Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Pc reboots after i try to login


  • This topic is locked This topic is locked

#31
Kinyo

Kinyo

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 106 posts
Happened again. Same line and happened when it scanned startup folder.

Tried a few times too, but keeps happening.
  • 0

Advertisements


#32
Salagubang

Salagubang

    Trusted Helper

  • Malware Removal
  • 3,890 posts
  • Start OTLPE
  • In the box that says "Standard Registry" click "None"
  • In the Custom scans and fixes box paste this in:

    netsvcs
    drivers32
    /md5start
    winlogon.exe
    explorer.exe
    svchost.exe
    userinit.exe
    /md5stop
    %SYSTEMDRIVE%\*.*
    %systemroot%\*. /mp /s
    c:\windows\minidump\*.*
    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    c:\system volume information|_REGISTRY_MACHINE_SYSTEM;true;true;true /FP
    c:\system volume information|_REGISTRY_MACHINE_SOFTWARE;true;true;true /FP

  • Then click the Run Scan button at the top
  • Let the program run unhindered, reboot when it is done to normal mode if possible
  • Then post a new OTL log ( don't check the boxes beside LOP Check or Purity this time )

Edited by Salagubang, 13 January 2011 - 01:08 AM.

  • 0

#33
Kinyo

Kinyo

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 106 posts
I changed it to what you have up there, then clicked Run Fix. It was finished almost instantly. So then I clicked ok, and turned the PC off, then turned it back on without the USB sticks and tried to run Windows Normally. I put in my password for Windows and as it was loading the blue screen came up and at the bottom it was loading crash dump's and then it rebooted it self.
  • 0

#34
Salagubang

Salagubang

    Trusted Helper

  • Malware Removal
  • 3,890 posts
I am sorry for the slip up. You were to click Run Scan. Can you try it again please.

Edited by Salagubang, 13 January 2011 - 01:28 AM.

  • 0

#35
Kinyo

Kinyo

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 106 posts
I would love to. But each time I turn my PC on and click F12 (Boot Sequence) and select USB Device. The screen goes straight to the screen where it asks me

Safe Mode
Safe Mode with Networking
Safe Mode with command prompt

Start windows normally

And they dont work. Do I create another USB Stick or what do I do?
  • 0

#36
Kinyo

Kinyo

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 106 posts
Never mind I got back in. I put the USB stick in a different USB slot and took out all the other USB devices such as mouse and keyboard.

Reatogo is loading.
  • 0

#37
Salagubang

Salagubang

    Trusted Helper

  • Malware Removal
  • 3,890 posts
If there are two USB inserted, try removing the other one.
  • 0

#38
Kinyo

Kinyo

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 106 posts
I ran it again, and then this came up: "The application or DLL I:\Windows\system32\shell32.dll is not a valid Windows Image. Please check this against your installation diskette."

Then a notepad file came up and has all this stuff in it. I hit Save (just in case) and do I restart now and try normal mode or do I try to scan one more time?
  • 0

#39
Salagubang

Salagubang

    Trusted Helper

  • Malware Removal
  • 3,890 posts
Please post the notepad log so I can analyze what is keeping you from logging in. Do not reboot the machine.

Next, I need you to open OTLPE again.
Click on the "NONE" button.
On the box that says "Standard Registry" choose "Safelist"
Then click "Run Scan".
Post the contents of the resulting text.

Edited by Salagubang, 13 January 2011 - 02:15 AM.

  • 0

#40
Kinyo

Kinyo

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 106 posts
I saved the file to my 2nd USB drive (because it doesnt offer me internet for some odd reason), now its in my laptop. And then the screen on the infected machine went blue saying "A problem has been detected and Windows has been shut down to prevent damage to your computer"

So I will reboot and try to bring up XP again.

here is the log:


OTL logfile created on: 1/13/2011 1:58:26 AM - Run
OTLPE by OldTimer - Version 3.1.44.0 Folder = X:\Programs\OTLPE
64bit-Windows 7 Home Premium (Version = 6.1.7600) - Type = System
Internet Explorer (Version = 9.0.7930.16406)
Locale: 00000409 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 90.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = I: | %SystemRoot% = I:\Windows | %ProgramFiles% = I:\Program Files (x86)
Drive C: | 100.00 Mb Total Space | 75.87 Mb Free Space | 75.87% Space Free | Partition Type: NTFS
Drive I: | 916.41 Gb Total Space | 346.52 Gb Free Space | 37.81% Space Free | Partition Type: NTFS
Drive X: | 3.68 Gb Total Space | 3.19 Gb Free Space | 86.72% Space Free | Partition Type: NTFS

Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/09/22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled] -- I:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/03/26 00:48:42 | 000,017,424 | ---- | M] (Microsoft Corporation) [Auto] -- I:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2009/11/04 10:45:14 | 000,202,752 | ---- | M] (AMD) [Auto] -- I:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/07/24 16:04:54 | 000,199,008 | ---- | M] (Microsoft Corporation) [Auto] -- I:\Program Files\Microsoft LifeCam\MSCamS64.exe -- (MSCamSvc)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand] -- I:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/03 20:47:12 | 000,240,160 | ---- | M] (Acer) [Auto] -- I:\Program Files\Gateway\Gateway Updater\UpdaterService.exe -- (Updater Service)
SRV - [2010/10/16 01:40:40 | 000,037,664 | ---- | M] (Apple Inc.) [Auto] -- I:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/07/28 16:36:52 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand] -- I:\Program Files (x86)\Gateway Games\Gateway Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto] -- I:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/12/15 15:07:16 | 000,025,832 | ---- | M] (BioWare) [On_Demand] -- I:\Program Files (x86)\Dragon Age\bin_ship\daupdatersvc.service.exe -- (DAUpdaterSvc)
SRV - [2009/08/12 17:04:44 | 000,062,208 | ---- | M] (NewTech Infosystems, Inc.) [Auto] -- I:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2009/07/28 14:25:34 | 000,935,208 | ---- | M] (Nero AG) [On_Demand] -- I:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled] -- I:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/06/04 08:04:50 | 001,150,496 | ---- | M] (Acer Incorporated) [Auto] -- I:\Program Files (x86)\Gateway\Registration\GregHSRW.exe -- (Greg_Service)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto] -- I:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2007/05/31 18:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto] -- I:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 18:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto] -- I:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2010/09/29 08:02:09 | 000,314,016 | ---- | M] () [Kernel | Auto] -- I:\Windows\System32\drivers\atksgt.sys -- (atksgt)
DRV:64bit: - [2010/09/29 08:02:07 | 000,043,680 | ---- | M] () [Kernel | Auto] -- I:\Windows\System32\drivers\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2010/09/23 01:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- I:\Windows\System32\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010/04/19 21:47:42 | 000,050,688 | ---- | M] (Apple, Inc.) [Kernel | On_Demand] -- I:\Windows\System32\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2009/12/08 09:48:12 | 000,868,848 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot] -- I:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2009/11/04 11:17:30 | 006,088,192 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- I:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/07/24 16:04:54 | 000,036,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- I:\Windows\System32\drivers\nx6000.sys -- (MSHUSBVideo)
DRV:64bit: - [2009/07/13 20:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand] -- I:\Windows\system32\DRIVERS\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/13 20:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot] -- I:\Windows\System32\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand] -- I:\Windows\system32\DRIVERS\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand] -- I:\Windows\system32\DRIVERS\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand] -- I:\Windows\system32\DRIVERS\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand] -- I:\Windows\system32\DRIVERS\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 19:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- I:\Windows\System32\drivers\rootmdm.sys -- (ROOTMODEM)
DRV:64bit: - [2009/07/13 19:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- I:\Windows\System32\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2009/06/12 05:19:58 | 000,287,960 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- I:\Windows\System32\drivers\e1y62x64.sys -- (e1yexpress) Intel®
DRV:64bit: - [2009/06/10 15:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand] -- I:\Windows\System32\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 15:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- I:\Windows\System32\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- I:\Windows\system32\DRIVERS\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- I:\Windows\system32\DRIVERS\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- I:\Windows\System32\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand] -- I:\Windows\system32\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/04 16:20:26 | 000,114,192 | ---- | M] (ATI Research Inc.) [Kernel | On_Demand] -- I:\Windows\System32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009/06/04 05:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot] -- I:\Windows\System32\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/05/05 18:46:08 | 000,018,432 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand] -- I:\Windows\System32\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:64bit: - [2009/05/05 18:46:08 | 000,016,896 | ---- | M] (NewTech Infosystems Corporation) [Kernel | On_Demand] -- I:\Windows\System32\drivers\UBHelper.sys -- (UBHelper)
DRV:64bit: - [2009/01/09 16:02:08 | 000,031,744 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand] -- I:\Windows\System32\drivers\RimSerial_AMD64.sys -- (RimVSerPort)
DRV:64bit: - [2008/05/20 20:33:36 | 000,028,416 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand] -- I:\Windows\System32\drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV - [2004/12/03 21:12:44 | 000,015,872 | ---- | M] (Interlex Inc.) [Kernel | Auto] -- I:\Program Files (x86)\VMLaunch\BuddyVM.sys -- ({09BB444F-B2E2-4009-BAF2-7B727681223E})


Drivers32:64bit: aux - I:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: aux1 - I:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midi - I:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midi1 - I:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midimapper - I:\Windows\System32\midimap.dll (Microsoft Corporation)
Drivers32:64bit: mixer - I:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: mixer1 - I:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: mixer2 - I:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: mixer3 - I:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: mixer4 - I:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: msacm.imaadpcm - I:\Windows\System32\imaadp32.acm (Microsoft Corporation)
Drivers32:64bit: msacm.l3acm - I:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32:64bit: msacm.msadpcm - I:\Windows\System32\msadp32.acm (Microsoft Corporation)
Drivers32:64bit: msacm.msg711 - I:\Windows\System32\msg711.acm (Microsoft Corporation)
Drivers32:64bit: msacm.msgsm610 - I:\Windows\System32\msgsm32.acm (Microsoft Corporation)
Drivers32:64bit: MSVideo8 - I:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32:64bit: VIDC.FPS1 - I:\Windows\System32\frapsv64.dll (Beepa P/L)
Drivers32:64bit: vidc.i420 - I:\Windows\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32:64bit: VIDC.IYUV - I:\Windows\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32:64bit: vidc.mrle - I:\Windows\System32\msrle32.dll (Microsoft Corporation)
Drivers32:64bit: vidc.msvc - I:\Windows\System32\msvidc32.dll (Microsoft Corporation)
Drivers32:64bit: VIDC.UYVY - I:\Windows\System32\msyuv.dll (Microsoft Corporation)
Drivers32:64bit: VIDC.YUY2 - I:\Windows\System32\msyuv.dll (Microsoft Corporation)
Drivers32:64bit: VIDC.YVU9 - I:\Windows\System32\tsbyuv.dll (Microsoft Corporation)
Drivers32:64bit: VIDC.YVYU - I:\Windows\System32\msyuv.dll (Microsoft Corporation)
Drivers32:64bit: wave - I:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: wave1 - I:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: wave2 - I:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: wave3 - I:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: wave4 - I:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: wavemapper - I:\Windows\System32\msacm32.drv (Microsoft Corporation)
Drivers32: msacm.l3acm - I:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - I:\Windows\SysWow64\vfwwdm32.dll (Microsoft Corporation)
Drivers32: VIDC.FPS1 - frapsv64.dll File not found

========== Files/Folders - Created Within 30 Days ==========

[2011/01/13 01:16:00 | 000,000,000 | ---D | C] -- I:\_OTL
[2010/12/17 21:06:57 | 000,000,000 | ---D | C] -- I:\Program Files (x86)\ConduitEngine
[2010/12/17 21:06:55 | 000,000,000 | ---D | C] -- I:\Program Files (x86)\uTorrentBar

========== Files - Modified Within 30 Days ==========

[2011/01/13 02:35:37 | 000,067,584 | --S- | M] () -- I:\Windows\bootstat.dat
[2011/01/13 02:35:33 | 390,856,005 | ---- | M] () -- I:\Windows\MEMORY.DMP
[2011/01/13 02:35:26 | 2146,807,807 | -HS- | M] () -- I:\hiberfil.sys
[2011/01/13 02:33:10 | 000,000,894 | ---- | M] () -- I:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/12/15 23:40:35 | 000,009,920 | -H-- | M] () -- I:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/12/15 23:40:35 | 000,009,920 | -H-- | M] () -- I:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/12/15 23:38:20 | 000,628,024 | ---- | M] () -- I:\Windows\System32\perfh009.dat
[2010/12/15 23:38:20 | 000,110,208 | ---- | M] () -- I:\Windows\System32\perfc009.dat

========== Files Created - No Company Name ==========

[2010/12/18 15:17:27 | 390,856,005 | ---- | C] () -- I:\Windows\MEMORY.DMP
[2010/10/14 02:36:44 | 000,179,263 | ---- | C] () -- I:\Windows\SysWow64\xlive.dll.cat
[2010/08/24 09:40:08 | 000,000,233 | ---- | C] () -- I:\Windows\ACTIVEJP.INI
[2010/06/13 10:03:18 | 000,021,840 | ---- | C] () -- I:\Windows\SysWow64\SIntfNT.dll
[2010/06/13 10:03:18 | 000,017,212 | ---- | C] () -- I:\Windows\SysWow64\SIntf32.dll
[2010/06/13 10:03:18 | 000,012,067 | ---- | C] () -- I:\Windows\SysWow64\SIntf16.dll
[2010/06/11 18:32:12 | 000,000,025 | ---- | C] () -- I:\Windows\cdplayer.ini
[2010/05/08 16:51:22 | 000,000,301 | ---- | C] () -- I:\Windows\wininit.ini
[2009/07/13 19:02:54 | 000,245,248 | ---- | C] () -- I:\Windows\SysWow64\DShowRdpFilter.dll
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- I:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 17:25:04 | 000,197,632 | ---- | C] () -- I:\Windows\SysWow64\ir32_32.dll
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- I:\Windows\SysWow64\msjetoledb40.dll
[2008/10/07 10:13:30 | 000,197,912 | ---- | C] () -- I:\Windows\SysWow64\physxcudart_20.dll
[2008/10/07 10:13:22 | 000,058,648 | ---- | C] () -- I:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- I:\Windows\SysWow64\AgCPanelSwedish.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- I:\Windows\SysWow64\AgCPanelSpanish.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- I:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- I:\Windows\SysWow64\AgCPanelPortugese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- I:\Windows\SysWow64\AgCPanelKorean.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- I:\Windows\SysWow64\AgCPanelJapanese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- I:\Windows\SysWow64\AgCPanelGerman.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- I:\Windows\SysWow64\AgCPanelFrench.dll

========== LOP Check ==========

[2010/12/18 15:17:50 | 000,032,596 | ---- | M] () -- I:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< netscvs >


< MD5 for: EXPLORER.EXE >
[2009/07/13 20:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- I:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2009/10/31 00:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- I:\Windows\SysWOW64\explorer.exe
[2009/10/31 00:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- I:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2009/08/03 01:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- I:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2009/10/31 01:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- I:\Windows\explorer.exe
[2009/10/31 01:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- I:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009/08/03 00:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- I:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2009/10/31 01:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- I:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009/08/03 00:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- I:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/13 20:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- I:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009/10/31 01:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- I:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2009/08/03 01:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- I:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe

< MD5 for: SVCHOST.EXE >
[2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- I:\Windows\SysWOW64\svchost.exe
[2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- I:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009/07/13 20:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- I:\Windows\SysWOW64\svchost.exe
[2009/07/13 20:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- I:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: USERINIT.EXE >
[2009/07/13 20:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- I:\Windows\SysWOW64\userinit.exe
[2009/07/13 20:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- I:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/13 20:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- I:\Windows\SysWOW64\userinit.exe
[2009/07/13 20:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- I:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009/07/13 20:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- I:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009/10/28 02:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- I:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009/10/28 01:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A --
[2009/10/28 01:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- I:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

< %SYSTEMDRIVE%\*.* >
[2009/08/27 16:04:31 | 000,008,192 | RHS- | M] () -- I:\BOOTSECT.BAK
[2010/05/29 19:44:04 | 000,000,216 | ---- | M] () -- I:\DebugTrace-RockallDLL.log
[2007/11/07 09:00:40 | 000,017,734 | ---- | M] () -- I:\eula.1028.txt
[2007/11/07 09:00:40 | 000,017,734 | ---- | M] () -- I:\eula.1031.txt
[2007/11/07 09:00:40 | 000,010,134 | ---- | M] () -- I:\eula.1033.txt
[2007/11/07 09:00:40 | 000,017,734 | ---- | M] () -- I:\eula.1036.txt
[2007/11/07 09:00:40 | 000,017,734 | ---- | M] () -- I:\eula.1040.txt
[2007/11/07 09:00:40 | 000,000,118 | ---- | M] () -- I:\eula.1041.txt
[2007/11/07 09:00:40 | 000,017,734 | ---- | M] () -- I:\eula.1042.txt
[2007/11/07 09:00:40 | 000,017,734 | ---- | M] () -- I:\eula.2052.txt
[2007/11/07 09:00:40 | 000,017,734 | ---- | M] () -- I:\eula.3082.txt
[2007/11/07 09:00:40 | 000,001,110 | ---- | M] () -- I:\globdata.ini
[2011/01/13 02:35:26 | 2146,807,807 | -HS- | M] () -- I:\hiberfil.sys
[2007/11/07 09:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- I:\install.exe
[2007/11/07 09:00:40 | 000,000,843 | ---- | M] () -- I:\install.ini
[2007/11/07 09:03:18 | 000,076,304 | ---- | M] (Microsoft Corporation) -- I:\install.res.1028.dll
[2007/11/07 09:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- I:\install.res.1031.dll
[2007/11/07 09:03:18 | 000,091,152 | ---- | M] (Microsoft Corporation) -- I:\install.res.1033.dll
[2007/11/07 09:03:18 | 000,097,296 | ---- | M] (Microsoft Corporation) -- I:\install.res.1036.dll
[2007/11/07 09:03:18 | 000,095,248 | ---- | M] (Microsoft Corporation) -- I:\install.res.1040.dll
[2007/11/07 09:03:18 | 000,081,424 | ---- | M] (Microsoft Corporation) -- I:\install.res.1041.dll
[2007/11/07 09:03:18 | 000,079,888 | ---- | M] (Microsoft Corporation) -- I:\install.res.1042.dll
[2007/11/07 09:03:18 | 000,075,792 | ---- | M] (Microsoft Corporation) -- I:\install.res.2052.dll
[2007/11/07 09:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- I:\install.res.3082.dll
[2006/12/02 01:37:14 | 000,904,704 | -H-- | M] (Microsoft Corporation) -- I:\msdia80.dll
[2011/01/13 02:35:33 | 4294,066,175 | -HS- | M] () -- I:\pagefile.sys
[2009/10/20 12:51:50 | 000,002,035 | ---- | M] () -- I:\RHDSetup.log
[2007/11/07 09:00:40 | 000,005,686 | ---- | M] () -- I:\vcredist.bmp
[2007/11/07 09:09:22 | 001,442,522 | ---- | M] () -- I:\VC_RED.cab
[2007/11/07 09:12:28 | 000,232,960 | ---- | M] () -- I:\VC_RED.MSI

< %systemroot%\*./mp /s >

< c:\windows\minidump\*.* >

< HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon >
"ReportBootOk" = 1
"Shell" = explorer.exe -- [2009/10/31 00:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation)
"PreCreateKnownFolders" = {A520A1A4-1780-4FF6-BD18-167343C5AF16}
"Userinit" = C:\Windows\system32\userinit.exe,
"VMApplet" = SystemPropertiesPerformance.exe /pagefile -- [2009/07/13 20:14:42 | 000,081,920 | ---- | M] (Microsoft Corporation)
"AutoRestartShell" = 1
"Background" = 0 0 0
"CachedLogonsCount" = 10
"DebugServerCommand" = no
"ForceUnlockLogon" = 0
"LegalNoticeCaption" =
"LegalNoticeText" =
"PasswordExpiryWarning" = 5
"PowerdownAfterShutdown" = 0
"ShutdownWithoutLogon" = 0
"WinStationsDisabled" = 0
"DisableCAD" = 1
"scremoveoption" = 0
"ShutdownFlags" = 43
"AutoAdminLogon" = 0
"DefaultUserName" = Roger

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts]

< CREATERESTOREPOINT >

< %systemroot%\System32\config\*.sav >

< c:\system volume information|_REGISTRY_MACHINE_SYSTEM;true;true;true /FP >

< c:\system volume information|_REGISTRY_MACHINE_SOFTWARE;true;true;true /FP >
< End of report >
  • 0

Advertisements


#41
Kinyo

Kinyo

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 106 posts
Am trying to get Reatogo/XP back up but each time I get this: "File SETUP.HIV could not be loaded. The error code is 4. Setup cannot continue. Press any key to exit."

the file extension ".HIV" sounds pretty nasty :D
  • 0

#42
Salagubang

Salagubang

    Trusted Helper

  • Malware Removal
  • 3,890 posts
Lets pause here and start again tomorrow. I need to review the logs and will get back to you.
  • 0

#43
Salagubang

Salagubang

    Trusted Helper

  • Malware Removal
  • 3,890 posts
Hi kinyo,

Lets do some diagnostics first on the machine's memory.
If you have more than one RAM module installed, try starting computer with one RAM stick at a time.

NOTE
Keep in mind, the manual check listed above is always superior to the software check, listed below. DO NOT proceed with memtest, if you can go with option A
B. If you have only one RAM stick installed...
...run memtest...

1. Download - Pre-Compiled Bootable ISO (.zip)
2. Unzip downloaded memtest86+-2.11.iso.zip file.
3. Inside, you'll find memtest86+-2.11.iso file.
4. Download, and install ImgBurn: http://www.imgburn.com/
5. Insert blank CD into your CD drive.
6. Open ImgBurn, and click on Write image file to disc
7. Click on Browse for a file... icon:

Posted Image

8. Locate memtest86+-2.11.iso file, and click Open button.
9. Click on ImgBurn green arrow to start burning bootable memtest86 CD:

Posted Image

10. Once the CD is created, boot from it, and memtest will automatically start to run. You may have to change the boot sequence in your BIOS to make it work right.

To change Boot Sequence in your BIOS
Reboot the system and at the first post screen (where it is counting up memory) start tapping the DEL button
This will enter you into the Bios\Cmos area.
Find the Advanced area and click Enter
Look for Boot Sequence or Boot Options and highlight that click Enter
Now highlight the first drive and follow the directions on the bottom of the screen on how to modify it and change it to CDrom.
Change the second drive to the C or Main Drive
Once that is done then click F10 to Save and Exit
You will prompted to enter Y to verify Save and Exit. Click Y and the system will now reboot with the new settings.

The running program will look something like this depending on the size and number of ram modules installed:


Posted Image

It's recommended to run 5-6 passes. Each pass contains very same 8 tests.

This will show the progress of the test. It can take a while. Be patient, or leave it running overnight.

Posted Image

The following image is the test results area:

Posted Image

The most important item here is the “errors” line. If you see ANY errors, even one, most likely, you have bad RAM.

Thanks to rshaffer61 for the canned.
  • 0

#44
Kinyo

Kinyo

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 106 posts
I have 4 RAM sticks, they all say 2 GB each. So I should have 8 GB of RAM, but above says I have 3 GB in the log.

Either way, I will put 1 in at a time and start my PC and see what it says.
  • 0

#45
Kinyo

Kinyo

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 106 posts
On my RAM Sticks this is what it says: "GDDR2 800 2GB 128MX8 1.8V EP"

I took some computer classes and I am confidant to say that it looks like 8GB total.

Also, I started with 1 RAM stick at a time, they all came to the screen:

Safe Mode
Safe Mode with Networking
Safe Mode with Command Prompt

Start Windows Normally.

I selected normally and it rebooted. So I am happy to say that I think it is not the RAM sticks :D

I have to go to work, I will be done in about 9 hours from this post. After that I got lots of time to work on this.

Also, thanks for all your help, I know you get this a lot, but I really do appreciate it ;)
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP