Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Toshiba Satellite Laptop Won't Boot from Hard Drive


  • This topic is locked This topic is locked
23 replies to this topic

#1 mjabaley

mjabaley

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:06:02 AM

Posted 18 September 2011 - 08:40 AM

Hi, my teenage son's Toshiba Satellite Laptop L455-S5975 won't boot from hard drive. On powering up, displays Toshiba logo and allows F2 to SETUP or F12 to Boot Menu. Does not allow F8 to Safe Mode. Without action, screen then goes to black with cursor in upper left corner. Have tried the following:

1. Made Windows 7 repair sik from other computer. Will boot from repair disk. Repair routine does not find problems.
2. Tried to restore to previous good restore point - spends much time copying files (hard drive seems to be working) but still will not reboot.
3. Removed hard drive and used EZ-CONNECT to put on USB port on other computer. Can see and copy files on hard drive.
4. Ran virus scan on hard drive using MALWAREBYTES. Found some minor viruses and repaired.
5. Reinstalled hard drive, tried booting into HDD Recovery mode by powering on while pressing "0". Displayed "HDD RECOVERY MODE" at bottom left of screen but did not do anything.
6. Tried the "remove battery, disconnect AC power, press power button for 30 seconds" trick. No success.

So now what? The hard drive seems to be okay but it's certainly not booting from there. The motherboard seems to be okay since it boots from a repair disk. I don't know what to try next.

Thanks in advance for your help!

BC AdBot (Login to Remove)

 


#2 mjabaley

mjabaley
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:06:02 AM

Posted 18 September 2011 - 11:00 AM

Forgot one other thing I did - while I had the hard drive hooked up to another computer via EZ_CONNECT, I ran chkdsk /f and chkdsk /r on it. Both completed normally with no errors.

#3 AustrAlien

AustrAlien

    Inquisitor


  • BC Advisor
  • 6,765 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cowra NSW Australia
  • Local time:10:02 PM

Posted 20 September 2011 - 05:31 AM

Hello and :welcome: to the BC forums.

Please sit tight and be patient.

I have requested that an experienced helper who specialises in malware-related un-bootable computers respond to your topic.

Thank you.
AustrAlien
Google is my friend. Make Google your friend too.

Posted Image

#4 Farbar

Farbar

    Just Curious


  • Security Developer
  • 20,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:01:02 PM

Posted 21 September 2011 - 06:26 AM

Hi mjabaley,

I will be assisting you with the issue.

  • Please attach the Malwarebyte log. I would like to take a look at those minor issues it found.
  • For x32 (x86) bit systems download Farbar Recovery Scan Tool and save it to a flash drive.
    For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

    Plug the flashdrive into the infected PC.

    Enter System Recovery Options.

    To enter System Recovery Options from the Advanced Boot Options:
    • Restart the computer.
    • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
    • Use the arrow keys to select the Repair your computer menu item.
    • Choose your language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account an click Next.

    To enter System Recovery Options by using Windows installation disc:
    • Insert the installation disc.
    • Restart your computer.
    • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
    • Click Repair your computer.
    • Choose your language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account and click Next.

    On the System Recovery Options menu you will get the following options:
    Startup Repair
    System Restore
    Windows Complete PC Restore
    Windows Memory Diagnostic Tool
    Command Prompt
  • Select Command Prompt
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.
[/list]

#5 mjabaley

mjabaley
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:06:02 AM

Posted 23 September 2011 - 07:28 AM

Thanks farbar!

1. I will upload the log when I get home tonight.
2. The laptop will not respond to F8 during startup, it only responds to F2 Setup and F12 Boot Selection. Also, there were no Windows Installation disks provided with the computer, the files are in a partition on the hard drive.

#6 Farbar

Farbar

    Just Curious


  • Security Developer
  • 20,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:01:02 PM

Posted 23 September 2011 - 07:41 AM

The recovery disc from the other computer will do. :thumbup2:

#7 mjabaley

mjabaley
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:06:02 AM

Posted 23 September 2011 - 09:21 AM

the disk I built was a repair disk - I think i can also build recovery disks. Does it matter if they are from Dell instead of Toshiba?

#8 Farbar

Farbar

    Just Curious


  • Security Developer
  • 20,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:01:02 PM

Posted 23 September 2011 - 11:13 AM

As far as you can use the repair or recovery disk to get you to System Recovery Options it will do.

#9 mjabaley

mjabaley
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:06:02 AM

Posted 23 September 2011 - 06:44 PM

Hi, attached is the malwarebytes scan log. This scan was conducted after I had copied the hard drive to another laptop. The hardrive itself was still connected as drive F:, and the contents were copied to "cal's laptop backup".

Attached Files



#10 Farbar

Farbar

    Just Curious


  • Security Developer
  • 20,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:01:02 PM

Posted 24 September 2011 - 05:40 AM

Now we know pretty sure the boot issue is malware related.

Is this a x64 bit or a x86 system?

#11 mjabaley

mjabaley
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:06:02 AM

Posted 24 September 2011 - 06:15 AM

not really sure - i thought the Windows 7 version was 32 bit. How can I check at this point?

#12 Farbar

Farbar

    Just Curious


  • Security Developer
  • 20,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:01:02 PM

Posted 24 September 2011 - 09:39 AM

Hard to say at this point, thought you might know.

What do you get if you tap F10 at startup?

#13 mjabaley

mjabaley
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:06:02 AM

Posted 24 September 2011 - 04:48 PM

If I tap F10 repeatedly I get a screen that says

PHOENIX SECURECORE ™ NB
COPYRIGHT 1985-2007 PHOENIX TECHNOLOGIES Ltd.
All Rights Reserved

KTWAA BIOS Version V1.30 900 @2.2 GHz
CPU = INTEL ® CELERON ® CPU
1910M System RAM Passed
1024 KB L2 Cache
System BIOS Shadowed
Video BIOS Shadowed
Fixed Disk 0: Toshiba MK2555GSX
ATAPI CD-ROM: MATbleepADVD-RAM UJ890AS
Mouse Initialized

#14 mjabaley

mjabaley
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:06:02 AM

Posted 24 September 2011 - 04:52 PM

interesting - the blog censors the name of the DVD drive - it's MATSH*TADVD-RAM

#15 mjabaley

mjabaley
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:06:02 AM

Posted 24 September 2011 - 05:11 PM

Attached is the FRST log file

Scan result of Farbars's Recovery Tool (FRST written by farbar) Version 2.2.2
Ran by SYSTEM at 2011-09-24 18:03:58
Running from G:\
Windows 7 Home Premium (X86) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [] [x]
HKLM\...\Run: [IgfxTray] C:\windows\system32\igfxtray.exe [141848 2009-09-02] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] C:\windows\system32\hkcmd.exe [174104 2009-09-02] (Intel Corporation)
HKLM\...\Run: [Persistence] C:\windows\system32\igfxpers.exe [151064 2009-09-02] (Intel Corporation)
HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [7625248 2009-07-28] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [1545512 2009-07-20] (Synaptics Incorporated)
HKLM\...\Run: [SVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL [352256 2009-07-09] (TOSHIBA CORPORATION)
HKLM\...\Run: [HWSetup] "C:\Program Files\TOSHIBA\Utilities\HWSetup.exe" hwSetUP [425984 2009-06-02] (TOSHIBA Electronics, Inc.)
HKLM\...\Run: [KeNotify] C:\Program Files\TOSHIBA\Utilities\KeNotify.exe [34088 2009-01-13] (TOSHIBA CORPORATION)
HKLM\...\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE [476512 2009-08-05] (TOSHIBA Corporation)
HKLM\...\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe [460088 2009-07-28] (TOSHIBA Corporation)
HKLM\...\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe [738616 2009-08-05] (TOSHIBA Corporation)
HKLM\...\Run: [ToshibaServiceStation] "C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60 [1294712 2010-11-29] (TOSHIBA Corporation)
HKLM\...\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [611672 2009-09-17] (TOSHIBA Corporation)
HKLM\...\Run: [NortonOnlineBackupReminder] "C:\Program Files\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe" UNATTENDED [529256 2009-07-16] (Toshiba)
HKLM\...\Run: [BlackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe /background [623960 2009-08-24] (Research In Motion Limited)
HKLM\...\Run: [SiteRanker] "C:\Program Files\SiteRanker\SiteRankTray.exe" [279552 2010-04-20] (Crawler, LLC)
HKLM\...\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
HKLM\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [35696 2009-10-03] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [932288 2010-09-21] (Adobe Systems Incorporated)
HKU\Cal Jabaley\...\Run: [MyTOSHIBA] "C:\Program Files\TOSHIBA\My Toshiba\MyToshiba.exe" /AUTO [264048 2009-08-06] (TOSHIBA)
HKU\Cal Jabaley\...\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2009-09-03] (Google Inc.)
HKU\Cal Jabaley\...\Run: [RebateInformer] C:\PROGRA~1\REBATE~1\REBATE~1.EXE /STARTUP [972800 2011-05-09] (Inbox.com, Inc.)
HKU\Cal Jabaley\...\Run: [Google Update] "C:\Users\Cal Jabaley\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2011-06-05] (Google Inc.)
HKU\Cal Jabaley\...\Run: [ChromeFrameHelper] "C:\Users\Cal Jabaley\AppData\Local\Google\Chrome\Application\15.0.865.0\chrome_frame_helper.exe" --startup [94776 2011-08-28] (Google Inc.)
HKU\Cal Jabaley\...\Policies\system: [disableregistrytools] 0
HKLM\...\RunOnce: [*Restore] C:\windows\system32\rstrui.exe /RUNONCE [262656 2009-07-13] (Microsoft Corporation)
Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 71.252.0.12

================================ Services (Whitelisted) ==================

2 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
2 cfWiMAXService; "C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe" [185712 2009-08-10] (TOSHIBA CORPORATION)
2 ConfigFree Service; "C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe" [46448 2009-03-10] (TOSHIBA CORPORATION)
3 GameConsoleService; "C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe" [250616 2009-05-22] (WildTangent, Inc.)
2 Norton Internet Security; "C:\Program Files\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe" /s "Norton Internet Security" /m "C:\Program Files\Norton Internet Security\Engine\16.8.0.41\diMaster.dll" /prefetch:1 [135024 2010-02-16] (Symantec Corporation)
3 TMachInfo; C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [54136 2010-11-29] (TOSHIBA Corporation)
2 TODDSrv; C:\Windows\system32\TODDSrv.exe [128344 2009-07-28] (TOSHIBA Corporation)
2 TosCoSrv; "C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe" [464224 2009-08-05] (TOSHIBA Corporation)
3 TOSHIBA HDD SSD Alert Service; "C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe" [111960 2009-09-17] (TOSHIBA Corporation)
2 uCamMonitor; C:\Program Files\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [104960 2008-09-18] (ArcSoft, Inc.)

========================== Drivers (Whitelisted) =============

3 AgereSoftModem; C:\Windows\System32\DRIVERS\AGRSM.sys [1035776 2009-07-13] (LSI Corp)
3 ArcSoftKsUFilter; C:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys [17408 2009-05-26] (ArcSoft, Inc.)
1 BHDrvx86; C:\Windows\System32\Drivers\NIS\1008000.029\BHDrvx86.sys [259632 2010-01-20] (Symantec Corporation)
1 ccHP; C:\Windows\System32\Drivers\NIS\1008000.029\ccHPx86.sys [482432 2010-02-16] (Symantec Corporation)
3 DCamUSBNovatek; C:\Windows\System32\Drivers\nvtcam.sys [2696064 2010-06-07] (Novatek)
1 eeCtrl; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [371248 2010-02-15] (Symantec Corporation)
3 EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [102448 2010-02-15] (Symantec Corporation)
1 IDSVix86; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20100312.001\IDSvix86.sys [343088 2009-10-28] (Symantec Corporation)
0 LPCFilter; C:\Windows\System32\DRIVERS\LPCFilter.sys [36208 2009-07-02] (COMPAL ELECTRONIC INC.)
3 RTL8187B; C:\Windows\System32\DRIVERS\RTL8187B.sys [376320 2009-08-13] (Realtek Semiconductor Corporation )
3 SCREAMINGBDRIVER; C:\Windows\System32\drivers\ScreamingBAudio.sys [34384 2009-12-01] (Screaming Bee LLC)
3 SRTSP; C:\Windows\System32\Drivers\NIS\1008000.029\SRTSP.SYS [308272 2009-09-03] (Symantec Corporation)
1 SRTSPX; C:\Windows\System32\drivers\NIS\1008000.029\SRTSPX.SYS [43696 2009-09-03] (Symantec Corporation)
0 SymEFA; C:\Windows\System32\drivers\NIS\1008000.029\SYMEFA.SYS [310320 2009-09-03] (Symantec Corporation)
3 SymEvent; \??\C:\windows\system32\Drivers\SYMEVENT.SYS [124976 2010-02-15] (Symantec Corporation)
3 SYMFW; C:\Windows\System32\Drivers\NIS\1008000.029\SYMFW.SYS [89904 2009-09-03] (Symantec Corporation)
1 SymIM; C:\Windows\System32\DRIVERS\SymIMv.sys [25648 2009-09-03] (Symantec Corporation)
3 SYMNDISV; C:\Windows\System32\Drivers\NIS\1008000.029\SYMNDISV.SYS [48688 2009-09-03] (Symantec Corporation)
1 SYMTDI; C:\Windows\System32\Drivers\NIS\1008000.029\SYMTDI.SYS [217136 2009-09-03] (Symantec Corporation)
3 tdcmdpst; C:\Windows\System32\DRIVERS\tdcmdpst.sys [22912 2009-07-30] (TOSHIBA Corporation.)
0 tos_sps32; C:\Windows\System32\DRIVERS\tos_sps32.sys [275536 2009-07-24] (TOSHIBA Corporation)
0 TVALZ; C:\Windows\System32\DRIVERS\TVALZ_O.SYS [23512 2009-07-14] (TOSHIBA Corporation)
3 NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100318.016\NAVENG.SYS [x]
3 NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100318.016\NAVEX15.SYS [x]
3 RSUSBSTOR; C:\Windows\System32\Drivers\RtsUStor.sys [x]
3 RtsUIR; C:\Windows\System32\DRIVERS\Rts516xIR.sys [x]
3 USBCCID; C:\Windows\System32\DRIVERS\RtsUCcid.sys [x]

========================== NetSvcs (Whitelisted) ===========

============ One Month Created Files and Folders ==============

2011-09-24 18:03 - 2011-09-24 18:04 - 0000000 ____D C:\FRST
2011-09-02 18:12 - 2011-09-02 18:12 - 0000184 ___AH C:\Users\All Users\~P1kAlMiG2Kb7Fzr
2011-09-02 18:12 - 2011-09-02 18:12 - 0000184 ___AH C:\ProgramData\~P1kAlMiG2Kb7Fzr
2011-09-02 18:11 - 2011-09-02 18:11 - 0000160 ___AH C:\Users\All Users\~P1kAlMiG2Kb7Fz
2011-09-02 18:11 - 2011-09-02 18:11 - 0000160 ___AH C:\ProgramData\~P1kAlMiG2Kb7Fz
2011-09-02 18:02 - 2011-09-02 18:02 - 0000336 ___AH C:\Users\All Users\P1kAlMiG2Kb7Fz
2011-09-02 18:02 - 2011-09-02 18:02 - 0000336 ___AH C:\ProgramData\P1kAlMiG2Kb7Fz
2011-08-26 09:57 - 2011-08-26 09:57 - 0065536 __ASH C:\Windows\System32\config\components{3fd85d2c-d00c-11e0-a9f2-002622ea72f8}.TxR.blf

============ 3 Months Modified Files and Folders ===============

2011-09-24 18:04 - 2011-09-24 18:03 - 0000000 ____D C:\FRST
2011-09-17 23:49 - 2009-09-03 00:19 - 0000000 ____D C:\Program Files\PlayReady
2011-09-17 23:48 - 2009-12-25 02:31 - 0000000 ____D C:\users\Cal Jabaley
2011-09-17 23:48 - 2009-07-13 20:52 - 0000000 ____D C:\Program Files\Windows Sidebar
2011-09-17 23:48 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\System32\wfp
2011-09-17 23:48 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\System32\Recovery
2011-09-17 23:48 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\System32\Msdtc
2011-09-17 23:48 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\System32\ias
2011-09-17 23:48 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\System32\DriverStore
2011-09-17 23:47 - 2010-08-30 17:45 - 0000000 ____D C:\Windows\Minidump
2011-09-17 23:47 - 2009-11-26 06:52 - 0000000 ____D C:\Windows\System32\Microsoft.VC80.MFC
2011-09-17 23:47 - 2009-11-26 06:48 - 0000000 ____D C:\Windows\System32\RTCOM
2011-09-17 23:47 - 2009-11-26 06:44 - 0000000 ____D C:\Windows\System32\Lang
2011-09-17 23:47 - 2009-09-03 00:22 - 0000000 ____D C:\Windows\System32\Drivers\NIS
2011-09-17 23:47 - 2009-09-03 00:21 - 0000000 ____D C:\Windows\Downloaded Installations
2011-09-17 23:47 - 2009-07-13 23:48 - 0000000 ____D C:\Windows\ShellNew
2011-09-17 23:47 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\System32\NDF
2011-09-17 23:47 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\security
2011-09-17 23:47 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\Microsoft.NET
2011-09-17 23:46 - 2011-04-10 12:27 - 0000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2011-09-17 23:46 - 2011-02-17 13:15 - 0000000 ____D C:\Users\Cal Jabaley\AppData\Roaming\Folding@home-x86
2011-09-17 23:46 - 2010-12-25 07:21 - 0000000 ____D C:\Users\Cal Jabaley\AppData\Roaming\ArcSoft
2011-09-17 23:46 - 2010-12-25 07:20 - 0000000 ____D C:\Users\All Users\ArcSoft
2011-09-17 23:46 - 2010-12-25 07:20 - 0000000 ____D C:\ProgramData\ArcSoft
2011-09-17 23:46 - 2010-12-25 07:19 - 0000000 ____D C:\Program Files\Common Files\ArcSoft
2011-09-17 23:46 - 2010-11-25 10:18 - 0000000 ____D C:\Users\Cal Jabaley\AppData\Roaming\Blackberry Desktop
2011-09-17 23:46 - 2010-05-18 16:51 - 0000000 ____D C:\Program Files\SiteRanker
2011-09-17 23:46 - 2010-05-18 16:51 - 0000000 ____D C:\Program Files\RebateInformer
2011-09-17 23:46 - 2010-05-18 16:51 - 0000000 ____D C:\Program Files\Inbox.com
2011-09-17 23:46 - 2010-03-07 07:42 - 0000000 ____D C:\Program Files\Microsoft ActiveSync
2011-09-17 23:46 - 2010-03-02 18:55 - 0000000 ____D C:\Users\Cal Jabaley\AppData\Local\Microsoft Help
2011-09-17 23:46 - 2010-02-27 19:18 - 0000000 ____D C:\Program Files\Common Files\Research In Motion
2011-09-17 23:46 - 2010-02-27 10:46 - 0000000 ____D C:\Users\Cal Jabaley\AppData\Roaming\vlc
2011-09-17 23:46 - 2010-02-27 10:45 - 0000000 ____D C:\Users\Cal Jabaley\AppData\Local\Graboid_Inc
2011-09-17 23:46 - 2010-02-27 10:45 - 0000000 ____D C:\Users\Cal Jabaley\AppData\Local\Graboid
2011-09-17 23:46 - 2010-02-27 10:44 - 0000000 ____D C:\Program Files\Mozilla ActiveX Control v1.7.12
2011-09-17 23:46 - 2010-02-24 17:33 - 0000000 ____D C:\Program Files\Audacity
2011-09-17 23:46 - 2009-12-28 10:15 - 0000000 ____D C:\Users\Cal Jabaley\AppData\Local\TOSHIBA_Corporation
2011-09-17 23:46 - 2009-12-25 02:33 - 0000000 ____D C:\Users\Cal Jabaley\AppData\Local\Toshiba
2011-09-17 23:46 - 2009-11-26 07:01 - 0000000 ____D C:\Program Files\Common Files\Toshiba Shared
2011-09-17 23:46 - 2009-11-26 06:52 - 0000000 ____D C:\Users\All Users\XP
2011-09-17 23:46 - 2009-11-26 06:52 - 0000000 ____D C:\Users\All Users\win7_64
2011-09-17 23:46 - 2009-11-26 06:52 - 0000000 ____D C:\Users\All Users\win7_32
2011-09-17 23:46 - 2009-11-26 06:52 - 0000000 ____D C:\Users\All Users\Vista64
2011-09-17 23:46 - 2009-11-26 06:52 - 0000000 ____D C:\Users\All Users\Vista32
2011-09-17 23:46 - 2009-11-26 06:52 - 0000000 ____D C:\ProgramData\XP
2011-09-17 23:46 - 2009-11-26 06:52 - 0000000 ____D C:\ProgramData\win7_64
2011-09-17 23:46 - 2009-11-26 06:52 - 0000000 ____D C:\ProgramData\win7_32
2011-09-17 23:46 - 2009-11-26 06:52 - 0000000 ____D C:\ProgramData\Vista64
2011-09-17 23:46 - 2009-11-26 06:52 - 0000000 ____D C:\ProgramData\Vista32
2011-09-17 23:46 - 2009-11-26 06:50 - 0000000 ____D C:\Program Files\Synaptics
2011-09-17 23:46 - 2009-11-26 06:48 - 0000000 ____D C:\Program Files\Realtek WLAN Driver
2011-09-17 23:46 - 2009-11-26 06:41 - 0000000 ____D C:\Program Files\Microsoft Office Suite Activation Assistant
2011-09-17 23:46 - 2009-11-26 06:30 - 0000000 ____D C:\Program Files\Microsoft.NET
2011-09-17 23:46 - 2009-11-26 06:30 - 0000000 ____D C:\Program Files\Common Files\DESIGNER
2011-09-17 23:46 - 2009-11-26 06:28 - 0000000 ____D C:\Users\All Users\Microsoft Help
2011-09-17 23:46 - 2009-11-26 06:28 - 0000000 ____D C:\ProgramData\Microsoft Help
2011-09-17 23:46 - 2009-11-26 06:25 - 0000000 ____D C:\Program Files\Microsoft Works
2011-09-17 23:46 - 2009-09-03 00:32 - 0000000 ____D C:\Users\All Users\Adobe
2011-09-17 23:46 - 2009-09-03 00:32 - 0000000 ____D C:\ProgramData\Adobe
2011-09-17 23:46 - 2009-09-03 00:32 - 0000000 ____D C:\Program Files\Common Files\Adobe
2011-09-17 23:46 - 2009-09-03 00:31 - 0000000 ____D C:\Program Files\Microsoft Silverlight
2011-09-17 23:46 - 2009-09-03 00:31 - 0000000 ____D C:\Program Files\Common Files\Ulead Systems
2011-09-17 23:46 - 2009-09-03 00:29 - 0000000 ____D C:\Program Files\Windows Live SkyDrive
2011-09-17 23:46 - 2009-09-03 00:29 - 0000000 ____D C:\Program Files\Windows Live
2011-09-17 23:46 - 2009-09-03 00:27 - 0000000 ____D C:\Program Files\Google
2011-09-17 23:46 - 2009-09-03 00:24 - 0000000 ____D C:\Users\All Users\WildTangent
2011-09-17 23:46 - 2009-09-03 00:24 - 0000000 ____D C:\ProgramData\WildTangent
2011-09-17 23:46 - 2009-09-03 00:24 - 0000000 ____D C:\Program Files\TOSHIBA Games
2011-09-17 23:46 - 2009-09-03 00:22 - 0000000 ____D C:\Users\All Users\Toshiba
2011-09-17 23:46 - 2009-09-03 00:22 - 0000000 ____D C:\ProgramData\Toshiba
2011-09-17 23:46 - 2009-09-03 00:21 - 0000000 ___HD C:\Program Files\InstallShield Installation Information
2011-09-17 23:46 - 2009-09-03 00:21 - 0000000 ____D C:\Program Files\TOSHIBA
2011-09-17 23:46 - 2009-09-03 00:21 - 0000000 ____D C:\Program Files\Common Files\InstallShield
2011-09-17 23:46 - 2009-07-13 20:52 - 0000000 ____D C:\Program Files\Microsoft Games
2011-09-17 23:46 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\AppCompat
2011-09-17 23:46 - 2009-07-13 18:37 - 0000000 ____D C:\Program Files\Common Files\System
2011-09-17 23:46 - 2009-07-13 18:37 - 0000000 ____D C:\Program Files\Common Files\microsoft shared
2011-09-17 23:45 - 2011-04-10 12:22 - 0000000 ___RD C:\32788R22FWJFW
2011-09-17 23:45 - 2011-02-17 13:26 - 0000000 __SHD C:\Config.Msi
2011-09-17 23:44 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\registration
2011-09-17 23:37 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\IME
2011-09-17 23:35 - 2010-03-14 10:04 - 0000000 ____D C:\Users\Cal Jabaley\AppData\Roaming\Screaming Bee
2011-09-17 23:35 - 2010-02-27 19:24 - 0000000 ____D C:\Users\Cal Jabaley\AppData\Roaming\Research In Motion
2011-09-17 23:35 - 2010-02-27 10:45 - 0000000 ____D C:\Users\Cal Jabaley\AppData\Roaming\MozillaControl
2011-09-17 23:35 - 2009-07-13 18:37 - 0000000 __RHD C:\users\Default
2011-09-17 23:35 - 2009-07-13 18:37 - 0000000 ___RD C:\users\Public
2011-09-17 23:34 - 2009-12-25 02:42 - 0000000 ____D C:\Users\Cal Jabaley\AppData\Roaming\Macromedia
2011-09-17 23:34 - 2009-12-25 02:41 - 0000000 ____D C:\Users\Cal Jabaley\AppData\Roaming\Adobe
2011-09-17 23:34 - 2009-12-25 02:31 - 0000000 ____D C:\Users\Cal Jabaley\AppData\LocalLow
2011-09-17 23:34 - 2009-12-25 02:31 - 0000000 ____D C:\Users\Cal Jabaley\AppData\Local\VirtualStore
2011-09-17 23:33 - 2009-12-25 02:40 - 0000000 ____D C:\Users\Cal Jabaley\AppData\Local\Google
2011-09-17 23:32 - 2011-04-10 12:27 - 0000000 ____D C:\Users\All Users\Malwarebytes
2011-09-17 23:32 - 2011-04-10 12:27 - 0000000 ____D C:\ProgramData\Malwarebytes
2011-09-17 23:32 - 2009-09-03 00:27 - 0000000 ____D C:\Users\All Users\Google
2011-09-17 23:32 - 2009-09-03 00:27 - 0000000 ____D C:\ProgramData\Google
2011-09-17 23:32 - 2009-09-03 00:22 - 0000000 ____D C:\Users\All Users\Norton
2011-09-17 23:32 - 2009-09-03 00:22 - 0000000 ____D C:\ProgramData\Norton
2011-09-17 23:32 - 2009-07-13 23:49 - 0000000 ____D C:\Program Files\Windows Journal
2011-09-17 23:32 - 2009-07-13 20:52 - 0000000 ____D C:\Program Files\Windows Photo Viewer
2011-09-17 23:32 - 2009-07-13 20:52 - 0000000 ____D C:\Program Files\Windows Defender
2011-09-17 23:32 - 2009-07-13 18:37 - 0000000 ____D C:\Program Files\Windows NT
2011-09-17 23:31 - 2011-04-10 12:25 - 0000000 ____D C:\Program Files\Trend Micro
2011-09-17 23:31 - 2010-02-27 10:44 - 0000000 ____D C:\Program Files\VideoLAN
2011-09-17 23:29 - 2010-03-14 10:03 - 0000000 ____D C:\Program Files\Screaming Bee
2011-09-17 23:29 - 2010-02-27 19:18 - 0000000 ____D C:\Program Files\Research In Motion
2011-09-17 23:29 - 2009-11-26 06:47 - 0000000 ____D C:\Program Files\Realtek
2011-09-17 23:29 - 2009-09-03 00:30 - 0000000 ____D C:\Program Files\Microsoft SQL Server Compact Edition
2011-09-17 23:29 - 2009-07-13 20:52 - 0000000 ____D C:\Program Files\Reference Assemblies
2011-09-17 23:29 - 2009-07-13 20:52 - 0000000 ____D C:\Program Files\MSBuild
2011-09-17 23:28 - 2009-11-26 06:26 - 0000000 ____D C:\Program Files\Microsoft Office
2011-09-17 23:28 - 2009-09-03 00:23 - 0000000 ____D C:\Program Files\Intuit
2011-09-17 23:28 - 2009-09-03 00:20 - 0000000 ____D C:\Program Files\Java
2011-09-17 23:27 - 2010-12-25 07:18 - 0000000 ____D C:\Program Files\HP
2011-09-17 23:27 - 2009-09-03 00:31 - 0000000 ____D C:\Program Files\Corel
2011-09-17 23:27 - 2009-09-03 00:28 - 0000000 ____D C:\Program Files\Common Files\Windows Live
2011-09-17 23:27 - 2009-09-03 00:19 - 0000000 ____D C:\Program Files\Intel
2011-09-17 23:27 - 2009-07-13 20:52 - 0000000 ____D C:\Program Files\DVD Maker
2011-09-17 23:27 - 2009-07-13 18:37 - 0000000 ____D C:\Program Files\Common Files\SpeechEngines
2011-09-17 23:26 - 2011-01-14 09:22 - 0000000 ____D C:\Program Files\Adobe
2011-09-17 23:26 - 2010-12-25 07:19 - 0000000 ____D C:\Program Files\ArcSoft
2011-09-17 23:25 - 2009-07-13 18:36 - 0000000 __SHD C:\$Recycle.Bin
2011-09-02 18:12 - 2011-09-02 18:12 - 0000184 ___AH C:\Users\All Users\~P1kAlMiG2Kb7Fzr
2011-09-02 18:12 - 2011-09-02 18:12 - 0000184 ___AH C:\ProgramData\~P1kAlMiG2Kb7Fzr
2011-09-02 18:11 - 2011-09-02 18:11 - 0000160 ___AH C:\Users\All Users\~P1kAlMiG2Kb7Fz
2011-09-02 18:11 - 2011-09-02 18:11 - 0000160 ___AH C:\ProgramData\~P1kAlMiG2Kb7Fz
2011-09-02 18:02 - 2011-09-02 18:02 - 0000336 ___AH C:\Users\All Users\P1kAlMiG2Kb7Fz
2011-09-02 18:02 - 2011-09-02 18:02 - 0000336 ___AH C:\ProgramData\P1kAlMiG2Kb7Fz
2011-09-02 17:41 - 2010-02-19 13:32 - 0000000 ___HD C:\Users\Cal Jabaley\AppData\Local\Adobe
2011-09-02 17:38 - 2009-11-26 06:18 - 1504342016 __ASH C:\hiberfil.sys
2011-09-02 08:43 - 2009-11-26 06:24 - 1498591 ____A C:\Windows\WindowsUpdate.log
2011-09-02 08:41 - 2011-02-26 17:58 - 0000256 ____A C:\Windows\System32\pool.bin
2011-09-02 08:39 - 2009-07-13 18:37 - 0000000 ___HD C:\Windows\System32\config\TxR
2011-09-02 08:37 - 2009-07-13 20:34 - 0016304 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2011-09-02 08:37 - 2009-07-13 20:34 - 0016304 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2011-09-02 08:35 - 2011-07-13 07:47 - 0000880 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-517158901-3411475641-3398622622-1000Core.job
2011-09-02 08:35 - 2010-02-02 13:57 - 0000882 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2011-09-02 08:35 - 2009-07-13 20:53 - 0000006 ___AH C:\Windows\Tasks\SA.DAT
2011-09-02 08:35 - 2009-07-13 20:39 - 0103122 ____A C:\Windows\setupact.log
2011-08-26 10:40 - 2011-08-02 18:33 - 0000000 ___HD C:\Users\Cal Jabaley\Tracing
2011-08-26 09:58 - 2011-08-19 12:40 - 0003840 ___AH C:\Users\Cal Jabaley\AppData\Roaming\A5CE.0B6
2011-08-26 09:57 - 2011-08-26 09:57 - 0065536 __ASH C:\Windows\System32\config\components{3fd85d2c-d00c-11e0-a9f2-002622ea72f8}.TxR.blf
2011-08-24 07:43 - 2011-08-19 13:55 - 0000000 ___HD C:\Users\Cal Jabaley\AppData\Local\ElevatedDiagnostics
2011-08-20 19:05 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\System32\LogFiles
2011-08-19 13:55 - 2011-08-19 13:55 - 0001852 ___AH C:\users\Cal
2011-08-16 11:47 - 2010-03-07 07:48 - 0000000 ___HD C:\Users\Cal Jabaley\Documents\CAL'S STUFF
2011-08-02 13:19 - 2011-07-13 07:47 - 0000932 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-517158901-3411475641-3398622622-1000UA.job
2011-08-02 13:19 - 2010-02-02 13:57 - 0000886 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2011-07-17 15:21 - 2009-09-03 00:26 - 0730320 ____A C:\Windows\System32\PerfStringBackup.INI
2011-07-17 15:16 - 2009-07-13 20:33 - 0381896 ____A C:\Windows\System32\FNTCACHE.DAT
2011-07-17 15:15 - 2009-09-03 00:39 - 0025774 ____A C:\Windows\PFRO.log

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

========================= Memory info ======================

Percentage of memory in use: 21%
Total physical RAM: 1912.89 MB
Available physical RAM: 1509.4 MB
Total Pagefile: 1912.89 MB
Available Pagefile: 1515.95 MB
Total Virtual: 2047.88 MB
Available Virtual: 1959.56 MB

======================= Partitions =========================

1 Drive c: (TI102605W0F) (Fixed) (Total:223.27 GB) (Free:187.58 GB) NTFS
2 Drive e: (System) (Fixed) (Total:1.46 GB) (Free:1.28 GB) NTFS
3 Drive f: (Repair disc Windows 7 32-bit) (CDROM) (Total:0.15 GB) (Free:0 GB) UDF
4 Drive g: (KINGSTON) (Removable) (Total:3.72 GB) (Free:3.71 GB) FAT32
5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
6 Drive y: (HDDRECOVERY) (Fixed) (Total:8.15 GB) (Free:0.55 GB) NTFS

==========================================================

Last Boot: 2011-08-07 06:53

======================= End Of Log ==========================

Edited by farbar, 28 September 2011 - 04:40 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users