also @ TechSpot: JPR: Nvidia GPU shipments are up despite turbulent PC market

[A] Reinstall.exe/System Check removal

Discussion in 'Virus and Malware Removal' started by bradbackalsh, Mar 22, 2012.

Page 1 of 2

  1. bradbackalsh Newcomer, in training Posts: 20

    I run windows 7 64 bit.
    I was just surfing the internet when I got the reinstall.exe prompt.

    I kept clicking no and it kept popping up.

    Now I have the System Check virus.

    I am currently scanning with Comodo.

    What do to remove?
    bradbackalsh, Mar 22, 2012
    #1

  2. bradbackalsh Newcomer, in training Posts: 20

    Malwarebytes Anti-Malware (Trial) 1.60.1.1000
    www.malwarebytes.org

    Database version: v2012.03.22.04

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    Brad :: SOWELL [administrator]

    Protection: Enabled

    3/22/2012 6:12:31 PM
    mbam-log-2012-03-22 (18-12-31).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 231299
    Time elapsed: 16 minute(s), 41 second(s)

    Memory Processes Detected: 1
    C:\ProgramData\BGNKveQAbc.exe (Rogue.FakeHDD) -> 3892 -> Delete on reboot.

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 1
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|BGNKveQAbc.exe (Rogue.FakeHDD) -> Data: C:\ProgramData\BGNKveQAbc.exe -> Quarantined and deleted successfully.

    Registry Data Items Detected: 3
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyComputer (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowSearch (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.
    HKCR\regfile\shell\open\command| (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> Quarantined and repaired successfully.

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 3
    C:\ProgramData\BGNKveQAbc.exe (Rogue.FakeHDD) -> Delete on reboot.
    C:\Users\Brad\AppData\Local\Temp\MexjDILKLs8KTN.exe.tmp (Rogue.FakeHDD) -> Quarantined and deleted successfully.
    C:\Users\Brad\AppData\Local\Temp\.exe (Trojan.Agent) -> Quarantined and deleted successfully.

    (end)
    bradbackalsh, Mar 22, 2012
    #2

  3. bradbackalsh Newcomer, in training Posts: 20

    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit scan 2012-03-22 19:10:31
    Windows 6.1.7601 Service Pack 1
    Running: 9s29g9c5.exe


    ---- Files - GMER 1.0.15 ----

    File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\1072457D-BBC5-4470-8705-C64F8F91D7C3.data 907824 bytes executable
    File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\1072457D-BBC5-4470-8705-C64F8F91D7C3.data.info 202 bytes
    File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\1CDF2B92-9786-49B7-9A75-A89E204D21E4.data 352768 bytes executable
    File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\1CDF2B92-9786-49B7-9A75-A89E204D21E4.data.info 140 bytes
    File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\2A2711AF-3FCF-41C7-976D-B1E748A1D9A0.data 800768 bytes executable
    File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\2A2711AF-3FCF-41C7-976D-B1E748A1D9A0.data.info 170 bytes
    File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\31ACD07D-999A-494C-BEF2-E9C6B12934CF.data 10348 bytes
    File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\8B4B9D09-C524-4F35-9899-D0B7D52219BE.data 194848 bytes executable
    File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\8B4B9D09-C524-4F35-9899-D0B7D52219BE.data.info 146 bytes
    File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\9D48F868-3C77-4E30-B975-9D5E4F702AAD.data 194848 bytes executable
    File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\9D48F868-3C77-4E30-B975-9D5E4F702AAD.data.info 152 bytes
    File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\A816EADC-0D0E-4D13-9C8C-6B7F1115646E.data 620527 bytes executable
    File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\A816EADC-0D0E-4D13-9C8C-6B7F1115646E.data.info 134 bytes
    File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\B7EAE528-B829-426B-93DF-8A842E612871.data 40 bytes
    File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\B7EAE528-B829-426B-93DF-8A842E612871.data.info 110 bytes
    File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\BC9BEB46-A766-498D-811B-F62FAEE029E4.data 176 bytes
    File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\DC9A0719-7A90-444A-80F1-59CA2EE7BB4B.data 9982 bytes
    File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\DC9A0719-7A90-444A-80F1-59CA2EE7BB4B.data.info 214 bytes
    File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\DD5DA6F4-04DB-4BEA-B01A-8D2A8F990EA1.data 780344 bytes executable
    File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\DD5DA6F4-04DB-4BEA-B01A-8D2A8F990EA1.data.info 170 bytes
    File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\E95AE954-0F82-4DFB-B6C7-B4EC4C2A89B6.data 620527 bytes executable
    File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\E95AE954-0F82-4DFB-B6C7-B4EC4C2A89B6.data.info 144 bytes
    File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\E9C6E8A6-5C3D-488E-820F-241EE8B9960D.data 10656 bytes
    File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\CA88598C-7071-4161-9033-4F6838DD6D1C.data 176 bytes
    File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\CA88598C-7071-4161-9033-4F6838DD6D1C.data.info 112 bytes
    File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\D15F0FD1-4024-413A-B793-9FF5016E50D9.data 165735 bytes executable
    File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\D15F0FD1-4024-413A-B793-9FF5016E50D9.data.info 168 bytes
    File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\DC416627-8576-4F60-87F5-1B016CC5D0CA.data 264 bytes
    File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\DC416627-8576-4F60-87F5-1B016CC5D0CA.data.info 110 bytes
    File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\3EEC8AFC-A19B-47FB-970E-625171D7E32C.data 382976 bytes executable
    File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\3EEC8AFC-A19B-47FB-970E-625171D7E32C.data.info 212 bytes
    File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\5C58115B-B6CB-4967-BC56-65466F19C394.data 352768 bytes executable
    File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\5C58115B-B6CB-4967-BC56-65466F19C394.data.info 140 bytes
    File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\6AEFF85D-5DD9-430F-8F04-12DCBAAFDD27.data 13056 bytes
    File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\6AEFF85D-5DD9-430F-8F04-12DCBAAFDD27.data.info 134 bytes
    File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\7422ECD9-1153-4A54-97EA-4E4DCEDAF913.data 352768 bytes executable
    File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\7422ECD9-1153-4A54-97EA-4E4DCEDAF913.data.info 140 bytes
    File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\31ACD07D-999A-494C-BEF2-E9C6B12934CF.data.info 214 bytes
    File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\BC9BEB46-A766-498D-811B-F62FAEE029E4.data.info 112 bytes
    File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\E9C6E8A6-5C3D-488E-820F-241EE8B9960D.data.info 214 bytes
    File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\EC0AF0CF-A224-4D2A-870E-39B8D517F8D6.data 352768 bytes executable
    File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\EC0AF0CF-A224-4D2A-870E-39B8D517F8D6.data.info 140 bytes
    File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\EC73E0BB-A1DC-4623-89F1-44ECFAF1C0B4.data 264 bytes
    File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\EC73E0BB-A1DC-4623-89F1-44ECFAF1C0B4.data.info 110 bytes
    File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\F28E74CB-DEAC-4496-9E10-02818CED7780.data 176 bytes
    File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\F28E74CB-DEAC-4496-9E10-02818CED7780.data.info 112 bytes
    File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\Temp 0 bytes
    File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\Temp\baseupd 0 bytes

    ---- EOF - GMER 1.0.15 ----
    bradbackalsh, Mar 22, 2012
    #3

  4. Broni Malware Annihilator Posts: 39,313   +175

    Welcome aboard [IMG]

    Please, complete all steps listed here: http://www.techspot.com/vb/topic58138.html
    Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
    Attached logs won't be reviewed.

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
    Broni, Mar 22, 2012
    #4

  5. bradbackalsh Newcomer, in training Posts: 20

    I cannot see any of my files.

    My entire folder from the Users is gone.

    Other than that, everything runs fine.
    bradbackalsh, Mar 22, 2012
    #5

  6. Broni Malware Annihilator Posts: 39,313   +175

    Let's see, if we can recover your missing features.
    Download and run UnHide
    Let me know, if it worked.

    And again....

    Please, complete all steps listed here: http://www.techspot.com/vb/topic58138.html
    Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
    Attached logs won't be reviewed.
    Broni, Mar 22, 2012
    #6
     

  7. bradbackalsh Newcomer, in training Posts: 20

    Comodo says that the DDS is suspicious and possibly malware.

    Is this normal?
    bradbackalsh, Mar 23, 2012
    #7

  8. Broni Malware Annihilator Posts: 39,313   +175

    Disregard Comodo warning.
    Broni, Mar 23, 2012
    #8

  9. bradbackalsh Newcomer, in training Posts: 20

    .
    DDS (Ver_2011-08-26.01) - NTFSAMD64
    Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_29
    Run by Brad at 15:16:52 on 2012-03-23
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3563.1967 [GMT -4:00]
    .
    AV: COMODO Antivirus *Disabled/Updated* {458BB331-2324-0753-3D5F-1472EB102AC0}
    SP: Spy Emergency *Disabled/Updated* {545CA291-8AC9-FEF7-AB96-14A4BDB62AFD}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: COMODO Defense+ *Disabled/Updated* {FEEA52D5-051E-08DD-07EF-2F009097607D}
    FW: COMODO Firewall *Enabled* {7DB03214-694B-060B-1600-BD4715C36DBB}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\atiesrxx.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Program Files\IDT\WDM\STacSV64.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\atieclxx.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Windows\SysWOW64\ezSharedSvcHost.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
    C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
    C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
    C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
    C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
    C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
    C:\Program Files\NETGATE\Spy Emergency\SpyEmergencySrv.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\IDT\WDM\sttray64.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
    C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
    C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
    C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
    C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\Ask.com\Updater\Updater.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
    C:\Program Files (x86)\Philips\Wi-Fi MediaConnect\Wi-Fi MediaConnect.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
    C:\Windows\SysWOW64\rundll32.exe
    C:\Windows\SysWOW64\ctfmon.exe
    C:\Program Files (x86)\Philips\Wi-Fi MediaConnect\HTSRecover.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpConnectionManager.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
    C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe
    C:\Program Files (x86)\Internet Explorer\IELowutil.exe
    C:\Windows\system32\wuauclt.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\SysWOW64\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uInternet Settings,ProxyOverride = *.local;192.168.*.*
    uURLSearchHooks: Viral Tube Toolbar: {93c338de-5fb5-4fb5-ab4e-0eedc0bd9f3a} - C:\Program Files (x86)\Viral_Tube\prxtbVira.dll
    mURLSearchHooks: Viral Tube Toolbar: {93c338de-5fb5-4fb5-ab4e-0eedc0bd9f3a} - C:\Program Files (x86)\Viral_Tube\prxtbVira.dll
    BHO: Shop to Win: {0095c290-a428-4bdd-b98c-e0a116f1c702} - C:\Program Files (x86)\Shop to Win 9\Shop to Win 9.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Viral Tube Toolbar: {93c338de-5fb5-4fb5-ab4e-0eedc0bd9f3a} - C:\Program Files (x86)\Viral_Tube\prxtbVira.dll
    BHO: DCA BHO: {b49699fc-1665-4414-a1cb-c4a2a4a13eec} - C:\Program Files (x86)\Common Files\FreeCause\DCA\dca-bho.dll
    BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
    BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
    BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    BHO: Yontoo: {fd72061e-9fde-484d-a58a-0bab4151cad8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll
    TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
    TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
    TB: Viral Tube Toolbar: {93c338de-5fb5-4fb5-ab4e-0eedc0bd9f3a} - C:\Program Files (x86)\Viral_Tube\prxtbVira.dll
    TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
    uRun: [Google Update] "C:\Users\Brad\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    uRun: [SpyEmergency] C:\Program Files\NETGATE\Spy Emergency\SpyEmergency.exe
    mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    mRun: [HPConnectionManager] C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe
    mRun: [<NO NAME>]
    mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
    mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe
    mRun: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
    mRun: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
    mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
    mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
    mRun: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE -startup
    mRun: [COMODO] C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLA.exe
    mRun: [CPA] C:\Program Files\COMODO\COMODO GeekBuddy\VALA.exe
    mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\WI-FIM~1.LNK - C:\Program Files (x86)\Philips\Wi-Fi MediaConnect\Wi-Fi MediaConnect.exe
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-explorer: EnableShellExecuteHooks = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    mPolicies-system: HideFastUserSwitching = 0 (0x0)
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
    IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    TCP: DhcpNameServer = 192.168.1.1 71.252.0.12
    TCP: Interfaces\{18013080-1FF7-4266-80AA-13E71D79432A} : DhcpNameServer = 192.168.1.1 71.252.0.12
    TCP: Interfaces\{18013080-1FF7-4266-80AA-13E71D79432A}\1557965647758616C656D27657563747 : DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{18013080-1FF7-4266-80AA-13E71D79432A}\2375942554432383 : DhcpNameServer = 192.168.1.254
    TCP: Interfaces\{18013080-1FF7-4266-80AA-13E71D79432A}\2496760245 : DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
    TCP: Interfaces\{18013080-1FF7-4266-80AA-13E71D79432A}\461667964607C6F657274656 : DhcpNameServer = 192.168.2.1
    TCP: Interfaces\{18013080-1FF7-4266-80AA-13E71D79432A}\6524340535348616E6E656C6 : DhcpNameServer = 10.90.85.90 10.90.94.90 10.240.66.68
    TCP: Interfaces\{18013080-1FF7-4266-80AA-13E71D79432A}\851667965627D2E456B6F636F6E6 : DhcpNameServer = 192.168.2.1
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    AppInit_DLLs: C:\Windows\SysWOW64\guard32.dll
    SEH: EasyBits ShellExecute Hook: {e54729e8-bb3d-4270-9d49-7389ea579090} - C:\Windows\SysWow64\EZUPBH~1.DLL
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
    BHO-X64: Shop to Win: {0095C290-A428-4BDD-B98C-E0A116F1C702} - C:\Program Files (x86)\Shop to Win 9\Shop to Win 9.dll
    BHO-X64: Freecause Shopping BHO - No File
    BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO-X64: AcroIEHelperStub - No File
    BHO-X64: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
    BHO-X64: Increase performance and video formats for your HTML5 <video> - No File
    BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
    BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO-X64: Viral Tube Toolbar: {93c338de-5fb5-4fb5-ab4e-0eedc0bd9f3a} - C:\Program Files (x86)\Viral_Tube\prxtbVira.dll
    BHO-X64: Viral Tube - No File
    BHO-X64: DCA BHO: {B49699FC-1665-4414-A1CB-C4A2A4A13EEC} - C:\Program Files (x86)\Common Files\FreeCause\DCA\dca-bho.dll
    BHO-X64: DCA - No File
    BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
    BHO-X64: URLRedirectionBHO - No File
    BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
    BHO-X64: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
    BHO-X64: Ask Toolbar BHO - No File
    BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    BHO-X64: Yontoo: {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll
    BHO-X64: Yontoo Layers - No File
    TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
    TB-X64: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
    TB-X64: Viral Tube Toolbar: {93c338de-5fb5-4fb5-ab4e-0eedc0bd9f3a} - C:\Program Files (x86)\Viral_Tube\prxtbVira.dll
    TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
    mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    mRun-x64: [HPConnectionManager] C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe
    mRun-x64: [(Default)]
    mRun-x64: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
    mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
    mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun-x64: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe
    mRun-x64: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
    mRun-x64: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
    mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun-x64: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
    mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun-x64: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
    mRun-x64: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
    mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun-x64: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE -startup
    mRun-x64: [COMODO] C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLA.exe
    mRun-x64: [CPA] C:\Program Files\COMODO\COMODO GeekBuddy\VALA.exe
    mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    IE-X64: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
    AppInit_DLLs-X64: C:\Windows\SysWOW64\guard32.dll
    SEH-X64: EasyBits ShellExecute Hook: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWow64\EZUPBH~1.DLL
    SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Brad\AppData\Roaming\Mozilla\Firefox\Profiles\zgzt9k5d.default\
    FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
    FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
    FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
    FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
    FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\OnLive\Plugin\npolgdet.dll
    FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll
    FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: C:\Users\Brad\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
    FF - plugin: C:\Users\Brad\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: extentions.y2layers.installId - bda145ed-2def-4b21-be8d-cc2ea0f8aba2
    FF - user.js: extentions.y2layers.defaultEnableAppsList - PageRage,PageRageGlobal,PageRageTeases,Buzzdock,BuzzdockTease,PageRage,PageRageGlobal,
    FF - user.js: extensions.autoDisableScopes - 14
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 amd_sata;amd_sata;C:\Windows\system32\DRIVERS\amd_sata.sys --> C:\Windows\system32\DRIVERS\amd_sata.sys [?]
    R0 amd_xata;amd_xata;C:\Windows\system32\DRIVERS\amd_xata.sys --> C:\Windows\system32\DRIVERS\amd_xata.sys [?]
    R1 cmderd;COMODO Internet Security Eradication Driver;C:\Windows\system32\DRIVERS\cmderd.sys --> C:\Windows\system32\DRIVERS\cmderd.sys [?]
    R1 cmdGuard;COMODO Internet Security Sandbox Driver;C:\Windows\system32\DRIVERS\cmdguard.sys --> C:\Windows\system32\DRIVERS\cmdguard.sys [?]
    R1 cmdHlp;COMODO Internet Security Helper Driver;C:\Windows\system32\DRIVERS\cmdhlp.sys --> C:\Windows\system32\DRIVERS\cmdhlp.sys [?]
    R1 SpyEmrg;Spy Emergency Driver;C:\Windows\system32\Drivers\spyemrg.sys --> C:\Windows\system32\Drivers\spyemrg.sys [?]
    R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
    R3 amdiox64;AMD IO Driver;C:\Windows\system32\DRIVERS\amdiox64.sys --> C:\Windows\system32\DRIVERS\amdiox64.sys [?]
    R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
    R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
    R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]
    R3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\system32\DRIVERS\clwvd.sys --> C:\Windows\system32\DRIVERS\clwvd.sys [?]
    R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
    R3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\system32\DRIVERS\RtsPStor.sys --> C:\Windows\system32\DRIVERS\RtsPStor.sys [?]
    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
    R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\Windows\system32\DRIVERS\rtl8192Ce.sys --> C:\Windows\system32\DRIVERS\rtl8192Ce.sys [?]
    R3 SpyEmrgGuard;Spy Emergency Real-Time Shield Driver;C:\Windows\system32\Drivers\spyemrg_guard.sys --> C:\Windows\system32\Drivers\spyemrg_guard.sys [?]
    R3 WFMC_VAD;WFMCVAD (WDM);C:\Windows\system32\DRIVERS\wfmcvad.sys --> C:\Windows\system32\DRIVERS\wfmcvad.sys [?]
    S3 BTCFilterService;USB Networking Driver Filter Service;C:\Windows\system32\DRIVERS\motfilt.sys --> C:\Windows\system32\DRIVERS\motfilt.sys [?]
    S3 motccgp;Motorola USB Composite Device Driver;C:\Windows\system32\DRIVERS\motccgp.sys --> C:\Windows\system32\DRIVERS\motccgp.sys [?]
    S3 motccgpfl;MotCcgpFlService;C:\Windows\system32\DRIVERS\motccgpfl.sys --> C:\Windows\system32\DRIVERS\motccgpfl.sys [?]
    S3 Motousbnet;Motorola USB Networking Driver Service;C:\Windows\system32\DRIVERS\Motousbnet.sys --> C:\Windows\system32\DRIVERS\Motousbnet.sys [?]
    S3 motusbdevice;Motorola USB Dev Driver;C:\Windows\system32\DRIVERS\motusbdevice.sys --> C:\Windows\system32\DRIVERS\motusbdevice.sys [?]
    S3 SpyEmrgAccess;Spy Emergency OnAccess Driver;C:\Windows\system32\Drivers\spyemrg_access.sys --> C:\Windows\system32\Drivers\spyemrg_access.sys [?]
    S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
    S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
    S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
    S3 TrojanKillerDriver;GridinSoft Trojan Killer Driver;C:\Windows\system32\DRIVERS\gtkdrv.sys --> C:\Windows\system32\DRIVERS\gtkdrv.sys [?]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
    S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
    .
    =============== Created Last 30 ================
    .
    2012-03-22 23:24:17 -------- d-----w- C:\Program Files (x86)\GridinSoft Trojan Killer
    2012-03-22 22:42:51 -------- d-----w- C:\HP_TOOLS_mountHPSF
    2012-03-22 22:11:16 -------- d-----w- C:\Users\Brad\AppData\Roaming\Malwarebytes
    2012-03-22 22:11:04 -------- d-----w- C:\ProgramData\Malwarebytes
    2012-03-22 22:11:02 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2012-03-22 22:11:02 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2012-03-22 20:31:57 -------- d-----w- C:\ProgramData\CPA_VA
    2012-03-22 20:29:58 -------- d-----w- C:\VritualRoot
    2012-03-22 20:23:05 -------- d-----w- C:\ProgramData\Comodo
    2012-03-22 20:23:01 -------- d-----w- C:\Program Files\COMODO
    2012-03-22 20:22:39 -------- d-----w- C:\Program Files (x86)\Comodo
    2012-03-22 20:22:35 1700352 ----a-w- C:\Windows\SysWow64\gdiplus.dll
    2012-03-22 19:18:51 -------- d-----w- C:\Users\Brad\AppData\Roaming\Spy Emergency
    2012-03-22 19:18:47 24408 ----a-w- C:\Windows\System32\drivers\spyemrg_access.sys
    2012-03-22 19:18:47 18776 ----a-w- C:\Windows\System32\drivers\spyemrg_guard.sys
    2012-03-22 19:18:47 17240 ----a-w- C:\Windows\System32\drivers\spyemrg.sys
    2012-03-22 19:18:42 -------- d-----w- C:\ProgramData\NETGATE
    2012-03-22 19:18:41 -------- d-----w- C:\Program Files\NETGATE
    2012-03-21 01:44:42 8643640 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{78ED4704-C308-4C14-9A4C-89196AFFDCF1}\mpengine.dll
    2012-03-14 07:02:03 5559152 ----a-w- C:\Windows\System32\ntoskrnl.exe
    2012-03-14 07:02:01 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
    2012-03-14 07:02:00 3913584 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
    2012-03-13 22:29:36 3145728 ----a-w- C:\Windows\System32\win32k.sys
    2012-03-13 22:29:31 1544192 ----a-w- C:\Windows\System32\DWrite.dll
    2012-03-13 22:29:31 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
    2012-03-13 22:28:32 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
    2012-03-13 22:28:32 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
    2012-03-13 22:28:32 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
    2012-03-13 22:28:29 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
    2012-03-13 22:28:29 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
    2012-03-13 22:28:29 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
    2012-03-13 22:28:29 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
    2012-03-12 01:13:42 577824 ----a-w- C:\Windows\System32\drivers\cmdGuard.sys
    2012-03-12 01:13:42 43248 ----a-w- C:\Windows\System32\drivers\cmdhlp.sys
    2012-03-12 01:13:40 22696 ----a-w- C:\Windows\System32\drivers\cmderd.sys
    2012-03-12 01:13:22 41200 ----a-w- C:\Windows\System32\cmdcsr.dll
    2012-03-12 01:13:20 301224 ----a-w- C:\Windows\SysWow64\guard32.dll
    2012-03-12 01:13:18 389840 ----a-w- C:\Windows\System32\guard64.dll
    2012-03-07 05:32:45 737072 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
    2012-03-07 05:32:31 4283672 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
    2012-03-07 05:32:17 42776 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
    2012-03-07 05:32:09 539984 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
    2012-03-06 01:05:40 -------- d-----w- C:\Users\Brad\AppData\Local\{3EE9E587-BD5F-4322-8D42-0B6AEDE41D04}
    2012-03-04 07:37:55 -------- d-----w- C:\Program Files (x86)\fbphotozoom
    2012-03-04 05:25:38 -------- d-----w- C:\Users\Brad\AppData\Local\{1AB9B534-054C-4F44-BE00-221AD8920FB0}
    2012-03-04 04:03:14 125376 ----a-w- C:\Windows\System32\drivers\scdemu.sys
    2012-03-04 04:03:13 -------- d-----w- C:\Program Files (x86)\PowerISO
    2012-02-27 03:27:45 -------- d-----w- C:\Users\Brad\AppData\Local\{B7AFDB63-DABB-4564-85C0-A80D825726E3}
    2012-02-23 03:26:50 -------- d-----w- C:\Program Files (x86)\1ClickDownload
    .
    ==================== Find3M ====================
    .
    2012-02-23 14:18:36 279656 ------w- C:\Windows\System32\MpSigStub.exe
    2012-01-04 14:28:36 16640 ----a-w- C:\Windows\System32\drivers\gtkdrv.sys
    2012-01-04 10:44:20 509952 ----a-w- C:\Windows\System32\ntshrui.dll
    2012-01-04 08:58:41 442880 ----a-w- C:\Windows\SysWow64\ntshrui.dll
    2011-12-30 06:26:08 515584 ----a-w- C:\Windows\System32\timedate.cpl
    2011-12-30 05:27:56 478720 ----a-w- C:\Windows\SysWow64\timedate.cpl
    2011-12-28 03:59:24 498688 ----a-w- C:\Windows\System32\drivers\afd.sys
    .
    ============= FINISH: 15:20:14.53 ===============
    bradbackalsh, Mar 23, 2012
    #9

  10. bradbackalsh Newcomer, in training Posts: 20

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume1
    Install Date: 9/10/2011 7:11:11 PM
    System Uptime: 3/23/2012 2:56:59 PM (1 hours ago)
    .
    Motherboard: Hewlett-Packard | | 3568
    Processor: AMD A4-3300M APU with Radeon(tm) HD Graphics | Socket FS1 | 798/100mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 452 GiB total, 45.285 GiB free.
    D: is FIXED (NTFS) - 14 GiB total, 1.554 GiB free.
    E: is CDROM ()
    F: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    .
    ==== Installed Programs ======================
    .
    1ClickDownload
    7-Zip 9.20
    ActiveCheck component for HP Active Support Library
    Adobe Flash Player 10 ActiveX
    Adobe Reader X (10.1.1) MUI
    Adobe Shockwave Player 11.5
    Agatha Christie - Peril at End House
    AMD System Monitor
    AMD VISION Engine Control Center
    Apple Application Support
    Apple Software Update
    ArcSoft MediaImpression for Kodak
    ASIO4ALL
    Bejeweled 2 Deluxe
    Bejeweled 3
    Bing Bar
    BitTorrent
    Blackhawk Striker 2
    Blasterball 3
    Blio
    Bounce Symphony
    Build-a-lot 2
    Cake Mania
    Catalyst Control Center - Branding
    Catalyst Control Center Graphics Previews Common
    Catalyst Control Center InstallProxy
    Catalyst Control Center Localization All
    CCC Help Chinese Standard
    CCC Help Chinese Traditional
    CCC Help Czech
    CCC Help Danish
    CCC Help Dutch
    CCC Help English
    CCC Help Finnish
    CCC Help French
    CCC Help German
    CCC Help Greek
    CCC Help Hungarian
    CCC Help Italian
    CCC Help Japanese
    CCC Help Korean
    CCC Help Norwegian
    CCC Help Polish
    CCC Help Portuguese
    CCC Help Russian
    CCC Help Spanish
    CCC Help Swedish
    CCC Help Thai
    CCC Help Turkish
    Celtx (2.9.1)
    Chuzzle Deluxe
    Cisco EAP-FAST Module
    Cisco LEAP Module
    Cisco PEAP Module
    Comodo Dragon
    COMODO GeekBuddy
    CyberLink YouCam
    D3DX10
    Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
    Diner Dash 2 Restaurant Rescue
    DivX Setup
    Dora's World Adventure
    DVD Architect Studio 5.0
    Energy Star Digital Logo
    ESU for Microsoft Windows 7
    Evernote v. 4.2.2
    Facebook Video Calling 1.2.0.159
    Farm Frenzy
    FATE - The Traitor Soul
    Google Chrome
    Google Earth
    Google Update Helper
    HP Connection Manager
    HP Customer Experience Enhancements
    HP Documentation
    HP Games
    HP MovieStore
    HP On Screen Display
    HP Power Manager
    HP Quick Launch
    HP Setup
    HP Setup Manager
    HP Software Framework
    HP Support Assistant
    HPAsset component for HP Active Support Library
    IDT Audio
    Java Auto Updater
    Java(TM) 6 Update 29
    Junk Mail filter update
    jZip
    K-Lite Codec Pack 8.3.2 (Standard)
    Live 8.2.7
    Magic Desktop
    Mah Jong Medley
    Malwarebytes Anti-Malware version 1.60.1.1000
    McAfee Security Scan Plus
    Mesh Runtime
    Microsoft Office 2010
    Microsoft Office 2010 Service Pack 1 (SP1)
    Microsoft Office Access MUI (English) 2010
    Microsoft Office Access Setup Metadata MUI (English) 2010
    Microsoft Office Excel MUI (English) 2010
    Microsoft Office Groove MUI (English) 2010
    Microsoft Office InfoPath MUI (English) 2010
    Microsoft Office OneNote MUI (English) 2010
    Microsoft Office Outlook MUI (English) 2010
    Microsoft Office PowerPoint MUI (English) 2010
    Microsoft Office Professional Plus 2010
    Microsoft Office Proof (English) 2010
    Microsoft Office Proof (French) 2010
    Microsoft Office Proof (Spanish) 2010
    Microsoft Office Proofing (English) 2010
    Microsoft Office Publisher MUI (English) 2010
    Microsoft Office Shared MUI (English) 2010
    Microsoft Office Shared Setup Metadata MUI (English) 2010
    Microsoft Office Word MUI (English) 2010
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft WSE 3.0 Runtime
    MotoHelper 2.0.49 Driver
    MotoHelper MergeModules
    Mozilla Firefox 10.0.2 (x86 en-US)
    MSVCRT
    MSVCRT Redists
    MSVCRT_amd64
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    Mystery P.I. - Stolen in San Francisco
    Namco All-Stars PAC-MAN
    Native Instruments Skanner
    NewBlue VideoFX for Sony Vegas MSPPS
    OnLive
    ooVoo
    ooVoo toolbar, powered by Ask.com
    ooVoo toolbar, powered by Ask.com Updater
    Penguins!
    Plants vs. Zombies - Game of the Year
    PlayReady PC Runtime x86
    Points2Shop Points Multiplier 2012 version 2012
    Poker Superstars III
    Polar Bowler
    Polar Golfer
    PowerISO
    Psycle 1.10.0 32 bits
    QuickTime
    Realtek Ethernet Controller Driver
    Realtek PCIE Card Reader
    REALTEK Wireless LAN Driver
    Recovery Manager
    RoxioNow Player
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
    Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
    Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
    Security Update for Microsoft Office 2010 (KB2553091)
    Security Update for Microsoft Office 2010 (KB2553096)
    Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
    Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
    Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
    Security Update for Microsoft Visio Viewer 2010 (KB2597170) 32-Bit Edition
    Shop To Win
    Skype™ 5.1
    Slingo Supreme
    Sony Vocal Eraser
    Sound Forge Audio Studio 10.0
    Spotify
    Trojan Killer
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Update for Microsoft .NET Framework 4 Extended (KB2468871)
    Update for Microsoft .NET Framework 4 Extended (KB2533523)
    Update for Microsoft .NET Framework 4 Extended (KB2600217)
    Update for Microsoft Excel 2010 (KB2553439) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553065)
    Update for Microsoft Office 2010 (KB2553092)
    Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2566458)
    Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition
    Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
    Update for Microsoft Outlook 2010 (KB2553323) 32-Bit Edition
    Update for Microsoft Outlook Social Connector (KB2583935)
    Update Installer for WildTangent Games App
    VC80CRTRedist - 8.0.50727.6195
    Vegas Movie Studio HD Platinum 11.0
    Viral Tube Toolbar
    Virtual Villagers 4 - The Tree of Life
    VirtualDJ Home FREE
    Wheel of Fortune 2
    Wi-Fi MediaConnect
    WildTangent Games App (HP Games)
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Installer
    Windows Live Mail
    Windows Live Mesh
    Windows Live Mesh ActiveX Control for Remote Connections
    Windows Live Messenger
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    Zuma Deluxe
    .
    ==== Event Viewer Messages From Past Week ========
    .
    3/22/2012 6:11:10 PM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
    3/22/2012 4:25:04 PM, Error: Service Control Manager [7030] - The COMODO Internet Security Helper Service service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
    3/22/2012 3:30:25 PM, Error: Service Control Manager [7023] - The Block Level Backup Engine Service service terminated with the following error: %%-2147024891
    3/22/2012 3:13:25 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the eventlog service.
    3/22/2012 3:04:34 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
    3/22/2012 3:04:34 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
    3/22/2012 3:04:34 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    3/22/2012 3:04:34 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
    3/22/2012 3:04:34 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
    3/22/2012 3:04:33 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    3/22/2012 3:04:27 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
    3/22/2012 3:04:18 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD DfsC discache NetBIOS NetBT nsiproxy Psched rdbss SCDEmu spldr tdx vwififlt Wanarpv6 WfpLwf
    3/22/2012 3:04:17 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    3/22/2012 3:04:17 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    3/22/2012 3:04:17 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
    3/22/2012 3:04:17 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    3/22/2012 3:04:17 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    3/22/2012 3:04:17 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
    3/22/2012 3:04:17 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    3/22/2012 3:04:17 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    3/22/2012 3:04:17 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    3/22/2012 3:04:17 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    3/20/2012 5:32:20 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the hpqwmiex service.
    .
    ==== End Of File ===========================
    bradbackalsh, Mar 23, 2012
    #10

  11. Broni Malware Annihilator Posts: 39,313   +175

    You didn't say if UnHide worked for you.

    [IMG]
    Broni, Mar 23, 2012
    #11

  12. bradbackalsh Newcomer, in training Posts: 20

    Oh! Unhide worked great! All my files have been unhidden.
    bradbackalsh, Mar 23, 2012
    #12

  13. Broni Malware Annihilator Posts: 39,313   +175

    Good :)

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan.
    On completion of the scan click "Save log", save it to your desktop and post in your next reply.

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

    ===============================================================

    Download Bootkit Remover to your desktop.

    • Unzip downloaded file to your Desktop.
    • Double-click on boot_cleaner.exe to run the program (Vista/7 users,right click on boot_cleaner.exe and click Run As Administrator).
    • It will show a Black screen with some data on it.
    • Right click on the screen and click Select All.
    • Press CTRL+C
    • Open a Notepad and press CTRL+V
    • Post the output back here.
    Broni, Mar 23, 2012
    #13

  14. bradbackalsh Newcomer, in training Posts: 20

    Everytime I click on the MBR to open it, it deletes itself
    bradbackalsh, Mar 23, 2012
    #14

  15. bradbackalsh Newcomer, in training Posts: 20

    Bootkit Remover
    (c) 2009 Esage Lab
    www.esagelab.com

    Program version: 1.2.0.1
    OS Version: Microsoft Windows 7 Home Premium Edition Service Pack 1 (build 7601)
    , 64-bit

    System volume is \\.\C:
    \\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`0c800000

    Size Device Name MBR Status
    --------------------------------------------
    465 GB \\.\PhysicalDrive0 Controlled by rootkit!

    Boot code on some of your physical disks is hidden by a rootkit.
    To disinfect the master boot sector, use the following command:
    remover.exe fix <device_name>
    To inspect the boot code manually, dump the master boot sector:
    remover.exe dump <device_name> [output_file]


    Done;
    Press any key to quit...
    bradbackalsh, Mar 23, 2012
    #15

  16. Broni Malware Annihilator Posts: 39,313   +175

    Disable Comodo and try again.
    Broni, Mar 23, 2012
    #16

  17. Broni Malware Annihilator Posts: 39,313   +175

    We posted at the same time.
    Broni, Mar 23, 2012
    #17

  18. bradbackalsh Newcomer, in training Posts: 20

    Comodo has been disabled and it still deletes itself.
    bradbackalsh, Mar 23, 2012
    #18

  19. Broni Malware Annihilator Posts: 39,313   +175

    Please download and run ListParts by Farbar (for 32-bit system) to your desktop.

    Please download and run ListParts64 by Farbar (for 64-bit system) to your desktop.

    Click on Scan button.

    Scan result will open in Notepad.
    Post it in your next reply.
    Broni, Mar 23, 2012
    #19

  20. bradbackalsh Newcomer, in training Posts: 20

    ListParts by Farbar Version: 12-03-2012 03
    Ran by Brad (administrator) on 23-03-2012 at 16:31:38
    Windows 7 (X64)
    Running From: C:\Users\Brad\Desktop
    Language: 0409
    ************************************************************

    ========================= Memory info ======================

    Percentage of memory in use: 68%
    Total physical RAM: 3562.9 MB
    Available physical RAM: 1128.54 MB
    Total Pagefile: 7124 MB
    Available Pagefile: 4065.86 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.9 MB

    ======================= Partitions =========================

    1 Drive c: () (Fixed) (Total:451.54 GB) (Free:44.73 GB) NTFS ==>[System with boot components (obtained from reading drive)]
    2 Drive d: (RECOVERY) (Fixed) (Total:13.92 GB) (Free:1.55 GB) NTFS ==>[System with boot components (obtained from reading drive)]

    Disk ### Status Size Free Dyn Gpt
    -------- ------------- ------- ------- --- ---
    Disk 0 Online 465 GB 0 B

    Partitions of Disk 0:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 199 MB 1024 KB
    Partition 2 Primary 451 GB 200 MB
    Partition 3 Primary 13 GB 451 GB
    Partition 4 Primary 103 MB 465 GB

    ======================================================================================================

    Disk: 0
    Partition 1
    Type : 07
    Hidden: No
    Active: Yes

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 1 SYSTEM NTFS Partition 199 MB Healthy System (partition with boot components)

    ======================================================================================================

    Disk: 0
    Partition 2
    Type : 07
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 2 C NTFS Partition 451 GB Healthy Boot

    ======================================================================================================

    Disk: 0
    Partition 3
    Type : 07
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 3 D RECOVERY NTFS Partition 13 GB Healthy

    ======================================================================================================

    Disk: 0
    Partition 4
    Type : 0C
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 4 HP_TOOLS FAT32 Partition 103 MB Healthy

    ======================================================================================================

    ****** End Of Log ******
    bradbackalsh, Mar 23, 2012
    #20
Page 1 of 2
Topic Status:
Not open for further replies.

Add New Comment

Social Login & Guest Posting

TechSpot Members
Login here or sign up for free,
it takes about a minute.
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.