Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Ran Combofix, computer won't boot XP.


  • This topic is locked This topic is locked
11 replies to this topic

#1 atan

atan

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:45 PM

Posted 09 April 2010 - 10:47 AM

Dear bleepingcomputer.com,

I'm very sorry for making a help request my first post on this forum. However, at the moment I am at a total loss as to what to do with my computer. Yesterday, I was hit with a fake antivirus malware that also redirected my Google searches on Firefox and caused occasional popups to obviously bogus websites. Ran CCCleaner, MBAM, Hitman Pro 3 and I thought I got everything until the redirect happened again. I attempted to use combofix, and it backed up the registery, installed Windows Recovery Console, and in the middle of scanning the computer restarted.

The problem is that it kept restarting. I disabled automatic restart upon failure, and was instead met with a blue screen. Googling around led me to this site, and while I have burned an OTL boot CD and succesfully booted OTL, I'm at a loss as to what to do next. Safemode leads to the same blue screen. I'm sorry for the lack of DDS/GMER logs, as I'm not sure how to run them. I'm at my wit's end.

Thank you so much in advance for just reading this. sad.gif

Edited by Orange Blossom, 09 April 2010 - 11:43 AM.
Move to AII as no logs posted. ~ OB


BC AdBot (Login to Remove)

 


#2 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,706 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:04:45 AM

Posted 10 April 2010 - 05:38 AM

Hi atan,

Welcome to Virus/Trojan/Spyware/Malware Removal (VTSMR) forum. I am going to assist you with your problem.

Please refrain from making any changes to your system (scanning or running other tools, updating Windows, installing applications, removing files, etc.) from now on as it might interfere with our fixes. Please let me know in your next reply if you agree with this.

If the issue is not resoled yet please update me on the current condition of your computer.

#3 atan

atan
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:45 PM

Posted 11 April 2010 - 12:54 AM

I agree to this. Farbar, thank you very much for giving me your personal attention regarding this issue. At which, what would you like to know about the computer's condition, specifically?

Thanks!

#4 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,706 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:04:45 AM

Posted 11 April 2010 - 05:12 AM

You described a boot problem in your earlier post and I wanted an update on that confirming the earlier problem or updating me if that is changed, like if you can boot now. Also just tell me if you have Windows XP or Vista.

#5 atan

atan
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:45 PM

Posted 11 April 2010 - 09:41 AM

QUOTE(farbar @ Apr 11 2010, 05:12 AM) View Post
You described a boot problem in your earlier post and I wanted an update on that confirming the earlier problem or updating me if that is changed, like if you can boot now. Also just tell me if you have Windows XP or Vista.


Ahh I see! My OS is Windows XP on the troubled computer. It still has difficulty booting from the hard drive, I cannot boot Windows in safe mode or normal mode. However, I was able to boot from CD without any issues whatsoever.

#6 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,706 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:04:45 AM

Posted 11 April 2010 - 10:37 AM

Please don't quote my post unless you want to reply to a part of it in order to avoid overpopulating the thread. Thank you.

Insert the CD-ROM into the CD-ROM drive, and then restart the computer.
  • Please be patient as "Windows" loads
  • Your system should now display a REATOGO-X-PE desktop.
  • Double click on the OTLPE icon on your desktop.
  • When asked "Do you wish to load the remote registry", select Yes
  • When asked "Do you wish to load remote user profile(s) for scanning", select Yes
  • On make sure the box "Automatically Load All Remaining Users" is checked and press OK
  • OTL should now start. Change the following settings.
    • Under "Extra Registry" please check "Use Safelist".
    • Copy and Paste the following code into the Custom Scan section. Do not include the word "Code"  

      Please note:  You can use a flash drive and copy this script into a txt file from a clean computer to transfer to this computer.

      CODE
      /md5start
      eventlog.dll
      netlogon.dll
      cngaudit.dll
      sceclt.dll
      ntelogon.dll
      logevent.dll
      iaStor.sys
      nvstor.sys
      atapi.sys
      IdeChnDr.sys
      viasraid.sys
      AGP440.sys
      vaxscsi.sys
      nvatabus.sys
      viamraid.sys
      nvata.sys
      nvgts.sys
      iastorv.sys
      ViPrt.sys
      eNetHook.dll
      ahcix86.sys
      KR10N.sys
      nvstor32.sys
      ahcix86s.sys
      /md5stop
      %systemroot%\*. /mp /s
    • Push runscan button
    • When finished, the file will be saved  in drive C:\OTL.txt
    • Copy this file to your USB drive if you do not have internet connection on this system
    • Please post the contents of the C:\OTL.txt file in your reply.

Edited by farbar, 11 April 2010 - 10:40 AM.


#7 atan

atan
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:45 PM

Posted 11 April 2010 - 11:41 AM

OTL logfile created on: 4/11/2010 1:33:23 PM - Run
OTLPE by OldTimer - Version 3.1.37.1 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

991.00 Mb Total Physical Memory | 792.00 Mb Available Physical Memory | 80.00% Memory free
882.00 Mb Paging File | 822.00 Mb Available in Paging File | 93.00% Paging File free
Paging file location(s): C:\pagefile.sys 1488 2976 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 228.46 Gb Total Space | 7.51 Gb Free Space | 3.29% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
Drive H: | 1.87 Gb Total Space | 1.84 Gb Free Space | 98.63% Space Free | Partition Type: FAT
I: Drive not present or media not loaded
Drive X: | 276.80 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO
Current User Name: SYSTEM
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
Using ControlSet: ControlSet001

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled] -- -- (NNServ)
SRV - [2010/03/09 06:24:08 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/03/09 06:24:08 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/03/09 06:24:08 | 000,040,384 | ---- | M] (ALWIL Software) [Auto] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2009/10/29 13:27:54 | 001,074,568 | ---- | M] (LogMeIn Inc.) [Auto] -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2008/09/09 21:10:28 | 000,029,744 | ---- | M] (Google) [On_Demand] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-061008-081103)
SRV - [2008/04/24 15:26:18 | 000,202,560 | ---- | M] (SupportSoft, Inc.) [Disabled] -- C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe -- (sprtsvc_ddoctorv2) SupportSoft Sprocket Service (ddoctorv2)
SRV - [2007/06/07 21:05:51 | 000,598,960 | ---- | M] ( ) [Disabled] -- C:\WINDOWS\System32\lxdmcoms.exe -- (lxdm_device)
SRV - [2006/11/01 01:04:02 | 000,321,088 | ---- | M] (Pure Networks, Inc.) [Disabled] -- C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe -- (nmservice)
SRV - [2006/10/14 20:21:04 | 000,012,800 | ---- | M] (Pure Networks, Inc.) [Disabled] -- C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe -- (nmraapache)
SRV - [2006/07/14 22:05:24 | 000,950,272 | ---- | M] (Lenovo Group Limited) [Disabled] -- C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe -- (TVT Scheduler)
SRV - [2006/07/14 22:01:00 | 001,974,272 | ---- | M] (Lenovo Group Limited) [Disabled] -- C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe -- (TVT Backup Service)
SRV - [2006/07/14 21:24:52 | 000,629,504 | ---- | M] () [Disabled] -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe -- (ThinkVantage Registry Monitor Service)
SRV - [2006/07/11 21:04:42 | 000,015,872 | ---- | M] ( ) [Disabled] -- c:\Program Files\Lenovo\System Update\SUService.exe -- (SUService)
SRV - [2006/07/11 20:52:52 | 000,023,552 | ---- | M] () [On_Demand] -- C:\WINDOWS\system32\psasrv.exe -- (PsaSrv)
SRV - [2006/05/24 01:08:06 | 000,622,700 | ---- | M] (Diskeeper Corporation) [Disabled] -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe -- (Diskeeper)
SRV - [2005/11/14 05:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand] -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2000/11/17 02:02:00 | 000,114,688 | ---- | M] (SEIKO EPSON CORPORATION) [Auto] -- C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe -- (EPSONStatusAgent2)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - File not found [Kernel | On_Demand] -- -- (catchme)
DRV - [2010/03/09 06:12:54 | 000,046,672 | ---- | M] (ALWIL Software) [Kernel | System] -- C:\WINDOWS\system32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/03/09 06:12:33 | 000,162,640 | ---- | M] (ALWIL Software) [Kernel | System] -- C:\WINDOWS\system32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/03/09 06:09:08 | 000,023,376 | ---- | M] (ALWIL Software) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/03/09 06:08:41 | 000,100,432 | ---- | M] (ALWIL Software) [File_System | Auto] -- C:\WINDOWS\system32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2010/03/09 06:08:30 | 000,019,024 | ---- | M] (ALWIL Software) [File_System | Auto] -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/03/09 06:08:15 | 000,028,880 | ---- | M] (ALWIL Software) [Kernel | System] -- C:\WINDOWS\system32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2009/10/25 18:43:50 | 000,005,427 | ---- | M] (IBM Corporation) [Kernel | Auto] -- C:\WINDOWS\system32\EGATHDRV.SYS -- (EGATHDRV)
DRV - [2009/09/23 10:41:58 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)
DRV - [2009/06/30 13:06:02 | 000,722,432 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\rt2870.sys -- (rt2870)
DRV - [2008/05/11 22:52:06 | 000,716,272 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)
DRV - [2008/05/02 11:58:28 | 000,008,064 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2008/05/02 11:58:14 | 000,020,864 | ---- | M] (Nokia) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2008/05/02 11:58:14 | 000,008,064 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2008/05/02 11:58:12 | 000,017,536 | ---- | M] (Nokia) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2008/04/13 14:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/13 14:40:46 | 000,062,976 | ---- | M] () [Kernel | System] -- C:\WINDOWS\system32\drivers\cdrom.sys -- (Cdrom)
DRV - [2008/04/13 14:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 14:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008/04/13 12:36:05 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007/02/08 20:44:22 | 000,026,944 | ---- | M] (Pure Networks, Inc.) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\purendis.sys -- (purendis)
DRV - [2007/02/08 20:44:00 | 000,025,792 | ---- | M] (Pure Networks, Inc.) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\pnarp.sys -- (pnarp)
DRV - [2006/11/18 00:09:16 | 000,017,536 | ---- | M] (Lenovo) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\psadd.sys -- (psadd)
DRV - [2006/11/18 00:09:16 | 000,007,012 | ---- | M] (Microsoft Corporation) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\pmemnt.sys -- (pmem)
DRV - [2006/07/14 21:27:22 | 000,012,544 | ---- | M] (Lenovo) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\tvtfilter.sys -- (tvtfilter)
DRV - [2006/07/14 21:03:04 | 000,017,664 | ---- | M] (Lenovo Group Limited) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\tvtpktfilter.sys -- (TVTPktFilter)
DRV - [2006/07/14 19:55:12 | 000,003,968 | ---- | M] (IBM Corp.) [Kernel | Auto] -- C:\Program Files\SMI2\smi2.sys -- (smi2)
DRV - [2006/06/12 04:59:52 | 000,254,848 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2006/06/12 04:59:46 | 000,727,808 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2006/06/12 04:59:42 | 000,990,592 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2006/05/17 23:43:16 | 000,178,688 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ADIHdAud.sys -- (ADIHdAudAddService)
DRV - [2006/05/10 03:00:16 | 000,156,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2006/03/02 10:41:00 | 003,648,864 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2005/10/11 20:07:12 | 000,874,240 | ---- | M] (Intel Corporation) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\iaStor.sys -- (iaStor)
DRV - [2005/01/31 06:20:04 | 000,211,712 | R--- | M] (Logitech Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\LV561AV.SYS -- (PID_0928) Logitech QuickCam Express(PID_0928)
DRV - [2005/01/31 06:12:48 | 000,022,016 | R--- | M] (Logitech Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2005/01/07 21:07:16 | 000,145,920 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Hdaudio.sys -- (HdAudAddService)
DRV - [2004/04/16 14:57:58 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2004/03/08 14:55:50 | 000,013,567 | ---- | M] (B.H.A Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\CDRBSDRV.SYS -- (cdrbsdrv)
DRV - [2003/09/11 03:36:54 | 000,021,060 | ---- | M] (InterVideo, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\iviaspi.sys -- (Iviaspi)
DRV - [2001/08/17 17:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 17:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 17:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 17:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 17:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 16:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 16:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 16:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 16:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 16:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 16:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 16:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 16:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 16:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 16:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2001/08/17 08:49:42 | 000,322,432 | ---- | M] (Matrox Graphics Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\G400m.sys -- (G400)
DRV - [2001/08/09 22:03:00 | 000,070,084 | ---- | M] (MK Systems CO., LTD.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\EPLPDX02.SYS -- (Eplpdx02)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\Software\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
IE - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.comcast.net/toolbar2.0/search/


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Administrator.IENOVO_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\Administrator.IENOVO_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\Papa_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\Papa_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKU\Papa_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\Papa_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 9E AD 6A DD CA D4 CA 01 [binary data]
IE - HKU\Papa_ON_C\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\Papa_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Papa_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>


========== FireFox ==========


FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/08 22:17:24 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/02 04:59:54 | 000,000,000 | ---D | M]

[2010/04/08 23:25:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.IENOVO\Application Data\Mozilla\Extensions
[2010/04/08 23:26:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.IENOVO\Application Data\Mozilla\Firefox\Profiles\6vcmgotq.default\extensions
[2010/04/08 23:26:03 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator.IENOVO\Application Data\Mozilla\Firefox\Profiles\6vcmgotq.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/04/08 23:26:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.IENOVO\Application Data\Mozilla\Firefox\Profiles\6vcmgotq.default\extensions\staged-xpis
[2010/04/08 23:25:58 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2008/06/18 03:43:04 | 000,086,016 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
[2007/12/19 08:57:38 | 000,310,272 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
[2007/05/26 13:45:38 | 000,069,632 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npitunes.dll

O1 HOSTS File: ([2010/04/08 22:42:25 | 000,000,732 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {1FD79A59-37B1-459B-9097-09F9FAB8A523} - No CLSID value found.
O2 - BHO: (Comcast Toolbar) - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\Program Files\ComcastToolbar\comcasttoolbar.dll (Comcast Cable Communications. )
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)
O2 - BHO: (MSN Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.0311.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (CPwmIEBrowserHelper Object) - {F040E541-A427-4CF7-85D8-75E3E0F476C5} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.0311.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Comcast Toolbar) - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\Program Files\ComcastToolbar\comcasttoolbar.dll (Comcast Cable Communications. )
O3 - HKU\Administrator.IENOVO_ON_C\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKU\Administrator.IENOVO_ON_C\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\Papa_ON_C\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKU\Papa_ON_C\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\Papa_ON_C\..\Toolbar\WebBrowser: (Comcast Toolbar) - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\Program Files\ComcastToolbar\comcasttoolbar.dll (Comcast Cable Communications. )
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (ALWIL Software)
O4 - HKLM..\Run: [cssauth] C:\Program Files\Lenovo\Client Security Solution\cssauth.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [ddoctorv2] C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [HitmanPro35] C:\Program Files\Hitman Pro 3.5\HitmanPro35.exe (SurfRight B.V.)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [Ink Monitor] C:\Program Files\EPSON\Ink Monitor\InkMonitor.exe (BillP Studios)
O4 - HKLM..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe (Logitech Inc.)
O4 - HKLM..\Run: [LPManager] C:\Program Files\Lenovo\LenovoCare\LPMGR.EXE (Lenovo Group Limited)
O4 - HKLM..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE (Logitech Inc.)
O4 - HKLM..\Run: [lxdmamon] C:\Program Files\Lexmark 5000 Series\lxdmamon.exe ()
O4 - HKLM..\Run: [lxdmmon.exe] C:\Program Files\Lexmark 5000 Series\lxdmmon.exe ()
O4 - HKLM..\Run: [Mouse Suite 98 Daemon] C:\WINDOWS\System32\ico.exe (Primax Electronics Ltd.)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (Google Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe (Lenovo Group Limited)
O4 - HKU\Papa_ON_C..\Run: [Aim] C:\Program Files\AIM\aim.exe (AOL Inc.)
O4 - HKU\Papa_ON_C..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKU\Papa_ON_C..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\EPSON Status Monitor 3 Environment Check 2.lnk = X:\I386\SYSTEM32\spool\drivers\w32x86\3\E_SRCV02.EXE File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\W311U.lnk = C:\Program Files\Tenda\W311U\UI.exe (Tenda)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\Administrator.IENOVO_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Papa_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\Papa_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O9 - Extra 'Tools' menuitem : ThinkVantage Password Manager... - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O9 - Extra Button: System Update - {DA320635-F48C-4613-8325-D75A933C549E} - C:\Program Files\Lenovo\System Update\sulauncher.exe ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file://C:\Program Files\Jigsaw Puzzle Platinum\Images\stg_drm.ocx (SpinTop DRM Control)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_10)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file://C:\Program Files\Jigsaw Puzzle Platinum\Images\armhelper.ocx (ArmHelper Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.85.102 68.87.69.150
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\puresp3.dll (Pure Networks, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/04/30 01:36:18 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O36 - AppCertDlls: dvdugini - (C:\WINDOWS\system32\chknwwin.dll) - C:\WINDOWS\System32\chknwwin.dll File not found
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/04/09 10:00:04 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/04/09 09:58:24 | 000,000,000 | --SD | C] -- C:\ComboFix
[2010/04/09 09:47:45 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/04/09 09:47:45 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/04/09 09:47:45 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/04/09 09:47:45 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/04/09 09:47:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/04/09 09:30:01 | 000,162,640 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010/04/09 09:30:01 | 000,019,024 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/04/09 09:30:00 | 000,023,376 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010/04/09 09:29:59 | 000,046,672 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010/04/09 09:29:57 | 000,100,432 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010/04/09 09:29:57 | 000,094,800 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010/04/09 09:29:57 | 000,028,880 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010/04/09 09:29:30 | 000,153,184 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010/04/09 09:29:30 | 000,038,848 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\avastSS.scr
[2010/04/09 09:29:22 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2010/04/09 09:23:51 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\WINDOWS\System32\bootdelete.exe
[2010/04/09 06:17:46 | 000,000,000 | R--D | C] -- C:\Documents and Settings\NetworkService\Favorites
[2010/04/09 00:12:45 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010/04/08 23:50:56 | 000,000,000 | ---D | C] -- C:\Program Files\Hitman Pro 3.5
[2010/04/08 23:25:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.IENOVO\Local Settings\Application Data\Mozilla
[2010/04/08 23:25:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.IENOVO\Application Data\Mozilla
[2010/04/08 23:22:00 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator.IENOVO\IETldCache
[2010/04/08 23:21:46 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Administrator.IENOVO\Application Data\Microsoft
[2010/04/08 23:21:46 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator.IENOVO\SendTo
[2010/04/08 23:21:46 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator.IENOVO\Recent
[2010/04/08 23:21:46 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator.IENOVO\Application Data
[2010/04/08 23:21:46 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator.IENOVO\Start Menu
[2010/04/08 23:21:46 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator.IENOVO\My Documents\My Pictures
[2010/04/08 23:21:46 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator.IENOVO\My Documents\My Music
[2010/04/08 23:21:46 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator.IENOVO\My Documents
[2010/04/08 23:21:46 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator.IENOVO\Favorites
[2010/04/08 23:21:46 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator.IENOVO\Cookies
[2010/04/08 23:21:46 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator.IENOVO\Templates
[2010/04/08 23:21:46 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator.IENOVO\PrintHood
[2010/04/08 23:21:46 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator.IENOVO\NetHood
[2010/04/08 23:21:46 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator.IENOVO\Local Settings
[2010/04/08 23:21:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.IENOVO\Application Data\ThinkVantage
[2010/04/08 23:21:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.IENOVO\Application Data\Symantec
[2010/04/08 23:21:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.IENOVO\Local Settings\Application Data\Microsoft
[2010/04/08 23:21:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.IENOVO\Application Data\Lenovo
[2010/04/08 23:21:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.IENOVO\Application Data\Identities
[2010/04/08 23:21:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.IENOVO\Local Settings\Application Data\Google
[2010/04/08 23:21:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.IENOVO\Application Data\Google
[2010/04/08 23:21:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.IENOVO\Desktop
[2010/04/08 23:21:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.IENOVO\My Documents\CCWin
[2010/04/08 23:21:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.IENOVO\Local Settings\Application Data\ApplicationHistory
[2010/04/08 23:21:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.IENOVO\Local Settings\Application Data\{3248F0A6-6813-11D6-A77B-00B0D0150060}
[2010/04/08 23:17:43 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/04/08 23:16:28 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Papa\Recent
[2010/04/08 23:14:19 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010/04/08 23:12:59 | 000,000,000 | ---D | C] -- C:\ZZERO
[2010/04/08 14:53:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\AdobeUM
[2010/04/08 14:53:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2010/04/08 09:14:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Real
[2010/04/08 06:58:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2010/04/08 06:57:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/04/08 06:57:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/04/07 09:06:56 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Software Update Utility
[2010/04/02 03:27:43 | 000,185,920 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\rmoc3260.dll
[2010/04/02 03:27:39 | 000,006,656 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5016.dll
[2010/04/02 03:27:39 | 000,005,632 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5032.dll
[2010/04/02 03:27:32 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared
[2010/04/02 03:27:15 | 000,278,528 | ---- | C] (Real Networks, Inc) -- C:\WINDOWS\System32\pncrt.dll
[2010/04/02 03:27:14 | 000,000,000 | ---D | C] -- C:\Program Files\Real
[2010/04/02 03:27:14 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Real
[2010/04/02 03:25:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Papa\Application Data\Real
[2010/03/27 14:53:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Papa\Application Data\vlc
[2010/03/27 14:44:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Papa\Local Settings\Application Data\LogMeIn Hamachi
[2010/03/27 14:44:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\LogMeIn Hamachi
[2010/03/27 14:44:02 | 000,000,000 | ---D | C] -- C:\Program Files\LogMeIn Hamachi
[2010/03/26 01:15:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Papa\Application Data\Malwarebytes
[2010/03/26 01:15:03 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/03/26 01:15:02 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/03/26 01:15:02 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/03/26 00:41:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Papa\Application Data\Mozilla
[2010/03/26 00:32:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2010/03/26 00:25:58 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Papa\PrivacIE
[2010/03/19 03:31:18 | 000,000,000 | ---D | C] -- C:\Starcraft
[2010/03/19 03:30:59 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Blizzard Entertainment
[2009/02/07 21:32:14 | 000,434,176 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdmhcp.dll
[2009/02/07 21:32:14 | 000,356,352 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdminpa.dll
[2009/02/07 21:32:14 | 000,339,968 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdmiesc.dll
[2009/02/07 21:32:13 | 001,200,128 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdmserv.dll
[2009/02/07 21:32:13 | 000,950,272 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdmusb1.dll
[2009/02/07 21:32:12 | 000,647,168 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdmpmui.dll
[2009/02/07 21:32:12 | 000,565,248 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdmlmpm.dll
[2009/02/07 21:32:12 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdmprox.dll
[2009/02/07 21:32:10 | 000,663,552 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdmhbn3.dll
[2009/02/07 21:32:08 | 000,860,160 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdmcomc.dll
[2009/02/07 21:32:08 | 000,364,544 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdmcomm.dll
[7 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/04/09 11:20:34 | 001,048,576 | -H-- | M] () -- C:\Documents and Settings\Administrator.IENOVO\NTUSER.DAT
[2010/04/09 10:00:12 | 000,000,293 | RHS- | M] () -- C:\boot.ini
[2010/04/09 09:58:54 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/04/09 09:53:43 | 000,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/04/09 09:52:44 | 000,050,257 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/04/09 09:52:41 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/04/09 09:52:33 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/04/09 09:52:31 | 1038,790,656 | -HS- | M] () -- C:\hiberfil.sys
[2010/04/09 09:45:26 | 000,262,144 | -H-- | M] () -- C:\Documents and Settings\NetworkService\NTUSER.DAT
[2010/04/09 09:45:26 | 000,262,144 | -H-- | M] () -- C:\Documents and Settings\LocalService\NTUSER.DAT
[2010/04/09 09:45:15 | 006,291,456 | -H-- | M] () -- C:\Documents and Settings\Papa\NTUSER.DAT
[2010/04/09 09:45:15 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Papa\ntuser.ini
[2010/04/09 09:42:20 | 003,910,295 | R--- | M] () -- C:\Documents and Settings\Papa\Desktop\ComboFix.exe
[2010/04/09 09:42:06 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/04/09 09:29:58 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/04/09 09:23:51 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\WINDOWS\System32\bootdelete.exe
[2010/04/09 09:19:46 | 000,015,944 | ---- | M] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2010/04/09 09:07:13 | 000,000,974 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2136465115-2411183598-2478482974-1006UA.job
[2010/04/09 02:07:01 | 000,000,922 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2136465115-2411183598-2478482974-1006Core.job
[2010/04/09 00:05:04 | 000,000,742 | ---- | M] () -- C:\WINDOWS\System32\.crusader
[2010/04/08 23:40:32 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Administrator.IENOVO\ntuser.ini
[2010/04/08 23:14:20 | 000,001,555 | ---- | M] () -- C:\Documents and Settings\Papa\Desktop\CCleaner.lnk
[2010/04/08 07:02:02 | 000,363,008 | ---- | M] () -- C:\Documents and Settings\Papa\Desktop\rkill.exe
[2010/04/08 07:00:47 | 000,004,080 | -HS- | M] () -- C:\Documents and Settings\Papa\Local Settings\Application Data\XI7Bd8ganH
[2010/04/08 06:59:56 | 000,008,894 | -HS- | M] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\XI7Bd8ganH
[2010/04/08 06:59:41 | 000,004,036 | -HS- | M] () -- C:\Documents and Settings\Papa\Local Settings\Application Data\52888976
[2010/04/07 09:07:14 | 000,000,720 | -H-- | M] () -- C:\IPH.PH
[2010/04/04 19:52:52 | 000,124,416 | ---- | M] () -- C:\Documents and Settings\Papa\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/04 11:55:51 | 000,002,495 | ---- | M] () -- C:\Documents and Settings\Papa\Desktop\Microsoft Office Excel 2003.lnk
[2010/04/04 10:45:11 | 000,049,382 | ---- | M] () -- C:\Documents and Settings\Papa\Desktop\Kamen Rider W - 29 [W-Time].ass
[2010/04/04 09:38:53 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/04/03 22:04:32 | 281,247,356 | ---- | M] () -- C:\Documents and Settings\Papa\Desktop\Kamen Rider W - 29 [W-Time].avi
[2010/04/02 03:27:43 | 000,185,920 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\rmoc3260.dll
[2010/04/02 03:27:39 | 000,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5016.dll
[2010/04/02 03:27:39 | 000,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5032.dll
[2010/04/02 03:27:15 | 000,278,528 | ---- | M] (Real Networks, Inc) -- C:\WINDOWS\System32\pncrt.dll
[2010/04/02 02:34:04 | 002,294,899 | ---- | M] () -- C:\Documents and Settings\Papa\Desktop\walmart.pdf
[2010/03/30 21:42:13 | 000,050,688 | ---- | M] () -- C:\Documents and Settings\Papa\My Documents\pengeluaran mulai sept.xls
[2010/03/28 07:36:35 | 000,002,497 | ---- | M] () -- C:\Documents and Settings\Papa\Desktop\Microsoft Office Word 2003.lnk
[2010/03/14 13:18:17 | 000,525,770 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/03/14 13:18:17 | 000,444,028 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/03/14 13:18:17 | 000,071,904 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/03/12 19:02:38 | 000,261,632 | ---- | M] () -- C:\WINDOWS\PEV.exe
[7 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/04/09 10:00:11 | 000,000,224 | ---- | C] () -- C:\Boot.bak
[2010/04/09 10:00:06 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/04/09 09:47:45 | 000,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/04/09 09:47:45 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/04/09 09:47:45 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/04/09 09:47:45 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/04/09 09:47:45 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/04/09 09:41:55 | 003,910,295 | R--- | C] () -- C:\Documents and Settings\Papa\Desktop\ComboFix.exe
[2010/04/08 23:56:45 | 000,000,742 | ---- | C] () -- C:\WINDOWS\System32\.crusader
[2010/04/08 23:51:02 | 000,015,944 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2010/04/08 23:42:03 | 1038,790,656 | -HS- | C] () -- C:\hiberfil.sys
[2010/04/08 23:21:47 | 000,001,692 | ---- | C] () -- C:\Documents and Settings\Administrator.IENOVO\Desktop\EarthLink Internet 30 Days Free.lnk
[2010/04/08 23:21:47 | 000,001,555 | ---- | C] () -- C:\Documents and Settings\Administrator.IENOVO\Desktop\AOL 3 Month Free Trial.lnk
[2010/04/08 23:21:47 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Administrator.IENOVO\Local Settings\Application Data\fusioncache.dat
[2010/04/08 23:21:45 | 001,048,576 | -H-- | C] () -- C:\Documents and Settings\Administrator.IENOVO\NTUSER.DAT
[2010/04/08 23:21:45 | 000,000,178 | -HS- | C] () -- C:\Documents and Settings\Administrator.IENOVO\ntuser.ini
[2010/04/08 23:14:20 | 000,001,555 | ---- | C] () -- C:\Documents and Settings\Papa\Desktop\CCleaner.lnk
[2010/04/08 06:59:38 | 000,004,036 | -HS- | C] () -- C:\Documents and Settings\Papa\Local Settings\Application Data\52888976
[2010/04/08 06:59:15 | 000,004,080 | -HS- | C] () -- C:\Documents and Settings\Papa\Local Settings\Application Data\XI7Bd8ganH
[2010/04/08 06:58:40 | 000,008,894 | -HS- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\XI7Bd8ganH
[2010/04/04 10:45:36 | 000,049,382 | ---- | C] () -- C:\Documents and Settings\Papa\Desktop\Kamen Rider W - 29 [W-Time].ass
[2010/04/04 02:04:54 | 281,247,356 | ---- | C] () -- C:\Documents and Settings\Papa\Desktop\Kamen Rider W - 29 [W-Time].avi
[2010/04/02 02:34:04 | 002,294,899 | ---- | C] () -- C:\Documents and Settings\Papa\Desktop\walmart.pdf
[2010/03/26 01:13:20 | 000,363,008 | ---- | C] () -- C:\Documents and Settings\Papa\Desktop\rkill.exe
[2010/03/26 00:27:21 | 000,000,886 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/03/26 00:27:21 | 000,000,882 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2009/12/31 17:26:14 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2009/02/07 22:59:48 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxdmvs.dll
[2009/02/07 22:59:45 | 000,348,160 | ---- | C] () -- C:\WINDOWS\System32\lxdmcoin.dll
[2009/02/07 22:59:20 | 000,692,224 | ---- | C] () -- C:\WINDOWS\System32\lxdmdrs.dll
[2009/02/07 22:59:20 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\lxdmcnv4.dll
[2009/02/07 22:59:20 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\lxdmcaps.dll
[2009/02/07 21:32:27 | 000,000,060 | -H-- | C] () -- C:\WINDOWS\System32\lxdmrwrd.ini
[2009/02/07 21:32:14 | 000,348,160 | ---- | C] () -- C:\WINDOWS\System32\lxdminst.dll
[2009/02/07 21:32:10 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\lxdmgrd.dll
[2008/03/23 22:32:38 | 000,051,716 | ---- | C] () -- C:\WINDOWS\System32\pdf995mon.dll
[2008/03/23 22:32:38 | 000,000,142 | ---- | C] () -- C:\WINDOWS\wpd99.drv
[2007/03/18 21:56:01 | 000,000,023 | ---- | C] () -- C:\WINDOWS\EPS820.ini
[2007/03/05 08:05:28 | 000,124,416 | ---- | C] () -- C:\Documents and Settings\Papa\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/02/26 22:54:10 | 000,005,852 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2007/02/26 22:54:10 | 000,000,088 | RHS- | C] () -- C:\WINDOWS\System32\DBC70470E3.sys
[2006/12/29 22:12:10 | 000,009,255 | R--- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2006/12/26 22:20:19 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/12/25 16:07:18 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\Papa\Local Settings\Application Data\fusioncache.dat
[2006/11/18 00:16:18 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/11/17 23:59:58 | 000,028,848 | ---- | C] () -- C:\WINDOWS\System32\drivers\USBkey.sys
[2006/11/17 23:57:18 | 000,000,040 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2006/11/17 23:55:51 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2006/11/17 23:55:51 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2006/11/17 23:55:51 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2006/11/17 23:55:51 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2006/11/17 23:55:51 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2006/11/17 23:55:51 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2006/11/17 23:50:03 | 000,005,528 | ---- | C] () -- C:\WINDOWS\System32\Setup2k.ini
[2006/11/17 23:50:03 | 000,000,296 | ---- | C] () -- C:\WINDOWS\System32\presetup.ini
[2006/11/17 23:50:02 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\FSRremoC.DLL
[2006/11/17 23:42:06 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006/11/17 23:42:06 | 001,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006/11/17 23:42:06 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/11/17 23:42:06 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006/11/17 23:42:06 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2006/06/19 11:36:20 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2006/04/30 02:05:41 | 000,004,670 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2006/04/30 01:48:13 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/03 18:59:54 | 000,062,976 | ---- | C] () -- C:\WINDOWS\System32\drivers\cdrom.sys
[2003/01/07 19:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[1999/01/27 15:39:06 | 000,065,024 | ---- | C] () -- C:\WINDOWS\System32\indounin.dll
[1997/06/13 09:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll

========== LOP Check ==========

[2006/12/26 09:22:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.IENOVO\Application Data\Lenovo
[2006/11/18 00:15:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.IENOVO\Application Data\ThinkVantage
[2010/02/21 01:54:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Papa\Application Data\acccore
[2010/04/05 10:11:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Papa\Application Data\ComcastToolbar
[2010/04/07 18:49:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Papa\Application Data\foobar2000
[2006/12/29 22:00:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Papa\Application Data\FotoWire
[2007/10/25 21:34:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Papa\Application Data\FUJIFILM
[2006/12/27 14:27:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Papa\Application Data\funkitron
[2007/05/29 00:37:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Papa\Application Data\InterVideo
[2008/08/24 15:42:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Papa\Application Data\iWin
[2006/12/29 06:23:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Papa\Application Data\Leadertech
[2006/12/26 09:22:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Papa\Application Data\Lenovo
[2009/02/07 22:41:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Papa\Application Data\Lexmark Productivity Studio
[2008/08/09 15:14:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Papa\Application Data\SpinTop
[2009/03/09 14:39:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Papa\Application Data\TaxCut
[2006/11/18 00:15:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Papa\Application Data\ThinkVantage
[2010/04/08 14:50:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Papa\Application Data\uTorrent

========== Purity Check ==========



========== Custom Scans ==========



< MD5 for: AGP440.SYS >
[2004/08/04 08:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\I386\sp2.cab:AGP440.sys
[2004/08/04 08:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/09/30 16:23:17 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008/09/30 16:23:17 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004/08/04 02:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/04 08:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\I386\sp2.cab:atapi.sys
[2004/08/04 08:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/09/30 16:23:17 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/09/30 16:23:17 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/04 01:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/04 08:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: IASTOR.SYS >
[2005/10/11 20:07:12 | 000,874,240 | ---- | M] (Intel Corporation) MD5=309C4D86D989FB1FCF64BD30DC81C51B -- C:\DRIVERS\OTHER\iaStor.sys
[2005/10/11 20:07:12 | 000,874,240 | ---- | M] (Intel Corporation) MD5=309C4D86D989FB1FCF64BD30DC81C51B -- C:\WINDOWS\system32\drivers\iaStor.sys

< MD5 for: NETLOGON.DLL >
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/04 08:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: NVATA.SYS >
[2006/01/27 02:04:16 | 000,099,584 | ---- | M] (NVIDIA Corporation) MD5=3AC5EEDD35B7437D53960F3998BFA462 -- C:\SWTOOLS\DRIVERS\CHIPSET\nForce\IDE\Win2K\sata_ide\nvata.sys
[2006/01/27 02:04:16 | 000,099,584 | ---- | M] (NVIDIA Corporation) MD5=3AC5EEDD35B7437D53960F3998BFA462 -- C:\SWTOOLS\DRIVERS\CHIPSET\nForce\IDE\WinXP\sata_ide\nvata.sys

< MD5 for: NVATABUS.SYS >
[2006/01/27 02:04:16 | 000,099,584 | ---- | M] (NVIDIA Corporation) MD5=3AC5EEDD35B7437D53960F3998BFA462 -- C:\SWTOOLS\DRIVERS\CHIPSET\nForce\IDE\Win2K\sataraid\nvatabus.sys
[2006/01/27 02:04:16 | 000,099,584 | ---- | M] (NVIDIA Corporation) MD5=3AC5EEDD35B7437D53960F3998BFA462 -- C:\SWTOOLS\DRIVERS\CHIPSET\nForce\IDE\WinXP\sataraid\nvatabus.sys

< %systemroot%\*. /mp /s >

========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\Papa\Desktop\rkill.exe:SummaryInformation
< End of report >




#8 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,706 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:04:45 AM

Posted 11 April 2010 - 01:52 PM

  1. Start in Safe Mode Using the F8 key:
    • Restart the computer.
    • As soon as the BIOS is loaded begin tapping the F8 key until the boot menu appears.
    • Select Last Known Good Configuration from the list and let Windows boot. If the Windows could not boot please proceed with the next steps.

  2. Please tell specifically at what stage you get blue screen when you start the computer. How far does it goes. do you see BIOS loading screen, does it gets to Windows XP log with the loading bar, etc.

  3. Please tell me if you have changed anything after being able to boot to Boot CD, have you disabled any driver/service after you got boot problem.

  4. Please run OTLPE, Click Yes and OK to its prompts.
    Set Services to All.
    Set Drivers to All.
    Set all the other sections (including Files Created or Files Modigied) to None.




#9 atan

atan
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:45 PM

Posted 11 April 2010 - 02:10 PM

Performed Step 1.

Windows booted!

EDIT - Alas, an ad for a fake antivirus (XP Smart Security) popped up. I believe I know how to remove this myself (and I will NEVER use combofix anymore without the assistance of someone who actually knows what they are doing). Do you have any further instructions or checks? Thank you for guiding me this far, by the way. smile.gif

Edited by atan, 11 April 2010 - 02:12 PM.


#10 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,706 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:04:45 AM

Posted 11 April 2010 - 03:10 PM

Great. thumbup2.gif

You may do the rest if you wanted. Just let me know your decision. smile.gif

#11 atan

atan
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:45 PM

Posted 11 April 2010 - 03:21 PM

I will do the rest. Thank you very much for all of your help. If you would like, you can lock the thread, as I have no more concerns.

Thanks again. smile.gif

#12 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,706 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:04:45 AM

Posted 11 April 2010 - 04:24 PM

You are most welcome. smile.gif

This thread will now be closed since the issue seems to be resolved.

If you should have a new issue, please start a new topic.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users