SneakyFish

Everything looks great! Thanks again DFB for all your help. I really appreciate it.

I've deleted the ComboFix shortcut. Is there another way to uninstall it? When i use run it tells me that it cannot be found. Also can I just delete JRT, SecurityCheck, and ESET or is there a particular way i need to remove it? Finally can I go ahead and delete all the log files these programs have generated?

The updates went well. Although after updating Java I got a new popup window that said something along the lines of get browser window error: 2.

I ran the OTL script you posted above again and got the following.

I attached the documents as you asked. AdwCleanerS1.txt 07182013_175422.log

All the files you asked for are attached. Thanks for everything you've done so far! I can not tell you how much I appreciate this. Extras.Txt JRT.txt OTL.Txt log.txt AdwCleanerR1.txt

Hey DFB sorry for the delayed reply. Was at work all day. Here is the log for TDSSKiller: The logs for MBAR and ComboFix are attached. mbar-log-2013-07-16 (22-23-32).txt mbar-log-2013-07-17 (06-18-08).txt system-log.txt ComboFix.txt

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 17-07-2013 Ran by SYSTEM at 2013-07-16 22:11:44 Run:1 Running from F:\ Boot Mode: Recovery ============================================== HKU\Perry\Software\Microsoft\Windows\CurrentVersion\Run\\Downloaded Installations => Value deleted successfully. HKU\Perry\Software\Microsoft\Windows\CurrentVersion\Run\\Macrovision => Value deleted successfully. HKU\Perry\Software\Microsoft\Windows\CurrentVersion\Run\\imagenDll32 => Value deleted successfully. HKU\Perry\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value deleted successfully. C:\Users\Perry\AppData\Roaming\cache.dat => Moved successfully. C:\Users\Perry\AppData\Roaming\cache.ini => Moved successfully. C:\ProgramData\nvModes.dat => Moved successfully. ==== End of Fixlog ==== DFB you are a life saver! I am able to get in and it did not white screen. What's next on the list?

I got the FBI virus last night and need some help. I've read several threads and have the frst.txt file already. Please advise on what I need to do next. Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 17-07-2013 Ran by SYSTEM on 16-07-2013 21:15:49 Running from F:\ Windows Vista Home Premium (X86) OS Language: English(US) Internet Explorer Version 9 Boot Mode: Recovery The current controlset is ControlSet001 ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and Addition.txt log. ==================== Registry (Whitelisted) ================== HKLM\...\Run: [synTPStart] - C:\Program Files\Synaptics\SynTP\SynTPStart.exe [102400 2007-09-15] (Synaptics, Inc.) HKLM\...\Run: [iAAnotif] - C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2008-12-04] (Intel Corporation) HKLM\...\Run: [Windows Defender] - C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-18] (Microsoft Corporation) HKLM\...\Run: [hpqSRMon] - [x] HKLM\...\Run: [synTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2299176 2011-10-14] (Synaptics Incorporated) HKLM\...\Run: [DpAgent] - C:\Program Files\DigitalPersona\Bin\dpagent.exe [842816 2009-09-29] (DigitalPersona, Inc.) HKLM\...\Run: [NvCplDaemon] - C:\Windows\system32\NvCpl.dll [13826664 2009-10-03] (NVIDIA Corporation) HKLM\...\Run: [Nikon Message Center 2] - C:\Program Files\Nikon\Nikon Message Center 2\NkMC2.exe [571392 2011-10-30] (Nikon Corporation) HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.) HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated) HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [444904 2012-09-20] (Adobe Systems Incorporated) HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2013-04-30] (Apple Inc.) HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-05-31] (Apple Inc.) HKU\Default\...\Run: [HPADVISOR] - C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun [ 2007-10-01] (Hewlett-Packard) HKU\Default User\...\Run: [HPADVISOR] - C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun [ 2007-10-01] (Hewlett-Packard) HKU\Perry\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [ 2008-01-18] (Microsoft Corporation) HKU\Perry\...\Run: [AdobeBridge] - [x] HKU\Perry\...\Run: [Downloaded Installations] - rundll32 "C:\Users\Perry\AppData\Local\VirtualStore\Downloaded Installations\nhoc.dll",DllRegisterServer [x] <===== ATTENTION HKU\Perry\...\Run: [Macrovision] - Regsvr32.exe C:\Users\Perry\AppData\Local\Macrovision\nzbjdmqa.dll [x] <===== ATTENTION HKU\Perry\...\Run: [imagenDll32] - rundll32.exe "C:\Users\Perry\AppData\Roaming\imagenDll32\imagenDll32.dll",LibCrypt_x86 diPadInterval [x] <===== ATTENTION HKU\Perry\...\Winlogon: [shell] explorer.exe,C:\Users\Perry\AppData\Roaming\cache.dat <==== ATTENTION Lsa: [Notification Packages] scecli DPPWDFLT ========================== Services (Whitelisted) ================= S2 ATService; C:\Program Files\Fingerprint Sensor\AtService.exe [1811704 2009-09-11] (AuthenTec, Inc.) S2 HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [94208 2008-10-09] (Hewlett-Packard) S2 MSSQL$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [43028328 2011-09-22] (Microsoft Corporation) S4 MSSQLServerADHelper100; c:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [47128 2009-07-22] (Microsoft Corporation) S2 N360; C:\Program Files\Norton Security Suite\Engine\20.3.1.22\diMaster.dll [554288 2013-03-29] (Symantec Corporation) S3 QPCapSvc; C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe [271760 2007-12-19] () S3 QPSched; C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe [112016 2007-12-19] () S2 RichVideo; C:\Program Files\CyberLink\Shared Files\RichVideo.exe [272024 2007-01-09] () S2 RoxioNow Service; C:\Program Files\Roxio\RoxioNow Player\RNowSvc.exe [400368 2011-08-02] (Rovi Corporation) S4 SQLAgent$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [370024 2011-09-22] (Microsoft Corporation) S2 WDBackup; C:\Program Files\Western Digital\WD SmartWare\WDBackupEngine.exe [1150368 2012-04-24] (Western Digital ) S2 WDDriveService; C:\Program Files\Western Digital\WD Drive Manager\WDDriveService.exe [247704 2012-04-11] (Western Digital) ==================== Drivers (Whitelisted) ==================== S1 BHDrvx86; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\BASHDefs\20130702.001\BHDrvx86.sys [1002072 2013-05-31] (Symantec Corporation) S1 ccSet_N360; C:\Windows\system32\drivers\N360\1403010.016\ccSetx86.sys [134304 2012-11-15] (Symantec Corporation) S1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [376480 2013-06-19] (Symantec Corporation) S3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [106656 2012-08-09] (Symantec Corporation) S3 HpqRemHid; C:\Windows\System32\DRIVERS\HpqRemHid.sys [7168 2007-07-11] (Hewlett-Packard Development Company, L.P.) S1 IDSVix86; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\IPSDefs\20130712.001\IDSvix86.sys [386720 2013-02-14] (Symantec Corporation) S3 LMouFilt; C:\Windows\System32\DRIVERS\LMouFilt.Sys [39064 2011-04-30] (Logitech, Inc.) S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20130715.003\NAVENG.SYS [93272 2013-06-19] (Symantec Corporation) S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20130715.003\NAVEX15.SYS [1611992 2013-06-19] (Symantec Corporation) S4 RsFx0105; C:\Windows\System32\DRIVERS\RsFx0105.sys [238696 2011-09-22] (Microsoft Corporation) S1 SRTSP; C:\Windows\System32\Drivers\N360\1403010.016\SRTSP.SYS [602712 2013-01-28] (Symantec Corporation) S1 SRTSPX; C:\Windows\system32\drivers\N360\1403010.016\SRTSPX.SYS [32344 2013-01-28] (Symantec Corporation) S0 SymDS; C:\Windows\System32\drivers\N360\1403010.016\SYMDS.SYS [367704 2013-01-21] (Symantec Corporation) S0 SymEFA; C:\Windows\System32\drivers\N360\1403010.016\SYMEFA.SYS [934488 2013-01-30] (Symantec Corporation) S3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [142496 2013-02-13] (Symantec Corporation) S1 SymIRON; C:\Windows\system32\drivers\N360\1403010.016\Ironx86.SYS [175264 2012-07-27] (Symantec Corporation) S1 SYMTDIv; C:\Windows\System32\Drivers\N360\1403010.016\SYMTDIV.SYS [350368 2012-07-22] (Symantec Corporation) S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [x] S4 eabfiltr; S3 EagleNT; \??\C:\Windows\system32\drivers\EagleNT.sys [x] S3 HTCAND32; System32\Drivers\ANDROIDUSB.sys [x] S3 IpInIp; system32\DRIVERS\ipinip.sys [x] S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x] S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x] S3 SymIM; system32\DRIVERS\SymIM.sys [x] S3 SymIMMP; system32\DRIVERS\SymIM.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-07-16 21:15 - 2013-07-16 21:15 - 00000000 ____D C:\FRST 2013-07-15 19:41 - 2013-07-16 02:14 - 00000004 _____ C:\Users\Perry\AppData\Roaming\cache.ini 2013-07-11 02:53 - 2013-05-28 17:56 - 12333568 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2013-07-11 02:53 - 2013-05-28 17:50 - 01800704 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll 2013-07-11 02:53 - 2013-05-28 17:48 - 09738752 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2013-07-11 02:53 - 2013-05-28 17:41 - 01427968 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl 2013-07-11 02:53 - 2013-05-28 17:41 - 01129472 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll 2013-07-11 02:53 - 2013-05-28 17:41 - 01104384 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2013-07-11 02:53 - 2013-05-28 17:40 - 00231936 _____ (Microsoft Corporation) C:\Windows\System32\url.dll 2013-07-11 02:53 - 2013-05-28 17:38 - 00065024 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll 2013-07-11 02:53 - 2013-05-28 17:37 - 00142848 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe 2013-07-11 02:53 - 2013-05-28 17:36 - 00420864 _____ (Microsoft Corporation) C:\Windows\System32\vbscript.dll 2013-07-11 02:53 - 2013-05-28 17:35 - 00717824 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll 2013-07-11 02:53 - 2013-05-28 17:35 - 00607744 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll 2013-07-11 02:53 - 2013-05-28 17:33 - 02382848 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2013-07-11 02:53 - 2013-05-28 17:33 - 01796096 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2013-07-11 02:53 - 2013-05-28 17:33 - 00073216 _____ (Microsoft Corporation) C:\Windows\System32\mshtmled.dll 2013-07-11 02:53 - 2013-05-28 17:29 - 00176640 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll 2013-07-11 02:14 - 2013-06-03 17:50 - 02049024 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys 2013-07-11 02:14 - 2013-05-31 20:06 - 00505344 _____ (Microsoft Corporation) C:\Windows\System32\qedit.dll 2013-07-11 02:14 - 2013-05-07 20:04 - 01548288 _____ (Microsoft Corporation) C:\Windows\System32\WMVDECOD.DLL 2013-07-11 02:14 - 2013-04-17 03:28 - 01029120 _____ (Microsoft Corporation) C:\Windows\System32\d3d10.dll 2013-07-11 02:14 - 2013-04-17 03:28 - 00219648 _____ (Microsoft Corporation) C:\Windows\System32\d3d10_1core.dll 2013-07-11 02:14 - 2013-04-17 03:28 - 00189952 _____ (Microsoft Corporation) C:\Windows\System32\d3d10core.dll 2013-07-11 02:14 - 2013-04-17 03:28 - 00160768 _____ (Microsoft Corporation) C:\Windows\System32\d3d10_1.dll 2013-07-11 02:14 - 2013-04-17 02:34 - 01172480 _____ (Microsoft Corporation) C:\Windows\System32\d3d10warp.dll 2013-07-11 02:14 - 2013-04-17 02:33 - 00486400 _____ (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll 2013-07-11 02:14 - 2013-04-17 02:14 - 00683008 _____ (Microsoft Corporation) C:\Windows\System32\d2d1.dll 2013-07-11 02:14 - 2013-04-17 02:10 - 01069056 _____ (Microsoft Corporation) C:\Windows\System32\DWrite.dll 2013-07-11 02:14 - 2013-04-17 02:10 - 00798208 _____ (Microsoft Corporation) C:\Windows\System32\FntCache.dll 2013-07-04 13:47 - 2013-07-04 13:47 - 00000000 ____D C:\Users\Perry\AppData\Roaming\imagenDll32 2013-07-03 12:33 - 2013-07-05 01:56 - 00000000 ____D C:\Users\Perry\Local Settings\Application Data\Macrovision 2013-07-03 12:33 - 2013-07-05 01:56 - 00000000 ____D C:\Users\Perry\AppData\Local\Macrovision 2013-07-01 15:17 - 2013-07-01 15:17 - 00000000 _____ C:\ProgramData\Help 2013-06-23 13:06 - 2013-06-23 13:12 - 00008796 _____ C:\Users\Perry\Documents\Subaru STI.xlsx ==================== One Month Modified Files and Folders ======= 2013-07-16 21:15 - 2013-07-16 21:15 - 00000000 ____D C:\FRST 2013-07-16 02:14 - 2013-07-15 19:41 - 00000004 _____ C:\Users\Perry\AppData\Roaming\cache.ini 2013-07-16 02:14 - 2009-06-26 14:03 - 00048175 _____ C:\ProgramData\nvModes.dat 2013-07-16 02:14 - 2009-06-26 14:03 - 00048175 _____ C:\ProgramData\nvModes.001 2013-07-16 02:14 - 2008-01-04 12:11 - 02051593 _____ C:\Windows\WindowsUpdate.log 2013-07-16 02:14 - 2008-01-04 12:11 - 00000012 _____ C:\Windows\bthservsdp.dat 2013-07-16 02:14 - 2006-11-02 04:47 - 00003168 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2013-07-16 02:14 - 2006-11-02 04:47 - 00003168 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2013-07-16 02:12 - 2010-02-02 17:46 - 00007808 _____ C:\Users\Perry\Local Settings\Application Data\d3d9caps.dat 2013-07-16 02:12 - 2010-02-02 17:46 - 00007808 _____ C:\Users\Perry\AppData\Local\d3d9caps.dat 2013-07-16 02:10 - 2010-04-02 18:40 - 00000000 ____D C:\Users\Perry\Local Settings\Application Data\CrashDumps 2013-07-16 02:10 - 2010-04-02 18:40 - 00000000 ____D C:\Users\Perry\AppData\Local\CrashDumps 2013-07-15 20:00 - 2006-11-02 02:33 - 00850018 _____ C:\Windows\System32\PerfStringBackup.INI 2013-07-15 15:55 - 2011-09-28 14:49 - 00000000 ____D C:\Program Files\Mozilla Firefox 2013-07-15 13:56 - 2009-06-26 17:46 - 00000000 ____D C:\Users\Perry\Local Settings\Application Data\Adobe 2013-07-15 13:56 - 2009-06-26 17:46 - 00000000 ____D C:\Users\Perry\AppData\Local\Adobe 2013-07-14 19:09 - 2010-07-25 08:01 - 00075264 _____ C:\Users\Perry\Documents\Books.xlsx 2013-07-14 18:43 - 2009-06-25 15:24 - 00000000 ___RD C:\Users\Perry\Desktop 2013-07-12 23:01 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\Microsoft.NET 2013-07-11 14:08 - 2006-11-02 04:47 - 03747448 _____ C:\Windows\System32\FNTCACHE.DAT 2013-07-11 14:06 - 2009-06-29 13:53 - 00000000 ____D C:\Program Files\Microsoft Silverlight 2013-07-11 03:18 - 2006-11-02 04:37 - 00000000 ____D C:\Windows\System32\XPSViewer 2013-07-11 02:57 - 2006-11-02 02:24 - 75699896 _____ (Microsoft Corporation) C:\Windows\System32\mrt.exe 2013-07-11 02:56 - 2007-11-26 23:48 - 00000000 ____D C:\ProgramData\Microsoft Help 2013-07-11 02:39 - 2006-11-02 04:37 - 00000000 ____D C:\Program Files\Windows Journal 2013-07-11 02:00 - 2007-11-26 23:08 - 00774022 _____ C:\Windows\PFRO.log 2013-07-10 13:46 - 2007-11-26 23:13 - 00000000 ____D C:\Program Files\Common Files\AOL 2013-07-10 02:10 - 2012-07-09 19:13 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe 2013-07-10 02:10 - 2011-05-13 01:46 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl 2013-07-05 01:56 - 2013-07-03 12:33 - 00000000 ____D C:\Users\Perry\Local Settings\Application Data\Macrovision 2013-07-05 01:56 - 2013-07-03 12:33 - 00000000 ____D C:\Users\Perry\AppData\Local\Macrovision 2013-07-04 13:47 - 2013-07-04 13:47 - 00000000 ____D C:\Users\Perry\AppData\Roaming\imagenDll32 2013-07-03 13:16 - 2012-04-12 07:10 - 00000020 ____H C:\ProgramData\PKP_DLet.DAT 2013-07-03 12:33 - 2009-06-25 15:37 - 00000000 ____D C:\Users\Perry\Local Settings\Application Data\VirtualStore 2013-07-03 12:33 - 2009-06-25 15:37 - 00000000 ____D C:\Users\Perry\AppData\Local\VirtualStore 2013-07-01 15:20 - 2006-11-02 03:18 - 00000000 __RHD C:\Users\Public\Desktop 2013-07-01 15:17 - 2013-07-01 15:17 - 00000000 _____ C:\ProgramData\Help 2013-07-01 15:17 - 2012-08-25 05:52 - 00000268 ___RH C:\Users\Perry\AppData\Roaming\Keyboard Layouts 2013-07-01 15:17 - 2012-08-25 05:52 - 00000020 ____H C:\ProgramData\PKP_DLeo.DAT 2013-07-01 15:17 - 2012-08-25 05:52 - 00000012 ___RH C:\ProgramData\PPD Plugins 2013-07-01 15:17 - 2012-04-12 07:10 - 00000268 ___RH C:\ProgramData\Legacy 2013-07-01 15:17 - 2009-06-25 15:30 - 00000000 ____D C:\Users\Perry\Local Settings\Application Data\Downloaded Installations 2013-07-01 15:17 - 2009-06-25 15:30 - 00000000 ____D C:\Users\Perry\AppData\Local\Downloaded Installations 2013-06-26 14:26 - 2011-12-24 14:09 - 00020992 _____ C:\Users\Perry\Documents\Firearms.xlsx 2013-06-23 13:12 - 2013-06-23 13:06 - 00008796 _____ C:\Users\Perry\Documents\Subaru STI.xlsx Files to move or delete: ==================== C:\Users\Perry\AppData\Roaming\cache.dat C:\Users\Perry\AppData\Roaming\cache.ini C:\ProgramData\nvModes.dat ==================== Known DLLs (Whitelisted) ============ ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OK HKLM\...\exefile\DefaultIcon: %1 => OK HKLM\...\exefile\open\command: "%1" %* => OK ==================== Restore Points ========================= ==================== Memory info =========================== Percentage of memory in use: 14% Total physical RAM: 4093.63 MB Available physical RAM: 3505.3 MB Total Pagefile: 3777.96 MB Available Pagefile: 3587.77 MB Total Virtual: 2047.88 MB Available Virtual: 1957.54 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:184.06 GB) (Free:34.28 GB) NTFS ==>[Drive with boot components (obtained from BCD)] Drive d: (HP_RECOVERY) (Fixed) (Total:12.29 GB) (Free:1.85 GB) NTFS ==>[system with boot components (obtained from reading drive)] Drive f: () (Removable) (Total:3.76 GB) (Free:1.93 GB) FAT32 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 233 GB) (Disk ID: 097E097E) Partition 1: (Active) - (Size=184 GB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=12 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=37 GB) - (Type=05) ======================================================== Disk: 1 (MBR Code: Windows 7 or 8) (Size: 4 GB) (Disk ID: 04DD5721) Partition 1: (Active) - (Size=4 GB) - (Type=0B) LastRegBack: 2013-07-15 20:19 ==================== End Of Log ============================