iexplore.exe running each time I reboot/Please help

[Ried]

Hi,

No, I haven't given up on you--my comment was in reference to your Post #35. Either we uninstall the extra (albeit turned off) AV and Anti Malware programs and any unlicensed software first.

If issue remains, run another scan with SREng while that iexplore.exe is running and post that here.

Or

Try the steps you mentioned in Post 35.

I cannot guarantee that we'll find the source. If it were my computer, it would drive me nuts to have to work around iexplore.exe loading at boot, but I'd give it the old 'college try' to see if I could find out and fix it. I'd begin by uninstalling any software that requires the internet--and you have many of those. It's up to you. If you can live with it, I see no harm.

[peiraster]

Ried, in case I decide to run a regcleaner, would you recommend running it after a fresh reboot with iexplore.exe running in the background or it does not make a difference?

[Ried]

It won't make any difference. But please, do enable System Restore for the time being.

[peiraster]

Ried, I ran jv 16 Powertools, a regcleaner without letting it fix anything. Instead I saved the list of found registry errors to a text file (the program has a feature to do so), which I'm attaching for your evaluation. Is there any error that you might consider with a chance of being related to the issue? Let me know, thanks (there are references to internet explorer, but no idea if they are related or not).

[Ried]

I don't intend to sound glib, but any of those could potentially be related.

The inner workings of programs, Windows, the registry, etc are so intertwined, it would be exremely difficult for anyone to say 'yes--this is it...'

Repair those entries and see how it goes. Not to sound like a broken record, but enable System Restore first.

[peiraster]

I repair those entries in the registry but no change. Additionally I tried various registry cleaners and no change either. :(

[Ried]

Then it seems to me these are your choices:

1. Uninstall the software I suggested earlier and see if that resolves the issue.
2. Try a Repair install (wouldn't hurt, but may not resolve the issue if it is caused by one of your installed programs)
3. Backup your system and reformat, then full reinstall of XP.

Here's a good step by step guide for performing a Repair Install of Windows XP.

Windows XP Home Repair for all service pack versions of XP

[peiraster]

Ried, I agree with your steps. But also, since you said that my PC is 100% safe, then another option is to keep things as they are, right?

[Ried]

I suppose you could.

During the time we've been trying to troubleshoot this issue, none of the scans have revealed malware, nor have I seen any 'arrive', which leads me to believe the cause is not malware related.

However, as we've not found the source, I'd suggest continuing the troubleshooting steps.

[peiraster]

Ried, what about restoring the regitry to the april date backed up in Windows XP Repair Pro? I suggest to do this just as an experiment to see if it is registry related. I can use system restore to restore everything to normal once I run the experiment...what do you think?

[Ried]

Sure, give it a go. But backup any documents you've created since April to be sure you don't lose them. (Had System Restore been enabled all this time, you could have chosen that route instead, which would have left documents created during this time, intact. )

[peiraster]

Ried, this issue is getting more and more intriguing. I just restored the registry to the April backup date stored in XP Repair Pro (the only reg cleaner I used). The restore was successful, it prompted me to restart the PC, and guess what? After reboot,the iexplore.exe was still running in the background!. So this issue is not related to a change created by Xp Repair Pro. And then the big question is, what's causing this??

[Ried]

Interesting indeed.

If it were me, the first thing I would do is run Process Explorer or Process Monitor again and highlight iexplore.exe. Look at the bottom portion to see what is running with it. Uninstall the programs that you see there, one at a time, and reboot to see if it resolves the issue.

For example, in your previous screenshot, these were listed under iexplore.exe PID 2424...

Quote:

Process: iexplore.exe Pid: 2424

Type Name
Desktop \Default
Directory \KnownDlls
Directory \Windows
Directory \BaseNamedObjects
File C:\Documents and Settings\Dell
File \Device\KsecDD
File C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03
File C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03
File \Device\WMIDataDevice
File \Device\WMIDataDevice
File C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03
File C:\WINDOWS\system32\Systemfiles\klog.dat
File \Device\Tcp
File \Device\Tcp
File \Device\Ip
File \Device\Ip
File \Device\Ip
File \Device\Tcp
File \Device\NamedPipe\Winsock2\CatalogChangeListener-978-0
Key HKLM
Key HKCU
Key HKCU
Key HKCU
Key HKCU
Key HKCU
Key HKCU
Key HKCU
Key HKCU
Key HKCU
Key HKCU
Key HKCU
Key HKCU
Key HKLM
Key HKCU
Key HKLM
Key HKCU
Key HKCU\Software\ Adobe\Adobe Acrobat\8.0\Acrobat 3DCapture
Key HKLM
Key HKLM\SOFTWARE\Adobe\Acrobat 3DCapture\8.0\InstallPath
Key HKCU\Software\Classes
Key HKCU
Key HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Key HKLM
Key HKLM\SYSTEM\ControlSet001\Control\NetworkProvider\HwOrder
Key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32
Key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32
Key HKLM\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9
Key HKLM\SYSTEM\ControlSet001\Services\WinSock2\Parameters\NameSpace_Catalog5
Key HKLM\SYSTEM\ControlSet001\Services\Tcpip\Linkage
Key HKLM\SYSTEM\ControlSet001\Services\Tcpip\Parameters
Key HKLM\SYSTEM\ControlSet001\Services\NetBT\Parameters\Interfaces
Key HKLM\SYSTEM\ControlSet001\Services\NetBT\Parameters
KeyedEvent \KernelObjects\CritSecOutOfMemoryEvent
Mutant \BaseNamedObjects\ZonesCounterMutex
Mutant \BaseNamedObjects\ZonesCacheCounterMutex
Mutant \BaseNamedObjects\ZonesLockedCacheCounterMutex
Mutant \BaseNamedObjects\BifiWur
Mutant \BaseNamedObjects\ShimCacheMutex
Mutant \BaseNamedObjects\main area mutex HighCriteria TotalRecorder Mrqx1FQGyj4c1kycrBxP
Mutant \BaseNamedObjects\instance mutex HighCriteria TotalRecorder Mrqx1FQGyj4c1kycrBxP 4
Process iexplore.exe(2424)
Section \BaseNamedObjects\ShimSharedMemory
Section \BaseNamedObjects\exchng common areaHighCriteria TotalRecorder Mrqx1FQGyj4c1kycrBxP 94784 0
Semaphore \BaseNamedObjects\shell.{A48F1A32-A340-11D1-BC6B-00A0C90312E1}
Semaphore \BaseNamedObjects\sem.for registry HighCriteria TotalRecorder Mrqx1FQGyj4c1kycrBxP
Thread iexplore.exe(2424): 2448
Thread iexplore.exe(2424): 2452
Thread iexplore.exe(2424): 2456
Thread iexplore.exe(2424): 2460
Thread iexplore.exe(2424): 2448
Thread iexplore.exe(2424): 3828
Thread iexplore.exe(2424): 3828
Thread iexplore.exe(2424): 1060
WindowStation \Windows\WindowStations\WinSta0
WindowStation \Windows\WindowStations\WinSta0

Also, humor me a bit...is the following file on your system? Please ensure Hidden files and folders are viewable:

Go to My Computer->Tools->Folder Options->View tab:
* Under the Hidden files and folders heading:
* select Show hidden files and folders.
* Uncheck Hide protected operating system files (recommended) option.
*Also, make sure there is no checkmark beside Hide file extensions for known file types.
* Click OK.

--------------------------------------------------------------------

Using 'My Computer', (don't search) navigate to C:\WINDOWS\system32\Systemfiles\taskmgr.exe and tell me if it's there or not.

[peiraster]

Ried, yes I always had and have those Folder Options settings enabled as you describe, and also the file taskmgr.exe is present in the folder you indicate.
I ran Process Explorer and those blue highlighted appliations still show under iexplore.exe.
Let me know,thanks

[Ried]

Open notepad and copy/paste the text in the quotebox below into it:

Quote:

Suspect::
C:\WINDOWS\system32\Systemfiles\taskmgr.exe

DirLook::
C:\WINDOWS\system32\Systemfiles

Save this as CFScript.txt, in the same location as ComboFix.exe




Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a report. Please copy/paste the contents of that report in your next reply.

Additonally, ComboFix will generate a zipped file on your desktop called Submit [Date Time].zip

Please submit the Submit [Date Time].zip to:

http://www.bleepingcomputer.com/subm....php?channel=4

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

[peiraster]

Find the combofix log.txt pasted below. I also submitted the zipped file to the website you indicated:

"Dell" - 2007-07-16 131 - ComboFix 07-07-16.4 - Service Pack 2 NTFS
Command switches used :: C:\Documents and Settings\Dell\Desktop\CFScript.txt


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\DOCUME~1\Dell\APPLIC~1.\addon.dat


((((((((((((((((((((((((( Files Created from 2007-06-16 to 2007-07-16 )))))))))))))))))))))))))))))))


2007-07-15 12:45 25,989,120 --a------ C:\DOCUME~1\Dell\ntuser.dat
2007-07-11 10:54 278,528 --a------ C:\WINDOWS\system32\livesnth.dll
2007-07-11 10:54 203,776 --a------ C:\WINDOWS\system32\clrviddc.dll
2007-07-11 10:42 <DIR> d-------- C:\Program Files\Common Files\xing shared
2007-07-11 01:46 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-07-10 18:49 <DIR> d-------- C:\Program Files\jv16 PowerTools 2007
2007-07-10 01:30 <DIR> d-------- C:\DOCUME~1\Dell\APPLIC~1\MainConcept
2007-07-06 00:18 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-07-05 06:48 <DIR> d-------- C:\Program Files\Windows Defender
2007-07-05 03:27 <DIR> d-------- C:\Deckard
2007-07-04 20:45 83,536 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2007-07-04 20:45 59,984 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2007-07-04 20:45 52,304 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2007-07-04 20:45 39,248 --a------ C:\WINDOWS\system32\drivers\ikfileflt.sys
2007-07-04 20:45 26,064 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2007-07-04 20:45 <DIR> d-------- C:\Program Files\Spyware Doctor
2007-07-02 19:39 0 --a------ C:\WINDOWS\system32\SBRC.dat
2007-07-02 19:39 0 --a------ C:\WINDOWS\system32\SBFC.dat
2007-07-02 18:57 <DIR> d-------- C:\DOCUME~1\Dell\APPLIC~1\Sunbelt Software
2007-07-01 20:30 <DIR> d-------- C:\Program Files\Apple Software Update
2007-07-01 20:29 <DIR> d-------- C:\Program Files\Common Files\Apple
2007-07-01 20:29 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
2007-07-01 16:32 75 -r-hs---- C:\WINDOWS\FFSSET.BIN
2007-07-01 16:29 <DIR> d-------- C:\DOCUME~1\Dell\APPLIC~1\PanoramaStudio
2007-07-01 16:28 <DIR> d-------- C:\Program Files\PanoramaStudio
2007-07-01 16:21 <DIR> d-------- C:\Program Files\Typhoon Software
2007-07-01 16:16 <DIR> d-------- C:\Program Files\Collectorz.com
2007-07-01 16:10 <DIR> d-------- C:\WINDOWS\system32\QuickTime
2007-07-01 16:08 <DIR> d--h----- C:\WINDOWS\system32\Systemfiles
2007-07-01 13:12 22,080 --a------ C:\WINDOWS\system32\drivers\sshrmd.sys
2007-07-01 13:12 21,056 --a------ C:\WINDOWS\system32\drivers\sskbfd.sys
2007-07-01 13:12 20,544 --a------ C:\WINDOWS\system32\drivers\SSFS0509.sys
2007-07-01 13:12 144,448 --a------ C:\WINDOWS\system32\drivers\ssidrv.sys
2007-07-01 13:12 <DIR> d-------- C:\DOCUME~1\LOCALS~1\APPLIC~1\Webroot
2007-07-01 13:12 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Webroot
2007-07-01 12:57 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
2007-06-29 15:09 490,272 --a------ C:\WINDOWS\system32\LVUI2.dll
2007-06-29 15:09 465,696 --a------ C:\WINDOWS\system32\LVUI2RC.dll
2007-06-29 15:09 416,544 --a------ C:\WINDOWS\system32\lvcodec2.dll
2007-06-29 15:09 41,888 --a------ C:\WINDOWS\system32\drivers\LVUSBSta.sys
2007-06-29 15:09 3,580,832 --a------ C:\WINDOWS\system32\drivers\lvuvc.sys
2007-06-29 15:09 22,560 --a------ C:\WINDOWS\system32\drivers\lvuvcflt.sys
2007-06-29 15:09 195,360 --a------ C:\WINDOWS\system32\lvci1100.dll
2007-06-29 15:09 15,558 --a------ C:\WINDOWS\system32\Repository.reg
2007-06-29 15:09 1,921,184 --a------ C:\WINDOWS\system32\drivers\lvpopflt.sys
2007-06-29 15:06 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\LogiShrd
2007-06-28 00:34 <DIR> d-------- C:\Program Files\Pando Networks
2007-06-28 00:31 <DIR> d-------- C:\Program Files\Common Files\Skype
2007-06-27 19:48 3,840 --a------ C:\WINDOWS\system32\drivers\BANTExt.sys
2007-06-25 20:24 10,395,648 --a------ C:\WINDOWS\The Spartans 3D Screensaver.scr
2007-06-25 20:20 10,395,648 --a------ C:\WINDOWS\system32\The Spartans 3D Screensaver.scr
2007-06-25 20:20 <DIR> d-------- C:\Program Files\The Spartans 3D Screensaver
2007-06-24 18:11 <DIR> d-------- C:\DOCUME~1\Dell\APPLIC~1\TERMINAL Studio
2007-06-24 18:07 11,755,520 --a------ C:\WINDOWS\system32\Wild West 3D Screensaver.scr
2007-06-24 15:07 <DIR> d-------- C:\Program Files\PhotoWatermark Professional 7
2007-06-24 15:02 <DIR> d-------- C:\Program Files\Carnival Software
2007-06-24 15:01 <DIR> d-------- C:\DOCUME~1\Dell\APPLIC~1\Carnival Software
2007-06-24 14:51 <DIR> d-------- C:\Program Files\Natura Sound Therapy v2.0
2007-06-24 14:48 <DIR> d-------- C:\Program Files\Forest Lake 3D Screensaver
2007-06-24 14:43 197,120 --a------ C:\WINDOWS\system32\3-D_Serengeti_Safari.scr
2007-06-24 14:43 <DIR> d-------- C:\WINDOWS\system32\3-D_Serengeti_Safari dir
2007-06-24 14:39 2,523,136 --a------ C:\WINDOWS\system32\3DFireworks.scr
2007-06-24 14:39 <DIR> d-------- C:\Program Files\WebAppstogo
2007-06-24 14:37 241,664 --a------ C:\WINDOWS\system32\Cape Hatteras Lighthouse.scr
2007-06-24 14:36 241,664 --a------ C:\WINDOWS\Cape Hatteras Lighthouse.scr
2007-06-24 14:36 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Softdisk LLC
2007-06-24 12:37 <DIR> d-------- C:\Program Files\Common Files\COWON
2007-06-20 13:33 532,480 --a------ C:\WINDOWS\system32\3-D_Ghost_Ship.scr
2007-06-20 13:33 <DIR> d-------- C:\WINDOWS\system32\3-D_Ghost_Ship dir
2007-06-20 13:30 153,088 --a------ C:\WINDOWS\system32\UNRAR3.dll
2007-06-16 19:11 2,106,368 --a------ C:\WINDOWS\radarss.scr
2007-06-16 19:09 2,106,368 --a------ C:\WINDOWS\system32\radarss.scr
2007-06-16 19:09 <DIR> d-------- C:\Program Files\Radar Screensaver


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-07-15 17:42:40 -------- d-----w C:\DOCUME~1\Dell\APPLIC~1\uTorrent
2007-07-15 17:25:54 -------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-07-15 17:25:41 -------- d-----w C:\Program Files\FlashGet
2007-07-13 20:05:46 -------- d-----w C:\Program Files\Weather Watcher
2007-07-13 06:52:04 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item2-7-13-2007_3-45-8_3672642.dnp
2007-07-13 06:51:07 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item2-7-13-2007_3-45-8_8909030.dnp
2007-07-13 06:51:07 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item2-7-13-2007_3-45-8_5446954.dnp
2007-07-13 06:51:07 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item2-7-13-2007_3-45-8_430335.dnp
2007-07-13 06:51:07 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item2-7-13-2007_3-45-8_182715.dnp
2007-07-13 06:51:07 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item2-7-13-2007_3-45-8_1094619.dnp
2007-07-13 06:51:06 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item2-7-13-2007_3-45-8_8491106.dnp
2007-07-13 06:51:06 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item2-7-13-2007_3-45-8_338428.dnp
2007-07-13 06:51:06 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item2-7-13-2007_3-45-8_1706982.dnp
2007-07-13 06:49:48 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item2-7-13-2007_3-45-8_5359716.dnp
2007-07-13 06:47:52 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item2-7-13-2007_3-45-8_8301680.dnp
2007-07-13 06:47:51 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item2-7-13-2007_3-45-8_8886405.dnp
2007-07-13 06:47:51 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item2-7-13-2007_3-45-8_3984932.dnp
2007-07-13 06:47:51 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item2-7-13-2007_3-45-8_2367098.dnp
2007-07-13 06:47:51 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item2-7-13-2007_3-45-8_2242142.dnp
2007-07-13 06:47:50 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item2-7-13-2007_3-45-8_9798824.dnp
2007-07-13 06:47:50 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item2-7-13-2007_3-45-8_1130339.dnp
2007-07-13 06:47:49 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item2-7-13-2007_3-45-8_8430535.dnp
2007-07-11 23:05:59 -------- d-----w C:\DOCUME~1\Dell\APPLIC~1\ATI MMC
2007-07-11 13:43:52 -------- d-----w C:\DOCUME~1\Dell\APPLIC~1\Real
2007-07-11 13:42:31 -------- d-----w C:\Program Files\Common Files\Real
2007-07-11 06:26:05 -------- d-----w C:\Program Files\Norton Internet Security
2007-07-10 19:14:54 -------- d-----w C:\Program Files\SUPERAntiSpyware
2007-07-10 04:46:37 73 ----a-w C:\WINDOWS\system32\ssprs.dll
2007-07-10 04:46:37 205 ----a-w C:\WINDOWS\system32\lsprst7.dll
2007-07-05 07:55:03 -------- d-----w C:\Program Files\XoftSpySE
2007-07-04 04:49:05 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item3-7-4-2007_1-44-14_3114922.dnp
2007-07-04 04:48:18 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item3-7-4-2007_1-44-14_9126149.dnp
2007-07-04 04:48:18 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item3-7-4-2007_1-44-14_7693010.dnp
2007-07-04 04:48:18 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item3-7-4-2007_1-44-14_7234634.dnp
2007-07-04 04:48:18 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item3-7-4-2007_1-44-14_5297240.dnp
2007-07-04 04:48:18 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item3-7-4-2007_1-44-14_5283812.dnp
2007-07-04 04:48:18 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item3-7-4-2007_1-44-14_2701820.dnp
2007-07-04 04:48:18 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item3-7-4-2007_1-44-14_2070685.dnp
2007-07-04 04:48:18 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item3-7-4-2007_1-44-14_1745298.dnp
2007-07-04 04:47:08 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item3-7-4-2007_1-44-14_6962336.dnp
2007-07-04 04:45:41 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item3-7-4-2007_1-44-14_6884999.dnp
2007-07-04 04:45:40 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item3-7-4-2007_1-44-14_716938.dnp
2007-07-04 04:45:40 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item3-7-4-2007_1-44-14_6086646.dnp
2007-07-04 04:45:40 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item3-7-4-2007_1-44-14_3835270.dnp
2007-07-04 04:45:40 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item3-7-4-2007_1-44-14_3751130.dnp
2007-07-04 04:45:40 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item3-7-4-2007_1-44-14_1494708.dnp
2007-07-04 04:45:39 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item3-7-4-2007_1-44-14_9336971.dnp
2007-07-04 04:45:39 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item3-7-4-2007_1-44-14_2992764.dnp
2007-07-03 06:22:21 -------- d-----w C:\Program Files\Starry Night Pro Plus 6
2007-07-03 04:49:58 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-07-03 04:01:18 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item3-7-3-2007_0-56-20_5987970.dnp
2007-07-03 04:00:29 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item3-7-3-2007_0-56-20_7730245.dnp
2007-07-03 04:00:29 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item3-7-3-2007_0-56-20_3044789.dnp
2007-07-03 04:00:29 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item3-7-3-2007_0-56-20_1022807.dnp
2007-07-03 04:00:28 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item3-7-3-2007_0-56-20_9654973.dnp
2007-07-03 04:00:28 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item3-7-3-2007_0-56-20_7832210.dnp
2007-07-03 04:00:28 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item3-7-3-2007_0-56-20_4845474.dnp
2007-07-03 04:00:28 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item3-7-3-2007_0-56-20_444173.dnp
2007-07-03 04:00:28 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item3-7-3-2007_0-56-20_1889346.dnp
2007-07-03 03:59:17 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item3-7-3-2007_0-56-20_7655791.dnp
2007-07-03 03:57:49 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item3-7-3-2007_0-56-20_7318080.dnp
2007-07-03 03:57:49 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item3-7-3-2007_0-56-20_4696700.dnp
2007-07-03 03:57:49 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item3-7-3-2007_0-56-20_1874474.dnp
2007-07-03 03:57:48 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item3-7-3-2007_0-56-20_9136477.dnp
2007-07-03 03:57:48 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item3-7-3-2007_0-56-20_7954858.dnp
2007-07-03 03:57:48 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item3-7-3-2007_0-56-20_7643432.dnp
2007-07-03 03:57:48 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item3-7-3-2007_0-56-20_372465.dnp
2007-07-03 03:57:48 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item3-7-3-2007_0-56-20_1463072.dnp
2007-07-03 03:48:54 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item3-7-3-2007_0-43-56_6718591.dnp
2007-07-03 03:48:04 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item3-7-3-2007_0-43-56_6261425.dnp
2007-07-03 03:48:03 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item3-7-3-2007_0-43-56_9075475.dnp
2007-07-03 03:48:03 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item3-7-3-2007_0-43-56_8306520.dnp
2007-07-03 03:48:03 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item3-7-3-2007_0-43-56_6256320.dnp
2007-07-03 03:48:03 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item3-7-3-2007_0-43-56_3971231.dnp
2007-07-03 03:48:03 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item3-7-3-2007_0-43-56_3166174.dnp
2007-07-03 03:48:03 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item3-7-3-2007_0-43-56_2092381.dnp
2007-07-03 03:48:02 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item3-7-3-2007_0-43-56_9355214.dnp
2007-07-03 03:47:03 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item3-7-3-2007_0-43-56_8208400.dnp
2007-07-03 03:45:30 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item3-7-3-2007_0-43-56_4433864.dnp
2007-07-03 03:45:29 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item3-7-3-2007_0-43-56_3041705.dnp
2007-07-03 03:45:28 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item3-7-3-2007_0-43-56_8804206.dnp
2007-07-03 03:45:28 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item3-7-3-2007_0-43-56_51897.dnp
2007-07-03 03:45:28 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item3-7-3-2007_0-43-56_2547625.dnp
2007-07-03 03:45:27 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item3-7-3-2007_0-43-56_7967900.dnp
2007-07-03 03:45:27 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item3-7-3-2007_0-43-56_703822.dnp
2007-07-03 03:45:27 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item3-7-3-2007_0-43-56_3612644.dnp
2007-07-03 03:34:10 -------- d-----w C:\Program Files\TrojanHunter 4.6
2007-07-01 23:30:48 -------- d-----w C:\Program Files\iTunes
2007-07-01 23:30:41 -------- d-----w C:\Program Files\iPod
2007-07-01 19:33:49 -------- d-----w C:\DOCUME~1\Dell\APPLIC~1\Reallusion
2007-07-01 19:32:27 -------- d-----w C:\Program Files\Reallusion
2007-07-01 19:23:44 -------- d-----w C:\DOCUME~1\Dell\APPLIC~1\Skype
2007-07-01 16:12:40 -------- d-----w C:\Program Files\Webroot
2007-07-01 16:11:49 -------- d-----w C:\DOCUME~1\Dell\APPLIC~1\Webroot
2007-07-01 15:56:45 -------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-06-29 18:48:03 0 ----a-w C:\WINDOWS\system32\drivers\lvuvc.hs
2007-06-29 18:11:03 -------- d-----w C:\Program Files\Common Files\LogiShrd
2007-06-29 18:08:19 -------- d-----w C:\Program Files\Logitech
2007-06-28 17:00:29 -------- d-----w C:\Program Files\eMule
2007-06-28 04:03:09 -------- d-----w C:\DOCUME~1\Dell\APPLIC~1\bibble
2007-02-27 04:33:34 56 --sh--r C:\WINDOWS\system32\9E16596497.sys
2007-03-10 12:49:54 8 --sh--r C:\WINDOWS\system32\D624CD96E0.sys
2007-02-27 22:00:16 88 --sh--r C:\WINDOWS\system32\E096CD24D6.sys
2007-03-10 12:49:54 4,704 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys


(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))


---- Directory of C:\WINDOWS\system32\Systemfiles ----

2007-07-16 00:02 3912 ---h----- C:\WINDOWS\system32\Systemfiles\klog.dat
2004-08-04 00:56 1268049 ---h----- C:\WINDOWS\system32\Systemfiles\taskmgr.exe


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00C6482D-C502-44C8-8409-FCE54AD9C208}]
2007-05-01 11:11 63048 --a------ C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
2006-10-22 23:08 62080 --a------ C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{07A11D74-9D25-4fea-A833-8B0D76A5577A}]
2007-05-18 00:05 71184 -ra------ C:\Program Files\Mindjet\MindManager 7\Mm7InternetExplorer.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
2007-06-08 15:18 976424 --a------ C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2F364306-AA45-47B5-9F9D-39A8B94E7EF7}]
2007-05-16 06:03 94308 --a------ C:\Program Files\FlashGet\jccatch.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4401FDC3-7996-4774-8D2B-C1AE9CD6CC25}]
2000-08-21 12:39 61440 --a------ C:\Program Files\E-Book Systems\FlipAlbum 6 Pro\FpLaunch.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{724d43a9-0d85-11d4-9908-00400523e39a}]
2007-05-27 04:01 5600312 --a------ C:\Program Files\Siber Systems\AI RoboForm\roboform.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
2006-10-27 00:48 2210608 --a------ C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
2007-03-14 03:43 501400 --a------ C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9ECB9560-04F9-4bbc-943D-298DDF1699E1}]
2004-08-30 23:29 103568 --a------ C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
2007-05-10 22:47 321120 --a------ C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BDF3E430-B101-42AD-A544-FADC6B084872}]
2005-10-19 12:54 218736 --a------ C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F156768E-81EF-470C-9057-481BA8380DBA}]
2007-05-16 02:05 163840 --a------ C:\Program Files\FlashGet\getflash.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Logitech Utility"="Logi_MwX.Exe" [2002-11-08 09:50 C:\WINDOWS\LOGI_MWX.EXE]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-22 22:19]
"LTWinModem1"="ltmsg.exe" [2001-04-03 10:38 C:\WINDOWS\system32\ltmsg.exe]
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2007-04-03 21:23]
"MessengerPlus3"="C:\Program Files\MessengerPlus! 3\MsgPlus.exe" [2006-06-25 12:17]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 15:57]
"pdfSaver3"="" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATI Launchpad"="" []
"@"="" []
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 21:05]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{A213B520-C6C2-11d0-AF9D-008029E1027E}"="C:\Program Files\WinFax\WfxSeh32.Dll" [1998-07-27 04:54]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"="C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2006-12-20 13:55]
"{51C55F9E-C308-4c95-89AB-8858D8AFD819}"="C:\Program Files\ParetoLogic\Anti-Spyware\PASShlExt.dll" [2007-03-29 15:08]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll --a------ 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=acaptuser32.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages msv1_0 relog_ap

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\aawservice]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\sdauxservice]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\sdcoreservice]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\WebrootSpySweeperService]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Ati HotKey Poller"=2 (0x2)
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - netsvcs
UxTuneUp


HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7AC5DF9C-0F1C-E2CB-6770-4B2C483A02CD}
C:\WINDOWS\system32\Systemfiles\taskmgr.exe s

Contents of the 'Scheduled Tasks' folder
2007-07-05 09:51:52 C:\WINDOWS\tasks\MP Scheduled Scan.job

**************************************************************************

catchme 0.3.1017 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-16 01:13:02
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

C:\WINDOWS\system32\cmd.exe [10544] 0x8695C2C0


scanning hidden registry entries ...


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\\x90\x2022\x20ac|\xff\xff\xff\xff"\x2022\x20ac|\xf9\x2022\xd4w\2]
"5E7CEC10DF0760D4F8DAFB12FDC06CCD"="02:\Software\Adobe\FeatureSubscriptions\DVAAdobeDocMeta\{01CEC7E5-70FD-4D06-8FAD-BF21DF0CC6DC}\Registered"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System]
"OODEFRAG08.00.00.01WORKSTATION"="9AAD40E93E1F288086C07F482F053764AE2E4E3515C4D3D7D2C4A21552E9CD9F82288A622E219D585AB00116F0E262F6006117B74D3336D37D65ED7123E44BC8E22700358877DEE5B9F033F1248479A7CB1ECCDFDE34FC49B6DF1ED05D4B0827CE8E9618C947A424578C92857605493003B88FE4C5FBAB56CA701A1B678CDBD390241BC6E6D5B8CF9873727A07A3FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C8EDD5E5BE2F6E6675D575E7D6A3B9808A2D97226D213B5559DB7CE019D40AA5C665EB690318AAC5DEDD2B39F2807394FF2BEC4155D016E713F6CA09018B00196024132EB8271C5FCBEF50ADB467B13B692CA26246CA5E8223F5C7FD89FC270750F02F9B12F7FC55B04B90CEC68E197975826CB403FC9904B5121C2DB46871736DBD50E7F7B865615FEF3559858FE1E8B1DE81278C2BF8B1F8330A014408408424BB6A2D7FE5A18ED8840390C349673CBCCED08C23A60F070F6C884DD134349A85360A021A9561E4E0BFBBDD4EDF5563AE7D5ED75BD074FB960E88DFA1C4E54987DD5A4A6B8D66DBF86491AE74A6AFCDA8181BBCF371327178AD591900B3718E9E8DA7F15433F83708C0FBD1CE3C58DD344991DEFE467EE485096952A6314F41749F8B500B0F24EB447F6C9ABA960A4726A886D5B5A6D8DB4A47757B17CFB42BBE17CFDDCBF5D30836F6E93B7DA94D227C3FD42F87D10E0E38D0A437A040B4A9C0EF847087E6C8175D5A725430EBF9B05B66C60978A3FBA0321A0003A7763C99CBD40B1BDD3100CCCDC99BA35AE46F6433B0C43E58EECDEE290D46489ABA87348F0EE1022F73E106A7BFEC759F80D513FDBD71878EC1386F71B82F966C8056D4CBF5EECB9F772BF55BE54EEDE7F808AF73A0EC3495E2C5FDB95488232C8A2D2FA53B3847034284239C35D8C59278DF5910AB25A32EA370ACA6A8C71317E34AFC969D14594E0E232E43F9EADC02928DBD3940CA7F4713A1C2696766C8E8AED8652566156570727204AF76313EE164779AA34262A3627B91EF22BF1D056E688CE53FED08ED084FD8D80C83AB2A44D647D26DBCF937E90C48CDACCAF2D7A5E3FEF2E5DD1FBF9897671C2A2F33505057E0DF98D1C4CB80A675928B62346D011554AE80057DD329A2238F0072779964718BEFD62E2ECB64138E9CD34851291720DAFAD0A9C29BB1015400C8DAF1046F1B8A02E07BD44AC394D95612752BC5B4AAF65C9319D853C976B5B3D62283EE1B6E9B0AA3A8C5633C742AA998549A5AEB48B2530BE1C51BEB140D2CC4476FE9E9ABAE338D273D7459AB7EA55D76EE0F0A1EE1D75929D9BB23337602C07BEFE9278BE22BCB6D834C52D5109943B0B356C5430F0541FE9AAE7C47432EC10EA1FB9FE8B47C563678AF654B5307B612B9ECE6526B42BE88E"
"OOCC06.00.00.01WSSV"="E1B769A20C4E90D88C6ADDBB9518F0C1F21106526CEC5DD57CB902B705BC2A0F49CE25B4C4A9F89BB0A846934EB585584A729F8F4C5697A006D43882574170675B79E56B6D9E5725825C5C43E87EA9943A69CAFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C8EDD5E5BE2F6E667C038D530D6EB3452C038D530D6EB34529DB7CE019D40AA5C1838B9B0BFC33C5326D62353BD1FAE5EFC6F763E2197B40464CED4798F89C4AF92C857767D3B2F9782BE842A6922BD5091AB9EB06743A404784EB485FD97C1A98FD2904CD38CB0D9E3206B9EAC0A25A89820FA7F330FA0171FA8C4C518DB7290BBE9C92AFA2C837653F680DA2D03FC459AD097A3B881B6BD000D15223E56F4A2F988BA0CA0B3FA0E92A63E0B855EEE47D2A9551C9D458336F28F0C094329FDE4E0086B72E45F028314F274DEC293399233F8E9E87E29BB8A86A763EE709E551CBB2ABBDFDC9015FE0105C78C673CAED0DF6F5C90E8202682F931294A8122D8D50993DFDB11CB46EE33EBAFCAE916B37032A58A1CDFC19E2CC5693E14A6C277DEFA4DDCF380BAB9003A97F7D73203C5A1B415A59A5A4993DA1275D84B84B4B6CCF6420FB59A2929A9DA5EC0742288EF59A91C321DC49308A4BC5D83F4B151AD741944A335448961228A797CE308D15651057D87387DA595E2D58A9B94BA1208F330069D8AD76EC4E5F78575EE2CAA2E856F5FD307562564B425CDD2B71F9788A63C22D4D0219348357F84C463478643B844CB18A598DDB5FAA2DA2EEAD4A601B27692F3A861D2F415B6DB5B12087BF1EF9632A8377DBC5DDC7C4709C0C127DBFD483A7835CEAF67CBE3D5FC4E90C12EF228E3AE6034D7404415108F51C2A39334D05CB51E114ED166031EC0F1F6B97D4F7317A54BDFE3DADE7F94C437A84E39C362A0530F45F57AB644C6935844627AD62468602698BC3DA08718FD8F3679EF618294CB37FC1637CE8A46B563F764531F9A5381A169608A3DA941E37EA39B7282EC286C4B3C3EF886ECF339778388497F6C3C83F34FF179B0181CF6291ED30B620FAF5A827E23BF7BB78F06FC4CBBB317E0E73256BEB85437B697863CC4601A018D638A97AD9E200D6A3959E02C91FCC6F4032E861F9FFB552287B8642B2515A13CDF48CA2DACC3E03875C113F23FA332D919EC46C935E24FA4A38855D9A8834A27A5B160D06F685C09AF2409621E3943F19F385B10AC1130C18742C64D1A02470D1ABB9F612ADEADF73437BA2E2DE327596BAA0FB3DCA1C5AEB009F0F4C6BF27DE832BD39D460CC4543407A5820DDE5059B636B06C41C2A2D304D194B5A4023DC58F1C4DB4D1EAD4A1C572497C8477F1F3209E8E6377B91D50C96672664921A11A4FFBDE4CFB075798E1AF2B2E7D10865D2A7E01B9C25C4E742BE4D253"
"OODEFRAG10.00.00.01WORKSTATION"="6081C21B67CB19034E0C7E4BC29E7107A362226B2B43B720E3F9C6D7934E6D1EB4BDA7FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C8EDD5E5BE2F6E667A6171C11EC38DE3D5D575E7D6A3B9808C038D530D6EB3452AE79B5F5B50BCCF927228ECDE0D7CF443A617BB590BE17D2D4D8E50673262389A4799413039B56B275602153B64C77FEAAFAF7C235DDBB5F3E06F7A5A68A68A451CD928F081480F7D44E04471F7F069C33959A6B69ABC0079B810C75302E25BD50455D019E053E9206C057EBEB952EA15FAB11C09980BB2C650E80F4B73E6FB51E0525724591C480B3E13E7997C7E7CAA00C10C6574A83E6F1BC3A94857C1F229F06A1649EEF0EF2E7305E1DBCE0ED84CAD8CE77D609B583817523BA0940D24A98950AC6726DD8D013FBE2751BC13FF1160A09BF7154B18033F5A74153F36A2BB5D29E842B67A6B1866CFA96165F9FE99FE97F7FA3D29B910E4C37779A950C7504B49E7557523E65FAFA580937C11577E697F38D0FC3DA9E7B5EC71F38B7218DF582D16AAA35A96B0BF3B1C92905EBD75204AF32F7761D42C761D06CAA7F558B625900A57C2B367938FBC1473CD832FD2779FCAA48D2D1CD2462508B93299ABB042A78DDC5E278F9E20648E665813C91158F2D278BCF2EC227BF4619B8802720F83A8CBFA620C30A545D8600B9D8216C293691CCF27CA7D94A30372704E9F16C43A09068E23B337B389FC3DD77C9BA1CDAB004B5D4F8FC7EE9392BBC84D9BA89494BDFEB5F1E26D21DBE4A417DD4A8640015DFEDA779ADD049B6AF53E95C8013D57BD6D129C8BC4AF57F695E510ECEBB57CD03F68A4A7CA10BD956D98B8E88D918C55893EDCEDE509B7DF35D189D54CB809A52C5BD47F3FC3A25B13064A35DE2A092482100D5B606C824BF599F41A3F3FD8EB6422660DD1A44EFDBAD8FE0CB66669D12DD579AB0BF9C37A7E358C76C46BA8E994CCA1CCCEAFA68719DD1A1E351457A23A00FEB7F089ACA0A7F5516228982576C325B141212128B123B0ED37C43798BEB33E4AD1A9B29CA49A44DA37B370577A13A287549E625AEE2BA51F8AC91A70A63D5BCD63BED96F24E401E7E720057CFB09C25004B762F790D41C7A753C4548302BB1D715F2210D60230C6C4C7C4711996086B8AB97E14663DE9C30B9098EA57C68B311EC913A8DAD1CB6B2CFE1DAFDD529B38FEF8F218C723413B604AFEB8BCB1E047107F4DD839B25753FCDDD2D37CE66D6DD731FB633FF3C947FAA99B72B94AC8528E4C14FBFE9A126B1270E300285C858DA9CDF485C46879A6BF1B462CAC9849EA74BD5B5110832AC25D0683BDE6BF62C2187FEDEE25BD3BBAAACF0DE1462BD649B0254DFB20EB458D62AF987A931FF35A5C3AA8F40034EB0A48BEAEF00A14DDCD48984704B9587823"
"OODLED02.00.00.02WSSV"="BDE7D745E5AA83E1A438DEAD79FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C8EDD5E5BE2F6E667A6171C11EC38DE3D5D575E7D6A3B9808C038D530D6EB3452455444760141D9ECA25CE77C303A043AB32E8B39A3F446F9C6BCC6151DD30F1AF0B1DE7E0DB5AC764749AEB25537FD47A2FDA448954BB8D2FA88C8110C99B8F9482ADB4C0339E411FB457E234D319F8587D2EE0058CECAD9F316CEA54647D86B03AE812A2233F18B6C7217AE98C922E99F1B43F4CA7D20C99FBF69BCAA599C8D6029BB786ABBA78DC6E3DB4979D82140AA359E51130BBCB46D535155E07E90D7A0F118AAA421BD90BDA1D47B76E59E27EA7821D2985F897B52125E01D01D27100BD9CAC7D8E34E618828ADE1DBB27C9029AD11CA871655D7C8B30FE4A74C36556723AA6B553A59246066B6ABB73184453011579CCFFE51D44BDF853E565A7A1784843143AD8E43CB85C0631E5E06E3DD5054FE44259D12D1DA3707589246901AB42A7E15B77C5124B9104C11E68D294A5C1B3A4D01A89184FCC9FE175545FA78CB32D5360CD6314AC39FACF02B56CACC2D805E591F0C2D723A9EF8EFDABEA01D252F9C138AA370306EB0E53ECAA09EFB9E90631E7EE6A5F81EAF286E26D04B4A1D2A5F2A549A849A08F4798CAAE5E3448ECBE6E4E30E21C6BAE9632F7A4BAA94961C4C0E50AA432563169084EECFB96261282A8958872A602331226562B3CF64757435E728F467BBD731F7E2853B23E9800E8F7EA790AB9DF15A05D72B40B075251713F2C9CF12A1BFD29D771CBC8A4254DA2349E016F729C1AF4BDF645F2A5A935A007CE843466BF8829727A51A3CA5CFDE9003593EC583B46F5DECE4B1F7F730893A68798DEA83E6371CE85ACDE7226460A8D8A9DF2C01EF4B447F440A3E05F2E2253037A0CB28EF5B07CA3586A19C0A17608BAB052BC81AE82CAE61720210539AC7DB1FA0186A7E51D96B742662493DB1D0F1026F2157606269A55B282FF95157CC0E74E8E2AF826B37001BC30834FD5036738F91D6FA7547F0A1191993766CB403773C862533ECF26750722ACFBC4E07F10E7D1273580B19DCF5C3EB608EABBF5DDFC13A3880B42356B882D7DF9336DF0AD336CD8567DCCB6A07C778AD1F97FD74A212F9DB7C552C93A91EFD40C2C2D725686BD37DF325CB7CD156CB75D9BF64003080EE35D9CDB153A85585DE220360110790E7311EA47518E164A595C2345FE08A237749241FCCECCB0007896109DC40FADD81D958A19B675BAB7AD0B10B4D1AC8D2A4063951885D3F3AD1F6046EA84527CFCB94EBE30539F228F2CD555E01D1972FBB384AEDE5C446E268BE5FCD0FDA0026A5E373B7EAFDF41DEC962D4AC2D33519B695DB05D6E4339C01DBA0C751DB8EE5A42C5F6D7BCBBD8D77998D724C0D"
"OODI01.00.00.01PRO"="639D6B522BBE8D252BD6FC3C19D9D97DA0699A46AB8D9EBEACD3374C2E4DF146635419FE81A1C2312A905C629F1784E21C533FD96EBE261F4C5449FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C8EDD5E5BE2F6E667A6171C11EC38DE3DA9C6AECB7A5D1407A6171C11EC38DE3D881DFE9F35605CF5BB3C6C92598343CD7EB9A63B910F1457732427357FD89ABA73EC942273B8F04DA43AC3A90645C232900DCA4038DEB24AD8B4A43B328C38767414624183A7A3A4F8B46DF87B5E263280AC5A1C90F5692015544C47566EBD0BACC7E62704EED2043C3CCF6F0A7D01AD53A7C2A43B9028A9CA303431FD6994600573015399C07D0B389B33D087430F955343D681DCDC02D167A9D7A73F59C8F3A7B47499EAC8CA69784D47B5CB47AC708D784E31A07FAB9097D6162CB48B095584DFEB9D24A202644C809A0833135D59D1F2C082B30E03764C7F3415FE47AA29CDFA72DDF5601156C81824091FA345FCB6142F9BC8938527BD24580C3D4325267B3EF827928608ABC52CBD4CF2EC309F146E7AF4921056D8E5738D8D1AAA921BC89AD21CB18D9B655F09A2B91A530B1608CCE9DB4D74BB5881D444ECBC1FB566343239B38F63A519F6AC778CFD32674B732AA670B62BA18394E0CF4FD63371FC815AC8396C67A2712ECC3FD490D6FA3DFB39C027100C95CEE36566AE9870CC66379F82CB8AF033A96F4EE3F54782A0FD8A5CA9C81D68CCC0F86424D83951F4C021BEC85DB2489C93654F32A81B6D56B44B2C38F22A819BF32492086E75C6383ACDABE434AF2AC815819D5D78853E3E1B30F62516830FFD1A755A77E788340C19900B846CD1C6422776BD79C40B169CFE6F3B91777BBC93F3C4D7B68CB7F287B38039B5F3EB44BAD7BD6600C0AD86DBC37FAEFD2EE6A81ED92BDDF3FAC8CDE6F679446F0ED6BB09C61203CEF5F6948ADE21B8D2A81FE585B60672BC2407858AE39AED0851ECB9A42975B3A63EF4BADA5A5277D727047CD20B7ACC85CF40CCF40EC52D3D2810BE29CA2B4CAECAB566A2D559BABC3E75E6B7E7EBDCA595464DCF1FA32D2F52A0C15906BAD36D9D507A5A02BF869357581384778442D7E47123E4519D4CE16188A81ACE71065291DACCA126D294532F1866327234D43B7E9C5C2675E41CBD3DB35472A85E51AD4F7427B89CA250D65522B55A29AC1C5479A4FEA5EFEBE38E1F1092912D56DAB6D8BCC78752855BDAAFE6CC3CFE62D58A3E6D021DBAE89E0697132A4709F07A848057E0174B930883765CE93BE99073288A5D52E75F57783808B353097F8B3996EDEE97939CAA6155377E425DF7371CDDF05FCE0400F6D79E28ECBB6EE345D84D9E2F86D1716BA3BC51C6FA4EC515A7BED6614C9850CACF13033E04B52082CCEC60483C4687BB3D07FB3B"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher]
"TracesProcessed"=dword:00000697

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-07-16 1:17:15
C:\ComboFix-quarantined-files.txt ... 2007-07-16 01:13

--- E O F ---

[peiraster]

Ried, I just ran a Xoftspy scan and it is reporting that the log.txt file generated by COmbofix in the desktop is a CLogger malware (keylogger), is this a false positive or should I worry?
http://www.paretologic.com/resources...remove=CLogger

[Ried]

Thanks. Let's give him some time to inspect that file. By any chance did you provide a link to this thread when you uploaded that .zip file?

Since that file appears to have been on your system since 2004, I'd suggest proceeding with running Process Explorer, etc.

[peiraster]

What file are you referring to as being in my system since 2004? And what about the log.txt generated by Combofix detected as keylogger? Is it a false positive? And yes, I provided a link to this thread when uploading the zip file.Thanks

[Ried]

Hi, sorry--your previous post went up while I was replying.

This file:

Quote:

2004-08-04 00:56 1268049 ---h----- C:\WINDOWS\system32\Systemfiles\taskmgr.exe

And yes, the combofix.txt log is a false positive by Xoftspy--no worries.