Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Toshiba nb305 only loads to black screen with blinking white cursor [S

Started by CoNtRoLlEr57706 , May 16 2012 07:51 PM

  • This topic is locked This topic is locked

#1
CoNtRoLlEr57706
Posted 16 May 2012 - 07:51 PM

CoNtRoLlEr57706

    Member

  • Member
  • PipPip
  • 86 posts
Hello,

My toshiba netbook NB305 doesn't seem to be working. I start the computer and it loads the toshiba start-up with the option to go to the bio's screen. the computer then loads to a black screen with blinking white cursor. I cannot operate in safe mode at all. i have no cd/dvd drive so no recovery disc. What should i do?
  • 0

Advertisements

#2
CompCav
Posted 17 May 2012 - 02:13 PM

CompCav

    Member 5k

  • Expert
  • 12,454 posts
Hi, CoNtRoLlEr57706! Posted ImageMy nick name is CompCav and I will be assisting you with your Malware/Security problems. Please make sure you read all of the instructions and fixes thoroughly before continuing with them. If you have any questions or you are unsure about anything, just ask and I will help you out. :)

If you have resolved the issues you were originally experiencing, or have received help elsewhere, please let me know so that this topic can be closed.


Please make sure you are saving and printing the instructions out prior to each fix, this way you will have them on hand just in case you are unable to access this site. One of the steps I will be asking you to do requires you to boot into Safe Mode and this process will be much easier for you to perform if the instructions are printed out for you to follow.

If you are ready to get started, please review and follow these guidelines so that we resolve your issues in a timely and effective manner:
  • Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post.
  • Please make sure to carefully read any instructions that I give you. Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
  • If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
  • These instructions have been specifically tailored to your computer and the issues you are experiencing with your computer. These instructions are not suitable for any other computer, even if the issues are fairly similar.
  • Do not do things I do not ask for, such as running a spyware scan on your computer. However, the one thing that you should always do, is to make sure your anti-virus definitions are up-to-date!
  • Please do not use the Attachment feature for any log file. Just do a Copy/Paste of the entire contents of the log file inside your post and submit.
  • You must reply within four days failure to reply will result in the topic being closed!
  • Please do not PM me directly for help. If you have any questions, post them in this topic. PM me only if I have not responded to your last post in 2 days.
  • Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to ultimately reformat your hard drive and reinstall the operating system.
    Don't worry, this only happens in severe cases, but it sadly does happen. Please have the software and storage media for backing up your data available.


Turn on the computer
When you see the BIOS selection key start tapping F8.
You will enter the Advanced Boot Options Screen below:
Posted Image

Use the cursor to highlight Last Known Good Configuration (advanced)
Then press Enter

Let me know if it boots into Windows.


If it does not boot tell me what symptoms if any you were having before it would not boot. (i.e. slowing, website redirects, not starting sometimes, error codes, etc.)

Do you have another computer we can download files onto?

Do you have a USB flash drive we can use to transfer files?
  • 0

#3
CoNtRoLlEr57706
Posted 17 May 2012 - 03:40 PM

CoNtRoLlEr57706

    Member

  • Topic Starter
  • Member
  • PipPip
  • 86 posts
Hello CompCav,


I am not able to get to the safe mode feature (f8) at all it will only take me to the bios screen.

I do have two hard drives that i can transfer doc/pics/mp3s over to.
  • 0

#4
CompCav
Posted 17 May 2012 - 03:47 PM

CompCav

    Member 5k

  • Expert
  • 12,454 posts
OK we will focus now on getting your information off of the disks.

Please go here to get a Puppy Linux to get the material you want off of your hard drive then we will try to work on it. Follow the link in step one to make a pen drive bootable.

Use this to boot up your drive and connect your hard drives by USB to copy over your files. When this is done I have two questions:

Do you want to try to recover the existing install of windows?

Do you want to just do a Factory Reset?

In either case I need the full model information that will tell me the setup you have.


If you have any questions along the way please let me know.

Regards,

CompCav
  • 0

#5
CoNtRoLlEr57706
Posted 18 May 2012 - 08:18 PM

CoNtRoLlEr57706

    Member

  • Topic Starter
  • Member
  • PipPip
  • 86 posts
if possible i would like to save current windows mainly b/c i don't have another copy of windows at this time and i would like to avoid buying another one.
However if it is not possible to save it then so be it the end goal ultimately is to get the computer functional.

I am currently doing the puppy liunx download to the cd i will let you know of any problems that arise.


i apparently made a mistake i have an nb205


here is the model info on the bottom


Toshiba

NB205-N312/BL SYSTEM UNIT
PART NO. PLL20U-00Q01D<ES5.0>
SERIAL NO. X9730068K
  • 0

#6
CompCav
Posted 18 May 2012 - 08:35 PM

CompCav

    Member 5k

  • Expert
  • 12,454 posts
We will need one or two USB flash drives, do you have them or at least 1?


What version of windows do you have?


Before it would not boot what symptoms or issues were you having with the computer?


Regards,

CompCav
  • 0

#7
CoNtRoLlEr57706
Posted 18 May 2012 - 09:53 PM

CoNtRoLlEr57706

    Member

  • Topic Starter
  • Member
  • PipPip
  • 86 posts
what size drive? or does it matter? i have a few flashes (1gig), (250MB), a tb that i'm using to copy the music/pics from the netbook right now, and two 250 gigs.


to illustrate my noob'ness i haven't the slightest idea what version of windows i was running is there a way that i can check?


as for issues before the crash.

the month pre-crash i wasn't having any issues just got a new antivirus (web root secure anywhere).everything was working great then BAM! black screen of doom.

before that month i had a problem where the computer would only boot in safe mode the windows security kept popping up to say that my anti-virus and fire-wall were no longer working and to buy a new one via a link inside the pop-up and then a "free" mal-ware/virus scan would begin. I of course did not clink on the link and tried to get to my antivirus (spyware terminator with av clam) when i tried to open this program the windows security would pop-up and tell me the program i was attempting the open was infected and immediately shut-it down. Shortly after this any program i would try and run would do this until finally everything crashed.

files are currently downloading from puppy linux =)


thanks in advance!
  • 0

#8
CompCav
Posted 19 May 2012 - 04:52 AM

CompCav

    Member 5k

  • Expert
  • 12,454 posts

to illustrate my noob'ness i haven't the slightest idea what version of windows i was running is there a way that i can check?

There should be a label on the underside that is Microsoft that will tell you.
  • 0

#9
CoNtRoLlEr57706
Posted 21 May 2012 - 01:41 PM

CoNtRoLlEr57706

    Member

  • Topic Starter
  • Member
  • PipPip
  • 86 posts
sorry for the delayed reply the sticker was no longer there tried to find the box and it looks like windows XP.

success in downloading all personal files on the computer.
  • 0

#10
CompCav
Posted 21 May 2012 - 01:58 PM

CompCav

    Member 5k

  • Expert
  • 12,454 posts
OK lets go in outside of windows. We will need to create a CD and additionally use a USB drive

Please print these instruction out so that you know what you are doing

  • Download OTLPENet.exe to your desktop
  • Download Farbar Recovery Scan Tool and save it to a flash drive.
  • Ensure that you have a blank CD in the drive
  • Double click OTLPENet.exe and this will then open imgburn to burn the file to CD
  • Reboot your system using the boot CD you just created.
    Note : If you do not know how to set your computer to boot from CD follow the steps here
  • As the CD needs to detect your hardware and load the operating system, I would recommend a nice cup of tea whilst it loads :)
  • Your system should now display a Reatogo desktop
    Note : as you are running from CD it is not exactly speedy
  • Insert the USB with FRST
  • Locate the flash drive with FRST and double click
  • The tool will start to run.
    Posted Image
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

  • 0

Advertisements

#11
CoNtRoLlEr57706
Posted 22 May 2012 - 07:04 PM

CoNtRoLlEr57706

    Member

  • Topic Starter
  • Member
  • PipPip
  • 86 posts
Compcav here is the files


Scan result of Farbar Recovery Scan Tool (FRST written by farbar) Version: 23-05-2012
Ran by SYSTEM at 22-05-2012 19:54:53
Running from E:\
Microsoft Windows XP (X86) OS Language: English(US)
The current controlset is ControlSet003

========================== Registry (Whitelisted) =============

HKLM\...\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe [184320 2009-03-29] (Alps Electric Co., Ltd.)
HKLM\...\Run: [ACU] "C:\Program Files\Atheros\ACU.exe" -nogui [471128 2009-06-10] (Atheros Communications, Inc.)
HKLM\...\Run: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START [83336 2008-12-19] (TOSHIBA CORPORATION)
HKLM\...\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe" /start [424496 2009-07-27] (Chicony)
HKLM\...\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe [81920 2009-05-08] (COMPAL ELECTRONIC INC.)
HKLM\...\Run: [] [x]
HKLM\...\Run: [ThpSrv] C:\WINDOWS\system32\thpsrv /logon [x]
HKLM\...\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe [141848 2009-02-17] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe [166424 2009-02-17] (Intel Corporation)
HKLM\...\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe [137752 2009-02-17] (Intel Corporation)
HKLM\...\Run: [RTHDCPL] RTHDCPL.EXE [x]
HKLM\...\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe [869744 2009-07-01] (COMPAL ELECTRONIC INC.)
HKLM\...\Run: [TDispVol] TDispVol.exe [x]
HKLM\...\Run: [HWSetup] C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe hwSetUP [28672 2004-05-01] (TOSHIBA CO.,LTD.)
HKLM\...\Run: [ZoomingHook] ZoomingHook.exe [x]
HKLM\...\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe [159744 2007-04-09] (TOSHIBA Corporation)
HKLM\...\Run: [TAccessibility] C:\Program Files\TOSHIBA\Accessibility\TAccessibility.exe Instant [110592 2009-02-25] ()
HKLM\...\Run: [TPSMain] TPSMain.exe [x]
HKLM\...\Run: [DDWMon] C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe [311296 2007-04-13] (TOSHIBA Corporation)
HKLM\...\Run: [TUSBSleepChargeSrv] %ProgramFiles%\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe [252288 2009-07-02] (TOSHIBA)
HKLM\...\Run: [NortonOnlineBackupReminder] "C:\Program Files\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe" UNATTENDED [529256 2009-07-16] (Toshiba)
HKLM\...\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run [136816 2007-01-25] ()
HKLM\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime [417792 2009-11-11] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [141608 2010-02-15] (Apple Inc.)
HKLM\...\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" [2216960 2011-11-17] (Crawler.com)
HKLM\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [37296 2011-06-08] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-03] (Adobe Systems Incorporated)
HKLM\...\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW [1230704 2011-03-21] ()
HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [254696 2011-04-08] (Sun Microsystems, Inc.)
HKLM\...\Run: [lxddmon.exe] "C:\Program Files\Lexmark 2500 Series\lxddmon.exe" [291760 2007-06-11] ()
HKLM\...\Run: [lxddamon] "C:\Program Files\Lexmark 2500 Series\lxddamon.exe" [20480 2007-04-30] ()
HKLM\...\Run: [Reader Application Helper] C:\Program Files\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe [892928 2011-11-23] (Sony Corporation)
HKLM\...\Run: [WRSVC] "C:\Program Files\Webroot\WRSA.exe" -ul [660568 2012-04-04] (Webroot)
HKU\Default User\...\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2009-09-08] (Google Inc.)
HKU\Default User\...\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe [15360 2008-04-14] (Microsoft Corporation)
HKU\Faircloth\...\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2009-09-08] (Google Inc.)
HKU\Faircloth\...\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe [15360 2008-04-14] (Microsoft Corporation)
HKU\Faircloth\...\Policies\system: [DisableCMD] 0
HKU\Faircloth\...\Policies\system: [NoDispAppearancePage] 0
HKU\Faircloth\...\Policies\system: [NoDispBackgroundPage] 0
HKU\Faircloth\...\Policies\system: [NoDispSettingsPage] 0
HKU\kodak\...\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2009-09-08] (Google Inc.)
HKU\kodak\...\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe [15360 2008-04-14] (Microsoft Corporation)
HKU\kodak\...\Policies\system: [DisableCMD] 0
HKU\kodak\...\Policies\system: [NoDispAppearancePage] 0
HKU\kodak\...\Policies\system: [NoDispBackgroundPage] 0
HKU\kodak\...\Policies\system: [NoDispSettingsPage] 0
HKU\LocalService\...\Policies\system: [DisableCMD] 0
HKU\LocalService\...\Policies\system: [NoDispAppearancePage] 0
HKU\LocalService\...\Policies\system: [NoDispBackgroundPage] 0
HKU\LocalService\...\Policies\system: [NoDispSettingsPage] 0
HKU\NetworkService\...\Policies\system: [DisableCMD] 0
HKU\NetworkService\...\Policies\system: [NoDispAppearancePage] 0
HKU\NetworkService\...\Policies\system: [NoDispBackgroundPage] 0
HKU\NetworkService\...\Policies\system: [NoDispSettingsPage] 0
Winlogon\Notify\crypt32chain: crypt32.dll (Microsoft Corporation)
Winlogon\Notify\cryptnet: cryptnet.dll (Microsoft Corporation)
Winlogon\Notify\cscdll: cscdll.dll (Microsoft Corporation)
Winlogon\Notify\dimsntfy: %SystemRoot%\System32\dimsntfy.dll (Microsoft Corporation)
Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
Winlogon\Notify\ScCertProp: wlnotify.dll (Microsoft Corporation)
Winlogon\Notify\Schedule: wlnotify.dll (Microsoft Corporation)
Winlogon\Notify\sclgntfy: sclgntfy.dll (Microsoft Corporation)
Winlogon\Notify\SensLogn: WlNotify.dll (Microsoft Corporation)
Winlogon\Notify\termsrv: wlnotify.dll (Microsoft Corporation)
Winlogon\Notify\WgaLogon: WgaLogon.dll (Microsoft Corporation)
Winlogon\Notify\wlballoon: wlnotify.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 24.220.0.10 24.220.0.11
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth Manager.lnk
ShortcutTarget: Bluetooth Manager.lnk -> C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NETGEAR WG111v3 Smart Wizard.lnk
ShortcutTarget: NETGEAR WG111v3 Smart Wizard.lnk -> C:\Program Files\NETGEAR\WG111v3\WG111v3.exe ()

================================ Services (Whitelisted) ==================

2 ACS; C:\WINDOWS\system32\acs.exe [499796 2009-06-10] (Atheros)
2 Apple Mobile Device; "C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe" [144672 2009-08-28] (Apple Inc.)
2 CFSvcs; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [40960 2005-01-17] (TOSHIBA CORPORATION)
2 Eventlog; C:\Windows\System32\services.exe [110592 2009-02-06] (Microsoft Corporation)
3 GameConsoleService; "C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe" [250616 2009-05-22] (WildTangent, Inc.)
2 gupdate1ca6fc050bdcb20; "C:\Program Files\Google\Update\GoogleUpdate.exe" /svc [133104 2009-11-27] (Google Inc.)
2 KodakDigitalDisplayService; "C:\Program Files\Kodak\Digital Display\OrbKodakLauncher\DllStartupService.exe" [98304 2008-08-08] (Orb Networks, Inc.)
2 lxddCATSCustConnectService; C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxddserv.exe [99248 2007-05-25] (Lexmark International, Inc.)
2 lxdd_device; C:\WINDOWS\system32\lxddcoms.exe -service [537520 2007-05-25] ( )
2 pinger; C:\TOSHIBA\IVP\ISM\pinger.exe [136816 2007-01-25] ()
2 SNMP; C:\Windows\System32\snmp.exe [33280 2008-04-14] (Microsoft Corporation)
3 Sony SCSI Helper Service; "C:\Program Files\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe" [73728 2011-09-23] (Sony Corporation)
2 sp_rssrv; "C:\Program Files\Spyware Terminator\sp_rsser.exe" [496128 2011-11-17] (Crawler.com)
2 Thpsrv; C:\WINDOWS\system32\ThpSrv.exe [523320 2008-08-22] (TOSHIBA Corporation)
2 TODDSrv; C:\WINDOWS\system32\TODDSrv.exe [129632 2007-11-21] (TOSHIBA Corporation)
2 TOSHIBA Bluetooth Service; C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe [144752 2009-06-20] (TOSHIBA CORPORATION)
2 WRSVC; "C:\Program Files\Webroot\WRSA.exe" -service [660568 2012-04-04] (Webroot)
3 AppMgmt; C:\Windows\System32\appmgmts.dll [x]
3 clr_optimization_v2.0.50727_32; c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [x]
3 FontCache3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [x]
4 HidServ; C:\Windows\System32\hidserv.dll [x]
3 idsvc; "c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe" [x]
2 JavaQuickStarterService; "C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf" [x]
4 NetTcpPortSharing; "c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe" [x]
2 Swupdtmr; c:\TOSHIBA\IVP\swupdate\swupdtmr.exe [x]

========================== Drivers (Whitelisted) =============

2 AegisP; C:\Windows\System32\DRIVERS\AegisP.sys [21035 2010-02-15] (Meetinghouse Data Communications)
3 Ambfilt; C:\Windows\System32\drivers\Ambfilt.sys [1684736 2008-08-05] (Creative)
3 ApfiltrService; C:\Windows\System32\DRIVERS\Apfiltr.sys [166448 2008-02-07] (Alps Electric Co., Ltd.)
3 AR5416; C:\Windows\System32\DRIVERS\athw.sys [1574112 2009-06-22] (Atheros Communications, Inc.)
0 awprDvyd; C:\Windows\System32\drivers\awprDvyd.sys [109584 2012-04-14] (Webroot)
3 CCDECODE; C:\Windows\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
3 cecnuvc; C:\Windows\System32\Drivers\cec_uvc.sys [48176 2009-04-10] (Chicony Electronics Co., Ltd.)
2 EAPPkt; C:\Windows\System32\DRIVERS\EAPPkt.sys [38144 2007-10-09] (Realtek)
3 HDAudBus; C:\Windows\System32\DRIVERS\HDAudBus.sys [144384 2008-04-14] (Windows ® Server 2003 DDK provider)
3 ialm; C:\Windows\System32\DRIVERS\igxpmp32.sys [5854752 2008-02-15] (Intel Corporation)
3 IntcAzAudAddService; C:\Windows\System32\drivers\RtkHDAud.sys [5870080 2009-07-29] (Realtek Semiconductor Corp.)
3 Monfilt; C:\Windows\System32\drivers\Monfilt.sys [1389056 2006-01-04] (Creative Technology Ltd.)
3 NABTSFEC; C:\Windows\System32\DRIVERS\NABTSFEC.sys [85248 2008-04-13] (Microsoft Corporation)
3 NdisIP; C:\Windows\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
2 Netdevio; C:\Windows\System32\DRIVERS\netdevio.sys [12032 2003-01-29] (TOSHIBA Corporation.)
3 PSched; C:\Windows\System32\DRIVERS\psched.sys [69120 2008-04-14] (Microsoft Corporation)
3 Ptilink; C:\Windows\System32\DRIVERS\ptilink.sys [17792 2008-04-14] (Parallel Technologies, Inc.)
3 RTL8187B; C:\Windows\System32\DRIVERS\wg111v3.sys [287232 2007-12-28] (Realtek Semiconductor Corporation )
3 RTLE8023xp; C:\Windows\System32\DRIVERS\Rtenicxp.sys [120064 2009-01-22] (Realtek Semiconductor Corporation )
3 SLIP; C:\Windows\System32\DRIVERS\SLIP.sys [11136 2008-04-13] (Microsoft Corporation)
1 sp_rsdrv2; \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys [142592 2010-03-11] ()
3 streamip; C:\Windows\System32\DRIVERS\StreamIP.sys [15232 2008-04-13] (Microsoft Corporation)
3 tdcmdpst; C:\Windows\System32\DRIVERS\tdcmdpst.sys [16128 2007-02-22] (TOSHIBA Corporation.)
2 tdudf; C:\Windows\System32\DRIVERS\tdudf.sys [105856 2007-03-26] (TOSHIBA Corporation)
0 Thpdrv; C:\Windows\System32\DRIVERS\thpdrv.sys [28536 2008-08-21] (TOSHIBA Corporation)
0 Thpevm; C:\Windows\System32\DRIVERS\Thpevm.SYS [6528 2007-09-04] (TOSHIBA Corporation)
3 tosporte; C:\Windows\System32\DRIVERS\tosporte.sys [46984 2009-06-17] (TOSHIBA Corporation)
3 tosrfbd; C:\Windows\System32\DRIVERS\tosrfbd.sys [143720 2009-07-06] (TOSHIBA CORPORATION)
3 tosrfbnp; C:\Windows\System32\Drivers\tosrfbnp.sys [36992 2009-06-11] (TOSHIBA Corporation)
1 Tosrfcom; C:\Windows\System32\Drivers\tosrfcom.sys [69352 2009-06-23] (TOSHIBA Corporation)
3 tosrfec; C:\Windows\System32\DRIVERS\tosrfec.sys [15216 2009-07-14] (TOSHIBA Corporation)
3 Tosrfhid; C:\Windows\System32\DRIVERS\Tosrfhid.sys [74368 2009-05-20] (TOSHIBA Corporation.)
3 tosrfnds; C:\Windows\System32\DRIVERS\tosrfnds.sys [21608 2009-06-18] (TOSHIBA Corporation.)
3 TosRfSnd; C:\Windows\System32\drivers\tosrfsnd.sys [59888 2009-06-19] (TOSHIBA Corporation)
3 Tosrfusb; C:\Windows\System32\DRIVERS\tosrfusb.sys [48888 2009-06-19] (TOSHIBA CORPORATION)
1 TPwSav; \??\C:\WINDOWS\system32\drivers\TPwSav.sys [17192 2008-07-24] (TOSHIBA )
2 trudf; C:\Windows\System32\DRIVERS\trudf.sys [134016 2007-02-19] (TOSHIBA Corporation)
0 TVALZ; C:\Windows\System32\DRIVERS\TVALZ_O.SYS [23512 2009-03-12] (TOSHIBA Corporation)
3 UVCFTR; C:\Windows\System32\Drivers\UVCFTR_S.SYS [17960 2009-04-10] (Chicony Electronics Co., Ltd.)
0 WRkrn; C:\Windows\System32\drivers\WRkrn.sys [109584 2012-04-14] (Webroot)
3 WSIMD; C:\Windows\System32\DRIVERS\wsimd.sys [58208 2009-03-17] (Atheros Communications, Inc.)
3 WSTCODEC; C:\Windows\System32\DRIVERS\WSTCODEC.SYS [19200 2008-04-13] (Microsoft Corporation)
4 Abiosdsk; [x]
4 abp480n5; [x]
4 adpu160m; [x]
4 Aha154x; [x]
4 aic78u2; [x]
4 aic78xx; [x]
4 AliIde; [x]
4 amsint; [x]
4 asc; [x]
4 asc3350p; [x]
4 asc3550; [x]
4 Atdisk; [x]
4 cd20xrnt; [x]
1 Changer; [x]
4 CmdIde; [x]
4 Cpqarray; [x]
3 cpuz132; \??\C:\DOCUME~1\FAIRCL~1\LOCALS~1\Temp\cpuz132\cpuz132_x32.sys [x]
4 dac2w2k; [x]
4 dac960nt; [x]
4 dpti2o; [x]
4 hpn; [x]
1 i2omgmt; [x]
4 i2omp; [x]
4 ini910u; [x]
4 IntelIde; [x]
1 lbrtfdc; [x]
4 mraid35x; [x]
1 PCIDump; [x]
3 PDCOMP; [x]
3 PDFRAME; [x]
3 PDRELI; [x]
3 PDRFRAME; [x]
4 perc2; [x]
4 perc2hib; [x]
4 ql1080; [x]
4 Ql10wnt; [x]
4 ql12160; [x]
4 ql1240; [x]
4 ql1280; [x]
3 RtsUIR; C:\Windows\System32\DRIVERS\Rts516xIR.sys [x]
1 Sfloppy; [x]
4 Simbad; [x]
4 Sparrow; [x]
4 symc810; [x]
4 symc8xx; [x]
4 sym_hi; [x]
4 sym_u3; [x]
4 TosIde; [x]
4 ultra; [x]
3 USBCCID; C:\Windows\System32\DRIVERS\RtsUCcid.sys [x]
4 ViaIde; [x]
3 WDICA; [x]

========================== NetSvcs (Whitelisted) ===========

============ One Month Created Files and Folders ==============



============ 3 Months Modified Files and Folders ===============

2012-05-22 19:54 - 2012-05-22 19:54 - 0000000 ____D C:\FRST
2012-04-14 20:13 - 2010-10-10 11:41 - 0000000 ____D C:\Documents and Settings\Faircloth\Application Data\BitTorrent
2012-04-14 20:10 - 2012-04-14 18:10 - 0000664 ____A C:\Windows\System32\d3d9caps.dat
2012-04-14 20:09 - 2012-04-14 20:09 - 0109584 ____A (Webroot) C:\Windows\System32\Drivers\awprDvyd.sys
2012-04-14 19:53 - 2012-02-18 21:43 - 0000000 ____D C:\Documents and Settings\All Users\Application Data\WRData
2012-04-14 19:47 - 2010-03-11 21:55 - 0000000 ____D C:\Documents and Settings\Faircloth\Application Data\Spyware Terminator
2012-04-14 19:46 - 2012-02-18 21:44 - 0146104 ____A (Webroot) C:\Windows\System32\WRusr.dll
2012-04-14 19:46 - 2012-02-18 21:44 - 0109584 ____A (Webroot) C:\Windows\System32\Drivers\WRkrn.sys
2012-04-14 19:46 - 2010-03-11 21:55 - 0000000 ____D C:\Program Files\Spyware Terminator
2012-04-14 19:32 - 2009-11-28 01:32 - 0000886 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-04-14 16:53 - 2010-10-05 05:14 - 0000430 ___AH C:\Windows\Tasks\User_Feed_Synchronization-{01A95FD4-E392-4044-B6F9-191CC3FFBD47}.job
2012-04-12 21:56 - 2009-11-24 21:51 - 0000000 ___RD C:\Documents and Settings\Faircloth\My Documents\My Pictures
2012-04-10 00:54 - 2010-01-03 03:52 - 0000000 ____D C:\Documents and Settings\All Users\Documents\My Slide Shows
2012-04-06 18:26 - 2011-01-06 13:38 - 0000000 ____D C:\Documents and Settings\Faircloth\Local Settings\Application Data\Productivity_1.12
2012-04-04 13:22 - 2012-02-18 21:43 - 0000000 ____D C:\Program Files\Webroot
2012-03-31 15:32 - 2009-11-28 01:32 - 0000882 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-03-26 12:29 - 2010-02-15 23:14 - 0000387 ____A C:\Windows\RTacDbg.txt
2012-03-26 12:28 - 2010-01-03 03:52 - 0000062 __ASH C:\Documents and Settings\kodak\Local Settings\desktop.ini
2012-03-26 12:28 - 2009-11-24 21:51 - 0000062 __ASH C:\Documents and Settings\Faircloth\Local Settings\desktop.ini
2012-03-26 12:28 - 2009-09-08 09:58 - 0001158 ____A C:\Windows\System32\wpa.dbl
2012-03-26 12:28 - 2009-09-08 09:26 - 0000006 ___AH C:\Windows\Tasks\SA.DAT
2012-03-26 12:28 - 2009-09-08 02:20 - 0000049 ____A C:\Windows\wiaservc.log
2012-03-26 12:28 - 2009-09-08 02:19 - 0000159 ____A C:\Windows\wiadebug.log
2012-03-26 12:27 - 2009-10-25 01:46 - 1063702528 __ASH C:\hiberfil.sys
2012-03-26 12:27 - 2009-09-08 09:26 - 0000062 __ASH C:\Documents and Settings\NetworkService\Local Settings\desktop.ini
2012-03-26 12:27 - 2009-09-08 09:26 - 0000062 __ASH C:\Documents and Settings\LocalService\Local Settings\desktop.ini
2012-03-26 12:26 - 2009-11-24 21:51 - 0000178 ___SH C:\Documents and Settings\Faircloth\ntuser.ini
2012-03-26 12:26 - 2009-09-08 09:26 - 0032620 ____A C:\Windows\SchedLgU.Txt
2012-03-26 12:26 - 2009-09-08 09:22 - 1901359 ____A C:\Windows\WindowsUpdate.log
2012-03-23 23:27 - 2009-11-24 22:14 - 0000000 ____D C:\Documents and Settings\Faircloth\Local Settings\Application Data\Google
2012-03-23 23:24 - 2012-03-23 23:24 - 0000000 ____D C:\Documents and Settings\kodak\Local Settings\Application Data\Google
2012-03-19 05:02 - 2009-09-08 09:22 - 0000000 ___SD C:\Windows\Downloaded Program Files
2012-03-19 04:58 - 2009-09-08 02:17 - 0211626 ____A C:\Windows\setupact.log
2012-03-15 23:36 - 2009-11-27 23:41 - 0002698 ___AC C:\Documents and Settings\Faircloth\Application Data\wklnhst.dat
2012-03-14 17:27 - 2009-09-08 02:18 - 0512034 ___AC C:\Windows\System32\PerfStringBackup.INI
2012-03-14 17:12 - 2009-10-25 02:03 - 0000000 ____D C:\Documents and Settings\All Users\Application Data\Norton

========================= Known DLLs (Whitelisted) ============

C:\Windows\System32\olecli32.dll is missing

========================= Bamital & volsnap Check ============

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points (XP) =====================

RP: -> 2012-02-29 22:15 - 020480 _restore{C7D732D9-4C10-4400-A0B4-2BD6FDA16F33}\RP128

RP: -> 2011-12-15 14:38 - 020480 _restore{C7D732D9-4C10-4400-A0B4-2BD6FDA16F33}\RP127

RP: -> 2011-12-14 10:12 - 020480 _restore{C7D732D9-4C10-4400-A0B4-2BD6FDA16F33}\RP126

RP: -> 2011-11-23 11:47 - 020480 _restore{C7D732D9-4C10-4400-A0B4-2BD6FDA16F33}\RP125

RP: -> 2011-11-17 01:02 - 020480 _restore{C7D732D9-4C10-4400-A0B4-2BD6FDA16F33}\RP124

RP: -> 2011-11-12 11:31 - 020480 _restore{C7D732D9-4C10-4400-A0B4-2BD6FDA16F33}\RP123

RP: -> 2011-11-10 13:04 - 020480 _restore{C7D732D9-4C10-4400-A0B4-2BD6FDA16F33}\RP122

RP: -> 2011-11-08 14:27 - 020480 _restore{C7D732D9-4C10-4400-A0B4-2BD6FDA16F33}\RP121

RP: -> 2011-10-13 10:54 - 020480 _restore{C7D732D9-4C10-4400-A0B4-2BD6FDA16F33}\RP120

RP: -> 2011-10-01 14:47 - 020480 _restore{C7D732D9-4C10-4400-A0B4-2BD6FDA16F33}\RP119

RP: -> 2011-09-28 06:50 - 020480 _restore{C7D732D9-4C10-4400-A0B4-2BD6FDA16F33}\RP118

RP: -> 2011-09-26 17:26 - 020480 _restore{C7D732D9-4C10-4400-A0B4-2BD6FDA16F33}\RP117

RP: -> 2011-09-15 20:52 - 020480 _restore{C7D732D9-4C10-4400-A0B4-2BD6FDA16F33}\RP116

RP: -> 2011-09-12 09:45 - 020480 _restore{C7D732D9-4C10-4400-A0B4-2BD6FDA16F33}\RP115

RP: -> 2011-09-10 15:37 - 020480 _restore{C7D732D9-4C10-4400-A0B4-2BD6FDA16F33}\RP114

RP: -> 2011-09-08 12:16 - 020480 _restore{C7D732D9-4C10-4400-A0B4-2BD6FDA16F33}\RP113

RP: -> 2011-09-06 20:30 - 020480 _restore{C7D732D9-4C10-4400-A0B4-2BD6FDA16F33}\RP112

RP: -> 2011-09-03 21:25 - 020480 _restore{C7D732D9-4C10-4400-A0B4-2BD6FDA16F33}\RP111

RP: -> 2011-09-02 15:45 - 020480 _restore{C7D732D9-4C10-4400-A0B4-2BD6FDA16F33}\RP110

RP: -> 2011-08-25 10:47 - 020480 _restore{C7D732D9-4C10-4400-A0B4-2BD6FDA16F33}\RP109

RP: -> 2011-08-17 10:25 - 020480 _restore{C7D732D9-4C10-4400-A0B4-2BD6FDA16F33}\RP108

RP: -> 2011-08-11 10:51 - 020480 _restore{C7D732D9-4C10-4400-A0B4-2BD6FDA16F33}\RP107

RP: -> 2011-07-25 23:17 - 020480 _restore{C7D732D9-4C10-4400-A0B4-2BD6FDA16F33}\RP106

RP: -> 2011-07-24 12:01 - 020480 _restore{C7D732D9-4C10-4400-A0B4-2BD6FDA16F33}\RP105

RP: -> 2011-07-14 15:01 - 020480 _restore{C7D732D9-4C10-4400-A0B4-2BD6FDA16F33}\RP104

RP: -> 2011-07-12 21:25 - 020480 _restore{C7D732D9-4C10-4400-A0B4-2BD6FDA16F33}\RP103


========================= Memory info ======================

Percentage of memory in use: 19%
Total physical RAM: 1014.36 MB
Available physical RAM: 815.5 MB
Total Pagefile: 901.92 MB
Available Pagefile: 832 MB
Total Virtual: 2047.88 MB
Available Virtual: 2001.54 MB

======================= Partitions =========================

1 Drive b: (RAMDisk) (Fixed) (Total:0.06 GB) (Free:0.06 GB) NTFS
2 Drive c: (TI105133P0A ) (Fixed) (Total:139.66 GB) (Free:24.59 GB) NTFS ==>[Drive with boot components (Windows XP)]
3 Drive e: (IOMEGAMINI) (Removable) (Total:0.06 GB) (Free:0.06 GB) FAT
4 Drive x: (ReatogoPE) (CDROM) (Total:0.43 GB) (Free:0 GB) CDFS
5 Drive y: (HDDRECOVERY) (Fixed) (Total:9.38 GB) (Free:4.56 GB) FAT32

Disk ### Status Size Free Dyn Gpt
-------- ---------- ------- ------- --- ---
Disk 0 Online 149 GB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 140 GB 32 KB
Partition 2 Primary 9 GB 140 GB
======================================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C TI105133P0A NTFS Partition 140 GB Healthy
======================================================================================================

Disk: 0
Partition 2
Type : 0C
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 Y HDDRECOVERY FAT32 Partition 9 GB Healthy
======================================================================================================
======================= End Of Log ==========================
  • 0

#12
CompCav
Posted 22 May 2012 - 07:24 PM

CompCav

    Member 5k

  • Expert
  • 12,454 posts
We need to search for a file:

  • Restart your computer like you did before to start FRST and get to this screen:
    Posted Image
  • Type the following into the search box:

olecli32.dll

  • Press the Search button.
  • Once it completes, a message will pop up indicating that the search is completed.
  • It will make a log (Search.txt) on the flash drive. Please copy and paste it to your reply.

  • 0

#13
CoNtRoLlEr57706
Posted 22 May 2012 - 08:23 PM

CoNtRoLlEr57706

    Member

  • Topic Starter
  • Member
  • PipPip
  • 86 posts
here is what was saved. was it supposed to take the place of the last file on the drive?



Scan result of Farbar Recovery Scan Tool (FRST written by farbar) Version: 23-05-2012
Ran by SYSTEM at 22-05-2012 21:17:27
Running from E:\
Microsoft Windows XP (X86) OS Language: English(US)
The current controlset is ControlSet003

========================== Registry (Whitelisted) =============

HKLM\...\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe [184320 2009-03-29] (Alps Electric Co., Ltd.)
HKLM\...\Run: [ACU] "C:\Program Files\Atheros\ACU.exe" -nogui [471128 2009-06-10] (Atheros Communications, Inc.)
HKLM\...\Run: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START [83336 2008-12-19] (TOSHIBA CORPORATION)
HKLM\...\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe" /start [424496 2009-07-27] (Chicony)
HKLM\...\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe [81920 2009-05-08] (COMPAL ELECTRONIC INC.)
HKLM\...\Run: [] [x]
HKLM\...\Run: [ThpSrv] C:\WINDOWS\system32\thpsrv /logon [x]
HKLM\...\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe [141848 2009-02-17] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe [166424 2009-02-17] (Intel Corporation)
HKLM\...\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe [137752 2009-02-17] (Intel Corporation)
HKLM\...\Run: [RTHDCPL] RTHDCPL.EXE [x]
HKLM\...\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe [869744 2009-07-01] (COMPAL ELECTRONIC INC.)
HKLM\...\Run: [TDispVol] TDispVol.exe [x]
HKLM\...\Run: [HWSetup] C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe hwSetUP [28672 2004-05-01] (TOSHIBA CO.,LTD.)
HKLM\...\Run: [ZoomingHook] ZoomingHook.exe [x]
HKLM\...\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe [159744 2007-04-09] (TOSHIBA Corporation)
HKLM\...\Run: [TAccessibility] C:\Program Files\TOSHIBA\Accessibility\TAccessibility.exe Instant [110592 2009-02-25] ()
HKLM\...\Run: [TPSMain] TPSMain.exe [x]
HKLM\...\Run: [DDWMon] C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe [311296 2007-04-13] (TOSHIBA Corporation)
HKLM\...\Run: [TUSBSleepChargeSrv] %ProgramFiles%\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe [252288 2009-07-02] (TOSHIBA)
HKLM\...\Run: [NortonOnlineBackupReminder] "C:\Program Files\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe" UNATTENDED [529256 2009-07-16] (Toshiba)
HKLM\...\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run [136816 2007-01-25] ()
HKLM\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime [417792 2009-11-11] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [141608 2010-02-15] (Apple Inc.)
HKLM\...\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" [2216960 2011-11-17] (Crawler.com)
HKLM\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [37296 2011-06-08] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-03] (Adobe Systems Incorporated)
HKLM\...\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW [1230704 2011-03-21] ()
HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [254696 2011-04-08] (Sun Microsystems, Inc.)
HKLM\...\Run: [lxddmon.exe] "C:\Program Files\Lexmark 2500 Series\lxddmon.exe" [291760 2007-06-11] ()
HKLM\...\Run: [lxddamon] "C:\Program Files\Lexmark 2500 Series\lxddamon.exe" [20480 2007-04-30] ()
HKLM\...\Run: [Reader Application Helper] C:\Program Files\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe [892928 2011-11-23] (Sony Corporation)
HKLM\...\Run: [WRSVC] "C:\Program Files\Webroot\WRSA.exe" -ul [660568 2012-04-04] (Webroot)
HKU\Default User\...\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2009-09-08] (Google Inc.)
HKU\Default User\...\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe [15360 2008-04-14] (Microsoft Corporation)
HKU\Faircloth\...\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2009-09-08] (Google Inc.)
HKU\Faircloth\...\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe [15360 2008-04-14] (Microsoft Corporation)
HKU\Faircloth\...\Policies\system: [DisableCMD] 0
HKU\Faircloth\...\Policies\system: [NoDispAppearancePage] 0
HKU\Faircloth\...\Policies\system: [NoDispBackgroundPage] 0
HKU\Faircloth\...\Policies\system: [NoDispSettingsPage] 0
HKU\kodak\...\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2009-09-08] (Google Inc.)
HKU\kodak\...\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe [15360 2008-04-14] (Microsoft Corporation)
HKU\kodak\...\Policies\system: [DisableCMD] 0
HKU\kodak\...\Policies\system: [NoDispAppearancePage] 0
HKU\kodak\...\Policies\system: [NoDispBackgroundPage] 0
HKU\kodak\...\Policies\system: [NoDispSettingsPage] 0
HKU\LocalService\...\Policies\system: [DisableCMD] 0
HKU\LocalService\...\Policies\system: [NoDispAppearancePage] 0
HKU\LocalService\...\Policies\system: [NoDispBackgroundPage] 0
HKU\LocalService\...\Policies\system: [NoDispSettingsPage] 0
HKU\NetworkService\...\Policies\system: [DisableCMD] 0
HKU\NetworkService\...\Policies\system: [NoDispAppearancePage] 0
HKU\NetworkService\...\Policies\system: [NoDispBackgroundPage] 0
HKU\NetworkService\...\Policies\system: [NoDispSettingsPage] 0
Winlogon\Notify\crypt32chain: crypt32.dll (Microsoft Corporation)
Winlogon\Notify\cryptnet: cryptnet.dll (Microsoft Corporation)
Winlogon\Notify\cscdll: cscdll.dll (Microsoft Corporation)
Winlogon\Notify\dimsntfy: %SystemRoot%\System32\dimsntfy.dll (Microsoft Corporation)
Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
Winlogon\Notify\ScCertProp: wlnotify.dll (Microsoft Corporation)
Winlogon\Notify\Schedule: wlnotify.dll (Microsoft Corporation)
Winlogon\Notify\sclgntfy: sclgntfy.dll (Microsoft Corporation)
Winlogon\Notify\SensLogn: WlNotify.dll (Microsoft Corporation)
Winlogon\Notify\termsrv: wlnotify.dll (Microsoft Corporation)
Winlogon\Notify\WgaLogon: WgaLogon.dll (Microsoft Corporation)
Winlogon\Notify\wlballoon: wlnotify.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 24.220.0.10 24.220.0.11
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth Manager.lnk
ShortcutTarget: Bluetooth Manager.lnk -> C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NETGEAR WG111v3 Smart Wizard.lnk
ShortcutTarget: NETGEAR WG111v3 Smart Wizard.lnk -> C:\Program Files\NETGEAR\WG111v3\WG111v3.exe ()

================================ Services (Whitelisted) ==================

2 ACS; C:\WINDOWS\system32\acs.exe [499796 2009-06-10] (Atheros)
2 Apple Mobile Device; "C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe" [144672 2009-08-28] (Apple Inc.)
2 CFSvcs; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [40960 2005-01-17] (TOSHIBA CORPORATION)
2 Eventlog; C:\Windows\System32\services.exe [110592 2009-02-06] (Microsoft Corporation)
3 GameConsoleService; "C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe" [250616 2009-05-22] (WildTangent, Inc.)
2 gupdate1ca6fc050bdcb20; "C:\Program Files\Google\Update\GoogleUpdate.exe" /svc [133104 2009-11-27] (Google Inc.)
2 KodakDigitalDisplayService; "C:\Program Files\Kodak\Digital Display\OrbKodakLauncher\DllStartupService.exe" [98304 2008-08-08] (Orb Networks, Inc.)
2 lxddCATSCustConnectService; C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxddserv.exe [99248 2007-05-25] (Lexmark International, Inc.)
2 lxdd_device; C:\WINDOWS\system32\lxddcoms.exe -service [537520 2007-05-25] ( )
2 pinger; C:\TOSHIBA\IVP\ISM\pinger.exe [136816 2007-01-25] ()
2 SNMP; C:\Windows\System32\snmp.exe [33280 2008-04-14] (Microsoft Corporation)
3 Sony SCSI Helper Service; "C:\Program Files\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe" [73728 2011-09-23] (Sony Corporation)
2 sp_rssrv; "C:\Program Files\Spyware Terminator\sp_rsser.exe" [496128 2011-11-17] (Crawler.com)
2 Thpsrv; C:\WINDOWS\system32\ThpSrv.exe [523320 2008-08-22] (TOSHIBA Corporation)
2 TODDSrv; C:\WINDOWS\system32\TODDSrv.exe [129632 2007-11-21] (TOSHIBA Corporation)
2 TOSHIBA Bluetooth Service; C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe [144752 2009-06-20] (TOSHIBA CORPORATION)
2 WRSVC; "C:\Program Files\Webroot\WRSA.exe" -service [660568 2012-04-04] (Webroot)
3 AppMgmt; C:\Windows\System32\appmgmts.dll [x]
3 clr_optimization_v2.0.50727_32; c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [x]
3 FontCache3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [x]
4 HidServ; C:\Windows\System32\hidserv.dll [x]
3 idsvc; "c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe" [x]
2 JavaQuickStarterService; "C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf" [x]
4 NetTcpPortSharing; "c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe" [x]
2 Swupdtmr; c:\TOSHIBA\IVP\swupdate\swupdtmr.exe [x]

========================== Drivers (Whitelisted) =============

2 AegisP; C:\Windows\System32\DRIVERS\AegisP.sys [21035 2010-02-15] (Meetinghouse Data Communications)
3 Ambfilt; C:\Windows\System32\drivers\Ambfilt.sys [1684736 2008-08-05] (Creative)
3 ApfiltrService; C:\Windows\System32\DRIVERS\Apfiltr.sys [166448 2008-02-07] (Alps Electric Co., Ltd.)
3 AR5416; C:\Windows\System32\DRIVERS\athw.sys [1574112 2009-06-22] (Atheros Communications, Inc.)
0 awprDvyd; C:\Windows\System32\drivers\awprDvyd.sys [109584 2012-04-14] (Webroot)
3 CCDECODE; C:\Windows\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
3 cecnuvc; C:\Windows\System32\Drivers\cec_uvc.sys [48176 2009-04-10] (Chicony Electronics Co., Ltd.)
2 EAPPkt; C:\Windows\System32\DRIVERS\EAPPkt.sys [38144 2007-10-09] (Realtek)
3 HDAudBus; C:\Windows\System32\DRIVERS\HDAudBus.sys [144384 2008-04-14] (Windows ® Server 2003 DDK provider)
3 ialm; C:\Windows\System32\DRIVERS\igxpmp32.sys [5854752 2008-02-15] (Intel Corporation)
3 IntcAzAudAddService; C:\Windows\System32\drivers\RtkHDAud.sys [5870080 2009-07-29] (Realtek Semiconductor Corp.)
3 Monfilt; C:\Windows\System32\drivers\Monfilt.sys [1389056 2006-01-04] (Creative Technology Ltd.)
3 NABTSFEC; C:\Windows\System32\DRIVERS\NABTSFEC.sys [85248 2008-04-13] (Microsoft Corporation)
3 NdisIP; C:\Windows\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
2 Netdevio; C:\Windows\System32\DRIVERS\netdevio.sys [12032 2003-01-29] (TOSHIBA Corporation.)
3 PSched; C:\Windows\System32\DRIVERS\psched.sys [69120 2008-04-14] (Microsoft Corporation)
3 Ptilink; C:\Windows\System32\DRIVERS\ptilink.sys [17792 2008-04-14] (Parallel Technologies, Inc.)
3 RTL8187B; C:\Windows\System32\DRIVERS\wg111v3.sys [287232 2007-12-28] (Realtek Semiconductor Corporation )
3 RTLE8023xp; C:\Windows\System32\DRIVERS\Rtenicxp.sys [120064 2009-01-22] (Realtek Semiconductor Corporation )
3 SLIP; C:\Windows\System32\DRIVERS\SLIP.sys [11136 2008-04-13] (Microsoft Corporation)
1 sp_rsdrv2; \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys [142592 2010-03-11] ()
3 streamip; C:\Windows\System32\DRIVERS\StreamIP.sys [15232 2008-04-13] (Microsoft Corporation)
3 tdcmdpst; C:\Windows\System32\DRIVERS\tdcmdpst.sys [16128 2007-02-22] (TOSHIBA Corporation.)
2 tdudf; C:\Windows\System32\DRIVERS\tdudf.sys [105856 2007-03-26] (TOSHIBA Corporation)
0 Thpdrv; C:\Windows\System32\DRIVERS\thpdrv.sys [28536 2008-08-21] (TOSHIBA Corporation)
0 Thpevm; C:\Windows\System32\DRIVERS\Thpevm.SYS [6528 2007-09-04] (TOSHIBA Corporation)
3 tosporte; C:\Windows\System32\DRIVERS\tosporte.sys [46984 2009-06-17] (TOSHIBA Corporation)
3 tosrfbd; C:\Windows\System32\DRIVERS\tosrfbd.sys [143720 2009-07-06] (TOSHIBA CORPORATION)
3 tosrfbnp; C:\Windows\System32\Drivers\tosrfbnp.sys [36992 2009-06-11] (TOSHIBA Corporation)
1 Tosrfcom; C:\Windows\System32\Drivers\tosrfcom.sys [69352 2009-06-23] (TOSHIBA Corporation)
3 tosrfec; C:\Windows\System32\DRIVERS\tosrfec.sys [15216 2009-07-14] (TOSHIBA Corporation)
3 Tosrfhid; C:\Windows\System32\DRIVERS\Tosrfhid.sys [74368 2009-05-20] (TOSHIBA Corporation.)
3 tosrfnds; C:\Windows\System32\DRIVERS\tosrfnds.sys [21608 2009-06-18] (TOSHIBA Corporation.)
3 TosRfSnd; C:\Windows\System32\drivers\tosrfsnd.sys [59888 2009-06-19] (TOSHIBA Corporation)
3 Tosrfusb; C:\Windows\System32\DRIVERS\tosrfusb.sys [48888 2009-06-19] (TOSHIBA CORPORATION)
1 TPwSav; \??\C:\WINDOWS\system32\drivers\TPwSav.sys [17192 2008-07-24] (TOSHIBA )
2 trudf; C:\Windows\System32\DRIVERS\trudf.sys [134016 2007-02-19] (TOSHIBA Corporation)
0 TVALZ; C:\Windows\System32\DRIVERS\TVALZ_O.SYS [23512 2009-03-12] (TOSHIBA Corporation)
3 UVCFTR; C:\Windows\System32\Drivers\UVCFTR_S.SYS [17960 2009-04-10] (Chicony Electronics Co., Ltd.)
0 WRkrn; C:\Windows\System32\drivers\WRkrn.sys [109584 2012-04-14] (Webroot)
3 WSIMD; C:\Windows\System32\DRIVERS\wsimd.sys [58208 2009-03-17] (Atheros Communications, Inc.)
3 WSTCODEC; C:\Windows\System32\DRIVERS\WSTCODEC.SYS [19200 2008-04-13] (Microsoft Corporation)
4 Abiosdsk; [x]
4 abp480n5; [x]
4 adpu160m; [x]
4 Aha154x; [x]
4 aic78u2; [x]
4 aic78xx; [x]
4 AliIde; [x]
4 amsint; [x]
4 asc; [x]
4 asc3350p; [x]
4 asc3550; [x]
4 Atdisk; [x]
4 cd20xrnt; [x]
1 Changer; [x]
4 CmdIde; [x]
4 Cpqarray; [x]
3 cpuz132; \??\C:\DOCUME~1\FAIRCL~1\LOCALS~1\Temp\cpuz132\cpuz132_x32.sys [x]
4 dac2w2k; [x]
4 dac960nt; [x]
4 dpti2o; [x]
4 hpn; [x]
1 i2omgmt; [x]
4 i2omp; [x]
4 ini910u; [x]
4 IntelIde; [x]
1 lbrtfdc; [x]
4 mraid35x; [x]
1 PCIDump; [x]
3 PDCOMP; [x]
3 PDFRAME; [x]
3 PDRELI; [x]
3 PDRFRAME; [x]
4 perc2; [x]
4 perc2hib; [x]
4 ql1080; [x]
4 Ql10wnt; [x]
4 ql12160; [x]
4 ql1240; [x]
4 ql1280; [x]
3 RtsUIR; C:\Windows\System32\DRIVERS\Rts516xIR.sys [x]
1 Sfloppy; [x]
4 Simbad; [x]
4 Sparrow; [x]
4 symc810; [x]
4 symc8xx; [x]
4 sym_hi; [x]
4 sym_u3; [x]
4 TosIde; [x]
4 ultra; [x]
3 USBCCID; C:\Windows\System32\DRIVERS\RtsUCcid.sys [x]
4 ViaIde; [x]
3 WDICA; [x]

========================== NetSvcs (Whitelisted) ===========

============ One Month Created Files and Folders ==============



============ 3 Months Modified Files and Folders ===============

2012-05-22 21:15 - 2012-05-22 19:54 - 0000000 ____D C:\FRST
2012-04-14 20:13 - 2010-10-10 11:41 - 0000000 ____D C:\Documents and Settings\Faircloth\Application Data\BitTorrent
2012-04-14 20:10 - 2012-04-14 18:10 - 0000664 ____A C:\Windows\System32\d3d9caps.dat
2012-04-14 20:09 - 2012-04-14 20:09 - 0109584 ____A (Webroot) C:\Windows\System32\Drivers\awprDvyd.sys
2012-04-14 19:53 - 2012-02-18 21:43 - 0000000 ____D C:\Documents and Settings\All Users\Application Data\WRData
2012-04-14 19:47 - 2010-03-11 21:55 - 0000000 ____D C:\Documents and Settings\Faircloth\Application Data\Spyware Terminator
2012-04-14 19:46 - 2012-02-18 21:44 - 0146104 ____A (Webroot) C:\Windows\System32\WRusr.dll
2012-04-14 19:46 - 2012-02-18 21:44 - 0109584 ____A (Webroot) C:\Windows\System32\Drivers\WRkrn.sys
2012-04-14 19:46 - 2010-03-11 21:55 - 0000000 ____D C:\Program Files\Spyware Terminator
2012-04-14 19:32 - 2009-11-28 01:32 - 0000886 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-04-14 16:53 - 2010-10-05 05:14 - 0000430 ___AH C:\Windows\Tasks\User_Feed_Synchronization-{01A95FD4-E392-4044-B6F9-191CC3FFBD47}.job
2012-04-12 21:56 - 2009-11-24 21:51 - 0000000 ___RD C:\Documents and Settings\Faircloth\My Documents\My Pictures
2012-04-10 00:55 - 2010-01-03 03:52 - 0000000 ____D C:\Documents and Settings\All Users\Documents\My Slide Shows
2012-04-06 18:26 - 2011-01-06 13:38 - 0000000 ____D C:\Documents and Settings\Faircloth\Local Settings\Application Data\Productivity_1.12
2012-04-04 13:22 - 2012-02-18 21:43 - 0000000 ____D C:\Program Files\Webroot
2012-03-31 15:32 - 2009-11-28 01:32 - 0000882 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-03-26 12:29 - 2010-02-15 23:14 - 0000387 ____A C:\Windows\RTacDbg.txt
2012-03-26 12:28 - 2010-01-03 03:52 - 0000062 __ASH C:\Documents and Settings\kodak\Local Settings\desktop.ini
2012-03-26 12:28 - 2009-11-24 21:51 - 0000062 __ASH C:\Documents and Settings\Faircloth\Local Settings\desktop.ini
2012-03-26 12:28 - 2009-09-08 09:58 - 0001158 ____A C:\Windows\System32\wpa.dbl
2012-03-26 12:28 - 2009-09-08 09:26 - 0000006 ___AH C:\Windows\Tasks\SA.DAT
2012-03-26 12:28 - 2009-09-08 02:20 - 0000049 ____A C:\Windows\wiaservc.log
2012-03-26 12:28 - 2009-09-08 02:19 - 0000159 ____A C:\Windows\wiadebug.log
2012-03-26 12:27 - 2009-10-25 01:46 - 1063702528 __ASH C:\hiberfil.sys
2012-03-26 12:27 - 2009-09-08 09:26 - 0000062 __ASH C:\Documents and Settings\NetworkService\Local Settings\desktop.ini
2012-03-26 12:27 - 2009-09-08 09:26 - 0000062 __ASH C:\Documents and Settings\LocalService\Local Settings\desktop.ini
2012-03-26 12:26 - 2009-11-24 21:51 - 0000178 ___SH C:\Documents and Settings\Faircloth\ntuser.ini
2012-03-26 12:26 - 2009-09-08 09:26 - 0032620 ____A C:\Windows\SchedLgU.Txt
2012-03-26 12:26 - 2009-09-08 09:22 - 1901359 ____A C:\Windows\WindowsUpdate.log
2012-03-23 23:27 - 2009-11-24 22:14 - 0000000 ____D C:\Documents and Settings\Faircloth\Local Settings\Application Data\Google
2012-03-23 23:24 - 2012-03-23 23:24 - 0000000 ____D C:\Documents and Settings\kodak\Local Settings\Application Data\Google
2012-03-19 05:02 - 2009-09-08 09:22 - 0000000 ___SD C:\Windows\Downloaded Program Files
2012-03-19 04:58 - 2009-09-08 02:17 - 0211626 ____A C:\Windows\setupact.log
2012-03-15 23:36 - 2009-11-27 23:41 - 0002698 ___AC C:\Documents and Settings\Faircloth\Application Data\wklnhst.dat
2012-03-14 17:27 - 2009-09-08 02:18 - 0512034 ___AC C:\Windows\System32\PerfStringBackup.INI
2012-03-14 17:12 - 2009-10-25 02:03 - 0000000 ____D C:\Documents and Settings\All Users\Application Data\Norton

========================= Known DLLs (Whitelisted) ============

C:\Windows\System32\olecli32.dll is missing

========================= Bamital & volsnap Check ============

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points (XP) =====================

RP: -> 2012-02-29 22:15 - 020480 _restore{C7D732D9-4C10-4400-A0B4-2BD6FDA16F33}\RP128

RP: -> 2011-12-15 14:38 - 020480 _restore{C7D732D9-4C10-4400-A0B4-2BD6FDA16F33}\RP127

RP: -> 2011-12-14 10:12 - 020480 _restore{C7D732D9-4C10-4400-A0B4-2BD6FDA16F33}\RP126

RP: -> 2011-11-23 11:47 - 020480 _restore{C7D732D9-4C10-4400-A0B4-2BD6FDA16F33}\RP125

RP: -> 2011-11-17 01:02 - 020480 _restore{C7D732D9-4C10-4400-A0B4-2BD6FDA16F33}\RP124

RP: -> 2011-11-12 11:31 - 020480 _restore{C7D732D9-4C10-4400-A0B4-2BD6FDA16F33}\RP123

RP: -> 2011-11-10 13:04 - 020480 _restore{C7D732D9-4C10-4400-A0B4-2BD6FDA16F33}\RP122

RP: -> 2011-11-08 14:27 - 020480 _restore{C7D732D9-4C10-4400-A0B4-2BD6FDA16F33}\RP121

RP: -> 2011-10-13 10:54 - 020480 _restore{C7D732D9-4C10-4400-A0B4-2BD6FDA16F33}\RP120

RP: -> 2011-10-01 14:47 - 020480 _restore{C7D732D9-4C10-4400-A0B4-2BD6FDA16F33}\RP119

RP: -> 2011-09-28 06:50 - 020480 _restore{C7D732D9-4C10-4400-A0B4-2BD6FDA16F33}\RP118

RP: -> 2011-09-26 17:26 - 020480 _restore{C7D732D9-4C10-4400-A0B4-2BD6FDA16F33}\RP117

RP: -> 2011-09-15 20:52 - 020480 _restore{C7D732D9-4C10-4400-A0B4-2BD6FDA16F33}\RP116

RP: -> 2011-09-12 09:45 - 020480 _restore{C7D732D9-4C10-4400-A0B4-2BD6FDA16F33}\RP115

RP: -> 2011-09-10 15:37 - 020480 _restore{C7D732D9-4C10-4400-A0B4-2BD6FDA16F33}\RP114

RP: -> 2011-09-08 12:16 - 020480 _restore{C7D732D9-4C10-4400-A0B4-2BD6FDA16F33}\RP113

RP: -> 2011-09-06 20:30 - 020480 _restore{C7D732D9-4C10-4400-A0B4-2BD6FDA16F33}\RP112

RP: -> 2011-09-03 21:25 - 020480 _restore{C7D732D9-4C10-4400-A0B4-2BD6FDA16F33}\RP111

RP: -> 2011-09-02 15:45 - 020480 _restore{C7D732D9-4C10-4400-A0B4-2BD6FDA16F33}\RP110

RP: -> 2011-08-25 10:47 - 020480 _restore{C7D732D9-4C10-4400-A0B4-2BD6FDA16F33}\RP109

RP: -> 2011-08-17 10:25 - 020480 _restore{C7D732D9-4C10-4400-A0B4-2BD6FDA16F33}\RP108

RP: -> 2011-08-11 10:51 - 020480 _restore{C7D732D9-4C10-4400-A0B4-2BD6FDA16F33}\RP107

RP: -> 2011-07-25 23:17 - 020480 _restore{C7D732D9-4C10-4400-A0B4-2BD6FDA16F33}\RP106

RP: -> 2011-07-24 12:01 - 020480 _restore{C7D732D9-4C10-4400-A0B4-2BD6FDA16F33}\RP105

RP: -> 2011-07-14 15:01 - 020480 _restore{C7D732D9-4C10-4400-A0B4-2BD6FDA16F33}\RP104

RP: -> 2011-07-12 21:25 - 020480 _restore{C7D732D9-4C10-4400-A0B4-2BD6FDA16F33}\RP103


========================= Memory info ======================

Percentage of memory in use: 20%
Total physical RAM: 1014.36 MB
Available physical RAM: 806.99 MB
Total Pagefile: 901.92 MB
Available Pagefile: 827.24 MB
Total Virtual: 2047.88 MB
Available Virtual: 2002.54 MB

======================= Partitions =========================

1 Drive b: (RAMDisk) (Fixed) (Total:0.06 GB) (Free:0.06 GB) NTFS
2 Drive c: (TI105133P0A ) (Fixed) (Total:139.66 GB) (Free:24.59 GB) NTFS ==>[Drive with boot components (Windows XP)]
3 Drive e: (IOMEGAMINI) (Removable) (Total:0.06 GB) (Free:0.06 GB) FAT
4 Drive x: (ReatogoPE) (CDROM) (Total:0.43 GB) (Free:0 GB) CDFS
5 Drive y: (HDDRECOVERY) (Fixed) (Total:9.38 GB) (Free:4.56 GB) FAT32

Disk ### Status Size Free Dyn Gpt
-------- ---------- ------- ------- --- ---
Disk 0 Online 149 GB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 140 GB 32 KB
Partition 2 Primary 9 GB 140 GB
======================================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C TI105133P0A NTFS Partition 140 GB Healthy
======================================================================================================

Disk: 0
Partition 2
Type : 0C
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 Y HDDRECOVERY FAT32 Partition 9 GB Healthy
======================================================================================================
======================= End Of Log ==========================
  • 0

#14
CoNtRoLlEr57706
Posted 22 May 2012 - 08:25 PM

CoNtRoLlEr57706

    Member

  • Topic Starter
  • Member
  • PipPip
  • 86 posts
is it supposed to look like the same file?
  • 0

#15
CoNtRoLlEr57706
Posted 22 May 2012 - 08:32 PM

CoNtRoLlEr57706

    Member

  • Topic Starter
  • Member
  • PipPip
  • 86 posts
i re-did it one more time just in case.


Scan result of Farbar Recovery Scan Tool (FRST written by farbar) Version: 23-05-2012
Ran by SYSTEM at 22-05-2012 21:27:57
Running from E:\
Microsoft Windows XP (X86) OS Language: English(US)
The current controlset is ControlSet003

========================== Registry (Whitelisted) =============

HKLM\...\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe [184320 2009-03-29] (Alps Electric Co., Ltd.)
HKLM\...\Run: [ACU] "C:\Program Files\Atheros\ACU.exe" -nogui [471128 2009-06-10] (Atheros Communications, Inc.)
HKLM\...\Run: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START [83336 2008-12-19] (TOSHIBA CORPORATION)
HKLM\...\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe" /start [424496 2009-07-27] (Chicony)
HKLM\...\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe [81920 2009-05-08] (COMPAL ELECTRONIC INC.)
HKLM\...\Run: [] [x]
HKLM\...\Run: [ThpSrv] C:\WINDOWS\system32\thpsrv /logon [x]
HKLM\...\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe [141848 2009-02-17] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe [166424 2009-02-17] (Intel Corporation)
HKLM\...\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe [137752 2009-02-17] (Intel Corporation)
HKLM\...\Run: [RTHDCPL] RTHDCPL.EXE [x]
HKLM\...\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe [869744 2009-07-01] (COMPAL ELECTRONIC INC.)
HKLM\...\Run: [TDispVol] TDispVol.exe [x]
HKLM\...\Run: [HWSetup] C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe hwSetUP [28672 2004-05-01] (TOSHIBA CO.,LTD.)
HKLM\...\Run: [ZoomingHook] ZoomingHook.exe [x]
HKLM\...\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe [159744 2007-04-09] (TOSHIBA Corporation)
HKLM\...\Run: [TAccessibility] C:\Program Files\TOSHIBA\Accessibility\TAccessibility.exe Instant [110592 2009-02-25] ()
HKLM\...\Run: [TPSMain] TPSMain.exe [x]
HKLM\...\Run: [DDWMon] C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe [311296 2007-04-13] (TOSHIBA Corporation)
HKLM\...\Run: [TUSBSleepChargeSrv] %ProgramFiles%\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe [252288 2009-07-02] (TOSHIBA)
HKLM\...\Run: [NortonOnlineBackupReminder] "C:\Program Files\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe" UNATTENDED [529256 2009-07-16] (Toshiba)
HKLM\...\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run [136816 2007-01-25] ()
HKLM\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime [417792 2009-11-11] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [141608 2010-02-15] (Apple Inc.)
HKLM\...\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" [2216960 2011-11-17] (Crawler.com)
HKLM\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [37296 2011-06-08] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-03] (Adobe Systems Incorporated)
HKLM\...\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW [1230704 2011-03-21] ()
HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [254696 2011-04-08] (Sun Microsystems, Inc.)
HKLM\...\Run: [lxddmon.exe] "C:\Program Files\Lexmark 2500 Series\lxddmon.exe" [291760 2007-06-11] ()
HKLM\...\Run: [lxddamon] "C:\Program Files\Lexmark 2500 Series\lxddamon.exe" [20480 2007-04-30] ()
HKLM\...\Run: [Reader Application Helper] C:\Program Files\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe [892928 2011-11-23] (Sony Corporation)
HKLM\...\Run: [WRSVC] "C:\Program Files\Webroot\WRSA.exe" -ul [660568 2012-04-04] (Webroot)
HKU\Default User\...\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2009-09-08] (Google Inc.)
HKU\Default User\...\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe [15360 2008-04-14] (Microsoft Corporation)
HKU\Faircloth\...\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2009-09-08] (Google Inc.)
HKU\Faircloth\...\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe [15360 2008-04-14] (Microsoft Corporation)
HKU\Faircloth\...\Policies\system: [DisableCMD] 0
HKU\Faircloth\...\Policies\system: [NoDispAppearancePage] 0
HKU\Faircloth\...\Policies\system: [NoDispBackgroundPage] 0
HKU\Faircloth\...\Policies\system: [NoDispSettingsPage] 0
HKU\kodak\...\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2009-09-08] (Google Inc.)
HKU\kodak\...\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe [15360 2008-04-14] (Microsoft Corporation)
HKU\kodak\...\Policies\system: [DisableCMD] 0
HKU\kodak\...\Policies\system: [NoDispAppearancePage] 0
HKU\kodak\...\Policies\system: [NoDispBackgroundPage] 0
HKU\kodak\...\Policies\system: [NoDispSettingsPage] 0
HKU\LocalService\...\Policies\system: [DisableCMD] 0
HKU\LocalService\...\Policies\system: [NoDispAppearancePage] 0
HKU\LocalService\...\Policies\system: [NoDispBackgroundPage] 0
HKU\LocalService\...\Policies\system: [NoDispSettingsPage] 0
HKU\NetworkService\...\Policies\system: [DisableCMD] 0
HKU\NetworkService\...\Policies\system: [NoDispAppearancePage] 0
HKU\NetworkService\...\Policies\system: [NoDispBackgroundPage] 0
HKU\NetworkService\...\Policies\system: [NoDispSettingsPage] 0
Winlogon\Notify\crypt32chain: crypt32.dll (Microsoft Corporation)
Winlogon\Notify\cryptnet: cryptnet.dll (Microsoft Corporation)
Winlogon\Notify\cscdll: cscdll.dll (Microsoft Corporation)
Winlogon\Notify\dimsntfy: %SystemRoot%\System32\dimsntfy.dll (Microsoft Corporation)
Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
Winlogon\Notify\ScCertProp: wlnotify.dll (Microsoft Corporation)
Winlogon\Notify\Schedule: wlnotify.dll (Microsoft Corporation)
Winlogon\Notify\sclgntfy: sclgntfy.dll (Microsoft Corporation)
Winlogon\Notify\SensLogn: WlNotify.dll (Microsoft Corporation)
Winlogon\Notify\termsrv: wlnotify.dll (Microsoft Corporation)
Winlogon\Notify\WgaLogon: WgaLogon.dll (Microsoft Corporation)
Winlogon\Notify\wlballoon: wlnotify.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 24.220.0.10 24.220.0.11
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth Manager.lnk
ShortcutTarget: Bluetooth Manager.lnk -> C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NETGEAR WG111v3 Smart Wizard.lnk
ShortcutTarget: NETGEAR WG111v3 Smart Wizard.lnk -> C:\Program Files\NETGEAR\WG111v3\WG111v3.exe ()

================================ Services (Whitelisted) ==================

2 ACS; C:\WINDOWS\system32\acs.exe [499796 2009-06-10] (Atheros)
2 Apple Mobile Device; "C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe" [144672 2009-08-28] (Apple Inc.)
2 CFSvcs; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [40960 2005-01-17] (TOSHIBA CORPORATION)
2 Eventlog; C:\Windows\System32\services.exe [110592 2009-02-06] (Microsoft Corporation)
3 GameConsoleService; "C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe" [250616 2009-05-22] (WildTangent, Inc.)
2 gupdate1ca6fc050bdcb20; "C:\Program Files\Google\Update\GoogleUpdate.exe" /svc [133104 2009-11-27] (Google Inc.)
2 KodakDigitalDisplayService; "C:\Program Files\Kodak\Digital Display\OrbKodakLauncher\DllStartupService.exe" [98304 2008-08-08] (Orb Networks, Inc.)
2 lxddCATSCustConnectService; C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxddserv.exe [99248 2007-05-25] (Lexmark International, Inc.)
2 lxdd_device; C:\WINDOWS\system32\lxddcoms.exe -service [537520 2007-05-25] ( )
2 pinger; C:\TOSHIBA\IVP\ISM\pinger.exe [136816 2007-01-25] ()
2 SNMP; C:\Windows\System32\snmp.exe [33280 2008-04-14] (Microsoft Corporation)
3 Sony SCSI Helper Service; "C:\Program Files\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe" [73728 2011-09-23] (Sony Corporation)
2 sp_rssrv; "C:\Program Files\Spyware Terminator\sp_rsser.exe" [496128 2011-11-17] (Crawler.com)
2 Thpsrv; C:\WINDOWS\system32\ThpSrv.exe [523320 2008-08-22] (TOSHIBA Corporation)
2 TODDSrv; C:\WINDOWS\system32\TODDSrv.exe [129632 2007-11-21] (TOSHIBA Corporation)
2 TOSHIBA Bluetooth Service; C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe [144752 2009-06-20] (TOSHIBA CORPORATION)
2 WRSVC; "C:\Program Files\Webroot\WRSA.exe" -service [660568 2012-04-04] (Webroot)
3 AppMgmt; C:\Windows\System32\appmgmts.dll [x]
3 clr_optimization_v2.0.50727_32; c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [x]
3 FontCache3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [x]
4 HidServ; C:\Windows\System32\hidserv.dll [x]
3 idsvc; "c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe" [x]
2 JavaQuickStarterService; "C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf" [x]
4 NetTcpPortSharing; "c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe" [x]
2 Swupdtmr; c:\TOSHIBA\IVP\swupdate\swupdtmr.exe [x]

========================== Drivers (Whitelisted) =============

2 AegisP; C:\Windows\System32\DRIVERS\AegisP.sys [21035 2010-02-15] (Meetinghouse Data Communications)
3 Ambfilt; C:\Windows\System32\drivers\Ambfilt.sys [1684736 2008-08-05] (Creative)
3 ApfiltrService; C:\Windows\System32\DRIVERS\Apfiltr.sys [166448 2008-02-07] (Alps Electric Co., Ltd.)
3 AR5416; C:\Windows\System32\DRIVERS\athw.sys [1574112 2009-06-22] (Atheros Communications, Inc.)
0 awprDvyd; C:\Windows\System32\drivers\awprDvyd.sys [109584 2012-04-14] (Webroot)
3 CCDECODE; C:\Windows\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
3 cecnuvc; C:\Windows\System32\Drivers\cec_uvc.sys [48176 2009-04-10] (Chicony Electronics Co., Ltd.)
2 EAPPkt; C:\Windows\System32\DRIVERS\EAPPkt.sys [38144 2007-10-09] (Realtek)
3 HDAudBus; C:\Windows\System32\DRIVERS\HDAudBus.sys [144384 2008-04-14] (Windows ® Server 2003 DDK provider)
3 ialm; C:\Windows\System32\DRIVERS\igxpmp32.sys [5854752 2008-02-15] (Intel Corporation)
3 IntcAzAudAddService; C:\Windows\System32\drivers\RtkHDAud.sys [5870080 2009-07-29] (Realtek Semiconductor Corp.)
3 Monfilt; C:\Windows\System32\drivers\Monfilt.sys [1389056 2006-01-04] (Creative Technology Ltd.)
3 NABTSFEC; C:\Windows\System32\DRIVERS\NABTSFEC.sys [85248 2008-04-13] (Microsoft Corporation)
3 NdisIP; C:\Windows\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
2 Netdevio; C:\Windows\System32\DRIVERS\netdevio.sys [12032 2003-01-29] (TOSHIBA Corporation.)
3 PSched; C:\Windows\System32\DRIVERS\psched.sys [69120 2008-04-14] (Microsoft Corporation)
3 Ptilink; C:\Windows\System32\DRIVERS\ptilink.sys [17792 2008-04-14] (Parallel Technologies, Inc.)
3 RTL8187B; C:\Windows\System32\DRIVERS\wg111v3.sys [287232 2007-12-28] (Realtek Semiconductor Corporation )
3 RTLE8023xp; C:\Windows\System32\DRIVERS\Rtenicxp.sys [120064 2009-01-22] (Realtek Semiconductor Corporation )
3 SLIP; C:\Windows\System32\DRIVERS\SLIP.sys [11136 2008-04-13] (Microsoft Corporation)
1 sp_rsdrv2; \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys [142592 2010-03-11] ()
3 streamip; C:\Windows\System32\DRIVERS\StreamIP.sys [15232 2008-04-13] (Microsoft Corporation)
3 tdcmdpst; C:\Windows\System32\DRIVERS\tdcmdpst.sys [16128 2007-02-22] (TOSHIBA Corporation.)
2 tdudf; C:\Windows\System32\DRIVERS\tdudf.sys [105856 2007-03-26] (TOSHIBA Corporation)
0 Thpdrv; C:\Windows\System32\DRIVERS\thpdrv.sys [28536 2008-08-21] (TOSHIBA Corporation)
0 Thpevm; C:\Windows\System32\DRIVERS\Thpevm.SYS [6528 2007-09-04] (TOSHIBA Corporation)
3 tosporte; C:\Windows\System32\DRIVERS\tosporte.sys [46984 2009-06-17] (TOSHIBA Corporation)
3 tosrfbd; C:\Windows\System32\DRIVERS\tosrfbd.sys [143720 2009-07-06] (TOSHIBA CORPORATION)
3 tosrfbnp; C:\Windows\System32\Drivers\tosrfbnp.sys [36992 2009-06-11] (TOSHIBA Corporation)
1 Tosrfcom; C:\Windows\System32\Drivers\tosrfcom.sys [69352 2009-06-23] (TOSHIBA Corporation)
3 tosrfec; C:\Windows\System32\DRIVERS\tosrfec.sys [15216 2009-07-14] (TOSHIBA Corporation)
3 Tosrfhid; C:\Windows\System32\DRIVERS\Tosrfhid.sys [74368 2009-05-20] (TOSHIBA Corporation.)
3 tosrfnds; C:\Windows\System32\DRIVERS\tosrfnds.sys [21608 2009-06-18] (TOSHIBA Corporation.)
3 TosRfSnd; C:\Windows\System32\drivers\tosrfsnd.sys [59888 2009-06-19] (TOSHIBA Corporation)
3 Tosrfusb; C:\Windows\System32\DRIVERS\tosrfusb.sys [48888 2009-06-19] (TOSHIBA CORPORATION)
1 TPwSav; \??\C:\WINDOWS\system32\drivers\TPwSav.sys [17192 2008-07-24] (TOSHIBA )
2 trudf; C:\Windows\System32\DRIVERS\trudf.sys [134016 2007-02-19] (TOSHIBA Corporation)
0 TVALZ; C:\Windows\System32\DRIVERS\TVALZ_O.SYS [23512 2009-03-12] (TOSHIBA Corporation)
3 UVCFTR; C:\Windows\System32\Drivers\UVCFTR_S.SYS [17960 2009-04-10] (Chicony Electronics Co., Ltd.)
0 WRkrn; C:\Windows\System32\drivers\WRkrn.sys [109584 2012-04-14] (Webroot)
3 WSIMD; C:\Windows\System32\DRIVERS\wsimd.sys [58208 2009-03-17] (Atheros Communications, Inc.)
3 WSTCODEC; C:\Windows\System32\DRIVERS\WSTCODEC.SYS [19200 2008-04-13] (Microsoft Corporation)
4 Abiosdsk; [x]
4 abp480n5; [x]
4 adpu160m; [x]
4 Aha154x; [x]
4 aic78u2; [x]
4 aic78xx; [x]
4 AliIde; [x]
4 amsint; [x]
4 asc; [x]
4 asc3350p; [x]
4 asc3550; [x]
4 Atdisk; [x]
4 cd20xrnt; [x]
1 Changer; [x]
4 CmdIde; [x]
4 Cpqarray; [x]
3 cpuz132; \??\C:\DOCUME~1\FAIRCL~1\LOCALS~1\Temp\cpuz132\cpuz132_x32.sys [x]
4 dac2w2k; [x]
4 dac960nt; [x]
4 dpti2o; [x]
4 hpn; [x]
1 i2omgmt; [x]
4 i2omp; [x]
4 ini910u; [x]
4 IntelIde; [x]
1 lbrtfdc; [x]
4 mraid35x; [x]
1 PCIDump; [x]
3 PDCOMP; [x]
3 PDFRAME; [x]
3 PDRELI; [x]
3 PDRFRAME; [x]
4 perc2; [x]
4 perc2hib; [x]
4 ql1080; [x]
4 Ql10wnt; [x]
4 ql12160; [x]
4 ql1240; [x]
4 ql1280; [x]
3 RtsUIR; C:\Windows\System32\DRIVERS\Rts516xIR.sys [x]
1 Sfloppy; [x]
4 Simbad; [x]
4 Sparrow; [x]
4 symc810; [x]
4 symc8xx; [x]
4 sym_hi; [x]
4 sym_u3; [x]
4 TosIde; [x]
4 ultra; [x]
3 USBCCID; C:\Windows\System32\DRIVERS\RtsUCcid.sys [x]
4 ViaIde; [x]
3 WDICA; [x]

========================== NetSvcs (Whitelisted) ===========

============ One Month Created Files and Folders ==============



============ 3 Months Modified Files and Folders ===============

2012-05-22 21:19 - 2012-05-22 19:54 - 0000000 ____D C:\FRST
2012-04-14 20:13 - 2010-10-10 11:41 - 0000000 ____D C:\Documents and Settings\Faircloth\Application Data\BitTorrent
2012-04-14 20:10 - 2012-04-14 18:10 - 0000664 ____A C:\Windows\System32\d3d9caps.dat
2012-04-14 20:09 - 2012-04-14 20:09 - 0109584 ____A (Webroot) C:\Windows\System32\Drivers\awprDvyd.sys
2012-04-14 19:53 - 2012-02-18 21:43 - 0000000 ____D C:\Documents and Settings\All Users\Application Data\WRData
2012-04-14 19:47 - 2010-03-11 21:55 - 0000000 ____D C:\Documents and Settings\Faircloth\Application Data\Spyware Terminator
2012-04-14 19:46 - 2012-02-18 21:44 - 0146104 ____A (Webroot) C:\Windows\System32\WRusr.dll
2012-04-14 19:46 - 2012-02-18 21:44 - 0109584 ____A (Webroot) C:\Windows\System32\Drivers\WRkrn.sys
2012-04-14 19:46 - 2010-03-11 21:55 - 0000000 ____D C:\Program Files\Spyware Terminator
2012-04-14 19:32 - 2009-11-28 01:32 - 0000886 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-04-14 16:53 - 2010-10-05 05:14 - 0000430 ___AH C:\Windows\Tasks\User_Feed_Synchronization-{01A95FD4-E392-4044-B6F9-191CC3FFBD47}.job
2012-04-12 21:56 - 2009-11-24 21:51 - 0000000 ___RD C:\Documents and Settings\Faircloth\My Documents\My Pictures
2012-04-10 00:55 - 2010-01-03 03:52 - 0000000 ____D C:\Documents and Settings\All Users\Documents\My Slide Shows
2012-04-06 18:26 - 2011-01-06 13:38 - 0000000 ____D C:\Documents and Settings\Faircloth\Local Settings\Application Data\Productivity_1.12
2012-04-04 13:22 - 2012-02-18 21:43 - 0000000 ____D C:\Program Files\Webroot
2012-03-31 15:32 - 2009-11-28 01:32 - 0000882 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-03-26 12:29 - 2010-02-15 23:14 - 0000387 ____A C:\Windows\RTacDbg.txt
2012-03-26 12:28 - 2010-01-03 03:52 - 0000062 __ASH C:\Documents and Settings\kodak\Local Settings\desktop.ini
2012-03-26 12:28 - 2009-11-24 21:51 - 0000062 __ASH C:\Documents and Settings\Faircloth\Local Settings\desktop.ini
2012-03-26 12:28 - 2009-09-08 09:58 - 0001158 ____A C:\Windows\System32\wpa.dbl
2012-03-26 12:28 - 2009-09-08 09:26 - 0000006 ___AH C:\Windows\Tasks\SA.DAT
2012-03-26 12:28 - 2009-09-08 02:20 - 0000049 ____A C:\Windows\wiaservc.log
2012-03-26 12:28 - 2009-09-08 02:19 - 0000159 ____A C:\Windows\wiadebug.log
2012-03-26 12:27 - 2009-10-25 01:46 - 1063702528 __ASH C:\hiberfil.sys
2012-03-26 12:27 - 2009-09-08 09:26 - 0000062 __ASH C:\Documents and Settings\NetworkService\Local Settings\desktop.ini
2012-03-26 12:27 - 2009-09-08 09:26 - 0000062 __ASH C:\Documents and Settings\LocalService\Local Settings\desktop.ini
2012-03-26 12:26 - 2009-11-24 21:51 - 0000178 ___SH C:\Documents and Settings\Faircloth\ntuser.ini
2012-03-26 12:26 - 2009-09-08 09:26 - 0032620 ____A C:\Windows\SchedLgU.Txt
2012-03-26 12:26 - 2009-09-08 09:22 - 1901359 ____A C:\Windows\WindowsUpdate.log
2012-03-23 23:27 - 2009-11-24 22:14 - 0000000 ____D C:\Documents and Settings\Faircloth\Local Settings\Application Data\Google
2012-03-23 23:24 - 2012-03-23 23:24 - 0000000 ____D C:\Documents and Settings\kodak\Local Settings\Application Data\Google
2012-03-19 05:02 - 2009-09-08 09:22 - 0000000 ___SD C:\Windows\Downloaded Program Files
2012-03-19 04:58 - 2009-09-08 02:17 - 0211626 ____A C:\Windows\setupact.log
2012-03-15 23:36 - 2009-11-27 23:41 - 0002698 ___AC C:\Documents and Settings\Faircloth\Application Data\wklnhst.dat
2012-03-14 17:27 - 2009-09-08 02:18 - 0512034 ___AC C:\Windows\System32\PerfStringBackup.INI
2012-03-14 17:12 - 2009-10-25 02:03 - 0000000 ____D C:\Documents and Settings\All Users\Application Data\Norton

========================= Known DLLs (Whitelisted) ============

C:\Windows\System32\olecli32.dll is missing

========================= Bamital & volsnap Check ============

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points (XP) =====================

RP: -> 2012-02-29 22:15 - 020480 _restore{C7D732D9-4C10-4400-A0B4-2BD6FDA16F33}\RP128

RP: -> 2011-12-15 14:38 - 020480 _restore{C7D732D9-4C10-4400-A0B4-2BD6FDA16F33}\RP127

RP: -> 2011-12-14 10:12 - 020480 _restore{C7D732D9-4C10-4400-A0B4-2BD6FDA16F33}\RP126

RP: -> 2011-11-23 11:47 - 020480 _restore{C7D732D9-4C10-4400-A0B4-2BD6FDA16F33}\RP125

RP: -> 2011-11-17 01:02 - 020480 _restore{C7D732D9-4C10-4400-A0B4-2BD6FDA16F33}\RP124

RP: -> 2011-11-12 11:31 - 020480 _restore{C7D732D9-4C10-4400-A0B4-2BD6FDA16F33}\RP123

RP: -> 2011-11-10 13:04 - 020480 _restore{C7D732D9-4C10-4400-A0B4-2BD6FDA16F33}\RP122

RP: -> 2011-11-08 14:27 - 020480 _restore{C7D732D9-4C10-4400-A0B4-2BD6FDA16F33}\RP121

RP: -> 2011-10-13 10:54 - 020480 _restore{C7D732D9-4C10-4400-A0B4-2BD6FDA16F33}\RP120

RP: -> 2011-10-01 14:47 - 020480 _restore{C7D732D9-4C10-4400-A0B4-2BD6FDA16F33}\RP119

RP: -> 2011-09-28 06:50 - 020480 _restore{C7D732D9-4C10-4400-A0B4-2BD6FDA16F33}\RP118

RP: -> 2011-09-26 17:26 - 020480 _restore{C7D732D9-4C10-4400-A0B4-2BD6FDA16F33}\RP117

RP: -> 2011-09-15 20:52 - 020480 _restore{C7D732D9-4C10-4400-A0B4-2BD6FDA16F33}\RP116

RP: -> 2011-09-12 09:45 - 020480 _restore{C7D732D9-4C10-4400-A0B4-2BD6FDA16F33}\RP115

RP: -> 2011-09-10 15:37 - 020480 _restore{C7D732D9-4C10-4400-A0B4-2BD6FDA16F33}\RP114

RP: -> 2011-09-08 12:16 - 020480 _restore{C7D732D9-4C10-4400-A0B4-2BD6FDA16F33}\RP113

RP: -> 2011-09-06 20:30 - 020480 _restore{C7D732D9-4C10-4400-A0B4-2BD6FDA16F33}\RP112

RP: -> 2011-09-03 21:25 - 020480 _restore{C7D732D9-4C10-4400-A0B4-2BD6FDA16F33}\RP111

RP: -> 2011-09-02 15:45 - 020480 _restore{C7D732D9-4C10-4400-A0B4-2BD6FDA16F33}\RP110

RP: -> 2011-08-25 10:47 - 020480 _restore{C7D732D9-4C10-4400-A0B4-2BD6FDA16F33}\RP109

RP: -> 2011-08-17 10:25 - 020480 _restore{C7D732D9-4C10-4400-A0B4-2BD6FDA16F33}\RP108

RP: -> 2011-08-11 10:51 - 020480 _restore{C7D732D9-4C10-4400-A0B4-2BD6FDA16F33}\RP107

RP: -> 2011-07-25 23:17 - 020480 _restore{C7D732D9-4C10-4400-A0B4-2BD6FDA16F33}\RP106

RP: -> 2011-07-24 12:01 - 020480 _restore{C7D732D9-4C10-4400-A0B4-2BD6FDA16F33}\RP105

RP: -> 2011-07-14 15:01 - 020480 _restore{C7D732D9-4C10-4400-A0B4-2BD6FDA16F33}\RP104

RP: -> 2011-07-12 21:25 - 020480 _restore{C7D732D9-4C10-4400-A0B4-2BD6FDA16F33}\RP103


========================= Memory info ======================

Percentage of memory in use: 20%
Total physical RAM: 1014.36 MB
Available physical RAM: 806.96 MB
Total Pagefile: 901.92 MB
Available Pagefile: 827.5 MB
Total Virtual: 2047.88 MB
Available Virtual: 2002.54 MB

======================= Partitions =========================

1 Drive b: (RAMDisk) (Fixed) (Total:0.06 GB) (Free:0.06 GB) NTFS
2 Drive c: (TI105133P0A ) (Fixed) (Total:139.66 GB) (Free:24.59 GB) NTFS ==>[Drive with boot components (Windows XP)]
3 Drive e: (IOMEGAMINI) (Removable) (Total:0.06 GB) (Free:0.06 GB) FAT
4 Drive x: (ReatogoPE) (CDROM) (Total:0.43 GB) (Free:0 GB) CDFS
5 Drive y: (HDDRECOVERY) (Fixed) (Total:9.38 GB) (Free:4.56 GB) FAT32

Disk ### Status Size Free Dyn Gpt
-------- ---------- ------- ------- --- ---
Disk 0 Online 149 GB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 140 GB 32 KB
Partition 2 Primary 9 GB 140 GB
======================================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C TI105133P0A NTFS Partition 140 GB Healthy
======================================================================================================

Disk: 0
Partition 2
Type : 0C
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 Y HDDRECOVERY FAT32 Partition 9 GB Healthy
======================================================================================================
======================= End Of Log ==========================
  • 0
Back to Computer Won't Boot - Malware Related · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Computer Won't Boot - Malware Related

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP