicon.exe
- 2008-09-11 07:04:02 922,384 ----a-r c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\pptico.exe
+ 2008-10-16 18:15:12 922,384 ----a-r c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\pptico.exe
- 2008-09-11 07:04:02 272,648 ----a-r c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\pubs.exe
+ 2008-10-16 18:15:12 272,648 ----a-r c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\pubs.exe
- 2008-09-11 07:04:02 888,080 ----a-r c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\wordicon.exe
+ 2008-10-16 18:15:12 888,080 ----a-r c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\wordicon.exe
- 2008-09-11 07:04:01 1,172,240 ----a-r c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\xlicons.exe
+ 2008-10-16 18:15:12 1,172,240 ----a-r c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\xlicons.exe
- 2008-09-11 07:03:01 12,288 ----a-r c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2008-10-16 07:04:27 12,288 ----a-r c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
- 2008-09-11 07:03:01 135,168 ----a-r c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2008-10-16 07:04:27 135,168 ----a-r c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2008-09-11 07:03:01 11,264 ----a-r c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2008-10-16 07:04:27 11,264 ----a-r c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
- 2008-09-11 07:03:01 27,136 ----a-r c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2008-10-16 07:04:27 27,136 ----a-r c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2008-09-11 07:03:01 4,096 ----a-r c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2008-10-16 07:04:27 4,096 ----a-r c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
- 2008-09-11 07:03:01 794,624 ----a-r c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2008-10-16 07:04:27 794,624 ----a-r c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\outicon.exe
- 2008-09-11 07:03:01 249,856 ----a-r c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\pptico.exe
+ 2008-10-16 07:04:27 249,856 ----a-r c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\pptico.exe
- 2008-09-11 07:03:01 23,040 ----a-r c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2008-10-16 07:04:27 23,040 ----a-r c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2008-09-11 07:03:01 286,720 ----a-r c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2008-10-16 07:04:27 286,720 ----a-r c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
- 2008-09-11 07:03:01 409,600 ----a-r c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2008-10-16 07:04:27 409,600 ----a-r c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
- 2000-08-31 12:00:00 28,672 ----a-w c:\windows\Nircmd.exe
+ 2000-08-31 13:00:00 28,672 ----a-w c:\windows\Nircmd.exe
- 2000-08-31 12:00:00 161,792 ----a-w c:\windows\swreg.exe
+ 2000-08-31 13:00:00 161,792 ----a-w c:\windows\swreg.exe
- 2008-06-23 16:57:27 124,928 ----a-w c:\windows\system32\advpack.dll
+ 2008-08-26 07:24:28 124,928 ----a-w c:\windows\system32\advpack.dll
- 2008-06-23 16:57:27 124,928 ----a-w c:\windows\system32\dllcache\advpack.dll
+ 2008-08-26 07:24:28 124,928 ----a-w c:\windows\system32\dllcache\advpack.dll
- 2008-06-20 11:40:08 138,496 ------w c:\windows\system32\dllcache\afd.sys
+ 2008-08-14 10:04:36 138,496 ------w c:\windows\system32\dllcache\afd.sys
- 2008-06-23 16:57:27 347,136 ----a-w c:\windows\system32\dllcache\dxtmsft.dll
+ 2008-08-26 07:24:28 347,136 ----a-w c:\windows\system32\dllcache\dxtmsft.dll
- 2008-06-23 16:57:27 214,528 ----a-w c:\windows\system32\dllcache\dxtrans.dll
+ 2008-08-26 07:24:28 214,528 ----a-w c:\windows\system32\dllcache\dxtrans.dll
- 2008-06-23 16:57:27 133,120 ----a-w c:\windows\system32\dllcache\extmgr.dll
+ 2008-08-26 07:24:28 133,120 ----a-w c:\windows\system32\dllcache\extmgr.dll
- 2008-06-23 16:57:28 63,488 ------w c:\windows\system32\dllcache\icardie.dll
+ 2008-08-26 07:24:28 63,488 ------w c:\windows\system32\dllcache\icardie.dll
- 2008-06-23 09:20:25 70,656 ----a-w c:\windows\system32\dllcache\ie4uinit.exe
+ 2008-08-25 08:37:59 70,656 ----a-w c:\windows\system32\dllcache\ie4uinit.exe
- 2008-06-23 16:57:29 153,088 ----a-w c:\windows\system32\dllcache\ieakeng.dll
+ 2008-08-26 07:24:28 153,088 ----a-w c:\windows\system32\dllcache\ieakeng.dll
- 2008-06-23 16:57:29 230,400 ----a-w c:\windows\system32\dllcache\ieaksie.dll
+ 2008-08-26 07:24:28 230,400 ----a-w c:\windows\system32\dllcache\ieaksie.dll
- 2008-06-21 05:23:54 161,792 ----a-w c:\windows\system32\dllcache\ieakui.dll
+ 2008-08-23 05:54:51 161,792 ----a-w c:\windows\system32\dllcache\ieakui.dll
- 2008-06-23 16:57:29 383,488 ------w c:\windows\system32\dllcache\ieapfltr.dll
+ 2008-08-26 07:24:28 383,488 ------w c:\windows\system32\dllcache\ieapfltr.dll
- 2008-06-23 16:57:29 384,512 ----a-w c:\windows\system32\dllcache\iedkcs32.dll
+ 2008-08-26 07:24:29 384,512 ----a-w c:\windows\system32\dllcache\iedkcs32.dll
- 2008-06-23 16:57:33 6,066,176 ------w c:\windows\system32\dllcache\ieframe.dll
+ 2008-10-03 17:41:15 6,066,176 ------w c:\windows\system32\dllcache\ieframe.dll
- 2008-06-23 16:57:33 44,544 ----a-w c:\windows\system32\dllcache\iernonce.dll
+ 2008-08-26 07:24:29 44,544 ----a-w c:\windows\system32\dllcache\iernonce.dll
- 2008-06-23 16:57:34 267,776 ------w c:\windows\system32\dllcache\iertutil.dll
+ 2008-08-26 07:24:29 267,776 ------w c:\windows\system32\dllcache\iertutil.dll
- 2008-06-23 09:20:26 13,824 ------w c:\windows\system32\dllcache\ieudinit.exe
+ 2008-08-25 08:38:00 13,824 ------w c:\windows\system32\dllcache\ieudinit.exe
- 2008-06-23 09:20:52 625,664 ----a-w c:\windows\system32\dllcache\iexplore.exe
+ 2008-08-23 05:56:15 635,848 ----a-w c:\windows\system32\dllcache\iexplore.exe
- 2008-06-23 16:57:35 27,648 ----a-w c:\windows\system32\dllcache\jsproxy.dll
+ 2008-08-26 07:24:30 27,648 ----a-w c:\windows\system32\dllcache\jsproxy.dll
- 2008-06-23 16:57:36 459,264 ------w c:\windows\system32\dllcache\msfeeds.dll
+ 2008-08-26 07:24:30 459,264 ------w c:\windows\system32\dllcache\msfeeds.dll
- 2008-06-23 16:57:36 52,224 ------w c:\windows\system32\dllcache\msfeedsbs.dll
+ 2008-08-26 07:24:30 52,224 ------w c:\windows\system32\dllcache\msfeedsbs.dll
- 2008-06-24 14:57:40 3,592,192 ----a-w c:\windows\system32\dllcache\mshtml.dll
+ 2008-08-27 08:24:32 3,593,216 ----a-w c:\windows\system32\dllcache\mshtml.dll
- 2008-06-23 16:57:39 477,696 ----a-w c:\windows\system32\dllcache\mshtmled.dll
+ 2008-08-26 07:24:30 477,696 ----a-w c:\windows\system32\dllcache\mshtmled.dll
- 2008-06-23 16:57:39 193,024 ----a-w c:\windows\system32\dllcache\msrating.dll
+ 2008-08-26 07:24:30 193,024 ----a-w c:\windows\system32\dllcache\msrating.dll
- 2008-06-23 16:57:40 671,232 ----a-w c:\windows\system32\dllcache\mstime.dll
+ 2008-08-26 07:24:30 671,232 ----a-w c:\windows\system32\dllcache\mstime.dll
- 2008-06-23 16:57:40 102,912 ----a-w c:\windows\system32\dllcache\occache.dll
+ 2008-08-26 07:24:30 102,912 ----a-w c:\windows\system32\dllcache\occache.dll
- 2008-06-23 16:57:40 44,544 ----a-w c:\windows\system32\dllcache\pngfilt.dll
+ 2008-08-26 07:24:30 44,544 ----a-w c:\windows\system32\dllcache\pngfilt.dll
- 2008-06-23 16:57:40 105,984 ----a-w c:\windows\system32\dllcache\url.dll
+ 2008-08-26 07:24:30 105,984 ----a-w c:\windows\system32\dllcache\url.dll
- 2008-06-23 16:57:40 1,159,680 ----a-w c:\windows\system32\dllcache\urlmon.dll
+ 2008-08-26 07:24:31 1,159,680 ----a-w c:\windows\system32\dllcache\urlmon.dll
- 2008-06-23 16:57:41 233,472 ----a-w c:\windows\system32\dllcache\webcheck.dll
+ 2008-08-26 07:24:31 233,472 ----a-w c:\windows\system32\dllcache\webcheck.dll
- 2008-06-23 16:57:41 826,368 ----a-w c:\windows\system32\dllcache\wininet.dll
+ 2008-08-26 07:24:31 826,368 ----a-w c:\windows\system32\dllcache\wininet.dll
- 2008-06-20 11:40:08 138,496 ----a-w c:\windows\system32\drivers\afd.sys
+ 2008-08-14 10:04:36 138,496 ----a-w c:\windows\system32\drivers\afd.sys
- 2006-09-19 17:44:04 15,664 ----a-w c:\windows\system32\drivers\GEARAspiWDM.sys
+ 2008-04-17 17:12:54 15,464 ----a-w c:\windows\system32\drivers\GEARAspiWDM.sys
+ 2008-04-17 17:12:54 107,368 -c--a-w c:\windows\system32\DRVSTORE\GEARAspiWD_D213663B6381F01E45A131159A9DEFE018321CB3\x86\GEARAspi.dll
+ 2008-04-17 17:12:54 15,464 -c--a-w c:\windows\system32\DRVSTORE\GEARAspiWD_D213663B6381F01E45A131159A9DEFE018321CB3\x86\GEARAspiWDM.sys
- 2008-06-23 16:57:27 347,136 ----a-w c:\windows\system32\dxtmsft.dll
+ 2008-08-26 07:24:28 347,136 ----a-w c:\windows\system32\dxtmsft.dll
- 2008-06-23 16:57:27 214,528 ----a-w c:\windows\system32\dxtrans.dll
+ 2008-08-26 07:24:28 214,528 ----a-w c:\windows\system32\dxtrans.dll
- 2008-06-23 16:57:27 133,120 ----a-w c:\windows\system32\extmgr.dll
+ 2008-08-26 07:24:28 133,120 ----a-w c:\windows\system32\extmgr.dll
- 2008-08-24 11:17:01 331,480 ----a-w c:\windows\system32\FNTCACHE.DAT
+ 2008-10-16 07:12:20 331,480 ----a-w c:\windows\system32\FNTCACHE.DAT
- 2006-10-03 22:47:52 109,360 ----a-w c:\windows\system32\GEARAspi.dll
+ 2008-04-17 17:12:54 107,368 ----a-w c:\windows\system32\GEARAspi.dll
- 2008-06-23 16:57:28 63,488 ----a-w c:\windows\system32\icardie.dll
+ 2008-08-26 07:24:28 63,488 ----a-w c:\windows\system32\icardie.dll
- 2008-06-23 09:20:25 70,656 ----a-w c:\windows\system32\ie4uinit.exe
+ 2008-08-25 08:37:59 70,656 ----a-w c:\windows\system32\ie4uinit.exe
- 2008-06-23 16:57:29 153,088 ----a-w c:\windows\system32\ieakeng.dll
+ 2008-08-26 07:24:28 153,088 ----a-w c:\windows\system32\ieakeng.dll
- 2008-06-23 16:57:29 230,400 ----a-w c:\windows\system32\ieaksie.dll
+ 2008-08-26 07:24:28 230,400 ----a-w c:\windows\system32\ieaksie.dll
- 2008-06-21 05:23:54 161,792 ----a-w c:\windows\system32\ieakui.dll
+ 2008-08-23 05:54:51 161,792 ----a-w c:\windows\system32\ieakui.dll
- 2008-06-23 16:57:29 383,488 ----a-w c:\windows\system32\ieapfltr.dll
+ 2008-08-26 07:24:28 383,488 ----a-w c:\windows\system32\ieapfltr.dll
- 2008-06-23 16:57:29 384,512 ----a-w c:\windows\system32\iedkcs32.dll
+ 2008-08-26 07:24:29 384,512 ----a-w c:\windows\system32\iedkcs32.dll
- 2008-06-23 16:57:33 6,066,176 ----a-w c:\windows\system32\ieframe.dll
+ 2008-10-03 17:41:15 6,066,176 ----a-w c:\windows\system32\ieframe.dll
- 2008-06-23 16:57:33 44,544 ----a-w c:\windows\system32\iernonce.dll
+ 2008-08-26 07:24:29 44,544 ----a-w c:\windows\system32\iernonce.dll
- 2008-06-23 16:57:34 267,776 ----a-w c:\windows\system32\iertutil.dll
+ 2008-08-26 07:24:29 267,776 ----a-w c:\windows\system32\iertutil.dll
- 2008-06-23 09:20:26 13,824 ----a-w c:\windows\system32\ieudinit.exe
+ 2008-08-25 08:38:00 13,824 ----a-w c:\windows\system32\ieudinit.exe
- 2005-08-26 22:55:46 49,248 ----a-w c:\windows\system32\java.exe
+ 2008-06-10 05:21:01 135,168 ----a-w c:\windows\system32\java.exe
- 2005-08-26 22:55:58 49,250 ----a-w c:\windows\system32\javaw.exe
+ 2008-06-10 05:21:04 135,168 ----a-w c:\windows\system32\javaw.exe
- 2005-08-27 01:14:46 127,078 ----a-w c:\windows\system32\javaws.exe
+ 2008-06-10 06:32:34 139,264 ----a-w c:\windows\system32\javaws.exe
- 2008-06-23 16:57:35 27,648 ----a-w c:\windows\system32\jsproxy.dll
+ 2008-08-26 07:24:30 27,648 ----a-w c:\windows\system32\jsproxy.dll
+ 2000-01-24 09:01:00 111,104 ----a-w c:\windows\system32\midas.dll
- 2008-08-26 20:28:12 16,208,504 ----a-w c:\windows\system32\MRT.exe
+ 2008-10-07 19:19:40 16,721,856 ----a-w c:\windows\system32\MRT.exe
- 2008-06-23 16:57:36 459,264 ----a-w c:\windows\system32\msfeeds.dll
+ 2008-08-26 07:24:30 459,264 ----a-w c:\windows\system32\msfeeds.dll
- 2008-06-23 16:57:36 52,224 ----a-w c:\windows\system32\msfeedsbs.dll
+ 2008-08-26 07:24:30 52,224 ----a-w c:\windows\system32\msfeedsbs.dll
- 2008-06-24 14:57:40 3,592,192 ----a-w c:\windows\system32\mshtml.dll
+ 2008-08-27 08:24:32 3,593,216 ----a-w c:\windows\system32\mshtml.dll
- 2008-06-23 16:57:39 477,696 ----a-w c:\windows\system32\mshtmled.dll
+ 2008-08-26 07:24:30 477,696 ----a-w c:\windows\system32\mshtmled.dll
- 2008-06-23 16:57:39 193,024 ----a-w c:\windows\system32\msrating.dll
+ 2008-08-26 07:24:30 193,024 ----a-w c:\windows\system32\msrating.dll
- 2008-06-23 16:57:40 671,232 ----a-w c:\windows\system32\mstime.dll
+ 2008-08-26 07:24:30 671,232 ----a-w c:\windows\system32\mstime.dll
- 2008-04-14 00:12:01 337,408 ----a-w c:\windows\system32\netapi32.dll
+ 2008-10-15 16:34:24 337,408 ----a-w c:\windows\system32\netapi32.dll
- 2008-04-13 18:31:21 2,023,936 ----a-w c:\windows\system32\ntkrnlpa.exe
+ 2008-08-14 09:33:16 2,023,936 ----a-w c:\windows\system32\ntkrnlpa.exe
- 2008-04-13 19:24:37 2,145,280 ----a-w c:\windows\system32\ntoskrnl.exe
+ 2008-08-14 10:09:26 2,145,280 ----a-w c:\windows\system32\ntoskrnl.exe
- 2008-06-23 16:57:40 102,912 ----a-w c:\windows\system32\occache.dll
+ 2008-08-26 07:24:30 102,912 ----a-w c:\windows\system32\occache.dll
- 2008-08-24 03:02:06 89,986 ----a-w c:\windows\system32\perfc009.dat
+ 2008-11-05 02:29:04 89,986 ----a-w c:\windows\system32\perfc009.dat
- 2008-08-24 03:02:06 492,578 ----a-w c:\windows\system32\perfh009.dat
+ 2008-11-05 02:29:04 492,578 ----a-w c:\windows\system32\perfh009.dat
- 2008-06-23 16:57:40 44,544 ----a-w c:\windows\system32\pngfilt.dll
+ 2008-08-26 07:24:30 44,544 ----a-w c:\windows\system32\pngfilt.dll
- 2007-11-30 12:39:22 17,272 ------w c:\windows\system32\spmsg.dll
+ 2007-11-30 11:18:51 17,272 ------w c:\windows\system32\spmsg.dll
+ 2005-09-06 20:50:50 32,768 ----a-w c:\windows\system32\TGIconAppRC.DLL
- 2008-06-23 16:57:40 105,984 ----a-w c:\windows\system32\url.dll
+ 2008-08-26 07:24:30 105,984 ----a-w c:\windows\system32\url.dll
- 2008-06-23 16:57:40 1,159,680 ----a-w c:\windows\system32\urlmon.dll
+ 2008-08-26 07:24:31 1,159,680 ----a-w c:\windows\system32\urlmon.dll
- 2008-06-23 16:57:41 233,472 ----a-w c:\windows\system32\webcheck.dll
+ 2008-08-26 07:24:31 233,472 ----a-w c:\windows\system32\webcheck.dll
- 2008-04-13 19:30:10 1,845,632 ----a-w c:\windows\system32\win32k.sys
+ 2008-09-15 12:12:56 1,846,400 ----a-w c:\windows\system32\win32k.sys
- 2008-06-23 16:57:41 826,368 ----a-w c:\windows\system32\wininet.dll
+ 2008-08-26 07:24:31 826,368 ----a-w c:\windows\system32\wininet.dll
+ 2008-11-06 15:55:31 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_56c.dat
+ 2008-11-06 16:02:06 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_bf0.dat
+ 2006-12-02 04:46:44 65,536 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6c18549a\vcomp.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-13 1695232]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-02-17 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-02-21 143360]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-08-02 7110656]
"HPHUPD08"="c:\program files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-02 49152]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-09-21 1605740]
"RetroExpress"="c:\progra~1\RETROS~1\RETROS~1.0\RetroExpress.exe" [2006-09-11 9371648]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 63712]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-09-06 29744]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2007-08-02 180269]
"KBD"="c:\hp\KBD\KBD.EXE" [2005-02-02 61440]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2007-01-10 115816]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-03-28 413696]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-02 c:\windows\arpwrmsg.exe]
"nwiz"="nwiz.exe" [2005-08-02 c:\windows\system32\nwiz.exe]
"WD Button Manager"="WDBtnMgr.exe" [2007-08-06 c:\windows\system32\WDBtnMgr.exe]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-12 282624]
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2008-03-18 972064]
TunnelGuard Tray Monitor.lnk - c:\windows\Installer\{5650A422-0789-473F-B2C7-6C3D10CC9FFB}\Icon079d381e2.exe [2008-10-10 8192]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= c:\windows\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= c:\windows\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\RentRight4\\RentRight_Login_Server.exe"=
"c:\\Program Files\\Retrospect\\Retrospect Express HD 2.0\\Retrospect.exe"=
"c:\\Program Files\\Retrospect\\Retrospect Express HD 2.0\\retrorun.exe"=
"c:\\Program Files\\Intuit\\QuickBooks 2007\\QBDBMgrN.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1263:TCP"= 1263:TCP:MSDE-TCP
"1434:UDP"= 1434:UDP:MSDE-UDP
"50:UDP"= 50:UDP:IPSEC Tunnel Encapsulation
"51:UDP"= 51:UDP:IPSEC Tunnel Encapsulation
"500:UDP"= 500:UDP:ISAKMP/IPsec Key Management
"8121:UDP"= 8121:UDP:TunnelGuard Connection
"8282:TCP"= 8282:TCP:TunnelGuard Communication
"10001:UDP"= 10001:UDP:NAT Traversal
"55370:TCP"= 55370:TCP:GSG Server Communication

R2 MSSQL$RR;SQL Server (RR);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2008-02-26 29183504]
R2 RrLS;RentRight Login Server Service;c:\program files\RentRight4\RentRight_Login_Server.exe [2008-06-24 2121728]
R3 CXFALCON;Conexant Falcon II NTSC Video Capture;c:\windows\system32\drivers\cxfalcon.sys [2006-02-09 80384]
R3 WN5301;LIteon Wireless PCI Network Adapter Service;c:\windows\system32\DRIVERS\wn5301.sys [2005-10-05 468768]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2008-09-06 29744]
S3 IPSECSHM;Nortel IPSECSHM Adapter;c:\windows\system32\DRIVERS\ipsecw2k.sys [ ]
S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\DRIVERS\motodrv.sys [2007-10-10 42112]

*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder

2008-11-06 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 18:20]

2008-11-06 c:\windows\Tasks\Powell and HH Finance 1195654473.job
- c:\program files\Intuit\QuickBooks 2007\AutoBackupEXE.exe [2008-03-18 20:40]

2008-11-05 c:\windows\Tasks\User_Feed_Synchronization-{ACD65EE5-04EE-453F-8ECB-FD6F0B8ACAB5}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 10:58]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-P2kAutostart - (no file)
HKLM-Run-PCDrProfiler - (no file)
Notify-__c0011A40 - c:\windows\system32\__c0011A40.dat


.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.google.com/
R1 -: HKCU-SearchURL,(Default) = hxxp://www.google.com/keyword/%s
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-06 10:57:18
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Windows Defender\MsMpEng.exe
c:\program files\Common Files\Symantec Shared\ccSvcHst.exe
c:\program files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
c:\windows\arservice.exe
c:\windows\ehome\ehrecvr.exe
c:\windows\ehome\ehSched.exe
c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\nvsvc32.exe
c:\windows\system32\spool\drivers\w32x86\3\HPZIPM12.EXE
c:\progra~1\RETROS~1\RETROS~1.0\retrorun.exe
c:\windows\system32\rundll32.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\Nortel Networks\TunnelGuard\CueAgent_srv.exe
c:\program files\Nortel Networks\TunnelGuard\platforms\win32\TGIconApp.EXE
c:\windows\ehome\mcrdsvc.exe
c:\program files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe
c:\windows\RTHDCPL.EXE
c:\progra~1\RETROS~1\RETROS~1.0\Retrospect.exe
c:\windows\system\hpsysdrv.exe
c:\windows\system32\dllhost.exe
c:\windows\ehome\ehmsas.exe
.
**************************************************************************
.
Completion time: 2008-11-06 11:06:24 - machine was rebooted
ComboFix-quarantined-files.txt 2008-11-06 16:06:19
ComboFix2.txt 2008-09-14 19:49:20
ComboFix3.txt 2008-09-14 18:45:54
ComboFix4.txt 2008-09-13 18:24:47

Pre-Run: 225,884,995,584 bytes free
Post-Run: 225,925,304,320 bytes free

562 --- E O F --- 2008-11-05 23:12:12


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:16:40 AM, on 11/6/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\arservice.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE
C:\PROGRA~1\RETROS~1\RETROS~1.0\retrorun.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\ARPWRMSG.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\RentRight4\RentRight_Login_Server.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\WDBtnMgr.exe
C:\PROGRA~1\RETROS~1\RETROS~1.0\RetroExpress.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Nortel Networks\TunnelGuard\CueAgent_srv.exe
C:\Program Files\Nortel Networks\TunnelGuard\platforms\win32\TGIconApp.EXE
C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\RTHDCPL.EXE
c:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
O4 - HKLM\..\Run: [RetroExpress] C:\PROGRA~1\RETROS~1\RETROS~1.0\RetroExpress.exe /h
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: TunnelGuard Tray Monitor.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/FacebookPhotoUploader5.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmart.com/WalmartActivia.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1186419805875
O16 - DPF: {6F750202-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://adobe.kodakgallery.com/downloads/BUM/BUM_WIN_IE_2/axofupld.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - http://upload.facebook.com/controls/FacebookPhotoUploader4_5.cab
O16 - DPF: {F137B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin Class) - http://cvs.pnimedia.com/upload/activex/v2_0_0_10/PCAXSetupv2.0.0.10.cab?
O18 - Protocol: x-owacid - {0215258F-F0A8-49DE-BF1B-0FF02EDA8807} - C:\Program Files\Microsoft\Outlook Web Access SMIME Client\mimectl.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Intel® Quick Resume Technology Drivers (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: Retrospect Express HD Helper (RetroExp Helper) - EMC Corporation - C:\PROGRA~1\RETROS~1\RETROS~1.0\rthlpsvc.exe
O23 - Service: Retrospect Express HD Launcher (RetroExpLauncher) - EMC Corporation - C:\PROGRA~1\RETROS~1\RETROS~1.0\retrorun.exe
O23 - Service: RentRight Login Server Service (RrLS) - Unknown owner - C:\Program Files\RentRight4\RentRight_Login_Server.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe
O23 - Service: Nortel Networks TunnelGuard (tunnelguardservice) - Alexandria Software Consulting - C:\Program Files\Nortel Networks\TunnelGuard\CueAgent_srv.exe

--
End of file - 12829 bytes

Looks better :)

Please go to Kaspersky website (http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html) and perform an online antivirus scan.

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

Read through the requirements and privacy statement and click on Accept button.
It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
When the downloads have finished, click on Settings.
Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button: Spyware, Adware, Dialers, and other potentially dangerous programs
Archives
Click on My Computer under Scan.
Once the scan is complete, it will display the results. Click on View Scan Report.
You will see a list of infected items there. Click on Save Report As....
Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
Please post this log in your next reply along with a fresh HijackThis log.

If you need a tutorial, see here (http://i275.photobucket.com/albums/jj285/Bleeping/KAS/KAS9.gif)

when i click on the kaspersky site it said i needed java 1.5 or later so i clicked the link and now have java ver 6 update 10 when i go back to kasperskys online scan it checks my computer and states again that i need java 1.5 it will not let me click the accept button only the exit button

Have you tried using another browser?

That scan works with IE, Firefox and Opera.

.....uh ....no i dont think so .... do i need to? what is firefox?
Is there a setting that is turned off to prevent the kaspersky from running. As far as i know java is turned on and should be ready to go.

i think i need to restart for the new java to work...

Yes, you can try that.

It can be Symantec related issue as well.

If still doesn't work, please try this scan instead:

Please go to Eset website (http://www.eset.com/onlinescan/) to perform an online scan. Please use Internet Explorer as it uses ActiveX.

Check (tick) this box: YES, I accept the Terms of Use.
Click on the Start button next to it.
When prompted to run ActiveX. click Yes.
You will be asked to install an ActiveX. Click Install.
Once installed, the scanner will be initialized.
After the scanner is initialized, click Start.
Uncheck (untick) Remove found threats box.
Check (tick) Scan unwanted applications.
Click on Scan.
It will start scanning. Please be patient.
Once the scan is done, you will find a log in C:\Program Files\esetonlinescanner\log.txt. Please post this log in your next reply.

KASPERSKY ONLINE SCANNER 7 REPORT
Thursday, November 6, 2008
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Thursday, November 06, 2008 14:50:40
Records in database: 1372367
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\
L:\
M:\

Scan statistics:
Files scanned: 206916
Threat name: 2
Infected objects: 8
Suspicious objects: 0
Duration of the scan: 05:22:10


File name / Threat name / Threats count
C:\Documents and Settings\HP_Administrator\Desktop\lots photos\Random Files\RentRight4\HelpMe.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.c 1
C:\Program Files\install.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.c 1
C:\Program Files\RentRight4\HelpMe.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.c 1
C:\Program Files\RentRight4\update.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.c 1
C:\QooBox\Quarantine\C\WINDOWS\system32\~.exe.vir Infected: Trojan-Dropper.Win32.Agent.ylr 1
M:\lots photos\Random Files\RentRight4\HelpMe.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.c 1
M:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP342\A0075854.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.c 1
M:\Retrospect Copies\Backup of HP_PAVILION (C)\Documents and Settings\HP_Administrator\Desktop\lots photos\Random Files\RentRight4\HelpMe.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.c 1

The selected area was scanned.

RentRight4 is our Property Management Software

Thank you for information.

Empty this folder:

C:\QooBox\Quarantine

Empty Recycle Bin.

Still problems?

done
all looks good. thanks for your help

Great :)

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:

Now lets uninstall ComboFix:

Click START then RUN
Now type Combofix /u in the runbox and click OK

Next we remove all used tools.

Please download OTCleanIt (http://download.bleepingcomputer.com/oldtimer/OTCleanIt.exe) and save it to desktop.

Double-click OTCleanIt.exe.
Click the CleanUp! button.
Select Yes when the "Begin cleanup Process?" prompt appears.
If you are prompted to Reboot during the cleanup, select Yes.
The tool will delete itself once it finishes, if not delete it by yourself.


Note: If you receive a warning from your firewall or other security programs regarding OTCleanIt attempting to contact the internet, please allow it to do so.

Disable and Enable System Restore. - If you are using Windows XP then you should disable and re-enable system restore to make sure there are no infected files found in a restore point.

You can find instructions on how to enable and re-enable system restore here:

Windows XP System Restore Guide (http://www.bleepingcomputer.com/forums/tutorial56.html)

Re-enable system restore with instructions from tutorial above

Make your Internet Explorer more secure - This can be done by following these simple instructions:
From within Internet Explorer click on the Tools menu and then click on Options.
Click once on the Security tab
Click once on the Internet icon so it becomes highlighted.
Click once on the Custom Level button.
Change the Download signed ActiveX controls to Prompt

Change the Download unsigned ActiveX controls to Disable

Change the Initialize and script ActiveX controls not marked as safe to Disable

Change the Installation of desktop items to Prompt

Change the Launching programs and files in an IFRAME to Prompt

Change the Navigate sub-frames across different domains to Prompt

When all these settings have been made, click on the OK button.

If it prompts you as to whether or not you want to save the settings, press the Yes button.
Next press the Apply button and then the OK to exit the Internet Properties page.

Update your AntiVirus Software and keep your other programs up-to-date Update your Antivirus programs and other security products regularly to avoid new threats that could infect your system.
You can use one of these sites to check if any updates are needed for your pc.
Secunia Software Inspector (http://secunia.com/software_inspector/)
F-secure Health Check (http://www.f-secure.com/weblog/archives/00001356.html)

Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com (http://www.windowsupdate.com) regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

Install Malwarebytes' Anti-Malware - Malwarebytes' Anti-Malware is a new and powerful anti-malware tool. It is
totally free but for real-time protection you will have to pay a small one-time fee. Tutorial on installing & using this product can be found below:

Malwarebytes' Anti-Malware Setup Guide (http://www.bfccomputers.com/forum/index.php?showtopic=1644)

Malwarebytes' Anti-Malware Scanning Guide (http://www.bfccomputers.com/forum/index.php?showtopic=1645)


Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

A tutorial on installing & using this product can be found here:

Using SpywareBlaster to protect your computer from Spyware and Malware (http://www.bleepingcomputer.com/tutorials/tutorial49.html)


Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
Follow this list and your potential for being infected again will reduce dramatically.

Here are some additional utilities that will enhance your safety

MVPS Hosts file (http://mvps.org/winhelp2002/hosts.htm) <= The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer. See also a hosts file tutorial here (http://malwareremoval.com/forum/viewtopic.php?t=22187)
Winpatrol (http://www.winpatrol.com/) <= Download and install the free version of Winpatrol. a tutorial for this product is located here:
Using Winpatrol to protect your computer from malicious software (http://www.winpatrol.com/features.html)

Stand Up and Be Counted ---> Malware Complaints (http://www.malwarecomplaints.info/index.php) <--- where you can make difference!

The site offers people who have been (or are) victims of malware the opportunity to document their story and, in that way, launch a complaint against the malware and the makers of the malware.

Also, please read this great article by Tony Klein So How Did I Get Infected In First Place (http://forums.spybot.info/showthread.php?t=279)

Happy surfing and stay clean! :bigthumb:

Malwarebytes' Anti-Malware 1.30
Database version: 1371
Windows 5.1.2600 Service Pack 3

11/7/2008 5:14:39 PM
mbam-log-2008-11-07 (17-14-39).txt

Scan type: Full Scan (C:\|D:\|M:\|)
Objects scanned: 255383
Time elapsed: 3 hour(s), 1 minute(s), 26 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

That looks good :)

I hope that you stay clean in the future.

Since this issue appears to be resolved ... this Topic has been closed. Glad I could help.

Note: If it has been five days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.

If it has been less than five days since your last response and you need the thread re-opened, please send me or your helper a private message (pm). A valid, working link to the closed topic is required.