This topic is lockedTried a few times too, but keeps happening.
Pc reboots after i try to login
Started by
Kinyo
, Jan 10 2011 04:11 PM
#31
Posted 13 January 2011 - 12:54 AM
Kinyo
- Topic Starter
-
- Member
-
- 106 posts
Member
Tried a few times too, but keeps happening.
#32
Posted 13 January 2011 - 01:07 AM
Salagubang
-
- Malware Removal
-
- 3,891 posts
Trusted Helper
- Start OTLPE
- In the box that says "Standard Registry" click "None"
- In the Custom scans and fixes box paste this in:
netsvcs
drivers32
/md5start
winlogon.exe
explorer.exe
svchost.exe
userinit.exe
/md5stop
%SYSTEMDRIVE%\*.*
%systemroot%\*. /mp /s
c:\windows\minidump\*.*
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
c:\system volume information|_REGISTRY_MACHINE_SYSTEM;true;true;true /FP
c:\system volume information|_REGISTRY_MACHINE_SOFTWARE;true;true;true /FP - Then click the Run Scan button at the top
- Let the program run unhindered, reboot when it is done to normal mode if possible
- Then post a new OTL log ( don't check the boxes beside LOP Check or Purity this time )
Edited by Salagubang, 13 January 2011 - 01:08 AM.
#33
Posted 13 January 2011 - 01:24 AM
Kinyo
- Topic Starter
-
- Member
-
- 106 posts
Member
I changed it to what you have up there, then clicked Run Fix. It was finished almost instantly. So then I clicked ok, and turned the PC off, then turned it back on without the USB sticks and tried to run Windows Normally. I put in my password for Windows and as it was loading the blue screen came up and at the bottom it was loading crash dump's and then it rebooted it self.
#34
Posted 13 January 2011 - 01:28 AM
Salagubang
-
- Malware Removal
-
- 3,891 posts
Trusted Helper
I am sorry for the slip up. You were to click Run Scan. Can you try it again please.
Edited by Salagubang, 13 January 2011 - 01:28 AM.
#35
Posted 13 January 2011 - 01:38 AM
Kinyo
- Topic Starter
-
- Member
-
- 106 posts
Member
I would love to. But each time I turn my PC on and click F12 (Boot Sequence) and select USB Device. The screen goes straight to the screen where it asks me
Safe Mode
Safe Mode with Networking
Safe Mode with command prompt
Start windows normally
And they dont work. Do I create another USB Stick or what do I do?
Safe Mode
Safe Mode with Networking
Safe Mode with command prompt
Start windows normally
And they dont work. Do I create another USB Stick or what do I do?
#36
Posted 13 January 2011 - 01:41 AM
Kinyo
- Topic Starter
-
- Member
-
- 106 posts
Member
Never mind I got back in. I put the USB stick in a different USB slot and took out all the other USB devices such as mouse and keyboard.
Reatogo is loading.
Reatogo is loading.
#37
Posted 13 January 2011 - 01:41 AM
Salagubang
-
- Malware Removal
-
- 3,891 posts
Trusted Helper
If there are two USB inserted, try removing the other one.
#38
Posted 13 January 2011 - 02:07 AM
Kinyo
- Topic Starter
-
- Member
-
- 106 posts
Member
I ran it again, and then this came up: "The application or DLL I:\Windows\system32\shell32.dll is not a valid Windows Image. Please check this against your installation diskette."
Then a notepad file came up and has all this stuff in it. I hit Save (just in case) and do I restart now and try normal mode or do I try to scan one more time?
Then a notepad file came up and has all this stuff in it. I hit Save (just in case) and do I restart now and try normal mode or do I try to scan one more time?
#39
Posted 13 January 2011 - 02:11 AM
Salagubang
-
- Malware Removal
-
- 3,891 posts
Trusted Helper
Please post the notepad log so I can analyze what is keeping you from logging in. Do not reboot the machine.
Next, I need you to open OTLPE again.
Click on the "NONE" button.
On the box that says "Standard Registry" choose "Safelist"
Then click "Run Scan".
Post the contents of the resulting text.
Next, I need you to open OTLPE again.
Click on the "NONE" button.
On the box that says "Standard Registry" choose "Safelist"
Then click "Run Scan".
Post the contents of the resulting text.
Edited by Salagubang, 13 January 2011 - 02:15 AM.
#40
Posted 13 January 2011 - 02:15 AM
Kinyo
- Topic Starter
-
- Member
-
- 106 posts
Member
I saved the file to my 2nd USB drive (because it doesnt offer me internet for some odd reason), now its in my laptop. And then the screen on the infected machine went blue saying "A problem has been detected and Windows has been shut down to prevent damage to your computer"
So I will reboot and try to bring up XP again.
here is the log:
OTL logfile created on: 1/13/2011 1:58:26 AM - Run
OTLPE by OldTimer - Version 3.1.44.0 Folder = X:\Programs\OTLPE
64bit-Windows 7 Home Premium (Version = 6.1.7600) - Type = System
Internet Explorer (Version = 9.0.7930.16406)
Locale: 00000409 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 90.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = I: | %SystemRoot% = I:\Windows | %ProgramFiles% = I:\Program Files (x86)
Drive C: | 100.00 Mb Total Space | 75.87 Mb Free Space | 75.87% Space Free | Partition Type: NTFS
Drive I: | 916.41 Gb Total Space | 346.52 Gb Free Space | 37.81% Space Free | Partition Type: NTFS
Drive X: | 3.68 Gb Total Space | 3.19 Gb Free Space | 86.72% Space Free | Partition Type: NTFS
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
========== Win32 Services (SafeList) ==========
SRV:64bit: - [2010/09/22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled] -- I:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/03/26 00:48:42 | 000,017,424 | ---- | M] (Microsoft Corporation) [Auto] -- I:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2009/11/04 10:45:14 | 000,202,752 | ---- | M] (AMD) [Auto] -- I:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/07/24 16:04:54 | 000,199,008 | ---- | M] (Microsoft Corporation) [Auto] -- I:\Program Files\Microsoft LifeCam\MSCamS64.exe -- (MSCamSvc)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand] -- I:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/03 20:47:12 | 000,240,160 | ---- | M] (Acer) [Auto] -- I:\Program Files\Gateway\Gateway Updater\UpdaterService.exe -- (Updater Service)
SRV - [2010/10/16 01:40:40 | 000,037,664 | ---- | M] (Apple Inc.) [Auto] -- I:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/07/28 16:36:52 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand] -- I:\Program Files (x86)\Gateway Games\Gateway Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto] -- I:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/12/15 15:07:16 | 000,025,832 | ---- | M] (BioWare) [On_Demand] -- I:\Program Files (x86)\Dragon Age\bin_ship\daupdatersvc.service.exe -- (DAUpdaterSvc)
SRV - [2009/08/12 17:04:44 | 000,062,208 | ---- | M] (NewTech Infosystems, Inc.) [Auto] -- I:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2009/07/28 14:25:34 | 000,935,208 | ---- | M] (Nero AG) [On_Demand] -- I:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled] -- I:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/06/04 08:04:50 | 001,150,496 | ---- | M] (Acer Incorporated) [Auto] -- I:\Program Files (x86)\Gateway\Registration\GregHSRW.exe -- (Greg_Service)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto] -- I:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2007/05/31 18:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto] -- I:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 18:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto] -- I:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2010/09/29 08:02:09 | 000,314,016 | ---- | M] () [Kernel | Auto] -- I:\Windows\System32\drivers\atksgt.sys -- (atksgt)
DRV:64bit: - [2010/09/29 08:02:07 | 000,043,680 | ---- | M] () [Kernel | Auto] -- I:\Windows\System32\drivers\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2010/09/23 01:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- I:\Windows\System32\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010/04/19 21:47:42 | 000,050,688 | ---- | M] (Apple, Inc.) [Kernel | On_Demand] -- I:\Windows\System32\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2009/12/08 09:48:12 | 000,868,848 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot] -- I:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2009/11/04 11:17:30 | 006,088,192 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- I:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/07/24 16:04:54 | 000,036,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- I:\Windows\System32\drivers\nx6000.sys -- (MSHUSBVideo)
DRV:64bit: - [2009/07/13 20:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand] -- I:\Windows\system32\DRIVERS\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/13 20:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot] -- I:\Windows\System32\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand] -- I:\Windows\system32\DRIVERS\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand] -- I:\Windows\system32\DRIVERS\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand] -- I:\Windows\system32\DRIVERS\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand] -- I:\Windows\system32\DRIVERS\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 19:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- I:\Windows\System32\drivers\rootmdm.sys -- (ROOTMODEM)
DRV:64bit: - [2009/07/13 19:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- I:\Windows\System32\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2009/06/12 05:19:58 | 000,287,960 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- I:\Windows\System32\drivers\e1y62x64.sys -- (e1yexpress) Intel®
DRV:64bit: - [2009/06/10 15:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand] -- I:\Windows\System32\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 15:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- I:\Windows\System32\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- I:\Windows\system32\DRIVERS\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- I:\Windows\system32\DRIVERS\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- I:\Windows\System32\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand] -- I:\Windows\system32\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/04 16:20:26 | 000,114,192 | ---- | M] (ATI Research Inc.) [Kernel | On_Demand] -- I:\Windows\System32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009/06/04 05:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot] -- I:\Windows\System32\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/05/05 18:46:08 | 000,018,432 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand] -- I:\Windows\System32\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:64bit: - [2009/05/05 18:46:08 | 000,016,896 | ---- | M] (NewTech Infosystems Corporation) [Kernel | On_Demand] -- I:\Windows\System32\drivers\UBHelper.sys -- (UBHelper)
DRV:64bit: - [2009/01/09 16:02:08 | 000,031,744 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand] -- I:\Windows\System32\drivers\RimSerial_AMD64.sys -- (RimVSerPort)
DRV:64bit: - [2008/05/20 20:33:36 | 000,028,416 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand] -- I:\Windows\System32\drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV - [2004/12/03 21:12:44 | 000,015,872 | ---- | M] (Interlex Inc.) [Kernel | Auto] -- I:\Program Files (x86)\VMLaunch\BuddyVM.sys -- ({09BB444F-B2E2-4009-BAF2-7B727681223E})
Drivers32:64bit: aux - I:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: aux1 - I:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midi - I:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midi1 - I:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midimapper - I:\Windows\System32\midimap.dll (Microsoft Corporation)
Drivers32:64bit: mixer - I:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: mixer1 - I:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: mixer2 - I:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: mixer3 - I:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: mixer4 - I:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: msacm.imaadpcm - I:\Windows\System32\imaadp32.acm (Microsoft Corporation)
Drivers32:64bit: msacm.l3acm - I:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32:64bit: msacm.msadpcm - I:\Windows\System32\msadp32.acm (Microsoft Corporation)
Drivers32:64bit: msacm.msg711 - I:\Windows\System32\msg711.acm (Microsoft Corporation)
Drivers32:64bit: msacm.msgsm610 - I:\Windows\System32\msgsm32.acm (Microsoft Corporation)
Drivers32:64bit: MSVideo8 - I:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32:64bit: VIDC.FPS1 - I:\Windows\System32\frapsv64.dll (Beepa P/L)
Drivers32:64bit: vidc.i420 - I:\Windows\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32:64bit: VIDC.IYUV - I:\Windows\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32:64bit: vidc.mrle - I:\Windows\System32\msrle32.dll (Microsoft Corporation)
Drivers32:64bit: vidc.msvc - I:\Windows\System32\msvidc32.dll (Microsoft Corporation)
Drivers32:64bit: VIDC.UYVY - I:\Windows\System32\msyuv.dll (Microsoft Corporation)
Drivers32:64bit: VIDC.YUY2 - I:\Windows\System32\msyuv.dll (Microsoft Corporation)
Drivers32:64bit: VIDC.YVU9 - I:\Windows\System32\tsbyuv.dll (Microsoft Corporation)
Drivers32:64bit: VIDC.YVYU - I:\Windows\System32\msyuv.dll (Microsoft Corporation)
Drivers32:64bit: wave - I:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: wave1 - I:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: wave2 - I:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: wave3 - I:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: wave4 - I:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: wavemapper - I:\Windows\System32\msacm32.drv (Microsoft Corporation)
Drivers32: msacm.l3acm - I:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - I:\Windows\SysWow64\vfwwdm32.dll (Microsoft Corporation)
Drivers32: VIDC.FPS1 - frapsv64.dll File not found
========== Files/Folders - Created Within 30 Days ==========
[2011/01/13 01:16:00 | 000,000,000 | ---D | C] -- I:\_OTL
[2010/12/17 21:06:57 | 000,000,000 | ---D | C] -- I:\Program Files (x86)\ConduitEngine
[2010/12/17 21:06:55 | 000,000,000 | ---D | C] -- I:\Program Files (x86)\uTorrentBar
========== Files - Modified Within 30 Days ==========
[2011/01/13 02:35:37 | 000,067,584 | --S- | M] () -- I:\Windows\bootstat.dat
[2011/01/13 02:35:33 | 390,856,005 | ---- | M] () -- I:\Windows\MEMORY.DMP
[2011/01/13 02:35:26 | 2146,807,807 | -HS- | M] () -- I:\hiberfil.sys
[2011/01/13 02:33:10 | 000,000,894 | ---- | M] () -- I:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/12/15 23:40:35 | 000,009,920 | -H-- | M] () -- I:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/12/15 23:40:35 | 000,009,920 | -H-- | M] () -- I:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/12/15 23:38:20 | 000,628,024 | ---- | M] () -- I:\Windows\System32\perfh009.dat
[2010/12/15 23:38:20 | 000,110,208 | ---- | M] () -- I:\Windows\System32\perfc009.dat
========== Files Created - No Company Name ==========
[2010/12/18 15:17:27 | 390,856,005 | ---- | C] () -- I:\Windows\MEMORY.DMP
[2010/10/14 02:36:44 | 000,179,263 | ---- | C] () -- I:\Windows\SysWow64\xlive.dll.cat
[2010/08/24 09:40:08 | 000,000,233 | ---- | C] () -- I:\Windows\ACTIVEJP.INI
[2010/06/13 10:03:18 | 000,021,840 | ---- | C] () -- I:\Windows\SysWow64\SIntfNT.dll
[2010/06/13 10:03:18 | 000,017,212 | ---- | C] () -- I:\Windows\SysWow64\SIntf32.dll
[2010/06/13 10:03:18 | 000,012,067 | ---- | C] () -- I:\Windows\SysWow64\SIntf16.dll
[2010/06/11 18:32:12 | 000,000,025 | ---- | C] () -- I:\Windows\cdplayer.ini
[2010/05/08 16:51:22 | 000,000,301 | ---- | C] () -- I:\Windows\wininit.ini
[2009/07/13 19:02:54 | 000,245,248 | ---- | C] () -- I:\Windows\SysWow64\DShowRdpFilter.dll
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- I:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 17:25:04 | 000,197,632 | ---- | C] () -- I:\Windows\SysWow64\ir32_32.dll
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- I:\Windows\SysWow64\msjetoledb40.dll
[2008/10/07 10:13:30 | 000,197,912 | ---- | C] () -- I:\Windows\SysWow64\physxcudart_20.dll
[2008/10/07 10:13:22 | 000,058,648 | ---- | C] () -- I:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- I:\Windows\SysWow64\AgCPanelSwedish.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- I:\Windows\SysWow64\AgCPanelSpanish.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- I:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- I:\Windows\SysWow64\AgCPanelPortugese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- I:\Windows\SysWow64\AgCPanelKorean.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- I:\Windows\SysWow64\AgCPanelJapanese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- I:\Windows\SysWow64\AgCPanelGerman.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- I:\Windows\SysWow64\AgCPanelFrench.dll
========== LOP Check ==========
[2010/12/18 15:17:50 | 000,032,596 | ---- | M] () -- I:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
========== Custom Scans ==========
< netscvs >
< MD5 for: EXPLORER.EXE >
[2009/07/13 20:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- I:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2009/10/31 00:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- I:\Windows\SysWOW64\explorer.exe
[2009/10/31 00:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- I:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2009/08/03 01:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- I:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2009/10/31 01:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- I:\Windows\explorer.exe
[2009/10/31 01:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- I:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009/08/03 00:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- I:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2009/10/31 01:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- I:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009/08/03 00:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- I:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/13 20:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- I:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009/10/31 01:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- I:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2009/08/03 01:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- I:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
< MD5 for: SVCHOST.EXE >
[2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- I:\Windows\SysWOW64\svchost.exe
[2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- I:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009/07/13 20:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- I:\Windows\SysWOW64\svchost.exe
[2009/07/13 20:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- I:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe
< MD5 for: USERINIT.EXE >
[2009/07/13 20:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- I:\Windows\SysWOW64\userinit.exe
[2009/07/13 20:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- I:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/13 20:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- I:\Windows\SysWOW64\userinit.exe
[2009/07/13 20:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- I:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
< MD5 for: WINLOGON.EXE >
[2009/07/13 20:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- I:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009/10/28 02:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- I:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009/10/28 01:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A --
[2009/10/28 01:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- I:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
< %SYSTEMDRIVE%\*.* >
[2009/08/27 16:04:31 | 000,008,192 | RHS- | M] () -- I:\BOOTSECT.BAK
[2010/05/29 19:44:04 | 000,000,216 | ---- | M] () -- I:\DebugTrace-RockallDLL.log
[2007/11/07 09:00:40 | 000,017,734 | ---- | M] () -- I:\eula.1028.txt
[2007/11/07 09:00:40 | 000,017,734 | ---- | M] () -- I:\eula.1031.txt
[2007/11/07 09:00:40 | 000,010,134 | ---- | M] () -- I:\eula.1033.txt
[2007/11/07 09:00:40 | 000,017,734 | ---- | M] () -- I:\eula.1036.txt
[2007/11/07 09:00:40 | 000,017,734 | ---- | M] () -- I:\eula.1040.txt
[2007/11/07 09:00:40 | 000,000,118 | ---- | M] () -- I:\eula.1041.txt
[2007/11/07 09:00:40 | 000,017,734 | ---- | M] () -- I:\eula.1042.txt
[2007/11/07 09:00:40 | 000,017,734 | ---- | M] () -- I:\eula.2052.txt
[2007/11/07 09:00:40 | 000,017,734 | ---- | M] () -- I:\eula.3082.txt
[2007/11/07 09:00:40 | 000,001,110 | ---- | M] () -- I:\globdata.ini
[2011/01/13 02:35:26 | 2146,807,807 | -HS- | M] () -- I:\hiberfil.sys
[2007/11/07 09:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- I:\install.exe
[2007/11/07 09:00:40 | 000,000,843 | ---- | M] () -- I:\install.ini
[2007/11/07 09:03:18 | 000,076,304 | ---- | M] (Microsoft Corporation) -- I:\install.res.1028.dll
[2007/11/07 09:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- I:\install.res.1031.dll
[2007/11/07 09:03:18 | 000,091,152 | ---- | M] (Microsoft Corporation) -- I:\install.res.1033.dll
[2007/11/07 09:03:18 | 000,097,296 | ---- | M] (Microsoft Corporation) -- I:\install.res.1036.dll
[2007/11/07 09:03:18 | 000,095,248 | ---- | M] (Microsoft Corporation) -- I:\install.res.1040.dll
[2007/11/07 09:03:18 | 000,081,424 | ---- | M] (Microsoft Corporation) -- I:\install.res.1041.dll
[2007/11/07 09:03:18 | 000,079,888 | ---- | M] (Microsoft Corporation) -- I:\install.res.1042.dll
[2007/11/07 09:03:18 | 000,075,792 | ---- | M] (Microsoft Corporation) -- I:\install.res.2052.dll
[2007/11/07 09:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- I:\install.res.3082.dll
[2006/12/02 01:37:14 | 000,904,704 | -H-- | M] (Microsoft Corporation) -- I:\msdia80.dll
[2011/01/13 02:35:33 | 4294,066,175 | -HS- | M] () -- I:\pagefile.sys
[2009/10/20 12:51:50 | 000,002,035 | ---- | M] () -- I:\RHDSetup.log
[2007/11/07 09:00:40 | 000,005,686 | ---- | M] () -- I:\vcredist.bmp
[2007/11/07 09:09:22 | 001,442,522 | ---- | M] () -- I:\VC_RED.cab
[2007/11/07 09:12:28 | 000,232,960 | ---- | M] () -- I:\VC_RED.MSI
< %systemroot%\*./mp /s >
< c:\windows\minidump\*.* >
< HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon >
"ReportBootOk" = 1
"Shell" = explorer.exe -- [2009/10/31 00:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation)
"PreCreateKnownFolders" = {A520A1A4-1780-4FF6-BD18-167343C5AF16}
"Userinit" = C:\Windows\system32\userinit.exe,
"VMApplet" = SystemPropertiesPerformance.exe /pagefile -- [2009/07/13 20:14:42 | 000,081,920 | ---- | M] (Microsoft Corporation)
"AutoRestartShell" = 1
"Background" = 0 0 0
"CachedLogonsCount" = 10
"DebugServerCommand" = no
"ForceUnlockLogon" = 0
"LegalNoticeCaption" =
"LegalNoticeText" =
"PasswordExpiryWarning" = 5
"PowerdownAfterShutdown" = 0
"ShutdownWithoutLogon" = 0
"WinStationsDisabled" = 0
"DisableCAD" = 1
"scremoveoption" = 0
"ShutdownFlags" = 43
"AutoAdminLogon" = 0
"DefaultUserName" = Roger
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts]
< CREATERESTOREPOINT >
< %systemroot%\System32\config\*.sav >
< c:\system volume information|_REGISTRY_MACHINE_SYSTEM;true;true;true /FP >
< c:\system volume information|_REGISTRY_MACHINE_SOFTWARE;true;true;true /FP >
< End of report >
So I will reboot and try to bring up XP again.
here is the log:
OTL logfile created on: 1/13/2011 1:58:26 AM - Run
OTLPE by OldTimer - Version 3.1.44.0 Folder = X:\Programs\OTLPE
64bit-Windows 7 Home Premium (Version = 6.1.7600) - Type = System
Internet Explorer (Version = 9.0.7930.16406)
Locale: 00000409 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 90.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = I: | %SystemRoot% = I:\Windows | %ProgramFiles% = I:\Program Files (x86)
Drive C: | 100.00 Mb Total Space | 75.87 Mb Free Space | 75.87% Space Free | Partition Type: NTFS
Drive I: | 916.41 Gb Total Space | 346.52 Gb Free Space | 37.81% Space Free | Partition Type: NTFS
Drive X: | 3.68 Gb Total Space | 3.19 Gb Free Space | 86.72% Space Free | Partition Type: NTFS
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
========== Win32 Services (SafeList) ==========
SRV:64bit: - [2010/09/22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled] -- I:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/03/26 00:48:42 | 000,017,424 | ---- | M] (Microsoft Corporation) [Auto] -- I:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2009/11/04 10:45:14 | 000,202,752 | ---- | M] (AMD) [Auto] -- I:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/07/24 16:04:54 | 000,199,008 | ---- | M] (Microsoft Corporation) [Auto] -- I:\Program Files\Microsoft LifeCam\MSCamS64.exe -- (MSCamSvc)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand] -- I:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/03 20:47:12 | 000,240,160 | ---- | M] (Acer) [Auto] -- I:\Program Files\Gateway\Gateway Updater\UpdaterService.exe -- (Updater Service)
SRV - [2010/10/16 01:40:40 | 000,037,664 | ---- | M] (Apple Inc.) [Auto] -- I:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/07/28 16:36:52 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand] -- I:\Program Files (x86)\Gateway Games\Gateway Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto] -- I:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/12/15 15:07:16 | 000,025,832 | ---- | M] (BioWare) [On_Demand] -- I:\Program Files (x86)\Dragon Age\bin_ship\daupdatersvc.service.exe -- (DAUpdaterSvc)
SRV - [2009/08/12 17:04:44 | 000,062,208 | ---- | M] (NewTech Infosystems, Inc.) [Auto] -- I:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2009/07/28 14:25:34 | 000,935,208 | ---- | M] (Nero AG) [On_Demand] -- I:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled] -- I:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/06/04 08:04:50 | 001,150,496 | ---- | M] (Acer Incorporated) [Auto] -- I:\Program Files (x86)\Gateway\Registration\GregHSRW.exe -- (Greg_Service)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto] -- I:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2007/05/31 18:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto] -- I:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 18:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto] -- I:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2010/09/29 08:02:09 | 000,314,016 | ---- | M] () [Kernel | Auto] -- I:\Windows\System32\drivers\atksgt.sys -- (atksgt)
DRV:64bit: - [2010/09/29 08:02:07 | 000,043,680 | ---- | M] () [Kernel | Auto] -- I:\Windows\System32\drivers\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2010/09/23 01:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- I:\Windows\System32\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010/04/19 21:47:42 | 000,050,688 | ---- | M] (Apple, Inc.) [Kernel | On_Demand] -- I:\Windows\System32\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2009/12/08 09:48:12 | 000,868,848 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot] -- I:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2009/11/04 11:17:30 | 006,088,192 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- I:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/07/24 16:04:54 | 000,036,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- I:\Windows\System32\drivers\nx6000.sys -- (MSHUSBVideo)
DRV:64bit: - [2009/07/13 20:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand] -- I:\Windows\system32\DRIVERS\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/13 20:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot] -- I:\Windows\System32\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand] -- I:\Windows\system32\DRIVERS\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand] -- I:\Windows\system32\DRIVERS\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand] -- I:\Windows\system32\DRIVERS\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand] -- I:\Windows\system32\DRIVERS\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 19:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- I:\Windows\System32\drivers\rootmdm.sys -- (ROOTMODEM)
DRV:64bit: - [2009/07/13 19:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- I:\Windows\System32\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2009/06/12 05:19:58 | 000,287,960 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- I:\Windows\System32\drivers\e1y62x64.sys -- (e1yexpress) Intel®
DRV:64bit: - [2009/06/10 15:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand] -- I:\Windows\System32\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 15:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- I:\Windows\System32\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- I:\Windows\system32\DRIVERS\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- I:\Windows\system32\DRIVERS\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- I:\Windows\System32\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand] -- I:\Windows\system32\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/04 16:20:26 | 000,114,192 | ---- | M] (ATI Research Inc.) [Kernel | On_Demand] -- I:\Windows\System32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009/06/04 05:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot] -- I:\Windows\System32\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/05/05 18:46:08 | 000,018,432 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand] -- I:\Windows\System32\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:64bit: - [2009/05/05 18:46:08 | 000,016,896 | ---- | M] (NewTech Infosystems Corporation) [Kernel | On_Demand] -- I:\Windows\System32\drivers\UBHelper.sys -- (UBHelper)
DRV:64bit: - [2009/01/09 16:02:08 | 000,031,744 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand] -- I:\Windows\System32\drivers\RimSerial_AMD64.sys -- (RimVSerPort)
DRV:64bit: - [2008/05/20 20:33:36 | 000,028,416 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand] -- I:\Windows\System32\drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV - [2004/12/03 21:12:44 | 000,015,872 | ---- | M] (Interlex Inc.) [Kernel | Auto] -- I:\Program Files (x86)\VMLaunch\BuddyVM.sys -- ({09BB444F-B2E2-4009-BAF2-7B727681223E})
Drivers32:64bit: aux - I:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: aux1 - I:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midi - I:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midi1 - I:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midimapper - I:\Windows\System32\midimap.dll (Microsoft Corporation)
Drivers32:64bit: mixer - I:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: mixer1 - I:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: mixer2 - I:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: mixer3 - I:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: mixer4 - I:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: msacm.imaadpcm - I:\Windows\System32\imaadp32.acm (Microsoft Corporation)
Drivers32:64bit: msacm.l3acm - I:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32:64bit: msacm.msadpcm - I:\Windows\System32\msadp32.acm (Microsoft Corporation)
Drivers32:64bit: msacm.msg711 - I:\Windows\System32\msg711.acm (Microsoft Corporation)
Drivers32:64bit: msacm.msgsm610 - I:\Windows\System32\msgsm32.acm (Microsoft Corporation)
Drivers32:64bit: MSVideo8 - I:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32:64bit: VIDC.FPS1 - I:\Windows\System32\frapsv64.dll (Beepa P/L)
Drivers32:64bit: vidc.i420 - I:\Windows\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32:64bit: VIDC.IYUV - I:\Windows\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32:64bit: vidc.mrle - I:\Windows\System32\msrle32.dll (Microsoft Corporation)
Drivers32:64bit: vidc.msvc - I:\Windows\System32\msvidc32.dll (Microsoft Corporation)
Drivers32:64bit: VIDC.UYVY - I:\Windows\System32\msyuv.dll (Microsoft Corporation)
Drivers32:64bit: VIDC.YUY2 - I:\Windows\System32\msyuv.dll (Microsoft Corporation)
Drivers32:64bit: VIDC.YVU9 - I:\Windows\System32\tsbyuv.dll (Microsoft Corporation)
Drivers32:64bit: VIDC.YVYU - I:\Windows\System32\msyuv.dll (Microsoft Corporation)
Drivers32:64bit: wave - I:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: wave1 - I:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: wave2 - I:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: wave3 - I:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: wave4 - I:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: wavemapper - I:\Windows\System32\msacm32.drv (Microsoft Corporation)
Drivers32: msacm.l3acm - I:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - I:\Windows\SysWow64\vfwwdm32.dll (Microsoft Corporation)
Drivers32: VIDC.FPS1 - frapsv64.dll File not found
========== Files/Folders - Created Within 30 Days ==========
[2011/01/13 01:16:00 | 000,000,000 | ---D | C] -- I:\_OTL
[2010/12/17 21:06:57 | 000,000,000 | ---D | C] -- I:\Program Files (x86)\ConduitEngine
[2010/12/17 21:06:55 | 000,000,000 | ---D | C] -- I:\Program Files (x86)\uTorrentBar
========== Files - Modified Within 30 Days ==========
[2011/01/13 02:35:37 | 000,067,584 | --S- | M] () -- I:\Windows\bootstat.dat
[2011/01/13 02:35:33 | 390,856,005 | ---- | M] () -- I:\Windows\MEMORY.DMP
[2011/01/13 02:35:26 | 2146,807,807 | -HS- | M] () -- I:\hiberfil.sys
[2011/01/13 02:33:10 | 000,000,894 | ---- | M] () -- I:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/12/15 23:40:35 | 000,009,920 | -H-- | M] () -- I:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/12/15 23:40:35 | 000,009,920 | -H-- | M] () -- I:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/12/15 23:38:20 | 000,628,024 | ---- | M] () -- I:\Windows\System32\perfh009.dat
[2010/12/15 23:38:20 | 000,110,208 | ---- | M] () -- I:\Windows\System32\perfc009.dat
========== Files Created - No Company Name ==========
[2010/12/18 15:17:27 | 390,856,005 | ---- | C] () -- I:\Windows\MEMORY.DMP
[2010/10/14 02:36:44 | 000,179,263 | ---- | C] () -- I:\Windows\SysWow64\xlive.dll.cat
[2010/08/24 09:40:08 | 000,000,233 | ---- | C] () -- I:\Windows\ACTIVEJP.INI
[2010/06/13 10:03:18 | 000,021,840 | ---- | C] () -- I:\Windows\SysWow64\SIntfNT.dll
[2010/06/13 10:03:18 | 000,017,212 | ---- | C] () -- I:\Windows\SysWow64\SIntf32.dll
[2010/06/13 10:03:18 | 000,012,067 | ---- | C] () -- I:\Windows\SysWow64\SIntf16.dll
[2010/06/11 18:32:12 | 000,000,025 | ---- | C] () -- I:\Windows\cdplayer.ini
[2010/05/08 16:51:22 | 000,000,301 | ---- | C] () -- I:\Windows\wininit.ini
[2009/07/13 19:02:54 | 000,245,248 | ---- | C] () -- I:\Windows\SysWow64\DShowRdpFilter.dll
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- I:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 17:25:04 | 000,197,632 | ---- | C] () -- I:\Windows\SysWow64\ir32_32.dll
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- I:\Windows\SysWow64\msjetoledb40.dll
[2008/10/07 10:13:30 | 000,197,912 | ---- | C] () -- I:\Windows\SysWow64\physxcudart_20.dll
[2008/10/07 10:13:22 | 000,058,648 | ---- | C] () -- I:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- I:\Windows\SysWow64\AgCPanelSwedish.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- I:\Windows\SysWow64\AgCPanelSpanish.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- I:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- I:\Windows\SysWow64\AgCPanelPortugese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- I:\Windows\SysWow64\AgCPanelKorean.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- I:\Windows\SysWow64\AgCPanelJapanese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- I:\Windows\SysWow64\AgCPanelGerman.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- I:\Windows\SysWow64\AgCPanelFrench.dll
========== LOP Check ==========
[2010/12/18 15:17:50 | 000,032,596 | ---- | M] () -- I:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
========== Custom Scans ==========
< netscvs >
< MD5 for: EXPLORER.EXE >
[2009/07/13 20:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- I:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2009/10/31 00:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- I:\Windows\SysWOW64\explorer.exe
[2009/10/31 00:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- I:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2009/08/03 01:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- I:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2009/10/31 01:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- I:\Windows\explorer.exe
[2009/10/31 01:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- I:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009/08/03 00:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- I:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2009/10/31 01:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- I:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009/08/03 00:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- I:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/13 20:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- I:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009/10/31 01:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- I:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2009/08/03 01:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- I:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
< MD5 for: SVCHOST.EXE >
[2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- I:\Windows\SysWOW64\svchost.exe
[2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- I:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009/07/13 20:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- I:\Windows\SysWOW64\svchost.exe
[2009/07/13 20:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- I:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe
< MD5 for: USERINIT.EXE >
[2009/07/13 20:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- I:\Windows\SysWOW64\userinit.exe
[2009/07/13 20:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- I:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/13 20:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- I:\Windows\SysWOW64\userinit.exe
[2009/07/13 20:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- I:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
< MD5 for: WINLOGON.EXE >
[2009/07/13 20:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- I:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009/10/28 02:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- I:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009/10/28 01:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A --
[2009/10/28 01:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- I:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
< %SYSTEMDRIVE%\*.* >
[2009/08/27 16:04:31 | 000,008,192 | RHS- | M] () -- I:\BOOTSECT.BAK
[2010/05/29 19:44:04 | 000,000,216 | ---- | M] () -- I:\DebugTrace-RockallDLL.log
[2007/11/07 09:00:40 | 000,017,734 | ---- | M] () -- I:\eula.1028.txt
[2007/11/07 09:00:40 | 000,017,734 | ---- | M] () -- I:\eula.1031.txt
[2007/11/07 09:00:40 | 000,010,134 | ---- | M] () -- I:\eula.1033.txt
[2007/11/07 09:00:40 | 000,017,734 | ---- | M] () -- I:\eula.1036.txt
[2007/11/07 09:00:40 | 000,017,734 | ---- | M] () -- I:\eula.1040.txt
[2007/11/07 09:00:40 | 000,000,118 | ---- | M] () -- I:\eula.1041.txt
[2007/11/07 09:00:40 | 000,017,734 | ---- | M] () -- I:\eula.1042.txt
[2007/11/07 09:00:40 | 000,017,734 | ---- | M] () -- I:\eula.2052.txt
[2007/11/07 09:00:40 | 000,017,734 | ---- | M] () -- I:\eula.3082.txt
[2007/11/07 09:00:40 | 000,001,110 | ---- | M] () -- I:\globdata.ini
[2011/01/13 02:35:26 | 2146,807,807 | -HS- | M] () -- I:\hiberfil.sys
[2007/11/07 09:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- I:\install.exe
[2007/11/07 09:00:40 | 000,000,843 | ---- | M] () -- I:\install.ini
[2007/11/07 09:03:18 | 000,076,304 | ---- | M] (Microsoft Corporation) -- I:\install.res.1028.dll
[2007/11/07 09:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- I:\install.res.1031.dll
[2007/11/07 09:03:18 | 000,091,152 | ---- | M] (Microsoft Corporation) -- I:\install.res.1033.dll
[2007/11/07 09:03:18 | 000,097,296 | ---- | M] (Microsoft Corporation) -- I:\install.res.1036.dll
[2007/11/07 09:03:18 | 000,095,248 | ---- | M] (Microsoft Corporation) -- I:\install.res.1040.dll
[2007/11/07 09:03:18 | 000,081,424 | ---- | M] (Microsoft Corporation) -- I:\install.res.1041.dll
[2007/11/07 09:03:18 | 000,079,888 | ---- | M] (Microsoft Corporation) -- I:\install.res.1042.dll
[2007/11/07 09:03:18 | 000,075,792 | ---- | M] (Microsoft Corporation) -- I:\install.res.2052.dll
[2007/11/07 09:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- I:\install.res.3082.dll
[2006/12/02 01:37:14 | 000,904,704 | -H-- | M] (Microsoft Corporation) -- I:\msdia80.dll
[2011/01/13 02:35:33 | 4294,066,175 | -HS- | M] () -- I:\pagefile.sys
[2009/10/20 12:51:50 | 000,002,035 | ---- | M] () -- I:\RHDSetup.log
[2007/11/07 09:00:40 | 000,005,686 | ---- | M] () -- I:\vcredist.bmp
[2007/11/07 09:09:22 | 001,442,522 | ---- | M] () -- I:\VC_RED.cab
[2007/11/07 09:12:28 | 000,232,960 | ---- | M] () -- I:\VC_RED.MSI
< %systemroot%\*./mp /s >
< c:\windows\minidump\*.* >
< HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon >
"ReportBootOk" = 1
"Shell" = explorer.exe -- [2009/10/31 00:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation)
"PreCreateKnownFolders" = {A520A1A4-1780-4FF6-BD18-167343C5AF16}
"Userinit" = C:\Windows\system32\userinit.exe,
"VMApplet" = SystemPropertiesPerformance.exe /pagefile -- [2009/07/13 20:14:42 | 000,081,920 | ---- | M] (Microsoft Corporation)
"AutoRestartShell" = 1
"Background" = 0 0 0
"CachedLogonsCount" = 10
"DebugServerCommand" = no
"ForceUnlockLogon" = 0
"LegalNoticeCaption" =
"LegalNoticeText" =
"PasswordExpiryWarning" = 5
"PowerdownAfterShutdown" = 0
"ShutdownWithoutLogon" = 0
"WinStationsDisabled" = 0
"DisableCAD" = 1
"scremoveoption" = 0
"ShutdownFlags" = 43
"AutoAdminLogon" = 0
"DefaultUserName" = Roger
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts]
< CREATERESTOREPOINT >
< %systemroot%\System32\config\*.sav >
< c:\system volume information|_REGISTRY_MACHINE_SYSTEM;true;true;true /FP >
< c:\system volume information|_REGISTRY_MACHINE_SOFTWARE;true;true;true /FP >
< End of report >
#41
Posted 13 January 2011 - 02:21 AM
Kinyo
- Topic Starter
-
- Member
-
- 106 posts
Member
Am trying to get Reatogo/XP back up but each time I get this: "File SETUP.HIV could not be loaded. The error code is 4. Setup cannot continue. Press any key to exit."
the file extension ".HIV" sounds pretty nasty
the file extension ".HIV" sounds pretty nasty
#42
Posted 13 January 2011 - 02:30 AM
Salagubang
-
- Malware Removal
-
- 3,891 posts
Trusted Helper
Lets pause here and start again tomorrow. I need to review the logs and will get back to you.
#43
Posted 13 January 2011 - 07:29 AM
Salagubang
-
- Malware Removal
-
- 3,891 posts
Trusted Helper
Hi kinyo,
Lets do some diagnostics first on the machine's memory.
If you have more than one RAM module installed, try starting computer with one RAM stick at a time.
NOTE
Keep in mind, the manual check listed above is always superior to the software check, listed below. DO NOT proceed with memtest, if you can go with option A
B. If you have only one RAM stick installed...
...run memtest...
1. Download - Pre-Compiled Bootable ISO (.zip)
2. Unzip downloaded memtest86+-2.11.iso.zip file.
3. Inside, you'll find memtest86+-2.11.iso file.
4. Download, and install ImgBurn: http://www.imgburn.com/
5. Insert blank CD into your CD drive.
6. Open ImgBurn, and click on Write image file to disc
7. Click on Browse for a file... icon:
8. Locate memtest86+-2.11.iso file, and click Open button.
9. Click on ImgBurn green arrow to start burning bootable memtest86 CD:
10. Once the CD is created, boot from it, and memtest will automatically start to run. You may have to change the boot sequence in your BIOS to make it work right.
To change Boot Sequence in your BIOS
Reboot the system and at the first post screen (where it is counting up memory) start tapping the DEL button
This will enter you into the Bios\Cmos area.
Find the Advanced area and click Enter
Look for Boot Sequence or Boot Options and highlight that click Enter
Now highlight the first drive and follow the directions on the bottom of the screen on how to modify it and change it to CDrom.
Change the second drive to the C or Main Drive
Once that is done then click F10 to Save and Exit
You will prompted to enter Y to verify Save and Exit. Click Y and the system will now reboot with the new settings.
The running program will look something like this depending on the size and number of ram modules installed:
It's recommended to run 5-6 passes. Each pass contains very same 8 tests.
This will show the progress of the test. It can take a while. Be patient, or leave it running overnight.
The following image is the test results area:
The most important item here is the “errors” line. If you see ANY errors, even one, most likely, you have bad RAM.
Thanks to rshaffer61 for the canned.
Lets do some diagnostics first on the machine's memory.
If you have more than one RAM module installed, try starting computer with one RAM stick at a time.
NOTE
Keep in mind, the manual check listed above is always superior to the software check, listed below. DO NOT proceed with memtest, if you can go with option A
B. If you have only one RAM stick installed...
...run memtest...
1. Download - Pre-Compiled Bootable ISO (.zip)
2. Unzip downloaded memtest86+-2.11.iso.zip file.
3. Inside, you'll find memtest86+-2.11.iso file.
4. Download, and install ImgBurn: http://www.imgburn.com/
5. Insert blank CD into your CD drive.
6. Open ImgBurn, and click on Write image file to disc
7. Click on Browse for a file... icon:
8. Locate memtest86+-2.11.iso file, and click Open button.
9. Click on ImgBurn green arrow to start burning bootable memtest86 CD:
10. Once the CD is created, boot from it, and memtest will automatically start to run. You may have to change the boot sequence in your BIOS to make it work right.
To change Boot Sequence in your BIOS
Reboot the system and at the first post screen (where it is counting up memory) start tapping the DEL button
This will enter you into the Bios\Cmos area.
Find the Advanced area and click Enter
Look for Boot Sequence or Boot Options and highlight that click Enter
Now highlight the first drive and follow the directions on the bottom of the screen on how to modify it and change it to CDrom.
Change the second drive to the C or Main Drive
Once that is done then click F10 to Save and Exit
You will prompted to enter Y to verify Save and Exit. Click Y and the system will now reboot with the new settings.
The running program will look something like this depending on the size and number of ram modules installed:
It's recommended to run 5-6 passes. Each pass contains very same 8 tests.
This will show the progress of the test. It can take a while. Be patient, or leave it running overnight.
The following image is the test results area:
The most important item here is the “errors” line. If you see ANY errors, even one, most likely, you have bad RAM.
Thanks to rshaffer61 for the canned.
#44
Posted 13 January 2011 - 09:51 AM
Kinyo
- Topic Starter
-
- Member
-
- 106 posts
Member
I have 4 RAM sticks, they all say 2 GB each. So I should have 8 GB of RAM, but above says I have 3 GB in the log.
Either way, I will put 1 in at a time and start my PC and see what it says.
Either way, I will put 1 in at a time and start my PC and see what it says.
#45
Posted 13 January 2011 - 10:07 AM
Kinyo
- Topic Starter
-
- Member
-
- 106 posts
Member
On my RAM Sticks this is what it says: "GDDR2 800 2GB 128MX8 1.8V EP"
I took some computer classes and I am confidant to say that it looks like 8GB total.
Also, I started with 1 RAM stick at a time, they all came to the screen:
Safe Mode
Safe Mode with Networking
Safe Mode with Command Prompt
Start Windows Normally.
I selected normally and it rebooted. So I am happy to say that I think it is not the RAM sticks
I have to go to work, I will be done in about 9 hours from this post. After that I got lots of time to work on this.
Also, thanks for all your help, I know you get this a lot, but I really do appreciate it
I took some computer classes and I am confidant to say that it looks like 8GB total.
Also, I started with 1 RAM stick at a time, they all came to the screen:
Safe Mode
Safe Mode with Networking
Safe Mode with Command Prompt
Start Windows Normally.
I selected normally and it rebooted. So I am happy to say that I think it is not the RAM sticks
I have to go to work, I will be done in about 9 hours from this post. After that I got lots of time to work on this.
Also, thanks for all your help, I know you get this a lot, but I really do appreciate it
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users
As Featured On:
Sign In
Create Account
