Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Win 7 will not boot


  • This topic is locked This topic is locked
49 replies to this topic

#1 jim240

jim240

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:12:20 PM

Posted 07 October 2011 - 12:55 PM

I down loaded a file and it opened just fine. after a couple of hours my computer seemed to lock up so I rest it.
The bios screen came up ok but instead of boot Windows 7 I just got the blinking cursor in the upper left hand of a black screen.
It tried to boot off the hard drive I know because I have to disable the HDD in the bios to get it to boot off the CD. But something has hand grenaded my boot sector.
When I boot off the CD I can see the C: drive and I can see all my files at a dos prompt. But The windows repair software doesn’t see the operating system or the partition.
My normal response to this would be to reformat and reload. But I would really like the experience of fix this with your help.
Thanks, Jim

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,331 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:20 PM

Posted 07 October 2011 - 03:39 PM

Was this a torrent download? Did you suspect it was a malware in the file? I need to know as it will determine the next step.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 jim240

jim240
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:12:20 PM

Posted 07 October 2011 - 05:45 PM

Yes, a torrent download. I normaly scan as soon as I download. I got distracted and bam!!!

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,331 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:20 PM

Posted 07 October 2011 - 07:41 PM

I am checking something.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,713 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:08:20 PM

Posted 07 October 2011 - 07:54 PM

Hi jim240,

Welcome to Bleeping Computer. I will be assisting you.

For x32 (x86) bit systems download Farbar Recovery Scan Tool and save it to a flash drive.
For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Choose keyboard language settings (English), and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.[/list]

#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,331 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:20 PM

Posted 07 October 2011 - 08:05 PM

Hello, just letting you know I moved this topic to Here in the Virus, Trojan, Spyware, and Malware Removal Logs forum where it will stay.

Please remember to click the Watch Topic button at the top right and select Immediate Notification so you do not miss any replies now that you were moved.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 jim240

jim240
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:12:20 PM

Posted 08 October 2011 - 07:47 AM

I had to boot off the CD.
When it came up to System Recovery Options, I clicked on Use recovery tools that can help fix problems starting windows.

Below that it has a window that is suppost to have Operating system and partition size and mine is blank. Scan result of Farbars's Recovery Tool (FRST written by farbar) Version 2.2.3
Ran by SYSTEM at 2011-10-08 07:42:31
Running from H:\
Windows 7 Ultimate (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [98304 2010-02-10] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r [2489456 2010-10-21] (VIA)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [35760 2010-09-23] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [932288 2010-09-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2011-04-08] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW [1230704 2011-03-21] ()
HKLM-x32\...\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe [2338656 2011-09-10] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54840 2007-05-08] (Hewlett-Packard)
HKU\jrsqrl1\...\Run: [ares] "C:\Program Files (x86)\Ares\Ares.exe" -h [1015808 2010-10-27] (Ares Development Group)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

==================== Services (Whitelisted) ======

2 Autodesk Content Service; "C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe" [18656 2011-02-02] ()
3 AVG Security Toolbar Service; C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe [1025352 2011-07-26] ()
2 avgfws; "C:\Program Files (x86)\AVG\AVG10\avgfws.exe" [2708024 2011-03-09] (AVG Technologies CZ, s.r.o.)
2 AVGIDSAgent; "C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe" [7390560 2011-08-17] (AVG Technologies CZ, s.r.o.)
2 avgwd; "C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe" [269520 2011-02-08] (AVG Technologies CZ, s.r.o.)
3 FLEXnet Licensing Service 64; "C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe" [1431888 2011-10-05] (Flexera Software, Inc.)
3 WatAdminSvc; C:\Windows\System32\Wat\WatAdminSvc.exe [1255736 2011-06-27] ()

========================== Drivers (Whitelisted) =============

3 androidusb; C:\Windows\System32\Drivers\ssadadb.sys [36328 2011-05-13] (Google Inc)
1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6a.sys [57696 2010-07-12] (AVG Technologies CZ, s.r.o.)
3 AVGIDSDriver; C:\Windows\System32\DRIVERS\AVGIDSDriver.Sys [118864 2011-05-27] (AVG Technologies CZ, s.r.o. )
0 AVGIDSEH; C:\Windows\System32\DRIVERS\AVGIDSEH.Sys [26704 2011-02-22] (AVG Technologies CZ, s.r.o. )
3 AVGIDSFilter; C:\Windows\System32\DRIVERS\AVGIDSFilter.Sys [29264 2011-02-10] (AVG Technologies CZ, s.r.o. )
1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [304720 2011-01-07] (AVG Technologies CZ, s.r.o.)
1 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [41552 2011-03-01] (AVG Technologies CZ, s.r.o.)
0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [37456 2011-03-16] (AVG Technologies CZ, s.r.o.)
1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [377936 2011-04-04] (AVG Technologies CZ, s.r.o.)
3 ssadbus; C:\Windows\System32\DRIVERS\ssadbus.sys [157672 2011-05-13] (MCCI Corporation)
3 ssadmdfl; C:\Windows\System32\DRIVERS\ssadmdfl.sys [16872 2011-05-13] (MCCI Corporation)
3 ssadmdm; C:\Windows\System32\DRIVERS\ssadmdm.sys [177640 2011-05-13] (MCCI Corporation)
3 VIAHdAudAddService; C:\Windows\System32\drivers\viahduaa.sys [1349232 2010-10-01] (VIA Technologies, Inc.)

========================== NetSvcs (Whitelisted) ===========

============ One Month Created Files and Folders ==============

2011-10-08 07:42 - 2011-10-08 07:42 - 0000000 ____D C:\FRST
2011-10-05 16:32 - 2011-10-05 16:58 - 0000000 ____D C:\Users\All Users\Recovery
2011-10-05 16:32 - 2011-10-05 16:58 - 0000000 ____D C:\ProgramData\Recovery
2011-10-05 03:49 - 2011-10-05 09:32 - 0000000 ____D C:\Users\jrsqrl1\AppData\Local\cache
2011-10-05 03:34 - 2011-10-05 03:34 - 0000000 ____D C:\Users\All Users\FLEXnet
2011-10-05 03:34 - 2011-10-05 03:34 - 0000000 ____D C:\ProgramData\FLEXnet
2011-10-05 03:29 - 2011-10-05 03:29 - 0002069 ____A C:\Users\Public\Desktop\Inventor Fusion 2012.lnk
2011-10-05 03:28 - 2011-10-05 03:28 - 0000000 ____D C:\Users\jrsqrl1\Documents\Inventor Server x64 AutoCAD 2012 Language Pack - English
2011-10-05 03:26 - 2011-10-05 03:26 - 0002102 ____A C:\Users\Public\Desktop\AutoCAD 2012 - English.lnk
2011-10-05 03:26 - 2011-10-05 03:26 - 0000153 ____A C:\Users\All Users\Microsoft.SqlServer.Compact.351.32.bc
2011-10-05 03:26 - 2011-10-05 03:26 - 0000153 ____A C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
2011-10-05 03:26 - 2011-10-05 03:26 - 0000000 ____D C:\Program Files\Common Files\Macrovision Shared
2011-10-05 03:25 - 2011-10-05 04:06 - 0000000 ____D C:\Users\jrsqrl1\AppData\Local\Autodesk
2011-10-05 03:25 - 2011-10-05 03:28 - 0000000 ____D C:\Program Files\Common Files\Autodesk Shared
2011-10-05 03:25 - 2011-10-05 03:28 - 0000000 ____D C:\Program Files\Autodesk
2011-10-05 03:24 - 2011-10-05 03:24 - 0000000 ____D C:\Program Files (x86)\Autodesk
2011-10-05 03:22 - 2011-10-05 03:22 - 0000198 ____A C:\Windows\DirectX.log
2011-10-05 03:22 - 2009-09-04 14:29 - 2582888 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_42.dll
2011-10-05 03:22 - 2009-09-04 14:29 - 2475352 ____A (Microsoft Corporation) C:\Windows\System32\D3DX9_42.dll
2011-10-05 03:22 - 2009-09-04 14:29 - 1974616 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_42.dll
2011-10-05 03:22 - 2009-09-04 14:29 - 1892184 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_42.dll
2011-10-05 03:22 - 2009-09-04 14:29 - 0523088 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_42.dll
2011-10-05 03:22 - 2009-09-04 14:29 - 0453456 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_42.dll
2011-10-05 03:22 - 2009-09-04 14:29 - 0285024 ____A (Microsoft Corporation) C:\Windows\System32\d3dx11_42.dll
2011-10-05 03:22 - 2009-09-04 14:29 - 0235344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_42.dll
2011-10-05 03:22 - 2006-03-31 09:41 - 3927248 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_30.dll
2011-10-05 03:22 - 2006-03-31 09:40 - 2388176 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_30.dll
2011-10-05 03:21 - 2011-10-05 03:21 - 0771962 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2011-10-05 03:00 - 2011-10-05 03:50 - 0000000 ____D C:\Users\All Users\Autodesk
2011-10-05 03:00 - 2011-10-05 03:50 - 0000000 ____D C:\ProgramData\Autodesk
2011-10-05 03:00 - 2011-10-05 03:49 - 0000000 ____D C:\Users\jrsqrl1\AppData\Roaming\Autodesk
2011-10-05 02:57 - 2011-10-05 02:57 - 0000000 ____D C:\Autodesk
2011-09-17 09:26 - 2011-09-17 09:26 - 0000156 ____A C:\Users\jrsqrl1\Desktop\Things to do when it gets cooler.txt
2011-09-08 16:14 - 2011-09-08 16:14 - 0000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_ssadadb_01005.Wdf

============ 3 Months Modified Files and Folders =============

2011-10-08 07:42 - 2011-10-08 07:42 - 0000000 ____D C:\FRST
2011-10-05 16:58 - 2011-10-05 16:32 - 0000000 ____D C:\Users\All Users\Recovery
2011-10-05 16:58 - 2011-10-05 16:32 - 0000000 ____D C:\ProgramData\Recovery
2011-10-05 11:41 - 2009-07-13 20:51 - 0058682 ____A C:\Windows\setupact.log
2011-10-05 09:32 - 2011-10-05 03:49 - 0000000 ____D C:\Users\jrsqrl1\AppData\Local\cache
2011-10-05 05:11 - 2011-07-01 03:47 - 0000000 ____D C:\Windows\System32\Drivers\AVG
2011-10-05 04:06 - 2011-10-05 03:25 - 0000000 ____D C:\Users\jrsqrl1\AppData\Local\Autodesk
2011-10-05 03:50 - 2011-10-05 03:00 - 0000000 ____D C:\Users\All Users\Autodesk
2011-10-05 03:50 - 2011-10-05 03:00 - 0000000 ____D C:\ProgramData\Autodesk
2011-10-05 03:49 - 2011-10-05 03:00 - 0000000 ____D C:\Users\jrsqrl1\AppData\Roaming\Autodesk
2011-10-05 03:34 - 2011-10-05 03:34 - 0000000 ____D C:\Users\All Users\FLEXnet
2011-10-05 03:34 - 2011-10-05 03:34 - 0000000 ____D C:\ProgramData\FLEXnet
2011-10-05 03:34 - 2011-06-27 15:54 - 0144032 ____A C:\Users\jrsqrl1\AppData\Local\GDIPFONTCACHEV1.DAT
2011-10-05 03:29 - 2011-10-05 03:29 - 0002069 ____A C:\Users\Public\Desktop\Inventor Fusion 2012.lnk
2011-10-05 03:28 - 2011-10-05 03:28 - 0000000 ____D C:\Users\jrsqrl1\Documents\Inventor Server x64 AutoCAD 2012 Language Pack - English
2011-10-05 03:28 - 2011-10-05 03:25 - 0000000 ____D C:\Program Files\Common Files\Autodesk Shared
2011-10-05 03:28 - 2011-10-05 03:25 - 0000000 ____D C:\Program Files\Autodesk
2011-10-05 03:27 - 2009-07-13 21:32 - 0000000 ____D C:\Windows\Downloaded Program Files
2011-10-05 03:26 - 2011-10-05 03:26 - 0002102 ____A C:\Users\Public\Desktop\AutoCAD 2012 - English.lnk
2011-10-05 03:26 - 2011-10-05 03:26 - 0000153 ____A C:\Users\All Users\Microsoft.SqlServer.Compact.351.32.bc
2011-10-05 03:26 - 2011-10-05 03:26 - 0000153 ____A C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
2011-10-05 03:26 - 2011-10-05 03:26 - 0000000 ____D C:\Program Files\Common Files\Macrovision Shared
2011-10-05 03:24 - 2011-10-05 03:24 - 0000000 ____D C:\Program Files (x86)\Autodesk
2011-10-05 03:22 - 2011-10-05 03:22 - 0000198 ____A C:\Windows\DirectX.log
2011-10-05 03:21 - 2011-10-05 03:21 - 0771962 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2011-10-05 03:21 - 2011-06-27 17:36 - 1195889 ____A C:\Windows\WindowsUpdate.log
2011-10-05 03:21 - 2009-07-13 21:13 - 0771962 ____A C:\Windows\System32\PerfStringBackup.INI
2011-10-05 02:57 - 2011-10-05 02:57 - 0000000 ____D C:\Autodesk
2011-10-04 16:10 - 2011-07-24 15:08 - 0000000 ____D C:\Users\jrsqrl1\Downloads\new
2011-10-03 14:26 - 2009-07-13 20:45 - 0014192 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2011-10-03 14:26 - 2009-07-13 20:45 - 0014192 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2011-10-01 10:42 - 2011-08-29 14:57 - 0000000 ____D C:\Users\jrsqrl1\Desktop\Recipes
2011-09-24 22:00 - 2011-08-21 07:37 - 0000000 ____D C:\Users\jrsqrl1\AppData\Local\ElevatedDiagnostics
2011-09-23 14:03 - 2011-07-01 03:59 - 0000000 ____D C:\Program Files (x86)\Mozilla Firefox
2011-09-23 00:23 - 2011-06-27 17:27 - 1945509888 __ASH C:\hiberfil.sys
2011-09-23 00:23 - 2009-07-13 21:08 - 0000006 ___AH C:\Windows\Tasks\SA.DAT
2011-09-19 16:15 - 2011-07-03 13:37 - 0000000 ____D C:\Music Scratch Pad
2011-09-17 10:08 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\rescache
2011-09-17 09:31 - 2011-07-01 05:56 - 0404640 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2011-09-17 09:30 - 2011-07-01 08:28 - 0009256 ____A C:\Windows\PFRO.log
2011-09-17 09:26 - 2011-09-17 09:26 - 0000156 ____A C:\Users\jrsqrl1\Desktop\Things to do when it gets cooler.txt
2011-09-15 06:01 - 2011-08-11 14:16 - 0000953 ____A C:\Users\Public\Desktop\AVG 2011.lnk
2011-09-08 16:14 - 2011-09-08 16:14 - 0000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_ssadadb_01005.Wdf
2011-08-22 00:00 - 2011-08-22 00:00 - 0287500 ____A C:\Windows\msxml4-KB973688-enu.LOG
2011-08-21 07:40 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\spool
2011-08-21 07:31 - 2009-07-13 19:20 - 0000000 __RHD C:\Users\Public\Libraries
2011-08-21 00:00 - 2011-08-21 00:00 - 0290878 ____A C:\Windows\msxml4-KB954430-enu.LOG
2011-08-21 00:00 - 2011-08-21 00:00 - 0000000 ____D C:\Program Files (x86)\MSXML 4.0
2011-08-20 14:44 - 2011-08-20 14:44 - 0006188 ____A C:\Users\jrsqrl1\Downloads\communicator.wav
2011-08-20 14:36 - 2011-08-20 14:36 - 0006050 ____A C:\Users\jrsqrl1\Desktop\dammit_jim.wav
2011-08-20 14:32 - 2011-08-20 14:32 - 0007870 ____A C:\Users\jrsqrl1\Downloads\kirk_2_enterprise2.wav
2011-08-20 14:07 - 2011-08-20 14:07 - 0002323 ____A C:\Users\Public\Desktop\Add a Device - Officejet 4500 G510n-z.lnk
2011-08-20 14:07 - 2011-08-20 13:56 - 0207221 ____A C:\Windows\hpwins28.dat
2011-08-20 14:07 - 2011-08-20 13:56 - 0000317 ____A C:\Users\All Users\hpzinstall.log
2011-08-20 14:07 - 2011-08-20 13:56 - 0000317 ____A C:\ProgramData\hpzinstall.log
2011-08-20 14:03 - 2011-08-20 14:03 - 0000000 ____D C:\Windows\SysWOW64\spool
2011-08-20 14:03 - 2011-08-20 13:58 - 0000000 ____D C:\Program Files (x86)\HP
2011-08-20 14:03 - 2011-08-20 13:54 - 0000000 ____D C:\Users\All Users\HP
2011-08-20 14:03 - 2011-08-20 13:54 - 0000000 ____D C:\ProgramData\HP
2011-08-20 14:02 - 2011-08-20 14:02 - 0002099 ____A C:\Users\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
2011-08-20 14:00 - 2011-08-20 14:00 - 0000000 ____D C:\Windows\hpoj4500g510n-z
2011-08-16 16:24 - 2011-08-16 16:24 - 0000000 ___AH C:\Windows\System32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2011-08-13 18:31 - 2011-08-13 18:26 - 162526674 ____A C:\Users\jrsqrl1\Downloads\Paul 2011 EXTENDED 720p haL0.03.avi
2011-08-13 18:24 - 2011-08-13 17:59 - 887570194 ____A C:\Users\jrsqrl1\Downloads\Paul 2011 EXTENDED 720p haL0.02.avi
2011-08-13 17:49 - 2011-08-13 17:25 - 891095034 ____A C:\Users\jrsqrl1\Downloads\Paul 2011 EXTENDED 720p haL0.01.avi
2011-08-13 17:19 - 2011-08-13 16:55 - 891227712 ____A C:\Users\jrsqrl1\Downloads\Paul 2011 EXTENDED 720p haL0.00.avi
2011-08-13 07:17 - 2011-08-13 06:53 - 943826944 ____A C:\Users\jrsqrl1\Downloads\freons-hutter Island10.avi
2011-08-13 05:07 - 2011-08-13 04:46 - 842455040 ____A C:\Users\jrsqrl1\Downloads\Shutter.Island.2010.BDRip.XviD-aXXo(1).divx
2011-08-13 04:22 - 2011-08-13 04:02 - 842455040 ____A C:\Users\jrsqrl1\Downloads\Shutter.Island.2010.BDRip.XviD-aXXo.divx
2011-08-12 18:01 - 2011-08-12 17:46 - 632117248 ____A C:\Users\jrsqrl1\Downloads\The.Way.Back.2010.720p.03.avi
2011-08-12 17:09 - 2011-08-12 16:52 - 732209152 ____A C:\Users\jrsqrl1\Downloads\The.Way.Back.2010.720p.02.avi
2011-08-12 16:44 - 2011-08-12 16:10 - 730058752 ____A C:\Users\jrsqrl1\Downloads\The.Way.Back.2010.720p.01.avi
2011-08-12 16:06 - 2011-08-12 15:49 - 731451392 ____A C:\Users\jrsqrl1\Downloads\The.Way.Back.2010.720p.00.avi
2011-08-12 15:12 - 2011-08-12 14:53 - 735054224 ____A C:\Users\jrsqrl1\Downloads\so.you.think.you.can.dance.s08e23.hdtv.xvid-fqm.avi
2011-08-11 14:22 - 2011-08-11 14:22 - 0000000 ____D C:\Users\jrsqrl1\AppData\Local\AVG Security Toolbar
2011-08-11 14:17 - 2011-07-01 03:38 - 0000000 ____D C:\Users\All Users\MFAData
2011-08-11 14:17 - 2011-07-01 03:38 - 0000000 ____D C:\ProgramData\MFAData
2011-08-11 14:16 - 2011-08-11 14:16 - 0000000 ____D C:\Windows\SysWOW64\Drivers\AVG
2011-08-11 14:16 - 2011-08-11 14:16 - 0000000 ____D C:\Users\All Users\AVG Security Toolbar
2011-08-11 14:16 - 2011-08-11 14:16 - 0000000 ____D C:\ProgramData\AVG Security Toolbar
2011-08-11 14:16 - 2011-07-01 03:47 - 0000000 ____D C:\Users\All Users\AVG10
2011-08-11 14:16 - 2011-07-01 03:47 - 0000000 ____D C:\ProgramData\AVG10
2011-07-24 09:26 - 2011-07-24 09:26 - 2392722 ____A C:\Users\jrsqrl1\Downloads\ac3filter_1_46(1).exe
2011-07-24 08:22 - 2011-07-23 18:39 - 0000000 ____D C:\Program Files (x86)\DivX
2011-07-24 08:21 - 2011-07-23 18:41 - 0001573 ____A C:\Users\jrsqrl1\Desktop\DivX Movies.lnk
2011-07-24 08:20 - 2011-07-24 08:20 - 4780600 ____A (DivX, Inc.) C:\Users\jrsqrl1\Downloads\DivXWebPlayerInstallerv15(1).exe
2011-07-24 08:16 - 2011-07-24 08:16 - 2392722 ____A C:\Users\jrsqrl1\Downloads\ac3filter_1_46.exe
2011-07-24 08:16 - 2011-07-24 08:16 - 0000000 ____D C:\Program Files (x86)\AC3Filter
2011-07-24 04:53 - 2011-07-23 18:41 - 0000000 ____D C:\Users\jrsqrl1\AppData\Roaming\DivX
2011-07-24 04:32 - 2011-07-24 04:32 - 4780600 ____A (DivX, Inc.) C:\Users\jrsqrl1\Downloads\DivXWebPlayerInstallerv15.exe
2011-07-23 18:42 - 2011-07-23 18:42 - 0000000 ____D C:\Users\jrsqrl1\AppData\Local\DDMSettings
2011-07-23 18:42 - 2011-06-27 15:50 - 0000000 ____D C:\Users\jrsqrl1\AppData\LocalLow
2011-07-23 18:41 - 2011-07-23 18:41 - 0002116 ____A C:\Users\Public\Desktop\DivX Plus Converter.lnk
2011-07-23 18:41 - 2011-07-23 18:41 - 0001112 ____A C:\Users\Public\Desktop\DivX Plus Player.lnk
2011-07-23 18:41 - 2011-07-23 18:41 - 0000000 ____D C:\Program Files\DivX
2011-07-23 18:41 - 2011-07-23 18:39 - 0000000 ____D C:\Users\All Users\DivX
2011-07-23 18:41 - 2011-07-23 18:39 - 0000000 ____D C:\ProgramData\DivX
2011-07-23 18:39 - 2011-07-23 18:39 - 0917856 ____A (DivX, LLC) C:\Users\jrsqrl1\Downloads\DivXInstaller.exe
2011-07-21 23:34 - 2011-08-09 17:27 - 9322496 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2011-07-21 22:38 - 2011-08-09 17:27 - 5989376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2011-07-21 21:35 - 2011-08-09 17:27 - 1638912 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2011-07-21 20:56 - 2011-08-09 17:27 - 1638912 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2011-07-17 15:01 - 2011-07-17 13:46 - 1475035422 ____A C:\Users\jrsqrl1\Desktop\Hachiko - A Dog's Tale.avi
2011-07-17 12:36 - 2011-07-17 12:36 - 36282676 ____A C:\Users\jrsqrl1\Desktop\Samsung TV manual.pdf
2011-07-17 12:34 - 2011-07-16 09:35 - 0000000 ____D C:\Users\jrsqrl1\AppData\Roaming\avidemux
2011-07-17 10:54 - 2011-07-17 10:54 - 0000000 ____D C:\Users\jrsqrl1\.varsha
2011-07-17 10:54 - 2011-06-27 15:50 - 0000000 ____D C:\users\jrsqrl1
2011-07-17 10:46 - 2011-07-17 10:46 - 0000000 ____D C:\Users\All Users\Sun
2011-07-17 10:46 - 2011-07-17 10:46 - 0000000 ____D C:\ProgramData\Sun
2011-07-17 10:44 - 2011-07-17 10:44 - 0472808 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\deployJava1.dll
2011-07-17 10:44 - 2011-07-17 10:44 - 0157472 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaws.exe
2011-07-17 10:44 - 2011-07-17 10:44 - 0145184 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaw.exe
2011-07-17 10:44 - 2011-07-17 10:44 - 0145184 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\java.exe
2011-07-17 10:44 - 2011-07-17 10:44 - 0000000 ____D C:\Program Files (x86)\Java
2011-07-17 10:42 - 2011-07-17 10:42 - 0909600 ____A (Sun Microsystems, Inc.) C:\Users\jrsqrl1\Downloads\jxpiinstall.exe
2011-07-17 04:51 - 2011-07-17 04:51 - 0000000 ____D C:\Program Files\7-Zip
2011-07-17 04:49 - 2011-07-17 04:49 - 1376768 ____A C:\Users\jrsqrl1\Downloads\7z920-x64.msi
2011-07-17 04:32 - 2011-07-17 04:32 - 0442656 ____A C:\Users\jrsqrl1\Downloads\varsha.jar
2011-07-16 09:35 - 2011-07-16 09:35 - 0000847 ____A C:\Users\Public\Desktop\Avidemux 2.5.lnk
2011-07-16 09:35 - 2011-07-16 09:35 - 0000000 ____D C:\Program Files\Avidemux 2.5
2011-07-16 09:34 - 2011-07-16 09:34 - 11641534 ____A C:\Users\jrsqrl1\Downloads\avidemux_2.5_r7200_win64.exe
2011-07-16 09:31 - 2011-07-16 09:31 - 0001707 ____A C:\Users\jrsqrl1\Desktop\Veedub64.exe - Shortcut.lnk
2011-07-16 09:31 - 2011-07-16 08:10 - 0000000 ____D C:\Users\jrsqrl1\Downloads\VirtualDub-1.9.11-AMD64
2011-07-16 09:00 - 2011-07-16 09:00 - 0083986 ____A C:\Users\jrsqrl1\Downloads\DShowInputDriver-0.5.zip
2011-07-16 08:14 - 2011-07-16 08:14 - 1012382 ____A C:\Users\jrsqrl1\Downloads\VirtualdubPluginPack2.zip
2011-07-16 08:09 - 2011-07-16 08:09 - 1916953 ____A C:\Users\jrsqrl1\Downloads\VirtualDub-1.9.11-AMD64.zip
2011-07-16 04:50 - 2011-07-16 03:58 - 0000000 ____D C:\Users\jrsqrl1\Downloads\VirtualDubMod_1_5_10_2_b2542
2011-07-16 04:49 - 2011-07-16 04:49 - 0060372 ____A C:\Users\jrsqrl1\Downloads\vorbis.zip
2011-07-16 04:47 - 2011-07-16 04:47 - 0155852 ____A C:\Users\jrsqrl1\Downloads\msvcr70.zip
2011-07-16 04:43 - 2005-07-15 11:49 - 0536576 ____A (Microsoft Corporation) C:\Windows\System32\MSVCR70d.dll
2011-07-16 04:42 - 2011-07-16 04:42 - 0228029 ____A C:\Users\jrsqrl1\Downloads\msvcr70d.zip
2011-07-16 04:30 - 2003-10-02 09:42 - 0212992 ____A C:\Windows\System32\corona.dll
2011-07-16 04:30 - 2002-04-01 20:15 - 0011264 ____A C:\Windows\System32\ogg.dll
2011-07-16 04:24 - 2011-07-16 04:24 - 0023431 ____A C:\Users\jrsqrl1\Downloads\ogg.zip
2011-07-16 04:22 - 2011-07-16 04:22 - 0131143 ____A C:\Users\jrsqrl1\Downloads\corona.zip
2011-07-16 03:57 - 2011-07-16 03:57 - 0955801 ____A C:\Users\jrsqrl1\Downloads\VirtualDubMod_1_5_10_2_b2542.zip
2011-07-15 21:26 - 2011-08-09 17:27 - 0362496 ____A (Microsoft Corporation) C:\Windows\System32\wow64win.dll
2011-07-15 21:26 - 2011-08-09 17:27 - 0243200 ____A (Microsoft Corporation) C:\Windows\System32\wow64.dll
2011-07-15 21:26 - 2011-08-09 17:27 - 0214528 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll
2011-07-15 21:26 - 2011-08-09 17:27 - 0013312 ____A (Microsoft Corporation) C:\Windows\System32\wow64cpu.dll
2011-07-15 21:24 - 2011-08-09 17:27 - 0016384 ____A (Microsoft Corporation) C:\Windows\System32\ntvdm64.dll
2011-07-15 21:21 - 2011-08-09 17:27 - 1162240 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll
2011-07-15 21:21 - 2011-08-09 17:27 - 0422400 ____A (Microsoft Corporation) C:\Windows\System32\KernelBase.dll
2011-07-15 21:17 - 2011-08-09 17:27 - 0338432 ____A (Microsoft Corporation) C:\Windows\System32\conhost.exe
2011-07-15 21:04 - 2011-08-09 17:27 - 0006144 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
2011-07-15 21:04 - 2011-08-09 17:27 - 0005120 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
2011-07-15 21:04 - 2011-08-09 17:27 - 0004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-15 21:04 - 2011-08-09 17:27 - 0004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
2011-07-15 21:04 - 2011-08-09 17:27 - 0004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
2011-07-15 21:04 - 2011-08-09 17:27 - 0004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
2011-07-15 21:04 - 2011-08-09 17:27 - 0004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
2011-07-15 21:04 - 2011-08-09 17:27 - 0004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
2011-07-15 21:04 - 2011-08-09 17:27 - 0003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
2011-07-15 21:04 - 2011-08-09 17:27 - 0003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
2011-07-15 21:04 - 2011-08-09 17:27 - 0003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
2011-07-15 21:04 - 2011-08-09 17:27 - 0003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
2011-07-15 21:04 - 2011-08-09 17:27 - 0003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
2011-07-15 21:04 - 2011-08-09 17:27 - 0003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
2011-07-15 21:04 - 2011-08-09 17:27 - 0003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
2011-07-15 21:04 - 2011-08-09 17:27 - 0003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
2011-07-15 21:04 - 2011-08-09 17:27 - 0003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
2011-07-15 21:04 - 2011-08-09 17:27 - 0003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
2011-07-15 21:04 - 2011-08-09 17:27 - 0003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
2011-07-15 21:04 - 2011-08-09 17:27 - 0003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
2011-07-15 21:04 - 2011-08-09 17:27 - 0003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
2011-07-15 21:04 - 2011-08-09 17:27 - 0003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
2011-07-15 21:04 - 2011-08-09 17:27 - 0003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
2011-07-15 21:04 - 2011-08-09 17:27 - 0003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
2011-07-15 21:04 - 2011-08-09 17:27 - 0003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
2011-07-15 21:04 - 2011-08-09 17:27 - 0003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
2011-07-15 21:04 - 2011-08-09 17:27 - 0003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
2011-07-15 21:04 - 2011-08-09 17:27 - 0003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
2011-07-15 20:36 - 2011-08-09 17:27 - 0014336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2011-07-15 20:31 - 2011-08-09 17:27 - 0025600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2011-07-15 20:30 - 2011-08-09 17:27 - 1048576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2011-07-15 20:30 - 2011-08-09 17:27 - 0272384 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2011-07-15 20:30 - 2011-08-09 17:27 - 0005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2011-07-15 20:19 - 2011-08-09 17:27 - 0005120 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2011-07-15 20:19 - 2011-08-09 17:27 - 0004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2011-07-15 20:19 - 2011-08-09 17:27 - 0004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2011-07-15 20:19 - 2011-08-09 17:27 - 0004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2011-07-15 20:19 - 2011-08-09 17:27 - 0004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2011-07-15 20:19 - 2011-08-09 17:27 - 0004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2011-07-15 20:19 - 2011-08-09 17:27 - 0004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2011-07-15 20:19 - 2011-08-09 17:27 - 0003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2011-07-15 20:19 - 2011-08-09 17:27 - 0003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2011-07-15 20:19 - 2011-08-09 17:27 - 0003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2011-07-15 20:19 - 2011-08-09 17:27 - 0003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2011-07-15 20:19 - 2011-08-09 17:27 - 0003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2011-07-15 20:19 - 2011-08-09 17:27 - 0003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2011-07-15 20:19 - 2011-08-09 17:27 - 0003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2011-07-15 20:19 - 2011-08-09 17:27 - 0003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2011-07-15 20:19 - 2011-08-09 17:27 - 0003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2011-07-15 20:19 - 2011-08-09 17:27 - 0003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2011-07-15 20:19 - 2011-08-09 17:27 - 0003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2011-07-15 20:19 - 2011-08-09 17:27 - 0003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2011-07-15 20:19 - 2011-08-09 17:27 - 0003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2011-07-15 20:19 - 2011-08-09 17:27 - 0003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2011-07-15 20:19 - 2011-08-09 17:27 - 0003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2011-07-15 20:19 - 2011-08-09 17:27 - 0003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2011-07-15 20:19 - 2011-08-09 17:27 - 0003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2011-07-15 18:26 - 2011-08-09 17:27 - 0007680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2011-07-15 18:26 - 2011-08-09 17:27 - 0002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2011-07-15 18:21 - 2011-08-09 17:27 - 0006144 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2011-07-15 18:21 - 2011-08-09 17:27 - 0004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-15 18:21 - 2011-08-09 17:27 - 0003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2011-07-15 18:21 - 2011-08-09 17:27 - 0003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2011-07-13 00:17 - 2009-07-13 20:45 - 0427280 ____A C:\Windows\System32\FNTCACHE.DAT

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

========================= Memory info ======================

Percentage of memory in use: 11%
Total physical RAM: 7935.18 MB
Available physical RAM: 7018.56 MB
Total Pagefile: 7933.33 MB
Available Pagefile: 6999.96 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:1863.01 GB) (Free:1775.1 GB) NTFS
2 Drive d: (My Book) (Fixed) (Total:465.65 GB) (Free:437.19 GB) FAT32
3 Drive e: (Repair disc Windows 7 64-bit) (CDROM) (Total:0.28 GB) (Free:0 GB) UDF
6 Drive h: (UDISK 28X) (Removable) (Total:0.12 GB) (Free:0.01 GB) FAT
7 Drive x: (Boot) (Fixed) (Total:0.08 GB) (Free:0.07 GB) NTFS

==========================================================

Last Boot: 2011-10-01 21:09

======================= End Of Log ==========================

#8 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,713 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:08:20 PM

Posted 08 October 2011 - 08:00 AM

Well done. :thumbup2:

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt

start
cmd: bootrec /FixMbr
Control: 
end

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.
On Windows XP: Now please boot into the BartPE CD.
Run FRST and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Also restart, let the computer boot normally and tell me how it went.

#9 jim240

jim240
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:12:20 PM

Posted 08 October 2011 - 10:20 AM

I saved the file to the flash drive, and clicked on the fix button.
But I don't understand what I am supposed to do with fixlist.txt file.
I rebooted with the HDD enabled in the bios and it locked up the same way.

Fix result of Farbars's Recovery Tool (FRST written by farbar version 2.2.3)
Ran by SYSTEM at 2011-10-08 10:04:04 R:1
Running from H:\

==============================================


========= bootrec /FixMbr =========

’žT h e o p e r a t i o n c o m p l e t e d s u c c e s s f u l l y .

========= End of CMD: =========


=========== Control: ===========

The boot configuration data store could not be opened.
The requested system device cannot be found.

==== End of Control: ====

==== End of Fixlog ====

#10 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,713 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:08:20 PM

Posted 09 October 2011 - 02:59 PM

You have done very well.

It doesn't look good and we need to dig in.

  • Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as look.txt

    Select Disk 0
    Select partition 1
    Detail partition
    Select Partition 2
    Detail Partition
    exit
    

    Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt

    start
    cmd: dir /a C:\
    cmd: dir /a d:\
    cmd: dir /a/s C:\boot
    cmd: dir /a/s d:\boot
    cmd: diskpart /s h:\look.txt
    end
    

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    On Vista or Windows 7: Now please enter System Recovery Options.
    On Windows XP: Now please boot into the BartPE CD.
    Run FRST and press the Fix button just once and wait.
    The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.


#11 jim240

jim240
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:12:20 PM

Posted 09 October 2011 - 03:18 PM

Here is the file.



Fix result of Farbars's Recovery Tool (FRST written by farbar version 2.2.3)
Ran by SYSTEM at 2011-10-09 15:13:50 R:2
Running from H:\

==============================================


========= dir /a C:\ =========

Volume in drive C has no label.
Volume Serial Number is 30B1-2388

Directory of C:\

06/27/2011 03:50 PM <DIR> $Recycle.Bin
10/05/2011 02:57 AM <DIR> Autodesk
06/27/2011 06:26 PM <DIR> Boot
07/13/2009 05:38 PM 383,562 bootmgr
06/27/2011 06:26 PM 8,192 BOOTSECT.BAK
10/05/2011 03:29 AM <DIR> Config.Msi
07/13/2009 09:08 PM <JUNCTION> Documents and Settings [C:\Users]
10/08/2011 07:43 AM <DIR> FRST
08/02/2009 06:59 AM 171,136 grldr
09/23/2011 12:23 AM 6,240,477,184 hiberfil.sys
07/01/2011 04:23 AM <DIR> JIM
06/29/2011 02:34 PM <DIR> MSOCache
09/19/2011 04:15 PM <DIR> Music Scratch Pad
06/27/2011 04:18 PM 206 mylog.log
09/23/2011 12:23 AM 8,320,638,976 pagefile.sys
07/13/2009 07:20 PM <DIR> PerfLogs
10/05/2011 03:25 AM <DIR> Program Files
10/05/2011 03:24 AM <DIR> Program Files (x86)
10/05/2011 04:32 PM <DIR> ProgramData
06/27/2011 03:49 PM <DIR> Recovery
06/27/2011 04:18 PM 2,747 RHDSetup.log
06/30/2011 05:38 PM <DIR> Samsung
06/30/2011 05:43 PM <DIR> Susan
10/05/2011 03:22 AM <DIR> System Volume Information
06/27/2011 03:50 PM <DIR> Users
06/30/2011 05:40 PM <DIR> volvo
10/05/2011 03:22 AM <DIR> Windows
06/27/2011 06:05 PM <DIR> Windows.old
7 File(s) 14,561,682,003 bytes
21 Dir(s) 1,906,002,702,336 bytes free

========= End of CMD: =========


========= dir /a d:\ =========

Volume in drive D is My Book
Volume Serial Number is 47EB-45D5

Directory of d:\

02/25/2008 06:46 PM <DIR> autorun
08/20/2007 09:55 PM 70 autorun.inf
02/25/2008 06:46 PM <DIR> Documentation
08/16/2007 07:11 AM 212,992 Setup.exe
02/25/2008 06:46 PM <DIR> WD_Mac_Tools
02/25/2008 06:46 PM <DIR> WD_Windows_Tools
04/15/2010 07:17 AM 377 Install.log
04/15/2010 07:17 AM <DIR> System Volume Information
07/01/2011 11:29 AM <DIR> $RECYCLE.BIN
12/26/2006 05:41 PM <DIR> WORK
03/16/2003 10:04 AM <DIR> XP drivers
12/18/2004 04:00 PM 1,129 _Sid.txt
04/13/2011 03:59 PM 81,470 devicetable.log
09/18/2006 05:57 PM 7,844 merctierod.html
03/15/2003 05:28 PM 3,335 mmcInst.log
12/27/2010 03:24 AM 228,970 setcpu_2.10-donate.apk
10/31/2005 10:56 AM 700,416 StubInstaller.exe
06/07/2009 08:31 PM 20,954 summit_mtl.asp.htm
12/31/2010 06:31 PM 30 test.ini
03/29/2008 08:29 AM <DIR> 1
12/26/2006 05:41 PM <DIR> 1INET
12/26/2006 05:41 PM <DIR> 2
04/15/2007 11:35 AM <DIR> ATI
12/15/2007 09:31 AM <DIR> Cemetery
03/15/2003 10:24 PM <DIR> creatures
03/15/2003 10:24 PM <DIR> cusspack
03/15/2003 10:24 PM <DIR> F18NFZ
03/05/2007 07:30 PM <DIR> FTW
02/14/2004 06:31 PM <DIR> Games
09/08/2008 02:53 PM <DIR> Garmin
03/20/2003 12:50 PM <DIR> Inetpub
07/01/2011 07:42 AM <DIR> JIM
03/15/2003 10:25 PM <DIR> larry
09/18/2006 05:57 PM <DIR> merctierod_files
03/20/2010 08:41 AM <DIR> My Documents
04/07/2010 05:46 PM <DIR> My Downloads
06/22/2006 01:01 PM <DIR> My Music
01/30/2005 05:50 PM <DIR> My Recipes
07/01/2011 08:53 AM <DIR> MY Software
12/15/2007 09:31 AM <DIR> My Web Sites
04/04/2003 09:46 AM <DIR> Office
04/04/2003 09:47 AM <DIR> olk1004a
03/16/2003 10:06 AM <DIR> PAPRPORT
12/15/2007 09:31 AM <DIR> PCOMP5
03/16/2003 10:06 AM <DIR> RCS2001
03/16/2003 10:06 AM <DIR> Rescue
04/13/2011 10:11 AM <DIR> Rosetta
03/16/2003 10:06 AM <DIR> SBPCI
03/16/2003 10:06 AM <DIR> SCANJET
04/24/2008 05:36 PM <DIR> Steph
06/07/2009 08:31 PM <DIR> summit_mtl.asp_files
01/06/2006 05:32 PM <DIR> taxes
11/15/2009 06:30 PM <DIR> Temp
05/07/2011 09:52 AM <DIR> volvo
06/26/2003 12:07 PM <DIR> WINDOWS
06/19/2004 01:05 PM <DIR> WUTemp
11/17/2006 09:44 PM <DIR> 1b9a261b70b00ede8e735c3a
01/02/2011 10:22 AM <DIR> 8fce35165cf3c42355eae920963f836b
06/03/2006 12:10 PM <DIR> 070b9d10b9c0df6161e3be89c6ee1262
08/04/2011 12:38 PM <DIR> FJ Cruiser
12/11/2009 04:07 PM <DIR> mame2
11 File(s) 1,257,587 bytes
50 Dir(s) 469,424,996,352 bytes free

========= End of CMD: =========


========= dir /a/s C:\boot =========

Volume in drive C has no label.
Volume Serial Number is 30B1-2388

Directory of C:\boot

06/27/2011 06:26 PM <DIR> .
06/27/2011 06:26 PM <DIR> ..
10/05/2011 03:22 AM 24,576 BCD
10/05/2011 03:22 AM 21,504 BCD.LOG
06/27/2011 06:26 PM 0 BCD.LOG1
06/27/2011 06:26 PM 0 BCD.LOG2
06/27/2011 06:26 PM 65,536 BOOTSTAT.DAT
06/27/2011 06:26 PM <DIR> cs-CZ
06/27/2011 06:26 PM <DIR> da-DK
06/27/2011 06:26 PM <DIR> de-DE
06/27/2011 06:26 PM <DIR> el-GR
06/27/2011 06:26 PM <DIR> en-US
06/27/2011 06:26 PM <DIR> es-ES
06/27/2011 06:26 PM <DIR> fi-FI
06/27/2011 06:26 PM <DIR> Fonts
06/27/2011 06:26 PM <DIR> fr-FR
06/27/2011 06:26 PM <DIR> hu-HU
06/27/2011 06:26 PM <DIR> it-IT
06/27/2011 06:26 PM <DIR> ja-JP
06/27/2011 06:26 PM <DIR> ko-KR
07/13/2009 05:20 PM 485,440 memtest.exe
06/27/2011 06:26 PM <DIR> nb-NO
06/27/2011 06:26 PM <DIR> nl-NL
06/27/2011 06:26 PM <DIR> pl-PL
06/27/2011 06:26 PM <DIR> pt-BR
06/27/2011 06:26 PM <DIR> pt-PT
06/27/2011 06:26 PM <DIR> ru-RU
06/27/2011 06:26 PM <DIR> sv-SE
06/27/2011 06:26 PM <DIR> tr-TR
06/27/2011 06:26 PM <DIR> zh-CN
06/27/2011 06:26 PM <DIR> zh-HK
06/27/2011 06:26 PM <DIR> zh-TW
6 File(s) 597,056 bytes

Directory of C:\boot\cs-CZ

06/27/2011 06:26 PM <DIR> .
06/27/2011 06:26 PM <DIR> ..
07/13/2009 05:17 PM 89,168 bootmgr.exe.mui
1 File(s) 89,168 bytes

Directory of C:\boot\da-DK

06/27/2011 06:26 PM <DIR> .
06/27/2011 06:26 PM <DIR> ..
07/13/2009 05:17 PM 87,616 bootmgr.exe.mui
1 File(s) 87,616 bytes

Directory of C:\boot\de-DE

06/27/2011 06:26 PM <DIR> .
06/27/2011 06:26 PM <DIR> ..
07/13/2009 05:17 PM 91,712 bootmgr.exe.mui
1 File(s) 91,712 bytes

Directory of C:\boot\el-GR

06/27/2011 06:26 PM <DIR> .
06/27/2011 06:26 PM <DIR> ..
07/13/2009 05:17 PM 94,800 bootmgr.exe.mui
1 File(s) 94,800 bytes

Directory of C:\boot\en-US

06/27/2011 06:26 PM <DIR> .
06/27/2011 06:26 PM <DIR> ..
07/13/2009 05:17 PM 85,056 bootmgr.exe.mui
07/13/2009 06:11 PM 43,600 memtest.exe.mui
2 File(s) 128,656 bytes

Directory of C:\boot\es-ES

06/27/2011 06:26 PM <DIR> .
06/27/2011 06:26 PM <DIR> ..
07/13/2009 05:17 PM 90,192 bootmgr.exe.mui
1 File(s) 90,192 bytes

Directory of C:\boot\fi-FI

06/27/2011 06:26 PM <DIR> .
06/27/2011 06:26 PM <DIR> ..
07/13/2009 05:17 PM 89,152 bootmgr.exe.mui
1 File(s) 89,152 bytes

Directory of C:\boot\Fonts

06/27/2011 06:26 PM <DIR> .
06/27/2011 06:26 PM <DIR> ..
06/10/2009 12:31 PM 3,694,080 chs_boot.ttf
06/10/2009 12:31 PM 3,876,772 cht_boot.ttf
06/10/2009 12:31 PM 1,984,228 jpn_boot.ttf
06/10/2009 12:31 PM 2,371,360 kor_boot.ttf
06/10/2009 12:31 PM 47,452 wgl4_boot.ttf
5 File(s) 11,973,892 bytes

Directory of C:\boot\fr-FR

06/27/2011 06:26 PM <DIR> .
06/27/2011 06:26 PM <DIR> ..
07/13/2009 05:17 PM 93,248 bootmgr.exe.mui
1 File(s) 93,248 bytes

Directory of C:\boot\hu-HU

06/27/2011 06:26 PM <DIR> .
06/27/2011 06:26 PM <DIR> ..
07/13/2009 05:17 PM 90,688 bootmgr.exe.mui
1 File(s) 90,688 bytes

Directory of C:\boot\it-IT

06/27/2011 06:26 PM <DIR> .
06/27/2011 06:26 PM <DIR> ..
07/13/2009 05:17 PM 90,704 bootmgr.exe.mui
1 File(s) 90,704 bytes

Directory of C:\boot\ja-JP

06/27/2011 06:26 PM <DIR> .
06/27/2011 06:26 PM <DIR> ..
07/13/2009 05:17 PM 76,352 bootmgr.exe.mui
1 File(s) 76,352 bytes

Directory of C:\boot\ko-KR

06/27/2011 06:26 PM <DIR> .
06/27/2011 06:26 PM <DIR> ..
07/13/2009 05:17 PM 75,344 bootmgr.exe.mui
1 File(s) 75,344 bytes

Directory of C:\boot\nb-NO

06/27/2011 06:26 PM <DIR> .
06/27/2011 06:26 PM <DIR> ..
07/13/2009 05:17 PM 88,144 bootmgr.exe.mui
1 File(s) 88,144 bytes

Directory of C:\boot\nl-NL

06/27/2011 06:26 PM <DIR> .
06/27/2011 06:26 PM <DIR> ..
07/13/2009 05:17 PM 90,704 bootmgr.exe.mui
1 File(s) 90,704 bytes

Directory of C:\boot\pl-PL

06/27/2011 06:26 PM <DIR> .
06/27/2011 06:26 PM <DIR> ..
07/13/2009 05:17 PM 90,704 bootmgr.exe.mui
1 File(s) 90,704 bytes

Directory of C:\boot\pt-BR

06/27/2011 06:26 PM <DIR> .
06/27/2011 06:26 PM <DIR> ..
07/13/2009 05:17 PM 90,176 bootmgr.exe.mui
1 File(s) 90,176 bytes

Directory of C:\boot\pt-PT

06/27/2011 06:26 PM <DIR> .
06/27/2011 06:26 PM <DIR> ..
07/13/2009 05:17 PM 89,664 bootmgr.exe.mui
1 File(s) 89,664 bytes

Directory of C:\boot\ru-RU

06/27/2011 06:26 PM <DIR> .
06/27/2011 06:26 PM <DIR> ..
07/13/2009 05:17 PM 90,192 bootmgr.exe.mui
1 File(s) 90,192 bytes

Directory of C:\boot\sv-SE

06/27/2011 06:26 PM <DIR> .
06/27/2011 06:26 PM <DIR> ..
07/13/2009 05:17 PM 87,616 bootmgr.exe.mui
1 File(s) 87,616 bytes

Directory of C:\boot\tr-TR

06/27/2011 06:26 PM <DIR> .
06/27/2011 06:26 PM <DIR> ..
07/13/2009 05:17 PM 87,104 bootmgr.exe.mui
1 File(s) 87,104 bytes

Directory of C:\boot\zh-CN

06/27/2011 06:26 PM <DIR> .
06/27/2011 06:26 PM <DIR> ..
07/13/2009 05:17 PM 70,720 bootmgr.exe.mui
1 File(s) 70,720 bytes

Directory of C:\boot\zh-HK

06/27/2011 06:26 PM <DIR> .
06/27/2011 06:26 PM <DIR> ..
07/13/2009 05:17 PM 70,224 bootmgr.exe.mui
1 File(s) 70,224 bytes

Directory of C:\boot\zh-TW

06/27/2011 06:26 PM <DIR> .
06/27/2011 06:26 PM <DIR> ..
07/13/2009 05:17 PM 70,208 bootmgr.exe.mui
1 File(s) 70,208 bytes

Total Files Listed:
35 File(s) 14,594,036 bytes
74 Dir(s) 1,906,002,702,336 bytes free

========= End of CMD: =========


========= dir /a/s d:\boot =========

Volume in drive D is My Book
Volume Serial Number is 47EB-45D5
File Not Found

========= End of CMD: =========


========= diskpart /s h:\look.txt =========


Microsoft DiskPart version 6.1.7600
Copyright © 1999-2008 Microsoft Corporation.
On computer: MININT-LSEHLBA

Disk 0 is now the selected disk.

Partition 1 is now the selected partition.

Partition 1
Type : 07
Hidden: No
Active: Yes
Offset in Bytes: 1048576

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partition 1863 GB Healthy

The specified partition is not valid.
Please select a valid partition.

There is no partition selected.

========= End of CMD: =========

#12 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,713 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:08:20 PM

Posted 09 October 2011 - 03:36 PM

I need your feedback here:

This is from the FRST scan log:

1 Drive c: () (Fixed) (Total:1863.01 GB) (Free:1775.1 GB) NTFS
2 Drive d: (My Book) (Fixed) (Total:465.65 GB) (Free:437.19 GB) FAT32

It lists two drives. The C drive the OS drive. The second drive looks like a external drive. Could you give me feedback about it?


Partition 1
Type : 07
Hidden: No
Active: Yes
Offset in Bytes: 1048576

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partition 1863 GB Healthy

The same OS partition is listed here. Everything is just as it should be except that we expect it to be Volume # 1 and not as it listed here Volume # 2. Any idea about this?
What do you see if you go type Notepad

#13 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,713 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:08:20 PM

Posted 09 October 2011 - 03:42 PM

I need your feedback here:

This is from the FRST scan log:

1 Drive c: () (Fixed) (Total:1863.01 GB) (Free:1775.1 GB) NTFS
2 Drive d: (My Book) (Fixed) (Total:465.65 GB) (Free:437.19 GB) FAT32

It lists two drives. The C drive is the OS drive. The second drive looks like a external drive. Could you give me feedback about it?


Partition 1
Type : 07
Hidden: No
Active: Yes
Offset in Bytes: 1048576

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partition 1863 GB Healthy

The same OS partition is listed here. Everything is just as it should be except that we expect it to be Volume # 1 and not as it listed here Volume # 2. Any idea about this?

#14 jim240

jim240
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:12:20 PM

Posted 09 October 2011 - 05:01 PM

The D: drive is one of those My book Wester Digital external drives. Someone lost the power supply and threw it away. I ripped it out of Its little box and mounted it fixed in my computer as a backup. I guess I should have used it!!

I only set one partition on C: drive when I formated it.
Sorry it took so long, I had to walk the dogs.

#15 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,713 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:08:20 PM

Posted 09 October 2011 - 05:20 PM

We might have to remove that external drive later on to see if it has any effect on the boot.

  • Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as look.txt

    list disk
    list volume
    

    Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt

    start
    cmd: diskpart /s h:\look.txt
    end
    

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    On Vista or Windows 7: Now please enter System Recovery Options.
    On Windows XP: Now please boot into the BartPE CD.
    Run FRST and press the Fix button just once and wait.
    The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users