iexplore.exe running each time I reboot/Please help

[peiraster]

Each time I reboot my PC the task "iexplore.exe" is running in the background (without Internet Explorer being open) utilizing over 50% of CPU and forcing me to terminate it from Task Manager.I fully scanned my PC with Norton Internet Security 2005, ESET NOD32, Spyware Doctor, Webroot Spysweeper, SuperAntispyware, Adaware, Spybot and Xoftspy and none of them report any malware. Once ended from Task Manager the task "iexplore.exe" won't reappear and everything goes to normal (no CPU load) unless of course I use Internet Explorer. Also, if I start my PC in safe mode "iexplore.exe" won't show in task manager, so it seems this happens only after rebooting in normal mode.How can I fix this? Thanks.
MY PC: Win XP SP2 with latest patches, running on a P4 3.06Ghz, 2Gb RDRAM, 320Gb EIDE WD

[Ried]

Hello peiraster and welcome,

As noted in our sticky topic (Updated!) IMPORTANT - Read This Before Posting A Log....

Download Deckard's System Scanner (DSS) to your Desktop.

What DSS will do:

• create a new System Restore point in Windows XP and Vista.
• clean your Temporary Files, Downloaded Program Files, and Internet Cache Files, and also empty the Recycle Bin on all drives.
• check some important areas of your system and produce a report for your analyst to review.
• DSS automatically runs HijackThis 1.99.1 for you, but it will also install and place a shortcut to HijackThis on your desktop if you do not already have HijackThis installed. **Allow dss.exe to download HijackThis 1.99.1 when prompted**

Note: You must be logged onto an account with administrator privileges.

1. Close all applications and windows.
2. Double-click on dss.exe to run it, and follow the prompts.
3. When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt <-this one will be minimized
4. Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt in your next reply.
5. Please attach extra.txt to your post.

To attach a file to a new post, simply

1. Click the[Manage Attachments] button under Additional Options > Attach Files on the post composition page, and
2. copy and paste the following into the "Upload File from your Computer" box:

   C:\Deckard\System Scanner\extra.txt
   

3. Click Upload.

Please include the following in your next reply:

main.txt
an attached extra.txt

**Please note this section of the forum is very busy, so please familiarize yourself with the bumping rules found in Step 5 of our sticky topic mentioned above. One of our Analysts will review your log as soon as possible.

[peiraster]

Deckard's System Scanner v20070611.50
Run by Dell on 2007-07-05 at 03:27:55
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

System Restore is disabled; attempting to re-enable...success.


-- Last 1 Restore Point(s) --
1: 2007-07-05 06:27:57 UTC - RP1 - System Checkpoint


Backed up registry hives.

Performed disk cleanup.


-- HijackThis (run as Dell.exe) ------------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 3:34:35 AM, on 7/5/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
C:\Program Files\Photodex\ProShowProducer\ScsiAccess.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\dmadmin.exe
C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\taskswitch.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ltmsg.exe
C:\WINDOWS\DELLMMKB.EXE
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Netropa\OSD.exe
C:\Program Files\PerSono\perstray.exe
C:\PROGRA~1\COMMON~1\Logitech\WebColct\WebColct.exe
C:\Documents and Settings\Dell\Desktop\dss.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\PROGRA~1\HIJACK~1\Dell.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: CmjBrowserHelperObject Object - {07A11D74-9D25-4fea-A833-8B0D76A5577A} - C:\Program Files\Mindjet\MindManager 7\Mm7InternetExplorer.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: FlpLauncher Class - {4401FDC3-7996-4774-8D2B-C1AE9CD6CC25} - C:\Program Files\E-Book Systems\FlipAlbum 6 Pro\FpLaunch.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [LTWinModem1] "ltmsg.exe" 9
O4 - HKLM\..\Run: [DellTouch] C:\WINDOWS\DELLMMKB.EXE
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] "C:\PROGRA~1\SYMNET~1\SNDMon.exe" /Consumer
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] "C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe"
O4 - Global Startup: Perstray.lnk = ?
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: + Offline &Explorer: Download the link - file://C:\Program Files\Offline Explorer Enterprise\Add_UrlO.htm
O8 - Extra context menu item: + Offline E&xplorer: Download the current page - file://C:\Program Files\Offline Explorer Enterprise\Add_AllO.htm
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: Open with Scansoft PDF Converter 3.0 - res://C:\Program Files\ScanSoft\OmniPage15.0\PDFConverter3\IEShellExt.dll /100
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\tv\EXPLBAR.DLL
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIC273~1\Office12\REFIEBAR.DLL
O9 - Extra button: Send to Mindjet MindManager - {941E1A34-C6AF-4baa-A973-224F9C3E04BF} - C:\Program Files\Mindjet\MindManager 7\Mm7InternetExplorer.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: SmartWhois - {FD9DE2B4-C926-4460-81C4-FC58C6F1062E} - C:\Program Files\SmartWhois\swmsie.exe
O9 - Extra button: (no name) - {FF983118-58C7-4AD4-B5A7-691C39CB7B42} - C:\Program Files\SmartWhois\swmsie.exe
O9 - Extra 'Tools' menuitem: SmartWhois - {FF983118-58C7-4AD4-B5A7-691C39CB7B42} - C:\Program Files\SmartWhois\swmsie.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} -
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab.cab
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://80.160.169.182/activex/AMC.cab
O16 - DPF: {E36C5562-C4E0-4220-BCB2-1C671E3A5916} (Seagate SeaTools English Online) - file://F:\tools\en\bin\npseatools.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://201.252.49.249:2000/activex/RACtrl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{81AF0CF3-04A5-4ED3-847B-37D0D5DAE0F9}: NameServer = 200.45.191.35 200.45.191.40
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O18 - Protocol: hddlife - {BD758015-47D9-477A-8873-4B688A2BC0E2} - "C:\Program Files\BinarySense\HDDlife 3\hlAPP.dll" (file missing)
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - AppInit_DLLs: acaptuser32.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS3 - Unknown owner - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe" -win32service (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: BCL easyPDF SDK 5 Loader (bepldr) - Unknown owner - C:\Program Files\Common Files\BCL Technologies\easyPDF 5\bepldr.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: HDDlife HDD Access service - BinarySense, Ltd. - C:\Program Files\BinarySense\HDDlife 3\hldasvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NetLimiter (nlsvc) - Locktime Software - C:\Program Files\NetLimiter 2 Pro\nlsvc.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: PDExchange - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDExchange.exe
O23 - Service: Pml Driver - HP - C:\WINDOWS\system32\HPHipm09.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Engineer 2007.SP1\Win32\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Engineer 2007.SP1\RpcSandraSrv.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShowProducer\ScsiAccess.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Washer AutoComplete (wwSecSvc) - Webroot Software, Inc. - C:\WINDOWS\system32\wwSecure.exe


-- File Associations -----------------------------------------------------------

.js - jsfile - DefaultIcon - "C:\Program Files\Adobe\Adobe Dreamweaver CS3\Dreamweaver.exe",7
.js - jsfile - shell\open\command - "C:\Program Files\Adobe\Adobe Dreamweaver CS3\Dreamweaver.exe","%1"


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 OODrvled - c:\windows\system32\drivers\oodrvled.sys <Not Verified; O&O Software GmbH; O&O DriveLED Pro>
R1 BANTExt (Belarc SMBios Access) - c:\windows\system32\drivers\bantext.sys
R1 cdrblock - c:\windows\system32\drivers\cdrblock.sys <Not Verified; Canopus Co,. Ltd.; Canopus DREngine Liibrary>
R1 cdrbsdrv - c:\windows\system32\drivers\cdrbsdrv.sys <Not Verified; B.H.A Corporation; B's Recorder GOLD>
R1 cdrport - c:\windows\system32\drivers\cdrport.sys <Not Verified; Canopus Co,. Ltd.; Canopus DREngine Liibrary>
R1 PQNTDrv - c:\windows\system32\drivers\pqntdrv.sys <Not Verified; PowerQuest Corporation; PowerQuest product>
R1 SASDIFSV - c:\program files\superantispyware\sasdifsv.sys
R1 SASKUTIL - c:\program files\superantispyware\saskutil.sys
R1 SCDEmu - c:\windows\system32\drivers\scdemu.sys <Not Verified; PowerISO Computing, Inc.; scdemu>
R2 CamthWDM (WebcamMax, WDM Video Capture) - c:\windows\system32\drivers\camthwdm.sys <Not Verified; YewSoft; Cam Theme>
R2 drhard - c:\windows\system32\drivers\drhard.sys <Not Verified; Licensed for Gebhard Software; DRHARD Device Driver for Windows 95/98/ME/NT/2000/2003/XP/XP64>
R3 actser - c:\windows\system32\drivers\actser.sys <Not Verified; Siemens AG; Actser Filter Driver>
R3 pcouffin (VSO Software pcouffin) - c:\windows\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
R3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus(R) ASPI Shell>
R3 tbcspud (Santa Cruz Driver) - c:\windows\system32\drivers\tbcspud.sys <Not Verified; Voyetra Turtle Beach; Turtle Beach WDM Driver>
R3 tbcwdm (Santa Cruz WDM Driver) - c:\windows\system32\drivers\tbcwdm.sys <Not Verified; Voyetra Turtle Beach; Turtle Beach WDM Driver>

S3 SASENUM - c:\program files\superantispyware\sasenum.sys <Not Verified; SuperAdBlocker, Inc.; SuperAntiSpyware>
S3 vaxscsi - c:\windows\system32\drivers\vaxscsi.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 ScsiAccess - c:\program files\photodex\proshowproducer\scsiaccess.exe

S3 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
S3 bepldr (BCL easyPDF SDK 5 Loader) - "c:\program files\common files\bcl technologies\easypdf 5\bepldr.exe" <Not Verified; ; bepldr Module>
S3 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>
S3 HDDlife HDD Access service - "c:\program files\binarysense\hddlife 3\hldasvc.exe" <Not Verified; BinarySense, Ltd.; HDDlife>
S3 nlsvc (NetLimiter) - "c:\program files\netlimiter 2 pro\nlsvc.exe" <Not Verified; Locktime Software; NetLimiter 2 Pro>
S3 ServiceLayer - "c:\program files\pc connectivity solution\servicelayer.exe" <Not Verified; Nokia.; PC Connectivity Solution>
S4 aawservice (Ad-Aware 2007 Service) - "c:\program files\lavasoft\ad-aware 2007\aawservice.exe" <Not Verified; Lavasoft AB; Ad-Aware 2007 Service>
S4 bgsvcgen (B's Recorder GOLD Library General Service) - "c:\windows\system32\bgsvcgen.exe" <Not Verified; B.H.A Corporation; B's Recorder GOLD9>
S4 Bonjour Service (##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##) - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Computer, Inc.; Bonjour>
S4 iPAHelper.exe - c:\program files\ipod access for windows\ipahelper.exe
S4 MSSQL$SONY_MEDIAMGR -
S4 NBService - c:\program files\nero\nero 7\nero backitup\nbservice.exe
S4 ProtexisLicensing - c:\windows\system32\psiservice.exe <Not Verified; ; PSIService>
S4 SQLAgent$SONY_MEDIAMGR -
S4 wfxsvc (WinFax PRO) - c:\windows\system32\wfxsvc.exe <Not Verified; Symantec Corporation; Symantec WinFax PRO>


-- Files created between 2007-06-05 and 2007-07-05 -----------------------------

2007-07-04 20:45:16 0 d-------- C:\Program Files\Spyware Doctor
2007-07-03 14:12:18 280 --a------ C:\WINDOWS\system32\PDBootState
2007-07-02 19:39:04 0 --a------ C:\WINDOWS\system32\SBRC.dat
2007-07-02 19:39:04 0 --a------ C:\WINDOWS\system32\SBFC.dat
2007-07-02 18:57:58 0 d-------- C:\Documents and Settings\Dell\Application Data\Sunbelt Software
2007-07-01 20:30:11 0 d-------- C:\Program Files\Apple Software Update
2007-07-01 20:29:37 0 d-------- C:\Program Files\Common Files\Apple
2007-07-01 20:29:36 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple
2007-07-01 16:32:33 75 -r-hs---- C:\WINDOWS\FFSSET.BIN
2007-07-01 16:29:01 0 d-------- C:\Documents and Settings\Dell\Application Data\PanoramaStudio
2007-07-01 16:28:22 0 d-------- C:\Program Files\PanoramaStudio
2007-07-01 16:21:12 0 d-------- C:\Program Files\Typhoon Software
2007-07-01 16:16:32 0 d-------- C:\Program Files\Collectorz.com
2007-07-01 16:10:26 0 d-------- C:\WINDOWS\system32\QuickTime
2007-07-01 16:08:16 0 d--h----- C:\WINDOWS\system32\Systemfiles
2007-07-01 13:12:47 0 d-------- C:\Documents and Settings\LocalService\Application Data\Webroot
2007-07-01 13:12:40 0 d-------- C:\Documents and Settings\All Users\Application Data\Webroot
2007-07-01 12:57:21 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-06-29 1551 0 d-------- C:\Documents and Settings\All Users\Application Data\LogiShrd
2007-06-28 00:34:07 0 d-------- C:\Program Files\Pando Networks
2007-06-28 00:31:39 0 d-------- C:\Program Files\Common Files\Skype
2007-06-27 19:48:22 3840 --a------ C:\WINDOWS\system32\drivers\BANTExt.sys
2007-06-25 20:24:00 10395648 --a------ C:\WINDOWS\The Spartans 3D Screensaver.scr
2007-06-25 20:20:28 10395648 --a------ C:\WINDOWS\system32\The Spartans 3D Screensaver.scr
2007-06-25 20:20:28 0 d-------- C:\Program Files\The Spartans 3D Screensaver
2007-06-24 18:11:20 0 d-------- C:\Documents and Settings\Dell\Application Data\TERMINAL Studio
2007-06-24 18:07:59 11755520 --a------ C:\WINDOWS\system32\Wild West 3D Screensaver.scr
2007-06-24 15:07:36 0 d-------- C:\Program Files\PhotoWatermark Professional 7
2007-06-24 15:02:09 0 d-------- C:\Program Files\Carnival Software
2007-06-24 15:01:59 0 d-------- C:\Documents and Settings\Dell\Application Data\Carnival Software
2007-06-24 14:51:48 0 d-------- C:\Program Files\Natura Sound Therapy v2.0
2007-06-24 14:48:02 0 d-------- C:\Program Files\Forest Lake 3D Screensaver
2007-06-24 14:43:16 197120 --a------ C:\WINDOWS\system32\3-D_Serengeti_Safari.scr <Not Verified; ScreenTime Media; ScreenTime For Flash>
2007-06-24 14:43:16 0 d-------- C:\WINDOWS\system32\3-D_Serengeti_Safari dir
2007-06-24 14:39:53 2523136 --a------ C:\WINDOWS\system32\3DFireworks.scr <Not Verified; ; 3DFireworks Screensaver>
2007-06-24 14:39:52 0 d-------- C:\Program Files\WebAppstogo
2007-06-24 14:37:17 241664 --a------ C:\WINDOWS\system32\Cape Hatteras Lighthouse.scr
2007-06-24 14:36:30 241664 --a------ C:\WINDOWS\Cape Hatteras Lighthouse.scr
2007-06-24 14:36:30 0 d-------- C:\Documents and Settings\All Users\Application Data\Softdisk LLC
2007-06-24 12:37:15 0 d-------- C:\Program Files\Common Files\COWON
2007-06-20 13:33:30 532480 --a------ C:\WINDOWS\system32\3-D_Ghost_Ship.scr <Not Verified; ScreenTime Media; ScreenTime For Flash>
2007-06-20 13:33:30 0 d-------- C:\WINDOWS\system32\3-D_Ghost_Ship dir
2007-06-20 13:30:45 153088 --a------ C:\WINDOWS\system32\UNRAR3.dll
2007-06-16 19:11:27 2106368 --a------ C:\WINDOWS\radarss.scr <Not Verified; Xander Zerge; Radar Screensaver>
2007-06-16 19:09:43 2106368 --a------ C:\WINDOWS\system32\radarss.scr <Not Verified; Xander Zerge; Radar Screensaver>
2007-06-16 19:09:43 0 d-------- C:\Program Files\Radar Screensaver
2007-06-13 12:20:05 3344422 --a------ C:\WINDOWS\system32\SimAQUARIUM2 Tank-2.scr <Not Verified; Digital Illusions Software; d3Demo Maker>
2007-06-13 12:20:05 925696 --a------ C:\WINDOWS\system32\Flight Simulator Screensaver.scr
2007-06-13 12:20:05 8990720 --a------ C:\WINDOWS\system32\FascinatingAntarctica.scr <Not Verified; Anders und Seim Neue Medien AG; Faszination Antarktis>
2007-06-13 12:20:05 2243072 --a------ C:\WINDOWS\system32\Fantastic Flame Screensaver.scr <Not Verified; Laconic Software; Fantastic Flame Screensaver>
2007-06-13 12:20:05 102400 --a------ C:\WINDOWS\system32\EarthView.scr
2007-06-13 12:20:05 94208 --a------ C:\WINDOWS\system32\Dream Aquarium.scr
2007-06-13 12:20:05 208896 --a------ C:\WINDOWS\system32\boinc.scr <Not Verified; Space Sciences Laboratory; BOINC Core Client>
2007-06-13 12:20:05 1032192 --a------ C:\WINDOWS\system32\AquaReal.scr
2007-06-13 12:20:05 585728 --a------ C:\WINDOWS\system32\3D Sea Aquarium.scr
2007-06-13 12:20:04 771584 --a------ C:\WINDOWS\system32\Water_Illusion.scr <Not Verified; Nufsoft; Water Illusion Screensaver Creator Professional>
2007-06-13 12:20:04 3305472 --a------ C:\WINDOWS\system32\3D Fish School 3.scr
2007-06-10 07:55:35 0 d-------- C:\Program Files\BT Engine
2007-06-07 06:39:20 0 d-------- C:\Program Files\MediaInfo
2007-06-05 05:50:29 0 d-------- C:\Downloaded Videos


-- Find3M Report ---------------------------------------------------------------

2007-07-05 03:34:23 0 d-------- C:\Program Files\Common Files\Symantec Shared
2007-07-05 02:29:36 0 --a------ C:\WINDOWS\TempFile
2007-07-05 02:27:46 0 d-------- C:\Documents and Settings\Dell\Application Data\uTorrent
2007-07-04 22:18:56 0 d-------- C:\Program Files\SUPERAntiSpyware
2007-07-04 01:49:05 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item3-7-4-2007_1-44-14_3114922.dnp
2007-07-04 01:48:18 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item3-7-4-2007_1-44-14_9126149.dnp
2007-07-04 01:48:18 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item3-7-4-2007_1-44-14_7693010.dnp
2007-07-04 01:48:18 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item3-7-4-2007_1-44-14_7234634.dnp
2007-07-04 01:48:18 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item3-7-4-2007_1-44-14_5297240.dnp
2007-07-04 01:48:18 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item3-7-4-2007_1-44-14_5283812.dnp
2007-07-04 01:48:18 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item3-7-4-2007_1-44-14_2701820.dnp
2007-07-04 01:48:18 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item3-7-4-2007_1-44-14_2070685.dnp
2007-07-04 01:48:18 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item3-7-4-2007_1-44-14_1745298.dnp
2007-07-04 01:47:08 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item3-7-4-2007_1-44-14_6962336.dnp
2007-07-04 01:45:41 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item3-7-4-2007_1-44-14_6884999.dnp
2007-07-04 01:45:40 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item3-7-4-2007_1-44-14_716938.dnp
2007-07-04 01:45:40 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item3-7-4-2007_1-44-14_6086646.dnp
2007-07-04 01:45:40 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item3-7-4-2007_1-44-14_3835270.dnp
2007-07-04 01:45:40 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item3-7-4-2007_1-44-14_3751130.dnp
2007-07-04 01:45:40 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item3-7-4-2007_1-44-14_1494708.dnp
2007-07-04 01:45:39 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item3-7-4-2007_1-44-14_9336971.dnp
2007-07-04 01:45:39 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item3-7-4-2007_1-44-14_2992764.dnp
2007-07-03 03:22:21 0 d-------- C:\Program Files\Starry Night Pro Plus 6
2007-07-03 01:49:58 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-07-03 01:41:24 0 d-------- C:\Program Files\Java
2007-07-03 01:01:18 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item3-7-3-2007_0-56-20_5987970.dnp
2007-07-03 01:00:29 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item3-7-3-2007_0-56-20_7730245.dnp
2007-07-03 01:00:29 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item3-7-3-2007_0-56-20_3044789.dnp
2007-07-03 01:00:29 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item3-7-3-2007_0-56-20_1022807.dnp
2007-07-03 01:00:28 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item3-7-3-2007_0-56-20_9654973.dnp
2007-07-03 01:00:28 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item3-7-3-2007_0-56-20_7832210.dnp
2007-07-03 01:00:28 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item3-7-3-2007_0-56-20_4845474.dnp
2007-07-03 01:00:28 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item3-7-3-2007_0-56-20_444173.dnp
2007-07-03 01:00:28 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item3-7-3-2007_0-56-20_1889346.dnp
2007-07-03 00:59:17 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item3-7-3-2007_0-56-20_7655791.dnp
2007-07-03 00:57:49 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item3-7-3-2007_0-56-20_7318080.dnp
2007-07-03 00:57:49 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item3-7-3-2007_0-56-20_4696700.dnp
2007-07-03 00:57:49 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item3-7-3-2007_0-56-20_1874474.dnp
2007-07-03 00:57:48 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item3-7-3-2007_0-56-20_9136477.dnp
2007-07-03 00:57:48 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item3-7-3-2007_0-56-20_7954858.dnp
2007-07-03 00:57:48 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item3-7-3-2007_0-56-20_7643432.dnp
2007-07-03 00:57:48 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item3-7-3-2007_0-56-20_372465.dnp
2007-07-03 00:57:48 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item3-7-3-2007_0-56-20_1463072.dnp
2007-07-03 00:48:54 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item3-7-3-2007_0-43-56_6718591.dnp
2007-07-03 00:48:04 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item3-7-3-2007_0-43-56_6261425.dnp
2007-07-03 00:48:03 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item3-7-3-2007_0-43-56_9075475.dnp
2007-07-03 00:48:03 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item3-7-3-2007_0-43-56_8306520.dnp
2007-07-03 00:48:03 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item3-7-3-2007_0-43-56_6256320.dnp
2007-07-03 00:48:03 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item3-7-3-2007_0-43-56_3971231.dnp
2007-07-03 00:48:03 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item3-7-3-2007_0-43-56_3166174.dnp
2007-07-03 00:48:03 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item3-7-3-2007_0-43-56_2092381.dnp
2007-07-03 00:48:02 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item3-7-3-2007_0-43-56_9355214.dnp
2007-07-03 00:47:03 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item3-7-3-2007_0-43-56_8208400.dnp
2007-07-03 00:45:30 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item3-7-3-2007_0-43-56_4433864.dnp
2007-07-03 00:45:29 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item3-7-3-2007_0-43-56_3041705.dnp
2007-07-03 00:45:28 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item3-7-3-2007_0-43-56_8804206.dnp
2007-07-03 00:45:28 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item3-7-3-2007_0-43-56_51897.dnp
2007-07-03 00:45:28 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item3-7-3-2007_0-43-56_2547625.dnp
2007-07-03 00:45:27 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item3-7-3-2007_0-43-56_7967900.dnp
2007-07-03 00:45:27 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item3-7-3-2007_0-43-56_703822.dnp
2007-07-03 00:45:27 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item3-7-3-2007_0-43-56_3612644.dnp
2007-07-03 00:34:10 0 d-------- C:\Program Files\TrojanHunter 4.6
2007-07-02 23:39:03 0 d-------- C:\Program Files\Norton Internet Security
2007-07-02 19:37:17 0 d-------- C:\Program Files\FlashGet
2007-07-02 17:47:34 0 d-------- C:\Program Files\Weather Watcher
2007-07-02 12:01:44 0 d-------- C:\Documents and Settings\Dell\Application Data\ATI MMC
2007-07-01 20:30:48 0 d-------- C:\Program Files\iTunes
2007-07-01 20:30:41 0 d-------- C:\Program Files\iPod
2007-07-01 16:33:49 0 d-------- C:\Documents and Settings\Dell\Application Data\Reallusion
2007-07-01 16:32:27 0 d-------- C:\Program Files\Reallusion
2007-07-01 16:23:44 0 d-------- C:\Documents and Settings\Dell\Application Data\Skype
2007-07-01 13:12:40 0 d-------- C:\Program Files\Webroot
2007-07-01 13:11:49 0 d-------- C:\Documents and Settings\Dell\Application Data\Webroot
2007-07-01 12:56:45 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-06-29 15:11:03 0 d-------- C:\Program Files\Common Files\LogiShrd
2007-06-29 15:08:19 0 d-------- C:\Program Files\Logitech
2007-06-28 14:00:29 0 d-------- C:\Program Files\eMule
2007-06-28 01:03:09 0 d-------- C:\Documents and Settings\Dell\Application Data\bibble
2007-06-28 00:49:25 0 d-------- C:\Program Files\XoftSpySE
2007-06-28 00:31:41 0 d-------- C:\Program Files\Skype
2007-06-27 13:20:00 0 d-------- C:\Documents and Settings\Dell\Application Data\Vso
2007-06-26 04:43:40 0 d-------- C:\Program Files\VSO
2007-06-26 04:00:50 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item3-6-26-2007_3-56-55_5866665.dnp
2007-06-26 04:00:08 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item3-6-26-2007_3-56-55_9303890.dnp
2007-06-26 04:00:08 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item3-6-26-2007_3-56-55_8209266.dnp
2007-06-26 04:00:08 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item3-6-26-2007_3-56-55_7675200.dnp
2007-06-26 04:00:08 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item3-6-26-2007_3-56-55_5157048.dnp
2007-06-26 04:00:08 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item3-6-26-2007_3-56-55_3847752.dnp
2007-06-26 04:00:08 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item3-6-26-2007_3-56-55_2351388.dnp
2007-06-26 04:00:08 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item3-6-26-2007_3-56-55_2023180.dnp
2007-06-26 04:00:08 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item3-6-26-2007_3-56-55_1570116.dnp
2007-06-26 03:59:10 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item3-6-26-2007_3-56-55_6512240.dnp
2007-06-26 03:58:02 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item3-6-26-2007_3-56-55_2481705.dnp
2007-06-26 03:58:01 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item3-6-26-2007_3-56-55_943943.dnp
2007-06-26 03:58:01 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item3-6-26-2007_3-56-55_912820.dnp
2007-06-26 03:58:01 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item3-6-26-2007_3-56-55_8254730.dnp
2007-06-26 03:58:01 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item3-6-26-2007_3-56-55_6727492.dnp
2007-06-26 03:58:01 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item3-6-26-2007_3-56-55_5109243.dnp
2007-06-26 03:58:01 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item3-6-26-2007_3-56-55_3726348.dnp
2007-06-26 03:58:01 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item3-6-26-2007_3-56-55_1622352.dnp
2007-06-26 03:48:41 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item3-6-26-2007_3-43-39_9897126.dnp
2007-06-26 03:47:59 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item3-6-26-2007_3-43-39_3586912.dnp
2007-06-26 03:47:58 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item3-6-26-2007_3-43-39_8731059.dnp
2007-06-26 03:47:58 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item3-6-26-2007_3-43-39_6614016.dnp
2007-06-26 03:47:57 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item3-6-26-2007_3-43-39_6366146.dnp
2007-06-26 03:47:57 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item3-6-26-2007_3-43-39_4942402.dnp
2007-06-26 03:47:57 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item3-6-26-2007_3-43-39_462903.dnp
2007-06-26 03:47:56 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item3-6-26-2007_3-43-39_9275399.dnp
2007-06-26 03:47:56 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item3-6-26-2007_3-43-39_4470680.dnp
2007-06-26 03:46:31 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item3-6-26-2007_3-43-39_5456153.dnp
2007-06-26 03:45:17 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item3-6-26-2007_3-43-39_2115503.dnp
2007-06-26 03:45:16 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item3-6-26-2007_3-43-39_3249034.dnp
2007-06-26 03:45:16 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item3-6-26-2007_3-43-39_2541063.dnp
2007-06-26 03:45:15 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item3-6-26-2007_3-43-39_9091625.dnp
2007-06-26 03:45:15 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item3-6-26-2007_3-43-39_8829779.dnp
2007-06-26 03:45:14 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item3-6-26-2007_3-43-39_8138540.dnp
2007-06-26 03:45:14 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item3-6-26-2007_3-43-39_7149102.dnp
2007-06-26 03:45:14 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item3-6-26-2007_3-43-39_5086520.dnp
2007-06-26 03:37:55 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item3-6-26-2007_3-31-3_9085095.dnp
2007-06-26 03:37:15 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item3-6-26-2007_3-31-3_4053237.dnp
2007-06-26 03:37:14 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item3-6-26-2007_3-31-3_838151.dnp
2007-06-26 03:37:14 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item3-6-26-2007_3-31-3_3890619.dnp
2007-06-26 03:37:13 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item3-6-26-2007_3-31-3_9728362.dnp
2007-06-26 03:37:13 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item3-6-26-2007_3-31-3_8610268.dnp
2007-06-26 03:37:12 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item3-6-26-2007_3-31-3_6333744.dnp
2007-06-26 03:37:12 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item3-6-26-2007_3-31-3_491286.dnp
2007-06-26 03:37:12 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item3-6-26-2007_3-31-3_4892604.dnp
2007-06-26 03:35:44 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item3-6-26-2007_3-31-3_3292550.dnp
2007-06-26 03:33:57 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item3-6-26-2007_3-31-3_3148269.dnp
2007-06-26 03:33:53 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item3-6-26-2007_3-31-3_2560306.dnp
2007-06-26 03:33:51 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item3-6-26-2007_3-31-3_9145037.dnp
2007-06-26 03:33:49 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item3-6-26-2007_3-31-3_7470700.dnp
2007-06-26 03:33:48 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item3-6-26-2007_3-31-3_9089364.dnp
2007-06-26 03:33:46 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item3-6-26-2007_3-31-3_7431709.dnp
2007-06-26 03:33:46 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item3-6-26-2007_3-31-3_6742760.dnp
2007-06-26 03:33:45 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item3-6-26-2007_3-31-3_5521636.dnp
2007-06-26 00:57:51 0 d-------- C:\Program Files\Xilisoft
2007-06-25 02:11:41 0 d-------- C:\Program Files\Intel Corporation
2007-06-24 18:16:22 0 d-------- C:\Program Files\Fantastic Flame Screensaver
2007-06-24 18:07:59 0 d-------- C:\Program Files\Astro Gemini Software
2007-06-24 15:05:28 1031 --a------ C:\Program Files\CaricatureStudio.exe (2).lnk
2007-06-24 15:02:10 1031 --a------ C:\Program Files\CaricatureStudio.exe.lnk
2007-06-24 12:54:50 0 d-------- C:\Documents and Settings\Dell\Application Data\dvdcss
2007-06-24 12:37:25 0 d-------- C:\Program Files\JetAudio
2007-06-23 19:42:28 0 d-------- C:\Program Files\FolderSizes
2007-06-19 09:32:11 0 d-------- C:\Documents and Settings\Dell\Application Data\Apple Computer
2007-06-18 09:20:52 0 d-------- C:\Program Files\Macro Express3
2007-06-15 11:01:49 0 d-------- C:\Program Files\Total Training
2007-06-15 07:01:42 0 d-------- C:\Program Files\Lavasoft
2007-06-15 07:00:39 0 d-------- C:\Documents and Settings\Dell\Application Data\Lavasoft
2007-06-12 23:04:44 0 d-------- C:\Program Files\Microsoft SQL Server
2007-06-09 21:39:29 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item3-6-9-2007_21-33-19_3607296.dnp
2007-06-09 21:38:29 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item3-6-9-2007_21-33-19_5445452.dnp
2007-06-09 21:38:28 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item3-6-9-2007_21-33-19_9214639.dnp
2007-06-09 21:38:28 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item3-6-9-2007_21-33-19_5398013.dnp
2007-06-09 21:38:28 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item3-6-9-2007_21-33-19_4266357.dnp
2007-06-09 21:38:27 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item3-6-9-2007_21-33-19_7173934.dnp
2007-06-09 21:38:26 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item3-6-9-2007_21-33-19_9222855.dnp
2007-06-09 21:38:26 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item3-6-9-2007_21-33-19_7988652.dnp
2007-06-09 21:38:26 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item3-6-9-2007_21-33-19_1209674.dnp
2007-06-09 21:36:53 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item3-6-9-2007_21-33-19_8465607.dnp
2007-06-09 21:35:06 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item3-6-9-2007_21-33-19_4750164.dnp
2007-06-09 21:35:05 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item3-6-9-2007_21-33-19_5601399.dnp
2007-06-09 21:35:05 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item3-6-9-2007_21-33-19_496774.dnp
2007-06-09 21:35:04 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item3-6-9-2007_21-33-19_7773749.dnp
2007-06-09 21:35:03 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item3-6-9-2007_21-33-19_4600078.dnp
2007-06-09 21:35:03 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item3-6-9-2007_21-33-19_338372.dnp
2007-06-09 21:35:02 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item3-6-9-2007_21-33-19_1969767.dnp
2007-06-09 21:35:02 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item3-6-9-2007_21-33-19_1134284.dnp
2007-06-07 06:59:07 0 d-------- C:\Program Files\Tweak-XP Pro 4
2007-06-04 19:53:24 0 d-------- C:\Program Files\Framing Studio
2007-06-04 19:51:40 0 d-------- C:\Program Files\HDD Regenerator
2007-06-04 19:42:15 0 d-------- C:\Program Files\Venus 3D Space Survey Screensaver
2007-06-04 19:35:11 0 d-------- C:\Program Files\EarthView
2007-06-04 19:35:10 0 d-------- C:\Documents and Settings\Dell\Application Data\DeskSoft
2007-06-04 19:34:23 102400 --a------ C:\WINDOWS\EarthView.scr
2007-06-04 19:27:21 0 d-------- C:\Documents and Settings\Dell\Application Data\JAM Software
2007-06-04 19:26:26 0 d-------- C:\Program Files\JAM Software
2007-06-04 19:24:31 0 d-------- C:\Program Files\Wondershare
2007-06-04 06:09:16 0 d-------- C:\Program Files\Photozoom Pro
2007-06-04 06:04:45 0 d-------- C:\Program Files\AnMing
2007-06-04 06:02:09 0 d-------- C:\Program Files\Nova Development
2007-06-04 05:49:00 0 d-------- C:\Program Files\Mindjet
2007-06-04 05:41:46 100 --a------ C:\WINDOWS\system32\prsgrc.dll
2007-06-04 05:41:46 204 --a------ C:\WINDOWS\system32\c546nfu.dll
2007-06-04 05:41:46 0 d-------- C:\Program Files\SYSTAT 12
2007-06-04 05:40:11 1025 --a------ C:\WINDOWS\system32\uroriee.dll
2007-06-04 05:40:10 1025 --a------ C:\WINDOWS\system32\grcauth2.dll
2007-06-04 05:40:10 1025 --a------ C:\WINDOWS\system32\grcauth1.dll
2007-06-04 05:33:26 0 d-------- C:\Program Files\Aptika
2007-06-04 05:30:56 0 d-------- C:\Program Files\webcamXP
2007-06-04 05:25:14 0 d-------- C:\Documents and Settings\Dell\Application Data\SoundSpectrum
2007-06-04 05:21:47 0 d-------- C:\Program Files\SoundSpectrum
2007-06-03 23:22:44 1257520 --a------ C:\WINDOWS\system32\Venus_3D_Space_Survey_Screensaver.scr
2007-06-03 02:58:57 501760 --a------ C:\WINDOWS\system32\Deutz Engine.scr
2007-06-03 02:58:57 501760 --a------ C:\WINDOWS\system32\Deutz Engine.exe
2007-06-02 14:18:01 0 d-------- C:\Program Files\Orion Studios HD
2007-06-02 14:00:50 62 --a------ C:\Documents and Settings\Dell\Application Data\Printer.ini
2007-06-01 07:16:15 0 d-------- C:\Documents and Settings\Dell\Application Data\HTNetMeter
2007-06-01 07:15:45 0 d-------- C:\Program Files\HooTech
2007-06-01 07:14:04 0 d-------- C:\Program Files\LG Software Innovations
2007-06-01 07:01:56 0 d-------- C:\Program Files\MP3Resizer
2007-06-01 06:59:02 0 d-------- C:\Program Files\SmartWhois
2007-06-01 06:55:43 0 d-------- C:\Program Files\Picture Merge Genius
2007-06-01 06:52:54 0 d-------- C:\Program Files\OO Software
2007-06-01 06:44:26 0 d-------- C:\Program Files\DVDFab Platinum 3
2007-05-31 10:19:18 0 d-------- C:\Program Files\GrandBackup Ultimate
2007-05-30 01:09:23 0 d-------- C:\Program Files\Easiestutils
2007-05-30 01:05:52 0 d-------- C:\Program Files\3D Sea Aquarium
2007-05-30 00:58:56 0 d-------- C:\Program Files\BinarySense
2007-05-30 00:51:39 0 d-------- C:\Program Files\LEDSET
2007-05-30 00:13:26 0 d-------- C:\Program Files\ParetoLogic
2007-05-30 00:13:25 0 d-------- C:\Program Files\Common Files\ParetoLogic
2007-05-30 00:11:58 0 d-------- C:\Documents and Settings\Dell\Application Data\WinRAR
2007-05-29 01:31:50 0 d-------- C:\Program Files\DVD-RB PRO
2007-05-29 01:30:20 34308 --a------ C:\WINDOWS\system32\Chip.dll
2007-05-29 01:28:34 0 d-------- C:\Program Files\AviSynth 2.5
2007-05-29 01:21:44 0 d-------- C:\Program Files\Real
2007-05-29 01:10:46 0 d-------- C:\Program Files\NetLimiter 2 Pro
2007-05-29 0140 0 d-------- C:\Program Files\ICQ
2007-05-29 00:28:46 0 d-------- C:\Program Files\DVD Audio Extractor
2007-05-29 00:23:27 0 d-------- C:\Program Files\Photo to Color Sketch
2007-05-29 00:21:38 0 d-------- C:\Program Files\STOIK
2007-05-29 00:14:20 0 d-------- C:\Program Files\Tracker Software
2007-05-28 18:09:11 0 d-------- C:\Program Files\ACA
2007-05-28 17:25:27 0 d-------- C:\Documents and Settings\Dell\Application Data\ICQ
2007-05-28 17:25:18 457 --a------ C:\Program Files\INSTALL.LOG
2007-05-28 14:58:13 0 d-------- C:\Program Files\WebcamMax
2007-05-27 22:54:58 0 d-------- C:\Program Files\Easy GIF Animator
2007-05-27 06:13:51 817664 ---h----- C:\WINDOWS\system32\wodfamoh.dll <Not Verified; Abrosoft; FantaMorph>
2007-05-27 04:01:41 0 d-------- C:\Program Files\Siber Systems
2007-05-27 03:58:16 0 d-------- C:\Documents and Settings\Dell\Application Data\GlobalSCAPE
2007-05-27 03:58:11 0 d-------- C:\Program Files\GlobalSCAPE
2007-05-27 03:54:42 0 d-------- C:\Program Files\Imagenomic
2007-05-27 03:49:46 0 d-------- C:\Program Files\Tuning Car Studio
2007-05-27 03:37:47 0 d-------- C:\Program Files\Smarty Uninstaller Pro
2007-05-27 03:33:05 0 d-------- C:\Program Files\Sony
2007-05-27 03:14:58 0 d-------- C:\Program Files\******
2007-05-27 03:11:39 2976 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpoweramp WavPack Codec.dat
2007-05-27 03:11:32 2999 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpoweramp Ogg Vorbis Codec.dat
2007-05-27 03:11:25 3087 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpoweramp mp3 (Fraunhofer IIS) Codec.dat
2007-05-27 03:11:17 3076 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpoweramp Monkeys Audio Codec.dat
2007-05-27 03:11:10 2920 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpoweramp FLAC Codec.dat
2007-05-27 03:11:04 3494 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpoweramp Mp2 and BwfMp2 codec.dat
2007-05-27 03:11:03 2814 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpoweramp [Calculate Audio CRC] Codec.dat
2007-05-27 03:11:02 14189 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpoweramp Music Converter.dat
2007-05-27 03:11:00 0 d-------- C:\Program Files\Illustrate
2007-05-27 03:08:47 0 d-------- C:\Program Files\GetData
2007-05-27 02:56:57 0 d-------- C:\Program Files\Common Files\Scanner
2007-05-27 02:56:48 0 d-------- C:\Program Files\CA
2007-05-27 02:51:09 0 d-------- C:\Program Files\RAXCO
2007-05-27 02:51:09 0 d-------- C:\Program Files\Common Files\Raxco
2007-05-27 02:45:32 0 d-------- C:\Program Files\Common Files\Ahead
2007-05-27 02:44:59 0 d-------- C:\Program Files\Windows Sidebar
2007-05-26 15:29:51 0 d-------- C:\Documents and Settings\Dell\Application Data\TrojanHunter
2007-05-25 14:48:06 10477568 --a------ C:\WINDOWS\system32\3D Titanic Screensaver.scr
2007-05-24 17:22:15 0 d-------- C:\Program Files\YPOPs
2007-05-24 05:46:22 0 d-------- C:\Documents and Settings\Dell\Application Data\vlc
2007-05-24 03:18:51 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item3-5-24-2007_3-9-59_4353978.dnp
2007-05-24 03:17:39 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item3-5-24-2007_3-9-59_8419733.dnp
2007-05-24 03:17:39 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item3-5-24-2007_3-9-59_2923509.dnp
2007-05-24 03:17:38 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item3-5-24-2007_3-9-59_8830869.dnp
2007-05-24 03:17:38 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item3-5-24-2007_3-9-59_5163250.dnp
2007-05-24 03:17:38 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item3-5-24-2007_3-9-59_2172696.dnp
2007-05-24 03:15:31 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item3-5-24-2007_3-9-59_9561314.dnp
2007-05-24 03:12:49 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item3-5-24-2007_3-9-59_9076605.dnp
2007-05-24 03:12:49 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item3-5-24-2007_3-9-59_1225859.dnp
2007-05-24 03:12:48 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item3-5-24-2007_3-9-59_7951440.dnp
2007-05-24 03:12:48 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item3-5-24-2007_3-9-59_6353175.dnp
2007-05-24 03:12:47 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item3-5-24-2007_3-9-59_3615893.dnp
2007-05-24 02:51:46 925696 --a------ C:\WINDOWS\Flight Simulator Screensaver.scr
2007-05-24 02:51:46 0 d-------- C:\Program Files\Longgame
2007-05-23 17:50:14 0 d-------- C:\Documents and Settings\Dell\Application Data\EBookSys
2007-05-22 05:44:26 0 d-------- C:\Documents and Settings\Dell\Application Data\Canopus
2007-05-22 05:03:44 0 d-------- C:\Program Files\Google
2007-05-22 01:43:21 0 d-------- C:\Program Files\Advanced Spyware Remover Pro
2007-05-22 00:08:54 0 d-------- C:\Program Files\Living Dolphins 3D Screensaver
2007-05-21 20:28:34 298104 --a------ C:\WINDOWS\system32\imon.dll <Not Verified; Eset; NOD32 Antivirus System>
2007-05-21 20:24:00 0 d-------- C:\Program Files\Canopus
2007-05-21 19:32:21 0 d-------- C:\Program Files\MXSkypeRec
2007-05-21 19:26:30 0 d-------- C:\Program Files\Paragon Software
2007-05-21 19:23:32 0 d-------- C:\Program Files\Infinisys
2007-05-21 19:21:00 0 d-------- C:\Program Files\Mediamatics
2007-05-21 19:17:29 0 d-------- C:\Program Files\HT MPEG Encoder 7.0 ProAuthor
2007-05-21 19:16:09 5 --a------ C:\WINDOWS\system32\SySCut.dat
2007-05-21 19:15:33 0 d-------- C:\Program Files\SuperAudiotool
2007-05-21 19:15:26 3082 --a------ C:\WINDOWS\system32\affv11300p2now.sys
2007-05-21 19:12:53 0 d-------- C:\Program Files\HT MPEG Encoder 6.0
2007-05-21 19:10:46 0 d-------- C:\Program Files\CopyPod
2007-05-21 19:04:45 0 d-------- C:\Documents and Settings\Dell\Application Data\GPSoftware
2007-05-21 19:03:37 0 d-------- C:\Program Files\GPSoftware
2007-05-21 18:58:10 0 d-------- C:\Program Files\Common Files\Canopus Shared
2007-05-21 18:49:33 0 d-------- C:\Program Files\Driver-Soft
2007-05-21 18:47:05 0 d-------- C:\Program Files\FACES
2007-05-21 18:46:27 0 d-------- C:\Documents and Settings\Dell\Application Data\Faces
2007-05-21 18:45:05 0 d-------- C:\Program Files\Focus Magic
2007-05-21 18:44:04 0 d-------- C:\Program Files\AV Vcs 5.0 DIAMOND
2007-05-21 18:30:47 0 d-------- C:\Documents and Settings\Dell\Application Data\LightZone
2007-05-21 18:29:13 0 d-------- C:\Program Files\LightZone
2007-05-21 18:29:13 0 d-------- C:\Program Files\Common Files\eSellerate
2007-05-21 18:00:30 0 d-------- C:\Program Files\Common Files\BCL Technologies
2007-05-21 18:00:15 0 d-------- C:\Program Files\Nitro PDF
2007-05-21 17:54:27 287 --a------ C:\Documents and Settings\Dell\Application Data\iPod Access v4 Prefs
2007-05-21 17:54:03 48 --ah----- C:\Documents and Settings\Dell\Application Data\iPodAccessv4_OwnerName
2007-05-21 17:52:47 11 --ah----- C:\Documents and Settings\Dell\Application Data\iPodAccess_Time
2007-05-21 17:52:43 0 d-------- C:\Program Files\iPod Access for Windows
2007-05-21 17:44:25 0 d-------- C:\Program Files\CyberLink
2007-05-21 17:35:02 34 --a------ C:\Documents and Settings\Dell\Application Data\pcouffin.log
2007-05-21 17:34:31 47360 --a------ C:\Documents and Settings\Dell\Application Data\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
2007-05-21 17:34:31 1144 --a------ C:\Documents and Settings\Dell\Application Data\pcouffin.inf
2007-05-21 17:34:31 7887 --a------ C:\Documents and Settings\Dell\Application Data\pcouffin.cat
2007-05-21 17:32:36 0 d-------- C:\Program Files\Winamp
2007-05-21 17:23:35 0 d-------- C:\Documents and Settings\Dell\Application Data\Mathematica
2007-05-21 17:11:46 0 d-------- C:\Program Files\Wolfram Research
2007-05-21 16:58:16 0 d-------- C:\Program Files\DivX
2007-05-21 16:48:38 0 d-------- C:\Program Files\Ashampoo
2007-05-21 16:39:35 0 d-------- C:\Program Files\Recover4all Professional v2.25
2007-05-19 17:08:25 86016 --a------ C:\WINDOWS\system32\ElbyCDIO.dll <Not Verified; Elaborate Bytes AG; Elaborate Bytes CDRTools>
2007-05-18 00:13:14 0 d-------- C:\Program Files\3D Fish School 3
2007-05-17 23:28:14 1271220 --a------ C:\WINDOWS\system32\Living_Dolphins_3D_Screensaver.scr
2007-05-12 06:40:07 0 d-------- C:\Program Files\Quicken
2007-05-11 01:37:15 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2007-05-11 01:37:15 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>
2007-05-11 01:37:15 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>
2007-05-11 01:37:15 740442 --a------ C:\WINDOWS\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®>
2007-05-10 22:37:21 0 d-------- C:\Documents and Settings\Dell\Application Data\Nokia
2007-05-10 15:36:50 0 d-------- C:\Documents and Settings\Dell\Application Data\FlashGet
2007-05-09 18:52:28 0 d-------- C:\Program Files\Norton Ghost
2007-05-09 18:02:00 0 d-------- C:\Program Files\Magic Video Converter
2007-05-09 17:58:59 0 d-------- C:\Program Files\BV Tech Inc
2007-05-09 17:52:46 0 d-------- C:\Documents and Settings\Dell\Application Data\Nitro PDF
2007-05-09 17:45:50 0 d-------- C:\Program Files\Albatross
2007-05-09 17:44:46 0 d-------- C:\Program Files\Common Files\MainConcept
2007-05-09 17:42:01 0 d-------- C:\Program Files\TechSmith
2007-05-09 16:31:11 0 d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-05-09 11:58:04 0 d-------- C:\Program Files\uTorrent
2007-05-09 03:40:57 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item3-5-9-2007_3-35-48_6057216.dnp
2007-05-09 03:40:08 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item3-5-9-2007_3-35-48_8917482.dnp
2007-05-09 03:40:08 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item3-5-9-2007_3-35-48_6157436.dnp
2007-05-09 03:40:08 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item3-5-9-2007_3-35-48_4549860.dnp
2007-05-09 03:40:08 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item3-5-9-2007_3-35-48_4020806.dnp
2007-05-09 03:40:08 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item3-5-9-2007_3-35-48_1897888.dnp
2007-05-09 03:38:56 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item3-5-9-2007_3-35-48_5605126.dnp
2007-05-09 03:37:32 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item3-5-9-2007_3-35-48_9482382.dnp
2007-05-09 03:37:32 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item3-5-9-2007_3-35-48_5325946.dnp
2007-05-09 03:37:32 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item3-5-9-2007_3-35-48_4665181.dnp
2007-05-09 03:37:32 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item3-5-9-2007_3-35-48_2821155.dnp
2007-05-09 03:37:32 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item3-5-9-2007_3-35-48_1987398.dnp
2007-05-08 13:40:16 0 d-------- C:\Documents and Settings\Dell\Application Data\PC Suite
2007-05-07 18:31:41 0 d-------- C:\Program Files\DIFX
2007-05-07 18:30:16 0 d-------- C:\Program Files\PC Connectivity Solution
2007-05-07 17:40:45 0 d-------- C:\Program Files\Seagate
2007-05-06 20:26:21 0 d-------- C:\Program Files\XoftSpy SE
2007-05-06 13:40:32 0 d-------- C:\Program Files\Innovative Solutions
2007-05-06 04:45:44 3305472 --a------ C:\WINDOWS\3D Fish School 3.scr
2007-05-05 21:31:47 0 d-------- C:\Program Files\DVDInfoPro
2007-05-05 13:11:07 0 d-------- C:\Program Files\Common Files\InterVideo
2007-05-05 13:09:46 0 d-------- C:\Program Files\Ulead Systems
2007-05-05 13:05:30 0 d-------- C:\Documents and Settings\Dell\Application Data\DVDFab
2007-05-05 12:21:53 0 d-------- C:\Program Files\Your Uninstaller 2006
2007-05-05 12:15:16 0 d-------- C:\Program Files\Common Files\Acronis
2007-05-05 12:15:11 0 d-------- C:\Program Files\Acronis
2007-05-05 12:01:08 0 d-------- C:\Program Files\Common Files\Ulead Systems
2007-05-04 12:39:38 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item3-5-4-2007_12-34-12_1366049.dnp
2007-05-04 12:38:53 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item3-5-4-2007_12-34-12_8788584.dnp
2007-05-04 12:38:52 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item3-5-4-2007_12-34-12_6807468.dnp
2007-05-04 12:38:51 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item3-5-4-2007_12-34-12_53422.dnp
2007-05-04 12:38:51 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item3-5-4-2007_12-34-12_468541.dnp
2007-05-04 12:38:50 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item3-5-4-2007_12-34-12_6732924.dnp
2007-05-04 12:37:34 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item3-5-4-2007_12-34-12_882119.dnp
2007-05-04 12:36:12 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item3-5-4-2007_12-34-12_9695739.dnp
2007-05-04 12:36:11 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item3-5-4-2007_12-34-12_9323926.dnp
2007-05-04 12:36:08 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item3-5-4-2007_12-34-12_1316687.dnp
2007-05-04 12:36:08 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item3-5-4-2007_12-34-12_1125917.dnp
2007-05-04 12:36:07 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item3-5-4-2007_12-34-12_7727819.dnp
2007-05-02 17:27:32 52224 --a------ C:\WINDOWS\dx7ogl32.dll
2007-05-01 03:10:51 202240 --a------ C:\WINDOWS\system32\300_saver_02.scr <Not Verified; ScreenTime Media; ScreenTime For Flash>
2007-05-01 03:08:27 202240 --a------ C:\WINDOWS\system32\300_saver_01.scr <Not Verified; ScreenTime Media; ScreenTime For Flash>
2007-04-27 18:36:48 364544 --a------ C:\WINDOWS\system32\ml32i3.dll <Not Verified; Wolfram Research, Inc.; Mathematica®>
2007-04-27 18:36:48 237568 --a------ C:\WINDOWS\system32\ml32i2.dll <Not Verified; Wolfram Research, Inc.; Mathematica®>
2007-04-27 18:36:48 233472 --a------ C:\WINDOWS\system32\ml32i1.dll <Not Verified; Wolfram Research, Inc.; Mathematica®>
2007-04-22 21:15:29 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2007-04-22 21:02:34 196608 --a------ C:\WINDOWS\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2007-04-22 21:02:34 73728 --a------ C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2007-04-22 21:01:47 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
2007-04-16 00:09:17 38446 --a------ C:\Documents and Settings\Dell\Application Data\Microsoft Excel 97-2003.ADR
2007-04-16 00:08:20 38455 --a------ C:\Documents and Settings\Dell\Application Data\Comma Separated Values (Windows).ADR
2007-04-15 04:50:13 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item2-4-15-2007_4-45-4_5899974.dnp
2007-04-15 04:49:33 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item2-4-15-2007_4-45-4_8834918.dnp
2007-04-15 04:49:33 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item2-4-15-2007_4-45-4_6630964.dnp
2007-04-15 04:49:33 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item2-4-15-2007_4-45-4_6348917.dnp
2007-04-15 04:49:33 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item2-4-15-2007_4-45-4_5162270.dnp
2007-04-15 04:49:33 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item2-4-15-2007_4-45-4_2358983.dnp
2007-04-15 04:48:31 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item2-4-15-2007_4-45-4_9458675.dnp
2007-04-15 04:47:14 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item2-4-15-2007_4-45-4_8012662.dnp
2007-04-15 04:47:14 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item2-4-15-2007_4-45-4_4734268.dnp
2007-04-15 04:47:14 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item2-4-15-2007_4-45-4_2726346.dnp
2007-04-15 04:47:13 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item2-4-15-2007_4-45-4_896993.dnp
2007-04-15 04:47:13 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item2-4-15-2007_4-45-4_7898678.dnp
2007-04-15 04:19:48 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item1-4-15-2007_4-11-16_5294211.dnp
2007-04-15 04:18:45 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item1-4-15-2007_4-11-16_4667025.dnp
2007-04-15 04:18:43 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item1-4-15-2007_4-11-16_5100536.dnp
2007-04-15 04:18:42 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item1-4-15-2007_4-11-16_2296336.dnp
2007-04-15 04:18:40 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item1-4-15-2007_4-11-16_9078186.dnp
2007-04-15 04:18:38 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item1-4-15-2007_4-11-16_8404366.dnp
2007-04-15 04:16:15 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item1-4-15-2007_4-11-16_5457404.dnp
2007-04-15 04:14:22 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item1-4-15-2007_4-11-16_3483655.dnp
2007-04-15 04:14:20 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item1-4-15-2007_4-11-16_6018870.dnp
2007-04-15 04:14:18 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item1-4-15-2007_4-11-16_4961992.dnp
2007-04-15 04:14:16 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item1-4-15-2007_4-11-16_2029400.dnp
2007-04-15 04:14:15 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item1-4-15-2007_4-11-16_7698118.dnp
2007-04-14 04:13:56 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item0-4-14-2007_4-4-39_6260318.dnp
2007-04-14 04:12:41 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item0-4-14-2007_4-4-39_6628568.dnp
2007-04-14 04:12:40 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item0-4-14-2007_4-4-39_6312892.dnp
2007-04-14 04:12:40 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item0-4-14-2007_4-4-39_3326687.dnp
2007-04-14 04:12:38 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item0-4-14-2007_4-4-39_6813627.dnp
2007-04-14 04:12:37 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item0-4-14-2007_4-4-39_6629794.dnp
2007-04-14 04:10:06 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item0-4-14-2007_4-4-39_6657012.dnp
2007-04-14 04:07:56 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item0-4-14-2007_4-4-39_8784411.dnp
2007-04-14 04:07:55 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item0-4-14-2007_4-4-39_9206086.dnp
2007-04-14 04:07:54 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item0-4-14-2007_4-4-39_7810892.dnp
2007-04-14 04:07:52 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item0-4-14-2007_4-4-39_8922977.dnp
2007-04-14 04:07:50 18 --a------ C:\Program Files\XP Repair Pro 2007ERR_Item0-4-14-2007_4-4-39_6123208.dnp
2007-04-13 19:43:20 38453 --a------ C:\Documents and Settings\Dell\Application Data\Tab Separated Values (Windows).ADR
2007-04-13 15:19:52 7680 --a------ C:\WINDOWS\system32\lsdelete.exe
2007-04-12 06:46:05 749568 --a------ C:\WINDOWS\system32\btrez.dll <Not Verified; Broadcom Corporation.; Bluetooth Software>
2007-04-12 06:45:17 86016 --a------ C:\WINDOWS\system32\BtMmHook.dll <Not Verified; Broadcom Corporation.; Bluetooth Software>
2007-04-07 00:02:56 53248 --a------ C:\WINDOWS\system32\GenSvcInst.exe <Not Verified; B.H.A Corporation; B's Recorder GOLD9>
2007-04-07 00:02:56 118784 --a------ C:\WINDOWS\system32\bgsvcgen.exe <Not Verified; B.H.A Corporation; B's Recorder GOLD9>


-- Registry Dump ---------------------------------------------------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{00C6482D-C502-44C8-8409-FCE54AD9C208} C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
{07A11D74-9D25-4fea-A833-8B0D76A5577A} C:\Program Files\Mindjet\MindManager 7\Mm7InternetExplorer.dll
{22BF413B-C6D2-4d91-82A9-A0F997BA588C} C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
{2F364306-AA45-47B5-9F9D-39A8B94E7EF7} C:\Program Files\FlashGet\jccatch.dll
{4401FDC3-7996-4774-8D2B-C1AE9CD6CC25} C:\Program Files\E-Book Systems\FlipAlbum 6 Pro\FpLaunch.dll
{724d43a9-0d85-11d4-9908-00400523e39a} C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
{9ECB9560-04F9-4bbc-943D-298DDF1699E1} C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
{BDF3E430-B101-42AD-A544-FADC6B084872} C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
{F156768E-81EF-470C-9057-481BA8380DBA} C:\Program Files\FlashGet\getflash.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"CoolSwitch"="C:\\WINDOWS\\system32\\taskswitch.exe"
"Logitech Utility"="Logi_MwX.Exe"
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"LTWinModem1"="\"ltmsg.exe\" 9"
"DellTouch"="C:\\WINDOWS\\DELLMMKB.EXE"
"Symantec NetDriver Monitor"="\"C:\\PROGRA~1\\SYMNET~1\\SNDMon.exe\" /Consumer"
"MessengerPlus3"="\"C:\\Program Files\\MessengerPlus! 3\\MsgPlus.exe\""
"NeroFilterCheck"="\"C:\\Program Files\\Common Files\\Ahead\\Lib\\NeroCheck.exe\""
"pdfSaver3"=""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ATI Launchpad"=""
@=""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run\AdobeUpdater]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoCDBurning"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\1]
Source REG_SZ 7db39a0d-580f-4be9-9195-8bfcd226f6c2

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{A213B520-C6C2-11d0-AF9D-008029E1027E}"=""
"{3CF9ECE0-1A9F-11D2-8C73-00C06C2005DE}"=""
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=""
"{51C55F9E-C308-4c95-89AB-8858D8AFD819}"="ParetoLogic Anti-Spyware"

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"appinit_dlls"="acaptuser32.dll"

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0relog_ap\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages REG_MULTI_SZ scecli\0\0

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\aawservice
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\sdauxservice
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\sdcoreservice
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\WebrootSpySweeperService

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Directory Opus Desktop Dblclk]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="dopusrt"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\GPSoftware\\Directory Opus\\dopusrt.exe\" /dblclk"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="WMPNSCFG"
"hkey"="HKCU"
"command"="C:\\Program Files\\Windows Media Player\\WMPNSCFG.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Ati HotKey Poller"=dword:00000002

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0

hklm\software\Microsoft\Windows NT\CurrentVersion\Svchost *netsvcs*
UxTuneUp



-- Hosts -----------------------------------------------------------------------

127.0.0.1 home.edonkey.com
127.0.0.1 wintools.com
127.0.0.1 www.wintools.com
127.0.0.1 macros.com
127.0.0.1 www.macros.com
127.0.0.1 http://www.wintools.com
127.0.0.1 http://www.macros.com


-- End of Deckard's System Scanner: finished at 2007-07-05 at 03:35:26 ---------

[peiraster]

I included above both the main.txt and extra.txt generated by the dss.exe utility, thanks.

[Ried]

Thank you.

I'm not seeing any malware in these logs. Let's see if an online scan reveals anything.

Perform an online scan with Internet Explorer at Kaspersky Online Scanner

Answer Yes, when prompted to install an ActiveX component.

• The program will then begin downloading the latest definition files.
• Once the files have been downloaded click on NEXT
• Locate the Scan Settings button & configure to:
  • Scan using the following Anti-Virus database:
    • Extended
  • Scan Options:
    • Scan Archives
    • Scan Mail Bases
• Click OK & have it scan My Computer
• Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
• Click the Save as Text button to save the file to your desktop so that you may post it in your next reply

**Note for Internet Explorer 7 users**

If at any time you have trouble with the accept button of the licence, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.

[peiraster]

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Friday, July 06, 2007 2:03:30 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 6/07/2007
Kaspersky Anti-Virus database records: 358808
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
F:\
G:\
H:\
I:\
J:\
K:\

Scan Statistics:
Total number of scanned objects: 383489
Number of viruses found: 19
Number of infected objects: 31 / 0
Number of suspicious objects: 1
Duration of the scan process: 05:53:13

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Confid.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Content.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Privacy.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Restrict.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\WebHist.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\2007-07-05_Log.ALUSchedulerSvc.LiveUpdate Object is locked skipped
C:\Documents and Settings\Dell\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Dell\Local Settings\Application Data\Identities\{251A8766-AAED-4072-BC97-2B8DD7D681E2}\Microsoft\Outlook Express\Terry Wills.dbx/[From "Terry Wills" <TerryWills@hotmail.com>][Date Sun, 07 Jan 2001 20:13:48 -0800]/UNNAMED/BCNDA.doc Infected: Virus.MSWord.Marker.fq2 skipped
C:\Documents and Settings\Dell\Local Settings\Application Data\Identities\{251A8766-AAED-4072-BC97-2B8DD7D681E2}\Microsoft\Outlook Express\Terry Wills.dbx/[From "Terry Wills" <TerryWills@hotmail.com>][Date Sun, 07 Jan 2001 20:13:48 -0800]/UNNAMED Infected: Virus.MSWord.Marker.fq2 skipped
C:\Documents and Settings\Dell\Local Settings\Application Data\Identities\{251A8766-AAED-4072-BC97-2B8DD7D681E2}\Microsoft\Outlook Express\Terry Wills.dbx Mail MS Outlook 5: infected - 2 skipped
C:\Documents and Settings\Dell\Local Settings\Application Data\Identities\{3E7C86AD-70E7-42D6-AD97-F41AE31B593C}\Microsoft\Outlook Express\Terry Wills.dbx/[From "Terry Wills" <TerryWills@hotmail.com>][Date Sun, 07 Jan 2001 20:13:48 -0800]/UNNAMED/BCNDA.doc Infected: Virus.MSWord.Marker.fq2 skipped
C:\Documents and Settings\Dell\Local Settings\Application Data\Identities\{3E7C86AD-70E7-42D6-AD97-F41AE31B593C}\Microsoft\Outlook Express\Terry Wills.dbx/[From "Terry Wills" <TerryWills@hotmail.com>][Date Sun, 07 Jan 2001 20:13:48 -0800]/UNNAMED Infected: Virus.MSWord.Marker.fq2 skipped
C:\Documents and Settings\Dell\Local Settings\Application Data\Identities\{3E7C86AD-70E7-42D6-AD97-F41AE31B593C}\Microsoft\Outlook Express\Terry Wills.dbx Mail MS Outlook 5: infected - 2 skipped
C:\Documents and Settings\Dell\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Dell\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Dell\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Dell\Local Settings\History\History.IE5\MSHist012007070620070707\index.dat Object is locked skipped
C:\Documents and Settings\Dell\Local Settings\Temp\Perflib_Perfdata_1370.dat Object is locked skipped
C:\Documents and Settings\Dell\Local Settings\Temp\Perflib_Perfdata_5c8.dat Object is locked skipped
C:\Documents and Settings\Dell\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Dell\Local Settings\Temporary Internet Files\Content.IE5\33GPVPEP\ADSAdClient31[1].htm Object is locked skipped
C:\Documents and Settings\Dell\Local Settings\Temporary Internet Files\Content.IE5\33GPVPEP\ADSAdClient31[2].htm Object is locked skipped
C:\Documents and Settings\Dell\Local Settings\Temporary Internet Files\Content.IE5\33GPVPEP\ADSAdClient31[3].htm Object is locked skipped
C:\Documents and Settings\Dell\Local Settings\Temporary Internet Files\Content.IE5\33GPVPEP\ADSAdClient31[4].htm Object is locked skipped
C:\Documents and Settings\Dell\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Dell\My Documents\My Chat Logs\Events Log.txt Object is locked skipped
C:\Documents and Settings\Dell\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Dell\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\AntiSpam\Log\Spam.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDALRT.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDCON.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDDBG.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDFW.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDIDS.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDSYS.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPPolicy.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPStart.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPStop.log Object is locked skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\AVApp.log Object is locked skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\AVError.log Object is locked skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\AVVirus.log Object is locked skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\0A3028A4.tmp Infected: Email-Worm.Win32.Zhelatin.a skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\0A54767C.tmp Infected: Email-Worm.Win32.Zhelatin.a skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\116338B7.tmp Infected: Email-Worm.Win32.Zhelatin.u skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\297D20F7.bc! Infected: Virus.Win32.Sality.s skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\2CFF16ED.exe Infected: Trojan-Spy.Win32.Agent.qd skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\344559E4.tmp Infected: Trojan-Downloader.Win32.INService.bl skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\373E009D.tmp Infected: Email-Worm.Win32.Luder.a skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\37624E76.tmp Infected: Email-Worm.Win32.Luder.a skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\39355275.tmp Infected: Trojan-Downloader.Win32.INService.bl skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\39766AEB.tmp Infected: Trojan-Downloader.Win32.Small.dam skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\3AC85866.exe Infected: not-a-virus:RiskTool.Win32.HideWindows skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\58394A18.tmp Infected: Email-Worm.Win32.Zhelatin.h skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\586041ED.tmp Infected: Email-Worm.Win32.Zhelatin.h skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\586D69DF.tmp Infected: Email-Worm.Win32.Zhelatin.k skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\588B63BF.tmp Infected: Email-Worm.Win32.Zhelatin.m skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\58A109A5.tmp Infected: Email-Worm.Win32.Zhelatin.o skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\648078DC.bc! Infected: Virus.Win32.Parite.b skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\6F067E18.tmp Infected: Email-Worm.Win32.Luder.a skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\758E3265.bc! Infected: Trojan-Dropper.Win32.Delf.fl skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{67A3874B-ED8D-48CA-B8DB-2F1A7884CC17}\RP4\A0000021.exe/data0000.cab/is67533.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.if skipped
C:\System Volume Information\_restore{67A3874B-ED8D-48CA-B8DB-2F1A7884CC17}\RP4\A0000021.exe/data0000.cab Infected: not-a-virus:AdWare.Win32.Virtumonde.if skipped
C:\System Volume Information\_restore{67A3874B-ED8D-48CA-B8DB-2F1A7884CC17}\RP4\A0000021.exe Rsrc-Package: infected - 2 skipped
C:\System Volume Information\_restore{67A3874B-ED8D-48CA-B8DB-2F1A7884CC17}\RP4\A0000039.exe/data0062 Infected: not-a-virus:RiskTool.Win32.WFPDisabler.a skipped
C:\System Volume Information\_restore{67A3874B-ED8D-48CA-B8DB-2F1A7884CC17}\RP4\A0000039.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{67A3874B-ED8D-48CA-B8DB-2F1A7884CC17}\RP4\A0000041.exe Suspicious: Packed.Win32.CryptExe skipped
C:\System Volume Information\_restore{67A3874B-ED8D-48CA-B8DB-2F1A7884CC17}\RP4\A0000043.exe Infected: Backdoor.Win32.Rbot.cij skipped
C:\System Volume Information\_restore{67A3874B-ED8D-48CA-B8DB-2F1A7884CC17}\RP4\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\NetLimit.evt Object is locked skipped
C:\WINDOWS\system32\config\ODiag.evt Object is locked skipped
C:\WINDOWS\system32\config\OSession.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\TempFile Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.

[peiraster]

I included above the full Kaspersky Online scan you requested. From what I see the only "infections" detected are the already quarantined viruses by Norton and an email attachment (word document) which I checked and neither Norton or Nod32 detect it as malware. Anyway, let me know what you think, thanks.

[Ried]

That's correct--that's all I'm seeing as well. I'm wondering if one of your startup programs is trying to connect at boot up.

Download Process Explorer

Start Process Explorer and without bringing up IE, locate iexplore.exe in the program. Highlight it and see if it will show you what program is using it.

[peiraster]

Quote:

Originally Posted by Ried

That's correct--that's all I'm seeing as well. I'm wondering if one of your startup programs is trying to connect at boot up.

Download Process Explorer

Start Process Explorer and without bringing up IE, locate iexplore.exe in the program. Highlight it and see if it will show you what program is using it.

Should I do what you say immediately after rebooting without terminating the iexplore.exe running in the background? Also, I already have in my PC the program "Process Monitor" v1.12 by Mark Russinovich of Sysinternals.com, is it the same as "Process Explorer"? Thanks.

[Ried]

I don't know, I've never used Process Monitor. Give me a few minutes to download it and I'll see if it provides the same info as Process Explorer...

[Ried]

Sorry it took so long...dial-up.

Yes, it will serve the same purpose. Launch Procmon.exe and look for iexplore. It will show you the registry entry/entries that are using it. The reg entry path will reveal the program (s).

[peiraster]

Ok I will do that and report back to you. IN the meantime, from the info you already have on this case, in my current state is it safe to work with my computer online? I mean, can you discard this problem as being related to some malware? Thanks.

[Ried]

As I've not seen any malware presented in these logs, I do feel it's one of your programs connecting for some reason. Just a thought...it could be Offline Explorer Enterprise (Metaproducts)

I've gone over the protective programs you already have installed and as an extra measure of safety, would like you to add the following 2:

SpywareBlaster 3.5.1 to help prevent spyware from installing in the first place. Install & update SpywareBlaster with the latest definitions. After you have updated, click the button - enable protection for all unprotected items.

Spyware Blaster focuses on bad ActiveX controls that try to download on your computer. It will block any bad ActiveX from running in Internet Explorer and Firefox if it's listed in their database (which you should update frequently). To view their database, and list of restricted sites--after you've installed it, launch the program and click on each of the tabs on the main display page.


IE-SPYAD.EXE to block access to malicious websites so you cannot be redirected to them from an infected site or email. IE/Spyad places more than 4000 dubious websites and domains in the IE Restricted list. This severely impairs attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites. This is a self-extracting .ZIP file, save it to your desktop. Once downloaded, double-click on it to extract the files inside (default dir is C:\IE-SPYAD)

• Now navigate to C:\ie-spyad. Double click to open it.
• From within the folder, double-click install.bat
• Select Option #2 - Install the new IE-SPYAD list, by typing 2
• Then return to the main menu.
• Select option #4 - Add the old porn sites domain, by typing 4

Feel free to use this computer online.

[peiraster]

I will install those two programs.I try to never run programs in the background to save resources and avoid conflicts, that's why with the exception of Norton Internet Security I always run all other security software on demand. I'm pretty sure that this is not caused by Offline Explorer, I installed that program at least 2 months before this issue appeared, so I'm almost sure it's not related to it.
Find below a snapshot of the process monitor main window taken immediately after normal reboot (with iexplore.exe running in the background as reported) plus a text report for your review. As seen, it seems that explorer.exe is the parent program of iexplore.exe

Shot at 2007-07-07
Process PID CPU Description Company Name
System Idle Process 0 45.65
Interrupts n/a Hardware Interrupts
DPCs n/a Deferred Procedure Calls
System 4 10.14
smss.exe 1756 Windows NT Session Manager Microsoft Corporation
csrss.exe 1920 Client Server Runtime Process Microsoft Corporation
winlogon.exe 1964 Windows NT Logon Application Microsoft Corporation
services.exe 2008 1.45 Services and Controller app Microsoft Corporation
svchost.exe 448 Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 544 Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 772 Generic Host Process for Win32 Services Microsoft Corporation
btwdins.exe 800 Bluetooth Support Server Broadcom Corporation.
svchost.exe 820 Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 1116 39.13 Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 1204 Generic Host Process for Win32 Services Microsoft Corporation
CCSETMGR.EXE 1296 Symantec Settings Manager Service Symantec Corporation
CCEVTMGR.EXE 1536 Symantec Event Manager Service Symantec Corporation
CCPROXY.EXE 1900 Symantec Network Proxy Service Symantec Corporation
ISSVC.exe 716 IS Service Symantec Corporation
SNDSrvc.exe 760 Network Driver Service Symantec Corporation
SPBBCSvc.exe 1068 SPBBC Service Symantec Corporation
spoolsv.exe 1380 Spooler SubSystem App Microsoft Corporation
LVPrcSrv.exe 1460 Logitech LVPrcSrv Module. Logitech Inc.
AluSchedulerSvc.exe 3160 Automatic LiveUpdate Scheduler Service Symantec Corporation
mdm.exe 2648 Machine Debug Manager Microsoft Corporation
NAVAPSVC.EXE 1744 Norton AntiVirus Auto-Protect Service Symantec Corporation
PDAgent.exe 2656 PDAgent Module Raxco Software, Inc.
SAVSCAN.EXE 2964 AutoProtect Symantec Corporation
scsiaccess.exe 3332
svchost.exe 3436 Generic Host Process for Win32 Services Microsoft Corporation
symlcsvc.exe 3800 Symantec Core Component Symantec Corporation
dmadmin.exe 2296 Logical Disk Manager service process Microsoft Corp., Veritas Software
PDEngine.exe 1140 PDEngine Module Raxco Software, Inc.
alg.exe 3108 Application Layer Gateway Service Microsoft Corporation
lsass.exe 2020 LSA Shell (Export Version) Microsoft Corporation
explorer.exe 1504 Windows Explorer Microsoft Corporation
iexplore.exe 2424 1.45 Internet Explorer Microsoft Corporation
TaskSwitch.exe 2084
CCAPP.EXE 3968 Symantec User Session Symantec Corporation
ltmsg.exe 3100 ltmsg LUCENT TECHNOLOGIES
DellMMKb.exe 3344 Netropa(tm) Hot Key Netropa Corp.
OSD.exe 328 Netropa(r) Onscreen Display Netropa Corp.
MsgPlus.exe 4064 Messenger Plus! Patchou
PersTray.exe 2976 Plantronics
procexp.exe 3908 2.17 Sysinternals Process Explorer Sysinternals
EM_EXEC.EXE 3520 Logitech Events Handler Application Logitech Inc.

Process: iexplore.exe Pid: 2424

Type Name
Desktop \Default
Directory \KnownDlls
Directory \Windows
Directory \BaseNamedObjects
File C:\Documents and Settings\Dell
File \Device\KsecDD
File C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03
File C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03
File \Device\WMIDataDevice
File \Device\WMIDataDevice
File C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03
File C:\WINDOWS\system32\Systemfiles\klog.dat
File \Device\Tcp
File \Device\Tcp
File \Device\Ip
File \Device\Ip
File \Device\Ip
File \Device\Tcp
File \Device\NamedPipe\Winsock2\CatalogChangeListener-978-0
Key HKLM
Key HKCU
Key HKCU
Key HKCU
Key HKCU
Key HKCU
Key HKCU
Key HKCU
Key HKCU
Key HKCU
Key HKCU
Key HKCU
Key HKCU
Key HKLM
Key HKCU
Key HKLM
Key HKCU
Key HKCU\Software\Adobe\Adobe Acrobat\8.0\Acrobat 3DCapture
Key HKLM
Key HKLM\SOFTWARE\Adobe\Acrobat 3DCapture\8.0\InstallPath
Key HKCU\Software\Classes
Key HKCU
Key HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Key HKLM
Key HKLM\SYSTEM\ControlSet001\Control\NetworkProvider\HwOrder
Key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32
Key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32
Key HKLM\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9
Key HKLM\SYSTEM\ControlSet001\Services\WinSock2\Parameters\NameSpace_Catalog5
Key HKLM\SYSTEM\ControlSet001\Services\Tcpip\Linkage
Key HKLM\SYSTEM\ControlSet001\Services\Tcpip\Parameters
Key HKLM\SYSTEM\ControlSet001\Services\NetBT\Parameters\Interfaces
Key HKLM\SYSTEM\ControlSet001\Services\NetBT\Parameters
KeyedEvent \KernelObjects\CritSecOutOfMemoryEvent
Mutant \BaseNamedObjects\ZonesCounterMutex
Mutant \BaseNamedObjects\ZonesCacheCounterMutex
Mutant \BaseNamedObjects\ZonesLockedCacheCounterMutex
Mutant \BaseNamedObjects\BifiWur
Mutant \BaseNamedObjects\ShimCacheMutex
Mutant \BaseNamedObjects\main area mutex HighCriteria TotalRecorder Mrqx1FQGyj4c1kycrBxP
Mutant \BaseNamedObjects\instance mutex HighCriteria TotalRecorder Mrqx1FQGyj4c1kycrBxP 4
Process iexplore.exe(2424)
Section \BaseNamedObjects\ShimSharedMemory
Section \BaseNamedObjects\exchng common areaHighCriteria TotalRecorder Mrqx1FQGyj4c1kycrBxP 94784 0
Semaphore \BaseNamedObjects\shell.{A48F1A32-A340-11D1-BC6B-00A0C90312E1}
Semaphore \BaseNamedObjects\sem.for registry HighCriteria TotalRecorder Mrqx1FQGyj4c1kycrBxP
Thread iexplore.exe(2424): 2448
Thread iexplore.exe(2424): 2452
Thread iexplore.exe(2424): 2456
Thread iexplore.exe(2424): 2460
Thread iexplore.exe(2424): 2448
Thread iexplore.exe(2424): 3828
Thread iexplore.exe(2424): 3828
Thread iexplore.exe(2424): 1060
WindowStation \Windows\WindowStations\WinSta0
WindowStation \Windows\WindowStations\WinSta0

[Ried]

How long have you had Total Recorder installed?

Quote:

Process iexplore.exe(2424)
Section \BaseNamedObjects\ShimSharedMemory
Section \BaseNamedObjects\exchng common areaHighCriteria TotalRecorder Mrqx1FQGyj4c1kycrBxP 94784 0
Semaphore \BaseNamedObjects\shell.{A48F1A32-A340-11D1-BC6B-00A0C90312E1}
Semaphore \BaseNamedObjects\sem.for registry HighCriteria TotalRecorder Mrqx1FQGyj4c1kycrBxP

Open HijackThis.

• Click on Open the Misc Tools Section.
• Checkmark/tick 'list also minor sections (full)'
• Click the 'Generate StartupList log' button

Please post the log in your next reply

[peiraster]

I installed Total Recorder about 2 months ago, also before this issue showed up. Find below the log you requested for your evaluation, thanks.
StartupList report, 7/7/2007, 157 PM
StartupList version: 1.52.2
Started from : C:\Program Files\HijackThis\HijackThis.EXE
Detected: Windows XP SP2 (WinNT 5.01.2600)
Detected: Internet Explorer v7.00 (7.00.6000.16473)
* Using default options
* Showing rarely important sections
==================================================

Running processes:

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
C:\Program Files\Photodex\ProShowProducer\ScsiAccess.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\dmadmin.exe
C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\taskswitch.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ltmsg.exe
C:\WINDOWS\DELLMMKB.EXE
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\Netropa\OSD.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\PerSono\perstray.exe
C:\Program Files\HijackThis\HijackThis.exe

--------------------------------------------------

Listing of startup folders:

Shell folders Common Startup:
[C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
Perstray.lnk = ?

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

CoolSwitch = C:\WINDOWS\system32\taskswitch.exe
Logitech Utility = Logi_MwX.Exe
ccApp = "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
LTWinModem1 = "ltmsg.exe" 9
DellTouch = C:\WINDOWS\DELLMMKB.EXE
Symantec NetDriver Monitor = "C:\PROGRA~1\SYMNET~1\SNDMon.exe" /Consumer
MessengerPlus3 = "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
NeroFilterCheck = "C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe"
pdfSaver3 =

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

ATI Launchpad =
(Default) =

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

[OptionalComponents]
=

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

[AdobeUpdater]
=

--------------------------------------------------

Enumerating Active Setup stub paths:
HKLM\Software\Microsoft\Active Setup\Installed Components
(* = disabled by HKCU twin)

[<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}] *
StubPath = C:\WINDOWS\system32\ieudinit.exe

[>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
StubPath = C:\WINDOWS\inf\unregmp2.exe /ShowWMP

[>{26923b43-4d38-484f-9b9e-de460746276c}] *
StubPath = C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig

[>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] *
StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

[{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] *
StubPath = %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32

\themeui.dll

[{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install

[{7790769C-0471-11d2-AF11-00C04FA35D02}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install

[{7AC5DF9C-0F1C-E2CB-6770-4B2C483A02CD}]
StubPath = C:\WINDOWS\system32\Systemfiles\taskmgr.exe s

[{89820200-ECBD-11cf-8B85-00AA005B4340}] *
StubPath = regsvr32.exe /s /n /i:U shell32.dll

[{89820200-ECBD-11cf-8B85-00AA005B4383}] *
StubPath = C:\WINDOWS\system32\ie4uinit.exe -BaseSettings

[{89B4C1CD-B018-4511-B0A1-5476DBF70820}] *
StubPath = C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install

--------------------------------------------------

Load/Run keys from C:\WINDOWS\WIN.INI:

load=*INI section not found*
run=*INI section not found*

Load/Run keys from Registry:

HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\Windows: load=
HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=acaptuser32.dll

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=Explorer.exe
SCRNSAVE.EXE=*Registry value not found*
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry value not found*
HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------

Checking for EXPLORER.EXE instances:

C:\WINDOWS\Explorer.exe: PRESENT!

C:\Explorer.exe: not present
C:\WINDOWS\Explorer\Explorer.exe: not present
C:\WINDOWS\System\Explorer.exe: not present
C:\WINDOWS\System32\Explorer.exe: not present
C:\WINDOWS\Command\Explorer.exe: not present
C:\WINDOWS\Fonts\Explorer.exe: not present

--------------------------------------------------

Checking for superhidden extensions:

.lnk: HIDDEN! (arrow overlay: yes)
.pif: HIDDEN! (arrow overlay: yes)
.exe: not hidden
.com: not hidden
.bat: not hidden
.hta: not hidden
.scr: not hidden
.shs: HIDDEN!
.shb: HIDDEN!
.vbs: not hidden
.vbe: not hidden
.wsh: not hidden
.scf: HIDDEN! (arrow overlay: NO!)
.url: HIDDEN! (arrow overlay: yes)
.js: not hidden
.jse: not hidden

--------------------------------------------------

Enumerating Browser Helper Objects:

(no name) - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll - {00C6482D-C502-44C8-8409-

FCE54AD9C208}
(no name) - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll - {06849E9F-

C8D7-4D59-B87D-784B7D6BE0B3}
(no name) - C:\Program Files\Mindjet\MindManager 7\Mm7InternetExplorer.dll - {07A11D74-9D25-

4fea-A833-8B0D76A5577A}
Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

- {22BF413B-C6D2-4d91-82A9-A0F997BA588C}
flashget urlcatch - C:\Program Files\FlashGet\jccatch.dll - {2F364306-AA45-47B5-9F9D-

39A8B94E7EF7}
(no name) - C:\Program Files\E-Book Systems\FlipAlbum 6 Pro\FpLaunch.dll - {4401FDC3-7996-4774-

8D2B-C1AE9CD6CC25}
(no name) - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll - {724d43a9-0d85-11d4-9908-

00400523e39a}
(no name) - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL - {72853161-30C5-4D22-B7F9-0BBC1D38A37E}
(no name) - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll - {761497BB-D6F0-462C-B6EB-

D4DAF1D92D43}
Norton Internet Security - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll

- {9ECB9560-04F9-4bbc-943D-298DDF1699E1}
(no name) - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll - {AE7CD045-E861-

484f-8273-0445EE161910}
NAV Helper - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll -

{BDF3E430-B101-42AD-A544-FADC6B084872}
(no name) - C:\Program Files\FlashGet\getflash.dll - {F156768E-81EF-470C-9057-481BA8380DBA}

--------------------------------------------------

Enumerating Task Scheduler jobs:

MP Scheduled Scan.job

--------------------------------------------------

Enumerating Download Program Files:

[{01010E00-5E80-11D8-9E86-0007E96C65AE}]
CODEBASE = http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab

[{01012101-5E80-11D8-9E86-0007E96C65AE}]
CODEBASE = http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab

[{03F998B2-0E00-11D3-A498-00104B6EB52E}]

[CKAVWebScan Object]
InProcServer32 = C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll
CODEBASE = http://www.kaspersky.com/kos/eng/par...an_unicode.cab

[Shockwave ActiveX Control]
InProcServer32 = C:\WINDOWS\system32\macromed\Director\SwDir.dll
CODEBASE = http://fpdownload.macromedia.com/pub...irector/sw.cab

[{31435657-9980-0010-8000-00AA00389B71}]
CODEBASE = http://download.microsoft.com/downlo...c8b-48b7-adab-

ab9c403a978f/wvc1dmo.cab

[Office Update Installation Engine]
InProcServer32 = C:\WINDOWS\opuc.dll
CODEBASE = http://office.microsoft.com/officeup...tent/opuc3.cab

[Symantec RuFSI Utility Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\rufsi.dll
CODEBASE = http://security.symantec.com/sscv6/S.../bin/cabsa.cab

[System Requirements Lab Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\sysreqlab2.dll
CODEBASE = http://www.systemrequirementslab.com/sysreqlab2.cab
OSD = C:\WINDOWS\Downloaded Program Files\SysReqLab2.osd

[{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}]
CODEBASE = http://fpdownload.macromedia.com/get.../ultrashim.cab

[System Requirements Lab Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\sysreqlab.dll
CODEBASE = http://www.systemrequirementslab.com/sysreqlab.cab
OSD = C:\WINDOWS\Downloaded Program Files\sysreqlab.osd

[Office Update Installation Engine]
InProcServer32 = C:\WINDOWS\opuc.dll
CODEBASE = http://office.microsoft.com/officeup...tent/opuc4.cab

[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\system32\Macromed\Flash\Flash9c.ocx
CODEBASE = http://download.macromedia.com/pub/s...sh/swflash.cab

[AxisMediaControlEmb Class]
InProcServer32 = C:\Program Files\Axis Communications\AXIS Media Control

Embedded\AxisMediaControlEmb.dll
CODEBASE = http://80.160.169.182/activex/AMC.cab

[Seagate SeaTools English Online]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\npSeaTools_EN.dll
CODEBASE = file://F:\tools\en\bin\npseatools.cab

[Performance Viewer Activex Control]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\RACtrl.dll
CODEBASE = https://201.252.49.249:2000/activex/RACtrl.cab

--------------------------------------------------

Enumerating Winsock LSP files:

NameSpace #4: C:\Program Files\Bonjour\mdnsNSP.dll

--------------------------------------------------

Enumerating Windows NT/2000/XP services

ASPI32: System32\drivers\aspi32.sys (autostart)
ATI Smart: C:\WINDOWS\system32\ati2sgag.exe (autostart)
Windows Audio: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Automatic LiveUpdate Scheduler: "C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe"

(autostart)
Background Intelligent Transfer Service: %SystemRoot%\System32\svchost.exe -k netsvcs

(autostart)
Computer Browser: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Bluetooth Service: C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe (autostart)
WebcamMax, WDM Video Capture: system32\DRIVERS\CamthWDM.sys (autostart)
Symantec Event Manager: "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe" (autostart)
Symantec Network Proxy: "C:\Program Files\Common Files\Symantec Shared\ccProxy.exe" (autostart)
Symantec Settings Manager: "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"

(autostart)
Cryptographic Services: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
DCOM Server Process Launcher: %SystemRoot%\system32\svchost -k DcomLaunch (autostart)
DHCP Client: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Logical Disk Manager Administrative Service: %SystemRoot%\System32\dmadmin.exe /com (autostart)
Logical Disk Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
DNS Client: %SystemRoot%\System32\svchost.exe -k NetworkService (autostart)
Error Reporting Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Event Log: %SystemRoot%\system32\services.exe (autostart)
Hardlock: \??\C:\WINDOWS\system32\drivers\hardlock.sys (autostart)
Help and Support: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
HID Input Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
ISSvc: "C:\Program Files\Norton Internet Security\ISSVC.exe" (autostart)
Server: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Workstation: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
TCP/IP NetBIOS Helper: %SystemRoot%\System32\svchost.exe -k LocalService (autostart)
Process Monitor: "C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe" (autostart)
Machine Debug Manager: "C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE"

(autostart)
Norton AntiVirus Auto-Protect Service: "C:\Program Files\Norton Internet Security\Norton

AntiVirus\navapsvc.exe" (autostart)
PDAgent: "C:\Program Files\Raxco\PerfectDisk\PDAgent.exe" (autostart)
Plug and Play: %SystemRoot%\system32\services.exe (autostart)
IPSEC Services: %SystemRoot%\System32\lsass.exe (autostart)
Protected Storage: %SystemRoot%\system32\lsass.exe (autostart)
Remote Registry: %SystemRoot%\system32\svchost.exe -k LocalService (autostart)
Remote Procedure Call (RPC): %SystemRoot%\system32\svchost -k rpcss (autostart)
Security Accounts Manager: %SystemRoot%\system32\lsass.exe (autostart)
SAVScan: "C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe" (autostart)
ScriptBlocking Service: C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe (autostart)
Task Scheduler: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
ScsiAccess: C:\Program Files\Photodex\ProShowProducer\ScsiAccess.exe (autostart)
Secondary Logon: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
System Event Notification: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Windows Firewall/Internet Connection Sharing (ICS): %SystemRoot%\System32\svchost.exe -k netsvcs

(autostart)
Shell Hardware Detection: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Symantec Network Drivers Service: "C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe"

(autostart)
Symantec SPBBCSvc: "C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe"

(autostart)
Print Spooler: %SystemRoot%\system32\spoolsv.exe (autostart)
System Restore Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Windows Image Acquisition (WIA): %SystemRoot%\System32\svchost.exe -k imgsvc (autostart)
Symantec Core LC: C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe (autostart)
symlcbrd: \??\C:\WINDOWS\system32\drivers\symlcbrd.sys (autostart)
Themes: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Acronis True Image FS Filter: system32\DRIVERS\tifsfilt.sys (autostart)
Distributed Link Tracking Client: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Plantronics USB Audio Adapter EQ Filter Driver: system32\DRIVERS\uacflt.sys (autostart)
TuneUp Design Expansion: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Symantec V2i Mount Driver: system32\DRIVERS\v2imount.sys (autostart)
Windows Time: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
WebClient: %SystemRoot%\System32\svchost.exe -k LocalService (autostart)
Windows Management Instrumentation: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
Security Center: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Automatic Updates: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
Windows Driver Foundation - User-mode Driver Framework: %SystemRoot%\system32\svchost.exe -k

WudfServiceGroup (autostart)
Wireless Zero Configuration: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
{95808DC4-FA4A-4c74-92FE-5B863F82066B}: \??\C:\Program Files\CyberLink\PowerDVD\000.fcl

(autostart)


--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\system32\webcheck.dll
SysTray: C:\WINDOWS\System32\stobject.dll
WPDShServiceObj: C:\WINDOWS\system32\WPDShServiceObj.dll

--------------------------------------------------
End of report, 18,822 bytes
Report generated in 0.469 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only

[Ried]

I hate to ask for yet another log, but in the hopes that it will give us a clue.

Please download SREng.

1. Extract it to Desktop & double click SREng.exe to run it

2. Select 'Smart Scan' & tick "Verify Digital Signatures"

3. Click on the [Scan] button

4. When finished, click on the [Save Reports] button & save the log to Desktop

5. Attach the log in your next reply due to it's format. Dont post it.

You will have to rename SREngLOG.log to SREngLOG.txt to upload it.

--------------------------------------------------------

I noticed in the dss.exe reports that at the time of the dss.exe scan, your System Restore was disabled. Was it turned off all this time until dss.exe turned it back on?

[peiraster]

Find attached the log you requested.I renamed the file from "SREngLOG.log" to "SREngLOG.txt" because the forum did not allow me to upload it in that format, so just rename it back to the log extension.I always have System Restore turned off. It seems that dss.exe turned it back on, so I just disabled it again. Feel free to ask me as many logs as you wish, we're here to solve this issue :) Thanks.

[peiraster]

I attached in my previous post the log you requested. Let me know if you need further logs, no prob, regards

[Ried]

Thanks.

I'm looking for iexplore.exe running under the C:\WINDOWS\Explorer.EXE tree. I don't see it in the SREng log, did you end task on it before you scanned with SREng? Can you reboot and leave iexplore.exe running, and then scan with SREng and post the new SREng log.