Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Windows 7 won't boot


  • This topic is locked This topic is locked

#31
michaelg9

michaelg9

    Trusted Helper

  • Malware Removal
  • 2,949 posts
Hey,

OK, the log now is correct, I have some bad news for you :D. A quote from our experts named OldTimer here that gave me some advises about your strange situation:

I don't think you are looking at any malware issues here. Whether it's a hardware issue or something else, those drives are borked. You could try a repair install on that 200gb drive but I would wipe everything out and put a fresh OS on it. If the user didn't actually do something there was a catastrophic failure and I wouldn't trust it again.


So something happened there are ruined everything that existed on the drive. That could be a hard drive failure.
When you try to boot into Windows, or while accessing the drive in OTLPE to access its data, do you hear any strange noises coming out from the box, like a fast and noisy spinning drive or some clicks?

For now, I'd suggest that you take backups of all data that you want on the drive.
  • 0

Advertisements


#32
bluegang6

bluegang6

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 222 posts

Hey,

OK, the log now is correct, I have some bad news for you :D. A quote from our experts named OldTimer here that gave me some advises about your strange situation:

I don't think you are looking at any malware issues here. Whether it's a hardware issue or something else, those drives are borked. You could try a repair install on that 200gb drive but I would wipe everything out and put a fresh OS on it. If the user didn't actually do something there was a catastrophic failure and I wouldn't trust it again.


So something happened there are ruined everything that existed on the drive. That could be a hard drive failure.
When you try to boot into Windows, or while accessing the drive in OTLPE to access its data, do you hear any strange noises coming out from the box, like a fast and noisy spinning drive or some clicks?

For now, I'd suggest that you take backups of all data that you want on the drive.


Nope, no sounds coming from where the hard drive would be seated.

I could extract the HDD, set it as an external, and buy a new HDD for the laptop I guess..

Weird, it isn't even 1.5 years old :D

Dell :\

Ill look in at either purchasing a new 2 TB external, or find hard drive enclosures and set it up.

Oh wait, 3 year warranty :D

I'll use it for the second time ;)

*update*

Just realized that this step never really popped up:
"When asked "Do you wish to load the remote registry", select Yes.

Might that have anything to do with the borked drives?

Edited by bluegang6, 23 March 2011 - 02:53 PM.

  • 0

#33
michaelg9

michaelg9

    Trusted Helper

  • Malware Removal
  • 2,949 posts
Hey,
First of all, a hard drive failure was a possibility. If it doesn't make any sounds or anything strange, I would recommend a repair install on it, and then run some checks on it to see if it's ok.
If you don't have a Windows CD that you can use to repair install, you could take backups and perform and clean install.

Are you sure that Remote registry confirmation didn't pop up? Reboot and try again, and tell me if you get that confirmation.
However, I don't think this is the cause as almost all crucial windows files are missing
  • 0

#34
bluegang6

bluegang6

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 222 posts
yup, tried again, didn't pop up.

Can you give me a list of the files, I have access to the drive (using the disk), so ill be able to go ahead and tinker there =)
  • 0

#35
michaelg9

michaelg9

    Trusted Helper

  • Malware Removal
  • 2,949 posts
Hey,
When you access the 200gb drive, you should see all of your files and data (that have not been deleted). You can include any file from there in your backup, including .exe, .html, .txt, .pdf etc...
When you finish backing up the data, please insert the drive with the backups to a computer and scan it to make sure that everything is clean. When you finish this, you can re-install the OS and use the backup copy to restore your data :D
  • 0

#36
bluegang6

bluegang6

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 222 posts
Hey Michael,

I just purchased a 1tb MyBook Elite external drive so that I could backup.

Sad thing is that it would not load over the OS on the disk.

Now i put in the windows 7 disk and went for a chkdsk, and I get a message saying:
cannot determine file system of drive F: (the drive that houses my O.S)


What can I do? I'm feeling that everything doesn't wanna work :D

edit, followed these instructions:
DISKPART
LIST DISK
SELECT DISK # (# for Windows 7 disk)
LIST PARTITION
SELECT PARTITION # (# for Windows 7 partition, or 100mb System Reserved partition if you have it)
ACTIVE
EXIT

and was able to reset the OS drive back to "C:"

Chkdsk found no errors.
Will try SFC /scannow for the last time.

Attached is the latest OTL scan. IT looks different than the rest.


OTL logfile created on: 3/26/2011 4:44:27 PM - Run
OTLPE by OldTimer - Version 3.1.46.0 Folder = X:\Programs\OTLPE
Windows 7 Home Premium (Version = 6.1.7600) - Type = System
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 84.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 95.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 218.20 Gb Total Space | 152.67 Gb Free Space | 69.97% Space Free | Partition Type: NTFS
Drive D: | 7.47 Gb Total Space | 7.46 Gb Free Space | 99.79% Space Free | Partition Type: FAT32
Drive F: | 6.67 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive X: | 284.12 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001

========== Win32 Services (SafeList) ==========

SRV - [2011/02/16 16:49:08 | 000,088,176 | ---- | M] (McAfee, Inc.) [Auto] -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2010/06/09 18:10:10 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/04/26 00:39:38 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/03/30 20:23:03 | 000,435,016 | ---- | M] (TuneUp Software) [On_Demand] -- C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe -- (TuneUp.Defrag)
SRV - [2010/02/26 02:03:00 | 000,229,458 | ---- | M] (IDT, Inc.) [Auto] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_028821c569ae5894\stacsv.exe -- (STacSV)
SRV - [2010/02/25 05:59:54 | 001,047,880 | ---- | M] (TuneUp Software) [Auto] -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)
SRV - [2010/02/25 05:56:02 | 000,030,024 | ---- | M] (TuneUp Software) [Auto] -- C:\Windows\System32\uxtuneup.dll -- (UxTuneUp)
SRV - [2010/01/14 19:08:13 | 000,070,928 | ---- | M] (PC Tools) [Auto] -- C:\Program Files\ThreatFire\TFService.exe -- (ThreatFire)
SRV - [2010/01/11 14:20:48 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2009/12/17 12:04:18 | 000,185,640 | ---- | M] (TeamViewer GmbH) [Auto] -- C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe -- (TeamViewer5)
SRV - [2009/11/24 19:51:35 | 000,138,680 | ---- | M] (ALWIL Software) [Auto] -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus)
SRV - [2009/11/24 19:51:21 | 000,254,040 | ---- | M] (ALWIL Software) [On_Demand] -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner)
SRV - [2009/11/24 19:48:48 | 000,352,920 | ---- | M] (ALWIL Software) [On_Demand] -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner)
SRV - [2009/11/24 19:43:56 | 000,018,752 | ---- | M] (ALWIL Software) [Auto] -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv)
SRV - [2009/10/07 08:50:26 | 000,185,640 | ---- | M] (TeamViewer GmbH) [Auto] -- C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe -- (TeamViewer4)
SRV - [2009/07/21 14:04:01 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2009/07/16 10:59:00 | 000,648,432 | ---- | M] (SoftThinks) [Auto] -- C:\Program Files\Dell DataSafe Local Backup\SftService.exe -- (SftService)
SRV - [2009/07/13 21:16:15 | 000,313,856 | ---- | M] () [On_Demand] -- C:\Windows\System32\swprv.dll -- (swprv)
SRV - [2009/07/13 21:16:15 | 000,000,000 | ---- | M] () [On_Demand] -- C:\Windows\System32\termsrv.dll -- (TermService)
SRV - [2009/07/13 21:16:15 | 000,000,000 | ---- | M] () [On_Demand] -- C:\Windows\System32\tapisrv.dll -- (TapiSrv)
SRV - [2009/07/13 21:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 21:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/03/03 02:43:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_028821c569ae5894\AEstSrv.exe -- (AESTFilters)
SRV - [2008/05/07 18:41:14 | 000,354,840 | ---- | M] (Intel Corporation) [Auto] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®


========== Driver Services (SafeList) ==========

DRV - [2010/09/27 21:07:45 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/09/27 21:07:45 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2010/09/27 21:07:45 | 000,012,872 | ---- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2010/07/07 18:18:56 | 000,044,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\dc3d.sys -- (dc3d) MS Hardware Device Detection Driver (USB)
DRV - [2010/04/14 01:01:48 | 000,045,736 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\btusbflt.sys -- (btusbflt)
DRV - [2010/02/26 02:03:00 | 000,423,424 | ---- | M] (IDT, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2010/01/14 19:08:30 | 000,059,664 | ---- | M] (PC Tools) [Kernel | Boot] -- C:\Windows\System32\drivers\TfSysMon.sys -- (TfSysMon)
DRV - [2010/01/14 19:08:29 | 000,033,552 | ---- | M] (PC Tools) [Kernel | On_Demand] -- C:\Windows\System32\drivers\TfNetMon.sys -- (TfNetMon)
DRV - [2010/01/14 19:08:28 | 000,051,984 | ---- | M] (PC Tools) [Kernel | Boot] -- C:\Windows\System32\drivers\TfFsMon.sys -- (TfFsMon)
DRV - [2009/11/24 19:49:07 | 000,048,560 | ---- | M] (ALWIL Software) [Kernel | System] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2009/11/24 19:48:57 | 000,023,120 | ---- | M] (ALWIL Software) [Kernel | System] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2009/10/14 07:24:44 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand] -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)
DRV - [2009/09/28 09:22:00 | 000,315,392 | ---- | M] () [Kernel | On_Demand] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7)
DRV - [2009/09/26 01:58:35 | 000,194,488 | ---- | M] () [Kernel | Boot] -- C:\Windows\System32\drivers\fvevol.sys -- (fvevol)
DRV - [2009/09/15 06:55:30 | 000,114,768 | ---- | M] (ALWIL Software) [Kernel | System] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2009/09/15 06:55:19 | 000,020,560 | ---- | M] (ALWIL Software) [File_System | Auto] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2009/09/15 06:55:09 | 000,053,328 | ---- | M] (ALWIL Software) [File_System | Auto] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2009/07/13 21:26:15 | 000,000,000 | ---- | M] () [Kernel | Boot] -- C:\Windows\System32\drivers\acpi.sys -- (ACPI)
DRV - [2009/07/13 21:19:10 | 000,445,008 | ---- | M] () [Kernel | Boot] -- C:\Windows\System32\drivers\Wdf01000.sys -- (Wdf01000)
DRV - [2009/07/13 19:52:09 | 000,000,000 | ---- | M] () [Kernel | On_Demand] -- C:\Windows\System32\drivers\usbhub.sys -- (usbhub)
DRV - [2009/07/13 19:52:03 | 000,000,000 | ---- | M] () [Kernel | On_Demand] -- C:\Windows\System32\drivers\nwifi.sys -- (NativeWifiP)
DRV - [2009/07/13 19:51:31 | 000,392,704 | ---- | M] () [Kernel | On_Demand] -- C:\Windows\System32\drivers\bthport.sys -- (BTHPORT)
DRV - [2009/07/13 19:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/06/15 13:05:16 | 000,143,968 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV - [2009/04/03 03:37:24 | 000,200,240 | ---- | M] () [Kernel | On_Demand] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2008/12/21 14:32:18 | 000,018,424 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\bcm42rly.sys -- (BCM42RLY)
DRV - [2008/08/25 02:00:00 | 000,269,216 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\OA009Vid.sys -- (OA009Vid)
DRV - [2008/06/03 18:30:24 | 000,144,672 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\OA009Ufd.sys -- (OA009Ufd)
DRV - [2006/11/01 19:50:00 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr)
DRV - [2005/08/17 09:47:48 | 000,073,696 | ---- | M] (MCCI) [Kernel | On_Demand] -- C:\Windows\System32\drivers\sscdserd.sys -- (sscdserd) SAMSUNG CDMA Modem Diagnostic Serial Port (WDM)
DRV - [2005/08/17 09:46:26 | 000,093,872 | ---- | M] (MCCI) [Kernel | On_Demand] -- C:\Windows\System32\drivers\sscdmdm.sys -- (sscdmdm)
DRV - [2005/08/17 09:46:20 | 000,008,272 | ---- | M] (MCCI) [Kernel | On_Demand] -- C:\Windows\System32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV - [2005/08/17 09:45:00 | 000,058,352 | ---- | M] (MCCI) [Kernel | On_Demand] -- C:\Windows\System32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Cindy_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www1.euro.del...c=ae&l=ar&s=gen
IE - HKU\Cindy_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ca.msn.com/?l...en-ca&OCID=iehp
IE - HKU\Cindy_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-ca
IE - HKU\Cindy_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 66 16 8D 2A BA 89 CB 01 [binary data]
IE - HKU\Cindy_ON_C\Software\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\Cindy_ON_C\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKU\Cindy_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Cindy_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local




========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Secure Search"
FF - prefs.js..browser.search.selectedEngine: "Secure Search"
FF - prefs.js..browser.startup.homepage: "http://www.google.ca/"
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.3
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: [email protected]:1.5
FF - prefs.js..extensions.enabledItems: {E6C1199F-E687-42da-8C24-E7770CC3AE66}:1.7.2
FF - prefs.js..extensions.enabledItems: [email protected]:4.0
FF - prefs.js..keyword.URL: "http://ca.search.yah...h?fr=mcafee&p="
FF - prefs.js..network.proxy.no_proxies_on: "*.local"


FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2011/03/17 14:32:54 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/01/09 19:27:19 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/01/09 19:27:19 | 000,000,000 | ---D | M]

[2010/06/07 21:47:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Cindy\AppData\Roaming\Mozilla\Extensions
[2011/03/07 18:46:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Cindy\AppData\Roaming\Mozilla\Firefox\Profiles\8hwrv6az.default\extensions
[2010/06/07 21:47:03 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Cindy\AppData\Roaming\Mozilla\Firefox\Profiles\8hwrv6az.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/01/09 19:27:21 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\Cindy\AppData\Roaming\Mozilla\Firefox\Profiles\8hwrv6az.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2011/01/09 19:27:21 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Cindy\AppData\Roaming\Mozilla\Firefox\Profiles\8hwrv6az.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2011/01/09 19:27:21 | 000,000,000 | ---D | M] (QuickJava) -- C:\Users\Cindy\AppData\Roaming\Mozilla\Firefox\Profiles\8hwrv6az.default\extensions\{E6C1199F-E687-42da-8C24-E7770CC3AE66}
[2011/01/09 19:27:21 | 000,000,000 | ---D | M] (Illimitux) -- C:\Users\Cindy\AppData\Roaming\Mozilla\Firefox\Profiles\8hwrv6az.default\extensions\[email protected]
[2010/09/19 20:04:56 | 000,000,000 | ---D | M] (1-Click YouTube Video Downloader) -- C:\Users\Cindy\AppData\Roaming\Mozilla\Firefox\Profiles\8hwrv6az.default\extensions\[email protected]
[2010/06/07 21:47:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Cindy\AppData\Roaming\Mozilla\Firefox\Profiles\f008dl5f.default\extensions
[2010/06/07 21:47:04 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Cindy\AppData\Roaming\Mozilla\Firefox\Profiles\f008dl5f.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/12/22 23:06:38 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/03/17 14:32:54 | 000,000,000 | ---D | M] (McAfee SiteAdvisor) -- C:\PROGRAM FILES\MCAFEE\SITEADVISOR
[2011/01/03 19:02:28 | 000,002,027 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\McSiteAdvisor.xml

O1 HOSTS File: ([2010/04/26 00:49:46 | 000,001,715 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 runescape.com127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 4 more lines...
O2 - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\Snagit 9\SnagitBHO.dll (TechSmith Corporation)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Snagit) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\Snagit 9\SnagitIEAddin.dll (TechSmith Corporation)
O3 - HKU\Cindy_ON_C\..\Toolbar\WebBrowser: (no name) - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No CLSID value found.
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [dellsupportcenter] File not found
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [ThreatFire] C:\Program Files\ThreatFire\TFTray.exe (PC Tools)
O4 - HKU\Cindy_ON_C..\Run: [SmileboxTray] C:\Users\Cindy\AppData\Roaming\Smilebox\SmileboxTray.exe (Smilebox, Inc.)
O4 - HKU\Cindy_ON_C..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - HKLM..\RunOnce: [*Restore] C:\Windows\System32\rstrui.exe (Microsoft Corporation)
O4 - HKU\LocalService_ON_C..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\NetworkService_ON_C..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk ()
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk ()
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx...owserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\GoToAssist: DllName - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper:
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\System32\wdigest.dll ()
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2008/05/06 08:26:23 | 000,000,309 | R--- | M] () - F:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Tapisrv - C:\Windows\System32\tapisrv.dll ()
NetSvcs: WmdmPmSp - File not found
NetSvcs: TermService - C:\Windows\System32\termsrv.dll ()
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

Drivers32: midi - C:\Windows\System32\wdmaud.drv ()
Drivers32: midi1 - C:\Windows\System32\wdmaud.drv ()
Drivers32: mixer - C:\Windows\System32\wdmaud.drv ()
Drivers32: mixer1 - C:\Windows\System32\wdmaud.drv ()
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv50 - C:\Windows\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.yv12 - C:\Windows\System32\yv12vfw.dll (www.helixcommunity.org)
Drivers32: wave - C:\Windows\System32\wdmaud.drv ()
Drivers32: wave1 - C:\Windows\System32\wdmaud.drv ()

MsConfig - StartUpFolder: C:^Users^Cindy^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE - (Microsoft Corporation)
MsConfig - StartUpReg: dskl - hkey= - key= - File not found
MsConfig - State: "startup" - 2

SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: SWPRV - C:\Windows\System32\swprv.dll ()
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: Wdf01000.sys - C:\Windows\System32\drivers\Wdf01000.sys ()
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NativeWifiP - C:\Windows\System32\drivers\nwifi.sys ()
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS - File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: SWPRV - C:\Windows\System32\swprv.dll ()
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: Wdf01000.sys - C:\Windows\System32\drivers\Wdf01000.sys ()
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

========== Files/Folders - Created Within 30 Days ==========

[2011/03/26 17:12:23 | 000,000,000 | ---D | C] -- C:\Temp
[2010/07/28 20:20:56 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[3 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ]
[1 C:\Users\Cindy\Desktop\*.tmp files -> C:\Users\Cindy\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/03/20 19:02:32 | 000,000,185 | ---- | M] () -- C:\boot.ini
[2011/03/19 17:44:29 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/03/17 14:32:54 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2011/03/10 18:32:31 | 1581,010,944 | -HS- | M] () -- C:\hiberfil.sys
[2011/03/08 10:06:43 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/03/07 22:55:30 | 000,011,104 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/03/07 22:55:30 | 000,011,104 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/03/07 22:48:06 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[3 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ]
[1 C:\Users\Cindy\Desktop\*.tmp files -> C:\Users\Cindy\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/03/19 12:03:34 | 000,000,185 | ---- | C] () -- C:\boot.ini
[2010/10/23 18:37:17 | 000,006,144 | ---- | C] () -- C:\Users\Cindy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/09/19 13:44:03 | 000,982,220 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2010/09/19 13:44:02 | 000,134,592 | ---- | C] () -- C:\Windows\System32\igfcg500.bin
[2010/09/19 13:44:02 | 000,092,216 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin
[2010/09/19 13:44:00 | 000,439,300 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2010/07/28 20:18:42 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2010/07/28 20:14:38 | 000,208,896 | ---- | C] () -- C:\Windows\System32\iglhsip32.dll
[2010/07/28 20:14:38 | 000,143,360 | ---- | C] () -- C:\Windows\System32\iglhcp32.dll
[2010/06/08 11:33:45 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/06/08 09:21:08 | 000,194,488 | ---- | C] () -- C:\Windows\System32\drivers\fvevol.sys
[2010/06/07 23:05:12 | 000,000,425 | ---- | C] () -- C:\Users\Cindy\AppData\Local\Win7_Upgrade.bat
[2010/06/07 22:58:51 | 000,200,240 | ---- | C] () -- C:\Windows\System32\drivers\Apfiltr.sys
[2010/06/07 22:24:55 | 000,002,019 | ---- | C] () -- C:\Users\Cindy\AppData\Local\Win7_tmp1.htm
[2010/06/07 21:54:35 | 000,021,316 | ---- | C] () -- C:\Windows\System32\emptyregdb.dat
[2010/02/27 14:13:00 | 000,148,996 | ---- | C] () -- C:\Windows\hpoins19.dat
[2009/12/22 16:13:09 | 000,031,007 | ---- | C] () -- C:\Users\Cindy\AppData\Roaming\UserTile.png
[2009/11/02 18:29:19 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
[2009/10/24 20:35:08 | 001,970,176 | ---- | C] () -- C:\Windows\System32\d3dx9.dll
[2009/08/30 00:00:56 | 000,000,214 | ---- | C] () -- C:\Users\Cindy\AppData\Roaming\wklnhst.dat
[2009/07/21 14:14:50 | 000,000,075 | RHS- | C] () -- C:\Windows\CT4CET.bin
[2009/07/21 13:58:19 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2009/07/21 13:55:37 | 000,000,000 | ---- | C] () -- C:\Windows\System32\drivers\iaStor.sys
[2009/07/21 13:51:45 | 000,054,784 | ---- | C] () -- C:\Windows\System32\bcmwlrmt.dll
[2009/07/21 13:51:44 | 000,026,112 | ---- | C] () -- C:\Windows\System32\WLTRYSVC.EXE
[2009/07/21 13:41:08 | 000,140,288 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll
[2009/07/14 00:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 00:33:53 | 002,268,688 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/13 22:05:48 | 000,628,460 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/13 22:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/13 22:05:48 | 000,110,612 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/13 22:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/13 22:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/13 22:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/13 20:19:55 | 000,000,000 | ---- | C] () -- C:\Windows\System32\tapisrv.dll
[2009/07/13 20:18:41 | 000,489,472 | ---- | C] () -- C:\Windows\System32\win32spl.dll
[2009/07/13 20:09:06 | 000,000,000 | ---- | C] () -- C:\Windows\System32\wmpps.dll
[2009/07/13 20:07:27 | 000,000,000 | ---- | C] () -- C:\Windows\System32\sqlceqp30.dll
[2009/07/13 20:07:16 | 000,000,000 | ---- | C] () -- C:\Windows\System32\sqlceoledb30.dll
[2009/07/13 20:06:02 | 000,507,392 | ---- | C] () -- C:\Windows\System32\wmdrmdev.dll
[2009/07/13 20:04:44 | 000,000,000 | ---- | C] () -- C:\Windows\System32\SndVolSSO.dll
[2009/07/13 20:03:12 | 000,172,032 | ---- | C] () -- C:\Windows\System32\wdmaud.drv
[2009/07/13 20:02:54 | 000,245,248 | ---- | C] () -- C:\Windows\System32\DShowRdpFilter.dll
[2009/07/13 20:02:49 | 000,000,000 | ---- | C] () -- C:\Windows\System32\termsrv.dll
[2009/07/13 19:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 19:52:09 | 000,000,000 | ---- | C] () -- C:\Windows\System32\drivers\usbhub.sys
[2009/07/13 19:52:03 | 000,000,000 | ---- | C] () -- C:\Windows\System32\drivers\nwifi.sys
[2009/07/13 19:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 19:51:31 | 000,392,704 | ---- | C] () -- C:\Windows\System32\drivers\bthport.sys
[2009/07/13 19:50:16 | 000,000,000 | ---- | C] () -- C:\Windows\System32\WUDFHost.exe
[2009/07/13 19:48:05 | 000,000,000 | ---- | C] () -- C:\Windows\System32\SnippingTool.exe
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/07/13 19:40:50 | 000,755,200 | ---- | C] () -- C:\Windows\System32\sud.dll
[2009/07/13 19:37:45 | 000,000,000 | ---- | C] () -- C:\Windows\System32\logoncli.dll
[2009/07/13 19:34:12 | 000,000,000 | ---- | C] () -- C:\Windows\System32\wdigest.dll
[2009/07/13 19:23:55 | 000,313,856 | ---- | C] () -- C:\Windows\System32\swprv.dll
[2009/07/13 19:23:03 | 000,000,000 | ---- | C] () -- C:\Windows\System32\WSDApi.dll
[2009/07/13 19:20:00 | 000,000,000 | ---- | C] () -- C:\Windows\System32\tdh.dll
[2009/07/13 19:14:56 | 000,000,000 | ---- | C] () -- C:\Windows\System32\uudf.dll
[2009/07/13 19:11:47 | 000,445,008 | ---- | C] () -- C:\Windows\System32\drivers\Wdf01000.sys
[2009/07/13 19:11:12 | 000,000,000 | ---- | C] () -- C:\Windows\System32\drivers\acpi.sys
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2008/11/17 19:32:20 | 000,180,224 | ---- | C] () -- C:\Windows\System32\BtAudioHelper.dll
[2008/09/19 13:14:16 | 000,024,056 | ---- | C] () -- C:\Windows\System32\providers.bin
[2007/03/13 16:02:10 | 000,026,952 | ---- | C] () -- C:\Windows\hpomdl19.dat
[2001/11/14 13:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll

========== LOP Check ==========

[2010/12/30 21:24:00 | 000,000,000 | ---D | M] -- C:\Users\Cindy\AppData\Roaming\cacaoweb
[2010/06/07 21:46:32 | 000,000,000 | ---D | M] -- C:\Users\Cindy\AppData\Roaming\Facebook
[2010/12/18 18:56:30 | 000,000,000 | ---D | M] -- C:\Users\Cindy\AppData\Roaming\ManyCam
[2011/02/10 20:04:11 | 000,000,000 | ---D | M] -- C:\Users\Cindy\AppData\Roaming\Smilebox
[2010/06/07 21:47:07 | 000,000,000 | ---D | M] -- C:\Users\Cindy\AppData\Roaming\TeamViewer
[2010/06/07 21:47:07 | 000,000,000 | ---D | M] -- C:\Users\Cindy\AppData\Roaming\Template
[2010/06/07 21:47:07 | 000,000,000 | ---D | M] -- C:\Users\Cindy\AppData\Roaming\TuneUp Software
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- C:\ProgramData\Application Data
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- C:\ProgramData\Documents
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favorites
[2011/01/09 19:21:19 | 000,000,000 | ---D | M] -- C:\ProgramData\iIhAk08200
[2010/06/07 21:35:52 | 000,000,000 | ---D | M] -- C:\ProgramData\PC-Doctor
[2009/07/21 14:08:55 | 000,000,000 | ---D | M] -- C:\ProgramData\PCDr
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- C:\ProgramData\Start Menu
[2010/09/18 13:19:33 | 000,000,000 | ---D | M] -- C:\ProgramData\TechSmith
[2009/10/12 21:54:24 | 000,000,000 | ---D | M] -- C:\ProgramData\TEMP
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- C:\ProgramData\Templates
[2010/06/07 21:35:57 | 000,000,000 | ---D | M] -- C:\ProgramData\TuneUp Software
[2010/06/07 21:35:58 | 000,000,000 | ---D | M] -- C:\ProgramData\Uninstall
[2010/06/07 21:35:58 | 000,000,000 | ---D | M] -- C:\ProgramData\WindowsSearch
[2010/06/07 21:35:58 | 000,000,000 | ---D | M] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/06/07 21:35:58 | 000,000,000 | ---D | M] -- C:\ProgramData\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2010/12/11 17:00:43 | 000,000,000 | -H-D | M] -- C:\ProgramData\{CBCE2F73-24E4-481F-84B2-1A5EB720D187}
[2010/06/07 21:35:58 | 000,000,000 | -HSD | M] -- C:\ProgramData\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
[2010/10/11 18:31:46 | 000,032,574 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========


< End of report >



I just had all my system32\driver\ files overwritten by another set of Windows 7 32bit system32\drivers\

cleaned up some errors, but now am missing iaStor.sys, which I can't find anywhere:S

iaStor.sys is an Intel driver that helps control RAID and SATA hard disks. Dell asks for this at the beginning.

How am I supposed to fix my pc now :s
  • 0

#37
michaelg9

michaelg9

    Trusted Helper

  • Malware Removal
  • 2,949 posts
Hey,
Now that's a log :D
iaStor.sys exist, as you can see here:
[2009/07/21 13:55:37 | 000,000,000 | ---- | C] () -- C:\Windows\System32\drivers\iaStor.sys
but I can see some system files that normally should be signed, but they're not, something which makes me believe that they're corrupted/altered. Did you try SFC /scannow?

If SFC doesn't help, do this:



Run OTLPE
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    /md5start
    iaStor.sys
    /md5stop

  • Then click the Quick Scan button at the top
  • Let the program run unhindered.
  • Post the log it produces in your next reply.

  • 0

#38
bluegang6

bluegang6

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 222 posts
Michael, sorry, but I'll have 2 run the OTL scan one more time because the OTL log you have is the one prior to me overwriting all the files.

I was able to go through the CMD prompt, using an old external (30gb), use the copy c:\users\username\ f:\ /e to copy the entire contents of that folder into the F drive, just incase anything happens.

It fit :D

So, just to make sure you're understanding, I Will post a newer OTL Log, and then run the custom scan in addition that, and attach both logs :-)

Glad we're moving with the process :D

p.s. iaStor.sys is @ 0 kb :\

Again, SFC isn't working. This time, I Get, 'sfc' is not recognized as an internal or external command ... (kinda worries me) -- Update, that was through reatgo, now, through windows 7 repair disk, I get "the subsystem needed to support the image type is not present." I get that there is a system repair pending which requires reboot to complete. Restart Windows and run SFC again.


Here are the logs:
Entire Log Attached File  OTLatest.txt   83.86KB   133 downloads

MD5Start log Attached File  small.txt   58.49KB   140 downloads

Edited by bluegang6, 28 March 2011 - 05:04 PM.

  • 0

#39
michaelg9

michaelg9

    Trusted Helper

  • Malware Removal
  • 2,949 posts
Hey,
I can see more windows files like iaStor, so is there any reason that you don't want to format and re-install Windows now that you have your data backed up?
  • 0

#40
bluegang6

bluegang6

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 222 posts
I just am not sure if I have backed up everything, I backed up the obvious user/username/* folder... Is there anything else i need?

Also, how would I go abouts reinstalling?


The laptop was originally windows Vista, and upgraded to seven

Edited by bluegang6, 28 March 2011 - 10:29 PM.

  • 0

Advertisements


#41
michaelg9

michaelg9

    Trusted Helper

  • Malware Removal
  • 2,949 posts
Hey,
These directory normally is the only thing you need backed up, if you have only one account that you want its data.
Please scan these data on a clean computer with a good antivirus, and delete anything found, to prevent reinfection.


Here is a good tutorial on how to perform a clean install. :D

If you need anything more during this step, post here
  • 0

#42
bluegang6

bluegang6

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 222 posts
If I were to follow those steps, would I just re-run the Windows 7 upgrade disk?

Re-installed from the upgrade disk, retained data in windows.old, all seems to be working fine :-)

Thanks again :D :D :D ;) :D

Edited by bluegang6, 29 March 2011 - 10:12 PM.

  • 0

#43
michaelg9

michaelg9

    Trusted Helper

  • Malware Removal
  • 2,949 posts
Hey :D

Congratulations! Sorry I couldn't help you much in here, but your case was somewhat special to me... I don't have much experience on hardware issues

Next:


Make your Internet Explorer more secure - Internet Explorer is not the most secure browser you can use, but as long as it exists on your system, take these simple steps to make it more secure:
From within Internet Explorer click on the Tools menu and then click on Options. Click once on the Security tab Click once on the Internet icon so it becomes highlighted. Click once on the Custom Level button.
  • Change the Download signed ActiveX controls to Prompt.
  • Change the Download unsigned ActiveX controls to Disable.
  • Change the Initialize and script ActiveX controls not marked as safe to Disable.
  • Change the Installation of desktop items to Prompt.
  • Change the Launching programs and files in an IFRAME to Prompt.
  • Change the Navigate sub-frames across different domains to Prompt.
When all these settings have been made, click on the OK button.
If it prompts you as to whether or not you want to save the settings, press the Yes button.
Now navigate to Advanced tab and select:
  • Empty temporary Internet files folder when browser is closed.
Next press the Apply button and then the OK to exit the Internet Properties page.


Next:


Use Firefox instead of Internet Explorer, as most of malware are exploiting Internet Explorer's vulnerabilities, with Firefox you will be more secure.
Note: If you are going to use Firefox I would suggest the use of these add-ons:
  • NoScript - for blocking ads and other potential website attacks.
  • McAfee SiteAdvisor - this tells you whether the sites you are about to visit are safe or not. A must if you do a lot of Googling.


Next:


Automatic Updates for Windows
  • Click Start.
  • Select Settings and then Control Panel.
  • Select Automatic Updates.
  • Click Automatic (recommended)
  • Choose a day and a time when you know the computer will be on and connected to the internet.
  • Click Apply then OK.


Next:


Antivirus - No need to explain how important is the use of ONE antivirus. It is not recommended to run more than one firewall or anti-virus program. Running more than one of these at a time can cause system crashes, high system usage and/or conflicts with each other
If you already have one installed, keep it.


Next:


Firewall - Another very important security tool called firewall. The are my recommendations, however you must use only one:
If you already have one installed, keep it.


Next:


Additional security programs - For additional security, the use of these tools is important:
  • Malwarebytes Anti-Malware. - Update the free version and scan with it often. It is an excellent scanning tool to have on your side.
  • Javacool's SpywareBlaster: - It will protect you from most spy/foistware in it's database by blocking installation of their ActiveX objects.
    Download and install, download the latest updates, and you'll see a list of all spyware programs covered by the program (NOTE: this is NOT spyware found on your computer)

    Press "Enable All Protection", and you're done.
    The spyware that you told Spywareblaster to set the "kill bit" for won't be a hazard to you any longer.
    Although it won't protect you from every form of spyware known to man, it is a very potent extra layer of protection.
    Don't forget to check for updates every week or so.
  • The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer. This little program packs a powerful punch as it block ads, banners, 3rd party Cookies, 3rd party page counters, web bugs, and many hijackers. For information on how to download and install, please read this tutorial


Next:


Recovery Console - Recent trends appear to indicate that future infections will include attacks to the boot sector of the computer. The installation of the Recovery Console in the computer will be our only defense against this threat. For more information and steps to install the Recovery Console see This Article. Should you need assistance in installing the Recovery Console, please do not hesitate to ask.


Next:


Posted ImageUpgrading Java:
  • Download the latest version of Java SE Runtime Environment (JRE).
  • Click the "Download" button to the right.
  • Select your Platform and check the box that says: "I agree to the Java SE Runtime Environment.".
  • Click on Continue.
  • Click on the link to download Windows Offline Installation and save it to your desktop. Do NOT use the Sun Download Manager..
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on the download to install the newest version.(Vista users, right click on the file and select "Run as an Administrator.")


Next:


Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.


Next:


Keep a backup of your important files to prevent future data loss.


Happy safe computing !! :D
  • 0

#44
michaelg9

michaelg9

    Trusted Helper

  • Malware Removal
  • 2,949 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :D

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP