Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Computer now won't boot


  • This topic is locked This topic is locked
26 replies to this topic

#1 Shona

Shona

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:12:22 PM

Posted 26 September 2011 - 06:12 PM

I am trying to fix a Sony Vaio that has been working pretty well until recently but has been having some issues which a virus was suspected to be causing. So we tried to run a virus Scan, tried Super AntiSpyware, tried to download and run Avast antivirus. Both of which we could download but neither of which would run, giving me an error message.

So I restarted it this morning, using a flash drive with SuperAntiSpyware on, tried to run from that method. It started to run, but then shut the computer down.

Now, the computer won't even boot into Windows. It will boot up, showing the Vaio screen, but then just give me a flashing cursor after that.

This computer runs Windows Vista, which we don't have a CD for.

What are my choices? Can I try to install Win XP on top of it, or go buy an upgrade and install it on top of the Vista program. There is data that I want to save, so I have that factor too.

Any help would be greatly appreciated.

Thanks
Shona Wilson

BC AdBot (Login to Remove)

 


#2 AustrAlien

AustrAlien

    Inquisitor


  • Members
  • 6,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cowra NSW Australia
  • Local time:03:22 AM

Posted 27 September 2011 - 06:39 AM

Hello and :welcome: to the BC forums.

Please sit tight and be patient.

I have requested that an experienced helper who specialises in malware-related un-bootable computers respond to your topic.

Thank you.

There is data that I want to save

While you are waiting for some assistance to get your computer up and running again, you may wish to consider retrieving a backup copy of your important files.

If your computer is not able to boot into Windows or simply not able to access the internet, you can use a LIVE Linux operating system run from a bootable CD or flashdrive instead of Windows, to access the internet, to access files on the HDD(s) and do other tasks.

:step1: Using a working computer:
  • If you wish to use a LIVE CD ...
  • Download the Linux version of your choice (usually an .ISO image file).
  • There are many options to use for a LIVE CD. I suggest that you try one of the following:
  • Puppy Linux (download file size 128 MB)
  • Ubuntu (download file size almost 700 MB)
[*]Burn the .ISO image to CD: If you do not already have a suitable burning program for writing .ISO images to disc ...
  • Download and install ImgBurn.
  • Ensure that you UN-check the box agreeing to install the Ask toolbar during the installation.
  • Place a new (blank) CD disc in the drive tray.
  • Choose Write image file to disc.
    • Under Source, click on the Browse button: Navigate to and select the .ISO file that you wish to burn.
    • Place a check-mark in the box beside Verify.
  • Click Posted Image
[*]When the CD has been burned and verified as successful, it will be bootable.
[/list][*]OR ... if you wish to use a LIVE flashdrive ...
  • Go to UNetbootin - Homepage and Downloads and at the top of the page, click on Download (for Windows) to download the application.
  • Follow the instructions further down the page under the heading Installation & Screenshots.
  • Run the application to download and install the Linux version of choice to your flashdrive.
  • I suggest that you try one of the following:
  • Puppy Linux (download file size 128 MB)
  • Ubuntu (download file size almost 700 MB).
[/list][/list]
:step2: Boot the problematic machine from the LIVE CD or flashdrive.
  • (You may have to configure the Boot Menu or BIOS Setup Menu to boot first from the optical/CD drive or the flashdrive, which ever you are using.)
  • Choose to run the Linux operating system from the CD or flashdrive without making any changes to your computer.
    Do NOT install Linux on your hard drive.
  • When the Linux operating system loads ...
  • You will be able to navigate to all the files on your HDD.
  • You can backup your files by copying them to a flashdrive or an external hard drive.
  • Before using the internet (if you choose to use Puppy, for example) you may have to:
  • Configure/set up the internet connection
  • Download a favourite browser
    (With Ubuntu the foregoing should not be necessary.)
[/list]You may find one of the following guides useful:
Recover files from Windows XP hard disk using Puppy Linux

Recover files from Windows Vista hard disk using Puppy Linux

Recover files from Windows 7 hard disk using Puppy Linux

The easiest way to copy files/folders in Puppy is to drag-and-drop from one window to another. To do this open a window showing what you want to copy. Open another window showing the location that you wish to copy to .... and move the windows so that you can conveniently see both at the same time.

Now, simply drag the items you wish to copy from one window into the other. Simple.

Edited by AustrAlien, 27 September 2011 - 06:41 AM.

AustrAlien
Google is my friend. Make Google your friend too.

Posted Image

#3 Shona

Shona
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:12:22 PM

Posted 27 September 2011 - 07:41 PM

Okay, I did all this. Was able to get it to boot using the puppy linux. Now how do I get windows Vista to work again. I do not have a CD for Windows Vista. Can I make bootable disk using the puppy linux program?

Thanks
Shona

#4 AustrAlien

AustrAlien

    Inquisitor


  • Members
  • 6,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cowra NSW Australia
  • Local time:03:22 AM

Posted 27 September 2011 - 07:49 PM

Shona

Glad you got Puppy to work OK ... and I take it that you now have all your important files backed up somewhere else.

From what you have posted, I don't think there will be any problem getting the Windows Vista system working again (without you having a Vista installation disk) ... but you will need to wait for the appropriately experienced helper to respond to your topic ... and I have no way of knowing how long it might be before you get a response. You will not, however, be forgotten: Someone will respond when available.

Until then, please be patient.
AustrAlien
Google is my friend. Make Google your friend too.

Posted Image

#5 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,761 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:01:22 PM

Posted 29 September 2011 - 05:45 PM

Is Vista a 64 or a 32 bit system?

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#6 Shona

Shona
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:12:22 PM

Posted 29 September 2011 - 06:57 PM

HOnestly, I don't remember. I can't get it to boot to Windows at all. It will show me the Vaio flash and then it will give me a flashing cursor. I have been able to get to Vaio recovery center and even if I try to restore the C drive, when it reboots, it returns to the same thing - flashing cursor. All hardware has been checked through the Recovery Center and returned no issues.

SHona

Edited by Shona, 29 September 2011 - 07:28 PM.


#7 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:22 PM

Posted 29 September 2011 - 07:38 PM

Hello, just letting you know I moved this topic to Here in the Virus, Trojan, Spyware, and Malware Removal Logs forum where it will stay.

Please remember to click the Watch Topic button at the top right and select Immediate Notification so you do not miss any replies now that you were moved.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#8 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,761 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:01:22 PM

Posted 29 September 2011 - 09:00 PM

Attempting to Restore the computer to factory settings under these condition may worsen the situation. Lets attempt to produce a report in a 32 bit environment.

Download Farbar Recovery Scan Tool and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • If you are unable to boot to the Advanced Menu, the installation CD will contain the same options.
  • In the absence of a install CD, search for a Recovery CD compatible with your system (Vista 32 bit)
    and follow the same instructions.
  • Use the arrow keys to select the Repair your computer menu item.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.[/list]

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#9 Shona

Shona
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:12:22 PM

Posted 29 September 2011 - 10:04 PM

Okay, further to the last post -

I don't have an installation CD, nor have I been able to successfully create a recovery CD.

I can not get it to allow me to a command prompt in order to run the recovery scan tool.

Do you have suggestions on creating a recovery CD? I can start there.

Shona

#10 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,761 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:01:22 PM

Posted 30 September 2011 - 12:44 AM

Lets try another tool instead.


We will need to view the system status from an external environment. You will need a USB drive and a CD to burn. There will be several steps to follow.

Download GETxPUD.exe to the desktop of your clean computer
  • Run GETxPUD.exe
  • A new folder will appear on the desktop.
  • Open the GETxPUD folder and click on the get&burn.bat
  • The program will download xpud_0.9.2.iso, and upon finished will open BurnCDCC ready to burn the image.
  • Click on Start and follow the prompts to burn the image to a CD.
  • Next download driver.sh to your USB drive
  • Also Download Query.exe to the USB drive. In your working computer, navigate to the USB drive and click on the Query.exe. A folder and a file, query.sh, will be extracted.
  • Remove the USB & CD and insert them in the sick computer
  • Boot the Sick computer with the CD you just burned
  • The computer must be set to boot from the CD
  • In some computers you need to tap F12 and choose to boot from the CD, in others is the Esc key. Please consult your computer's documentation.
  • Follow the prompts
  • A Welcome to xPUD screen will appear
  • Press File
  • Expand mnt
  • sda1,2...usually corresponds to your HDD
  • sdb1 is likely your USB
  • Click on the folder that represents your USB drive (sdb1 ?)
  • Confirm that you see driver.sh that you downloaded there
  • Press Tool at the top
  • Choose Open Terminal
  • Type bash driver.sh
  • Press Enter
  • After it has finished a report will be located on your USB drive named report.txt
  • Then type bash driver.sh -af
  • Press Enter
  • You will be prompted to input a filename.
  • Type the following:

    Winlogon.exe

  • Press Enter
  • If successful, the script will search for this file.
  • After it has completed the search enter the next file to be searched
  • Type the following:

    volsnap.sys

  • Press Enter
  • If successful, the script will search for this file.
  • After it has completed the search enter the next file to be searched
  • Type the following:

    explorer.exe

  • Press Enter
  • After it has completed the search enter the next file to be searched
  • Type the following:

    Userinit.exe

  • Press Enter
  • After the search is completed type Exit and press Enter.
  • After it has finished a report will be located in the USB drive as filefind.txt
  • While still in the Open Terminal, type bash query.sh
  • Press Enter
  • After it has finished a report will be located in the USB drive as RegReport.txt
  • Then type dd if=/dev/sda of=mbr.bin bs=512 count=1


    Leave a space among the following Statements:

    dd is the executable application used to create the backup
    if=/dev/sda is the device the backup is created from - the hard drive when only one HDD exists
    of=mbr.bin is the backup file to create - note the lack of a path - it will be created in the directory currently open in the Terminal
    bs=512 is the number of bytes in the backup
    count=1 says to backup just 1 sector


    It is extremely important that the if and of statements are correctly entered.

  • Press Enter
  • After it has finished a report will be located in the USB drive as mbr.bin
  • Plug the USB back into the clean computer, zip the mbr.bin, and except for the mbr.bin zipped file, post the contents of the report.txt, filefind.txt and RegReport.txt in your next reply. The mbr.bin zipped file must be attached to your reply.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#11 Shona

Shona
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:12:22 PM

Posted 30 September 2011 - 11:38 AM

As per previous instructions, find enclosed txt files and attached is the mbr.zip

Thank you for your help, I will await further instructions.

Shona


REport.txt
Fri Sep 30 10:35:57 UTC 2011
Driver report for /mnt/sdb2/Windows/System32/drivers

0349be02f329f4f48f1d48097fd65974 1394bus.sys
Microsoft Corporation

fcb8c7210f0135e24c6580f7f649c73c acpi.sys
Microsoft Corporation

04f0fcac69c7c71a3ac4eb97fafc8303 adp94xx.sys
Adaptec

60505e0041f7751bdbb80f88bf45c2ce adpahci.sys
Adaptec

8a42779b02aec986eab64ecfc98f8bd7 adpu160m.sys
Adaptec

241c9e37f8ce45ef51c3de27515ca4e5 adpu320.sys
Adaptec

763e172a55177e478cb419f88fd0ba03 afd.sys
Microsoft Corporation

13f9e33747e6b41a3ff305c37db0d360 AGP440.sys
Microsoft Corporation

9eaef5fc9b8e351afa7e78a6fae91f91 aliide.sys
Acer Laboratories

c47344bc706e5f0b9dce369516661578 AMDAGP.SYS
Microsoft Corporation

9b78a39a4c173fdbc1321e0dd659b34c amdide.sys
Microsoft Corporation

18f29b49ad23ecee3d2a826c725c8d48 amdk7.sys
Microsoft Corporation

93ae7f7dd54ab986a6f1a1b37be7442d amdk8.sys
Microsoft Corporation

5e2a321bd7c8b3624e41fdec3e244945 arcsas.sys
Adaptec

5d2888182fb46632511acee92fdad522 arc.sys
Adaptec

53b202abee6455406254444303e87be1 asyncmac.sys
Microsoft Corporation

2d9c903dc76a66813d350a562de40ed9 atapi.sys
Microsoft Corporation

d1c03ae69c29e239fc8000c5c0dea709 ataport.sys
Microsoft Corporation

600efe56f37adbd65a0fb076b50d1b8d athr.sys
Atheros Communications

2b8a5a8879238c3ba9a89a8e3ac4e45d battc.sys
Microsoft Corporation

9f5f8f2318dfa3974a6f6a5602733929 bdasup.sys
Microsoft Corporation

67e506b75bd5326a3ec7b70bd014dfb6 beep.sys
Microsoft Corporation

d4df28447741fd3d953526e33a617397 blbdrive.sys
Microsoft Corporation

74b442b2be1260b7588c136177ceac66 bowser.sys
Microsoft Corporation

9f9acc7f7ccde8a15c282d3f88b43309 BrFiltLo.sys
Brother Industries

56801ad62213a41f6497f96dee83755a BrFiltUp.sys
Brother Industries

72df06d26ae4ced2e08f428b96302b0e bridge.sys
Microsoft Corporation

b304e75cff293029eddf094246747113 BrSerId.sys
Brother Industries

203f0b1e73adadbbb7b7b1fabd901f6b BrSerWdm.sys
Brother Industries

bd456606156ba17e60a04e18016ae54b BrUsbMdm.sys
Brother Industries

af72ed54503f717a43268b3cc5faec2e BrUsbSer.sys
Brother Industries

ad07c1ec6665b8b35741ab91200c6b68 bthmodem.sys
Microsoft Corporation

7add03e75beb9e6dd102c3081d29840a cdfs.sys
Microsoft Corporation

1ec25cea0de6ac4718bf89f9e1778b57 cdrom.sys
Microsoft Corporation

e5d4133f37219dbcfe102bc61072589d circlass.sys
Microsoft Corporation

4388cebb2c6a7f484ac409a90a3c9fae Classpnp.sys
Microsoft Corporation

99afc3795b58cc478fbbbcdc658fcb56 CmBatt.sys
Microsoft Corporation

0ca25e686a4928484e9fdabd168ab629 cmdide.sys
CMD Technology

6afef0b60fa25de07c0968983ee4f60a compbatt.sys
Microsoft Corporation

e9acae97f17c99cb735a1e08859bf806 crashdmp.sys
Microsoft Corporation

741e9dff4f42d2d8477d0fc1dc0df871 crcdisk.sys
Microsoft Corporation

1f07becdca750766a96cda811ba86410 crusoe.sys
Microsoft Corporation

9e635ae5e8ad93e2b5989e2e23679f97 dfsc.sys
Microsoft Corporation

0183496303b4f8a5878d99a667f33170 Diskdump.sys
Microsoft Corporation

64109e623abd6955c8fb110b592e68b7 disk.sys
Microsoft Corporation

ae1fdf7bf7bb6c6a70f67699d880592a djsvs.sys
Adaptec

f206e28ed74c491fd5d7c0a1119ce37f DMICall.sys
Sony Corporation

97fef831ab90bee128c9af390e243f80 drmkaud.sys
Microsoft Corporation

7be5a3c671a2cb56e94403bfc2020a0d drmk.sys
Microsoft Corporation

c078d2b163f090601200fa5a6ff3ce0a Dumpata.sys
Microsoft Corporation

eaaafef04fbb45665c9576e525d45a12 dxapi.sys
Microsoft Corporation

f8bf50a8d862f8cc089080bec509bca6 dxgkrnl.sys
Microsoft Corporation

6d16255c9eb5683f83a472e1679ed2e4 dxg.sys
Microsoft Corporation

5425f74ac0c1dbd96a1e04f17d63f94c E1G60I32.sys
Intel Corporation

dd2cd259d83d8b72c02c5f2331ff9d68 ecache.sys
Microsoft Corporation

23b62471681a124889978f6295b3f4c6 elxstor.sys
Emulex

3db974f3935483555d7148663f726c61 errdev.sys
Microsoft Corporation

0d858eb20589a34efb25695acaa6aa2d exfat.sys
Microsoft Corporation

3c489390c2e2064563727752af8eab9e fastfat.sys
Microsoft Corporation

afe1e8b9782a0dd7fb46bbd88e43f89a fdc.sys
Microsoft Corporation

a8c0139a884861e3aae9cfe73b208a9f fileinfo.sys
Microsoft Corporation

0ae429a696aecbc5970e3cf2c62635ae filetrace.sys
Microsoft Corporation

85b7cf99d532820495d68d747fda9ebd flpydisk.sys
Microsoft Corporation

05ea53afe985443011e36dab07343b46 fltMgr.sys
Microsoft Corporation

65ea8b77b5851854f0c55c43fa51a198 fs_rec.sys
Microsoft Corporation

495fa4351a96f228b4301d1e616defa0 FWPKCLNT.SYS
Microsoft Corporation

34582a6e6573d54a07ece5fe24a126b5 GAGP30KX.SYS
Microsoft Corporation

c87b1ee051c0464491c1a7b03fa0bc99 hdaudbus.sys
Microsoft Corporation

cb04c744be0a61b1d648faed182c3b59 HdAudio.sys
Microsoft Corporation

1338520e78d90154ed6be8f84de5fceb hidbth.sys
Microsoft Corporation

081655939fa6c09eec56da090f461ecc hidclass.sys
Microsoft Corporation

ff3160c3a2445128c5a6d9b076da519e hidir.sys
Microsoft Corporation

451a4d76448cee21407fb0a9a362c057 hidparse.sys
Microsoft Corporation

3c64042b95e583b366ba4e5d2450235e hidusb.sys
Microsoft Corporation

16ee7b23a009e00d835cdb79574a91a6 HpCISSs.sys
Hewlett-Packard

5a77ac34a0ffb70ce8b35b524fede9ba HSX_CNXT.sys
Conexant

7bc42c65b5c6281777c1a7605b253ba8 HSX_DPV.sys
Conexant

9ebf2d102ccbb6bcdfbf1b7922f8ba2e HSXHWAZL.sys
Conexant

406c027c18e98a396faa1963dad5ff70 http.sys
Microsoft Corporation

95bd3ea81ebe6b8cacafdb6cdab3586c i2omgmt.sys
Microsoft Corporation

c6b032d69650985468160fc9937cf5b4 i2omp.sys
Microsoft Corporation

22d56c8184586b7a1f6fa60be5f5a2bd i8042prt.sys
Microsoft Corporation

db0cc620b27a928d968c1a1e9cd9cb87 iaStor.sys
Intel Corporation

54155ea1b0df185878e0fc9ec3ac3a14 iaStorV.sys
Intel Corporation

ce5ff5d5e3f4ca974e36dc24c15474d0 igdkmd32.sys
Intel Corporation

2d077bf86e843f901d8db709c95b49a5 iirsp.sys
Intel Corp

83aa759f3189e6370c30de5dc5590718 intelide.sys
Microsoft Corporation

224191001e78c89dfa78924c3ea595ff intelppm.sys
Microsoft Corporation

62c265c38769b864cb25b4bcf62df6c3 ipfltdrv.sys
Microsoft Corporation

b25aaf203552b7b3491139d582b39ad1 IPMIDrv.sys
Microsoft Corporation

8793643a67b42cec66490b2a0cf92d68 ipnat.sys
Microsoft Corporation

e50a95179211b12946f7e035d60af560 irda.sys
Microsoft Corporation

109c0dfb82c3632fbd11949b73aeeac9 irenum.sys
Microsoft Corporation

6c70698a3e5c4376c6ab5c7c17fb0614 isapnp.sys
Microsoft Corporation

bced60d16156e428f8df8cf27b0df150 iteatapi.sys
Integrated Technology Express

06fa654504a498c30adca8bec4e87e7e iteraid.sys
Integrated Technology Express

37605e0a8cf00cbba538e753e4344c6e kbdclass.sys
Microsoft Corporation

18247836959ba67e3511b62846b9c2e0 kbdhid.sys
Microsoft Corporation

5367dc846cae9639b899bfd13b97a8c9 ksecdd.sys
Microsoft Corporation

47cb1cbb1d80517d7909d0860128e860 ks.sys
Microsoft Corporation

d1c5883087a0c3f1344d9d55a44901f6 lltdio.sys
Microsoft Corporation

c7e15e82879bf3235b559563d4185365 lsi_fc.sys
LSI Logic

ee01ebae8c9bf0fa072e0ff68718920a lsi_sas.sys
LSI Logic

912a04696e9ca30146a62afa1463dd5c lsi_scsi.sys
LSI Logic

8f5c7426567798e62a3b3614965d62cc luafv.sys
Microsoft Corporation

b271ec02e71271a2da28b3b7bc4e4f15 mcd.sys
Microsoft Corporation

0cea2d0d3fa284b85ed5b68365114f76 mdmxsdk.sys
Conexant

0001ce609d66632fa17b84705f658879 megasas.sys
LSI Corporation

c252f32cd9a49dbfc25ecf26ebd51a99 MegaSR.sys
LSI Corporation

e13b5ea0f51ba5b1512ec671393d09ba modem.sys
Microsoft Corporation

0a9bb33b56e294f686abb7c1e4e2d8a8 monitor.sys
Microsoft Corporation

5bf6a1326a335c5298477754a506d263 mouclass.sys
Microsoft Corporation

93b8d4869e12cfbe663915502900876f mouhid.sys
Microsoft Corporation

bdafc88aa6b92f7842416ea6a48e1600 mountmgr.sys
Microsoft Corporation

511d011289755dd9f9a7579fb0b064e6 mpio.sys
Microsoft Corporation

22241feba9b2defa669c8cb0a8dd7d2e mpsdrv.sys
Microsoft Corporation

4fbbb70d30fd20ec51f80061703b001e Mraid35x.sys
LSI Logic

ae3de84536b6799d2267443cec8edbb9 mrxdav.sys
Microsoft Corporation

67e55ced3fc143c82a8197988bfc1f9a mrxsmb10.sys
Microsoft Corporation

3268b8c3fa92bfc086355c39b45e9cc9 mrxsmb20.sys
Microsoft Corporation

c4ad205530888404e2b5fc8d9319b119 mrxsmb.sys
Microsoft Corporation

28023e86f17001f7cd9b15a5bc9ae07d msahci.sys
Microsoft Corporation

4468b0f385a86ecddaf8d3ca662ec0e7 msdsm.sys
Microsoft Corporation

a9927f4a46b816c92f461acb90cf8515 msfs.sys
Microsoft Corporation

0f400e306f385c56317357d6dea56f62 msisadrv.sys
Microsoft Corporation

f247eec28317f6c739c16de420097301 msiscsi.sys
Microsoft Corporation

d8c63d34d9c9e56c059e24ec7185cc07 mskssrv.sys
Microsoft Corporation

1d373c90d62ddb641d50e55b9e78d65e mspclock.sys
Microsoft Corporation

b572da05bf4e098d4bba3a4734fb505b mspqm.sys
Microsoft Corporation

b5614aecb05a9340aa0fb55bf561cc63 msrpc.sys
Microsoft Corporation

e384487cb84be41d09711c30ca79646c mssmbios.sys
Microsoft Corporation

7199c1eec1e4993caf96b8c0a26bd58a mstee.sys
Microsoft Corporation

6dfd1d322de55b0b7db7d21b90bec49c mup.sys
Microsoft Corporation

9bdc71790fa08f0a0b5f10462b1bd0b1 ndis.sys
Microsoft Corporation

0e186e90404980569fb449ba7519ae61 ndistapi.sys
Microsoft Corporation

d6973aa34c4d5d76c0430b181c3cd389 ndisuio.sys
Microsoft Corporation

3d14c3b3496f88890d431e8aa022a411 ndiswan.sys
Microsoft Corporation

71dab552b41936358f3b541ae5997fb3 ndproxy.sys
Microsoft Corporation

bcd093a5a6777cf626434568dc7dba78 netbios.sys
Microsoft Corporation

7c5fee5b1c5728507cd96fb4a13e7a02 netbt.sys
Microsoft Corporation

cb57feb3288cf6d5cadc6ef0e50718d9 netio.sys
Microsoft Corporation

2e7fb731d4790a1bc6270accefacb36e nfrd960.sys
IBM Corp

ecb5003f484f9ed6c608d6d6c7886cbb npfs.sys
Microsoft Corporation

609773e344a97410ce4ebf74a8914fcf nsiproxy.sys
Microsoft Corporation

b4effe29eb4f15538fd8a9681108492d ntfs.sys
Microsoft Corporation

e875c093aec0c978a90f30c9e0dfbb72 ntrigdigi.sys
N-trig Innovative Technologies

c5dbbcda07d780bda9b685df333bb41e null.sys
Microsoft Corporation

18bbdf913916b71bd54575bdb6eeac0b NV_AGP.SYS
Microsoft Corporation

2edf9e7751554b42cbb60116de727101 nvraid.sys
NVIDIA Corporation

abed0c09758d1d97db0042dbb2688177 nvstor.sys
NVIDIA Corporation

dd721f8635191132992e7ceaa3c43c84 nwifi.sys
Microsoft Corporation

790e27c3db53410b40ff9ef2fd10a1d9 ohci1394.sys
Microsoft Corporation

a114cfe308c24b8235b03cfdffe11e99 pacer.sys
Microsoft Corporation

0fa9b5055484649d63c303fe404e5f4d parport.sys
Microsoft Corporation

3b38467e7c3daed009dfe359e17f139f partmgr.sys
Microsoft Corporation

4f9a6a8a31413180d0fcb279ad5d8112 parvdm.sys
Microsoft Corporation

fc175f5ddab666d7f4d17449a547626f pciide.sys
Microsoft Corporation

46ed71afe2c872931e87ab958be133fa pciidex.sys
Microsoft Corporation

01b94418deb235dff777cc80076354b4 pci.sys
Microsoft Corporation

e6f3fb1b86aa519e7698ad05e58b04e5 pcmcia.sys
Microsoft Corporation

6349f6ed9c623b44b52ea3c63c831a92 PEAuth.sys
Microsoft Corporation

75dad0e7f4cd3cb9455a76123ac16bf3 portcls.sys
Microsoft Corporation

2027293619dd0f047c584cf2e7df4ffd processr.sys
Microsoft Corporation

0a6db55afb7820c99aa1f3a1d270f4f6 ql2300.sys
QLogic Corporation

81a7e5c076e59995d54bc1ed3a16e60b ql40xx.sys
QLogic Corporation

9f5e0e1926014d17486901c88eca2db7 qwavedrv.sys
Microsoft Corporation

147d7f9c556d259924351feb0de606c3 rasacd.sys
Microsoft Corporation

a214adbaf4cb47dd2728859ef31f26b0 rasl2tp.sys
Microsoft Corporation

3e9d9b048107b40d87b97df2e48e0744 raspppoe.sys
Microsoft Corporation

ecfffaec0c1ecd8dbc77f39070ea1db1 raspptp.sys
Microsoft Corporation

a7d141684e9500ac928a772ed8e6b671 rassstp.sys
Microsoft Corporation

6e1c5d0457622f9ee35f683110e93d14 rdbss.sys
Microsoft Corporation

89e59be9a564262a3fb6c4f4f1cd9899 RDPCDD.sys
Microsoft Corporation

fbc0bacd9c3d7f6956853f64a66e252d rdpdr.sys
Microsoft Corporation

9d91fe5286f748862ecffa05f8a0710c RDPENCDD.sys
Microsoft Corporation

e1c18f4097a5abcec941dc4b2f99db7e rdpwd.sys
Microsoft Corporation

d0c2a0ce1091e08efb7ccba6cea4c3f9 rimsptsk.sys
Ricoh Company

c22e4e27ccdf9aa5fe8143104f28cde3 risdptsk.sys
Ricoh Company

fdeb76bed9c0a75329ca426623297158 rmcast.sys
Microsoft Corporation

8f5db387ff2f57ad9107b7eb78a6d34b RNDISMP.sys
Microsoft Corporation

75e8a6bfa7374aba833ae92bf41ae4e6 rootmdm.sys
Microsoft Corporation

9c508f4074a39e8b4b31d27198146fad rspndr.sys
Microsoft Corporation

4a0f260df9a5333c07f4ab40ca9d4f4b RTKVHDA.sys
Realtek Semiconductor

3ce8f073a557e172b330109436984e30 sbp2port.sys
Microsoft Corporation

6f5ca34ae885645acf8a20d564db976c scsiport.sys
Microsoft Corporation

126ea89bcc413ee45e3004fb0764888f sdbus.sys
Microsoft Corporation

90a3935d05b494a5a39d37e71f09a677 secdrv.sys
Macrovision Corporation

68e44e331d46f0fb38f0863a84cd1a31 serenum.sys
Microsoft Corporation

c70d69a918b178d3c3b06339b40c2e1b serial.sys
Microsoft Corporation

8af3d28a879bf75db53a0ee7a4289624 sermouse.sys
Microsoft Corporation

8b7c1768d2cde2e02e09a66563ddfd16 SFEP.sys
Sony Corporation

3efa810bdca87f6ecc24f9832243fe86 sffdisk.sys
Microsoft Corporation

e95d451f7ea3e583aec75f3b3ee42dc5 sffp_mmc.sys
Microsoft Corporation

3d0ea348784b7ac9ea9bd9f317980979 sffp_sd.sys
Microsoft Corporation

46ed8e91793b2e6f848015445a0ac188 sfloppy.sys
Microsoft Corporation

1d76624a09a054f682d746b924e2dbc3 SISAGP.SYS
Microsoft Corporation

43cb7aa756c7db280d01da9b676cfde2 sisraid2.sys
Microsoft Corporation

a99c6c8b0baa970d8aa59ddc50b57f94 sisraid4.sys
Silicon Integrated Systems

031e6bcd53c9b2b9ace111eafec347b6 smb.sys
Microsoft Corporation

a7d7ea1771d2ed6f39a8063e79b6c3e8 smclib.sys
Microsoft Corporation

7aebdeef071fe28b0eef2cdd69102bff spldr.sys
Microsoft Corporation

f713e67c329ce82ff1e1ebb497887427 spsys.sys
Microsoft Corporation

805fac010405ad3f82ef8df0bb035d81 srv2.sys
Microsoft Corporation

f63a0a58aafe34d7a1a0a74abccdd9c0 srvnet.sys
Microsoft Corporation

3d7c04aba41ac96ba7e9d123ec8f7fa3 srv.sys
Microsoft Corporation

39ad2c7b9c05c1ccd12480890dba4eb5 Storport.sys
Microsoft Corporation

264232ef4283f123438c60d49e52d596 stream.sys
Microsoft Corporation

7ba58ecf0c0a9a69d44b3dca62becf56 swenum.sys
Microsoft Corporation

192aa3ac01df071b541094f251deed10 symc8xx.sys
LSI Logic

8c8eb8c76736ebaf3b13b633b2e64125 sym_hi.sys
LSI Logic

8072af52b5fd103bbba387a1e49f62cb sym_u3.sys
LSI Logic

99da94793332aadbb17bbb521ae56e21 SynTP.sys
Synaptics

1239fd18895040d97b7cdbc19bc2075e tape.sys
Microsoft Corporation

d4a2e4a4b011f3a883af77315a5ae76b tcpipreg.sys
Microsoft Corporation

fc6e2835d667774d409c7c7021eaf9c4 tcpip.sys
Microsoft Corporation

77937eff009ac696b90e09f671f9d0a4 tdi.sys
Microsoft Corporation

5dcf5e267be67a1ae926f2df77fbcc56 tdpipe.sys
Microsoft Corporation

389c63e32b3cefed425b61ed92d3f021 tdtcp.sys
Microsoft Corporation

d09276b1fab033ce1d40dcbdf303d10f tdx.sys
Microsoft Corporation

a048056f5e1a96a9bf3071b91741a5aa termdd.sys
Microsoft Corporation

dcf0f056a2e4f52287264f5ab29cf206 tssecsrv.sys
Microsoft Corporation

caecc0120ac49e3d2f758b9169872d38 TUNMP.SYS
Microsoft Corporation

119b8184e106baedc83fce5ddf3950da tunnel.sys
Microsoft Corporation

7d33c4db2ce363c8518d2dfcf533941f UAGP35.SYS
Microsoft Corporation

8b5088058fa1d1cd897a2113ccff6c58 udfs.sys
Microsoft Corporation

b0acfdc9e4af279e9116c03e014b2b27 ULIAGPKX.SYS
Microsoft Corporation

9224bb254f591de4ca8d572a5f0d635c uliahci.sys
ULi Electronics

38c3c6e62b157a6bc46594fada45c62b ulsata2.sys
Promise Technology

8514d0e5cd0534467c5fc61be94a569f ulsata.sys
Promise Technology

32cff9f809ae9aed85464492bf3e32d2 umbus.sys
Microsoft Corporation

88bd96a1baeed33ee8bdf9499c07a841 umpass.sys
Microsoft Corporation

d173f7b936c8f579bcc4f78da861929c usb8023.sys
Microsoft Corporation

b0b0c4970bd60e6e2b0fd33b2960490d USBCAMD2.sys
Microsoft Corporation

bf85eaab7b889e4b621111e0372cb147 USBCAMD.sys
Microsoft Corporation

a7cd5b4adea26765cab06bdab7b07b13 usbccgp.sys
Microsoft Corporation

e9476e6c486e76bc4898074768fb7131 usbcir.sys
Microsoft Corporation

56ba1bd64a890d2417021dc613d748ba usbd.sys
Microsoft Corporation

686d4188ae36254c3008b71fedacadf3 usbehci.sys
Microsoft Corporation

4e42f665a658f08d153f7fffe7c83806 usbhub.sys
Microsoft Corporation

38dbc7dd6cc5a72011f187425384388b usbohci.sys
Microsoft Corporation

f1f896bc3c25cbc23f51017a8e5c4454 usbport.sys
Microsoft Corporation

b51e52acf758be00ef3a58ea452fe360 usbprint.sys
Microsoft Corporation

40f95a3d6d50d82f947f1d167c2ec39d usbuhci.sys
Microsoft Corporation

e67998e8f14cb0627a769f6530bcb352 usbvideo.sys
Microsoft Corporation

87b06e1f30b749a114f74622d013f8d4 vgapnp.sys
Microsoft Corporation

2e93ac0a1d8c79d019db6c51f036636c vga.sys
Microsoft Corporation

5d7159def58a800d5781ba3a879627bc VIAAGP.SYS
Microsoft Corporation

c4f3a691b5bad343e6249bd8c2d45dee viac7.sys
Microsoft Corporation

aadf5587a4063f52c2c3fed7887426fc viaide.sys
VIA Technologies

c048d2c33d27441a0cdcaae2651eb03d videoprt.sys
Microsoft Corporation

69503668ac66c77c6cd7af86fbdf8c43 volmgr.sys
Microsoft Corporation

98f5ffe6316bd74e9e2c97206c190196 volmgrx.sys
Microsoft Corporation

d8b4a53dd2769f226b3eb374374987c9 volsnap.sys
Microsoft Corporation

587253e09325e6bf226b299774b728a9 vsmraid.sys
VIA Technologies

46d67209550973257601a533e2ac5785 VSTAZL3.SYS
Conexant

5c7bdcf5864db00323fe2d90fa26a8a2 VSTCNXT3.SYS
Conexant

ec36f1d542ed4252390d446bf6d4dfd0 VSTDPV3.SYS
Conexant

48dfee8f1af7c8235d4e626f0c4fe031 wacompen.sys
Microsoft Corporation

55201897378cca7af8b5efd874374a26 wanarp.sys
Microsoft Corporation

6c8b7df75ecf4a7dd668bec58e268329 watchdog.sys
Microsoft Corporation

b6f0a7ad6d4bd325fbcd8bac96cd8d96 Wdf01000.sys
Microsoft Corporation

b4fc6dd9167b058e6dbe6cb14acfa2cb WdfLdr.sys
Microsoft Corporation

78fe9542363f297b18c027b2d7e7c07f wd.sys
Microsoft Corporation

090a2b8f055343815556a01f725f6c35 WimFltr.sys
Microsoft Corporation

2e7255d172df0b8283cdfb7b433b864e wmiacpi.sys
Microsoft Corporation

c546864eed786304762d030febf6b411 wmilib.sys
Microsoft Corporation

e3a3cb253c0ec2494d4a61f5e43a389c ws2ifsl.sys
Microsoft Corporation

13b5f255e90624a5ba0441d39cfb6be2 WUDFPf.sys
Microsoft Corporation

ac13cb789d93412106b0fb6c7eb2bcb6 WUDFRd.sys
Microsoft Corporation

88af537264f2b818da15479ceeaf5d7c XAudio.sys
Conexant

7d4cca3659fa0780603206e3d12a993f yk60x86.sys
Marvell



Filefind.txt

Search results for winlogon.exe

c2610b6bdbefc053bbdab4f1b965cb24 /mnt/sdb2/Windows/System32/winlogon.exe
307.5K Jan 21 2008

c2610b6bdbefc053bbdab4f1b965cb24 /mnt/sdb2/Windows/winsxs/x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5/winlogon.exe
307.5K Jan 21 2008


Search results for volsnap.sys

d8b4a53dd2769f226b3eb374374987c9 /mnt/sdb2/Windows/System32/drivers/volsnap.sys
222.6K Jan 21 2008

11ef6c1caef76b685233450a126125d6 /mnt/sdb2/Windows/System32/DriverStore/FileRepository/volume.inf_9320b452/volsnap.sys
203.6K Nov 2 2006

d8b4a53dd2769f226b3eb374374987c9 /mnt/sdb2/Windows/System32/DriverStore/FileRepository/volume.inf_f53a1785/volsnap.sys
222.6K Jan 21 2008

d8b4a53dd2769f226b3eb374374987c9 /mnt/sdb2/Windows/winsxs/x86_volume.inf_31bf3856ad364e35_6.0.6001.18000_none_15b6b780fc14facd/volsnap.sys
222.6K Jan 21 2008


Search results for explorer.exe

ffa764631cb70a30065c12ef8e174f9f /mnt/sdb2/Windows/explorer.exe
2.8M Jan 21 2008

ffa764631cb70a30065c12ef8e174f9f /mnt/sdb2/Windows/winsxs/x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf/explorer.exe
2.8M Jan 21 2008


Search results for userinit.exe

0e135526e9785d085bcd9aede6fbcbf9 /mnt/sdb2/Windows/System32/userinit.exe
24.5K Jan 21 2008

0e135526e9785d085bcd9aede6fbcbf9 /mnt/sdb2/Windows/winsxs/x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b/userinit.exe
24.5K Jan 21 2008



RegReport.txt
Remote Registry Report

Hive </mnt/sdb2/Windows/System32/config/SOFTWARE>
\Microsoft\Windows NT\CurrentVersion> Value <ProductName> of type REG_SZ, data length 64 [0x40]
Windows Vista ™ Home Premium
\Microsoft\Windows NT\CurrentVersion> Value <CSDVersion> of type REG_SZ, data length 30 [0x1e]
Service Pack 1
\Microsoft\Windows NT\CurrentVersion> Value <SystemRoot> of type REG_SZ, data length 22 [0x16]
C:\Windows
\Microsoft\Windows NT\CurrentVersion\Windows> Value <AppInit_DLLs> of type REG_SZ, data length 2 [0x2]
(...)\Windows NT\CurrentVersion\Winlogon> Value <Shell> of type REG_SZ, data length 26 [0x1a]
explorer.exe
(...)\Windows NT\CurrentVersion\Winlogon> Value <Userinit> of type REG_SZ, data length 68 [0x44]
C:\Windows\system32\userinit.exe,
(...)\Windows NT\CurrentVersion\Winlogon\Notify> Node has 2 subkeys and 0 values
<igfxcui>
<VESWinlogon>
\Microsoft\Windows\CurrentVersion\Run> Node has 1 subkeys and 9 values
<OptionalComponents>
size type value name [value if type DWORD]
100 REG_EXPAND_SZ <Windows Defender>
66 REG_SZ <IgfxTray>
60 REG_SZ <HotKeysCmds>
66 REG_SZ <Persistence>
26 REG_SZ <RtHDVCpl>
92 REG_SZ <SynTPEnh>
114 REG_SZ <Adobe Reader Speed Launcher>
94 REG_SZ <ISBMgr.exe>
98 REG_SZ <SunJavaUpdateSched>
(...)\Windows\CurrentVersion\Policies\System> Node has 1 subkeys and 16 values
<UIPI>
4 REG_DWORD <ConsentPromptBehaviorAdmin> 2 [0x2]
4 REG_DWORD <ConsentPromptBehaviorUser> 1 [0x1]
4 REG_DWORD <EnableInstallerDetection> 1 [0x1]
4 REG_DWORD <EnableLUA> 1 [0x1]
4 REG_DWORD <EnableSecureUIAPaths> 1 [0x1]
4 REG_DWORD <EnableVirtualization> 1 [0x1]
4 REG_DWORD <PromptOnSecureDesktop> 1 [0x1]
4 REG_DWORD <ValidateAdminCodeSignatures> 0 [0x0]
4 REG_DWORD <dontdisplaylastusername> 0 [0x0]
2 REG_SZ <legalnoticecaption>
6 REG_SZ <legalnoticetext>
4 REG_DWORD <scforceoption> 0 [0x0]
4 REG_DWORD <shutdownwithoutlogon> 1 [0x1]
4 REG_DWORD <undockwithoutlogon> 1 [0x1]
4 REG_DWORD <FilterAdministratorToken> 0 [0x0]
4 REG_DWORD <EnableUIADesktopToggle> 0 [0x0]


Hive </mnt/sdb2/Users/Administrator/NTUSER.DAT>
(...)\Microsoft\Windows\CurrentVersion\Run> Node has 0 subkeys and 2 values
size type value name [value if type DWORD]
108 REG_SZ <Sidebar>
88 REG_SZ <WindowsWelcomeCenter>
(...)\Windows\CurrentVersion\Policies\Explorer> Node has 0 subkeys and 1 values
4 REG_DWORD <NoDriveTypeAutoRun> 145 [0x91]


Hive </mnt/sda1/Carl Wilson/ntuser.dat>
(...)\Microsoft\Windows\CurrentVersion\Run> Node has 0 subkeys and 5 values
size type value name [value if type DWORD]
108 REG_SZ <Sidebar>
110 REG_SZ <SUPERAntiSpyware>
56 REG_SZ <ehTray.exe>
110 REG_SZ <Security Protection>
62 REG_SZ <ctfmon.exe>

Attached Files

  • Attached File  mbr.zip   561bytes   3 downloads


#12 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,761 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:01:22 PM

Posted 30 September 2011 - 01:42 PM

The MBR does look different from those I have seen. There seems that items that makes the computer bootable are missing. Unfortunately throughout xPUD there are no tools to modify the MBR made available to the public. I just wonder if we can create a Recovery CD from the commuter you are contacting us? What type of Operating System is installed in that computer? Let me know if is it a 32 or a 64 bit system.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#13 Shona

Shona
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:12:22 PM

Posted 30 September 2011 - 01:48 PM

Okay, I am not sure how to create a recovery disk utilizing the computer I have not being able to boot to Windows. I do still have that screen through xPUD, can I create a recovery disk utilizing that. I am not sure how to determine if it is a 32 bit or 64 bit system.

#14 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,761 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:01:22 PM

Posted 30 September 2011 - 02:03 PM

I am referring to the computer you are contacting us, not the ailing computer.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#15 Shona

Shona
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:12:22 PM

Posted 30 September 2011 - 04:00 PM

I am sure that I can, do you have instructions already on how to do that?

But, I can access the internet on the problem computer using the program that you told me to download. We can certainly utilize that to get this fixed, right?

Edited by Shona, 30 September 2011 - 04:21 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users