Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Toshiba nb305 only loads to black screen with blinking white cursor [S


  • This topic is locked This topic is locked

#31
CoNtRoLlEr57706

CoNtRoLlEr57706

    Member

  • Topic Starter
  • Member
  • PipPip
  • 86 posts
haha this time the log is much longer



Scan result of Farbar Recovery Scan Tool (FRST written by farbar) Version: 23-05-2012
Ran by SYSTEM at 24-05-2012 03:49:38
Running from E:\
Microsoft Windows XP (X86) OS Language: English(US)
The current controlset is ControlSet003

========================== Registry (Whitelisted) =============

HKLM\...\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe [184320 2009-03-29] (Alps Electric Co., Ltd.)
HKLM\...\Run: [ACU] "C:\Program Files\Atheros\ACU.exe" -nogui [471128 2009-06-10] (Atheros Communications, Inc.)
HKLM\...\Run: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START [83336 2008-12-19] (TOSHIBA CORPORATION)
HKLM\...\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe" /start [424496 2009-07-27] (Chicony)
HKLM\...\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe [81920 2009-05-08] (COMPAL ELECTRONIC INC.)
HKLM\...\Run: [] [x]
HKLM\...\Run: [ThpSrv] C:\WINDOWS\system32\thpsrv /logon [x]
HKLM\...\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe [141848 2009-02-17] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe [166424 2009-02-17] (Intel Corporation)
HKLM\...\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe [137752 2009-02-17] (Intel Corporation)
HKLM\...\Run: [RTHDCPL] RTHDCPL.EXE [x]
HKLM\...\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe [869744 2009-07-01] (COMPAL ELECTRONIC INC.)
HKLM\...\Run: [TDispVol] TDispVol.exe [x]
HKLM\...\Run: [HWSetup] C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe hwSetUP [28672 2004-05-01] (TOSHIBA CO.,LTD.)
HKLM\...\Run: [ZoomingHook] ZoomingHook.exe [x]
HKLM\...\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe [159744 2007-04-09] (TOSHIBA Corporation)
HKLM\...\Run: [TAccessibility] C:\Program Files\TOSHIBA\Accessibility\TAccessibility.exe Instant [110592 2009-02-25] ()
HKLM\...\Run: [TPSMain] TPSMain.exe [x]
HKLM\...\Run: [DDWMon] C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe [311296 2007-04-13] (TOSHIBA Corporation)
HKLM\...\Run: [TUSBSleepChargeSrv] %ProgramFiles%\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe [252288 2009-07-02] (TOSHIBA)
HKLM\...\Run: [NortonOnlineBackupReminder] "C:\Program Files\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe" UNATTENDED [529256 2009-07-16] (Toshiba)
HKLM\...\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run [136816 2007-01-25] ()
HKLM\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime [417792 2009-11-11] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [141608 2010-02-15] (Apple Inc.)
HKLM\...\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" [2216960 2011-11-17] (Crawler.com)
HKLM\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [37296 2011-06-08] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-03] (Adobe Systems Incorporated)
HKLM\...\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW [1230704 2011-03-21] ()
HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [254696 2011-04-08] (Sun Microsystems, Inc.)
HKLM\...\Run: [lxddmon.exe] "C:\Program Files\Lexmark 2500 Series\lxddmon.exe" [291760 2007-06-11] ()
HKLM\...\Run: [lxddamon] "C:\Program Files\Lexmark 2500 Series\lxddamon.exe" [20480 2007-04-30] ()
HKLM\...\Run: [Reader Application Helper] C:\Program Files\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe [892928 2011-11-23] (Sony Corporation)
HKLM\...\Run: [WRSVC] "C:\Program Files\Webroot\WRSA.exe" -ul [660568 2012-04-04] (Webroot)
HKU\Default User\...\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2009-09-08] (Google Inc.)
HKU\Default User\...\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe [15360 2008-04-14] (Microsoft Corporation)
HKU\Faircloth\...\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2009-09-08] (Google Inc.)
HKU\Faircloth\...\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe [15360 2008-04-14] (Microsoft Corporation)
HKU\Faircloth\...\Policies\system: [DisableCMD] 0
HKU\Faircloth\...\Policies\system: [NoDispAppearancePage] 0
HKU\Faircloth\...\Policies\system: [NoDispBackgroundPage] 0
HKU\Faircloth\...\Policies\system: [NoDispSettingsPage] 0
HKU\kodak\...\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2009-09-08] (Google Inc.)
HKU\kodak\...\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe [15360 2008-04-14] (Microsoft Corporation)
HKU\kodak\...\Policies\system: [DisableCMD] 0
HKU\kodak\...\Policies\system: [NoDispAppearancePage] 0
HKU\kodak\...\Policies\system: [NoDispBackgroundPage] 0
HKU\kodak\...\Policies\system: [NoDispSettingsPage] 0
HKU\LocalService\...\Policies\system: [DisableCMD] 0
HKU\LocalService\...\Policies\system: [NoDispAppearancePage] 0
HKU\LocalService\...\Policies\system: [NoDispBackgroundPage] 0
HKU\LocalService\...\Policies\system: [NoDispSettingsPage] 0
HKU\NetworkService\...\Policies\system: [DisableCMD] 0
HKU\NetworkService\...\Policies\system: [NoDispAppearancePage] 0
HKU\NetworkService\...\Policies\system: [NoDispBackgroundPage] 0
HKU\NetworkService\...\Policies\system: [NoDispSettingsPage] 0
Winlogon\Notify\crypt32chain: crypt32.dll (Microsoft Corporation)
Winlogon\Notify\cryptnet: cryptnet.dll (Microsoft Corporation)
Winlogon\Notify\cscdll: cscdll.dll (Microsoft Corporation)
Winlogon\Notify\dimsntfy: %SystemRoot%\System32\dimsntfy.dll (Microsoft Corporation)
Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
Winlogon\Notify\ScCertProp: wlnotify.dll (Microsoft Corporation)
Winlogon\Notify\Schedule: wlnotify.dll (Microsoft Corporation)
Winlogon\Notify\sclgntfy: sclgntfy.dll (Microsoft Corporation)
Winlogon\Notify\SensLogn: WlNotify.dll (Microsoft Corporation)
Winlogon\Notify\termsrv: wlnotify.dll (Microsoft Corporation)
Winlogon\Notify\WgaLogon: WgaLogon.dll (Microsoft Corporation)
Winlogon\Notify\wlballoon: wlnotify.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 24.220.0.10 24.220.0.11
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth Manager.lnk
ShortcutTarget: Bluetooth Manager.lnk -> C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NETGEAR WG111v3 Smart Wizard.lnk
ShortcutTarget: NETGEAR WG111v3 Smart Wizard.lnk -> C:\Program Files\NETGEAR\WG111v3\WG111v3.exe ()

================================ Services (Whitelisted) ==================

2 ACS; C:\WINDOWS\system32\acs.exe [499796 2009-06-10] (Atheros)
2 Apple Mobile Device; "C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe" [144672 2009-08-28] (Apple Inc.)
2 CFSvcs; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [40960 2005-01-17] (TOSHIBA CORPORATION)
2 Eventlog; C:\Windows\System32\services.exe [110592 2009-02-06] (Microsoft Corporation)
3 GameConsoleService; "C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe" [250616 2009-05-22] (WildTangent, Inc.)
2 gupdate1ca6fc050bdcb20; "C:\Program Files\Google\Update\GoogleUpdate.exe" /svc [133104 2009-11-27] (Google Inc.)
2 KodakDigitalDisplayService; "C:\Program Files\Kodak\Digital Display\OrbKodakLauncher\DllStartupService.exe" [98304 2008-08-08] (Orb Networks, Inc.)
2 lxddCATSCustConnectService; C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxddserv.exe [99248 2007-05-25] (Lexmark International, Inc.)
2 lxdd_device; C:\WINDOWS\system32\lxddcoms.exe -service [537520 2007-05-25] ( )
2 pinger; C:\TOSHIBA\IVP\ISM\pinger.exe [136816 2007-01-25] ()
2 SNMP; C:\Windows\System32\snmp.exe [33280 2008-04-14] (Microsoft Corporation)
3 Sony SCSI Helper Service; "C:\Program Files\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe" [73728 2011-09-23] (Sony Corporation)
2 sp_rssrv; "C:\Program Files\Spyware Terminator\sp_rsser.exe" [496128 2011-11-17] (Crawler.com)
2 Thpsrv; C:\WINDOWS\system32\ThpSrv.exe [523320 2008-08-22] (TOSHIBA Corporation)
2 TODDSrv; C:\WINDOWS\system32\TODDSrv.exe [129632 2007-11-21] (TOSHIBA Corporation)
2 TOSHIBA Bluetooth Service; C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe [144752 2009-06-20] (TOSHIBA CORPORATION)
2 WRSVC; "C:\Program Files\Webroot\WRSA.exe" -service [660568 2012-04-04] (Webroot)
3 AppMgmt; C:\Windows\System32\appmgmts.dll [x]
3 clr_optimization_v2.0.50727_32; c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [x]
3 FontCache3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [x]
4 HidServ; C:\Windows\System32\hidserv.dll [x]
3 idsvc; "c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe" [x]
2 JavaQuickStarterService; "C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf" [x]
4 NetTcpPortSharing; "c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe" [x]
2 Swupdtmr; c:\TOSHIBA\IVP\swupdate\swupdtmr.exe [x]

========================== Drivers (Whitelisted) =============

2 AegisP; C:\Windows\System32\DRIVERS\AegisP.sys [21035 2010-02-15] (Meetinghouse Data Communications)
3 Ambfilt; C:\Windows\System32\drivers\Ambfilt.sys [1684736 2008-08-05] (Creative)
3 ApfiltrService; C:\Windows\System32\DRIVERS\Apfiltr.sys [166448 2008-02-07] (Alps Electric Co., Ltd.)
3 AR5416; C:\Windows\System32\DRIVERS\athw.sys [1574112 2009-06-22] (Atheros Communications, Inc.)
0 awprDvyd; C:\Windows\System32\drivers\awprDvyd.sys [109584 2012-04-14] (Webroot)
3 CCDECODE; C:\Windows\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
3 cecnuvc; C:\Windows\System32\Drivers\cec_uvc.sys [48176 2009-04-10] (Chicony Electronics Co., Ltd.)
2 EAPPkt; C:\Windows\System32\DRIVERS\EAPPkt.sys [38144 2007-10-09] (Realtek)
3 HDAudBus; C:\Windows\System32\DRIVERS\HDAudBus.sys [144384 2008-04-14] (Windows ® Server 2003 DDK provider)
3 ialm; C:\Windows\System32\DRIVERS\igxpmp32.sys [5854752 2008-02-15] (Intel Corporation)
3 IntcAzAudAddService; C:\Windows\System32\drivers\RtkHDAud.sys [5870080 2009-07-29] (Realtek Semiconductor Corp.)
3 Monfilt; C:\Windows\System32\drivers\Monfilt.sys [1389056 2006-01-04] (Creative Technology Ltd.)
3 NABTSFEC; C:\Windows\System32\DRIVERS\NABTSFEC.sys [85248 2008-04-13] (Microsoft Corporation)
3 NdisIP; C:\Windows\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
2 Netdevio; C:\Windows\System32\DRIVERS\netdevio.sys [12032 2003-01-29] (TOSHIBA Corporation.)
3 PSched; C:\Windows\System32\DRIVERS\psched.sys [69120 2008-04-14] (Microsoft Corporation)
3 Ptilink; C:\Windows\System32\DRIVERS\ptilink.sys [17792 2008-04-14] (Parallel Technologies, Inc.)
3 RTL8187B; C:\Windows\System32\DRIVERS\wg111v3.sys [287232 2007-12-28] (Realtek Semiconductor Corporation )
3 RTLE8023xp; C:\Windows\System32\DRIVERS\Rtenicxp.sys [120064 2009-01-22] (Realtek Semiconductor Corporation )
3 SLIP; C:\Windows\System32\DRIVERS\SLIP.sys [11136 2008-04-13] (Microsoft Corporation)
1 sp_rsdrv2; \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys [142592 2010-03-11] ()
3 streamip; C:\Windows\System32\DRIVERS\StreamIP.sys [15232 2008-04-13] (Microsoft Corporation)
3 tdcmdpst; C:\Windows\System32\DRIVERS\tdcmdpst.sys [16128 2007-02-22] (TOSHIBA Corporation.)
2 tdudf; C:\Windows\System32\DRIVERS\tdudf.sys [105856 2007-03-26] (TOSHIBA Corporation)
0 Thpdrv; C:\Windows\System32\DRIVERS\thpdrv.sys [28536 2008-08-21] (TOSHIBA Corporation)
0 Thpevm; C:\Windows\System32\DRIVERS\Thpevm.SYS [6528 2007-09-04] (TOSHIBA Corporation)
3 tosporte; C:\Windows\System32\DRIVERS\tosporte.sys [46984 2009-06-17] (TOSHIBA Corporation)
3 tosrfbd; C:\Windows\System32\DRIVERS\tosrfbd.sys [143720 2009-07-06] (TOSHIBA CORPORATION)
3 tosrfbnp; C:\Windows\System32\Drivers\tosrfbnp.sys [36992 2009-06-11] (TOSHIBA Corporation)
1 Tosrfcom; C:\Windows\System32\Drivers\tosrfcom.sys [69352 2009-06-23] (TOSHIBA Corporation)
3 tosrfec; C:\Windows\System32\DRIVERS\tosrfec.sys [15216 2009-07-14] (TOSHIBA Corporation)
3 Tosrfhid; C:\Windows\System32\DRIVERS\Tosrfhid.sys [74368 2009-05-20] (TOSHIBA Corporation.)
3 tosrfnds; C:\Windows\System32\DRIVERS\tosrfnds.sys [21608 2009-06-18] (TOSHIBA Corporation.)
3 TosRfSnd; C:\Windows\System32\drivers\tosrfsnd.sys [59888 2009-06-19] (TOSHIBA Corporation)
3 Tosrfusb; C:\Windows\System32\DRIVERS\tosrfusb.sys [48888 2009-06-19] (TOSHIBA CORPORATION)
1 TPwSav; \??\C:\WINDOWS\system32\drivers\TPwSav.sys [17192 2008-07-24] (TOSHIBA )
2 trudf; C:\Windows\System32\DRIVERS\trudf.sys [134016 2007-02-19] (TOSHIBA Corporation)
0 TVALZ; C:\Windows\System32\DRIVERS\TVALZ_O.SYS [23512 2009-03-12] (TOSHIBA Corporation)
3 UVCFTR; C:\Windows\System32\Drivers\UVCFTR_S.SYS [17960 2009-04-10] (Chicony Electronics Co., Ltd.)
0 WRkrn; C:\Windows\System32\drivers\WRkrn.sys [109584 2012-04-14] (Webroot)
3 WSIMD; C:\Windows\System32\DRIVERS\wsimd.sys [58208 2009-03-17] (Atheros Communications, Inc.)
3 WSTCODEC; C:\Windows\System32\DRIVERS\WSTCODEC.SYS [19200 2008-04-13] (Microsoft Corporation)
4 Abiosdsk; [x]
4 abp480n5; [x]
4 adpu160m; [x]
4 Aha154x; [x]
4 aic78u2; [x]
4 aic78xx; [x]
4 AliIde; [x]
4 amsint; [x]
4 asc; [x]
4 asc3350p; [x]
4 asc3550; [x]
4 Atdisk; [x]
4 cd20xrnt; [x]
1 Changer; [x]
4 CmdIde; [x]
4 Cpqarray; [x]
3 cpuz132; \??\C:\DOCUME~1\FAIRCL~1\LOCALS~1\Temp\cpuz132\cpuz132_x32.sys [x]
4 dac2w2k; [x]
4 dac960nt; [x]
4 dpti2o; [x]
4 hpn; [x]
1 i2omgmt; [x]
4 i2omp; [x]
4 ini910u; [x]
4 IntelIde; [x]
1 lbrtfdc; [x]
4 mraid35x; [x]
1 PCIDump; [x]
3 PDCOMP; [x]
3 PDFRAME; [x]
3 PDRELI; [x]
3 PDRFRAME; [x]
4 perc2; [x]
4 perc2hib; [x]
4 ql1080; [x]
4 Ql10wnt; [x]
4 ql12160; [x]
4 ql1240; [x]
4 ql1280; [x]
3 RtsUIR; C:\Windows\System32\DRIVERS\Rts516xIR.sys [x]
1 Sfloppy; [x]
4 Simbad; [x]
4 Sparrow; [x]
4 symc810; [x]
4 symc8xx; [x]
4 sym_hi; [x]
4 sym_u3; [x]
4 TosIde; [x]
4 ultra; [x]
3 USBCCID; C:\Windows\System32\DRIVERS\RtsUCcid.sys [x]
4 ViaIde; [x]
3 WDICA; [x]

========================== NetSvcs (Whitelisted) ===========

============ One Month Created Files and Folders ==============

2012-05-22 19:54 - 2012-05-22 21:29 - 0000000 ____D C:\FRST


============ 3 Months Modified Files and Folders ===============

2012-05-22 21:29 - 2012-05-22 19:54 - 0000000 ____D C:\FRST
2012-04-14 20:13 - 2010-10-10 11:41 - 0000000 ____D C:\Documents and Settings\Faircloth\Application Data\BitTorrent
2012-04-14 20:10 - 2012-04-14 18:10 - 0000664 ____A C:\Windows\System32\d3d9caps.dat
2012-04-14 20:09 - 2012-04-14 20:09 - 0109584 ____A (Webroot) C:\Windows\System32\Drivers\awprDvyd.sys
2012-04-14 19:53 - 2012-02-18 21:43 - 0000000 ____D C:\Documents and Settings\All Users\Application Data\WRData
2012-04-14 19:47 - 2010-03-11 21:55 - 0000000 ____D C:\Documents and Settings\Faircloth\Application Data\Spyware Terminator
2012-04-14 19:46 - 2012-02-18 21:44 - 0146104 ____A (Webroot) C:\Windows\System32\WRusr.dll
2012-04-14 19:46 - 2012-02-18 21:44 - 0109584 ____A (Webroot) C:\Windows\System32\Drivers\WRkrn.sys
2012-04-14 19:46 - 2010-03-11 21:55 - 0000000 ____D C:\Program Files\Spyware Terminator
2012-04-14 19:32 - 2009-11-28 01:32 - 0000886 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-04-14 16:53 - 2010-10-05 05:14 - 0000430 ___AH C:\Windows\Tasks\User_Feed_Synchronization-{01A95FD4-E392-4044-B6F9-191CC3FFBD47}.job
2012-04-12 21:56 - 2009-11-24 21:51 - 0000000 ___RD C:\Documents and Settings\Faircloth\My Documents\My Pictures
2012-04-10 00:55 - 2010-01-03 03:52 - 0000000 ____D C:\Documents and Settings\All Users\Documents\My Slide Shows
2012-04-06 18:26 - 2011-01-06 13:38 - 0000000 ____D C:\Documents and Settings\Faircloth\Local Settings\Application Data\Productivity_1.12
2012-04-04 13:22 - 2012-02-18 21:43 - 0000000 ____D C:\Program Files\Webroot
2012-03-31 15:32 - 2009-11-28 01:32 - 0000882 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-03-26 12:29 - 2010-02-15 23:14 - 0000387 ____A C:\Windows\RTacDbg.txt
2012-03-26 12:28 - 2010-01-03 03:52 - 0000062 __ASH C:\Documents and Settings\kodak\Local Settings\desktop.ini
2012-03-26 12:28 - 2009-11-24 21:51 - 0000062 __ASH C:\Documents and Settings\Faircloth\Local Settings\desktop.ini
2012-03-26 12:28 - 2009-09-08 09:58 - 0001158 ____A C:\Windows\System32\wpa.dbl
2012-03-26 12:28 - 2009-09-08 09:26 - 0000006 ___AH C:\Windows\Tasks\SA.DAT
2012-03-26 12:28 - 2009-09-08 02:20 - 0000049 ____A C:\Windows\wiaservc.log
2012-03-26 12:28 - 2009-09-08 02:19 - 0000159 ____A C:\Windows\wiadebug.log
2012-03-26 12:27 - 2009-10-25 01:46 - 1063702528 __ASH C:\hiberfil.sys
2012-03-26 12:27 - 2009-09-08 09:26 - 0000062 __ASH C:\Documents and Settings\NetworkService\Local Settings\desktop.ini
2012-03-26 12:27 - 2009-09-08 09:26 - 0000062 __ASH C:\Documents and Settings\LocalService\Local Settings\desktop.ini
2012-03-26 12:26 - 2009-11-24 21:51 - 0000178 ___SH C:\Documents and Settings\Faircloth\ntuser.ini
2012-03-26 12:26 - 2009-09-08 09:26 - 0032620 ____A C:\Windows\SchedLgU.Txt
2012-03-26 12:26 - 2009-09-08 09:22 - 1901359 ____A C:\Windows\WindowsUpdate.log
2012-03-23 23:27 - 2009-11-24 22:14 - 0000000 ____D C:\Documents and Settings\Faircloth\Local Settings\Application Data\Google
2012-03-23 23:24 - 2012-03-23 23:24 - 0000000 ____D C:\Documents and Settings\kodak\Local Settings\Application Data\Google
2012-03-19 05:02 - 2009-09-08 09:22 - 0000000 ___SD C:\Windows\Downloaded Program Files
2012-03-19 04:58 - 2009-09-08 02:17 - 0211626 ____A C:\Windows\setupact.log
2012-03-15 23:36 - 2009-11-27 23:41 - 0002698 ___AC C:\Documents and Settings\Faircloth\Application Data\wklnhst.dat
2012-03-14 17:27 - 2009-09-08 02:18 - 0512034 ___AC C:\Windows\System32\PerfStringBackup.INI
2012-03-14 17:12 - 2009-10-25 02:03 - 0000000 ____D C:\Documents and Settings\All Users\Application Data\Norton

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points (XP) =====================

RP: -> 2012-02-29 22:15 - 020480 _restore{C7D732D9-4C10-4400-A0B4-2BD6FDA16F33}\RP128

RP: -> 2011-12-15 14:38 - 020480 _restore{C7D732D9-4C10-4400-A0B4-2BD6FDA16F33}\RP127

RP: -> 2011-12-14 10:12 - 020480 _restore{C7D732D9-4C10-4400-A0B4-2BD6FDA16F33}\RP126

RP: -> 2011-11-23 11:47 - 020480 _restore{C7D732D9-4C10-4400-A0B4-2BD6FDA16F33}\RP125

RP: -> 2011-11-17 01:02 - 020480 _restore{C7D732D9-4C10-4400-A0B4-2BD6FDA16F33}\RP124

RP: -> 2011-11-12 11:31 - 020480 _restore{C7D732D9-4C10-4400-A0B4-2BD6FDA16F33}\RP123

RP: -> 2011-11-10 13:04 - 020480 _restore{C7D732D9-4C10-4400-A0B4-2BD6FDA16F33}\RP122

RP: -> 2011-11-08 14:27 - 020480 _restore{C7D732D9-4C10-4400-A0B4-2BD6FDA16F33}\RP121

RP: -> 2011-10-13 10:54 - 020480 _restore{C7D732D9-4C10-4400-A0B4-2BD6FDA16F33}\RP120

RP: -> 2011-10-01 14:47 - 020480 _restore{C7D732D9-4C10-4400-A0B4-2BD6FDA16F33}\RP119

RP: -> 2011-09-28 06:50 - 020480 _restore{C7D732D9-4C10-4400-A0B4-2BD6FDA16F33}\RP118

RP: -> 2011-09-26 17:26 - 020480 _restore{C7D732D9-4C10-4400-A0B4-2BD6FDA16F33}\RP117

RP: -> 2011-09-15 20:52 - 020480 _restore{C7D732D9-4C10-4400-A0B4-2BD6FDA16F33}\RP116

RP: -> 2011-09-12 09:45 - 020480 _restore{C7D732D9-4C10-4400-A0B4-2BD6FDA16F33}\RP115

RP: -> 2011-09-10 15:37 - 020480 _restore{C7D732D9-4C10-4400-A0B4-2BD6FDA16F33}\RP114

RP: -> 2011-09-08 12:16 - 020480 _restore{C7D732D9-4C10-4400-A0B4-2BD6FDA16F33}\RP113

RP: -> 2011-09-06 20:30 - 020480 _restore{C7D732D9-4C10-4400-A0B4-2BD6FDA16F33}\RP112

RP: -> 2011-09-03 21:25 - 020480 _restore{C7D732D9-4C10-4400-A0B4-2BD6FDA16F33}\RP111

RP: -> 2011-09-02 15:45 - 020480 _restore{C7D732D9-4C10-4400-A0B4-2BD6FDA16F33}\RP110

RP: -> 2011-08-25 10:47 - 020480 _restore{C7D732D9-4C10-4400-A0B4-2BD6FDA16F33}\RP109

RP: -> 2011-08-17 10:25 - 020480 _restore{C7D732D9-4C10-4400-A0B4-2BD6FDA16F33}\RP108

RP: -> 2011-08-11 10:51 - 020480 _restore{C7D732D9-4C10-4400-A0B4-2BD6FDA16F33}\RP107

RP: -> 2011-07-25 23:17 - 020480 _restore{C7D732D9-4C10-4400-A0B4-2BD6FDA16F33}\RP106

RP: -> 2011-07-24 12:01 - 020480 _restore{C7D732D9-4C10-4400-A0B4-2BD6FDA16F33}\RP105

RP: -> 2011-07-14 15:01 - 020480 _restore{C7D732D9-4C10-4400-A0B4-2BD6FDA16F33}\RP104

RP: -> 2011-07-12 21:25 - 020480 _restore{C7D732D9-4C10-4400-A0B4-2BD6FDA16F33}\RP103


========================= Memory info ======================

Percentage of memory in use: 19%
Total physical RAM: 1014.36 MB
Available physical RAM: 814.41 MB
Total Pagefile: 901.92 MB
Available Pagefile: 831.92 MB
Total Virtual: 2047.88 MB
Available Virtual: 2001.54 MB

======================= Partitions =========================

1 Drive b: (RAMDisk) (Fixed) (Total:0.06 GB) (Free:0.06 GB) NTFS
2 Drive c: (TI105133P0A ) (Fixed) (Total:139.66 GB) (Free:24.59 GB) NTFS ==>[Drive with boot components (Windows XP)]
3 Drive e: (IOMEGAMINI) (Removable) (Total:0.06 GB) (Free:0.06 GB) FAT
4 Drive x: (ReatogoPE) (CDROM) (Total:0.43 GB) (Free:0 GB) CDFS
5 Drive y: (HDDRECOVERY) (Fixed) (Total:9.38 GB) (Free:4.56 GB) FAT32

Disk ### Status Size Free Dyn Gpt
-------- ---------- ------- ------- --- ---
Disk 0 Online 149 GB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 140 GB 32 KB
Partition 2 Primary 9 GB 140 GB
======================================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C TI105133P0A NTFS Partition 140 GB Healthy
======================================================================================================

Disk: 0
Partition 2
Type : 0C
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 Y HDDRECOVERY FAT32 Partition 9 GB Healthy
======================================================================================================
======================= End Of Log ==========================
  • 0

Advertisements


#32
CoNtRoLlEr57706

CoNtRoLlEr57706

    Member

  • Topic Starter
  • Member
  • PipPip
  • 86 posts
the last must have gotten ninji chopped by the ailing computer :ph34r:
  • 0

#33
CompCav

CompCav

    Member 5k

  • Expert
  • 12,454 posts

the last must have gotten ninji chopped by the ailing computer :ph34r:

It was certainly interesting :D


Download the enclosed file. Attached File  fixlist.txt   86bytes   541 downloads


Save it in the USB drive.

Insert the USB drive into the ailing computer. Run FRST as you did before, except that this time around click on the Fix button.

The tool will make a log on the flashdrive (Fixlog.txt) please post it it your reply.

Attempt to boot in Normal Mode. If successful, run Combofix as follows:

Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.



Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now
  • 0

#34
CoNtRoLlEr57706

CoNtRoLlEr57706

    Member

  • Topic Starter
  • Member
  • PipPip
  • 86 posts
fix log

Fix result of Farbar Recovery Tool (FRST written by farbar) Version: 23-05-2012
Ran by SYSTEM at 2012-05-24 04:15:04 Run:3
Running from E:\

==============================================


========= copy /y e:\olecli32.dll c:\Windows\System32\ =========

1 file(s) copied.

========= End of CMD: =========


==== End of Fixlog ====
  • 0

#35
CompCav

CompCav

    Member 5k

  • Expert
  • 12,454 posts
I attached a new fixlist.txt so you need to download it and replace the one on the USB drive with this one. The new one has this in it:

RP: -> 2012-02-29 22:15 - 020480 _restore{C7D732D9-4C10-4400-A0B4-2BD6FDA16F33}\RP128

You reran the previous one that I gave you back in a much earlier post.
  • 0

#36
CoNtRoLlEr57706

CoNtRoLlEr57706

    Member

  • Topic Starter
  • Member
  • PipPip
  • 86 posts
hehe i realized i had more than one fix log on there right when u posted this here is the new fix log


Fix result of Farbar Recovery Tool (FRST written by farbar) Version: 23-05-2012
Ran by SYSTEM at 2012-05-24 05:31:58 Run:4
Running from E:\

==============================================

SAM hive was successfully restored from Restore Point.
SECURITY hive was successfully restored from Restore Point.
Software hive was successfully restored from Restore Point.
System hive was successfully restored from Restore Point.
Default hive was successfully restored from Restore Point.

==== End of Fixlog ====
  • 0

#37
CompCav

CompCav

    Member 5k

  • Expert
  • 12,454 posts
Please try to boot into normal mode. ;)
  • 0

#38
CoNtRoLlEr57706

CoNtRoLlEr57706

    Member

  • Topic Starter
  • Member
  • PipPip
  • 86 posts
booted with HDD/SSD TOSHIBA MK1655GSX-(S1) got black screen white cursor

booted with FDD got black screen white cursor
  • 0

#39
CompCav

CompCav

    Member 5k

  • Expert
  • 12,454 posts
Try this please. You will need a USB drive.

Download GETxPUD.exe to the desktop of your clean computer
  • Run GETxPUD.exe
  • A new folder will appear on the desktop.
  • Open the GETxPUD folder and click on the get&burn.bat
  • The program will download xpud_0.9.2.iso, and upon finished will open BurnCDCC ready to burn the image.
  • Click on Start and follow the prompts to burn the image to a CD.
  • Remove the USB & CD and insert it in the sick computer
  • Boot the Sick computer with the CD you just burned
  • The computer must be set to boot from the CD
  • Gently tap F12 and choose to boot from the CD
  • Follow the prompts
  • A Welcome to xPUD screen will appear
  • Press File
  • Expand mnt
  • sda1,2...usually corresponds to your HDD
  • sdb1 is likely your USB
  • Click on the folder that represents your USB drive (sdb1 ?)
  • Press Tool at the top
  • Choose Open Terminal
  • Type the following and press enter:

    dd if=/dev/sda of=mbr.bin bs=512 count=1

  • Press Enter
  • After it has finished a file will be located on your USB drive named mbr.bin
  • Remove the USB drive and insert it back in your working computer and navigate to mbr.bin, zip it up and attach it to your next reply.

This will allow me to have a look at the MasterBootRecord of your drive and see if it is infected.
  • 0

#40
CoNtRoLlEr57706

CoNtRoLlEr57706

    Member

  • Topic Starter
  • Member
  • PipPip
  • 86 posts
i am at this step
Remove the USB drive and insert it back in your working computer and navigate to mbr.bin, zip it up and attach it to your next reply.

i can neither attach the file via "attachments" i get an error message saying "error you aren't permitted to upload this kind of file. or open it on my comp saying i don't have the proper software to open with
  • 0

Advertisements


#41
CompCav

CompCav

    Member 5k

  • Expert
  • 12,454 posts
You need to do this with mbr.bin:

Making a ZIP file

Most programs will let you ZIP or Unzip from the right-click menu in Windows Explorer. You can select the 'Add to ZIP' option which will make a new archive for you in the root directory of where the file is located. That's all there is to it.


  • So right click on the file mbr.bin
  • Then select Add to ZIP
  • The zip file mbr.zip will be created.
  • You are allowed to upload zip files!

  • 0

#42
CoNtRoLlEr57706

CoNtRoLlEr57706

    Member

  • Topic Starter
  • Member
  • PipPip
  • 86 posts
good morning early bird thanks for the walk through here is the zip :thumbsup:

Attached Files

  • Attached File  mbr.zip   528bytes   500 downloads

  • 0

#43
CompCav

CompCav

    Member 5k

  • Expert
  • 12,454 posts
Now boot into Puppylinux


Next - Launch GParted which is found at Menu > System > GParted partition manager,
Click to select All Drives then click Okay

You should see a window like this:

Now you should be here:

Posted Image
Is "boot" next to your OS drive? The one that is 140 GiB

If "boot" is not next to your OS drive under "Flags", right-mouse click the OS drive (the 140 GiB) while in Gparted and select Manage Flags

In the menu that pops up, place a checkmark in boot like the picture below:
Posted Image

Then click close it will take a few seconds and then it should show boot in the line next to your OS drive like this:

C TI105133P0A 140 GB boot

Once this is done close GParted
Then shutdown Puppy Linux and Do Not Save.


Turn your computer on and see if it now boots into windows.

Please post the results.
  • 0

#44
CoNtRoLlEr57706

CoNtRoLlEr57706

    Member

  • Topic Starter
  • Member
  • PipPip
  • 86 posts
okay i will give you info as i go

at this step:
Next - Launch GParted which is found at Menu > System > GParted partition manager,
Click to select All Drives then click Okay

You should see a window like this:

Now you should be here:

here is what i see


partition:filesystem:label:size:used:unused:flags
/dev/sda1:(light blue square)ntfs:T1O5133P0A:139.66 GiB:115.06:24.60:(blank)
/dev/sda2:(green square) HDDRECOVERY:9.39GiB:4.83.GiB:4.56Gib:boot,lba
Unallocated:(grey square)unallocated:(blank):2.49MiB:(blank):(blank)

onto the next step
  • 0

#45
CoNtRoLlEr57706

CoNtRoLlEr57706

    Member

  • Topic Starter
  • Member
  • PipPip
  • 86 posts
should /dev/sda2 still have lba in the flags section?
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP