TechSpot

Operating system not found

Inactive
By silversufer
Dec 10, 2012
  1. Hi, I had a similar problem happen about 6 weeks ago, in which my laptop froze and then crashed. I booted into safe mode and tried 'repair this computer', it didn't work. I then attempeted to restore it, but, the operating system can not be found.

    Any help would be much appreciated,
    Thanks Greg


    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 21-10-2012 (ATTENTION: FRST version is 47 days old)
    Ran by SYSTEM at 07-12-2012 16:54:10
    Running from G:\
    Windows 7 Home Premium (X64) OS Language: English(US)
    The current controlset is ControlSet004
    ==================== Registry (Whitelisted) ===================
    HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [10060320 2010-02-09] (Realtek Semiconductor)
    HKLM\...\Run: [Apoint] %ProgramFiles%\Apoint\Apoint.exe [x]
    HKLM\...\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup [16397416 2010-01-11] (NVIDIA Corporation)
    HKLM-x32\...\Run: [SmartWiHelper] "C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWiHelper.exe" /WindowsStartup [80384 2009-10-05] (Sony Electronics Corporation)
    HKLM-x32\...\Run: [ISBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe" [320880 2009-08-26] (Sony Corporation)
    HKLM-x32\...\Run: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe [597792 2009-10-24] (Sony Corporation)
    HKLM-x32\...\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-03] (Intel Corporation)
    HKLM-x32\...\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [30040 2009-02-26] (Microsoft Corporation)
    HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [38872 2012-07-31] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [919008 2012-07-11] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [avast] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui [4282728 2012-08-21] (AVAST Software)
    HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [249064 2010-10-29] (Sun Microsystems, Inc.)
    HKU\greg\...\Run: [AdobeBridge] [x]
    HKU\greg\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2009-12-10] (Google Inc.)
    HKU\greg\...\Run: [gStart] C:\Program Files (x86)\Garmin\gStart.exe [x]
    HKU\Work\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2009-12-10] (Google Inc.)
    Tcpip\Parameters: [DhcpNameServer] 8.8.8.8 8.8.4.4
    ==================== Services (Whitelisted) ===================
    3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
    2 avast! Antivirus; "C:\Program Files\Alwil Software\Avast5\AvastSvc.exe" [44808 2012-08-21] (AVAST Software)
    3 Roxio UPnP Renderer 10; "C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe" [313840 2009-08-31] (Sonic Solutions)
    2 Roxio Upnp Server 10; "C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe" [362992 2009-08-31] (Sonic Solutions)
    2 SampleCollector; "C:\Program Files\Sony\VAIO Care\VCPerfService.exe" "/service" "/sstates" "/sampleinterval=5000" "/procinterval=5" "/dllinterval=120" "/counter=\Processor(_Total)\% Processor Time:1/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:1" "/counter=\Network Interface(*)\Bytes Total/sec:1" "/expandcounter=\Processor Information(*)\Processor Frequency:1" "/expandcounter=\Processor(*)\% Idle Time:1" "/expandcounter=\Processor(*)\% C1 Time:1" "/expandcounter=\Processor(*)\% C2 Time:1" "/expandcounter=\Processor(*)\% C3 Time:1" "/expandcounter=\Processor(*)\% Processor Time:1" "/directory=inteldata" [257936 2010-08-12] (Sony Corporation)
    3 SOHDBSvr; "C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe" [70952 2009-10-15] (Sony Corporation)
    3 SOHPlMgr; "C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe" [91432 2009-10-15] (Sony Corporation)
    2 uCamMonitor; C:\Program Files (x86)\ArcSoft\Magic-I Visual Effects 2\uCamMonitor.exe [104960 2008-09-18] (ArcSoft, Inc.)
    3 VAIO Entertainment TV Device Arbitration Service; "C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe" [69632 2009-09-14] (Sony Corporation)
    2 VzCdbSvc; "C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe" [206336 2009-09-14] (Sony Corporation)
    3 wampmysqld; C:\wamp\bin\mysql\mysql5.5.24\bin\mysqld.exe wampmysqld [9693696 2012-04-19] ()
    4 avast! Firewall; "C:\Program Files\Alwil Software\Avast5\afwServ.exe" [x]
    2 MySQL; "C:\xampp\mysql\bin\mysqld.exe" --defaults-file="C:\xampp\mysql\bin\my.ini" MySQL [x]
    3 rpcapd; "C:\Program Files (x86)\WinPcap\rpcapd.exe" -d -f "C:\Program Files (x86)\WinPcap\rpcapd.ini" [x]
    ==================== Drivers (Whitelisted) =====================
    3 ArcSoftKsUFilter; C:\Windows\System32\Drivers\ArcSoftKsUFilter.sys [19968 2009-05-26] (ArcSoft, Inc.)
    2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [25232 2012-08-21] (AVAST Software)
    1 aswKbd; C:\Windows\System32\Drivers\aswKbd.sys [28504 2012-03-06] (AVAST Software)
    2 aswMonFlt; C:\Windows\System32\Drivers\aswMonFlt.sys [71600 2012-08-21] (AVAST Software)
    1 aswRdr; C:\Windows\System32\Drivers\aswRdr.sys [42328 2011-11-28] (AVAST Software)
    1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [969200 2012-08-21] (AVAST Software)
    1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [359464 2012-08-21] (AVAST Software)
    1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [59728 2012-08-21] (AVAST Software)
    2 MySQL4; "C:\Program Files\MySQL\MySQL Server 5.5\bin\mysqld" --defaults-file="C:\Program Files\MySQL\MySQL Server 5.5\my.ini" MySQL4 [8919 2012-05-28] ()
    3 NPF; C:\Windows\System32\Drivers\NPF.sys [35344 2010-06-25] (CACE Technologies, Inc.)
    3 qcusbser; C:\Windows\System32\Drivers\qcusbser.sys [120960 2009-08-14] (QUALCOMM Incorporated)
    2 regi; C:\Windows\SysWow64\Drivers\regi.sys [11032 2007-04-17] (InterVideo)
    4 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2010-03-29] (Duplex Secure Ltd.)
    3 TVICHW64; C:\Windows\System32\Drivers\TVICHW64.sys [21200 2010-07-01] (EnTech Taiwan)
    3 usbbus; C:\Windows\System32\DRIVERS\lgx64bus.sys [17920 2008-11-11] (LG Electronics Inc.)
    3 USBModem; C:\Windows\System32\DRIVERS\lgx64modem.sys [33792 2008-11-11] (LG Electronics Inc.)
    3 Lavasoft Kernexplorer; \??\C:\Program Files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [x]
    0 Lbd; C:\Windows\System32\DRIVERS\Lbd.sys [x]
    2 MSSQL$DDNI; [x]
    2 Oasis2Service; [x]
    ==================== NetSvcs (Whitelisted) ====================

    ==================== One Month Created Files and Folders ========
    2012-11-16 16:49 - 2012-10-09 13:17 - 00226816 ____A (Microsoft Corporation) C:\Windows\System32\dhcpcore6.dll
    2012-11-16 16:49 - 2012-10-09 13:17 - 00055296 ____A (Microsoft Corporation) C:\Windows\System32\dhcpcsvc6.dll
    2012-11-16 16:49 - 2012-10-09 12:40 - 00193536 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcore6.dll
    2012-11-16 16:49 - 2012-10-09 12:40 - 00044032 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcsvc6.dll
    2012-11-16 16:48 - 2012-10-18 13:25 - 03149824 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
    2012-11-16 16:41 - 2012-06-02 09:35 - 00000003 ____A C:\Windows\System32\Drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
    2012-11-16 16:40 - 2012-07-25 23:55 - 00785512 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\Wdf01000.sys
    2012-11-16 16:40 - 2012-07-25 23:55 - 00054376 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\WdfLdr.sys
    2012-11-16 16:40 - 2012-07-25 21:36 - 00009728 ____A (Microsoft Corporation) C:\Windows\System32\Wdfres.dll
    2012-11-16 16:39 - 2012-10-03 12:56 - 01914248 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
    2012-11-16 16:39 - 2012-10-03 12:44 - 00303104 ____A (Microsoft Corporation) C:\Windows\System32\nlasvc.dll
    2012-11-16 16:39 - 2012-10-03 12:44 - 00246272 ____A (Microsoft Corporation) C:\Windows\System32\netcorehc.dll
    2012-11-16 16:39 - 2012-10-03 12:44 - 00216576 ____A (Microsoft Corporation) C:\Windows\System32\ncsi.dll
    2012-11-16 16:39 - 2012-10-03 12:44 - 00070656 ____A (Microsoft Corporation) C:\Windows\System32\nlaapi.dll
    2012-11-16 16:39 - 2012-10-03 12:44 - 00018944 ____A (Microsoft Corporation) C:\Windows\System32\netevent.dll
    2012-11-16 16:39 - 2012-10-03 12:42 - 00569344 ____A (Microsoft Corporation) C:\Windows\System32\iphlpsvc.dll
    2012-11-16 16:39 - 2012-10-03 11:42 - 00175104 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netcorehc.dll
    2012-11-16 16:39 - 2012-10-03 11:42 - 00156672 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
    2012-11-16 16:39 - 2012-10-03 11:42 - 00018944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netevent.dll
    2012-11-16 16:39 - 2012-10-03 11:07 - 00045568 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpipreg.sys
    2012-11-16 16:39 - 2012-01-13 02:12 - 00052224 ____A (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
    2012-11-16 16:29 - 2012-10-08 06:31 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
    2012-11-16 16:29 - 2012-10-08 06:24 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
    2012-11-16 16:29 - 2012-10-08 06:23 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
    2012-11-16 16:29 - 2012-10-08 06:22 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
    2012-11-16 16:29 - 2012-10-08 06:22 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
    2012-11-16 16:29 - 2012-10-08 06:20 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
    2012-11-16 16:29 - 2012-10-08 06:18 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
    2012-11-16 16:29 - 2012-10-08 06:17 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
    2012-11-16 16:29 - 2012-10-08 06:17 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
    2012-11-16 16:29 - 2012-10-08 06:15 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
    2012-11-16 16:29 - 2012-10-08 06:13 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
    2012-11-16 16:29 - 2012-10-08 06:13 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
    2012-11-16 16:29 - 2012-10-08 06:09 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
    2012-11-16 16:29 - 2012-10-08 02:56 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2012-11-16 16:29 - 2012-10-08 02:48 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2012-11-16 16:29 - 2012-10-08 02:48 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2012-11-16 16:29 - 2012-10-08 02:47 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2012-11-16 16:29 - 2012-10-08 02:46 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
    2012-11-16 16:29 - 2012-10-08 02:44 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2012-11-16 16:29 - 2012-10-08 02:43 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2012-11-16 16:29 - 2012-10-08 02:43 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
    2012-11-16 16:29 - 2012-10-08 02:42 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2012-11-16 16:29 - 2012-10-08 02:41 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2012-11-16 16:29 - 2012-10-08 02:40 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2012-11-16 16:29 - 2012-10-08 02:37 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2012-11-16 16:28 - 2012-10-08 07:19 - 17811968 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
    2012-11-16 16:28 - 2012-10-08 06:42 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
    2012-11-16 16:28 - 2012-10-08 06:15 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
    2012-11-16 16:28 - 2012-10-08 03:28 - 12320768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2012-11-16 16:28 - 2012-10-08 03:02 - 09738240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2012-11-16 16:28 - 2012-10-08 02:45 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2012-11-16 16:28 - 2012-10-08 02:41 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2012-11-16 16:21 - 2012-09-25 17:47 - 00078336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\synceng.dll
    2012-11-16 16:21 - 2012-09-25 17:46 - 00095744 ____A (Microsoft Corporation) C:\Windows\System32\synceng.dll
    2012-11-16 16:21 - 2012-07-25 22:08 - 00744448 ____A (Microsoft Corporation) C:\Windows\System32\WUDFx.dll
    2012-11-16 16:21 - 2012-07-25 22:08 - 00229888 ____A (Microsoft Corporation) C:\Windows\System32\WUDFHost.exe
    2012-11-16 16:21 - 2012-07-25 22:08 - 00194048 ____A (Microsoft Corporation) C:\Windows\System32\WUDFPlatform.dll
    2012-11-16 16:21 - 2012-07-25 22:08 - 00084992 ____A (Microsoft Corporation) C:\Windows\System32\WUDFSvc.dll
    2012-11-16 16:21 - 2012-07-25 22:08 - 00045056 ____A (Microsoft Corporation) C:\Windows\System32\WUDFCoinstaller.dll
    2012-11-16 16:21 - 2012-07-25 21:26 - 00198656 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\WUDFRd.sys
    2012-11-16 16:21 - 2012-07-25 21:26 - 00087040 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\WUDFPf.sys
    2012-11-16 16:21 - 2012-06-02 09:57 - 00000003 ____A C:\Windows\System32\Drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
    2012-11-16 16:13 - 2012-11-16 16:13 - 00290296 ____A C:\Windows\Minidump\111612-24304-01.dmp
    ==================== 3 Months Modified Files ==================
    2012-12-07 17:44 - 2011-01-04 15:38 - 00039658 ____A C:\Windows\setupact.log
    2012-12-07 17:44 - 2009-07-14 00:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
    2012-12-07 17:08 - 2009-12-26 06:55 - 01836488 ____A C:\Windows\WindowsUpdate.log
    2012-12-07 17:03 - 2009-12-10 05:37 - 00000912 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2012-12-07 17:02 - 2012-04-19 09:13 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
    2012-12-06 18:27 - 2009-07-13 23:45 - 00010096 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2012-12-06 18:27 - 2009-07-13 23:45 - 00010096 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2012-11-27 18:57 - 2010-03-21 17:10 - 00022220 ____A C:\test.xml
    2012-11-21 20:14 - 2009-07-14 00:13 - 00789810 ____A C:\Windows\System32\PerfStringBackup.INI
    2012-11-19 17:49 - 2009-07-14 00:08 - 00032570 ____A C:\Windows\Tasks\SCHEDLGU.TXT
    2012-11-16 17:20 - 2010-03-04 02:08 - 00130560 ____A C:\Users\greg\AppData\Local\GDIPFONTCACHEV1.DAT
    2012-11-16 17:19 - 2009-07-13 23:45 - 05037616 ____A C:\Windows\System32\FNTCACHE.DAT
    2012-11-16 16:23 - 2010-03-04 12:42 - 66395536 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
    2012-11-16 16:20 - 2009-07-13 21:34 - 00000478 ____A C:\Windows\win.ini
    2012-11-16 16:13 - 2012-11-16 16:13 - 00290296 ____A C:\Windows\Minidump\111612-24304-01.dmp
    2012-11-16 16:13 - 2011-01-04 15:37 - 505973468 ____A C:\Windows\MEMORY.DMP
    2012-11-01 16:29 - 2011-02-02 03:30 - 00000000 ____A C:\Windows\Model.log
    2012-11-01 16:29 - 2010-03-04 13:10 - 00000021 ____A C:\Windows\Model.txt
    2012-10-30 19:33 - 2012-10-30 19:33 - 00290264 ____A C:\Windows\Minidump\103012-36239-01.dmp
    2012-10-30 19:33 - 2011-01-04 15:37 - 00225928 ____A C:\Windows\PFRO.log
    2012-10-26 03:19 - 2012-10-26 03:19 - 00000000 ____A C:\Windows\SysWOW64\REN3472.tmp
    2012-10-26 03:19 - 2012-10-26 03:19 - 00000000 ____A C:\Windows\SysWOW64\REN3471.tmp
    2012-10-26 03:19 - 2012-10-26 03:18 - 00006700 ____A C:\Windows\SysWOW64\jupdate-1.7.0_09-b05.log
    2012-10-26 03:17 - 2012-10-26 03:17 - 00895464 ____A (Oracle Corporation) C:\Users\greg\Downloads\jxpiinstall.exe
    2012-10-18 13:25 - 2012-11-16 16:48 - 03149824 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
    2012-10-13 15:51 - 2009-07-13 23:45 - 00012288 _____ C:\Windows\System32\umstartup.etl
    2012-10-12 17:50 - 2012-04-19 09:13 - 00696760 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2012-10-12 17:50 - 2011-05-25 15:40 - 00073656 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2012-10-12 16:02 - 2009-07-13 23:45 - 00024576 ____A C:\Windows\System32\umstartup000.etl
    2012-10-12 15:44 - 2012-06-20 14:46 - 00001933 ____A C:\Users\Public\Desktop\avast! Free Antivirus.lnk
    2012-10-12 15:44 - 2010-04-07 00:44 - 00000000 ____A C:\Windows\SysWOW64\config.nt
    2012-10-09 13:17 - 2012-11-16 16:49 - 00226816 ____A (Microsoft Corporation) C:\Windows\System32\dhcpcore6.dll
    2012-10-09 13:17 - 2012-11-16 16:49 - 00055296 ____A (Microsoft Corporation) C:\Windows\System32\dhcpcsvc6.dll
    2012-10-09 12:40 - 2012-11-16 16:49 - 00193536 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcore6.dll
    2012-10-09 12:40 - 2012-11-16 16:49 - 00044032 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcsvc6.dll
    2012-10-08 07:19 - 2012-11-16 16:28 - 17811968 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
    2012-10-08 06:42 - 2012-11-16 16:28 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
    2012-10-08 06:31 - 2012-11-16 16:29 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
    2012-10-08 06:24 - 2012-11-16 16:29 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
    2012-10-08 06:23 - 2012-11-16 16:29 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
    2012-10-08 06:22 - 2012-11-16 16:29 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
    2012-10-08 06:22 - 2012-11-16 16:29 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
    2012-10-08 06:20 - 2012-11-16 16:29 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
    2012-10-08 06:18 - 2012-11-16 16:29 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
    2012-10-08 06:17 - 2012-11-16 16:29 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
    2012-10-08 06:17 - 2012-11-16 16:29 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
    2012-10-08 06:15 - 2012-11-16 16:29 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
    2012-10-08 06:15 - 2012-11-16 16:28 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
    2012-10-08 06:13 - 2012-11-16 16:29 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
    2012-10-08 06:13 - 2012-11-16 16:29 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
    2012-10-08 06:09 - 2012-11-16 16:29 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
    2012-10-08 03:28 - 2012-11-16 16:28 - 12320768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2012-10-08 03:02 - 2012-11-16 16:28 - 09738240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2012-10-08 02:56 - 2012-11-16 16:29 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2012-10-08 02:48 - 2012-11-16 16:29 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2012-10-08 02:48 - 2012-11-16 16:29 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2012-10-08 02:47 - 2012-11-16 16:29 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2012-10-08 02:46 - 2012-11-16 16:29 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
    2012-10-08 02:45 - 2012-11-16 16:28 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2012-10-08 02:44 - 2012-11-16 16:29 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2012-10-08 02:43 - 2012-11-16 16:29 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2012-10-08 02:43 - 2012-11-16 16:29 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
    2012-10-08 02:42 - 2012-11-16 16:29 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2012-10-08 02:41 - 2012-11-16 16:29 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2012-10-08 02:41 - 2012-11-16 16:28 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2012-10-08 02:40 - 2012-11-16 16:29 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2012-10-08 02:37 - 2012-11-16 16:29 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2012-10-03 12:56 - 2012-11-16 16:39 - 01914248 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
    2012-10-03 12:44 - 2012-11-16 16:39 - 00303104 ____A (Microsoft Corporation) C:\Windows\System32\nlasvc.dll
    2012-10-03 12:44 - 2012-11-16 16:39 - 00246272 ____A (Microsoft Corporation) C:\Windows\System32\netcorehc.dll
    2012-10-03 12:44 - 2012-11-16 16:39 - 00216576 ____A (Microsoft Corporation) C:\Windows\System32\ncsi.dll
    2012-10-03 12:44 - 2012-11-16 16:39 - 00070656 ____A (Microsoft Corporation) C:\Windows\System32\nlaapi.dll
    2012-10-03 12:44 - 2012-11-16 16:39 - 00018944 ____A (Microsoft Corporation) C:\Windows\System32\netevent.dll
    2012-10-03 12:42 - 2012-11-16 16:39 - 00569344 ____A (Microsoft Corporation) C:\Windows\System32\iphlpsvc.dll
    2012-10-03 11:42 - 2012-11-16 16:39 - 00175104 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netcorehc.dll
    2012-10-03 11:42 - 2012-11-16 16:39 - 00156672 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
    2012-10-03 11:42 - 2012-11-16 16:39 - 00018944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netevent.dll
    2012-10-03 11:07 - 2012-11-16 16:39 - 00045568 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpipreg.sys
    2012-09-25 17:47 - 2012-11-16 16:21 - 00078336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\synceng.dll
    2012-09-25 17:46 - 2012-11-16 16:21 - 00095744 ____A (Microsoft Corporation) C:\Windows\System32\synceng.dll
    2012-09-25 15:03 - 2012-09-25 15:03 - 00001823 ____A C:\Users\Work\Desktop\Cain.lnk
    2012-09-25 15:03 - 2012-09-25 15:03 - 00001823 ____A C:\Users\greg\Desktop\Cain.lnk
    2012-09-25 15:02 - 2012-09-25 15:00 - 07992528 ____A C:\Users\greg\Downloads\ca_setup.exe
    2012-09-24 18:19 - 2012-09-24 18:19 - 00011612 ____A C:\Users\greg\Downloads\hash (1)
    2012-09-24 18:19 - 2012-09-24 18:19 - 00011612 ____A C:\Users\greg\Downloads\hash
    2012-09-14 16:19 - 2012-09-14 15:49 - 17790056 ____A (Mozilla) C:\Users\greg\Downloads\Firefox Setup 15.0.1.exe
    2012-09-14 15:43 - 2012-09-14 15:12 - 00014293 ____A C:\Users\greg\Documents\index.html
    2012-09-12 15:30 - 2012-09-12 15:30 - 00002515 ____A C:\Users\Public\Desktop\Skype.lnk
    2012-09-11 15:34 - 2012-01-12 18:16 - 00002014 ____A C:\Users\Public\Desktop\Adobe Reader 9.lnk

    ==================== Known DLLs (Whitelisted) =================

    ==================== Bamital & volsnap Check =================
    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\SysWOW64\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe => MD5 is legit
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
    ==================== EXE ASSOCIATION =====================
    HKLM\...\.exe: exefile => OK
    HKLM\...\exefile\DefaultIcon: %1 => OK
    HKLM\...\exefile\open\command: "%1" %* => OK
    ==================== Restore Points =========================
    Restore point made on: 2012-11-06 17:42:20
    Restore point made on: 2012-11-09 17:45:29
    Restore point made on: 2012-11-15 17:48:42
    Restore point made on: 2012-11-16 16:19:43
    Restore point made on: 2012-11-16 19:13:18
    Restore point made on: 2012-11-20 05:01:05
    Restore point made on: 2012-11-20 20:07:03
    Restore point made on: 2012-11-21 22:16:55
    Restore point made on: 2012-11-26 16:55:54
    Restore point made on: 2012-11-27 17:56:16
    Restore point made on: 2012-11-27 20:13:56
    Restore point made on: 2012-11-28 18:26:43
    Restore point made on: 2012-11-29 19:56:13
    Restore point made on: 2012-11-30 20:30:53
    Restore point made on: 2012-12-03 20:53:22
    Restore point made on: 2012-12-04 20:53:24
    Restore point made on: 2012-12-05 20:05:45
    ==================== Memory info ===========================
    Percentage of memory in use: 16%
    Total physical RAM: 4078.07 MB
    Available physical RAM: 3401.42 MB
    Total Pagefile: 4076.22 MB
    Available Pagefile: 3396.35 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.91 MB
    ==================== Partitions =============================
    1 Drive c: () (Fixed) (Total:457.23 GB) (Free:294.73 GB) NTFS
    2 Drive e: (Recovery) (Fixed) (Total:8.43 GB) (Free:0.82 GB) NTFS ==>[System with boot components (obtained from reading drive)]
    4 Drive g: () (Removable) (Total:7.45 GB) (Free:7.4 GB) FAT32
    5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
    6 Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]
    Disk ### Status Size Free Dyn Gpt
    -------- ------------- ------- ------- --- ---
    Disk 0 Online 465 GB 0 B
    Disk 1 Online 7633 MB 0 B
    Partitions of Disk 0:
    ===============
    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Recovery 8 GB 1024 KB
    Partition 2 Primary 100 MB 8 GB
    Partition 3 Primary 457 GB 8 GB
    ==================================================================================
    Disk: 0
    Partition 1
    Type : 27
    Hidden: Yes
    Active: No
    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 3 E Recovery NTFS Partition 8 GB Healthy Hidden
    =========================================================
    Disk: 0
    Partition 2
    Type : 07
    Hidden: No
    Active: Yes
    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 1 Y System Rese NTFS Partition 100 MB Healthy
    =========================================================
    Disk: 0
    Partition 3
    Type : 07
    Hidden: No
    Active: No
    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 2 C NTFS Partition 457 GB Healthy
    =========================================================
    Partitions of Disk 1:
    ===============
    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 7633 MB 16 KB
    ==================================================================================
    Disk: 1
    Partition 1
    Type : 0B
    Hidden: No
    Active: No
    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 4 G FAT32 Removable 7633 MB Healthy
    =========================================================
    Last Boot: 2012-11-23 05:23
    ==================== End Of Log =============================


    Farbar Recovery Scan Tool (x64) Version: 21-10-2012
    Ran by SYSTEM at 2012-12-07 17:00:56
    Running from G:\
    ================== Search: "services.exe" ===================
    C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
    [2009-07-13 18:19] - [2009-07-13 20:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB
    C:\Windows\System32\services.exe
    [2009-07-13 18:19] - [2009-07-13 20:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB
    ====== End Of Search ======
  2. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Hi there!

    FRST Fixlist

    Please run the following:

    Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt

    NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system

    Now, please enter System Recovery Options then select Command Prompt.

    Run FRST and press the Fix button just once and wait.
    The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

    Now restart, let it boot normally and tell me how it went.
  3. silversufer

    silversufer Newcomer, in training Topic Starter

    Hi DragonMaster Jay!

    I did what you said, restarted the computer, but, the operating system can not be found.

    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 21-10-2012
    Ran by SYSTEM at 2012-12-10 14:56:28 Run:1
    Running from G:\
    ==============================================
    Could not move DEFAULT hive.
    Could not restore DEFAULT hive from registry back up.
    Could not move SAM hive.
    Could not restore SAM hive from registry back up.
    Could not move SECURITY hive.
    Could not restore SECURITY hive from registry back up.
    Could not move SOFTWARE hive.
    Could not restore SOFTWARE hive from registry back up.
    Could not move SYSTEM hive.
    Could not restore SYSTEM hive from registry back up.
    ==== End of Fixlog ====
  4. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

  5. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Is it working?
  6. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Thread marked inactive.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.