Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Win 7 Unable to Boot


  • This topic is locked This topic is locked
21 replies to this topic

#1 Bobandray

Bobandray

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:06 PM

Posted 15 March 2012 - 03:12 PM

Win 7 Pro with automatic updates, so everything should be up-to-date. Unable to post DDS or GMER because machine will not boot to graphical UI. Last good boot was Tuesday 3/13 morning. System Restore says it works, but no joy. Booted Safe Mode DOS BOX and ran CHKDSK on C: and D: (when DOS BOX opened, prompt was X: ????), but no help. Read about "upgrade re-install" for Win 7, but that requires a working Windows graphical UI.

Any help appreciated.

Bob and Ray

BC AdBot (Login to Remove)

 


#2 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:09:06 PM

Posted 15 March 2012 - 06:26 PM

Hi,

Please try the following:

You'll need a flash drive for this next set of instructions.


For x32 (x86) bit systems download Farbar Recovery Scan Tool and save it to a flash drive.
For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.
On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to the disclaimer.
[*]Place a check next to List Drivers MD5 as well as the default check marks that are already there
[*]Press Scan button.
[*]type exit and reboot the computer normally
[*]FRST will make a log (FRST.txt) on the flash drive, please copy and paste the log in your reply.[/list]

Edited by CatByte, 15 March 2012 - 06:28 PM.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#3 Bobandray

Bobandray
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:06 PM

Posted 16 March 2012 - 10:56 AM

CatByte,

I will post results as soon as I have them.

Thanks!
Bob and Ray

#4 Bobandray

Bobandray
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:06 PM

Posted 17 March 2012 - 08:20 AM

CatByte,

Well this is confusing. Since we have a brand new 64-bit system running a 64-bit version of Win 7 Pro, I downloaded the 64-bit version of the Farbar Recovery Scan Tool to a flash drive, and ran it from the command prompt as instructed. The system responds that frst64.exe is "not a valid Win32 application". While I don't understand this, it seems clear that, for whatever reason, the 32-bit version would be more appropriate so I download that version to the flash drive and try it. Same scenario to boot and get into the command prompt, but this time the message is the "subsystem needed to support the image type is not present".

BOTTOM LINE: I am unable to run either the 32-bit or 64-bit versions of the Farbar Recovery Scan Tool.

Bob and Ray

#5 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:09:06 PM

Posted 17 March 2012 - 10:33 AM

are you able to enter the system recovery options?

If so, which method must you use?


If you are able to enter the system recovery > choose "start up repair"


allow it plenty of time to work > please advise if you are now able to boot normally

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#6 Bobandray

Bobandray
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:06 PM

Posted 18 March 2012 - 07:40 PM

CatByte,

I can enter System Recovery Options either by booting from hard drive or booting from DVD. The messages I reported to you were generated by booting the hard drive. I can get to Start Up Repair, but it says "Windows cannot repair this computer automatically". There are two choices: send info or not -- doesn't matter which you choose. If I click on the "View Details" button, I get the following:

Problem event: Startup Repair offline
Problem Signature:

1. 6.1.7600.16385
2. 6.1.7600.16385
3. unknown
4. 21200329 (the very first time, this was 117)
5. Autofailover
6. 24
7. BadPatch

OS Version: 6.1.7601.2.1.0.256.1
Locale ID: 1033

I have done this dozens of times, but still not able to boot normally.

Thanks,
Bob and Ray

#7 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:09:06 PM

Posted 18 March 2012 - 07:45 PM

Please re-try FRST

down load a fresh copy of the 64bit version and follow the above instructions

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#8 Bobandray

Bobandray
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:06 PM

Posted 19 March 2012 - 09:08 PM

CatByte,

Totally different outcome with FRST64.exe this time. Everything was checked by default, so I did not need to check "List Drivers MD5". After the scan, I shut down. When I powered back on, it boots to a choice between "start normally" and "recover". I selected "start normally" several times, but it would not complete the boot -- just comes back to the choice between "start normally" and "recover". Here is the log:


Scan result of Farbar Recovery Scan Tool Version: 15-03-2012
Ran by SYSTEM at 19-03-2012 19:28:33
Running from F:\
Windows 7 Professional Service Pack 1 (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [12632168 2011-07-21] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE4 [2264168 2011-07-12] (Realtek Semiconductor)
HKLM\...\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe [167704 2011-10-21] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe [392472 2011-10-21] (Intel Corporation)
HKLM\...\Run: [Persistence] C:\Windows\system32\igfxpers.exe [416024 2011-10-21] (Intel Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [499608 2011-06-16] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Dolby Home Theater v4] "C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe" -autostart [506712 2011-06-01] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe" [2416480 2012-01-24] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-02] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2011-09-27] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2011-10-24] (Apple Inc.)
HKLM-x32\...\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54840 2007-05-08] (Hewlett-Packard)
HKLM-x32\...\Run: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [150016 2008-08-20] (Hewlett-Packard)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.)
HKU\Barb\...\Run: [Google Update] "C:\Users\Barb\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2011-12-05] (Google Inc.)
HKLM\...\RunOnce: [*Restore] C:\Windows\system32\rstrui.exe /RUNONCE [296960 2010-11-20] (Microsoft Corporation)
Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.123.100
Tcpip\..\Interfaces\{2DAF9BFD-E889-41C8-B041-50EAAA5FA188}: [NameServer]10.1.1.1

==================== Services (Whitelisted) ======

2 AdobeActiveFileMonitor10.0; C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [169624 2011-09-01] (Adobe Systems Incorporated)
3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
2 arXfrSvc; "C:\Program Files\Windows Home Server\Microsoft.HomeServer.Archive.TransferService.exe" [231280 2011-01-10] (Microsoft Corporation)
2 avgwd; "C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe" [192776 2011-08-02] (AVG Technologies CZ, s.r.o.)
2 esClient; "C:\Program Files\Windows Home Server\esClient.exe" [109936 2011-01-10] (Microsoft Corporation)
3 IDriverT; "C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe" [69632 2005-04-03] (Macrovision Corporation)
2 IntuitUpdateServiceV4; "C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe" [13672 2011-08-25] (Intuit Inc.)
2 UNS; "C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe" [2655768 2010-10-05] (Intel Corporation)
2 WHSConnector; "C:\Program Files\Windows Home Server\WHSConnector.exe" [489840 2011-01-10] (Microsoft Corporation)

========================== Drivers (Whitelisted) =============

1 AppleCharger; C:\Windows\System32\Drivers\AppleCharger.sys [21104 2011-01-10] ()
0 AVGIDSEH; C:\Windows\System32\Drivers\AVGIDSEH.sys [26704 2011-07-10] (AVG Technologies CZ, s.r.o. )
1 Avgldx64; C:\Windows\System32\Drivers\Avgldx64.sys [283728 2011-10-07] (AVG Technologies CZ, s.r.o.)
1 Avgmfx64; C:\Windows\System32\Drivers\Avgmfx64.sys [46672 2011-08-08] (AVG Technologies CZ, s.r.o.)
0 Avgrkx64; C:\Windows\System32\Drivers\Avgrkx64.sys [37456 2011-09-13] (AVG Technologies CZ, s.r.o.)
3 dmvsc; C:\Windows\System32\Drivers\dmvsc.sys [71168 2010-11-20] (Microsoft Corporation)
3 EtronHub3; C:\Windows\System32\Drivers\EtronHub3.sys [56960 2011-07-28] (Etron Technology Inc)
3 EtronXHCI; C:\Windows\System32\Drivers\EtronXHCI.sys [79104 2011-07-28] (Etron Technology Inc)
3 gdrv; \??\C:\Windows\gdrv.sys [25640 2011-11-19] (Windows ® Server 2003 DDK provider)
3 GVTDrv64; \??\C:\Windows\GVTDrv64.sys [30528 2011-11-19] ()
3 TsUsbGD; C:\Windows\System32\Drivers\TsUsbGD.sys [31232 2010-11-20] (Microsoft Corporation)

========================== NetSvcs (Whitelisted) ===========

============ One Month Created Files and Folders ==============

2012-03-19 19:28 - 2012-03-19 19:28 - 0000000 ____D C:\FRST
2012-03-11 16:26 - 2012-03-11 16:26 - 0157472 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaws.exe
2012-03-11 16:26 - 2012-03-11 16:26 - 0149280 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaw.exe
2012-03-11 16:26 - 2012-03-11 16:26 - 0149280 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\java.exe
2012-03-08 18:15 - 2012-03-08 18:15 - 0049219 ____A C:\Users\Barb\Downloads\usaa_quicken (3).qfx
2012-03-08 18:15 - 2012-03-08 18:14 - 0049219 ____A C:\Users\Barb\Downloads\usaa_quicken (2).qfx
2012-03-03 21:59 - 2012-03-03 21:59 - 0024717 ____A C:\Users\Barb\Documents\college transcript.xlsx
2012-03-02 14:45 - 2012-03-02 14:45 - 0051568 ____A C:\Users\Barb\Downloads\usaa_quicken (1).qfx
2012-02-21 08:37 - 2012-02-21 08:37 - 0002951 ____A C:\Users\Barb\Desktop\Microsoft Excel 2010.lnk
2012-02-18 19:41 - 2012-02-18 19:41 - 0000000 ____D C:\Users\Barb\AppData\Local\HP
2012-02-18 19:39 - 2012-03-09 19:26 - 0000000 ____D C:\Users\Barb\AppData\Roaming\HP
2012-02-18 19:39 - 2012-02-18 19:39 - 0000000 ____D C:\Users\All Users\WEBREG
2012-02-18 19:39 - 2012-02-18 19:39 - 0000000 ____D C:\ProgramData\WEBREG
2012-02-18 19:38 - 2012-02-18 19:38 - 0002167 ____A C:\Users\Public\Desktop\HP Photosmart Essential 3.5.lnk
2012-02-18 19:37 - 2012-02-18 19:37 - 0001315 ____A C:\Users\Public\Desktop\HP Solution Center.lnk
2012-02-18 19:37 - 2012-02-18 19:37 - 0000000 ____D C:\Users\All Users\HP Product Assistant
2012-02-18 19:37 - 2012-02-18 19:37 - 0000000 ____D C:\ProgramData\HP Product Assistant
2012-02-18 19:36 - 2012-02-18 19:38 - 0000000 ____D C:\Program Files (x86)\HP
2012-02-18 19:24 - 2012-02-18 19:40 - 0000351 ____A C:\Users\All Users\hpzinstall.log
2012-02-18 19:24 - 2012-02-18 19:40 - 0000351 ____A C:\ProgramData\hpzinstall.log
2012-02-18 19:24 - 2012-02-18 19:37 - 0000000 ____D C:\Users\All Users\HP
2012-02-18 19:24 - 2012-02-18 19:37 - 0000000 ____D C:\ProgramData\HP
2012-02-18 17:17 - 2012-02-18 17:54 - 177468928 ____A (Igor Pavlov) C:\Users\Barb\Downloads\setup_full_G4000_3.exe
2012-02-18 14:34 - 2012-02-18 14:34 - 0000000 ___AH C:\Windows\System32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf

============ 3 Months Modified Files and Folders =============

2012-03-19 19:28 - 2012-03-19 19:28 - 0000000 ____D C:\FRST
2012-03-18 19:24 - 2012-02-13 16:19 - 0000000 ____D C:\Users\Barb\Documents\Family Law Software
2012-03-18 19:24 - 2011-11-19 16:19 - 0000000 ____D C:\Users\All Users\Intel
2012-03-18 19:24 - 2011-11-19 16:19 - 0000000 ____D C:\ProgramData\Intel
2012-03-18 19:24 - 2011-11-16 21:02 - 0000000 ____D C:\Windows\System32\Drivers\AVG
2012-03-18 19:24 - 2011-11-16 20:38 - 0000000 ____D C:\users\Barb
2012-03-18 19:24 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\registration
2012-03-18 19:24 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\AppCompat
2012-03-13 20:42 - 2011-04-12 00:28 - 0000000 ___RD C:\Users\Public\Recorded TV
2012-03-13 13:40 - 2011-11-16 12:32 - 1836987 ____A C:\Windows\WindowsUpdate.log
2012-03-13 13:38 - 2009-07-13 20:45 - 0022096 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-03-13 13:38 - 2009-07-13 20:45 - 0022096 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-03-13 13:35 - 2009-07-13 21:13 - 0778834 ____A C:\Windows\System32\PerfStringBackup.INI
2012-03-13 13:31 - 2011-11-16 12:30 - 4229783552 __ASH C:\hiberfil.sys
2012-03-13 13:31 - 2009-07-13 21:08 - 0000006 ___AH C:\Windows\Tasks\SA.DAT
2012-03-13 13:31 - 2009-07-13 20:51 - 0037876 ____A C:\Windows\setupact.log
2012-03-13 09:58 - 2011-11-16 20:58 - 0000000 ____D C:\Users\All Users\MFAData
2012-03-13 09:58 - 2011-11-16 20:58 - 0000000 ____D C:\ProgramData\MFAData
2012-03-11 16:26 - 2012-03-11 16:26 - 0157472 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaws.exe
2012-03-11 16:26 - 2012-03-11 16:26 - 0149280 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaw.exe
2012-03-11 16:26 - 2012-03-11 16:26 - 0149280 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\java.exe
2012-03-11 16:26 - 2011-12-02 08:44 - 0472808 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\deployJava1.dll
2012-03-09 19:26 - 2012-02-18 19:39 - 0000000 ____D C:\Users\Barb\AppData\Roaming\HP
2012-03-08 18:15 - 2012-03-08 18:15 - 0049219 ____A C:\Users\Barb\Downloads\usaa_quicken (3).qfx
2012-03-08 18:14 - 2012-03-08 18:15 - 0049219 ____A C:\Users\Barb\Downloads\usaa_quicken (2).qfx
2012-03-03 21:59 - 2012-03-03 21:59 - 0024717 ____A C:\Users\Barb\Documents\college transcript.xlsx
2012-03-02 14:45 - 2012-03-02 14:45 - 0051568 ____A C:\Users\Barb\Downloads\usaa_quicken (1).qfx
2012-02-28 20:03 - 2011-11-30 21:01 - 0772558 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2012-02-27 19:40 - 2012-01-14 10:42 - 0023832 ____A C:\Users\Barb\Documents\2011 christmas letter.docx
2012-02-21 08:37 - 2012-02-21 08:37 - 0002951 ____A C:\Users\Barb\Desktop\Microsoft Excel 2010.lnk
2012-02-20 12:26 - 2009-07-13 19:18 - 0000000 __SHD C:\$Recycle.Bin
2012-02-19 09:23 - 2009-07-13 20:45 - 0420832 ____A C:\Windows\System32\FNTCACHE.DAT
2012-02-18 19:55 - 2011-11-19 13:35 - 0112600 ____A C:\Users\Barb\AppData\Local\GDIPFONTCACHEV1.DAT
2012-02-18 19:41 - 2012-02-18 19:41 - 0000000 ____D C:\Users\Barb\AppData\Local\HP
2012-02-18 19:40 - 2012-02-18 19:24 - 0000351 ____A C:\Users\All Users\hpzinstall.log
2012-02-18 19:40 - 2012-02-18 19:24 - 0000351 ____A C:\ProgramData\hpzinstall.log
2012-02-18 19:39 - 2012-02-18 19:39 - 0000000 ____D C:\Users\All Users\WEBREG
2012-02-18 19:39 - 2012-02-18 19:39 - 0000000 ____D C:\ProgramData\WEBREG
2012-02-18 19:38 - 2012-02-18 19:38 - 0002167 ____A C:\Users\Public\Desktop\HP Photosmart Essential 3.5.lnk
2012-02-18 19:38 - 2012-02-18 19:36 - 0000000 ____D C:\Program Files (x86)\HP
2012-02-18 19:37 - 2012-02-18 19:37 - 0001315 ____A C:\Users\Public\Desktop\HP Solution Center.lnk
2012-02-18 19:37 - 2012-02-18 19:37 - 0000000 ____D C:\Users\All Users\HP Product Assistant
2012-02-18 19:37 - 2012-02-18 19:37 - 0000000 ____D C:\ProgramData\HP Product Assistant
2012-02-18 19:37 - 2012-02-18 19:24 - 0000000 ____D C:\Users\All Users\HP
2012-02-18 19:37 - 2012-02-18 19:24 - 0000000 ____D C:\ProgramData\HP
2012-02-18 17:54 - 2012-02-18 17:17 - 177468928 ____A (Igor Pavlov) C:\Users\Barb\Downloads\setup_full_G4000_3.exe
2012-02-18 14:34 - 2012-02-18 14:34 - 0000000 ___AH C:\Windows\System32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2012-02-16 07:42 - 2011-11-16 20:38 - 0000000 ____D C:\Users\Barb\AppData\LocalLow
2012-02-15 18:19 - 2011-11-16 20:39 - 0000174 ___SH C:\Users\Barb\Start Menu\Programs\Startup\desktop.ini
2012-02-15 18:19 - 2011-11-16 20:39 - 0000174 ___SH C:\Users\Barb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
2012-02-15 15:32 - 2011-11-25 19:20 - 0000000 ____D C:\Users\All Users\Microsoft Help
2012-02-15 15:32 - 2011-11-25 19:20 - 0000000 ____D C:\ProgramData\Microsoft Help
2012-02-15 15:30 - 2011-11-19 09:54 - 0000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2012-02-15 15:29 - 2011-11-19 07:59 - 54585368 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-02-15 14:13 - 2012-02-07 20:14 - 0000469 ____A C:\Users\All Users\Microsoft.SqlServer.Compact.400.32.bc
2012-02-15 14:13 - 2012-02-07 20:14 - 0000469 ____A C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
2012-02-13 16:18 - 2012-02-13 16:18 - 0000995 ____A C:\Users\Public\Desktop\Family Law Software Client.lnk
2012-02-13 16:18 - 2012-02-13 16:18 - 0000000 ____D C:\Users\Barb\AppData\Roaming\Softland
2012-02-13 16:18 - 2012-02-13 16:18 - 0000000 ____D C:\Program Files\Softland
2012-02-13 16:18 - 2012-02-13 16:18 - 0000000 ____D C:\Program Files (x86)\FLSClnt
2012-02-09 19:42 - 2012-02-09 19:42 - 0057327 ____A C:\Users\Barb\Downloads\usaa_quicken.qfx
2012-02-07 20:21 - 2012-02-07 20:21 - 0000000 ____D C:\Users\Barb\Documents\TurboTax
2012-02-07 20:14 - 2012-02-07 20:14 - 0002515 ____A C:\Users\Public\Desktop\TurboTax 2011.lnk
2012-02-07 20:14 - 2011-11-22 18:21 - 0000000 ____D C:\Users\Barb\AppData\Roaming\Intuit
2012-02-07 20:14 - 2011-11-22 18:13 - 0000000 ____D C:\Users\All Users\Intuit
2012-02-07 20:14 - 2011-11-22 18:13 - 0000000 ____D C:\ProgramData\Intuit
2012-02-07 20:11 - 2012-02-07 20:11 - 0000000 ____D C:\Program Files (x86)\TurboTax
2012-02-05 12:53 - 2012-02-05 12:53 - 0216576 ____A C:\Users\Barb\Downloads\envelope.pub
2012-02-05 12:37 - 2011-11-25 19:20 - 0000000 ____D C:\Users\Barb\AppData\Local\Microsoft Help
2012-02-05 11:46 - 2009-07-13 21:08 - 0032558 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-02-04 08:17 - 2010-11-20 19:47 - 0030784 ____A C:\Windows\PFRO.log
2012-02-03 09:59 - 2011-11-22 18:21 - 0000000 ____D C:\Program Files (x86)\Quicken
2012-02-01 13:56 - 2012-02-01 13:56 - 0000852 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2703633545-3807309208-3974150782-1000Core1cce12c66bbb5ae.job
2012-01-29 03:10 - 2010-11-20 19:27 - 0279656 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2012-01-28 20:18 - 2012-01-28 20:18 - 0170033 ____A C:\Users\Barb\Downloads\Lorie-McCown_109.jpg
2012-01-28 20:16 - 2012-01-28 20:17 - 0479768 ____A C:\Users\Barb\Downloads\Lorie-McCown_100.jpg
2012-01-28 20:16 - 2012-01-28 20:16 - 0548306 ____A C:\Users\Barb\Downloads\Lorie-McCown_81.jpg
2012-01-28 20:16 - 2012-01-28 20:16 - 0223005 ____A C:\Users\Barb\Downloads\Lorie-McCown_75.jpg
2012-01-28 20:15 - 2012-01-28 20:15 - 0297052 ____A C:\Users\Barb\Downloads\Lorie-McCown_42.jpg
2012-01-28 20:15 - 2012-01-28 20:15 - 0157363 ____A C:\Users\Barb\Downloads\Lorie-McCown_45.jpg
2012-01-28 20:13 - 2012-01-28 20:13 - 0181793 ____A C:\Users\Barb\Downloads\Lorie-McCown_25.jpg
2012-01-28 20:12 - 2012-01-28 20:12 - 0212310 ____A C:\Users\Barb\Downloads\Lorie-McCown_55.jpg
2012-01-28 19:31 - 2012-01-28 19:31 - 0235675 ____A C:\Users\Barb\Downloads\Halloween quilt.jpg
2012-01-27 10:07 - 2012-01-27 10:07 - 0081107 ____A C:\Users\Barb\Downloads\tickets_476692.html
2012-01-23 10:24 - 2012-01-23 10:24 - 0302931 ____A C:\Users\Barb\Downloads\Angelicia Jan 2012.JPG
2012-01-23 10:09 - 2012-01-23 10:10 - 0130386 ____A C:\Users\Barb\Downloads\Sebastian Jan 2012.JPG
2012-01-23 10:09 - 2012-01-23 10:09 - 0205461 ____A C:\Users\Barb\Downloads\Rachele Jan 2012.JPG
2012-01-23 10:09 - 2012-01-23 10:09 - 0151425 ____A C:\Users\Barb\Downloads\Karmyn Jan 2012.JPG
2012-01-23 10:08 - 2012-01-23 10:08 - 0088862 ____A C:\Users\Barb\Downloads\Ian Jan 2012.JPG
2012-01-23 10:08 - 2012-01-23 10:08 - 0088597 ____A C:\Users\Barb\Downloads\Gabby Jan 2012.JPG
2012-01-19 18:09 - 2012-01-19 18:09 - 35145403 ____A C:\Users\Barb\Downloads\Print family 2011.psd
2012-01-19 18:09 - 2012-01-19 18:09 - 0624556 ____A C:\Users\Barb\Downloads\Print family 2011.jpg
2012-01-19 17:10 - 2012-01-19 17:10 - 94168790 ____A C:\Users\Barb\Downloads\Family Funny 2011.psd
2012-01-19 17:10 - 2012-01-19 17:10 - 1035804 ____A C:\Users\Barb\Downloads\Print Family Funny 2011 copy.jpg
2012-01-19 11:38 - 2012-01-19 11:38 - 0000000 ____D C:\Users\Barb\AppData\Roaming\PhotoshopdotcomInspirationBrowser.4C35C4D325D350FE0114230CBADCA2DDD0AC8D25.1
2012-01-17 10:11 - 2012-01-17 09:35 - 86471982 ____A C:\Users\Barb\Downloads\freeyogaworkout.wmv
2012-01-16 18:39 - 2012-01-16 18:31 - 3388452 ____A C:\Users\Barb\Downloads\IMG_2955.JPG
2012-01-16 18:39 - 2012-01-16 18:31 - 3357438 ____A C:\Users\Barb\Downloads\IMG_2950.JPG
2012-01-16 18:39 - 2012-01-16 18:31 - 3284927 ____A C:\Users\Barb\Downloads\IMG_2951.JPG
2012-01-16 18:39 - 2012-01-16 18:31 - 3259655 ____A C:\Users\Barb\Downloads\IMG_2954.JPG
2012-01-16 18:38 - 2012-01-16 18:31 - 3231499 ____A C:\Users\Barb\Downloads\Marla.JPG
2012-01-16 18:38 - 2012-01-16 18:30 - 3263259 ____A C:\Users\Barb\Downloads\IMG_2945.JPG
2012-01-16 18:38 - 2012-01-16 18:30 - 3227073 ____A C:\Users\Barb\Downloads\IMG_2946.JPG
2012-01-16 18:38 - 2012-01-16 18:30 - 3195212 ____A C:\Users\Barb\Downloads\IMG_2947.JPG
2012-01-16 18:38 - 2012-01-16 18:30 - 3186744 ____A C:\Users\Barb\Downloads\IMG_2949.JPG
2012-01-16 18:38 - 2012-01-16 18:30 - 3166744 ____A C:\Users\Barb\Downloads\IMG_2948.JPG
2012-01-16 18:37 - 2012-01-16 18:30 - 3323971 ____A C:\Users\Barb\Downloads\IMG_2943.JPG
2012-01-16 18:37 - 2012-01-16 18:30 - 3292439 ____A C:\Users\Barb\Downloads\IMG_2944.JPG
2012-01-16 18:35 - 2012-01-16 18:29 - 3185193 ____A C:\Users\Barb\Downloads\IMG_2942.JPG
2012-01-16 18:29 - 2012-01-16 18:29 - 2835499 ____A C:\Users\Barb\Downloads\IMG_2935 (1).JPG
2012-01-16 18:29 - 2012-01-16 18:28 - 2835499 ____A C:\Users\Barb\Downloads\IMG_2935.JPG
2012-01-16 16:54 - 2011-12-05 10:51 - 0000000 ____D C:\Users\Barb\AppData\Local\Google
2012-01-16 16:53 - 2012-01-16 16:53 - 0000000 ____D C:\Program Files (x86)\Google
2012-01-16 14:23 - 2011-11-30 21:13 - 0000000 ____D C:\Users\Barb\AppData\Roaming\FamilyTreeMaker
2012-01-16 13:52 - 2012-01-16 13:52 - 0009607 ____A C:\Users\Barb\Downloads\IMG_2774.JPG
2012-01-16 08:16 - 2012-01-16 08:16 - 0015166 ____A C:\Users\Barb\Downloads\Nicholas-12.jpg
2012-01-16 08:15 - 2012-01-16 08:15 - 0023927 ____A C:\Users\Barb\Downloads\Nicholas-2.jpg
2012-01-16 08:15 - 2012-01-16 08:15 - 0022115 ____A C:\Users\Barb\Downloads\Nicholas-3.jpg
2012-01-16 08:15 - 2012-01-16 08:15 - 0007160 ____A C:\Users\Barb\Downloads\Nicholas-5.jpg
2012-01-16 08:14 - 2012-01-16 08:14 - 0009357 ____A C:\Users\Barb\Downloads\Nicholas-15.jpg
2012-01-16 08:12 - 2012-01-16 08:13 - 0036458 ____A C:\Users\Barb\Downloads\Nicholas-1.jpg
2012-01-13 20:06 - 2012-02-15 07:14 - 3145728 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-01-12 19:01 - 2012-01-12 19:01 - 0050259 ____A C:\Users\Barb\Downloads\barbara-lisher_element-fitness-1 (1).pdf
2012-01-12 18:59 - 2012-01-12 18:59 - 0050259 ____A C:\Users\Barb\Downloads\barbara-lisher_element-fitness-1.pdf
2012-01-04 02:44 - 2012-02-15 07:14 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-01-04 02:44 - 2012-02-15 07:14 - 0509952 ____A (Microsoft Corporation) C:\Windows\System32\ntshrui.dll
2012-01-04 00:59 - 2012-02-15 07:14 - 12872704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2012-01-04 00:58 - 2012-02-15 07:14 - 0442880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntshrui.dll
2012-01-02 15:18 - 2012-01-02 15:19 - 0000059 ____A C:\Users\Barb\Start Menu\Programs\Startup\U.bat
2012-01-02 15:18 - 2012-01-02 15:19 - 0000059 ____A C:\Users\Barb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\U.bat
2012-01-02 15:18 - 2012-01-02 15:18 - 0000059 ____A C:\Users\Barb\U.bat
2011-12-31 09:56 - 2011-12-31 09:56 - 0026450 ____A C:\Users\Barb\Downloads\CIMG4776.JPG
2011-12-31 09:56 - 2011-12-31 09:56 - 0026402 ____A C:\Users\Barb\Downloads\CIMG4775.JPG
2011-12-31 09:56 - 2011-12-31 09:56 - 0025811 ____A C:\Users\Barb\Downloads\CIMG4774.JPG
2011-12-31 09:56 - 2011-12-31 09:56 - 0024179 ____A C:\Users\Barb\Downloads\CIMG4773.JPG
2011-12-31 09:55 - 2011-12-31 09:56 - 0024117 ____A C:\Users\Barb\Downloads\CIMG4771.JPG
2011-12-31 09:55 - 2011-12-31 09:55 - 0025610 ____A C:\Users\Barb\Downloads\CIMG4770.JPG
2011-12-31 09:55 - 2011-12-31 09:55 - 0024782 ____A C:\Users\Barb\Downloads\CIMG4767.JPG
2011-12-31 09:55 - 2011-12-31 09:55 - 0021550 ____A C:\Users\Barb\Downloads\CIMG4769.JPG
2011-12-31 09:55 - 2011-12-31 09:55 - 0020557 ____A C:\Users\Barb\Downloads\CIMG4768.JPG
2011-12-31 09:55 - 2011-12-31 09:55 - 0013906 ____A C:\Users\Barb\Downloads\CIMG4763.JPG
2011-12-31 09:55 - 2011-12-31 09:55 - 0012007 ____A C:\Users\Barb\Downloads\CIMG4762.JPG
2011-12-31 09:55 - 2011-12-31 09:55 - 0010631 ____A C:\Users\Barb\Downloads\CIMG4764.JPG
2011-12-31 09:55 - 2011-12-31 09:55 - 0007235 ____A C:\Users\Barb\Downloads\CIMG4765.JPG
2011-12-31 09:55 - 2011-12-31 09:55 - 0006232 ____A C:\Users\Barb\Downloads\CIMG4766.JPG
2011-12-31 09:54 - 2011-12-31 09:54 - 0025742 ____A C:\Users\Barb\Downloads\DSC_0081.JPG
2011-12-31 09:54 - 2011-12-31 09:54 - 0025445 ____A C:\Users\Barb\Downloads\DSC_0079.JPG
2011-12-31 09:54 - 2011-12-31 09:54 - 0025445 ____A C:\Users\Barb\Downloads\DSC_0079 (1).JPG
2011-12-31 09:54 - 2011-12-31 09:54 - 0022191 ____A C:\Users\Barb\Downloads\DSC_0073.JPG
2011-12-31 09:54 - 2011-12-31 09:54 - 0021077 ____A C:\Users\Barb\Downloads\DSC_0074.JPG
2011-12-31 09:54 - 2011-12-31 09:54 - 0021004 ____A C:\Users\Barb\Downloads\DSC_0075.JPG
2011-12-31 09:54 - 2011-12-31 09:54 - 0020327 ____A C:\Users\Barb\Downloads\DSC_0077.JPG
2011-12-31 09:54 - 2011-12-31 09:54 - 0019507 ____A C:\Users\Barb\Downloads\DSC_0072.JPG
2011-12-31 09:54 - 2011-12-31 09:54 - 0018614 ____A C:\Users\Barb\Downloads\DSC_0076.JPG
2011-12-31 09:54 - 2011-12-31 09:54 - 0016160 ____A C:\Users\Barb\Downloads\CIMG4772.JPG
2011-12-31 09:54 - 2011-12-31 09:54 - 0012497 ____A C:\Users\Barb\Downloads\DSC_0078.JPG
2011-12-31 09:54 - 2011-12-31 09:54 - 0010370 ____A C:\Users\Barb\Downloads\DSC_0071.JPG
2011-12-31 09:53 - 2011-12-31 09:53 - 0023591 ____A C:\Users\Barb\Downloads\DSC_0060.JPG
2011-12-31 09:53 - 2011-12-31 09:53 - 0023219 ____A C:\Users\Barb\Downloads\DSC_0059.JPG
2011-12-31 09:53 - 2011-12-31 09:53 - 0022828 ____A C:\Users\Barb\Downloads\DSC_0066.JPG
2011-12-31 09:53 - 2011-12-31 09:53 - 0022732 ____A C:\Users\Barb\Downloads\DSC_0065.JPG
2011-12-31 09:53 - 2011-12-31 09:53 - 0022586 ____A C:\Users\Barb\Downloads\DSC_0063.JPG
2011-12-31 09:53 - 2011-12-31 09:53 - 0021784 ____A C:\Users\Barb\Downloads\DSC_0067.JPG
2011-12-31 09:53 - 2011-12-31 09:53 - 0021517 ____A C:\Users\Barb\Downloads\DSC_0064.JPG
2011-12-31 09:53 - 2011-12-31 09:53 - 0021488 ____A C:\Users\Barb\Downloads\DSC_0068.JPG
2011-12-31 09:53 - 2011-12-31 09:53 - 0021488 ____A C:\Users\Barb\Downloads\DSC_0068 (1).JPG
2011-12-31 09:53 - 2011-12-31 09:53 - 0018870 ____A C:\Users\Barb\Downloads\DSC_0061.JPG
2011-12-31 09:53 - 2011-12-31 09:53 - 0011521 ____A C:\Users\Barb\Downloads\DSC_0070.JPG
2011-12-31 09:53 - 2011-12-31 09:53 - 0010972 ____A C:\Users\Barb\Downloads\DSC_0069.JPG
2011-12-31 09:53 - 2011-12-31 09:53 - 0009522 ____A C:\Users\Barb\Downloads\DSC_0062.JPG
2011-12-31 09:52 - 2011-12-31 09:52 - 0024295 ____A C:\Users\Barb\Downloads\DSC_0057.JPG
2011-12-31 09:52 - 2011-12-31 09:52 - 0013591 ____A C:\Users\Barb\Downloads\DSC_0041.JPG
2011-12-31 09:52 - 2011-12-31 09:52 - 0013227 ____A C:\Users\Barb\Downloads\DSC_0047.JPG
2011-12-31 09:52 - 2011-12-31 09:52 - 0012026 ____A C:\Users\Barb\Downloads\DSC_0050.JPG
2011-12-31 09:52 - 2011-12-31 09:52 - 0010905 ____A C:\Users\Barb\Downloads\DSC_0046.JPG
2011-12-31 09:52 - 2011-12-31 09:52 - 0010875 ____A C:\Users\Barb\Downloads\DSC_0042.JPG
2011-12-31 09:52 - 2011-12-31 09:52 - 0010143 ____A C:\Users\Barb\Downloads\DSC_0043.JPG
2011-12-31 09:52 - 2011-12-31 09:52 - 0009579 ____A C:\Users\Barb\Downloads\DSC_0054.JPG
2011-12-31 09:51 - 2011-12-31 09:51 - 0022190 ____A C:\Users\Barb\Downloads\DSC_0033.JPG
2011-12-31 09:51 - 2011-12-31 09:51 - 0014915 ____A C:\Users\Barb\Downloads\DSC_0007.JPG
2011-12-31 09:51 - 2011-12-31 09:51 - 0013726 ____A C:\Users\Barb\Downloads\DSC_0036.JPG
2011-12-31 09:51 - 2011-12-31 09:51 - 0011327 ____A C:\Users\Barb\Downloads\DSC_0034.JPG
2011-12-31 09:51 - 2011-12-31 09:51 - 0009551 ____A C:\Users\Barb\Downloads\DSC_0008.JPG
2011-12-31 09:51 - 2011-12-31 09:51 - 0008806 ____A C:\Users\Barb\Downloads\DSC_0004.JPG
2011-12-31 09:51 - 2011-12-31 09:51 - 0008315 ____A C:\Users\Barb\Downloads\DSC_0005.JPG
2011-12-31 09:50 - 2011-12-31 09:50 - 0055343 ____A C:\Users\Barb\Downloads\DSC_0080 (1).JPG
2011-12-31 09:48 - 2011-12-31 09:48 - 0052772 ____A C:\Users\Barb\Downloads\DSC_0080.JPG
2011-12-31 09:47 - 2011-12-31 09:47 - 0021343 ____A C:\Users\Barb\Downloads\CIMG4795.JPG
2011-12-31 09:47 - 2011-12-31 09:47 - 0021140 ____A C:\Users\Barb\Downloads\CIMG4791.JPG
2011-12-31 09:47 - 2011-12-31 09:47 - 0020563 ____A C:\Users\Barb\Downloads\CIMG4790.JPG
2011-12-31 09:47 - 2011-12-31 09:47 - 0019178 ____A C:\Users\Barb\Downloads\CIMG4793.JPG
2011-12-31 09:47 - 2011-12-31 09:47 - 0019029 ____A C:\Users\Barb\Downloads\CIMG4792.JPG
2011-12-31 09:47 - 2011-12-31 09:47 - 0016380 ____A C:\Users\Barb\Downloads\CIMG4789.JPG
2011-12-31 09:47 - 2011-12-31 09:47 - 0011486 ____A C:\Users\Barb\Downloads\CIMG4794.JPG
2011-12-31 09:46 - 2011-12-31 09:46 - 0020239 ____A C:\Users\Barb\Downloads\CIMG4785.JPG
2011-12-31 09:46 - 2011-12-31 09:46 - 0018494 ____A C:\Users\Barb\Downloads\CIMG4784.JPG
2011-12-31 09:46 - 2011-12-31 09:46 - 0014730 ____A C:\Users\Barb\Downloads\CIMG4787.JPG
2011-12-31 09:46 - 2011-12-31 09:46 - 0014561 ____A C:\Users\Barb\Downloads\CIMG4788.JPG
2011-12-31 09:45 - 2011-12-31 09:45 - 0042050 ____A C:\Users\Barb\Downloads\101226_PorterChristmas_007.jpg
2011-12-31 09:45 - 2011-12-31 09:45 - 0026418 ____A C:\Users\Barb\Downloads\101226_PorterChristmas_024.jpg
2011-12-31 08:50 - 2011-12-31 08:50 - 0064584 ____A C:\Users\Barb\Downloads\CIMG4796.JPG
2011-12-30 08:27 - 2011-12-30 07:53 - 0017067 ____A C:\Users\Barb\Documents\Dates.xlsx
2011-12-29 22:26 - 2012-02-15 07:14 - 0515584 ____A (Microsoft Corporation) C:\Windows\System32\timedate.cpl
2011-12-29 21:27 - 2012-02-15 07:14 - 0478720 ____A (Microsoft Corporation) C:\Windows\SysWOW64\timedate.cpl
2011-12-28 15:20 - 2011-11-21 08:09 - 0000000 ____D C:\Data
2011-12-28 11:15 - 2011-12-28 11:14 - 0004190 ____A C:\Windows\DPINST.LOG
2011-12-27 19:59 - 2012-02-15 07:14 - 0498688 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\afd.sys
2011-12-26 15:13 - 2011-11-19 19:02 - 0000000 ____D C:\Users\Barb\AppData\Local\ElevatedDiagnostics
2011-12-23 07:37 - 2011-11-21 07:34 - 0000000 ____D C:\Users\All Users\Adobe
2011-12-23 07:37 - 2011-11-21 07:34 - 0000000 ____D C:\ProgramData\Adobe
2011-12-23 07:27 - 2011-12-23 07:27 - 0000000 ____D C:\Users\Barb\AppData\Roaming\Apple Computer
2011-12-22 14:38 - 2011-11-16 20:56 - 0000000 ____D C:\Users\Barb\AppData\Roaming\Adobe
2011-12-22 14:36 - 2011-12-22 14:36 - 0000000 ____D C:\Users\Barb\Documents\Adobe
2011-12-22 12:00 - 2011-11-21 07:34 - 0000000 ____D C:\Users\Barb\AppData\Local\Adobe
2011-12-22 11:57 - 2011-12-22 11:57 - 0000000 ____D C:\Users\Barb\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2011-12-22 11:54 - 2011-12-22 11:54 - 0000000 ____D C:\Users\All Users\regid.1986-12.com.adobe
2011-12-22 11:54 - 2011-12-22 11:54 - 0000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2011-12-22 11:49 - 2011-12-22 11:49 - 0000000 ____D C:\Users\All Users\Apple Computer
2011-12-22 11:49 - 2011-12-22 11:49 - 0000000 ____D C:\ProgramData\Apple Computer
2011-12-22 11:49 - 2011-12-22 11:49 - 0000000 ____D C:\Program Files (x86)\QuickTime
2011-12-22 11:48 - 2011-12-22 11:48 - 0000000 ____D C:\Users\Barb\AppData\Local\Apple
2011-12-22 11:48 - 2011-12-22 11:48 - 0000000 ____D C:\Users\All Users\Apple
2011-12-22 11:48 - 2011-12-22 11:48 - 0000000 ____D C:\ProgramData\Apple
2011-12-22 11:48 - 2011-12-22 11:48 - 0000000 ____D C:\Program Files (x86)\Apple Software Update
2011-12-22 11:18 - 2011-11-21 07:34 - 0000000 ____D C:\Program Files (x86)\Adobe
2011-12-22 11:17 - 2011-12-22 11:16 - 0000000 ____D C:\Users\All Users\SmartSound Software Inc
2011-12-22 11:17 - 2011-12-22 11:16 - 0000000 ____D C:\ProgramData\SmartSound Software Inc
2011-12-22 11:17 - 2011-11-16 20:48 - 0000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2011-12-22 11:16 - 2011-12-22 11:16 - 0000000 ____D C:\Program Files (x86)\SmartSound Software
2011-12-22 11:15 - 2011-12-22 11:07 - 0000000 ____D C:\Program Files\Common Files\Adobe
2011-12-22 11:14 - 2011-12-22 11:14 - 0001217 ____A C:\Users\Public\Desktop\Adobe Premiere Elements 10.lnk
2011-12-22 11:11 - 2011-12-22 11:11 - 0000000 ____D C:\Program Files\Adobe
2011-12-22 11:04 - 2011-12-22 11:04 - 0001896 ____A C:\Users\Public\Desktop\Adobe Photoshop Elements 10.lnk
2011-12-21 09:21 - 2011-12-15 20:26 - 0003286 ____A C:\Windows\IE9_main.log

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

========================= Memory info ======================

Percentage of memory in use: 7%
Total physical RAM: 16301.11 MB
Available physical RAM: 15135.2 MB
Total Pagefile: 16299.31 MB
Available Pagefile: 15124.95 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:465.66 GB) (Free:369.83 GB) NTFS
3 Drive f: () (Removable) (Total:0.06 GB) (Free:0.06 GB) FAT
4 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
5 Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 465 GB 0 B
Disk 1 Online 62 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 100 MB 1024 KB
Partition 2 Primary 465 GB 101 MB

======================================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y System Rese NTFS Partition 100 MB Healthy

======================================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partition 465 GB Healthy

======================================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 61 MB 16 KB

======================================================================================================

Disk: 1
Partition 1
Type : 06
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 F FAT Removable 61 MB Healthy

======================================================================================================

==========================================================

Last Boot: 2012-03-10 20:29

======================= End Of Log ==========================

#9 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:09:06 PM

Posted 20 March 2012 - 08:11 AM

Please do the following with FRST64

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flashdrive as fixlist.txt


start
SubSystems: [Windows] ==> ZeroAccess
cmd: bootrec /FixMbr
cmd: bootrec /fixboot
end


Now please enter System Recovery Options.
Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#10 Bobandray

Bobandray
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:06 PM

Posted 20 March 2012 - 02:01 PM

CatByte,

Contents of Fixlog.txt:


Fix result of Farbar Recovery Scan Tool (FRST written by farbar) Version: 15-03-2012
Ran by SYSTEM at 2012-03-20 12:34:46 R:1
Running from F:\

==============================================

HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Session Manager\SubSystems\\Windows Value was restored.

========= bootrec /FixMbr =========

˙ūT h e o p e r a t i o n c o m p l e t e d s u c c e s s f u l l y .

========= End of CMD: =========


========= bootrec /fixboot =========

˙ūT h e o p e r a t i o n c o m p l e t e d s u c c e s s f u l l y .

========= End of CMD: =========


==== End of Fixlog ====

#11 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:09:06 PM

Posted 20 March 2012 - 03:16 PM

are you able to boot normally now?

if so please run ComboFix and post the resulting log


Refer to the ComboFix User's Guide

  • Download ComboFix from one of these locations:

    Link 1
    Link 2

    * IMPORTANT !!! Place ComboFix.exe on your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
    You can get help on disabling your protection programs here
  • Double click on ComboFix.exe & follow the prompts.
  • Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  • When finished, it shall produce a log for you. Post that log in your next reply

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


    ---------------------------------------------------------------------------------------------
  • Ensure your AntiVirus and AntiSpyware applications are re-enabled.

    ---------------------------------------------------------------------------------------------

NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#12 Bobandray

Bobandray
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:06 PM

Posted 21 March 2012 - 12:51 PM

CatByte,

Still unable to boot normally. Tried Startup Repair a few times, but no joy.

Thanks,
Bob and Ray

#13 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:09:06 PM

Posted 21 March 2012 - 04:28 PM

exactly what happens when you try and start normally?

Are you able to boot into safe mode?

Have you tried booting into "Last Known Good Configuration"?


Please re-run the FRST scan and post a fresh log, I must have missed an entry

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#14 Bobandray

Bobandray
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:06 PM

Posted 23 March 2012 - 01:48 PM

CatByte,

When I try to start normally, it shows the BIOS screen, then says "Starting Windows", then goes back to the BIOS screen, then shows a character-based screen which says "Windows Error Recovery" in the title bar. The body of the screen says "Windows failed to start. A recent hardware or software change might be the cause." and offers two options: either "Launch Startup Repair" or "Start Windows Normally". Regardless the choice, Windows will not start the graphical UI. If you select "Start Windows Normally" it just repeats the cycle over and over. If you select "Launch Startup Repair" you get several options, but none of them fix the problem. At some point, there is an option to get additional information which says, among other things, "Bad Patch". You might expect that if the system is smart enough to know there is a bad patch, the system might be smart enough to fix it. But apparently not.

Booting to Safe Mode takes me to the same "Windows Error Recovery" screen described above.

Last Known Good goes back through the BIOS screen a second time (as with all other scenarios), and then takes me to the same "Windows Error Recovery" screen described above.

Here is the output from the FRST re-run:


Scan result of Farbar Recovery Scan Tool Version: 15-03-2012
Ran by SYSTEM at 22-03-2012 14:29:46
Running from F:\
Windows 7 Professional Service Pack 1 (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [12632168 2011-07-21] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE4 [2264168 2011-07-12] (Realtek Semiconductor)
HKLM\...\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe [167704 2011-10-21] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe [392472 2011-10-21] (Intel Corporation)
HKLM\...\Run: [Persistence] C:\Windows\system32\igfxpers.exe [416024 2011-10-21] (Intel Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [499608 2011-06-16] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Dolby Home Theater v4] "C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe" -autostart [506712 2011-06-01] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe" [2416480 2012-01-24] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-02] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2011-09-27] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2011-10-24] (Apple Inc.)
HKLM-x32\...\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54840 2007-05-08] (Hewlett-Packard)
HKLM-x32\...\Run: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [150016 2008-08-20] (Hewlett-Packard)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.)
HKU\Barb\...\Run: [Google Update] "C:\Users\Barb\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2011-12-05] (Google Inc.)
HKLM\...\RunOnce: [*Restore] C:\Windows\system32\rstrui.exe /RUNONCE [296960 2010-11-20] (Microsoft Corporation)
Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.123.100
Tcpip\..\Interfaces\{2DAF9BFD-E889-41C8-B041-50EAAA5FA188}: [NameServer]10.1.1.1

==================== Services (Whitelisted) ======

2 AdobeActiveFileMonitor10.0; C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [169624 2011-09-01] (Adobe Systems Incorporated)
3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
2 arXfrSvc; "C:\Program Files\Windows Home Server\Microsoft.HomeServer.Archive.TransferService.exe" [231280 2011-01-10] (Microsoft Corporation)
2 avgwd; "C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe" [192776 2011-08-02] (AVG Technologies CZ, s.r.o.)
2 esClient; "C:\Program Files\Windows Home Server\esClient.exe" [109936 2011-01-10] (Microsoft Corporation)
3 IDriverT; "C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe" [69632 2005-04-03] (Macrovision Corporation)
2 IntuitUpdateServiceV4; "C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe" [13672 2011-08-25] (Intuit Inc.)
2 UNS; "C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe" [2655768 2010-10-05] (Intel Corporation)
2 WHSConnector; "C:\Program Files\Windows Home Server\WHSConnector.exe" [489840 2011-01-10] (Microsoft Corporation)

========================== Drivers (Whitelisted) =============

1 AppleCharger; C:\Windows\System32\Drivers\AppleCharger.sys [21104 2011-01-10] ()
0 AVGIDSEH; C:\Windows\System32\Drivers\AVGIDSEH.sys [26704 2011-07-10] (AVG Technologies CZ, s.r.o. )
1 Avgldx64; C:\Windows\System32\Drivers\Avgldx64.sys [283728 2011-10-07] (AVG Technologies CZ, s.r.o.)
1 Avgmfx64; C:\Windows\System32\Drivers\Avgmfx64.sys [46672 2011-08-08] (AVG Technologies CZ, s.r.o.)
0 Avgrkx64; C:\Windows\System32\Drivers\Avgrkx64.sys [37456 2011-09-13] (AVG Technologies CZ, s.r.o.)
3 dmvsc; C:\Windows\System32\Drivers\dmvsc.sys [71168 2010-11-20] (Microsoft Corporation)
3 EtronHub3; C:\Windows\System32\Drivers\EtronHub3.sys [56960 2011-07-28] (Etron Technology Inc)
3 EtronXHCI; C:\Windows\System32\Drivers\EtronXHCI.sys [79104 2011-07-28] (Etron Technology Inc)
3 gdrv; \??\C:\Windows\gdrv.sys [25640 2011-11-19] (Windows ® Server 2003 DDK provider)
3 GVTDrv64; \??\C:\Windows\GVTDrv64.sys [30528 2011-11-19] ()
3 TsUsbGD; C:\Windows\System32\Drivers\TsUsbGD.sys [31232 2010-11-20] (Microsoft Corporation)

========================== NetSvcs (Whitelisted) ===========

============ One Month Created Files and Folders ==============

2012-03-19 19:28 - 2012-03-22 14:30 - 0000000 ____D C:\FRST
2012-03-11 16:26 - 2012-03-11 16:26 - 0157472 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaws.exe
2012-03-11 16:26 - 2012-03-11 16:26 - 0149280 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaw.exe
2012-03-11 16:26 - 2012-03-11 16:26 - 0149280 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\java.exe
2012-03-08 18:15 - 2012-03-08 18:15 - 0049219 ____A C:\Users\Barb\Downloads\usaa_quicken (3).qfx
2012-03-08 18:15 - 2012-03-08 18:14 - 0049219 ____A C:\Users\Barb\Downloads\usaa_quicken (2).qfx
2012-03-03 21:59 - 2012-03-03 21:59 - 0024717 ____A C:\Users\Barb\Documents\college transcript.xlsx
2012-03-02 14:45 - 2012-03-02 14:45 - 0051568 ____A C:\Users\Barb\Downloads\usaa_quicken (1).qfx
2012-02-21 08:37 - 2012-02-21 08:37 - 0002951 ____A C:\Users\Barb\Desktop\Microsoft Excel 2010.lnk

============ 3 Months Modified Files and Folders =============

2012-03-22 14:30 - 2012-03-19 19:28 - 0000000 ____D C:\FRST
2012-03-18 19:24 - 2012-02-13 16:19 - 0000000 ____D C:\Users\Barb\Documents\Family Law Software
2012-03-18 19:24 - 2011-11-19 16:19 - 0000000 ____D C:\Users\All Users\Intel
2012-03-18 19:24 - 2011-11-19 16:19 - 0000000 ____D C:\ProgramData\Intel
2012-03-18 19:24 - 2011-11-16 21:02 - 0000000 ____D C:\Windows\System32\Drivers\AVG
2012-03-18 19:24 - 2011-11-16 20:38 - 0000000 ____D C:\users\Barb
2012-03-18 19:24 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\registration
2012-03-18 19:24 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\AppCompat
2012-03-13 20:42 - 2011-04-12 00:28 - 0000000 ___RD C:\Users\Public\Recorded TV
2012-03-13 13:40 - 2011-11-16 12:32 - 1836987 ____A C:\Windows\WindowsUpdate.log
2012-03-13 13:38 - 2009-07-13 20:45 - 0022096 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-03-13 13:38 - 2009-07-13 20:45 - 0022096 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-03-13 13:35 - 2009-07-13 21:13 - 0778834 ____A C:\Windows\System32\PerfStringBackup.INI
2012-03-13 13:31 - 2011-11-16 12:30 - 4229783552 __ASH C:\hiberfil.sys
2012-03-13 13:31 - 2009-07-13 21:08 - 0000006 ___AH C:\Windows\Tasks\SA.DAT
2012-03-13 13:31 - 2009-07-13 20:51 - 0037876 ____A C:\Windows\setupact.log
2012-03-13 09:58 - 2011-11-16 20:58 - 0000000 ____D C:\Users\All Users\MFAData
2012-03-13 09:58 - 2011-11-16 20:58 - 0000000 ____D C:\ProgramData\MFAData
2012-03-11 16:26 - 2012-03-11 16:26 - 0157472 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaws.exe
2012-03-11 16:26 - 2012-03-11 16:26 - 0149280 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaw.exe
2012-03-11 16:26 - 2012-03-11 16:26 - 0149280 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\java.exe
2012-03-11 16:26 - 2011-12-02 08:44 - 0472808 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\deployJava1.dll
2012-03-09 19:26 - 2012-02-18 19:39 - 0000000 ____D C:\Users\Barb\AppData\Roaming\HP
2012-03-08 18:15 - 2012-03-08 18:15 - 0049219 ____A C:\Users\Barb\Downloads\usaa_quicken (3).qfx
2012-03-08 18:14 - 2012-03-08 18:15 - 0049219 ____A C:\Users\Barb\Downloads\usaa_quicken (2).qfx
2012-03-03 21:59 - 2012-03-03 21:59 - 0024717 ____A C:\Users\Barb\Documents\college transcript.xlsx
2012-03-02 14:45 - 2012-03-02 14:45 - 0051568 ____A C:\Users\Barb\Downloads\usaa_quicken (1).qfx
2012-02-28 20:03 - 2011-11-30 21:01 - 0772558 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2012-02-27 19:40 - 2012-01-14 10:42 - 0023832 ____A C:\Users\Barb\Documents\2011 christmas letter.docx
2012-02-21 08:37 - 2012-02-21 08:37 - 0002951 ____A C:\Users\Barb\Desktop\Microsoft Excel 2010.lnk
2012-02-20 12:26 - 2009-07-13 19:18 - 0000000 __SHD C:\$Recycle.Bin
2012-02-19 09:23 - 2009-07-13 20:45 - 0420832 ____A C:\Windows\System32\FNTCACHE.DAT
2012-02-18 19:55 - 2011-11-19 13:35 - 0112600 ____A C:\Users\Barb\AppData\Local\GDIPFONTCACHEV1.DAT
2012-02-18 19:41 - 2012-02-18 19:41 - 0000000 ____D C:\Users\Barb\AppData\Local\HP
2012-02-18 19:40 - 2012-02-18 19:24 - 0000351 ____A C:\Users\All Users\hpzinstall.log
2012-02-18 19:40 - 2012-02-18 19:24 - 0000351 ____A C:\ProgramData\hpzinstall.log
2012-02-18 19:39 - 2012-02-18 19:39 - 0000000 ____D C:\Users\All Users\WEBREG
2012-02-18 19:39 - 2012-02-18 19:39 - 0000000 ____D C:\ProgramData\WEBREG
2012-02-18 19:38 - 2012-02-18 19:38 - 0002167 ____A C:\Users\Public\Desktop\HP Photosmart Essential 3.5.lnk
2012-02-18 19:38 - 2012-02-18 19:36 - 0000000 ____D C:\Program Files (x86)\HP
2012-02-18 19:37 - 2012-02-18 19:37 - 0001315 ____A C:\Users\Public\Desktop\HP Solution Center.lnk
2012-02-18 19:37 - 2012-02-18 19:37 - 0000000 ____D C:\Users\All Users\HP Product Assistant
2012-02-18 19:37 - 2012-02-18 19:37 - 0000000 ____D C:\ProgramData\HP Product Assistant
2012-02-18 19:37 - 2012-02-18 19:24 - 0000000 ____D C:\Users\All Users\HP
2012-02-18 19:37 - 2012-02-18 19:24 - 0000000 ____D C:\ProgramData\HP
2012-02-18 17:54 - 2012-02-18 17:17 - 177468928 ____A (Igor Pavlov) C:\Users\Barb\Downloads\setup_full_G4000_3.exe
2012-02-18 14:34 - 2012-02-18 14:34 - 0000000 ___AH C:\Windows\System32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2012-02-16 07:42 - 2011-11-16 20:38 - 0000000 ____D C:\Users\Barb\AppData\LocalLow
2012-02-15 18:19 - 2011-11-16 20:39 - 0000174 ___SH C:\Users\Barb\Start Menu\Programs\Startup\desktop.ini
2012-02-15 18:19 - 2011-11-16 20:39 - 0000174 ___SH C:\Users\Barb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
2012-02-15 15:32 - 2011-11-25 19:20 - 0000000 ____D C:\Users\All Users\Microsoft Help
2012-02-15 15:32 - 2011-11-25 19:20 - 0000000 ____D C:\ProgramData\Microsoft Help
2012-02-15 15:30 - 2011-11-19 09:54 - 0000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2012-02-15 15:29 - 2011-11-19 07:59 - 54585368 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-02-15 14:13 - 2012-02-07 20:14 - 0000469 ____A C:\Users\All Users\Microsoft.SqlServer.Compact.400.32.bc
2012-02-15 14:13 - 2012-02-07 20:14 - 0000469 ____A C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
2012-02-13 16:18 - 2012-02-13 16:18 - 0000995 ____A C:\Users\Public\Desktop\Family Law Software Client.lnk
2012-02-13 16:18 - 2012-02-13 16:18 - 0000000 ____D C:\Users\Barb\AppData\Roaming\Softland
2012-02-13 16:18 - 2012-02-13 16:18 - 0000000 ____D C:\Program Files\Softland
2012-02-13 16:18 - 2012-02-13 16:18 - 0000000 ____D C:\Program Files (x86)\FLSClnt
2012-02-09 19:42 - 2012-02-09 19:42 - 0057327 ____A C:\Users\Barb\Downloads\usaa_quicken.qfx
2012-02-07 20:21 - 2012-02-07 20:21 - 0000000 ____D C:\Users\Barb\Documents\TurboTax
2012-02-07 20:14 - 2012-02-07 20:14 - 0002515 ____A C:\Users\Public\Desktop\TurboTax 2011.lnk
2012-02-07 20:14 - 2011-11-22 18:21 - 0000000 ____D C:\Users\Barb\AppData\Roaming\Intuit
2012-02-07 20:14 - 2011-11-22 18:13 - 0000000 ____D C:\Users\All Users\Intuit
2012-02-07 20:14 - 2011-11-22 18:13 - 0000000 ____D C:\ProgramData\Intuit
2012-02-07 20:11 - 2012-02-07 20:11 - 0000000 ____D C:\Program Files (x86)\TurboTax
2012-02-05 12:53 - 2012-02-05 12:53 - 0216576 ____A C:\Users\Barb\Downloads\envelope.pub
2012-02-05 12:37 - 2011-11-25 19:20 - 0000000 ____D C:\Users\Barb\AppData\Local\Microsoft Help
2012-02-05 11:46 - 2009-07-13 21:08 - 0032558 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-02-04 08:17 - 2010-11-20 19:47 - 0030784 ____A C:\Windows\PFRO.log
2012-02-03 09:59 - 2011-11-22 18:21 - 0000000 ____D C:\Program Files (x86)\Quicken
2012-02-01 13:56 - 2012-02-01 13:56 - 0000852 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2703633545-3807309208-3974150782-1000Core1cce12c66bbb5ae.job
2012-01-29 03:10 - 2010-11-20 19:27 - 0279656 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2012-01-28 20:18 - 2012-01-28 20:18 - 0170033 ____A C:\Users\Barb\Downloads\Lorie-McCown_109.jpg
2012-01-28 20:16 - 2012-01-28 20:17 - 0479768 ____A C:\Users\Barb\Downloads\Lorie-McCown_100.jpg
2012-01-28 20:16 - 2012-01-28 20:16 - 0548306 ____A C:\Users\Barb\Downloads\Lorie-McCown_81.jpg
2012-01-28 20:16 - 2012-01-28 20:16 - 0223005 ____A C:\Users\Barb\Downloads\Lorie-McCown_75.jpg
2012-01-28 20:15 - 2012-01-28 20:15 - 0297052 ____A C:\Users\Barb\Downloads\Lorie-McCown_42.jpg
2012-01-28 20:15 - 2012-01-28 20:15 - 0157363 ____A C:\Users\Barb\Downloads\Lorie-McCown_45.jpg
2012-01-28 20:13 - 2012-01-28 20:13 - 0181793 ____A C:\Users\Barb\Downloads\Lorie-McCown_25.jpg
2012-01-28 20:12 - 2012-01-28 20:12 - 0212310 ____A C:\Users\Barb\Downloads\Lorie-McCown_55.jpg
2012-01-28 19:31 - 2012-01-28 19:31 - 0235675 ____A C:\Users\Barb\Downloads\Halloween quilt.jpg
2012-01-27 10:07 - 2012-01-27 10:07 - 0081107 ____A C:\Users\Barb\Downloads\tickets_476692.html
2012-01-23 10:24 - 2012-01-23 10:24 - 0302931 ____A C:\Users\Barb\Downloads\Angelicia Jan 2012.JPG
2012-01-23 10:09 - 2012-01-23 10:10 - 0130386 ____A C:\Users\Barb\Downloads\Sebastian Jan 2012.JPG
2012-01-23 10:09 - 2012-01-23 10:09 - 0205461 ____A C:\Users\Barb\Downloads\Rachele Jan 2012.JPG
2012-01-23 10:09 - 2012-01-23 10:09 - 0151425 ____A C:\Users\Barb\Downloads\Karmyn Jan 2012.JPG
2012-01-23 10:08 - 2012-01-23 10:08 - 0088862 ____A C:\Users\Barb\Downloads\Ian Jan 2012.JPG
2012-01-23 10:08 - 2012-01-23 10:08 - 0088597 ____A C:\Users\Barb\Downloads\Gabby Jan 2012.JPG
2012-01-19 18:09 - 2012-01-19 18:09 - 35145403 ____A C:\Users\Barb\Downloads\Print family 2011.psd
2012-01-19 18:09 - 2012-01-19 18:09 - 0624556 ____A C:\Users\Barb\Downloads\Print family 2011.jpg
2012-01-19 17:10 - 2012-01-19 17:10 - 94168790 ____A C:\Users\Barb\Downloads\Family Funny 2011.psd
2012-01-19 17:10 - 2012-01-19 17:10 - 1035804 ____A C:\Users\Barb\Downloads\Print Family Funny 2011 copy.jpg
2012-01-19 11:38 - 2012-01-19 11:38 - 0000000 ____D C:\Users\Barb\AppData\Roaming\PhotoshopdotcomInspirationBrowser.4C35C4D325D350FE0114230CBADCA2DDD0AC8D25.1
2012-01-17 10:11 - 2012-01-17 09:35 - 86471982 ____A C:\Users\Barb\Downloads\freeyogaworkout.wmv
2012-01-16 18:39 - 2012-01-16 18:31 - 3388452 ____A C:\Users\Barb\Downloads\IMG_2955.JPG
2012-01-16 18:39 - 2012-01-16 18:31 - 3357438 ____A C:\Users\Barb\Downloads\IMG_2950.JPG
2012-01-16 18:39 - 2012-01-16 18:31 - 3284927 ____A C:\Users\Barb\Downloads\IMG_2951.JPG
2012-01-16 18:39 - 2012-01-16 18:31 - 3259655 ____A C:\Users\Barb\Downloads\IMG_2954.JPG
2012-01-16 18:38 - 2012-01-16 18:31 - 3231499 ____A C:\Users\Barb\Downloads\Marla.JPG
2012-01-16 18:38 - 2012-01-16 18:30 - 3263259 ____A C:\Users\Barb\Downloads\IMG_2945.JPG
2012-01-16 18:38 - 2012-01-16 18:30 - 3227073 ____A C:\Users\Barb\Downloads\IMG_2946.JPG
2012-01-16 18:38 - 2012-01-16 18:30 - 3195212 ____A C:\Users\Barb\Downloads\IMG_2947.JPG
2012-01-16 18:38 - 2012-01-16 18:30 - 3186744 ____A C:\Users\Barb\Downloads\IMG_2949.JPG
2012-01-16 18:38 - 2012-01-16 18:30 - 3166744 ____A C:\Users\Barb\Downloads\IMG_2948.JPG
2012-01-16 18:37 - 2012-01-16 18:30 - 3323971 ____A C:\Users\Barb\Downloads\IMG_2943.JPG
2012-01-16 18:37 - 2012-01-16 18:30 - 3292439 ____A C:\Users\Barb\Downloads\IMG_2944.JPG
2012-01-16 18:35 - 2012-01-16 18:29 - 3185193 ____A C:\Users\Barb\Downloads\IMG_2942.JPG
2012-01-16 18:29 - 2012-01-16 18:29 - 2835499 ____A C:\Users\Barb\Downloads\IMG_2935 (1).JPG
2012-01-16 18:29 - 2012-01-16 18:28 - 2835499 ____A C:\Users\Barb\Downloads\IMG_2935.JPG
2012-01-16 16:54 - 2011-12-05 10:51 - 0000000 ____D C:\Users\Barb\AppData\Local\Google
2012-01-16 16:53 - 2012-01-16 16:53 - 0000000 ____D C:\Program Files (x86)\Google
2012-01-16 14:23 - 2011-11-30 21:13 - 0000000 ____D C:\Users\Barb\AppData\Roaming\FamilyTreeMaker
2012-01-16 13:52 - 2012-01-16 13:52 - 0009607 ____A C:\Users\Barb\Downloads\IMG_2774.JPG
2012-01-16 08:16 - 2012-01-16 08:16 - 0015166 ____A C:\Users\Barb\Downloads\Nicholas-12.jpg
2012-01-16 08:15 - 2012-01-16 08:15 - 0023927 ____A C:\Users\Barb\Downloads\Nicholas-2.jpg
2012-01-16 08:15 - 2012-01-16 08:15 - 0022115 ____A C:\Users\Barb\Downloads\Nicholas-3.jpg
2012-01-16 08:15 - 2012-01-16 08:15 - 0007160 ____A C:\Users\Barb\Downloads\Nicholas-5.jpg
2012-01-16 08:14 - 2012-01-16 08:14 - 0009357 ____A C:\Users\Barb\Downloads\Nicholas-15.jpg
2012-01-16 08:12 - 2012-01-16 08:13 - 0036458 ____A C:\Users\Barb\Downloads\Nicholas-1.jpg
2012-01-13 20:06 - 2012-02-15 07:14 - 3145728 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-01-12 19:01 - 2012-01-12 19:01 - 0050259 ____A C:\Users\Barb\Downloads\barbara-lisher_element-fitness-1 (1).pdf
2012-01-12 18:59 - 2012-01-12 18:59 - 0050259 ____A C:\Users\Barb\Downloads\barbara-lisher_element-fitness-1.pdf
2012-01-04 02:44 - 2012-02-15 07:14 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-01-04 02:44 - 2012-02-15 07:14 - 0509952 ____A (Microsoft Corporation) C:\Windows\System32\ntshrui.dll
2012-01-04 00:59 - 2012-02-15 07:14 - 12872704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2012-01-04 00:58 - 2012-02-15 07:14 - 0442880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntshrui.dll
2012-01-02 15:18 - 2012-01-02 15:19 - 0000059 ____A C:\Users\Barb\Start Menu\Programs\Startup\U.bat
2012-01-02 15:18 - 2012-01-02 15:19 - 0000059 ____A C:\Users\Barb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\U.bat
2012-01-02 15:18 - 2012-01-02 15:18 - 0000059 ____A C:\Users\Barb\U.bat
2011-12-31 09:56 - 2011-12-31 09:56 - 0026450 ____A C:\Users\Barb\Downloads\CIMG4776.JPG
2011-12-31 09:56 - 2011-12-31 09:56 - 0026402 ____A C:\Users\Barb\Downloads\CIMG4775.JPG
2011-12-31 09:56 - 2011-12-31 09:56 - 0025811 ____A C:\Users\Barb\Downloads\CIMG4774.JPG
2011-12-31 09:56 - 2011-12-31 09:56 - 0024179 ____A C:\Users\Barb\Downloads\CIMG4773.JPG
2011-12-31 09:55 - 2011-12-31 09:56 - 0024117 ____A C:\Users\Barb\Downloads\CIMG4771.JPG
2011-12-31 09:55 - 2011-12-31 09:55 - 0025610 ____A C:\Users\Barb\Downloads\CIMG4770.JPG
2011-12-31 09:55 - 2011-12-31 09:55 - 0024782 ____A C:\Users\Barb\Downloads\CIMG4767.JPG
2011-12-31 09:55 - 2011-12-31 09:55 - 0021550 ____A C:\Users\Barb\Downloads\CIMG4769.JPG
2011-12-31 09:55 - 2011-12-31 09:55 - 0020557 ____A C:\Users\Barb\Downloads\CIMG4768.JPG
2011-12-31 09:55 - 2011-12-31 09:55 - 0013906 ____A C:\Users\Barb\Downloads\CIMG4763.JPG
2011-12-31 09:55 - 2011-12-31 09:55 - 0012007 ____A C:\Users\Barb\Downloads\CIMG4762.JPG
2011-12-31 09:55 - 2011-12-31 09:55 - 0010631 ____A C:\Users\Barb\Downloads\CIMG4764.JPG
2011-12-31 09:55 - 2011-12-31 09:55 - 0007235 ____A C:\Users\Barb\Downloads\CIMG4765.JPG
2011-12-31 09:55 - 2011-12-31 09:55 - 0006232 ____A C:\Users\Barb\Downloads\CIMG4766.JPG
2011-12-31 09:54 - 2011-12-31 09:54 - 0025742 ____A C:\Users\Barb\Downloads\DSC_0081.JPG
2011-12-31 09:54 - 2011-12-31 09:54 - 0025445 ____A C:\Users\Barb\Downloads\DSC_0079.JPG
2011-12-31 09:54 - 2011-12-31 09:54 - 0025445 ____A C:\Users\Barb\Downloads\DSC_0079 (1).JPG
2011-12-31 09:54 - 2011-12-31 09:54 - 0022191 ____A C:\Users\Barb\Downloads\DSC_0073.JPG
2011-12-31 09:54 - 2011-12-31 09:54 - 0021077 ____A C:\Users\Barb\Downloads\DSC_0074.JPG
2011-12-31 09:54 - 2011-12-31 09:54 - 0021004 ____A C:\Users\Barb\Downloads\DSC_0075.JPG
2011-12-31 09:54 - 2011-12-31 09:54 - 0020327 ____A C:\Users\Barb\Downloads\DSC_0077.JPG
2011-12-31 09:54 - 2011-12-31 09:54 - 0019507 ____A C:\Users\Barb\Downloads\DSC_0072.JPG
2011-12-31 09:54 - 2011-12-31 09:54 - 0018614 ____A C:\Users\Barb\Downloads\DSC_0076.JPG
2011-12-31 09:54 - 2011-12-31 09:54 - 0016160 ____A C:\Users\Barb\Downloads\CIMG4772.JPG
2011-12-31 09:54 - 2011-12-31 09:54 - 0012497 ____A C:\Users\Barb\Downloads\DSC_0078.JPG
2011-12-31 09:54 - 2011-12-31 09:54 - 0010370 ____A C:\Users\Barb\Downloads\DSC_0071.JPG
2011-12-31 09:53 - 2011-12-31 09:53 - 0023591 ____A C:\Users\Barb\Downloads\DSC_0060.JPG
2011-12-31 09:53 - 2011-12-31 09:53 - 0023219 ____A C:\Users\Barb\Downloads\DSC_0059.JPG
2011-12-31 09:53 - 2011-12-31 09:53 - 0022828 ____A C:\Users\Barb\Downloads\DSC_0066.JPG
2011-12-31 09:53 - 2011-12-31 09:53 - 0022732 ____A C:\Users\Barb\Downloads\DSC_0065.JPG
2011-12-31 09:53 - 2011-12-31 09:53 - 0022586 ____A C:\Users\Barb\Downloads\DSC_0063.JPG
2011-12-31 09:53 - 2011-12-31 09:53 - 0021784 ____A C:\Users\Barb\Downloads\DSC_0067.JPG
2011-12-31 09:53 - 2011-12-31 09:53 - 0021517 ____A C:\Users\Barb\Downloads\DSC_0064.JPG
2011-12-31 09:53 - 2011-12-31 09:53 - 0021488 ____A C:\Users\Barb\Downloads\DSC_0068.JPG
2011-12-31 09:53 - 2011-12-31 09:53 - 0021488 ____A C:\Users\Barb\Downloads\DSC_0068 (1).JPG
2011-12-31 09:53 - 2011-12-31 09:53 - 0018870 ____A C:\Users\Barb\Downloads\DSC_0061.JPG
2011-12-31 09:53 - 2011-12-31 09:53 - 0011521 ____A C:\Users\Barb\Downloads\DSC_0070.JPG
2011-12-31 09:53 - 2011-12-31 09:53 - 0010972 ____A C:\Users\Barb\Downloads\DSC_0069.JPG
2011-12-31 09:53 - 2011-12-31 09:53 - 0009522 ____A C:\Users\Barb\Downloads\DSC_0062.JPG
2011-12-31 09:52 - 2011-12-31 09:52 - 0024295 ____A C:\Users\Barb\Downloads\DSC_0057.JPG
2011-12-31 09:52 - 2011-12-31 09:52 - 0013591 ____A C:\Users\Barb\Downloads\DSC_0041.JPG
2011-12-31 09:52 - 2011-12-31 09:52 - 0013227 ____A C:\Users\Barb\Downloads\DSC_0047.JPG
2011-12-31 09:52 - 2011-12-31 09:52 - 0012026 ____A C:\Users\Barb\Downloads\DSC_0050.JPG
2011-12-31 09:52 - 2011-12-31 09:52 - 0010905 ____A C:\Users\Barb\Downloads\DSC_0046.JPG
2011-12-31 09:52 - 2011-12-31 09:52 - 0010875 ____A C:\Users\Barb\Downloads\DSC_0042.JPG
2011-12-31 09:52 - 2011-12-31 09:52 - 0010143 ____A C:\Users\Barb\Downloads\DSC_0043.JPG
2011-12-31 09:52 - 2011-12-31 09:52 - 0009579 ____A C:\Users\Barb\Downloads\DSC_0054.JPG
2011-12-31 09:51 - 2011-12-31 09:51 - 0022190 ____A C:\Users\Barb\Downloads\DSC_0033.JPG
2011-12-31 09:51 - 2011-12-31 09:51 - 0014915 ____A C:\Users\Barb\Downloads\DSC_0007.JPG
2011-12-31 09:51 - 2011-12-31 09:51 - 0013726 ____A C:\Users\Barb\Downloads\DSC_0036.JPG
2011-12-31 09:51 - 2011-12-31 09:51 - 0011327 ____A C:\Users\Barb\Downloads\DSC_0034.JPG
2011-12-31 09:51 - 2011-12-31 09:51 - 0009551 ____A C:\Users\Barb\Downloads\DSC_0008.JPG
2011-12-31 09:51 - 2011-12-31 09:51 - 0008806 ____A C:\Users\Barb\Downloads\DSC_0004.JPG
2011-12-31 09:51 - 2011-12-31 09:51 - 0008315 ____A C:\Users\Barb\Downloads\DSC_0005.JPG
2011-12-31 09:50 - 2011-12-31 09:50 - 0055343 ____A C:\Users\Barb\Downloads\DSC_0080 (1).JPG
2011-12-31 09:48 - 2011-12-31 09:48 - 0052772 ____A C:\Users\Barb\Downloads\DSC_0080.JPG
2011-12-31 09:47 - 2011-12-31 09:47 - 0021343 ____A C:\Users\Barb\Downloads\CIMG4795.JPG
2011-12-31 09:47 - 2011-12-31 09:47 - 0021140 ____A C:\Users\Barb\Downloads\CIMG4791.JPG
2011-12-31 09:47 - 2011-12-31 09:47 - 0020563 ____A C:\Users\Barb\Downloads\CIMG4790.JPG
2011-12-31 09:47 - 2011-12-31 09:47 - 0019178 ____A C:\Users\Barb\Downloads\CIMG4793.JPG
2011-12-31 09:47 - 2011-12-31 09:47 - 0019029 ____A C:\Users\Barb\Downloads\CIMG4792.JPG
2011-12-31 09:47 - 2011-12-31 09:47 - 0016380 ____A C:\Users\Barb\Downloads\CIMG4789.JPG
2011-12-31 09:47 - 2011-12-31 09:47 - 0011486 ____A C:\Users\Barb\Downloads\CIMG4794.JPG
2011-12-31 09:46 - 2011-12-31 09:46 - 0020239 ____A C:\Users\Barb\Downloads\CIMG4785.JPG
2011-12-31 09:46 - 2011-12-31 09:46 - 0018494 ____A C:\Users\Barb\Downloads\CIMG4784.JPG
2011-12-31 09:46 - 2011-12-31 09:46 - 0014730 ____A C:\Users\Barb\Downloads\CIMG4787.JPG
2011-12-31 09:46 - 2011-12-31 09:46 - 0014561 ____A C:\Users\Barb\Downloads\CIMG4788.JPG
2011-12-31 09:45 - 2011-12-31 09:45 - 0042050 ____A C:\Users\Barb\Downloads\101226_PorterChristmas_007.jpg
2011-12-31 09:45 - 2011-12-31 09:45 - 0026418 ____A C:\Users\Barb\Downloads\101226_PorterChristmas_024.jpg
2011-12-31 08:50 - 2011-12-31 08:50 - 0064584 ____A C:\Users\Barb\Downloads\CIMG4796.JPG
2011-12-30 08:27 - 2011-12-30 07:53 - 0017067 ____A C:\Users\Barb\Documents\Dates.xlsx
2011-12-29 22:26 - 2012-02-15 07:14 - 0515584 ____A (Microsoft Corporation) C:\Windows\System32\timedate.cpl
2011-12-29 21:27 - 2012-02-15 07:14 - 0478720 ____A (Microsoft Corporation) C:\Windows\SysWOW64\timedate.cpl
2011-12-28 15:20 - 2011-11-21 08:09 - 0000000 ____D C:\Data
2011-12-28 11:15 - 2011-12-28 11:14 - 0004190 ____A C:\Windows\DPINST.LOG
2011-12-27 19:59 - 2012-02-15 07:14 - 0498688 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\afd.sys
2011-12-26 15:13 - 2011-11-19 19:02 - 0000000 ____D C:\Users\Barb\AppData\Local\ElevatedDiagnostics

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

========================= Memory info ======================

Percentage of memory in use: 7%
Total physical RAM: 16301.11 MB
Available physical RAM: 15137.41 MB
Total Pagefile: 16299.31 MB
Available Pagefile: 15118.25 MB
Total Virtual: 8192 MB
Available Virtual: 8191.91 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:465.66 GB) (Free:369.83 GB) NTFS
3 Drive f: () (Removable) (Total:0.06 GB) (Free:0.06 GB) FAT
4 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
5 Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 465 GB 0 B
Disk 1 Online 62 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 100 MB 1024 KB
Partition 2 Primary 465 GB 101 MB

======================================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y System Rese NTFS Partition 100 MB Healthy

======================================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partition 465 GB Healthy

======================================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 61 MB 16 KB

======================================================================================================

Disk: 1
Partition 1
Type : 06
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 F FAT Removable 61 MB Healthy

======================================================================================================

==========================================================

Last Boot: 2012-03-10 20:29

======================= End Of Log ==========================

#15 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:09:06 PM

Posted 23 March 2012 - 02:11 PM

Please do the following with FRST64

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flashdrive as fixlist.txt

start
2012-01-02 15:18 - 2012-01-02 15:19 - 0000059 ____A C:\Users\Barb\Start Menu\Programs\Startup\U.bat
2012-01-02 15:18 - 2012-01-02 15:19 - 0000059 ____A C:\Users\Barb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\U.bat
2012-01-02 15:18 - 2012-01-02 15:18 - 0000059 ____A C:\Users\Barb\U.bat
cmd: bootrec /FixMbr 
cmd: bootrec /fixboot 
end 

Now please enter System Recovery Options.
Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.


Let me know if you can now boot normally

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users