Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Had Trouble Updating Flash, Accidently downloaded Flash Extreme, Browser Ads


  • This topic is locked This topic is locked
29 replies to this topic

#1 ckoch

ckoch

  • Members
  • 60 posts
  • OFFLINE
  •  
  • Local time:11:39 PM

Posted 25 June 2013 - 06:08 PM

I ran adwcleaner and it did not fix it.  Tried an ip flush, but got a message media is unplugged when I entered the media renew. I have been here before on my computer.  So I thought I would try what I was told to do. I am on my moms computer now..  Neither worked.  I don't know what else to do.  here is her dds file.  I imagine there are many other problems then just the ads but I don't know.
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16611  BrowserJavaVersion: 10.21.2
Run by clairemarie at 18:55:13 on 2013-06-25
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.6127.3650 [GMT -4:00]
.
AV: Lavasoft Ad-Aware *Disabled/Updated* {E0D97DD4-42BA-B3F2-A5A7-22E9ACE81FC7}
AV: Microsoft Security Essentials *Enabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Lavasoft Ad-Aware *Disabled/Updated* {5BB89C30-6480-BC7C-9F17-199BD76F557A}
SP: Microsoft Security Essentials *Enabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
FW: Lavasoft Ad-Aware *Disabled* {D8E2FCF1-08D5-B2AA-8EF8-8BDC523B58BC}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe
C:\Program Files\IDT\WDM\AESTSr64.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe
c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\PDF Complete\pdfsvc.exe
C:\PROGRA~2\ReadingFanatic_6x\bar\1.bin\6xbarsvc.exe
C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
C:\Program Files (x86)\Secunia\PSI\PSIA.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Updater By SweetPacks\ExtensionUpdaterService.exe
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Secunia\PSI\sua.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\iolo\System Mechanic\SystemGuardAlerter.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\IDT\WDM\beats64.exe
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe
C:\Program Files (x86)\NETGEAR\WG111v2\WG111v2.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe
C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe
C:\Program Files (x86)\ClamWin\bin\ClamTray.exe
C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
uURLSearchHooks: <No Name>:  - LocalServer32 - <no file>
uURLSearchHooks: <No Name>: {421fb3de-4b9f-48e5-abf1-f96f8aaca70a} - C:\Program Files (x86)\ReadingFanatic_6x\bar\1.bin\6xSrcAs.dll
BHO: MSS+ Identifier: {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll
BHO: Unit: {2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3} - C:\Users\clairemarie\AppData\Local\UnitLayers\temp.dat
BHO: Search Assistant BHO: {2d948797-8fe3-4508-9b6f-4bf349a9ea34} - C:\Program Files (x86)\ReadingFanatic_6x\bar\1.bin\6xSrcAs.dll
BHO: {4153492D-4700-A76A-76A7-7A786E7484D7} - <orphaned>
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Updater By SweetPacks: {7D4F1959-3F72-49d5-8E59-F02F8AA6815D} -
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: Toolbar BHO: {f149b372-5830-4d88-b8f6-2853d12c1af5} - C:\Program Files (x86)\ReadingFanatic_6x\bar\1.bin\6xbar.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: ReadingFanatic: {b36151d1-7770-4480-87e4-f89fb54e173d} - C:\Program Files (x86)\ReadingFanatic_6x\bar\1.bin\6xbar.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
EB: TheSeaApp: {c585d593-e7f4-4852-a200-561686ee02e4} -
uRun: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
mRun: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe
mRun: [Carbonite Backup] C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe
mRun: [SSDMonitor] C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [ReadingFanatic Search Scope Monitor] "C:\PROGRA~2\ReadingFanatic_6x\bar\1.bin\6xsrchmn.exe" /m=2 /w /h
mRun: [ClamWin] "C:\Program Files (x86)\ClamWin\bin\ClamTray.exe" --logon
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
StartupFolder: C:\Users\CLAIRE~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\McAfee Security Scan Plus.lnk - C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\NETGEA~1.LNK - C:\Program Files (x86)\NETGEAR\WG111v2\WG111v2.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\Secunia PSI Tray.lnk - C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SNAPFI~1.LNK - C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
uPolicies-Explorer: NoViewOnDrive = dword:0
uPolicies-Explorer: NoDrives = dword:0
uPolicies-Explorer: DisableLocalMachineRun = dword:0
uPolicies-Explorer: DisableLocalMachineRunOnce = dword:0
uPolicies-Explorer: DisableCurrentUserRun = dword:0
uPolicies-Explorer: DisableCurrentUserRunOnce = dword:0
uPolicies-Explorer: NoDriveTypeAutoRun = dword:0
uPolicies-Explorer: NoFile = dword:0
uPolicies-Explorer: HideClock = dword:0
uPolicies-Explorer: NoDevMgrUpdate = dword:0
uPolicies-Explorer: NoDFSTab = dword:0
uPolicies-Explorer: NoWindowsUpdate = dword:0
uPolicies-Explorer: NoEncryptOnMove = dword:0
uPolicies-Explorer: NoRunasInstallPrompt = dword:0
uPolicies-Explorer: NoResolveTrack = dword:0
uPolicies-Explorer: NoStartMenuSubFolders = dword:0
uPolicies-System: NoDispAppearancePage = dword:0
uPolicies-System: NoDispSettingsPage = dword:0
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoViewOnDrive = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: DisableLocalMachineRun = dword:0
mPolicies-Explorer: DisableLocalMachineRunOnce = dword:0
mPolicies-Explorer: DisableCurrentUserRun = dword:0
mPolicies-Explorer: DisableCurrentUserRunOnce = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:0
mPolicies-Explorer: NoFile = dword:0
mPolicies-Explorer: HideClock = dword:0
mPolicies-Explorer: NoDevMgrUpdate = dword:0
mPolicies-Explorer: NoDFSTab = dword:0
mPolicies-Explorer: NoWindowsUpdate = dword:0
mPolicies-Explorer: NoEncryptOnMove = dword:0
mPolicies-Explorer: NoRunasInstallPrompt = dword:0
mPolicies-Explorer: NoResolveTrack = dword:0
mPolicies-Explorer: NoStartMenuSubFolders = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: NoDispAppearancePage = dword:0
mPolicies-System: NoDispSettingsPage = dword:0
mPolicies-Explorer: NoViewOnDrive = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: DisableLocalMachineRun = dword:0
mPolicies-Explorer: DisableLocalMachineRunOnce = dword:0
mPolicies-Explorer: DisableCurrentUserRun = dword:0
mPolicies-Explorer: DisableCurrentUserRunOnce = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:0
mPolicies-Explorer: NoFile = dword:0
mPolicies-Explorer: HideClock = dword:0
mPolicies-Explorer: NoDevMgrUpdate = dword:0
mPolicies-Explorer: NoDFSTab = dword:0
mPolicies-Explorer: NoWindowsUpdate = dword:0
mPolicies-Explorer: NoEncryptOnMove = dword:0
mPolicies-Explorer: NoRunasInstallPrompt = dword:0
mPolicies-Explorer: NoResolveTrack = dword:0
mPolicies-Explorer: NoStartMenuSubFolders = dword:0
mPolicies-System: NoDispAppearancePage = dword:0
mPolicies-System: NoDispSettingsPage = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} - hxxp://www.sibelius.com/download/software/win/ActiveXPlugin.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{B5369AD5-DF05-4D60-BCFF-381227954DA5} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{DA15962C-B205-429F-8699-67A8CC9C72E6} : DHCPNameServer = 192.168.1.1
Handler: lbxfile - {56831180-F115-11d2-B6AA-00104B2B9943} - C:\Program Files (x86)\Libronix DLS\System\FileProt.dll
Handler: lbxres - {24508F1B-9E94-40EE-9759-9AF5795ADF52} - C:\Program Files (x86)\Libronix DLS\System\ResProt.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Updater By SweetPacks: {7D4F1959-3F72-49d5-8E59-F02F8AA6815D} -
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} - <orphaned>
x64-BHO: {EF7AED5F-0C26-4820-A570-7DA8B6D93F4A} - <orphaned>
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [BeatsOSDApp] C:\Program Files\IDT\WDM\beats64.exe
x64-Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
x64-Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe /background
x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} - <orphaned>
x64-Handler: lbxfile - {56831180-F115-11d2-B6AA-00104B2B9943} - <orphaned>
x64-Handler: lbxres - {24508F1B-9E94-40EE-9759-9AF5795ADF52} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 gfibto;gfibto;C:\Windows\System32\drivers\gfibto.sys [2012-12-4 14456]
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-1-20 230320]
R0 SCMNdisP;General NDIS Protocol Driver;C:\Windows\System32\drivers\SCMNdisP.sys [2011-6-1 25312]
R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2013-2-19 45856]
R1 ElRawDisk;ElRawDisk;C:\Windows\System32\drivers\ElRawDsk.sys [2011-7-2 23464]
R1 SBRE;SBRE;C:\Windows\System32\drivers\sbredrv.sys [2012-8-31 57976]
R2 Ad-Aware Service;Ad-Aware Service;C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe [2013-6-13 1236336]
R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2011-4-19 89600]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-9-9 86072]
R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-8-5 291896]
R2 ioloSystemService;iolo System Service;C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe [2013-6-4 1072664]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2013-1-20 130008]
R2 pdfcDispatcher;PDF Document Manager;C:\Program Files (x86)\PDF Complete\pdfsvc.exe [2011-4-19 1121304]
R2 PDFsFilter;PDFsFilter;C:\Windows\System32\drivers\PDFsFilter.sys [2012-7-29 82160]
R2 ReadingFanatic_6xService;ReadingFanaticService;C:\PROGRA~2\ReadingFanatic_6x\bar\1.bin\6xbarsvc.exe [2013-1-11 42504]
R2 RoxioNow Service;RoxioNow Service;C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-9-11 399344]
R2 SBAMSvc;Ad-Aware;C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe [2012-9-20 3677000]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2013-6-12 1153368]
R2 Secunia PSI Agent;Secunia PSI Agent;C:\Program Files (x86)\Secunia\PSI\psia.exe [2013-4-18 1227800]
R2 Secunia Update Agent;Secunia Update Agent;C:\Program Files (x86)\Secunia\PSI\sua.exe [2013-4-18 659992]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-4-19 2655768]
R2 Updater By SweetPacks;Updater By SweetPacks;C:\Program Files\Updater By SweetPacks\ExtensionUpdaterService.exe [2013-6-20 188760]
R2 vToolbarUpdater15.2.0;vToolbarUpdater15.2.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe [2013-5-31 1015984]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-1-27 379360]
R3 PSI;PSI;C:\Windows\System32\drivers\psi_mf_amd64.sys [2013-4-18 18456]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-4-19 349800]
R3 RTL8187;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter Vista Driver;C:\Windows\System32\drivers\wg111v2.sys [2011-6-1 450048]
R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2011-10-1 764264]
R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2011-10-1 268648]
R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2011-10-1 25960]
R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2011-10-1 22376]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2012-7-9 104912]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-7-9 123856]
S3 gfiark;gfiark;C:\Windows\System32\drivers\gfiark.sys [2012-12-9 39504]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [2013-2-5 235216]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-6-3 59392]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-6-3 1255736]
S4 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S4 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe [2011-12-5 794272]
S4 SCM_Service;SCM_Service; [x]
.
=============== File Associations ===============
.
FileExt: .txt: txtfile=C:\Windows\SysWow64\NOTEPAD.EXE %1
FileExt: .ini: inifile=C:\Windows\SysWow64\NOTEPAD.EXE %1
FileExt: .inf: inffile=C:\Windows\SysWow64\NOTEPAD.EXE %1
.
=============== Created Last 30 ================
.
2013-06-25 18:38:58 -------- d-----w- C:\Users\clairemarie\AppData\Local\Updater26278
2013-06-25 18:38:39 -------- d-----w- C:\Program Files (x86)\Solid Savings
2013-06-25 17:37:09 9552976 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{35990C70-C3F9-4087-B844-E960365A3ECD}\mpengine.dll
2013-06-24 18:01:40 -------- d-----w- C:\Program Files (x86)\24x7Help
2013-06-24 17:39:13 -------- d-----w- C:\Program Files (x86)\PasswordBox
2013-06-24 07:36:44 9552976 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-06-21 07:38:36 964552 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{D653356A-C9C1-4204-AA6F-8231FB524BA0}\gapaengine.dll
2013-06-20 18:24:54 -------- d-----w- C:\Users\clairemarie\AppData\Local\TidyNetwork.com
2013-06-20 18:24:51 -------- d-----w- C:\Users\clairemarie\AppData\Local\UnitLayers
2013-06-20 18:24:48 -------- d-----w- C:\Program Files\Updater By SweetPacks
2013-06-20 18:24:17 33792 ----a-w- C:\Windows\System32\ImHttpComm.dll
2013-06-20 18:24:17 1447728 ----a-w- C:\Windows\System32\dmwu.exe
2013-06-20 18:24:17 -------- d-----w- C:\Windows\SysWow64\jmdp
2013-06-20 18:24:17 -------- d-----w- C:\Windows\SysWow64\ARFC
2013-06-15 20:08:50 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-15 20:08:50 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-06-13 00:56:53 -------- d-----w- C:\ProgramData\Downloaded Installations
2013-06-13 00:22:04 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2013-06-13 00:22:04 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2013-06-12 23:27:35 417 ----a-w- C:\Windows\DeleteOnReboot.bat
2013-06-11 22:48:26 1910632 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2013-06-06 01:42:39 -------- d-----w- C:\Program Files\iPod
2013-06-06 01:42:38 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-06-06 01:42:38 -------- d-----w- C:\Program Files\iTunes
2013-06-06 01:42:38 -------- d-----w- C:\Program Files (x86)\iTunes
2013-06-05 17:43:50 -------- d-----w- C:\ProgramData\McAfee Security Scan
2013-06-05 17:43:46 -------- d-----w- C:\Program Files (x86)\McAfee Security Scan
2013-06-03 17:10:02 -------- d-----w- C:\Users\clairemarie\AppData\Local\Adobe
2013-06-03 16:59:00 95648 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-06-02 23:19:04 -------- d-----w- C:\Users\clairemarie\AppData\Local\Arcadesafari
.
==================== Find3M  ====================
.
2013-06-24 17:34:33 47496 ----a-w- C:\Windows\System32\sbbd.exe
2013-06-24 17:34:33 14456 ----a-w- C:\Windows\System32\drivers\gfibto.sys
2013-06-08 12:28:46 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
2013-06-08 11:13:19 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-05-31 05:15:35 45856 ----a-w- C:\Windows\System32\drivers\avgtpx64.sys
2013-05-29 15:28:40 57584 ----a-w- C:\Windows\System32\iolobtdfg.exe
2013-05-29 15:28:30 26184 ----a-w- C:\Windows\System32\smrgdf.exe
2013-05-29 15:12:36 2155688 ----a-w- C:\Windows\System32\Incinerator64.dll
2013-05-29 15:12:34 2097472 ----a-w- C:\Windows\SysWow64\Incinerator32.dll
2013-05-17 01:25:57 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-05-17 01:25:27 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-05-17 01:25:26 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
2013-05-17 01:25:26 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2013-05-17 00:59:03 2241024 ----a-w- C:\Windows\System32\wininet.dll
2013-05-17 00:58:10 3958784 ----a-w- C:\Windows\System32\jscript9.dll
2013-05-17 00:58:08 67072 ----a-w- C:\Windows\System32\iesetup.dll
2013-05-17 00:58:08 136704 ----a-w- C:\Windows\System32\iesysprep.dll
2013-05-14 12:23:25 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe
2013-05-14 08:40:13 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-05-13 05:51:01 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2013-05-13 05:51:00 1464320 ----a-w- C:\Windows\System32\crypt32.dll
2013-05-13 05:51:00 139776 ----a-w- C:\Windows\System32\cryptnet.dll
2013-05-13 05:50:40 52224 ----a-w- C:\Windows\System32\certenc.dll
2013-05-13 04:45:55 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2013-05-13 04:45:55 1160192 ----a-w- C:\Windows\SysWow64\crypt32.dll
2013-05-13 04:45:55 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2013-05-13 03:43:55 1192448 ----a-w- C:\Windows\System32\certutil.exe
2013-05-13 03:08:10 903168 ----a-w- C:\Windows\SysWow64\certutil.exe
2013-05-13 03:08:06 43008 ----a-w- C:\Windows\SysWow64\certenc.dll
2013-05-10 05:49:27 30720 ----a-w- C:\Windows\System32\cryptdlg.dll
2013-05-10 03:20:54 24576 ----a-w- C:\Windows\SysWow64\cryptdlg.dll
2013-05-08 06:10:12 770384 ----a-w- C:\Windows\SysWow64\msvcr100.dll
2013-05-08 06:10:12 421200 ----a-w- C:\Windows\SysWow64\msvcp100.dll
2013-05-02 15:29:56 278800 ------w- C:\Windows\System32\MpSigStub.exe
2013-05-01 07:59:12 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
2013-05-01 07:59:12 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
2013-04-26 05:51:36 751104 ----a-w- C:\Windows\System32\win32spl.dll
2013-04-26 04:55:21 492544 ----a-w- C:\Windows\SysWow64\win32spl.dll
2013-04-25 23:30:32 1505280 ----a-w- C:\Windows\SysWow64\d3d11.dll
2013-04-18 13:55:50 18456 ----a-w- C:\Windows\System32\drivers\psi_mf_amd64.sys
2013-04-17 07:02:06 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll
2013-04-17 06:24:46 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll
2013-04-13 05:49:23 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49:19 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49:19 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49:19 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45:16 474624 ----a-w- C:\Windows\apppatch\AcSpecfc.dll
2013-04-13 04:45:15 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll
2013-04-12 14:45:08 1656680 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2013-04-11 15:06:54 39504 ----a-w- C:\Windows\System32\drivers\gfiark.sys
2013-04-10 06:01:54 265064 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys
2013-04-10 06:01:53 983400 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
2013-04-10 03:30:50 3153920 ----a-w- C:\Windows\System32\win32k.sys
2013-04-07 02:42:56 49872 ----a-w- C:\Windows\System32\drivers\qpfbvyfw.sys
2013-04-04 18:50:32 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2013-03-31 22:52:16 1887232 ----a-w- C:\Windows\System32\d3d11.dll
2004-07-30 13:56:22 90112 ----a-w- C:\Program Files (x86)\Common Files\PCSBclean.exe
2004-07-26 19:30:14 291840 ----a-w- C:\Program Files (x86)\Common Files\PCSBoff.exe
.
============= FINISH: 18:55:44.06 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 5/31/2011 3:54:56 PM
System Uptime: 6/25/2013 6:09:47 PM (0 hours ago)
.
Motherboard: PEGATRON CORPORATION | | 2AB6
Processor: Intel® Core™ i5-2300 CPU @ 2.80GHz | CPU 1 | 2801/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 918 GiB total, 762.064 GiB free.
D: is FIXED (NTFS) - 13 GiB total, 1.588 GiB free.
E: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP405: 6/25/2013 - Scheduled Checkpoint
RP406: 6/25/2013 1:36:49 PM - Windows Update
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
7-zip v9.20
Ad-Aware Antivirus
Adobe AIR
Adobe Flash Player 11 ActiveX
Agatha Christie - Peril at End House
Amanda Rose: The Game of Time
Amazing Adventures: The Forgotten Dynasty
Amazon Kindle
Ancient Secrets: Mystery of the Vanishing Bride
Antique Road Trip
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Batch Update
Bejeweled 2 Deluxe
Bible Data Type System Files
Bicycle Go Fish
Blackhawk Striker 2
Blasterball 3
Blio
Bonjour
Bounce Symphony
Build-a-lot 2
Cake Mania
Canon Inkjet Printer Driver Add-On Module V2.00
Carbonite
CCleaner
Chronicles of Albian
Chuzzle Deluxe
ClamWin Free Antivirus 0.97.8
Clause Visualizer
Common System Files
Coupon Printer for Windows
CyberLink DVD Suite Deluxe
D3DX10
Defraggler
Detective Agency: The Banker's Wife
Diner Dash 2 Restaurant Rescue
Dora's World Adventure
Downloader
Dream Chronicles: The Book of Water Collector's Edition
Dream Mysteries - Case of the Red Fox
DVD Menu Pack for HP MediaSmart Video
Echoes Of Sorrow
Empress of the Deep II : Song of the Blue Whale
Escape - Special Edition Bundle
Escape Rosecliff Island
Escape The Emerald Star
Farm Frenzy
FATE
FBI Paranormal Case: Extended Edition
Final Drive Nitro
G.H.O.S.T. Hunters The Haunting of Majesty Manor
Glary Utilities 2.48.0.1568
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
Graphical Query Editor
Guardians of Magic: Amanda's Awakening
Heroes of Hellas 2 - Olympia
House, MD
HP Auto
HP Client Services
HP Customer Experience Enhancements
HP Games
HP MediaSmart DVD
HP MediaSmart Music
HP MediaSmart Photo
HP MediaSmart SmartMenu
HP MediaSmart Video
HP MediaSmart/TouchSmart Netflix
HP MovieStore
HP Setup
HP Setup Manager
HP Update
HP Vision Hardware Diagnostics
Hulu Desktop
I SPY Mystery
I SPY Treasure Hunt
iCloud
IDT Audio
ImgBurn
Insider Tales: The Stolen Venus 2
Intel® Management Engine Components
iolo technologies' System Mechanic
iTunes
Java Auto Updater
Jewel Match 3
Jewel Quest Mysteries: The Seventh Gate Collector's Edition
Jewel Quest Solitaire 2
Junk Mail filter update
Kobo
LabelPrint
Libronix Digital Library System
Libronix DLS Application
Libronix DLS Shortcuts
Libronix Update
LightScribe System Software
LLS Resource Driver
Logos 5 Prerequisites
Logos Bible Software 5
Malwarebytes Anti-Malware version 1.75.0.1300
Marooned 2: The Secrets of the Akoni
McAfee Security Scan Plus
Medieval II Total War
Microsoft .NET Framework 4.5
Microsoft Application Error Reporting
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office 2010
Microsoft Office Click-to-Run 2010
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2007
Microsoft Office Office 64-bit Components 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared 64-bit MUI (English) 2007
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Starter 2010 - English
Microsoft Office Word MUI (English) 2007
Microsoft PowerPoint Viewer
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Microsoft WSE 3.0 Runtime
Millionaire Manor: The Hidden Object Show 3
Movie Theme Pack for HP MediaSmart Video
Mozilla Maintenance Service
Mozilla Thunderbird 17.0.6 (x86 en-US)
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB2721691)
MSXML 4.0 SP3 Parser (KB2758694)
Murder Island: Secret of Tantalus
Mystery of Shark Island
Mystery P.I. - The London Caper
Nancy Drew: Secrets Can Kill Remastered
NETGEAR WG111v2 wireless USB 2.0 adapter
Nightmare on the Pacific
NVIDIA 3D Vision Controller Driver 285.62
NVIDIA Control Panel 296.28
NVIDIA Graphics Driver 296.28
NVIDIA HD Audio Driver 1.2.24.0
NVIDIA Install Application
NVIDIA PhysX
NVIDIA PhysX System Software 9.11.0621
NVIDIA Update 1.7.12
NVIDIA Update Components
OEB Resource Driver
Pc Study Bible-'INTERNATB00666' version 5.2
PC Tools Registry Mechanic 11.1
PDF Complete Special Edition
PDF Resource Driver
Penguins!
PhotoNow!
PictureMover
Plants vs. Zombies
PlayReady PC Runtime amd64
PlayReady PC Runtime x86
Polar Bowler
Polar Golfer
Power2Go
PowerDirector
PressReader
Private Eye
QuickTime
ReadingFanatic Toolbar
Recovery Manager
Rhianna Ford and the Da Vinci Letter
RoxioNow Player
Savings Bond Wizard
Secret Diaries: Florence Ashford
Secunia PSI (3.0.0.7009)
Security Update for Microsoft .NET Framework 4.5 (KB2729460)
Security Update for Microsoft .NET Framework 4.5 (KB2737083)
Security Update for Microsoft .NET Framework 4.5 (KB2742613)
Security Update for Microsoft .NET Framework 4.5 (KB2789648)
Security Update for Microsoft .NET Framework 4.5 (KB2804582)
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition
Sentence Diagramming
Sibelius Scorch (ActiveX Only)
Slingo Mystery 2: The Golden Escape
Solid Savings
Speccy
Spybot - Search & Destroy
Steam
Stronghold 2
Syncios version 2.0.2
TaxACT 2011 - 1040 Edition
TaxACT 2012 - 1040 Edition
The Secret Legacy: A Kate Brooks Adventure
The Secret of Hildegards
The Tale of the Lost Bride and a Hidden Treasure
TidyNetwork.com
Torch
Total War: SHOGUN 2
Unit Layers
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4.5 (KB2750147)
Update for Microsoft .NET Framework 4.5 (KB2805221)
Update for Microsoft .NET Framework 4.5 (KB2805226)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update Installer for WildTangent Games App
Vacation Quest - The Hawaiian Islands
Victorian Mysteries: Woman in White
Virtual Families
Virtual Villagers 4 - The Tree of Life
Wheel of Fortune 2
WildTangent Games
WildTangent Games App
WildTangent Games App (HP Games)
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WORDsearch Basic
Z 39.50 Library
Zinio Reader 4
Zoom Downloader
Zuma Deluxe
.
==== Event Viewer Messages From Past Week ========
.
6/25/2013 6:12:36 PM, Error: Service Control Manager [7038] - The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error: Logon failure: the specified account password has expired. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
6/25/2013 6:12:36 PM, Error: Service Control Manager [7000] - The NVIDIA Update Service Daemon service failed to start due to the following error: The service did not start due to a logon failure.
6/25/2013 6:11:04 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error: An instance of the service is already running.
6/25/2013 6:10:34 PM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
6/25/2013 6:10:34 PM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-2147218173.
6/25/2013 6:09:50 PM, Error: volmgr [46] - Crash dump initialization failed!
6/24/2013 2:50:04 AM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
6/24/2013 1:57:47 PM, Error: Service Control Manager [7034] - The vToolbarUpdater15.2.0 service terminated unexpectedly. It has done this 1 time(s).
6/23/2013 12:00:24 PM, Error: Service Control Manager [7034] - The WebCake Desktop Updater service terminated unexpectedly. It has done this 1 time(s).
6/23/2013 12:00:12 PM, Error: Service Control Manager [7034] - The ReadingFanaticService service terminated unexpectedly. It has done this 1 time(s).
6/18/2013 2:17:04 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.151.2378.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9506.0 Error code: 0x80240022 Error description: The program can't check for definition updates.
6/18/2013 2:17:04 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.151.2378.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9506.0 Error code: 0x80240022 Error description: The program can't check for definition updates.
.
==== End Of File ===========================

Attached Files


Edited by Oh My, 29 June 2013 - 09:03 PM.
Posted Attach log


BC AdBot (Login to Remove)

 


#2 ckoch

ckoch
  • Topic Starter

  • Members
  • 60 posts
  • OFFLINE
  •  
  • Local time:11:39 PM

Posted 25 June 2013 - 06:11 PM

sorry I wrote media renew instead of ip renew



#3 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 17,403 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:39 PM

Posted 29 June 2013 - 09:11 PM

Greetings ckoch and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. Please consider and complete the following for me.

===================================================


Spybot S&D and Ad-aware No Longer Recommended

--------------------

MVPS.org is no longer recommending Spybot S&D or Ad-aware due to poor testing results. (scroll down on the web site and read under Freeware Antispyware Products)

Further, most people don't understand Spybot's TeaTimer or how to use it and that feature can cause more problems than it's worth. TeaTimer monitors changes to certain critical keys in Windows registry but does not indicate if the change is normal or a modification made by a malware infection. The user must have an understanding of the registry and how TeaTimer works in order to make informed decisions to allow or deny the detected changes. Additionally, TeaTimer may conflict with other security tools which do a much better job of protecting your computer and even prevent disinfection of malware by those tools.

I strongly recommend uninstalling Spybot Search & Destroy and Ad-Aware. The presence of this program can make cleaning your computer more difficult.

Please go to Start > Control Panel > Add/Remove Programs (or Programs and Features) and delete these two programs.

Please Reboot your computer prior to the next step

===================================================

AdwCleaner by Xplode - Delete Adware

-------------------
  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browser
  • Double click on AdwCleaner.exe, select OK, then Run
  • Click on Delete
  • Confirm each time with OK
  • Your computer will be rebooted automatically. A text file will open after the restart
  • Copy and paste the contents in your reply
  • You can find the logfile at C:\AdwCleaner[S1].txt
===================================================

Junkware Removal Tool by thisisu

-------------------
  • Please download Junkware Removal Tool and save it to your desktop.
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Right-mouse click JRT.exe and select Run as administrator (Windows XP double click the icon)
  • Please allow the program time to run
  • Once completed a Notepad document will open on your desktop
  • Copy and paste the contents in your reply
===================================================

Run Combofix in Vista/7

--------------------

Combofix is a very powerful tool and special attention must be taken to allow it to work properly. Please pay careful attention to the following instructions.

sUBs, the author of Combofix, recommends you to uninstall AVG or CA Internet Security before running the program. If you have either of these programs on your computer please uninstall them using AppRemover which can be downloaded here. We will be sure to reinstall the Antivirus program once we are finished using Combofix.
  • Please download ComboFix from one of these locations:

BleepingComputer
ForoSpyware

  • Save Combofix.exe to your Desktop <-- Important!!!
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts. It is important you do not mouseclick while the program is running or it may stall.
Note #1: Often times it may appear as if ComboFix has stopped working. To verify it is still running please do one of the following below. If, based on the below, you have concluded ComboFix has stopped running please stop and advise me.
  • Check your computer clock. If it is still running then so is ComboFix
  • Open Task Manager and select the Applications Tab. If the status of AutoScan is Running, then ComboFix is running
  • Open Task Manager and select the Processes Tab. Under Image Name look for files ending in .3xe. If there are fluctuating numbers under CPU and Mem Usage then ComboFix is running
Note #2: If you receive the following error "Illegal operation attempted on a registery key that has been marked for deletion" please just restart your computer to resolve this issue

If Combofix fails to run properly using the above instructions please attempt the following:
  • Right click on the Combofix icon on your desktop and select Delete
  • Download a new copy but rename it to freshcopy.exe first, then save it to your desktop
  • Now download RKill.exe (or RKill renamed as iExplore.exe if the first one doesn't work properly) and save it to your desktop
  • Restart your computer in Safe Mode
  • Right click on RKill (or iExplore) and select Run as Administrator. If you are using Windows XP simply double click the icon
  • A black DOS screen should flash and disappear. If not, try to launch the program with the second file. If neither works please stop and let me know
  • When RKill is finished running you will be presented with a text file and a copy will be saved on your desktop. Copy and paste the contents of this report in your reply
  • Do not reboot your computer
  • Double click the freshcopy.exe icon (renamed Combofix file)
  • When finished, it will produce a log. Please copy and paste the C:\Combofix.txt log information in your next reply
  • If you disabled your antivirus please enable it again. If you uninstalled it please wait for instructions to reinstall it
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • AdwCleaner log
  • Junkware log
  • Combofix log
  • How is your computer running

Regards,
Gary

If I do not respond to you within 24 hours of your post please send me a Personal Message .


"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#4 ckoch

ckoch
  • Topic Starter

  • Members
  • 60 posts
  • OFFLINE
  •  
  • Local time:11:39 PM

Posted 30 June 2013 - 04:28 PM

This is my ADW cleaner file

# AdwCleaner v2.303 - Logfile created 06/30/2013 at 17:21:11
# Updated 08/06/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : clairemarie - CLAIREMARIE-HP
# Boot Mode : Normal
# Running from : C:\Users\clairemarie\Downloads\adwcleaner (2).exe
# Option [Delete]

***** [Services] *****

***** [Files / Folders] *****

Deleted on reboot : C:\Program Files (x86)\Common Files\AVG Secure Search
Deleted on reboot : C:\Program Files\Updater By SweetPacks
Folder Deleted : C:\Users\clairemarie\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjoijdanhaiflhibkljeklcghcmmfffh
Folder Deleted : C:\Users\clairemarie\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj

***** [Registry] *****

Key Deleted : HKCU\Software\WNLT

***** [Internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16611

[OK] Registry is clean.

-\\ Google Chrome v27.0.1453.116

File : C:\Users\clairemarie\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [13764 octets] - [25/06/2013 17:58:36]
AdwCleaner[R2].txt - [1414 octets] - [30/06/2013 15:53:16]
AdwCleaner[R3].txt - [1410 octets] - [30/06/2013 17:20:22]
AdwCleaner[S1].txt - [13945 octets] - [25/06/2013 17:59:49]
AdwCleaner[S2].txt - [1357 octets] - [30/06/2013 17:21:11]

########## EOF - C:\AdwCleaner[S2].txt - [1417 octets] ##########



#5 ckoch

ckoch
  • Topic Starter

  • Members
  • 60 posts
  • OFFLINE
  •  
  • Local time:11:39 PM

Posted 30 June 2013 - 04:45 PM

This is my Junk Removal Tool

unkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Windows 7 Home Premium x64
Ran by clairemarie on Sun 06/30/2013 at 17:34:47.38
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

Successfully stopped: [Service] ReadingFanatic_6xService
Successfully deleted: [Service] ReadingFanatic_6xService
Successfully stopped: [Service] updater by sweetpacks
Successfully deleted: [Service] updater by sweetpacks

 

~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\readingfanatic search scope monitor

 

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\yt.ytnavassistplugin
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\yt.ytnavassistplugin.1
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\sweetim
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\theseaapp
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\torch
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\torch
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{3E9391A4-1599-4380-A46B-7ABACC3480E4}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{C7C4FB1D-B94F-4ECA-B6D3-C860F43F35EF}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{cca2e567-1987-4100-a3c6-5b4267084510}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3}

 

~~~ Files

Successfully deleted: [File] C:\Windows\syswow64\sho1749.tmp
Successfully deleted: [File] "C:\Windows\couponprinter.ocx"

 

~~~ Folders

Successfully deleted: [Folder] "C:\Users\clairemarie\appdata\local\blekkotb_031"
Successfully deleted: [Folder] "C:\Users\clairemarie\appdata\local\torch"
Successfully deleted: [Folder] "C:\Users\clairemarie\appdata\locallow\readingfanatic_6x"
Successfully deleted: [Folder] "C:\Program Files (x86)\24x7help"
Successfully deleted: [Folder] "C:\Program Files (x86)\coupons"
Successfully deleted: [Folder] "C:\Program Files (x86)\epicplay"
Successfully deleted: [Folder] "C:\Program Files (x86)\readingfanatic_6x"
Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"
Successfully deleted: [Empty Folder] C:\Users\clairemarie\appdata\local\{260191CB-B93E-49DF-B620-1C39AD52A39D}
Successfully deleted: [Empty Folder] C:\Users\clairemarie\appdata\local\{91E8E3B2-B3F3-44E0-9030-E1AA2EC14EB3}
Successfully deleted: [Empty Folder] C:\Users\clairemarie\appdata\local\{CAD56536-7F11-4B01-82AB-6C04F3636B3A}

 

~~~ Chrome

Successfully deleted: [Folder] C:\Users\clairemarie\appdata\local\Google\Chrome\User Data\Default\Extensions\kiplfnciaokpcennlkldkdaeaaomamof
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\kiplfnciaokpcennlkldkdaeaaomamof

 

~~~ Event Viewer Logs were cleared

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 06/30/2013 at 17:37:30.65
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



#6 ckoch

ckoch
  • Topic Starter

  • Members
  • 60 posts
  • OFFLINE
  •  
  • Local time:11:39 PM

Posted 30 June 2013 - 05:11 PM

This my Combofix Report
ComboFix 13-06-30.01 - clairemarie 06/30/2013 17:57:02.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6127.4414 [GMT -4:00]
Running from: c:\users\clairemarie\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\prefs.js
c:\program files (x86)\TotalRecipeSearch_14
c:\program files (x86)\TotalRecipeSearch_14\bar\1.bin\14impipe.exe
c:\program files (x86)\TotalRecipeSearch_14\bar\1.bin\CHROME.MANIFEST
c:\program files (x86)\TotalRecipeSearch_14\bar\1.bin\chrome\14ffxtbr.jar
c:\program files (x86)\TotalRecipeSearch_14\bar\1.bin\INSTALL.RDF
c:\program files (x86)\TotalRecipeSearch_14\bar\1.bin\installKeys.js
c:\program files (x86)\TotalRecipeSearch_14\bar\1.bin\LOGO.BMP
c:\program files (x86)\TotalRecipeSearch_14\bar\gen1\COMMON.T8S
c:\program files (x86)\TotalRecipeSearch_14\bar\IE9Mesg\COMMON.T8S
c:\program files (x86)\TotalRecipeSearch_14\bar\Message\COMMON.T8S
c:\program files (x86)\TotalRecipeSearch_14\bar\Settings\s_pid.dat
C:\Thumbs.db
c:\users\clairemarie\AppData\Local\UnitLayers\teMP.dat
c:\windows\wininit.ini
.
.
((((((((((((((((((((((((( Files Created from 2013-05-28 to 2013-06-30 )))))))))))))))))))))))))))))))
.
.
2013-06-30 22:03 . 2013-06-30 22:03 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2013-06-30 22:03 . 2013-06-30 22:03 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-06-30 21:34 . 2013-06-30 21:34 -------- d-----w- c:\windows\ERUNT
2013-06-30 21:34 . 2013-06-30 21:34 -------- d-----w- C:\JRT
2013-06-30 19:11 . 2013-06-30 19:11 -------- d-----w- c:\programdata\TorchCrashHandler
2013-06-30 06:11 . 2013-06-30 06:11 76232 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{20FCA5DF-1A8A-4BED-9363-07E0821415B1}\offreg.dll
2013-06-30 06:11 . 2013-06-12 03:08 9552976 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{20FCA5DF-1A8A-4BED-9363-07E0821415B1}\mpengine.dll
2013-06-29 22:49 . 2013-06-12 03:08 9552976 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-06-25 23:19 . 2013-06-30 19:59 -------- d-----w- c:\program files (x86)\Mozilla Thunderbird
2013-06-25 18:38 . 2013-06-30 17:21 -------- d-----w- c:\users\clairemarie\AppData\Local\Updater26278
2013-06-25 18:38 . 2013-06-30 17:21 -------- d-----w- c:\program files (x86)\Solid Savings
2013-06-24 17:39 . 2013-06-24 18:19 -------- d-----w- c:\program files (x86)\PasswordBox
2013-06-21 07:38 . 2013-06-21 07:38 964552 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D653356A-C9C1-4204-AA6F-8231FB524BA0}\gapaengine.dll
2013-06-20 18:24 . 2013-06-30 17:21 -------- d-----w- c:\users\clairemarie\AppData\Local\TidyNetwork.com
2013-06-20 18:24 . 2013-06-30 22:02 -------- d-----w- c:\users\clairemarie\AppData\Local\UnitLayers
2013-06-20 18:24 . 2013-06-25 22:00 -------- d-----w- c:\program files\Updater By SweetPacks
2013-06-20 18:24 . 2013-06-20 18:24 -------- d-----w- c:\windows\SysWow64\jmdp
2013-06-20 18:24 . 2013-06-20 18:24 -------- d-----w- c:\windows\SysWow64\ARFC
2013-06-20 18:24 . 2013-05-27 08:58 1447728 ----a-w- c:\windows\system32\dmwu.exe
2013-06-20 18:24 . 2013-05-27 08:57 33792 ----a-w- c:\windows\system32\ImHttpComm.dll
2013-06-15 20:08 . 2013-06-24 19:31 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-15 20:08 . 2013-06-24 19:31 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-06-13 00:56 . 2013-06-24 17:36 -------- d-----w- c:\programdata\Downloaded Installations
2013-06-13 00:22 . 2013-06-30 19:16 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2013-06-13 00:22 . 2013-06-30 19:16 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2013-06-12 23:27 . 2013-06-30 21:21 592 ----a-w- c:\windows\DeleteOnReboot.bat
2013-06-11 22:48 . 2013-05-08 06:39 1910632 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-06-06 01:42 . 2013-06-06 01:42 -------- d-----w- c:\program files\iPod
2013-06-06 01:42 . 2013-06-06 01:42 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-06-06 01:42 . 2013-06-06 01:42 -------- d-----w- c:\program files\iTunes
2013-06-06 01:42 . 2013-06-06 01:42 -------- d-----w- c:\program files (x86)\iTunes
2013-06-03 17:10 . 2013-06-24 19:31 -------- d-----w- c:\users\clairemarie\AppData\Local\Adobe
2013-06-03 16:59 . 2013-06-03 16:59 -------- d-----w- c:\program files (x86)\Common Files\Java
2013-06-03 16:59 . 2013-04-04 09:35 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-06-02 23:19 . 2013-06-03 16:44 -------- d-----w- c:\users\clairemarie\AppData\Local\Arcadesafari
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-24 17:34 . 2012-12-04 16:10 14456 ----a-w- c:\windows\system32\drivers\gfibto.sys
2013-06-12 07:02 . 2011-06-04 18:37 75825640 ----a-w- c:\windows\system32\MRT.exe
2013-05-31 05:15 . 2013-02-20 00:52 45856 ----a-w- c:\windows\system32\drivers\avgtpx64.sys
2013-05-29 15:28 . 2011-07-02 23:12 57584 ----a-w- c:\windows\system32\iolobtdfg.exe
2013-05-29 15:28 . 2011-07-02 23:12 26184 ----a-w- c:\windows\system32\smrgdf.exe
2013-05-29 15:12 . 2012-04-24 14:15 2155688 ----a-w- c:\windows\system32\Incinerator64.dll
2013-05-29 15:12 . 2011-07-02 23:12 2097472 ----a-w- c:\windows\SysWow64\Incinerator32.dll
2013-05-21 07:47 . 2013-03-12 06:57 964552 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2013-05-18 02:43 . 2010-06-24 18:33 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-05-08 06:10 . 2011-06-11 06:58 770384 ----a-w- c:\windows\SysWow64\msvcr100.dll
2013-05-08 06:10 . 2011-06-11 06:58 421200 ----a-w- c:\windows\SysWow64\msvcp100.dll
2013-05-02 15:29 . 2012-08-30 00:25 278800 ------w- c:\windows\system32\MpSigStub.exe
2013-05-01 07:59 . 2013-05-01 07:59 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2013-05-01 07:59 . 2013-05-01 07:59 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
2013-04-18 13:55 . 2013-04-18 13:55 18456 ----a-w- c:\windows\system32\drivers\psi_mf_amd64.sys
2013-04-13 05:49 . 2013-05-15 08:11 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49 . 2013-05-15 08:11 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49 . 2013-05-15 08:11 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49 . 2013-05-15 08:11 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45 . 2013-05-15 08:11 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-05-15 08:11 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-04-12 14:45 . 2013-04-24 06:49 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-04-11 15:06 . 2012-12-09 17:00 39504 ----a-w- c:\windows\system32\drivers\gfiark.sys
2013-04-10 06:01 . 2013-05-15 08:11 265064 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2013-04-10 06:01 . 2013-05-15 08:11 983400 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2013-04-10 03:30 . 2013-05-15 08:11 3153920 ----a-w- c:\windows\system32\win32k.sys
2013-04-07 02:42 . 2013-04-07 02:42 49872 ----a-w- c:\windows\system32\drivers\qpfbvyfw.sys
2013-04-04 18:50 . 2012-07-03 17:47 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2004-07-30 13:56 . 2013-04-20 18:01 90112 ----a-w- c:\program files (x86)\Common Files\PCSBclean.exe
2004-07-26 19:30 . 2013-04-20 18:01 291840 ----a-w- c:\program files (x86)\Common Files\PCSBoff.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green]
@="{95A27763-F62A-4114-9072-E81D87DE3B68}"
[HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]
2012-08-29 18:51 1014344 ----a-r- c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]
@="{E300CD91-100F-4E67-9AF3-1384A6124015}"
[HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]
2012-08-29 18:51 1014344 ----a-r- c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow]
@="{5E529433-B50E-4bef-A63B-16A6B71B071A}"
[HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]
2012-08-29 18:51 1014344 ----a-r- c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2013-05-03 1635752]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"PDF Complete"="c:\program files (x86)\PDF Complete\pdfsty.exe" [2010-10-22 895512]
"Carbonite Backup"="c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe" [2012-08-29 1061960]
"SSDMonitor"="c:\program files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe" [2012-08-21 105120]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]
"ClamWin"="c:\program files (x86)\ClamWin\bin\ClamTray.exe" [2013-04-27 86016]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-10-28 49208]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-05-01 421888]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-05-31 152392]
.
c:\users\clairemarie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2009-2-26 97680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
NETGEAR WG111v2 Smart Wizard.lnk - c:\program files (x86)\NETGEAR\WG111v2\WG111v2.exe [2011-6-1 1268192]
Secunia PSI Tray.lnk - c:\program files (x86)\Secunia\PSI\psi_tray.exe [2013-4-18 563224]
Snapfish PictureMover.lnk - c:\program files (x86)\PictureMover\Bin\PictureMover.exe -det [2010-9-28 1040952]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoDevMgrUpdate"= 0 (0x0)
"NoDFSTab"= 0 (0x0)
"NoEncryptOnMove"= 0 (0x0)
"NoResolveTrack"= 0 (0x0)
"NoStartMenuSubFolders"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDevMgrUpdate"= 0 (0x0)
"NoDFSTab"= 0 (0x0)
"NoEncryptOnMove"= 0 (0x0)
"NoResolveTrack"= 0 (0x0)
"NoStartMenuSubFolders"= 0 (0x0)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"DisableLocalMachineRun"= 0 (0x0)
"DisableLocalMachineRunOnce"= 0 (0x0)
"DisableCurrentUserRun"= 0 (0x0)
"DisableCurrentUserRunOnce"= 0 (0x0)
"NoFile"= 0 (0x0)
"HideClock"= 0 (0x0)
"NoDevMgrUpdate"= 0 (0x0)
"NoDFSTab"= 0 (0x0)
"NoEncryptOnMove"= 0 (0x0)
"NoResolveTrack"= 0 (0x0)
"NoStartMenuSubFolders"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ioloSystemService]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys;c:\windows\SYSNATIVE\drivers\SBREdrv.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 EraserUtilDrv11120;EraserUtilDrv11120;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11120.sys;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11120.sys [x]
R3 EraserUtilDrv11122;EraserUtilDrv11122;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11122.sys;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11122.sys [x]
R3 EraserUtilDrvI13;EraserUtilDrvI13;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrvI13.sys;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrvI13.sys [x]
R3 gfiark;gfiark;c:\windows\system32\drivers\gfiark.sys;c:\windows\SYSNATIVE\drivers\gfiark.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]
R4 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe;c:\program files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe [x]
R4 SCM_Service;SCM_Service; [x]
S0 gfibto;gfibto;c:\windows\system32\drivers\gfibto.sys;c:\windows\SYSNATIVE\drivers\gfibto.sys [x]
S0 SCMNdisP;General NDIS Protocol Driver;c:\windows\system32\DRIVERS\scmndisp.sys;c:\windows\SYSNATIVE\DRIVERS\scmndisp.sys [x]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys;c:\windows\SYSNATIVE\drivers\avgtpx64.sys [x]
S1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\ElRawDsk.sys;c:\windows\SYSNATIVE\drivers\ElRawDsk.sys [x]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe;c:\program files\IDT\WDM\AESTSr64.exe [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [x]
S2 ioloSystemService;iolo System Service;c:\program files (x86)\iolo\Common\Lib\ioloServiceManager.exe;c:\program files (x86)\iolo\Common\Lib\ioloServiceManager.exe [x]
S2 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe;c:\program files (x86)\PDF Complete\pdfsvc.exe [x]
S2 PDFsFilter;PDFsFilter;c:\windows\system32\DRIVERS\PDFsFilter.sys;c:\windows\SYSNATIVE\DRIVERS\PDFsFilter.sys [x]
S2 RoxioNow Service;RoxioNow Service;c:\program files (x86)\Roxio\RoxioNow Player\RNowSvc.exe;c:\program files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [x]
S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe;c:\program files (x86)\Secunia\PSI\PSIA.exe [x]
S2 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe;c:\program files (x86)\Secunia\PSI\sua.exe [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S2 vToolbarUpdater15.2.0;vToolbarUpdater15.2.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe [x]
S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf_amd64.sys;c:\windows\SYSNATIVE\DRIVERS\psi_mf_amd64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 RTL8187;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter Vista Driver;c:\windows\system32\DRIVERS\wg111v2.sys;c:\windows\SYSNATIVE\DRIVERS\wg111v2.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - ioloSGuardDriver
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-06-20 09:21 1165776 ----a-w- c:\program files (x86)\Google\Chrome\Application\27.0.1453.116\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-06-30 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-15 19:31]
.
2013-06-30 c:\windows\Tasks\GlaryInitialize.job
- c:\program files (x86)\Glary Utilities\initialize.exe [2012-09-10 12:46]
.
2013-06-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-03 02:08]
.
2013-06-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-03 02:08]
.
2013-06-27 c:\windows\Tasks\HPCeeScheduleForCLAIREMARIE-HP$.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]
.
2013-06-13 c:\windows\Tasks\HPCeeScheduleForclairemarie.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]
.
2013-06-30 c:\windows\Tasks\RMAutoUpdate.job
- c:\program files (x86)\PC Tools\PC Tools Registry Mechanic\SULauncher.exe [2012-11-03 19:44]
.
2013-06-24 c:\windows\Tasks\RMSchedule.job
- c:\program files (x86)\PC Tools\PC Tools Registry Mechanic\RegMech.exe [2011-12-05 19:43]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green]
@="{95A27763-F62A-4114-9072-E81D87DE3B68}"
[HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]
2012-08-29 18:43 1284168 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]
@="{E300CD91-100F-4E67-9AF3-1384A6124015}"
[HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]
2012-08-29 18:43 1284168 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow]
@="{5E529433-B50E-4bef-A63B-16A6B71B071A}"
[HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]
2012-08-29 18:43 1284168 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BeatsOSDApp"="c:\program files\IDT\WDM\beats64.exe" [2010-08-15 37888]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2010-09-15 611896]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2012-04-25 1425408]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 1281512]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.precept.com/
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
.
.
------- File Associations -------
.
inifile=%SystemRoot%\SysWow64\NOTEPAD.EXE %1
JSEFile="%SystemRoot%\System32\WScript.exe" "%1" %*
txtfile=%SystemRoot%\SysWow64\NOTEPAD.EXE %1
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{2d948797-8fe3-4508-9b6f-4bf349a9ea34} - c:\program files (x86)\ReadingFanatic_6x\bar\1.bin\6xSrcAs.dll
BHO-{4153492D-4700-A76A-76A7-7A786E7484D7} - (no file)
BHO-{7D4F1959-3F72-49d5-8E59-F02F8AA6815D} - (no file)
BHO-{f149b372-5830-4d88-b8f6-2853d12c1af5} - c:\progra~2\ReadingFanatic_6x\bar\1.bin\6xbar.dll
Toolbar-{b36151d1-7770-4480-87e4-f89fb54e173d} - c:\program files (x86)\ReadingFanatic_6x\bar\1.bin\6xbar.dll
Toolbar-{4153492D-4700-A76A-76A7-7A786E7484D7} - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
AddRemove-Coupon Printer for Windows5.0.0.1 - c:\program files (x86)\Coupons\uninstall.exe
AddRemove-Zoom Downloader - c:\program files (x86)\Zoom Downloader\uninstall.exe
AddRemove-Torch - c:\users\clairemarie\AppData\Local\Torch\uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pdfcDispatcher]
"ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-06-30 18:05:30
ComboFix-quarantined-files.txt 2013-06-30 22:05
.
Pre-Run: 816,617,451,520 bytes free
Post-Run: 816,709,414,912 bytes free
.
- - End Of File - - 904E3AADC22DF9903FD2028D447CE508
D41D8CD98F00B204E9800998ECF8427E

#7 ckoch

ckoch
  • Topic Starter

  • Members
  • 60 posts
  • OFFLINE
  •  
  • Local time:11:39 PM

Posted 30 June 2013 - 06:08 PM

I first noticed that my computer did not recognize Adobe flash. Every video etc would put up a notice that I needed to download Flash. So I would uninstall and then download Flash but did not change. I did this numerous times. The last time I accidentally thinking it was Adobe clicked on Extreme_Flash_Player_Setup.exe and then got ads when clicking on links. I was hoping this file would have been removed but it is still there in Notification Area Icons.

 

I have just tried to download Flash but couldn't finish because it said to close IE but it was closed.

 

Not sure but I think I saw one ad come up on my browser when I clicked a link. I will let you know if there are more.

 

Thanks so much for helping me. You are very much appreciated.

 

Praise be unto God for His marvelous works!



#8 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 17,403 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:39 PM

Posted 30 June 2013 - 06:13 PM

How is your computer running


Regards,
Gary

If I do not respond to you within 24 hours of your post please send me a Personal Message .


"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#9 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 17,403 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:39 PM

Posted 30 June 2013 - 06:15 PM

Sorry just saw your post. :)


Regards,
Gary

If I do not respond to you within 24 hours of your post please send me a Personal Message .


"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#10 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 17,403 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:39 PM

Posted 30 June 2013 - 06:25 PM

Greetings this wonderful Sunday,

Which browser are you using to try to view videos.

Please run these 2 programs for me.

===================================================

RogueKiller by Tigzy

--------------------
  • Download RogueKiller and save it to your desktop
  • Close all running programs
  • For Vista/7 users right click on the icon and select Run as Administrator
  • For Windows XP simply double click on the icon
  • When prompted, Click Scan
  • When the Status box shows Scan Finished click Delete
  • Click Report
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it winlogon.exe (or winlogon.com) and try again
  • Copy and paste the contents of the report in your reply
===================================================

Farbar Recovery Scan Tool (FRST)

--------------------
  • Download Farbar Recover Scan Tool for either 32 bit or 64 bit systems and save it to your desktop
  • If you are unsure if you have 32 bit or 64 bit simply download and try one. If that doesn't run properly the other one should
  • Double click the icon
  • Click Yes to the disclaimer
  • Click Scan and allow the program to run
  • Click OK on the Scan complete screen, then OK on the Addition.txt pop up screen
  • 2 Notepad documents should now be open on your desktop.
  • Please copy and paste the contents of both in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Roguekiller log
  • FRST log

Regards,
Gary

If I do not respond to you within 24 hours of your post please send me a Personal Message .


"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#11 ckoch

ckoch
  • Topic Starter

  • Members
  • 60 posts
  • OFFLINE
  •  
  • Local time:11:39 PM

Posted 01 July 2013 - 02:25 PM

My last post is gone. The ad problem appears to be fixed. Could you help me with Adobe Flash? Download process will not finish because it says IE is running. I have closed it and everything I can think that might be using IE. I cannot find help in the blogs for this problem. Thank you.

#12 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 17,403 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:39 PM

Posted 01 July 2013 - 02:46 PM

Greetings,

Are there copies of the reports on your desktop. If so I would like you to copy/paste the contents in your reply.

===================================================


Running a CMD script

--------------------
  • Close Internet Explorer
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type taskmgr and press Enter
  • Click on the Processes tab
  • If present right click on any iexplorer.exe entry under Image Name and select End Process
  • Attempt to install Adobe Flash
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Reports
  • Results for Adobe

Regards,
Gary

If I do not respond to you within 24 hours of your post please send me a Personal Message .


"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#13 ckoch

ckoch
  • Topic Starter

  • Members
  • 60 posts
  • OFFLINE
  •  
  • Local time:11:39 PM

Posted 01 July 2013 - 06:55 PM

no my mom accidently did not see your reply's and she tells me her 2nd to last post was gone I'm not sure what happened.  But she is running I.E browser 10 only, 32 bit.  we will run the two programs right now and thanks so much, sorry for the mix up.  It is Monday now but praise God sunday was great too! *-) be back with you shortly. 



#14 ckoch

ckoch
  • Topic Starter

  • Members
  • 60 posts
  • OFFLINE
  •  
  • Local time:11:39 PM

Posted 01 July 2013 - 07:14 PM

This is RougeKiller report
RogueKiller V8.6.1 [Jun 29 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : hxxp://www.adlice.com/forum/
Website : hxxp://www.adlice.com/softwares/roguekiller/
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : clairemarie [Admin rights]
Mode : Remove -- Date : 07/01/2013 20:12:45
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 4 ¤¤¤
[HJ POL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ POL] HKLM\[...]\Wow6432Node\[...]\System : DisableRegistryTools (0) -> [0x2] The system cannot find the file specified.
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Scheduled tasks : 4 ¤¤¤
[V2][SUSP PATH] DealPly : C:\Users\CLAIRE~1\AppData\Roaming\DealPly\UpdateProc\UpdateTask.exe - /Check [x] -> DELETED
[V2][SUSP PATH] TidyNetwork Update : C:\Users\clairemarie\AppData\Local\TidyNetwork.com\tidy2update.exe [x] -> DELETED
[V2][SUSP PATH] Updater26278.exe : C:\Users\clairemarie\AppData\Local\Updater26278\Updater26278.exe - /extensionid=26278 /extensionname="Solid Savings" /chromeid=cijeeimilokkhlfjombmalgpabbonmah [x][x] -> DELETED
[V2][SUSP PATH] {5F6010C8-60E5-41f3-BF5B-C3AF5DBE12D4} : "C:\ProgramData\Carbonite\Carbonite Backup\CarboniteUpgrade.exe" - /silent $(Arg0) [x][x] -> DELETED

¤¤¤ Startup Entries : 1 ¤¤¤
[UpdatusUser][SUSP PATH] Uninstall Webroot RunOnce.lnk : C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Uninstall Webroot RunOnce.lnk @C:\Users\UpdatusUser\AppData\Roaming\wruninstall.exe -x -name=webroot -ffuuid {8ac62a8b-8b3f-43ba-9b1a-90c299b9dfda} [-][7][x] -> DELETED

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: Hitachi HDS721010CLA332 +++++
--- User ---
[MBR] 70d05d9adaaa9ed9ee749202d58dbaa9
[BSP] a24a65bb6e3f94a527904c9c171736dd : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 940530 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1926412288 | Size: 13237 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_D_07012013_201245.txt >>
RKreport[0]_S_07012013_201057.txt

#15 ckoch

ckoch
  • Topic Starter

  • Members
  • 60 posts
  • OFFLINE
  •  
  • Local time:11:39 PM

Posted 01 July 2013 - 07:25 PM

This is the first report from Farber
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-07-2013 02
Ran by clairemarie at 2013-07-01 20:23:38
Running from C:\Users\clairemarie\Desktop
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

Update for Microsoft Office 2007 (KB2508958) (x32)
7-zip v9.20 (x32 Version: v9.20)
Adobe AIR (x32 Version: 3.7.0.2090)
Agatha Christie - Peril at End House (x32 Version: 2.2.0.95)
Amanda Rose: The Game of Time (x32 Version: 2.2.0.97)
Amazing Adventures: The Forgotten Dynasty (x32 Version: 2.2.0.97)
Amazon Kindle (HKCU)
Ancient Secrets: Mystery of the Vanishing Bride (x32 Version: 2.2.0.97)
Antique Road Trip (x32 Version: 2.2.0.97)
Apple Application Support (x32 Version: 2.3.4)
Apple Mobile Device Support (Version: 6.1.0.13)
Apple Software Update (x32 Version: 2.1.3.127)
Batch Update (x32 Version: 3.0)
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95)
Bible Data Type System Files (x32 Version: 3.0)
Bicycle Go Fish (x32 Version: 2.2.0.97)
Blackhawk Striker 2 (x32 Version: 2.2.0.95)
Blasterball 3 (x32 Version: 2.2.0.95)
Blio (x32 Version: 2.2.7485)
Bonjour (Version: 3.0.0.10)
Bounce Symphony (x32 Version: 2.2.0.95)
Build-a-lot 2 (x32 Version: 2.2.0.95)
Cake Mania (x32 Version: 2.2.0.95)
Canon Inkjet Printer Driver Add-On Module V2.00
Carbonite (x32 Version: 5.3.1 build 2232 (Aug-29-2012))
CCleaner (Version: 4.01)
Chronicles of Albian (x32 Version: 2.2.0.95)
Chuzzle Deluxe (x32 Version: 2.2.0.95)
ClamWin Free Antivirus 0.97.8 (x32)
Clause Visualizer (x32 Version: 3.0)
Common System Files (x32 Version: 3.0)
CyberLink DVD Suite Deluxe (x32 Version: 7.0.3210)
D3DX10 (x32 Version: 15.4.2368.0902)
Defraggler (Version: 2.11)
Detective Agency: The Banker's Wife (x32 Version: 2.2.0.98)
Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95)
Dora's World Adventure (x32 Version: 2.2.0.95)
Dream Chronicles: The Book of Water Collector's Edition (x32 Version: 2.2.0.98)
Dream Mysteries - Case of the Red Fox (x32 Version: 2.2.0.97)
DVD Menu Pack for HP MediaSmart Video (x32 Version: 4.2.4412)
Echoes Of Sorrow (x32 Version: 2.2.0.97)
Empress of the Deep II : Song of the Blue Whale (x32 Version: 2.2.0.98)
Escape - Special Edition Bundle (x32 Version: 2.2.0.97)
Escape Rosecliff Island (x32 Version: 2.2.0.95)
Escape The Emerald Star (x32 Version: 2.2.0.98)
Farm Frenzy (x32 Version: 2.2.0.95)
FATE (x32 Version: 2.2.0.95)
FBI Paranormal Case: Extended Edition (x32 Version: 2.2.0.98)
Final Drive Nitro (x32 Version: 2.2.0.95)
G.H.O.S.T. Hunters The Haunting of Majesty Manor (x32 Version: 2.2.0.95)
Glary Utilities 2.48.0.1568 (x32 Version: 2.48.0.1568)
Google Chrome (x32 Version: 65.39.79)
Google Toolbar for Internet Explorer (x32 Version: 7.5.4209.2358)
Google Update Helper (x32 Version: 1.3.21.149)
Graphical Query Editor (x32 Version: 3.0)
Guardians of Magic: Amanda's Awakening (x32 Version: 2.2.0.97)
Heroes of Hellas 2 - Olympia (x32 Version: 2.2.0.95)
House, MD (x32 Version: 2.2.0.97)
HP Auto (Version: 1.0.12494.3472)
HP Client Services (Version: 1.0.12656.3472)
HP Customer Experience Enhancements (x32 Version: 6.0.1.7)
HP Games (x32 Version: 1.0.2.5)
HP MediaSmart DVD (x32 Version: 4.2.4725)
HP MediaSmart Music (x32 Version: 4.2.4517)
HP MediaSmart Photo (x32 Version: 4.2.4513)
HP MediaSmart SmartMenu (Version: 3.1.2.4)
HP MediaSmart Video (x32 Version: 4.2.4522)
HP MediaSmart/TouchSmart Netflix (x32 Version: 1.0.4.0)
HP MovieStore (x32 Version: 1.0.027)
HP MovieStore (x32 Version: 2.0.2)
HP Setup (x32 Version: 8.4.4400.3525)
HP Setup Manager (x32 Version: 1.0.12844.3519)
HP Update (x32 Version: 5.005.000.002)
HP Vision Hardware Diagnostics (Version: 2.1.6.0)
Hulu Desktop (HKCU Version: 0.9.13)
I SPY Mystery (x32 Version: 2.2.0.97)
I SPY Treasure Hunt (x32 Version: 2.2.0.97)
iCloud (Version: 2.1.2.8)
IDT Audio (x32 Version: 1.0.6302.0)
ImgBurn (x32 Version: 2.5.5.0)
Insider Tales: The Stolen Venus 2 (x32 Version: 2.2.0.97)
Intel® Management Engine Components (x32 Version: 7.0.0.1118)
iolo technologies' System Mechanic (x32 Version: 11.7.1)
iTunes (Version: 11.0.4.4)
Java 7 Update 25 (x32 Version: 7.0.250)
Jewel Match 3 (x32 Version: 2.2.0.97)
Jewel Quest Mysteries: The Seventh Gate Collector's Edition (x32 Version: 2.2.0.98)
Jewel Quest Solitaire 2 (x32 Version: 2.2.0.95)
Junk Mail filter update (x32 Version: 15.4.3502.0922)
Kobo (x32 Version: 1.6)
LabelPrint (x32 Version: 2.5.3130)
Libronix Digital Library System (x32 Version: 3.0)
Libronix Digital Library System (x32)
Libronix DLS Application (x32 Version: 3.0)
Libronix DLS Shortcuts (x32 Version: 3.0)
Libronix Update (x32 Version: 3.0)
LightScribe System Software (x32 Version: 1.18.20.1)
LLS Resource Driver (x32 Version: 3.0)
Logos 5 Prerequisites (x32 Version: 5.16.0880)
Logos Bible Software 5 (x32 Version: 5.16.943)
Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300)
Marooned 2: The Secrets of the Akoni (x32 Version: 2.2.0.95)
Medieval II Total War (x32 Version: 1.00.0000)
Microsoft .NET Framework 4.5 (Version: 4.5.50709)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office 2007 Service Pack 3 (SP3) (x32)
Microsoft Office 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000)
Microsoft Office Click-to-Run 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (x32 Version: 14.0.5130.5003)
Microsoft Office Home and Student 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000)
Microsoft Office OneNote MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32)
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Starter 2010 - English (x32 Version: 14.0.4763.1000)
Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft PowerPoint Viewer (x32 Version: 14.0.6029.1000)
Microsoft Security Client (Version: 4.2.0223.1)
Microsoft Security Essentials (Version: 4.2.223.1)
Microsoft Silverlight (Version: 5.1.20125.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (x32 Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (x32 Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (x32 Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (Version: 10.0.30319)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (x32 Version: 10.0.30319)
Microsoft WSE 3.0 Runtime (x32 Version: 3.0.5305.0)
Millionaire Manor: The Hidden Object Show 3 (x32 Version: 2.2.0.95)
Movie Theme Pack for HP MediaSmart Video (x32 Version: 4.2.4412)
Mozilla Maintenance Service (x32 Version: 17.0.7)
Mozilla Thunderbird 17.0.7 (x86 en-US) (x32 Version: 17.0.7)
MSVCRT (x32 Version: 15.4.2862.0708)
MSVCRT_amd64 (x32 Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
MSXML 4.0 SP3 Parser (KB2721691) (x32 Version: 4.30.2114.0)
MSXML 4.0 SP3 Parser (KB2758694) (x32 Version: 4.30.2117.0)
MSXML 4.0 SP3 Parser (x32 Version: 4.30.2100.0)
Murder Island: Secret of Tantalus (x32 Version: 2.2.0.97)
Mystery of Shark Island (x32 Version: 2.2.0.95)
Mystery P.I. - The London Caper (x32 Version: 2.2.0.95)
Nancy Drew: Secrets Can Kill Remastered (x32 Version: 2.2.0.98)
NETGEAR WG111v2 wireless USB 2.0 adapter (x32 Version: 1.0.0.133)
Nightmare on the Pacific (x32 Version: 2.2.0.97)
NVIDIA 3D Vision Controller Driver 285.62 (Version: 285.62)
NVIDIA Control Panel 296.28 (Version: 296.28)
NVIDIA Graphics Driver 296.28 (Version: 296.28)
NVIDIA HD Audio Driver 1.2.24.0 (Version: 1.2.24.0)
NVIDIA Install Application (Version: 2.1002.62.312)
NVIDIA PhysX (x32 Version: 9.11.0621)
NVIDIA PhysX System Software 9.11.0621 (Version: 9.11.0621)
NVIDIA Update 1.7.12 (Version: 1.7.12)
NVIDIA Update Components (Version: 1.7.12)
OEB Resource Driver (x32 Version: 3.0)
Pc Study Bible-'INTERNATB00666' version 5.2 (x32 Version: 5.2)
PC Tools Registry Mechanic 11.1 (x32 Version: 11.1)
PDF Complete Special Edition (x32 Version: 4.0.14)
PDF Resource Driver (x32 Version: 3.0)
Penguins! (x32 Version: 2.2.0.95)
PhotoNow! (x32 Version: 1.1.7717)
PictureMover (x32 Version: 3.5.0.33)
Plants vs. Zombies (x32 Version: 2.2.0.95)
PlayReady PC Runtime amd64 (Version: 1.3.0)
PlayReady PC Runtime x86 (x32 Version: 1.3.0)
Polar Bowler (x32 Version: 2.2.0.95)
Polar Golfer (x32 Version: 2.2.0.95)
Power2Go (x32 Version: 6.1.4329)
PowerDirector (x32 Version: 8.0.3129)
PressReader (x32 Version: 5.10.1102.0)
Private Eye (x32 Version: 2.2.0.95)
QuickTime (x32 Version: 7.74.80.86)
ReadingFanatic Toolbar (x32)
Recovery Manager (x32 Version: 5.5.3219)
Rhianna Ford and the Da Vinci Letter (x32 Version: 2.2.0.98)
RoxioNow Player (x32 Version: 1.9.5.101)
Savings Bond Wizard (x32)
Secret Diaries: Florence Ashford (x32 Version: 2.2.0.95)
Secunia PSI (3.0.0.7009) (x32 Version: 3.0.0.7009)
Sentence Diagramming (x32 Version: 3.0)
Sibelius Scorch (ActiveX Only) (x32 Version: 6.2.0)
Slingo Mystery 2: The Golden Escape (x32 Version: 2.2.0.95)
Solid Savings (x32 Version: 1.27.153.0)
Speccy (Version: 1.18)
Stronghold 2 (x32 Version: 1.00)
Syncios version 2.0.2 (x32 Version: 2.0.2)
TaxACT 2011 - 1040 Edition (x32)
TaxACT 2012 - 1040 Edition (x32)
The Secret Legacy: A Kate Brooks Adventure (x32 Version: 2.2.0.97)
The Secret of Hildegards (x32 Version: 2.2.0.98)
The Tale of the Lost Bride and a Hidden Treasure (x32 Version: 2.2.0.98)
TidyNetwork.com (HKCU)
Unit Layers (HKCU Version: 9.0)
Update for 2007 Microsoft Office System (KB967642) (x32)
Update for Microsoft .NET Framework 4.5 (KB2750147) (x32 Version: 1)
Update for Microsoft .NET Framework 4.5 (KB2805221) (x32 Version: 1)
Update for Microsoft .NET Framework 4.5 (KB2805226) (x32 Version: 1)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (x32)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (x32)
Update for Microsoft Office Excel 2007 Help (KB963678) (x32)
Update for Microsoft Office OneNote 2007 Help (KB963670) (x32)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (x32)
Update for Microsoft Office Script Editor Help (KB963671) (x32)
Update for Microsoft Office Word 2007 Help (KB963665) (x32)
Update Installer for WildTangent Games App (x32)
Vacation Quest - The Hawaiian Islands (x32 Version: 2.2.0.97)
Victorian Mysteries: Woman in White (x32 Version: 2.2.0.95)
Virtual Families (x32 Version: 2.2.0.95)
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.95)
WebM Media Foundation Components (x32 Version: 1.0.0.0)
Wheel of Fortune 2 (x32 Version: 2.2.0.95)
WildTangent Games (x32 Version: 1.0.2.5)
WildTangent Games App (HP Games) (x32 Version: 4.0.5.14)
WildTangent Games App (x32 Version: 4.0.5.14)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3502.0922)
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0)
Windows Live Installer (x32 Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3502.0922)
Windows Live Mail (x32 Version: 15.4.3502.0922)
Windows Live Messenger (x32 Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (x32 Version: 15.4.3502.0922)
Windows Live Photo Common (x32 Version: 15.4.3502.0922)
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922)
Windows Live PIMT Platform (x32 Version: 15.4.3502.0922)
Windows Live SOXE (x32 Version: 15.4.3502.0922)
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922)
Windows Live UX Platform (x32 Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (x32 Version: 15.4.3502.0922)
Windows Live Writer (x32 Version: 15.4.3502.0922)
Windows Live Writer Resources (x32 Version: 15.4.3502.0922)
WORDsearch Basic (x32 Version: 10)
WORDsearch Basic (x32)
Z 39.50 Library (x32 Version: 3.0)
Zinio Reader 4 (x32 Version: 4.0.3184)
Zoom Downloader (x32)
Zuma Deluxe (x32 Version: 2.2.0.95)

==================== Restore Points =========================

01-07-2013 21:35:46 Scheduled Checkpoint

==================== Scheduled Tasks (whitelisted) =============

Task: {11FF16AD-98F7-4AC3-8840-F83DC516F228} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {1F96AE5F-DFFE-4510-AAB4-35E439219821} - System32\Tasks\HPCeeScheduleForclairemarie => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14] (Hewlett-Packard)
Task: {2EB5A5E9-29BA-4641-BBC7-C3A9CA906329} - System32\Tasks\HPCeeScheduleForCLAIREMARIE-HP$ => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14] (Hewlett-Packard)
Task: {30BD3524-31CB-46E7-8504-F66D67D54A82} - System32\Tasks\GlaryInitialize => C:\Program Files (x86)\Glary Utilities\initialize.exe [2012-08-09] (Glarysoft Ltd)
Task: {3A57395D-12E5-4DEE-8962-A0EBA896A9E1} - System32\Tasks\DealPlyUpdate => C:\Program Files (x86)\DealPly\DealPlyUpdate.exe No File
Task: {40AE0FB1-85DE-4826-9ACC-A978F04932A8} - System32\Tasks\RMSchedule => C:\Program Files (x86)\PC Tools\PC Tools Registry Mechanic\RegMech.exe [2012-08-21] (PC Tools)
Task: {49E20EEA-643A-4AB1-B932-698B86D1BD08} - System32\Tasks\RMAutoUpdate => C:\Program Files (x86)\PC Tools\PC Tools Registry Mechanic\SULauncher.exe [2012-08-21] (PC Tools)
Task: {56E175C1-DF5D-401C-81B5-5C7AA73D48EF} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-24] (Adobe Systems Incorporated)
Task: {5E4E046D-7706-4C87-8FBF-89B21A5A7722} - System32\Tasks\SidebarExecute => C:\Program Files (x86)\Windows Sidebar\sidebar.exe [2010-11-20] (Microsoft Corporation)
Task: {746AC256-33CC-467F-A6D8-DDF607FC414D} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => C:\Program Files\Microsoft Security Client\MpCmdRun.exe [2013-01-27] (Microsoft Corporation)
Task: {7D607482-543E-42BD-8945-1064B5F57C50} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-04-23] (Piriform Ltd)
Task: {97208740-3307-46E9-8910-F64F48F248DA} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe [2010-11-20] (Microsoft Corporation)
Task: {C8504A1E-A635-4059-B49F-7D4E2E1F7B2B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-06-02] (Google Inc.)
Task: {F3B54142-CCD4-4122-BB04-1A3D39B4A8BD} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-06-02] (Google Inc.)
Task: {F968EC39-92E8-4F68-AD94-A6F9632CDD03} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GlaryInitialize.job => C:\Program Files (x86)\Glary Utilities\initialize.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForCLAIREMARIE-HP$.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\Windows\Tasks\HPCeeScheduleForclairemarie.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\Windows\Tasks\RMAutoUpdate.job => C:\Program Files (x86)\PC Tools\PC Tools Registry Mechanic\SULauncher.exe
Task: C:\Windows\Tasks\RMSchedule.job => C:\Program Files (x86)\PC Tools\PC Tools Registry Mechanic\RegMech.exe

==================== Faulty Device Manager Devices =============

Name: SBRE
Description: SBRE
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: SBRE
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (07/01/2013 04:24:08 PM) (Source: Application Error) (User: )
Description: Faulting application name: LogosSetup.exe, version: 5.1.0.943, time stamp: 0x51ca21d4
Faulting module name: LogosSetup.exe, version: 5.1.0.943, time stamp: 0x51ca21d4
Exception code: 0x40000015
Fault offset: 0x00029c8e
Faulting process id: 0x165c
Faulting application start time: 0xLogosSetup.exe0
Faulting application path: LogosSetup.exe1
Faulting module path: LogosSetup.exe2
Report Id: LogosSetup.exe3

Error: (07/01/2013 03:25:53 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9968

Error: (07/01/2013 03:25:53 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 9968

Error: (07/01/2013 03:25:53 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second


System errors:
=============
Error: (07/01/2013 05:05:00 PM) (Source: volsnap) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

Error: (07/01/2013 03:15:48 PM) (Source: Service Control Manager) (User: )
Description: The NVIDIA Update Service Daemon service failed to start due to the following error:
%%1069

Error: (07/01/2013 03:15:48 PM) (Source: Service Control Manager) (User: )
Description: The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error:
%%1330

To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

Error: (07/01/2013 03:13:28 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
SBRE

Error: (07/01/2013 00:39:23 PM) (Source: DCOM) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

Error: (06/30/2013 06:03:05 PM) (Source: Service Control Manager) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (06/30/2013 06:02:25 PM) (Source: Application Popup) (User: )
Description: \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (06/30/2013 06:00:06 PM) (Source: Service Control Manager) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.


Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
Date: 2013-06-30 18:02:25.708
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-06-30 18:02:25.615
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Percentage of memory in use: 26%
Total physical RAM: 6126.54 MB
Available physical RAM: 4504.15 MB
Total Pagefile: 12251.27 MB
Available Pagefile: 10334.94 MB
Total Virtual: 8192 MB
Available Virtual: 8191.8 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:918.49 GB) (Free:791.95 GB) NTFS (Disk=0 Partition=2)
Drive d: (HP_RECOVERY) (Fixed) (Total:12.93 GB) (Free:1.59 GB) NTFS (Disk=0 Partition=3) ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 932 GB) (Disk ID: DCACADAC)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=918 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=13 GB) - (Type=07 NTFS)

==================== End Of Log ============================




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users