Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Can not access C drive


  • This topic is locked This topic is locked
201 replies to this topic

#1 Mugga11

Mugga11

  • Members
  • 102 posts
  • OFFLINE
  •  
  • Local time:07:32 PM

Posted 29 January 2013 - 06:27 AM

All the program folders are white and can not access anything. My Computer does not open as well as Control panel ect. When you double click nothing happens and when you right click on file there is not option to open. I can open Run and when I go to browse I can see the c drive and all my files but can not open any. I have loaded different fix programs from a stick but none will open. I am using a HP 2000 laptop with Windows 7. Is there a fix for this problem.

BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,058 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:32 PM

Posted 02 February 2013 - 06:52 PM

Greetings Mugga11 and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that. :thumbup2:


===================================================


Ground Rules:

  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me about it.
  • When you post your reply, do not use the Posted Image button but use the Posted Image button instead.
  • In the upper right hand corner of the topic you will see the Posted Image button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:

===================================================


Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far.

Can you describe what led up to your difficulties and what steps you may have taken to address problems with your computer, i.e. got a virus and ran this or that program to try to clean it.

Let's start with this.


===================================================


Farbar's Recovery Scan Tool

--------------------

For this step you will need a USB flash drive and start on a clean computer.

For x32 (x86) bit systems download Farbar Recovery Scan Tool and save it to a flash drive.
For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC and we will enter the System Recovery Options one of the two following ways:

To enter System Recovery Options from the Advanced Boot Options:

  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select English as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.
To enter System Recovery Options by using Windows installation disc:

  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select English as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
Once you are in the System Recovery Options menu you will get the following options:

Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt

  • Select Command Prompt
  • In the command window type in Notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select Computer and find your flash drive letter and close the notepad.
  • In the command window type e:\frst (for x64 bit version type e:\frst64) and press Enter
    • Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

===================================================


Things I would like to see in your next reply. Please be sure to copy and paste the information rather than send an attachment. :thumbsup2:

  • FRST.txt

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 Mugga11

Mugga11
  • Topic Starter

  • Members
  • 102 posts
  • OFFLINE
  •  
  • Local time:07:32 PM

Posted 04 February 2013 - 08:18 AM

Hi Gary,

I followed the steps you gave on my laptop and this is what I got - h:/frst is not recognized as an internal or external command.

Barb

#4 Mugga11

Mugga11
  • Topic Starter

  • Members
  • 102 posts
  • OFFLINE
  •  
  • Local time:07:32 PM

Posted 04 February 2013 - 08:19 AM

Sorry Gary - I meant h:\frst is not recognized as an internal or external command.

Barb

#5 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,058 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:32 PM

Posted 04 February 2013 - 10:56 AM

Hi Barb,

We are having one of 2 difficulties. Either your USB drive is not H or we need to download the other version of Farbar's Recovery Scan Tool. There are 2 versions, one for 64 bit and one for 32 bit. Whichever one you tried we need to try the other one.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#6 Mugga11

Mugga11
  • Topic Starter

  • Members
  • 102 posts
  • OFFLINE
  •  
  • Local time:07:32 PM

Posted 04 February 2013 - 01:08 PM

Hi Gary,

I put the The other Farbar Recover Scan Tool for X32 bit on a different stick and this is what I got - X:\windows\sytem 32>h:frst - The subsystem needed to support the image type is not present. When I open computer in notepad I see the following - System is C, Boot is X, Recovery is E, Local Disk is D, HP Tools is F and USB Disk is H.

#7 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,058 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:32 PM

Posted 04 February 2013 - 01:14 PM

Did you type it h:\frst (with the slash?) If you did then I would like you to boot into the Recovery Environment again, navigate to c:\Windows using Notepad and tell me if you see a SysWOW64 folder.

Edited by Oh My, 04 February 2013 - 01:31 PM.
Added SysWOW64

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#8 Mugga11

Mugga11
  • Topic Starter

  • Members
  • 102 posts
  • OFFLINE
  •  
  • Local time:07:32 PM

Posted 04 February 2013 - 01:31 PM

Hi Gary,

Yes. I tried it again to make sure and got the same response.

#9 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,058 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:32 PM

Posted 04 February 2013 - 01:31 PM

Ooops, I just modified the previous post. Please see my instructions regarding SysWOW64.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#10 Mugga11

Mugga11
  • Topic Starter

  • Members
  • 102 posts
  • OFFLINE
  •  
  • Local time:07:32 PM

Posted 04 February 2013 - 01:36 PM

Hi Gary,

System C - I can see the blue bar and it says 165 MB free of 198 MB - When I click on open I se - This folder is empty.

#11 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,058 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:32 PM

Posted 04 February 2013 - 01:40 PM

OK, I am going to guess you have a 64 bit system and you first downloaded the 64 bit version of FRST. In order to run that successfully you must type h:\frst64. So, we are going to start again. Please be sure to download the 64 bit version of FRST, then run the command using h:\frst64 and see if we find success.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#12 Mugga11

Mugga11
  • Topic Starter

  • Members
  • 102 posts
  • OFFLINE
  •  
  • Local time:07:32 PM

Posted 04 February 2013 - 03:01 PM

Hi Gary,

This is what I got.
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 02-02-2013 02
Ran by SYSTEM at 04-02-2013 14:54:22
Running from H:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-14] (Synaptics Incorporated)
HKLM\...\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe 120 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe /hidden [363064 2010-07-21] (Hewlett-Packard Company)
HKLM\...\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s [6548112 2012-06-12] (Realtek Semiconductor)
HKLM\...\Run: [PwmConsole.exe] "C:\Program Files\Trend Micro\TMIDS\PwmConsole.exe" -s [x]
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [946352 2012-12-02] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [x]
HKU\Barb\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2012-12-03] (Google Inc.)
HKU\Barb\...\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59280 2012-11-28] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Startup: C:\Users\Barb\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> (No File)

==================== Services (Whitelisted) ===================

2 AdvancedSystemCareService6; C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe [464256 2012-10-31] (IObit)
2 IB Updater; C:\Program Files\IB Updater\ExtensionUpdaterService.exe [188760 2012-10-04] ()
2 IBUpdaterService; C:\Windows\System32\dmwu.exe [1261936 2012-10-02] ()
2 NIS; "C:\Program Files (x86)\Norton Internet Security\Engine\20.2.1.22\ccSvcHst.exe" /s "NIS" /m "C:\Program Files (x86)\Norton Internet Security\Engine\20.2.1.22\diMaster.dll" /prefetch:1 [535416 2012-12-05] (Symantec Corporation)
2 PwmSvc; "C:\Program Files\Trend Micro\TMIDS\PwmSvc.exe" [342064 2012-08-22] (Trend Micro Inc.)
2 RapportMgmtService; "C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe" [976728 2012-08-23] (Trusteer Ltd.)
2 RogersUpdateManager; C:\Program Files (x86)\Rogers\Update Manager\RogersUpdateManager.exe [163840 2010-06-03] (Rogers Cable Communications)
2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
2 TeamViewer8; "C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe" [3467768 2012-12-14] (TeamViewer GmbH)

==================== Drivers (Whitelisted) =====================

1 BHDrvx64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\BASHDefs\20130116.013\BHDrvx64.sys [1388120 2013-01-15] (Symantec Corporation)
1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1402010.016\ccSetx64.sys [168096 2012-08-20] (Symantec Corporation)
3 cpudrv64; \??\C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [17864 2011-06-02] ()
1 eeCtrl; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2012-12-07] (Symantec Corporation)
3 EraserUtilRebootDrv; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [138912 2013-01-11] (Symantec Corporation)
1 IDSVia64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\IPSDefs\20130124.001\IDSvia64.sys [513184 2012-12-05] (Symantec Corporation)
2 kbfilter; C:\Windows\System32\Drivers\kbfilter.sys [66320 2012-12-29] (Trend Micro Inc.)
3 NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\VirusDefs\20130128.004\ENG64.SYS [126192 2013-01-16] (Symantec Corporation)
3 NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\VirusDefs\20130128.004\EX64.SYS [2087664 2013-01-16] (Symantec Corporation)
1 RapportCerberus_43926; \??\C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\43926\RapportCerberus64_43926.sys [505720 2012-10-30] ()
1 RapportEI64; \??\C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [55096 2012-08-23] (Trusteer Ltd.)
0 RapportKE64; C:\Windows\System32\Drivers\RapportKE64.sys [101688 2012-08-23] (Trusteer Ltd.)
1 RapportPG64; \??\C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [297240 2012-08-23] (Trusteer Ltd.)
0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [17720 2010-11-26] ()
3 SRTSP; C:\Windows\System32\Drivers\NISx64\1402010.016\SRTSP64.SYS [776864 2012-10-08] (Symantec Corporation)
1 SRTSPX; C:\Windows\system32\drivers\NISx64\1402010.016\SRTSPX64.SYS [37496 2012-05-24] (Symantec Corporation)
0 SymDS; C:\Windows\System32\drivers\NISx64\1402010.016\SYMDS64.SYS [493216 2012-10-03] (Symantec Corporation)
0 SymEFA; C:\Windows\System32\drivers\NISx64\1402010.016\SYMEFA64.SYS [1133216 2012-10-03] (Symantec Corporation)
3 SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177312 2012-10-18] (Symantec Corporation)
1 SymIRON; C:\Windows\system32\drivers\NISx64\1402010.016\Ironx64.SYS [224416 2012-09-06] (Symantec Corporation)
1 SymNetS; C:\Windows\System32\Drivers\NISx64\1402010.016\SYMNETS.SYS [432800 2012-09-06] (Symantec Corporation)
3 DfSdkS; [x]
3 WinRing0_1_2_0; [x]

==================== NetSvcs (Whitelisted) ====================


==================== One Month Created Files and Folders ========

2013-01-31 07:03 - 2013-01-31 04:19 - 05162600 ____A (ParetoLogic, Inc.) C:\Repair-tool.exe
2013-01-31 05:36 - 2013-01-31 04:19 - 05162600 ____A (ParetoLogic, Inc.) C:\Users\Barb\Desktop\Repair-tool.exe
2013-01-28 18:12 - 2012-11-15 15:21 - 05001745 ___RA (Swearware) C:\Users\Barb\Desktop\ComboFix.exe
2013-01-28 14:17 - 2013-01-28 14:17 - 00002240 ____A C:\{46DE7DC3-5743-4BC3-8596-16575E83FF81}
2013-01-28 14:15 - 2013-01-28 14:15 - 00002176 ____A C:\{F81B572B-E798-4B7F-A2B6-0E887F3BEECE}
2013-01-28 14:13 - 2013-01-28 14:13 - 00002248 ____A C:\{7996D8E4-B1A6-4603-A81B-DB39E33103B9}
2013-01-28 14:03 - 2013-01-28 14:03 - 00002632 ____A C:\{2A643430-4F61-4F8F-A896-F62A1AA2E4B0}
2013-01-28 13:55 - 2013-01-28 13:55 - 00002968 ____A C:\{18D18CEA-B1F3-48BA-B9C9-F8690B5679D9}
2013-01-28 13:21 - 2013-01-28 13:21 - 00002224 ____A C:\{89D080B4-A05D-4858-BB2A-EC8DDC193B9A}
2013-01-28 13:11 - 2013-01-28 13:11 - 00002552 ____A C:\{2C2171AA-A9FD-4A59-A521-04C4D155FE25}
2013-01-28 13:09 - 2013-01-28 13:09 - 00002088 ____A C:\{9D58994F-9404-40F9-AC27-F4735B5C6502}
2013-01-28 12:36 - 2009-07-13 17:39 - 00427008 ____A (Microsoft Corporation) C:\Users\Barb\Desktop\regedit.com
2013-01-28 12:22 - 2013-01-28 12:14 - 00001161 ____A C:\Users\Barb\Desktop\Rebuild_Icon_Cache.bat
2013-01-28 08:38 - 2013-01-28 06:56 - 02957840 ____A (Symantec Corporation) C:\Users\Barb\Desktop\NPE.exe
2013-01-27 07:35 - 2013-01-27 07:35 - 00000000 ____D C:\Users\Default\AppData\Roaming\IObit
2013-01-27 07:35 - 2013-01-27 07:35 - 00000000 ____D C:\Users\Default User\AppData\Roaming\IObit
2013-01-26 17:47 - 2013-01-27 18:45 - 00000000 ___HD C:\_Exception1
2013-01-26 17:36 - 2013-02-04 10:23 - 00002296 ____A C:\Windows\setupact.log
2013-01-26 17:36 - 2013-01-26 17:36 - 00000000 ____A C:\Windows\setuperr.log
2013-01-25 15:20 - 2013-01-28 18:08 - 00007464 ____A C:\Windows\PFRO.log
2013-01-25 15:19 - 2013-01-25 15:19 - 00000000 ____A C:\asc_rdflag
2013-01-25 14:37 - 2013-01-03 04:55 - 00445078 ____A C:\Windows\System32\Drivers\etc\hosts.20130125-173743.backup
2013-01-25 11:37 - 2013-01-25 11:38 - 00000000 ____D C:\Users\Barb\Downloads\Attachments_2013_01_25
2013-01-25 11:37 - 2013-01-25 11:37 - 04258597 ____A C:\Users\Barb\Downloads\Attachments_2013_01_25.zip
2013-01-24 19:10 - 2013-01-24 19:10 - 00000000 __SHD C:\Windows\System32\%APPDATA%
2013-01-24 12:30 - 2013-01-25 10:01 - 00000000 ____D C:\Users\Barb\AppData\Roaming\FamilyTreeMaker
2013-01-24 12:29 - 2013-01-24 12:29 - 00000000 ____D C:\Users\Barb\AppData\Local\IsolatedStorage
2013-01-24 12:28 - 2013-01-25 13:25 - 00000000 ____D C:\Users\Barb\Documents\Family Tree Maker
2013-01-24 12:28 - 2013-01-24 12:28 - 00000000 ____D C:\Users\Barb\AppData\Local\Ancestry.com
2013-01-24 12:25 - 2013-01-24 12:25 - 00000965 ____A C:\Users\Public\Desktop\Family Tree Maker 2012.lnk
2013-01-24 12:24 - 2013-01-24 19:50 - 00000000 ____D C:\Program Files (x86)\Family Tree Maker 2012
2013-01-24 12:24 - 2013-01-24 12:24 - 00000000 ____D C:\Program Files (x86)\BCL Technologies
2013-01-24 12:23 - 2013-01-24 12:23 - 00000000 ____D C:\Windows\RegisteredPackages
2013-01-24 12:23 - 2013-01-24 12:23 - 00000000 ____D C:\IExp1.tmp
2013-01-24 12:23 - 2013-01-24 12:23 - 00000000 ____D C:\IExp0.tmp
2013-01-24 12:18 - 2013-01-25 14:23 - 00761780 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2013-01-24 12:13 - 2013-01-24 12:27 - 00000000 ___HD C:\Users\All Users\{484395D8-1F9B-4C71-9DA9-A64CBD0E8DE2}
2013-01-24 12:13 - 2013-01-24 12:13 - 00000000 ____D C:\Users\Barb\AppData\Local\PackageAware
2013-01-22 12:35 - 2013-01-22 12:35 - 00001263 ____A C:\Users\Barb\Desktop\Wondershare DVD Slideshow Builder Deluxe.lnk
2013-01-22 12:20 - 2013-01-22 12:20 - 00012568 ____A C:\Users\Barb\Downloads\[isoHunt] f0e4613a6344a0ffab59259303feb854048d272d.torrent
2013-01-22 12:19 - 2013-01-22 12:19 - 00000000 ____D C:\Users\All Users\CLSoft LTD
2013-01-22 08:06 - 2013-01-22 08:06 - 00333824 ____A (www.chmaas.handshake.de) C:\Users\Barb\AppData\Local\XVI32.exe
2013-01-22 08:06 - 2013-01-22 08:06 - 00001145 ____A C:\Users\Barb\AppData\Local\XVI32.ini
2013-01-22 08:06 - 2013-01-22 08:06 - 00000190 ____A C:\Users\Barb\AppData\Local\wndrshr.xcs
2013-01-22 06:17 - 2013-01-22 06:17 - 01845393 ____A C:\Users\Barb\Downloads\One Thing.mov
2013-01-19 07:53 - 2013-01-19 07:53 - 00024827 ____A C:\Users\Barb\Desktop\My DVD.XtoDVD
2013-01-18 06:51 - 2013-01-18 06:53 - 66731496 ____A (Online Media Technologies Ltd. ) C:\Users\Barb\Downloads\AVSVideoConverter.exe
2013-01-17 17:39 - 2013-01-17 17:39 - 00000000 ____D C:\Users\All Users\vsosdk
2013-01-17 13:26 - 2013-01-19 08:34 - 00000000 ____D C:\Users\Barb\Documents\ConvertXToDVD
2013-01-16 15:42 - 2013-01-16 15:42 - 00001085 ____A C:\Users\Public\Desktop\TeamViewer 8.lnk
2013-01-12 19:02 - 2013-01-12 19:02 - 00345168 ____A C:\Windows\System32\FNTCACHE.DAT
2013-01-12 04:56 - 2013-01-12 04:56 - 00086952 ____A C:\Users\Barb\AppData\Local\GDIPFONTCACHEV1.DAT
2013-01-11 07:09 - 2013-01-13 05:08 - 00000000 ____D C:\Users\Barb\Desktop\AMENDED CLAIM
2013-01-11 06:17 - 2012-12-07 05:20 - 00441856 ____A (Microsoft Corporation) C:\Windows\System32\Wpc.dll
2013-01-11 06:17 - 2012-12-07 05:15 - 02746368 ____A (Microsoft Corporation) C:\Windows\System32\gameux.dll
2013-01-11 06:17 - 2012-12-07 04:26 - 00308736 ____A (Microsoft Corporation) C:\Windows\SysWOW64\Wpc.dll
2013-01-11 06:17 - 2012-12-07 04:20 - 02576384 ____A (Microsoft Corporation) C:\Windows\SysWOW64\gameux.dll
2013-01-11 06:17 - 2012-12-07 03:20 - 00045568 ____A (Microsoft) C:\Windows\System32\oflc-nz.rs
2013-01-11 06:17 - 2012-12-07 03:20 - 00044544 ____A (Microsoft) C:\Windows\System32\pegibbfc.rs
2013-01-11 06:17 - 2012-12-07 03:20 - 00043520 ____A (Microsoft) C:\Windows\System32\csrr.rs
2013-01-11 06:17 - 2012-12-07 03:20 - 00030720 ____A (Microsoft) C:\Windows\System32\usk.rs
2013-01-11 06:17 - 2012-12-07 03:20 - 00023552 ____A (Microsoft) C:\Windows\System32\oflc.rs
2013-01-11 06:17 - 2012-12-07 03:20 - 00020480 ____A (Microsoft) C:\Windows\System32\pegi-pt.rs
2013-01-11 06:17 - 2012-12-07 03:20 - 00020480 ____A (Microsoft) C:\Windows\System32\pegi-fi.rs
2013-01-11 06:17 - 2012-12-07 03:19 - 00055296 ____A (Microsoft) C:\Windows\System32\cero.rs
2013-01-11 06:17 - 2012-12-07 03:19 - 00051712 ____A (Microsoft) C:\Windows\System32\esrb.rs
2013-01-11 06:17 - 2012-12-07 03:19 - 00046592 ____A (Microsoft) C:\Windows\System32\fpb.rs
2013-01-11 06:17 - 2012-12-07 03:19 - 00040960 ____A (Microsoft) C:\Windows\System32\cob-au.rs
2013-01-11 06:17 - 2012-12-07 03:19 - 00021504 ____A (Microsoft) C:\Windows\System32\grb.rs
2013-01-11 06:17 - 2012-12-07 03:19 - 00020480 ____A (Microsoft) C:\Windows\System32\pegi.rs
2013-01-11 06:17 - 2012-12-07 03:19 - 00015360 ____A (Microsoft) C:\Windows\System32\djctq.rs
2013-01-11 06:17 - 2012-12-07 02:46 - 00055296 ____A (Microsoft) C:\Windows\SysWOW64\cero.rs
2013-01-11 06:17 - 2012-12-07 02:46 - 00051712 ____A (Microsoft) C:\Windows\SysWOW64\esrb.rs
2013-01-11 06:17 - 2012-12-07 02:46 - 00046592 ____A (Microsoft) C:\Windows\SysWOW64\fpb.rs
2013-01-11 06:17 - 2012-12-07 02:46 - 00045568 ____A (Microsoft) C:\Windows\SysWOW64\oflc-nz.rs
2013-01-11 06:17 - 2012-12-07 02:46 - 00044544 ____A (Microsoft) C:\Windows\SysWOW64\pegibbfc.rs
2013-01-11 06:17 - 2012-12-07 02:46 - 00043520 ____A (Microsoft) C:\Windows\SysWOW64\csrr.rs
2013-01-11 06:17 - 2012-12-07 02:46 - 00040960 ____A (Microsoft) C:\Windows\SysWOW64\cob-au.rs
2013-01-11 06:17 - 2012-12-07 02:46 - 00030720 ____A (Microsoft) C:\Windows\SysWOW64\usk.rs
2013-01-11 06:17 - 2012-12-07 02:46 - 00023552 ____A (Microsoft) C:\Windows\SysWOW64\oflc.rs
2013-01-11 06:17 - 2012-12-07 02:46 - 00021504 ____A (Microsoft) C:\Windows\SysWOW64\grb.rs
2013-01-11 06:17 - 2012-12-07 02:46 - 00020480 ____A (Microsoft) C:\Windows\SysWOW64\pegi-pt.rs
2013-01-11 06:17 - 2012-12-07 02:46 - 00020480 ____A (Microsoft) C:\Windows\SysWOW64\pegi-fi.rs
2013-01-11 06:17 - 2012-12-07 02:46 - 00020480 ____A (Microsoft) C:\Windows\SysWOW64\pegi.rs
2013-01-11 06:17 - 2012-12-07 02:46 - 00015360 ____A (Microsoft) C:\Windows\SysWOW64\djctq.rs
2013-01-11 06:17 - 2012-11-21 21:44 - 00800768 ____A (Microsoft Corporation) C:\Windows\System32\usp10.dll
2013-01-11 06:17 - 2012-11-21 20:45 - 00626688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2013-01-11 06:17 - 2012-11-19 21:48 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2013-01-11 06:17 - 2012-11-19 20:51 - 00220160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2013-01-11 06:17 - 2012-11-08 21:45 - 00750592 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2013-01-11 06:17 - 2012-11-08 20:43 - 00492032 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2013-01-11 06:17 - 2012-10-31 21:43 - 02002432 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2013-01-11 06:17 - 2012-10-31 21:43 - 01882624 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2013-01-11 06:17 - 2012-10-31 20:47 - 01389568 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2013-01-11 06:17 - 2012-10-31 20:47 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2013-01-11 06:15 - 2012-11-29 21:45 - 00362496 ____A (Microsoft Corporation) C:\Windows\System32\wow64win.dll
2013-01-11 06:15 - 2012-11-29 21:45 - 00243200 ____A (Microsoft Corporation) C:\Windows\System32\wow64.dll
2013-01-11 06:15 - 2012-11-29 21:45 - 00215040 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll
2013-01-11 06:15 - 2012-11-29 21:45 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\wow64cpu.dll
2013-01-11 06:15 - 2012-11-29 21:43 - 00016384 ____A (Microsoft Corporation) C:\Windows\System32\ntvdm64.dll
2013-01-11 06:15 - 2012-11-29 21:41 - 01161216 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll
2013-01-11 06:15 - 2012-11-29 21:41 - 00424448 ____A (Microsoft Corporation) C:\Windows\System32\KernelBase.dll
2013-01-11 06:15 - 2012-11-29 21:38 - 00006144 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
2013-01-11 06:15 - 2012-11-29 21:38 - 00005120 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
2013-01-11 06:15 - 2012-11-29 21:38 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
2013-01-11 06:15 - 2012-11-29 21:38 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
2013-01-11 06:15 - 2012-11-29 21:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-01-11 06:15 - 2012-11-29 21:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
2013-01-11 06:15 - 2012-11-29 21:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
2013-01-11 06:15 - 2012-11-29 21:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
2013-01-11 06:15 - 2012-11-29 21:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-01-11 06:15 - 2012-11-29 21:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-01-11 06:15 - 2012-11-29 21:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-01-11 06:15 - 2012-11-29 21:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
2013-01-11 06:15 - 2012-11-29 21:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
2013-01-11 06:15 - 2012-11-29 21:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-01-11 06:15 - 2012-11-29 21:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
2013-01-11 06:15 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
2013-01-11 06:15 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
2013-01-11 06:15 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
2013-01-11 06:15 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
2013-01-11 06:15 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
2013-01-11 06:15 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
2013-01-11 06:15 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
2013-01-11 06:15 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
2013-01-11 06:15 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-01-11 06:15 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
2013-01-11 06:15 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
2013-01-11 06:15 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
2013-01-11 06:15 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
2013-01-11 06:15 - 2012-11-29 20:54 - 00005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-01-11 06:15 - 2012-11-29 20:53 - 01114112 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2013-01-11 06:15 - 2012-11-29 20:53 - 00274944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2013-01-11 06:15 - 2012-11-29 20:45 - 00005120 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2013-01-11 06:15 - 2012-11-29 20:45 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2013-01-11 06:15 - 2012-11-29 20:45 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2013-01-11 06:15 - 2012-11-29 20:45 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2013-01-11 06:15 - 2012-11-29 20:45 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2013-01-11 06:15 - 2012-11-29 20:45 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2013-01-11 06:15 - 2012-11-29 20:45 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2013-01-11 06:15 - 2012-11-29 20:45 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2013-01-11 06:15 - 2012-11-29 20:45 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2013-01-11 06:15 - 2012-11-29 20:45 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2013-01-11 06:15 - 2012-11-29 20:45 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2013-01-11 06:15 - 2012-11-29 20:45 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2013-01-11 06:15 - 2012-11-29 20:45 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2013-01-11 06:15 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2013-01-11 06:15 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-01-11 06:15 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2013-01-11 06:15 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2013-01-11 06:15 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2013-01-11 06:15 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2013-01-11 06:15 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2013-01-11 06:15 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2013-01-11 06:15 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2013-01-11 06:15 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2013-01-11 06:15 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2013-01-11 06:15 - 2012-11-29 19:23 - 00338432 ____A (Microsoft Corporation) C:\Windows\System32\conhost.exe
2013-01-11 06:15 - 2012-11-29 18:44 - 00025600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-01-11 06:15 - 2012-11-29 18:44 - 00014336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-01-11 06:15 - 2012-11-29 18:44 - 00007680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-01-11 06:15 - 2012-11-29 18:44 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-01-11 06:15 - 2012-11-29 18:38 - 00006144 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2013-01-11 06:15 - 2012-11-29 18:38 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2013-01-11 06:15 - 2012-11-29 18:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2013-01-11 06:15 - 2012-11-29 18:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2013-01-11 06:15 - 2012-11-29 15:17 - 00420064 ____A C:\Windows\SysWOW64\locale.nls
2013-01-11 06:15 - 2012-11-29 15:15 - 00420064 ____A C:\Windows\System32\locale.nls
2013-01-11 06:14 - 2012-11-22 19:26 - 03149824 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-01-11 06:14 - 2012-11-22 19:13 - 00068608 ____A (Microsoft Corporation) C:\Windows\System32\taskhost.exe
2013-01-11 06:01 - 2013-01-11 07:06 - 00087552 ____A C:\Users\Barb\Desktop\Schedule 6.xls
2013-01-07 16:13 - 2013-01-07 16:13 - 00043520 ____A C:\Users\Barb\Documents\Ancaster Gas.xls
2013-01-07 15:42 - 2013-01-07 15:42 - 00044544 ____A C:\Users\Barb\Desktop\Ancaster Gas.xls
2013-01-07 15:13 - 2013-01-07 15:13 - 00044544 ____A C:\Users\Barb\Desktop\Book1.xls
2013-01-07 10:57 - 2013-01-07 14:30 - 00044032 ____A C:\Users\Barb\Documents\Book1.xls
2013-01-07 09:45 - 2013-01-07 09:45 - 00000286 ____A C:\Users\Barb\Desktop\Year 2010 Calendar Canada.url
2013-01-07 09:44 - 2013-01-07 09:44 - 00000286 ____A C:\Users\Barb\Desktop\Year 2009 Calendar Canada.url
2013-01-07 09:44 - 2013-01-07 09:44 - 00000264 ____A C:\Users\Barb\Desktop\Year 2008 Calendar.url
2013-01-06 07:10 - 2013-01-22 10:49 - 00000000 ____D C:\Users\Barb\Desktop\2003-10Christmas-Emma--mcgill-44 pics
2013-01-06 06:00 - 2013-01-06 06:00 - 00000000 ____D C:\Users\Barb\AppData\Local\IAC
2013-01-06 05:41 - 2013-01-07 01:16 - 00000000 ____D C:\Windows\SysWOW64\WNLT
2013-01-06 05:41 - 2013-01-06 05:41 - 00000000 ____D C:\Windows\System32\ARFC
2013-01-06 05:41 - 2013-01-06 05:41 - 00000000 ____D C:\Program Files\IB Updater
2013-01-06 05:41 - 2012-10-02 07:20 - 01261936 ____A C:\Windows\System32\dmwu.exe
2013-01-06 05:41 - 2012-10-02 07:19 - 00035328 ____A (IncrediMail, Ltd.) C:\Windows\System32\ImHttpComm.dll
2013-01-06 05:38 - 2013-01-06 05:38 - 00253936 ____A C:\Users\Barb\Downloads\VSO_Software_ConvertXtoDVD_4.v4.1.10.348___serial.exe
2013-01-05 10:09 - 2013-01-02 15:40 - 01265178 ____A C:\Users\Barb\Desktop\YOLO.dsb


==================== One Month Modified Files and Folders =======

2013-02-04 10:24 - 2012-07-15 13:47 - 00000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-02-04 10:24 - 2011-10-22 10:40 - 00001433 ____A C:\Users\All Users\updateinfo.txt
2013-02-04 10:23 - 2013-01-26 17:36 - 00002296 ____A C:\Windows\setupact.log
2013-02-04 10:23 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-02-04 09:50 - 2012-02-04 10:11 - 01689191 ____A C:\Windows\WindowsUpdate.log
2013-02-04 09:12 - 2012-04-02 16:30 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-02-04 08:58 - 2012-07-15 13:47 - 00000898 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-02-04 05:32 - 2009-07-13 20:45 - 00023248 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-02-04 05:32 - 2009-07-13 20:45 - 00023248 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-01-31 07:01 - 2009-07-13 21:13 - 00783764 ____A C:\Windows\System32\PerfStringBackup.INI
2013-01-31 04:19 - 2013-01-31 07:03 - 05162600 ____A (ParetoLogic, Inc.) C:\Repair-tool.exe
2013-01-31 04:19 - 2013-01-31 05:36 - 05162600 ____A (ParetoLogic, Inc.) C:\Users\Barb\Desktop\Repair-tool.exe
2013-01-29 12:24 - 2011-10-25 16:15 - 00000052 ____A C:\Windows\SysWOW64\DOErrors.log
2013-01-28 18:08 - 2013-01-25 15:20 - 00007464 ____A C:\Windows\PFRO.log
2013-01-28 14:17 - 2013-01-28 14:17 - 00002240 ____A C:\{46DE7DC3-5743-4BC3-8596-16575E83FF81}
2013-01-28 14:15 - 2013-01-28 14:15 - 00002176 ____A C:\{F81B572B-E798-4B7F-A2B6-0E887F3BEECE}
2013-01-28 14:13 - 2013-01-28 14:13 - 00002248 ____A C:\{7996D8E4-B1A6-4603-A81B-DB39E33103B9}
2013-01-28 14:03 - 2013-01-28 14:03 - 00002632 ____A C:\{2A643430-4F61-4F8F-A896-F62A1AA2E4B0}
2013-01-28 13:55 - 2013-01-28 13:55 - 00002968 ____A C:\{18D18CEA-B1F3-48BA-B9C9-F8690B5679D9}
2013-01-28 13:21 - 2013-01-28 13:21 - 00002224 ____A C:\{89D080B4-A05D-4858-BB2A-EC8DDC193B9A}
2013-01-28 13:11 - 2013-01-28 13:11 - 00002552 ____A C:\{2C2171AA-A9FD-4A59-A521-04C4D155FE25}
2013-01-28 13:09 - 2013-01-28 13:09 - 00002088 ____A C:\{9D58994F-9404-40F9-AC27-F4735B5C6502}
2013-01-28 12:14 - 2013-01-28 12:22 - 00001161 ____A C:\Users\Barb\Desktop\Rebuild_Icon_Cache.bat
2013-01-28 06:56 - 2013-01-28 08:38 - 02957840 ____A (Symantec Corporation) C:\Users\Barb\Desktop\NPE.exe
2013-01-27 18:45 - 2013-01-26 17:47 - 00000000 ___HD C:\_Exception1
2013-01-27 07:35 - 2013-01-27 07:35 - 00000000 ____D C:\Users\Default\AppData\Roaming\IObit
2013-01-27 07:35 - 2013-01-27 07:35 - 00000000 ____D C:\Users\Default User\AppData\Roaming\IObit
2013-01-26 21:59 - 2009-07-13 21:08 - 00032550 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2013-01-26 17:36 - 2013-01-26 17:36 - 00000000 ____A C:\Windows\setuperr.log
2013-01-25 15:19 - 2013-01-25 15:19 - 00000000 ____A C:\asc_rdflag
2013-01-25 15:19 - 2011-09-18 17:57 - 00000000 ____D C:\users\Barb
2013-01-25 15:09 - 2012-03-03 06:32 - 00001270 ____A C:\Windows\wininit.ini
2013-01-25 14:34 - 2011-10-24 14:09 - 00000000 ____D C:\Users\All Users\Spybot - Search & Destroy
2013-01-25 14:33 - 2011-10-24 13:25 - 00000000 ____D C:\Program Files (x86)\SpywareBlaster
2013-01-25 14:23 - 2013-01-24 12:18 - 00761780 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2013-01-25 14:09 - 2011-10-24 15:31 - 00000000 ____D C:\Users\Barb\AppData\Roaming\Vso
2013-01-25 14:09 - 2011-10-24 14:48 - 00000000 ____D C:\Users\Barb\AppData\Roaming\uTorrent
2013-01-25 13:25 - 2013-01-24 12:28 - 00000000 ____D C:\Users\Barb\Documents\Family Tree Maker
2013-01-25 11:38 - 2013-01-25 11:37 - 00000000 ____D C:\Users\Barb\Downloads\Attachments_2013_01_25
2013-01-25 11:37 - 2013-01-25 11:37 - 04258597 ____A C:\Users\Barb\Downloads\Attachments_2013_01_25.zip
2013-01-25 10:01 - 2013-01-24 12:30 - 00000000 ____D C:\Users\Barb\AppData\Roaming\FamilyTreeMaker
2013-01-25 05:22 - 2011-11-11 05:24 - 00000000 ___RD C:\Users\Barb\Dropbox
2013-01-25 05:22 - 2011-11-11 05:22 - 00000000 ____D C:\Users\Barb\AppData\Roaming\Dropbox
2013-01-24 19:50 - 2013-01-24 12:24 - 00000000 ____D C:\Program Files (x86)\Family Tree Maker 2012
2013-01-24 19:10 - 2013-01-24 19:10 - 00000000 __SHD C:\Windows\System32\%APPDATA%
2013-01-24 14:34 - 2012-02-28 06:26 - 00000000 ____D C:\Program Files\PeerBlock
2013-01-24 12:29 - 2013-01-24 12:29 - 00000000 ____D C:\Users\Barb\AppData\Local\IsolatedStorage
2013-01-24 12:28 - 2013-01-24 12:28 - 00000000 ____D C:\Users\Barb\AppData\Local\Ancestry.com
2013-01-24 12:27 - 2013-01-24 12:13 - 00000000 ___HD C:\Users\All Users\{484395D8-1F9B-4C71-9DA9-A64CBD0E8DE2}
2013-01-24 12:26 - 2012-07-12 05:56 - 00000000 ____D C:\Users\Barb\Desktop\The Artist 2011 DVDSCR XviD - ZOMBiES
2013-01-24 12:25 - 2013-01-24 12:25 - 00000965 ____A C:\Users\Public\Desktop\Family Tree Maker 2012.lnk
2013-01-24 12:24 - 2013-01-24 12:24 - 00000000 ____D C:\Program Files (x86)\BCL Technologies
2013-01-24 12:23 - 2013-01-24 12:23 - 00000000 ____D C:\Windows\RegisteredPackages
2013-01-24 12:23 - 2013-01-24 12:23 - 00000000 ____D C:\IExp1.tmp
2013-01-24 12:23 - 2013-01-24 12:23 - 00000000 ____D C:\IExp0.tmp
2013-01-24 12:23 - 2011-10-24 12:42 - 00000000 ___HD C:\Windows\msdownld.tmp
2013-01-24 12:13 - 2013-01-24 12:13 - 00000000 ____D C:\Users\Barb\AppData\Local\PackageAware
2013-01-23 14:33 - 2011-10-24 15:40 - 00000000 ____D C:\Users\Barb\AppData\Local\CrashDumps
2013-01-23 09:07 - 2012-03-28 15:13 - 00000000 ____D C:\Windows\System32\Drivers\NISx64
2013-01-22 13:22 - 2012-12-10 17:23 - 00000000 ____D C:\Program Files (x86)\AVS4YOU
2013-01-22 13:22 - 2012-08-16 14:46 - 00000000 ____D C:\Users\Barb\Desktop\New folder
2013-01-22 12:35 - 2013-01-22 12:35 - 00001263 ____A C:\Users\Barb\Desktop\Wondershare DVD Slideshow Builder Deluxe.lnk
2013-01-22 12:35 - 2012-12-26 16:44 - 00000000 ____D C:\Program Files (x86)\Wondershare
2013-01-22 12:20 - 2013-01-22 12:20 - 00012568 ____A C:\Users\Barb\Downloads\[isoHunt] f0e4613a6344a0ffab59259303feb854048d272d.torrent
2013-01-22 12:19 - 2013-01-22 12:19 - 00000000 ____D C:\Users\All Users\CLSoft LTD
2013-01-22 12:19 - 2012-11-29 17:37 - 00000000 ____D C:\Users\All Users\InstallMate
2013-01-22 10:53 - 2012-12-29 11:25 - 00000000 ____D C:\Users\Barb\Desktop\New folder (3)
2013-01-22 10:49 - 2013-01-06 07:10 - 00000000 ____D C:\Users\Barb\Desktop\2003-10Christmas-Emma--mcgill-44 pics
2013-01-22 08:06 - 2013-01-22 08:06 - 00333824 ____A (www.chmaas.handshake.de) C:\Users\Barb\AppData\Local\XVI32.exe
2013-01-22 08:06 - 2013-01-22 08:06 - 00001145 ____A C:\Users\Barb\AppData\Local\XVI32.ini
2013-01-22 08:06 - 2013-01-22 08:06 - 00000190 ____A C:\Users\Barb\AppData\Local\wndrshr.xcs
2013-01-22 08:02 - 2012-12-28 15:00 - 00131584 __ASH C:\Users\Barb\Downloads\Thumbs.db
2013-01-22 06:17 - 2013-01-22 06:17 - 01845393 ____A C:\Users\Barb\Downloads\One Thing.mov
2013-01-19 08:34 - 2013-01-17 13:26 - 00000000 ____D C:\Users\Barb\Documents\ConvertXToDVD
2013-01-19 08:34 - 2011-10-24 15:32 - 00001041 ____A C:\Users\Barb\AppData\Roaming\vso_ts_preview.xml
2013-01-19 07:53 - 2013-01-19 07:53 - 00024827 ____A C:\Users\Barb\Desktop\My DVD.XtoDVD
2013-01-18 07:26 - 2012-12-10 17:27 - 00000000 ____D C:\Users\Barb\AppData\Roaming\AVS4YOU
2013-01-18 06:53 - 2013-01-18 06:51 - 66731496 ____A (Online Media Technologies Ltd. ) C:\Users\Barb\Downloads\AVSVideoConverter.exe
2013-01-17 17:39 - 2013-01-17 17:39 - 00000000 ____D C:\Users\All Users\vsosdk
2013-01-17 09:23 - 2012-12-14 16:06 - 00000000 ____D C:\Users\Barb\Desktop\Daily
2013-01-17 09:23 - 2012-12-14 12:50 - 00000000 ____D C:\Users\All Users\Soulseek
2013-01-16 15:58 - 2012-01-11 07:16 - 00000000 ____D C:\Users\Barb\Calibre Library
2013-01-16 15:42 - 2013-01-16 15:42 - 00001085 ____A C:\Users\Public\Desktop\TeamViewer 8.lnk
2013-01-16 03:26 - 2012-04-17 16:30 - 00000000 ____D C:\Users\Barb\Downloads\John Grisham - 15 Books - lit - eBook
2013-01-16 01:32 - 2012-10-17 01:25 - 00000328 ____A C:\Windows\Tasks\HPCeeScheduleForBarb.job
2013-01-14 13:54 - 2012-01-16 17:00 - 00000000 ____D C:\Users\Barb\Desktop\Shortcuts
2013-01-14 13:40 - 2012-12-15 06:26 - 00023552 __ASH C:\Users\Barb\Documents\Thumbs.db
2013-01-14 13:33 - 2012-01-11 07:16 - 00000955 ____A C:\Users\Public\Desktop\calibre - E-book management.lnk
2013-01-14 13:33 - 2012-01-11 07:15 - 00000000 ____D C:\Program Files (x86)\Calibre2
2013-01-13 12:06 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache
2013-01-13 05:08 - 2013-01-11 07:09 - 00000000 ____D C:\Users\Barb\Desktop\AMENDED CLAIM
2013-01-13 04:26 - 2011-12-12 10:19 - 00000000 ____D C:\Users\Barb\Desktop\Meet-up
2013-01-12 19:02 - 2013-01-12 19:02 - 00345168 ____A C:\Windows\System32\FNTCACHE.DAT
2013-01-12 09:25 - 2011-10-25 16:23 - 00000000 ___RD C:\Users\Barb\Desktop\Computer
2013-01-12 04:56 - 2013-01-12 04:56 - 00086952 ____A C:\Users\Barb\AppData\Local\GDIPFONTCACHEV1.DAT
2013-01-12 04:54 - 2011-10-24 12:02 - 00000000 ____D C:\Program Files\CCleaner
2013-01-12 03:57 - 2011-09-18 18:30 - 67599240 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-01-12 03:55 - 2011-09-19 14:40 - 00000000 ____D C:\Users\All Users\Microsoft Help
2013-01-11 07:06 - 2013-01-11 06:01 - 00087552 ____A C:\Users\Barb\Desktop\Schedule 6.xls
2013-01-08 13:12 - 2012-04-02 16:30 - 00697864 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-01-08 13:12 - 2011-10-24 09:22 - 00074248 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-01-07 16:13 - 2013-01-07 16:13 - 00043520 ____A C:\Users\Barb\Documents\Ancaster Gas.xls
2013-01-07 15:42 - 2013-01-07 15:42 - 00044544 ____A C:\Users\Barb\Desktop\Ancaster Gas.xls
2013-01-07 15:13 - 2013-01-07 15:13 - 00044544 ____A C:\Users\Barb\Desktop\Book1.xls
2013-01-07 14:30 - 2013-01-07 10:57 - 00044032 ____A C:\Users\Barb\Documents\Book1.xls
2013-01-07 09:45 - 2013-01-07 09:45 - 00000286 ____A C:\Users\Barb\Desktop\Year 2010 Calendar Canada.url
2013-01-07 09:44 - 2013-01-07 09:44 - 00000286 ____A C:\Users\Barb\Desktop\Year 2009 Calendar Canada.url
2013-01-07 09:44 - 2013-01-07 09:44 - 00000264 ____A C:\Users\Barb\Desktop\Year 2008 Calendar.url
2013-01-07 06:47 - 2012-12-26 16:47 - 00000000 ____D C:\Users\Barb\Documents\Wondershare DVD Slideshow Builder Deluxe
2013-01-07 01:16 - 2013-01-06 05:41 - 00000000 ____D C:\Windows\SysWOW64\WNLT
2013-01-06 09:31 - 2012-12-30 05:25 - 00000000 ____D C:\Users\Barb\Desktop\Kennedy-Nov Visit -2004
2013-01-06 06:00 - 2013-01-06 06:00 - 00000000 ____D C:\Users\Barb\AppData\Local\IAC
2013-01-06 05:51 - 2012-10-07 09:33 - 00000000 ____D C:\Users\Barb\Desktop\Scrabble
2013-01-06 05:42 - 2012-03-27 00:32 - 00002263 ____A C:\user.js
2013-01-06 05:41 - 2013-01-06 05:41 - 00000000 ____D C:\Windows\System32\ARFC
2013-01-06 05:41 - 2013-01-06 05:41 - 00000000 ____D C:\Program Files\IB Updater
2013-01-06 05:38 - 2013-01-06 05:38 - 00253936 ____A C:\Users\Barb\Downloads\VSO_Software_ConvertXtoDVD_4.v4.1.10.348___serial.exe


==================== Known DLLs (Whitelisted) =================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: <===== ATTENTION!
HKLM\...\exefile\DefaultIcon: <===== ATTENTION!
HKLM\...\exefile\open\command: <===== ATTENTION!

==================== Restore Points =========================

Restore point made on: 2013-01-05 14:39:13
Restore point made on: 2013-01-06 04:33:33
Restore point made on: 2013-01-07 01:22:06
Restore point made on: 2013-01-08 01:25:13
Restore point made on: 2013-01-10 03:45:56
Restore point made on: 2013-01-12 03:52:43
Restore point made on: 2013-01-12 04:37:09
Restore point made on: 2013-01-12 19:08:20
Restore point made on: 2013-01-13 04:25:30
Restore point made on: 2013-01-14 01:47:26
Restore point made on: 2013-01-14 06:09:02
Restore point made on: 2013-01-14 13:12:17
Restore point made on: 2013-01-15 04:44:55
Restore point made on: 2013-01-15 11:48:38
Restore point made on: 2013-01-16 01:38:00
Restore point made on: 2013-01-17 03:49:07
Restore point made on: 2013-01-18 04:49:20
Restore point made on: 2013-01-19 06:34:42
Restore point made on: 2013-01-22 05:09:26
Restore point made on: 2013-01-23 04:36:35
Restore point made on: 2013-01-24 05:28:30
Restore point made on: 2013-01-24 14:35:36
Restore point made on: 2013-01-24 19:55:49
Restore point made on: 2013-01-25 05:26:28
Restore point made on: 2013-02-04 06:01:42

==================== Memory info ===========================

Percentage of memory in use: 20%
Total physical RAM: 3690.91 MB
Available physical RAM: 2940.57 MB
Total Pagefile: 3689.05 MB
Available Pagefile: 2929.48 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

==================== Partitions =============================

1 Drive c: (Local Disk) (Fixed) (Total:449.88 GB) (Free:317.14 GB) NTFS ==>[System with boot components (obtained from reading drive)]
2 Drive e: (RECOVERY) (Fixed) (Total:15.59 GB) (Free:1.93 GB) NTFS ==>[System with boot components (obtained from reading drive)]
3 Drive f: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.09 GB) FAT32
5 Drive h: () (Removable) (Total:0.98 GB) (Free:0.44 GB) FAT
6 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
7 Drive y: (SYSTEM) (Fixed) (Total:0.19 GB) (Free:0.16 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 465 GB 0 B
Disk 1 Online 1000 MB 0 B

Partitions of Disk 0:
===============

Disk ID: 7F74CB26

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 199 MB 1024 KB
Partition 2 Primary 449 GB 200 MB
Partition 3 Primary 15 GB 450 GB
Partition 4 Primary 103 MB 465 GB

==================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y SYSTEM NTFS Partition 199 MB Healthy

=========================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C Local Disk NTFS Partition 449 GB Healthy

=========================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 E RECOVERY NTFS Partition 15 GB Healthy

=========================================================

Disk: 0
Partition 4
Type : 0C
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 F HP_TOOLS FAT32 Partition 103 MB Healthy

=========================================================

Partitions of Disk 1:
===============

Disk ID: 00000001

Partition ### Type Size Offset
------------- ---------------- ------- -------
* Partition 1 Primary 1000 MB 0 B

==================================================================================

Disk: 1
There is no partition selected.

There is no partition selected.
Please select a partition and try again.

=========================================================

Last Boot: 2013-02-04 05:53

==================== End Of Log =============================

#13 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,058 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:32 PM

Posted 04 February 2013 - 03:41 PM

Hi Barb,

Excellent work! :thumbsup:

Let's start with this please.


===================================================


exeHelper by Raktor

--------------------

  • Please download exeHelper from Raktor to your desktop.
  • Right click on exeHelper.com and select Run as Administrator
  • Select Run
  • Once the program has finished a Notepad document will appear on your desktop
  • Copy and paste the contents in your reply
  • Try to launch a program
Note: If the window shows a message that says "Error deleting file", please re-run the program before posting a log - and post the two logs together (they will both be in the one file).

===================================================


Things I would like to see in your next reply. Please be sure to copy and paste the information rather than send an attachment. :thumbsup2:

  • log.txt
  • Are you able to open programs?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#14 Mugga11

Mugga11
  • Topic Starter

  • Members
  • 102 posts
  • OFFLINE
  •  
  • Local time:07:32 PM

Posted 04 February 2013 - 04:34 PM

Hi Gary,

When I right click these are the choices I get - Cut, Copy, Create Shortcut, Delete, Rename, Properties. There is not choice to select Run as Administrator

#15 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,058 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:32 PM

Posted 04 February 2013 - 04:40 PM

Double click on the icon and let me know what happens.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users