Jump to content

noahdfear

Trusted Malware Techs
  • Content Count

    336
  • Joined

  • Last visited

About noahdfear

  • Rank
    Advanced Member
  • Birthday 04/08/1965

Contact Methods

  • MSN
  • Website URL
    http://noahdfear.geekstogo.com/
  • ICQ
    0
  • Yahoo
    noahdfear

Profile Information

  • Gender
    Male
  • Location
    New Bremen, OH. USA

Previous Fields

  • Teams:
    Nothing Selected
  1. I must again apologize - I forgot about you (one of the reasons I seldom work topics anymore). Despite reporting that the sfc results were written to the cbs.log, they were not, meaning they are of no help. I did some testing with a number o files to see if I could reproduce the behavior you're experiencing and the closest I came, albiet slightly different, was in not allowing userinit.exe to load. That said, let's see if replacing yours will help. Repeat the procedure in Post #50 using the replace.txt file attached to this post (delete the one from before). If there's no change aft
  2. Let's see if that log reveals anything helpful. You'll need the driver.sh script from here on your flash drive. Boot into xPUD and navigate to the flash drive then click Tool>Open Terminal Type the following command then press Enter. bash driver.sh -f When prompted for the filename to search for type cbs.log and press Enter. If any copies are found it should show the location on the screen, as well as echo the results to a log named filefind.txt on the flash drive. I expect the cbs.log file to be located in /mnt/sda3/windows/logs - if so, please copy it to your flash drive the
  3. My apologies for the delay in a response. I've been banging my head trying to figure out a cause for your situation, and quite frankly, I'm just not finding anything. Let's run the system file checker from the Recovery Environment and see if that produces a positive result. Start your computer and tap F8 to enable the Advanced startup menu then select Repair your computer. When the System Recovery Options screen comes up select Command Prompt. Type in the following bolded command, replacing the red underscores with spaces, then press Enter. sfc_/scannow_/offbootdir=c:\_/offwindir=c:\win
  4. Start the computer, pressing F8 to enable the Advanced Start menu. Select Repair your computer If Startup Repair starts automatically, when it completes click the link View advanced options for system recovery and support to open the System Recovery Options menu. Select System Restore then click Next. If any restore points are available they will be listed. If none are listed with a date prior to the current problem, check the box Show more restore points Click to select a date just prior to the current problem then click Next. Click Finish to confirm - your computer will restart and att
  5. Hi Steve, I have studied and re-studied everything you've submitted and I still do not see anything that could be blamed for the behavior of your computer. On the off chance that explorer.exe is corrupted, let's replace it with another copy on your drive. Please download the attached replace.txt file and save it to your flash drive. Make sure that the driver.sh script you downloaded previously is still on the flash drive as well. Boot into xPUD and navigate to the flash drive (sdb1) then click Tool>Open Terminal. Type the following bolded command then press Enter. bash driver.sh
  6. Please save xPUDtd to your flash drive. Boot to xPUD with the flash drive attached, navigate to the flash drive then double click xPUDtd to run it. At the first screen, leave [Create] selected and press Enter The next screen will show your disk drives, generally the hard drive will be first, usb second. You should be able to verify by the size Select the hard drive, select [Proceed] and press Enter At the next screen select [intel] and press Enter Now at the actions option screen, arrow down to [Advanced] and press Enter Select [boot] and press Enter - you may have to arrow up/down to s
  7. Let's do it this way then. First, zip up the bcd.txt file (right click>Send To>Compressed (zipped) folder) Go to my submissions site and upload the bcd.zip and mbr.zip files. http://noahdfear.net/max/upload.php
  8. You will need to type something into the reply text box - I don't think the forum software will allow you to post a blank reply.
  9. Click Add Reply then on the Replying to Blank Screen page click the Browse button located below the reply textbox. Select your file and click Open. Click Attach this file. Finally, click Add Reply.
  10. Right click on the link and select Save Target As
  11. Hi Steve, I've looked over your registry hives, and the bcd, and frankly I don't see a problem with any of them. That said, I cannot get true results from your bcd - true results can only come from the machine on which the bcd lives. So, lets see if we can get an export from your bcd. Plug in your flash drive and start the computer, pressing F8 to enable the Advanced Start menu Select Repair your computer If Startup Repair starts automatically, when it completes click the link View advanced options for system recovery and support to open the System Recovery Options menu Select Comma
  12. Nothing of concern in that log. Please download Process Explorer from Microsoft Sysinternals. Extract the contents of the zip file to their own folder, open the folder and run procexp.exe Click the entry System once to select it. Click View on the menu, then make sure Show Lower Pane is checked. You should have a split window with upper and lower panes. Click View>Lower Pane View and select DLLs The lower pane will populate. When the System process is consuming a lot of CPU cycles, click File>Save As in Process Explorer. Save it to a convenient l
  13. Your logs appear clean. Lets run 1 more tool now. This tool tends to be quite aggressive, so please be sure to configure it exactly as listed below. I only want to see a Report of what it finds. Download Dr.Web CureIt to the desktop: ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe Doubleclick the drweb-cureit.exe file and click 'Start' to run the express scan. This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan. Once the short scan has finished, we need to chan
  14. Copy the bolded line below. sc stop RoxLiveShare9 Click Start>Run then paste the command in the Run dialog and hit Enter. Now, do the same with this next command. sc delete RoxLiveShare9 That should remove the service, and you can delete that entire Roxio Shared folder.
×
×
  • Create New...