S&D registry change - Allow or Deny ?

[bb0bbby]

Category: System Startup global entry
Change: Value Deleted
Entry: DeleteScanner
Old data: C:\Windows\System32\Delete0cx.cmd

Not sure of this one....can't seem to find too much info on it out there.

Any help would be appreciated.

Thanks !

screenshot:

[spybotsandra]

Hello,

Please read this information about TeaTimer:
http://www.safer-networking.org/en/faq/33.html
and http://www.safer-networking.org/en/faq/34.html
If you surf the web and without any user interaction the teatimer pops up and warns about a registry change it is better to "deny", but if you install something by yourself it is OK to "allow" the change.
The tutorial (point 8) on our homepage should also help explaining:
http://www.safer-networking.org/en/tutorial/index.html

By the way....you have posted in the tavern:
"A place to chat or ask general questions, no politics or religion please. Questions related to Spybot-S&D support/tools, or requests for Malware removal, should be posted in the appropriate forum. Not in the tavern. "
This is the forum for questions about the program itself:
http://forums.spybot.info/forumdisplay.php?f=4

Best regards
Sandra
Team Spybot

[bb0bbby]

Will you move my post or should i delete & repost ?

Thanks

[bb0bbby]

I understand how tea timer works....just not sure what DeleteScanner is & if i should deny allowing it to be deleted.

Thanks

[md usa spybot fan]

bb0bbby:

I have found a RunOnce type startup entry in a HijackThis log on the internet as follows:

Code:

O4 - HKLM\..\RunOnce: [DeleteScanner] C:\WINDOWS\system32\DeleteOcx.cmd

If in fact the TeaTimer dialog message that you are questioning is a deletion of a "RunOnce" startup entry, then it would have occurred after you rebooted your system and the "DeleteOcx.cmd" would have already executed and the startup was being deleted (See Note #1 below).

I was unable to determine exactly what the execution of "C:\WINDOWS\system32\DeleteOcx.cmd" does. If in fact the TeaTimer dialog you are questioning was the deletion of a "RunOnce" startup entry, the important consideration is what you were running when a similar TeaTimer change occurred adding the entry that you apparently allowed (if TeaTimer was running when the entry was added). Perhaps if you pinpoint when the startup entry was added, you may be able to determine what was happening when the entry was added.

The Spybot's "Resident.log" shows the activity of TeaTimer. There are several ways (4 listed below) to access the TeaTimer's Resident.log file:

1. Right click on the TeaTimer (Spybot-SD Resident) system tray icon and select Show Log.
2. Go into Spybot > Mode > Advanced Mode > Tools > Resident.
3. Go into Spybot > Mode > Advanced mode > Tools > View Reports > View Previous reports. Select the Resident.log file and open it.
4. Using Windows Explorer, navigate to the Resident.log file located in one of the following directories:
   
   • Windows 95 or 98:
     C:\Windows\Application Data\Spybot - Search & Destroy\Logs
   • Windows ME:
     C:\Windows\All Users\Application Data\Spybot - Search & Destroy\Logs
   • Windows NT, 2000 or XP:
     C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Logs
   • Windows Vista:
     C:\ProgramData\Spybot - Search & Destroy\Logs
   
   Double click on Resident.log file and it should open with Notepad.

If you want to post any of the information from the "Resident.log":

1. Copy the information from the "Resident.log" into the Clipboard:
   
   • Highlight the portion of the log that you want to copy.
   • Right click and select Copy.
2. Paste (Ctrl+V) the information from the Clipboard to a new post in this thread.

__________

Note #1: Unfortunately TeaTimer dialog does not differentiate among the various types of startup entries (Run, RunOnce, RunService, etc.), so from the TeaTimer dialog it is not possible to tell which key the entry is in.

[bb0bbby]

Here is the last couple logs:

& Thanks !

05/29/2008 12:14:15 AM Allowed (based on user decision) value "{362C56AA-6E4F-40C7-A0B5-85501DBDAD77}" (new data: "") added in ActiveX Distribution Unit!
05/29/2008 1:33:28 AM Allowed (based on user decision) value "TuneUp MemOptimizer" (new data: "") deleted in System Startup user entry!
05/29/2008 2:01:42 AM Denied (based on user blacklist) value "ctfmon.exe" (new data: "C:\WINDOWS\system32\ctfmon.exe") added in System Startup user entry!
05/29/2008 2:01:45 AM Denied (based on user blacklist) value "*Restore" (new data: "") deleted in System Startup global entry!
05/29/2008 2:01:59 AM Denied (based on user decision) value "DeleteScanner" (new data: "") deleted in System Startup global entry!
05/29/2008 11:00:41 AM Denied (based on user blacklist) value "ctfmon.exe" (new data: "C:\WINDOWS\system32\ctfmon.exe") added in System Startup user entry!
05/29/2008 11:00:41 AM Denied (based on user blacklist) value "*Restore" (new data: "") deleted in System Startup global entry!
05/29/2008 12:45:41 PM Denied (based on user decision) value "DeleteScanner" (new data: "") deleted in System Startup global entry!

[md usa spybot fan]

bb0bbby:

I don't see a "Resident.log" entry where the "... value "DeleteScanner" was "... added in System Startup global entry!".

Check if it occurred before "05/29/2008 12:14:15 AM".

If you find the "Resident.log" entry, my question will be "What were you doing" at the time that entry was added.

[Lacie]

I am having some difficulty with this message. After I denied the change of AVP (catagory systems startup global entries.) Any suggestions?

[bb0bbby]

This occured after I booted. I don't think anything else caused it.

here is the whole root.log


3/26/2008 1:54:48 AM Allowed (based on authenticode whitelist) value "SpybotSD TeaTimer" (new data: "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe") added in System Startup user entry!
3/26/2008 1:54:48 AM Denied (based on user blacklist) value "avgnt" (new data: "") deleted in System Startup global entry!
3/26/2008 1:54:48 AM Denied (based on user blacklist) value "SBCSTray" (new data: "") deleted in System Startup global entry!
3/26/2008 1:57:42 AM Allowed (based on authenticode whitelist) value "SpybotSD TeaTimer" (new data: "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe") added in System Startup user entry!
3/26/2008 1:57:42 AM Denied (based on user blacklist) value "avgnt" (new data: "") deleted in System Startup global entry!
3/26/2008 1:57:42 AM Denied (based on user blacklist) value "SBCSTray" (new data: "") deleted in System Startup global entry!
3/26/2008 2:01:42 AM Allowed (based on user decision) value "avgnt" (new data: "") deleted in System Startup global entry!
3/26/2008 2:01:45 AM Allowed (based on user decision) value "SBCSTray" (new data: "") deleted in System Startup global entry!
3/26/2008 2:13:19 AM Denied (based on user blacklist) value "ctfmon.exe" (new data: "C:\WINDOWS\system32\ctfmon.exe") added in System Startup user entry!
3/26/2008 2:15:49 AM Allowed (based on user decision) value "Start Page" (new data: "http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome") changed in Browser page!
3/26/2008 2:16:00 AM Allowed (based on user decision) value "Start Page" (new data: "http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome") changed in Browser page!
3/26/2008 2:17:45 AM Allowed (based on user decision) value "Start Page" (new data: "http://www.msn.com") changed in Browser page!
3/26/2008 2:18:30 AM Denied (based on user decision) value "{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}" (new data: "hex:39,B2,D4,F0,4B,DA,AF,4D,81,E4,DF,EE,49,31,A4,AA") added in User-specific browser toolbar!
3/26/2008 2:18:34 AM Denied (based on user blacklist) value "{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}" (new data: "hex:39,B2,D4,F0,4B,DA,AF,4D,81,E4,DF,EE,49,31,A4,AA") added in User-specific browser toolbar!
3/26/2008 2:21:00 AM Denied (based on user blacklist) value "ctfmon.exe" (new data: "C:\WINDOWS\system32\ctfmon.exe") added in System Startup user entry!
3/26/2008 2:21:36 AM Denied (based on user blacklist) value "{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}" (new data: "hex:39,B2,D4,F0,4B,DA,AF,4D,81,E4,DF,EE,49,31,A4,AA") added in User-specific browser toolbar!
3/26/2008 2:32:24 AM Denied (based on user decision) value "{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}" (new data: "hex:39,B2,D4,F0,4B,DA,AF,4D,81,E4,DF,EE,49,31,A4,AA") added in User-specific browser toolbar!
3/26/2008 2:42:39 AM Denied (based on user decision) value "{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}" (new data: "hex:39,B2,D4,F0,4B,DA,AF,4D,81,E4,DF,EE,49,31,A4,AA") added in User-specific browser toolbar!
3/26/2008 12:39:55 PM Denied (based on user decision) value "{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}" (new data: "hex:39,B2,D4,F0,4B,DA,AF,4D,81,E4,DF,EE,49,31,A4,AA") added in User-specific browser toolbar!
3/26/2008 12:40:06 PM Denied (based on user decision) value "{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}" (new data: "hex:39,B2,D4,F0,4B,DA,AF,4D,81,E4,DF,EE,49,31,A4,AA") added in User-specific browser toolbar!
3/26/2008 1:50:41 PM Denied (based on user decision) value "{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}" (new data: "hex:39,B2,D4,F0,4B,DA,AF,4D,81,E4,DF,EE,49,31,A4,AA") added in User-specific browser toolbar!
3/26/2008 1:57:04 PM Denied (based on user decision) value "{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}" (new data: "hex:39,B2,D4,F0,4B,DA,AF,4D,81,E4,DF,EE,49,31,A4,AA") added in User-specific browser toolbar!
3/26/2008 1:57:17 PM Denied (based on user decision) value "{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}" (new data: "hex:39,B2,D4,F0,4B,DA,AF,4D,81,E4,DF,EE,49,31,A4,AA") added in User-specific browser toolbar!
3/26/2008 2:51:19 PM Denied (based on user decision) value "{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}" (new data: "hex:39,B2,D4,F0,4B,DA,AF,4D,81,E4,DF,EE,49,31,A4,AA") added in User-specific browser toolbar!
3/26/2008 5:38:03 PM Denied (based on user blacklist) value "ctfmon.exe" (new data: "C:\WINDOWS\system32\ctfmon.exe") added in System Startup user entry!
3/26/2008 5:38:16 PM Denied (based on user decision) value "Local Page" (new data: "C:\windows\system32\blank.htm") changed in Browser page!
3/26/2008 5:38:24 PM Denied (based on user decision) value "Search Page" (new data: "http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch") changed in Browser page!
3/26/2008 5:38:28 PM Denied (based on user decision) value "Start Page" (new data: "http://www.msn.com") changed in Browser page!
3/26/2008 5:38:42 PM Denied (based on user decision) value "" (new data: "http://home.microsoft.com/access/autosearch.asp?p=%s") added in Browser page!
3/26/2008 5:39:07 PM Denied (based on user decision) value "Local Page" (new data: "C:\windows\system32\blank.htm") changed in Browser page!
3/26/2008 5:39:09 PM Denied (based on user decision) value "Search Page" (new data: "http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch") changed in Browser page!
3/26/2008 5:39:12 PM Denied (based on user decision) value "Start Page" (new data: "http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home") changed in Browser page!
3/26/2008 5:39:17 PM Denied (based on user decision) value "Default_Page_URL" (new data: "http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome") changed in Browser page!
3/26/2008 5:39:19 PM Denied (based on user decision) value "Default_Search_URL" (new data: "http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch") changed in Browser page!
3/26/2008 5:39:28 PM Denied (based on user decision) value "SearchAssistant" (new data: "http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm") added in Browser page!
3/26/2008 5:39:30 PM Denied (based on user decision) value "CustomizeSearch" (new data: "http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm") added in Browser page!
3/26/2008 5:39:40 PM Denied (based on user decision) value "Start Page" (new data: "http://www.msn.com") changed in Browser page!
3/26/2008 5:39:48 PM Denied (based on user blacklist) value "Start Page" (new data: "http://www.msn.com") changed in Browser page!
3/26/2008 5:39:53 PM Denied (based on user blacklist) value "Start Page" (new data: "http://www.msn.com") changed in Browser page!
3/26/2008 5:39:56 PM Denied (based on user blacklist) value "Start Page" (new data: "http://www.msn.com") changed in Browser page!
3/26/2008 5:40:25 PM Denied (based on user blacklist) value "Start Page" (new data: "http://www.msn.com") changed in Browser page!
3/26/2008 5:40:32 PM Denied (based on user blacklist) value "Start Page" (new data: "http://www.msn.com") changed in Browser page!
3/26/2008 5:40:34 PM Denied (based on user blacklist) value "Start Page" (new data: "http://www.msn.com") changed in Browser page!
3/26/2008 5:40:36 PM Denied (based on user blacklist) value "Start Page" (new data: "http://www.msn.com") changed in Browser page!
3/26/2008 5:40:38 PM Denied (based on user blacklist) value "Start Page" (new data: "http://www.msn.com") changed in Browser page!
3/26/2008 5:40:40 PM Denied (based on user blacklist) value "Start Page" (new data: "http://www.msn.com") changed in Browser page!
3/26/2008 5:40:44 PM Denied (based on user blacklist) value "Start Page" (new data: "http://www.msn.com") changed in Browser page!
3/26/2008 5:40:49 PM Denied (based on user blacklist) value "Start Page" (new data: "http://www.msn.com") changed in Browser page!
3/26/2008 5:40:52 PM Denied (based on user blacklist) value "Start Page" (new data: "http://www.msn.com") changed in Browser page!
3/26/2008 5:41:08 PM Denied (based on user blacklist) value "Start Page" (new data: "http://www.msn.com") changed in Browser page!
3/26/2008 5:41:24 PM Denied (based on user blacklist) value "Start Page" (new data: "http://www.msn.com") changed in Browser page!
3/26/2008 5:41:38 PM Denied (based on user blacklist) value "Start Page" (new data: "http://www.msn.com") changed in Browser page!
3/26/2008 5:41:39 PM Denied (based on user blacklist) value "Start Page" (new data: "http://www.msn.com") changed in Browser page!
3/26/2008 5:41:42 PM Denied (based on user blacklist) value "Start Page" (new data: "http://www.msn.com") changed in Browser page!
3/26/2008 5:42:14 PM Denied (based on user decision) value "{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}" (new data: "hex:39,B2,D4,F0,4B,DA,AF,4D,81,E4,DF,EE,49,31,A4,AA") added in User-specific browser toolbar!
3/26/2008 5:42:55 PM Denied (based on user decision) value "{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}" (new data: "hex:39,B2,D4,F0,4B,DA,AF,4D,81,E4,DF,EE,49,31,A4,AA") added in User-specific browser toolbar!
3/26/2008 6:11:49 PM Denied (based on user decision) value "{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}" (new data: "hex:39,B2,D4,F0,4B,DA,AF,4D,81,E4,DF,EE,49,31,A4,AA") added in User-specific browser toolbar!
3/26/2008 6:14:18 PM Denied (based on user decision) value "{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}" (new data: "hex:39,B2,D4,F0,4B,DA,AF,4D,81,E4,DF,EE,49,31,A4,AA") added in User-specific browser toolbar!
3/26/2008 6:24:35 PM Denied (based on user decision) value "{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}" (new data: "hex:39,B2,D4,F0,4B,DA,AF,4D,81,E4,DF,EE,49,31,A4,AA") added in User-specific browser toolbar!
3/27/2008 1:17:24 AM Allowed (based on user decision) value "scrnsave.exe" (new data: "C:\WINDOWS\system32\ssmypics.scr") changed in Desktop settings!
3/27/2008 2:11:46 AM Denied (based on user decision) value "{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}" (new data: "hex:39,B2,D4,F0,4B,DA,AF,4D,81,E4,DF,EE,49,31,A4,AA") added in User-specific browser toolbar!
3/27/2008 11:07:34 AM Denied (based on user blacklist) value "ctfmon.exe" (new data: "C:\WINDOWS\system32\ctfmon.exe") added in System Startup user entry!
3/27/2008 11:15:36 AM Denied (based on user decision) value "{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}" (new data: "hex:39,B2,D4,F0,4B,DA,AF,4D,81,E4,DF,EE,49,31,A4,AA") added in User-specific browser toolbar!
3/27/2008 12:51:08 PM Denied (based on user decision) value "{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}" (new data: "hex:39,B2,D4,F0,4B,DA,AF,4D,81,E4,DF,EE,49,31,A4,AA") added in User-specific browser toolbar!
3/27/2008 12:51:32 PM Allowed (based on user decision) value "Start Page" (new data: "http://www.msn.com/") changed in Browser page!
3/27/2008 2:07:48 PM Denied (based on user decision) value "{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}" (new data: "hex:39,B2,D4,F0,4B,DA,AF,4D,81,E4,DF,EE,49,31,A4,AA") added in User-specific browser toolbar!
3/27/2008 2:10:51 PM Denied (based on user decision) value "{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}" (new data: "hex:39,B2,D4,F0,4B,DA,AF,4D,81,E4,DF,EE,49,31,A4,AA") added in User-specific browser toolbar!
3/27/2008 2:37:50 PM Denied (based on user decision) value "{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}" (new data: "hex:39,B2,D4,F0,4B,DA,AF,4D,81,E4,DF,EE,49,31,A4,AA") added in User-specific browser toolbar!
3/27/2008 2:37:54 PM Denied (based on user decision) value "{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}" (new data: "hex:39,B2,D4,F0,4B,DA,AF,4D,81,E4,DF,EE,49,31,A4,AA") added in User-specific browser toolbar!
3/27/2008 3:34:16 PM Denied (based on user decision) value "{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}" (new data: "hex:39,B2,D4,F0,4B,DA,AF,4D,81,E4,DF,EE,49,31,A4,AA") added in User-specific browser toolbar!
3/27/2008 7:18:09 PM Denied (based on user blacklist) value "ctfmon.exe" (new data: "C:\WINDOWS\system32\ctfmon.exe") added in System Startup user entry!
3/28/2008 1:35:25 AM Denied (based on user blacklist) value "ctfmon.exe" (new data: "C:\WINDOWS\system32\ctfmon.exe") added in System Startup user entry!
3/28/2008 1:37:42 AM Denied (based on user decision) value "load" (new data: "") added in NT startup!
3/28/2008 10:59:20 AM Denied (based on user blacklist) value "ctfmon.exe" (new data: "C:\WINDOWS\system32\ctfmon.exe") added in System Startup user entry!
3/28/2008 11:02:42 AM Allowed (based on user decision) value "BootExecute" (new data: "autocheck autochk *
") changed in Session manager!
3/28/2008 11:09:48 AM Denied (based on user decision) value "{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}" (new data: "hex:39,B2,D4,F0,4B,DA,AF,4D,81,E4,DF,EE,49,31,A4,AA") added in User-specific browser toolbar!
3/28/2008 12:04:06 PM Denied (based on user decision) value "{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}" (new data: "hex:39,B2,D4,F0,4B,DA,AF,4D,81,E4,DF,EE,49,31,A4,AA") added in User-specific browser toolbar!
3/28/2008 12:18:21 PM Denied (based on user decision) value "{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}" (new data: "hex:39,B2,D4,F0,4B,DA,AF,4D,81,E4,DF,EE,49,31,A4,AA") added in User-specific browser toolbar!
3/28/2008 12:33:47 PM Denied (based on user decision) value "{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}" (new data: "hex:39,B2,D4,F0,4B,DA,AF,4D,81,E4,DF,EE,49,31,A4,AA") added in User-specific browser toolbar!
3/28/2008 3:24:52 PM Allowed (based on user decision) value "Ad-Watch" (new data: "") deleted in System Startup global entry!
3/28/2008 3:25:00 PM Allowed (based on user decision) value "RogueMonitor" (new data: "") deleted in System Startup user entry!
3/28/2008 3:44:07 PM Allowed (based on user decision) value "ZoneAlarm Client" (new data: "") deleted in System Startup global entry!
3/28/2008 3:44:31 PM Allowed (based on user decision) value "ZoneAlarm Client" (new data: ""C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"") added in System Startup global entry!
3/28/2008 3:48:28 PM Allowed (based on user decision) value "ctfmon.exe" (new data: "C:\WINDOWS\system32\ctfmon.exe") added in System Startup user entry!
3/28/2008 3:49:07 PM Allowed (based on user decision) value "BootExecute" (new data: "autocheck autochk *
") changed in Session manager!
3/28/2008 4:05:46 PM Allowed (based on user decision) value "{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}" (new data: "hex:39,B2,D4,F0,4B,DA,AF,4D,81,E4,DF,EE,49,31,A4,AA") added in User-specific browser toolbar!
3/30/2008 6:33:13 PM Allowed (based on user decision) value "AVG8_TRAY" (new data: "C:\PROGRA~1\AVG\AVG8\avgtray.exe") added in System Startup global entry!
3/30/2008 6:44:49 PM Allowed (based on user decision) value "{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}" (new data: "") added in Browser Helper Object!
3/30/2008 6:44:55 PM Allowed (based on user decision) value "{A057A204-BACC-4D26-9990-79A187E2698E}" (new data: "984646359") added in Global browser toolbar!
3/30/2008 6:44:57 PM Allowed (based on user decision) value "{A057A204-BACC-4D26-9990-79A187E2698E}" (new data: "") added in Browser Helper Object!
3/30/2008 8:14:12 PM Allowed (based on user decision) value "{A057A204-BACC-4D26-9990-79A187E2698E}" (new data: "hex:04,A2,57,A0,CC,BA,26,4D,99,90,79,A1,87,E2,69,8E") added in User-specific browser toolbar!
3/30/2008 8:28:26 PM Allowed (based on user decision) value "!SASWinLogon" (new data: "") deleted in Winlogon Notifiers!
3/30/2008 8:28:29 PM Allowed (based on user decision) value "SUPERAntiSpyware" (new data: "") deleted in System Startup user entry!
3/31/2008 11:35:08 AM Allowed (based on user decision) value "{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}" (new data: "") deleted in User-specific browser toolbar!
3/31/2008 11:46:19 AM Allowed (based on user decision) value "{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}" (new data: "hex:39,B2,D4,F0,4B,DA,AF,4D,81,E4,DF,EE,49,31,A4,AA") added in User-specific browser toolbar!
3/31/2008 12:16:15 PM Allowed (based on user whitelist) value "{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}" (new data: "") deleted in User-specific browser toolbar!
3/31/2008 12:17:02 PM Allowed (based on user whitelist) value "{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}" (new data: "hex:39,B2,D4,F0,4B,DA,AF,4D,81,E4,DF,EE,49,31,A4,AA") added in User-specific browser toolbar!
4/1/2008 11:25:55 AM Allowed (based on user decision) value "Windows Defender" (new data: "") deleted in System Startup global entry!
4/1/2008 11:33:53 AM Allowed (based on user whitelist) value "ZoneAlarm Client" (new data: "") deleted in System Startup global entry!
4/1/2008 11:34:10 AM Allowed (based on user decision) value "" (new data: "") added in System Startup global entry!
4/1/2008 11:37:22 AM Allowed (based on user decision) value "" (new data: "") deleted in System Startup global entry!
4/1/2008 11:44:11 AM Allowed (based on user decision) value "ctfmon.exe" (new data: "") deleted in System Startup user entry!
4/1/2008 11:45:17 AM Allowed (based on user decision) value "ScanSoft OmniPage 16-reminder" (new data: "") deleted in System Startup global entry!
4/1/2008 11:45:19 AM Allowed (based on user decision) value "SSBkgdUpdate" (new data: "") deleted in System Startup global entry!
4/1/2008 11:45:20 AM Allowed (based on user decision) value "QuickTime Task" (new data: "") deleted in System Startup global entry!
4/1/2008 11:45:21 AM Allowed (based on user decision) value "iTunesHelper" (new data: "") deleted in System Startup global entry!
4/1/2008 12:33:52 PM Allowed (based on user decision) value "ctfmon.exe" (new data: "C:\WINDOWS\system32\ctfmon.exe") added in System Startup user entry!
4/1/2008 5:01:12 PM Denied (based on user decision) value "UserFaultCheck" (new data: "%systemroot%\system32\dumprep 0 -u") added in System Startup global entry!
4/2/2008 8:07:27 AM Allowed (based on user decision) value "ITBarLayout" (new data: "") deleted in User-specific browser toolbar!
4/2/2008 8:07:27 AM Allowed (based on user whitelist) value "{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}" (new data: "") deleted in User-specific browser toolbar!
4/2/2008 8:07:31 AM Allowed (based on user decision) value "{F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA}" (new data: "") deleted in Global browser toolbar!
4/2/2008 8:07:33 AM Allowed (based on user decision) value "{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}" (new data: "") deleted in Browser Helper Object!
4/2/2008 8:07:38 AM Allowed (based on user decision) value "ZoneAlarmSB Uninstall" (new data: "rundll32 C:\PROGRA~1\UNINST~1.DLL,O -3") added in System Startup global entry!
4/2/2008 4:59:54 PM Allowed (based on user decision) value "ZoneAlarmSB Uninstall" (new data: "") deleted in System Startup global entry!
4/4/2008 2:37:20 AM Allowed (based on user decision) value "BootExecute" (new data: "autocheck autochk *
lsdelete
") changed in Session manager!
4/4/2008 3:00:49 AM Allowed (based on user decision) value "BootExecute" (new data: "autocheck autochk *
lsdelete
") changed in Session manager!
4/4/2008 3:55:23 PM Allowed (based on user decision) value "InvisibleBrowsing" (new data: "C:\Program Files\Invisible Browsing\InvisibleBrowsing.exe") added in System Startup global entry!
4/4/2008 4:01:08 PM Allowed (based on user decision) value "InvisibleBrowsing" (new data: "") deleted in System Startup global entry!
4/4/2008 4:09:55 PM Allowed (based on user decision) value "BootExecute" (new data: "autocheck autochk *
") changed in Session manager!
4/4/2008 4:27:17 PM Allowed (based on user decision) value "InvisibleBrowsing" (new data: "C:\Program Files\Invisible Browsing\InvisibleBrowsing.exe") added in System Startup global entry!
4/4/2008 4:57:25 PM Allowed (based on user decision) value "BootExecute" (new data: "autocheck autochk *
") changed in Session manager!
4/4/2008 4:58:42 PM Allowed (based on user whitelist) value "InvisibleBrowsing" (new data: "") deleted in System Startup global entry!
4/7/2008 2:09:05 AM Allowed (based on user decision) value "AutoRun" (new data: "") deleted in Command processor!
2008-04-07 02:15:42 Allowed (based on user decision) value "Search Page" (new data: "http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch") changed in Browser page!
2008-04-07 02:15:46 Allowed (based on user decision) value "SearchAssistant" (new data: "http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm") added in Browser page!
2008-04-07 02:15:49 Allowed (based on user decision) value "CustomizeSearch" (new data: "http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm") added in Browser page!
2008-04-07 02:15:52 Allowed (based on user decision) value "scrnsave.exe" (new data: "") deleted in Desktop settings!
4/8/2008 8:57:08 PM Allowed (based on user decision) value "{48DD0448-9209-4F81-9F6D-D83562940134}" (new data: "") added in ActiveX Distribution Unit!
4/9/2008 9:57:54 PM Allowed (based on user decision) value "WinampAgent" (new data: ""C:\Program Files\Winamp\winampa.exe"") added in System Startup global entry!
4/9/2008 10:03:01 PM Allowed (based on user decision) value "QuickTime Task" (new data: ""C:\Program Files\QuickTime\QTTask.exe" -atboottime") added in System Startup global entry!
4/9/2008 10:07:29 PM Allowed (based on user decision) value "iTunesHelper" (new data: ""C:\Program Files\iTunes\iTunesHelper.exe"") added in System Startup global entry!
4/10/2008 1:38:40 AM Allowed (based on user decision) value "scrnsave.exe" (new data: "C:\WINDOWS\System32\logon.scr") added in Desktop settings!
4/10/2008 11:02:06 AM Allowed (based on user decision) value "WinampAgent" (new data: "") deleted in System Startup global entry!
4/10/2008 6:31:21 PM Allowed (based on user decision) value "XPRepairPro2007" (new data: "C:\Program Files\XP Repair Pro 2007\XPRepairPro.exe /r") added in System Startup user entry!
4/14/2008 1:01:13 AM Allowed (based on user decision) value "BootExecute" (new data: "autocheck autochk *
lsdelete
") changed in Session manager!
4/14/2008 1:15:11 AM Allowed (based on user decision) value "AnyDVD" (new data: ""C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe"") added in System Startup user entry!
4/14/2008 1:18:56 AM Allowed (based on user decision) value "AnyDVD" (new data: "C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe") changed in System Startup user entry!
4/14/2008 1:18:58 AM Allowed (based on user decision) value "BootExecute" (new data: "autocheck autochk *
lsdelete
") changed in Session manager!
4/14/2008 1:27:57 AM Allowed (based on user decision) value "Ad-Watch" (new data: "C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Watch2007.exe") added in System Startup global entry!
4/14/2008 1:47:42 AM Allowed (based on user decision) value "XPRepairPro2007" (new data: "") deleted in System Startup user entry!
4/15/2008 1:17:07 AM Allowed (based on user decision) value "NeroFilterCheck" (new data: "C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe") added in System Startup global entry!
4/15/2008 1:18:17 AM Allowed (based on user decision) value "NBKeyScan" (new data: ""C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"") added in System Startup global entry!
4/15/2008 1:18:22 AM Allowed (based on user decision) value "IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}" (new data: ""C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020") added in System Startup user entry!
4/15/2008 1:18:26 AM Allowed (based on user decision) value "NeroHomeFirstStart" (new data: ""C:\Program Files\Common Files\Nero\Lib\NMFirstStart.exe"") added in System Startup user entry!
4/15/2008 1:19:16 AM Allowed (based on user decision) value "WinSideBySideSetupCleanup 18970908" (new data: "rundll32 sxs.dll,SxspRunDllDeleteDirectory C:\WINDOWS\WinSxS\InstallTemp\18970908") added in System Startup global entry!
4/15/2008 1:22:15 AM Allowed (based on user decision) value "NeroHomeFirstStart" (new data: "") deleted in System Startup user entry!
4/15/2008 2:04:34 AM Allowed (based on user decision) value "LaunchList" (new data: "C:\Program Files\Pinnacle\Studio 11\LaunchList2.exe") added in System Startup user entry!
4/15/2008 2:08:46 AM Allowed (based on user decision) value "wextract_cleanup0" (new data: "rundll32.exe C:\WINDOWS\system32\advpack.dll,DelNodeRunDLL32 "C:\DOCUME~1\Bouscher\LOCALS~1\Temp\IXP000.TMP\"") added in System Startup global entry!
4/15/2008 2:08:50 AM Allowed (based on user decision) value "wextract_cleanup0" (new data: "") deleted in System Startup global entry!
4/15/2008 2:13:17 AM Allowed (based on user decision) value "InstallShieldSetup" (new data: "C:\PROGRA~1\INSTAL~1\{110B1~1\Setup2.exe -rebootC:\PROGRA~1\INSTAL~1\{110B1~1\reboot.ini -l0x9") added in System Startup global entry!
4/15/2008 2:17:43 AM Allowed (based on user decision) value "InstallShieldSetup" (new data: "") deleted in System Startup global entry!
4/15/2008 2:18:53 AM Allowed (based on user decision) value "AnyDVD" (new data: "") deleted in System Startup user entry!
4/15/2008 2:28:52 AM Allowed (based on user decision) value "{4871A87A-BFDD-4106-8153-FFDE2BAC2967}" (new data: "") added in ActiveX Distribution Unit!
4/15/2008 2:38:43 AM Allowed (based on user decision) value "ATIModeChange" (new data: "Ati2mdxx.exe") added in System Startup global entry!
4/15/2008 2:38:47 AM Allowed (based on user decision) value "AtiExtEvent" (new data: "") added in Winlogon Notifiers!
4/15/2008 2:39:29 AM Allowed (based on user whitelist) value "wextract_cleanup0" (new data: "rundll32.exe C:\WINDOWS\system32\advpack.dll,DelNodeRunDLL32 "C:\DOCUME~1\Bouscher\LOCALS~1\Temp\IXP000.TMP\"") added in System Startup global entry!
4/15/2008 2:39:40 AM Allowed (based on user whitelist) value "wextract_cleanup0" (new data: "") deleted in System Startup global entry!
4/15/2008 2:40:45 AM Allowed (based on user decision) value "StartCCC" (new data: ""C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"") added in System Startup global entry!
4/15/2008 2:41:38 AM Allowed (based on user decision) value "Steam" (new data: ""C:\Program Files\Steam\Steam.exe" -silent") added in System Startup user entry!
4/15/2008 2:42:03 AM Allowed (based on user decision) value "ATICustomerCare" (new data: ""C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe"") added in System Startup global entry!
4/15/2008 2:45:17 AM Allowed (based on user decision) value "ATIModeChange" (new data: "") deleted in System Startup global entry!
4/15/2008 2:45:24 AM Allowed (based on user decision) value "ATICustomerCare" (new data: "") deleted in System Startup global entry!
4/15/2008 2:46:25 AM Allowed (based on user decision) value "TrojanScanner" (new data: "") deleted in System Startup global entry!
4/15/2008 11:26:16 AM Allowed (based on user decision) value "Steam" (new data: "") deleted in System Startup user entry!
4/15/2008 12:20:47 PM Allowed (based on user decision) value "NeroFilterCheck" (new data: "") deleted in System Startup global entry!
4/15/2008 4:07:23 PM Allowed (based on user whitelist) value "QuickTime Task" (new data: ""C:\Program Files\QuickTime\qttask.exe" -atboottime") changed in System Startup global entry!
4/15/2008 10:31:42 PM Denied (based on user decision) value "au" (new data: "C:\Program Files\Dealio\DealioAU.exe") added in System Startup global entry!
4/16/2008 2:33:36 AM Allowed (based on user whitelist) value "BootExecute" (new data: "autocheck autochk *
") changed in Session manager!
4/16/2008 2:35:33 AM Allowed (based on user decision) value "IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}" (new data: "") deleted in System Startup user entry!
4/16/2008 2:35:36 AM Allowed (based on user decision) value "Ad-Watch" (new data: "") deleted in System Startup global entry!
4/16/2008 2:35:38 AM Allowed (based on user decision) value "NBKeyScan" (new data: "") deleted in System Startup global entry!
4/16/2008 2:37:28 AM Allowed (based on user decision) value "ccleaner" (new data: ""C:\Program Files\CCleaner\CCleaner.exe" /AUTO") added in System Startup user entry!
4/16/2008 9:22:17 AM Allowed (based on user decision) value "BootExecute" (new data: "autocheck autochk *
") changed in Session manager!
4/16/2008 10:56:12 AM Allowed (based on authenticode whitelist) value "SpybotSnD" (new data: ""C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck") added in System Startup global entry!
4/16/2008 12:08:11 PM Allowed (based on user decision) value "HijackThis startup scan" (new data: "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe /startupscan") added in System Startup user entry!
4/17/2008 1:33:48 AM Allowed (based on user decision) value "SpybotSnD" (new data: "") deleted in System Startup global entry!
4/17/2008 1:55:55 AM Allowed (based on user decision) value "DLD.EXE" (new data: "") added in System Startup user entry!
4/17/2008 1:56:01 AM Allowed (based on user decision) value "DLD.EXE" (new data: "C:\Program Files\Download Direct\DLD.exe") changed in System Startup user entry!
4/17/2008 2:05:28 AM Allowed (based on user whitelist) value "BootExecute" (new data: "autocheck autochk *
lsdelete
") changed in Session manager!
4/17/2008 2:51:12 AM Allowed (based on user whitelist) value "BootExecute" (new data: "autocheck autochk *
") changed in Session manager!
4/17/2008 3:12:19 AM Allowed (based on user decision) value "SpyHunter Security Suite" (new data: "C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe") added in System Startup global entry!
4/17/2008 3:19:05 AM Denied (based on user decision) value "SpyHunter Security Suite" (new data: ""C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe"") changed in System Startup global entry!
4/17/2008 3:19:40 AM Allowed (based on user decision) value "SpyHunter Security Suite" (new data: "") deleted in System Startup global entry!
4/17/2008 3:23:42 AM Allowed (based on user decision) value "H/PC Connection Agent" (new data: "") deleted in System Startup user entry!
4/17/2008 3:23:52 AM Allowed (based on user decision) value "DWQueuedReporting" (new data: "") deleted in System Startup user entry!
4/17/2008 3:23:59 AM Allowed (based on user decision) value "SpybotSD TeaTimer" (new data: "") deleted in System Startup user entry!
4/17/2008 3:24:03 AM Allowed (based on user decision) value "ctfmon.exe" (new data: "") deleted in System Startup user entry!
4/17/2008 3:24:07 AM Allowed (based on user decision) value "LaunchList" (new data: "") deleted in System Startup user entry!
4/17/2008 3:24:14 AM Allowed (based on user decision) value "ccleaner" (new data: "") deleted in System Startup user entry!
4/17/2008 3:24:16 AM Allowed (based on user decision) value "HijackThis startup scan" (new data: "") deleted in System Startup user entry!
4/17/2008 3:24:19 AM Allowed (based on user decision) value "DLD.EXE" (new data: "") deleted in System Startup user entry!
4/17/2008 3:34:13 AM Allowed (based on user decision) value "scrnsave.exe" (new data: "C:\WINDOWS\system32\ssmypics.scr") changed in Desktop settings!
4/17/2008 3:39:51 AM Allowed (based on user whitelist) value "scrnsave.exe" (new data: "C:\WINDOWS\System32\logon.scr") changed in Desktop settings!
4/17/2008 3:42:58 AM Allowed (based on user whitelist) value "scrnsave.exe" (new data: "C:\WINDOWS\system32\logon.scr") changed in Desktop settings!
4/17/2008 3:43:20 AM Allowed (based on user whitelist) value "scrnsave.exe" (new data: "C:\WINDOWS\System32\logon.scr") changed in Desktop settings!
4/17/2008 3:45:12 AM Allowed (based on user whitelist) value "scrnsave.exe" (new data: "C:\WINDOWS\system32\logon.scr") changed in Desktop settings!
4/18/2008 12:35:34 PM Allowed (based on user whitelist) value "scrnsave.exe" (new data: "C:\WINDOWS\System32\logon.scr") changed in Desktop settings!
4/18/2008 12:43:05 PM Allowed (based on user whitelist) value "ATIModeChange" (new data: "Ati2mdxx.exe") added in System Startup global entry!
4/18/2008 12:43:05 PM Allowed (based on user whitelist) value "AtiExtEvent" (new data: "") deleted in Winlogon Notifiers!
4/18/2008 12:43:48 PM Allowed (based on user decision) value "InstallShieldSetup" (new data: "C:\PROGRA~1\INSTAL~1\{0BEDB~1\setup.exe -rebootC:\PROGRA~1\INSTAL~1\{0BEDB~1\reboot.ini ") added in System Startup global entry!
4/18/2008 12:57:39 PM Allowed (based on user whitelist) value "ATIModeChange" (new data: "") deleted in System Startup global entry!
4/18/2008 12:58:03 PM Allowed (based on user decision) value "InstallShieldSetup" (new data: "") deleted in System Startup global entry!
4/22/2008 12:41:17 AM Denied (based on user decision) value "First Home Page" (new data: "http://go.microsoft.com/fwlink/?LinkId=54843") added in Browser page!
4/22/2008 2:30:48 AM Allowed (based on user decision) value "ZoneAlarm Client" (new data: ""C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"") added in System Startup global entry!
4/22/2008 3:14:24 AM Allowed (based on user decision) value "!SASWinLogon" (new data: "") added in Winlogon Notifiers!
4/22/2008 3:14:29 AM Allowed (based on user decision) value "SUPERAntiSpyware" (new data: "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe") added in System Startup user entry!
4/22/2008 7:48:05 AM Denied (based on user decision) value "Start Page" (new data: "http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome") changed in Browser page!
4/22/2008 9:11:09 AM Allowed (based on user decision) value "{02478D38-C3F9-4efb-9B51-7695ECA05670}" (new data: "") deleted in Browser Helper Object!
4/22/2008 12:52:16 PM Allowed (based on user decision) value "srePostpone" (new data: "rundll32.exe c:\windows\system32\zonelabs\srescan.dll,DoSpecialAction") added in System Startup global entry!
4/22/2008 12:59:48 PM Allowed (based on user decision) value "srePostpone" (new data: "") deleted in System Startup global entry!
4/22/2008 6:08:49 PM Allowed (based on user decision) value "scrnsave.exe" (new data: "C:\WINDOWS\system32\ssmypics.scr") changed in Desktop settings!
4/22/2008 11:30:06 PM Allowed (based on user decision) value "SUPERAntiSpyware" (new data: "") deleted in System Startup user entry!
4/22/2008 11:30:07 PM Allowed (based on user whitelist) value "!SASWinLogon" (new data: "") deleted in Winlogon Notifiers!
4/22/2008 11:32:05 PM Allowed (based on user decision) value "ZoneAlarm Client" (new data: "") deleted in System Startup global entry!
4/22/2008 11:32:31 PM Allowed (based on user decision) value "" (new data: "") added in System Startup global entry!
4/22/2008 11:41:28 PM Allowed (based on user decision) value "" (new data: "") deleted in System Startup global entry!
4/23/2008 12:38:27 AM Allowed (based on user decision) value "Start Page" (new data: "http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome") changed in Browser page!
4/23/2008 12:44:44 AM Allowed (based on user decision) value "{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (new data: "") deleted in Global browser toolbar!
4/23/2008 12:06:52 PM Allowed (based on user whitelist) value "ZoneAlarm Client" (new data: ""C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"") added in System Startup global entry!
4/23/2008 2:59:06 PM Allowed (based on user decision) value "*Restore" (new data: "C:\WINDOWS\system32\restore\rstrui.exe -i") added in System Startup global entry!
2008-04-23 15:03:40 Allowed (based on user decision) value "H/PC Connection Agent" (new data: ""C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"") changed in System Startup user entry!
2008-04-23 15:03:50 Allowed (based on user decision) value "DWQueuedReporting" (new data: ""C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t") added in System Startup user entry!
2008-04-23 15:04:00 Denied (based on user decision) value "TrojanScanner" (new data: "C:\Program Files\Trojan Remover\Trjscan.exe") added in System Startup global entry!
2008-04-23 15:04:08 Denied (based on user decision) value "QuickTime Task" (new data: "") deleted in System Startup global entry!
2008-04-23 15:04:10 Denied (based on user decision) value "iTunesHelper" (new data: "") deleted in System Startup global entry!
2008-04-23 15:04:14 Denied (based on user decision) value "StartCCC" (new data: "") deleted in System Startup global entry!
2008-04-23 15:04:17 Denied (based on user decision) value "*Restore" (new data: "") deleted in System Startup global entry!
2008-04-23 15:04:21 Allowed (based on user decision) value "Start Page" (new data: "http://www.msn.com/") changed in Browser page!
2008-04-23 17:47:08 Denied (based on user decision) value "First Home Page" (new data: "http://go.microsoft.com/fwlink/?LinkId=54843") added in Browser page!
2008-04-24 12:03:46 Allowed (based on user decision) value "*Restore" (new data: "") deleted in System Startup global entry!
2008-04-25 16:09:52 Allowed (based on user decision) value "WinSideBySideSetupCleanup 5258505" (new data: "rundll32 sxs.dll,SxspRunDllDeleteDirectory C:\WINDOWS\WinSxS\InstallTemp\5258505") added in System Startup global entry!
2008-04-25 16:09:56 Allowed (based on user decision) value "WinSideBySideSetupCleanup 5258505" (new data: "") deleted in System Startup global entry!
2008-04-26 14:35:53 Allowed (based on user decision) value "wextract_cleanup0" (new data: "rundll32.exe C:\WINDOWS\system32\advpack.dll,DelNodeRunDLL32 "C:\DOCUME~1\Bouscher\LOCALS~1\Temp\IXP000.TMP\"") added in System Startup global entry!
2008-04-26 14:39:52 Allowed (based on user decision) value "wextract_cleanup0" (new data: "") deleted in System Startup global entry!
2008-04-26 14:42:08 Allowed (based on user decision) value "ATIModeChange" (new data: "Ati2mdxx.exe") added in System Startup global entry!
2008-04-26 14:42:10 Allowed (based on user decision) value "AtiExtEvent" (new data: "") added in Winlogon Notifiers!
2008-04-26 14:45:24 Allowed (based on user decision) value "ATICustomerCare" (new data: ""C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe"") added in System Startup global entry!
2008-04-26 15:40:22 Allowed (based on user decision) value "ATIModeChange" (new data: "") deleted in System Startup global entry!
2008-04-26 15:40:32 Allowed (based on user decision) value "ATICustomerCare" (new data: "") deleted in System Startup global entry!
2008-04-26 19:35:48 Allowed (based on user decision) value "QuickTime Task" (new data: "") deleted in System Startup global entry!
2008-04-26 19:36:13 Allowed (based on user decision) value "QuickTime Task" (new data: ""C:\Program Files\QuickTime\QTTask.exe" -atboottime") added in System Startup global entry!
04/28/2008 11:58:38 PM Allowed (based on user decision) value "{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (new data: "") added in Internet Explorer searches!
04/30/2008 1:28:42 AM Allowed (based on user decision) value "{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (new data: "") deleted in Global browser toolbar!
04/30/2008 12:31:17 PM Allowed (based on user decision) value "ThreatFire" (new data: "C:\Program Files\ThreatFire\TFTray.exe") added in System Startup global entry!
05/01/2008 12:29:58 PM Allowed (based on user decision) value "ThreatFire" (new data: "") deleted in System Startup global entry!
05/01/2008 1:10:10 PM Allowed (based on user decision) value "{0055C089-8582-441B-A0BF-17B458C2A3A8}" (new data: "") added in Browser Helper Object!
05/01/2008 1:10:16 PM Allowed (based on user decision) value "IDMan" (new data: "C:\Program Files\Internet Download Manager\IDMan.exe /onboot") added in System Startup user entry!
05/01/2008 1:10:19 PM Allowed (based on user decision) value "Download all links with IDM" (new data: "") added in Browser menu extension!
05/01/2008 1:10:22 PM Allowed (based on user decision) value "Download FLV video content with IDM" (new data: "") added in Browser menu extension!
05/01/2008 1:10:24 PM Allowed (based on user decision) value "Download with IDM" (new data: "") added in Browser menu extension!
05/01/2008 1:54:59 PM Allowed (based on user decision) value "IDMan" (new data: "") deleted in System Startup user entry!
05/01/2008 1:55:00 PM Allowed (based on user whitelist) value "{0055C089-8582-441B-A0BF-17B458C2A3A8}" (new data: "") deleted in Browser Helper Object!
05/01/2008 1:55:00 PM Allowed (based on user whitelist) value "Download all links with IDM" (new data: "") deleted in Browser menu extension!
05/01/2008 1:55:01 PM Allowed (based on user whitelist) value "Download FLV video content with IDM" (new data: "") deleted in Browser menu extension!
05/01/2008 1:55:01 PM Allowed (based on user whitelist) value "Download with IDM" (new data: "") deleted in Browser menu extension!
05/01/2008 7:11:56 PM Allowed (based on user decision) value "OpAgent" (new data: "; "OpAgent.exe" /agent") added in System Startup user entry!
05/01/2008 7:12:03 PM Allowed (based on user decision) value "Uniblue RegistryBooster 2" (new data: "; C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S") added in System Startup user entry!
05/01/2008 7:29:48 PM Denied (based on user decision) value "SunJavaUpdateSched" (new data: "; "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"") changed in System Startup global entry!
05/01/2008 7:40:56 PM Denied (based on user decision) value "OEM05Mon.exe" (new data: "; C:\WINDOWS\OEM05Mon.exe") added in System Startup global entry!
05/01/2008 7:54:10 PM Allowed (based on user decision) value "ISUSPM" (new data: ""C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler") added in System Startup global entry!
05/03/2008 2:47:19 AM Allowed (based on user decision) value "InstallShieldSetup" (new data: ""C:\Program Files\InstallShield Installation Information\{C969FF9A-EFC9-4064-B580-702E3FA821C9}\setup.exe" -rebootC:\PROGRA~1\INSTAL~1\{C969F~1\reboot.ini") added in System Startup global entry!
05/03/2008 3:45:31 AM Allowed (based on user decision) value "{8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3}" (new data: "") added in Global browser toolbar!
05/03/2008 3:45:33 AM Allowed (based on user decision) value "{00C6482D-C502-44C8-8409-FCE54AD9C208}" (new data: "") added in Browser Helper Object!
05/03/2008 8:40:06 PM Allowed (based on user decision) value "InstallShieldSetup" (new data: "") deleted in System Startup global entry!
05/04/2008 11:25:49 AM Allowed (based on user whitelist) value "wextract_cleanup0" (new data: "rundll32.exe C:\WINDOWS\system32\advpack.dll,DelNodeRunDLL32 "C:\DOCUME~1\Bouscher\LOCALS~1\Temp\IXP000.TMP\"") added in System Startup global entry!
05/04/2008 11:25:50 AM Allowed (based on user whitelist) value "wextract_cleanup0" (new data: "") deleted in System Startup global entry!
05/04/2008 11:36:09 AM Allowed (based on user decision) value "TuneUp MemOptimizer" (new data: ""C:\Documents and Settings\Bouscher\Desktop\TuneUpPortable\App\TuneUp\MemOptimizer.exe" autostart") added in System Startup user entry!
05/04/2008 11:37:31 AM Allowed (based on user decision) value "Uniblue RegistryBooster 2" (new data: "") deleted in System Startup user entry!
05/04/2008 11:55:06 AM Allowed (based on user decision) value "OpAgent" (new data: "") deleted in System Startup user entry!
05/04/2008 11:55:20 AM Allowed (based on user decision) value "MemoryCardManager" (new data: "") deleted in System Startup global entry!
05/05/2008 1:53:40 AM Denied (based on user decision) value "{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3}" (new data: "hex:80,E1,F5,8F,DE,AB,EB,46,B0,9E,D2,AA,B9,5C,AB,E3") added in User-specific browser toolbar!
05/07/2008 11:34:56 AM Allowed (based on user decision) value "{00C6482D-C502-44C8-8409-FCE54AD9C208}" (new data: "") deleted in Browser Helper Object!
05/07/2008 11:35:01 AM Allowed (based on user decision) value "{8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3}" (new data: "") deleted in Global browser toolbar!
05/08/2008 4:19:59 PM Allowed (based on user decision) value "&Compress Image Using Image Compressor 2008" (new data: "") added in Browser menu extension!
05/12/2008 12:10:20 AM Allowed (based on user decision) value "LaunchList" (new data: "C:\Program Files\Pinnacle\Studio 11\LaunchList2.exe") added in System Startup user entry!
05/12/2008 12:13:25 AM Allowed (based on user whitelist) value "wextract_cleanup0" (new data: "rundll32.exe C:\WINDOWS\system32\advpack.dll,DelNodeRunDLL32 "C:\DOCUME~1\Bouscher\LOCALS~1\Temp\IXP000.TMP\"") added in System Startup global entry!
05/12/2008 12:13:27 AM Allowed (based on user whitelist) value "wextract_cleanup0" (new data: "") deleted in System Startup global entry!
05/12/2008 12:17:52 AM Allowed (based on user decision) value "InstallShieldSetup" (new data: "C:\PROGRA~1\INSTAL~1\{110B1~1\Setup2.exe -rebootC:\PROGRA~1\INSTAL~1\{110B1~1\reboot.ini -l0x9") added in System Startup global entry!
05/12/2008 12:52:05 AM Allowed (based on user decision) value "InstallShieldSetup" (new data: "") deleted in System Startup global entry!
05/12/2008 3:08:27 PM Allowed (based on user decision) value "Local Page" (new data: "") deleted in Browser page!
05/12/2008 3:08:46 PM Allowed (based on user decision) value "Local Page" (new data: "") deleted in Browser page!
05/12/2008 4:26:29 PM Allowed (based on user decision) value "TkBellExe" (new data: ""C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot") changed in System Startup global entry!
05/12/2008 4:27:27 PM Allowed (based on user decision) value "{3049C3E9-B461-4BC5-8870-4C09146192CA}" (new data: "") deleted in Browser Helper Object!
05/12/2008 4:27:28 PM Allowed (based on user whitelist) value "{3049C3E9-B461-4BC5-8870-4C09146192CA}" (new data: "") added in Browser Helper Object!
05/12/2008 4:29:12 PM Allowed (based on user decision) value "TkBellExe" (new data: ""C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot") changed in System Startup global entry!
05/12/2008 10:52:43 PM Allowed (based on user decision) value "{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}" (new data: "") added in ActiveX Distribution Unit!
05/12/2008 11:08:21 PM Allowed (based on user decision) value "" (new data: "") added in System Startup global entry!
05/13/2008 10:18:08 AM Allowed (based on user decision) value "" (new data: "") deleted in System Startup global entry!
05/13/2008 10:18:15 AM Allowed (based on user decision) value "Adobe Photo Downloader" (new data: ""C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"") added in System Startup global entry!
05/13/2008 12:02:14 PM Allowed (based on user decision) value "{02478D38-C3F9-4efb-9B51-7695ECA05670}" (new data: "") deleted in Browser Helper Object!
05/14/2008 11:23:54 AM Allowed (based on user decision) value "Google Update" (new data: ""C:\Documents and Settings\Bouscher\Local Settings\Application Data\Google\Update\1.0.103.3\GoogleUpdate.exe"") added in System Startup user entry!
05/14/2008 11:25:00 AM Allowed (based on user decision) value "Google Update" (new data: ""C:\Documents and Settings\Bouscher\Local Settings\Application Data\Google\Update\1.1.17.0\GoogleUpdate.exe" /lang en") changed in System Startup user entry!
05/15/2008 12:03:46 PM Allowed (based on user decision) value "Google Update" (new data: ""C:\Documents and Settings\Bouscher\Local Settings\Application Data\Google\Update\1.1.25.0\GoogleUpdate.exe" /lang en") changed in System Startup user entry!
05/16/2008 2:28:09 AM Allowed (based on user whitelist) value "{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (new data: "") deleted in Internet Explorer searches!
05/16/2008 6:22:14 PM Allowed (based on user decision) value "UnlockerAssistant" (new data: ""C:\Program Files\Unlocker\UnlockerAssistant.exe"") added in System Startup global entry!
05/19/2008 3:07:49 AM Allowed (based on user decision) value "BootExecute" (new data: "autocheck autochk *
sprecovr \SystemRoot\sprecovr.txt
") changed in Session manager!
05/19/2008 3:14:18 AM Allowed (based on user decision) value "TSClientMSIUninstaller" (new data: "cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs"") added in System Startup user entry!
05/19/2008 3:14:22 AM Allowed (based on user decision) value "TSClientAXDisabler" (new data: "cmd.exe /C "%systemroot%\Installer\TSClientMsiTrans\tscdsbl.bat"") added in System Startup user entry!
05/19/2008 3:14:27 AM Allowed (based on user decision) value "dimsntfy" (new data: "") added in Winlogon Notifiers!
05/19/2008 3:16:34 AM Allowed (based on user decision) value "BootExecute" (new data: "autocheck autochk *
") changed in Session manager!
05/19/2008 3:21:12 AM Allowed (based on user decision) value "TSClientMSIUninstaller" (new data: "") deleted in System Startup user entry!
05/19/2008 3:21:24 AM Allowed (based on user decision) value "TSClientAXDisabler" (new data: "") deleted in System Startup user entry!
05/19/2008 4:03:01 AM Allowed (based on user decision) value "Adobe Photo Downloader" (new data: "") deleted in System Startup global entry!
05/19/2008 4:03:09 AM Allowed (based on user whitelist) value "QuickTime Task" (new data: "") deleted in System Startup global entry!
05/19/2008 4:03:31 AM Allowed (based on user decision) value "ctfmon.exe" (new data: "") deleted in System Startup user entry!
05/19/2008 4:04:14 AM Allowed (based on user decision) value "UnlockerAssistant" (new data: "") deleted in System Startup global entry!
05/19/2008 4:06:51 AM Allowed (based on user decision) value "RegistryDefrag Success Message" (new data: ""C:\Documents and Settings\Bouscher\Desktop\TuneUpPortable\App\TuneUp\TUMessages.exe" /RegDefrag_Success") added in System Startup user entry!
05/19/2008 4:07:14 AM Allowed (based on user decision) value "RegistryDefrag Success Message" (new data: "") deleted in System Startup user entry!
05/19/2008 3:34:39 PM Denied (based on user decision) value "ctfmon.exe" (new data: "C:\WINDOWS\system32\ctfmon.exe") added in System Startup user entry!
05/19/2008 3:37:40 PM Allowed (based on user decision) value "BootExecute" (new data: "autocheck autochk /r \??\F:
autocheck autochk *
") changed in Session manager!
05/20/2008 12:26:46 AM Denied (based on user decision) value "ctfmon.exe" (new data: "C:\WINDOWS\system32\ctfmon.exe") added in System Startup user entry!
05/20/2008 1:29:30 PM Denied (based on user decision) value "ctfmon.exe" (new data: "C:\WINDOWS\system32\ctfmon.exe") added in System Startup user entry!
05/20/2008 3:35:29 PM Denied (based on user blacklist) value "ctfmon.exe" (new data: "C:\WINDOWS\system32\ctfmon.exe") added in System Startup user entry!
05/20/2008 8:45:25 PM Denied (based on user blacklist) value "ctfmon.exe" (new data: "C:\WINDOWS\system32\ctfmon.exe") added in System Startup user entry!
05/20/2008 11:23:40 PM Allowed (based on user decision) value "TuneUp MemOptimizer" (new data: "") deleted in System Startup user entry!
05/20/2008 11:23:56 PM Denied (based on user blacklist) value "ctfmon.exe" (new data: "C:\WINDOWS\system32\ctfmon.exe") added in System Startup user entry!
05/21/2008 8:06:57 AM Denied (based on user blacklist) value "ctfmon.exe" (new data: "C:\WINDOWS\system32\ctfmon.exe") added in System Startup user entry!
05/27/2008 11:45:13 AM Denied (based on user blacklist) value "ctfmon.exe" (new data: "C:\WINDOWS\system32\ctfmon.exe") added in System Startup user entry!
05/27/2008 11:54:29 PM Allowed (based on user decision) value "QuickTime Task" (new data: ""C:\Program Files\QuickTime\QTTask.exe" -atboottime") added in System Startup global entry!
05/28/2008 7:15:20 AM Denied (based on user blacklist) value "ctfmon.exe" (new data: "C:\WINDOWS\system32\ctfmon.exe") added in System Startup user entry!
05/28/2008 7:15:23 AM Denied (based on user blacklist) value "First Home Page" (new data: "http://go.microsoft.com/fwlink/?LinkId=54843") added in Browser page!
05/28/2008 10:57:29 AM Allowed (based on user decision) value "*Restore" (new data: "C:\WINDOWS\system32\restore\rstrui.exe -i") added in System Startup global entry!
05/28/2008 11:05:43 AM Denied (based on user blacklist) value "ctfmon.exe" (new data: "C:\WINDOWS\system32\ctfmon.exe") added in System Startup user entry!
05/28/2008 11:06:12 AM Denied (based on user decision) value "*Restore" (new data: "") deleted in System Startup global entry!
05/28/2008 5:42:17 PM Denied (based on user blacklist) value "ctfmon.exe" (new data: "C:\WINDOWS\system32\ctfmon.exe") added in System Startup user entry!
05/28/2008 5:53:29 PM Denied (based on user decision) value "*Restore" (new data: "") deleted in System Startup global entry!
05/28/2008 7:12:11 PM Denied (based on user blacklist) value "First Home Page" (new data: "http://go.microsoft.com/fwlink/?LinkId=54843") added in Browser page!
05/28/2008 10:58:15 PM Denied (based on user decision) value "GrpConv" (new data: "grpconv -o") added in System Startup global entry!
05/28/2008 10:58:15 PM Denied (based on user blacklist) value "*Restore" (new data: "") deleted in System Startup global entry!
05/28/2008 11:11:18 PM Denied (based on user blacklist) value "ctfmon.exe" (new data: "C:\WINDOWS\system32\ctfmon.exe") added in System Startup user entry!
05/28/2008 11:11:19 PM Denied (based on user blacklist) value "*Restore" (new data: "") deleted in System Startup global entry!
05/28/2008 11:48:39 PM Allowed (based on user decision) value "ATIModeChange" (new data: "Ati2mdxx.exe") added in System Startup global entry!
05/28/2008 11:48:44 PM Allowed (based on user decision) value "AtiExtEvent" (new data: "") deleted in Winlogon Notifiers!
05/28/2008 11:48:45 PM Denied (based on user blacklist) value "*Restore" (new data: "") deleted in System Startup global entry!
05/28/2008 11:49:03 PM Denied (based on user blacklist) value "*Restore" (new data: "") deleted in System Startup global entry!
05/28/2008 11:50:12 PM Allowed (based on user decision) value "InstallShieldSetup" (new data: "C:\PROGRA~1\INSTAL~1\{0BEDB~1\setup.exe -rebootC:\PROGRA~1\INSTAL~1\{0BEDB~1\reboot.ini ") added in System Startup global entry!
05/28/2008 11:50:18 PM Denied (based on user blacklist) value "*Restore" (new data: "") deleted in System Startup global entry!
05/28/2008 11:50:28 PM Allowed (based on user decision) value "InstallShieldSetup" (new data: "") deleted in System Startup global entry!
05/28/2008 11:54:59 PM Denied (based on user blacklist) value "ctfmon.exe" (new data: "C:\WINDOWS\system32\ctfmon.exe") added in System Startup user entry!
05/28/2008 11:55:21 PM Allowed (based on user decision) value "ATIModeChange" (new data: "") deleted in System Startup global entry!
05/28/2008 11:55:21 PM Denied (based on user blacklist) value "*Restore" (new data: "") deleted in System Startup global entry!
05/28/2008 11:59:23 PM Denied (based on user blacklist) value "*Restore" (new data: "") deleted in System Startup global entry!
05/29/2008 12:14:13 AM Allowed (based on user decision) value "DeleteScanner" (new data: "C:\WINDOWS\system32\DeleteOcx.cmd") added in System Startup global entry!
05/29/2008 12:14:15 AM Allowed (based on user decision) value "{362C56AA-6E4F-40C7-A0B5-85501DBDAD77}" (new data: "") added in ActiveX Distribution Unit!
05/29/2008 1:33:28 AM Allowed (based on user decision) value "TuneUp MemOptimizer" (new data: "") deleted in System Startup user entry!
05/29/2008 2:01:42 AM Denied (based on user blacklist) value "ctfmon.exe" (new data: "C:\WINDOWS\system32\ctfmon.exe") added in System Startup user entry!
05/29/2008 2:01:45 AM Denied (based on user blacklist) value "*Restore" (new data: "") deleted in System Startup global entry!
05/29/2008 2:01:59 AM Denied (based on user decision) value "DeleteScanner" (new data: "") deleted in System Startup global entry!
05/29/2008 11:00:41 AM Denied (based on user blacklist) value "ctfmon.exe" (new data: "C:\WINDOWS\system32\ctfmon.exe") added in System Startup user entry!
05/29/2008 11:00:41 AM Denied (based on user blacklist) value "*Restore" (new data: "") deleted in System Startup global entry!
05/29/2008 12:45:41 PM Denied (based on user decision) value "DeleteScanner" (new data: "") deleted in System Startup global entry!

[Lacie]

Were you able to solve the Resident allow or deny process?