Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows 7 won't boot, not even safe mode... Repair doesn't work either..


  • This topic is locked This topic is locked
3 replies to this topic

#1 cestmoi

cestmoi

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:01:57 PM

Posted 26 July 2016 - 10:38 AM

Dell Inspiron 1545 (think it is running intel celeron, however sticker is off so can't check!) had Windows 7 from new

 

My CPU was running at 100 percent nearly all the time

 

Virus & malware checked etc.. nothing came up

 

Some tutorials suggested System restore;;; tried several just got error messages tried to restore from an external hard drive as that was the last time computer was okay, now it won't reboot, not even safe mode and the start up repair just loops

 

Found this site and this advice

 

http://www.bleepingcomputer.com/forums/t/435162/windows-7-wont-boot-not-even-safe-mode-repair-doesnt-work-either/

 

 this is the text after plugging in the USB on the infected computer ( currently using my sons computer)  - hope you can help - cheers, Sarah

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 25-07-2016
Ran by SYSTEM on MININT-VEM8RTJ (26-07-2016 17:00:28)
Running from g:\
Platform: Windows 7 Home Premium (X64) Language: English (United States)
Internet Explorer Version 11
Boot Mode: Recovery
Default: ControlSet001
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirnx.exe [186640 2016-06-21] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\Av\avgui.exe [6723856 2016-07-22] (AVG Technologies CZ, s.r.o.)
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\615\G2AWinLogon_x64.dll (Citrix Online, a division of Citrix Systems, Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\David\...\Run: [swg] => "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
HKU\David\...\Policies\system: [LogonHoursAction] 2
HKU\David\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\David\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\Default\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\Default User\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\Guest\...\Run: [swg] => "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
HKU\Guest\...\Run: [Spotify] => C:\Users\Guest\AppData\Roaming\Spotify\Spotify.exe [4011184 2012-04-07] (Spotify Ltd)
HKU\Guest\...\Run: [Skype] => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
HKU\Guest\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\Sarah\...\Policies\system: [LogonHoursAction] 2
HKU\Sarah\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\Sarah\Control Panel\Desktop\\SCRNSAVE.EXE ->

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2021592 2016-04-04] (Adobe Systems, Incorporated)
S2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-03-02] (Apple Inc.)
S3 AvgAMPS; C:\Program Files (x86)\AVG\Av\avgamps.exe [637944 2016-07-22] (AVG Technologies CZ, s.r.o.)
S2 AVGIDSAgent; C:\Program Files (x86)\AVG\Av\avgidsagenta.exe [5251808 2016-07-22] (AVG Technologies CZ, s.r.o.)
S2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1080080 2016-06-21] (AVG Technologies CZ, s.r.o.)
S2 avgwd; C:\Program Files (x86)\AVG\Av\avgwdsvca.exe [712792 2016-07-22] (AVG Technologies CZ, s.r.o.)
S3 Garmin Device Interaction Service; C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe [792592 2016-04-08] (Garmin Ltd. or its subsidiaries)
S2 IconixService; C:\Program Files (x86)\Common Files\Iconix\IconixService.exe [284512 2012-03-19] ()
S2 lxba_device; C:\Windows\system32\lxbacoms.exe [566704 2007-04-24] ( )
S3 McComponentHostService; C:\Program Files (x86)\McAfee Security Scan\3.8.150\McCHSvc.exe [235696 2014-04-09] (McAfee, Inc.)
S2 RapportMgmtService; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2383344 2016-07-11] (IBM Corp.)
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S1 adgnetworktdidrv; C:\Windows\System32\drivers\adgnetworktdidrv.sys [62536 2016-03-29] ()
S1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [163072 2016-05-12] (AVG Technologies CZ, s.r.o.)
S1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [310016 2016-06-08] (AVG Technologies CZ, s.r.o.)
S0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [261376 2016-06-01] (AVG Technologies CZ, s.r.o.)
S1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [260352 2016-06-01] (AVG Technologies CZ, s.r.o.)
S0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [360736 2016-02-16] (AVG Technologies CZ, s.r.o.)
S0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [249088 2016-06-02] (AVG Technologies CZ, s.r.o.)
S0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [52992 2016-06-01] (AVG Technologies CZ, s.r.o.)
S1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [280320 2016-06-01] (AVG Technologies CZ, s.r.o.)
S0 avguniva; C:\Windows\System32\DRIVERS\avguniva.sys [76544 2016-06-01] (AVG Technologies CZ, s.r.o.)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S1 RapportCerberus_1609042; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_1609042.sys [1157960 2016-07-18] (IBM Corp.)
S1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [544360 2016-07-11] (IBM Corp.)
S0 RapportHades64; C:\Windows\System32\Drivers\RapportHades64.sys [215560 2016-07-11] (IBM Corp.)
S3 RapportKE64; C:\Windows\System32\Drivers\RapportKE64.sys [470056 2016-07-11] (IBM Corp.)
S1 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [525992 2016-07-11] (IBM Corp.)
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-07-26 17:00 - 2016-07-26 17:00 - 00000000 ____D C:\FRST
2016-07-26 02:25 - 2016-07-26 02:25 - 00000000 ____D C:\ProgramData\SoftThinks
2016-07-26 01:46 - 2016-07-26 01:46 - 00000000 ____D C:\Users\Default\AppData\Roaming\TuneUp Software
2016-07-26 01:46 - 2016-07-26 01:46 - 00000000 ____D C:\Users\Default User\AppData\Roaming\TuneUp Software
2016-07-25 23:55 - 2016-07-25 23:56 - 00000000 ____D C:\Users\Sarah\AppData\Local\{D7CEF745-426D-4BFC-84C1-F8542A2B0DF4}
2016-07-25 11:53 - 2016-07-25 11:53 - 00000000 ____D C:\Users\Sarah\AppData\Local\{92493C36-B710-428A-9DE4-27DBE6740DB4}
2016-07-25 11:07 - 2016-07-26 06:13 - 00287374 _____ C:\Windows\ntbtlog.txt
2016-07-25 10:09 - 2016-07-25 10:16 - 187364832 _____ (Dell Inc.) C:\Users\Sarah\Downloads\Backup-and-Recovery_Application_GX7TX_WN32_1.9.2.8_A00.EXE
2016-07-24 23:50 - 2016-07-24 23:51 - 00000000 ____D C:\Users\Sarah\AppData\Local\{99780368-4A62-491F-BC68-47563A8AC971}
2016-07-24 10:17 - 2016-07-24 10:17 - 00182366 _____ C:\Users\Sarah\Documents\ER16-2.pdf
2016-07-24 10:15 - 2016-07-24 10:15 - 00464614 _____ C:\Users\Sarah\Documents\1005469.21Jul16@0848.pdf
2016-07-24 09:35 - 2016-07-24 09:35 - 00011776 _____ C:\Users\Sarah\Documents\Screwfix discount.wps
2016-07-24 01:19 - 2016-07-24 01:20 - 00000000 ____D C:\Users\Sarah\AppData\Local\{80F18648-55A7-41E0-9EED-A00D1BCFAAB8}
2016-07-23 11:35 - 2016-07-23 11:35 - 00000000 ____D C:\e46b0d587480d60f8c64cbcddb
2016-07-23 00:02 - 2016-07-23 00:02 - 00000000 ____D C:\Users\Sarah\AppData\Local\{5E0D19C8-D384-46FE-8097-4BDCCF5F1253}
2016-07-22 09:06 - 2016-07-22 09:06 - 00000000 ____D C:\Users\Sarah\AppData\Local\{3C0C707B-19B5-47E7-A258-1C397CA99EDE}
2016-07-21 11:10 - 2016-07-26 16:06 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-07-21 10:12 - 2016-07-26 15:54 - 00000000 ____D C:\Users\Sarah\AppData\Roaming\AVG
2016-07-21 10:10 - 2016-07-21 10:10 - 00000000 ____D C:\Users\Sarah\AppData\Roaming\TuneUp Software
2016-07-21 10:08 - 2016-07-21 10:08 - 00000000 ___HD C:\$AVG
2016-07-21 10:00 - 2016-07-26 16:06 - 00000000 ____D C:\ProgramData\MFAData
2016-07-21 10:00 - 2016-07-21 10:00 - 00000000 ____D C:\Users\Sarah\AppData\Local\MFAData
2016-07-21 09:52 - 2016-07-26 15:49 - 00000000 ____D C:\Program Files (x86)\AVG
2016-07-21 09:49 - 2016-07-26 00:58 - 00000000 ____D C:\Users\Sarah\AppData\Local\Avg
2016-07-21 09:49 - 2016-07-25 03:02 - 00000000 ____D C:\Users\Sarah\AppData\Local\AvgSetupLog
2016-07-21 09:49 - 2016-07-24 10:08 - 00000000 ____D C:\ProgramData\Avg
2016-07-21 06:59 - 2016-07-21 06:59 - 00000000 ____D C:\Users\Sarah\AppData\Local\{744DE978-7EEF-46AA-B4B2-6E9A8F469272}
2016-07-20 07:41 - 2016-07-20 07:41 - 00000000 ____D C:\e0c0409ffccb924fab
2016-07-20 06:00 - 2016-07-20 06:00 - 00000000 ____D C:\dda3f87ba951e1496073618a329a
2016-07-20 04:02 - 2016-07-26 16:06 - 00000000 ____D C:\020061a6e704e89d0adeda
2016-07-20 02:31 - 2016-07-20 02:31 - 00940032 _____ (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
2016-07-20 02:31 - 2016-07-20 02:31 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2016-07-20 02:30 - 2016-07-20 02:30 - 17142784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-07-20 02:30 - 2016-07-20 02:30 - 11220992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-07-20 02:30 - 2016-07-20 02:30 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-07-20 02:30 - 2016-07-20 02:30 - 02166272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-07-20 02:30 - 2016-07-20 02:30 - 01926656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-07-20 02:30 - 2016-07-20 02:30 - 01818112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-07-20 02:30 - 2016-07-20 02:30 - 01156608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-07-20 02:30 - 2016-07-20 02:30 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2016-07-20 02:30 - 2016-07-20 02:30 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-07-20 02:30 - 2016-07-20 02:30 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2016-07-20 02:30 - 2016-07-20 02:30 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2016-07-20 02:30 - 2016-07-20 02:30 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-07-20 02:30 - 2016-07-20 02:30 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-07-20 02:30 - 2016-07-20 02:30 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-07-20 02:30 - 2016-07-20 02:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-07-20 02:30 - 2016-07-20 02:30 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-07-20 02:30 - 2016-07-20 02:30 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-07-20 02:30 - 2016-07-20 02:30 - 00244736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-07-20 02:30 - 2016-07-20 02:30 - 00238288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-07-20 02:30 - 2016-07-20 02:30 - 00235008 _____ (Microsoft Corporation) C:\Windows\System32\elshyph.dll
2016-07-20 02:30 - 2016-07-20 02:30 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2016-07-20 02:30 - 2016-07-20 02:30 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-07-20 02:30 - 2016-07-20 02:30 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2016-07-20 02:30 - 2016-07-20 02:30 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2016-07-20 02:30 - 2016-07-20 02:30 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2016-07-20 02:30 - 2016-07-20 02:30 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2016-07-20 02:30 - 2016-07-20 02:30 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2016-07-20 02:30 - 2016-07-20 02:30 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2016-07-20 02:30 - 2016-07-20 02:30 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-07-20 02:30 - 2016-07-20 02:30 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2016-07-20 02:30 - 2016-07-20 02:30 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2016-07-20 02:30 - 2016-07-20 02:30 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-07-20 02:30 - 2016-07-20 02:30 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2016-07-20 02:30 - 2016-07-20 02:30 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2016-07-20 02:30 - 2016-07-20 02:30 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-07-20 02:30 - 2016-07-20 02:30 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2016-07-20 02:30 - 2016-07-20 02:30 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2016-07-20 02:30 - 2016-07-20 02:30 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2016-07-20 02:30 - 2016-07-20 02:30 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-07-20 02:30 - 2016-07-20 02:30 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2016-07-20 02:30 - 2016-07-20 02:30 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-07-20 02:30 - 2016-07-20 02:30 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2016-07-20 02:30 - 2016-07-20 02:30 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2016-07-20 02:30 - 2016-07-20 02:30 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2016-07-20 02:29 - 2016-07-20 02:29 - 04240384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-07-20 02:29 - 2016-07-20 02:29 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2016-07-20 02:29 - 2016-07-20 02:29 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2016-07-20 02:29 - 2016-07-20 02:29 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2016-07-20 02:29 - 2016-07-20 02:29 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2016-07-20 02:29 - 2016-07-20 02:29 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2016-07-20 02:29 - 2016-07-20 02:29 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2016-07-20 02:29 - 2016-07-20 02:29 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2016-07-20 02:24 - 2016-07-20 02:24 - 00942592 _____ (Microsoft Corporation) C:\Windows\System32\jsIntl.dll
2016-07-20 02:23 - 2016-07-20 02:23 - 01394176 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2016-07-20 02:23 - 2016-07-20 02:23 - 00247808 _____ (Microsoft Corporation) C:\Windows\System32\msls31.dll
2016-07-20 02:23 - 2016-07-20 02:23 - 00086016 _____ (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2016-07-20 02:22 - 2016-07-20 02:23 - 02332160 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2016-07-20 02:22 - 2016-07-20 02:22 - 02764288 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2016-07-20 02:22 - 2016-07-20 02:22 - 00053760 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2016-07-20 02:21 - 2016-07-20 02:21 - 00195584 _____ (Microsoft Corporation) C:\Windows\System32\msrating.dll
2016-07-20 02:21 - 2016-07-20 02:21 - 00052224 _____ (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2016-07-20 02:21 - 2016-07-20 02:21 - 00013312 _____ (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2016-07-20 02:20 - 2016-07-20 02:20 - 00708608 _____ (Microsoft Corporation) C:\Windows\System32\jscript9diag.dll
2016-07-20 02:20 - 2016-07-20 02:20 - 00131072 _____ (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2016-07-20 02:20 - 2016-07-20 02:20 - 00090112 _____ (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2016-07-20 02:19 - 2016-07-20 02:20 - 05765120 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2016-07-20 02:19 - 2016-07-20 02:19 - 12995584 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2016-07-20 02:19 - 2016-07-20 02:19 - 00574976 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2016-07-20 02:19 - 2016-07-20 02:19 - 00105984 _____ (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2016-07-20 02:19 - 2016-07-20 02:19 - 00077312 _____ (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2016-07-20 02:19 - 2016-07-20 02:19 - 00048640 _____ (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2016-07-20 02:19 - 2016-07-20 02:19 - 00040448 _____ (Microsoft Corporation) C:\Windows\System32\JavaScriptCollectionAgent.dll
2016-07-20 02:18 - 2016-07-20 02:18 - 00453120 _____ (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2016-07-20 02:18 - 2016-07-20 02:18 - 00413696 _____ (Microsoft Corporation) C:\Windows\System32\html.iec
2016-07-20 02:18 - 2016-07-20 02:18 - 00296960 _____ (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2016-07-20 02:17 - 2016-07-20 02:17 - 00817664 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2016-07-20 02:17 - 2016-07-20 02:17 - 00616104 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2016-07-20 02:17 - 2016-07-20 02:17 - 00081408 _____ (Microsoft Corporation) C:\Windows\System32\icardie.dll
2016-07-20 02:16 - 2016-07-20 02:16 - 01228800 _____ (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll
2016-07-20 02:16 - 2016-07-20 02:16 - 00235520 _____ (Microsoft Corporation) C:\Windows\System32\url.dll
2016-07-20 02:16 - 2016-07-20 02:16 - 00218624 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2016-07-20 02:16 - 2016-07-20 02:16 - 00066048 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2016-07-20 02:16 - 2016-07-20 02:16 - 00033792 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2016-07-20 02:15 - 2016-07-20 02:15 - 01993728 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2016-07-20 02:15 - 2016-07-20 02:15 - 00263376 _____ (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2016-07-20 02:15 - 2016-07-20 02:15 - 00243200 _____ (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2016-07-20 02:15 - 2016-07-20 02:15 - 00030208 _____ (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2016-07-20 02:14 - 2016-07-20 02:14 - 00626176 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2016-07-20 02:14 - 2016-07-20 02:14 - 00167424 _____ (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2016-07-20 02:14 - 2016-07-20 02:14 - 00143872 _____ (Microsoft Corporation) C:\Windows\System32\wextract.exe
2016-07-20 02:14 - 2016-07-20 02:14 - 00101376 _____ (Microsoft Corporation) C:\Windows\System32\inseng.dll
2016-07-20 02:14 - 2016-07-20 02:14 - 00084992 _____ (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2016-07-20 02:13 - 2016-07-20 02:13 - 00548352 _____ (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2016-07-20 02:12 - 2016-07-20 02:13 - 23212032 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2016-07-20 02:12 - 2016-07-20 02:12 - 02724864 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2016-07-20 02:12 - 2016-07-20 02:12 - 00147968 _____ (Microsoft Corporation) C:\Windows\System32\occache.dll
2016-07-20 02:12 - 2016-07-20 02:12 - 00139264 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2016-07-20 02:12 - 2016-07-20 02:12 - 00062464 _____ (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2016-07-20 02:11 - 2016-07-20 02:11 - 00774144 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll
2016-07-20 02:11 - 2016-07-20 02:11 - 00111616 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollector.exe
2016-07-20 02:11 - 2016-07-20 02:11 - 00048640 _____ (Microsoft Corporation) C:\Windows\System32\ieetwproxystub.dll
2016-07-20 02:11 - 2016-07-20 02:11 - 00013824 _____ (Microsoft Corporation) C:\Windows\System32\mshta.exe
2016-07-20 02:11 - 2016-07-20 02:11 - 00004096 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollectorres.dll
2016-07-20 02:10 - 2016-07-20 02:10 - 00135680 _____ (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2016-07-20 02:10 - 2016-07-20 02:10 - 00083968 _____ (Microsoft Corporation) C:\Windows\System32\MshtmlDac.dll
2016-07-20 02:10 - 2016-07-20 02:10 - 00048128 _____ (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2016-07-20 00:09 - 2016-07-20 00:10 - 00000000 ____D C:\Users\Sarah\AppData\Local\{5BAC4B19-8D79-4AE0-86CA-3674B6EBF070}
2016-07-19 10:54 - 2016-07-19 10:54 - 00000000 ____D C:\335f14149bb09bbbaf0d8b08
2016-07-19 02:16 - 2016-07-19 02:16 - 00000000 ____D C:\Users\Sarah\AppData\Local\{7FBF9577-9F85-4547-8295-9388B5022B6A}
2016-07-18 05:14 - 2016-07-18 05:14 - 00000000 ____D C:\Users\Sarah\AppData\Local\{D25111A4-9CA9-467B-AEF6-B6C9D77D4AA4}
2016-07-18 01:27 - 2016-07-18 01:27 - 00000000 ____D C:\Users\Sarah\AppData\Local\{29269A10-3337-43C2-BA7F-E15A4F8D003E}
2016-07-17 12:46 - 2016-07-26 16:07 - 00000000 ____D C:\Windows\pss
2016-07-17 11:34 - 2016-07-17 11:34 - 00000000 ____D C:\Users\Sarah\AppData\Local\{862ABCBC-9F53-4B09-A594-C8B09874CB38}
2016-07-17 03:44 - 2016-07-17 03:44 - 00000260 _____ C:\Windows\SysWOW64\Drivers\vwifikerneldrv.sys
2016-07-17 03:44 - 2016-07-17 03:44 - 00000260 _____ C:\Windows\SysWOW64\d3dx9_11.dll.tmp
2016-07-17 03:44 - 2016-07-17 03:44 - 00000260 _____ C:\ProgramData\fontcacheev1.dat
2016-07-17 03:44 - 2016-03-29 10:16 - 00062536 _____ () C:\Windows\System32\Drivers\adgnetworktdidrv.sys
2016-07-17 02:58 - 2016-07-17 03:06 - 00000000 ____D C:\ProgramData\BSD
2016-07-17 02:57 - 2016-07-17 02:57 - 00000000 ____D C:\ProgramData\MegaBackup Corp
2016-07-17 01:31 - 2016-07-17 03:40 - 00000000 ____D C:\Program Files (x86)\TweakBit
2016-07-16 11:47 - 2016-07-16 11:47 - 00000000 ____D C:\Users\Sarah\AppData\Local\{A4C478C9-9F39-4D36-A498-66846096AE9D}
2016-07-15 23:30 - 2016-07-15 23:30 - 00000000 ____D C:\Users\Sarah\AppData\Local\{51629A14-9786-4FA0-A5B8-CDF2E95E3C15}
2016-07-14 21:58 - 2016-07-14 21:58 - 00000000 ____D C:\Users\Sarah\AppData\Local\{96B8280A-55D0-4458-9CFD-D2BCF7705D28}
2016-07-14 01:59 - 2016-07-14 01:59 - 00000000 ____D C:\Users\Sarah\AppData\Local\{59A59410-D61F-4036-8DD5-C9E6C2F152C1}
2016-07-13 00:19 - 2016-07-13 00:19 - 00000000 ____D C:\Users\Sarah\AppData\Local\{767381EE-12DE-40A2-B7EA-9D80BF35379F}
2016-07-11 23:33 - 2016-07-11 23:33 - 00000000 ____D C:\Users\Sarah\AppData\Local\{C7E16A69-FE7B-4B0C-B66C-C2AAA63F7C54}
2016-07-11 13:12 - 2016-07-11 13:12 - 00000000 ____D C:\Users\Sarah\AppData\Local\{34FF958C-5F4E-4408-8267-42D39440AD63}
2016-07-11 01:04 - 2016-07-11 01:04 - 00000000 ____D C:\Users\Sarah\AppData\Local\{469B71AC-57CB-441D-845C-AB35FE7A537E}
2016-07-10 13:03 - 2016-07-10 13:03 - 00000000 ____D C:\Users\Sarah\AppData\Local\{DC23A454-13AA-441C-974D-33B80524BE0D}
2016-07-10 00:56 - 2016-07-10 00:56 - 00000000 ____D C:\Users\Sarah\AppData\Local\{CF23FDD0-305A-47F5-BD3F-EB953BAFA143}
2016-07-09 00:14 - 2016-07-09 00:14 - 00000000 ____D C:\Users\Sarah\AppData\Local\{D81CBC21-FCA4-4F30-B173-229B7E7A6A59}
2016-07-08 04:14 - 2016-07-08 04:14 - 00000000 ____D C:\Users\Sarah\AppData\Local\{BC5E852F-C0E5-4784-838F-1AA32814689D}
2016-07-07 11:35 - 2016-07-07 11:35 - 00000000 ____D C:\Users\Sarah\AppData\Local\{E98133E2-1FA1-47EC-92E4-70EABF3FE8AA}
2016-07-06 22:41 - 2016-07-06 22:41 - 00000000 ____D C:\Users\Sarah\AppData\Local\{F4FB5779-42C4-44A8-81C0-0740969EBB5A}
2016-07-06 01:20 - 2016-07-06 01:20 - 00000000 ____D C:\Users\Sarah\AppData\Local\{C0205161-1186-4542-8C16-31A5CECCF2FE}
2016-07-04 23:00 - 2016-07-04 23:00 - 00000000 ____D C:\Users\Sarah\AppData\Local\{CA9F4928-540F-40AB-A306-C06A27A5E0AF}
2016-07-04 02:23 - 2016-07-04 02:24 - 00000000 ____D C:\Users\Sarah\AppData\Local\{9760FF8B-C9C9-42C9-86AF-19432784C117}
2016-07-03 00:13 - 2016-07-03 00:13 - 00000000 ____D C:\Users\Sarah\AppData\Local\{B840FE03-9B33-4A29-86C7-37E1C0AB2D50}
2016-07-03 00:09 - 2016-07-03 00:09 - 00000000 ____D C:\Users\Sarah\AppData\Local\{4CDE31FF-55F3-4690-872B-4803ACE2CC91}
2016-07-02 00:12 - 2016-07-02 00:12 - 00000000 ____D C:\Users\Sarah\AppData\Local\{58C6801A-751D-472A-9176-12AFD727D655}
2016-07-01 09:31 - 2016-07-01 09:31 - 00000000 ____D C:\Users\Sarah\AppData\Local\{89BAE4F9-57D6-4CAF-900A-9FA326EE7529}
2016-07-01 04:46 - 2016-07-01 04:46 - 00000000 ____D C:\Users\Sarah\AppData\Local\{EC856CF1-C8EC-479E-B432-88375FB0F960}
2016-07-01 04:42 - 2016-07-01 04:42 - 00000000 ____D C:\Users\Sarah\AppData\Local\{550D39E4-B1BF-4B25-A75F-50113D03BA7E}
2016-07-01 04:38 - 2016-07-01 04:38 - 00000000 ____D C:\Users\Sarah\AppData\Local\{6584ADB6-A4B9-488E-BBAD-12A0BF1EDA6D}
2016-06-30 23:03 - 2016-06-30 23:03 - 00000000 ____D C:\Users\Sarah\AppData\Local\{8037F0BC-F275-4E99-8DF9-FB392DB08C62}
2016-06-30 10:56 - 2016-06-30 10:56 - 00000000 ____D C:\Users\Sarah\AppData\Local\{BE3D8335-FA25-4E7D-9114-62567B57BDDB}
2016-06-29 22:29 - 2016-06-29 22:29 - 00000000 ____D C:\Users\Sarah\AppData\Local\{0A207775-9E5C-4D0E-A564-AA2292C53C27}
2016-06-29 00:09 - 2016-06-29 00:09 - 00000000 ____D C:\Users\Sarah\AppData\Local\{A69561FD-59AD-4078-A04B-FF909C68E9E9}
2016-06-28 11:25 - 2016-06-28 11:25 - 00000000 ____D C:\Users\Sarah\AppData\Local\{631A02C5-CEED-4FF3-9C54-9F749A44FE09}
2016-06-27 23:23 - 2016-06-27 23:23 - 00000000 ____D C:\Users\Sarah\AppData\Local\{A917AACD-593E-462D-A87D-D2282781C137}
2016-06-27 01:59 - 2016-06-27 01:59 - 00000000 ____D C:\Users\Sarah\AppData\Local\{0A96E92A-B963-4A3A-8F51-2B3D23E84AAE}
2016-06-27 01:55 - 2016-06-27 01:55 - 00000000 ____D C:\Users\Sarah\AppData\Local\{941935A7-0711-4B9D-97C2-4615999BF4BF}
2016-06-26 20:40 - 2016-06-26 20:40 - 00000000 ____D C:\Users\Sarah\AppData\Local\{03678E35-9B8D-4EDF-B5DE-6A198E58C485}
2016-06-26 01:18 - 2016-06-26 01:18 - 01245786 _____ C:\Users\Sarah\Documents\Jacob Inscription for bus.pdf

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-07-26 17:00 - 2010-10-18 06:08 - 00000000 ____D C:\users\David
2016-07-26 16:09 - 2011-07-20 14:52 - 00000000 ____D C:\users\Guest
2016-07-26 16:08 - 2015-04-04 10:15 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2016-07-26 16:08 - 2015-04-04 10:15 - 00000000 ___SD C:\Windows\System32\GWX
2016-07-26 16:08 - 2014-12-10 07:43 - 00000000 ____D C:\Windows\System32\appraiser
2016-07-26 16:08 - 2014-05-06 09:52 - 00000000 ___SD C:\Windows\System32\CompatTel
2016-07-26 16:08 - 2009-07-13 23:45 - 00000000 ____D C:\Program Files\Windows Journal
2016-07-26 16:08 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files\Windows Portable Devices
2016-07-26 16:08 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files\Windows Defender
2016-07-26 16:08 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\servicing
2016-07-26 16:08 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2016-07-26 16:07 - 2016-01-07 12:43 - 00000000 ____D C:\Users\Sarah\AppData\Local\Adobe_Systems_Incorporate
2016-07-26 16:07 - 2015-12-03 04:36 - 00000000 ____D C:\Windows\System32\Tasks\AVAST Software
2016-07-26 16:07 - 2011-12-27 07:19 - 00000000 ____D C:\Windows\System32\Macromed
2016-07-26 16:07 - 2010-10-08 11:00 - 00000000 ____D C:\Users\Sarah\AppData\Local\Adobe
2016-07-26 16:07 - 2009-07-13 21:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2016-07-26 16:07 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\NDF
2016-07-26 16:07 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache
2016-07-26 16:07 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\inf
2016-07-26 16:06 - 2016-06-17 05:16 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-07-26 16:06 - 2016-05-25 08:36 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2016-07-26 16:06 - 2016-05-25 08:34 - 00000000 ____D C:\Program Files\Bonjour
2016-07-26 16:06 - 2016-05-25 08:34 - 00000000 ____D C:\Program Files (x86)\Bonjour
2016-07-26 16:06 - 2014-10-16 11:53 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2016-07-26 16:06 - 2014-10-16 11:53 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2016-07-26 16:06 - 2014-06-19 03:35 - 00000000 ____D C:\ProgramData\McAfee Security Scan
2016-07-26 16:06 - 2013-07-06 04:12 - 00000000 ____D C:\ProgramData\Package Cache
2016-07-26 16:06 - 2009-07-13 19:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2016-07-26 16:02 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\registration
2016-07-26 15:59 - 2011-09-23 06:17 - 00000000 ____D C:\Windows\SysWOW64\Adobe
2016-07-26 15:59 - 2010-10-08 13:42 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2016-07-26 15:59 - 2010-10-08 11:28 - 00000000 ____D C:\Windows\SysWOW64\Dell
2016-07-26 15:59 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\SysWOW64\winrm
2016-07-26 15:59 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\SysWOW64\WCN
2016-07-26 15:59 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\SysWOW64\slmgr
2016-07-26 15:59 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\SysWOW64\Printing_Admin_Scripts
2016-07-26 15:59 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\System32\winrm
2016-07-26 15:59 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\System32\WCN
2016-07-26 15:59 - 2009-07-13 21:32 - 00000000 ____D C:\Windows\System32\WinBioPlugIns
2016-07-26 15:59 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\Web
2016-07-26 15:59 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\Vss
2016-07-26 15:59 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\MUI
2016-07-26 15:59 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\migwiz
2016-07-26 15:59 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\InstallShield
2016-07-26 15:59 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\IME
2016-07-26 15:59 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\Dism
2016-07-26 15:59 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\com
2016-07-26 15:58 - 2013-10-16 05:49 - 00000000 ____D C:\Windows\System32\MRT
2016-07-26 15:58 - 2011-05-28 01:12 - 00000000 ____D C:\Windows\System32\SPReview
2016-07-26 15:58 - 2011-05-28 01:11 - 00000000 ____D C:\Windows\System32\EventProviders
2016-07-26 15:58 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\System32\slmgr
2016-07-26 15:58 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\System32\Printing_Admin_Scripts
2016-07-26 15:58 - 2009-07-13 19:20 - 00000000 ___HD C:\Windows\System32\GroupPolicy
2016-07-26 15:58 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\sysprep
2016-07-26 15:58 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\spool
2016-07-26 15:58 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\SMI
2016-07-26 15:58 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\oobe
2016-07-26 15:58 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\MUI
2016-07-26 15:58 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\migwiz
2016-07-26 15:58 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\IME
2016-07-26 15:57 - 2013-01-06 03:02 - 00000000 ___HD C:\Windows\System32\CanonIJ Uninstaller Information
2016-07-26 15:57 - 2009-07-13 21:32 - 00000000 ____D C:\Windows\Performance
2016-07-26 15:57 - 2009-07-13 20:45 - 00000000 ____D C:\Windows\Setup
2016-07-26 15:57 - 2009-07-13 20:45 - 00000000 ____D C:\Windows\ServiceProfiles
2016-07-26 15:57 - 2009-07-13 19:20 - 00000000 __RSD C:\Windows\Media
2016-07-26 15:57 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\Dism
2016-07-26 15:57 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\com
2016-07-26 15:57 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\security
2016-07-26 15:57 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\schemas
2016-07-26 15:57 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\Resources
2016-07-26 15:57 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\PLA
2016-07-26 15:56 - 2012-05-06 23:34 - 00000000 ____D C:\Windows\Hewlett-Packard
2016-07-26 15:56 - 2010-12-06 11:25 - 00000000 ____D C:\Windows\Downloaded Installations
2016-07-26 15:56 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\IME
2016-07-26 15:56 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\Help
2016-07-26 15:56 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\Globalization
2016-07-26 15:56 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\Branding
2016-07-26 15:54 - 2015-11-29 02:16 - 00000000 ____D C:\Users\Sarah\AppData\Roaming\jackdesktopwidget_3177724
2016-07-26 15:54 - 2015-11-07 03:15 - 00000000 ____D C:\Users\Sarah\AppData\Roaming\Digiarty
2016-07-26 15:54 - 2015-04-28 08:42 - 00000000 ____D C:\Users\Sarah\AppData\Roaming\LibreOffice
2016-07-26 15:54 - 2015-03-24 06:03 - 00000000 ____D C:\Users\Sarah\AppData\Roaming\Mozilla
2016-07-26 15:54 - 2014-11-24 04:10 - 00000000 ____D C:\Users\Sarah\Documents\OpenOffice 4.1.1 (en-US) Installation Files
2016-07-26 15:54 - 2014-11-08 07:59 - 00000000 ____D C:\Users\Sarah\AppData\Roaming\OpenOffice
2016-07-26 15:54 - 2014-02-14 07:59 - 00000000 ____D C:\Users\Sarah\AppData\Roaming\PDF Software
2016-07-26 15:54 - 2013-11-02 05:33 - 00000000 ____D C:\Users\Sarah\AppData\Local\NextUp
2016-07-26 15:54 - 2013-01-20 05:08 - 00000000 ____D C:\Users\Sarah\AppData\Local\Mozilla
2016-07-26 15:54 - 2012-08-04 07:10 - 00000000 ____D C:\Users\Sarah\AppData\LocalLow\Oracle
2016-07-26 15:54 - 2011-11-02 08:36 - 00000000 ____D C:\Users\Sarah\AppData\Roaming\Skype
2016-07-26 15:54 - 2011-09-07 07:23 - 00000000 ____D C:\Users\Sarah\AppData\Roaming\Downloaded Installations
2016-07-26 15:54 - 2011-06-03 08:05 - 00000000 ____D C:\Users\Sarah\AppData\LocalLow\Sun
2016-07-26 15:54 - 2011-05-06 12:31 - 00000000 ____D C:\Users\Sarah\AppData\LocalLow\Google
2016-07-26 15:54 - 2011-04-21 07:01 - 00000000 ____D C:\Users\Sarah\AppData\Local\Trusteer
2016-07-26 15:54 - 2011-02-18 06:58 - 00000000 ____D C:\Users\Sarah\Documents\MISCELLANEOUS
2016-07-26 15:54 - 2010-11-23 11:33 - 00000000 ____D C:\Users\Sarah\AppData\Roaming\com.w3i.musicoasis
2016-07-26 15:54 - 2010-11-12 06:46 - 00000000 ____D C:\Users\Sarah\AppData\Roaming\OpenOffice.org
2016-07-26 15:54 - 2010-10-20 01:09 - 00000000 ____D C:\Users\Sarah\AppData\Roaming\Sony Corporation
2016-07-26 15:54 - 2010-10-11 08:19 - 00000000 ____D C:\Users\Sarah\AppData\Roaming\Creative
2016-07-26 15:54 - 2010-10-11 08:16 - 00000000 ____D C:\Users\Sarah\AppData\Roaming\Roxio
2016-07-26 15:54 - 2010-10-11 01:44 - 00000000 ____D C:\Users\Sarah\AppData\Roaming\Trusteer
2016-07-26 15:54 - 2010-10-08 11:01 - 00000000 ____D C:\Users\Sarah\AppData\Roaming\Macromedia
2016-07-26 15:54 - 2010-10-08 11:01 - 00000000 ____D C:\Users\Sarah\AppData\Roaming\Adobe
2016-07-26 15:54 - 2010-10-08 10:16 - 00000000 ____D C:\Users\Sarah\AppData\Local\Stardock_Corporation
2016-07-26 15:54 - 2010-10-08 09:57 - 00000000 ____D C:\Users\Sarah\AppData\Local\VirtualStore
2016-07-26 15:54 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\AppCompat
2016-07-26 15:53 - 2015-06-27 04:19 - 00000000 ____D C:\Users\Sarah\AppData\Local\Garmin_Ltd._or_its_subsid
2016-07-26 15:53 - 2015-04-10 01:10 - 00000000 ____D C:\Users\Default\AppData\Local\Garmin_Ltd._or_its_subsid
2016-07-26 15:53 - 2015-04-10 01:10 - 00000000 ____D C:\Users\Default User\AppData\Local\Garmin_Ltd._or_its_subsid
2016-07-26 15:53 - 2015-03-12 12:35 - 00000000 ____D C:\Users\Sarah\AppData\Local\Amazon
2016-07-26 15:53 - 2014-07-20 08:53 - 00000000 ____D C:\Users\Sarah\AppData\Local\Facebook
2016-07-26 15:53 - 2014-02-19 02:54 - 00000000 ____D C:\Users\Sarah\AppData\Local\Bazwise
2016-07-26 15:53 - 2013-07-06 04:15 - 00000000 ____D C:\Users\Sarah\AppData\Local\Garmin
2016-07-26 15:53 - 2013-06-13 12:21 - 00000000 ____D C:\Users\Sarah\AppData\Local\Anthropics
2016-07-26 15:53 - 2013-03-10 05:06 - 00000000 ____D C:\Users\Sarah\Adobe Acrobat XI Pro
2016-07-26 15:53 - 2011-09-27 00:53 - 00000000 ____D C:\Users\Default\AppData\Local\Trusteer
2016-07-26 15:53 - 2011-09-27 00:53 - 00000000 ____D C:\Users\Default User\AppData\Local\Trusteer
2016-07-26 15:53 - 2011-02-24 09:32 - 00000000 ____D C:\Users\Default\AppData\Roaming\Trusteer
2016-07-26 15:53 - 2011-02-24 09:32 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Trusteer
2016-07-26 15:53 - 2010-11-10 14:48 - 00000000 ____D C:\Users\Sarah\AppData\Local\Microsoft Games
2016-07-26 15:53 - 2010-10-11 08:10 - 00000000 ____D C:\ProgramData\Uninstall
2016-07-26 15:53 - 2010-10-08 11:01 - 00000000 ____D C:\Users\Default\AppData\Roaming\Macromedia
2016-07-26 15:53 - 2010-10-08 11:01 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Macromedia
2016-07-26 15:53 - 2010-10-08 11:00 - 00000000 ____D C:\Users\Sarah\AppData\Local\Google
2016-07-26 15:53 - 2010-10-08 10:11 - 00000000 ____D C:\Users\Sarah\AppData\Local\Citrix
2016-07-26 15:53 - 2010-10-08 10:11 - 00000000 ____D C:\Users\Sarah\AppData\Local\Apps\2.0
2016-07-26 15:51 - 2013-10-16 00:15 - 00000000 ____D C:\ProgramData\Oracle
2016-07-26 15:51 - 2011-11-02 08:36 - 00000000 ____D C:\ProgramData\Skype
2016-07-26 15:51 - 2010-10-11 01:43 - 00000000 ____D C:\ProgramData\Trusteer
2016-07-26 15:51 - 2010-10-08 10:39 - 00000000 ____D C:\ProgramData\McAfee
2016-07-26 15:50 - 2015-12-03 04:36 - 00000000 ____D C:\Program Files\Common Files\AV
2016-07-26 15:50 - 2014-11-12 10:20 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-07-26 15:50 - 2014-06-23 11:29 - 00000000 ____D C:\Program Files\DIFX
2016-07-26 15:50 - 2014-01-08 05:50 - 00000000 ____D C:\ProgramData\AVAST Software
2016-07-26 15:50 - 2013-07-06 04:12 - 00000000 ____D C:\ProgramData\Garmin
2016-07-26 15:50 - 2013-06-27 07:52 - 00000000 ____D C:\Program Files\Common Files\Apple
2016-07-26 15:50 - 2013-01-28 09:19 - 00000000 ___HD C:\ProgramData\CanonIJScan
2016-07-26 15:50 - 2013-01-06 03:04 - 00000000 ____D C:\Program Files\Canon
2016-07-26 15:50 - 2013-01-06 03:03 - 00000000 ___HD C:\ProgramData\CanonBJ
2016-07-26 15:50 - 2013-01-06 03:01 - 00000000 ___HD C:\Program Files\CanonBJ
2016-07-26 15:50 - 2011-09-03 08:09 - 00000000 ____D C:\Program Files\HP
2016-07-26 15:50 - 2011-09-03 08:07 - 00000000 ____D C:\ProgramData\HP
2016-07-26 15:50 - 2010-12-06 06:59 - 00000000 ____D C:\ProgramData\Apple Computer
2016-07-26 15:50 - 2010-12-06 06:58 - 00000000 ____D C:\ProgramData\Apple
2016-07-26 15:50 - 2010-10-31 04:28 - 00000000 ____D C:\ProgramData\Alwil Software
2016-07-26 15:50 - 2010-10-11 08:10 - 00000000 ____D C:\ProgramData\Macrovision
2016-07-26 15:50 - 2010-10-08 11:48 - 00000000 ____D C:\Program Files (x86)\Windows Live
2016-07-26 15:50 - 2010-10-08 11:47 - 00000000 ____D C:\Program Files\Windows Live
2016-07-26 15:50 - 2010-10-08 11:01 - 00000000 ____D C:\ProgramData\Adobe
2016-07-26 15:50 - 2010-10-08 11:00 - 00000000 ____D C:\ProgramData\Google
2016-07-26 15:50 - 2010-10-08 10:15 - 00000000 ____D C:\ProgramData\Dell
2016-07-26 15:50 - 2010-10-08 10:15 - 00000000 ____D C:\Program Files\Dell
2016-07-26 15:50 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files\Windows Sidebar
2016-07-26 15:50 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2016-07-26 15:50 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files\Reference Assemblies
2016-07-26 15:50 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files\MSBuild
2016-07-26 15:50 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files\Microsoft Games
2016-07-26 15:50 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files\DVD Maker
2016-07-26 15:50 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files (x86)\Windows Sidebar
2016-07-26 15:50 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2016-07-26 15:50 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2016-07-26 15:50 - 2009-07-13 19:20 - 00000000 ____D C:\Program Files\Windows NT
2016-07-26 15:50 - 2009-07-13 19:20 - 00000000 ____D C:\Program Files\Common Files\System
2016-07-26 15:50 - 2009-07-13 19:20 - 00000000 ____D C:\Program Files\Common Files\SpeechEngines
2016-07-26 15:50 - 2009-07-13 19:20 - 00000000 ____D C:\Program Files (x86)\Windows NT
2016-07-26 15:49 - 2016-04-25 11:05 - 00000000 ____D C:\Program Files (x86)\QuickTime
2016-07-26 15:49 - 2015-05-11 08:19 - 00000000 ____D C:\Program Files (x86)\Real
2016-07-26 15:49 - 2015-03-26 08:03 - 00000000 ____D C:\Program Files (x86)\OpenOffice 4
2016-07-26 15:49 - 2014-06-19 03:35 - 00000000 ____D C:\Program Files (x86)\McAfee Security Scan
2016-07-26 15:49 - 2013-07-06 04:12 - 00000000 ____D C:\Program Files (x86)\Garmin
2016-07-26 15:49 - 2013-06-20 02:01 - 00000000 ____D C:\Program Files (x86)\FoxPDF Software Inc
2016-07-26 15:49 - 2013-01-31 09:07 - 00000000 ____D C:\Program Files (x86)\MSECache
2016-07-26 15:49 - 2013-01-06 02:59 - 00000000 ____D C:\Program Files (x86)\Canon
2016-07-26 15:49 - 2012-11-09 14:20 - 00000000 ____D C:\Program Files (x86)\Iconix
2016-07-26 15:49 - 2012-08-04 07:11 - 00000000 ____D C:\Program Files (x86)\Oracle
2016-07-26 15:49 - 2012-05-06 23:38 - 00000000 ____D C:\Program Files (x86)\Hewlett-Packard
2016-07-26 15:49 - 2011-11-02 08:36 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-07-26 15:49 - 2011-09-03 08:11 - 00000000 ____D C:\Program Files (x86)\HP
2016-07-26 15:49 - 2011-06-03 08:06 - 00000000 ____D C:\Program Files (x86)\Java
2016-07-26 15:49 - 2011-02-04 04:58 - 00000000 ____D C:\Program Files (x86)\Intel
2016-07-26 15:49 - 2010-10-11 08:10 - 00000000 ____D C:\Program Files (x86)\Roxio
2016-07-26 15:49 - 2010-10-11 08:08 - 00000000 ____D C:\Program Files (x86)\Creative
2016-07-26 15:49 - 2010-10-11 08:06 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-07-26 15:49 - 2010-10-11 08:06 - 00000000 ____D C:\Program Files (x86)\Dell Webcam
2016-07-26 15:49 - 2010-10-11 08:06 - 00000000 ____D C:\Program Files (x86)\Creative Live! Cam
2016-07-26 15:49 - 2010-10-11 01:44 - 00000000 ____D C:\Program Files (x86)\Trusteer
2016-07-26 15:49 - 2010-10-08 11:50 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2016-07-26 15:49 - 2010-10-08 11:00 - 00000000 ____D C:\Program Files (x86)\Google
2016-07-26 15:49 - 2010-10-08 10:20 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2016-07-26 15:49 - 2010-10-08 10:17 - 00000000 ____D C:\Program Files (x86)\Microsoft Works
2016-07-26 15:49 - 2010-10-08 10:11 - 00000000 ____D C:\Program Files (x86)\Citrix
2016-07-26 15:49 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies
2016-07-26 15:49 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files (x86)\MSBuild
2016-07-26 15:48 - 2015-10-25 02:29 - 00000000 ____D C:\Autodesk
2016-07-26 15:48 - 2015-10-24 10:11 - 00000000 ____D C:\PhSp_CS2_UE_Ret
2016-07-26 15:48 - 2011-11-19 10:22 - 00000000 ____D C:\Program Files (x86)\AEMS
2016-07-26 15:48 - 2010-11-28 10:10 - 00000000 ____D C:\49a0fd79fda93377fd41
2016-07-26 15:48 - 2010-11-24 02:42 - 00000000 ____D C:\d3428f2c357efad21ed27b32
2016-07-26 15:48 - 2010-10-12 03:36 - 00000000 ____D C:\Program Files (x86) (x86)
2016-07-26 15:48 - 2010-10-08 11:01 - 00000000 ____D C:\Program Files (x86)\Adobe
2016-07-26 14:55 - 2015-10-14 11:33 - 00000000 ___RD C:\Users\David\Podcasts
2016-07-26 14:55 - 2015-05-25 11:15 - 00000000 ____D C:\Program Files\avast software
2016-07-26 06:14 - 2010-10-08 09:57 - 00000000 ____D C:\users\Sarah
2016-07-26 03:30 - 2009-07-13 21:13 - 00794898 _____ C:\Windows\System32\PerfStringBackup.INI
2016-07-26 03:28 - 2012-04-05 07:16 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-07-26 03:22 - 2009-07-13 20:45 - 00022656 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-07-26 03:22 - 2009-07-13 20:45 - 00022656 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-07-26 03:15 - 2014-07-12 13:37 - 00065536 _____ C:\Windows\System32\Ikeext.etl
2016-07-26 03:15 - 2009-07-13 21:38 - 00067584 ____S C:\Windows\bootstat(377).dat
2016-07-26 03:15 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-07-26 02:25 - 2015-11-06 12:24 - 00007593 _____ C:\Users\Sarah\AppData\Local\Resmon.ResmonCfg
2016-07-26 01:59 - 2012-10-29 06:46 - 00000904 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4287743403-3689407997-2000695981-1007UA.job
2016-07-26 01:29 - 2013-11-11 05:20 - 00000920 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4287743403-3689407997-2000695981-1006UA.job
2016-07-25 20:59 - 2012-10-29 06:46 - 00000852 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4287743403-3689407997-2000695981-1007Core.job
2016-07-25 04:29 - 2013-11-11 05:20 - 00000898 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4287743403-3689407997-2000695981-1006Core.job
2016-07-25 02:00 - 2010-10-10 06:48 - 00065140 _____ C:\Users\Sarah\AppData\Roaming\wklnhst.dat
2016-07-24 10:49 - 2016-01-07 12:35 - 00000000 ____D C:\Users\Sarah\Documents\My Digital Editions
2016-07-24 02:27 - 2014-12-30 06:53 - 00000000 ____D C:\Users\Sarah\Documents\DS CARPENTRY ENTERPRISE 2014-16
2016-07-23 03:01 - 2010-10-12 01:48 - 00000000 ____D C:\Users\Sarah\Documents\Financial Personal
2016-07-20 05:41 - 2015-03-19 01:09 - 00000000 ____D C:\Users\Sarah\Documents\DYNAMICS
2016-07-19 05:00 - 2015-04-07 04:20 - 00000000 ____D C:\Users\Sarah\Documents\Sarah's Enterprises
2016-07-18 12:09 - 2010-10-31 04:29 - 00473592 _____ (AVAST Software) C:\Windows\System32\Drivers\aswsp.sys.146887259352105
2016-07-18 12:05 - 2010-10-31 04:29 - 00473592 _____ (AVAST Software) C:\Windows\System32\Drivers\aswsp.sys.146887258094902
2016-07-18 10:57 - 2009-07-13 21:08 - 00032620 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-07-18 07:55 - 2010-10-11 04:46 - 00000000 ____D C:\Users\Sarah\AppData\Local\ElevatedDiagnostics
2016-07-17 09:42 - 2014-12-26 02:46 - 00004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2016-07-17 02:58 - 2009-07-13 18:34 - 00000501 _____ C:\Windows\win.ini
2016-07-17 02:54 - 2014-04-17 07:20 - 00000000 ____D C:\ProgramData\TweakBit
2016-07-17 00:37 - 2012-04-05 07:16 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-07-17 00:36 - 2012-04-05 07:16 - 00796352 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-07-17 00:36 - 2011-05-16 01:10 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-07-11 10:52 - 2016-01-09 09:27 - 00000000 ____D C:\Users\Sarah\Documents\All Online Shops
2016-07-11 04:01 - 2015-06-04 03:44 - 00215560 _____ (IBM Corp.) C:\Windows\System32\Drivers\RapportHades64.sys
2016-07-11 04:01 - 2011-02-24 09:32 - 00470056 _____ (IBM Corp.) C:\Windows\System32\Drivers\RapportKE64.sys
2016-07-10 07:20 - 2015-03-02 12:52 - 00000000 ____D C:\Users\Sarah\Documents\AutoEntrepreneur  2016
2016-06-27 22:49 - 2009-07-13 20:45 - 00361368 _____ C:\Windows\System32\FNTCACHE.DAT
2016-06-27 09:49 - 2010-10-08 10:11 - 00083344 _____ C:\Users\Sarah\AppData\Local\GDIPFONTCACHEV1.DAT

Files to move or delete:
====================
C:\ProgramData\fontcacheev1.dat


Some files in TEMP:
====================
C:\Users\Guest\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Sarah\AppData\Local\Temp\adguard.exe
C:\Users\Sarah\AppData\Local\Temp\adguard_1.exe
C:\Users\Sarah\AppData\Local\Temp\driverupdater-setup.exe
C:\Users\Sarah\AppData\Local\Temp\MegaBackup.exe
C:\Users\Sarah\AppData\Local\Temp\pcspeedup-setup.exe
C:\Users\Sarah\AppData\Local\Temp\setup.exe
C:\Users\Sarah\AppData\Local\Temp\_is287D.exe
C:\Users\Sarah\AppData\Local\Temp\_is2EC4.exe
C:\Users\Sarah\AppData\Local\Temp\_is410C.exe
C:\Users\Sarah\AppData\Local\Temp\_is74D4.exe
C:\Users\Sarah\AppData\Local\Temp\_is88AF.exe
C:\Users\Sarah\AppData\Local\Temp\_is9627.exe
C:\Users\Sarah\AppData\Local\Temp\_isA2A7.exe
C:\Users\Sarah\AppData\Local\Temp\_isA2B7.exe
C:\Users\Sarah\AppData\Local\Temp\_isB348.exe
C:\Users\Sarah\AppData\Local\Temp\_isB905.exe
C:\Users\Sarah\AppData\Local\Temp\_isC0CF.exe
C:\Users\Sarah\AppData\Local\Temp\_isC46A.exe
C:\Users\Sarah\AppData\Local\Temp\_isC4F4.exe
C:\Users\Sarah\AppData\Local\Temp\_isD54F.exe
C:\Users\Sarah\AppData\Local\Temp\_isDCC.exe
C:\Users\Sarah\AppData\Local\Temp\_isDE5.exe


==================== Known DLLs (Whitelisted) =========================


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe
[2016-06-17 13:24] - [2016-04-08 21:53] - 3231232 ____A (Microsoft Corporation) 9DA3B83F80E205B6C601EEE1312FD0A0

C:\Windows\SysWOW64\explorer.exe
[2016-06-17 13:24] - [2016-04-08 21:44] - 2973184 ____A (Microsoft Corporation) 3DA48EA028AD771C5B71727F0C3984E9

C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\dnsapi.dll => MD5 is legit
C:\Windows\SysWOW64\dnsapi.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== Association (Whitelisted) =============


==================== Restore Points =========================

Restore point date: 2016-07-21 10:05
Restore point date: 2016-07-21 10:07
Restore point date: 2016-07-23 11:20
Restore point date: 2016-07-25 11:27
Restore point date: 2016-07-26 02:29
Restore point date: 2016-07-26 03:32
Restore point date: 2016-07-26 15:58

==================== Memory info ===========================

Percentage of memory in use: 22%
Total physical RAM: 3032.36 MB
Available physical RAM: 2350.5 MB
Total Virtual: 3030.51 MB
Available Virtual: 2413.53 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:232.79 GB) (Free:131.52 GB) NTFS
Drive g: (USB DISK) (Removable) (Total:3.73 GB) (Free:3.72 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[system with boot components (obtained from drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: F7E162B4)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=232.8 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 3.7 GB) (Disk ID: C3072E18)
Partition 1: (Not Active) - (Size=3.7 GB) - (Type=0C)


LastRegBack: 2016-07-08 03:11

==================== End of FRST.txt ============================


Edited by hamluis, 26 July 2016 - 11:07 AM.
Moved from Win 7 to Malware Removal Logs - Hamluis.


BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,005 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:57 AM

Posted 30 July 2016 - 03:27 PM

Greetings Sarah and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far.
 

tried several just got error messages tried to restore from an external hard drive as that was the last time computer was okay,

What external drive?

If you are able to boot your computer after running the first step please stop and let me know. If not, complete the second step.

===================================================

Last Known Good Configuration

--------------------
  • Reboot your computer
  • Gently tap the F8 key repeatedly until you are presented with a Windows Advanced Options menu
  • Select Last Known Good Configuration using the arrow keys
  • Press Enter on your keyboard and attempt to boot into Normal Mode or Safe Mode
===================================================

Diagnose Blue Screen of Death (BSOD) Errors by Disabling Automatic Restart

--------------------
  • When you boot your machine, press F8 to list the startup options, exactly as you would if you were trying to enter Safe Mode
  • Select Disable Automatic Restart on System Failure, as shown here:

advancedoptions.png

  • When your system BSODs, write down the STOP error code, as well as any written out error message back here. The STOP error will always appear, but the message may not.

bsod_c.jpg

  • Please include this information in your reply.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • What external drive?
  • Does your computer boot properly?
  • Blue screen information

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,005 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:57 AM

Posted 03 August 2016 - 08:54 AM

Greetings,

===================================================

Do You Still Need Help?

It has been 3 days since my last post.
  • Do you still need help with this?
  • If you have not replied within 48 hours I will assume you have abandoned the Topic and it will be closed.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,005 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:57 AM

Posted 05 August 2016 - 09:15 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users