• Still running Windows 7 or earlier? Support for Windows 7 ended on January 14th 2020. Please review the thread here for more details.

[SOLVED] Winload.exe missing

Update: After moving all the files bck to sda1, I'm able to log in and see my Desktop.
Right now I'm missing cmd.exe. Found this out as I cannot open files as an administrator e.g. Command prompt. Any idea how to fix that??
 
UPDATE : Moved all files over. Can now access files as administrator. The computer keeps asking for an installation disk at startup. Other than that the computer works fine but the thumbnails on the desktop are also missing.
 
Hi Hugo459440, that's great. At what stage does the computer ask for an installation disk? Before Windows loads? Are you able to add any new icons to the desktop?

You mentioned that the original problem with the computer was a malware infection. What tools did you use to remove this? I'd also like to get some more info about the computer to see what the current state of things is. Please follow the steps in this thread and post back the required logs in your next reply.

Please also run another scan from the command line with sfc /scannow. Do not run chkdsk again for the moment.

A lot has been done to the computer, and there may be enduring issues. Ultimately, the best option at this stage would be to do a complete reformat and reinstall Windows. If you don't have a working installation disk, we can try and get the computer back to a properly working state but there may be further issues that won't become noticeable until much later.
 
It asks for the intallation disk when it enters the desktop screen. It disappears after about 10 secs though.
I've tried running scannow but it always stops in the middlle. I have not been able to do a complete scan.
I ran malwarebytes. That was able to remove the Trojan and fix some file errors. I ran quite a number of other programs too
 
Attach :
Code: 
.UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft® Windows Vista™ Home Basic 
Boot Device: \Device\HarddiskVolume1
Install Date: 7/15/2012 9:52:30 PM
System Uptime: 5/11/2013 11:24:26 AM (0 hours ago)
.
Motherboard: SiS                              |  | M720SRS                         
Processor: Intel(R) Core(TM)2 Duo CPU     T6400  @ 2.00GHz | uPGA 479M | 1999/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 298 GiB total, 194.985 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft Tun Miniport Adapter
Device ID: ROOT\*TUNMP\0001
Manufacturer: Microsoft
Name: Teredo Tunneling Pseudo-Interface
PNP Device ID: ROOT\*TUNMP\0001
Service: tunmp
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Download Assistant
Adobe Flash Player 10 Plugin
Adobe Flash Player 11 ActiveX
Adobe Flash Professional CS6
Adobe Help Manager
Adobe Reader X (10.1.6)
Adobe Shockwave Player 12.0
Apple Application Support
Apple Mobile Device Support
Apple Software Update
BisonCam
Bonjour
Combined Community Codec Pack 2011-11-11
Compatibility Pack for the 2007 Office system
Documents To Go Desktop for iOS
Evernote v. 4.6.3
Foxit Reader
GIMP 2.8.4
GOM Player
Google Chrome
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
iTunes
Java 7 Update 21
Java Auto Updater
Java SE Development Kit 7 Update 7
lightshot-3.4.0.50
McAfee SecurityCenter
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Automated Troubleshooting Services Shim
Microsoft Office XP Media Content
Microsoft Office XP Professional
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft_VC80_CRT_x86
Microsoft_VC90_CRT_x86
Motorola SM56 Data Fax Modem
Mozilla Firefox 21.0 (x86 en-US)
Mozilla Maintenance Service
PDF Settings CS6
QuickTime
Realtek High Definition Audio Driver
REALTEK RTL8187B Wireless LAN Driver
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Shared C Run-time for x86
SiS VGA Utilities
swMSM
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
WinRAR 4.20 (32-bit)
.
==== Event Viewer Messages From Past Week ========
.
5/11/2013 9:37:52 AM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WSearch service.
5/11/2013 9:15:30 AM, Error: Microsoft-Windows-Time-Service [34]  - The time service has detected that the system time needs to be  changed by +545545 seconds. The time service will not change the system time by more than +54000 seconds. Verify that your time and time zone are correct, and that the time source time.windows.com,0x9 (ntp.m|0x9|0.0.0.0:123->65.55.56.206:123) is working properly.
5/11/2013 8:48:18 AM, Error: EventLog [6008]  - The previous system shutdown at 8:28:27 AM on 5/11/2013 was unexpected.
5/11/2013 8:21:15 AM, Error: Microsoft-Windows-Time-Service [34]  - The time service has detected that the system time needs to be  changed by +475057 seconds. The time service will not change the system time by more than +54000 seconds. Verify that your time and time zone are correct, and that the time source time.windows.com,0x9 (ntp.m|0x9|0.0.0.0:123->65.55.56.206:123) is working properly.
5/11/2013 8:20:37 AM, Error: EventLog [6008]  - The previous system shutdown at 8:18:05 AM on 5/11/2013 was unexpected.
5/11/2013 8:18:41 AM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the FDResPub service.
5/11/2013 6:11:34 AM, Error: Microsoft-Windows-Time-Service [34]  - The time service has detected that the system time needs to be  changed by +475057 seconds. The time service will not change the system time by more than +54000 seconds. Verify that your time and time zone are correct, and that the time source time.windows.com,0x9 (ntp.m|0x9|0.0.0.0:123->64.4.10.33:123) is working properly.
5/11/2013 6:11:01 AM, Error: EventLog [6008]  - The previous system shutdown at 6:09:32 AM on 5/11/2013 was unexpected.
5/11/2013 5:13:17 AM, Error: Service Control Manager [7001]  - The McAfee Network Agent service depends on the McAfee Firewall Core Service service which failed to start because of the following error:  The system cannot find the path specified.
5/11/2013 5:13:17 AM, Error: Service Control Manager [7000]  - The McAfee VirusScan Announcer service failed to start due to the following error:  The system cannot find the path specified.
5/11/2013 5:13:17 AM, Error: Service Control Manager [7000]  - The McAfee Services service failed to start due to the following error:  The system cannot find the path specified.
5/11/2013 5:13:17 AM, Error: Service Control Manager [7000]  - The McAfee Firewall Core Service service failed to start due to the following error:  The system cannot find the path specified.
5/11/2013 5:11:16 AM, Error: Service Control Manager [7023]  - The WinDefend service terminated with the following error:  The specified module could not be found.
5/11/2013 5:11:16 AM, Error: Service Control Manager [7001]  - The McAfee Proxy Service service depends on the McAfee Firewall Core Service service which failed to start because of the following error:  The system cannot find the path specified.
5/11/2013 5:11:16 AM, Error: Service Control Manager [7001]  - The McAfee Personal Firewall Service service depends on the McAfee Firewall Core Service service which failed to start because of the following error:  The system cannot find the path specified.
5/11/2013 5:11:16 AM, Error: Service Control Manager [7001]  - The McAfee Anti-Spam Service service depends on the McAfee Firewall Core Service service which failed to start because of the following error:  The system cannot find the path specified.
5/11/2013 5:11:16 AM, Error: Service Control Manager [7000]  - The McAfee SiteAdvisor Service service failed to start due to the following error:  The system cannot find the path specified.
5/11/2013 5:11:16 AM, Error: Service Control Manager [7000]  - The McAfee McShield service failed to start due to the following error:  The system cannot find the path specified.
5/11/2013 5:11:16 AM, Error: Service Control Manager [7000]  - The MBAMService service failed to start due to the following error:  The system cannot find the path specified.
5/11/2013 5:11:16 AM, Error: Service Control Manager [7000]  - The MBAMScheduler service failed to start due to the following error:  The system cannot find the path specified.
5/11/2013 5:11:16 AM, Error: Service Control Manager [7000]  - The Bonjour Service service failed to start due to the following error:  The system cannot find the path specified.
5/11/2013 5:11:16 AM, Error: Service Control Manager [7000]  - The Apple Mobile Device service failed to start due to the following error:  The system cannot find the path specified.
5/11/2013 5:10:41 AM, Error: EventLog [6008]  - The previous system shutdown at 5:07:09 AM on 5/11/2013 was unexpected.
5/11/2013 5:08:43 AM, Error: volsnap [25]  - The shadow copies of volume C: were deleted because the shadow copy storage could not grow in time.  Consider reducing the IO load on the system or choose a shadow copy storage volume that is not being shadow copied.
5/11/2013 4:39:20 AM, Error: Microsoft-Windows-Time-Service [34]  - The time service has detected that the system time needs to be  changed by +475056 seconds. The time service will not change the system time by more than +54000 seconds. Verify that your time and time zone are correct, and that the time source time.windows.com,0x9 (ntp.m|0x9|0.0.0.0:123->64.4.10.33:123) is working properly.
5/11/2013 4:34:34 AM, Error: Service Control Manager [7023]  - The Application Information service terminated with the following error:  The system cannot find the file specified.
5/11/2013 4:11:03 AM, Error: EventLog [6008]  - The previous system shutdown at 4:04:19 AM on 5/11/2013 was unexpected.
5/11/2013 11:26:30 AM, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  spldr Wanarpv6
5/11/2013 11:26:30 AM, Error: Service Control Manager [7001]  - The Computer Browser service depends on the Server service which failed to start because of the following error:  The dependency service or group failed to start.
5/11/2013 11:26:28 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
5/11/2013 11:26:17 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
5/11/2013 11:26:16 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
5/11/2013 11:26:08 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
5/11/2013 11:24:54 AM, Error: EventLog [6008]  - The previous system shutdown at 11:21:52 AM on 5/11/2013 was unexpected.
5/11/2013 10:47:20 AM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the McShield service.
5/11/2013 10:24:40 AM, Error: Service Control Manager [7000]  - The Parallel port driver service failed to start due to the following error:  The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
5/11/2013 10:24:40 AM, Error: Service Control Manager [7000]  - The McAfee SiteAdvisor Service service failed to start due to the following error:  Access is denied.
5/11/2013 10:23:00 AM, Error: EventLog [6008]  - The previous system shutdown at 10:18:01 AM on 5/11/2013 was unexpected.
5/10/2013 8:29:36 AM, Error: EventLog [6008]  - The previous system shutdown at 8:27:25 AM on 5/10/2013 was unexpected.
5/10/2013 7:56:55 AM, Error: Service Control Manager [7043]  - The Windows Update service did not shut down properly after receiving a preshutdown control.
5/10/2013 7:32:15 AM, Error: Service Control Manager [7001]  - The Windows Media Player Network Sharing Service service depends on the UPnP Device Host service which failed to start because of the following error:  The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
5/10/2013 7:31:45 AM, Error: Microsoft-Windows-Time-Service [34]  - The time service has detected that the system time needs to be  changed by +105711 seconds. The time service will not change the system time by more than +54000 seconds. Verify that your time and time zone are correct, and that the time source time.windows.com,0x9 (ntp.m|0x9|0.0.0.0:123->65.55.56.206:123) is working properly.
5/10/2013 7:30:54 AM, Error: EventLog [6008]  - The previous system shutdown at 7:19:53 AM on 5/10/2013 was unexpected.
5/10/2013 7:06:39 AM, Error: Microsoft-Windows-Time-Service [34]  - The time service has detected that the system time needs to be  changed by +105714 seconds. The time service will not change the system time by more than +54000 seconds. Verify that your time and time zone are correct, and that the time source time.windows.com,0x9 (ntp.m|0x9|0.0.0.0:123->65.55.21.15:123) is working properly.
5/10/2013 7:04:06 AM, Error: EventLog [6008]  - The previous system shutdown at 6:44:22 AM on 5/10/2013 was unexpected.
5/10/2013 5:13:57 AM, Error: Service Control Manager [7022]  - The Windows Update service hung on starting.
5/10/2013 5:11:18 AM, Error: Service Control Manager [7022]  - The McAfee Network Agent service hung on starting.
5/10/2013 5:08:56 AM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Microsoft .NET Framework NGEN v4.0.30319_X86 service to connect.
5/10/2013 5:06:37 AM, Error: Microsoft-Windows-Time-Service [34]  - The time service has detected that the system time needs to be  changed by +54246 seconds. The time service will not change the system time by more than +54000 seconds. Verify that your time and time zone are correct, and that the time source time.windows.com,0x9 (ntp.m|0x9|0.0.0.0:123->64.4.10.33:123) is working properly.
5/10/2013 5:06:02 AM, Error: EventLog [6008]  - The previous system shutdown at 4:52:31 AM on 5/10/2013 was unexpected.
5/10/2013 4:53:01 AM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SysMain service.
5/10/2013 4:51:31 AM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the TrkWks service.
5/10/2013 3:02:36 AM, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  cdrom spldr Wanarpv6
5/10/2013 3:01:14 AM, Error: EventLog [6008]  - The previous system shutdown at 2:49:42 AM on 5/10/2013 was unexpected.
5/10/2013 11:04:19 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
5/10/2013 10:48:09 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service McNaiAnn with arguments "" in order to run the server: {DC7EF8E1-824F-4110-AB43-1604DA9B4F40}
5/10/2013 10:44:00 AM, Error: EventLog [6008]  - The previous system shutdown at 9:32:25 AM on 5/10/2013 was unexpected.
.
==== End Of File ===========================
 
DDS :
Code: 
DDS (Ver_2012-11-20.01) - NTFS_x86 NETWORK
Internet Explorer: 9.0.8112.16483  BrowserJavaVersion: 10.21.2
Run by cctan at 11:27:01 on 2013-05-11
Microsoft® Windows Vista™ Home Basic   6.0.6002.2.1252.1.1033.18.3054.2604 [GMT 8:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://google.com/
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - 
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: TmIEPlugInBHO Class: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - 
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Evernote extension: {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - c:\program files\evernote\evernote\EvernoteIE.dll
BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - 
BHO: TmBpIeBHO Class: {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - 
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - 
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [Google Update] "c:\users\cctan\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [AdobeBridge] <no file>
mRun: [Windows Defender] c:\program files\windows defender\MSASCui.exe -hide
mRun: [SiSTray] c:\program files\sis vga utilities\SiSTray.exe
mRun: [SMSERIAL] c:\program files\motorola\smserial\sm56hlpr.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [Skytel] Skytel.exe
mRun: [BisonHK] c:\windows\bisoncam\BisonHK.exe
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
mRun: [AdobeCS6ServiceManager] "c:\program files\common files\adobe\cs6servicemanager\CS6ServiceManager.exe" -launchedbylogin
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [RandMAC] c:\users\cctan\downloads\madmacs1.2\madmacs\MadMACs.exe doittoit
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\progra~1\micros~1\windows\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Clip selection - c:\program files\evernote\evernote\\evernoteieres\Clip.html?clipAction=3
IE: Clip this page - c:\program files\evernote\evernote\\evernoteieres\Clip.html?clipAction=1
IE: Clip URL - c:\program files\evernote\evernote\\evernoteieres\Clip.html?clipAction=0
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: New Note - c:\program files\evernote\evernote\\evernoteieres\NewNote.html
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - c:\program files\evernote\evernote\\evernoteieres\AddNote.html
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{7BADFE05-01BA-4017-BA69-B67A95469EC4} : DHCPNameServer = 192.168.42.129
TCP: Interfaces\{8E10885C-0F53-43A3-9A7A-73BB347E8232} : DHCPNameServer = 192.168.1.254
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - 
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - 
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - 
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - 
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - 
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - 
LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\cctan\appdata\roaming\mozilla\firefox\profiles\30yrnkfo.default\
FF - prefs.js: browser.search.defaulturl - 
FF - prefs.js: browser.search.selectedEngine - Amazon.com
FF - prefs.js: browser.startup.homepage - hxxp://search.yahoo.com/search?fr=mcafee&p=
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\foxit software\foxit reader\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\mcafee\siteadvisor\NPMcFFPlg32.dll
FF - plugin: c:\users\cctan\appdata\local\google\update\1.3.21.135\npGoogleUpdate3.dll
FF - plugin: c:\windows\system32\adobe\director\np32dsw_1202122.dll
.
---- FIREFOX POLICIES ----
user_pref('extensions.autoDisableScopes', 0);user_pref('security.csp.enable', false);user_pref('security.OCSP.enabled', 0);
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2012-7-17 565888]
R1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2012-7-17 210608]
R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2012-12-3 169320]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2012-12-3 172416]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2012-12-3 363080]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\drivers\SiSGB6.sys [2012-7-16 46592]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2012-7-31 21504]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\sitead~1\mcsacore.exe --> c:\progra~1\mcafee\sitead~1\mcsacore.exe [?]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2012-12-3 167784]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2012-12-3 167784]
S2 McProxy;McAfee Proxy Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2012-12-3 167784]
S2 McShield;McAfee McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2012-12-3 203840]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2012-12-3 60920]
S3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys [2012-12-3 146872]
S3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2012-12-3 235264]
S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2012-12-3 65928]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2012-12-3 92632]
S3 SiS6350;SiS6350;c:\windows\system32\drivers\SISGRKMD.sys [2012-7-16 458752]
S3 SwitchBoard;Adobe SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2013-05-11 00:30:45    --------    d---a-w-    C:\Windows1
2013-05-11 00:30:40    268435456    --sha-w-    C:\WinPEpge.sys
2013-05-11 00:30:34    --------    d-----w-    C:\$WINDOWS.~LS
2013-05-11 00:30:34    --------    d-----w-    C:\$WINDOWS.~BT
2013-05-10 21:53:42    7016152    ----a-w-    c:\programdata\microsoft\windows defender\definition updates\{21f521ee-035a-43b3-bab3-5863403b6071}\mpengine.dll
2013-05-10 20:47:29    2382848    ----a-w-    c:\windows\system32\mshtml.tlb
2013-05-10 20:46:42    --------    d-----w-    C:\Program Files
2013-05-10 20:33:33    638328    ----a-w-    c:\windows\system32\drivers\dxgkrnl.sys
2013-05-10 20:33:33    37376    ----a-w-    c:\windows\system32\cdd.dll
2013-05-10 20:33:28    2049024    ----a-w-    c:\windows\system32\win32k.sys
2013-05-10 20:11:37    --------    d-sh--w-    C:\$RECYCLE.BIN
2013-05-10 20:04:05    --------    d-----w-    C:\ProgramData
2013-05-01 16:31:35    691592    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2013-05-01 10:24:05    --------    d-----w-    c:\users\cctan\appdata\roaming\Malwarebytes
2013-05-01 10:23:55    --------    d---a-w-    c:\programdata\Malwarebytes
2013-05-01 10:19:23    71048    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2013-04-29 23:15:07    --------    d-----w-    c:\users\cctan\appdata\local\Skillbrains
2013-04-28 23:25:25    --------    d-----w-    c:\users\cctan\.thumbnails
2013-04-28 23:17:03    --------    d-----w-    c:\users\cctan\appdata\local\fontconfig
2013-04-28 23:16:53    --------    d-----w-    c:\users\cctan\.gimp-2.8
2013-04-28 23:16:52    --------    d-----w-    c:\users\cctan\appdata\local\gegl-0.2
2013-04-28 19:01:46    --------    d---a-w-    c:\program files\GIMP 2
2013-04-22 01:24:37    1082232    ----a-w-    c:\windows\system32\drivers\ntfs.sys
2013-04-21 03:07:24    --------    d---a-w-    c:\program files\Skillbrains
2013-04-19 18:38:44    94112    ----a-w-    c:\windows\system32\WindowsAccessBridge.dll
.
==================== Find3M  ====================
.
2013-05-01 18:06:08    238872    ------w-    c:\windows\system32\MpSigStub.exe
2013-04-04 22:11:34    1800704    ----a-w-    c:\windows\system32\jscript9.dll
2013-04-04 22:02:59    1427968    ----a-w-    c:\windows\system32\inetcpl.cpl
2013-04-04 22:02:17    1129472    ----a-w-    c:\windows\system32\wininet.dll
2013-04-04 21:58:51    142848    ----a-w-    c:\windows\system32\ieUnatt.exe
2013-04-04 21:57:45    420864    ----a-w-    c:\windows\system32\vbscript.dll
2013-03-13 23:01:00    861088    ----a-w-    c:\windows\system32\npDeployJava1.dll
2013-03-13 23:01:00    782240    ----a-w-    c:\windows\system32\deployJava1.dll
2013-03-11 13:25:50    3603816    ----a-w-    c:\windows\system32\ntkrnlpa.exe
2013-03-11 13:25:50    3551080    ----a-w-    c:\windows\system32\ntoskrnl.exe
2013-03-09 03:45:04    49152    ----a-w-    c:\windows\system32\csrsrv.dll
2013-03-09 01:28:08    64000    ----a-w-    c:\windows\system32\smss.exe
2013-03-08 03:53:50    376320    ----a-w-    c:\windows\system32\winsrv.dll
2013-03-08 03:52:22    2067968    ----a-w-    c:\windows\system32\mstscax.dll
2013-02-19 06:15:04    60920    ----a-w-    c:\windows\system32\drivers\cfwids.sys
2013-02-19 06:12:24    210608    ----a-w-    c:\windows\system32\drivers\mfewfpk.sys
2013-02-19 06:12:14    172416    ----a-w-    c:\windows\system32\mfevtps.exe
2013-02-19 06:11:02    10088    ----a-w-    c:\windows\system32\drivers\mfeclnk.sys
2013-02-19 06:10:52    92632    ----a-w-    c:\windows\system32\drivers\mferkdet.sys
2013-02-19 06:09:52    565888    ----a-w-    c:\windows\system32\drivers\mfehidk.sys
2013-02-19 06:09:02    363080    ----a-w-    c:\windows\system32\drivers\mfefirek.sys
2013-02-19 06:08:40    65928    ----a-w-    c:\windows\system32\drivers\mfebopk.sys
2013-02-19 06:08:20    235264    ----a-w-    c:\windows\system32\drivers\mfeavfk.sys
2013-02-19 06:07:50    133416    ----a-w-    c:\windows\system32\drivers\mfeapfk.sys
2013-02-12 11:06:52    91264    ----a-w-    c:\windows\system32\EasyHook32.dll
2013-02-12 11:06:52    109696    ----a-w-    c:\windows\system32\EasyHook64.dll
2013-02-12 01:57:27    15872    ----a-w-    c:\windows\system32\drivers\usb8023x.sys
2013-02-12 01:57:27    15872    ----a-w-    c:\windows\system32\drivers\usb8023.sys
.
============= FINISH: 11:29:21.62 ===============
 
Checkup :
Code: 
 Results of screen317's Security Check version 0.99.63   Windows Vista Service Pack 2 x86 (UAC is enabled)  
 Internet Explorer 9  
[b][u]``````````````Antivirus/Firewall Check:``````````````[/b][/u] 
 [color=red][b]Windows Security Center service is not running! This report may not be accurate![/b][/color] 
 Windows Firewall Enabled!  
 [size=1]WMI entry may not exist for antivirus; attempting automatic update.[/size] 
[b][u]`````````Anti-malware/Other Utilities Check:`````````[/b][/u] 
 Java 7 Update 21  
 Java SE Development Kit 7 Update 7 
 Adobe Flash Player 10 [color=red][b]Flash Player out of Date![/b][/color] 
  Adobe Flash Player 	10.3.183.75 [b][color=red]Flash Player out of Date![/color][/b]  
 Adobe Reader 10.1.6 [color=red][b]Adobe Reader out of Date![/b][/color]  
 Mozilla Firefox (21.0) 
 Google Chrome 26.0.1410.43  
 Google Chrome 26.0.1410.64  
 Google Chrome plugins...  
[b][u]````````Process Check: objlist.exe by Laurent````````[/b][/u]  
[b][u]`````````````````System Health check`````````````````[/b][/u] 
 Total Fragmentation on Drive C: 9 % [color=red][b]Defragment your hard drive soon! (Do NOT defrag if SSD!)[/b][/color]
[b][u]````````````````````End of Log``````````````````````[/b][/u]
 
Hi Hugo459440,

Apologies, but I'm short on time today. Please follow the tutorial below to create a Windows Vista Recovery disk. You'll then be able to use this to run Startup Repair and scan for any errors.
Create a Recovery Disc

For info, you should download the 32bit version of recdisk.

------------------------------

If after running startup repair you're still seeing the Installation Disk message at startup, please take a screenshot of the error message and upload it here.
 
I can't overwrite the current recdisc file as I do not have permission. I tried changing permissions but it doesnt work.
Btw, I have an autoexec.bat file and config.sys file in the windows1 folder I created that had my previous User and Program Files. Do you know which folder they belong to so I can put them back into their respective areas?

UPDATE: Move config.sys to system32 file. Managed to delete older recdisc and replace with downloaded one.
Right now there is an error when creating recovery disc. It says : Selected Disc Cannot be used. The disc which you have selected does not contain a valid Windows installation.
The disc I'm using is a valid one. Is there a way to work around it?
 
Is this post still being watched? Cause I haven't gotten a reply for quite some time. Sorry for rushing but my computer is not functioning very well currently.
 
Hi Hugo459440,

Apologies again for the delay - other commitments got in the way this week. I'll watch the thread more carefully from now on.

I've sent you a PM. Once you've created the disk, you should be able to access startup repair. To do this, follow the instructions in the tutorial below:
Startup Repair
 
OMG so sorry Will. Do concentrate on your own commitments first. They are the most important. I'll work on it and hope that I reply with good news :)
 
Will could you give me step by step instructions on how to burn the disc? I have entered the Advanced Boot options but Repair your Computer does not show up. I'm not sure if I'm burning the file correctly
 
Managed to run it perfectly now. It seems to have fixed it but I'm not to sure if all errors are fixed. Any way to check?
 
Hi Hugo459440,

That's great. If the computer is running fine now, we'll just run some quick checks to make sure there is no more malware onboard. Please re-run DDS as instructed here, but make sure to run the tools in Normal Mode.

Are there any other noticeable problems, or does the PC seem fine now?
 
Attach :
Code: 
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft® Windows Vista™ Home Basic 
Boot Device: \Device\HarddiskVolume1
Install Date: 7/15/2012 9:52:30 PM
System Uptime: 5/21/2013 1:21:27 AM (0 hours ago)
.
Motherboard: SiS                              |  | M720SRS                         
Processor: Intel(R) Core(TM)2 Duo CPU     T6400  @ 2.00GHz | uPGA 479M | 1999/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 298 GiB total, 194.508 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft Tun Miniport Adapter
Device ID: ROOT\*TUNMP\0001
Manufacturer: Microsoft
Name: Teredo Tunneling Pseudo-Interface
PNP Device ID: ROOT\*TUNMP\0001
Service: tunmp
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Download Assistant
Adobe Flash Player 10 Plugin
Adobe Flash Player 11 ActiveX
Adobe Flash Professional CS6
Adobe Help Manager
Adobe Reader X (10.1.7)
Adobe Shockwave Player 12.0
Apple Application Support
Apple Mobile Device Support
Apple Software Update
BisonCam
Bonjour
Combined Community Codec Pack 2011-11-11
Compatibility Pack for the 2007 Office system
Documents To Go Desktop for iOS
Evernote v. 4.6.3
Foxit Reader
GIMP 2.8.4
GOM Player
Google Chrome
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
ImgBurn
iTunes
Java 7 Update 21
Java Auto Updater
Java SE Development Kit 7 Update 7
lightshot-3.4.0.75
McAfee SecurityCenter
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Automated Troubleshooting Services Shim
Microsoft Office XP Media Content
Microsoft Office XP Professional
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft_VC80_CRT_x86
Microsoft_VC90_CRT_x86
Motorola SM56 Data Fax Modem
Mozilla Firefox 21.0 (x86 en-US)
Mozilla Maintenance Service
PDF Settings CS6
QuickTime
Realtek High Definition Audio Driver
REALTEK RTL8187B Wireless LAN Driver
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Shared C Run-time for x86
SiS VGA Utilities
swMSM
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
WinRAR 4.20 (32-bit)
.
==== Event Viewer Messages From Past Week ========
.
5/21/2013 12:17:16 AM, Error: EventLog [6008]  - The previous system shutdown at 12:07:36 AM on 5/21/2013 was unexpected.
5/21/2013 12:05:24 AM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SysMain service.
5/21/2013 12:04:54 AM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the TrkWks service.
5/21/2013 1:23:29 AM, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  spldr Wanarpv6
5/21/2013 1:23:29 AM, Error: Service Control Manager [7001]  - The Computer Browser service depends on the Server service which failed to start because of the following error:  The dependency service or group failed to start.
5/21/2013 1:22:36 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
5/21/2013 1:22:25 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
5/21/2013 1:22:23 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
5/21/2013 1:22:14 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
5/21/2013 1:21:55 AM, Error: EventLog [6008]  - The previous system shutdown at 1:20:55 AM on 5/21/2013 was unexpected.
5/21/2013 1:10:44 AM, Error: Service Control Manager [7000]  - The Parallel port driver service failed to start due to the following error:  The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
5/21/2013 1:10:44 AM, Error: Service Control Manager [7000]  - The McAfee SiteAdvisor Service service failed to start due to the following error:  Access is denied.
5/21/2013 1:09:08 AM, Error: EventLog [6008]  - The previous system shutdown at 12:34:06 AM on 5/21/2013 was unexpected.
5/20/2013 9:19:05 PM, Error: Service Control Manager [7043]  - The Windows Update service did not shut down properly after receiving a preshutdown control.
5/20/2013 9:18:32 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WSearch service.
5/20/2013 9:10:38 PM, Error: EventLog [6008]  - The previous system shutdown at 8:37:16 PM on 5/20/2013 was unexpected.
5/20/2013 9:09:58 PM, Error: netbt [4300]  - The driver could not be created.
5/20/2013 8:24:28 AM, Error: EventLog [6008]  - The previous system shutdown at 8:00:47 AM on 5/20/2013 was unexpected.
5/20/2013 8:04:14 PM, Error: EventLog [6008]  - The previous system shutdown at 7:35:10 PM on 5/20/2013 was unexpected.
5/20/2013 7:23:17 PM, Error: EventLog [6008]  - The previous system shutdown at 7:19:05 PM on 5/20/2013 was unexpected.
5/20/2013 5:49:18 PM, Error: EventLog [6008]  - The previous system shutdown at 5:22:58 PM on 5/20/2013 was unexpected.
5/20/2013 5:00:07 PM, Error: EventLog [6008]  - The previous system shutdown at 4:58:25 PM on 5/20/2013 was unexpected.
5/20/2013 4:47:32 PM, Error: EventLog [6008]  - The previous system shutdown at 4:46:21 PM on 5/20/2013 was unexpected.
5/20/2013 4:40:29 PM, Error: EventLog [6008]  - The previous system shutdown at 4:29:32 PM on 5/20/2013 was unexpected.
5/20/2013 11:53:04 AM, Error: EventLog [6008]  - The previous system shutdown at 11:51:09 AM on 5/20/2013 was unexpected.
5/20/2013 11:39:18 AM, Error: EventLog [6008]  - The previous system shutdown at 11:17:21 AM on 5/20/2013 was unexpected.
5/20/2013 1:46:26 PM, Error: EventLog [6008]  - The previous system shutdown at 1:31:55 PM on 5/20/2013 was unexpected.
5/19/2013 7:01:22 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
5/19/2013 6:41:07 PM, Error: EventLog [6008]  - The previous system shutdown at 6:39:02 PM on 5/19/2013 was unexpected.
5/19/2013 6:35:09 PM, Error: EventLog [6008]  - The previous system shutdown at 6:32:35 PM on 5/19/2013 was unexpected.
5/19/2013 6:27:43 PM, Error: EventLog [6008]  - The previous system shutdown at 6:05:59 PM on 5/19/2013 was unexpected.
5/19/2013 10:48:38 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
5/19/2013 10:48:38 PM, Error: Service Control Manager [7000]  - The Windows Search service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
5/19/2013 10:48:38 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
5/19/2013 10:35:29 PM, Error: EventLog [6008]  - The previous system shutdown at 10:34:27 PM on 5/19/2013 was unexpected.
5/19/2013 10:27:04 PM, Error: EventLog [6008]  - The previous system shutdown at 10:25:39 PM on 5/19/2013 was unexpected.
.
==== End Of File ===========================
 
DDS:
Code: 
DDS (Ver_2012-11-20.01) - NTFS_x86 NETWORK
Internet Explorer: 9.0.8112.16483  BrowserJavaVersion: 10.21.2
Run by cctan at 1:23:01 on 2013-05-21
Microsoft® Windows Vista™ Home Basic   6.0.6002.2.1252.1.1033.18.3054.2619 [GMT 8:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://google.com/
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - 
BHO: TmIEPlugInBHO Class: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - 
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Evernote extension: {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - c:\program files\evernote\evernote\EvernoteIE.dll
BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - 
BHO: TmBpIeBHO Class: {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - 
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - 
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [Google Update] "c:\users\cctan\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [AdobeBridge] <no file>
mRun: [Windows Defender] c:\program files\windows defender\MSASCui.exe -hide
mRun: [SiSTray] c:\program files\sis vga utilities\SiSTray.exe
mRun: [SMSERIAL] c:\program files\motorola\smserial\sm56hlpr.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [BisonHK] c:\windows\bisoncam\BisonHK.exe
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
mRun: [AdobeCS6ServiceManager] "c:\program files\common files\adobe\cs6servicemanager\CS6ServiceManager.exe" -launchedbylogin
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [RandMAC] c:\users\cctan\downloads\madmacs1.2\madmacs\MadMACs.exe doittoit
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\progra~1\micros~1\windows\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Clip selection - c:\program files\evernote\evernote\\evernoteieres\Clip.html?clipAction=3
IE: Clip this page - c:\program files\evernote\evernote\\evernoteieres\Clip.html?clipAction=1
IE: Clip URL - c:\program files\evernote\evernote\\evernoteieres\Clip.html?clipAction=0
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: New Note - c:\program files\evernote\evernote\\evernoteieres\NewNote.html
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - c:\program files\evernote\evernote\\evernoteieres\AddNote.html
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{7BADFE05-01BA-4017-BA69-B67A95469EC4} : DHCPNameServer = 192.168.42.129
TCP: Interfaces\{8E10885C-0F53-43A3-9A7A-73BB347E8232} : DHCPNameServer = 192.168.1.254
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - 
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - 
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - 
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - 
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - 
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - 
LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\cctan\appdata\roaming\mozilla\firefox\profiles\30yrnkfo.default\
FF - prefs.js: browser.search.defaulturl - 
FF - prefs.js: browser.search.selectedEngine - Amazon.com
FF - prefs.js: browser.startup.homepage - hxxp://search.yahoo.com/search?fr=mcafee&p=
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\foxit software\foxit reader\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\mcafee\siteadvisor\NPMcFFPlg32.dll
FF - plugin: c:\users\cctan\appdata\local\google\update\1.3.21.145\npGoogleUpdate3.dll
FF - plugin: c:\windows\system32\adobe\director\np32dsw_1202122.dll
.
---- FIREFOX POLICIES ----
user_pref('extensions.autoDisableScopes', 0);user_pref('security.csp.enable', false);user_pref('security.OCSP.enabled', 0);
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2012-7-17 565888]
R1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2012-7-17 210608]
R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2012-12-3 169320]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2012-12-3 172416]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2012-12-3 363080]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\drivers\SiSGB6.sys [2012-7-16 46592]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2012-7-31 21504]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\sitead~1\mcsacore.exe --> c:\progra~1\mcafee\sitead~1\mcsacore.exe [?]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2012-12-3 167784]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2012-12-3 167784]
S2 McProxy;McAfee Proxy Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2012-12-3 167784]
S2 McShield;McAfee McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2012-12-3 203840]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2012-12-3 60920]
S3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys [2012-12-3 146872]
S3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2012-12-3 235264]
S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2012-12-3 65928]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2012-12-3 92632]
S3 SiS6350;SiS6350;c:\windows\system32\drivers\SISGRKMD.sys [2012-7-16 458752]
S3 SwitchBoard;Adobe SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2013-05-11 05:20:13	7016152	----a-w-	c:\programdata\microsoft\windows defender\definition updates\{307707a7-8906-424d-a257-07b3c12f0fe0}\mpengine.dll
2013-05-11 00:30:45	--------	d---a-w-	C:\Windows1
2013-05-11 00:30:40	268435456	--sha-w-	C:\WinPEpge.sys
2013-05-11 00:30:34	--------	d-----w-	C:\$WINDOWS.~LS
2013-05-11 00:30:34	--------	d-----w-	C:\$WINDOWS.~BT
2013-05-10 20:47:29	2382848	----a-w-	c:\windows\system32\mshtml.tlb
2013-05-10 20:46:42	--------	d-----w-	C:\Program Files
2013-05-10 20:33:33	638328	----a-w-	c:\windows\system32\drivers\dxgkrnl.sys
2013-05-10 20:33:33	37376	----a-w-	c:\windows\system32\cdd.dll
2013-05-10 20:33:28	2049024	----a-w-	c:\windows\system32\win32k.sys
2013-05-10 20:11:37	--------	d-sh--w-	C:\$RECYCLE.BIN
2013-05-10 20:04:05	--------	d-----w-	C:\ProgramData
2013-05-10 07:57:26	187456	----a-w-	c:\program files\mozilla firefox\plugins\nppdf32.dll
2013-05-10 07:57:26	187456	----a-w-	c:\program files\internet explorer\plugins\nppdf32.dll
2013-05-01 16:31:35	692104	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2013-05-01 10:24:05	--------	d-----w-	c:\users\cctan\appdata\roaming\Malwarebytes
2013-05-01 10:23:55	--------	d---a-w-	c:\programdata\Malwarebytes
2013-05-01 10:19:23	71048	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2013-04-29 23:15:07	--------	d-----w-	c:\users\cctan\appdata\local\Skillbrains
2013-04-28 23:25:25	--------	d-----w-	c:\users\cctan\.thumbnails
2013-04-28 23:17:03	--------	d-----w-	c:\users\cctan\appdata\local\fontconfig
2013-04-28 23:16:53	--------	d-----w-	c:\users\cctan\.gimp-2.8
2013-04-28 23:16:52	--------	d-----w-	c:\users\cctan\appdata\local\gegl-0.2
2013-04-28 19:01:46	--------	d---a-w-	c:\program files\GIMP 2
2013-04-22 01:24:37	1082232	----a-w-	c:\windows\system32\drivers\ntfs.sys
2013-04-21 03:07:24	--------	d---a-w-	c:\program files\Skillbrains
.
==================== Find3M  ====================
.
2013-05-01 18:06:08	238872	------w-	c:\windows\system32\MpSigStub.exe
2013-04-04 22:11:34	1800704	----a-w-	c:\windows\system32\jscript9.dll
2013-04-04 22:02:59	1427968	----a-w-	c:\windows\system32\inetcpl.cpl
2013-04-04 22:02:17	1129472	----a-w-	c:\windows\system32\wininet.dll
2013-04-04 21:58:51	142848	----a-w-	c:\windows\system32\ieUnatt.exe
2013-04-04 21:57:45	420864	----a-w-	c:\windows\system32\vbscript.dll
2013-04-03 21:35:08	94112	----a-w-	c:\windows\system32\WindowsAccessBridge.dll
2013-03-13 23:01:00	861088	----a-w-	c:\windows\system32\npDeployJava1.dll
2013-03-13 23:01:00	782240	----a-w-	c:\windows\system32\deployJava1.dll
2013-03-11 13:25:50	3603816	----a-w-	c:\windows\system32\ntkrnlpa.exe
2013-03-11 13:25:50	3551080	----a-w-	c:\windows\system32\ntoskrnl.exe
2013-03-09 03:45:04	49152	----a-w-	c:\windows\system32\csrsrv.dll
2013-03-09 01:28:08	64000	----a-w-	c:\windows\system32\smss.exe
2013-03-08 03:53:50	376320	----a-w-	c:\windows\system32\winsrv.dll
2013-03-08 03:52:22	2067968	----a-w-	c:\windows\system32\mstscax.dll
.
============= FINISH:  1:25:14.58 ===============
 
Back
Top