Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

DOS/Alureon.A > STOP: 0x0000007B


  • This topic is locked This topic is locked
14 replies to this topic

#1 Kezar

Kezar

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:20 AM

Posted 14 September 2012 - 10:37 PM

Windows Defender Offline indicated DOS/Alureon.A

I used the recover console to fix the MBR, and replace atapi.sys

Now the computer goes to BSOD (Stop: 0x0000007B (0xF789E528, 0xC0000034, 0x00000000, 0x00000000)

Thanks for your help.

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 14-09-2012 01
Ran by SYSTEM at 14-09-2012 23:23:30
Running from D:\
Microsoft Windows XP Service Pack 2 (X86) OS Language: Georgian
The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [931200 2012-03-26] (Microsoft Corporation)
HKLM\...\Run: [Conime] %windir%\system32\conime.exe [x]
HKU\Administrator\...\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe [15360 2008-04-14] (Microsoft Corporation)
HKU\LocalService\...\Run: [Exetender] "C:\Program Files\Free Ride Games\GPlayer.exe /runonstartup" [1737216 2009-08-27] (Exent Technologies Ltd.)
HKU\NetworkService\...\Run: [Exetender] "C:\Program Files\Free Ride Games\GPlayer.exe /runonstartup" [1737216 2009-08-27] (Exent Technologies Ltd.)
HKU\User\...\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe [15360 2008-04-14] (Microsoft Corporation)
HKU\User\...\Run: [Tffaft] C:\Documents and Settings\User\Application Data\Tffaft.scr [x]
HKU\User\...\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background [x]
HKU\User\...\Run: [McAfee Update] C:\DOCUME~1\User\LOCALS~1\Temp\mcupdate_1347573092.exe /insfin C:\DOCUME~1\User\LOCALS~1\Temp\mcupdate_1347573092.ini /syncfin [x]
Winlogon\Notify\NavLogon:
Winlogon\Notify\WgaLogon: WgaLogon.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.100.100
IMEO\taskmgr.exe: [Debugger] "C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\MY DOCUMENTS\DOWNLOADS\PROCEXP.EXE"
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutorunsDisabled ()

==================== Services ================================

2 Eventlog; C:\Windows\System32\services.exe [110592 2009-02-06] (Microsoft Corporation)
4 getPlusHelper; C:\Program Files\NOS\bin\getPlus_Helper.dll [51168 2009-09-23] (NOS Microsystems Ltd.)
2 Kodak AiO Network Discovery Service; C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe [394712 2012-06-19] (Eastman Kodak Company)
2 Kodak AiO Status Monitor Service; "C:\Program Files\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe" [777728 2012-06-19] (Eastman Kodak Company)
3 FontCache3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [x]
3 idsvc; "c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe" [x]
2 JavaQuickStarterService; "C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf" [x]
2 MsMpSvc; "c:\Program Files\Microsoft Security Client\MsMpEng.exe" [x]
4 NetTcpPortSharing; "c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe" [x]

==================== Drivers =================================

2 AegisP; C:\Windows\System32\DRIVERS\AegisP.sys [21361 2010-10-20] (Cisco Systems, Inc.)
3 b57w2k; C:\Windows\System32\DRIVERS\b57xp32.sys [132608 2005-03-17] (Broadcom Corporation)
2 EAPPkt; C:\Windows\System32\DRIVERS\EAPPkt.sys [38144 2007-10-09] (Realtek)
3 ialm; C:\Windows\System32\DRIVERS\ialmnt5.sys [1302812 2005-10-14] (Intel Corporation)
0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [171064 2012-03-21] (Microsoft Corporation)
1 MpKsl7b1ba71d; \??\c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3E1ED0CE-BD84-4917-99A8-84B723779914}\MpKsl7b1ba71d.sys [29904 2012-09-14] (Microsoft Corporation)
3 RTL8187B; C:\Windows\System32\DRIVERS\wg111v3.sys [341504 2009-07-31] (Realtek Semiconductor Corporation )
3 senfilt; C:\Windows\System32\drivers\senfilt.sys [732928 2004-09-17] (Creative Technology Ltd.)
2 X4HS32Ex; \??\C:\Program Files\Free Ride Games\X4HS32Ex.Sys [53280 2009-04-06] (Exent Technologies Ltd.)
4 Abiosdsk; [x]
4 abp480n5; [x]
4 adpu160m; [x]
4 Aha154x; [x]
4 aic78u2; [x]
4 aic78xx; [x]
4 AliIde; [x]
4 amsint; [x]
4 asc; [x]
4 asc3350p; [x]
4 asc3550; [x]
4 Atdisk; [x]
4 cd20xrnt; [x]
4 CmdIde; [x]
4 Cpqarray; [x]
4 dac2w2k; [x]
4 dac960nt; [x]
4 dpti2o; [x]
4 hpn; [x]
4 i2omp; [x]
4 ini910u; [x]
4 IntelIde; [x]
4 mraid35x; [x]
4 perc2; [x]
4 perc2hib; [x]
4 ql1080; [x]
4 Ql10wnt; [x]
4 ql12160; [x]
4 ql1240; [x]
4 ql1280; [x]
4 Simbad; [x]
4 Sparrow; [x]
4 symc810; [x]
4 symc8xx; [x]
4 sym_hi; [x]
4 sym_u3; [x]
4 TosIde; [x]
4 ultra; [x]
4 ViaIde; [x]

==================== NetSvcs (Whitelisted) =================


============ One Month Created Files and Folders ==============

2012-09-14 23:35 - 2008-04-14 04:10 - 00096512 ____A (Microsoft Corporation) C:\Documents and Settings\User\atapi.sys
2012-09-14 23:13 - 2012-09-14 23:13 - 00000000 ____D C:\FRST
2012-09-14 23:07 - 2012-09-14 23:07 - 00000000 ____A C:\RootKitty.log
2012-09-14 23:06 - 2012-09-14 23:07 - 00121220 ____A C:\PE-Files.txt
2012-09-14 23:04 - 2012-09-14 23:06 - 00121220 ____A C:\Win-Files.txt
2012-09-14 22:59 - 2012-09-14 22:59 - 00000264 ____A C:\Windows\UPGRADE.TXT
2012-09-14 22:59 - 2012-09-14 22:59 - 00000000 _RSHD C:\cmdcons
2012-09-14 22:59 - 2012-09-14 22:59 - 00000000 ____D C:\Windows\setup.pss
2012-09-14 22:59 - 2012-09-14 22:41 - 00000239 __ASH C:\BOOT.BAK
2012-09-14 22:59 - 2008-04-14 12:00 - 00260288 __RSH C:\cmldr
2012-09-14 22:58 - 2012-09-14 22:59 - 00018311 ____A C:\Windows\wsdu.log
2012-09-14 22:58 - 2012-09-14 22:58 - 00000000 ____D C:\Windows\setupupd
2012-09-14 22:43 - 2012-09-14 22:59 - 00014793 ____A C:\Windows\WINNT32.LOG
2012-09-14 22:43 - 2012-09-14 22:58 - 00000712 ____A C:\Windows\DHCPUPG.LOG
2012-09-14 21:58 - 2008-04-14 00:10 - 00096512 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\atapi.sys
2012-09-14 21:49 - 2012-09-14 21:51 - 00000000 ____D C:\Documents and Settings\User\Application Data\LimeWire
2012-09-14 12:43 - 2012-09-15 04:00 - 00000000 ____D C:\Windows\Microsoft Antimalware
2012-09-14 08:19 - 2012-09-14 08:19 - 00000000 __HDC C:\Windows\$NtUninstallKB932716-v2$
2012-09-14 08:18 - 2012-09-14 08:19 - 00005870 ____A C:\Windows\KB932716-v2.log
2012-09-14 08:18 - 2008-05-02 13:25 - 00465920 ____N (Microsoft Corporation) C:\Windows\System32\imapi2fs.dll
2012-09-14 08:18 - 2008-05-02 13:25 - 00465920 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\imapi2fs.dll
2012-09-14 08:18 - 2008-05-02 13:25 - 00317952 ____N (Microsoft Corporation) C:\Windows\System32\imapi2.dll
2012-09-14 08:18 - 2008-05-02 13:25 - 00317952 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\imapi2.dll
2012-09-14 08:18 - 2008-05-02 10:49 - 00062976 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\cdrom.sys
2012-09-14 07:03 - 2012-09-14 07:03 - 00000129 ____A C:\Windows\System32\MRT.INI
2012-09-14 07:03 - 2012-09-14 07:03 - 00000000 __SHD C:\Documents and Settings\Default User\IETldCache
2012-09-14 02:24 - 2012-09-14 23:12 - 00000384 ___AH C:\Windows\Tasks\Microsoft Antimalware Scheduled Scan.job
2012-09-14 02:16 - 2012-01-31 12:44 - 00237072 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2012-09-14 02:15 - 2012-09-14 02:15 - 00001945 ____A C:\Windows\epplauncher.mif
2012-09-14 02:14 - 2012-09-14 02:15 - 00000000 ____D C:\Program Files\Microsoft Security Client
2012-09-14 01:54 - 2012-09-14 01:54 - 00000000 ____D C:\Documents and Settings\Administrator\Desktop\Autoruns
2012-09-14 01:54 - 2012-09-14 01:54 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\WinRAR
2012-09-14 01:35 - 2008-04-14 12:00 - 00000734 ____A C:\Windows\System32\Drivers\etc\hosts.20120913-213515.backup
2012-09-14 00:00 - 2012-09-14 00:00 - 00000290 ____A C:\Windows\wininit.ini
2012-09-13 22:32 - 2012-09-13 22:32 - 00000000 ____D C:\Documents and Settings\User\Application Data\Malwarebytes
2012-09-13 05:54 - 2012-09-13 05:54 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\Malwarebytes
2012-09-13 05:53 - 2012-09-13 05:53 - 00000784 ____A C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2012-09-13 05:53 - 2012-09-13 05:53 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2012-09-13 05:53 - 2012-09-13 05:53 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes
2012-09-13 05:53 - 2012-09-07 21:04 - 00022856 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-09-13 05:51 - 2012-09-13 05:51 - 10524080 ____A (Malwarebytes Corporation ) C:\Documents and Settings\Administrator\Desktop\mbam-setup-1.65.0.1400.exe
2012-09-13 05:13 - 2012-09-13 05:53 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2012-09-13 05:13 - 2012-09-13 05:14 - 00000000 ____D C:\Program Files\Spybot - Search & Destroy
2012-09-13 05:13 - 2012-09-13 05:13 - 00000933 ____A C:\Documents and Settings\Administrator\Desktop\Spybot - Search & Destroy.lnk
2012-09-13 05:12 - 2012-09-13 05:12 - 16409960 ____A (Safer Networking Limited ) C:\Documents and Settings\Administrator\Desktop\spybotsd162.exe
2012-09-13 04:50 - 2012-09-13 04:50 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\Yahoo!
2012-09-13 04:50 - 2012-09-13 04:50 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\Windows Search
2012-09-13 04:50 - 2012-09-13 04:50 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\Google
2012-09-13 04:50 - 2012-09-13 04:50 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\FCTB000100815
2012-09-13 04:50 - 2012-09-13 04:50 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\FCTB000060231
2012-09-13 04:50 - 2012-09-13 04:50 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\alot
2012-09-12 23:58 - 2012-09-14 08:13 - 00000805 ____A C:\Removed items.txt
2012-09-12 23:58 - 2012-09-14 07:03 - 00000000 ____D C:\Windows\System32\MpEngineStore
2012-09-12 23:30 - 2012-09-12 23:18 - 71719480 ____A (Microsoft Corporation) C:\Documents and Settings\Administrator\Desktop\msert.exe
2012-09-12 23:29 - 2012-09-12 23:29 - 00073848 ____A C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2012-09-12 23:28 - 2012-09-13 04:53 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\PriceGong
2012-09-12 23:26 - 2012-09-12 23:26 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\Windows Desktop Search
2012-09-12 23:26 - 2012-09-12 23:26 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\Real
2012-09-12 22:53 - 2012-09-12 22:53 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe
2012-09-12 22:34 - 2012-09-13 04:50 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\Google
2012-09-12 22:34 - 2012-09-12 22:34 - 00000000 ____D C:\Documents and Settings\LocalService\Application Data\Macromedia
2012-09-12 22:34 - 2012-09-12 22:34 - 00000000 ____D C:\Documents and Settings\LocalService\Application Data\Adobe
2012-09-12 22:33 - 2012-09-12 22:53 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\Adobe
2012-09-12 22:33 - 2012-09-12 22:33 - 00000000 __SHD C:\Documents and Settings\Administrator\PrivacIE
2012-09-12 22:32 - 2012-09-12 22:32 - 00000000 __SHD C:\Windows\CSC
2012-09-12 22:24 - 2012-09-12 22:24 - 00000000 __SHD C:\Documents and Settings\Administrator\IETldCache
2012-09-12 22:23 - 2012-09-14 22:24 - 00000178 __ASH C:\Documents and Settings\Administrator\ntuser.ini
2012-09-12 22:23 - 2012-09-14 22:20 - 00000062 __ASH C:\Documents and Settings\Administrator\Local Settings\desktop.ini
2012-09-12 22:23 - 2012-03-02 04:00 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft Help
2012-09-12 22:23 - 2009-10-29 14:27 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\Macromedia
2012-09-12 22:23 - 2009-10-28 15:13 - 00000062 __ASH C:\Documents and Settings\Administrator\Application Data\desktop.ini
2012-09-12 22:23 - 2008-04-14 09:41 - 00021504 ____A (Microsoft Corporation) C:\Windows\System32\hidserv.dll
2012-09-12 22:22 - 2012-09-14 01:55 - 00477072 ____A C:\Windows\ntbtlog.old
2012-09-11 22:27 - 2012-09-11 22:28 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\6F63A5690009EDE70000DA717B07D287
2012-09-11 22:26 - 2012-09-14 02:07 - 00000112 ____A C:\Documents and Settings\All Users\Application Data\1a2377.dat
2012-09-11 22:07 - 2012-09-11 22:21 - 00000000 ____D C:\Documents and Settings\User\Local Settings\Application Data\Eastman_Kodak_Company
2012-09-11 22:05 - 2012-09-11 22:05 - 00001859 ____A C:\Documents and Settings\All Users\Desktop\KODAK AiO Home Center.lnk
2012-09-11 22:03 - 2012-09-11 22:03 - 00283240 ____A C:\Documents and Settings\User\Desktop\Kodak_Win_Printer_Driver_V7_4_4_20_WHQL.exe
2012-09-11 22:03 - 2012-09-11 22:03 - 00001790 ____A C:\Documents and Settings\All Users\Desktop\Get CleanPrint.lnk
2012-09-11 22:02 - 2012-09-11 22:02 - 00000000 ____D C:\Documents and Settings\All Users\Kodak
2012-09-11 21:17 - 2012-09-11 21:17 - 00000664 ____A C:\Windows\System32\d3d9caps.dat
2012-09-11 02:39 - 2012-09-11 02:56 - 00023236 ____A C:\Windows\DPINST.LOG
2012-09-11 01:41 - 2012-09-11 01:41 - 00000000 ____D C:\Documents and Settings\User\Local Settings\Application Data\Eastman Kodak Company
2012-09-11 01:38 - 2012-09-11 22:01 - 00000000 ____D C:\Program Files\Kodak
2012-09-11 01:38 - 2012-09-11 01:38 - 00000000 ____D C:\Program Files\MSXML 6.0
2012-09-10 22:23 - 2012-09-10 22:23 - 12603960 ____A (Eastman Kodak Company) C:\Documents and Settings\User\Desktop\aio_install.exe
2012-09-10 21:19 - 2012-09-10 21:19 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\SSScanAppDataDir
2012-09-10 21:18 - 2012-09-10 21:18 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir
2012-09-04 19:12 - 2012-09-04 19:12 - 00000000 ____D C:\Documents and Settings\NetworkService\Application Data\Macromedia
2012-09-04 10:38 - 2012-09-04 10:38 - 00000000 ____D C:\Documents and Settings\NetworkService\Application Data\Adobe
2012-08-16 03:02 - 2012-08-16 03:02 - 00000000 __HDC C:\Windows\$NtUninstallKB2712808$
2012-08-16 03:01 - 2012-08-16 03:01 - 00014900 ____A C:\Windows\KB2731847.log
2012-08-16 03:01 - 2012-08-16 03:01 - 00000000 __HDC C:\Windows\$NtUninstallKB2731847$
2012-08-16 02:58 - 2012-08-16 02:58 - 00000000 __HDC C:\Windows\$NtUninstallKB2705219$
2012-08-16 02:57 - 2012-08-16 02:57 - 00013515 ____A C:\Windows\KB2723135.log
2012-08-16 02:57 - 2012-08-16 02:57 - 00000000 __HDC C:\Windows\$NtUninstallKB2723135$
2012-08-16 02:54 - 2012-08-16 02:55 - 00017947 ____A C:\Windows\KB2722913-IE8.log
2012-08-15 21:27 - 2012-08-16 03:02 - 00019171 ____A C:\Windows\KB2712808.log
2012-08-15 21:26 - 2012-08-16 02:58 - 00018778 ____A C:\Windows\KB2705219.log


============ 3 Months Modified Files ========================

2012-09-14 23:37 - 2009-10-28 20:20 - 01796363 ____A C:\Windows\WindowsUpdate.log
2012-09-14 23:12 - 2012-09-14 02:24 - 00000384 ___AH C:\Windows\Tasks\Microsoft Antimalware Scheduled Scan.job
2012-09-14 23:07 - 2012-09-14 23:07 - 00000000 ____A C:\RootKitty.log
2012-09-14 23:07 - 2012-09-14 23:06 - 00121220 ____A C:\PE-Files.txt
2012-09-14 23:06 - 2012-09-14 23:04 - 00121220 ____A C:\Win-Files.txt
2012-09-14 23:04 - 2009-10-28 15:12 - 00833441 ____A C:\Windows\setupapi.log
2012-09-14 23:04 - 2008-04-14 12:00 - 00002206 ____A C:\Windows\System32\wpa.dbl
2012-09-14 23:02 - 2009-10-28 20:25 - 00000062 __ASH C:\Documents and Settings\User\Local Settings\desktop.ini
2012-09-14 23:02 - 2009-10-28 20:24 - 00000062 __ASH C:\Documents and Settings\NetworkService\Local Settings\desktop.ini
2012-09-14 23:02 - 2009-10-28 20:24 - 00000062 __ASH C:\Documents and Settings\LocalService\Local Settings\desktop.ini
2012-09-14 23:02 - 2009-10-28 20:24 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-09-14 23:02 - 2009-10-28 15:15 - 00000157 ____A C:\Windows\wiadebug.log
2012-09-14 23:02 - 2009-10-28 15:15 - 00000049 ____A C:\Windows\wiaservc.log
2012-09-14 22:59 - 2012-09-14 22:59 - 00000264 ____A C:\Windows\UPGRADE.TXT
2012-09-14 22:59 - 2012-09-14 22:58 - 00018311 ____A C:\Windows\wsdu.log
2012-09-14 22:59 - 2012-09-14 22:43 - 00014793 ____A C:\Windows\WINNT32.LOG
2012-09-14 22:59 - 2009-10-28 15:12 - 00176682 ____A C:\Windows\setupact.log
2012-09-14 22:58 - 2012-09-14 22:43 - 00000712 ____A C:\Windows\DHCPUPG.LOG
2012-09-14 22:49 - 2009-10-28 20:24 - 00032320 ____A C:\Windows\SchedLgU.Txt
2012-09-14 22:41 - 2012-09-14 22:59 - 00000239 __ASH C:\BOOT.BAK
2012-09-14 22:41 - 2009-10-28 20:25 - 00000278 ___SH C:\Documents and Settings\User\ntuser.ini
2012-09-14 22:41 - 2008-04-14 12:00 - 00000733 ____A C:\Windows\win.ini
2012-09-14 22:41 - 2008-04-14 12:00 - 00000227 ____A C:\Windows\system.ini
2012-09-14 22:24 - 2012-09-12 22:23 - 00000178 __ASH C:\Documents and Settings\Administrator\ntuser.ini
2012-09-14 22:20 - 2012-09-12 22:23 - 00000062 __ASH C:\Documents and Settings\Administrator\Local Settings\desktop.ini
2012-09-14 21:49 - 2009-10-28 15:11 - 00000440 _RASH C:\boot.ini
2012-09-14 08:19 - 2012-09-14 08:18 - 00005870 ____A C:\Windows\KB932716-v2.log
2012-09-14 08:19 - 2009-10-28 15:13 - 01752372 ____A C:\Windows\iis6.log
2012-09-14 08:19 - 2009-10-28 15:13 - 01575793 ____A C:\Windows\FaxSetup.log
2012-09-14 08:19 - 2009-10-28 15:13 - 00762640 ____A C:\Windows\ocgen.log
2012-09-14 08:19 - 2009-10-28 15:13 - 00724292 ____A C:\Windows\tsoc.log
2012-09-14 08:19 - 2009-10-28 15:13 - 00534934 ____A C:\Windows\comsetup.log
2012-09-14 08:19 - 2009-10-28 15:13 - 00491958 ____A C:\Windows\msmqinst.log
2012-09-14 08:19 - 2009-10-28 15:13 - 00322918 ____A C:\Windows\ntdtcsetup.log
2012-09-14 08:19 - 2009-10-28 15:13 - 00276789 ____A C:\Windows\netfxocm.log
2012-09-14 08:19 - 2009-10-28 15:13 - 00109012 ____A C:\Windows\MedCtrOC.log
2012-09-14 08:19 - 2009-10-28 15:13 - 00087411 ____A C:\Windows\ocmsn.log
2012-09-14 08:19 - 2009-10-28 15:13 - 00079935 ____A C:\Windows\tabletoc.log
2012-09-14 08:19 - 2009-10-28 15:13 - 00079048 ____A C:\Windows\msgsocm.log
2012-09-14 08:19 - 2009-10-28 15:13 - 00001374 ____A C:\Windows\imsins.log
2012-09-14 08:13 - 2012-09-12 23:58 - 00000805 ____A C:\Removed items.txt
2012-09-14 07:03 - 2012-09-14 07:03 - 00000129 ____A C:\Windows\System32\MRT.INI
2012-09-14 07:01 - 2009-10-28 20:57 - 62164608 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-09-14 02:15 - 2012-09-14 02:15 - 00001945 ____A C:\Windows\epplauncher.mif
2012-09-14 02:07 - 2012-09-11 22:26 - 00000112 ____A C:\Documents and Settings\All Users\Application Data\1a2377.dat
2012-09-14 02:02 - 2012-04-04 21:05 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-09-14 02:02 - 2012-04-02 22:28 - 00000284 ____A C:\Windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-2025429265-688789844-1417001333-1003.job
2012-09-14 02:02 - 2012-04-02 22:28 - 00000276 ____A C:\Windows\Tasks\RealUpgradeLogonTaskS-1-5-21-2025429265-688789844-1417001333-1003.job
2012-09-14 02:02 - 2011-12-20 22:47 - 00000878 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-09-14 01:55 - 2012-09-12 22:22 - 00477072 ____A C:\Windows\ntbtlog.old
2012-09-14 01:45 - 2011-12-20 22:47 - 00000882 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-09-14 01:35 - 2010-10-20 19:45 - 00000000 ____A C:\Windows\RTacDbg.txt
2012-09-14 00:00 - 2012-09-14 00:00 - 00000290 ____A C:\Windows\wininit.ini
2012-09-13 22:13 - 2012-06-08 02:10 - 00000260 ____A C:\Windows\System32\cmdVBS.vbs
2012-09-13 22:13 - 2012-06-08 02:10 - 00000256 ____A C:\Windows\System32\MSIevent.bat
2012-09-13 05:53 - 2012-09-13 05:53 - 00000784 ____A C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2012-09-13 05:51 - 2012-09-13 05:51 - 10524080 ____A (Malwarebytes Corporation ) C:\Documents and Settings\Administrator\Desktop\mbam-setup-1.65.0.1400.exe
2012-09-13 05:13 - 2012-09-13 05:13 - 00000933 ____A C:\Documents and Settings\Administrator\Desktop\Spybot - Search & Destroy.lnk
2012-09-13 05:12 - 2012-09-13 05:12 - 16409960 ____A (Safer Networking Limited ) C:\Documents and Settings\Administrator\Desktop\spybotsd162.exe
2012-09-12 23:29 - 2012-09-12 23:29 - 00073848 ____A C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2012-09-12 23:26 - 2009-10-28 20:18 - 00045240 ____A C:\Windows\wmsetup.log
2012-09-12 23:18 - 2012-09-12 23:30 - 71719480 ____A (Microsoft Corporation) C:\Documents and Settings\Administrator\Desktop\msert.exe
2012-09-11 22:36 - 2009-10-31 02:12 - 00347084 ____A C:\Documents and Settings\User\Local Settings\Application Data\installer.log
2012-09-11 22:15 - 2009-10-31 02:18 - 00000230 ____A C:\Documents and Settings\User\Local Settings\Application Data\LaunchHomeCenter.log
2012-09-11 22:05 - 2012-09-11 22:05 - 00001859 ____A C:\Documents and Settings\All Users\Desktop\KODAK AiO Home Center.lnk
2012-09-11 22:03 - 2012-09-11 22:03 - 00283240 ____A C:\Documents and Settings\User\Desktop\Kodak_Win_Printer_Driver_V7_4_4_20_WHQL.exe
2012-09-11 22:03 - 2012-09-11 22:03 - 00001790 ____A C:\Documents and Settings\All Users\Desktop\Get CleanPrint.lnk
2012-09-11 21:17 - 2012-09-11 21:17 - 00000664 ____A C:\Windows\System32\d3d9caps.dat
2012-09-11 02:56 - 2012-09-11 02:39 - 00023236 ____A C:\Windows\DPINST.LOG
2012-09-11 02:10 - 2012-01-25 23:20 - 00001813 ____A C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
2012-09-10 22:23 - 2012-09-10 22:23 - 12603960 ____A (Eastman Kodak Company) C:\Documents and Settings\User\Desktop\aio_install.exe
2012-09-07 21:04 - 2012-09-13 05:53 - 00022856 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-09-03 00:52 - 2012-01-30 00:00 - 00000406 ____A C:\Windows\System32\AppLog.log
2012-08-19 20:11 - 2010-10-20 00:21 - 00002515 ____A C:\Documents and Settings\User\Desktop\Microsoft Office Word 2007.lnk
2012-08-19 12:37 - 2012-01-14 19:25 - 00001729 ____A C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
2012-08-16 21:17 - 2010-11-05 08:31 - 00070861 ____A C:\Windows\Rp_SPA.log
2012-08-16 21:09 - 2009-10-28 15:12 - 00290088 ____A C:\Windows\System32\FNTCACHE.DAT
2012-08-16 03:02 - 2012-08-15 21:27 - 00019171 ____A C:\Windows\KB2712808.log
2012-08-16 03:02 - 2009-10-28 15:13 - 00001374 ____A C:\Windows\imsins.BAK
2012-08-16 03:01 - 2012-08-16 03:01 - 00014900 ____A C:\Windows\KB2731847.log
2012-08-16 02:58 - 2012-08-15 21:26 - 00018778 ____A C:\Windows\KB2705219.log
2012-08-16 02:58 - 2009-10-28 20:46 - 00122891 ____A C:\Windows\updspapi.log
2012-08-16 02:57 - 2012-08-16 02:57 - 00013515 ____A C:\Windows\KB2723135.log
2012-08-16 02:55 - 2012-08-16 02:54 - 00017947 ____A C:\Windows\KB2722913-IE8.log
2012-08-14 22:41 - 2012-04-04 21:05 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2012-08-14 22:41 - 2011-05-16 12:39 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2012-07-12 03:08 - 2012-07-12 03:08 - 00009667 ____A C:\Windows\KB2718523.log
2012-07-12 03:08 - 2012-07-11 20:59 - 00014348 ____A C:\Windows\KB2691442.log
2012-07-12 03:07 - 2012-07-11 20:58 - 00013459 ____A C:\Windows\KB2655992.log
2012-07-12 03:06 - 2012-07-11 20:57 - 00013097 ____A C:\Windows\KB2719985.log
2012-07-12 03:02 - 2012-07-12 03:01 - 00009024 ____A C:\Windows\KB2698365.log
2012-07-06 13:58 - 2008-04-14 12:00 - 00337920 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\netapi32.dll
2012-07-06 13:58 - 2008-04-14 12:00 - 00337920 ____A (Microsoft Corporation) C:\Windows\System32\netapi32.dll
2012-07-06 13:58 - 2008-04-14 12:00 - 00078336 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\browser.dll
2012-07-06 13:58 - 2008-04-14 12:00 - 00078336 ____A (Microsoft Corporation) C:\Windows\System32\browser.dll
2012-07-04 14:05 - 2009-10-28 20:18 - 00139784 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\rdpwd.sys
2012-07-04 14:05 - 2009-10-28 20:18 - 00139784 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-07-03 13:40 - 2008-04-14 12:00 - 01866112 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\win32k.sys
2012-07-03 13:40 - 2008-04-14 12:00 - 01866112 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-07-03 03:19 - 2009-10-28 20:59 - 11111424 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\ieframe.dll
2012-07-03 03:19 - 2009-03-08 08:39 - 11111424 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-07-02 17:49 - 2012-06-13 00:57 - 00521728 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\jsdbgui.dll
2012-07-02 17:49 - 2010-06-11 01:02 - 00743424 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\iedvtool.dll
2012-07-02 17:49 - 2009-10-28 20:59 - 02000384 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\iertutil.dll
2012-07-02 17:49 - 2009-10-28 20:59 - 00629760 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\msfeeds.dll
2012-07-02 17:49 - 2009-10-28 20:59 - 00247808 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\ieproxy.dll
2012-07-02 17:49 - 2009-10-28 20:59 - 00055296 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\msfeedsbs.dll
2012-07-02 17:49 - 2009-10-28 20:59 - 00012800 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\xpshims.dll
2012-07-02 17:49 - 2009-03-08 08:32 - 02000384 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-07-02 17:49 - 2009-03-08 08:32 - 00629760 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-07-02 17:49 - 2009-03-08 08:31 - 00055296 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2012-07-02 17:49 - 2008-04-14 12:00 - 06008320 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\mshtml.dll
2012-07-02 17:49 - 2008-04-14 12:00 - 06008320 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-07-02 17:49 - 2008-04-14 12:00 - 01469440 ____N (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-07-02 17:49 - 2008-04-14 12:00 - 01469440 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\inetcpl.cpl
2012-07-02 17:49 - 2008-04-14 12:00 - 01212416 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\urlmon.dll
2012-07-02 17:49 - 2008-04-14 12:00 - 01212416 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-07-02 17:49 - 2008-04-14 12:00 - 00916992 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\wininet.dll
2012-07-02 17:49 - 2008-04-14 12:00 - 00916992 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-07-02 17:49 - 2008-04-14 12:00 - 00611840 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\mstime.dll
2012-07-02 17:49 - 2008-04-14 12:00 - 00611840 ____A (Microsoft Corporation) C:\Windows\System32\mstime.dll
2012-07-02 17:49 - 2008-04-14 12:00 - 00387584 ____N (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2012-07-02 17:49 - 2008-04-14 12:00 - 00387584 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\iedkcs32.dll
2012-07-02 17:49 - 2008-04-14 12:00 - 00206848 ____N (Microsoft Corporation) C:\Windows\System32\occache.dll
2012-07-02 17:49 - 2008-04-14 12:00 - 00206848 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\occache.dll
2012-07-02 17:49 - 2008-04-14 12:00 - 00184320 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\iepeers.dll
2012-07-02 17:49 - 2008-04-14 12:00 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2012-07-02 17:49 - 2008-04-14 12:00 - 00105984 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\url.dll
2012-07-02 17:49 - 2008-04-14 12:00 - 00105984 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-07-02 17:49 - 2008-04-14 12:00 - 00067072 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\mshtmled.dll
2012-07-02 17:49 - 2008-04-14 12:00 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-07-02 17:49 - 2008-04-14 12:00 - 00043520 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\licmgr10.dll
2012-07-02 17:49 - 2008-04-14 12:00 - 00043520 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2012-07-02 17:49 - 2008-04-14 12:00 - 00025600 ____N (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-07-02 17:49 - 2008-04-14 12:00 - 00025600 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\jsproxy.dll
2012-07-02 12:05 - 2008-04-14 12:00 - 00385024 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2012-07-02 12:05 - 2008-04-14 12:00 - 00174080 ____N (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2012-07-02 12:05 - 2008-04-14 12:00 - 00174080 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\ie4uinit.exe
2012-07-01 18:34 - 2009-12-20 23:35 - 00007680 ____A C:\Documents and Settings\User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini


==================== Known DLLs (Whitelisted) =================


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points (XP) =====================


==================== Memory info ===========================

Percentage of memory in use: 10%
Total physical RAM: 3062.07 MB
Available physical RAM: 2735.96 MB
Total Pagefile: 2886.84 MB
Available Pagefile: 2771.86 MB
Total Virtual: 2047.88 MB
Available Virtual: 2003.8 MB

==================== Partitions ============================

1 Drive b: (RAMDisk) (Fixed) (Total:0.09 GB) (Free:0.09 GB) FAT
2 Drive c: () (Fixed) (Total:69.45 GB) (Free:48.21 GB) NTFS ==>[Drive with boot components (Windows XP)]
3 Drive d: () (Removable) (Total:3.74 GB) (Free:2.76 GB) FAT
4 Drive x: (UBCD4Windows) (CDROM) (Total:0.69 GB) (Free:0 GB) CDFS

Disk ### Status Size Free Dyn Gpt
-------- ---------- ------- ------- --- ---
Disk 0 Online 75 GB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 69 GB 32 KB
Partition 2 Extended 5177 MB 69 GB
Partition 3 Logical 5177 MB 69 GB
==================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C NTFS Partition 69 GB Healthy
==================================================================================

Disk: 0
Partition 3
Type : BC
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 ACRONIS SZ FAT32 Partition 5177 MB Healthy
==================================================================================
==================== End Of Log =============================

Edited by Farbar, 15 September 2012 - 08:41 AM.
Opened the log.


BC AdBot (Login to Remove)

 


#2 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,696 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:02:20 PM

Posted 15 September 2012 - 08:33 AM

Hello Kezar,

Welcome to the forum.

Let see if the things are not gone beyond repair. Please refrain from trying anything on your own from now on until we are node.

Please download Listparts
Run the tool, click Scan and post the log (Result.txt) it makes.

#3 Kezar

Kezar
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:20 AM

Posted 15 September 2012 - 09:14 AM

Thanks for your help.

ListParts by Farbar Version: 15-09-2012
Ran by SYSTEM (administrator) on 15-09-2012 at 10:12:10
Windows XP (X86)
Running From: B:\
Language: 0437
************************************************************

========================= Memory info ======================

Percentage of memory in use: 8%
Total physical RAM: 3062.07 MB
Available physical RAM: 2803.1 MB
Total Pagefile: 2886.83 MB
Available Pagefile: 2792.33 MB
Total Virtual: 2047.88 MB
Available Virtual: 2011 MB

======================= Partitions =========================

1 Drive b: (RAMDisk) (Fixed) (Total:0.09 GB) (Free:0.09 GB) FAT
2 Drive c: () (Fixed) (Total:69.45 GB) (Free:48.21 GB) NTFS ==>[Drive with boot components (Windows XP)]
3 Drive x: (UBCD4Windows) (CDROM) (Total:0.69 GB) (Free:0 GB) CDFS

Disk ### Status Size Free Dyn Gpt
-------- ---------- ------- ------- --- ---
Disk 0 Online 75 GB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 69 GB 32 KB
Partition 2 Extended 5177 MB 69 GB
Partition 3 Logical 5177 MB 69 GB
======================================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C NTFS Partition 69 GB Healthy
======================================================================================================

Disk: 0
Partition 3
Type : BC
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 ACRONIS SZ FAT32 Partition 5177 MB Healthy
======================================================================================================

****** End Of Log ******

Edited by Farbar, 15 September 2012 - 09:17 AM.
Opened the log.


#4 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,696 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:02:20 PM

Posted 15 September 2012 - 09:19 AM

Please copy and paste the logs instead of attaching them.

Download Attached File  fix.txt   69bytes   9 downloads
The fix.list should be saved in the same directory as ListParts.
Run ListParts, click Fix.
When it is finished click Scan and post the log (Result.txt) it makes.

Also restart, let it boot normally and tell me how it went.

#5 Kezar

Kezar
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:20 AM

Posted 15 September 2012 - 09:29 AM

ListParts by Farbar Version: 15-09-2012
Ran by SYSTEM (administrator) on 15-09-2012 at 10:25:45
Windows XP (X86)
Running From: B:\
Language: 0437
************************************************************

========================= Memory info ======================

Percentage of memory in use: 8%
Total physical RAM: 3062.07 MB
Available physical RAM: 2798.39 MB
Total Pagefile: 2886.83 MB
Available Pagefile: 2787.18 MB
Total Virtual: 2047.88 MB
Available Virtual: 2011 MB

======================= Partitions =========================

1 Drive b: (RAMDisk) (Fixed) (Total:0.09 GB) (Free:0.09 GB) FAT
2 Drive c: () (Fixed) (Total:69.45 GB) (Free:48.21 GB) NTFS ==>[Drive with boot components (Windows XP)]
3 Drive x: (UBCD4Windows) (CDROM) (Total:0.69 GB) (Free:0 GB) CDFS

Disk ### Status Size Free Dyn Gpt
-------- ---------- ------- ------- --- ---
Disk 0 Online 75 GB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 69 GB 32 KB
Partition 2 Extended 5177 MB 69 GB
Partition 3 Logical 5177 MB 69 GB
======================================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C NTFS Partition 69 GB Healthy
======================================================================================================

Disk: 0
Partition 3
Type : BC
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 ACRONIS SZ FAT32 Partition 5177 MB Healthy
======================================================================================================

****** End Of Log ******

Still unable to boot. Same BSOD.

#6 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,696 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:02:20 PM

Posted 15 September 2012 - 09:37 AM

The fix was needed anyway, there was no active partition.

Now please tell me what was the reason to replace atapi.sys.
Was there any atapi.sys in the Drivers directory?
What else did you do. The error indicate a driver issue, we need to know if any other driver is replaced or moved.

Please run FRST.
Type the following in the edit box after "Search:".

atapi.sys

Click Search File(s) button and post the log it makes to your reply.

#7 Kezar

Kezar
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:20 AM

Posted 15 September 2012 - 09:51 AM

Farbar Recovery Scan Tool (x86) Version: 15-09-2012 02
Ran by SYSTEM at 2012-09-15 10:46:55
Running from B:\

================== Search: "atapi.sys" ===================

C:\WINDOWS\system32\ReinstallBackups\0006\DriverFiles\i386\atapi.sys
[2009-10-28 21:06] - [2008-04-14 04:10] - 0096512 ____A (Microsoft Corporation) 9f3a2f5aa6875c72bf062c712cfa2674

C:\WINDOWS\system32\ReinstallBackups\0005\DriverFiles\i386\atapi.sys
[2009-10-28 21:06] - [2008-04-14 12:00] - 0096512 ____A (Microsoft Corporation) 9f3a2f5aa6875c72bf062c712cfa2674

C:\WINDOWS\system32\drivers\atapi.sys
[2012-09-14 21:58] - [2008-04-14 00:10] - 0096512 ____A (Microsoft Corporation) 9f3a2f5aa6875c72bf062c712cfa2674

C:\WINDOWS\system32\dllcache\atapi.sys
[2008-04-14 12:00] - [2008-04-14 04:10] - 0096512 ___AC (Microsoft Corporation) 9f3a2f5aa6875c72bf062c712cfa2674

C:\Documents and Settings\User\atapi.sys
[2012-09-14 23:35] - [2008-04-14 04:10] - 0096512 ____A (Microsoft Corporation) 9f3a2f5aa6875c72bf062c712cfa2674

=== End Of Search ===

I replaced atapi.sys because I read on Microsoft.com this threat was known to modify that file. The existing atapi.sys was different from the atapi.sys on the installation CD, so I replaced it with a copy from the installation CD.

There was an atapi.sys in C:\WINDDOWS\SYSTEM32\DRIVERS

I did not change any other drivers.

#8 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,696 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:02:20 PM

Posted 15 September 2012 - 10:16 AM

How did you notice atapi.sys was different? What was different? Different size?

Currently all the atapi.sys on the system are the same version. Did you rename or make a copy of the old atapi.sys before replacing it or you overwrote the file and there is no back up to be restored?

#9 Kezar

Kezar
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:20 AM

Posted 15 September 2012 - 10:19 AM

Different checksum...

It would have been wise to make a backup, but it was late, and I was not being wise. There is no back up to be restored.

#10 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,696 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:02:20 PM

Posted 15 September 2012 - 10:20 AM

Just to let you know:

When we are both on line you need to use F5 to refresh the site to get my reply. The reply doesn't automatically refresh the page.

Also I'm leaving home for the whole evening. Please give me as much feedback as possible.

Also tell me if you see XP logo and loading bar before BSOD.

#11 Kezar

Kezar
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:20 AM

Posted 15 September 2012 - 10:24 AM

No XP logo and loading bar before BSOD.

#12 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,696 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:02:20 PM

Posted 16 September 2012 - 01:03 PM

  • Please tell me what you see on the screen from the time you start the computer. I would like to have an idea about in which stage the BSOD occurs and how far the system goes.
  • Please download MBRFix. Save and extract its contents to the desktop. Once extracted, there will be three files in the folder. Copy just the MBRFix application to the USB drive where the FRST tool is located.

    Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt

    start
    SaveMbr: Drive=0
    cmd: dir /a b:\
    cmd: type c:\boot.ini
    end
    

    Now please enter the Recovery Environment.

    Run FRST and press the Fix button just once and wait.

    The tool will make a log on the flashdrive (Fixlog.txt) please post its contents in your reply. It will also produce another file, MBRDUMP.txt, on the flash drive that although it may look a text file, it is a hex file. You must attach this report on your reply instead of posting its contents.


#13 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,696 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:02:20 PM

Posted 16 September 2012 - 03:18 PM

For the second step please download the latest version of Farbar Recovery Scan Tool from: Farbar Recovery Scan Tool 32-Bit and save it to a flash drive.

#14 Kezar

Kezar
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:20 AM

Posted 17 September 2012 - 12:25 PM

Thank you for your help, but I have opted to reinstall instead of troubleshooting.

#15 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,696 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:02:20 PM

Posted 17 September 2012 - 12:30 PM

It is up to you, but some MBR infections doesn't go away with reinstalling.

You are most welcome.:)

This thread will now be closed.

If you need this topic reopened, please send me a Private Message and I will reopen it for you.

If you should have a new issue, please start a new topic.

Every one else should start a new topic.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users