Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

computer starts on blue screen and reboots all the time

Started by Maria10 , May 23 2012 06:38 PM

  • Please log in to reply

#1
Maria10
Posted 23 May 2012 - 06:38 PM

Maria10

    Member

  • Member
  • PipPipPip
  • 105 posts
Hey guys,
Please your expert help !!!! :help:

My computer (IBM Lenovo T60 running Microsoft XP) is starting on a blue screen and keeps rebooting even when i try to go into safe mode it will not allow me... i can see the safe mode options but once i select one of them it will start rebooting :(
I searched and found on your forum someone who had the same problem... but the resolution was not taken further as this person stopped posting feedback... Anyway,
I was looking into the http://www.geekstogo...cause-of-virus/ and following the steps given in there for the blue screen with exactly same error...

1- Stop: 0x0000007b
2- (0xF7A64524,0xC0000034,0x00000000,0x00000000)
3- there is nothing below this stop message so nothing for this option 3

I've burned OTLPE on a CD and ran in the infected computer...

In the box down where it says Custom scan i paste this:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles

and got the following report:

OTL logfile created on: 5/24/2012 1:15:53 AM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 86.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 95.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 20.02 Gb Total Space | 0.01 Gb Free Space | 0.03% Space Free | Partition Type: NTFS
Drive D: | 35.87 Gb Total Space | 5.39 Gb Free Space | 15.03% Space Free | Partition Type: NTFS
Drive E: | 960.47 Mb Total Space | 865.64 Mb Free Space | 90.13% Space Free | Partition Type: FAT
Drive X: | 284.12 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet002

========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand] -- -- (iPod Service)
SRV - File not found [Auto] -- -- (cmdAgent)
SRV - File not found [Auto] -- -- (avg8wd)
SRV - File not found [Auto] -- -- (avg8emc)
SRV - [2008/05/16 05:52:12 | 000,032,768 | ---- | M] (Lenovo Group Limited) [Auto] -- C:\Program Files\Lenovo\System Update\SUService.exe -- (SUService)
SRV - [2007/03/21 08:42:38 | 000,364,629 | ---- | M] (Atheros) [Auto] -- C:\WINDOWS\system32\acs.exe -- (acs)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | System] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand] -- -- (GEARAspiWDM)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - [2008/07/06 13:15:57 | 000,087,056 | ---- | M] (COMODO) [File_System | System] -- C:\WINDOWS\system32\drivers\cmdguard.sys -- (cmdGuard)
DRV - [2008/07/06 13:15:57 | 000,079,760 | ---- | M] (COMODO) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\inspect.sys -- (Inspect)
DRV - [2008/07/06 13:15:57 | 000,024,208 | ---- | M] (COMODO) [Kernel | System] -- C:\WINDOWS\system32\drivers\cmdhlp.sys -- (cmdHlp)
DRV - [2008/07/06 13:14:10 | 000,076,040 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Auto] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2008/07/06 13:14:06 | 000,096,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2008/07/06 13:14:05 | 000,026,824 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2007/07/03 13:46:24 | 000,057,344 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\wsimd.sys -- (WSIMD)
DRV - [2007/02/19 01:56:46 | 000,021,376 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\psadd.sys -- (psadd)
DRV - [2004/08/03 19:03:36 | 000,088,448 | ---- | M] (Microsoft Corporation) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2001/08/18 10:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2001/08/18 10:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
DRV - [2001/08/17 08:48:14 | 000,011,520 | ---- | M] (IBM Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\TwoTrack.sys -- (TwoTrack)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Kursad_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.co.uk/0...S01?FORM=TOOLBR
IE - HKU\Kursad_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKU\Kursad_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Kursad_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local



FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.0: C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
FF - HKCU\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine: File not found



O1 HOSTS File: ([2001/08/18 10:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - File not found
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKU\Kursad_ON_C\..\Toolbar\ShellBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKU\Kursad_ON_C\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O4 - HKLM..\Run: [AVG8_TRAY] File not found
O4 - HKLM..\Run: [COMODO Firewall Pro] File not found
O4 - HKLM..\Run: [SoundMax] D:\DRIVERS\Win\Audio\SM_PANEL\SYS\SMAX4.EXE (Analog Devices, Inc.)
O4 - HKLM..\Run: [TrackPointSrv] C:\WINDOWS\System32\tp4mon.exe (IBM Corporation)
O4 - HKLM..\Run: [WinampAgent] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Kursad_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O8 - Extra context menu item: Open in new background tab - C:\Program Files\Windows Live Toolbar\Components\en-gb\msntabres.dll.mui (Microsoft Corporation)
O8 - Extra context menu item: Open in new foreground tab - C:\Program Files\Windows Live Toolbar\Components\en-gb\msntabres.dll.mui (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1337453138062 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1337453106500 (MUWebControl Class)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} http://acs.pandasoft...s/as2stubie.cab (ActiveScan 2.0 Installer Class)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - File not found
O20 - AppInit_DLLs: (avgrsstx.dll) - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - AppInit_DLLs: (C:\WINDOWS\system32\guard32.dll) - C:\WINDOWS\system32\guard32.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O30 - LSA: Authentication Packages - (nwprovau) - C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/07/06 10:42:22 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/11/19 16:24:41 | 000,000,090 | ---- | M] () - C:\AUTORUN.INF -- [ NTFS ]
O32 - AutoRun File - [2008/07/06 20:24:36 | 000,000,090 | ---- | M] () - D:\AUTORUN.INF -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\C\Shell\AutoRun\command - "" = C:\setupSNK.exe -- [2004/08/03 20:56:58 | 000,028,672 | ---- | M] (Microsoft Corporation)
O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\setupSNK.exe -- [2004/08/03 19:56:58 | 000,028,672 | ---- | M] (Microsoft Corporation)
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found


SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4b218e3e-bc98-4770-93d3-2731b9329278} - %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection MarketplaceLinkInstall 896 %systemroot%\inf\ie.inf
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - %SystemRoot%\system32\ie4uinit.exe
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} -
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

========== Files/Folders - Created Within 30 Days ==========

[2012/05/24 00:39:42 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/05/19 21:49:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVSoftware
[2012/05/19 20:14:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kursad\Application Data\PC Cleaners
[2012/05/19 20:14:26 | 004,101,392 | ---- | C] (PC Cleaners) -- C:\WINDOWS\uninst.exe
[2012/05/19 20:14:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kursad\Application Data\PCPro
[2012/05/19 20:14:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC1Data
[2012/05/19 20:08:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ErrorEND
[2012/05/19 18:40:53 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/05/19 14:51:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2012/05/19 14:46:15 | 000,015,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuapi.dll.mui
[2012/05/19 13:20:48 | 000,237,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\unicows.dll
[2012/05/19 11:23:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2012/05/19 11:19:48 | 000,042,496 | ---- | C] (IBM Corporation) -- C:\WINDOWS\System32\tp4res.dll
[2012/05/19 11:19:48 | 000,031,744 | ---- | C] (IBM Corporation) -- C:\WINDOWS\System32\tp4.dll
[2012/05/19 11:19:48 | 000,011,520 | ---- | C] (IBM Corporation) -- C:\WINDOWS\System32\drivers\TwoTrack.sys
[2012/05/19 11:19:41 | 000,082,432 | ---- | C] (IBM Corporation) -- C:\WINDOWS\System32\tp4mon.exe
[2012/05/19 11:06:07 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2012/05/18 18:21:11 | 000,000,000 | ---D | C] -- C:\SWTOOLS
[9 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/05/20 10:53:20 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/05/20 10:26:21 | 000,000,443 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.ics
[2012/05/20 10:09:01 | 000,000,256 | ---- | M] () -- C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job
[2012/05/20 10:01:19 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/05/19 22:00:00 | 000,000,384 | ---- | M] () -- C:\WINDOWS\tasks\ErrorEND.job
[2012/05/19 20:14:15 | 004,101,392 | ---- | M] (PC Cleaners) -- C:\WINDOWS\uninst.exe
[2012/05/19 18:44:34 | 000,114,176 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/05/19 18:41:06 | 000,000,000 | R--D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup
[2012/05/19 15:48:59 | 000,000,268 | -H-- | M] () -- C:\sqmdata01.sqm
[2012/05/19 15:48:59 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm
[2012/05/19 15:21:23 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/05/19 15:07:54 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/05/19 15:00:49 | 000,000,268 | -H-- | M] () -- C:\sqmdata00.sqm
[2012/05/19 15:00:49 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
[2012/05/19 14:04:17 | 000,392,864 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/05/19 14:04:17 | 000,058,998 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/05/19 13:20:45 | 000,001,857 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\MSN Installer.lnk
[9 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/05/19 20:08:48 | 000,000,384 | ---- | C] () -- C:\WINDOWS\tasks\ErrorEND.job
[2012/05/19 15:48:59 | 000,000,268 | -H-- | C] () -- C:\sqmdata01.sqm
[2012/05/19 15:48:59 | 000,000,244 | -H-- | C] () -- C:\sqmnoopt01.sqm
[2012/05/19 15:00:49 | 000,000,268 | -H-- | C] () -- C:\sqmdata00.sqm
[2012/05/19 15:00:49 | 000,000,244 | -H-- | C] () -- C:\sqmnoopt00.sqm
[2011/09/06 08:12:23 | 000,163,896 | ---- | C] () -- C:\WINDOWS\sequencer.exe
[2008/07/06 13:31:10 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/07/06 13:15:58 | 000,143,104 | ---- | C] () -- C:\WINDOWS\System32\guard32.dll
[2008/07/06 11:28:02 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/07/06 11:26:53 | 000,114,176 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/07/06 10:59:21 | 000,651,264 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2008/07/06 10:59:21 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2008/07/06 10:47:56 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008/07/06 10:36:07 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/03 21:07:22 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2004/08/03 20:56:44 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
[2004/08/02 10:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2001/08/23 08:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/23 08:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/08/18 10:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2001/08/18 10:00:00 | 000,392,864 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2001/08/18 10:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2001/08/18 10:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2001/08/18 10:00:00 | 000,058,998 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2001/08/18 10:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2001/08/18 10:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2001/08/18 10:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

========== LOP Check ==========

[2012/05/19 20:14:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kursad\Application Data\PC Cleaners
[2012/05/19 20:14:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kursad\Application Data\PCPro
[2012/05/19 21:49:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVSoftware
[2012/05/19 20:08:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ErrorEND
[2008/07/06 15:29:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2012/05/19 20:14:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC1Data
[2012/05/20 10:09:01 | 000,000,256 | ---- | M] () -- C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job
[2012/05/19 22:00:00 | 000,000,384 | ---- | M] () -- C:\WINDOWS\Tasks\ErrorEND.job

========== Purity Check ==========



========== Custom Scans ==========


Invalid Environment Variable: %ALLUSERSPROFILE%\Application Data\*.

Invalid Environment Variable: %ALLUSERSPROFILE%\Application Data\*.exe

Invalid Environment Variable: %APPDATA%\*.

Invalid Environment Variable: %APPDATA%\*.exe

< %SYSTEMDRIVE%\*.exe >
[2004/08/03 20:56:58 | 000,028,672 | ---- | M] (Microsoft Corporation) -- C:\setupSNK.exe
[1 C:\*.tmp files -> C:\*.tmp -> ]


< MD5 for: AGP440.SYS >
[2004/08/03 21:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys

< MD5 for: ATAPI.SYS >
[2004/08/03 21:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2004/08/03 17:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2004/08/03 17:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 18:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0007\DriverFiles\i386\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2004/08/03 20:56:44 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2004/08/03 20:56:44 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\system32\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2009/02/06 14:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\SoftwareDistribution\Download\78cf8552430e25a8f24bc1e4dfb1970e\sp2qfe\netlogon.dll
[2009/02/06 14:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\SoftwareDistribution\Download\7b97093d107dfa9fd1d666fcbee1e1d6\sp2qfe\netlogon.dll
[2009/02/06 14:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\SoftwareDistribution\Download\de81b460c3abcfc5b8494c785a5f3944\sp2qfe\netlogon.dll
[2004/08/03 20:56:46 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2004/08/03 20:56:46 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\system32\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/03 20:56:46 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\system32\dllcache\scecli.dll
[2004/08/03 20:56:46 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\system32\scecli.dll

< MD5 for: USERINIT.EXE >
[2004/08/03 20:56:58 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\system32\dllcache\userinit.exe
[2004/08/03 20:56:58 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\system32\userinit.exe

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2008/07/06 11:26:01 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2008/07/06 11:26:01 | 000,659,456 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2008/07/06 11:26:01 | 000,897,024 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2008/06/20 13:41:10 | 000,148,992 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dnsapi.dll
[2004/08/03 20:56:44 | 000,274,944 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\mstask.dll
[2004/08/03 20:56:46 | 000,067,072 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\ntdsapi.dll
[2004/08/03 20:56:46 | 001,483,264 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\shdocvw.dll
[2008/07/03 09:16:57 | 008,454,656 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\shell32.dll
[9 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
< End of report >


****Then i click on "Run Fix" and the following report came up:
Error: Unable to interpret <%ALLUSERSPROFILE%\Application Data\*.> in the current context!
Error: Unable to interpret <%ALLUSERSPROFILE%\Application Data\*.exe /s> in the current context!
Error: Unable to interpret <%APPDATA%\*.> in the current context!
Error: Unable to interpret <%APPDATA%\*.exe /s> in the current context!
Error: Unable to interpret <%SYSTEMDRIVE%\*.exe> in the current context!
Error: Unable to interpret </md5start> in the current context!
Error: Unable to interpret <userinit.exe> in the current context!
Error: Unable to interpret <eventlog.dll> in the current context!
Error: Unable to interpret <scecli.dll> in the current context!
Error: Unable to interpret <netlogon.dll> in the current context!
Error: Unable to interpret <cngaudit.dll> in the current context!
Error: Unable to interpret <sceclt.dll> in the current context!
Error: Unable to interpret <ntelogon.dll> in the current context!
Error: Unable to interpret <logevent.dll> in the current context!
Error: Unable to interpret <iaStor.sys> in the current context!
Error: Unable to interpret <nvstor.sys> in the current context!
Error: Unable to interpret <atapi.sys> in the current context!
Error: Unable to interpret <IdeChnDr.sys> in the current context!
Error: Unable to interpret <viasraid.sys> in the current context!
Error: Unable to interpret <AGP440.sys> in the current context!
Error: Unable to interpret <vaxscsi.sys> in the current context!
Error: Unable to interpret <nvatabus.sys> in the current context!
Error: Unable to interpret <viamraid.sys> in the current context!
Error: Unable to interpret <nvata.sys> in the current context!
Error: Unable to interpret <nvgts.sys> in the current context!
Error: Unable to interpret <iastorv.sys> in the current context!
Error: Unable to interpret <ViPrt.sys> in the current context!
Error: Unable to interpret <eNetHook.dll> in the current context!
Error: Unable to interpret <ahcix86.sys> in the current context!
Error: Unable to interpret <KR10N.sys> in the current context!
Error: Unable to interpret <nvstor32.sys> in the current context!
Error: Unable to interpret <ahcix86s.sys> in the current context!
Error: Unable to interpret </md5stop> in the current context!
Error: Unable to interpret <%systemroot%\system32\drivers\*.sys /lockedfiles> in the current context!
Error: Unable to interpret <%systemroot%\System32\config\*.sav> in the current context!
Error: Unable to interpret <%systemroot%\*. /mp /s> in the current context!
Error: Unable to interpret <%systemroot%\system32\*.dll /lockedfiles> in the current context!

OTLPE by OldTimer - Version 3.1.48.0 log created on 05242012_012142


After that i tried to re-start the computer but the same blue screen came up and it kept rebooting until i switch it off.

Could you please guide me on what to do next... i have all my files in there and don't want to format it.

Thank you in advance for your time and attention.
Maria10
  • 0

Advertisements

#2
Amlak
Posted 23 May 2012 - 08:01 PM

Amlak

    Member 1K

  • Member
  • PipPipPipPip
  • 1,470 posts
Hi, Maria10. Welcome to GTG. I'll help you out with your malware issue(s). But please cease following instructions made specifically for a system that's not the same as the system you're concerned about as that may make things more difficult for you and me. From now until you get your system running and free of malware, only follow what I suggest you to do.

Also, just to let you know, subsequent responses from me may be delayed as I'm still a trainee and require all my fixes to be approved by an expert before I submit them here.

Anyhow, having said all the above, please do the following:

  • Download Farbar Recovery Scan Tool and save it to a flash drive.
  • Insert the USB with FRST
  • Reboot your system using the boot CD you created before posting here.
  • As the CD needs to detect your hardware and load the operating system, I would recommend a nice cup of tea whilst it loads :)
  • Your system should now display a Reatogo desktop
  • Go to My Computer and locate the flash drive with FRST and double click the program.
  • The tool will start to run.
    Posted Image
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.
[/quote]
  • 0

#3
Maria10
Posted 24 May 2012 - 02:54 PM

Maria10

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 105 posts
Hey Amlak,

Thank you for taking your time to look into this for me... :thumbsup:

I have just loaded the FRST and ran it on the infected computer with the CD which i already had the results were the following long report which is also attached:

Scan result of Farbar Recovery Scan Tool (FRST written by farbar) Version: 23-05-2012 02
Ran by SYSTEM at 25-05-2012 00:41:22
Running from E:\
Microsoft Windows XP (X86) OS Language: English(US)
The current controlset is ControlSet002

========================== Registry (Whitelisted) =============

HKLM\...\Run: [SoundMax] "D:\DRIVERS\Win\Audio\SM_PANEL\SYS\SMAX4.EXE" /tray [x]
HKLM\...\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe [x]
HKLM\...\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h [x]
HKLM\...\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" [x]
HKLM\...\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe [487424 2008-03-04] (Lenovo Group Limited)
HKLM\...\Run: [TrackPointSrv] tp4mon.exe [x]
HKU\Default User\...\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE [15360 2004-08-03] (Microsoft Corporation)
HKU\Kursad\...\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe [15360 2004-08-03] (Microsoft Corporation)
HKU\Kursad\...\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background [5674352 2007-01-19] (Microsoft Corporation)
HKU\Kursad\...\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background [1667584 2004-08-03] (Microsoft Corporation)
HKU\LocalService\...\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE [15360 2004-08-03] (Microsoft Corporation)
HKU\NetworkService\...\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE [15360 2004-08-03] (Microsoft Corporation)
Winlogon\Notify\crypt32chain: crypt32.dll (Microsoft Corporation)
Winlogon\Notify\cryptnet: cryptnet.dll (Microsoft Corporation)
Winlogon\Notify\cscdll: cscdll.dll (Microsoft Corporation)
Winlogon\Notify\ScCertProp: wlnotify.dll (Microsoft Corporation)
Winlogon\Notify\Schedule: wlnotify.dll (Microsoft Corporation)
Winlogon\Notify\sclgntfy: sclgntfy.dll (Microsoft Corporation)
Winlogon\Notify\SensLogn: WlNotify.dll (Microsoft Corporation)
Winlogon\Notify\termsrv: wlnotify.dll (Microsoft Corporation)
Winlogon\Notify\WgaLogon: WgaLogon.dll (Microsoft Corporation)
Winlogon\Notify\wlballoon: wlnotify.dll (Microsoft Corporation)
AppInit_DLLs: avgrsstx.dll C:\WINDOWS\system32\guard32.dll
Lsa: [Authentication Packages] msv1_0
nwprovau

================================ Services (Whitelisted) ==================

2 acs; C:\WINDOWS\system32\acs.exe [364629 2007-03-21] (Atheros)
2 Eventlog; C:\Windows\System32\services.exe [108032 2004-08-03] (Microsoft Corporation)
2 Irmon; C:\Windows\System32\irmon.dll [27136 2004-08-03] (Microsoft Corporation)
2 MDM; "C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe" [270336 2001-02-23] (Microsoft Corporation)
2 NWCWorkstation; C:\Windows\System32\nwwks.dll [64000 2004-08-03] (Microsoft Corporation)
2 SUService; "C:\Program Files\Lenovo\System Update\SUService.exe" [32768 2008-05-16] (Lenovo Group Limited)
2 ThinkVantage Registry Monitor Service; "C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe" [644408 2007-09-26] (Lenovo Group Limited)
2 TVT Scheduler; "C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe" [1122304 2008-03-04] (Lenovo Group Limited)
2 UMWdf; C:\WINDOWS\system32\wdfmgr.exe [38912 2005-01-28] (Microsoft Corporation)
3 usnjsvc; "C:\Program Files\MSN Messenger\usnsvc.exe" [97136 2007-01-19] (Microsoft Corporation)
2 avg8emc; C:\PROGRA~1\AVG\AVG8\avgemc.exe [x]
2 avg8wd; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [x]
2 cmdAgent; "C:\Program Files\COMODO\Firewall\cmdagent.exe" [x]
3 iPod Service; "C:\Program Files\iPod\bin\iPodService.exe" [x]

========================== Drivers (Whitelisted) =============

1 AvgLdx86; C:\Windows\System32\Drivers\avgldx86.sys [96520 2008-07-06] (AVG Technologies CZ, s.r.o.)
1 AvgMfx86; C:\Windows\System32\Drivers\avgmfx86.sys [26824 2008-07-06] (AVG Technologies CZ, s.r.o.)
2 AvgTdiX; C:\Windows\System32\Drivers\avgtdix.sys [76040 2008-07-06] (AVG Technologies CZ, s.r.o.)
1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [87056 2008-07-06] (COMODO)
1 cmdHlp; C:\Windows\System32\DRIVERS\cmdhlp.sys [24208 2008-07-06] (COMODO)
3 e1express; C:\Windows\System32\DRIVERS\e1e5132.sys [252312 2007-05-11] (Intel Corporation)
0 Inspect; C:\Windows\System32\DRIVERS\inspect.sys [79760 2008-07-06] (COMODO)
2 irda; C:\Windows\System32\DRIVERS\irda.sys [87424 2004-08-03] (Microsoft Corporation)
3 NSCIRDA; C:\Windows\System32\DRIVERS\nscirda.sys [28672 2004-08-03] (National Semiconductor Corporation)
2 NwlnkIpx; C:\Windows\System32\DRIVERS\nwlnkipx.sys [88448 2004-08-03] (Microsoft Corporation)
2 NwlnkNb; C:\Windows\System32\DRIVERS\nwlnknb.sys [63232 2001-08-18] (Microsoft Corporation)
2 NwlnkSpx; C:\Windows\System32\DRIVERS\nwlnkspx.sys [55936 2001-08-18] (Microsoft Corporation)
3 NWRDR; C:\Windows\System32\DRIVERS\nwrdr.sys [163584 2004-08-03] (Microsoft Corporation)
3 PSched; C:\Windows\System32\DRIVERS\psched.sys [69120 2004-08-03] (Microsoft Corporation)
3 Ptilink; C:\Windows\System32\DRIVERS\ptilink.sys [17792 2001-08-18] (Parallel Technologies, Inc.)
3 Rasirda; C:\Windows\System32\DRIVERS\rasirda.sys [19584 2001-08-17] (Microsoft Corporation)
3 TwoTrack; C:\Windows\System32\DRIVERS\TwoTrack.sys [11520 2001-08-17] (IBM Corporation)
3 WSIMD; C:\Windows\System32\DRIVERS\wsimd.sys [57344 2007-07-03] (Atheros Communications, Inc.)
4 Abiosdsk; [x]
4 abp480n5; [x]
4 adpu160m; [x]
4 Aha154x; [x]
4 aic78u2; [x]
4 aic78xx; [x]
4 AliIde; [x]
4 amsint; [x]
4 asc; [x]
4 asc3350p; [x]
4 asc3550; [x]
4 Atdisk; [x]
4 cd20xrnt; [x]
1 Changer; [x]
4 CmdIde; [x]
4 Cpqarray; [x]
4 dac2w2k; [x]
4 dac960nt; [x]
4 dpti2o; [x]
3 GEARAspiWDM; C:\Windows\System32\Drivers\GEARAspiWDM.sys [x]
4 hpn; [x]
1 i2omgmt; [x]
4 i2omp; [x]
4 ini910u; [x]
4 IntelIde; [x]
1 lbrtfdc; [x]
4 mraid35x; [x]
3 PCD5SRVC{07D2499C-80E86AC3-05010004}; \??\C:\PROGRA~1\PCDR5\PCD5SRVC.pkms [x]
1 PCIDump; [x]
3 PDCOMP; [x]
3 PDFRAME; [x]
3 PDRELI; [x]
3 PDRFRAME; [x]
4 perc2; [x]
4 perc2hib; [x]
4 ql1080; [x]
4 Ql10wnt; [x]
4 ql12160; [x]
4 ql1240; [x]
4 ql1280; [x]
4 Simbad; [x]
4 Sparrow; [x]
4 symc810; [x]
4 symc8xx; [x]
4 sym_hi; [x]
4 sym_u3; [x]
4 TosIde; [x]
4 ultra; [x]
4 ViaIde; [x]
3 WDICA; [x]

========================== NetSvcs (Whitelisted) ===========

============ One Month Created Files and Folders ==============

2012-05-25 00:40 - 2012-05-25 00:40 - 0000000 ____D C:\FRST
2012-05-24 00:39 - 2012-05-24 00:39 - 0000000 ____D C:\_OTL
2012-05-23 23:48 - 2012-05-24 01:26 - 0062450 ____A C:\OTL.Txt
2012-05-19 22:02 - 2012-05-19 22:02 - 0012652 ____A C:\Windows\KB979683.log
2012-05-19 22:02 - 2012-05-19 22:02 - 0011937 ____A C:\Windows\KB971468.log
2012-05-19 22:01 - 2012-05-19 22:02 - 0011845 ____A C:\Windows\KB958869.log
2012-05-19 22:01 - 2012-05-19 22:01 - 0011762 ____A C:\Windows\KB980195.log
2012-05-19 22:01 - 2012-05-19 22:01 - 0011690 ____A C:\Windows\KB980232.log
2012-05-19 22:01 - 2012-05-19 22:01 - 0011618 ____A C:\Windows\KB2229593.log
2012-05-19 22:01 - 2012-05-19 22:01 - 0011608 ____A C:\Windows\KB955759.log
2012-05-19 22:01 - 2012-05-19 22:01 - 0011434 ____A C:\Windows\KB972270.log
2012-05-19 22:01 - 2012-05-19 22:01 - 0011352 ____A C:\Windows\KB956844.log
2012-05-19 22:01 - 2012-05-19 22:01 - 0011280 ____A C:\Windows\KB975561.log
2012-05-19 22:01 - 2012-05-19 22:01 - 0011186 ____A C:\Windows\KB973869.log
2012-05-19 22:01 - 2012-05-19 22:01 - 0009656 ____A C:\Windows\KB952069.log
2012-05-19 22:01 - 2012-05-19 22:01 - 0005817 ____A C:\Windows\KB954155.log
2012-05-19 22:00 - 2012-05-19 22:00 - 0016967 ____A C:\Windows\KB958470.log
2012-05-19 22:00 - 2012-05-19 22:00 - 0011110 ____A C:\Windows\KB973687.log
2012-05-19 22:00 - 2012-05-19 22:00 - 0011072 ____A C:\Windows\KB971961.log
2012-05-19 22:00 - 2012-05-19 22:00 - 0011027 ____A C:\Windows\KB973904.log
2012-05-19 22:00 - 2012-05-19 22:00 - 0006201 ____A C:\Windows\KB978695.log
2012-05-19 22:00 - 2012-05-19 22:00 - 0005648 ____A C:\Windows\KB973540.log
2012-05-19 22:00 - 2012-05-19 22:00 - 0004159 ____A C:\Windows\KB981793.log
2012-05-19 22:00 - 2012-05-19 22:00 - 0004039 ____A C:\Windows\KB979402.log
2012-05-19 22:00 - 2012-05-19 22:00 - 0003800 ____A C:\Windows\KB976002-v5.log
2012-05-19 22:00 - 2012-05-19 22:00 - 0002428 ____A C:\Windows\System32\TZLog.log
2012-05-19 21:49 - 2012-05-19 21:49 - 0000000 ____D C:\Documents and Settings\All Users\Application Data\AVSoftware
2012-05-19 20:14 - 2012-05-19 20:14 - 4101392 ____A (PC Cleaners) C:\Windows\uninst.exe
2012-05-19 20:14 - 2012-05-19 20:14 - 0000000 ____D C:\Documents and Settings\Kursad\Application Data\PCPro
2012-05-19 20:14 - 2012-05-19 20:14 - 0000000 ____D C:\Documents and Settings\Kursad\Application Data\PC Cleaners
2012-05-19 20:14 - 2012-05-19 20:14 - 0000000 ____D C:\Documents and Settings\All Users\Application Data\PC1Data
2012-05-19 20:08 - 2012-05-19 22:00 - 0000384 ____A C:\Windows\Tasks\ErrorEND.job
2012-05-19 20:08 - 2012-05-19 20:08 - 0000000 ____D C:\Documents and Settings\All Users\Application Data\ErrorEND
2012-05-19 20:07 - 2012-05-20 05:59 - 0042680 ____A C:\Windows\KB977816.log
2012-05-19 20:06 - 2012-05-20 05:59 - 0042851 ____A C:\Windows\KB974112.log
2012-05-19 18:55 - 2012-05-20 06:00 - 0052652 ____A C:\Windows\KB960859.log
2012-05-19 18:55 - 2012-05-20 06:00 - 0043343 ____A C:\Windows\KB980218.log
2012-05-19 18:54 - 2012-05-20 06:00 - 0053073 ____A C:\Windows\KB981350.log
2012-05-19 18:54 - 2012-05-20 06:00 - 0052077 ____A C:\Windows\KB974318.log
2012-05-19 18:54 - 2012-05-20 06:00 - 0052008 ____A C:\Windows\KB969059.log
2012-05-19 18:54 - 2012-05-20 05:59 - 0051812 ____A C:\Windows\KB978037.log
2012-05-19 18:54 - 2012-05-20 05:59 - 0051658 ____A C:\Windows\KB971657.log
2012-05-19 18:54 - 2012-05-20 05:55 - 0051583 ____A C:\Windows\KB978338.log
2012-05-19 18:54 - 2012-05-20 05:54 - 0051757 ____A C:\Windows\KB975713.log
2012-05-19 18:53 - 2012-05-20 05:59 - 0057940 ____A C:\Windows\KB975560.log
2012-05-19 18:53 - 2012-05-20 05:59 - 0051154 ____A C:\Windows\KB974571.log
2012-05-19 18:53 - 2012-05-20 05:59 - 0050992 ____A C:\Windows\KB973507.log
2012-05-19 18:52 - 2012-05-20 05:58 - 0020490 ____A C:\Windows\KB973815.log
2012-05-19 18:51 - 2012-05-20 05:58 - 0020417 ____A C:\Windows\KB975562.log
2012-05-19 18:51 - 2012-05-19 21:58 - 0009482 ____A C:\Windows\KB971032.log
2012-05-19 18:50 - 2012-05-20 05:57 - 0031510 ____A C:\Windows\KB975467.log
2012-05-19 18:50 - 2012-05-19 18:51 - 0008203 ____A C:\Windows\KB982381.log
2012-05-19 18:40 - 2012-05-20 05:51 - 0000000 __SHD C:\Config.Msi
2012-05-19 16:02 - 2012-05-20 05:59 - 0040851 ____A C:\Windows\KB974392.log
2012-05-19 16:02 - 2012-05-20 05:58 - 0040535 ____A C:\Windows\KB970238.log
2012-05-19 16:02 - 2012-05-20 05:58 - 0040360 ____A C:\Windows\KB978706.log
2012-05-19 16:02 - 2012-05-19 22:02 - 0047079 ____A C:\Windows\KB977914.log
2012-05-19 16:02 - 2012-05-19 22:02 - 0041256 ____A C:\Windows\KB979482.log
2012-05-19 16:02 - 2012-05-19 22:00 - 0010181 ____A C:\Windows\KB979559.log
2012-05-19 16:02 - 2012-05-19 21:59 - 0009520 ____A C:\Windows\KB978542.log
2012-05-19 15:48 - 2012-05-19 15:48 - 0000268 ___AH C:\sqmdata01.sqm
2012-05-19 15:48 - 2012-05-19 15:48 - 0000244 ___AH C:\sqmnoopt01.sqm
2012-05-19 15:40 - 2012-05-19 21:59 - 0016994 ____A C:\Windows\KB968389.log
2012-05-19 15:39 - 2012-05-20 05:59 - 0040611 ____A C:\Windows\KB961501.log
2012-05-19 15:39 - 2012-05-20 05:59 - 0040350 ____A C:\Windows\KB975025.log
2012-05-19 15:30 - 2012-05-20 05:59 - 0058108 ____A C:\Windows\KB978601.log
2012-05-19 15:23 - 2012-05-20 05:59 - 0099539 ____A C:\Windows\KB979309.log
2012-05-19 15:22 - 2012-05-19 15:22 - 0000000 __HDC C:\Windows\$NtUninstallKB952004$
2012-05-19 15:21 - 2012-05-19 15:21 - 0000000 __HDC C:\Windows\$NtUninstallKB967715$
2012-05-19 15:19 - 2012-05-19 15:19 - 0000000 __HDC C:\Windows\$NtUninstallKB923561$
2012-05-19 15:05 - 2012-05-19 15:05 - 0006165 ____A C:\Windows\WgaNotify.log
2012-05-19 15:00 - 2012-05-19 15:00 - 0000268 ___AH C:\sqmdata00.sqm
2012-05-19 15:00 - 2012-05-19 15:00 - 0000244 ___AH C:\sqmnoopt00.sqm
2012-05-19 14:59 - 2012-05-19 22:01 - 0023331 ____A C:\Windows\KB956572.log
2012-05-19 14:59 - 2012-05-19 15:20 - 0027666 ____A C:\Windows\KB923561.log
2012-05-19 14:59 - 2012-05-19 14:59 - 0000000 __HDC C:\Windows\$NtUninstallKB960803$
2012-05-19 14:58 - 2012-05-19 14:58 - 0019744 ____A C:\Windows\KB956803.log
2012-05-19 14:58 - 2012-05-19 14:58 - 0019229 ____A C:\Windows\KB955069.log
2012-05-19 14:58 - 2012-05-19 14:58 - 0018728 ____A C:\Windows\KB958644.log
2012-05-19 14:58 - 2012-05-19 14:58 - 0017910 ____A C:\Windows\KB952287.log
2012-05-19 14:58 - 2012-05-19 14:58 - 0000000 __HDC C:\Windows\$NtUninstallKB960225$
2012-05-19 14:58 - 2012-05-19 14:58 - 0000000 __HDC C:\Windows\$NtUninstallKB958644$
2012-05-19 14:58 - 2012-05-19 14:58 - 0000000 __HDC C:\Windows\$NtUninstallKB956803$
2012-05-19 14:58 - 2012-05-19 14:58 - 0000000 __HDC C:\Windows\$NtUninstallKB956802$
2012-05-19 14:58 - 2012-05-19 14:58 - 0000000 __HDC C:\Windows\$NtUninstallKB955069$
2012-05-19 14:58 - 2012-05-19 14:58 - 0000000 __HDC C:\Windows\$NtUninstallKB952287$
2012-05-19 14:58 - 2012-05-19 14:58 - 0000000 __HDC C:\Windows\$NtUninstallKB950974$
2012-05-19 14:57 - 2012-05-19 14:57 - 0017790 ____A C:\Windows\KB946648.log
2012-05-19 14:57 - 2012-05-19 14:57 - 0012678 ____A C:\Windows\KB950762.log
2012-05-19 14:57 - 2012-05-19 14:57 - 0008033 ____A C:\Windows\KB941569.log
2012-05-19 14:57 - 2012-05-19 14:57 - 0000000 __HDC C:\Windows\$NtUninstallKB952954$
2012-05-19 14:57 - 2012-05-19 14:57 - 0000000 __HDC C:\Windows\$NtUninstallKB951748$
2012-05-19 14:57 - 2012-05-19 14:57 - 0000000 __HDC C:\Windows\$NtUninstallKB950762$
2012-05-19 14:57 - 2012-05-19 14:57 - 0000000 __HDC C:\Windows\$NtUninstallKB946648$
2012-05-19 14:57 - 2012-05-19 14:57 - 0000000 __HDC C:\Windows\$NtUninstallKB944338-v2$
2012-05-19 14:57 - 2012-05-19 14:57 - 0000000 __HDC C:\Windows\$NtUninstallKB941569$
2012-05-19 14:56 - 2012-05-20 06:00 - 0069344 ____A C:\Windows\KB959426.log
2012-05-19 14:56 - 2012-05-19 14:59 - 0028839 ____A C:\Windows\KB960803.log
2012-05-19 14:55 - 2012-05-19 15:22 - 0046172 ____A C:\Windows\KB952004.log
2012-05-19 14:54 - 2012-05-19 15:21 - 0044187 ____A C:\Windows\KB967715.log
2012-05-19 14:54 - 2012-05-19 14:58 - 0028198 ____A C:\Windows\KB956802.log
2012-05-19 14:54 - 2012-05-19 14:58 - 0027832 ____A C:\Windows\KB960225.log
2012-05-19 14:54 - 2012-05-19 14:58 - 0026636 ____A C:\Windows\KB950974.log
2012-05-19 14:53 - 2012-05-19 14:57 - 0026608 ____A C:\Windows\KB951748.log
2012-05-19 14:53 - 2012-05-19 14:57 - 0025858 ____A C:\Windows\KB944338-v2.log
2012-05-19 14:53 - 2012-05-19 14:57 - 0025829 ____A C:\Windows\KB952954.log
2012-05-19 14:51 - 2012-05-19 14:51 - 0006265 ____A C:\Windows\KB892130.log
2012-05-19 14:51 - 2012-05-19 14:51 - 0000000 ____D C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2012-05-19 14:46 - 2009-08-06 14:24 - 0015064 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll.mui
2012-05-19 14:12 - 2012-05-20 10:26 - 0000443 ____A C:\Windows\System32\Drivers\etc\hosts.ics
2012-05-19 14:00 - 2012-05-19 14:00 - 0012880 ____A C:\Windows\KB885884.log
2012-05-19 14:00 - 2012-05-19 14:00 - 0000000 __HDC C:\Windows\$NtUninstallKB930916$
2012-05-19 14:00 - 2012-05-19 14:00 - 0000000 __HDC C:\Windows\$NtUninstallKB916595$
2012-05-19 14:00 - 2012-05-19 14:00 - 0000000 __HDC C:\Windows\$NtUninstallKB908531$
2012-05-19 14:00 - 2012-05-19 14:00 - 0000000 __HDC C:\Windows\$NtUninstallKB905749$
2012-05-19 14:00 - 2012-05-19 14:00 - 0000000 __HDC C:\Windows\$NtUninstallKB885884$
2012-05-19 13:59 - 2012-05-19 13:59 - 0000000 __HDC C:\Windows\$NtUninstallKB944653$
2012-05-19 13:59 - 2012-05-19 13:59 - 0000000 __HDC C:\Windows\$NtUninstallKB943055$
2012-05-19 13:59 - 2012-05-19 13:59 - 0000000 __HDC C:\Windows\$NtUninstallKB935839$
2012-05-19 13:59 - 2012-05-19 13:59 - 0000000 __HDC C:\Windows\$NtUninstallKB928843$
2012-05-19 13:59 - 2012-05-19 13:59 - 0000000 __HDC C:\Windows\$NtUninstallKB920683$
2012-05-19 13:59 - 2012-05-19 13:59 - 0000000 __HDC C:\Windows\$NtUninstallKB913580$
2012-05-19 13:59 - 2012-05-19 13:59 - 0000000 __HDC C:\Windows\$NtUninstallKB908519$
2012-05-19 13:59 - 2012-05-19 13:59 - 0000000 __HDC C:\Windows\$NtUninstallKB894391$
2012-05-19 13:59 - 2012-05-19 13:59 - 0000000 __HDC C:\Windows\$NtUninstallKB890859$
2012-05-19 13:20 - 2004-01-07 06:21 - 0237936 ____A (Microsoft Corporation) C:\Windows\System32\unicows.dll
2012-05-19 11:23 - 2012-05-19 11:23 - 0000000 ____D C:\Windows\System32\appmgmt
2012-05-19 11:19 - 2004-08-03 19:56 - 0082432 ____A (IBM Corporation) C:\Windows\System32\tp4mon.exe
2012-05-19 11:19 - 2001-08-17 17:36 - 0031744 ____A (IBM Corporation) C:\Windows\System32\tp4.dll
2012-05-19 11:19 - 2001-08-17 17:35 - 0042496 ____A (IBM Corporation) C:\Windows\System32\tp4res.dll
2012-05-19 11:19 - 2001-08-17 08:48 - 0011520 ____A (IBM Corporation) C:\Windows\System32\Drivers\TwoTrack.sys
2012-05-19 11:19 - 2001-07-21 13:29 - 0012251 ____A C:\Windows\System32\tp4.hlp
2012-05-19 11:06 - 2012-05-19 18:45 - 0849528 ____A C:\Windows\ntbtlog.txt
2012-05-19 11:06 - 2012-05-19 11:06 - 0000000 __SHD C:\Windows\CSC
2012-05-19 11:06 - 2004-08-03 19:56 - 0021504 ____A (Microsoft Corporation) C:\Windows\System32\hidserv.dll
2012-05-19 11:06 - 2004-08-03 18:08 - 0031616 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\usbccgp.sys
2012-05-19 11:06 - 2001-08-17 09:02 - 0009600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\hidusb.sys
2012-05-19 11:06 - 2001-08-17 08:48 - 0012160 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\mouhid.sys
2012-05-18 18:21 - 2012-05-18 18:21 - 0000000 ____D C:\SWTOOLS


============ 3 Months Modified Files and Folders ===============

2012-05-25 00:40 - 2012-05-25 00:40 - 0000000 ____D C:\FRST
2012-05-24 01:26 - 2012-05-23 23:48 - 0062450 ____A C:\OTL.Txt
2012-05-24 00:39 - 2012-05-24 00:39 - 0000000 ____D C:\_OTL
2012-05-20 10:53 - 2008-07-06 10:49 - 0019934 ____A C:\Windows\SchedLgU.Txt
2012-05-20 10:53 - 2008-07-06 10:49 - 0000006 ___AH C:\Windows\Tasks\SA.DAT
2012-05-20 10:53 - 2008-07-06 10:39 - 2009863 ____A C:\Windows\WindowsUpdate.log
2012-05-20 10:52 - 2008-07-06 10:49 - 0000178 __ASH C:\Documents and Settings\Kursad\ntuser.ini
2012-05-20 10:51 - 2008-07-06 10:49 - 0000062 __ASH C:\Documents and Settings\LocalService\Local Settings\desktop.ini
2012-05-20 10:51 - 2008-07-06 10:49 - 0000062 __ASH C:\Documents and Settings\Kursad\Local Settings\desktop.ini
2012-05-20 10:51 - 2008-07-06 10:48 - 0000062 __ASH C:\Documents and Settings\NetworkService\Local Settings\desktop.ini
2012-05-20 10:47 - 2008-07-06 11:27 - 1043720 ____A C:\Windows\setupapi.log
2012-05-20 10:26 - 2012-05-19 14:12 - 0000443 ____A C:\Windows\System32\Drivers\etc\hosts.ics
2012-05-20 10:26 - 2008-07-06 20:34 - 0000261 ____A C:\Windows\nsw.log
2012-05-20 10:09 - 2008-07-06 14:45 - 0000256 ____A C:\Windows\Tasks\Check Updates for Windows Live Toolbar.job
2012-05-20 10:01 - 2001-08-18 10:00 - 0002206 ____A C:\Windows\System32\wpa.dbl
2012-05-20 06:00 - 2012-05-19 18:55 - 0052652 ____A C:\Windows\KB960859.log
2012-05-20 06:00 - 2012-05-19 18:55 - 0043343 ____A C:\Windows\KB980218.log
2012-05-20 06:00 - 2012-05-19 18:54 - 0053073 ____A C:\Windows\KB981350.log
2012-05-20 06:00 - 2012-05-19 18:54 - 0052077 ____A C:\Windows\KB974318.log
2012-05-20 06:00 - 2012-05-19 18:54 - 0052008 ____A C:\Windows\KB969059.log
2012-05-20 06:00 - 2012-05-19 14:56 - 0069344 ____A C:\Windows\KB959426.log
2012-05-20 05:59 - 2012-05-19 20:07 - 0042680 ____A C:\Windows\KB977816.log
2012-05-20 05:59 - 2012-05-19 20:06 - 0042851 ____A C:\Windows\KB974112.log
2012-05-20 05:59 - 2012-05-19 18:54 - 0051812 ____A C:\Windows\KB978037.log
2012-05-20 05:59 - 2012-05-19 18:54 - 0051658 ____A C:\Windows\KB971657.log
2012-05-20 05:59 - 2012-05-19 18:53 - 0057940 ____A C:\Windows\KB975560.log
2012-05-20 05:59 - 2012-05-19 18:53 - 0051154 ____A C:\Windows\KB974571.log
2012-05-20 05:59 - 2012-05-19 18:53 - 0050992 ____A C:\Windows\KB973507.log
2012-05-20 05:59 - 2012-05-19 16:02 - 0040851 ____A C:\Windows\KB974392.log
2012-05-20 05:59 - 2012-05-19 15:39 - 0040611 ____A C:\Windows\KB961501.log
2012-05-20 05:59 - 2012-05-19 15:39 - 0040350 ____A C:\Windows\KB975025.log
2012-05-20 05:59 - 2012-05-19 15:30 - 0058108 ____A C:\Windows\KB978601.log
2012-05-20 05:59 - 2012-05-19 15:23 - 0099539 ____A C:\Windows\KB979309.log
2012-05-20 05:58 - 2012-05-19 18:52 - 0020490 ____A C:\Windows\KB973815.log
2012-05-20 05:58 - 2012-05-19 18:51 - 0020417 ____A C:\Windows\KB975562.log
2012-05-20 05:58 - 2012-05-19 16:02 - 0040535 ____A C:\Windows\KB970238.log
2012-05-20 05:58 - 2012-05-19 16:02 - 0040360 ____A C:\Windows\KB978706.log
2012-05-20 05:57 - 2012-05-19 18:50 - 0031510 ____A C:\Windows\KB975467.log
2012-05-20 05:55 - 2012-05-19 18:54 - 0051583 ____A C:\Windows\KB978338.log
2012-05-20 05:54 - 2012-05-19 18:54 - 0051757 ____A C:\Windows\KB975713.log
2012-05-20 05:51 - 2012-05-19 18:40 - 0000000 __SHD C:\Config.Msi
2012-05-19 22:02 - 2012-05-19 22:02 - 0012652 ____A C:\Windows\KB979683.log
2012-05-19 22:02 - 2012-05-19 22:02 - 0011937 ____A C:\Windows\KB971468.log
2012-05-19 22:02 - 2012-05-19 22:01 - 0011845 ____A C:\Windows\KB958869.log
2012-05-19 22:02 - 2012-05-19 16:02 - 0047079 ____A C:\Windows\KB977914.log
2012-05-19 22:02 - 2012-05-19 16:02 - 0041256 ____A C:\Windows\KB979482.log
2012-05-19 22:02 - 2008-07-06 16:36 - 0000000 ___HD C:\Windows\$hf_mig$
2012-05-19 22:01 - 2012-05-19 22:01 - 0011762 ____A C:\Windows\KB980195.log
2012-05-19 22:01 - 2012-05-19 22:01 - 0011690 ____A C:\Windows\KB980232.log
2012-05-19 22:01 - 2012-05-19 22:01 - 0011618 ____A C:\Windows\KB2229593.log
2012-05-19 22:01 - 2012-05-19 22:01 - 0011608 ____A C:\Windows\KB955759.log
2012-05-19 22:01 - 2012-05-19 22:01 - 0011434 ____A C:\Windows\KB972270.log
2012-05-19 22:01 - 2012-05-19 22:01 - 0011352 ____A C:\Windows\KB956844.log
2012-05-19 22:01 - 2012-05-19 22:01 - 0011280 ____A C:\Windows\KB975561.log
2012-05-19 22:01 - 2012-05-19 22:01 - 0011186 ____A C:\Windows\KB973869.log
2012-05-19 22:01 - 2012-05-19 22:01 - 0009656 ____A C:\Windows\KB952069.log
2012-05-19 22:01 - 2012-05-19 22:01 - 0005817 ____A C:\Windows\KB954155.log
2012-05-19 22:01 - 2012-05-19 14:59 - 0023331 ____A C:\Windows\KB956572.log
2012-05-19 22:00 - 2012-05-19 22:00 - 0016967 ____A C:\Windows\KB958470.log
2012-05-19 22:00 - 2012-05-19 22:00 - 0011110 ____A C:\Windows\KB973687.log
2012-05-19 22:00 - 2012-05-19 22:00 - 0011072 ____A C:\Windows\KB971961.log
2012-05-19 22:00 - 2012-05-19 22:00 - 0011027 ____A C:\Windows\KB973904.log
2012-05-19 22:00 - 2012-05-19 22:00 - 0006201 ____A C:\Windows\KB978695.log
2012-05-19 22:00 - 2012-05-19 22:00 - 0005648 ____A C:\Windows\KB973540.log
2012-05-19 22:00 - 2012-05-19 22:00 - 0004159 ____A C:\Windows\KB981793.log
2012-05-19 22:00 - 2012-05-19 22:00 - 0004039 ____A C:\Windows\KB979402.log
2012-05-19 22:00 - 2012-05-19 22:00 - 0003800 ____A C:\Windows\KB976002-v5.log
2012-05-19 22:00 - 2012-05-19 22:00 - 0002428 ____A C:\Windows\System32\TZLog.log
2012-05-19 22:00 - 2012-05-19 20:08 - 0000384 ____A C:\Windows\Tasks\ErrorEND.job
2012-05-19 22:00 - 2012-05-19 16:02 - 0010181 ____A C:\Windows\KB979559.log
2012-05-19 21:59 - 2012-05-19 16:02 - 0009520 ____A C:\Windows\KB978542.log
2012-05-19 21:59 - 2012-05-19 15:40 - 0016994 ____A C:\Windows\KB968389.log
2012-05-19 21:58 - 2012-05-19 18:51 - 0009482 ____A C:\Windows\KB971032.log
2012-05-19 21:53 - 2008-07-06 15:31 - 0019088 ____A C:\Documents and Settings\Kursad\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2012-05-19 21:49 - 2012-05-19 21:49 - 0000000 ____D C:\Documents and Settings\All Users\Application Data\AVSoftware
2012-05-19 20:25 - 2008-07-06 10:51 - 0000000 ___HD C:\Program Files\InstallShield Installation Information
2012-05-19 20:14 - 2012-05-19 20:14 - 4101392 ____A (PC Cleaners) C:\Windows\uninst.exe
2012-05-19 20:14 - 2012-05-19 20:14 - 0000000 ____D C:\Documents and Settings\Kursad\Application Data\PCPro
2012-05-19 20:14 - 2012-05-19 20:14 - 0000000 ____D C:\Documents and Settings\Kursad\Application Data\PC Cleaners
2012-05-19 20:14 - 2012-05-19 20:14 - 0000000 ____D C:\Documents and Settings\All Users\Application Data\PC1Data
2012-05-19 20:08 - 2012-05-19 20:08 - 0000000 ____D C:\Documents and Settings\All Users\Application Data\ErrorEND
2012-05-19 18:51 - 2012-05-19 18:50 - 0008203 ____A C:\Windows\KB982381.log
2012-05-19 18:45 - 2012-05-19 11:06 - 0849528 ____A C:\Windows\ntbtlog.txt
2012-05-19 18:44 - 2008-07-06 11:26 - 0114176 ____A C:\Windows\System32\FNTCACHE.DAT
2012-05-19 18:41 - 2008-07-06 11:27 - 0000000 ___RD C:\Documents and Settings\All Users\Start Menu
2012-05-19 18:41 - 2008-07-06 11:27 - 0000000 ____D C:\Program Files\Common Files\Microsoft Shared
2012-05-19 18:41 - 2008-07-06 11:21 - 0000000 ____D C:\Windows\Help
2012-05-19 18:41 - 2008-07-06 10:37 - 0000000 ____D C:\Program Files\Common Files\System
2012-05-19 18:12 - 2008-07-06 10:49 - 0000000 ___RD C:\Documents and Settings\Kursad\My Documents\My Music
2012-05-19 16:21 - 2008-07-06 11:27 - 0174646 ____A C:\Windows\setupact.log
2012-05-19 16:18 - 2008-07-06 10:40 - 0000000 ___SD C:\Windows\Downloaded Program Files
2012-05-19 15:48 - 2012-05-19 15:48 - 0000268 ___AH C:\sqmdata01.sqm
2012-05-19 15:48 - 2012-05-19 15:48 - 0000244 ___AH C:\sqmnoopt01.sqm
2012-05-19 15:22 - 2012-05-19 15:22 - 0000000 __HDC C:\Windows\$NtUninstallKB952004$
2012-05-19 15:22 - 2012-05-19 14:55 - 0046172 ____A C:\Windows\KB952004.log
2012-05-19 15:22 - 2008-07-06 22:02 - 0015202 ____A C:\Windows\updspapi.log
2012-05-19 15:22 - 2008-07-06 11:28 - 0372599 ____A C:\Windows\iis6.log
2012-05-19 15:22 - 2008-07-06 11:28 - 0314488 ____A C:\Windows\FaxSetup.log
2012-05-19 15:22 - 2008-07-06 11:28 - 0157616 ____A C:\Windows\ocgen.log
2012-05-19 15:22 - 2008-07-06 11:28 - 0148416 ____A C:\Windows\tsoc.log
2012-05-19 15:22 - 2008-07-06 11:28 - 0115819 ____A C:\Windows\comsetup.log
2012-05-19 15:22 - 2008-07-06 11:28 - 0101518 ____A C:\Windows\msmqinst.log
2012-05-19 15:22 - 2008-07-06 11:28 - 0068542 ____A C:\Windows\ntdtcsetup.log
2012-05-19 15:22 - 2008-07-06 11:28 - 0055857 ____A C:\Windows\netfxocm.log
2012-05-19 15:22 - 2008-07-06 11:28 - 0022312 ____A C:\Windows\MedCtrOC.log
2012-05-19 15:22 - 2008-07-06 11:28 - 0017643 ____A C:\Windows\ocmsn.log
2012-05-19 15:22 - 2008-07-06 11:28 - 0016491 ____A C:\Windows\tabletoc.log
2012-05-19 15:22 - 2008-07-06 11:28 - 0016012 ____A C:\Windows\msgsocm.log
2012-05-19 15:22 - 2008-07-06 11:28 - 0001374 ____A C:\Windows\imsins.log
2012-05-19 15:21 - 2012-05-19 15:21 - 0000000 __HDC C:\Windows\$NtUninstallKB967715$
2012-05-19 15:21 - 2012-05-19 14:54 - 0044187 ____A C:\Windows\KB967715.log
2012-05-19 15:21 - 2008-07-06 11:28 - 0001374 ____A C:\Windows\imsins.BAK
2012-05-19 15:20 - 2012-05-19 14:59 - 0027666 ____A C:\Windows\KB923561.log
2012-05-19 15:19 - 2012-05-19 15:19 - 0000000 __HDC C:\Windows\$NtUninstallKB923561$
2012-05-19 15:07 - 2008-07-06 15:04 - 0000284 ____A C:\Windows\Tasks\AppleSoftwareUpdate.job
2012-05-19 15:05 - 2012-05-19 15:05 - 0006165 ____A C:\Windows\WgaNotify.log
2012-05-19 15:00 - 2012-05-19 15:00 - 0000268 ___AH C:\sqmdata00.sqm
2012-05-19 15:00 - 2012-05-19 15:00 - 0000244 ___AH C:\sqmnoopt00.sqm
2012-05-19 14:59 - 2012-05-19 14:59 - 0000000 __HDC C:\Windows\$NtUninstallKB960803$
2012-05-19 14:59 - 2012-05-19 14:56 - 0028839 ____A C:\Windows\KB960803.log
2012-05-19 14:58 - 2012-05-19 14:58 - 0019744 ____A C:\Windows\KB956803.log
2012-05-19 14:58 - 2012-05-19 14:58 - 0019229 ____A C:\Windows\KB955069.log
2012-05-19 14:58 - 2012-05-19 14:58 - 0018728 ____A C:\Windows\KB958644.log
2012-05-19 14:58 - 2012-05-19 14:58 - 0017910 ____A C:\Windows\KB952287.log
2012-05-19 14:58 - 2012-05-19 14:58 - 0000000 __HDC C:\Windows\$NtUninstallKB960225$
2012-05-19 14:58 - 2012-05-19 14:58 - 0000000 __HDC C:\Windows\$NtUninstallKB958644$
2012-05-19 14:58 - 2012-05-19 14:58 - 0000000 __HDC C:\Windows\$NtUninstallKB956803$
2012-05-19 14:58 - 2012-05-19 14:58 - 0000000 __HDC C:\Windows\$NtUninstallKB956802$
2012-05-19 14:58 - 2012-05-19 14:58 - 0000000 __HDC C:\Windows\$NtUninstallKB955069$
2012-05-19 14:58 - 2012-05-19 14:58 - 0000000 __HDC C:\Windows\$NtUninstallKB952287$
2012-05-19 14:58 - 2012-05-19 14:58 - 0000000 __HDC C:\Windows\$NtUninstallKB950974$
2012-05-19 14:58 - 2012-05-19 14:54 - 0028198 ____A C:\Windows\KB956802.log
2012-05-19 14:58 - 2012-05-19 14:54 - 0027832 ____A C:\Windows\KB960225.log
2012-05-19 14:58 - 2012-05-19 14:54 - 0026636 ____A C:\Windows\KB950974.log
2012-05-19 14:57 - 2012-05-19 14:57 - 0017790 ____A C:\Windows\KB946648.log
2012-05-19 14:57 - 2012-05-19 14:57 - 0012678 ____A C:\Windows\KB950762.log
2012-05-19 14:57 - 2012-05-19 14:57 - 0008033 ____A C:\Windows\KB941569.log
2012-05-19 14:57 - 2012-05-19 14:57 - 0000000 __HDC C:\Windows\$NtUninstallKB952954$
2012-05-19 14:57 - 2012-05-19 14:57 - 0000000 __HDC C:\Windows\$NtUninstallKB951748$
2012-05-19 14:57 - 2012-05-19 14:57 - 0000000 __HDC C:\Windows\$NtUninstallKB950762$
2012-05-19 14:57 - 2012-05-19 14:57 - 0000000 __HDC C:\Windows\$NtUninstallKB946648$
2012-05-19 14:57 - 2012-05-19 14:57 - 0000000 __HDC C:\Windows\$NtUninstallKB944338-v2$
2012-05-19 14:57 - 2012-05-19 14:57 - 0000000 __HDC C:\Windows\$NtUninstallKB941569$
2012-05-19 14:57 - 2012-05-19 14:53 - 0026608 ____A C:\Windows\KB951748.log
2012-05-19 14:57 - 2012-05-19 14:53 - 0025858 ____A C:\Windows\KB944338-v2.log
2012-05-19 14:57 - 2012-05-19 14:53 - 0025829 ____A C:\Windows\KB952954.log
2012-05-19 14:57 - 2008-07-06 10:35 - 0000000 ____D C:\Program Files\Messenger
2012-05-19 14:51 - 2012-05-19 14:51 - 0006265 ____A C:\Windows\KB892130.log
2012-05-19 14:51 - 2012-05-19 14:51 - 0000000 ____D C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2012-05-19 14:34 - 2008-07-07 08:08 - 0012547 ____A C:\Windows\KB896423.log
2012-05-19 14:07 - 2008-07-07 08:14 - 0015189 ____A C:\Windows\KB899587.log
2012-05-19 14:07 - 2008-07-07 08:12 - 0015814 ____A C:\Windows\KB931784.log
2012-05-19 14:07 - 2008-07-07 08:12 - 0015167 ____A C:\Windows\KB885836.log
2012-05-19 14:07 - 2008-07-07 08:12 - 0014936 ____A C:\Windows\KB899591.log
2012-05-19 14:07 - 2008-07-07 08:10 - 0012714 ____A C:\Windows\KB927779.log
2012-05-19 14:07 - 2008-07-07 08:09 - 0012477 ____A C:\Windows\KB885835.log
2012-05-19 14:07 - 2008-07-07 08:09 - 0012371 ____A C:\Windows\KB927802.log
2012-05-19 14:07 - 2008-07-07 08:09 - 0012290 ____A C:\Windows\KB922819.log
2012-05-19 14:07 - 2008-07-07 08:09 - 0012204 ____A C:\Windows\KB923414.log
2012-05-19 14:07 - 2008-07-07 08:09 - 0012054 ____A C:\Windows\KB928255.log
2012-05-19 14:07 - 2008-07-07 08:09 - 0011953 ____A C:\Windows\KB911927.log
2012-05-19 14:07 - 2008-07-07 08:09 - 0011880 ____A C:\Windows\KB901017.log
2012-05-19 14:07 - 2008-07-07 08:09 - 0011793 ____A C:\Windows\KB920685.log
2012-05-19 14:06 - 2008-07-07 08:12 - 0014858 ____A C:\Windows\KB893756.log
2012-05-19 14:06 - 2008-07-07 08:12 - 0014772 ____A C:\Windows\KB911280.log
2012-05-19 14:06 - 2008-07-07 08:12 - 0014689 ____A C:\Windows\KB911562.log
2012-05-19 14:06 - 2008-07-07 08:12 - 0014614 ____A C:\Windows\KB924270.log
2012-05-19 14:06 - 2008-07-07 08:12 - 0014525 ____A C:\Windows\KB924496.log
2012-05-19 14:06 - 2008-07-07 08:12 - 0014446 ____A C:\Windows\KB941693.log
2012-05-19 14:06 - 2008-07-07 08:12 - 0014358 ____A C:\Windows\KB946026.log
2012-05-19 14:06 - 2008-07-07 08:09 - 0011716 ____A C:\Windows\KB923980.log
2012-05-19 14:06 - 2008-07-07 08:09 - 0011630 ____A C:\Windows\KB936021.log
2012-05-19 14:06 - 2008-07-07 08:08 - 0011719 ____A C:\Windows\KB951698.log
2012-05-19 14:06 - 2008-07-07 08:08 - 0011550 ____A C:\Windows\KB938828.log
2012-05-19 14:06 - 2008-07-07 08:08 - 0011372 ____A C:\Windows\KB931261.log
2012-05-19 14:06 - 2008-07-07 08:08 - 0011348 ____A C:\Windows\KB873339.log
2012-05-19 14:06 - 2008-07-07 08:08 - 0011130 ____A C:\Windows\KB941644.log
2012-05-19 14:06 - 2008-07-07 08:08 - 0011109 ____A C:\Windows\KB887472.log
2012-05-19 14:06 - 2008-07-07 08:08 - 0010968 ____A C:\Windows\KB896358.log
2012-05-19 14:05 - 2008-07-07 08:11 - 0015071 ____A C:\Windows\KB950759.log
2012-05-19 14:05 - 2008-07-07 08:11 - 0014273 ____A C:\Windows\KB920670.log
2012-05-19 14:05 - 2008-07-07 08:11 - 0014010 ____A C:\Windows\KB890046.log
2012-05-19 14:05 - 2008-07-07 08:11 - 0013926 ____A C:\Windows\KB905414.log
2012-05-19 14:05 - 2008-07-07 08:08 - 0010934 ____A C:\Windows\KB891781.log
2012-05-19 14:05 - 2008-07-07 08:08 - 0010816 ____A C:\Windows\KB902400.log
2012-05-19 14:05 - 2008-07-07 08:07 - 0010527 ____A C:\Windows\KB926436.log
2012-05-19 14:05 - 2008-07-07 08:07 - 0010448 ____A C:\Windows\KB914388.log
2012-05-19 14:05 - 2008-07-07 08:07 - 0010367 ____A C:\Windows\KB901214.log
2012-05-19 14:04 - 2008-07-07 08:11 - 0023433 ____A C:\Windows\KB945553.log
2012-05-19 14:04 - 2008-07-07 08:11 - 0014746 ____A C:\Windows\KB944338.log
2012-05-19 14:04 - 2008-07-07 08:11 - 0013768 ____A C:\Windows\KB918118.log
2012-05-19 14:04 - 2008-07-07 08:11 - 0013734 ____A C:\Windows\KB888302.log
2012-05-19 14:04 - 2008-07-07 08:11 - 0013598 ____A C:\Windows\KB948590.log
2012-05-19 14:04 - 2008-07-07 08:11 - 0013531 ____A C:\Windows\KB900725.log
2012-05-19 14:04 - 2008-07-07 08:11 - 0013345 ____A C:\Windows\KB935840.log
2012-05-19 14:04 - 2008-07-07 08:10 - 0030203 ____A C:\Windows\KB908531.log
2012-05-19 14:04 - 2008-07-07 08:07 - 0010770 ____A C:\Windows\KB938127.log
2012-05-19 14:04 - 2008-07-07 08:07 - 0010448 ____A C:\Windows\KB923191.log
2012-05-19 14:04 - 2008-07-07 08:07 - 0010285 ____A C:\Windows\KB941202.log
2012-05-19 14:04 - 2008-07-07 08:07 - 0010124 ____A C:\Windows\KB943485.log
2012-05-19 14:04 - 2008-07-06 11:28 - 0458340 ____A C:\Windows\System32\PerfStringBackup.INI
2012-05-19 14:03 - 2008-07-07 08:10 - 0029949 ____A C:\Windows\KB913580.log
2012-05-19 14:03 - 2008-07-07 08:10 - 0028164 ____A C:\Windows\KB894391.log
2012-05-19 14:03 - 2008-07-07 08:10 - 0026152 ____A C:\Windows\KB920683.log
2012-05-19 14:03 - 2008-07-07 08:07 - 0026757 ____A C:\Windows\KB905749.log
2012-05-19 14:03 - 2008-07-07 08:06 - 0024755 ____A C:\Windows\KB890859.log
2012-05-19 14:00 - 2012-05-19 14:00 - 0012880 ____A C:\Windows\KB885884.log
2012-05-19 14:00 - 2012-05-19 14:00 - 0000000 __HDC C:\Windows\$NtUninstallKB930916$
2012-05-19 14:00 - 2012-05-19 14:00 - 0000000 __HDC C:\Windows\$NtUninstallKB916595$
2012-05-19 14:00 - 2012-05-19 14:00 - 0000000 __HDC C:\Windows\$NtUninstallKB908531$
2012-05-19 14:00 - 2012-05-19 14:00 - 0000000 __HDC C:\Windows\$NtUninstallKB905749$
2012-05-19 14:00 - 2012-05-19 14:00 - 0000000 __HDC C:\Windows\$NtUninstallKB885884$
2012-05-19 14:00 - 2008-07-07 08:11 - 0023333 ____A C:\Windows\KB916595.log
2012-05-19 14:00 - 2008-07-07 08:07 - 0020312 ____A C:\Windows\KB930916.log
2012-05-19 13:59 - 2012-05-19 13:59 - 0000000 __HDC C:\Windows\$NtUninstallKB944653$
2012-05-19 13:59 - 2012-05-19 13:59 - 0000000 __HDC C:\Windows\$NtUninstallKB943055$
2012-05-19 13:59 - 2012-05-19 13:59 - 0000000 __HDC C:\Windows\$NtUninstallKB935839$
2012-05-19 13:59 - 2012-05-19 13:59 - 0000000 __HDC C:\Windows\$NtUninstallKB928843$
2012-05-19 13:59 - 2012-05-19 13:59 - 0000000 __HDC C:\Windows\$NtUninstallKB920683$
2012-05-19 13:59 - 2012-05-19 13:59 - 0000000 __HDC C:\Windows\$NtUninstallKB913580$
2012-05-19 13:59 - 2012-05-19 13:59 - 0000000 __HDC C:\Windows\$NtUninstallKB908519$
2012-05-19 13:59 - 2012-05-19 13:59 - 0000000 __HDC C:\Windows\$NtUninstallKB894391$
2012-05-19 13:59 - 2012-05-19 13:59 - 0000000 __HDC C:\Windows\$NtUninstallKB890859$
2012-05-19 13:59 - 2008-07-07 08:10 - 0021515 ____A C:\Windows\KB943055.log
2012-05-19 13:59 - 2008-07-07 08:10 - 0018367 ____A C:\Windows\KB944653.log
2012-05-19 13:59 - 2008-07-07 08:10 - 0017858 ____A C:\Windows\KB928843.log
2012-05-19 13:59 - 2008-07-07 08:07 - 0018730 ____A C:\Windows\KB935839.log
2012-05-19 13:59 - 2008-07-07 08:06 - 0016262 ____A C:\Windows\KB908519.log
2012-05-19 13:20 - 2008-07-06 20:40 - 0001857 ____A C:\Documents and Settings\All Users\Desktop\MSN Installer.lnk
2012-05-19 11:23 - 2012-05-19 11:23 - 0000000 ____D C:\Windows\System32\appmgmt
2012-05-19 11:23 - 2008-07-06 10:37 - 0000000 ____D C:\Windows\System32\Restore
2012-05-19 11:07 - 2008-07-06 11:21 - 0000000 ____D C:\Windows\security
2012-05-19 11:06 - 2012-05-19 11:06 - 0000000 __SHD C:\Windows\CSC
2012-05-19 05:19 - 2012-03-18 17:43 - 0375459 ____A C:\sysiclog.txt
2012-05-18 18:21 - 2012-05-18 18:21 - 0000000 ____D C:\SWTOOLS
2012-03-18 17:52 - 2012-03-18 17:52 - 0002080 ____A C:\Windows\System32\ICAutoUpdate.log
2012-03-18 16:46 - 2011-10-28 18:31 - 0000000 ____D C:\Plugins
2012-03-17 15:29 - 2008-07-06 10:49 - 0000000 ___RD C:\Documents and Settings\Kursad\My Documents\My Pictures
2012-03-17 15:14 - 2008-07-06 10:35 - 0000000 ___RD C:\Documents and Settings\All Users\Documents\My Music

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\explorer.exe
[2004-08-03 20:56] - [2004-08-03 20:56] - 1032192 ____A (Microsoft Corporation) a0732187050030ae399b241436565e64

C:\Windows\System32\winlogon.exe
[2004-08-03 20:56] - [2004-08-03 20:56] - 0502272 ____A (Microsoft Corporation) 01c3346c241652f43aed8e2149881bfe

C:\Windows\System32\svchost.exe
[2004-08-03 20:56] - [2004-08-03 20:56] - 0014336 ____A (Microsoft Corporation) 8f078ae4ed187aaabc0a305146de6716

C:\Windows\System32\User32.dll
[2004-08-03 20:56] - [2007-03-08 11:36] - 0577536 ____A (Microsoft Corporation) b409909f6e2e8a7067076ed748abf1e7

C:\Windows\System32\userinit.exe
[2004-08-03 20:56] - [2004-08-03 20:56] - 0024576 ____A (Microsoft Corporation) 39b1ffb03c2296323832acbae50d2aff

C:\Windows\System32\Drivers\volsnap.sys
[2004-08-03 19:00] - [2004-08-03 19:00] - 0052352 ____A (Microsoft Corporation) ee4660083deba849ff6c485d944b379b


==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points (XP) =====================


========================= Memory info ======================

Percentage of memory in use: 11%
Total physical RAM: 2038.36 MB
Available physical RAM: 1795.65 MB
Total Pagefile: 1869.09 MB
Available Pagefile: 1804.54 MB
Total Virtual: 2047.88 MB
Available Virtual: 2002.18 MB

======================= Partitions =========================

1 Drive b: (RAMDisk) (Fixed) (Total:0.06 GB) (Free:0.06 GB) NTFS
2 Drive c: () (Fixed) (Total:20.02 GB) (Free:0.01 GB) NTFS ==>[Drive with boot components (Windows XP)]
3 Drive d: (KURSAD) (Fixed) (Total:35.87 GB) (Free:5.39 GB) NTFS
4 Drive e: () (Removable) (Total:0.96 GB) (Free:0.96 GB) FAT
5 Drive x: (ReatogoPE) (CDROM) (Total:0.28 GB) (Free:0 GB) CDFS

Disk ### Status Size Free Dyn Gpt
-------- ---------- ------- ------- --- ---
Disk 1 Online 56 GB 0 B

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 20 GB 32 KB
Partition 2 Extended 36 GB 20 GB
Partition 3 Logical 36 GB 20 GB
======================================================================================================

Disk: 1
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partition 20 GB Healthy
======================================================================================================

Disk: 1
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 D KURSAD NTFS Partition 36 GB Healthy
======================================================================================================
======================= End Of Log ==========================


Cheers, i will be waiting for the next steps ;-)

Attached Files

  • Attached File  FRST.txt   39.86KB   455 downloads

  • 0

#4
Amlak
Posted 25 May 2012 - 02:53 AM

Amlak

    Member 1K

  • Member
  • PipPipPipPip
  • 1,470 posts
Try this please. You will need a USB drive.

Download GETxPUD.exe to the desktop of your clean computer
  • Run GETxPUD.exe
  • A new folder will appear on the desktop.
  • Open the GETxPUD folder and click on the get&burn.bat
  • The program will download xpud_0.9.2.iso, and upon finished will open BurnCDCC ready to burn the image.
  • Click on Start and follow the prompts to burn the image to a CD.
  • Remove the USB & CD and insert it in the sick computer
  • Boot the Sick computer with the CD you just burned
  • The computer must be set to boot from the CD
  • Gently tap F12 and choose to boot from the CD
  • Follow the prompts
  • A Welcome to xPUD screen will appear
  • Press File
  • Expand mnt
  • sda1,2...usually corresponds to your HDD
  • sdb1 is likely your USB
  • Click on the folder that represents your USB drive (sdb1 ?)
  • Press Tool at the top
  • Choose Open Terminal
  • Type the following and press enter:

    dd if=/dev/sda of=mbr.bin bs=512 count=1

  • Press Enter
  • After it has finished a file will be located on your USB drive named mbr.bin
  • Remove the USB drive and insert it back in your working computer and navigate to mbr.bin, zip it up and attach it to your next reply.

This will allow me to have a look at the MasterBootRecord of your drive and see if it is infected.
  • 0

#5
Maria10
Posted 25 May 2012 - 04:12 AM

Maria10

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 105 posts
Hi,

Hopefully i've done it right...
I have just followed the steps you gave me and no file has come up on my USB.
the xPUD does start i went "File", mnt expanded found sdb1, "Tool", Open terminal F4 a screen named "xterm" opens up with a prompt sh-4.0# then i entered dd if=/dev/sda of=mbr.bin bs=512 count=1

Results :(

1+0 records in
1+0 records out

no file has been saved / created on my USB
  • 0

#6
Maria10
Posted 25 May 2012 - 04:38 AM

Maria10

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 105 posts
I just realised that xPUD allows me to connect to the WI-FI... :confused: it might be useful to have access through the infected machine.
  • 0

#7
Amlak
Posted 26 May 2012 - 12:11 AM

Amlak

    Member 1K

  • Member
  • PipPipPipPip
  • 1,470 posts
Hi, Maria10. Sorry for the delay.

Rerun the command and do not remove the usb drive. Instead shut down the computer through xPUD by clicking Home (left panel) > Power Off > Shut Down. Only then remove the USB drive and see if mbr.bin is present.
  • 0

#8
Maria10
Posted 26 May 2012 - 05:03 AM

Maria10

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 105 posts
Hi Amlak,

I have tried it... and didn't come up with a file saved to my USB.
After that I have tried to check if the sdb1 was my USB as i wanted to make sure i was in the correct path... not sure if i made any changes there but now when i start the computer and go to mnt sdb1 is not there anymore... even though the USB is plugged in. When opening mnt i see sda1, sda2 and sda5. :upset:

Thanks and don't worry about the delay...you are being very helpful.
  • 0

#9
Amlak
Posted 26 May 2012 - 08:11 AM

Amlak

    Member 1K

  • Member
  • PipPipPipPip
  • 1,470 posts
Ok, let's see if this works out now.

Open sda1 and click Tool > Open terminal.
Type dd if=/dev/sda of=mbr.zip bs=512 count=1 and press enter.

This will create a file named mbr.zip in sda1.

Now click the Menu tab and open Firefox. Navigate to this topic and attach /mnt/sda1/mbr.zip to your next reply.
  • 0

#10
Maria10
Posted 26 May 2012 - 09:37 AM

Maria10

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 105 posts
Hi,
I have done it, and a file mbr.zip was created... i have attached the file for you.
Thanks ;-)

Attached Files

  • Attached File  mbr.zip   512bytes   562 downloads

  • 0

Advertisements

#11
Amlak
Posted 26 May 2012 - 05:32 PM

Amlak

    Member 1K

  • Member
  • PipPipPipPip
  • 1,470 posts
Ok, that's good enough! Now, with fingers crossed, let's do the following:

Right click the following download link and select "save link/target as": xPUD_MBRfix
Save the file to your USB drive.
  • Boot the ailing computer to xPUD
  • Click on the folder that represents your USB drive (sdb1 ?)
  • Double click on xPUD_MBRfix to execute the script
  • When asked "what boot code do you want to write?" type m for XP boot code and press enter.
  • When asked "to which one do you want to write a new mbr?" type sda and press enter.
  • Type y and press enter to confirm your choices.
  • Press enter to close the window.
  • Upon finishing, its actions will produce a report (mlog.txt)
  • Post that report in your next reply

  • 0

#12
Maria10
Posted 26 May 2012 - 08:09 PM

Maria10

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 105 posts
Hey Amlak

Here you are... please see the attachment :-)

Cheers

Attached Files

  • Attached File  mlog.txt   418bytes   487 downloads

  • 0

#13
Amlak
Posted 27 May 2012 - 01:34 AM

Amlak

    Member 1K

  • Member
  • PipPipPipPip
  • 1,470 posts
What happens when you reboot back into normal Windows now?
  • 0

#14
Maria10
Posted 27 May 2012 - 02:06 AM

Maria10

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 105 posts
Once i remove the xPUD CD and start the computer the blue screen is back... and it reboots non-stop :upset:
  • 0

#15
Amlak
Posted 27 May 2012 - 11:43 PM

Amlak

    Member 1K

  • Member
  • PipPipPipPip
  • 1,470 posts
Hey, Maria10. I have a question. When you attempt to boot into Safe Mode, at the screen where a list of files loading is displayed, what is the last file that is stated on that screen before the Blue Screen appears? Find out which file it is (and write it down on a piece of paper or something), and then do the following:

  • Connect your USB stick to the concerned computer.
  • Boot the computer using the boot CD you created the first time (Reatogo).
  • Your system should eventually display a REATOGO-X-PE desktop.

Once it's fully loaded, click on the Start button, then on Run. In the Run text field, type in:
cmd
and press Enter.

When the Command Prompt appears, type in:
chkdsk /r c:
and press Enter.

It might (but not necessarily) ask you a question to which you simply respond by typing Y and pressing Enter.

Now let it do its chkdsk process. This may take quite a while, so take a break and relax while it does its thing. But every now and then (if you can), look at the screen and see if there are errors and/or bad sectors being mentioned. As it would be good to let me know if there are any.

Once it's done, proceed with the following:

  • Double-click on the OTLPE icon.
  • When asked "Do you wish to load the remote registry", select Yes
  • When asked "Do you wish to load remote user profile(s) for scanning", select Yes
  • Ensure the box "Automatically Load All Remaining Users" is checked and press OK
  • OTL should now start. Change the following settings
    • Change Drivers to All
    • Change Standard Registry to All
  • Press Run Scan to start the scan.
  • When finished, the file will be saved in drive C:\OTL.txt
  • Copy this file to your USB drive.
  • Make sure you post the contents of the C:\OTL.txt file in your reply.
  • Restart the computer and tell me if it boots into Windows or not.

  • 0
Back to Computer Won't Boot - Malware Related · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Computer Won't Boot - Malware Related

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP