Please your expert help !!!!
My computer (IBM Lenovo T60 running Microsoft XP) is starting on a blue screen and keeps rebooting even when i try to go into safe mode it will not allow me... i can see the safe mode options but once i select one of them it will start rebooting
I searched and found on your forum someone who had the same problem... but the resolution was not taken further as this person stopped posting feedback... Anyway,
I was looking into the http://www.geekstogo...cause-of-virus/ and following the steps given in there for the blue screen with exactly same error...
1- Stop: 0x0000007b
2- (0xF7A64524,0xC0000034,0x00000000,0x00000000)
3- there is nothing below this stop message so nothing for this option 3
I've burned OTLPE on a CD and ran in the infected computer...
In the box down where it says Custom scan i paste this:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
and got the following report:
OTL logfile created on: 5/24/2012 1:15:53 AM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 86.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 95.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 20.02 Gb Total Space | 0.01 Gb Free Space | 0.03% Space Free | Partition Type: NTFS
Drive D: | 35.87 Gb Total Space | 5.39 Gb Free Space | 15.03% Space Free | Partition Type: NTFS
Drive E: | 960.47 Mb Total Space | 865.64 Mb Free Space | 90.13% Space Free | Partition Type: FAT
Drive X: | 284.12 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet002
========== Win32 Services (SafeList) ==========
SRV - File not found [On_Demand] -- -- (iPod Service)
SRV - File not found [Auto] -- -- (cmdAgent)
SRV - File not found [Auto] -- -- (avg8wd)
SRV - File not found [Auto] -- -- (avg8emc)
SRV - [2008/05/16 05:52:12 | 000,032,768 | ---- | M] (Lenovo Group Limited) [Auto] -- C:\Program Files\Lenovo\System Update\SUService.exe -- (SUService)
SRV - [2007/03/21 08:42:38 | 000,364,629 | ---- | M] (Atheros) [Auto] -- C:\WINDOWS\system32\acs.exe -- (acs)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | System] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand] -- -- (GEARAspiWDM)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - [2008/07/06 13:15:57 | 000,087,056 | ---- | M] (COMODO) [File_System | System] -- C:\WINDOWS\system32\drivers\cmdguard.sys -- (cmdGuard)
DRV - [2008/07/06 13:15:57 | 000,079,760 | ---- | M] (COMODO) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\inspect.sys -- (Inspect)
DRV - [2008/07/06 13:15:57 | 000,024,208 | ---- | M] (COMODO) [Kernel | System] -- C:\WINDOWS\system32\drivers\cmdhlp.sys -- (cmdHlp)
DRV - [2008/07/06 13:14:10 | 000,076,040 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Auto] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2008/07/06 13:14:06 | 000,096,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2008/07/06 13:14:05 | 000,026,824 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2007/07/03 13:46:24 | 000,057,344 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\wsimd.sys -- (WSIMD)
DRV - [2007/02/19 01:56:46 | 000,021,376 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\psadd.sys -- (psadd)
DRV - [2004/08/03 19:03:36 | 000,088,448 | ---- | M] (Microsoft Corporation) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2001/08/18 10:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2001/08/18 10:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
DRV - [2001/08/17 08:48:14 | 000,011,520 | ---- | M] (IBM Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\TwoTrack.sys -- (TwoTrack)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Kursad_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.co.uk/0...S01?FORM=TOOLBR
IE - HKU\Kursad_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKU\Kursad_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Kursad_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.0: C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
FF - HKCU\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine: File not found
O1 HOSTS File: ([2001/08/18 10:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - File not found
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKU\Kursad_ON_C\..\Toolbar\ShellBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKU\Kursad_ON_C\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O4 - HKLM..\Run: [AVG8_TRAY] File not found
O4 - HKLM..\Run: [COMODO Firewall Pro] File not found
O4 - HKLM..\Run: [SoundMax] D:\DRIVERS\Win\Audio\SM_PANEL\SYS\SMAX4.EXE (Analog Devices, Inc.)
O4 - HKLM..\Run: [TrackPointSrv] C:\WINDOWS\System32\tp4mon.exe (IBM Corporation)
O4 - HKLM..\Run: [WinampAgent] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Kursad_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O8 - Extra context menu item: Open in new background tab - C:\Program Files\Windows Live Toolbar\Components\en-gb\msntabres.dll.mui (Microsoft Corporation)
O8 - Extra context menu item: Open in new foreground tab - C:\Program Files\Windows Live Toolbar\Components\en-gb\msntabres.dll.mui (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1337453138062 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1337453106500 (MUWebControl Class)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} http://acs.pandasoft...s/as2stubie.cab (ActiveScan 2.0 Installer Class)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - File not found
O20 - AppInit_DLLs: (avgrsstx.dll) - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - AppInit_DLLs: (C:\WINDOWS\system32\guard32.dll) - C:\WINDOWS\system32\guard32.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O30 - LSA: Authentication Packages - (nwprovau) - C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/07/06 10:42:22 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/11/19 16:24:41 | 000,000,090 | ---- | M] () - C:\AUTORUN.INF -- [ NTFS ]
O32 - AutoRun File - [2008/07/06 20:24:36 | 000,000,090 | ---- | M] () - D:\AUTORUN.INF -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\C\Shell\AutoRun\command - "" = C:\setupSNK.exe -- [2004/08/03 20:56:58 | 000,028,672 | ---- | M] (Microsoft Corporation)
O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\setupSNK.exe -- [2004/08/03 19:56:58 | 000,028,672 | ---- | M] (Microsoft Corporation)
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4b218e3e-bc98-4770-93d3-2731b9329278} - %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection MarketplaceLinkInstall 896 %systemroot%\inf\ie.inf
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - %SystemRoot%\system32\ie4uinit.exe
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} -
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
========== Files/Folders - Created Within 30 Days ==========
[2012/05/24 00:39:42 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/05/19 21:49:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVSoftware
[2012/05/19 20:14:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kursad\Application Data\PC Cleaners
[2012/05/19 20:14:26 | 004,101,392 | ---- | C] (PC Cleaners) -- C:\WINDOWS\uninst.exe
[2012/05/19 20:14:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kursad\Application Data\PCPro
[2012/05/19 20:14:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC1Data
[2012/05/19 20:08:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ErrorEND
[2012/05/19 18:40:53 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/05/19 14:51:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2012/05/19 14:46:15 | 000,015,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuapi.dll.mui
[2012/05/19 13:20:48 | 000,237,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\unicows.dll
[2012/05/19 11:23:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2012/05/19 11:19:48 | 000,042,496 | ---- | C] (IBM Corporation) -- C:\WINDOWS\System32\tp4res.dll
[2012/05/19 11:19:48 | 000,031,744 | ---- | C] (IBM Corporation) -- C:\WINDOWS\System32\tp4.dll
[2012/05/19 11:19:48 | 000,011,520 | ---- | C] (IBM Corporation) -- C:\WINDOWS\System32\drivers\TwoTrack.sys
[2012/05/19 11:19:41 | 000,082,432 | ---- | C] (IBM Corporation) -- C:\WINDOWS\System32\tp4mon.exe
[2012/05/19 11:06:07 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2012/05/18 18:21:11 | 000,000,000 | ---D | C] -- C:\SWTOOLS
[9 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2012/05/20 10:53:20 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/05/20 10:26:21 | 000,000,443 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.ics
[2012/05/20 10:09:01 | 000,000,256 | ---- | M] () -- C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job
[2012/05/20 10:01:19 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/05/19 22:00:00 | 000,000,384 | ---- | M] () -- C:\WINDOWS\tasks\ErrorEND.job
[2012/05/19 20:14:15 | 004,101,392 | ---- | M] (PC Cleaners) -- C:\WINDOWS\uninst.exe
[2012/05/19 18:44:34 | 000,114,176 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/05/19 18:41:06 | 000,000,000 | R--D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup
[2012/05/19 15:48:59 | 000,000,268 | -H-- | M] () -- C:\sqmdata01.sqm
[2012/05/19 15:48:59 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm
[2012/05/19 15:21:23 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/05/19 15:07:54 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/05/19 15:00:49 | 000,000,268 | -H-- | M] () -- C:\sqmdata00.sqm
[2012/05/19 15:00:49 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
[2012/05/19 14:04:17 | 000,392,864 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/05/19 14:04:17 | 000,058,998 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/05/19 13:20:45 | 000,001,857 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\MSN Installer.lnk
[9 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
========== Files Created - No Company Name ==========
[2012/05/19 20:08:48 | 000,000,384 | ---- | C] () -- C:\WINDOWS\tasks\ErrorEND.job
[2012/05/19 15:48:59 | 000,000,268 | -H-- | C] () -- C:\sqmdata01.sqm
[2012/05/19 15:48:59 | 000,000,244 | -H-- | C] () -- C:\sqmnoopt01.sqm
[2012/05/19 15:00:49 | 000,000,268 | -H-- | C] () -- C:\sqmdata00.sqm
[2012/05/19 15:00:49 | 000,000,244 | -H-- | C] () -- C:\sqmnoopt00.sqm
[2011/09/06 08:12:23 | 000,163,896 | ---- | C] () -- C:\WINDOWS\sequencer.exe
[2008/07/06 13:31:10 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/07/06 13:15:58 | 000,143,104 | ---- | C] () -- C:\WINDOWS\System32\guard32.dll
[2008/07/06 11:28:02 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/07/06 11:26:53 | 000,114,176 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/07/06 10:59:21 | 000,651,264 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2008/07/06 10:59:21 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2008/07/06 10:47:56 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008/07/06 10:36:07 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/03 21:07:22 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2004/08/03 20:56:44 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
[2004/08/02 10:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2001/08/23 08:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/23 08:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/08/18 10:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2001/08/18 10:00:00 | 000,392,864 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2001/08/18 10:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2001/08/18 10:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2001/08/18 10:00:00 | 000,058,998 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2001/08/18 10:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2001/08/18 10:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2001/08/18 10:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
========== LOP Check ==========
[2012/05/19 20:14:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kursad\Application Data\PC Cleaners
[2012/05/19 20:14:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kursad\Application Data\PCPro
[2012/05/19 21:49:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVSoftware
[2012/05/19 20:08:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ErrorEND
[2008/07/06 15:29:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2012/05/19 20:14:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC1Data
[2012/05/20 10:09:01 | 000,000,256 | ---- | M] () -- C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job
[2012/05/19 22:00:00 | 000,000,384 | ---- | M] () -- C:\WINDOWS\Tasks\ErrorEND.job
========== Purity Check ==========
========== Custom Scans ==========
Invalid Environment Variable: %ALLUSERSPROFILE%\Application Data\*.
Invalid Environment Variable: %ALLUSERSPROFILE%\Application Data\*.exe
Invalid Environment Variable: %APPDATA%\*.
Invalid Environment Variable: %APPDATA%\*.exe
< %SYSTEMDRIVE%\*.exe >
[2004/08/03 20:56:58 | 000,028,672 | ---- | M] (Microsoft Corporation) -- C:\setupSNK.exe
[1 C:\*.tmp files -> C:\*.tmp -> ]
< MD5 for: AGP440.SYS >
[2004/08/03 21:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
< MD5 for: ATAPI.SYS >
[2004/08/03 21:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2004/08/03 17:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2004/08/03 17:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 18:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0007\DriverFiles\i386\atapi.sys
< MD5 for: EVENTLOG.DLL >
[2004/08/03 20:56:44 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2004/08/03 20:56:44 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\system32\eventlog.dll
< MD5 for: NETLOGON.DLL >
[2009/02/06 14:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\SoftwareDistribution\Download\78cf8552430e25a8f24bc1e4dfb1970e\sp2qfe\netlogon.dll
[2009/02/06 14:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\SoftwareDistribution\Download\7b97093d107dfa9fd1d666fcbee1e1d6\sp2qfe\netlogon.dll
[2009/02/06 14:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\SoftwareDistribution\Download\de81b460c3abcfc5b8494c785a5f3944\sp2qfe\netlogon.dll
[2004/08/03 20:56:46 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2004/08/03 20:56:46 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\system32\netlogon.dll
< MD5 for: SCECLI.DLL >
[2004/08/03 20:56:46 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\system32\dllcache\scecli.dll
[2004/08/03 20:56:46 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\system32\scecli.dll
< MD5 for: USERINIT.EXE >
[2004/08/03 20:56:58 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\system32\dllcache\userinit.exe
[2004/08/03 20:56:58 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\system32\userinit.exe
< %systemroot%\system32\drivers\*.sys /lockedfiles >
< %systemroot%\System32\config\*.sav >
[2008/07/06 11:26:01 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2008/07/06 11:26:01 | 000,659,456 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2008/07/06 11:26:01 | 000,897,024 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.dll /lockedfiles >
[2008/06/20 13:41:10 | 000,148,992 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dnsapi.dll
[2004/08/03 20:56:44 | 000,274,944 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\mstask.dll
[2004/08/03 20:56:46 | 000,067,072 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\ntdsapi.dll
[2004/08/03 20:56:46 | 001,483,264 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\shdocvw.dll
[2008/07/03 09:16:57 | 008,454,656 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\shell32.dll
[9 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
< End of report >
****Then i click on "Run Fix" and the following report came up:
Error: Unable to interpret <%ALLUSERSPROFILE%\Application Data\*.> in the current context!
Error: Unable to interpret <%ALLUSERSPROFILE%\Application Data\*.exe /s> in the current context!
Error: Unable to interpret <%APPDATA%\*.> in the current context!
Error: Unable to interpret <%APPDATA%\*.exe /s> in the current context!
Error: Unable to interpret <%SYSTEMDRIVE%\*.exe> in the current context!
Error: Unable to interpret </md5start> in the current context!
Error: Unable to interpret <userinit.exe> in the current context!
Error: Unable to interpret <eventlog.dll> in the current context!
Error: Unable to interpret <scecli.dll> in the current context!
Error: Unable to interpret <netlogon.dll> in the current context!
Error: Unable to interpret <cngaudit.dll> in the current context!
Error: Unable to interpret <sceclt.dll> in the current context!
Error: Unable to interpret <ntelogon.dll> in the current context!
Error: Unable to interpret <logevent.dll> in the current context!
Error: Unable to interpret <iaStor.sys> in the current context!
Error: Unable to interpret <nvstor.sys> in the current context!
Error: Unable to interpret <atapi.sys> in the current context!
Error: Unable to interpret <IdeChnDr.sys> in the current context!
Error: Unable to interpret <viasraid.sys> in the current context!
Error: Unable to interpret <AGP440.sys> in the current context!
Error: Unable to interpret <vaxscsi.sys> in the current context!
Error: Unable to interpret <nvatabus.sys> in the current context!
Error: Unable to interpret <viamraid.sys> in the current context!
Error: Unable to interpret <nvata.sys> in the current context!
Error: Unable to interpret <nvgts.sys> in the current context!
Error: Unable to interpret <iastorv.sys> in the current context!
Error: Unable to interpret <ViPrt.sys> in the current context!
Error: Unable to interpret <eNetHook.dll> in the current context!
Error: Unable to interpret <ahcix86.sys> in the current context!
Error: Unable to interpret <KR10N.sys> in the current context!
Error: Unable to interpret <nvstor32.sys> in the current context!
Error: Unable to interpret <ahcix86s.sys> in the current context!
Error: Unable to interpret </md5stop> in the current context!
Error: Unable to interpret <%systemroot%\system32\drivers\*.sys /lockedfiles> in the current context!
Error: Unable to interpret <%systemroot%\System32\config\*.sav> in the current context!
Error: Unable to interpret <%systemroot%\*. /mp /s> in the current context!
Error: Unable to interpret <%systemroot%\system32\*.dll /lockedfiles> in the current context!
OTLPE by OldTimer - Version 3.1.48.0 log created on 05242012_012142
After that i tried to re-start the computer but the same blue screen came up and it kept rebooting until i switch it off.
Could you please guide me on what to do next... i have all my files in there and don't want to format it.
Thank you in advance for your time and attention.
Maria10