Tom's Guide | Tom's Hardware | Tom's Games

Computing.Net > Forums > Security and Virus > task manger,regedit not opening!

Computer Problems? Computing.Net has over 1,000,000 posts about all things technology related! Over 90% answered within 24 hours! Click here to start participating now! Also, be sure to check out the New User Guide.

task manger,regedit not opening!

Reply to Message Icon

Name: sahilshah1987
Date: October 13, 2007 at 08:12:27 Pacific
OS: Win Xp sp2
CPU/Ram: p4/1.23 gb ram
Comment:

hi guys my task manger is disabled by ur administrator message pops up when i open it...i know its infected by some bad trojan/worm/virus...plz help..




Sponsored Link
Ads by Google

Response Number 1
Name: Tufenuf
Date: October 13, 2007 at 10:06:50 Pacific
Reply:

sahilshah1987, Download the free tool called Remove Restrictions Tool (RRT) at the link below.

Small and easy to use. Make sure you boot in to Safe Mode to use Remove Restrictions Tool (RRT). Just click on the buttons and it'll do it's job.

http://www.raymond.cc/blog/archives...

You should update your virus definitions and run a virus scan.

Tufenuf


0

Response Number 2
Name: sahilshah1987
Date: October 13, 2007 at 10:50:37 Pacific
Reply:

hi itried it already..its not working..the message still pops up..even my comp has slowed down...my latest updated antivirus is also not detecting it...it had detected autorun.ini as infected in system32 dir..with TR/spy.104..i moved it to quarantine..plz help yaar...


0

Response Number 3
Name: jabuck
Date: October 13, 2007 at 20:28:11 Pacific
Reply:

Please download ComboFix to the desktop from this link:

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Double-click combofix.exe
Follow the prompts.
(Don't click on the window while the program is running, it may cause your system to hang.)

Please post the log it produces.

Please download and install the latest version of HijackThis v2.0.2:

Download the HijackThis Installer from this link: HijackThis

1. Save " HJTInstall.exe" to your desktop.
2. Double click on HJTInstall.exe to run the program.
3. By default it will install to C:\Program Files\Trend Micro\HijackThis.
4. Accept the license agreement by clicking the "I Accept" button.
5.Click on the "Do a system scan and save a log file" button. It will scan and then ask you to save the log.
6. Click "Save log" to save the log file and then the log will open in Notepad.
7. Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
8. Paste the log in your next reply.
9. Do NOT have HijackThis fix anything yet! Most of what it finds will be harmless or even required.


0

Response Number 4
Name: sahilshah1987
Date: October 13, 2007 at 23:14:31 Pacific
Reply:

hi my cmd is not working..it says u dont have permissions to do so..command prompt is not working...any commands i enter it does nothing..it is locked by the virus only..i am sure..heres the log of hijack this:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:42:45 AM, on 10/14/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\SSVICHOSST.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgnt.exe
C:\WINDOWS\system32\oodtray.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
D:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\Program Files\iolo\System Mechanic 7\SMSystemAnalyzer.exe
C:\WINDOWS\system32\SSVICHOSST.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\avesvc.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\iolo\Common\Lib\ioloDMVSvc.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\pctspk.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
D:\Program Files\Spyware Doctor\svcntaux.exe
D:\Program Files\Spyware Doctor\swdsvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
F2 - REG:system.ini: Shell=Explorer.exe SSVICHOSST.exe
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgnt.exe" /min
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [OODefragTray] C:\WINDOWS\system32\oodtray.exe
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [SDTray] "D:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKLM\..\Run: [SMSystemAnalyzer] "C:\Program Files\iolo\System Mechanic 7\SMSystemAnalyzer.exe"
O4 - HKCU\..\Run: [Yahoo Messengger] C:\WINDOWS\system32\SSVICHOSST.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKUS\S-1-5-18\..\Run: [Yahoo Messengger] C:\WINDOWS\system32\SSVICHOSST.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Yahoo Messengger] C:\WINDOWS\system32\SSVICHOSST.exe (User 'Default user')
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: Download All Links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.co...
O17 - HKLM\System\CCS\Services\Tcpip\..\{A96D3D06-2FEB-43CF-849F-60253D36FB0B}: NameServer = 218.248.240.208 218.248.255.193
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AntiVir PersonalEdition Premium MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avmailc.exe
O23 - Service: AntiVir PersonalEdition Premium Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\sched.exe
O23 - Service: AntiVir PersonalEdition Premium Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avguard.exe
O23 - Service: AntiVir PersonalEdition Premium MailGuard helper service (AVEService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avesvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: iolo DMV Service (ioloDMV) - Unknown owner - C:\Program Files\iolo\Common\Lib\ioloDMVSvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: OracleDEFAULT_HOMETNSListener - Unknown owner - D:\oracle\ora92\BIN\TNSLSNR.exe
O23 - Service: OracleMTSRecoveryService - Oracle Corporation - D:\oracle\ora92\bin\omtsreco.exe
O23 - Service: OracleOraHome92PagingServer - Unknown owner - D:\oracle\ora92/bin/pagntsrv.exe
O23 - Service: OracleServiceORACLE - Oracle Corporation - d:\oracle\ora92\bin\ORACLE.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - D:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - D:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SuperProServer - Unknown owner - E:\Tally\spnsrvnt.exe

--
End of file - 7911 bytes


0

Response Number 5
Name: sahilshah1987
Date: October 14, 2007 at 02:38:42 Pacific
Reply:

hi i tried combo fix..and it worked...it removed 3-4 files....now my pc is virus freee..thanks for ur efforts...everything is opening and working fine now..

tellme which antivirus is effective one..i am using antivir..it detects viruses but doesnt repair or clean it..always have ro quarantine...any suggestions...and being a hardcore broadband user i download lots of stuff..which would be best antispyware/malware tool?


0

Related Posts

See More



Response Number 6
Name: jabuck
Date: October 14, 2007 at 08:11:49 Pacific
Reply:

You antivirus is a good one, but you are still infected.

Please download SDFix by AndyManchesta and save it to your desktop.

Please then reboot your computer in Safe Mode by doing the following:
Restart your computer.
After hearing your computer beep once during startup, but just before the Windows icon appears, tap the F8 key continually.
Instead of Windows loading as normal, a menu with options should appear.
Select the first option, to run Windows in "Safe Mode", then press "Enter".
Choose your usual account.


Once in Safe Mode, please do the following:
In Safe Mode, right-click the SDFix.zip folder and choose Extract All.
Open the extracted folder and double-click RunThis.bat to start the script.
Type Y to begin the script.
It will remove the Trojan Services then make some repairs to the registry and prompt you to press any key to Reboot.
Press any Key and it will restart the PC.
Your system will take longer that normal to restart as the fixtool will be running and removing files.
When the desktop loads the fixtool will complete the removal and display Finished, then press any key to end the script and load your desktop icons.
Finally open the SDFix folder on your desktop and copy and paste the contents of the results file Report.txt

Post a Combofix log and a new Hijack This log please.


0

Response Number 7
Name: sahilshah1987
Date: October 14, 2007 at 11:39:52 Pacific
Reply:

report.txt:

SDFix: Version 1.108

Run by rahul on Sun 10/14/2007 at 11:57 PM

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\SDFix

Safe Mode:
Checking Services:


Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...


Normal Mode:
Checking Files:

Trojan Files Found:

C:\WINDOWS\SYSTEM32\SCVHSOT.exe - Deleted
C:\WINDOWS\SYSTEM32\TEST1.exe - Deleted
C:\WINDOWS\SYSTEM32\NHATQU~1.exe - Deleted
C:\WINDOWS\system32\scvhsot.exe - Deleted
C:\WINDOWS\system32\SCVHSOT.exe - Deleted

Removing Temp Files...

ADS Check:

C:\WINDOWS
No streams found.

C:\WINDOWS\system32
No streams found.

C:\WINDOWS\system32\svchost.exe
No streams found.

C:\WINDOWS\system32\ntoskrnl.exe
No streams found.


Final Check:

Remaining Services:
------------------


Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"D:\\Downloads\\Programs\\utorrent.exe"="D:\\Downloads\\Programs\\utorrent.exe:*:Enabled:æTorrent"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

Remaining Files:
---------------

File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes:

Sat 29 Sep 2007 2,359,296 A..H. --- "C:\Documents and Settings\rahul\NTUSER.DAT.bak_jv16pt"
Sun 14 Oct 2007 678,766 ...H. --- "C:\Program Files\iolo\System Mechanic 7\unins000.exe"
Tue 25 Sep 2007 262,144 A..H. --- "C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.bak_jv16pt"
Tue 25 Sep 2007 262,144 A..H. --- "C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.bak_jv16pt"
Sat 29 Sep 2007 262,144 A..H. --- "C:\Documents and Settings\rahul\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.bak_jv16pt"

Finished!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:04:26 AM, on 10/15/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\iolo\Common\Lib\ioloDMVSvc.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\WINDOWS\system32\oodtray.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
D:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\Program Files\iolo\System Mechanic 7\SMSystemAnalyzer.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\WINDOWS\system32\pctspk.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
D:\Program Files\Spyware Doctor\svcntaux.exe
D:\Program Files\Spyware Doctor\swdsvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [OODefragTray] C:\WINDOWS\system32\oodtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [SDTray] "D:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKLM\..\Run: [SMSystemAnalyzer] "C:\Program Files\iolo\System Mechanic 7\SMSystemAnalyzer.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O8 - Extra context menu item: Download All Links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.co...
O17 - HKLM\System\CCS\Services\Tcpip\..\{A96D3D06-2FEB-43CF-849F-60253D36FB0B}: NameServer = 218.248.240.208 218.248.255.193
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: iolo DMV Service (ioloDMV) - Unknown owner - C:\Program Files\iolo\Common\Lib\ioloDMVSvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: OracleDEFAULT_HOMETNSListener - Unknown owner - D:\oracle\ora92\BIN\TNSLSNR.exe
O23 - Service: OracleOraHome92PagingServer - Unknown owner - D:\oracle\ora92/bin/pagntsrv.exe
O23 - Service: OracleServiceORACLE - Oracle Corporation - d:\oracle\ora92\bin\ORACLE.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - D:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - D:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SuperProServer - Unknown owner - E:\Tally\spnsrvnt.exe

--
End of file - 6486 bytes


ComboFix 07-10-12.4 - rahul 2007-10-15 0:06:02.2 - [color=red][b]FAT32[/b][/color]x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.786 [GMT 5.5:30]
Running from: D:\Downloads\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2007-09-14 to 2007-10-14 )))))))))))))))))))))))))))))))
.

2007-10-14 23:56 <DIR> d-------- C:\WINDOWS\ERUNT
2007-10-14 15:54 512,096 --a------ C:\WINDOWS\system32\drivers\amon.sys
2007-10-14 15:54 298,104 --a------ C:\WINDOWS\system32\imon.dll
2007-10-14 15:54 15,424 --a------ C:\WINDOWS\system32\drivers\nod32drv.sys
2007-10-14 12:09 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-14 11:42 <DIR> d-------- C:\Program Files\Trend Micro
2007-10-14 11:06 <DIR> d-------- C:\WINDOWS\SxsCaPendDel
2007-10-14 00:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Prevx
2007-10-14 00:41 <DIR> d-------- C:\Temp
2007-10-14 00:05 <DIR> d-------- C:\Program Files\iolo
2007-10-14 00:05 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\iolo
2007-10-14 00:05 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\iolo
2007-10-14 00:05 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\iolo
2007-10-14 00:05 378,216 --a------ C:\WINDOWS\system32\Incinerator.dll
2007-10-14 00:05 41,472 --a------ C:\WINDOWS\system32\iolobtdfg.exe
2007-10-14 00:05 25,264 --a------ C:\WINDOWS\system32\smrgdf.exe
2007-10-14 00:04 74,703 --a------ C:\WINDOWS\system32\mfc45.dll
2007-10-14 00:00 <DIR> d-------- C:\Documents and Settings\rahul\Application Data\iolo
2007-10-14 00:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\iolo
2007-10-11 21:41 <DIR> d-------- C:\Documents and Settings\rahul\Application Data\PC Tools
2007-10-11 21:41 83,024 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2007-10-11 21:41 57,424 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2007-10-11 21:41 53,840 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2007-10-11 21:41 39,376 --a------ C:\WINDOWS\system32\drivers\ikfileflt.sys
2007-10-11 21:41 29,264 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2007-10-11 14:06 <DIR> d-------- C:\Program Files\MSECache
2007-10-10 23:03 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2007-10-10 20:33 32,768 --a------ C:\xp_emergencyutil.exe
2007-10-10 20:18 <DIR> d-------- C:\EmergencyUtils
2007-10-10 16:47 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-10-10 16:47 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-10-10 14:32 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-10-10 13:08 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy
2007-10-10 12:46 <DIR> d-------- C:\Documents and Settings\rahul\Application Data\True Sword
2007-10-09 23:10 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2007-10-09 23:09 <DIR> d-------- C:\WINDOWS\Internet Logs
2007-10-09 21:43 <DIR> d-------- C:\Documents and Settings\rahul\.housecall6.6
2007-10-08 00:51 <DIR> d-------- C:\Program Files\xp-AntiSpy
2007-10-08 00:33 <DIR> d-------- C:\WINDOWS\Sun
2007-10-08 00:33 <DIR> d-------- C:\Documents and Settings\rahul\Application Data\uTorrent
2007-10-08 00:11 <DIR> d-------- C:\Documents and Settings\rahul\Application Data\Azureus
2007-10-08 00:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Azureus
2007-10-08 00:07 <DIR> d-------- C:\Program Files\Java
2007-10-08 00:07 <DIR> d-------- C:\Program Files\Common Files\Java
2007-10-07 09:27 <DIR> d-------- C:\Program Files\Microsoft.NET
2007-10-07 09:20 <DIR> d-------- C:\Program Files\FRONTPAGE
2007-10-06 23:36 <DIR> d-------- C:\WINDOWS\vbSkinner
2007-10-06 23:32 <DIR> d-------- C:\Program Files\PFConfig
2007-10-05 20:34 <DIR> d-------- C:\Documents and Settings\rahul\System
2007-10-05 20:34 <DIR> d-------- C:\Documents and Settings\rahul\Application Data\SmartDraw
2007-10-02 20:10 114,688 --a------ C:\WINDOWS\system32\oci.dll
2007-10-02 20:10 114,688 --a------ C:\WINDOWS\system\oci.dll
2007-10-02 17:44 <DIR> d-------- C:\Program Files\Oracle
2007-09-30 08:25 <DIR> d--hs---- C:\FOUND.000
2007-09-29 18:51 <DIR> d-------- C:\Program Files\Google
2007-09-29 16:04 <DIR> d-------- C:\Documents and Settings\rahul\Application Data\My Games
2007-09-29 12:46 <DIR> d---s---- C:\Documents and Settings\rahul\UserData
2007-09-29 07:01 <DIR> d-------- C:\Documents and Settings\rahul\Application Data\Xfire
2007-09-29 06:39 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll
2007-09-28 20:09 <DIR> d-------- C:\Documents and Settings\rahul\Application Data\IDM
2007-09-28 09:22 <DIR> d-------- C:\Program Files\MSXML 4.0
2007-09-28 03:00 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2007-09-28 03:00 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2007-09-26 21:47 <DIR> d-------- C:\Program Files\Internet Download Manager
2007-09-26 21:41 202,424 --a------ C:\WINDOWS\system32\idmmbc.dll
2007-09-26 21:40 <DIR> d-------- C:\Documents and Settings\rahul\Application Data\DMCache
2007-09-26 12:14 1,277 --a------ C:\WINDOWS\mozver.dat
2007-09-26 11:26 <DIR> d-------- C:\Program Files\SystemRequirementsLab
2007-09-26 10:10 <DIR> d-------- C:\WINDOWS\system32\oodag
2007-09-25 11:14 <DIR> d-------- C:\Documents and Settings\rahul\Application Data\vlc
2007-09-25 06:21 <DIR> d-------- C:\WINDOWS\pss
2007-09-25 06:18 <DIR> d-------- C:\Program Files\Common Files\Adobe
2007-09-25 06:13 26,496 --a------ C:\WINDOWS\system32\dllcache\usbstor.sys
2007-09-25 06:05 0 --a------ C:\WINDOWS\nsreg.dat
2007-09-25 06:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2007-09-25 05:27 <DIR> d-------- C:\Program Files\HP
2007-09-25 05:27 626,960 -ra------ C:\WINDOWS\system32\hpvaut32.dll
2007-09-25 05:27 487,424 -ra------ C:\WINDOWS\system32\hpvcp70.dll
2007-09-25 05:27 344,064 -ra------ C:\WINDOWS\system32\hpvcr70.dll
2007-09-25 05:27 306,688 --a------ C:\WINDOWS\IsUninst.exe
2007-09-25 05:27 82,432 -ra------ C:\WINDOWS\system32\MSXML4r.dll
2007-09-25 05:27 44,544 -ra------ C:\WINDOWS\system32\MSXML4a.dll
2007-09-25 05:26 <DIR> d-------- C:\Program Files\Hewlett-Packard
2007-09-25 05:24 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2007-09-25 05:24 25,856 --a------ C:\WINDOWS\system32\dllcache\usbprint.sys
2007-09-25 04:05 24,064 --------- C:\WINDOWS\system32\msxml3a.dll
2007-09-25 04:04 <DIR> d-------- C:\Program Files\CyberLink
2007-09-25 04:04 <DIR> d-------- C:\Program Files\Common Files\LightScribe
2007-09-25 04:04 499,712 --------- C:\WINDOWS\system32\msvcp71.dll
2007-09-25 04:04 348,160 --------- C:\WINDOWS\system32\msvcr71.dll
2007-09-25 04:03 <DIR> d-------- C:\Documents and Settings\rahul\Application Data\Ahead

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-06 17:49 359,808 ----a-w C:\WINDOWS\system32\drivers\TCPIP.SYS.ORIGINAL
2007-10-06 17:49 359,808 ----a-w C:\WINDOWS\system32\drivers\TCPIP.SYS
2007-10-06 17:49 359,808 ----a-w C:\WINDOWS\system32\dllcache\TCPIP.SYS
2007-09-29 10:30 163,644 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-09-24 22:29 --------- d-----w C:\Program Files\Nero
2007-09-24 22:29 --------- d-----w C:\Program Files\Common Files\Ahead
2007-09-24 22:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero
2007-09-24 22:23 --------- d-----w C:\Program Files\Microsoft ActiveSync
2007-09-24 22:13 --------- d-----w C:\Program Files\Winamp
2007-09-24 22:00 --------- d-----w C:\Program Files\Analog Devices
2007-09-24 21:59 --------- d-----w C:\Program Files\Intel
2007-09-24 21:58 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-09-24 21:58 --------- d-----w C:\Program Files\Common Files\InstallShield
2007-09-24 21:44 --------- d-----w C:\Program Files\microsoft frontpage
2007-08-22 13:12 96,256 ----a-w C:\WINDOWS\system32\dllcache\inseng.dll
2007-08-22 13:12 658,944 ----a-w C:\WINDOWS\system32\dllcache\wininet.dll
2007-08-22 13:12 615,424 ----a-w C:\WINDOWS\system32\dllcache\urlmon.dll
2007-08-22 13:12 55,808 ----a-w C:\WINDOWS\system32\dllcache\extmgr.dll
2007-08-22 13:12 532,480 ----a-w C:\WINDOWS\system32\dllcache\mstime.dll
2007-08-22 13:12 474,112 ----a-w C:\WINDOWS\system32\dllcache\shlwapi.dll
2007-08-22 13:12 449,024 ----a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-08-22 13:12 39,424 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
2007-08-22 13:12 357,888 ----a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
2007-08-22 13:12 3,058,176 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2007-08-22 13:12 251,392 ----a-w C:\WINDOWS\system32\dllcache\iepeers.dll
2007-08-22 13:12 205,312 ----a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
2007-08-22 13:12 16,384 ----a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-08-22 13:12 151,040 ----a-w C:\WINDOWS\system32\dllcache\cdfview.dll
2007-08-22 13:12 146,432 ----a-w C:\WINDOWS\system32\dllcache\msrating.dll
2007-08-22 13:12 1,494,528 ----a-w C:\WINDOWS\system32\dllcache\shdocvw.dll
2007-08-22 13:12 1,054,208 ----a-w C:\WINDOWS\system32\dllcache\danim.dll
2007-08-22 13:12 1,022,976 ----a-w C:\WINDOWS\system32\dllcache\browseui.dll
2007-08-21 10:30 18,432 ----a-w C:\WINDOWS\system32\dllcache\iedw.exe
2007-08-21 06:15 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-08-21 06:15 683,520 ----a-w C:\WINDOWS\system32\dllcache\inetcomm.dll
2007-07-30 13:49 92,504 ----a-w C:\WINDOWS\system32\dllcache\cdm.dll
2007-07-30 13:49 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-07-30 13:49 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-07-30 13:49 549,720 ----a-w C:\WINDOWS\system32\dllcache\wuapi.dll
2007-07-30 13:49 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-07-30 13:49 53,080 ----a-w C:\WINDOWS\system32\dllcache\wuauclt.exe
2007-07-30 13:49 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-07-30 13:49 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-07-30 13:49 325,976 ----a-w C:\WINDOWS\system32\dllcache\wucltui.dll
2007-07-30 13:49 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-07-30 13:49 203,096 ----a-w C:\WINDOWS\system32\dllcache\wuweb.dll
2007-07-30 13:49 1,712,984 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-07-30 13:49 1,712,984 ----a-w C:\WINDOWS\system32\dllcache\wuaueng.dll
2007-07-30 13:48 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-07-30 13:48 33,624 ----a-w C:\WINDOWS\system32\dllcache\wups.dll
.

((((((((((((((((((((((((((((( snapshot@2007-10-14_12.13.21.28 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-07-09 13:16:16 582,656 ------w C:\WINDOWS\$hf_mig$\KB933729\SP2QFE\rpcrt4.dll
+ 2007-06-19 07:24:36 350,720 ------w C:\WINDOWS\$hf_mig$\KB933729\SP2QFE\xpsp3res.dll
+ 2005-10-12 23:12:26 14,048 ------w C:\WINDOWS\$hf_mig$\KB933729\spmsg.dll
+ 2005-10-12 23:12:26 213,216 ------w C:\WINDOWS\$hf_mig$\KB933729\spuninst.exe
+ 2005-10-12 23:12:26 22,752 ------w C:\WINDOWS\$hf_mig$\KB933729\update\spcustom.dll
+ 2005-10-12 23:12:28 716,000 ------w C:\WINDOWS\$hf_mig$\KB933729\update\update.exe
+ 2005-10-12 23:12:34 371,424 ------w C:\WINDOWS\$hf_mig$\KB933729\update\updspapi.dll
+ 2007-08-22 12:55:28 1,022,976 ------w C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\browseui.dll
+ 2007-08-22 12:55:30 151,040 ------w C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\cdfview.dll
+ 2007-08-22 12:55:30 1,054,208 ------w C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\danim.dll
+ 2007-08-22 12:55:30 357,888 ------w C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\dxtmsft.dll
+ 2007-08-22 12:55:32 205,824 ------w C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\dxtrans.dll
+ 2007-08-22 12:55:32 55,808 ------w C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\extmgr.dll
+ 2007-08-21 10:19:40 18,432 ------w C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\iedw.exe
+ 2007-08-22 12:55:32 251,904 ------w C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\iepeers.dll
+ 2007-08-22 12:55:32 96,256 ------w C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\inseng.dll
+ 2007-08-22 12:55:32 16,384 ------w C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\jsproxy.dll
+ 2007-08-22 12:55:36 3,064,832 ------w C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\mshtml.dll
+ 2007-08-22 12:55:38 449,024 ------w C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\mshtmled.dll
+ 2007-08-22 12:55:38 146,432 ------w C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\msrating.dll
+ 2007-08-22 12:55:38 532,480 ------w C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\mstime.dll
+ 2007-08-22 12:55:38 39,424 ------w C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\pngfilt.dll
+ 2007-08-22 12:55:40 1,498,112 ------w C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\shdocvw.dll
+ 2007-08-22 12:55:42 474,112 ------w C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\shlwapi.dll
+ 2007-08-22 12:55:44 617,984 ------w C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\urlmon.dll
+ 2007-08-22 12:55:44 665,600 ------w C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\wininet.dll
+ 2007-08-21 10:13:34 350,720 ------w C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\xpsp3res.dll
+ 2007-03-06 01:22:36 14,048 ------w C:\WINDOWS\$hf_mig$\KB939653\spmsg.dll
+ 2007-03-06 01:22:42 213,216 ------w C:\WINDOWS\$hf_mig$\KB939653\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ------w C:\WINDOWS\$hf_mig$\KB939653\update\spcustom.dll
+ 2007-03-06 01:23:00 716,000 ------w C:\WINDOWS\$hf_mig$\KB939653\update\update.exe
+ 2007-03-06 01:23:52 371,424 ------w C:\WINDOWS\$hf_mig$\KB939653\update\updspapi.dll
+ 2007-08-21 06:25:02 683,520 ------w C:\WINDOWS\$hf_mig$\KB941202\SP2QFE\inetcomm.dll
+ 2007-03-06 01:22:36 14,048 ------w C:\WINDOWS\$hf_mig$\KB941202\spmsg.dll
+ 2007-03-06 01:22:42 213,216 ------w C:\WINDOWS\$hf_mig$\KB941202\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ------w C:\WINDOWS\$hf_mig$\KB941202\update\spcustom.dll
+ 2007-03-06 01:23:00 716,000 ------w C:\WINDOWS\$hf_mig$\KB941202\update\update.exe
+ 2007-03-06 01:23:52 371,424 ------w C:\WINDOWS\$hf_mig$\KB941202\update\updspapi.dll
+ 2004-08-03 13:56:46 581,120 ------w C:\WINDOWS\$NtUninstallKB933729$\rpcrt4.dll
+ 2005-10-12 23:12:26 213,216 ------w C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe
+ 2005-10-12 23:12:34 371,424 ------w C:\WINDOWS\$NtUninstallKB933729$\spuninst\updspapi.dll
+ 2007-06-14 18:09:18 1,023,488 ------w C:\WINDOWS\$NtUninstallKB939653$\browseui.dll
+ 2007-06-14 18:09:18 151,040 ------w C:\WINDOWS\$NtUninstallKB939653$\cdfview.dll
+ 2007-06-14 18:09:18 1,054,208 ------w C:\WINDOWS\$NtUninstallKB939653$\danim.dll
+ 2007-06-14 18:09:18 357,888 ------w C:\WINDOWS\$NtUninstallKB939653$\dxtmsft.dll
+ 2007-06-14 18:09:20 205,312 ------w C:\WINDOWS\$NtUninstallKB939653$\dxtrans.dll
+ 2007-06-14 18:09:20 55,808 ------w C:\WINDOWS\$NtUninstallKB939653$\extmgr.dll
+ 2007-06-14 14:07:24 18,432 ------w C:\WINDOWS\$NtUninstallKB939653$\iedw.exe
+ 2007-06-14 18:09:20 251,392 ------w C:\WINDOWS\$NtUninstallKB939653$\iepeers.dll
+ 2007-06-14 18:09:20 96,256 ------w C:\WINDOWS\$NtUninstallKB939653$\inseng.dll
+ 2007-06-14 18:09:20 16,384 ------w C:\WINDOWS\$NtUninstallKB939653$\jsproxy.dll
+ 2007-06-14 18:09:20 3,058,688 ------w C:\WINDOWS\$NtUninstallKB939653$\mshtml.dll
+ 2007-06-14 18:09:20 449,024 ------w C:\WINDOWS\$NtUninstallKB939653$\mshtmled.dll
+ 2007-06-14 18:09:20 146,432 ------w C:\WINDOWS\$NtUninstallKB939653$\msrating.dll
+ 2007-06-14 18:09:20 532,480 ------w C:\WINDOWS\$NtUninstallKB939653$\mstime.dll
+ 2007-06-14 18:09:20 39,424 ------w C:\WINDOWS\$NtUninstallKB939653$\pngfilt.dll
+ 2007-06-14 18:09:20 1,494,528 ------w C:\WINDOWS\$NtUninstallKB939653$\shdocvw.dll
+ 2007-06-14 18:09:20 474,112 ------w C:\WINDOWS\$NtUninstallKB939653$\shlwapi.dll
+ 2007-03-06 01:22:42 213,216 ------w C:\WINDOWS\$NtUninstallKB939653$\spuninst\spuninst.exe
+ 2007-03-06 01:23:52 371,424 ------w C:\WINDOWS\$NtUninstallKB939653$\spuninst\updspapi.dll
+ 2007-06-14 18:09:20 615,424 ------w C:\WINDOWS\$NtUninstallKB939653$\urlmon.dll
+ 2007-06-26 14:09:10 658,944 ------w C:\WINDOWS\$NtUninstallKB939653$\wininet.dll
+ 2007-06-14 13:39:54 115,712 ------w C:\WINDOWS\$NtUninstallKB939653$\xpsp3res.dll
+ 2007-05-16 15:12:02 683,520 ------w C:\WINDOWS\$NtUninstallKB941202$\inetcomm.dll
+ 2007-03-06 01:22:42 213,216 ------w C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe
+ 2007-03-06 01:23:52 371,424 ------w C:\WINDOWS\$NtUninstallKB941202$\spuninst\updspapi.dll
+ 2007-03-13 05:27:12 163,328 ----a-w C:\WINDOWS\erdnt\subs\F3M\ERDNT.exe
+ 2007-10-10 07:45:34 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX\ERDNT.exe
+ 2007-10-14 18:26:48 4,710,400 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\[u]0[/u]0000001\ntuser.dat
+ 2007-10-14 18:26:48 159,744 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\[u]0[/u]0000002\UsrClass.dat
+ 2007-10-10 07:45:34 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNT.exe
+ 2007-10-14 18:26:38 4,710,400 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\[u]0[/u]0000001\ntuser.dat
+ 2007-10-14 18:26:38 159,744 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\[u]0[/u]0000002\UsrClass.dat
+ 2007-08-22 13:12:16 1,022,976 ----a-w C:\WINDOWS\SoftwareDistribution\Download\[u]0[/u]474e07262334919ca66aaa879430a63\sp2gdr\browseui.dll
+ 2007-08-22 13:12:16 151,040 ----a-w C:\WINDOWS\SoftwareDistribution\Download\[u]0[/u]474e07262334919ca66aaa879430a63\sp2gdr\cdfview.dll
+ 2007-08-22 13:12:16 1,054,208 ----a-w C:\WINDOWS\SoftwareDistribution\Download\[u]0[/u]474e07262334919ca66aaa879430a63\sp2gdr\danim.dll
+ 2007-08-22 13:12:16 357,888 ----a-w C:\WINDOWS\SoftwareDistribution\Download\[u]0[/u]474e07262334919ca66aaa879430a63\sp2gdr\dxtmsft.dll
+ 2007-08-22 13:12:16 205,312 ----a-w C:\WINDOWS\SoftwareDistribution\Download\[u]0[/u]474e07262334919ca66aaa879430a63\sp2gdr\dxtrans.dll
+ 2007-08-22 13:12:16 55,808 ----a-w C:\WINDOWS\SoftwareDistribution\Download\[u]0[/u]474e07262334919ca66aaa879430a63\sp2gdr\extmgr.dll
+ 2007-08-21 10:30:46 18,432 ----a-w C:\WINDOWS\SoftwareDistribution\Download\[u]0[/u]474e07262334919ca66aaa879430a63\sp2gdr\iedw.exe
+ 2007-08-22 13:12:16 251,392 ----a-w C:\WINDOWS\SoftwareDistribution\Download\[u]0[/u]474e07262334919ca66aaa879430a63\sp2gdr\iepeers.dll
+ 2007-08-22 13:12:16 96,256 ----a-w C:\WINDOWS\SoftwareDistribution\Download\[u]0[/u]474e07262334919ca66aaa879430a63\sp2gdr\inseng.dll
+ 2007-08-22 13:12:16 16,384 ----a-w C:\WINDOWS\SoftwareDistribution\Download\[u]0[/u]474e07262334919ca66aaa879430a63\sp2gdr\jsproxy.dll
+ 2007-08-22 13:12:18 3,058,176 ----a-w C:\WINDOWS\SoftwareDistribution\Download\[u]0[/u]474e07262334919ca66aaa879430a63\sp2gdr\mshtml.dll
+ 2007-08-22 13:12:18 449,024 ----a-w C:\WINDOWS\SoftwareDistribution\Download\[u]0[/u]474e07262334919ca66aaa879430a63\sp2gdr\mshtmled.dll
+ 2007-08-22 13:12:18 146,432 ----a-w C:\WINDOWS\SoftwareDistribution\Download\[u]0[/u]474e07262334919ca66aaa879430a63\sp2gdr\msrating.dll
+ 2007-08-22 13:12:18 532,480 ----a-w C:\WINDOWS\SoftwareDistribution\Download\[u]0[/u]474e07262334919ca66aaa879430a63\sp2gdr\mstime.dll
+ 2007-08-22 13:12:18 39,424 ----a-w C:\WINDOWS\SoftwareDistribution\Download\[u]0[/u]474e07262334919ca66aaa879430a63\sp2gdr\pngfilt.dll
+ 2007-08-22 13:12:18 1,494,528 ----a-w C:\WINDOWS\SoftwareDistribution\Download\[u]0[/u]474e07262334919ca66aaa879430a63\sp2gdr\shdocvw.dll
+ 2007-08-22 13:12:18 474,112 ----a-w C:\WINDOWS\SoftwareDistribution\Download\[u]0[/u]474e07262334919ca66aaa879430a63\sp2gdr\shlwapi.dll
+ 2007-08-22 13:12:18 615,424 ----a-w C:\WINDOWS\SoftwareDistribution\Download\[u]0[/u]474e07262334919ca66aaa879430a63\sp2gdr\urlmon.dll
+ 2007-08-22 13:12:18 658,944 ----a-w C:\WINDOWS\SoftwareDistribution\Download\[u]0[/u]474e07262334919ca66aaa879430a63\sp2gdr\wininet.dll
+ 2007-08-21 10:20:02 115,712 ----a-w C:\WINDOWS\SoftwareDistribution\Download\[u]0[/u]474e07262334919ca66aaa879430a63\sp2gdr\xpsp3res.dll
+ 2007-08-22 12:55:28 1,022,976 ----a-w C:\WINDOWS\SoftwareDistribution\Download\[u]0[/u]474e07262334919ca66aaa879430a63\sp2qfe\browseui.dll
+ 2007-08-22 12:55:30 151,040 ----a-w C:\WINDOWS\SoftwareDistribution\Download\[u]0[/u]474e07262334919ca66aaa879430a63\sp2qfe\cdfview.dll
+ 2007-08-22 12:55:30 1,054,208 ----a-w C:\WINDOWS\SoftwareDistribution\Download\[u]0[/u]474e07262334919ca66aaa879430a63\sp2qfe\danim.dll
+ 2007-08-22 12:55:30 357,888 ----a-w C:\WINDOWS\SoftwareDistribution\Download\[u]0[/u]474e07262334919ca66aaa879430a63\sp2qfe\dxtmsft.dll
+ 2007-08-22 12:55:32 205,824 ----a-w C:\WINDOWS\SoftwareDistribution\Download\[u]0[/u]474e07262334919ca66aaa879430a63\sp2qfe\dxtrans.dll
+ 2007-08-22 12:55:32 55,808 ----a-w C:\WINDOWS\SoftwareDistribution\Download\[u]0[/u]474e07262334919ca66aaa879430a63\sp2qfe\extmgr.dll
+ 2007-08-21 10:19:40 18,432 ----a-w C:\WINDOWS\SoftwareDistribution\Download\[u]0[/u]474e07262334919ca66aaa879430a63\sp2qfe\iedw.exe
+ 2007-08-22 12:55:32 251,904 ----a-w C:\WINDOWS\SoftwareDistribution\Download\[u]0[/u]474e07262334919ca66aaa879430a63\sp2qfe\iepeers.dll
+ 2007-08-22 12:55:32 96,256 ----a-w C:\WINDOWS\SoftwareDistribution\Download\[u]0[/u]474e07262334919ca66aaa879430a63\sp2qfe\inseng.dll
+ 2007-08-22 12:55:32 16,384 ----a-w C:\WINDOWS\SoftwareDistribution\Download\[u]0[/u]474e07262334919ca66aaa879430a63\sp2qfe\jsproxy.dll
+ 2007-08-22 12:55:36 3,064,832 ----a-w C:\WINDOWS\SoftwareDistribution\Download\[u]0[/u]474e07262334919ca66aaa879430a63\sp2qfe\mshtml.dll
+ 2007-08-22 12:55:38 449,024 ----a-w C:\WINDOWS\SoftwareDistribution\Download\[u]0[/u]474e07262334919ca66aaa879430a63\sp2qfe\mshtmled.dll
+ 2007-08-22 12:55:38 146,432 ----a-w C:\WINDOWS\SoftwareDistribution\Download\[u]0[/u]474e07262334919ca66aaa879430a63\sp2qfe\msrating.dll
+ 2007-08-22 12:55:38 532,480 ----a-w C:\WINDOWS\SoftwareDistribution\Download\[u]0[/u]474e07262334919ca66aaa879430a63\sp2qfe\mstime.dll
+ 2007-08-22 12:55:38 39,424 ----a-w C:\WINDOWS\SoftwareDistribution\Download\[u]0[/u]474e07262334919ca66aaa879430a63\sp2qfe\pngfilt.dll
+ 2007-08-22 12:55:40 1,498,112 ----a-w C:\WINDOWS\SoftwareDistribution\Download\[u]0[/u]474e07262334919ca66aaa879430a63\sp2qfe\shdocvw.dll
+ 2007-08-22 12:55:42 474,112 ----a-w C:\WINDOWS\SoftwareDistribution\Download\[u]0[/u]474e07262334919ca66aaa879430a63\sp2qfe\shlwapi.dll
+ 2007-08-22 12:55:44 617,984 ----a-w C:\WINDOWS\SoftwareDistribution\Download\[u]0[/u]474e07262334919ca66aaa879430a63\sp2qfe\urlmon.dll
+ 2007-08-22 12:55:44 665,600 ----a-w C:\WINDOWS\SoftwareDistribution\Download\[u]0[/u]474e07262334919ca66aaa879430a63\sp2qfe\wininet.dll
+ 2007-08-21 10:13:34 350,720 ----a-w C:\WINDOWS\SoftwareDistribution\Download\[u]0[/u]474e07262334919ca66aaa879430a63\sp2qfe\xpsp3res.dll
+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\SoftwareDistribution\Download\[u]0[/u]474e07262334919ca66aaa879430a63\spmsg.dll
+ 2007-03-06 01:22:42 213,216 ----a-w C:\WINDOWS\SoftwareDistribution\Download\[u]0[/u]474e07262334919ca66aaa879430a63\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\SoftwareDistribution\Download\[u]0[/u]474e07262334919ca66aaa879430a63\update\spcustom.dll
+ 2007-03-06 01:23:00 716,000 ----a-w C:\WINDOWS\SoftwareDistribution\Download\[u]0[/u]474e07262334919ca66aaa879430a63\update\update.exe
+ 2007-03-06 01:23:52 371,424 ----a-w C:\WINDOWS\SoftwareDistribution\Download\[u]0[/u]474e07262334919ca66aaa879430a63\update\updspapi.dll
+ 2007-07-09 13:09:42 584,192 ----a-w C:\WINDOWS\SoftwareDistribution\Download\28d74bdac17e30d3a4336176766f2e4a\SP2GDR\rpcrt4.dll
+ 2007-06-13 06:53:14 115,712 ----a-w C:\WINDOWS\SoftwareDistribution\Download\28d74bdac17e30d3a4336176766f2e4a\SP2GDR\xpsp3res.dll
+ 2007-07-09 13:16:16 582,656 ----a-w C:\WINDOWS\SoftwareDistribution\Download\28d74bdac17e30d3a4336176766f2e4a\SP2QFE\rpcrt4.dll
+ 2007-06-19 07:24:36 350,720 ----a-w C:\WINDOWS\SoftwareDistribution\Download\28d74bdac17e30d3a4336176766f2e4a\SP2QFE\xpsp3res.dll
+ 2005-10-12 23:12:26 14,048 ----a-w C:\WINDOWS\SoftwareDistribution\Download\28d74bdac17e30d3a4336176766f2e4a\spmsg.dll
+ 2005-10-12 23:12:26 213,216 ----a-w C:\WINDOWS\SoftwareDistribution\Download\28d74bdac17e30d3a4336176766f2e4a\spuninst.exe
+ 2005-10-12 23:12:26 22,752 ----a-w C:\WINDOWS\SoftwareDistribution\Download\28d74bdac17e30d3a4336176766f2e4a\update\spcustom.dll
+ 2005-10-12 23:12:28 716,000 ----a-w C:\WINDOWS\SoftwareDistribution\Download\28d74bdac17e30d3a4336176766f2e4a\update\update.exe
+ 2005-10-12 23:12:34 371,424 ----a-w C:\WINDOWS\SoftwareDistribution\Download\28d74bdac17e30d3a4336176766f2e4a\update\updspapi.dll
+ 2007-08-21 06:15:44 683,520 ----a-w C:\WINDOWS\SoftwareDistribution\Download\8c426bb59cb8f380ba397304c1c563d0\sp2gdr\inetcomm.dll
+ 2007-08-21 06:25:02 683,520 ----a-w C:\WINDOWS\SoftwareDistribution\Download\8c426bb59cb8f380ba397304c1c563d0\sp2qfe\inetcomm.dll
+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\SoftwareDistribution\Download\8c426bb59cb8f380ba397304c1c563d0\spmsg.dll
+ 2007-03-06 01:22:42 213,216 ----a-w C:\WINDOWS\SoftwareDistribution\Download\8c426bb59cb8f380ba397304c1c563d0\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\SoftwareDistribution\Download\8c426bb59cb8f380ba397304c1c563d0\update\spcustom.dll
+ 2007-03-06 01:23:00 716,000 ----a-w C:\WINDOWS\SoftwareDistribution\Download\8c426bb59cb8f380ba397304c1c563d0\update\update.exe
+ 2007-03-06 01:23:52 371,424 ----a-w C:\WINDOWS\SoftwareDistribution\Download\8c426bb59cb8f380ba397304c1c563d0\update\updspapi.dll
- 2007-06-14 18:09:18 1,023,488 ----a-w C:\WINDOWS\system32\browseui.dll
+ 2007-08-22 13:12:16 1,022,976 ----a-w C:\WINDOWS\system32\browseui.dll
- 2007-06-14 18:09:18 151,040 ----a-w C:\WINDOWS\system32\cdfview.dll
+ 2007-08-22 13:12:16 151,040 ----a-w C:\WINDOWS\system32\cdfview.dll
- 2007-06-14 18:09:18 1,054,208 ----a-w C:\WINDOWS\system32\danim.dll
+ 2007-08-22 13:12:16 1,054,208 ----a-w C:\WINDOWS\system32\danim.dll
- 2004-08-03 19:26:46 581,120 ----a-w C:\WINDOWS\system32\dllcache\rpcrt4.dll
+ 2007-07-09 13:09:42 584,192 ----a-w C:\WINDOWS\system32\dllcache\rpcrt4.dll
- 2007-06-14 18:09:18 357,888 ----a-w C:\WINDOWS\system32\dxtmsft.dll
+ 2007-08-22 13:12:16 357,888 ----a-w C:\WINDOWS\system32\dxtmsft.dll
- 2007-06-14 18:09:20 205,312 ----a-w C:\WINDOWS\system32\dxtrans.dll
+ 2007-08-22 13:12:16 205,312 ----a-w C:\WINDOWS\system32\dxtrans.dll
- 2007-06-14 18:09:20 55,808 ----a-w C:\WINDOWS\system32\extmgr.dll
+ 2007-08-22 13:12:16 55,808 ----a-w C:\WINDOWS\system32\extmgr.dll
- 2007-06-14 18:09:20 251,392 ----a-w C:\WINDOWS\system32\iepeers.dll
+ 2007-08-22 13:12:16 251,392 ----a-w C:\WINDOWS\system32\iepeers.dll
- 2007-06-14 18:09:20 96,256 ----a-w C:\WINDOWS\system32\inseng.dll
+ 2007-08-22 13:12:16 96,256 ----a-w C:\WINDOWS\system32\inseng.dll
- 2007-06-14 18:09:20 16,384 ----a-w C:\WINDOWS\system32\jsproxy.dll
+ 2007-08-22 13:12:16 16,384 ----a-w C:\WINDOWS\system32\jsproxy.dll
- 2007-09-05 14:20:44 17,474,680 ----a-w C:\WINDOWS\system32\MRT.exe
+ 2007-09-28 05:19:40 18,089,592 ----a-w C:\WINDOWS\system32\MRT.exe
- 2007-06-14 18:09:20 3,058,688 ----a-w C:\WINDOWS\system32\mshtml.dll
+ 2007-08-22 13:12:18 3,058,176 ----a-w C:\WINDOWS\system32\mshtml.dll
- 2007-06-14 18:09:20 449,024 ----a-w C:\WINDOWS\system32\mshtmled.dll
+ 2007-08-22 13:12:18 449,024 ----a-w C:\WINDOWS\system32\mshtmled.dll
- 2007-06-14 18:09:20 146,432 ----a-w C:\WINDOWS\system32\msrating.dll
+ 2007-08-22 13:12:18 146,432 ----a-w C:\WINDOWS\system32\msrating.dll
- 2007-06-14 18:09:20 532,480 ----a-w C:\WINDOWS\system32\mstime.dll
+ 2007-08-22 13:12:18 532,480 ----a-w C:\WINDOWS\system32\mstime.dll
- 2007-06-14 18:09:20 39,424 ----a-w C:\WINDOWS\system32\pngfilt.dll
+ 2007-08-22 13:12:18 39,424 ----a-w C:\WINDOWS\system32\pngfilt.dll
- 2004-08-03 13:56:46 581,120 ----a-w C:\WINDOWS\system32\rpcrt4.dll
+ 2007-07-09 13:09:42 584,192 ----a-w C:\WINDOWS\system32\rpcrt4.dll
- 2007-06-14 18:09:20 1,494,528 ----a-w C:\WINDOWS\system32\shdocvw.dll
+ 2007-08-22 13:12:18 1,494,528 ----a-w C:\WINDOWS\system32\shdocvw.dll
- 2007-06-14 18:09:20 474,112 ----a-w C:\WINDOWS\system32\shlwapi.dll
+ 2007-08-22 13:12:18 474,112 ----a-w C:\WINDOWS\system32\shlwapi.dll
- 2006-01-19 19:29:20 14,048 ------w C:\WINDOWS\system32\spmsg.dll
+ 2005-10-12 23:12:26 14,048 ------w C:\WINDOWS\system32\spmsg.dll
- 2007-06-14 18:09:20 615,424 ----a-w C:\WINDOWS\system32\urlmon.dll
+ 2007-08-22 13:12:18 615,424 ----a-w C:\WINDOWS\system32\urlmon.dll
- 2007-06-26 14:09:10 658,944 ----a-w C:\WINDOWS\system32\wininet.dll
+ 2007-08-22 13:12:18 658,944 ----a-w C:\WINDOWS\system32\wininet.dll
- 2007-06-14 13:39:54 115,712 ----a-w C:\WINDOWS\system32\xpsp3res.dll
+ 2007-08-21 10:20:02 115,712 ----a-w C:\WINDOWS\system32\xpsp3res.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [2003-05-29 16:28]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2003-05-30 09:42]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2003-04-07 12:49]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 15:40]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2003-09-01 18:12]
"DeviceDiscovery"="C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe" [2003-05-21 18:37]
"OODefragTray"="C:\WINDOWS\system32\oodtray.exe" [2007-05-11 02:08]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
"SDTray"="D:\Program Files\Spyware Doctor\SDTrayApp.exe" [2007-05-29 15:41]
"SMSystemAnalyzer"="C:\Program Files\iolo\System Mechanic 7\SMSystemAnalyzer.exe" [2007-10-03 09:05]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-10-14 15:53]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IDMan"="C:\Program Files\Internet Download Manager\IDMan.exe" [2007-03-15 21:04]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
"C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
C:\Program Files\Nero\Nero 7\InCD\InCD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
"C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
"C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SecurDisc]
C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe

R2 Pctspk;PCTEL Speaker Phone;C:\WINDOWS\system32\pctspk.exe
R3 Ptserlp;PCTEL Serial Device Driver for PCI;C:\WINDOWS\system32\DRIVERS\ptserlp.sys
S2 OracleDEFAULT_HOMETNSListener;OracleDEFAULT_HOMETNSListener;D:\oracle\ora92\BIN\TNSLSNR
S2 OracleServiceORACLE;OracleServiceORACLE;d:\oracle\ora92\bin\ORACLE.exe ORACLE

.
Contents of the 'Scheduled Tasks' folder
"2007-09-24 23:58:58 C:\WINDOWS\Tasks\HP DArC Task #Hewlett-Packard#deskjet3500#TH3B61228G76.job"
- C:\Program Files\HP\hpcoretech\comp\hpdarc.exe
"2007-10-14 18:32:48 C:\WINDOWS\Tasks\SDMsgUpdate (TE).job"
"2007-10-14 06:26:50 C:\WINDOWS\Tasks\At1.job"
- C:\WINDOWS\system32\SSVICHOSST.exe
.
**************************************************************************

catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-15 00:07:35
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-10-15 0:08:31
C:\ComboFix2.txt ... 2007-10-14 12:14
.
--- E O F ---

am i done now?


0

Response Number 8
Name: jabuck
Date: October 14, 2007 at 13:31:14 Pacific
Reply:

Open notepad (Start Menu > Run > Type notepad and press "ok".

Copy and paste everything into notepad between the x's making @echo off the top line.
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
@echo off
jt /sd At1.job

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

Go to File on the top bar and choose" Save As", Change the "Save As Type" to All Files, Name it "KillJobs.bat" then save it to your desktop.

Copy KillJobs.bat to your C:\Windows folder.
Double-click on "KillJobs.bat"
(when prompted, allow the file to run)

Post a new Combofix log please.

You should add "Spywareblaster" to your arsenol of antispyware tools, just do a google search for spywareblaster, download it,install it, and update it. Its free and runs in the background, so you don't actually run it, and re-writes malicious script before it can install on your computer. Look for updates weekly as there is no auto-update on the free version.


0

Response Number 9
Name: sahilshah1987
Date: October 15, 2007 at 06:41:43 Pacific
Reply:

ComboFix 07-10-12.4 - rahul 2007-10-15 19:05:07.3 - [color=red][b]FAT32[/b][/color]x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.743 [GMT 5.5:30]
Running from: D:\Downloads\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2007-09-15 to 2007-10-15 )))))))))))))))))))))))))))))))
.

2007-10-15 18:57 25 --a------ C:\WINDOWS\KillJobs.bat
2007-10-14 23:56 <DIR> d-------- C:\WINDOWS\ERUNT
2007-10-14 15:54 512,096 --a------ C:\WINDOWS\system32\drivers\amon.sys
2007-10-14 15:54 298,104 --a------ C:\WINDOWS\system32\imon.dll
2007-10-14 15:54 15,424 --a------ C:\WINDOWS\system32\drivers\nod32drv.sys
2007-10-14 12:09 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-14 11:42 <DIR> d-------- C:\Program Files\Trend Micro
2007-10-14 11:06 <DIR> d-------- C:\WINDOWS\SxsCaPendDel
2007-10-14 00:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Prevx
2007-10-14 00:41 <DIR> d-------- C:\Temp
2007-10-14 00:05 <DIR> d-------- C:\Program Files\iolo
2007-10-14 00:05 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\iolo
2007-10-14 00:05 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\iolo
2007-10-14 00:05 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\iolo
2007-10-14 00:05 378,216 --a------ C:\WINDOWS\system32\Incinerator.dll
2007-10-14 00:05 41,472 --a------ C:\WINDOWS\system32\iolobtdfg.exe
2007-10-14 00:05 25,264 --a------ C:\WINDOWS\system32\smrgdf.exe
2007-10-14 00:04 74,703 --a------ C:\WINDOWS\system32\mfc45.dll
2007-10-14 00:00 <DIR> d-------- C:\Documents and Settings\rahul\Application Data\iolo
2007-10-14 00:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\iolo
2007-10-11 21:41 <DIR> d-------- C:\Documents and Settings\rahul\Application Data\PC Tools
2007-10-11 21:41 83,024 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2007-10-11 21:41 57,424 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2007-10-11 21:41 53,840 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2007-10-11 21:41 39,376 --a------ C:\WINDOWS\system32\drivers\ikfileflt.sys
2007-10-11 21:41 29,264 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2007-10-11 14:06 <DIR> d-------- C:\Program Files\MSECache
2007-10-10 23:03 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2007-10-10 20:33 32,768 --a------ C:\xp_emergencyutil.exe
2007-10-10 20:18 <DIR> d-------- C:\EmergencyUtils
2007-10-10 16:47 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-10-10 16:47 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-10-10 14:32 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-10-10 13:08 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy
2007-10-10 12:46 <DIR> d-------- C:\Documents and Settings\rahul\Application Data\True Sword
2007-10-09 23:10 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2007-10-09 23:09 <DIR> d-------- C:\WINDOWS\Internet Logs
2007-10-09 21:43 <DIR> d-------- C:\Documents and Settings\rahul\.housecall6.6
2007-10-08 00:51 <DIR> d-------- C:\Program Files\xp-AntiSpy
2007-10-08 00:33 <DIR> d-------- C:\WINDOWS\Sun
2007-10-08 00:33 <DIR> d-------- C:\Documents and Settings\rahul\Application Data\uTorrent
2007-10-08 00:11 <DIR> d-------- C:\Documents and Settings\rahul\Application Data\Azureus
2007-10-08 00:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Azureus
2007-10-08 00:07 <DIR> d-------- C:\Program Files\Java
2007-10-08 00:07 <DIR> d-------- C:\Program Files\Common Files\Java
2007-10-07 09:27 <DIR> d-------- C:\Program Files\Microsoft.NET
2007-10-07 09:20 <DIR> d-------- C:\Program Files\FRONTPAGE
2007-10-06 23:36 <DIR> d-------- C:\WINDOWS\vbSkinner
2007-10-06 23:32 <DIR> d-------- C:\Program Files\PFConfig
2007-10-05 20:34 <DIR> d-------- C:\Documents and Settings\rahul\System
2007-10-05 20:34 <DIR> d-------- C:\Documents and Settings\rahul\Application Data\SmartDraw
2007-10-02 20:10 114,688 --a------ C:\WINDOWS\system32\oci.dll
2007-10-02 20:10 114,688 --a------ C:\WINDOWS\system\oci.dll
2007-10-02 17:44 <DIR> d-------- C:\Program Files\Oracle
2007-09-30 08:25 <DIR> d--hs---- C:\FOUND.000
2007-09-29 18:51 <DIR> d-------- C:\Program Files\Google
2007-09-29 16:04 <DIR> d-------- C:\Documents and Settings\rahul\Application Data\My Games
2007-09-29 12:46 <DIR> d---s---- C:\Documents and Settings\rahul\UserData
2007-09-29 07:01 <DIR> d-------- C:\Documents and Settings\rahul\Application Data\Xfire
2007-09-29 06:39 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll
2007-09-28 20:09 <DIR> d-------- C:\Documents and Settings\rahul\Application Data\IDM
2007-09-28 09:22 <DIR> d-------- C:\Program Files\MSXML 4.0
2007-09-28 03:00 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2007-09-28 03:00 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2007-09-26 21:47 <DIR> d-------- C:\Program Files\Internet Download Manager
2007-09-26 21:41 202,424 --a------ C:\WINDOWS\system32\idmmbc.dll
2007-09-26 21:40 <DIR> d-------- C:\Documents and Settings\rahul\Application Data\DMCache
2007-09-26 12:14 1,277 --a------ C:\WINDOWS\mozver.dat
2007-09-26 11:26 <DIR> d-------- C:\Program Files\SystemRequirementsLab
2007-09-26 10:10 <DIR> d-------- C:\WINDOWS\system32\oodag
2007-09-25 11:14 <DIR> d-------- C:\Documents and Settings\rahul\Application Data\vlc
2007-09-25 06:21 <DIR> d-------- C:\WINDOWS\pss
2007-09-25 06:18 <DIR> d-------- C:\Program Files\Common Files\Adobe
2007-09-25 06:13 26,496 --a------ C:\WINDOWS\system32\dllcache\usbstor.sys
2007-09-25 06:05 0 --a------ C:\WINDOWS\nsreg.dat
2007-09-25 06:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2007-09-25 05:27 <DIR> d-------- C:\Program Files\HP
2007-09-25 05:27 626,960 -ra------ C:\WINDOWS\system32\hpvaut32.dll
2007-09-25 05:27 487,424 -ra------ C:\WINDOWS\system32\hpvcp70.dll
2007-09-25 05:27 344,064 -ra------ C:\WINDOWS\system32\hpvcr70.dll
2007-09-25 05:27 306,688 --a------ C:\WINDOWS\IsUninst.exe
2007-09-25 05:27 82,432 -ra------ C:\WINDOWS\system32\MSXML4r.dll
2007-09-25 05:27 44,544 -ra------ C:\WINDOWS\system32\MSXML4a.dll
2007-09-25 05:26 <DIR> d-------- C:\Program Files\Hewlett-Packard
2007-09-25 05:24 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2007-09-25 05:24 25,856 --a------ C:\WINDOWS\system32\dllcache\usbprint.sys
2007-09-25 04:05 24,064 --------- C:\WINDOWS\system32\msxml3a.dll
2007-09-25 04:04 <DIR> d-------- C:\Program Files\CyberLink
2007-09-25 04:04 <DIR> d-------- C:\Program Files\Common Files\LightScribe
2007-09-25 04:04 499,712 --------- C:\WINDOWS\system32\msvcp71.dll
2007-09-25 04:04 348,160 --------- C:\WINDOWS\system32\msvcr71.dll
2007-09-25 04:03 <DIR> d-------- C:\Documents and Settings\rahul\Application Data\Ahead

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-06 17:49 359,808 ----a-w C:\WINDOWS\system32\drivers\TCPIP.SYS.ORIGINAL
2007-10-06 17:49 359,808 ----a-w C:\WINDOWS\system32\drivers\TCPIP.SYS
2007-10-06 17:49 359,808 ----a-w C:\WINDOWS\system32\dllcache\TCPIP.SYS
2007-09-29 10:30 163,644 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-09-24 22:29 --------- d-----w C:\Program Files\Nero
2007-09-24 22:29 --------- d-----w C:\Program Files\Common Files\Ahead
2007-09-24 22:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero
2007-09-24 22:23 --------- d-----w C:\Program Files\Microsoft ActiveSync
2007-09-24 22:13 --------- d-----w C:\Program Files\Winamp
2007-09-24 22:00 --------- d-----w C:\Program Files\Analog Devices
2007-09-24 21:59 --------- d-----w C:\Program Files\Intel
2007-09-24 21:58 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-09-24 21:58 --------- d-----w C:\Program Files\Common Files\InstallShield
2007-09-24 21:44 --------- d-----w C:\Program Files\microsoft frontpage
2007-08-22 13:12 96,256 ----a-w C:\WINDOWS\system32\dllcache\inseng.dll
2007-08-22 13:12 658,944 ----a-w C:\WINDOWS\system32\dllcache\wininet.dll
2007-08-22 13:12 615,424 ----a-w C:\WINDOWS\system32\dllcache\urlmon.dll
2007-08-22 13:12 55,808 ----a-w C:\WINDOWS\system32\dllcache\extmgr.dll
2007-08-22 13:12 532,480 ----a-w C:\WINDOWS\system32\dllcache\mstime.dll
2007-08-22 13:12 474,112 ----a-w C:\WINDOWS\system32\dllcache\shlwapi.dll
2007-08-22 13:12 449,024 ----a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-08-22 13:12 39,424 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
2007-08-22 13:12 357,888 ----a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
2007-08-22 13:12 3,058,176 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2007-08-22 13:12 251,392 ----a-w C:\WINDOWS\system32\dllcache\iepeers.dll
2007-08-22 13:12 205,312 ----a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
2007-08-22 13:12 16,384 ----a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-08-22 13:12 151,040 ----a-w C:\WINDOWS\system32\dllcache\cdfview.dll
2007-08-22 13:12 146,432 ----a-w C:\WINDOWS\system32\dllcache\msrating.dll
2007-08-22 13:12 1,494,528 ----a-w C:\WINDOWS\system32\dllcache\shdocvw.dll
2007-08-22 13:12 1,054,208 ----a-w C:\WINDOWS\system32\dllcache\danim.dll
2007-08-22 13:12 1,022,976 ----a-w C:\WINDOWS\system32\dllcache\browseui.dll
2007-08-21 10:30 18,432 ----a-w C:\WINDOWS\system32\dllcache\iedw.exe
2007-08-21 06:15 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-08-21 06:15 683,520 ----a-w C:\WINDOWS\system32\dllcache\inetcomm.dll
2007-07-30 13:49 92,504 ----a-w C:\WINDOWS\system32\dllcache\cdm.dll
2007-07-30 13:49 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-07-30 13:49 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-07-30 13:49 549,720 ----a-w C:\WINDOWS\system32\dllcache\wuapi.dll
2007-07-30 13:49 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-07-30 13:49 53,080 ----a-w C:\WINDOWS\system32\dllcache\wuauclt.exe
2007-07-30 13:49 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-07-30 13:49 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-07-30 13:49 325,976 ----a-w C:\WINDOWS\system32\dllcache\wucltui.dll
2007-07-30 13:49 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-07-30 13:49 203,096 ----a-w C:\WINDOWS\system32\dllcache\wuweb.dll
2007-07-30 13:49 1,712,984 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-07-30 13:49 1,712,984 ----a-w C:\WINDOWS\system32\dllcache\wuaueng.dll
2007-07-30 13:48 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-07-30 13:48 33,624 ----a-w C:\WINDOWS\system32\dllcache\wups.dll
.

((((((((((((((((((((((((((((( snapshot@2007-10-14_12.13.21.28 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-07-09 13:16:16 582,656 ------w C:\WINDOWS\$hf_mig$\KB933729\SP2QFE\rpcrt4.dll
+ 2007-06-19 07:24:36 350,720 ------w C:\WINDOWS\$hf_mig$\KB933729\SP2QFE\xpsp3res.dll
+ 2005-10-12 23:12:26 14,048 ------w C:\WINDOWS\$hf_mig$\KB933729\spmsg.dll
+ 2005-10-12 23:12:26 213,216 ------w C:\WINDOWS\$hf_mig$\KB933729\spuninst.exe
+ 2005-10-12 23:12:26 22,752 ------w C:\WINDOWS\$hf_mig$\KB933729\update\spcustom.dll
+ 2005-10-12 23:12:28 716,000 ------w C:\WINDOWS\$hf_mig$\KB933729\update\update.exe
+ 2005-10-12 23:12:34 371,424 ------w C:\WINDOWS\$hf_mig$\KB933729\update\updspapi.dll
+ 2007-08-22 12:55:28 1,022,976 ------w C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\browseui.dll
+ 2007-08-22 12:55:30 151,040 ------w C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\cdfview.dll
+ 2007-08-22 12:55:30 1,054,208 ------w C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\danim.dll
+ 2007-08-22 12:55:30 357,888 ------w C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\dxtmsft.dll
+ 2007-08-22 12:55:32 205,824 ------w C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\dxtrans.dll
+ 2007-08-22 12:55:32 55,808 ------w C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\extmgr.dll
+ 2007-08-21 10:19:40 18,432 ------w C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\iedw.exe
+ 2007-08-22 12:55:32 251,904 ------w C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\iepeers.dll
+ 2007-08-22 12:55:32 96,256 ------w C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\inseng.dll
+ 2007-08-22 12:55:32 16,384 ------w C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\jsproxy.dll
+ 2007-08-22 12:55:36 3,064,832 ------w C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\mshtml.dll
+ 2007-08-22 12:55:38 449,024 ------w C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\mshtmled.dll
+ 2007-08-22 12:55:38 146,432 ------w C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\msrating.dll
+ 2007-08-22 12:55:38 532,480 ------w C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\mstime.dll
+ 2007-08-22 12:55:38 39,424 ------w C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\pngfilt.dll
+ 2007-08-22 12:55:40 1,498,112 ------w C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\shdocvw.dll
+ 2007-08-22 12:55:42 474,112 ------w C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\shlwapi.dll
+ 2007-08-22 12:55:44 617,984 ------w C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\urlmon.dll
+ 2007-08-22 12:55:44 665,600 ------w C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\wininet.dll
+ 2007-08-21 10:13:34 350,720 ------w C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\xpsp3res.dll
+ 2007-03-06 01:22:36 14,048 ------w C:\WINDOWS\$hf_mig$\KB939653\spmsg.dll
+ 2007-03-06 01:22:42 213,216 ------w C:\WINDOWS\$hf_mig$\KB939653\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ------w C:\WINDOWS\$hf_mig$\KB939653\update\spcustom.dll
+ 2007-03-06 01:23:00 716,000 ------w C:\WINDOWS\$hf_mig$\KB939653\update\update.exe
+ 2007-03-06 01:23:52 371,424 ------w C:\WINDOWS\$hf_mig$\KB939653\update\updspapi.dll
+ 2007-08-21 06:25:02 683,520 ------w C:\WINDOWS\$hf_mig$\KB941202\SP2QFE\inetcomm.dll
+ 2007-03-06 01:22:36 14,048 ------w C:\WINDOWS\$hf_mig$\KB941202\spmsg.dll
+ 2007-03-06 01:22:42 213,216 ------w C:\WINDOWS\$hf_mig$\KB941202\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ------w C:\WINDOWS\$hf_mig$\KB941202\update\spcustom.dll
+ 2007-03-06 01:23:00 716,000 ------w C:\WINDOWS\$hf_mig$\KB941202\update\update.exe
+ 2007-03-06 01:23:52 371,424 ------w C:\WINDOWS\$hf_mig$\KB941202\update\updspapi.dll
+ 2004-08-03 13:56:46 581,120 ------w C:\WINDOWS\$NtUninstallKB933729$\rpcrt4.dll
+ 2005-10-12 23:12:26 213,216 ------w C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe
+ 2005-10-12 23:12:34 371,424 ------w C:\WINDOWS\$NtUninstallKB933729$\spuninst\updspapi.dll
+ 2007-06-14 18:09:18 1,023,488 ------w C:\WINDOWS\$NtUninstallKB939653$\browseui.dll
+ 2007-06-14 18:09:18 151,040 ------w C:\WINDOWS\$NtUninstallKB939653$\cdfview.dll
+ 2007-06-14 18:09:18 1,054,208 ------w C:\WINDOWS\$NtUninstallKB939653$\danim.dll
+ 2007-06-14 18:09:18 357,888 ------w C:\WINDOWS\$NtUninstallKB939653$\dxtmsft.dll
+ 2007-06-14 18:09:20 205,312 ------w C:\WINDOWS\$NtUninstallKB939653$\dxtrans.dll
+ 2007-06-14 18:09:20 55,808 ------w C:\WINDOWS\$NtUninstallKB939653$\extmgr.dll
+ 2007-06-14 14:07:24 18,432 ------w C:\WINDOWS\$NtUninstallKB939653$\iedw.exe
+ 2007-06-14 18:09:20 251,392 ------w C:\WINDOWS\$NtUninstallKB939653$\iepeers.dll
+ 2007-06-14 18:09:20 96,256 ------w C:\WINDOWS\$NtUninstallKB939653$\inseng.dll
+ 2007-06-14 18:09:20 16,384 ------w C:\WINDOWS\$NtUninstallKB939653$\jsproxy.dll
+ 2007-06-14 18:09:20 3,058,688 ------w C:\WINDOWS\$NtUninstallKB939653$\mshtml.dll
+ 2007-06-14 18:09:20 449,024 ------w C:\WINDOWS\$NtUninstallKB939653$\mshtmled.dll
+ 2007-06-14 18:09:20 146,432 ------w C:\WINDOWS\$NtUninstallKB939653$\msrating.dll
+ 2007-06-14 18:09:20 532,480 ------w C:\WINDOWS\$NtUninstallKB939653$\mstime.dll
+ 2007-06-14 18:09:20 39,424 ------w C:\WINDOWS\$NtUninstallKB939653$\pngfilt.dll
+ 2007-06-14 18:09:20 1,494,528 ------w C:\WINDOWS\$NtUninstallKB939653$\shdocvw.dll
+ 2007-06-14 18:09:20 474,112 ------w C:\WINDOWS\$NtUninstallKB939653$\shlwapi.dll
+ 2007-03-06 01:22:42 213,216 ------w C:\WINDOWS\$NtUninstallKB939653$\spuninst\spuninst.exe
+ 2007-03-06 01:23:52 371,424 ------w C:\WINDOWS\$NtUninstallKB939653$\spuninst\updspapi.dll
+ 2007-06-14 18:09:20 615,424 ------w C:\WINDOWS\$NtUninstallKB939653$\urlmon.dll
+ 2007-06-26 14:09:10 658,944 ------w C:\WINDOWS\$NtUninstallKB939653$\wininet.dll
+ 2007-06-14 13:39:54 115,712 ------w C:\WINDOWS\$NtUninstallKB939653$\xpsp3res.dll
+ 2007-05-16 15:12:02 683,520 ------w C:\WINDOWS\$NtUninstallKB941202$\inetcomm.dll
+ 2007-03-06 01:22:42 213,216 ------w C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe
+ 2007-03-06 01:23:52 371,424 ------w C:\WINDOWS\$NtUninstallKB941202$\spuninst\updspapi.dll
+ 2007-03-13 05:27:12 163,328 ----a-w C:\WINDOWS\erdnt\subs\F3M\ERDNT.exe
+ 2007-10-10 07:45:34 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX\ERDNT.exe
+ 2007-10-14 18:26:48 4,710,400 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\[u]0[/u]0000001\ntuser.dat
+ 2007-10-14 18:26:48 159,744 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\[u]0[/u]0000002\UsrClass.dat
+ 2007-10-10 07:45:34 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNT.exe
+ 2007-10-14 18:26:38 4,710,400 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\[u]0[/u]0000001\ntuser.dat
+ 2007-10-14 18:26:38 159,744 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\[u]0[/u]0000002\UsrClass.dat
+ 2007-08-22 13:12:16 1,022,976 ----a-w C:\WINDOWS\SoftwareDistribution\Download\[u]0[/u]474e07262334919ca66aaa879430a63\sp2gdr\browseui.dll
+ 2007-08-22 13:12:16 151,040 ----a-w C:\WINDOWS\SoftwareDistribution\Download\[u]0[/u]474e07262334919ca66aaa879430a63\sp2gdr\cdfview.dll
+ 2007-08-22 13:12:16 1,054,208 ----a-w C:\WINDOWS\SoftwareDistribution\Download\[u]0[/u]474e07262334919ca66aaa879430a63\sp2gdr\danim.dll
+ 2007-08-22 13:12:16 357,888 ----a-w C:\WINDOWS\SoftwareDistribution\Download\[u]0[/u]474e07262334919ca66aaa879430a63\sp2gdr\dxtmsft.dll
+ 2007-08-22 13:12:16 205,312 ----a-w C:\WINDOWS\SoftwareDistribution\Download\[u]0[/u]474e07262334919ca66aaa879430a63\sp2gdr\dxtrans.dll
+ 2007-08-22 13:12:16 55,808 ----a-w C:\WINDOWS\SoftwareDistribution\Download\[u]0[/u]474e07262334919ca66aaa879430a63\sp2gdr\extmgr.dll
+ 2007-08-21 10:30:46 18,432 ----a-w C:\WINDOWS\SoftwareDistribution\Download\[u]0[/u]474e07262334919ca66aaa879430a63\sp2gdr\iedw.exe
+ 2007-08-22 13:12:16 251,392 ----a-w C:\WINDOWS\SoftwareDistribution\Download\[u]0[/u]474e07262334919ca66aaa879430a63\sp2gdr\iepeers.dll
+ 2007-08-22 13:12:16 96,256 ----a-w C:\WINDOWS\SoftwareDistribution\Download\[u]0[/u]474e07262334919ca66aaa879430a63\sp2gdr\inseng.dll
+ 2007-08-22 13:12:16 16,384 ----a-w C:\WINDOWS\SoftwareDistribution\Download\[u]0[/u]474e07262334919ca66aaa879430a63\sp2gdr\jsproxy.dll
+ 2007-08-22 13:12:18 3,058,176 ----a-w C:\WINDOWS\SoftwareDistribution\Download\[u]0[/u]474e07262334919ca66aaa879430a63\sp2gdr\mshtml.dll
+ 2007-08-22 13:12:18 449,024 ----a-w C:\WINDOWS\SoftwareDistribution\Download\[u]0[/u]474e07262334919ca66aaa879430a63\sp2gdr\mshtmled.dll
+ 2007-08-22 13:12:18 146,432 ----a-w C:\WINDOWS\SoftwareDistribution\Download\[u]0[/u]474e07262334919ca66aaa879430a63\sp2gdr\msrating.dll
+ 2007-08-22 13:12:18 532,480 ----a-w C:\WINDOWS\SoftwareDistribution\Download\[u]0[/u]474e07262334919ca66aaa879430a63\sp2gdr\mstime.dll
+ 2007-08-22 13:12:18 39,424 ----a-w C:\WINDOWS\SoftwareDistribution\Download\[u]0[/u]474e07262334919ca66aaa879430a63\sp2gdr\pngfilt.dll
+ 2007-08-22 13:12:18 1,494,528 ----a-w C:\WINDOWS\SoftwareDistribution\Download\[u]0[/u]474e07262334919ca66aaa879430a63\sp2gdr\shdocvw.dll
+ 2007-08-22 13:12:18 474,112 ----a-w C:\WINDOWS\SoftwareDistribution\Download\[u]0[/u]474e07262334919ca66aaa879430a63\sp2gdr\shlwapi.dll
+ 2007-08-22 13:12:18 615,424 ----a-w C:\WINDOWS\SoftwareDistribution\Download\[u]0[/u]474e07262334919ca66aaa879430a63\sp2gdr\urlmon.dll
+ 2007-08-22 13:12:18 658,944 ----a-w C:\WINDOWS\SoftwareDistribution\Download\[u]0[/u]474e07262334919ca66aaa879430a63\sp2gdr\wininet.dll
+ 2007-08-21 10:20:02 115,712 ----a-w C:\WINDOWS\SoftwareDistribution\Download\[u]0[/u]474e07262334919ca66aaa879430a63\sp2gdr\xpsp3res.dll
+ 2007-08-22 12:55:28 1,022,976 ----a-w C:\WINDOWS\SoftwareDistribution\Download\[u]0[/u]474e07262334919ca66aaa879430a63\sp2qfe\browseui.dll
+ 2007-08-22 12:55:30 151,040 ----a-w C:\WINDOWS\SoftwareDistribution\Download\[u]0[/u]474e07262334919ca66aaa879430a63\sp2qfe\cdfview.dll
+ 2007-08-22 12:55:30 1,054,208 ----a-w C:\WINDOWS\SoftwareDistribution\Download\[u]0[/u]474e07262334919ca66aaa879430a63\sp2qfe\danim.dll
+ 2007-08-22 12:55:30 357,888 ----a-w C:\WINDOWS\SoftwareDistribution\Download\[u]0[/u]474e07262334919ca66aaa879430a63\sp2qfe\dxtmsft.dll
+ 2007-08-22 12:55:32 205,824 ----a-w C:\WINDOWS\SoftwareDistribution\Download\[u]0[/u]474e07262334919ca66aaa879430a63\sp2qfe\dxtrans.dll
+ 2007-08-22 12:55:32 55,808 ----a-w C:\WINDOWS\SoftwareDistribution\Download\[u]0[/u]474e07262334919ca66aaa879430a63\sp2qfe\extmgr.dll
+ 2007-08-21 10:19:40 18,432 ----a-w C:\WINDOWS\SoftwareDistribution\Download\[u]0[/u]474e07262334919ca66aaa879430a63\sp2qfe\iedw.exe
+ 2007-08-22 12:55:32 251,904 ----a-w C:\WINDOWS\SoftwareDistribution\Download\[u]0[/u]474e07262334919ca66aaa879430a63\sp2qfe\iepeers.dll
+ 2007-08-22 12:55:32 96,256 ----a-w C:\WINDOWS\SoftwareDistribution\Download\[u]0[/u]474e07262334919ca66aaa879430a63\sp2qfe\inseng.dll
+ 2007-08-22 12:55:32 16,384 ----a-w C:\WINDOWS\SoftwareDistribution\Download\[u]0[/u]474e07262334919ca66aaa879430a63\sp2qfe\jsproxy.dll
+ 2007-08-22 12:55:36 3,064,832 ----a-w C:\WINDOWS\SoftwareDistribution\Download\[u]0[/u]474e07262334919ca66aaa879430a63\sp2qfe\mshtml.dll
+ 2007-08-22 12:55:38 449,024 ----a-w C:\WINDOWS\SoftwareDistribution\Download\[u]0[/u]474e07262334919ca66aaa879430a63\sp2qfe\mshtmled.dll
+ 2007-08-22 12:55:38 146,432 ----a-w C:\WINDOWS\SoftwareDistribution\Download\[u]0[/u]474e07262334919ca66aaa879430a63\sp2qfe\msrating.dll
+ 2007-08-22 12:55:38 532,480 ----a-w C:\WINDOWS\SoftwareDistribution\Download\[u]0[/u]474e07262334919ca66aaa879430a63\sp2qfe\mstime.dll
+ 2007-08-22 12:55:38 39,424 ----a-w C:\WINDOWS\SoftwareDistribution\Download\[u]0[/u]474e07262334919ca66aaa879430a63\sp2qfe\pngfilt.dll
+ 2007-08-22 12:55:40 1,498,112 ----a-w C:\WINDOWS\SoftwareDistribution\Download\[u]0[/u]474e07262334919ca66aaa879430a63\sp2qfe\shdocvw.dll
+ 2007-08-22 12:55:42 474,112 ----a-w C:\WINDOWS\SoftwareDistribution\Download\[u]0[/u]474e07262334919ca66aaa879430a63\sp2qfe\shlwapi.dll
+ 2007-08-22 12:55:44 617,984 ----a-w C:\WINDOWS\SoftwareDistribution\Download\[u]0[/u]474e07262334919ca66aaa879430a63\sp2qfe\urlmon.dll
+ 2007-08-22 12:55:44 665,600 ----a-w C:\WINDOWS\SoftwareDistribution\Download\[u]0[/u]474e07262334919ca66aaa879430a63\sp2qfe\wininet.dll
+ 2007-08-21 10:13:34 350,720 ----a-w C:\WINDOWS\SoftwareDistribution\Download\[u]0[/u]474e07262334919ca66aaa879430a63\sp2qfe\xpsp3res.dll
+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\SoftwareDistribution\Download\[u]0[/u]474e07262334919ca66aaa879430a63\spmsg.dll
+ 2007-03-06 01:22:42 213,216 ----a-w C:\WINDOWS\SoftwareDistribution\Download\[u]0[/u]474e07262334919ca66aaa879430a63\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\SoftwareDistribution\Download\[u]0[/u]474e07262334919ca66aaa879430a63\update\spcustom.dll
+ 2007-03-06 01:23:00 716,000 ----a-w C:\WINDOWS\SoftwareDistribution\Download\[u]0[/u]474e07262334919ca66aaa879430a63\update\update.exe
+ 2007-03-06 01:23:52 371,424 ----a-w C:\WINDOWS\SoftwareDistribution\Download\[u]0[/u]474e07262334919ca66aaa879430a63\update\updspapi.dll
+ 2007-07-09 13:09:42 584,192 ----a-w C:\WINDOWS\SoftwareDistribution\Download\28d74bdac17e30d3a4336176766f2e4a\SP2GDR\rpcrt4.dll
+ 2007-06-13 06:53:14 115,712 ----a-w C:\WINDOWS\SoftwareDistribution\Download\28d74bdac17e30d3a4336176766f2e4a\SP2GDR\xpsp3res.dll
+ 2007-07-09 13:16:16 582,656 ----a-w C:\WINDOWS\SoftwareDistribution\Download\28d74bdac17e30d3a4336176766f2e4a\SP2QFE\rpcrt4.dll
+ 2007-06-19 07:24:36 350,720 ----a-w C:\WINDOWS\SoftwareDistribution\Download\28d74bdac17e30d3a4336176766f2e4a\SP2QFE\xpsp3res.dll
+ 2005-10-12 23:12:26 14,048 ----a-w C:\WINDOWS\SoftwareDistribution\Download\28d74bdac17e30d3a4336176766f2e4a\spmsg.dll
+ 2005-10-12 23:12:26 213,216 ----a-w C:\WINDOWS\SoftwareDistribution\Download\28d74bdac17e30d3a4336176766f2e4a\spuninst.exe
+ 2005-10-12 23:12:26 22,752 ----a-w C:\WINDOWS\SoftwareDistribution\Download\28d74bdac17e30d3a4336176766f2e4a\update\spcustom.dll
+ 2005-10-12 23:12:28 716,000 ----a-w C:\WINDOWS\SoftwareDistribution\Download\28d74bdac17e30d3a4336176766f2e4a\update\update.exe
+ 2005-10-12 23:12:34 371,424 ----a-w C:\WINDOWS\SoftwareDistribution\Download\28d74bdac17e30d3a4336176766f2e4a\update\updspapi.dll
+ 2007-08-21 06:15:44 683,520 ----a-w C:\WINDOWS\SoftwareDistribution\Download\8c426bb59cb8f380ba397304c1c563d0\sp2gdr\inetcomm.dll
+ 2007-08-21 06:25:02 683,520 ----a-w C:\WINDOWS\SoftwareDistribution\Download\8c426bb59cb8f380ba397304c1c563d0\sp2qfe\inetcomm.dll
+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\SoftwareDistribution\Download\8c426bb59cb8f380ba397304c1c563d0\spmsg.dll
+ 2007-03-06 01:22:42 213,216 ----a-w C:\WINDOWS\SoftwareDistribution\Download\8c426bb59cb8f380ba397304c1c563d0\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\SoftwareDistribution\Download\8c426bb59cb8f380ba397304c1c563d0\update\spcustom.dll
+ 2007-03-06 01:23:00 716,000 ----a-w C:\WINDOWS\SoftwareDistribution\Download\8c426bb59cb8f380ba397304c1c563d0\update\update.exe
+ 2007-03-06 01:23:52 371,424 ----a-w C:\WINDOWS\SoftwareDistribution\Download\8c426bb59cb8f380ba397304c1c563d0\update\updspapi.dll
- 2007-06-14 18:09:18 1,023,488 ----a-w C:\WINDOWS\system32\browseui.dll
+ 2007-08-22 13:12:16 1,022,976 ----a-w C:\WINDOWS\system32\browseui.dll
- 2007-06-14 18:09:18 151,040 ----a-w C:\WINDOWS\system32\cdfview.dll
+ 2007-08-22 13:12:16 151,040 ----a-w C:\WINDOWS\system32\cdfview.dll
- 2007-06-14 18:09:18 1,054,208 ----a-w C:\WINDOWS\system32\danim.dll
+ 2007-08-22 13:12:16 1,054,208 ----a-w C:\WINDOWS\system32\danim.dll
- 2004-08-03 19:26:46 581,120 ----a-w C:\WINDOWS\system32\dllcache\rpcrt4.dll
+ 2007-07-09 13:09:42 584,192 ----a-w C:\WINDOWS\system32\dllcache\rpcrt4.dll
- 2007-06-14 18:09:18 357,888 ----a-w C:\WINDOWS\system32\dxtmsft.dll
+ 2007-08-22 13:12:16 357,888 ----a-w C:\WINDOWS\system32\dxtmsft.dll
- 2007-06-14 18:09:20 205,312 ----a-w C:\WINDOWS\system32\dxtrans.dll
+ 2007-08-22 13:12:16 205,312 ----a-w C:\WINDOWS\system32\dxtrans.dll
- 2007-06-14 18:09:20 55,808 ----a-w C:\WINDOWS\system32\extmgr.dll
+ 2007-08-22 13:12:16 55,808 ----a-w C:\WINDOWS\system32\extmgr.dll
- 2007-06-14 18:09:20 251,392 ----a-w C:\WINDOWS\system32\iepeers.dll
+ 2007-08-22 13:12:16 251,392 ----a-w C:\WINDOWS\system32\iepeers.dll
- 2007-06-14 18:09:20 96,256 ----a-w C:\WINDOWS\system32\inseng.dll
+ 2007-08-22 13:12:16 96,256 ----a-w C:\WINDOWS\system32\inseng.dll
- 2007-06-14 18:09:20 16,384 ----a-w C:\WINDOWS\system32\jsproxy.dll
+ 2007-08-22 13:12:16 16,384 ----a-w C:\WINDOWS\system32\jsproxy.dll
- 2007-09-05 14:20:44 17,474,680 ----a-w C:\WINDOWS\system32\MRT.exe
+ 2007-09-28 05:19:40 18,089,592 ----a-w C:\WINDOWS\system32\MRT.exe
- 2007-06-14 18:09:20 3,058,688 ----a-w C:\WINDOWS\system32\mshtml.dll
+ 2007-08-22 13:12:18 3,058,176 ----a-w C:\WINDOWS\system32\mshtml.dll
- 2007-06-14 18:09:20 449,024 ----a-w C:\WINDOWS\system32\mshtmled.dll
+ 2007-08-22 13:12:18 449,024 ----a-w C:\WINDOWS\system32\mshtmled.dll
- 2007-06-14 18:09:20 146,432 ----a-w C:\WINDOWS\system32\msrating.dll
+ 2007-08-22 13:12:18 146,432 ----a-w C:\WINDOWS\system32\msrating.dll
- 2007-06-14 18:09:20 532,480 ----a-w C:\WINDOWS\system32\mstime.dll
+ 2007-08-22 13:12:18 532,480 ----a-w C:\WINDOWS\system32\mstime.dll
- 2007-06-14 18:09:20 39,424 ----a-w C:\WINDOWS\system32\pngfilt.dll
+ 2007-08-22 13:12:18 39,424 ----a-w C:\WINDOWS\system32\pngfilt.dll
- 2004-08-03 13:56:46 581,120 ----a-w C:\WINDOWS\system32\rpcrt4.dll
+ 2007-07-09 13:09:42 584,192 ----a-w C:\WINDOWS\system32\rpcrt4.dll
- 2007-06-14 18:09:20 1,494,528 ----a-w C:\WINDOWS\system32\shdocvw.dll
+ 2007-08-22 13:12:18 1,494,528 ----a-w C:\WINDOWS\system32\shdocvw.dll
- 2007-06-14 18:09:20 474,112 ----a-w C:\WINDOWS\system32\shlwapi.dll
+ 2007-08-22 13:12:18 474,112 ----a-w C:\WINDOWS\system32\shlwapi.dll
- 2006-01-19 19:29:20 14,048 ------w C:\WINDOWS\system32\spmsg.dll
+ 2005-10-12 23:12:26 14,048 ------w C:\WINDOWS\system32\spmsg.dll
- 2007-06-14 18:09:20 615,424 ----a-w C:\WINDOWS\system32\urlmon.dll
+ 2007-08-22 13:12:18 615,424 ----a-w C:\WINDOWS\system32\urlmon.dll
- 2007-06-26 14:09:10 658,944 ----a-w C:\WINDOWS\system32\wininet.dll
+ 2007-08-22 13:12:18 658,944 ----a-w C:\WINDOWS\system32\wininet.dll
- 2007-06-14 13:39:54 115,712 ----a-w C:\WINDOWS\system32\xpsp3res.dll
+ 2007-08-21 10:20:02 115,712 ----a-w C:\WINDOWS\system32\xpsp3res.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [2003-05-29 16:28]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2003-05-30 09:42]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2003-04-07 12:49]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 15:40]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2003-09-01 18:12]
"DeviceDiscovery"="C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe" [2003-05-21 18:37]
"OODefragTray"="C:\WINDOWS\system32\oodtray.exe" [2007-05-11 02:08]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
"SDTray"="D:\Program Files\Spyware Doctor\SDTrayApp.exe" [2007-05-29 15:41]
"SMSystemAnalyzer"="C:\Program Files\iolo\System Mechanic 7\SMSystemAnalyzer.exe" [2007-10-03 09:05]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-10-14 15:53]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IDMan"="C:\Program Files\Internet Download Manager\IDMan.exe" [2007-03-15 21:04]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
"C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
C:\Program Files\Nero\Nero 7\InCD\InCD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
"C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
"C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SecurDisc]
C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe

R2 Pctspk;PCTEL Speaker Phone;C:\WINDOWS\system32\pctspk.exe
R3 Ptserlp;PCTEL Serial Device Driver for PCI;C:\WINDOWS\system32\DRIVERS\ptserlp.sys
S2 OracleDEFAULT_HOMETNSListener;OracleDEFAULT_HOMETNSListener;D:\oracle\ora92\BIN\TNSLSNR
S2 OracleServiceORACLE;OracleServiceORACLE;d:\oracle\ora92\bin\ORACLE.exe ORACLE

.
Contents of the 'Scheduled Tasks' folder
"2007-09-24 23:58:58 C:\WINDOWS\Tasks\HP DArC Task #Hewlett-Packard#deskjet3500#TH3B61228G76.job"
- C:\Program Files\HP\hpcoretech\comp\hpdarc.exe
"2007-10-15 12:20:24 C:\WINDOWS\Tasks\SDMsgUpdate (TE).job"
"2007-10-15 03:30:02 C:\WINDOWS\Tasks\At1.job"
- C:\WINDOWS\system32\SSVICHOSST.exe
.
**************************************************************************

catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-15 19:06:58
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-10-15 19:07:55
C:\ComboFix3.txt ... 2007-10-14 12:14
C:\ComboFix2.txt ... 2007-10-15 00:08
.
--- E O F ---


i have already installed spyware blaster...but it does not scan anything ...or autostart during startup..do ihave to open it during every start up?


0

Response Number 10
Name: jabuck
Date: October 15, 2007 at 10:18:10 Pacific
Reply:

Open notepad and copy and paste everything between the X’s:
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
%systemdrive%
cd C:\WINDOWS\Tasks
attrib -r -s -h At1.job
del At1.job

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Go to File on the top bar and choose" Save As", Change the "Save As Type" to All Files, Name it Remjob.bat then save it to your desktop.

Doubleclick on remjob.bat. A doswindow will open and close again, this is normal.

Set up the computer to view hidden files by going to start>control panel>folder options>view tab>tick the circle beside "show hidden files and folders" and untick the box beside "hide extensions of known file types" and "hide protected system operating files">apply>ok.

Navigate to and delete this file if found:

C:\WINDOWS\system32\SSVICHOSST.exe

If by chance you found the file and were unable to delete it try deleting it from safe mode.

Next, please reboot your computer in Safe Mode by doing the following :

Restart your computer

After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;

Instead of Windows loading as normal, a menu with options should appear;

Select the first option, to run Windows in Safe Mode, then press "Enter".

Choose your usual account.

Post a new Combofix log please.


0

Response Number 11
Name: sahilshah1987
Date: October 16, 2007 at 03:34:12 Pacific
Reply:

ComboFix 07-10-12.4 - rahul 2007-10-15 0:06:02.2 - [color=red][b]FAT32[/b][/color]x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.786 [GMT 5.5:30]
Running from: D:\Downloads\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2007-09-14 to 2007-10-14 )))))))))))))))))))))))))))))))
.

2007-10-14 23:56 <DIR> d-------- C:\WINDOWS\ERUNT
2007-10-14 15:54 512,096 --a------ C:\WINDOWS\system32\drivers\amon.sys
2007-10-14 15:54 298,104 --a------ C:\WINDOWS\system32\imon.dll
2007-10-14 15:54 15,424 --a------ C:\WINDOWS\system32\drivers\nod32drv.sys
2007-10-14 12:09 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-14 11:42 <DIR> d-------- C:\Program Files\Trend Micro
2007-10-14 11:06 <DIR> d-------- C:\WINDOWS\SxsCaPendDel
2007-10-14 00:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Prevx
2007-10-14 00:41 <DIR> d-------- C:\Temp
2007-10-14 00:05 <DIR> d-------- C:\Program Files\iolo
2007-10-14 00:05 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\iolo
2007-10-14 00:05 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\iolo
2007-10-14 00:05 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\iolo
2007-10-14 00:05 378,216 --a------ C:\WINDOWS\system32\Incinerator.dll
2007-10-14 00:05 41,472 --a------ C:\WINDOWS\system32\iolobtdfg.exe
2007-10-14 00:05 25,264 --a------ C:\WINDOWS\system32\smrgdf.exe
2007-10-14 00:04 74,703 --a------ C:\WINDOWS\system32\mfc45.dll
2007-10-14 00:00 <DIR> d-------- C:\Documents and Settings\rahul\Application Data\iolo
2007-10-14 00:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\iolo
2007-10-11 21:41 <DIR> d-------- C:\Documents and Settings\rahul\Application Data\PC Tools
2007-10-11 21:41 83,024 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2007-10-11 21:41 57,424 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2007-10-11 21:41 53,840 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2007-10-11 21:41 39,376 --a------ C:\WINDOWS\system32\drivers\ikfileflt.sys
2007-10-11 21:41 29,264 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2007-10-11 14:06 <DIR> d-------- C:\Program Files\MSECache
2007-10-10 23:03 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2007-10-10 20:33 32,768 --a------ C:\xp_emergencyutil.exe
2007-10-10 20:18 <DIR> d-------- C:\EmergencyUtils
2007-10-10 16:47 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-10-10 16:47 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-10-10 14:32 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-10-10 13:08 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy
2007-10-10 12:46 <DIR> d-------- C:\Documents and Settings\rahul\Application Data\True Sword
2007-10-09 23:10 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2007-10-09 23:09 <DIR> d-------- C:\WINDOWS\Internet Logs
2007-10-09 21:43 <DIR> d-------- C:\Documents and Settings\rahul\.housecall6.6
2007-10-08 00:51 <DIR> d-------- C:\Program Files\xp-AntiSpy
2007-10-08 00:33 <DIR> d-------- C:\WINDOWS\Sun
2007-10-08 00:33 <DIR> d-------- C:\Documents and Settings\rahul\Application Data\uTorrent
2007-10-08 00:11 <DIR> d-------- C:\Documents and Settings\rahul\Application Data\Azureus
2007-10-08 00:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Azureus
2007-10-08 00:07 <DIR> d-------- C:\Program Files\Java
2007-10-08 00:07 <DIR> d-------- C:\Program Files\Common Files\Java
2007-10-07 09:27 <DIR> d-------- C:\Program Files\Microsoft.NET
2007-10-07 09:20 <DIR> d-------- C:\Program Files\FRONTPAGE
2007-10-06 23:36 <DIR> d-------- C:\WINDOWS\vbSkinner
2007-10-06 23:32 <DIR> d-------- C:\Program Files\PFConfig
2007-10-05 20:34 <DIR> d-------- C:\Documents and Settings\rahul\System
2007-10-05 20:34 <DIR> d-------- C:\Documents and Settings\rahul\Application Data\SmartDraw
2007-10-02 20:10 114,688 --a------ C:\WINDOWS\system32\oci.dll
2007-10-02 20:10 114,688 --a------ C:\WINDOWS\system\oci.dll
2007-10-02 17:44 <DIR> d-------- C:\Program Files\Oracle
2007-09-30 08:25 <DIR> d--hs---- C:\FOUND.000
2007-09-29 18:51 <DIR> d-------- C:\Program Files\Google
2007-09-29 16:04 <DIR> d-------- C:\Documents and Settings\rahul\Application Data\My Games
2007-09-29 12:46 <DIR> d---s---- C:\Documents and Settings\rahul\UserData
2007-09-29 07:01 <DIR> d-------- C:\Documents and Settings\rahul\Application Data\Xfire
2007-09-29 06:39 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll
2007-09-28 20:09 <DIR> d-------- C:\Documents and Settings\rahul\Application Data\IDM
2007-09-28 09:22 <DIR> d-------- C:\Program Files\MSXML 4.0
2007-09-28 03:00 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2007-09-28 03:00 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2007-09-26 21:47 <DIR> d-------- C:\Program Files\Internet Download Manager
2007-09-26 21:41 202,424 --a------ C:\WINDOWS\system32\idmmbc.dll
2007-09-26 21:40 <DIR> d-------- C:\Documents and Settings\rahul\Application Data\DMCache
2007-09-26 12:14 1,277 --a------ C:\WINDOWS\mozver.dat
2007-09-26 11:26 <DIR> d-------- C:\Program Files\SystemRequirementsLab
2007-09-26 10:10 <DIR> d-------- C:\WINDOWS\system32\oodag
2007-09-25 11:14 <DIR> d-------- C:\Documents and Settings\rahul\Application Data\vlc
2007-09-25 06:21 <DIR> d-------- C:\WINDOWS\pss
2007-09-25 06:18 <DIR> d-------- C:\Program Files\Common Files\Adobe
2007-09-25 06:13 26,496 --a------ C:\WINDOWS\system32\dllcache\usbstor.sys
2007-09-25 06:05 0 --a------ C:\WINDOWS\nsreg.dat
2007-09-25 06:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2007-09-25 05:27 <DIR> d-------- C:\Program Files\HP
2007-09-25 05:27 626,960 -ra------ C:\WINDOWS\system32\hpvaut32.dll
2007-09-25 05:27 487,424 -ra------ C:\WINDOWS\system32\hpvcp70.dll
2007-09-25 05:27 344,064 -ra------ C:\WINDOWS\system32\hpvcr70.dll
2007-09-25 05:27 306,688 --a------ C:\WINDOWS\IsUninst.exe
2007-09-25 05:27 82,432 -ra------ C:\WINDOWS\system32\MSXML4r.dll
2007-09-25 05:27 44,544 -ra------ C:\WINDOWS\system32\MSXML4a.dll
2007-09-25 05:26 <DIR> d-------- C:\Program Files\Hewlett-Packard
2007-09-25 05:24 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2007-09-25 05:24 25,856 --a------ C:\WINDOWS\system32\dllcache\usbprint.sys
2007-09-25 04:05 24,064 --------- C:\WINDOWS\system32\msxml3a.dll
2007-09-25 04:04 <DIR> d-------- C:\Program Files\CyberLink
2007-09-25 04:04 <DIR> d-------- C:\Program Files\Common Files\LightScribe
2007-09-25 04:04 499,712 --------- C:\WINDOWS\system32\msvcp71.dll
2007-09-25 04:04 348,160 --------- C:\WINDOWS\system32\msvcr71.dll
2007-09-25 04:03 <DIR> d-------- C:\Documents and Settings\rahul\Application Data\Ahead

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-06 17:49 359,808 ----a-w C:\WINDOWS\system32\drivers\TCPIP.SYS.ORIGINAL
2007-10-06 17:49 359,808 ----a-w C:\WINDOWS\system32\drivers\TCPIP.SYS
2007-10-06 17:49 359,808 ----a-w C:\WINDOWS\system32\dllcache\TCPIP.SYS
2007-09-29 10:30 163,644 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-09-24 22:29 --------- d-----w C:\Program Files\Nero
2007-09-24 22:29 --------- d-----w C:\Program Files\Common Files\Ahead
2007-09-24 22:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero
2007-09-24 22:23 --------- d-----w C:\Program Files\Microsoft ActiveSync
2007-09-24 22:13 --------- d-----w C:\Program Files\Winamp
2007-09-24 22:00 --------- d-----w C:\Program Files\Analog Devices
2007-09-24 21:59 --------- d-----w C:\Program Files\Intel
2007-09-24 21:58 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-09-24 21:58 --------- d-----w C:\Program Files\Common Files\InstallShield
2007-09-24 21:44 --------- d-----w C:\Program Files\microsoft frontpage
2007-08-22 13:12 96,256 ----a-w C:\WINDOWS\system32\dllcache\inseng.dll
2007-08-22 13:12 658,944 ----a-w C:\WINDOWS\system32\dllcache\wininet.dll
2007-08-22 13:12 615,424 ----a-w C:\WINDOWS\system32\dllcache\urlmon.dll
2007-08-22 13:12 55,808 ----a-w C:\WINDOWS\system32\dllcache\extmgr.dll
2007-08-22 13:12 532,480 ----a-w C:\WINDOWS\system32\dllcache\mstime.dll
2007-08-22 13:12 474,112 ----a-w C:\WINDOWS\system32\dllcache\shlwapi.dll
2007-08-22 13:12 449,024 ----a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-08-22 13:12 39,424 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
2007-08-22 13:12 357,888 ----a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
2007-08-22 13:12 3,058,176 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2007-08-22 13:12 251,392 ----a-w C:\WINDOWS\system32\dllcache\iepeers.dll
2007-08-22 13:12 205,312 ----a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
2007-08-22 13:12 16,384 ----a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-08-22 13:12 151,040 ----a-w C:\WINDOWS\system32\dllcache\cdfview.dll
2007-08-22 13:12 146,432 ----a-w C:\WINDOWS\system32\dllcache\msrating.dll
2007-08-22 13:12 1,494,528 ----a-w C:\WINDOWS\system32\dllcache\shdocvw.dll
2007-08-22 13:12 1,054,208 ----a-w C:\WINDOWS\system32\dllcache\danim.dll
2007-08-22 13:12 1,022,976 ----a-w C:\WINDOWS\system32\dllcache\browseui.dll
2007-08-21 10:30 18,432 ----a-w C:\WINDOWS\system32\dllcache\iedw.exe
2007-08-21 06:15 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-08-21 06:15 683,520 ----a-w C:\WINDOWS\system32\dllcache\inetcomm.dll
2007-07-30 13:49 92,504 ----a-w C:\WINDOWS\system32\dllcache\cdm.dll
2007-07-30 13:49 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-07-30 13:49 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-07-30 13:49 549,720 ----a-w C:\WINDOWS\system32\dllcache\wuapi.dll
2007-07-30 13:49 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-07-30 13:49 53,080 ----a-w C:\WINDOWS\system32\dllcache\wuauclt.exe
2007-07-30 13:49 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-07-30 13:49 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-07-30 13:49 325,976 ----a-w C:\WINDOWS\system32\dllcache\wucltui.dll
2007-07-30 13:49 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-07-30 13:49 203,096 ----a-w C:\WINDOWS\system32\dllcache\wuweb.dll
2007-07-30 13:49 1,712,984 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-07-30 13:49 1,712,984 ----a-w C:\WINDOWS\system32\dllcache\wuaueng.dll
2007-07-30 13:48 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-07-30 13:48 33,624 ----a-w C:\WINDOWS\system32\dllcache\wups.dll
.

((((((((((((((((((((((((((((( snapshot@2007-10-14_12.13.21.28 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-07-09 13:16:16 582,656 ------w C:\WINDOWS\$hf_mig$\KB933729\SP2QFE\rpcrt4.dll
+ 2007-06-19 07:24:36 350,720 ------w C:\WINDOWS\$hf_mig$\KB933729\SP2QFE\xpsp3res.dll
+ 2005-10-12 23:12:26 14,048 ------w C:\WINDOWS\$hf_mig$\KB933729\spmsg.dll
+ 2005-10-12 23:12:26 213,216 ------w C:\WINDOWS\$hf_mig$\KB933729\spuninst.exe
+ 2005-10-12 23:12:26 22,752 ------w C:\WINDOWS\$hf_mig$\KB933729\update\spcustom.dll
+ 2005-10-12 23:12:28 716,000 ------w C:\WINDOWS\$hf_mig$\KB933729\update\update.exe
+ 2005-10-12 23:12:34 371,424 ------w C:\WINDOWS\$hf_mig$\KB933729\update\updspapi.dll
+ 2007-08-22 12:55:28 1,022,976 ------w C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\browseui.dll
+ 2007-08-22 12:55:30 151,040 ------w C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\cdfview.dll
+ 2007-08-22 12:55:30 1,054,208 ------w C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\danim.dll
+ 2007-08-22 12:55:30 357,888 ------w C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\dxtmsft.dll
+ 2007-08-22 12:55:32 205,824 ------w C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\dxtrans.dll
+ 2007-08-22 12:55:32 55,808 ------w C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\extmgr.dll
+ 2007-08-21 10:19:40 18,432 ------w C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\iedw.exe
+ 2007-08-22 12:55:32 251,904 ------w C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\iepeers.dll
+ 2007-08-22 12:55:32 96,256 ------w C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\inseng.dll
+ 2007-08-22 12:55:32 16,384 ------w C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\jsproxy.dll
+ 2007-08-22 12:55:36 3,064,832 ------w C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\mshtml.dll
+ 2007-08-22 12:55:38 449,024 ------w C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\mshtmled.dll
+ 2007-08-22 12:55:38 146,432 ------w C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\msrating.dll
+ 2007-08-22 12:55:38 532,480 ------w C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\mstime.dll
+ 2007-08-22 12:55:38 39,424 ------w C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\pngfilt.dll
+ 2007-08-22 12:55:40 1,498,112 ------w C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\shdocvw.dll
+ 2007-08-22 12:55:42 474,112 ------w C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\shlwapi.dll
+ 2007-08-22 12:55:44 617,984 ------w C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\urlmon.dll
+ 2007-08-22 12:55:44 665,600 ------w C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\wininet.dll
+ 2007-08-21 10:13:34 350,720 ------w C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\xpsp3res.dll
+ 2007-03-06 01:22:36 14,048 ------w C:\WINDOWS\$hf_mig$\KB939653\spmsg.dll
+ 2007-03-06 01:22:42 213,216 ------w C:\WINDOWS\$hf_mig$\KB939653\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ------w C:\WINDOWS\$hf_mig$\KB939653\update\spcustom.dll
+ 2007-03-06 01:23:00 716,000 ------w C:\WINDOWS\$hf_mig$\KB939653\update\update.exe
+ 2007-03-06 01:23:52 371,424 ------w C:\WINDOWS\$hf_mig$\KB939653\update\updspapi.dll
+ 2007-08-21 06:25:02 683,520 ------w C:\WINDOWS\$hf_mig$\KB941202\SP2QFE\inetcomm.dll
+ 2007-03-06 01:22:36 14,048 ------w C:\WINDOWS\$hf_mig$\KB941202\spmsg.dll
+ 2007-03-06 01:22:42 213,216 ------w C:\WINDOWS\$hf_mig$\KB941202\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ------w C:\WINDOWS\$hf_mig$\KB941202\update\spcustom.dll
+ 2007-03-06 01:23:00 716,000 ------w C:\WINDOWS\$hf_mig$\KB941202\update\update.exe
+ 2007-03-06 01:23:52 371,424 ------w C:\WINDOWS\$hf_mig$\KB941202\update\updspapi.dll
+ 2004-08-03 13:56:46 581,120 ------w C:\WINDOWS\$NtUninstallKB933729$\rpcrt4.dll
+ 2005-10-12 23:12:26 213,216 ------w C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe
+ 2005-10-12 23:12:34 371,424 ------w C:\WINDOWS\$NtUninstallKB933729$\spuninst\updspapi.dll
+ 2007-06-14 18:09:18 1,023,488 ------w C:\WINDOWS\$NtUninstallKB939653$\browseui.dll
+ 2007-06-14 18:09:18 151,040 ------w C:\WINDOWS\$NtUninstallKB939653$\cdfview.dll
+ 2007-06-14 18:09:18 1,054,208 ------w C:\WINDOWS\$NtUninstallKB939653$\danim.dll
+ 2007-06-14 18:09:18 357,888 ------w C:\WINDOWS\$NtUninstallKB939653$\dxtmsft.dll
+ 2007-06-14 18:09:20 205,312 ------w C:\WINDOWS\$NtUninstallKB939653$\dxtrans.dll
+ 2007-06-14 18:09:20 55,808 ------w C:\WINDOWS\$NtUninstallKB939653$\extmgr.dll
+ 2007-06-14 14:07:24 18,432 ------w C:\WINDOWS\$NtUninstallKB939653$\iedw.exe
+ 2007-06-14 18:09:20 251,392 ------w C:\WINDOWS\$NtUninstallKB939653$\iepeers.dll
+ 2007-06-14 18:09:20 96,256 ------w C:\WINDOWS\$NtUninstallKB939653$\inseng.dll
+ 2007-06-14 18:09:20 16,384 ------w C:\WINDOWS\$NtUninstallKB939653$\jsproxy.dll
+ 2007-06-14 18:09:20 3,058,688 ------w C:\WINDOWS\$NtUninstallKB939653$\mshtml.dll
+ 2007-06-14 18:09:20 449,024 ------w C:\WINDOWS\$NtUninstallKB939653$\mshtmled.dll
+ 2007-06-14 18:09:20 146,432 ------w C:\WINDOWS\$NtUninstallKB939653$\msrating.dll
+ 2007-06-14 18:09:20 532,480 ------w C:\WINDOWS\$NtUninstallKB939653$\mstime.dll
+ 2007-06-14 18:09:20 39,424 ------w C:\WINDOWS\$NtUninstallKB939653$\pngfilt.dll
+ 2007-06-14 18:09:20 1,494,528 ------w C:\WINDOWS\$NtUninstallKB939653$\shdocvw.dll
+ 2007-06-14 18:09:20 474,112 ------w C:\WINDOWS\$NtUninstallKB939653$\shlwapi.dll
+ 2007-03-06 01:22:42 213,216 ------w C:\WINDOWS\$NtUninstallKB939653$\spuninst\spuninst.exe
+ 2007-03-06 01:23:52 371,424 ------w C:\WINDOWS\$NtUninstallKB939653$\spuninst\updspapi.dll
+ 2007-06-14 18:09:20 615,424 ------w C:\WINDOWS\$NtUninstallKB939653$\urlmon.dll
+ 2007-06-26 14:09:10 658,944 ------w C:\WINDOWS\$NtUninstallKB939653$\wininet.dll
+ 2007-06-14 13:39:54 115,712 ------w C:\WINDOWS\$NtUninstallKB939653$\xpsp3res.dll
+ 2007-05-16 15:12:02 683,520 ------w C:\WINDOWS\$NtUninstallKB941202$\inetcomm.dll
+ 2007-03-06 01:22:42 213,216 ------w C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe
+ 2007-03-06 01:23:52 371,424 ------w C:\WINDOWS\$NtUninstallKB941202$\spuninst\updspapi.dll
+ 2007-03-13 05:27:12 163,328 ----a-w C:\WINDOWS\erdnt\subs\F3M\ERDNT.exe
+ 2007-10-10 07:45:34 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX\ERDNT.exe
+ 2007-10-14 18:26:48 4,710,400 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\[u]0[/u]0000001\ntuser.dat
+ 2007-10-14 18:26:48 159,744 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\[u]0[/u]0000002\UsrClass.dat
+ 2007-10-10 07:45:34 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNT.exe
+ 2007-10-14 18:26:38 4,710,400 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\[u]0[/u]0000001\ntuser.dat
+ 2007-10-14 18:26:38 159,744 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\[u]0[/u]0000002\UsrClass.dat
+ 2007-08-22 13:12:16 1,022,976 ----a-w C:\WINDOWS\SoftwareDistribution\Download\[u]0[/u]474e07262334919ca66aaa879430a63\sp2gdr\browseui.dll
+ 2007-08-22 13:12:16 151,040 ----a-w C:\WINDOWS\SoftwareDistribution\Download\[u]0[/u]474e07262334919ca66aaa879430a63\sp2gdr\cdfview.dll
+ 2007-08-22 13:12:16 1,054,208 ----a-w C:\WINDOWS\SoftwareDistribution\Download\[u]0[/u]474e07262334919ca66aaa879430a63\sp2gdr\danim.dll
+ 2007-08-22 13:12:16 357,888 ----a-w C:\WINDOWS\SoftwareDistribution\Download\[u]0[/u]474e07262334919ca66aaa879430a63\sp2gdr\dxtmsft.dll
+ 2007-08-22 13:12:16 205,312 ----a-w C:\WINDOWS\SoftwareDistribution\Download\[u]0[/u]474e07262334919ca66aaa879430a63\sp2gdr\dxtrans.dll
+ 2007-08-22 13:12:16 55,808 ----a-w C:\WINDOWS\SoftwareDistribution\Download\[u]0[/u]474e07262334919ca66aaa879430a63\sp2gdr\extmgr.dll
+ 2007-08-21 10:30:46 18,432 ----a-w C:\WINDOWS\SoftwareDistribution\Download\[u]0[/u]474e07262334919ca66aaa879430a63\sp2gdr\iedw.exe
+ 2007-08-22 13:12:16 251,392 ----a-w C:\WINDOWS\SoftwareDistribution\Download\[u]0[/u]474e07262334919ca66aaa879430a63\sp2gdr\iepeers.dll
+ 2007-08-22 13:12:16 96,256 ----a-w C:\WINDOWS\SoftwareDistribution\Download\[u]0[/u]474e07262334919ca66aaa879430a63\sp2gdr\inseng.dll
+ 2007-08-22 13:12:16 16,384 ----a-w C:\WINDOWS\SoftwareDistribution\Download\[u]0[/u]474e07262334919ca66aaa879430a63\sp2gdr\jsproxy.dll
+ 2007-08-22 13:12:18 3,058,176 ----a-w C:\WINDOWS\SoftwareDistribution\Download\[u]0[/u]474e07262334919ca66aaa879430a63\sp2gdr\mshtml.dll
+ 2007-08-22 13:12:18 449,024 ----a-w C:\WINDOWS\SoftwareDistribution\Download\[u]0[/u]474e07262334919ca66aaa879430a63\sp2gdr\mshtmled.dll
+ 2007-08-22 13:12:18 146,432 ----a-w C:\WINDOWS\SoftwareDistribution\Download\[u]0[/u]474e07262334919ca66aaa879430a63\sp2gdr\msrating.dll
+ 2007-08-22 13:12:18 532,480 ----a-w C:\WINDOWS\SoftwareDistribution\Download\[u]0[/u]474e07262334919ca66aaa879430a63\sp2gdr\mstime.dll
+ 2007-08-22 13:12:18 39,424 ----a-w C:\WINDOWS\SoftwareDistribution\Download\[u]0[/u]474e07262334919ca66aaa879430a63\sp2gdr\pngfilt.dll
+ 2007-08-22 13:12:18 1,494,528 ----a-w C:\WINDOWS\SoftwareDistribution\Download\[u]0[/u]474e07262334919ca66aaa879430a63\sp2gdr\shdocvw.dll
+ 2007-08-22 13:12:18 474,112 ----a-w C:\WINDOWS\SoftwareDistribution\Download\[u]0[/u]474e07262334919ca66aaa879430a63\sp2gdr\shlwapi.dll
+ 2007-08-22 13:12:18 615,424 ----a-w C:\WINDOWS\SoftwareDistribution\Download\[u]0[/u]474e07262334919ca66aaa879430a63\sp2gdr\urlmon.dll
+ 2007-08-22 13:12:18 658,944 ----a-w C:\WINDOWS\SoftwareDistribution\Download\[u]0[/u]474e07262334919ca66aaa879430a63\sp2gdr\wininet.dll
+ 2007-08-21 10:20:02 115,712 ----a-w C:\WINDOWS\SoftwareDistribution\Download\[u]0[/u]474e07262334919ca66aaa879430a63\sp2gdr\xpsp3res.dll
+ 2007-08-22 12:55:28 1,022,976 ----a-w C:\WINDOWS\SoftwareDistribution\Download\[u]0[/u]474e07262334919ca66aaa879430a63\sp2qfe\browseui.dll
+ 2007-08-22 12:55:30 151,040 ----a-w C:\WINDOWS\SoftwareDistribution\Download\[u]0[/u]474e07262334919ca66aaa879430a63\sp2qfe\cdfview.dll
+ 2007-08-22 12:55:30 1,054,208 ----a-w C:\WINDOWS\SoftwareDistribution\Download\[u]0[/u]474e07262334919ca66aaa879430a63\sp2qfe\danim.dll
+ 2007-08-22 12:55:30 357,888 ----a-w C:\WINDOWS\SoftwareDistribution\Download\[u]0[/u]474e07262334919ca66aaa879430a63\sp2qfe\dxtmsft.dll
+ 2007-08-22 12:55:32 205,824 ----a-w C:\WINDOWS\SoftwareDistribution\Download\[u]0[/u]474e07262334919ca66aaa879430a63\sp2qfe\dxtrans.dll
+ 2007-08-22 12:55:32 55,808 ----a-w C:\WINDOWS\SoftwareDistribution\Download\[u]0[/u]474e07262334919ca66aaa879430a63\sp2qfe\extmgr.dll
+ 2007-08-21 10:19:40 18,432 ----a-w C:\WINDOWS\SoftwareDistribution\Download\[u]0[/u]474e07262334919ca66aaa879430a63\sp2qfe\iedw.exe
+ 2007-08-22 12:55:32 251,904 ----a-w C:\WINDOWS\SoftwareDistribution\Download\[u]0[/u]474e07262334919ca66aaa879430a63\sp2qfe\iepeers.dll
+ 2007-08-22 12:55:32 96,256 ----a-w C:\WINDOWS\SoftwareDistribution\Download\[u]0[/u]474e07262334919ca66aaa879430a63\sp2qfe\inseng.dll
+ 2007-08-22 12:55:32 16,384 ----a-w C:\WINDOWS\SoftwareDistribution\Download\[u]0[/u]474e07262334919ca66aaa879430a63\sp2qfe\jsproxy.dll
+ 2007-08-22 12:55:36 3,064,832 ----a-w C:\WINDOWS\SoftwareDistribution\Download\[u]0[/u]474e07262334919ca66aaa879430a63\sp2qfe\mshtml.dll
+ 2007-08-22 12:55:38 449,024 ----a-w C:\WINDOWS\SoftwareDistribution\Download\[u]0[/u]474e07262334919ca66aaa879430a63\sp2qfe\mshtmled.dll
+ 2007-08-22 12:55:38 146,432 ----a-w C:\WINDOWS\SoftwareDistribution\Download\[u]0[/u]474e07262334919ca66aaa879430a63\sp2qfe\msrating.dll
+ 2007-08-22 12:55:38 532,480 ----a-w C:\WINDOWS\SoftwareDistribution\Download\[u]0[/u]474e07262334919ca66aaa879430a63\sp2qfe\mstime.dll
+ 2007-08-22 12:55:38 39,424 ----a-w C:\WINDOWS\SoftwareDistribution\Download\[u]0[/u]474e07262334919ca66aaa879430a63\sp2qfe\pngfilt.dll
+ 2007-08-22 12:55:40 1,498,112 ----a-w C:\WINDOWS\SoftwareDistribution\Download\[u]0[/u]474e07262334919ca66aaa879430a63\sp2qfe\shdocvw.dll
+ 2007-08-22 12:55:42 474,112 ----a-w C:\WINDOWS\SoftwareDistribution\Download\[u]0[/u]474e07262334919ca66aaa879430a63\sp2qfe\shlwapi.dll
+ 2007-08-22 12:55:44 617,984 ----a-w C:\WINDOWS\SoftwareDistribution\Download\[u]0[/u]474e07262334919ca66aaa879430a63\sp2qfe\urlmon.dll
+ 2007-08-22 12:55:44 665,600 ----a-w C:\WINDOWS\SoftwareDistribution\Download\[u]0[/u]474e07262334919ca66aaa879430a63\sp2qfe\wininet.dll
+ 2007-08-21 10:13:34 350,720 ----a-w C:\WINDOWS\SoftwareDistribution\Download\[u]0[/u]474e07262334919ca66aaa879430a63\sp2qfe\xpsp3res.dll
+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\SoftwareDistribution\Download\[u]0[/u]474e07262334919ca66aaa879430a63\spmsg.dll
+ 2007-03-06 01:22:42 213,216 ----a-w C:\WINDOWS\SoftwareDistribution\Download\[u]0[/u]474e07262334919ca66aaa879430a63\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\SoftwareDistribution\Download\[u]0[/u]474e07262334919ca66aaa879430a63\update\spcustom.dll
+ 2007-03-06 01:23:00 716,000 ----a-w C:\WINDOWS\SoftwareDistribution\Download\[u]0[/u]474e07262334919ca66aaa879430a63\update\update.exe
+ 2007-03-06 01:23:52 371,424 ----a-w C:\WINDOWS\SoftwareDistribution\Download\[u]0[/u]474e07262334919ca66aaa879430a63\update\updspapi.dll
+ 2007-07-09 13:09:42 584,192 ----a-w C:\WINDOWS\SoftwareDistribution\Download\28d74bdac17e30d3a4336176766f2e4a\SP2GDR\rpcrt4.dll
+ 2007-06-13 06:53:14 115,712 ----a-w C:\WINDOWS\SoftwareDistribution\Download\28d74bdac17e30d3a4336176766f2e4a\SP2GDR\xpsp3res.dll
+ 2007-07-09 13:16:16 582,656 ----a-w C:\WINDOWS\SoftwareDistribution\Download\28d74bdac17e30d3a4336176766f2e4a\SP2QFE\rpcrt4.dll
+ 2007-06-19 07:24:36 350,720 ----a-w C:\WINDOWS\SoftwareDistribution\Download\28d74bdac17e30d3a4336176766f2e4a\SP2QFE\xpsp3res.dll
+ 2005-10-12 23:12:26 14,048 ----a-w C:\WINDOWS\SoftwareDistribution\Download\28d74bdac17e30d3a4336176766f2e4a\spmsg.dll
+ 2005-10-12 23:12:26 213,216 ----a-w C:\WINDOWS\SoftwareDistribution\Download\28d74bdac17e30d3a4336176766f2e4a\spuninst.exe
+ 2005-10-12 23:12:26 22,752 ----a-w C:\WINDOWS\SoftwareDistribution\Download\28d74bdac17e30d3a4336176766f2e4a\update\spcustom.dll
+ 2005-10-12 23:12:28 716,000 ----a-w C:\WINDOWS\SoftwareDistribution\Download\28d74bdac17e30d3a4336176766f2e4a\update\update.exe
+ 2005-10-12 23:12:34 371,424 ----a-w C:\WINDOWS\SoftwareDistribution\Download\28d74bdac17e30d3a4336176766f2e4a\update\updspapi.dll
+ 2007-08-21 06:15:44 683,520 ----a-w C:\WINDOWS\SoftwareDistribution\Download\8c426bb59cb8f380ba397304c1c563d0\sp2gdr\inetcomm.dll
+ 2007-08-21 06:25:02 683,520 ----a-w C:\WINDOWS\SoftwareDistribution\Download\8c426bb59cb8f380ba397304c1c563d0\sp2qfe\inetcomm.dll
+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\SoftwareDistribution\Download\8c426bb59cb8f380ba397304c1c563d0\spmsg.dll
+ 2007-03-06 01:22:42 213,216 ----a-w C:\WINDOWS\SoftwareDistribution\Download\8c426bb59cb8f380ba397304c1c563d0\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\SoftwareDistribution\Download\8c426bb59cb8f380ba397304c1c563d0\update\spcustom.dll
+ 2007-03-06 01:23:00 716,000 ----a-w C:\WINDOWS\SoftwareDistribution\Download\8c426bb59cb8f380ba397304c1c563d0\update\update.exe
+ 2007-03-06 01:23:52 371,424 ----a-w C:\WINDOWS\SoftwareDistribution\Download\8c426bb59cb8f380ba397304c1c563d0\update\updspapi.dll
- 2007-06-14 18:09:18 1,023,488 ----a-w C:\WINDOWS\system32\browseui.dll
+ 2007-08-22 13:12:16 1,022,976 ----a-w C:\WINDOWS\system32\browseui.dll
- 2007-06-14 18:09:18 151,040 ----a-w C:\WINDOWS\system32\cdfview.dll
+ 2007-08-22 13:12:16 151,040 ----a-w C:\WINDOWS\system32\cdfview.dll
- 2007-06-14 18:09:18 1,054,208 ----a-w C:\WINDOWS\system32\danim.dll
+ 2007-08-22 13:12:16 1,054,208 ----a-w C:\WINDOWS\system32\danim.dll
- 2004-08-03 19:26:46 581,120 ----a-w C:\WINDOWS\system32\dllcache\rpcrt4.dll
+ 2007-07-09 13:09:42 584,192 ----a-w C:\WINDOWS\system32\dllcache\rpcrt4.dll
- 2007-06-14 18:09:18 357,888 ----a-w C:\WINDOWS\system32\dxtmsft.dll
+ 2007-08-22 13:12:16 357,888 ----a-w C:\WINDOWS\system32\dxtmsft.dll
- 2007-06-14 18:09:20 205,312 ----a-w C:\WINDOWS\system32\dxtrans.dll
+ 2007-08-22 13:12:16 205,312 ----a-w C:\WINDOWS\system32\dxtrans.dll
- 2007-06-14 18:09:20 55,808 ----a-w C:\WINDOWS\system32\extmgr.dll
+ 2007-08-22 13:12:16 55,808 ----a-w C:\WINDOWS\system32\extmgr.dll
- 2007-06-14 18:09:20 251,392 ----a-w C:\WINDOWS\system32\iepeers.dll
+ 2007-08-22 13:12:16 251,392 ----a-w C:\WINDOWS\system32\iepeers.dll
- 2007-06-14 18:09:20 96,256 ----a-w C:\WINDOWS\system32\inseng.dll
+ 2007-08-22 13:12:16 96,256 ----a-w C:\WINDOWS\system32\inseng.dll
- 2007-06-14 18:09:20 16,384 ----a-w C:\WINDOWS\system32\jsproxy.dll
+ 2007-08-22 13:12:16 16,384 ----a-w C:\WINDOWS\system32\jsproxy.dll
- 2007-09-05 14:20:44 17,474,680 ----a-w C:\WINDOWS\system32\MRT.exe
+ 2007-09-28 05:19:40 18,089,592 ----a-w C:\WINDOWS\system32\MRT.exe
- 2007-06-14 18:09:20 3,058,688 ----a-w C:\WINDOWS\system32\mshtml.dll
+ 2007-08-22 13:12:18 3,058,176 ----a-w C:\WINDOWS\system32\mshtml.dll
- 2007-06-14 18:09:20 449,024 ----a-w C:\WINDOWS\system32\mshtmled.dll
+ 2007-08-22 13:12:18 449,024 ----a-w C:\WINDOWS\system32\mshtmled.dll
- 2007-06-14 18:09:20 146,432 ----a-w C:\WINDOWS\system32\msrating.dll
+ 2007-08-22 13:12:18 146,432 ----a-w C:\WINDOWS\system32\msrating.dll
- 2007-06-14 18:09:20 532,480 ----a-w C:\WINDOWS\system32\mstime.dll
+ 2007-08-22 13:12:18 532,480 ----a-w C:\WINDOWS\system32\mstime.dll
- 2007-06-14 18:09:20 39,424 ----a-w C:\WINDOWS\system32\pngfilt.dll
+ 2007-08-22 13:12:18 39,424 ----a-w C:\WINDOWS\system32\pngfilt.dll
- 2004-08-03 13:56:46 581,120 ----a-w C:\WINDOWS\system32\rpcrt4.dll
+ 2007-07-09 13:09:42 584,192 ----a-w C:\WINDOWS\system32\rpcrt4.dll
- 2007-06-14 18:09:20 1,494,528 ----a-w C:\WINDOWS\system32\shdocvw.dll
+ 2007-08-22 13:12:18 1,494,528 ----a-w C:\WINDOWS\system32\shdocvw.dll
- 2007-06-14 18:09:20 474,112 ----a-w C:\WINDOWS\system32\shlwapi.dll
+ 2007-08-22 13:12:18 474,112 ----a-w C:\WINDOWS\system32\shlwapi.dll
- 2006-01-19 19:29:20 14,048 ------w C:\WINDOWS\system32\spmsg.dll
+ 2005-10-12 23:12:26 14,048 ------w C:\WINDOWS\system32\spmsg.dll
- 2007-06-14 18:09:20 615,424 ----a-w C:\WINDOWS\system32\urlmon.dll
+ 2007-08-22 13:12:18 615,424 ----a-w C:\WINDOWS\system32\urlmon.dll
- 2007-06-26 14:09:10 658,944 ----a-w C:\WINDOWS\system32\wininet.dll
+ 2007-08-22 13:12:18 658,944 ----a-w C:\WINDOWS\system32\wininet.dll
- 2007-06-14 13:39:54 115,712 ----a-w C:\WINDOWS\system32\xpsp3res.dll
+ 2007-08-21 10:20:02 115,712 ----a-w C:\WINDOWS\system32\xpsp3res.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [2003-05-29 16:28]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2003-05-30 09:42]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2003-04-07 12:49]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 15:40]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2003-09-01 18:12]
"DeviceDiscovery"="C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe" [2003-05-21 18:37]
"OODefragTray"="C:\WINDOWS\system32\oodtray.exe" [2007-05-11 02:08]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
"SDTray"="D:\Program Files\Spyware Doctor\SDTrayApp.exe" [2007-05-29 15:41]
"SMSystemAnalyzer"="C:\Program Files\iolo\System Mechanic 7\SMSystemAnalyzer.exe" [2007-10-03 09:05]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-10-14 15:53]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IDMan"="C:\Program Files\Internet Download Manager\IDMan.exe" [2007-03-15 21:04]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
"C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
C:\Program Files\Nero\Nero 7\InCD\InCD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
"C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
"C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SecurDisc]
C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe

R2 Pctspk;PCTEL Speaker Phone;C:\WINDOWS\system32\pctspk.exe
R3 Ptserlp;PCTEL Serial Device Driver for PCI;C:\WINDOWS\system32\DRIVERS\ptserlp.sys
S2 OracleDEFAULT_HOMETNSListener;OracleDEFAULT_HOMETNSListener;D:\oracle\ora92\BIN\TNSLSNR
S2 OracleServiceORACLE;OracleServiceORACLE;d:\oracle\ora92\bin\ORACLE.exe ORACLE

.
Contents of the 'Scheduled Tasks' folder
"2007-09-24 23:58:58 C:\WINDOWS\Tasks\HP DArC Task #Hewlett-Packard#deskjet3500#TH3B61228G76.job"
- C:\Program Files\HP\hpcoretech\comp\hpdarc.exe
"2007-10-14 18:32:48 C:\WINDOWS\Tasks\SDMsgUpdate (TE).job"
"2007-10-14 06:26:50 C:\WINDOWS\Tasks\At1.job"
- C:\WINDOWS\system32\SSVICHOSST.exe
.
**************************************************************************

catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-15 00:07:35
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-10-15 0:08:31
C:\ComboFix2.txt ... 2007-10-14 12:14
.
--- E O F ---


0

Response Number 12
Name: jabuck
Date: October 16, 2007 at 16:33:46 Pacific
Reply:

Navigate to and delete this file if found:

C:\WINDOWS\Tasks\At1.job

id you find and delete this file:

C:\WINDOWS\system32\SSVICHOSST.exe



0

Response Number 13
Name: sahilshah1987
Date: October 17, 2007 at 07:12:03 Pacific
Reply:

hi i didnt find any of these files....


0

Response Number 14
Name: jabuck
Date: October 17, 2007 at 09:00:14 Pacific
Reply:

Good, how is the computer operating?


0

Response Number 15
Name: sahilshah1987
Date: October 18, 2007 at 02:20:12 Pacific
Reply:

the computer is working perfect...thanks for all ur efforts...


0

Response Number 16
Name: jabuck
Date: October 18, 2007 at 04:45:43 Pacific
Reply:

Glad we could help.


0

Sponsored Link
Ads by Google
Reply to Message Icon



Post Locked

This post is quite old and has been locked from receiving new replies. Please create a new posting instead.


Go to Security and Virus Forum Home


Sponsored links
Ads by Google


Results for: task manger,regedit not opening!
can not open the task mgr www.computing.net/answers/security/can-not-open-the-task-mgr/22841.html

could not open yahoo mails+CPUusage www.computing.net/answers/security/could-not-open-yahoo-mailscpuusage/16687.html

Could not open search page error. www.computing.net/answers/security/could-not-open-search-page-error/18766.html