Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

BSOD on boot


  • This topic is locked This topic is locked
35 replies to this topic

#1 heniljain

heniljain

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:06:59 PM

Posted 27 April 2010 - 12:21 AM

hey guys,I am a new member but i have been on the forums several times as i have had problems similar to others before, and you guys have been very helpful. so i did like to say thanks for that.

Anyways back to my problem, I did a very stupid task of running combofix (i know a lot of you are shaking your head right now) because i was getting a lot of search redirects, and my computer would freeze every now and then too. My flash players would also stop working from time to time.
After the combofix made a recovery point, it started to do a scan, but the scan didn't finish and my computer restarted. Now it goes to BSOD on windows boot.



Here are the things i tried:
1)last working configuration (didnt work)
2)safe mode (BSOD)
3)recovery console (chkdsk /r) (didnt work)

so i know i have been trying things without any real knowledge and many of you are probably unwilling to help me due to my ignorance. But I beg of you guys, i have a lot of data on my hard disk for school and work and reformatting would be a disaster sad.gif.

Thanks a lot for help

BC AdBot (Login to Remove)

 


#2 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:06:59 AM

Posted 27 April 2010 - 10:11 AM

Hello and welcome to Bleeping Computer. smile.gif

*Please Subscribe to this Thread to get immediate notification of replies. See HERE

*Please be patient, all Bleeping Computer helpers are volunteers and have lives outside this forum.

*You must reply within 5 days otherwise this topic will be closed.


++++++++++++++++++++++++


This is the main reason why we keep reminding everyone that ComboFix SHOULD NOT be used unless requested by a forum helper. See HERE.

Please do the following and tell me how it went:

1. Restart your computer
2. Before Windows loads, you will be prompted to choose which Operating System to start
3. Use the up and down arrow key to select Microsoft Windows Recovery Console
4. You must enter which Windows installation to log onto. Type 1 and press enter.
5. At the C:\Windows prompt, type the following bolded text, and press Enter:
cd erdnt\hiv-backup

6. At the next prompt, type the following bolded text, and press Enter:
batch erdnt.con

7. The erunt backups will begin copying.
8. At the next prompt, type the following bolded text, and press Enter:
exit

Windows will now begin loading.



~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 


#3 heniljain

heniljain
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:06:59 PM

Posted 27 April 2010 - 01:00 PM

hey sempai! thanks for the reply
I tried what you asked me to do and no luck D:
the files get copied without errors and when i type exit computer restart and it still goes BSOD

it gives me this error message at the bottom:
STOP: 0x0000007b (0xBA4C3528, 0xC0000034, 0x00000000, 0x00000000)

i am at loss D:

#4 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:06:59 AM

Posted 28 April 2010 - 08:10 AM

Hi,

What are the problems or signs of infections on your PC that you can remeber? Did you disable your anti virus and anti malware programs before running a combofix scan?

Our best option here is to use a bootable disk.

+++++++++++++++++++++++

Print these instruction out so that you know what you are doing

Two programmes to download

First

ISOBurner this will allow you to burn OTLPE ISO to a cd and make it bootable. Just install the programme, from there on in it is fairly automatic. Instructions

Second
  • Download OTLPE.iso and burn to a CD using ISO Burner. NOTE: This file is 292Mb in size so it may take some time to download.
  • When downloaded double click and this will then open ISOBurner to burn the file to CD
  • Reboot your system using the boot CD you just created.

    Note : If you do not know how to set your computer to boot from CD follow the steps here
  • Your system should now display a REATOGO-X-PE desktop.

Using a clean computer, open a notepad and copy-paste the entire contents of the coded text below and save it in your flash/removable drive. Do not include the word "Code"
CODE
netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys
symmpi.sys
adp3132.sys
/md5stop
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav

  1. Please open on your desktop (currently booted using OTLPE CD).

    • When asked "Do you wish to load the remote registry", select Yes
    • When asked "Do you wish to load remote user profile(s) for scanning", select Yes
    • Ensure the box "Automatically Load All Remaining Users" is checked and press OK

  2. OTL should now start. Change the following settings
    • Change Drivers to Non-Microsoft

  3. Copy and Paste the contents of the notepad that you saved in your flash/removable drive into the textbox. Do not include the word "Code"
  4. Push
  5. A report will open. Copy and Paste that report in your next reply.



~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 


#5 heniljain

heniljain
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:06:59 PM

Posted 28 April 2010 - 12:17 PM

hey sempai,

Before i ran combofix, i was getting tab popups on firefox and i was also freezing from time to time while gaming.
I DID turn off all my anti-virus and anti-malware programs before running combofix.

Btw i did a little google search cause i was bored out of my mind, and hope u dont mind that i did a few things without u knowing ><.. for one i already ran the OTL scan yesterday and i also ran a fix for atapi and owlrppgc, the codes were taken from other helpers and now i can access my desktop. if u like to see what i did ill post the log here.

sorry for doing things without your permission, i was bored and i pretty much spend the whole day reading the forums of people who had the same problem as me.



#6 heniljain

heniljain
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:06:59 PM

Posted 28 April 2010 - 12:23 PM

OTL logfile created on: 4/28/2010 1:09:16 AM - Run
OTLPE by OldTimer - Version 3.1.38.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 91.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 39.06 Gb Total Space | 6.18 Gb Free Space | 15.81% Space Free | Partition Type: NTFS
Drive D: | 35.46 Gb Total Space | 19.15 Gb Free Space | 54.01% Space Free | Partition Type: NTFS
Drive E: | 60.68 Mb Total Space | 60.68 Mb Free Space | 99.99% Space Free | Partition Type: FAT
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive X: | 429.27 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO
Current User Name: SYSTEM
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
Using ControlSet: ControlSet003

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto] -- -- (MySQL)
SRV - File not found [Disabled] -- -- (msvsmon80)
SRV - File not found [Auto] -- -- (Apache2.2)
SRV - [2009/10/14 11:20:06 | 000,079,360 | ---- | M] (SolidWorks) [On_Demand] -- C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe -- (SolidWorks Licensing Service)
SRV - [2009/05/06 17:15:00 | 002,785,582 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand] -- C:\WINDOWS\System32\GameMon.des -- (npggsvc)
SRV - [2009/03/19 11:31:52 | 000,083,240 | ---- | M] (Dassault Systèmes SolidWorks Corp.) [On_Demand] -- C:\Program Files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe -- (CoordinatorServiceHost)
SRV - [2008/12/10 18:04:03 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2004/10/22 16:42:44 | 000,049,152 | ---- | M] (Alpha Networks Inc.) [Disabled] -- C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe -- (ANIWZCSdService)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand] -- -- (XDva343)
DRV - File not found [Kernel | On_Demand] -- -- (XDva332)
DRV - File not found [Kernel | On_Demand] -- -- (XDva296)
DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | Auto] -- -- (SSPORT)
DRV - File not found [Kernel | On_Demand] -- -- (SCREAMINGBDRIVER)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | On_Demand] -- -- (Pcouffin)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | System] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand] -- -- (EagleNT)
DRV - File not found [Kernel | On_Demand] -- -- (DISK_DRIVE32)
DRV - File not found [Kernel | On_Demand] -- -- (DBKDRVR54)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - File not found [Kernel | On_Demand] -- -- (catchme)
DRV - [2010/04/26 22:23:11 | 000,823,808 | ---- | M] () [Kernel | Boot] -- C:\WINDOWS\system32\drivers\owlrppgc.sys -- (owlrppgc)
DRV - [2010/04/26 22:23:09 | 000,095,360 | ---- | M] () [Kernel | Boot] -- C:\WINDOWS\system32\drivers\atapi.sys -- (atapi)
DRV - [2009/11/18 23:01:06 | 000,013,824 | ---- | M] (LoteSoft Co.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\splitcam.sys -- (SPLITCAM)
DRV - [2009/05/26 13:54:41 | 000,721,904 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)
DRV - [2009/04/28 11:33:44 | 000,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2009/04/28 11:33:42 | 000,009,968 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/04/28 11:33:40 | 000,072,944 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2009/03/15 06:25:46 | 000,056,268 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System] -- C:\WINDOWS\system32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2009/03/02 21:19:22 | 000,271,360 | ---- | M] () [Kernel | Auto] -- C:\WINDOWS\system32\drivers\atksgt.sys -- (atksgt)
DRV - [2009/03/02 21:19:21 | 000,018,048 | ---- | M] () [Kernel | Auto] -- C:\WINDOWS\system32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2009/01/17 23:31:46 | 000,004,096 | ---- | M] () [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nocashio.sys -- (nocashio)
DRV - [2009/01/15 09:19:00 | 006,301,248 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2008/08/01 19:36:26 | 000,022,016 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2008/08/01 19:36:20 | 000,054,784 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2008/01/24 19:25:22 | 000,041,984 | ---- | M] (Samsung Electronics Co., Ltd.) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\DGIVECP.SYS -- (DgiVecp)
DRV - [2006/09/24 09:28:46 | 000,005,248 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Boot] -- C:\WINDOWS\system32\speedfan.sys -- (speedfan)
DRV - [2005/08/19 05:31:52 | 003,644,800 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\alcxwdm.sys -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2005/03/22 22:17:34 | 000,450,400 | ---- | M] (D-Link Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\A3AB.sys -- (A3AB) D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB)
DRV - [2005/02/01 16:55:40 | 000,021,442 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand] -- C:\Program Files\Gravity\RO\npkcrypt.sys -- (npkcrypt)
DRV - [2005/01/03 20:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\system32\npptNT2.sys -- (NPPTNT2)
DRV - [2004/11/22 18:36:39 | 000,018,003 | ---- | M] (Motive, Inc.) [Kernel | On_Demand] -- C:\Program Files\Common Files\Motive\MRENDIS5.sys -- (MRENDIS5)
DRV - [2004/08/04 00:10:12 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\61883.sys -- (61883)
DRV - [2004/08/04 00:10:12 | 000,038,912 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\avc.sys -- (Avc)
DRV - [2004/08/04 00:07:56 | 000,059,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2004/08/03 23:10:00 | 000,051,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\msdv.sys -- (MSDV)
DRV - [2004/08/03 23:07:18 | 000,153,344 | ---- | M] () [Kernel | Boot] -- C:\WINDOWS\system32\drivers\dmio.sys -- (dmio)
DRV - [2004/08/03 22:59:52 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2004/07/27 14:20:46 | 000,028,205 | ---- | M] (Alpha Networks Inc.) [Kernel | Auto] -- C:\WINDOWS\system32\ANIO.sys -- (ANIO)
DRV - [2004/03/12 22:41:42 | 000,005,248 | ---- | M] ( ) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\d346prt.sys -- (d346prt)
DRV - [2004/03/12 22:41:28 | 000,156,800 | ---- | M] ( ) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\d346bus.sys -- (d346bus)
DRV - [2003/12/03 18:44:58 | 000,013,566 | ---- | M] (B.H.A Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\cdrbsvsd.sys -- (cdrbsvsd)
DRV - [2002/08/29 01:59:12 | 000,036,224 | ---- | M] (ADMtek Incorporated.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\an983.sys -- (AN983)
DRV - [2001/09/28 15:03:24 | 000,428,152 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ICM12USB.sys -- (ICM12USB) Intel®
DRV - [2001/09/28 15:01:12 | 000,014,184 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\icm12blk.sys -- (icm12blk) Intel®
DRV - [2001/09/28 14:59:44 | 000,016,312 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\icm12fil.sys -- (icm12fil) Intel®
DRV - [1996/04/03 15:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot] -- C:\WINDOWS\system32\giveio.sys -- (giveio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\Software\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\HENIL_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKU\HENIL_ON_C\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKU\HENIL_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\HENIL_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\HENIL_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 119.70.40.102:8080

IE - HKU\LocalService_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\NetworkService_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\systemprofile_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\m3ffxtbr@mywebsearch.com: C:\Program Files\MyWebSearch\bar\2.bin File not found
FF - HKLM\software\mozilla\Firefox\Extensions\\{63EE1A13-B661-43D6-842B-121848C7AAF5}: C:\Documents and Settings\HENIL\Local Settings\Application Data\{63EE1A13-B661-43D6-842B-121848C7AAF5} [2010/02/17 01:15:39 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/03/30 22:57:25 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/24 19:30:59 | 000,000,000 | ---D | M]

[2010/04/25 16:44:34 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2008/11/18 14:35:41 | 000,024,576 | ---- | M] (My Search) -- C:\Program Files\Mozilla Firefox\plugins\NPMySrch.dll
[2009/10/06 05:40:40 | 000,098,304 | ---- | M] (OGPlanet Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npOGPPlugin.dll

O1 HOSTS File: ([2010/02/17 19:05:10 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (CPrintEnhancer Object) - {AE84A6AA-A333-4B92-B276-C11E2212E4FE} - C:\Program Files\HP\Smart Web Printing\SmartWebPrinting.dll (Hewlett-Packard Co.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Veoh Browser Plug-in) - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll (Veoh Networks Inc)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKU\HENIL_ON_C\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\HENIL_ON_C\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O4 - HKLM..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.)
O4 - HKU\HENIL_ON_C..\Run: [DAEMON Tools Pro Agent] C:\Program Files\DAEMON Tools Pro\DTProAgent.exe (DT Soft Ltd)
O4 - HKU\HENIL_ON_C..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKU\HENIL_ON_C..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 1
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O7 - HKU\HENIL_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\HENIL_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\HENIL_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
O9 - Extra Button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\paltalk.exe (AVM Software Inc.)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/co...ex/qtplugin.cab (QuickTime Object)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab (Checkers Class)
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/e/2...78f/wvc1dmo.cab (Reg Error: Key error.)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/F/6...922/wmv9VCM.CAB (Reg Error: Key error.)
O16 - DPF: {33564D57-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/D/0...D0C/wmv9dmo.cab (Reg Error: Key error.)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupd...b?1225507867156 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab (MSN Games - Installer)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} http://messenger.zone.msn.com/binary/WoF.cab57176.cab (WheelofFortune Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} http://messenger.zone.msn.com/binary/Chess.cab57176.cab (ZoneChess Object)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 93.188.164.102,93.188.161.119
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper:
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/08/12 02:21:40 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2008/08/12 02:21:15 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

MsConfig - Services: "hpqcxs08"
MsConfig - Services: "COMSysApp"
MsConfig - Services: "CiSvc"
MsConfig - Services: "ANIWZCSdService"
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe - (Hewlett-Packard Co.)
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE - (Microsoft Corporation)
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PalTalk.lnk - C:\Program Files\Paltalk Messenger\paltalk.exe - (AVM Software Inc.)
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Picture Package Menu.lnk - C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe - (Sony Corporation)
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Picture Package VCD Maker.lnk - C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe - (Sony Corporation.)
MsConfig - StartUpFolder: C:^Documents and Settings^HENIL^Start Menu^Programs^Startup^Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe - (Adobe Systems, Inc.)
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: AlcoholAutomount - hkey= - key= - C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe (Alcohol Soft Development Team)
MsConfig - StartUpReg: ANIWZCS2Service - hkey= - key= - C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe (Alpha Networks Inc.)
MsConfig - StartUpReg: ctfmon.exe - hkey= - key= - File not found
MsConfig - StartUpReg: D-Link AirPlus G - hkey= - key= - C:\Program Files\D-Link\AirPlus G\AirGCFG.exe (D-Link)
MsConfig - StartUpReg: HP Software Update - hkey= - key= - C:\Program Files\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard Co.)
MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig - StartUpReg: Messenger (Yahoo!) - hkey= - key= - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
MsConfig - StartUpReg: MsnMsgr - hkey= - key= - C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe (Microsoft Corporation)
MsConfig - StartUpReg: NvCplDaemon - hkey= - key= - File not found
MsConfig - StartUpReg: NvMediaCenter - hkey= - key= - File not found
MsConfig - StartUpReg: nwiz - hkey= - key= - File not found
MsConfig - StartUpReg: PWRISOVM.EXE - hkey= - key= - C:\Program Files\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
MsConfig - StartUpReg: Raptr - hkey= - key= - C:\Program Files\Raptr\RaptrStub.exe ()
MsConfig - StartUpReg: Recordpad - hkey= - key= - C:\Program Files\NCH Swift Sound\Recordpad\recordpad.exe (NCH Software)
MsConfig - StartUpReg: Samsung PanelMgr - hkey= - key= - C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe ()
MsConfig - StartUpReg: Skype - hkey= - key= - C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)
MsConfig - StartUpReg: SolidWorks_CheckForUpdates - hkey= - key= - C:\Program Files\Common Files\SolidWorks Installation Manager\Scheduler\sldIMScheduler.exe (Dassault Systèmes SolidWorks Corp.)
MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe (Sun Microsystems, Inc.)
MsConfig - StartUpReg: swg - hkey= - key= - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
MsConfig - StartUpReg: Veoh - hkey= - key= - C:\Program Files\Veoh Networks\Veoh\VeohClient.exe (Veoh Networks)
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 2
MsConfig - State: "startup" - 2

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: dmio.sys - C:\WINDOWS\system32\drivers\dmio.sys ()
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PEVSystemStart - Service
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: procexp90.Sys - Driver
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: dmio.sys - C:\WINDOWS\system32\drivers\dmio.sys ()
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PEVSystemStart - Service
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: procexp90.Sys - Driver
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {1a3e09be-1e45-494b-9174-d7385b45bbf5} -
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608555} - Internet Explorer Classes for Java
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {23E4F207-86D2-34EB-2619-5B3C1C92E656} - NetShow
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015C} - Microsoft DirectX
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {76C19B31-F0C8-11cf-87CC-0020AFEECF20} - Korean Language Support
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {7F702CA6-C753-0D7B-B40D-D03B5A491CA7} - Outlook Express
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX: {8E5CB248-6B20-BF46-207A-99C321E062E4} - IE7 Uninstall Stub
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {DBE43AF7-FAC4-8F35-3020-5B8335145E43} - Vector Graphics Rendering (VML)
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - Reg Error: Value error.
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.avis - C:\WINDOWS\System32\ff_acm.acm ()
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.siren - C:\WINDOWS\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: VIDC.FFDS - C:\WINDOWS\System32\ff_vfw.dll ()
Drivers32: VIDC.FPS1 - C:\WINDOWS\System32\frapsvid.dll (Beepa P/L)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.tscc - C:\WINDOWS\System32\tsccvid.dll (TechSmith Corporation)
Drivers32: vidc.uldx - C:\PROGRA~1\Corel\CORELV~1\DivX_UL.dll File not found
Drivers32: VIDC.WMV3 - C:\WINDOWS\System32\wmv9vcm.dll (Microsoft Corporation)
Drivers32: vidc.XVID - C:\WINDOWS\System32\xvidvfw.dll ()
Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)

========== Files/Folders - Created Within 30 Days ==========

[2010/04/26 22:21:07 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/04/26 22:21:07 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/04/26 22:21:07 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/04/26 22:20:54 | 000,000,000 | --SD | C] -- C:\ComboFix
[2010/04/26 22:19:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HENIL\Desktop\New Folder
[2010/04/24 16:11:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HENIL\Local Settings\Application Data\bkup
[2010/04/24 15:38:47 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2010/04/22 11:06:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HENIL\My Documents\StarCraft II Beta
[2010/04/22 03:21:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\My Documents
[2010/04/22 02:45:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HENIL\My Documents\Original_Blizz_Maps
[2010/04/21 11:51:49 | 000,207,952 | ---- | C] (Adobe Systems Incorporated) -- C:\Documents and Settings\HENIL\My Documents\uninstall_flash_player.exe
[2010/04/18 10:33:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HENIL\My Documents\RunPack3
[2010/04/18 10:33:10 | 000,722,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\VB40032.DLL
[2010/04/18 10:33:10 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\ST4UNST.EXE
[2010/04/18 10:33:10 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\stkit432.dll
[2010/04/18 10:33:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HENIL\My Documents\Vbr4
[2010/04/18 10:31:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HENIL\My Documents\WinMPQ
[2010/04/17 20:11:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\FileOpen
[2010/04/17 20:11:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2010/04/17 03:31:22 | 001,924,976 | ---- | C] (Adobe Systems Incorporated) -- C:\Documents and Settings\HENIL\My Documents\install_flash_player.exe
[2010/04/17 03:28:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2010/04/16 18:03:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/04/16 17:32:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2010/04/16 17:32:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/04/16 17:28:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2010/04/16 17:28:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\AskToolbar
[2010/04/16 17:28:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Google
[2010/04/14 10:36:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HENIL\My Documents\LabVIEW Data
[2010/04/08 13:02:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HENIL\Application Data\skypePM
[2010/04/08 13:01:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HENIL\Application Data\Skype
[2010/04/08 13:01:26 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2010/04/08 13:01:22 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2010/04/08 13:00:26 | 001,683,240 | ---- | C] (Skype Technologies S.A.) -- C:\Documents and Settings\HENIL\My Documents\SkypeSetup.exe
[2010/03/31 20:34:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HENIL\Local Settings\Application Data\Blizzard Entertainment
[2010/02/23 13:07:59 | 002,032,792 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ie_ko.exe
[2008/10/12 03:32:46 | 000,156,800 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\d346bus.sys
[2008/10/12 03:32:46 | 000,005,248 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\d346prt.sys

========== Files - Modified Within 30 Days ==========

[2010/04/28 00:53:34 | 000,786,432 | -H-- | M] () -- C:\Documents and Settings\Administrator\NTUSER.DAT
[2010/04/26 22:23:11 | 000,823,808 | ---- | M] () -- C:\WINDOWS\System32\drivers\owlrppgc.sys
[2010/04/26 22:23:09 | 000,095,360 | ---- | M] () -- C:\WINDOWS\System32\drivers\atapi.sys
[2010/04/26 22:21:24 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/04/26 22:18:39 | 007,864,320 | ---- | M] () -- C:\Documents and Settings\HENIL\ntuser.dat
[2010/04/26 22:15:10 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010/04/26 22:03:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/04/26 22:01:00 | 000,000,234 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2010/04/26 21:47:00 | 000,202,518 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/04/26 21:47:00 | 000,000,260 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job
[2010/04/26 21:46:58 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/04/26 21:46:44 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/04/26 21:46:42 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/04/26 21:45:51 | 000,229,376 | ---- | M] () -- C:\Documents and Settings\NetworkService\NTUSER.DAT
[2010/04/26 21:45:51 | 000,229,376 | ---- | M] () -- C:\Documents and Settings\LocalService\NTUSER.DAT
[2010/04/25 11:54:40 | 000,000,820 | ---- | M] () -- C:\Documents and Settings\HENIL\Desktop\OGPlanet.lnk
[2010/04/25 11:54:35 | 003,132,328 | ---- | M] () -- C:\Documents and Settings\HENIL\My Documents\ogpinst_us.exe
[2010/04/25 11:43:06 | 000,000,639 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/04/25 11:43:06 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010/04/25 11:43:06 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/04/24 19:54:37 | 000,432,356 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/04/24 19:54:37 | 000,067,312 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/04/24 16:16:23 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\HENIL\Desktop\Shortcut to firefox.exe.lnk
[2010/04/24 15:59:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/04/24 15:57:42 | 000,016,414 | -HS- | M] () -- C:\Documents and Settings\HENIL\Local Settings\Application Data\IJr7hXvRY2
[2010/04/24 13:59:36 | 000,229,376 | ---- | M] () -- C:\Documents and Settings\NetworkService\NTUSER.bak
[2010/04/24 13:59:31 | 007,864,320 | ---- | M] () -- C:\Documents and Settings\HENIL\ntuser.bak
[2010/04/24 13:59:31 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\HENIL\ntuser.ini
[2010/04/24 05:10:37 | 000,043,526 | ---- | M] () -- C:\WINDOWS\System32\lsUninstall.exe
[2010/04/24 05:10:27 | 000,370,480 | ---- | M] () -- C:\Documents and Settings\HENIL\My Documents\LostSaga_ActiveX_Setup.exe
[2010/04/22 14:41:51 | 000,209,323 | ---- | M] () -- C:\Documents and Settings\HENIL\My Documents\assignment3soln.pdf
[2010/04/22 14:41:37 | 000,956,354 | ---- | M] () -- C:\Documents and Settings\HENIL\My Documents\assignment5soln.pdf
[2010/04/22 14:41:24 | 000,291,501 | ---- | M] () -- C:\Documents and Settings\HENIL\My Documents\assignment4soln.pdf
[2010/04/22 14:21:34 | 000,208,025 | ---- | M] () -- C:\Documents and Settings\HENIL\My Documents\assignment2soln.pdf
[2010/04/22 13:49:27 | 000,285,283 | ---- | M] () -- C:\Documents and Settings\HENIL\My Documents\assignment1soln.pdf
[2010/04/22 02:33:33 | 022,757,892 | ---- | M] () -- C:\Documents and Settings\HENIL\My Documents\Cache.rar
[2010/04/22 02:28:05 | 053,105,992 | ---- | M] () -- C:\Documents and Settings\HENIL\My Documents\Battle.net.rar
[2010/04/21 11:51:47 | 000,207,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\HENIL\My Documents\uninstall_flash_player.exe
[2010/04/21 00:12:08 | 000,036,864 | ---- | M] () -- C:\Documents and Settings\HENIL\My Documents\chem eng 4.xls
[2010/04/20 23:55:22 | 000,119,808 | ---- | M] () -- C:\Documents and Settings\HENIL\My Documents\CHEMICAL ENGINEERIN7.doc
[2010/04/20 22:53:51 | 000,022,016 | ---- | M] () -- C:\Documents and Settings\HENIL\My Documents\CHEMICAL ENGINEERIN6.doc
[2010/04/20 22:21:28 | 000,057,344 | ---- | M] () -- C:\Documents and Settings\HENIL\My Documents\CHEMICAL ENGINEERIN5.doc
[2010/04/20 20:51:47 | 000,015,172 | ---- | M] () -- C:\Documents and Settings\HENIL\My Documents\Lab09_FilterPress.xlsx
[2010/04/20 20:50:54 | 000,157,184 | ---- | M] () -- C:\Documents and Settings\HENIL\My Documents\Xl0000007.xls
[2010/04/20 20:38:49 | 001,406,976 | ---- | M] () -- C:\Documents and Settings\HENIL\My Documents\CHEMICAL ENGINEERIN4.doc
[2010/04/20 16:23:36 | 000,097,792 | ---- | M] () -- C:\Documents and Settings\HENIL\My Documents\CHEMICAL ENGINEERIN3.doc
[2010/04/20 16:10:41 | 000,053,760 | ---- | M] () -- C:\Documents and Settings\HENIL\My Documents\chem eng lab.xls
[2010/04/20 15:06:03 | 000,040,102 | ---- | M] () -- C:\Documents and Settings\HENIL\My Documents\Lab3.xlsx
[2010/04/20 15:03:57 | 000,018,554 | ---- | M] () -- C:\Documents and Settings\HENIL\My Documents\Lab02_Evaporator.xlsx
[2010/04/20 15:00:16 | 000,034,304 | ---- | M] () -- C:\Documents and Settings\HENIL\My Documents\chem eng lab 1.xls
[2010/04/20 14:59:34 | 000,029,496 | ---- | M] () -- C:\Documents and Settings\HENIL\My Documents\Lab 4.docx
[2010/04/20 14:59:29 | 000,020,456 | ---- | M] () -- C:\Documents and Settings\HENIL\My Documents\Lab 9.docx
[2010/04/20 14:58:38 | 000,087,552 | ---- | M] () -- C:\Documents and Settings\HENIL\My Documents\CHEMICAL ENGINEERIN2.doc
[2010/04/19 13:35:18 | 000,036,864 | ---- | M] () -- C:\Documents and Settings\HENIL\My Documents\chem eng 7 and 8.xls
[2010/04/19 13:34:53 | 000,267,776 | ---- | M] () -- C:\Documents and Settings\HENIL\My Documents\CHEMICAL ENGINEERIN1.doc
[2010/04/18 11:13:29 | 012,231,681 | ---- | M] () -- C:\Documents and Settings\HENIL\My Documents\Original_Blizz_Maps.rar
[2010/04/18 10:34:01 | 000,000,999 | ---- | M] () -- C:\WINDOWS\System32\ST4UNST.000
[2010/04/18 10:33:17 | 000,748,726 | ---- | M] () -- C:\Documents and Settings\HENIL\My Documents\RunPack3.zip
[2010/04/18 10:33:01 | 000,886,970 | ---- | M] () -- C:\Documents and Settings\HENIL\My Documents\Vbr4.zip
[2010/04/18 10:30:54 | 000,256,731 | ---- | M] () -- C:\Documents and Settings\HENIL\My Documents\WinMPQ.zip
[2010/04/17 20:11:59 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/04/17 20:11:59 | 000,000,552 | ---- | M] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/04/17 19:57:44 | 000,121,344 | ---- | M] () -- C:\Documents and Settings\HENIL\My Documents\CHEMICAL ENGINEERING.doc
[2010/04/17 19:57:39 | 000,019,968 | ---- | M] () -- C:\Documents and Settings\HENIL\My Documents\chem_eng6.xls
[2010/04/17 03:31:23 | 001,924,976 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\HENIL\My Documents\install_flash_player.exe
[2010/04/16 14:59:28 | 000,016,366 | -HS- | M] () -- C:\Documents and Settings\HENIL\Local Settings\Application Data\IGI4W75
[2010/04/16 14:55:46 | 000,000,118 | ---- | M] () -- C:\tujserrew.bat
[2010/04/14 18:38:29 | 000,043,008 | ---- | M] () -- C:\Documents and Settings\HENIL\My Documents\finalfinancialplan.xls
[2010/04/14 18:32:01 | 000,050,574 | ---- | M] () -- C:\Documents and Settings\HENIL\My Documents\final business plan.docx
[2010/04/14 10:31:52 | 000,119,020 | ---- | M] () -- C:\Documents and Settings\HENIL\My Documents\m10744.pdf
[2010/04/13 21:20:18 | 000,038,400 | ---- | M] () -- C:\Documents and Settings\HENIL\My Documents\henil financial.xls
[2010/04/13 21:06:46 | 000,038,400 | ---- | M] () -- C:\Documents and Settings\HENIL\My Documents\alfred financial.xls
[2010/04/13 18:08:04 | 000,015,332 | ---- | M] () -- C:\Documents and Settings\HENIL\My Documents\2ET3-cashflow-with-sales.xlsx
[2010/04/11 20:29:25 | 000,011,791 | ---- | M] () -- C:\Documents and Settings\HENIL\My Documents\entre - financial plan.xlsx
[2010/04/08 13:02:31 | 000,000,056 | -H-- | M] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/04/08 13:00:19 | 001,683,240 | ---- | M] (Skype Technologies S.A.) -- C:\Documents and Settings\HENIL\My Documents\SkypeSetup.exe
[2010/04/07 00:11:24 | 000,030,720 | ---- | M] () -- C:\Documents and Settings\HENIL\My Documents\HENIL_suncor.doc
[2010/04/06 22:17:08 | 000,345,088 | ---- | M] () -- C:\Documents and Settings\HENIL\My Documents\FITNESS EQUIPMENT final. alfred..in 2003 format.ppt
[2010/04/06 19:08:53 | 000,354,816 | ---- | M] () -- C:\Documents and Settings\HENIL\My Documents\FITNESS EQUIPMENT final...in 2003 format.ppt
[2010/04/06 16:35:30 | 000,144,639 | ---- | M] () -- C:\Documents and Settings\HENIL\My Documents\3970_physicalfitness02.zip
[2010/04/05 23:33:17 | 001,175,327 | ---- | M] () -- C:\Documents and Settings\HENIL\My Documents\StarCrack_7.0_Standard.rar
[2010/03/31 20:28:15 | 000,063,693 | ---- | M] () -- C:\Documents and Settings\HENIL\Desktop\StarLauncher+0.41.rar
[2010/03/30 23:32:39 | 000,017,854 | ---- | M] () -- C:\Documents and Settings\HENIL\My Documents\marketing plan for 2et3.docx
[2010/03/30 23:10:08 | 000,012,699 | ---- | M] () -- C:\Documents and Settings\HENIL\My Documents\Marketing plan guidelines.docx

========== Files Created - No Company Name ==========

[2010/04/26 22:21:07 | 000,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/04/26 22:21:07 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/04/26 22:21:07 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/04/26 22:21:07 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/04/26 22:21:07 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/04/25 11:54:33 | 003,132,328 | ---- | C] () -- C:\Documents and Settings\HENIL\My Documents\ogpinst_us.exe
[2010/04/24 16:38:10 | 000,016,414 | -HS- | C] () -- C:\Documents and Settings\HENIL\Local Settings\Application Data\IJr7hXvRY2
[2010/04/24 16:38:10 | 000,016,366 | -HS- | C] () -- C:\Documents and Settings\HENIL\Local Settings\Application Data\IGI4W75
[2010/04/24 16:16:23 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\HENIL\Desktop\Shortcut to firefox.exe.lnk
[2010/04/24 13:59:23 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\HENIL\ntuser.tmp.LOG
[2010/04/24 13:59:14 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\NetworkService\NTUSER.tmp.LOG
[2010/04/24 05:10:06 | 000,370,480 | ---- | C] () -- C:\Documents and Settings\HENIL\My Documents\LostSaga_ActiveX_Setup.exe
[2010/04/24 02:27:16 | 000,015,889 | ---- | C] () -- C:\Documents and Settings\HENIL\hs_err_pid996.log
[2010/04/22 14:41:51 | 000,209,323 | ---- | C] () -- C:\Documents and Settings\HENIL\My Documents\assignment3soln.pdf
[2010/04/22 14:41:37 | 000,956,354 | ---- | C] () -- C:\Documents and Settings\HENIL\My Documents\assignment5soln.pdf
[2010/04/22 14:41:24 | 000,291,501 | ---- | C] () -- C:\Documents and Settings\HENIL\My Documents\assignment4soln.pdf
[2010/04/22 14:21:34 | 000,208,025 | ---- | C] () -- C:\Documents and Settings\HENIL\My Documents\assignment2soln.pdf
[2010/04/22 13:49:27 | 000,285,283 | ---- | C] () -- C:\Documents and Settings\HENIL\My Documents\assignment1soln.pdf
[2010/04/22 02:32:27 | 022,757,892 | ---- | C] () -- C:\Documents and Settings\HENIL\My Documents\Cache.rar
[2010/04/22 02:26:07 | 053,105,992 | ---- | C] () -- C:\Documents and Settings\HENIL\My Documents\Battle.net.rar
[2010/04/21 00:12:08 | 000,036,864 | ---- | C] () -- C:\Documents and Settings\HENIL\My Documents\chem eng 4.xls
[2010/04/20 23:55:21 | 000,119,808 | ---- | C] () -- C:\Documents and Settings\HENIL\My Documents\CHEMICAL ENGINEERIN7.doc
[2010/04/20 22:49:10 | 000,022,016 | ---- | C] () -- C:\Documents and Settings\HENIL\My Documents\CHEMICAL ENGINEERIN6.doc
[2010/04/20 20:55:01 | 000,057,344 | ---- | C] () -- C:\Documents and Settings\HENIL\My Documents\CHEMICAL ENGINEERIN5.doc
[2010/04/20 20:51:50 | 000,015,172 | ---- | C] () -- C:\Documents and Settings\HENIL\My Documents\Lab09_FilterPress.xlsx
[2010/04/20 20:50:54 | 000,157,184 | ---- | C] () -- C:\Documents and Settings\HENIL\My Documents\Xl0000007.xls
[2010/04/20 19:23:17 | 000,016,344 | ---- | C] () -- C:\Documents and Settings\HENIL\hs_err_pid3984.log
[2010/04/20 16:53:17 | 001,406,976 | ---- | C] () -- C:\Documents and Settings\HENIL\My Documents\CHEMICAL ENGINEERIN4.doc
[2010/04/20 16:23:36 | 000,097,792 | ---- | C] () -- C:\Documents and Settings\HENIL\My Documents\CHEMICAL ENGINEERIN3.doc
[2010/04/20 16:10:41 | 000,053,760 | ---- | C] () -- C:\Documents and Settings\HENIL\My Documents\chem eng lab.xls
[2010/04/20 15:04:01 | 000,018,554 | ---- | C] () -- C:\Documents and Settings\HENIL\My Documents\Lab02_Evaporator.xlsx
[2010/04/20 15:00:16 | 000,034,304 | ---- | C] () -- C:\Documents and Settings\HENIL\My Documents\chem eng lab 1.xls
[2010/04/20 14:59:36 | 000,029,496 | ---- | C] () -- C:\Documents and Settings\HENIL\My Documents\Lab 4.docx
[2010/04/20 14:59:31 | 000,020,456 | ---- | C] () -- C:\Documents and Settings\HENIL\My Documents\Lab 9.docx
[2010/04/19 14:54:06 | 000,087,552 | ---- | C] () -- C:\Documents and Settings\HENIL\My Documents\CHEMICAL ENGINEERIN2.doc
[2010/04/19 09:47:55 | 000,267,776 | ---- | C] () -- C:\Documents and Settings\HENIL\My Documents\CHEMICAL ENGINEERIN1.doc
[2010/04/18 15:36:18 | 000,036,864 | ---- | C] () -- C:\Documents and Settings\HENIL\My Documents\chem eng 7 and 8.xls
[2010/04/18 14:19:44 | 000,040,102 | ---- | C] () -- C:\Documents and Settings\HENIL\My Documents\Lab3.xlsx
[2010/04/18 11:08:23 | 012,231,681 | ---- | C] () -- C:\Documents and Settings\HENIL\My Documents\Original_Blizz_Maps.rar
[2010/04/18 10:33:33 | 000,000,999 | ---- | C] () -- C:\WINDOWS\System32\ST4UNST.000
[2010/04/18 10:33:18 | 000,748,726 | ---- | C] () -- C:\Documents and Settings\HENIL\My Documents\RunPack3.zip
[2010/04/18 10:33:02 | 000,886,970 | ---- | C] () -- C:\Documents and Settings\HENIL\My Documents\Vbr4.zip
[2010/04/18 10:30:56 | 000,256,731 | ---- | C] () -- C:\Documents and Settings\HENIL\My Documents\WinMPQ.zip
[2010/04/17 20:11:59 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/04/17 20:11:59 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/04/17 19:57:39 | 000,019,968 | ---- | C] () -- C:\Documents and Settings\HENIL\My Documents\chem_eng6.xls
[2010/04/16 14:56:11 | 000,823,808 | ---- | C] () -- C:\WINDOWS\System32\drivers\owlrppgc.sys
[2010/04/16 14:55:46 | 000,000,118 | ---- | C] () -- C:\tujserrew.bat
[2010/04/16 14:48:37 | 000,015,576 | ---- | C] () -- C:\Documents and Settings\HENIL\hs_err_pid3296.log
[2010/04/14 18:38:34 | 000,043,008 | ---- | C] () -- C:\Documents and Settings\HENIL\My Documents\finalfinancialplan.xls
[2010/04/14 18:32:05 | 000,050,574 | ---- | C] () -- C:\Documents and Settings\HENIL\My Documents\final business plan.docx
[2010/04/14 10:31:55 | 000,119,020 | ---- | C] () -- C:\Documents and Settings\HENIL\My Documents\m10744.pdf
[2010/04/13 21:09:12 | 000,038,400 | ---- | C] () -- C:\Documents and Settings\HENIL\My Documents\henil financial.xls
[2010/04/13 18:08:07 | 000,015,332 | ---- | C] () -- C:\Documents and Settings\HENIL\My Documents\2ET3-cashflow-with-sales.xlsx
[2010/04/12 09:55:07 | 000,038,400 | ---- | C] () -- C:\Documents and Settings\HENIL\My Documents\alfred financial.xls
[2010/04/11 20:29:29 | 000,011,791 | ---- | C] () -- C:\Documents and Settings\HENIL\My Documents\entre - financial plan.xlsx
[2010/04/08 13:02:31 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/04/06 22:28:25 | 000,030,720 | ---- | C] () -- C:\Documents and Settings\HENIL\My Documents\HENIL_suncor.doc
[2010/04/06 22:17:10 | 000,345,088 | ---- | C] () -- C:\Documents and Settings\HENIL\My Documents\FITNESS EQUIPMENT final. alfred..in 2003 format.ppt
[2010/04/06 17:44:08 | 000,354,816 | ---- | C] () -- C:\Documents and Settings\HENIL\My Documents\FITNESS EQUIPMENT final...in 2003 format.ppt
[2010/04/06 16:35:32 | 000,144,639 | ---- | C] () -- C:\Documents and Settings\HENIL\My Documents\3970_physicalfitness02.zip
[2010/04/05 23:33:20 | 001,175,327 | ---- | C] () -- C:\Documents and Settings\HENIL\My Documents\StarCrack_7.0_Standard.rar
[2010/03/31 20:49:25 | 000,067,584 | ---- | C] () -- C:\Documents and Settings\HENIL\Desktop\StarLauncher.exe
[2010/03/31 20:28:15 | 000,063,693 | ---- | C] () -- C:\Documents and Settings\HENIL\Desktop\StarLauncher+0.41.rar
[2010/03/30 23:32:42 | 000,017,854 | ---- | C] () -- C:\Documents and Settings\HENIL\My Documents\marketing plan for 2et3.docx
[2010/03/30 23:10:10 | 000,012,699 | ---- | C] () -- C:\Documents and Settings\HENIL\My Documents\Marketing plan guidelines.docx
[2010/02/28 15:35:38 | 018,499,623 | ---- | C] () -- C:\Program Files\vlc-1.0.5-win32.exe
[2010/02/22 00:57:38 | 000,370,480 | ---- | C] () -- C:\Program Files\LostSaga_ActiveX_Setup.exe
[2010/02/17 01:58:41 | 000,008,192 | -H-- | C] () -- C:\WINDOWS\system32\config\systemprofile\ntuser.dat.LOG
[2010/02/17 01:11:53 | 000,000,020 | ---- | C] () -- C:\Documents and Settings\NetworkService\Application Data\sgcpom.dat
[2009/12/04 12:41:36 | 000,176,235 | ---- | C] () -- C:\WINDOWS\System32\Primomonnt.dll
[2009/12/03 02:44:06 | 000,005,378 | ---- | C] () -- C:\WINDOWS\PSPICEEV.INI
[2009/12/03 02:44:00 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\lffax60n.dll
[2009/12/03 02:44:00 | 000,141,824 | ---- | C] () -- C:\WINDOWS\System32\lfcmp60n.dll
[2009/12/03 02:44:00 | 000,110,080 | ---- | C] () -- C:\WINDOWS\System32\lfpng60n.dll
[2009/12/03 02:44:00 | 000,046,080 | ---- | C] () -- C:\WINDOWS\System32\lftif60n.dll
[2009/12/03 02:44:00 | 000,043,008 | ---- | C] () -- C:\WINDOWS\System32\ltfil60n.dll
[2009/12/03 02:44:00 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\lfpcx60n.dll
[2009/12/03 02:44:00 | 000,022,528 | ---- | C] () -- C:\WINDOWS\System32\lfpct60n.dll
[2009/12/03 02:44:00 | 000,022,528 | ---- | C] () -- C:\WINDOWS\System32\lfeps60n.dll
[2009/12/03 02:44:00 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\lfbmp60n.dll
[2009/12/03 02:44:00 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\lfpsd60n.dll
[2009/12/03 02:44:00 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\lftga60n.dll
[2009/12/03 02:44:00 | 000,019,456 | ---- | C] () -- C:\WINDOWS\System32\lfwpg60n.dll
[2009/12/03 02:44:00 | 000,019,456 | ---- | C] () -- C:\WINDOWS\System32\lfwmf60n.dll
[2009/12/03 02:44:00 | 000,018,432 | ---- | C] () -- C:\WINDOWS\System32\lfmsp60n.dll
[2009/12/03 02:44:00 | 000,017,920 | ---- | C] () -- C:\WINDOWS\System32\lfmac60n.dll
[2009/12/03 02:44:00 | 000,017,920 | ---- | C] () -- C:\WINDOWS\System32\implode.dll
[2009/11/18 22:38:09 | 000,000,178 | -HS- | C] () -- C:\Documents and Settings\Administrator\ntuser.ini
[2009/11/18 22:38:08 | 000,053,248 | -H-- | C] () -- C:\Documents and Settings\Administrator\ntuser.dat.LOG
[2009/11/18 22:38:07 | 000,786,432 | -H-- | C] () -- C:\Documents and Settings\Administrator\NTUSER.DAT
[2009/11/18 19:10:02 | 000,000,046 | ---- | C] () -- C:\Documents and Settings\HENIL\Install.log
[2009/11/17 22:47:25 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\vusetup.dll
[2009/11/17 18:39:22 | 000,000,284 | ---- | C] () -- C:\Documents and Settings\HENIL\Application Data\ViewerApp.dat
[2009/11/17 15:42:14 | 000,003,654 | ---- | C] () -- C:\WINDOWS\System32\drivers\Sonyhcp.dll
[2009/10/14 15:10:45 | 000,000,130 | ---- | C] () -- C:\Documents and Settings\HENIL\webct_upload_applet.properties
[2009/07/30 21:58:42 | 000,000,314 | ---- | C] () -- C:\WINDOWS\primopdf.ini
[2009/07/21 17:07:50 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\Msvcrt10.dll
[2009/07/20 03:23:08 | 000,001,090 | ---- | C] () -- C:\Documents and Settings\HENIL\Application Data\MPQEditor.ini
[2009/06/15 16:34:23 | 000,070,984 | ---- | C] () -- C:\Documents and Settings\HENIL\g2mdlhlpx.exe
[2009/05/15 10:50:15 | 000,237,568 | R--- | C] () -- C:\WINDOWS\System32\qtmlClient.dll
[2009/05/15 10:50:15 | 000,000,000 | ---- | C] () -- C:\WINDOWS\BorisFX BCC6.ini
[2009/05/14 14:27:48 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/05/14 14:27:48 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2009/05/14 14:24:29 | 000,815,104 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/05/14 14:24:29 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/03/22 22:48:50 | 001,019,904 | ---- | C] () -- C:\Documents and Settings\HENIL\Launcher.exe
[2009/03/22 22:48:50 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\HENIL\data.00B
[2009/03/09 20:25:14 | 000,000,227 | ---- | C] () -- C:\WINDOWS\RtlRack.ini
[2009/03/04 23:07:03 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2009/03/04 23:07:02 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2009/03/04 23:07:02 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2009/03/02 21:19:22 | 000,271,360 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys
[2009/03/02 21:19:21 | 000,018,048 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys
[2009/01/17 23:31:46 | 000,004,096 | ---- | C] () -- C:\WINDOWS\System32\drivers\nocashio.sys
[2008/12/09 07:56:06 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\HENIL\initdebug.nfo
[2008/11/18 14:36:14 | 000,000,230 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2008/10/28 16:55:48 | 007,864,320 | ---- | C] () -- C:\Documents and Settings\HENIL\ntuser.dat
[2008/10/28 16:55:48 | 007,864,320 | ---- | C] () -- C:\Documents and Settings\HENIL\ntuser.bak
[2008/10/27 17:22:40 | 000,434,176 | ---- | C] () -- C:\WINDOWS\system32\config\systemprofile\ntuser.dat
[2008/10/25 18:57:59 | 000,150,016 | ---- | C] () -- C:\WINDOWS\System32\bwmedia.dll
[2008/10/25 15:50:27 | 000,118,784 | ---- | C] () -- C:\Documents and Settings\HENIL\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/10/18 23:25:44 | 000,000,030 | ---- | C] () -- C:\Documents and Settings\HENIL\jagex_runescape_preferences.dat
[2008/10/12 03:51:46 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2008/09/17 10:55:00 | 001,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2008/09/17 10:55:00 | 001,507,328 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2008/09/17 10:55:00 | 001,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2008/09/17 10:55:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2008/09/17 10:55:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2008/09/15 20:14:24 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/09/15 20:12:02 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest
[2008/09/15 20:12:02 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dpl100.dll.manifest
[2008/09/15 20:11:10 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2008/08/13 22:06:09 | 000,156,672 | R--- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2008/08/13 22:06:02 | 000,000,164 | R--- | C] () -- C:\WINDOWS\avrack.ini
[2008/08/13 22:02:00 | 000,006,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\ALLOW-IO.SYS
[2008/08/13 02:29:50 | 000,006,048 | ---- | C] () -- C:\WINDOWS\System32\MCC16.dll
[2008/08/13 00:09:11 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/08/12 02:25:12 | 000,024,576 | -H-- | C] () -- C:\Documents and Settings\HENIL\ntuser.dat.LOG
[2008/08/12 02:25:12 | 000,000,178 | -HS- | C] () -- C:\Documents and Settings\HENIL\ntuser.ini
[2008/08/12 02:24:25 | 000,229,376 | ---- | C] () -- C:\Documents and Settings\LocalService\NTUSER.DAT
[2008/08/12 02:24:25 | 000,008,192 | -H-- | C] () -- C:\Documents and Settings\LocalService\ntuser.dat.LOG
[2008/08/12 02:24:25 | 000,000,020 | -HS- | C] () -- C:\Documents and Settings\LocalService\ntuser.ini
[2008/08/12 02:24:24 | 000,229,376 | ---- | C] () -- C:\Documents and Settings\NetworkService\NTUSER.DAT
[2008/08/12 02:24:24 | 000,229,376 | ---- | C] () -- C:\Documents and Settings\NetworkService\NTUSER.bak
[2008/08/12 02:24:24 | 000,008,192 | -H-- | C] () -- C:\Documents and Settings\NetworkService\ntuser.dat.LOG
[2008/08/12 02:24:24 | 000,000,178 | -HS- | C] () -- C:\Documents and Settings\NetworkService\ntuser.ini
[2008/06/11 10:02:34 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008/06/11 10:02:34 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2008/06/11 10:02:34 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2008/06/11 10:02:34 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008/06/11 10:02:34 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2008/06/11 10:02:34 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2008/06/11 10:02:32 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2008/06/11 10:02:32 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2008/06/11 10:02:32 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2008/06/05 09:58:26 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2007/01/10 07:44:26 | 001,457,024 | R--- | C] () -- C:\WINDOWS\System32\SSCProt.dll
[2006/08/16 05:05:50 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\WIASTIIO.dll
[2006/08/16 05:05:48 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\WIAIPH.dll
[2006/08/16 05:05:48 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\WIAEH.dll
[2006/08/16 05:05:48 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\Sswiadrv.dll
[2006/03/18 09:16:04 | 000,540,178 | ---- | C] () -- C:\WINDOWS\System32\x264vfw.dll
[2006/03/09 15:29:00 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\nvapi(2).dll
[2004/03/15 19:28:50 | 000,069,120 | ---- | C] () -- C:\WINDOWS\daemon.dll
[2002/08/28 20:41:00 | 000,056,880 | ---- | C] () -- C:\WINDOWS\System32\scvideo.dll
[2002/08/28 18:27:50 | 000,095,360 | ---- | C] () -- C:\WINDOWS\System32\drivers\atapi.sys
[2002/03/25 13:02:14 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2002/01/18 21:56:54 | 000,217,088 | ---- | C] () -- C:\WINDOWS\System32\mp3enc.dll
[2001/08/23 08:00:00 | 000,153,344 | ---- | C] () -- C:\WINDOWS\System32\drivers\dmio.sys
[1999/01/22 06:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
[1996/04/03 15:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys

========== LOP Check ==========

[2008/12/02 19:44:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HENIL\Application Data\Auslogics
[2009/03/11 19:19:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HENIL\Application Data\com.adobe.ExMan
[2009/11/17 18:29:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HENIL\Application Data\com.raptr.Raptr.848BBC53270CAC248E8FA0F339176201CDEB525F.1
[2009/05/26 14:00:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HENIL\Application Data\DAEMON Tools Pro
[2009/09/24 15:21:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HENIL\Application Data\FileOpen
[2010/04/24 19:30:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HENIL\Application Data\IM
[2009/11/23 11:28:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HENIL\Application Data\LimeWire
[2009/08/21 18:51:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HENIL\Application Data\MilkShape 3D 1.x.x
[2009/11/17 23:35:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HENIL\Application Data\MPEG Streamclip
[2009/11/18 20:03:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HENIL\Application Data\NCH Swift Sound
[2009/05/15 15:13:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HENIL\Application Data\Opera
[2010/02/09 23:36:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HENIL\Application Data\Paltalk
[2009/12/04 13:11:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HENIL\Application Data\PrimoPDF
[2010/04/24 19:30:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HENIL\Application Data\Raptr
[2008/10/21 11:17:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HENIL\Application Data\Recordpad
[2008/10/21 10:59:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HENIL\Application Data\Screaming Bee
[2009/02/14 23:56:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HENIL\Application Data\Spore
[2009/05/15 00:35:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HENIL\Application Data\SQLyog
[2009/11/18 18:55:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HENIL\Application Data\Ulead Systems
[2009/10/14 17:08:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HENIL\Application Data\UNOUndercover
[2010/03/04 08:12:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HENIL\Application Data\uTorrent
[2010/04/17 20:11:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\FileOpen
[2010/04/26 22:01:00 | 000,000,234 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job
[2010/04/26 21:47:00 | 000,000,260 | ---- | M] () -- C:\WINDOWS\Tasks\WGASetup.job

========== Purity Check ==========



========== Custom Scans ==========


Invalid Environment Variable: %ALLUSERSPROFILE%\Application Data\*.

Invalid Environment Variable: %ALLUSERSPROFILE%\Application Data\*.exe

Invalid Environment Variable: %APPDATA%\*.

Invalid Environment Variable: %APPDATA%\*.exe

< %SYSTEMDRIVE%\*.exe >
[2008/10/22 21:07:06 | 001,986,301 | ---- | M] (P!mPdOG) -- C:\Adobe CS4 Master Collection_ACTIVATION PATCH by P!mPdOG.ExE
[2010/02/22 00:52:52 | 000,370,480 | ---- | M] () -- C:\LostSaga_ActiveX_Setup.exe


< MD5 for: AGP440.SYS >
[2004/08/04 01:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2004/08/04 01:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:AGP440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\agp440.sys
[2004/08/03 23:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\erdnt\cache\agp440.sys
[2004/08/03 23:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2004/08/03 23:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: ATAPI.SYS >
[2002/08/28 20:50:10 | 010,158,890 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:atapi.sys
[2004/08/04 01:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2004/08/04 01:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys
[2010/04/26 22:23:09 | 000,095,360 | ---- | M] () MD5=92FB5DE727AB5CB84E120C17C4CF7197 -- C:\WINDOWS\system32\drivers\atapi.sys
[2002/08/28 18:27:50 | 000,086,912 | ---- | M] (Microsoft Corporation) MD5=95B858761A00E1D4F81F79A0DA019ACA -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2002/08/28 18:27:50 | 000,086,912 | ---- | M] (Microsoft Corporation) MD5=95B858761A00E1D4F81F79A0DA019ACA -- C:\WINDOWS\system32\ReinstallBackups\0002\DriverFiles\i386\atapi.sys
[2002/08/28 18:27:50 | 000,086,912 | ---- | M] (Microsoft Corporation) MD5=95B858761A00E1D4F81F79A0DA019ACA -- C:\WINDOWS\system32\ReinstallBackups\0003\DriverFiles\i386\atapi.sys
[2002/08/28 18:27:50 | 000,086,912 | ---- | M] (Microsoft Corporation) MD5=95B858761A00E1D4F81F79A0DA019ACA -- C:\WINDOWS\system32\ReinstallBackups\0004\DriverFiles\i386\atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\atapi.sys
[2004/08/04 07:59:44 | 000,095,360 | ---- | M] () MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\ComboFix\atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2004/08/04 03:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\dllcache\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\eventlog.dll
[2004/08/04 00:56:44 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\erdnt\cache\eventlog.dll
[2004/08/04 00:56:44 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2004/08/04 00:56:44 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\system32\eventlog.dll
[2002/08/28 20:40:52 | 000,049,152 | ---- | M] (Microsoft Corporation) MD5=BF3C8CF53C77B48206B39910B6D6CBCC -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\netlogon.dll
[2002/08/28 20:41:08 | 000,399,360 | ---- | M] (Microsoft Corporation) MD5=3ADD563ED7A1C66E6F5E0F7A661AA96D -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
[2009/02/06 14:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll
[2009/02/06 14:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB975467\SP2QFE\netlogon.dll
[2009/02/06 14:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$NtUninstallKB975467$\netlogon.dll
[2009/02/06 14:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\erdnt\cache\netlogon.dll
[2009/02/06 14:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2009/02/06 14:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/04 00:56:46 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtUninstallKB968389$\netlogon.dll
[2004/08/04 00:56:46 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll

< MD5 for: NVATA.SYS >
[2005/08/18 05:52:06 | 000,093,568 | R--- | M] (NVIDIA Corporation) MD5=0344AA9113DC16EEC379F4652020849D -- C:\WINDOWS\system32\drivers\nvata.sys

< MD5 for: SCECLI.DLL >
[2004/08/04 00:56:46 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\erdnt\cache\scecli.dll
[2004/08/04 00:56:46 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2004/08/04 00:56:46 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\system32\scecli.dll
[2002/08/28 20:41:12 | 000,174,592 | ---- | M] (Microsoft Corporation) MD5=97418A5C642A5C748A28BD7CF6860B57 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2008/06/20 13:41:10 | 000,148,992 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dnsapi.dll
[2009/08/29 03:36:25 | 006,067,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\ieframe.dll
[2009/08/29 03:36:25 | 000,268,288 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\iertutil.dll
[2004/08/04 00:56:44 | 000,274,944 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\mstask.dll
[2004/08/04 00:56:46 | 000,067,072 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\ntdsapi.dll
[2004/08/04 00:56:46 | 000,023,040 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\psapi.dll
[2008/07/03 09:16:57 | 008,454,656 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\shell32.dll
< End of report >


the fix:

:Services
owlrppgc

:OTL
[2010/04/26 22:23:11 | 000,823,808 | ---- | M] () -- C:\WINDOWS\System32\drivers\owlrppgc.sys

second fix:

:Files
C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys /e
C:\WINDOWS\system32\drivers\atapi.sys|c:\atapi.sys /replace

:Commands
[resethosts]
[emptytemp]
[Reboot]

Even though i can still access desktop i still have the old problem of firefox tabs and computer freezes, hope you can help me there, and i promise you that i will not act without your permission.
thanks

#7 heniljain

heniljain
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:06:59 PM

Posted 28 April 2010 - 12:32 PM

Btw the code i used for the OTL scan is a little different than yours:

netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles

it doesnt have the following:

nvrd32.sys
symmpi.sys
adp3132.sys
CREATERESTOREPOINT
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav

ill wait for your reply, thanks

#8 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:06:59 AM

Posted 28 April 2010 - 05:37 PM

Hi,

Did you run the OTL scan using OTLPE? Do you use proxy on this computer?

++++++++++++++++++++

Download GMER Rootkit Scanner from here.
  • Extract the contents of the zipped file to the desktop.
  • Double click GMER.exe and if you are asked if you want to allow gmer.sys driver to load, please allow it to do so.
  • If it gives you a warning about rootkit activity and asks if you want to run scan, please click on NO.
  • In the right panel you will see several boxes that have been checked. Uncheck the following checkboxes:
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All (don't miss this one)
  • Now click on the Scan button and wait for it to finish.
  • Once done click on the [Save..] button, and in the File name area, type in ark.txt and save it to your desktop.
  • Post the contents of that report when you reply.

~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 


#9 heniljain

heniljain
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:06:59 PM

Posted 28 April 2010 - 10:49 PM

hey sempai,
yea i did the scan using OTLPE
and yea i used the proxy to view some information on games that was blocked for me. But i dont use it everyday.
Is it a bad thing? Do you think the proxy could have caused malicious activity?
thanks for reply

EDIT: i installed the GMER Rootkit Scanner, but it crashed when i double click on it



EDIT 2: i did not press anything other than double click on GMER.exe

Edited by heniljain, 28 April 2010 - 10:59 PM.


#10 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:06:59 AM

Posted 29 April 2010 - 07:53 AM

Hi,

I just want to confirm that you're using proxy because it appears on your log.


++++++++++++++++++++++++++++++


1. Please download Malwarebytes' Anti-Malware from here:
MalwareBytes' AntiMalware download link

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.




2. Download OTL to your Desktop.
  • Double click on the OTL icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Copy and Paste the following code into the Custom Scan box. Do not include the word "Code"

    CODE

    CODE
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    nvrd32.sys
    symmpi.sys
    adp3132.sys
    /md5stop
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav


  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them when you reply.

~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 


#11 heniljain

heniljain
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:06:59 PM

Posted 29 April 2010 - 12:14 PM

Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Database version: 4052

Windows 5.1.2600 Service Pack 2
Internet Explorer 7.0.5730.13

4/29/2010 12:56:14 PM
mbam-log-2010-04-29 (12-56-14).txt

Scan type: Quick scan
Objects scanned: 116792
Time elapsed: 4 minute(s), 25 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 12
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\avsoft (Trojan.Fraudpack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@mywebsearch.com/Plugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\get-key-se10.com\http (Hijack.TrustedZone) -> Bad: (2) Good: (4) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\buy-security-essentials.com\http (Hijack.TrustedZone) -> Bad: (2) Good: (4) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\buy-security-essentials.com\http (Hijack.TrustedZone) -> Bad: (2) Good: (4) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\is-software-download.com\http (Hijack.TrustedZone) -> Bad: (2) Good: (4) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\download-soft-package.com\http (Hijack.TrustedZone) -> Bad: (2) Good: (4) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\download-software-package.com\http (Hijack.TrustedZone) -> Bad: (2) Good: (4) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\get-key-se10.com\http (Hijack.TrustedZone) -> Bad: (2) Good: (4) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 93.188.164.102,93.188.161.119 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{bdf48920-14fc-4c20-bb00-ffc4eb0b32d5}\NameServer (Trojan.DNSChanger) -> Data: 93.188.164.102,93.188.161.119 -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\snHP42.dll (Trojan.Hiloti) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\config\systemprofile\Start Menu\Security essentials 2010.lnk (Rogue.SecurityEssentials2010) -> Quarantined and deleted successfully.


#12 heniljain

heniljain
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:06:59 PM

Posted 29 April 2010 - 12:19 PM

i am unable to paste the whole otl log, so i will attach the file
PS: there was no extra.txt file created :S i didnt change any setting

Attached Files

  • Attached File  OTL1.Txt   134.59KB   11 downloads

Edited by heniljain, 29 April 2010 - 12:26 PM.


#13 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:06:59 AM

Posted 30 April 2010 - 08:49 AM

Hi,

1. Using a clean computer, open a notepad and copy-paste the entire contents of the coded text below and save it in your flash/removable drive. Do not include the word "Code"
CODE
:Files
C:\WINDOWS\system32\drivers\atapi.sys|C:\WINDOWS\system32\dllcache\atapi.sys /replace



Next, boot your infected computer again using OTLPE CD then insert your flash/removable drive.
  1. Please reopen on your desktop (currently booted using OTLPE CD).
  2. Copy and Paste the contents of the notepad that you saved in your flash/removable drive into the textbox. Do not include the word "Code"
  3. Push
  4. OTL may ask to reboot the machine. Please do so if asked.
  5. Click .
  6. A report will open. Copy and Paste that report in your next reply.

Let the PC reboot using OTLPE CD and get the report located at C:\_OTL\MovedFiles
Then remove the CD and try to reboot in normal Windows.



2. After the reboot, please do the following:

Please download SystemLook from jpshortstuff and save it to your Desktop
Download Mirror #1
Download Mirror #2
  • Double-click the SystemLook and copy/paste the following into the box
    CODE
    :filefind
    atapi.sys
  • Hit the Look button. Let it finish the scan
  • A log will then pop-up to your Desktop.. Post the content of the log here in your next reply


~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 


#14 heniljain

heniljain
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:06:59 PM

Posted 30 April 2010 - 11:46 AM

OTL log:

========== FILES ==========
File C:\WINDOWS\system32\drivers\atapi.sys successfully replaced with C:\WINDOWS\system32\dllcache\atapi.sys

OTLPE by OldTimer - Version 3.1.38.0 log created on 04302010_133401




SystemLook Log:

SystemLook v1.0 by jpshortstuff (11.01.10)
Log created at 13:41 on 30/04/2010 by HENIL (Administrator - Elevation successful)

========== filefind ==========

Searching for "atapi.sys"
C:\atapi.sys --a--- 95360 bytes [06:32 28/04/2010] [02:59 04/08/2004] CDFE4411A69C224BD1D11B2DA92DAC51
C:\ComboFix\atapi.sys --a--- 95360 bytes [02:27 29/08/2002] [11:59 04/08/2004] CDFE4411A69C224BD1D11B2DA92DAC51
C:\WINDOWS\$NtServicePackUninstall$\atapi.sys -----c 86912 bytes [20:45 25/10/2008] [22:27 28/08/2002] 95B858761A00E1D4F81F79A0DA019ACA
C:\WINDOWS\ServicePackFiles\i386\atapi.sys ------ 95360 bytes [20:50 25/10/2008] [02:59 04/08/2004] CDFE4411A69C224BD1D11B2DA92DAC51
C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\atapi.sys --a--- 96512 bytes [04:35 18/11/2009] [18:40 13/04/2008] 9F3A2F5AA6875C72BF062C712CFA2674
C:\WINDOWS\system32\dllcache\atapi.sys --a--c 95360 bytes [22:27 28/08/2002] [07:59 04/08/2004] CDFE4411A69C224BD1D11B2DA92DAC51
C:\WINDOWS\system32\drivers\atapi.sys --a--- 95360 bytes [22:27 28/08/2002] [07:59 04/08/2004] (Unable to calculate MD5)
C:\WINDOWS\system32\ReinstallBackups\0002\DriverFiles\i386\atapi.sys --a--- 86912 bytes [02:03 14/08/2008] [22:27 28/08/2002] 95B858761A00E1D4F81F79A0DA019ACA
C:\WINDOWS\system32\ReinstallBackups\0003\DriverFiles\i386\atapi.sys --a--- 86912 bytes [02:03 14/08/2008] [22:27 28/08/2002] 95B858761A00E1D4F81F79A0DA019ACA
C:\WINDOWS\system32\ReinstallBackups\0004\DriverFiles\i386\atapi.sys --a--- 86912 bytes [02:03 14/08/2008] [22:27 28/08/2002] 95B858761A00E1D4F81F79A0DA019ACA

-=End Of File=-

------------------
thanks for the help again.

#15 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:06:59 AM

Posted 30 April 2010 - 11:51 AM

Hi,

When you previously run ComboFix, did it produce a log at C:\ComboFix.txt, kindly post it please. Thanks.


~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users