Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

BSOD, 0x10004130 error, windows cannot find 'C:\WINDOWS\


  • Please log in to reply

#16
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,029 posts
  • MVP
See if you can boot into Safe Mode and select the Command Prompt menu.

Then type:
cd  \WINDOWS\system32
(Prompt should change to show you are in C:\WINDOWS\system32 > )
attrib  -r  -h  -s  vnfuiwwn.dll 
del  vnfuiwwn.dll 
sc  config  awnrqpgi  start=  disabled
cd  "\Documents and Settings\user\Start Menu\Programs\Startup"
(Prompt should change to show you are in C:\Documents and Settings\user\Start Menu\Programs\Startup > )
attrib  -r  -h  -s   *.exe
del  *.exe

(If it asks youif you are sure say: y )

cd  \WINDOWS\tasks\
(Prompt should change to show you are in C:\Documents and Settings\user\Start Menu\Programs\Startup > )
attrib  -r  -h  -s  *.job
del  *.job

cd  \

dir  /a  /s  rundll32.exe

(this one will take a while.  IF it finds one note the location so you can copy it later.)

copy  \windows\regedit.exe  \windows\regedit.com

regedit.com

(Does the registry editor come up?)

exit


  • 0

Advertisements


#17
jennyllm

jennyllm

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
when i open command prompt in safe mode, windows command processor error popup stated that it has encountered a problem and needs to close. So i'm unable to type it.
  • 0

#18
jennyllm

jennyllm

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
Sorry Ron, something just remind me. When the time I just format my laptop, my eset smart sekurity detected a lot of virus in my system32, so i download malware to delete the viruses which attack my system32 & after the actions my laptop started to popup those system32 error. I think malware had delete the virus + my system 32. And after the Run Fix of OTL which you advise me for the 1st time, a few error message popup & interrupt the Run Fix. After this scan, my laptop appear more problems like can't open device manager, can;t detect my broadband plug in, can't open command prompt, control panel's add/ remove program.

But i just checked that i'm able to open add/ remove program.
  • 0

#19
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,029 posts
  • MVP
I think you have an infected USB drive or external hard drive and after you reformatted it reinfected your PC. This is a rather nasty system file infector and there is not much we can do about it other than reformat.

Also when reformatting you need to make sure that you delete the existing partitions and create a new one so that you are sure that the MBR gets redone. Another surer alternative is to use a disk eraser program like:
http://www.dban.org/about

You download the iso file and burn it to a CD using a program like free iso burner:
http://www.freeisoburner.com/
then boot from the CD and it will wipe any drive it detects (including your USB drive if it is plugged in). It also removes the partition tables so there is no place for the virus to hide.

Ron
  • 0

#20
jennyllm

jennyllm

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
Did you mean that download the dban and iso burner, then burn both file into a cd, then run it before reformat or after format? it will removes everything in the laptop and usb? so i need to backup my files before using it?
  • 0

#21
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,029 posts
  • MVP
You do it before preparation for a reformat and hopefully you can download and make the CD on a clean PC. Your files are probably infected by the malware. If you have to save them then I would also burn a copy of the AVG Rescue CD: Step 1 here: http://www.geekstogo...ystem-tutorial/ and use it to scan the system and make copies of your files. If you use a USB drive you should make a folder called autorun.inf and another folder called desktop.ini at the root (\) before you use it. Hopefully this will keep it from reinfecting your clean system.
  • 0

#22
jennyllm

jennyllm

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
Hi Ron, I'd reformat my laptop with another windows xp cd. It runs so smooth & all done compare to the previous format with the windows diamond dvd which use to have a lot of popup error message while formatting (suck as cannot access the specified device, path, or file for system32\regsvr32.exe, system32\cmd.exe, system32\nhelper.exe, system32\rundll32.exe & system32\grpconv.exe). Up to now, i haven't receive any error message with my new format. I think should be the windows diamond dvd infected right? But there is some unsmooth area like IE run slow and when i tried to restart my laptop, it only run till black screen and stop there. I have to press the on/off button to off my laptop then press the on/off button to restart my laptop. Can you advise why is this happened? following is my new log for my laptop after recent format. Please help me to check if my laptop is clean now. Thanks a lot.



OTL logfile created on: 8/3/2011 12:08:55 AM - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.25 Gb Total Physical Memory | 1.88 Gb Available Physical Memory | 83.63% Memory free
4.10 Gb Paging File | 3.87 Gb Available in Paging File | 94.51% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 70.89 Gb Free Space | 95.13% Space Free | Partition Type: NTFS
Drive D: | 74.52 Gb Total Space | 15.97 Gb Free Space | 21.43% Space Free | Partition Type: NTFS
Drive G: | 17.69 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive H: | 15.01 Gb Total Space | 14.95 Gb Free Space | 99.59% Space Free | Partition Type: FAT32

Computer Name: JENNY-255EFAF63 | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/08/02 23:28:53 | 000,212,992 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Documents and Settings\Administrator\Local Settings\Temp\RtkBtMnt.exe
PRC - [2011/07/07 12:47:12 | 000,606,720 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
PRC - [2010/07/24 12:10:06 | 010,099,032 | ---- | M] () -- C:\Program Files\Celcom Broadband\UIMain.exe
PRC - [2010/07/23 11:24:24 | 000,138,552 | ---- | M] () -- C:\Program Files\Celcom Broadband\UIExec.exe
PRC - [2010/07/23 11:24:20 | 000,255,800 | ---- | M] () -- C:\Program Files\Celcom Broadband\AssistantServices.exe
PRC - [2009/09/11 07:24:32 | 000,735,960 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe
PRC - [2009/09/11 07:23:46 | 002,054,360 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\egui.exe
PRC - [2008/08/16 16:18:56 | 000,798,720 | ---- | M] (zbshareware, Inc) -- C:\Program Files\USB Disk Security\USBGuard.exe
PRC - [2004/08/04 00:56:50 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2011/07/07 12:47:12 | 000,606,720 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
MOD - [2004/08/04 00:57:02 | 001,050,624 | R--- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2010/07/23 11:24:20 | 000,255,800 | ---- | M] () [Auto | Running] -- C:\Program Files\Celcom Broadband\AssistantServices.exe -- (UI Assistant Service)
SRV - [2009/09/11 07:33:18 | 000,020,680 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe -- (EhttpSrv)
SRV - [2009/09/11 07:24:32 | 000,735,960 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe -- (ekrn)


========== Driver Services (SafeList) ==========

DRV - [2010/06/03 11:14:16 | 000,009,216 | ---- | M] (MBB Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\massfilter.sys -- (massfilter)
DRV - [2010/05/19 14:12:44 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - [2010/05/19 14:12:44 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - [2010/05/19 14:12:44 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - [2009/09/11 07:26:24 | 000,055,768 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\epfwtdi.sys -- (epfwtdi)
DRV - [2009/09/11 07:26:20 | 000,135,048 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\epfw.sys -- (epfw)
DRV - [2009/09/11 07:23:50 | 000,108,792 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2009/09/11 07:17:16 | 000,116,008 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon)
DRV - [2009/06/19 09:10:40 | 000,033,096 | ---- | M] (ESET) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\epfwndis.sys -- (Epfwndis)
DRV - [2008/05/19 10:59:00 | 000,761,856 | R--- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\athr.sys -- (athr)
DRV - [2008/05/19 10:58:00 | 000,014,848 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2008/05/14 17:03:12 | 004,742,144 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/04/07 08:07:00 | 000,175,104 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2008/03/26 06:22:50 | 000,985,472 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2008/03/26 06:22:10 | 000,210,560 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2008/03/26 06:22:06 | 000,731,264 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2007/07/26 13:19:24 | 000,547,904 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ar5211.sys -- (AR5211)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2011/08/02 23:57:29 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2001/08/23 20:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [AzMixerSel] C:\Program Files\Realtek\Audio\InstallShield\AzMixerSel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [UIExec] C:\Program Files\Celcom Broadband\UIExec.exe ()
O4 - HKLM..\Run: [USB Antivirus] C:\Program Files\USB Disk Security\USBGuard.exe (zbshareware, Inc)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/08/02 22:11:56 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010/07/25 11:41:58 | 000,000,643 | R--- | M] () - G:\AutoRun.dat -- [ CDFS ]
O32 - AutoRun File - [2010/05/19 22:23:56 | 000,015,086 | R--- | M] () - G:\AutoRun.ico -- [ CDFS ]
O32 - AutoRun File - [2009/06/03 10:26:31 | 000,000,047 | R--- | M] () - G:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{6ba2c18b-bd15-11e0-93a9-001e68b76fc1}\Shell - "" = AutoRun
O33 - MountPoints2\{6ba2c18b-bd15-11e0-93a9-001e68b76fc1}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{6ba2c18b-bd15-11e0-93a9-001e68b76fc1}\Shell\AutoRun\command - "" = G:\Install.exe -- [2010/07/24 11:24:46 | 000,302,392 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/08/03 06:01:20 | 000,000,000 | -HSD | C] -- C:\WINDOWS\Installer
[2011/08/03 06:01:19 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ODBC
[2011/08/03 06:01:16 | 000,000,000 | R--D | C] -- C:\Program Files
[2011/08/03 06:01:16 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SpeechEngines
[2011/08/03 06:01:16 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Microsoft Shared
[2011/08/03 06:01:16 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files
[2011/08/03 06:00:49 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup
[2011/08/03 06:00:49 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu
[2011/08/03 06:00:49 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents
[2011/08/03 06:00:49 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Templates
[2011/08/03 06:00:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Favorites
[2011/08/03 06:00:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Desktop
[2011/08/03 06:00:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot2
[2011/08/03 06:00:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot
[2011/08/03 06:00:33 | 000,000,000 | --SD | C] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2011/08/03 06:00:33 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\All Users\Application Data
[2011/08/03 06:00:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings
[2011/08/03 05:59:23 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2011/08/03 05:54:51 | 000,000,000 | R-SD | C] -- C:\WINDOWS\Fonts
[2011/08/03 05:54:51 | 000,000,000 | RHSD | C] -- C:\WINDOWS\System32\dllcache
[2011/08/03 05:54:51 | 000,000,000 | R--D | C] -- C:\WINDOWS\Web
[2011/08/03 05:54:51 | 000,000,000 | -H-D | C] -- C:\WINDOWS\inf
[2011/08/03 05:54:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\WinSxS
[2011/08/03 05:54:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\wins
[2011/08/03 05:54:51 | 000,000,000 | ---D | C] -- C:\WINDOWS
[2011/08/03 05:54:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\wbem
[2011/08/03 05:54:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\usmt
[2011/08/03 05:54:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\twain_32
[2011/08/03 05:54:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\Temp
[2011/08/03 05:54:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\system32
[2011/08/03 05:54:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\system
[2011/08/03 05:54:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\spool
[2011/08/03 05:54:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ShellExt
[2011/08/03 05:54:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Setup
[2011/08/03 05:54:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\security
[2011/08/03 05:54:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\Resources
[2011/08/03 05:54:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\repair
[2011/08/03 05:54:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ras
[2011/08/03 05:54:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\Provisioning
[2011/08/03 05:54:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\PeerNet
[2011/08/03 05:54:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\pchealth
[2011/08/03 05:54:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\oobe
[2011/08/03 05:54:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\npp
[2011/08/03 05:54:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\mui
[2011/08/03 05:54:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\mui
[2011/08/03 05:54:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\msapps
[2011/08/03 05:54:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\msagent
[2011/08/03 05:54:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\Media
[2011/08/03 05:54:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\java
[2011/08/03 05:54:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\inetsrv
[2011/08/03 05:54:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\IME
[2011/08/03 05:54:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\ime
[2011/08/03 05:54:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\icsxml
[2011/08/03 05:54:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ias
[2011/08/03 05:54:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\Help
[2011/08/03 05:54:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\export
[2011/08/03 05:54:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\etc
[2011/08/03 05:54:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\ehome
[2011/08/03 05:54:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers
[2011/08/03 05:54:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\Driver Cache
[2011/08/03 05:54:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\disdn
[2011/08/03 05:54:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\dhcp
[2011/08/03 05:54:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\Debug
[2011/08/03 05:54:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\Cursors
[2011/08/03 05:54:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\Connection Wizard
[2011/08/03 05:54:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\config
[2011/08/03 05:54:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\Config
[2011/08/03 05:54:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\AppPatch
[2011/08/03 05:54:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\addins
[2011/08/03 05:54:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\3com_dmi
[2011/08/03 05:54:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\3076
[2011/08/03 05:54:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\2052
[2011/08/03 05:54:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1054
[2011/08/03 05:54:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1042
[2011/08/03 05:54:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1041
[2011/08/03 05:54:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1037
[2011/08/03 05:54:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1033
[2011/08/03 05:54:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1031
[2011/08/03 05:54:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1028
[2011/08/03 05:54:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1025
[2011/08/03 00:08:47 | 000,606,720 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2011/08/02 23:59:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\ESET
[2011/08/02 23:57:28 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/08/02 23:57:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ESET
[2011/08/02 23:57:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ESET
[2011/08/02 23:53:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\USB Disk Security
[2011/08/02 23:53:55 | 000,000,000 | ---D | C] -- C:\Program Files\USB Disk Security
[2011/08/02 23:51:35 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Administrator\UserData
[2011/08/02 23:43:13 | 000,547,904 | ---- | C] (Atheros Communications, Inc.) -- C:\WINDOWS\System32\drivers\ar5211.sys
[2011/08/02 23:43:13 | 000,547,904 | ---- | C] (Atheros Communications, Inc.) -- C:\WINDOWS\System32\ar5211.sys
[2011/08/02 23:43:13 | 000,000,000 | ---D | C] -- C:\Program Files\Atheros
[2011/08/02 23:43:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\Options
[2011/08/02 23:42:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Atheros
[2011/08/02 23:42:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\InstallShield
[2011/08/02 23:34:28 | 000,000,000 | ---D | C] -- C:\Program Files\CONEXANT
[2011/08/02 23:28:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Lang
[2011/08/02 23:26:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\RTCOM
[2011/08/02 23:25:16 | 002,808,832 | R--- | C] (RealTek Semicoductor Corp.) -- C:\WINDOWS\alcwzrd.exe
[2011/08/02 23:25:16 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek
[2011/08/02 23:25:07 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield
[2011/08/02 22:50:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Macromedia
[2011/08/02 22:40:53 | 000,105,088 | ---- | C] (ZTE Incorporated) -- C:\WINDOWS\System32\drivers\ZTEusbser6k.sys
[2011/08/02 22:40:53 | 000,105,088 | ---- | C] (ZTE Incorporated) -- C:\WINDOWS\System32\drivers\ZTEusbnmea.sys
[2011/08/02 22:40:53 | 000,105,088 | ---- | C] (ZTE Incorporated) -- C:\WINDOWS\System32\drivers\ZTEusbmdm6k.sys
[2011/08/02 22:40:53 | 000,009,216 | ---- | C] (MBB Incorporated) -- C:\WINDOWS\System32\drivers\massfilter.sys
[2011/08/02 22:40:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\SupportAppXL
[2011/08/02 22:40:48 | 000,000,000 | -H-D | C] -- C:\Program Files\InstallShield Installation Information
[2011/08/02 22:40:48 | 000,000,000 | ---D | C] -- C:\Program Files\Celcom Broadband
[2011/08/02 22:40:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Celcom Broadband
[2011/08/02 22:32:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\nview
[2011/08/02 22:28:15 | 000,761,856 | R--- | C] (Atheros Communications, Inc.) -- C:\WINDOWS\System32\drivers\athr.sys
[2011/08/02 22:15:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Identities
[2011/08/02 22:15:46 | 000,000,000 | -H-D | C] -- C:\Program Files\Uninstall Information
[2011/08/02 22:15:45 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\My Documents\My Pictures
[2011/08/02 22:15:45 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\My Documents\My Music
[2011/08/02 22:15:42 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Administrator\Application Data\Microsoft
[2011/08/02 22:15:42 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Administrator\Cookies
[2011/08/02 22:15:42 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Application Data
[2011/08/02 22:15:42 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Favorites
[2011/08/02 22:15:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft
[2011/08/02 22:15:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop
[2011/08/02 22:15:41 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\SendTo
[2011/08/02 22:15:41 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Recent
[2011/08/02 22:15:41 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup
[2011/08/02 22:15:41 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu
[2011/08/02 22:15:41 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\My Documents
[2011/08/02 22:15:41 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories
[2011/08/02 22:15:41 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Templates
[2011/08/02 22:15:41 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\PrintHood
[2011/08/02 22:15:41 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\NetHood
[2011/08/02 22:15:41 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Local Settings
[2011/08/02 22:15:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\SoftwareDistribution
[2011/08/02 22:15:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2011/08/02 22:15:30 | 000,000,000 | --SD | C] -- C:\WINDOWS\System32\Microsoft
[2011/08/02 22:15:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2011/08/02 22:15:29 | 000,000,000 | --SD | C] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2011/08/02 22:15:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2011/08/02 22:15:08 | 000,000,000 | --SD | C] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2011/08/02 22:13:46 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia330.dll
[2011/08/02 22:13:46 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia001.dll
[2011/08/02 22:13:45 | 000,026,624 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw330ext.dll
[2011/08/02 22:12:47 | 000,054,528 | ---- | C] (Philips Semiconductors GmbH) -- C:\WINDOWS\System32\dllcache\cap7146.sys
[2011/08/02 22:12:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\xircom
[2011/08/02 22:12:15 | 000,000,000 | ---D | C] -- C:\Program Files\xerox
[2011/08/02 22:12:15 | 000,000,000 | ---D | C] -- C:\Program Files\microsoft frontpage
[2011/08/02 22:11:00 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\DRM
[2011/08/02 22:10:50 | 000,000,000 | --SD | C] -- C:\WINDOWS\Downloaded Program Files
[2011/08/02 22:10:50 | 000,000,000 | R--D | C] -- C:\WINDOWS\Offline Web Pages
[2011/08/02 22:10:40 | 000,000,000 | -H-D | C] -- C:\Program Files\WindowsUpdate
[2011/08/02 22:10:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DirectX
[2011/08/02 22:09:50 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Services
[2011/08/02 22:09:47 | 000,000,000 | --SD | C] -- C:\WINDOWS\Tasks
[2011/08/02 22:09:46 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\MSSoap
[2011/08/02 22:09:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\srchasst
[2011/08/02 22:09:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Macromed
[2011/08/02 22:09:35 | 000,000,000 | ---D | C] -- C:\Program Files\Movie Maker
[2011/08/02 22:09:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Restore
[2011/08/02 22:09:23 | 000,000,000 | ---D | C] -- C:\Program Files\NetMeeting
[2011/08/02 22:09:20 | 000,000,000 | ---D | C] -- C:\Program Files\Outlook Express
[2011/08/02 22:09:13 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\System
[2011/08/02 22:09:07 | 000,000,000 | ---D | C] -- C:\Program Files\Internet Explorer
[2011/08/02 22:09:06 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Pictures
[2011/08/02 22:08:46 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Games
[2011/08/02 22:08:32 | 000,000,000 | ---D | C] -- C:\Program Files\ComPlus Applications
[2011/08/02 22:08:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\Registration
[2011/08/02 22:08:24 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools
[2011/08/02 22:08:17 | 000,000,000 | ---D | C] -- C:\Program Files\Online Services
[2011/08/02 22:08:16 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Music
[2011/08/02 22:08:16 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Media Player
[2011/08/02 22:08:10 | 000,000,000 | ---D | C] -- C:\Program Files\Messenger
[2011/08/02 22:08:06 | 000,000,000 | ---D | C] -- C:\Program Files\MSN Gaming Zone
[2011/08/02 22:07:33 | 000,000,000 | ---D | C] -- C:\Program Files\MSN
[2011/08/02 22:07:32 | 000,281,088 | ---- | C] (Cinematronics) -- C:\WINDOWS\System32\dllcache\pinball.exe
[2011/08/02 22:07:31 | 000,000,000 | ---D | C] -- C:\Program Files\Windows NT
[2011/08/02 22:07:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\MsDtc
[2011/08/02 22:07:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Com
[2011/08/02 22:07:13 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Videos
[2011/08/02 22:06:50 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Accessories
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/08/03 00:10:28 | 000,311,842 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/08/03 00:10:28 | 000,040,190 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/08/03 00:06:10 | 000,187,256 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2011/08/03 00:06:01 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/08/02 23:53:56 | 000,000,675 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\USB Disk Security.lnk
[2011/08/02 23:29:34 | 000,940,794 | ---- | M] () -- C:\WINDOWS\System32\LoopyMusic.wav
[2011/08/02 23:29:34 | 000,146,650 | ---- | M] () -- C:\WINDOWS\System32\BuzzingBee.wav
[2011/08/02 22:40:52 | 000,001,626 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Celcom Broadband.lnk
[2011/08/02 22:20:28 | 000,000,104 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Internet.lnk
[2011/08/02 22:15:58 | 000,000,779 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/08/02 22:15:58 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2011/08/02 22:15:40 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/08/02 22:15:13 | 000,008,192 | ---- | M] () -- C:\WINDOWS\REGLOCS.OLD
[2011/08/02 22:14:59 | 000,090,296 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/08/02 22:14:22 | 000,004,326 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/08/02 22:14:17 | 000,000,261 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2011/08/02 22:11:56 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/08/02 22:11:56 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2011/08/02 22:11:56 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2011/08/02 22:11:56 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2011/08/02 22:11:56 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2011/08/02 22:11:53 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2011/08/02 22:11:51 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2011/08/02 22:11:51 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2011/08/02 22:11:40 | 000,004,161 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI
[2011/08/02 22:08:44 | 000,021,640 | ---- | M] () -- C:\WINDOWS\System32\emptyregdb.dat
[2011/08/02 22:06:23 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2011/07/07 12:47:12 | 000,606,720 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/08/03 06:01:23 | 000,004,326 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2011/08/03 06:01:19 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011/08/03 06:01:17 | 001,685,606 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sam.spd
[2011/08/03 06:01:17 | 000,605,050 | ---- | C] () -- C:\WINDOWS\System32\dllcache\r1033tts.lxa
[2011/08/03 06:01:17 | 000,000,888 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sam.sdf
[2011/08/03 06:01:16 | 000,643,717 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ltts1033.lxa
[2011/08/03 06:01:00 | 000,001,688 | ---- | C] () -- C:\WINDOWS\System32\AUTOEXEC.NT
[2011/08/03 06:00:49 | 000,141,702 | ---- | C] () -- C:\WINDOWS\System32\dllcache\netfx.cat
[2011/08/03 06:00:49 | 000,110,116 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tabletpc.cat
[2011/08/03 06:00:49 | 000,037,484 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MW770.CAT
[2011/08/03 06:00:49 | 000,031,965 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mediactr.cat
[2011/08/03 06:00:49 | 000,031,281 | ---- | C] () -- C:\WINDOWS\System32\dllcache\FP4.CAT
[2011/08/03 06:00:49 | 000,024,209 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msn7.cat
[2011/08/03 06:00:49 | 000,013,753 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IMS.CAT
[2011/08/03 06:00:49 | 000,013,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\HPCRDP.CAT
[2011/08/03 06:00:49 | 000,011,651 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msn9.cat
[2011/08/03 06:00:49 | 000,009,581 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSMSGS.CAT
[2011/08/03 06:00:49 | 000,008,574 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IASNT4.CAT
[2011/08/03 06:00:49 | 000,007,382 | ---- | C] () -- C:\WINDOWS\System32\dllcache\OEMBIOS.CAT
[2011/08/03 06:00:49 | 000,007,334 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmerrenu.cat
[2011/08/03 06:00:49 | 000,007,245 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSTSWEB.CAT
[2011/08/03 06:00:48 | 002,012,670 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5.CAT
[2011/08/03 06:00:48 | 001,042,903 | ---- | C] () -- C:\WINDOWS\System32\dllcache\SP2.CAT
[2011/08/03 06:00:48 | 000,797,189 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5IIS.CAT
[2011/08/03 06:00:48 | 000,502,724 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5INF.CAT
[2011/08/03 06:00:48 | 000,399,645 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MAPIMIG.CAT
[2011/08/03 06:00:06 | 000,090,296 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/08/03 05:59:16 | 000,000,211 | -HS- | C] () -- C:\boot.ini
[2011/08/03 05:59:13 | 000,000,261 | ---- | C] () -- C:\WINDOWS\System32\$winnt$.inf
[2011/08/02 23:53:56 | 000,000,675 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\USB Disk Security.lnk
[2011/08/02 23:43:13 | 000,092,372 | ---- | C] () -- C:\WINDOWS\System32\net5211.inf
[2011/08/02 23:43:13 | 000,021,936 | ---- | C] () -- C:\WINDOWS\System32\net5211.cat
[2011/08/02 23:43:13 | 000,000,008 | RHS- | C] () -- C:\WINDOWS\System32\Desktop_.ini
[2011/08/02 23:34:28 | 000,146,036 | R--- | C] () -- C:\WINDOWS\System32\drivers\HSFProf.cty
[2011/08/02 23:29:34 | 000,940,794 | ---- | C] () -- C:\WINDOWS\System32\LoopyMusic.wav
[2011/08/02 23:29:34 | 000,146,650 | ---- | C] () -- C:\WINDOWS\System32\BuzzingBee.wav
[2011/08/02 23:27:34 | 000,000,553 | R--- | C] () -- C:\WINDOWS\USetup.iss
[2011/08/02 23:26:27 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2011/08/02 23:25:29 | 000,000,520 | R--- | C] () -- C:\WINDOWS\System32\drivers\RTEQEX1.dat
[2011/08/02 23:25:29 | 000,000,520 | R--- | C] () -- C:\WINDOWS\System32\drivers\RTEQEX0.dat
[2011/08/02 23:25:29 | 000,000,008 | R--- | C] () -- C:\WINDOWS\System32\drivers\rtkhdaud.dat
[2011/08/02 22:40:48 | 000,001,626 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Celcom Broadband.lnk
[2011/08/02 22:33:10 | 000,187,256 | ---- | C] () -- C:\WINDOWS\System32\nvapps.xml
[2011/08/02 22:32:48 | 000,018,070 | ---- | C] () -- C:\WINDOWS\System32\nvdisp.nvu
[2011/08/02 22:23:48 | 000,000,897 | ---- | C] () -- C:\WINDOWS\System32\nvsmu.nvu
[2011/08/02 22:20:28 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Internet.lnk
[2011/08/02 22:15:58 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2011/08/02 22:15:49 | 000,000,738 | ---- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Outlook Express.lnk
[2011/08/02 22:15:46 | 000,000,779 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/08/02 22:15:46 | 000,000,767 | ---- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Internet Explorer.lnk
[2011/08/02 22:15:42 | 000,001,599 | ---- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Remote Assistance.lnk
[2011/08/02 22:15:42 | 000,000,792 | ---- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Windows Media Player.lnk
[2011/08/02 22:15:13 | 000,008,192 | ---- | C] () -- C:\WINDOWS\REGLOCS.OLD
[2011/08/02 22:14:17 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011/08/02 22:13:40 | 000,175,104 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlcsa.dll
[2011/08/02 22:13:25 | 001,158,818 | ---- | C] () -- C:\WINDOWS\System32\dllcache\korwbrkr.lex
[2011/08/02 22:13:17 | 000,059,392 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imscinst.exe
[2011/08/02 22:13:16 | 000,196,665 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imjpinst.exe
[2011/08/02 22:13:15 | 000,134,339 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imekr.lex
[2011/08/02 22:13:07 | 013,463,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hwxjpn.dll
[2011/08/02 22:13:03 | 000,108,827 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hanja.lex
[2011/08/02 22:12:59 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\dllcache\fpencode.dll
[2011/08/02 22:12:49 | 000,173,568 | ---- | C] () -- C:\WINDOWS\System32\dllcache\chtskf.dll
[2011/08/02 22:11:56 | 000,002,577 | ---- | C] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/08/02 22:11:56 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2011/08/02 22:11:56 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2011/08/02 22:11:56 | 000,000,000 | ---- | C] () -- C:\CONFIG.SYS
[2011/08/02 22:11:56 | 000,000,000 | ---- | C] () -- C:\AUTOEXEC.BAT
[2011/08/02 22:11:51 | 000,023,392 | ---- | C] () -- C:\WINDOWS\System32\nscompat.tlb
[2011/08/02 22:11:51 | 000,016,832 | ---- | C] () -- C:\WINDOWS\System32\amcompat.tlb
[2011/08/02 22:11:50 | 000,316,640 | ---- | C] () -- C:\WINDOWS\WMSysPr9.prx
[2011/08/02 22:10:39 | 000,000,786 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Movie Maker.lnk
[2011/08/02 22:10:27 | 004,399,505 | ---- | C] () -- C:\WINDOWS\System32\dllcache\nls302en.lex
[2011/08/02 22:09:58 | 000,048,680 | -HS- | C] () -- C:\WINDOWS\winnt256.bmp
[2011/08/02 22:09:58 | 000,048,680 | -HS- | C] () -- C:\WINDOWS\winnt.bmp
[2011/08/02 22:09:52 | 000,000,984 | ---- | C] () -- C:\WINDOWS\System32\dllcache\srframe.mmf
[2011/08/02 22:09:40 | 000,004,639 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplayer2.exe
[2011/08/02 22:09:29 | 000,376,320 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msinfo.dll
[2011/08/02 22:08:46 | 000,000,609 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Messenger.lnk
[2011/08/02 22:08:44 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2011/08/02 22:08:17 | 000,001,986 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\MSN.lnk
[2011/08/02 22:07:53 | 000,065,832 | ---- | C] () -- C:\WINDOWS\Santa Fe Stucco.bmp
[2011/08/02 22:07:53 | 000,026,680 | ---- | C] () -- C:\WINDOWS\River Sumida.bmp
[2011/08/02 22:07:53 | 000,017,362 | ---- | C] () -- C:\WINDOWS\Rhododendron.bmp
[2011/08/02 22:07:53 | 000,009,522 | ---- | C] () -- C:\WINDOWS\Zapotec.bmp
[2011/08/02 22:07:52 | 000,065,978 | ---- | C] () -- C:\WINDOWS\Soap Bubbles.bmp
[2011/08/02 22:07:52 | 000,065,954 | ---- | C] () -- C:\WINDOWS\Prairie Wind.bmp
[2011/08/02 22:07:52 | 000,026,582 | ---- | C] () -- C:\WINDOWS\Greenstone.bmp
[2011/08/02 22:07:52 | 000,017,336 | ---- | C] () -- C:\WINDOWS\Gone Fishing.bmp
[2011/08/02 22:07:52 | 000,017,062 | ---- | C] () -- C:\WINDOWS\Coffee Bean.bmp
[2011/08/02 22:07:52 | 000,016,730 | ---- | C] () -- C:\WINDOWS\FeatherTexture.bmp
[2011/08/02 22:07:52 | 000,001,272 | ---- | C] () -- C:\WINDOWS\Blue Lace 16.bmp
[2011/08/02 22:07:49 | 000,003,286 | ---- | C] () -- C:\WINDOWS\System32\tslabels.h
[2011/08/02 22:07:49 | 000,001,161 | ---- | C] () -- C:\WINDOWS\System32\usrlogon.cmd
[2011/08/02 22:07:48 | 000,000,768 | ---- | C] () -- C:\WINDOWS\System32\msdtcprf.h
[2011/08/02 22:07:42 | 000,063,488 | ---- | C] () -- C:\WINDOWS\System32\wmimgmt.msc
[2008/05/29 19:41:00 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2008/05/29 19:41:00 | 001,630,208 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2008/05/29 19:41:00 | 001,486,848 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2008/05/29 19:41:00 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2008/05/29 19:41:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2008/05/29 19:41:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2008/05/29 19:41:00 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2008/05/29 19:41:00 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2004/08/04 01:07:22 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2004/08/04 00:56:44 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
[2004/08/02 14:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/07/17 11:36:38 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2001/08/23 20:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/23 20:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2001/08/23 20:00:00 | 000,311,842 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2001/08/23 20:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2001/08/23 20:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2001/08/23 20:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2001/08/23 20:00:00 | 000,040,190 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2001/08/23 20:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2001/08/23 20:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/08/23 20:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

========== LOP Check ==========

[2011/08/02 23:59:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\ESET
[2011/08/02 23:57:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET

========== Purity Check ==========



< End of report >
  • 0

#23
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,029 posts
  • MVP
You are running Windows XP Professional Edition Service Pack 2 which is out of date. You really need Service Pack 3. The first thing you should do after a reformat is to go to the windows update site and download all of the fixes that have come out since your CD was originally made. In IE, Tools, Windows Update. IF this is an AMD (and not Intel) make sure you get the required patch before installing SP3. http://www.microsoft...A3-EFD2F7E87A8C
I think Windows update offers it to you these days if you don't have an Intel CPU (should have a sticker on the outside that says what CPU you have) but it's a pain to recover from so thought I'd mention it.

I don't see anything wrong with your current install other than being woefully out of date. You might try UPHClean for your shutdown problem: To download and install UPHClean, visit the following Microsoft Web site:
http://www.microsoft...70-42470E2F3582
You will be prompted to validate your copy of Windows.
As soon as you have downloaded the UPHClean installer (UPHClean-Setup.msi), double-click the installer to begin the installation.
In the User Profile Hive Cleanup Service installation wizard, click Next.
In the License Agreement page, read the license agreement, select I Agree, and then click Next.
In the Select Installation Folder page, click Next.
In the Confirm Installation page, click Next.
When UPHClean is installed, click Close.

Check with your PC maker's website and see if there are any chipset utilities or newer drivers for your PC.

Also

Start, Run, eventvwr.msc, OK to bring up the Event Viewer. Right click on System and Clear All Events, No (we don't want to save the old log), OK. Repeat for Application. Reboot.

1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Double-click VEW.exe
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.
  • 0

#24
jennyllm

jennyllm

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
Windows had updated.

Downloaded UPHClean but my laptop still cannot automatic shut down and restart.

Chipset utilities is it all the drivers in device manager?

Following is the output log of the system:-


Vino's Event Viewer v01c run on Windows XP in English
Report run at 05/08/2011 9:51:50 AM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 05/08/2011 9:46:32 AM
Type: warning Category: 0
Event: 4 Source: b57w2k
Broadcom NetXtreme Gigabit Ethernet: The network link is down. Check to make sure the network cable is properly connected.


Below is the application log:-


Vino's Event Viewer v01c run on Windows XP in English
Report run at 05/08/2011 10:07:26 AM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



Please advise any other action to be taken?
  • 0

#25
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,029 posts
  • MVP
No the chipset utility just tells Windows how to talk to certain non standard items on the motherboard. Give me the make and model of the PC and if it has a serial number or other information, give me that too. I'll look and tell you what I think you need.

Ron
  • 0

Advertisements


#26
jennyllm

jennyllm

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
Is this you mean?

AMD Turion™ X2 Dual-Core
Mobile RM-70
200 GHz, 2.25GB of RAM
Physical Address Extension

If these are not the one you want, please lead me where to get the informations that you needed. Thanks.
  • 0

#27
jennyllm

jennyllm

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
The make & model of my laptop is Acer Aspire 4530.
  • 0

#28
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,029 posts
  • MVP
Download Save and Run this chipset driver:

http://global-downlo...BC=ACER&SC=PA_7

Ron
  • 0

#29
jennyllm

jennyllm

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
Hi Ron,

Already run the chipset but don't know how to check is it updated.

1 more thing is my laptop still cannot restart although I'd installed the UPHClean. Is there any other way? It only will shut down, when come to restart, it shut down with the black screen and my laptop did not shut down & i need to press the on/off button to off it & press the on/off button again to restart my laptop.

Please advise. Thanks
  • 0

#30
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,029 posts
  • MVP
Click Start, and then click Control Panel.
In Control Panel, click Performance and Maintenance, and then click Power Options.
Click the APM tab.
Check to select the Enable Advanced Power Management Support check box, and then click OK.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP