Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

boot critical error 0x490 please help

Troubleshooting issues with software, including all version of Windows.

boot critical error 0x490 please help

Unread postby lcox » July 21st, 2014, 11:18 am

Hi
Please could someone help. I have a Toshiba Satellite laptop with windows HP 7 and cannot open windows start computer. It has come up with a boot critical message file d:\windows\system32\drivers\partmgr.sys is corrupt error code 0x490. I have tried booting up in last good configuration. Do not have the recovery discs.
Thanks
lcox
Active Member
 
Posts: 5
Joined: July 21st, 2014, 11:13 am
Advertisement
Register to Remove

Re: boot critical error 0x490 please help

Unread postby Gary R » July 21st, 2014, 11:32 am

Are you able to boot into Recovery Environment, and do you have access to another computer on which you can download programs to a USB drive ?

If you can ...

  • Download FRST64 to a USB flash drive.
  • Plug the USB drive into the infected machine.

Boot your computer into Recovery Environment

  • Restart the computer and press F8 repeatedly until the Advanced Options Menu appears.
  • Select Repair your computer.
  • Select Language and click Next
  • Enter password (if necessary) and click OK, you should now see the screen below ...

Image

  • Select the Command Prompt option.
  • A command window will open.
    • Type notepad then hit Enter.
    • Notepad will open.
      • Click File > Open then select Computer.
      • Note down the drive letter for your USB Drive.
      • Close Notepad.
  • Back in the command window ....
    • Type e:/frst64.exe and hit Enter (where e: is replaced by the drive letter for your USB drive)
    • FRST will start to run.
      • When the tool opens click Yes to disclaimer.
      • Press Scan button.
      • When finished scanning it will make a log FRST.txt on the flash drive.
  • Close the command window.
  • Boot back into normal mode and post me the FRST.txt log please.
User avatar
Gary R
Administrator
Administrator
 
Posts: 21869
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: boot critical error 0x490 please help

Unread postby lcox » July 22nd, 2014, 6:15 am

Hi
Thanks for quick reply below is the log.

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 20-07-2014
Ran by SYSTEM on MININT-RMLBRQH on 21-07-2014 20:30:29
Running from g:\
Platform: Windows 7 Home Premium (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Recovery

The current controlset is ControlSet002
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.


The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/downloa ... ool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/downloa ... ool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10144288 2010-04-06] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2107176 2010-03-11] (Synaptics Incorporated)
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [505768 2010-05-25] (TOSHIBA Corporation)
HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [709976 2010-02-05] (TOSHIBA Corporation)
HKLM\...\Run: [ThpSrv] => C:\Windows\system32\thpsrv /logon
HKLM\...\Run: [LogMeIn GUI] => C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe [57928 2010-09-17] (LogMeIn, Inc.)
HKLM-x32\...\Run: [TOSDCR] => C:\Program Files (x86)\TOSHIBA\PasswordUtility\TOSDCR.exe [169296 2007-08-28] ()
HKLM-x32\...\Run: [ITSecMng] => C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe [83336 2009-07-22] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [ToshibaServiceStation] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1294136 2009-10-06] (TOSHIBA Corporation)
HKLM-x32\...\Run: [TSleepSrv] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe [252728 2010-04-01] (TOSHIBA)
HKLM-x32\...\Run: [mcui_exe] => "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
HKLM-x32\...\Run: [AdobeCS4ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [611712 2008-08-13] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4086432 2014-07-15] (AVAST Software)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-20] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\Administrator\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2014-02-24] (Google Inc.)
HKU\Default\...\Run: [TOSHIBA Online Product Information] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe [4581280 2010-03-03] (TOSHIBA)
HKU\Default\...\RunOnce: [mctadmin] => C:\Windows\System32\mctadmin.exe [97280 2009-07-13] (Microsoft Corporation)
HKU\Default User\...\Run: [TOSHIBA Online Product Information] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe [4581280 2010-03-03] (TOSHIBA)
HKU\Default User\...\RunOnce: [mctadmin] => C:\Windows\System32\mctadmin.exe [97280 2009-07-13] (Microsoft Corporation)
HKU\LogMeInRemoteUser\...\Run: [TOSHIBA Online Product Information] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe [4581280 2010-03-03] (TOSHIBA)
HKU\LogMeInRemoteUser\...\RunOnce: [mctadmin] => C:\Windows\System32\mctadmin.exe [97280 2009-07-13] (Microsoft Corporation)
HKU\LogMeInRemoteUser\...\RunOnce: [spchecker] => "C:\Program Files (x86)\AVG\AVG10\Notification\SPCheckerTE.exe"
HKU\Lynn\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-11-20] (Apple Inc.)
HKU\Lynn\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-11-20] (Apple Inc.)
HKU\Lynn\...\Run: [Google Update] => C:\Users\Lynn\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-11-05] (Google Inc.)
Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\LogMeInRemoteUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\Lynn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Azabat Software.lnk
ShortcutTarget: Azabat Software.lnk -> C:\Program Files (x86)\azabat\menu.exe (No File)
Startup: C:\Users\Lynn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> (No File)
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers-x32: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers-x32: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers-x32: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers-x32: EnhancedStorageShell -> {D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D} => No File
ShellIconOverlayIdentifiers-x32: SharingPrivate -> {08244EE6-92F0-47f2-9FC9-929BAA2E7235} => No File

==================== Services (Whitelisted) =================

S2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [143120 2013-05-23] (SUPERAntiSpyware.com)
S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-07-15] (AVAST Software)
S2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [376144 2014-06-07] (LogMeIn, Inc.)
S2 LMIMaint; C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe [226640 2014-06-07] (LogMeIn, Inc.)
S2 LogMeIn; C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe [407424 2010-11-08] (LogMeIn, Inc.)
S2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-03-05] ()
S3 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [124368 2010-05-11] (Toshiba Europe GmbH)
S2 wlidsvc; C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2286976 2010-09-21] (Microsoft Corp.)
S3 GSService; "C:\Windows\SysWOW64\GSService.exe" [X]
S3 JTVNCProxy_14.0; C:\Program Files\Freedom Scientific\JAWS\14.0\JTVNCProxy.exe [X]
S2 McAfee SiteAdvisor Service; c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe [X]
S2 McMPFSvc; "C:\Program Files\Common Files\McSvHost.exe" /McCoreSvc [X]
S2 mcmscsvc; "C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [X]
S2 McNaiAnn; "C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [X]
S3 McODS; "C:\ProgramData\McAfee\msc\Updates\Installs\1\vso\%VSINSTALL_DIR64%\mcods.exe" [X]

==================== Drivers (Whitelisted) ====================

S2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-07-15] ()
S2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-07-15] (AVAST Software)
S1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-07-15] (AVAST Software)
S0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-07-15] ()
S1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-07-15] (AVAST Software)
S1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-07-15] (AVAST Software)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-07-15] (AVAST Software)
S1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2014-01-22] (AVAST Software)
S0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-07-15] ()
S2 Freedom Scientific Kernel Manager; C:\Windows\System32\fsKMgr.dll [29712 2013-06-25] (Freedom Scientific, Inc.)
S3 fsvidmir_service; C:\Windows\System32\DRIVERS\fsvidmir.sys [15856 2013-06-25] (Freedom Scientific, Inc.)
S2 LMIInfo; C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [16056 2013-06-03] (LogMeIn, Inc.)
S4 LMIRfsClientNP; No ImagePath
S2 MSK80Service;
S1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S2 Sentinel64; C:\Windows\System32\Drivers\Sentinel64.sys [145448 2008-07-10] (SafeNet, Inc.)
S3 SndTAudio; C:\Windows\System32\drivers\SndTAudio.sys [34088 2012-11-30] (Windows (R) Win 7 DDK provider)
S3 Tosrfcom; No ImagePath
S3 PowerBrl; \??\C:\Windows\system32\Drivers\powerbrl.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-07-21 17:34 - 2014-07-21 19:49 - 00000000 ____D () C:\FRST
2014-07-17 03:33 - 2014-07-17 03:33 - 00003340 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1480214603-3922382801-2139169186-1001
2014-07-17 03:33 - 2014-07-17 03:33 - 00003204 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1480214603-3922382801-2139169186-1001
2014-07-15 08:29 - 2014-07-17 03:52 - 00003362 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1480214603-3922382801-2139169186-1001
2014-07-15 08:29 - 2014-07-17 03:52 - 00003226 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1480214603-3922382801-2139169186-1001
2014-07-15 04:27 - 2014-07-15 04:27 - 01070592 _____ () C:\Users\Lynn\Downloads\MicrosoftFixit50569 (1).msi
2014-07-15 02:40 - 2014-07-15 02:40 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-07-15 02:25 - 2014-07-15 02:25 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Apple
2014-07-09 04:36 - 2014-07-09 04:36 - 00164142 _____ () C:\Users\Lynn\Downloads\WordPress-Services-Toolkit.zip
2014-07-09 00:25 - 2014-06-29 18:09 - 00519168 _____ (Microsoft Corporation) C:\Windows\System32\aepdu.dll
2014-07-09 00:25 - 2014-06-29 18:04 - 00424448 _____ (Microsoft Corporation) C:\Windows\System32\aeinv.dll
2014-07-09 00:25 - 2014-06-17 18:18 - 00692736 _____ (Microsoft Corporation) C:\Windows\System32\osk.exe
2014-07-09 00:25 - 2014-06-17 17:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2014-07-09 00:25 - 2014-06-17 17:10 - 03157504 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys
2014-07-09 00:25 - 2014-06-06 02:10 - 00624128 _____ (Microsoft Corporation) C:\Windows\System32\qedit.dll
2014-07-09 00:25 - 2014-06-06 01:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-07-09 00:25 - 2014-05-29 22:45 - 00497152 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\afd.sys
2014-07-09 00:24 - 2014-06-20 12:14 - 00266424 _____ (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2014-07-09 00:24 - 2014-06-20 11:39 - 00240824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-07-09 00:24 - 2014-06-18 17:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2014-07-09 00:24 - 2014-06-18 17:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollectorres.dll
2014-07-09 00:24 - 2014-06-18 16:48 - 02768384 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2014-07-09 00:24 - 2014-06-18 16:42 - 00066048 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2014-07-09 00:24 - 2014-06-18 16:41 - 00048640 _____ (Microsoft Corporation) C:\Windows\System32\ieetwproxystub.dll
2014-07-09 00:24 - 2014-06-18 16:32 - 00051200 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2014-07-09 00:24 - 2014-06-18 16:31 - 00033792 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2014-07-09 00:24 - 2014-06-18 16:24 - 00111616 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollector.exe
2014-07-09 00:24 - 2014-06-18 16:16 - 17276416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-07-09 00:24 - 2014-06-18 16:09 - 00452608 _____ (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2014-07-09 00:24 - 2014-06-18 15:59 - 00038400 _____ (Microsoft Corporation) C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-07-09 00:24 - 2014-06-18 15:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-07-09 00:24 - 2014-06-18 15:39 - 00608768 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2014-07-09 00:24 - 2014-06-18 15:38 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-07-09 00:24 - 2014-06-18 15:37 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-07-09 00:24 - 2014-06-18 15:36 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-07-09 00:24 - 2014-06-18 15:35 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-07-09 00:24 - 2014-06-18 15:33 - 00631808 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2014-07-09 00:24 - 2014-06-18 15:32 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-07-09 00:24 - 2014-06-18 15:28 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-07-09 00:24 - 2014-06-18 15:28 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-07-09 00:24 - 2014-06-18 15:27 - 02040832 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2014-07-09 00:24 - 2014-06-18 15:25 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-07-09 00:24 - 2014-06-18 15:23 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-07-09 00:24 - 2014-06-18 15:22 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-07-09 00:24 - 2014-06-18 15:12 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-07-09 00:24 - 2014-06-18 15:06 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-07-09 00:24 - 2014-06-18 15:01 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-07-09 00:24 - 2014-06-18 14:59 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-07-09 00:24 - 2014-06-18 14:58 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-07-09 00:24 - 2014-06-18 14:52 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-07-09 00:24 - 2014-06-18 14:49 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-07-09 00:24 - 2014-06-18 14:46 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-07-09 00:24 - 2014-06-18 14:45 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-07-09 00:24 - 2014-06-18 14:35 - 11742208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-07-09 00:24 - 2014-06-18 14:34 - 01393664 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2014-07-09 00:24 - 2014-06-18 14:13 - 01791488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-07-09 00:24 - 2014-06-18 14:09 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-07-09 00:24 - 2014-06-18 14:07 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-07-09 00:24 - 2014-05-30 00:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\System32\kerberos.dll
2014-07-09 00:24 - 2014-05-30 00:08 - 00340992 _____ (Microsoft Corporation) C:\Windows\System32\schannel.dll
2014-07-09 00:24 - 2014-05-30 00:08 - 00314880 _____ (Microsoft Corporation) C:\Windows\System32\msv1_0.dll
2014-07-09 00:24 - 2014-05-30 00:08 - 00307200 _____ (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2014-07-09 00:24 - 2014-05-30 00:08 - 00210944 _____ (Microsoft Corporation) C:\Windows\System32\wdigest.dll
2014-07-09 00:24 - 2014-05-30 00:08 - 00086528 _____ (Microsoft Corporation) C:\Windows\System32\TSpkg.dll
2014-07-09 00:24 - 2014-05-30 00:08 - 00022016 _____ (Microsoft Corporation) C:\Windows\System32\credssp.dll
2014-07-09 00:24 - 2014-05-29 23:52 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-07-09 00:24 - 2014-05-29 23:52 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-07-09 00:24 - 2014-05-29 23:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-07-09 00:24 - 2014-05-29 23:52 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-07-09 00:24 - 2014-05-29 23:52 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-07-09 00:24 - 2014-05-29 23:52 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-07-09 00:24 - 2014-05-29 23:52 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-07-09 00:23 - 2014-06-18 17:39 - 23464448 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2014-07-09 00:23 - 2014-06-18 16:42 - 00548352 _____ (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2014-07-09 00:23 - 2014-06-18 16:41 - 00083968 _____ (Microsoft Corporation) C:\Windows\System32\MshtmlDac.dll
2014-07-09 00:23 - 2014-06-18 16:26 - 00598016 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2014-07-09 00:23 - 2014-06-18 16:24 - 00139264 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2014-07-09 00:23 - 2014-06-18 16:23 - 00752640 _____ (Microsoft Corporation) C:\Windows\System32\jscript9diag.dll
2014-07-09 00:23 - 2014-06-18 16:14 - 00940032 _____ (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
2014-07-09 00:23 - 2014-06-18 15:53 - 00195584 _____ (Microsoft Corporation) C:\Windows\System32\msrating.dll
2014-07-09 00:23 - 2014-06-18 15:51 - 05721088 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2014-07-09 00:23 - 2014-06-18 15:50 - 00085504 _____ (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2014-07-09 00:23 - 2014-06-18 15:48 - 00292864 _____ (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2014-07-09 00:23 - 2014-06-18 15:27 - 01249280 _____ (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll
2014-07-09 00:23 - 2014-06-18 14:58 - 02266112 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2014-07-09 00:23 - 2014-06-18 14:51 - 13527040 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2014-07-09 00:23 - 2014-06-18 14:15 - 00846336 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2014-07-09 00:23 - 2014-06-05 06:45 - 01460736 _____ (Microsoft Corporation) C:\Windows\System32\lsasrv.dll
2014-07-09 00:23 - 2014-06-05 06:26 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-07-09 00:23 - 2014-06-05 06:25 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-07-09 00:02 - 2014-07-09 00:02 - 00000000 ____D () C:\Users\Administrator\AppData\Local\LogMeInIgnition
2014-07-02 08:33 - 2014-07-02 08:33 - 00001158 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-07-02 08:33 - 2014-07-02 08:33 - 00000000 ____D () C:\ProgramData\Mozilla
2014-07-02 08:33 - 2014-07-02 08:33 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-07-02 08:33 - 2014-07-02 08:33 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-07-02 08:31 - 2014-07-02 08:32 - 00283952 _____ (Mozilla) C:\Users\Lynn\Downloads\Firefox Setup Stub 30.0.exe
2014-07-02 07:56 - 2014-07-02 07:56 - 01070592 _____ () C:\Users\Lynn\Downloads\MicrosoftFixit50569.msi
2014-07-02 07:20 - 2014-07-02 07:20 - 02347384 _____ (ESET) C:\Users\Lynn\Downloads\esetsmartinstaller_enu (1).exe
2014-07-02 06:18 - 2014-07-02 06:18 - 02347384 _____ (ESET) C:\Users\Lynn\Downloads\esetsmartinstaller_enu.exe
2014-07-02 06:05 - 2014-07-02 06:05 - 00000000 ____D () C:\Windows\ERUNT
2014-07-02 05:26 - 2010-08-29 23:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-07-02 05:25 - 2014-07-02 08:20 - 00000000 ____D () C:\AdwCleaner
2014-07-01 21:30 - 2014-07-01 21:30 - 00608112 _____ () C:\Users\Lynn\Downloads\6 Figure Teleseminar Report
2014-07-01 21:21 - 2014-07-01 21:21 - 00000824 _____ () C:\Users\Lynn\Downloads\calendar (2).ics
2014-07-01 21:21 - 2014-07-01 21:21 - 00000824 _____ () C:\Users\Lynn\Downloads\calendar (1).ics
2014-07-01 21:20 - 2014-07-01 21:20 - 00000824 _____ () C:\Users\Lynn\Downloads\calendar.ics
2014-06-30 08:50 - 2014-06-30 08:50 - 00000325 _____ () C:\Users\Lynn\Downloads\admhelper (3).adh
2014-06-30 08:50 - 2014-06-30 08:50 - 00000325 _____ () C:\Users\Lynn\Downloads\admhelper (2).adh
2014-06-30 08:49 - 2014-06-30 08:49 - 00000328 _____ () C:\Users\Lynn\Downloads\admhelper.adh
2014-06-30 08:49 - 2014-06-30 08:49 - 00000328 _____ () C:\Users\Lynn\Downloads\admhelper (1).adh
2014-06-24 21:15 - 2014-07-10 03:28 - 00000000 ___SD () C:\Windows\System32\CompatTel
2014-06-24 20:57 - 2013-05-09 21:56 - 14631424 _____ (Microsoft Corporation) C:\Windows\System32\wmp.dll
2014-06-24 20:57 - 2013-05-09 21:56 - 12625920 _____ (Microsoft Corporation) C:\Windows\System32\wmploc.DLL
2014-06-24 20:57 - 2013-05-09 20:56 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2014-06-24 20:57 - 2013-05-09 20:56 - 11410432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll

==================== One Month Modified Files and Folders =======

2014-07-21 19:49 - 2014-07-21 17:34 - 00000000 ____D () C:\FRST
2014-07-21 06:54 - 2014-02-24 08:11 - 00000890 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-21 06:43 - 2014-02-24 08:11 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-21 06:25 - 2010-12-01 21:03 - 01406079 _____ () C:\Windows\WindowsUpdate.log
2014-07-21 06:24 - 2009-07-13 20:45 - 00016304 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-21 06:24 - 2009-07-13 20:45 - 00016304 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-21 06:10 - 2012-05-03 02:54 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-07-21 05:58 - 2013-11-05 08:23 - 00000904 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1480214603-3922382801-2139169186-1001UA.job
2014-07-21 05:55 - 2011-03-08 09:06 - 00000000 ____D () C:\ProgramData\LogMeIn
2014-07-21 05:53 - 2009-07-13 21:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-21 05:52 - 2009-07-13 20:51 - 00166315 _____ () C:\Windows\setupact.log
2014-07-17 03:52 - 2014-07-15 08:29 - 00003362 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1480214603-3922382801-2139169186-1001
2014-07-17 03:52 - 2014-07-15 08:29 - 00003226 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1480214603-3922382801-2139169186-1001
2014-07-17 03:52 - 2012-05-04 12:59 - 00000000 ___RD () C:\Users\Lynn\Dropbox
2014-07-17 03:52 - 2012-05-04 12:20 - 00000000 ____D () C:\Users\Lynn\AppData\Roaming\Dropbox
2014-07-17 03:51 - 2014-05-16 01:31 - 00000000 ____D () C:\Users\Lynn\AppData\Roaming\DropboxMaster
2014-07-17 03:45 - 2013-09-24 06:03 - 00000000 ____D () C:\Users\Lynn\AppData\Local\2FAFD42E-B644-4862-B97C-FF916ADDDF83.aplzod
2014-07-17 03:40 - 2011-04-28 06:53 - 00000000 ____D () C:\Users\Lynn\Documents\Outlook Files
2014-07-17 03:38 - 2011-03-24 08:59 - 00000000 ____D () C:\Program Files\Freedom Scientific
2014-07-17 03:33 - 2014-07-17 03:33 - 00003340 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1480214603-3922382801-2139169186-1001
2014-07-17 03:33 - 2014-07-17 03:33 - 00003204 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1480214603-3922382801-2139169186-1001
2014-07-17 03:32 - 2013-06-04 06:05 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-07-17 03:06 - 2013-11-05 08:23 - 00000852 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1480214603-3922382801-2139169186-1001Core.job
2014-07-17 01:09 - 2011-04-16 08:33 - 00003926 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{FA112DB7-BDA9-42D3-B11A-86B25AD2F21C}
2014-07-15 06:36 - 2010-12-01 20:58 - 00546534 _____ () C:\Windows\PFRO.log
2014-07-15 06:09 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\AppCompat
2014-07-15 05:43 - 2014-06-20 06:35 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\MBAMSwissArmy.sys
2014-07-15 04:27 - 2014-07-15 04:27 - 01070592 _____ () C:\Users\Lynn\Downloads\MicrosoftFixit50569 (1).msi
2014-07-15 02:41 - 2013-06-04 06:05 - 00001973 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-07-15 02:40 - 2014-07-15 02:40 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-07-15 02:40 - 2014-05-28 10:24 - 00029208 _____ () C:\Windows\System32\Drivers\aswHwid.sys
2014-07-15 02:40 - 2014-02-24 08:04 - 00092008 _____ (AVAST Software) C:\Windows\System32\Drivers\aswstm.sys
2014-07-15 02:40 - 2013-06-04 06:05 - 01041168 _____ (AVAST Software) C:\Windows\System32\Drivers\aswsnx.sys
2014-07-15 02:40 - 2013-06-04 06:05 - 00427360 _____ (AVAST Software) C:\Windows\System32\Drivers\aswsp.sys
2014-07-15 02:40 - 2013-06-04 06:05 - 00307344 _____ (AVAST Software) C:\Windows\System32\aswBoot.exe
2014-07-15 02:40 - 2013-06-04 06:05 - 00224896 _____ () C:\Windows\System32\Drivers\aswVmm.sys
2014-07-15 02:40 - 2013-06-04 06:05 - 00093568 _____ (AVAST Software) C:\Windows\System32\Drivers\aswRdr2.sys
2014-07-15 02:40 - 2013-06-04 06:05 - 00079184 _____ (AVAST Software) C:\Windows\System32\Drivers\aswMonFlt.sys
2014-07-15 02:40 - 2013-06-04 06:05 - 00065776 _____ () C:\Windows\System32\Drivers\aswRvrt.sys
2014-07-15 02:25 - 2014-07-15 02:25 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Apple
2014-07-15 02:25 - 2013-06-06 04:44 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-07-14 01:03 - 2009-07-13 21:13 - 00795246 _____ () C:\Windows\System32\PerfStringBackup.INI
2014-07-13 13:23 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\rescache
2014-07-13 08:07 - 2009-07-13 21:08 - 00032608 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-07-10 03:28 - 2014-06-24 21:15 - 00000000 ___SD () C:\Windows\System32\CompatTel
2014-07-10 02:48 - 2009-07-13 20:45 - 00416688 _____ () C:\Windows\System32\FNTCACHE.DAT
2014-07-10 02:45 - 2009-07-13 23:45 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-10 02:45 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-07-10 02:44 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\System32\Dism
2014-07-10 00:18 - 2011-04-16 08:24 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-07-10 00:15 - 2013-08-07 18:40 - 00000000 ____D () C:\Windows\System32\MRT
2014-07-10 00:11 - 2011-05-04 02:56 - 96441528 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe
2014-07-09 04:36 - 2014-07-09 04:36 - 00164142 _____ () C:\Users\Lynn\Downloads\WordPress-Services-Toolkit.zip
2014-07-09 00:02 - 2014-07-09 00:02 - 00000000 ____D () C:\Users\Administrator\AppData\Local\LogMeInIgnition
2014-07-08 23:59 - 2012-05-03 02:54 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-07-08 23:59 - 2012-05-03 02:54 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-07-08 23:59 - 2011-05-19 12:44 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-07-02 10:43 - 2011-03-09 06:58 - 00000000 ____D () C:\Users\Lynn\AppData\Roaming\Skype
2014-07-02 08:33 - 2014-07-02 08:33 - 00001158 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-07-02 08:33 - 2014-07-02 08:33 - 00000000 ____D () C:\ProgramData\Mozilla
2014-07-02 08:33 - 2014-07-02 08:33 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-07-02 08:33 - 2014-07-02 08:33 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-07-02 08:33 - 2011-03-09 05:51 - 00000000 ____D () C:\Users\Lynn\AppData\Roaming\Mozilla
2014-07-02 08:33 - 2011-03-09 05:51 - 00000000 ____D () C:\Users\Lynn\AppData\Local\Mozilla
2014-07-02 08:32 - 2014-07-02 08:31 - 00283952 _____ (Mozilla) C:\Users\Lynn\Downloads\Firefox Setup Stub 30.0.exe
2014-07-02 08:20 - 2014-07-02 05:25 - 00000000 ____D () C:\AdwCleaner
2014-07-02 07:56 - 2014-07-02 07:56 - 01070592 _____ () C:\Users\Lynn\Downloads\MicrosoftFixit50569.msi
2014-07-02 07:20 - 2014-07-02 07:20 - 02347384 _____ (ESET) C:\Users\Lynn\Downloads\esetsmartinstaller_enu (1).exe
2014-07-02 06:18 - 2014-07-02 06:18 - 02347384 _____ (ESET) C:\Users\Lynn\Downloads\esetsmartinstaller_enu.exe
2014-07-02 06:05 - 2014-07-02 06:05 - 00000000 ____D () C:\Windows\ERUNT
2014-07-02 05:18 - 2014-05-20 06:54 - 00029575 _____ () C:\Windows\IE11_main.log
2014-07-01 21:30 - 2014-07-01 21:30 - 00608112 _____ () C:\Users\Lynn\Downloads\6 Figure Teleseminar Report
2014-07-01 21:21 - 2014-07-01 21:21 - 00000824 _____ () C:\Users\Lynn\Downloads\calendar (2).ics
2014-07-01 21:21 - 2014-07-01 21:21 - 00000824 _____ () C:\Users\Lynn\Downloads\calendar (1).ics
2014-07-01 21:20 - 2014-07-01 21:20 - 00000824 _____ () C:\Users\Lynn\Downloads\calendar.ics
2014-06-30 08:50 - 2014-06-30 08:50 - 00000325 _____ () C:\Users\Lynn\Downloads\admhelper (3).adh
2014-06-30 08:50 - 2014-06-30 08:50 - 00000325 _____ () C:\Users\Lynn\Downloads\admhelper (2).adh
2014-06-30 08:49 - 2014-06-30 08:49 - 00000328 _____ () C:\Users\Lynn\Downloads\admhelper.adh
2014-06-30 08:49 - 2014-06-30 08:49 - 00000328 _____ () C:\Users\Lynn\Downloads\admhelper (1).adh
2014-06-29 18:09 - 2014-07-09 00:25 - 00519168 _____ (Microsoft Corporation) C:\Windows\System32\aepdu.dll
2014-06-29 18:04 - 2014-07-09 00:25 - 00424448 _____ (Microsoft Corporation) C:\Windows\System32\aeinv.dll
2014-06-28 02:19 - 2014-06-17 06:01 - 00779556 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-06-24 21:15 - 2009-07-13 21:32 - 00000000 ____D () C:\Program Files\Windows Defender
2014-06-24 21:15 - 2009-07-13 21:32 - 00000000 ____D () C:\Program Files (x86)\Windows Defender

Files to move or delete:
====================
C:\ProgramData\TempMOBK-update-6f587c3c1a49f2fdf5254a3e5ed05791.exe
C:\Users\Lynn\iTunes64Setup.exe


Some content of TEMP:
====================
C:\Users\Administrator\AppData\Local\Temp\ExcelColumnAndRowHeadersJAWS.exe
C:\Users\Administrator\AppData\Local\Temp\JAWS13BasicTraining1.exe
C:\Users\Administrator\AppData\Local\Temp\JAWS13BasicTraining2.exe
C:\Users\Administrator\AppData\Local\Temp\JAWS13BasicTraining3.exe
C:\Users\Administrator\AppData\Local\Temp\JAWS13BasicTraining4.exe
C:\Users\Administrator\AppData\Local\Temp\JAWS13BasicTraining5.exe
C:\Users\Administrator\AppData\Local\Temp\JAWS13BasicTraining6.exe
C:\Users\Administrator\AppData\Local\Temp\JAWS13BasicTraining7.exe
C:\Users\Administrator\AppData\Local\Temp\JAWS13BasicTraining8.exe
C:\Users\Administrator\AppData\Local\Temp\JAWS13BasicTraining9.exe
C:\Users\Administrator\AppData\Local\Temp\JAWSUpdate.dll
C:\Users\Administrator\AppData\Local\Temp\OpenBookOverview.exe
C:\Users\Administrator\AppData\Local\Temp\PlaceMarkers.exe
C:\Users\Administrator\AppData\Local\Temp\ResearchIt.exe
C:\Users\Administrator\AppData\Local\Temp\SettingsCenter.exe
C:\Users\Administrator\AppData\Local\Temp\Tandem.exe
C:\Users\Administrator\AppData\Local\Temp\TextAnalyzer.exe
C:\Users\Administrator\AppData\Local\Temp\VirtualRibbonMenus.exe
C:\Users\Administrator\AppData\Local\Temp\VoiceProfiles.exe
C:\Users\Administrator\AppData\Local\Temp\WhatIsNew14.exe
C:\Users\Administrator\AppData\Local\Temp\WordIndex.exe
C:\Users\Administrator\AppData\Local\Temp\XTraCustomLabelsWordIE.exe
C:\Users\Administrator\AppData\Local\Temp\XTraDocumentPresentationAndHTMLElementSelection.exe
C:\Users\Administrator\AppData\Local\Temp\XTraExcelFormsJAWS.exe
C:\Users\Administrator\AppData\Local\Temp\XTraLaptopKeystrokes.exe
C:\Users\Administrator\AppData\Local\Temp\XTraOffice2007IntroJAWS.exe
C:\Users\Administrator\AppData\Local\Temp\XTraSkimReadingWithSummary.exe
C:\Users\Administrator\AppData\Local\Temp\XTraSmartWordReading.exe
C:\Users\Administrator\AppData\Local\Temp\XTraSpeechAndSounds.exe
C:\Users\Administrator\AppData\Local\Temp\{7014E919-2EAA-4158-AB8A-7483300316F4}.dll
C:\Users\Lynn\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpgywvep.dll
C:\Users\Lynn\AppData\Local\Temp\ExcelColumnAndRowHeaders.exe
C:\Users\Lynn\AppData\Local\Temp\FlashPlayerUpdate.exe
C:\Users\Lynn\AppData\Local\Temp\install_flashplayer11x32ax_aaa_aih.exe
C:\Users\Lynn\AppData\Local\Temp\install_flashplayer11x32ax_aaa_aih[1].exe
C:\Users\Lynn\AppData\Local\Temp\install_flashplayer11x32ax_aaa_aih_1.exe
C:\Users\Lynn\AppData\Local\Temp\install_flashplayer11x32ax_gtbd_chrd_dn_aih[1].exe
C:\Users\Lynn\AppData\Local\Temp\JAWS11BasicTraining.exe
C:\Users\Lynn\AppData\Local\Temp\JAWS11BasicTraining4.exe
C:\Users\Lynn\AppData\Local\Temp\JAWS11BasicTraining5.exe
C:\Users\Lynn\AppData\Local\Temp\JAWS11BasicTraining7.exe
C:\Users\Lynn\AppData\Local\Temp\JAWS11BasicTraining8.exe
C:\Users\Lynn\AppData\Local\Temp\JAWS12BasicTraining2.exe
C:\Users\Lynn\AppData\Local\Temp\JAWS12BasicTraining3.exe
C:\Users\Lynn\AppData\Local\Temp\JAWS12BasicTraining6.exe
C:\Users\Lynn\AppData\Local\Temp\JAWS12BasicTraining9.exe
C:\Users\Lynn\AppData\Local\Temp\lowproc.exe
C:\Users\Lynn\AppData\Local\Temp\MSNBC9A.exe
C:\Users\Lynn\AppData\Local\Temp\msvcp110.dll
C:\Users\Lynn\AppData\Local\Temp\msvcr110.dll
C:\Users\Lynn\AppData\Local\Temp\OpenBookOverview.exe
C:\Users\Lynn\AppData\Local\Temp\pc-decrapifier.exe
C:\Users\Lynn\AppData\Local\Temp\PlaceMarkers.exe
C:\Users\Lynn\AppData\Local\Temp\ResearchIt.exe
C:\Users\Lynn\AppData\Local\Temp\rnsetup0.exe
C:\Users\Lynn\AppData\Local\Temp\rnsetup1.exe
C:\Users\Lynn\AppData\Local\Temp\rnupdate0.exe
C:\Users\Lynn\AppData\Local\Temp\SettingsCenter.exe
C:\Users\Lynn\AppData\Local\Temp\setup.exe
C:\Users\Lynn\AppData\Local\Temp\sqlite3.dll
C:\Users\Lynn\AppData\Local\Temp\stubhelper.dll
C:\Users\Lynn\AppData\Local\Temp\Tandem.exe
C:\Users\Lynn\AppData\Local\Temp\TextAnalyzer.exe
C:\Users\Lynn\AppData\Local\Temp\VirtualRibbonMenus.exe
C:\Users\Lynn\AppData\Local\Temp\VoiceProfiles.exe
C:\Users\Lynn\AppData\Local\Temp\WhatIsNew12.exe
C:\Users\Lynn\AppData\Local\Temp\WordIndex.exe
C:\Users\Lynn\AppData\Local\Temp\XTraCustomLabelsWordIE.exe
C:\Users\Lynn\AppData\Local\Temp\XTraExcelFormsJAWS.exe
C:\Users\Lynn\AppData\Local\Temp\XTraLaptopKeystrokes.exe
C:\Users\Lynn\AppData\Local\Temp\XTraOffice2007IntroJAWS.exe
C:\Users\Lynn\AppData\Local\Temp\XTraSkimReadingWithSummary.exe
C:\Users\Lynn\AppData\Local\Temp\XTraSmartWordReading.exe
C:\Users\Lynn\AppData\Local\Temp\XTraSpeechAndSounds.exe
C:\Users\Lynn\AppData\Local\Temp\{0BEFE152-34B1-450C-9B38-217BFD1B1064}-30.0.1599.101_chrome_installer.exe


==================== Known DLLs (Whitelisted) ================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE Association (whitelisted) =============


==================== Restore Points =========================


==================== Memory info ===========================

Percentage of memory in use: 16%
Total physical RAM: 3824.43 MB
Available physical RAM: 3200.04 MB
Total Pagefile: 3822.57 MB
Available Pagefile: 3199.32 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:149.04 GB) (Free:30.17 GB) NTFS
Drive e: (Data) (Fixed) (Total:148.65 GB) (Free:90.89 GB) NTFS
Drive g: (UDISK 2.0) (Removable) (Total:3.84 GB) (Free:3.83 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (SYSTEM) (Fixed) (Total:0.39 GB) (Free:0.18 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 298 GB) (Disk ID: 16A6DB17)
Partition 1: (Active) - (Size=400 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=149 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=149 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 4 GB) (Disk ID: 8D9CAF44)
Partition 1: (Not Active) - (Size=4 GB) - (Type=0C)


LastRegBack: 2014-07-08 01:43

==================== End Of Log ============================
lcox
Active Member
 
Posts: 5
Joined: July 21st, 2014, 11:13 am

Re: boot critical error 0x490 please help

Unread postby Gary R » July 22nd, 2014, 7:56 am

There's no sign of any malware related cause to your problem, and that is what this forum specialises in.

Boot related issues that are not caused by malware can probably be dealt with better by a forum that specialises in those type of problems, and I may refer you to some of these if we can't resolve matters.

Before I do that however, I'd like you to try the following ...

  • Click Start
  • Type notepad.exe in the search programs and files box and click Enter.
  • A blank Notepad page should open.
    • Copy/Paste the contents of the code box below into Notepad. (don't include Code: Select all)
Code: Select all
LastRegBack: 2014-07-08 01:43

    • Save it to your USB flashdrive as fixlist.txt

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system

Boot into Recovery Environment

  • Start FRST in a similar manner to when you ran a scan earlier, but this time when it opens ....
    • Press the Fix button once and wait.
    • FRST will process fixlist.txt
    • When finished, it will produce a log fixlog.txt on your USB flashdrive.
  • Exit out of Recovery Environment and post me the log please.
  • Also see if you can boot up normally now please, and let me know how it goes.
User avatar
Gary R
Administrator
Administrator
 
Posts: 21869
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: boot critical error 0x490 please help

Unread postby lcox » July 22nd, 2014, 9:58 am

Hi
Thanks for your reply. Below is the log. The laptop is still running startup repair when it is booted up.


Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 20-07-2014
Ran by SYSTEM at 2014-07-22 14:30:59 Run:1
Running from g:\
Boot Mode: Recovery
==============================================

Content of fixlist:
*****************
LastRegBack: 2014-07-08 01:43
*****************

DEFAULT hive was successfully copied to System32\config\HiveBackup
DEFAULT hive was successfully restored from registry back up.
SAM hive was successfully copied to System32\config\HiveBackup
SAM hive was successfully restored from registry back up.
SECURITY hive was successfully copied to System32\config\HiveBackup
SECURITY hive was successfully restored from registry back up.
SOFTWARE hive was successfully copied to System32\config\HiveBackup
Could not restore SOFTWARE hive from registry back up.
C:\Windows\System32\config\SYSTEM => File not found.
C:\Windows\System32\config\RegBack\SYSTEM => File not found.

==== End of Fixlog ====
lcox
Active Member
 
Posts: 5
Joined: July 21st, 2014, 11:13 am

Re: boot critical error 0x490 please help

Unread postby Gary R » July 22nd, 2014, 11:22 am

Your return log shows that there is damage to your Software hive file, or it is missing ...

Could not restore SOFTWARE hive from registry back up.
C:\Windows\System32\config\SYSTEM => File not found.
C:\Windows\System32\config\RegBack\SYSTEM => File not found.


... without it we're not likely to be able to recover your computer. Considering your computer was already giving you warnings about damage to your Partition Manager Driver file (partmgr.sys), it would seem you have damage to at least two system files, and it would seem likely that there may be more.

I think the only real option open to us is to recover your personal files and folders if we can, and then to reformat your hard drive and re-install Windows.

There may be ways to recover your machine that I'm not aware of, and I'll be happy to recommend some forums that specialise in boot recovery problems if you'd prefer.
User avatar
Gary R
Administrator
Administrator
 
Posts: 21869
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: boot critical error 0x490 please help

Unread postby lcox » July 23rd, 2014, 11:43 am

Hi
Yes if you could help that would be great. I am a bit confused about the logs that I posted saying 32 bit as the laptop is windows 7 home premium 64 bit OS, could this be the problem?

Thanks
lcox
Active Member
 
Posts: 5
Joined: July 21st, 2014, 11:13 am

Re: boot critical error 0x490 please help

Unread postby Gary R » July 23rd, 2014, 12:59 pm

The link I gave you to FRST was to the 64 bit version, and your log shows that that's the version you're running ....

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 20-07-2014
Ran by SYSTEM on MININT-RMLBRQH on 21-07-2014 20:30:29
Running from g:\
Platform: Windows 7 Home Premium (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Recovery


Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 20-07-2014
Ran by SYSTEM at 2014-07-22 14:30:59 Run:1
Running from g:\
Boot Mode: Recovery


.... so I don't know what you mean by ....

I am a bit confused about the logs that I posted saying 32 bit as the laptop is windows 7 home premium 64 bit OS, could this be the problem?


.... there's a link to the 32 bit version of FRST in FRST.txt but that's definitely not the version that you have run.

You didn't tell me whether you want me to refer you to another forum, or whether you want help to recover your files and folders so that you can reformat. You just replied ....

Yes if you could help that would be great.


.... which doesn't really clarify things for me.

Which option to you want to take ?
User avatar
Gary R
Administrator
Administrator
 
Posts: 21869
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: boot critical error 0x490 please help

Unread postby lcox » July 25th, 2014, 10:27 am

Hi
Thanks for your reply. Sorry for being vague. Yes I would like help with recovering files and folders and reformatting laptop. I also have microsoft word and express outlook on the laptop is it possible to save these too?

Thanks
lcox
Active Member
 
Posts: 5
Joined: July 21st, 2014, 11:13 am

Re: boot critical error 0x490 please help

Unread postby Gary R » July 25th, 2014, 11:56 am

To recover your personal files and folders, please follow the instructions in ... THIS ... topic.

Do not reformat your computer (return it to factory condition) until you have a copy of your files, because they will be lost in the restore process.

I'm afraid I don't know a way to recover Word and Outlook, other than to re-install them once your computer has been restored to factory condition. Unless of course they came as default with your computer, in which case they should be present after the restore.

Almost all Toshiba laptops come with a Recovery Partition on the hard drive, to return your laptop to factory condition please follow the instructions at ... http://support.toshiba.com/support/view ... Id=2737864

If you have any questions please feel free to ask them, if I can I'll answer them.
User avatar
Gary R
Administrator
Administrator
 
Posts: 21869
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Software Support (including Windows)



Who is online

Users browsing this forum: No registered users and 10 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware