Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Support
Windows Malware Removal Help & Support
FIRST.txt and Addition.txt for pckeeper and reimageplus pop-ups
Message
<blockquote data-quote="Bonnielj" data-source="post: 269377" data-attributes="member: 28099"><p>I have been trying to get rid of an virus or malware called pckeeper from my computer...Looking for help.</p><p>Thank you.</p><p></p><p>Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-09-2014 02</p><p>Ran by Bonnie (administrator) on BONNIESDESKTOP on 28-09-2014 22:10:50</p><p>Running from C:\Users\Bonnie\Desktop</p><p>Loaded Profiles: Bonnie & AdministratorBonnie & UpdatusUser & (Available profiles: Bonnie & AdministratorBonnie & UpdatusUser)</p><p>Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)</p><p>Internet Explorer Version 9</p><p>Boot Mode: Normal</p><p>Tutorial for Farbar Recovery Scan Tool: <a href="http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/" target="_blank">http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/</a></p><p></p><p>==================== Processes (Whitelisted) =================</p><p></p><p>(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)</p><p></p><p>(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe</p><p>(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe</p><p>(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe</p><p>(Binary Fortress Software) C:\Program Files (x86)\TrayStatus\TrayStatus.exe</p><p>(Foxit Corporation) C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe</p><p>(Acer Incorporated) C:\Program Files (x86)\eMachines\Registration\GREGsvc.exe</p><p>(Acer Incorporated) C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe</p><p>(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe</p><p>(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe</p><p>(Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine\21.5.0.19\n360.exe</p><p>(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe</p><p>(Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine\21.5.0.19\n360.exe</p><p>(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe</p><p>(Elias Fotinis) C:\Program Files (x86)\DeskPins\DeskPins.exe</p><p>(Glarysoft Ltd) C:\Program Files (x86)\Glary Utilities 5\Integrator.exe</p><p>(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe</p><p>(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe</p><p>(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe</p><p></p><p></p><p>==================== Registry (Whitelisted) ==================</p><p></p><p>(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)</p><p></p><p>HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)</p><p>HKU\S-1-5-21-771612026-841732212-226713872-1000\...\Run: [KeyboardLeds.exe] => C:\Program Files (x86)\Keyboard LEDs\KeyboardLeds.exe [912896 2012-09-05] (KARPOLAN)</p><p>HKU\S-1-5-21-771612026-841732212-226713872-1000\...\Run: [GUDelayStartup] => C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe [37152 2014-09-15] (Glarysoft Ltd)</p><p>HKU\S-1-5-21-771612026-841732212-226713872-1000\...\Run: [TrayStatus] => C:\Program Files (x86)\TrayStatus\TrayStatus.exe [283032 2011-05-18] (Binary Fortress Software)</p><p>HKU\S-1-5-21-771612026-841732212-226713872-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [6480664 2014-09-25] (Piriform Ltd)</p><p>HKU\S-1-5-21-771612026-841732212-226713872-1000\...\MountPoints2: {0158e630-0acd-11e1-a35f-f80f411ea9c3} - I:\LaunchU3.exe -a</p><p>HKU\S-1-5-21-771612026-841732212-226713872-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [KeyboardLeds.exe] => C:\Program Files (x86)\Keyboard LEDs\KeyboardLeds.exe [912896 2012-09-05] (KARPOLAN)</p><p>HKU\S-1-5-21-771612026-841732212-226713872-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [GUDelayStartup] => C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe [37152 2014-09-15] (Glarysoft Ltd)</p><p>HKU\S-1-5-21-771612026-841732212-226713872-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [TrayStatus] => C:\Program Files (x86)\TrayStatus\TrayStatus.exe [283032 2011-05-18] (Binary Fortress Software)</p><p>HKU\S-1-5-21-771612026-841732212-226713872-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [6480664 2014-09-25] (Piriform Ltd)</p><p>HKU\S-1-5-21-771612026-841732212-226713872-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {0158e630-0acd-11e1-a35f-f80f411ea9c3} - I:\LaunchU3.exe -a</p><p>HKU\S-1-5-21-771612026-841732212-226713872-1005\...\RunOnce: [ScrSav] => C:\Program Files (x86)\eMachines\Screensaver\run_eMachines.exe [154144 2010-07-29] ()</p><p>HKU\S-1-5-21-771612026-841732212-226713872-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\RunOnce: [ScrSav] => C:\Program Files (x86)\eMachines\Screensaver\run_eMachines.exe [154144 2010-07-29] ()</p><p>ShellIconOverlayIdentifiers: OverlayExcluded -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Security Suite\Engine64\21.5.0.19\buShell.dll (Symantec Corporation)</p><p>ShellIconOverlayIdentifiers: OverlayPending -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Security Suite\Engine64\21.5.0.19\buShell.dll (Symantec Corporation)</p><p>ShellIconOverlayIdentifiers: OverlayProtected -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Security Suite\Engine64\21.5.0.19\buShell.dll (Symantec Corporation)</p><p>BootExecute: autocheck autochk * BootDefrag.exe</p><p></p><p>==================== Internet (Whitelisted) ====================</p><p></p><p>(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)</p><p></p><p>HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = <a href="http://www.msn.com/?ocid=iehp" target="_blank">http://www.msn.com/?ocid=iehp</a></p><p>HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US</p><p>HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x804D056B3ED5CF01</p><p>HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = <a href="http://xfinity.comcast.net/" target="_blank">http://xfinity.comcast.net/</a></p><p>StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe</p><p>SearchScopes: HKLM-x32 - {c1d89ae7-449d-4929-b24b-fded04adbe06} URL = <a href="http://isearch.glarysoft.com/?q={searchTerms}&src=iesearch" target="_blank">http://isearch.glarysoft.com/?q={searchTerms}&src=iesearch</a></p><p>SearchScopes: HKCU - {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = <a href="http://nortonsafe.search.ask.com/web?q={SEARCHTERMS}&o=APN10506&l=dis&prt=360&chn=S1122&geo=US&ver=21&locale=en_US&gct=kwd&qsrc=2869" target="_blank">http://nortonsafe.search.ask.com/web?q={SEARCHTERMS}&o=APN10506&l=dis&prt=360&chn=S1122&geo=US&ver=21&locale=en_US&gct=kwd&qsrc=2869</a></p><p>BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security Suite\Engine64\21.5.0.19\coIEPlg.dll (Symantec Corporation)</p><p>BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security Suite\Engine\21.5.0.19\coIEPlg.dll (Symantec Corporation)</p><p>BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Security Suite\Engine\21.5.0.19\IPS\IPSBHO.DLL (Symantec Corporation)</p><p>BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)</p><p>BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)</p><p>Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine64\21.5.0.19\coIEPlg.dll (Symantec Corporation)</p><p>Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\21.5.0.19\coIEPlg.dll (Symantec Corporation)</p><p>Toolbar: HKCU - No Name - {C050A3B4-59E7-42B1-9956-369806F31D20} - No File</p><p>Toolbar: HKCU - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine64\21.5.0.19\coIEPlg.dll (Symantec Corporation)</p><p>DPF: HKLM-x32 {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} <a href="http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab" target="_blank">http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab</a></p><p>DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} <a href="http://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab" target="_blank">http://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab</a></p><p>DPF: HKLM-x32 {17492023-C23A-453E-A040-C7C580BBF700} <a href="http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab" target="_blank">http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab</a></p><p>DPF: HKLM-x32 {3107C2A8-9F0B-4404-A58B-21BD85268FBC} <a href="http://www.pogo.com/cdl/launcher/PogoWebLauncherInstaller.CAB" target="_blank">http://www.pogo.com/cdl/launcher/PogoWebLauncherInstaller.CAB</a></p><p>Handler: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\system32\urlmon.dll (Microsoft Corporation)</p><p>Handler-x32: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - No File</p><p>Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt</p><p>Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76</p><p></p><p>FireFox:</p><p>========</p><p>FF ProfilePath: C:\Users\Bonnie\AppData\Roaming\Mozilla\Firefox\Profiles\nq483etu.default-1411263639149</p><p>FF DefaultSearchEngine: Bing</p><p>FF SelectedSearchEngine: Bing</p><p>FF Homepage: hxxp://xfinity.comcast.net/</p><p>FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()</p><p>FF Plugin: @java.com/DTPlugin,version=10.21.2 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)</p><p>FF Plugin: @microsoft.com/GENUINE -> disabled No File</p><p>FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)</p><p>FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()</p><p>FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1212152.dll (Adobe Systems, Inc.)</p><p>FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll No File</p><p>FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll No File</p><p>FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)</p><p>FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)</p><p>FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)</p><p>FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)</p><p>FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File</p><p>FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)</p><p>FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File</p><p>FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)</p><p>FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)</p><p>FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll No File</p><p>FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)</p><p>FF SearchPlugin: C:\Users\Bonnie\AppData\Roaming\Mozilla\Firefox\Profiles\nq483etu.default-1411263639149\searchplugins\safesearch.xml</p><p>FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn</p><p>FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn [2014-09-24]</p><p></p><p>Chrome:</p><p>=======</p><p>CHR Profile: C:\Users\Bonnie\AppData\Local\Google\Chrome\User Data\Default</p><p>CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Security Suite\Engine\21.5.0.19\Exts\Chrome.crx [2014-09-19]</p><p>CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION</p><p></p><p>==================== Services (Whitelisted) =================</p><p></p><p>(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)</p><p></p><p>S3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [245760 2010-01-25] (Brother Industries, Ltd.) [File not signed]</p><p>S4 ForceWare Intelligent Application Manager (IAM); C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe [626208 2009-08-10] ()</p><p>R2 FoxitCloudUpdateService; C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [242216 2014-06-17] (Foxit Corporation)</p><p>R2 GREGService; C:\Program Files (x86)\eMachines\Registration\GREGsvc.exe [23584 2010-01-08] (Acer Incorporated)</p><p>S2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [127752 2014-09-18] (SurfRight B.V.)</p><p>R2 Live Updater Service; C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe [244624 2011-01-31] (Acer Incorporated)</p><p>R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)</p><p>R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)</p><p>R2 N360; C:\Program Files (x86)\Norton Security Suite\Engine\21.5.0.19\N360.exe [265040 2014-08-01] (Symantec Corporation)</p><p>S4 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation)</p><p>S4 nSvcIp; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe [206880 2009-08-10] ()</p><p>S4 PGMTrusted; C:\Program Files (x86)\Pogo Games\PGMTrusted.exe [519920 2012-10-31] (iWin Inc.)</p><p></p><p>==================== Drivers (Whitelisted) ====================</p><p></p><p>(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)</p><p></p><p>R1 BHDrvx64; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\BASHDefs\20140912.003\BHDrvx64.sys [1586904 2014-09-12] (Symantec Corporation)</p><p>R0 BootDefragDriver; C:\Windows\System32\drivers\BootDefragDriver.sys [17600 2014-05-14] (Glarysoft Ltd)</p><p>R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1505000.013\ccSetx64.sys [162392 2013-09-25] (Symantec Corporation)</p><p>R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2014-09-19] (Symantec Corporation)</p><p>R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142640 2014-09-19] (Symantec Corporation)</p><p>R1 GUBootStartup; C:\Windows\System32\drivers\GUBootStartup.sys [20672 2014-09-09] (Glarysoft Ltd)</p><p>R1 IDSVia64; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\IPSDefs\20140926.003\IDSvia64.sys [633560 2014-09-19] (Symantec Corporation)</p><p>R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)</p><p>R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-09-28] (Malwarebytes Corporation)</p><p>R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)</p><p>R3 NAVENG; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\VirusDefs\20140928.002\ENG64.SYS [129752 2014-09-22] (Symantec Corporation)</p><p>R3 NAVEX15; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\VirusDefs\20140928.002\EX64.SYS [2137304 2014-09-22] (Symantec Corporation)</p><p>S3 PcdrNdisuio; No ImagePath</p><p>R1 SMR430; C:\Windows\System32\drivers\SMR430.SYS [108216 2014-09-24] (Symantec Corporation)</p><p>R3 SRTSP; C:\Windows\System32\Drivers\N360x64\1505000.013\SRTSP64.SYS [875736 2014-07-23] (Symantec Corporation)</p><p>R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1505000.013\SRTSPX64.SYS [36952 2013-09-09] (Symantec Corporation)</p><p>R0 SymDS; C:\Windows\System32\drivers\N360x64\1505000.013\SYMDS64.SYS [493656 2013-09-09] (Symantec Corporation)</p><p>R0 SymEFA; C:\Windows\System32\drivers\N360x64\1505000.013\SYMEFA64.SYS [1148120 2014-07-23] (Symantec Corporation)</p><p>R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-09-19] (Symantec Corporation)</p><p>R1 SymIRON; C:\Windows\system32\drivers\N360x64\1505000.013\Ironx64.SYS [264280 2013-09-26] (Symantec Corporation)</p><p>R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1505000.013\SYMNETS.SYS [593112 2014-07-23] (Symantec Corporation)</p><p>U5 UnlockerDriver5; C:\Program Files (x86)\Unlocker\UnlockerDriver5.sys [4096 2010-07-04] () [File not signed]</p><p>S1 AntiLog32; \??\C:\Windows\system32\drivers\AntiLog64.sys [X]</p><p>S3 keycrypt; system32\DRIVERS\KeyCrypt64.sys [X]</p><p></p><p>==================== NetSvcs (Whitelisted) ===================</p><p></p><p>(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)</p><p></p><p></p><p>==================== One Month Created Files and Folders ========</p><p></p><p>(If an entry is included in the fixlist, the file\folder will be moved.)</p><p></p><p>2014-09-28 22:10 - 2014-09-28 22:11 - 00017131 _____ () C:\Users\Bonnie\Desktop\FRST.txt</p><p>2014-09-28 22:10 - 2014-09-28 22:10 - 00000000 ____D () C:\FRST</p><p>2014-09-28 22:06 - 2014-09-28 22:07 - 02108928 _____ (Farbar) C:\Users\Bonnie\Desktop\FRST64.exe</p><p>2014-09-28 21:41 - 2014-09-28 21:41 - 00001898 _____ () C:\Users\Public\Desktop\HitmanPro.lnk</p><p>2014-09-28 01:10 - 2014-09-28 01:10 - 00000831 _____ () C:\Users\Public\Desktop\CCleaner.lnk</p><p>2014-09-25 02:27 - 2014-09-25 02:27 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox</p><p>2014-09-24 20:19 - 2014-09-24 20:19 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\Bonnie\Downloads\SpyHunter-Installer.exe</p><p>2014-09-24 16:13 - 2014-09-24 16:13 - 00000020 _____ () C:\Windows\system32\Drivers\SMR430.dat</p><p>2014-09-24 15:34 - 2014-09-24 16:13 - 00108216 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SMR430.SYS</p><p>2014-09-24 15:33 - 2014-09-24 15:34 - 03060320 ____N (Symantec Corporation) C:\Users\Bonnie\Downloads\NPE.exe</p><p>2014-09-22 22:59 - 2014-09-28 13:55 - 00147873 ____N () C:\Windows\WindowsUpdate.log</p><p>2014-09-20 21:40 - 2014-09-20 21:40 - 00000000 ____D () C:\Users\Bonnie\Desktop\Old Firefox Data</p><p>2014-09-20 21:27 - 2014-09-24 19:49 - 00000000 ____D () C:\Users\Bonnie\Desktop\Logs removing pckeeper.app.zeobit virus</p><p>2014-09-20 21:15 - 2014-09-20 21:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TrayStatus</p><p>2014-09-20 21:15 - 2014-09-20 21:15 - 00000000 ____D () C:\Program Files (x86)\TrayStatus</p><p>2014-09-20 21:13 - 2014-09-20 21:13 - 00647080 _____ (Binary Fortress Software ) C:\Users\Bonnie\Downloads\TrayStatusSetup-1.2.3.exe</p><p>2014-09-20 21:11 - 2014-09-20 21:11 - 00699016 _____ (CNET Download.com) C:\Users\Bonnie\Downloads\cbsidlm-cbsi213-TrayStatus-SEO-75167720(1).exe</p><p>2014-09-20 21:09 - 2014-09-20 21:09 - 00699016 _____ (CNET Download.com) C:\Users\Bonnie\Downloads\cbsidlm-cbsi213-TrayStatus-SEO-75167720.exe</p><p>2014-09-20 00:47 - 2014-09-20 00:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro</p><p>2014-09-19 23:33 - 2014-09-19 23:33 - 00000000 ____D () C:\Windows\System32\Tasks\Norton Security Suite</p><p>2014-09-19 23:22 - 2014-09-19 23:33 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security Suite</p><p>2014-09-19 23:22 - 2014-09-19 23:22 - 00177752 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS</p><p>2014-09-19 23:22 - 2014-09-19 23:22 - 00008222 _____ () C:\Windows\system32\Drivers\SYMEVENT64x86.CAT</p><p>2014-09-19 23:22 - 2014-09-19 23:22 - 00000000 ____D () C:\Program Files (x86)\Norton Security Suite</p><p>2014-09-19 23:19 - 2014-09-19 23:19 - 01021632 _____ (Symantec Corporation) C:\Users\Bonnie\Downloads\Norton_Download_Manager.exe</p><p>2014-09-19 23:09 - 2014-09-19 23:09 - 00869456 _____ () C:\Users\Bonnie\Downloads\Norton_Removal_Tool.exe</p><p>2014-09-19 21:18 - 2014-09-25 16:24 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service</p><p>2014-09-19 21:18 - 2014-09-19 21:18 - 00001164 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk</p><p>2014-09-19 21:18 - 2014-09-19 21:18 - 00001152 _____ () C:\Users\Public\Desktop\Mozilla Firefox 32.lnk</p><p>2014-09-18 22:34 - 2014-09-18 22:34 - 00002232 _____ () C:\Windows\system32\.crusader</p><p>2014-09-18 21:38 - 2014-09-18 21:38 - 00000000 ____D () C:\Program Files\HitmanPro</p><p>2014-09-16 22:54 - 2014-09-16 22:54 - 00000000 ____D () C:\Users\Bonnie\AppData\Roaming\Foxit Software</p><p>2014-09-15 21:30 - 2014-09-16 22:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit PhantomPDF</p><p>2014-09-15 21:27 - 2014-09-15 21:27 - 00000000 ____D () C:\Users\Bonnie\AppData\Local\Foxit PhantomPDF</p><p>2014-09-15 21:25 - 2014-09-15 21:25 - 00000000 ____D () C:\ProgramData\Package Cache</p><p>2014-09-15 20:03 - 2014-09-15 21:30 - 00000000 ____D () C:\Users\Public\Foxit Software</p><p>2014-09-15 20:02 - 2014-09-16 22:54 - 00000000 ____D () C:\Program Files (x86)\Foxit Software</p><p>2014-09-09 19:36 - 2014-08-22 22:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll</p><p>2014-09-09 19:36 - 2014-08-22 21:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll</p><p>2014-09-09 19:36 - 2014-08-22 20:59 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys</p><p>2014-09-09 17:46 - 2014-08-15 11:48 - 17868288 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll</p><p>2014-09-09 17:46 - 2014-08-15 11:36 - 10920960 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll</p><p>2014-09-09 17:46 - 2014-08-15 11:35 - 02339328 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll</p><p>2014-09-09 17:46 - 2014-08-15 11:31 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll</p><p>2014-09-09 17:46 - 2014-08-15 11:31 - 01384960 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll</p><p>2014-09-09 17:46 - 2014-08-15 11:30 - 01494016 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl</p><p>2014-09-09 17:46 - 2014-08-15 11:30 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll</p><p>2014-09-09 17:46 - 2014-08-15 11:30 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll</p><p>2014-09-09 17:46 - 2014-08-15 11:29 - 02156032 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll</p><p>2014-09-09 17:46 - 2014-08-15 11:29 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll</p><p>2014-09-09 17:46 - 2014-08-15 11:29 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll</p><p>2014-09-09 17:46 - 2014-08-15 11:29 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll</p><p>2014-09-09 17:46 - 2014-08-15 11:29 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll</p><p>2014-09-09 17:46 - 2014-08-15 11:29 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe</p><p>2014-09-09 17:46 - 2014-08-15 11:29 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll</p><p>2014-09-09 17:46 - 2014-08-15 11:29 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll</p><p>2014-09-09 17:46 - 2014-08-15 11:29 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll</p><p>2014-09-09 17:46 - 2014-08-15 11:28 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb</p><p>2014-09-09 17:46 - 2014-08-15 11:28 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll</p><p>2014-09-09 17:46 - 2014-08-15 11:28 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe</p><p>2014-09-09 17:46 - 2014-08-15 11:28 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe</p><p>2014-09-09 17:46 - 2014-08-15 10:51 - 12363264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll</p><p>2014-09-09 17:46 - 2014-08-15 10:42 - 09739776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll</p><p>2014-09-09 17:46 - 2014-08-15 10:42 - 01810432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll</p><p>2014-09-09 17:46 - 2014-08-15 10:37 - 01137664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll</p><p>2014-09-09 17:46 - 2014-08-15 10:37 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll</p><p>2014-09-09 17:46 - 2014-08-15 10:36 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl</p><p>2014-09-09 17:46 - 2014-08-15 10:35 - 01802240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll</p><p>2014-09-09 17:46 - 2014-08-15 10:35 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll</p><p>2014-09-09 17:46 - 2014-08-15 10:35 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll</p><p>2014-09-09 17:46 - 2014-08-15 10:35 - 00421376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll</p><p>2014-09-09 17:46 - 2014-08-15 10:35 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll</p><p>2014-09-09 17:46 - 2014-08-15 10:35 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll</p><p>2014-09-09 17:46 - 2014-08-15 10:35 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll</p><p>2014-09-09 17:46 - 2014-08-15 10:35 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe</p><p>2014-09-09 17:46 - 2014-08-15 10:35 - 00065024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll</p><p>2014-09-09 17:46 - 2014-08-15 10:35 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll</p><p>2014-09-09 17:46 - 2014-08-15 10:34 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb</p><p>2014-09-09 17:46 - 2014-08-15 10:34 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll</p><p>2014-09-09 17:46 - 2014-08-15 10:34 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll</p><p>2014-09-09 17:46 - 2014-08-15 10:34 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe</p><p>2014-09-09 17:46 - 2014-08-15 10:34 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe</p><p>2014-09-09 17:23 - 2014-06-26 22:08 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll</p><p>2014-09-09 17:23 - 2014-06-26 21:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll</p><p>2014-09-09 17:20 - 2014-06-30 18:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll</p><p>2014-09-09 17:20 - 2014-06-30 18:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll</p><p>2014-09-09 17:20 - 2014-03-09 17:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe</p><p>2014-09-09 17:20 - 2014-03-09 17:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll</p><p>2014-09-09 17:20 - 2014-03-09 17:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe</p><p>2014-09-09 17:20 - 2014-03-09 17:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll</p><p>2014-09-09 17:19 - 2014-06-06 02:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe</p><p>2014-09-09 17:19 - 2014-06-06 02:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe</p><p>2014-09-09 17:17 - 2014-07-15 23:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll</p><p>2014-09-09 17:17 - 2014-07-15 22:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll</p><p>2014-09-09 17:17 - 2014-07-06 22:06 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll</p><p>2014-09-09 17:17 - 2014-07-06 22:06 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll</p><p>2014-09-09 17:17 - 2014-07-06 21:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll</p><p>2014-09-09 17:17 - 2014-07-06 21:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll</p><p>2014-09-09 17:17 - 2014-07-06 21:39 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll</p><p>2014-09-09 17:17 - 2014-06-03 06:02 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll</p><p>2014-09-09 17:17 - 2014-06-03 06:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll</p><p>2014-09-09 17:17 - 2014-06-03 06:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe</p><p>2014-09-09 17:17 - 2014-06-03 05:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll</p><p>2014-09-09 17:17 - 2014-06-03 05:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll</p><p>2014-09-09 17:16 - 2014-06-23 23:29 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll</p><p>2014-09-09 17:16 - 2014-06-23 22:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll</p><p>2014-09-09 17:15 - 2014-09-04 22:10 - 00578048 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll</p><p>2014-09-09 17:15 - 2014-09-04 22:05 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll</p><p>2014-09-09 17:15 - 2014-08-01 07:53 - 01031168 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll</p><p>2014-09-09 17:15 - 2014-08-01 07:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll</p><p>2014-09-09 17:15 - 2014-07-13 22:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll</p><p>2014-09-09 17:15 - 2014-07-13 21:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll</p><p>2014-09-09 17:15 - 2014-06-24 22:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll</p><p>2014-09-09 17:15 - 2014-06-24 21:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll</p><p>2014-09-09 17:15 - 2014-06-15 22:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys</p><p>2014-09-09 14:50 - 2014-09-28 21:18 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys</p><p>2014-09-09 14:50 - 2014-09-11 04:12 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware</p><p>2014-09-09 14:50 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys</p><p>2014-09-09 14:50 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys</p><p>2014-09-09 14:50 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys</p><p>2014-09-09 14:47 - 2014-09-09 14:47 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Bonnie\Downloads\mbam-setup-2.0.2.1012.exe</p><p>2014-09-03 10:50 - 2014-09-09 13:48 - 00000000 ____D () C:\ProgramData\RogueKiller</p><p>2014-09-03 00:42 - 2014-09-24 16:05 - 00000000 ____D () C:\NPE</p><p>2014-09-02 23:40 - 2014-09-02 23:40 - 00000000 _____ () C:\autoexec.bat</p><p></p><p>==================== One Month Modified Files and Folders =======</p><p></p><p>(If an entry is included in the fixlist, the file\folder will be moved.)</p><p></p><p>2014-09-28 20:54 - 2013-09-15 21:28 - 00578560 ___SH () C:\Users\Bonnie\Desktop\Thumbs.db</p><p>2014-09-28 20:08 - 2011-10-03 02:43 - 00000000 ____D () C:\Users\Bonnie\Documents\My Files</p><p>2014-09-28 01:10 - 2013-08-28 14:39 - 00000000 ____D () C:\Program Files\CCleaner</p><p>2014-09-28 01:03 - 2014-05-16 21:19 - 00000000 ____D () C:\Program Files (x86)\Glary Utilities 5</p><p>2014-09-26 20:03 - 2011-10-03 01:39 - 00000000 ___RD () C:\Users\Bonnie\Desktop\Unused Shortcut Folder</p><p>2014-09-25 20:26 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\NDF</p><p>2014-09-25 05:00 - 2009-07-14 00:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0</p><p>2014-09-25 05:00 - 2009-07-14 00:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0</p><p>2014-09-24 16:13 - 2013-02-25 23:12 - 00000000 ____D () C:\Users\Bonnie\AppData\Local\NPE</p><p>2014-09-24 16:12 - 2013-05-14 20:21 - 00000000 ___RD () C:\Users\Bonnie\Desktop\COMPUTER CLEANERS</p><p>2014-09-24 16:05 - 2014-05-16 21:20 - 00000334 _____ () C:\Windows\Tasks\GlaryInitialize 5.job</p><p>2014-09-24 16:04 - 2011-10-05 00:42 - 00000326 _____ () C:\Windows\Tasks\GlaryInitialize.job</p><p>2014-09-24 16:04 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT</p><p>2014-09-22 19:09 - 2012-06-11 19:09 - 00000496 _____ () C:\Windows\Tasks\Ad-Aware Update (Weekly).job</p><p>2014-09-21 18:10 - 2011-10-17 23:24 - 00000000 ____D () C:\Users\Bonnie\AppData\Local\CrashDumps</p><p>2014-09-20 21:24 - 2013-08-20 20:03 - 00000000 ____D () C:\AdwCleaner</p><p>2014-09-20 19:22 - 2013-01-25 22:18 - 00000000 ____D () C:\Users\AdministratorBonnie</p><p>2014-09-20 12:26 - 2012-02-01 11:20 - 00000000 ____D () C:\Users\Bonnie\AppData\Local\LogMeIn Rescue Applet</p><p>2014-09-19 23:33 - 2012-12-14 22:32 - 00003228 _____ () C:\Windows\System32\Tasks\Norton WSC Integration</p><p>2014-09-19 23:33 - 2012-12-14 22:31 - 00000000 ____D () C:\Windows\system32\Drivers\N360x64</p><p>2014-09-19 23:22 - 2012-12-14 22:32 - 00000000 ____D () C:\Program Files\Common Files\Symantec Shared</p><p>2014-09-19 23:22 - 2012-12-14 22:09 - 00000000 ____D () C:\Users\Bonnie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Norton</p><p>2014-09-19 23:22 - 2011-03-31 05:24 - 00000000 ____D () C:\ProgramData\Norton</p><p>2014-09-19 16:39 - 2013-09-16 17:08 - 00000000 ____D () C:\Program Files (x86)\Browny02</p><p>2014-09-18 22:39 - 2013-05-11 14:04 - 00000000 ____D () C:\ProgramData\HitmanPro</p><p>2014-09-18 20:15 - 2012-08-06 17:56 - 00007149 _____ () C:\Windows\InstText.ini</p><p>2014-09-17 22:43 - 2013-05-14 23:24 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group</p><p>2014-09-17 21:00 - 2013-11-26 15:34 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk</p><p>2014-09-16 22:41 - 2014-05-16 21:20 - 00001097 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5.lnk</p><p>2014-09-16 22:40 - 2014-05-16 21:20 - 00002986 _____ () C:\Windows\System32\Tasks\GU5SkipUAC</p><p>2014-09-16 22:40 - 2014-05-16 21:20 - 00002644 _____ () C:\Windows\System32\Tasks\GlaryInitialize 5</p><p>2014-09-16 22:36 - 2014-03-25 17:51 - 00000000 ____D () C:\Users\Bonnie\AppData\Roaming\DiskDefrag</p><p>2014-09-15 19:49 - 2014-05-27 20:13 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe</p><p>2014-09-15 19:49 - 2014-05-27 20:13 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl</p><p>2014-09-10 02:51 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache</p><p>2014-09-09 20:45 - 2014-05-16 21:20 - 00020672 _____ (Glarysoft Ltd) C:\Windows\system32\Drivers\GUBootStartup.sys</p><p>2014-09-09 19:42 - 2013-07-18 11:56 - 00307848 _____ () C:\Windows\system32\FNTCACHE.DAT</p><p>2014-09-09 19:24 - 2014-04-29 19:06 - 00000000 ___SD () C:\Windows\system32\CompatTel</p><p>2014-09-09 18:04 - 2011-10-03 05:29 - 00000000 ____D () C:\ProgramData\Microsoft Help</p><p>2014-09-09 17:49 - 2009-07-13 23:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared</p><p>2014-09-09 17:43 - 2013-12-02 17:35 - 00797394 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI</p><p>2014-09-09 17:43 - 2009-07-14 01:13 - 00797394 _____ () C:\Windows\system32\PerfStringBackup.INI</p><p>2014-09-09 17:40 - 2013-07-19 17:01 - 00000000 ____D () C:\Windows\system32\MRT</p><p>2014-09-09 16:37 - 2014-08-05 20:09 - 00000042 _____ () C:\Users\Bonnie\Desktop\IdentityWord.txt</p><p>2014-09-09 13:51 - 2011-10-02 19:05 - 00000000 ____D () C:\Users\Bonnie</p><p>2014-09-09 13:49 - 2011-10-10 14:46 - 00000000 ____D () C:\Windows\system32\Macromed</p><p>2014-09-09 13:49 - 2011-03-31 05:24 - 00000000 ____D () C:\Windows\SysWOW64\Macromed</p><p>2014-09-09 13:49 - 2010-11-21 03:17 - 00000000 ____D () C:\Program Files\Windows Journal</p><p>2014-09-09 13:49 - 2010-11-21 03:16 - 00000000 ____D () C:\Windows\ShellNew</p><p>2014-09-09 13:48 - 2014-05-16 21:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5</p><p>2014-09-09 13:48 - 2014-04-06 20:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware</p><p>2014-09-09 13:48 - 2013-05-22 21:51 - 00000000 ____D () C:\Windows\ERUNT</p><p>2014-09-09 13:48 - 2011-10-18 21:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\2BrightSparks</p><p>2014-09-09 13:48 - 2011-10-05 01:18 - 00000000 ____D () C:\Program Files\Enigma Software Group</p><p>2014-09-09 13:48 - 2011-10-05 00:42 - 00000000 ____D () C:\Program Files (x86)\Glary Utilities</p><p>2014-09-09 13:48 - 2011-10-03 05:29 - 00000000 ____D () C:\Users\Bonnie\AppData\Local\Microsoft Help</p><p>2014-09-09 13:48 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\servicing</p><p>2014-09-09 13:48 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\AppCompat</p><p>2014-09-09 13:47 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\registration</p><p>2014-09-09 13:39 - 2012-09-27 17:48 - 00000000 ____D () C:\ProgramData\Malwarebytes</p><p>2014-09-09 13:38 - 2011-10-03 05:27 - 00000000 __RHD () C:\MSOCache</p><p>2014-08-29 13:01 - 2011-10-04 11:37 - 101694776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe</p><p></p><p>Files to move or delete:</p><p>====================</p><p>C:\Users\Bonnie\nircmd.exe</p><p></p><p></p><p>==================== Bamital & volsnap Check =================</p><p></p><p>(There is no automatic fix for files that do not pass verification.)</p><p></p><p>C:\Windows\System32\winlogon.exe => File is digitally signed</p><p>C:\Windows\System32\wininit.exe => File is digitally signed</p><p>C:\Windows\SysWOW64\wininit.exe => File is digitally signed</p><p>C:\Windows\explorer.exe => File is digitally signed</p><p>C:\Windows\SysWOW64\explorer.exe => File is digitally signed</p><p>C:\Windows\System32\svchost.exe => File is digitally signed</p><p>C:\Windows\SysWOW64\svchost.exe => File is digitally signed</p><p>C:\Windows\System32\services.exe => File is digitally signed</p><p>C:\Windows\System32\User32.dll => File is digitally signed</p><p>C:\Windows\SysWOW64\User32.dll => File is digitally signed</p><p>C:\Windows\System32\userinit.exe => File is digitally signed</p><p>C:\Windows\SysWOW64\userinit.exe => File is digitally signed</p><p>C:\Windows\System32\rpcss.dll => File is digitally signed</p><p>C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed</p><p></p><p></p><p>LastRegBack: 2014-09-26 01:19</p><p></p><p>==================== End Of Log ============================</p><p></p><p>Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28-09-2014 02</p><p>Ran by Bonnie at 2014-09-28 22:11:58</p><p>Running from C:\Users\Bonnie\Desktop</p><p>Boot Mode: Normal</p><p>==========================================================</p><p></p><p></p><p>==================== Security Center ========================</p><p></p><p>(If an entry is included in the fixlist, it will be removed.)</p><p></p><p>AV: Norton Security Suite (Enabled - Up to date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}</p><p>AS: Norton Security Suite (Enabled - Up to date) {631E4324-D31C-783F-EC5C-35AD42B18466}</p><p>AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}</p><p>FW: Norton Security Suite (Enabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}</p><p></p><p>==================== Installed Programs ======================</p><p></p><p>(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)</p><p></p><p> Update for Microsoft Office 2007 (KB2508958) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version: - Microsoft)</p><p>Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)</p><p>Adobe AIR (x32 Version: 1.5.0.7220 - Adobe Systems Inc.) Hidden</p><p>Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.152 - Adobe Systems Incorporated)</p><p>Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)</p><p>Adobe Reader XI (11.0.09) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)</p><p>Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.2.152 - Adobe Systems, Inc.)</p><p>Agatha Christie - 4:50 from Paddington (x32 Version: 2.2.0.95 - WildTangent) Hidden</p><p>Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)</p><p>Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)</p><p>Auslogics DiskDefrag (HKLM-x32\...\{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1) (Version: 4.5.2.0 - Auslogics Labs Pty Ltd)</p><p>Avery Wizard 5.0 (HKLM-x32\...\{FC3B3A5D-7058-4627-9F1E-F95CC38B6054}) (Version: 5.0.5 - Avery)</p><p>Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden</p><p>Big Fish Games: Game Manager (HKLM-x32\...\BFGC) (Version: 3.0.1.60 - )</p><p>Brother MFL-Pro Suite MFC-J615W (HKLM-x32\...\{7FB6B1B7-075B-4B7F-BEB6-97584F73C7B5}) (Version: 1.0.4.0 - Brother Industries, Ltd.)</p><p>Build-a-lot 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden</p><p>CCleaner (HKLM\...\CCleaner) (Version: 4.18 - Piriform)</p><p>Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden</p><p>Defraggler (HKLM\...\Defraggler) (Version: 2.18 - Piriform)</p><p>DeskPins (remove only) (HKLM-x32\...\DeskPins) (Version: - )</p><p>Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95 - WildTangent) Hidden</p><p>Dora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden</p><p>eMachines Games (HKLM-x32\...\WildTangent emachines Master Uninstall) (Version: 1.0.2.4 - WildTangent)</p><p>eMachines Recovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 5.00.3002 - Acer Incorporated)</p><p>eMachines Registration (HKLM-x32\...\eMachines Registration) (Version: 1.03.3003 - Acer Incorporated)</p><p>eMachines ScreenSaver (HKLM-x32\...\eMachines Screensaver) (Version: 1.1.0221.2011 - Acer Incorporated)</p><p>eMachines Updater (HKLM-x32\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.02.3005 - Acer Incorporated)</p><p>FileHippo.com Update Checker (HKLM-x32\...\FileHippo.com) (Version: - )</p><p>Final Drive: Nitro (x32 Version: 2.2.0.95 - WildTangent) Hidden</p><p>Fishdom 3 Collector's Edition (HKLM-x32\...\BFG-Fishdom 3 Collector's Edition) (Version: - )</p><p>Foxit Cloud (HKLM-x32\...\{41914D8B-9D6E-4764-A1F9-BC43FB6782C1}_is1) (Version: 1.5.129.617 - Foxit Corporation)</p><p>Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 6.2.3.815 - Foxit Corporation)</p><p>Glary Utilities Pro 2.56.0.1822 (HKLM-x32\...\Glary Utilities_is1) (Version: 2.56.0.1822 - Glarysoft Ltd)</p><p>Glary Utilities PRO 5.8 (HKLM-x32\...\Glary Utilities 5) (Version: 5.8.0.15 - Glarysoft Ltd)</p><p>HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.225 - SurfRight B.V.)</p><p>Hotkey Utility (HKLM-x32\...\Hotkey Utility) (Version: 2.05.3014 - Acer Incorporated)</p><p>Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3006 - Acer Incorporated)</p><p>Internet Explorer (Enable DEP) (HKLM\...\{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb) (Version: - )</p><p>Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)</p><p>Java Auto Updater (x32 Version: 2.1.67.1 - Oracle, Inc.) Hidden</p><p>Jewel Quest Heritage (x32 Version: 2.2.0.95 - WildTangent) Hidden</p><p>Jewel Quest Mysteries 2 Trail of the Midnight Heart (remove only) (HKLM-x32\...\Jewel Quest Mysteries 2 Trail of the Midnight Heart) (Version: - )</p><p>Keyboard LEDs (HKLM-x32\...\Keyboard LEDs) (Version: 2.7 - KARPOLAN)</p><p>Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)</p><p>Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)</p><p>Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden</p><p>Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden</p><p>Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)</p><p>Microsoft Mouse and Keyboard Center (Version: 2.3.188.0 - Microsoft Corporation) Hidden</p><p>Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)</p><p>Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden</p><p>Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)</p><p>Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden</p><p>Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)</p><p>Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)</p><p>Microsoft Office Home and Student 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden</p><p>Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden</p><p>Microsoft Office OneNote MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden</p><p>Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden</p><p>Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden</p><p>Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden</p><p>Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden</p><p>Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden</p><p>Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden</p><p>Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden</p><p>Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden</p><p>Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden</p><p>Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden</p><p>Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden</p><p>Microsoft Picture It! Express 7.0 (HKLM-x32\...\{369B36BE-3D64-4641-9AEA-808D436FE130}) (Version: 7.0.0.0000 - Microsoft Corporation)</p><p>Microsoft PowerPoint Viewer (HKLM-x32\...\{95140000-00AF-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation)</p><p>Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)</p><p>Microsoft SkyDrive (HKCU\...\SkyDriveSetup.exe) (Version: 16.4.6013.0910 - Microsoft Corporation)</p><p>Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)</p><p>Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)</p><p>Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)</p><p>Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)</p><p>Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)</p><p>Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)</p><p>Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)</p><p>Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)</p><p>Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)</p><p>Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)</p><p>Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)</p><p>Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50701 - Microsoft Corporation)</p><p>Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (Version: 10.0.50706 - Microsoft Corporation) Hidden</p><p>Mozilla Firefox 32.0.3 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 32.0.3 (x86 en-US)) (Version: 32.0.3 - Mozilla)</p><p>Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 32.0.2 - Mozilla)</p><p>MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)</p><p>MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)</p><p>Mystery P.I. - Stolen in San Francisco (x32 Version: 2.2.0.95 - WildTangent) Hidden</p><p>Namco All-Stars: PAC-MAN (x32 Version: 2.2.0.95 - WildTangent) Hidden</p><p>Nero Control Center 10 (x32 Version: 10.6.13000.0.11 - Nero AG) Hidden</p><p>Nero ControlCenter 10 Help (CHM) (x32 Version: 10.5.10000 - Nero AG) Hidden</p><p>Nero Core Components 10 (x32 Version: 2.0.19900.9.11 - Nero AG) Hidden</p><p>Nero DiscSpeed 10 (HKLM-x32\...\{34490F4E-48D0-492E-8249-B48BECF0537C}) (Version: 6.4.10500.1.100 - Nero AG)</p><p>Nero DiscSpeed 10 Help (CHM) (x32 Version: 10.5.10000 - Nero AG) Hidden</p><p>Nero Express 10 (HKLM-x32\...\{70550193-1C22-445C-8FA4-564E155DB1A7}) (Version: 10.6.10800.6.100 - Nero AG)</p><p>Nero Express 10 Help (CHM) (x32 Version: 10.5.10200 - Nero AG) Hidden</p><p>Nero Multimedia Suite 10 Essentials (HKLM-x32\...\{62BF4BD3-B1F6-4FA2-8388-CC0647ACBF86}) (Version: 10.5.10300 - Nero AG)</p><p>Nero StartSmart 10 (HKLM-x32\...\{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}) (Version: 10.6.10500.3.100 - Nero AG)</p><p>Nero StartSmart 10 Help (CHM) (x32 Version: 10.5.10000 - Nero AG) Hidden</p><p>Nero Update (x32 Version: 11.0.11800.31.0 - Nero AG) Hidden</p><p>NOOK for PC (HKLM-x32\...\BN_DesktopReader) (Version: 2.5.1.237 - Barnesandnoble.com)</p><p>Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.1.17869 - Symantec Corporation)</p><p>Norton Security Suite (HKLM-x32\...\N360) (Version: 21.5.0.19 - Symantec Corporation)</p><p>NVIDIA Control Panel 307.83 (Version: 307.83 - NVIDIA Corporation) Hidden</p><p>NVIDIA Display Control Panel (HKLM\...\NVIDIA Display Control Panel) (Version: 1.10 - NVIDIA Corporation)</p><p>NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10.62.40 - NVIDIA Corporation)</p><p>NVIDIA ForceWare Network Access Manager (HKLM-x32\...\InstallShield_{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}) (Version: 1.00.7316 - NVIDIA Corporation)</p><p>NVIDIA ForceWare Network Access Manager (Version: 1.00.7316 - NVIDIA Corporation) Hidden</p><p>NVIDIA Graphics Driver 307.83 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 307.83 - NVIDIA Corporation)</p><p>NVIDIA Install Application (Version: 2.1002.109.706 - NVIDIA Corporation) Hidden</p><p>NVIDIA Stereoscopic 3D Driver (HKLM-x32\...\NVIDIAStereo) (Version: 7.17.12.6684 - NVIDIA Corporation)</p><p>NVIDIA Update 1.10.8 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.10.8 - NVIDIA Corporation)</p><p>NVIDIA Update Components (Version: 1.10.8 - NVIDIA Corporation) Hidden</p><p>OI App Manager (HKLM-x32\...\OI App Manager) (Version: - Optimum Installer)</p><p>PaperPort Image Printer 64-bit (HKLM\...\{ABA4FAF1-6389-45F9-92CE-3914A4E5C471}) (Version: 1.00.0000 - Nuance Communications, Inc.)</p><p>PDF to JPG Converter Free 7.2.1 (HKLM-x32\...\PDF to JPG Converter Free_is1) (Version: - PDFAura, Inc.)</p><p>PDF to Word Converter Free 7.2.1 (HKLM-x32\...\PDF to Word Converter Free_is1) (Version: - PDFAura, Inc.)</p><p>Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden</p><p>Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.95 - WildTangent) Hidden</p><p>Pogo Games (HKLM-x32\...\PogoDGC) (Version: 1.0 - ) <==== ATTENTION</p><p>Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden</p><p>Polar Bowler (x32 Version: 2.2.0.95 - WildTangent) Hidden</p><p>Polar Golfer (x32 Version: 2.2.0.95 - WildTangent) Hidden</p><p>QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)</p><p>Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6045 - Realtek Semiconductor Corp.)</p><p>Recuva (HKLM\...\Recuva) (Version: 1.51 - Piriform)</p><p>Revo Uninstaller Pro 3.0.8 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.0.8 - VS Revo Group, Ltd.)</p><p>ScanSoft PaperPort 11 (HKLM-x32\...\{02570AE0-BEE0-4A6C-BE3F-D806E9F2EA17}) (Version: 11.2.0000 - Nuance Communications, Inc.)</p><p>Smileycons 6.0.1 (HKLM-x32\...\Smileycons_is1) (Version: 6.0.1 - Cloudeight Internet, LLC.)</p><p>swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden</p><p>SyncBack (HKLM-x32\...\SyncBack_is1) (Version: - 2BrightSparks)</p><p>SyncBackFree (HKLM-x32\...\SyncBackFree_is1) (Version: 6.5.30.0 - 2BrightSparks)</p><p>Taskbar Shuffle version 2.5 (HKLM-x32\...\Taskbar Shuffle_is1) (Version: 2.5 - Jay Elaraj)</p><p>Torchlight (x32 Version: 2.2.0.95 - WildTangent) Hidden</p><p>TrayStatus 1.2.3 (HKLM-x32\...\d6b74f60-2e9d-4c60-a8b7-b7d737c44ad4_is1) (Version: 1.2.3.0 - Binary Fortress Software)</p><p>Unlocker 1.9.1 (HKLM-x32\...\Unlocker) (Version: 1.9.1 - Cedrick Collomb)</p><p>Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb)</p><p>Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)</p><p>Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version: - Microsoft)</p><p>Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version: - Microsoft)</p><p>Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)</p><p>Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)</p><p>Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version: - Microsoft)</p><p>Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version: - Microsoft)</p><p>Update for Microsoft Office OneNote 2007 Help (KB963670) (HKLM-x32\...\{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2744EF05-38E1-4D5D-B333-E021EDAEA245}) (Version: - Microsoft)</p><p>Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version: - Microsoft)</p><p>Update for Microsoft Office Script Editor Help (KB963671) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version: - Microsoft)</p><p>Update for Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version: - Microsoft)</p><p>Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.95 - WildTangent) Hidden</p><p>Welcome Center (HKLM-x32\...\eMachines Welcome Center) (Version: 1.02.3102 - Acer Incorporated)</p><p>Wise Program Uninstaller 1.11 (HKLM-x32\...\Wise Program Uninstaller_is1) (Version: - WiseCleaner.com, Inc.)</p><p>Zuma's Revenge (x32 Version: 2.2.0.95 - WildTangent) Hidden</p><p></p><p>==================== Custom CLSID (selected items): ==========================</p><p></p><p>(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)</p><p></p><p>CustomCLSID: HKU\S-1-5-21-771612026-841732212-226713872-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Bonnie\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)</p><p>CustomCLSID: HKU\S-1-5-21-771612026-841732212-226713872-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Bonnie\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)</p><p>CustomCLSID: HKU\S-1-5-21-771612026-841732212-226713872-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Bonnie\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)</p><p>CustomCLSID: HKU\S-1-5-21-771612026-841732212-226713872-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Bonnie\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\FileSyncApi64.dll (Microsoft Corporation)</p><p></p><p>==================== Restore Points =========================</p><p></p><p>07-09-2014 09:00:42 Windows Backup</p><p>08-09-2014 09:01:43 Windows Backup</p><p>09-09-2014 03:51:38 Windows Update</p><p>09-09-2014 09:00:51 Windows Backup</p><p>09-09-2014 17:34:37 Restore Operation</p><p>09-09-2014 18:02:18 Windows Backup</p><p>09-09-2014 20:00:03 Windows Backup</p><p>09-09-2014 20:43:33 Revo Uninstaller Pro's restore point - TrayStatus 1.2.3</p><p>09-09-2014 21:18:30 Windows Update</p><p>09-09-2014 23:36:19 Windows Update</p><p>10-09-2014 09:00:30 Windows Backup</p><p>11-09-2014 09:01:29 Windows Backup</p><p>12-09-2014 09:01:18 Windows Backup</p><p>13-09-2014 09:00:38 Windows Backup</p><p>14-09-2014 09:00:30 Windows Backup</p><p>15-09-2014 09:00:26 Windows Backup</p><p>16-09-2014 09:00:43 Windows Backup</p><p>17-09-2014 02:26:18 Revo Uninstaller Pro's restore point - Foxit PhantomPDF Standard</p><p>17-09-2014 02:31:43 Revo Uninstaller Pro's restore point - Foxit Reader</p><p>17-09-2014 02:32:26 Revo Uninstaller Pro's restore point - Foxit Cloud</p><p>17-09-2014 02:33:16 Revo Uninstaller Pro's restore point - Foxit Reader</p><p>17-09-2014 09:00:21 Windows Backup</p><p>18-09-2014 02:38:57 Revo Uninstaller Pro's restore point - Catalina Savings Printer</p><p>18-09-2014 02:43:04 Revo Uninstaller Pro's restore point - Revo Uninstaller 1.95</p><p>18-09-2014 09:00:20 Windows Backup</p><p>19-09-2014 02:33:29 Checkpoint by HitmanPro</p><p>19-09-2014 02:34:28 Checkpoint by HitmanPro</p><p>20-09-2014 02:25:22 Norton Security Suite Registry</p><p>20-09-2014 09:00:44 Windows Backup</p><p>21-09-2014 00:43:25 Revo Uninstaller Pro's restore point - TrayStatus 1.2.3</p><p>21-09-2014 00:47:05 Revo Uninstaller Pro's restore point - TrayStatus 1.2.3</p><p>21-09-2014 00:48:38 Revo Uninstaller Pro's restore point - TrayStatus 1.2.3</p><p>21-09-2014 00:50:32 Revo Uninstaller Pro's restore point - TrayStatus 1.2.3</p><p>21-09-2014 01:03:06 Revo Uninstaller Pro's restore point - TrayStatus 1.2.3</p><p>21-09-2014 09:00:46 Windows Backup</p><p>22-09-2014 09:00:25 Windows Backup</p><p>23-09-2014 09:00:35 Windows Backup</p><p>24-09-2014 09:00:25 Windows Backup</p><p>24-09-2014 20:36:11 malwaretips.com Preparing for Malware Removal Assistance</p><p>25-09-2014 09:00:24 Windows Backup</p><p>26-09-2014 09:00:23 Windows Backup</p><p>27-09-2014 09:00:58 Windows Backup</p><p>28-09-2014 09:00:21 Windows Backup</p><p></p><p>==================== Hosts content: ==========================</p><p></p><p>(If needed Hosts: directive could be included in the fixlist to reset Hosts.)</p><p></p><p>2009-07-13 22:34 - 2011-12-30 23:06 - 00440010 ____N C:\Windows\system32\Drivers\etc\hosts</p><p>127.0.0.1 <a href="http://www.007guard.com" target="_blank">www.007guard.com</a></p><p>127.0.0.1 007guard.com</p><p>127.0.0.1 008i.com</p><p>127.0.0.1 <a href="http://www.008k.com" target="_blank">www.008k.com</a></p><p>127.0.0.1 008k.com</p><p>127.0.0.1 <a href="http://www.00hq.com" target="_blank">www.00hq.com</a></p><p>127.0.0.1 00hq.com</p><p>127.0.0.1 010402.com</p><p>127.0.0.1 <a href="http://www.032439.com" target="_blank">www.032439.com</a></p><p>127.0.0.1 032439.com</p><p>127.0.0.1 <a href="http://www.0scan.com" target="_blank">www.0scan.com</a></p><p>127.0.0.1 0scan.com</p><p>127.0.0.1 1000gratisproben.com</p><p>127.0.0.1 <a href="http://www.1000gratisproben.com" target="_blank">www.1000gratisproben.com</a></p><p>127.0.0.1 1001namen.com</p><p>127.0.0.1 <a href="http://www.1001namen.com" target="_blank">www.1001namen.com</a></p><p>127.0.0.1 100888290cs.com</p><p>127.0.0.1 <a href="http://www.100888290cs.com" target="_blank">www.100888290cs.com</a></p><p>127.0.0.1 <a href="http://www.100sexlinks.com" target="_blank">www.100sexlinks.com</a></p><p>127.0.0.1 100sexlinks.com</p><p>127.0.0.1 10sek.com</p><p>127.0.0.1 <a href="http://www.10sek.com" target="_blank">www.10sek.com</a></p><p>127.0.0.1 <a href="http://www.1-2005-search.com" target="_blank">www.1-2005-search.com</a></p><p>127.0.0.1 1-2005-search.com</p><p>127.0.0.1 123fporn.info</p><p>127.0.0.1 <a href="http://www.123fporn.info" target="_blank">www.123fporn.info</a></p><p>127.0.0.1 123haustiereundmehr.com</p><p>127.0.0.1 <a href="http://www.123haustiereundmehr.com" target="_blank">www.123haustiereundmehr.com</a></p><p>127.0.0.1 123moviedownload.com</p><p></p><p>There are 1000 more lines.</p><p></p><p></p><p>==================== Scheduled Tasks (whitelisted) =============</p><p></p><p>(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)</p><p></p><p>Task: {005C54FD-7033-41B8-990F-DF0284C1BB08} - System32\Tasks\{1181BCAC-D8CB-4880-9E21-5F04732D322F} => C:\Users\Bonnie\Documents\My Documents\MY DOWNLOADS\Diskkeeper\Home\Diskeeper2007_Home.exe</p><p>Task: {01CF0FB0-0CF8-487C-951E-ECB763F3EF07} - System32\Tasks\{78021533-3DD2-468F-9AB8-6429AAC2734D} => C:\Users\Bonnie\Documents\CareerStep110909\Appications Downloaded\Stedman's Dictionaries from Facebook Forum\Spellchecker_2005\Spellchecker 2005\Setup.EXE</p><p>Task: {02E195C3-7DDD-44D5-A14B-8E4CC541BE07} - System32\Tasks\Norton Security Suite\Norton Error Processor => C:\Program Files (x86)\Norton Security Suite\Engine\21.5.0.19\SymErr.exe [2014-01-30] (Symantec Corporation)</p><p>Task: {0A203C94-FD6E-42B2-8627-2A3EE939663C} - System32\Tasks\{D1889722-80ED-4848-9463-841FE057C6BC} => C:\Users\Bonnie\Documents\CareerStep110909\Appications Downloaded\Stedman's Dictionaries from Facebook Forum\Spellchecker_2005\Spellchecker 2005\Setup.EXE</p><p>Task: {0F0DAD4F-8FDA-4D59-A4CB-03D4EA78C4A6} - System32\Tasks\{885113B5-2ED3-4714-8BB5-FD8E4A899449} => C:\Program Files (x86)\Stedmans Medical Eponyms\Medical Eponyms\smep32.exe</p><p>Task: {14136F15-4ED6-46E0-994B-BC70AC37F20A} - System32\Tasks\{F5C18D0F-079E-412C-BB61-8D52F74FD568} => D:\setup.EXE</p><p>Task: {1BFF1054-75E3-4AD7-8E93-4882253B17DB} - System32\Tasks\{D1FBB1F5-49C9-44E9-A1BC-C50684CF6CD6} => C:\Users\Bonnie\Documents\CareerStep110909\Appications Downloaded\Stedman's Dictionaries from Facebook Forum\Spellchecker_2005\Spellchecker 2005\Setup.EXE</p><p>Task: {1D6BC3AC-190C-4F36-A391-D46A02282C80} - System32\Tasks\{DADB5956-372E-4C40-8C0E-158B4491F10F} => D:\setup.EXE</p><p>Task: {1EF7752C-578B-4328-9131-0FF30DCFA163} - System32\Tasks\{CD57DFD8-5280-44BF-86EA-17A99FE302D9} => C:\Program Files (x86)\Stedmans Medical Eponyms\Medical Eponyms\smep32.exe</p><p>Task: {20E73B6F-FE38-4CF3-91BD-EFDEFA3BCC28} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)</p><p>Task: {21A2387A-25E9-4E87-908B-D1192D249A77} - System32\Tasks\{5DA47900-3260-47DD-B22D-D2F5B94AF490} => D:\setup.EXE</p><p>Task: {229347CA-53D0-452B-9FF2-40D558E07EAE} - System32\Tasks\{10B5CA08-0E11-4F81-936F-3C046642181A} => C:\Program Files (x86)\IT7Pro\Exe_v7\IT7Pro.exe</p><p>Task: {244B04DC-E2D7-41B8-8B99-8BE06E7A8F13} - System32\Tasks\{EE955390-3F60-45ED-8525-C9C00D75B803} => D:\setup.EXE</p><p>Task: {2823B864-5642-48EB-AE49-3B7BCB23F50B} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)</p><p>Task: {28551FDD-A3D0-4635-8ACB-30E9187AF6B0} - System32\Tasks\{DF40AE23-B20F-4072-8529-5E929F3FE671} => C:\Program Files (x86)\IT7Pro\Exe_v7\IT7Pro.exe</p><p>Task: {2A66ADBF-8BCB-4C03-9D7A-A834A8164BE4} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup</p><p>Task: {2B812EFC-F5A8-4A98-A8BA-7653B63D6D2B} - System32\Tasks\Microsoft_Hardware_Launch_rundll32_exe => Rundll32.exe url.dll,OpenURL <a href="http://go.microsoft.com/fwlink/?LinkId=116866" target="_blank">http://go.microsoft.com/fwlink/?LinkId=116866</a></p><p>Task: {2EBEC7CA-ECF8-4ABA-9CBE-1C7C9606A4F7} - System32\Tasks\{E1BE30F4-9440-4A02-A5CE-AEB21C5A8A1E} => C:\Program Files (x86)\Stedmans Medical Eponyms\Medical Eponyms\smep32.exe</p><p>Task: {34908596-B4E3-43E9-B772-882F69004B2E} - System32\Tasks\{A978A120-4746-4791-B1C3-2D041F8873B9} => C:\Users\Bonnie\Documents\CareerStep110909\Appications Downloaded\Stedman's Dictionaries from Facebook Forum\Spellchecker_2005\Spellchecker 2005\Setup.EXE</p><p>Task: {396085F4-9AAB-4703-81F3-63D3BB55B69A} - System32\Tasks\{95C4CCFE-997B-4C07-BC1A-30777DF19956} => D:\setup.EXE</p><p>Task: {3D87E10B-3E08-4E97-B2C7-CC0935D29991} - System32\Tasks\{1424C2DE-C1A4-4F5E-AD11-349677A3A35A} => C:\Users\Bonnie\Documents\CareerStep110909\Appications Downloaded\Stedman's Dictionaries from Facebook Forum\Spellchecker_2005\Spellchecker 2005\Setup.EXE</p><p>Task: {3E4D01AE-A990-4615-A360-3E5E58EAA4D0} - System32\Tasks\{98553DEC-C798-43D4-8B0D-E4E5D8D6CB74} => C:\Users\Bonnie\Documents\CareerStep110909\Appications Downloaded\Stedman's Dictionaries from Facebook Forum\Spellchecker_2005\Spellchecker 2005\Setup.EXE</p><p>Task: {3EE16EF7-C825-4D41-98CF-B8CF64324477} - System32\Tasks\{5987C26C-AA54-48A2-A664-AE30AC8BF764} => C:\Program Files (x86)\Stedmans Medical Eponyms\Medical Eponyms\smep32.exe</p><p>Task: {3FF24F59-084C-4D96-872A-8DE07DB4AF19} - System32\Tasks\{624E4B65-6B11-44A9-8729-2984CD9033C0} => C:\Program Files (x86)\Unlocker\Unlocker.exe [2013-01-09] ()</p><p>Task: {41275674-A092-4D96-932C-ECEDCAC44EF3} - System32\Tasks\{BE8A86CE-F509-45AC-B703-053B45F0BB91} => C:\Program Files (x86)\Diskeeper Corporation\Diskeeper Home Setup\setup.exe [2005-11-30] (Diskeeper Corporation )</p><p>Task: {4B2F5DB4-D1B2-4D75-9021-A10C9BFEFF20} - System32\Tasks\{B944948B-12D1-4120-BFDC-0C9AFF032AFA} => C:\Users\Bonnie\Documents\CareerStep110909\Appications Downloaded\Stedman's Dictionaries from Facebook Forum\Spellchecker_2005\Spellchecker 2005\Setup.EXE</p><p>Task: {4D63B953-4A4A-4A7A-B537-EA3B3214D098} - System32\Tasks\{F2C41C5E-57AB-4668-A6F4-6BB6F00AEC91} => C:\Program Files (x86)\Stedmans Medical Eponyms\Medical Eponyms\smep32.exe</p><p>Task: {4ECFBF3A-43E8-4400-BB0E-D0128D53E0C4} - System32\Tasks\{D15F2DE9-C80D-4EEB-8EA0-25FCC5C168C7} => D:\setup.EXE</p><p>Task: {5107C225-7621-4197-9EF0-5969F47F345E} - System32\Tasks\{F083FD2E-2778-4D74-B7FB-D96CB9B232A4} => C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe [2012-11-23] (FileHippo.com)</p><p>Task: {52BCE7A9-EFC5-4416-83C6-074826F27F11} - System32\Tasks\{02102791-0E88-47C0-9376-1DFAC811AAF0} => C:\Program Files (x86)\Red NoteBook\RedNoteBook.exe</p><p>Task: {56CBE756-EC54-4FE5-9F6C-58316390F5C6} - System32\Tasks\{EFCF6EBF-B68A-4F9F-9DCB-220F75223D32} => C:\Program Files (x86)\Stedmans Medical Eponyms\Medical Eponyms\smep32.exe</p><p>Task: {5CB043BD-BC5D-4EA5-A102-648FFCA13796} - System32\Tasks\{127E40D2-3A41-4ABE-99CC-465B9B41F62C} => C:\Users\Bonnie\Documents\My Documents\MY DOWNLOADS\Diskkeeper\Home\Diskeeper2007_Home.exe</p><p>Task: {5DB949BA-34AA-441D-AD81-18F91B99D76D} - System32\Tasks\0 => Iexplore.exe <==== ATTENTION</p><p>Task: {5E84F1E3-A14E-4B48-91AB-C90B32266631} - System32\Tasks\{C14989A3-2700-4E30-9023-D7682E02E113} => Firefox.exe</p><p>Task: {6A83CA1A-D5C5-4411-93A3-0C483CC7C73B} - System32\Tasks\{D422B7DD-16B5-44EE-B771-1CE23499ADD3} => D:\setup.EXE</p><p>Task: {6BA56A18-BD9B-454F-8E09-BA2A43A22130} - System32\Tasks\4784 => Wscript.exe C:\Users\Bonnie\AppData\Local\Temp\launchie.vbs //B <==== ATTENTION</p><p>Task: {6E2756BA-2CF6-48A0-AFC1-FBD549825232} - System32\Tasks\{25F30E5F-4ACF-4D01-8932-D685C6A9EE4C} => D:\setup.EXE</p><p>Task: {6E9C0CC2-CACE-44CA-8113-EB13B58EE2BB} - System32\Tasks\{A051D7F4-1A47-4039-A675-6295654E8310} => D:\setup.EXE</p><p>Task: {71966F80-F87D-4471-B186-91A9B41CF035} - System32\Tasks\SpyHunter4 => C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe</p><p>Task: {73F6BD11-8D5E-426D-A635-6B9E4B1FA613} - System32\Tasks\{7E2ECE1B-3B86-45BD-B17E-69D1F1A9A02D} => C:\Program Files (x86)\Unlocker\Unlocker.exe [2013-01-09] ()</p><p>Task: {7CD9BBD6-BF86-46EA-9EFC-BD546D999713} - System32\Tasks\GlaryInitialize 5 => C:\Program Files (x86)\Glary Utilities 5\Initialize.exe [2014-09-15] (Glarysoft Ltd)</p><p>Task: {7DD87CCF-F3E2-4026-8CCA-A2CD86DDC64D} - System32\Tasks\{2DE4ED84-1AC0-4257-AB07-D96419F5901B} => D:\setup.EXE</p><p>Task: {82E77FA2-ABE1-41C4-869D-0B7D9C4322B0} - System32\Tasks\{D6B2A86E-946D-4302-9E81-FE6F7FB91912} => D:\setup.EXE</p><p>Task: {8843BA86-370D-49F5-95B8-A8BA034F6EEB} - System32\Tasks\{1939B359-923B-4268-8C16-8A82560BA817} => C:\Program Files (x86)\Microsoft Picture It! 7\Pip.exe [2002-07-16] (Microsoft Corporation)</p><p>Task: {A06C0437-D61B-4604-9E57-89CA888FC67B} - System32\Tasks\{D5D883E4-A6C3-40D3-B7F3-1630B2CB4109} => C:\Program Files (x86)\Stedmans Medical Eponyms\Medical Eponyms\smep32.exe</p><p>Task: {A1F3D497-F863-449B-950F-D6204306BA0D} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)</p><p>Task: {A58C1ADC-E89D-45B4-B8FD-A9FE09B6F7AE} - System32\Tasks\Norton Security Suite\Norton Error Analyzer => C:\Program Files (x86)\Norton Security Suite\Engine\21.5.0.19\SymErr.exe [2014-01-30] (Symantec Corporation)</p><p>Task: {A65792EC-192A-4C73-8DEA-1A6931657EBF} - System32\Tasks\{FEEC14F1-CF79-4BF2-89D8-1EF62F7A9806} => C:\Program Files (x86)\IT7Pro\Exe_v7\IT7Pro.exe</p><p>Task: {AB2D2730-AC2B-450C-BE4C-491C5598401E} - System32\Tasks\GU5SkipUAC => C:\Program Files (x86)\Glary Utilities 5\Integrator.exe [2014-09-15] (Glarysoft Ltd)</p><p>Task: {AE281D89-B0C6-48BB-9229-30DBD95E4131} - System32\Tasks\{9D35A7B8-4DE2-4DEE-AED3-42C6AE1384B6} => Iexplore.exe <a href="http://ui.skype.com/ui/0/5.0.0.152.369/en/abandoninstall?page=tsMain&amp;installinfo=google-toolbar:notoffered;notincluded,google-chrome:notoffered;disabled" target="_blank">http://ui.skype.com/ui/0/5.0.0.152.369/en/abandoninstall?page=tsMain&amp;installinfo=google-toolbar:notoffered;notincluded,google-chrome:notoffered;disabled</a></p><p>Task: {AF1308D6-7891-4B5E-B511-C9DD41CDF365} - System32\Tasks\{188224B7-A15A-4A69-ACD5-E1F615874B12} => C:\Program Files (x86)\Unlocker\Unlocker.exe [2013-01-09] ()</p><p>Task: {AF475D40-3DB6-4578-80A1-0511C29F15A4} - System32\Tasks\{2E59B992-B257-4211-834F-D44CE9350E29} => C:\Users\Bonnie\Documents\CareerStep110909\Appications Downloaded\Stedman's Dictionaries from Facebook Forum\Spellchecker_2005\Spellchecker 2005\Setup.EXE</p><p>Task: {AF61526E-DBDB-482A-AB7E-715ECE89ED03} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-09-25] (Piriform Ltd)</p><p>Task: {AFE9B32B-A030-4DDF-B100-525726F59E92} - System32\Tasks\{5E2EAD77-CC79-4972-A7A0-F195E0630C75} => C:\Program Files (x86)\IT7Pro\Exe_v7\IT7Pro.exe</p><p>Task: {BABFBD1E-AB51-4480-97BC-8547C12D5B13} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2014-03-19] (Microsoft)</p><p>Task: {BAF587D9-98E9-4ADE-A81C-3DC63A28C4D0} - System32\Tasks\{0FF32535-1A25-4C18-B742-456267A37CD8} => C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe [2012-11-23] (FileHippo.com)</p><p>Task: {BD3F31B5-9366-4BB8-9ECA-307A7346BBDE} - System32\Tasks\GlaryInitialize => C:\Program Files (x86)\Glary Utilities\initialize.exe [2013-05-27] (Glarysoft Ltd)</p><p>Task: {BED4553F-124E-4F62-BEB8-B9E9B7C61FC5} - System32\Tasks\Ad-Aware Update (Weekly) => C:\Program Files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe</p><p>Task: {C2BD4DAC-A056-44BB-9183-71BEC7019EF4} - System32\Tasks\{DC048564-AC99-4F8C-952D-C8BF02F050A7} => Firefox.exe</p><p>Task: {C2CA6603-93E9-4D24-834F-81AAEE24ACC2} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Security Suite\Engine\21.5.0.19\WSCStub.exe [2014-07-31] (Symantec Corporation)</p><p>Task: {C6A751A7-91C8-4C3D-B304-76FD4EF0D36F} - System32\Tasks\{D8515773-F0F0-4B6F-B587-AD814F7B3303} => C:\Program Files (x86)\Unlocker\Unlocker.exe [2013-01-09] ()</p><p>Task: {CAF2F3BD-6266-404D-900D-AA8B3C4227BB} - System32\Tasks\{9CD62E55-23DE-4093-B247-27580ECBD21A} => D:\setup.EXE</p><p>Task: {CD2A73BC-627D-4A9C-A9A5-EF37D6D65002} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)</p><p>Task: {DC9A60F4-4FA6-4A0A-922A-322676E82E2F} - System32\Tasks\{5AF99C23-3439-4E48-A006-660CDF6F9EBC} => C:\Users\Bonnie\Documents\My Files\MY DOWNLOADS\Avery Wizard\Avery Wizard 4.0.1.exe</p><p>Task: {E2E1BA22-2C9E-4DDA-B5BE-A9669EEFE908} - System32\Tasks\{5F7491F5-055E-43B4-8AB1-6C0C13794ABE} => D:\setup.EXE</p><p>Task: {E4D634D9-DA93-4872-8EFE-5D648AB5C2B0} - System32\Tasks\Event Viewer Tasks\ac8580ce-7f54-4c3e-bdef-da7a8866a46e => Wscript.exe "C:\Users\Bonnie\AppData\Local\Temp\tmpF9B4.vbs"</p><p>Task: {E6576A38-A607-4BB6-8C02-75B1660083DB} - System32\Tasks\{1E489659-64BE-4A74-A027-58C627CBDD88} => D:\setup.EXE</p><p>Task: {ECCDED60-D276-4EE4-821C-934246C4F589} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)</p><p>Task: {F36EBADE-B9EC-4303-B912-113F05716D88} - System32\Tasks\{EDD0AA97-682C-4CA0-9160-CBA95F6C8FBD} => C:\Program Files (x86)\Microsoft Office\Options14\MSOO.EXE [2010-02-28] (Microsoft Corporation)</p><p>Task: {F548A22D-026E-4BA3-8CB6-2C78B765F4DB} - System32\Tasks\{82F30A69-741F-4105-A1DB-29F0CD72139C} => C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe [2012-11-23] (FileHippo.com)</p><p>Task: {F6767A57-59F9-47E0-AD86-C293DB2A23F9} - System32\Tasks\{6A246B2B-38B6-43A0-B3FE-ECDAE7FF92EE} => D:\setup.EXE</p><p>Task: {FAC18CA1-FB27-472A-9852-B75E2A3993FD} - System32\Tasks\{3FD6A413-7148-48F0-B752-516587088E89} => C:\Program Files (x86)\Unlocker\Unlocker.exe [2013-01-09] ()</p><p>Task: C:\Windows\Tasks\Ad-Aware Update (Weekly).job => C:\Program Files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe</p><p>Task: C:\Windows\Tasks\GlaryInitialize 5.job => C:\Program Files (x86)\Glary Utilities 5\Initialize.exe</p><p>Task: C:\Windows\Tasks\GlaryInitialize.job => C:\Program Files (x86)\Glary Utilities\initialize.exe</p><p>Task: C:\Windows\Tasks\SpyHunter4.job => C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe</p><p>Task: C:\Windows\Tasks\SyncBack Unused Shortcut Folder.job => C:\Program Files (x86)\2BrightSparks\SyncBackBonnieTask created by SyncBack.exe</p><p></p><p>==================== Loaded Modules (whitelisted) =============</p><p></p><p>2010-07-15 00:44 - 2010-07-15 00:44 - 00020032 _____ () C:\Program Files (x86)\Unlocker\UnlockerCOM.dll</p><p>2014-09-15 03:45 - 2014-09-15 03:45 - 00080160 _____ () C:\Program Files (x86)\Glary Utilities 5\zlib1.dll</p><p>2014-09-25 02:27 - 2014-09-25 02:27 - 03715184 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll</p><p>2011-01-26 20:48 - 2011-01-26 20:48 - 00237160 _____ () C:\Program Files (x86)\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll</p><p></p><p>==================== Alternate Data Streams (whitelisted) =========</p><p></p><p>(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)</p><p></p><p>AlternateDataStreams: C:\ProgramData\TEMP:0B44CA7A</p><p>AlternateDataStreams: C:\ProgramData\TEMP:4EFDF5FB</p><p>AlternateDataStreams: C:\ProgramData\TEMP:6AD65294</p><p></p><p>==================== Safe Mode (whitelisted) ===================</p><p></p><p>(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)</p><p></p><p></p><p>==================== EXE Association (whitelisted) =============</p><p></p><p>(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)</p><p></p><p></p><p>==================== MSCONFIG/TASK MANAGER disabled items =========</p><p></p><p>(Currently there is no automatic fix for this section.)</p><p></p><p>MSCONFIG\Services: ForceWare Intelligent Application Manager (IAM) => 2</p><p>MSCONFIG\Services: NAUpdate => 2</p><p>MSCONFIG\Services: NOBU => 2</p><p>MSCONFIG\Services: nSvcIp => 2</p><p>MSCONFIG\Services: nvsvc => 2</p><p>MSCONFIG\Services: PGMTrusted => 2</p><p>MSCONFIG\Services: Stereo Service => 2</p><p>MSCONFIG\startupfolder: C:^Users^Bonnie^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^7 Sticky Notes.lnk => C:\Windows\pss\7 Sticky Notes.lnk.Startup</p><p>MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"</p><p>MSCONFIG\startupreg: GUDelayStartup => "C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe" -delayrun</p><p>MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime</p><p></p><p>========================= Accounts: ==========================</p><p></p><p>Administrator (S-1-5-21-771612026-841732212-226713872-500 - Administrator - Disabled)</p><p>AdministratorBonnie (S-1-5-21-771612026-841732212-226713872-1004 - Limited - Enabled) => C:\Users\AdministratorBonnie</p><p>Bonnie (S-1-5-21-771612026-841732212-226713872-1000 - Administrator - Enabled) => C:\Users\Bonnie</p><p>Guest (S-1-5-21-771612026-841732212-226713872-501 - Limited - Enabled)</p><p>HomeGroupUser$ (S-1-5-21-771612026-841732212-226713872-1002 - Limited - Enabled)</p><p>UpdatusUser (S-1-5-21-771612026-841732212-226713872-1005 - Limited - Enabled) => C:\Users\UpdatusUser</p><p></p><p>==================== Faulty Device Manager Devices =============</p><p></p><p>Name: F:\</p><p>Description: MFC-J615W </p><p>Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a}</p><p>Manufacturer: Brother</p><p>Service: WUDFRd</p><p>Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)</p><p>Resolution: A registry problem was detected.</p><p> This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:</p><p>On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.</p><p>Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.</p><p></p><p>Name: E:\</p><p>Description: Multi-Card </p><p>Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a}</p><p>Manufacturer: Generic-</p><p>Service: WUDFRd</p><p>Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)</p><p>Resolution: A registry problem was detected.</p><p> This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:</p><p>On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.</p><p>Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.</p><p></p><p>Name: AntiLog32</p><p>Description: AntiLog32</p><p>Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}</p><p>Manufacturer:</p><p>Service: AntiLog32</p><p>Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)</p><p>Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.</p><p>Devices stay in this state if they have been prepared for removal.</p><p>After you remove the device, this error disappears.Remove the device, and this error should be resolved.</p><p></p><p></p><p>==================== Event log errors: =========================</p><p></p><p>Application errors:</p><p>==================</p><p>Error: (09/24/2014 04:06:07 PM) (Source: WinMgmt) (EventID: 10) (User: )</p><p>Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003</p><p></p><p>Error: (09/24/2014 03:45:19 PM) (Source: WinMgmt) (EventID: 10) (User: )</p><p>Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003</p><p></p><p>Error: (09/23/2014 11:51:56 PM) (Source: WinMgmt) (EventID: 10) (User: )</p><p>Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003</p><p></p><p>Error: (09/23/2014 10:23:02 PM) (Source: WinMgmt) (EventID: 10) (User: )</p><p>Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003</p><p></p><p>Error: (09/23/2014 10:21:53 PM) (Source: Windows Search Service) (EventID: 7010) (User: )</p><p>Description: The index cannot be initialized.</p><p></p><p></p><p>Details:</p><p> The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)</p><p></p><p>Error: (09/23/2014 10:21:53 PM) (Source: Windows Search Service) (EventID: 3058) (User: )</p><p>Description: The application cannot be initialized.</p><p></p><p>Context: Windows Application</p><p></p><p></p><p>Details:</p><p> The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)</p><p></p><p>Error: (09/23/2014 10:21:53 PM) (Source: Windows Search Service) (EventID: 3028) (User: )</p><p>Description: The gatherer object cannot be initialized.</p><p></p><p>Context: Windows Application, SystemIndex Catalog</p><p></p><p></p><p>Details:</p><p> The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)</p><p></p><p>Error: (09/23/2014 10:21:52 PM) (Source: Windows Search Service) (EventID: 3029) (User: )</p><p>Description: The plug-in in <Search.TripoliIndexer> cannot be initialized.</p><p></p><p>Context: Windows Application, SystemIndex Catalog</p><p></p><p></p><p>Details:</p><p> Element not found. (HRESULT : 0x80070490) (0x80070490)</p><p></p><p>Error: (09/23/2014 10:21:52 PM) (Source: Windows Search Service) (EventID: 3029) (User: )</p><p>Description: The plug-in in <Search.JetPropStore> cannot be initialized.</p><p></p><p>Context: Windows Application, SystemIndex Catalog</p><p></p><p></p><p>Details:</p><p> The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)</p><p></p><p>Error: (09/23/2014 10:21:52 PM) (Source: Windows Search Service) (EventID: 9002) (User: )</p><p>Description: The Windows Search Service cannot load the property store information.</p><p></p><p>Context: Windows Application, SystemIndex Catalog</p><p></p><p></p><p>Details:</p><p> The content index database is corrupt. (HRESULT : 0xc0041800) (0xc0041800)</p><p></p><p></p><p>System errors:</p><p>=============</p><p>Error: (09/24/2014 09:54:00 PM) (Source: DCOM) (EventID: 10010) (User: )</p><p>Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}</p><p></p><p>Error: (09/24/2014 04:03:00 PM) (Source: Service Control Manager) (EventID: 7030) (User: )</p><p>Description: The NPEService service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.</p><p></p><p>Error: (09/24/2014 03:41:34 PM) (Source: Service Control Manager) (EventID: 7030) (User: )</p><p>Description: The NPEService service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.</p><p></p><p>Error: (09/23/2014 10:21:55 PM) (Source: Service Control Manager) (EventID: 7031) (User: )</p><p>Description: The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.</p><p></p><p>Error: (09/23/2014 10:21:53 PM) (Source: Service Control Manager) (EventID: 7024) (User: )</p><p>Description: The Windows Search service terminated with service-specific error %%-1073473535.</p><p></p><p>Error: (09/22/2014 10:23:49 PM) (Source: Service Control Manager) (EventID: 7011) (User: )</p><p>Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WSearch service.</p><p></p><p>Error: (09/22/2014 10:12:30 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )</p><p>Description: WMPNetworkSvc0x80004005</p><p></p><p>Error: (09/21/2014 07:29:32 PM) (Source: DCOM) (EventID: 10016) (User: Bonniesdesktop)</p><p>Description: machine-defaultLocalActivation{9BA05972-F6A8-11CF-A442-00A0C90A8F39}{9BA05972-F6A8-11CF-A442-00A0C90A8F39}BonniesdesktopBonnieS-1-5-21-771612026-841732212-226713872-1000LocalHost (Using LRPC)</p><p></p><p></p><p>Microsoft Office Sessions:</p><p>=========================</p><p></p><p>CodeIntegrity Errors:</p><p>===================================</p><p> Date: 2014-09-03 11:55:02.397</p><p> Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Unlocker\UnlockerDriver5.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.</p><p></p><p> Date: 2014-09-03 11:55:02.335</p><p> Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Unlocker\UnlockerDriver5.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.</p><p></p><p> Date: 2014-09-03 11:55:02.257</p><p> Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Unlocker\UnlockerDriver5.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.</p><p></p><p> Date: 2014-09-03 11:55:02.148</p><p> Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Unlocker\UnlockerDriver5.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.</p><p></p><p> Date: 2014-09-03 09:43:26.171</p><p> Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Unlocker\UnlockerDriver5.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.</p><p></p><p> Date: 2014-09-03 09:43:26.093</p><p> Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Unlocker\UnlockerDriver5.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.</p><p></p><p> Date: 2014-09-03 09:43:26.000</p><p> Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Unlocker\UnlockerDriver5.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.</p><p></p><p> Date: 2014-09-03 09:43:25.922</p><p> Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Unlocker\UnlockerDriver5.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.</p><p></p><p> Date: 2013-10-31 16:19:52.297</p><p> Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Unlocker\UnlockerDriver5.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.</p><p></p><p> Date: 2013-10-31 16:19:52.188</p><p> Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Unlocker\UnlockerDriver5.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.</p><p></p><p></p><p>==================== Memory info ===========================</p><p></p><p>Processor: AMD Athlon(tm) II X2 220 Processor</p><p>Percentage of memory in use: 70%</p><p>Total physical RAM: 2815.37 MB</p><p>Available physical RAM: 836.47 MB</p><p>Total Pagefile: 5628.91 MB</p><p>Available Pagefile: 2257.69 MB</p><p>Total Virtual: 8192 MB</p><p>Available Virtual: 8191.83 MB</p><p></p><p>==================== Drives ================================</p><p></p><p>Drive c: (eMachines) (Fixed) (Total:913.84 GB) (Free:771.9 GB) NTFS</p><p>Drive g: (FreeAgent GoFlex Drive) (Fixed) (Total:465.76 GB) (Free:308.39 GB) NTFS</p><p></p><p>==================== MBR & Partition Table ==================</p><p></p><p>========================================================</p><p>Disk: 0 (Size: 931.5 GB) (Disk ID: 35D5C1F3)</p><p>Partition 1: (Not Active) - (Size=17.6 GB) - (Type=27)</p><p>Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)</p><p>Partition 3: (Not Active) - (Size=913.8 GB) - (Type=07 NTFS)</p><p></p><p>========================================================</p><p>Disk: 3 (Size: 465.8 GB) (Disk ID: 0C87459A)</p><p>Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)</p><p></p><p>==================== End Of Log ============================</p></blockquote><p></p>
[QUOTE="Bonnielj, post: 269377, member: 28099"] I have been trying to get rid of an virus or malware called pckeeper from my computer...Looking for help. Thank you. Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-09-2014 02 Ran by Bonnie (administrator) on BONNIESDESKTOP on 28-09-2014 22:10:50 Running from C:\Users\Bonnie\Desktop Loaded Profiles: Bonnie & AdministratorBonnie & UpdatusUser & (Available profiles: Bonnie & AdministratorBonnie & UpdatusUser) Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States) Internet Explorer Version 9 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: [url]http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/[/url] ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Binary Fortress Software) C:\Program Files (x86)\TrayStatus\TrayStatus.exe (Foxit Corporation) C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe (Acer Incorporated) C:\Program Files (x86)\eMachines\Registration\GREGsvc.exe (Acer Incorporated) C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe (Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine\21.5.0.19\n360.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe (Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine\21.5.0.19\n360.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (Elias Fotinis) C:\Program Files (x86)\DeskPins\DeskPins.exe (Glarysoft Ltd) C:\Program Files (x86)\Glary Utilities 5\Integrator.exe (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated) HKU\S-1-5-21-771612026-841732212-226713872-1000\...\Run: [KeyboardLeds.exe] => C:\Program Files (x86)\Keyboard LEDs\KeyboardLeds.exe [912896 2012-09-05] (KARPOLAN) HKU\S-1-5-21-771612026-841732212-226713872-1000\...\Run: [GUDelayStartup] => C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe [37152 2014-09-15] (Glarysoft Ltd) HKU\S-1-5-21-771612026-841732212-226713872-1000\...\Run: [TrayStatus] => C:\Program Files (x86)\TrayStatus\TrayStatus.exe [283032 2011-05-18] (Binary Fortress Software) HKU\S-1-5-21-771612026-841732212-226713872-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [6480664 2014-09-25] (Piriform Ltd) HKU\S-1-5-21-771612026-841732212-226713872-1000\...\MountPoints2: {0158e630-0acd-11e1-a35f-f80f411ea9c3} - I:\LaunchU3.exe -a HKU\S-1-5-21-771612026-841732212-226713872-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [KeyboardLeds.exe] => C:\Program Files (x86)\Keyboard LEDs\KeyboardLeds.exe [912896 2012-09-05] (KARPOLAN) HKU\S-1-5-21-771612026-841732212-226713872-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [GUDelayStartup] => C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe [37152 2014-09-15] (Glarysoft Ltd) HKU\S-1-5-21-771612026-841732212-226713872-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [TrayStatus] => C:\Program Files (x86)\TrayStatus\TrayStatus.exe [283032 2011-05-18] (Binary Fortress Software) HKU\S-1-5-21-771612026-841732212-226713872-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [6480664 2014-09-25] (Piriform Ltd) HKU\S-1-5-21-771612026-841732212-226713872-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {0158e630-0acd-11e1-a35f-f80f411ea9c3} - I:\LaunchU3.exe -a HKU\S-1-5-21-771612026-841732212-226713872-1005\...\RunOnce: [ScrSav] => C:\Program Files (x86)\eMachines\Screensaver\run_eMachines.exe [154144 2010-07-29] () HKU\S-1-5-21-771612026-841732212-226713872-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\RunOnce: [ScrSav] => C:\Program Files (x86)\eMachines\Screensaver\run_eMachines.exe [154144 2010-07-29] () ShellIconOverlayIdentifiers: OverlayExcluded -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Security Suite\Engine64\21.5.0.19\buShell.dll (Symantec Corporation) ShellIconOverlayIdentifiers: OverlayPending -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Security Suite\Engine64\21.5.0.19\buShell.dll (Symantec Corporation) ShellIconOverlayIdentifiers: OverlayProtected -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Security Suite\Engine64\21.5.0.19\buShell.dll (Symantec Corporation) BootExecute: autocheck autochk * BootDefrag.exe ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = [url]http://www.msn.com/?ocid=iehp[/url] HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x804D056B3ED5CF01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [url]http://xfinity.comcast.net/[/url] StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKLM-x32 - {c1d89ae7-449d-4929-b24b-fded04adbe06} URL = [url]http://isearch.glarysoft.com/?q={searchTerms}&src=iesearch[/url] SearchScopes: HKCU - {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = [url]http://nortonsafe.search.ask.com/web?q={SEARCHTERMS}&o=APN10506&l=dis&prt=360&chn=S1122&geo=US&ver=21&locale=en_US&gct=kwd&qsrc=2869[/url] BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security Suite\Engine64\21.5.0.19\coIEPlg.dll (Symantec Corporation) BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security Suite\Engine\21.5.0.19\coIEPlg.dll (Symantec Corporation) BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Security Suite\Engine\21.5.0.19\IPS\IPSBHO.DLL (Symantec Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine64\21.5.0.19\coIEPlg.dll (Symantec Corporation) Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\21.5.0.19\coIEPlg.dll (Symantec Corporation) Toolbar: HKCU - No Name - {C050A3B4-59E7-42B1-9956-369806F31D20} - No File Toolbar: HKCU - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine64\21.5.0.19\coIEPlg.dll (Symantec Corporation) DPF: HKLM-x32 {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} [url]http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab[/url] DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} [url]http://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab[/url] DPF: HKLM-x32 {17492023-C23A-453E-A040-C7C580BBF700} [url]http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab[/url] DPF: HKLM-x32 {3107C2A8-9F0B-4404-A58B-21BD85268FBC} [url]http://www.pogo.com/cdl/launcher/PogoWebLauncherInstaller.CAB[/url] Handler: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\system32\urlmon.dll (Microsoft Corporation) Handler-x32: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - No File Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76 FireFox: ======== FF ProfilePath: C:\Users\Bonnie\AppData\Roaming\Mozilla\Firefox\Profiles\nq483etu.default-1411263639149 FF DefaultSearchEngine: Bing FF SelectedSearchEngine: Bing FF Homepage: hxxp://xfinity.comcast.net/ FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll () FF Plugin: @java.com/DTPlugin,version=10.21.2 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll () FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1212152.dll (Adobe Systems, Inc.) FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll No File FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll No File FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation) FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation) FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll No File FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF SearchPlugin: C:\Users\Bonnie\AppData\Roaming\Mozilla\Firefox\Profiles\nq483etu.default-1411263639149\searchplugins\safesearch.xml FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn [2014-09-24] Chrome: ======= CHR Profile: C:\Users\Bonnie\AppData\Local\Google\Chrome\User Data\Default CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Security Suite\Engine\21.5.0.19\Exts\Chrome.crx [2014-09-19] CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [245760 2010-01-25] (Brother Industries, Ltd.) [File not signed] S4 ForceWare Intelligent Application Manager (IAM); C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe [626208 2009-08-10] () R2 FoxitCloudUpdateService; C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [242216 2014-06-17] (Foxit Corporation) R2 GREGService; C:\Program Files (x86)\eMachines\Registration\GREGsvc.exe [23584 2010-01-08] (Acer Incorporated) S2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [127752 2014-09-18] (SurfRight B.V.) R2 Live Updater Service; C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe [244624 2011-01-31] (Acer Incorporated) R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation) R2 N360; C:\Program Files (x86)\Norton Security Suite\Engine\21.5.0.19\N360.exe [265040 2014-08-01] (Symantec Corporation) S4 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation) S4 nSvcIp; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe [206880 2009-08-10] () S4 PGMTrusted; C:\Program Files (x86)\Pogo Games\PGMTrusted.exe [519920 2012-10-31] (iWin Inc.) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R1 BHDrvx64; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\BASHDefs\20140912.003\BHDrvx64.sys [1586904 2014-09-12] (Symantec Corporation) R0 BootDefragDriver; C:\Windows\System32\drivers\BootDefragDriver.sys [17600 2014-05-14] (Glarysoft Ltd) R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1505000.013\ccSetx64.sys [162392 2013-09-25] (Symantec Corporation) R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2014-09-19] (Symantec Corporation) R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142640 2014-09-19] (Symantec Corporation) R1 GUBootStartup; C:\Windows\System32\drivers\GUBootStartup.sys [20672 2014-09-09] (Glarysoft Ltd) R1 IDSVia64; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\IPSDefs\20140926.003\IDSvia64.sys [633560 2014-09-19] (Symantec Corporation) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-09-28] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation) R3 NAVENG; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\VirusDefs\20140928.002\ENG64.SYS [129752 2014-09-22] (Symantec Corporation) R3 NAVEX15; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\VirusDefs\20140928.002\EX64.SYS [2137304 2014-09-22] (Symantec Corporation) S3 PcdrNdisuio; No ImagePath R1 SMR430; C:\Windows\System32\drivers\SMR430.SYS [108216 2014-09-24] (Symantec Corporation) R3 SRTSP; C:\Windows\System32\Drivers\N360x64\1505000.013\SRTSP64.SYS [875736 2014-07-23] (Symantec Corporation) R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1505000.013\SRTSPX64.SYS [36952 2013-09-09] (Symantec Corporation) R0 SymDS; C:\Windows\System32\drivers\N360x64\1505000.013\SYMDS64.SYS [493656 2013-09-09] (Symantec Corporation) R0 SymEFA; C:\Windows\System32\drivers\N360x64\1505000.013\SYMEFA64.SYS [1148120 2014-07-23] (Symantec Corporation) R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-09-19] (Symantec Corporation) R1 SymIRON; C:\Windows\system32\drivers\N360x64\1505000.013\Ironx64.SYS [264280 2013-09-26] (Symantec Corporation) R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1505000.013\SYMNETS.SYS [593112 2014-07-23] (Symantec Corporation) U5 UnlockerDriver5; C:\Program Files (x86)\Unlocker\UnlockerDriver5.sys [4096 2010-07-04] () [File not signed] S1 AntiLog32; \??\C:\Windows\system32\drivers\AntiLog64.sys [X] S3 keycrypt; system32\DRIVERS\KeyCrypt64.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-09-28 22:10 - 2014-09-28 22:11 - 00017131 _____ () C:\Users\Bonnie\Desktop\FRST.txt 2014-09-28 22:10 - 2014-09-28 22:10 - 00000000 ____D () C:\FRST 2014-09-28 22:06 - 2014-09-28 22:07 - 02108928 _____ (Farbar) C:\Users\Bonnie\Desktop\FRST64.exe 2014-09-28 21:41 - 2014-09-28 21:41 - 00001898 _____ () C:\Users\Public\Desktop\HitmanPro.lnk 2014-09-28 01:10 - 2014-09-28 01:10 - 00000831 _____ () C:\Users\Public\Desktop\CCleaner.lnk 2014-09-25 02:27 - 2014-09-25 02:27 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-09-24 20:19 - 2014-09-24 20:19 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\Bonnie\Downloads\SpyHunter-Installer.exe 2014-09-24 16:13 - 2014-09-24 16:13 - 00000020 _____ () C:\Windows\system32\Drivers\SMR430.dat 2014-09-24 15:34 - 2014-09-24 16:13 - 00108216 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SMR430.SYS 2014-09-24 15:33 - 2014-09-24 15:34 - 03060320 ____N (Symantec Corporation) C:\Users\Bonnie\Downloads\NPE.exe 2014-09-22 22:59 - 2014-09-28 13:55 - 00147873 ____N () C:\Windows\WindowsUpdate.log 2014-09-20 21:40 - 2014-09-20 21:40 - 00000000 ____D () C:\Users\Bonnie\Desktop\Old Firefox Data 2014-09-20 21:27 - 2014-09-24 19:49 - 00000000 ____D () C:\Users\Bonnie\Desktop\Logs removing pckeeper.app.zeobit virus 2014-09-20 21:15 - 2014-09-20 21:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TrayStatus 2014-09-20 21:15 - 2014-09-20 21:15 - 00000000 ____D () C:\Program Files (x86)\TrayStatus 2014-09-20 21:13 - 2014-09-20 21:13 - 00647080 _____ (Binary Fortress Software ) C:\Users\Bonnie\Downloads\TrayStatusSetup-1.2.3.exe 2014-09-20 21:11 - 2014-09-20 21:11 - 00699016 _____ (CNET Download.com) C:\Users\Bonnie\Downloads\cbsidlm-cbsi213-TrayStatus-SEO-75167720(1).exe 2014-09-20 21:09 - 2014-09-20 21:09 - 00699016 _____ (CNET Download.com) C:\Users\Bonnie\Downloads\cbsidlm-cbsi213-TrayStatus-SEO-75167720.exe 2014-09-20 00:47 - 2014-09-20 00:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro 2014-09-19 23:33 - 2014-09-19 23:33 - 00000000 ____D () C:\Windows\System32\Tasks\Norton Security Suite 2014-09-19 23:22 - 2014-09-19 23:33 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security Suite 2014-09-19 23:22 - 2014-09-19 23:22 - 00177752 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS 2014-09-19 23:22 - 2014-09-19 23:22 - 00008222 _____ () C:\Windows\system32\Drivers\SYMEVENT64x86.CAT 2014-09-19 23:22 - 2014-09-19 23:22 - 00000000 ____D () C:\Program Files (x86)\Norton Security Suite 2014-09-19 23:19 - 2014-09-19 23:19 - 01021632 _____ (Symantec Corporation) C:\Users\Bonnie\Downloads\Norton_Download_Manager.exe 2014-09-19 23:09 - 2014-09-19 23:09 - 00869456 _____ () C:\Users\Bonnie\Downloads\Norton_Removal_Tool.exe 2014-09-19 21:18 - 2014-09-25 16:24 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-09-19 21:18 - 2014-09-19 21:18 - 00001164 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2014-09-19 21:18 - 2014-09-19 21:18 - 00001152 _____ () C:\Users\Public\Desktop\Mozilla Firefox 32.lnk 2014-09-18 22:34 - 2014-09-18 22:34 - 00002232 _____ () C:\Windows\system32\.crusader 2014-09-18 21:38 - 2014-09-18 21:38 - 00000000 ____D () C:\Program Files\HitmanPro 2014-09-16 22:54 - 2014-09-16 22:54 - 00000000 ____D () C:\Users\Bonnie\AppData\Roaming\Foxit Software 2014-09-15 21:30 - 2014-09-16 22:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit PhantomPDF 2014-09-15 21:27 - 2014-09-15 21:27 - 00000000 ____D () C:\Users\Bonnie\AppData\Local\Foxit PhantomPDF 2014-09-15 21:25 - 2014-09-15 21:25 - 00000000 ____D () C:\ProgramData\Package Cache 2014-09-15 20:03 - 2014-09-15 21:30 - 00000000 ____D () C:\Users\Public\Foxit Software 2014-09-15 20:02 - 2014-09-16 22:54 - 00000000 ____D () C:\Program Files (x86)\Foxit Software 2014-09-09 19:36 - 2014-08-22 22:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll 2014-09-09 19:36 - 2014-08-22 21:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll 2014-09-09 19:36 - 2014-08-22 20:59 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-09-09 17:46 - 2014-08-15 11:48 - 17868288 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-09-09 17:46 - 2014-08-15 11:36 - 10920960 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-09-09 17:46 - 2014-08-15 11:35 - 02339328 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-09-09 17:46 - 2014-08-15 11:31 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-09-09 17:46 - 2014-08-15 11:31 - 01384960 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-09-09 17:46 - 2014-08-15 11:30 - 01494016 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-09-09 17:46 - 2014-08-15 11:30 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2014-09-09 17:46 - 2014-08-15 11:30 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-09-09 17:46 - 2014-08-15 11:29 - 02156032 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-09-09 17:46 - 2014-08-15 11:29 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-09-09 17:46 - 2014-08-15 11:29 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-09-09 17:46 - 2014-08-15 11:29 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-09-09 17:46 - 2014-08-15 11:29 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll 2014-09-09 17:46 - 2014-08-15 11:29 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-09-09 17:46 - 2014-08-15 11:29 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-09-09 17:46 - 2014-08-15 11:29 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-09-09 17:46 - 2014-08-15 11:29 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll 2014-09-09 17:46 - 2014-08-15 11:28 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-09-09 17:46 - 2014-08-15 11:28 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-09-09 17:46 - 2014-08-15 11:28 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe 2014-09-09 17:46 - 2014-08-15 11:28 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe 2014-09-09 17:46 - 2014-08-15 10:51 - 12363264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-09-09 17:46 - 2014-08-15 10:42 - 09739776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-09-09 17:46 - 2014-08-15 10:42 - 01810432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-09-09 17:46 - 2014-08-15 10:37 - 01137664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-09-09 17:46 - 2014-08-15 10:37 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-09-09 17:46 - 2014-08-15 10:36 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-09-09 17:46 - 2014-08-15 10:35 - 01802240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-09-09 17:46 - 2014-08-15 10:35 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2014-09-09 17:46 - 2014-08-15 10:35 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-09-09 17:46 - 2014-08-15 10:35 - 00421376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-09-09 17:46 - 2014-08-15 10:35 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2014-09-09 17:46 - 2014-08-15 10:35 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll 2014-09-09 17:46 - 2014-08-15 10:35 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-09-09 17:46 - 2014-08-15 10:35 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-09-09 17:46 - 2014-08-15 10:35 - 00065024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-09-09 17:46 - 2014-08-15 10:35 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll 2014-09-09 17:46 - 2014-08-15 10:34 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-09-09 17:46 - 2014-08-15 10:34 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-09-09 17:46 - 2014-08-15 10:34 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-09-09 17:46 - 2014-08-15 10:34 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe 2014-09-09 17:46 - 2014-08-15 10:34 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe 2014-09-09 17:23 - 2014-06-26 22:08 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll 2014-09-09 17:23 - 2014-06-26 21:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll 2014-09-09 17:20 - 2014-06-30 18:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll 2014-09-09 17:20 - 2014-06-30 18:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll 2014-09-09 17:20 - 2014-03-09 17:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe 2014-09-09 17:20 - 2014-03-09 17:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll 2014-09-09 17:20 - 2014-03-09 17:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe 2014-09-09 17:20 - 2014-03-09 17:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll 2014-09-09 17:19 - 2014-06-06 02:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe 2014-09-09 17:19 - 2014-06-06 02:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe 2014-09-09 17:17 - 2014-07-15 23:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll 2014-09-09 17:17 - 2014-07-15 22:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll 2014-09-09 17:17 - 2014-07-06 22:06 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2014-09-09 17:17 - 2014-07-06 22:06 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2014-09-09 17:17 - 2014-07-06 21:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2014-09-09 17:17 - 2014-07-06 21:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2014-09-09 17:17 - 2014-07-06 21:39 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2014-09-09 17:17 - 2014-06-03 06:02 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll 2014-09-09 17:17 - 2014-06-03 06:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll 2014-09-09 17:17 - 2014-06-03 06:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe 2014-09-09 17:17 - 2014-06-03 05:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll 2014-09-09 17:17 - 2014-06-03 05:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll 2014-09-09 17:16 - 2014-06-23 23:29 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll 2014-09-09 17:16 - 2014-06-23 22:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll 2014-09-09 17:15 - 2014-09-04 22:10 - 00578048 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-09-09 17:15 - 2014-09-04 22:05 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-09-09 17:15 - 2014-08-01 07:53 - 01031168 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll 2014-09-09 17:15 - 2014-08-01 07:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll 2014-09-09 17:15 - 2014-07-13 22:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll 2014-09-09 17:15 - 2014-07-13 21:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll 2014-09-09 17:15 - 2014-06-24 22:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll 2014-09-09 17:15 - 2014-06-24 21:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll 2014-09-09 17:15 - 2014-06-15 22:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys 2014-09-09 14:50 - 2014-09-28 21:18 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-09-09 14:50 - 2014-09-11 04:12 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware 2014-09-09 14:50 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-09-09 14:50 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-09-09 14:50 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-09-09 14:47 - 2014-09-09 14:47 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Bonnie\Downloads\mbam-setup-2.0.2.1012.exe 2014-09-03 10:50 - 2014-09-09 13:48 - 00000000 ____D () C:\ProgramData\RogueKiller 2014-09-03 00:42 - 2014-09-24 16:05 - 00000000 ____D () C:\NPE 2014-09-02 23:40 - 2014-09-02 23:40 - 00000000 _____ () C:\autoexec.bat ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-09-28 20:54 - 2013-09-15 21:28 - 00578560 ___SH () C:\Users\Bonnie\Desktop\Thumbs.db 2014-09-28 20:08 - 2011-10-03 02:43 - 00000000 ____D () C:\Users\Bonnie\Documents\My Files 2014-09-28 01:10 - 2013-08-28 14:39 - 00000000 ____D () C:\Program Files\CCleaner 2014-09-28 01:03 - 2014-05-16 21:19 - 00000000 ____D () C:\Program Files (x86)\Glary Utilities 5 2014-09-26 20:03 - 2011-10-03 01:39 - 00000000 ___RD () C:\Users\Bonnie\Desktop\Unused Shortcut Folder 2014-09-25 20:26 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\NDF 2014-09-25 05:00 - 2009-07-14 00:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-09-25 05:00 - 2009-07-14 00:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-09-24 16:13 - 2013-02-25 23:12 - 00000000 ____D () C:\Users\Bonnie\AppData\Local\NPE 2014-09-24 16:12 - 2013-05-14 20:21 - 00000000 ___RD () C:\Users\Bonnie\Desktop\COMPUTER CLEANERS 2014-09-24 16:05 - 2014-05-16 21:20 - 00000334 _____ () C:\Windows\Tasks\GlaryInitialize 5.job 2014-09-24 16:04 - 2011-10-05 00:42 - 00000326 _____ () C:\Windows\Tasks\GlaryInitialize.job 2014-09-24 16:04 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-09-22 19:09 - 2012-06-11 19:09 - 00000496 _____ () C:\Windows\Tasks\Ad-Aware Update (Weekly).job 2014-09-21 18:10 - 2011-10-17 23:24 - 00000000 ____D () C:\Users\Bonnie\AppData\Local\CrashDumps 2014-09-20 21:24 - 2013-08-20 20:03 - 00000000 ____D () C:\AdwCleaner 2014-09-20 19:22 - 2013-01-25 22:18 - 00000000 ____D () C:\Users\AdministratorBonnie 2014-09-20 12:26 - 2012-02-01 11:20 - 00000000 ____D () C:\Users\Bonnie\AppData\Local\LogMeIn Rescue Applet 2014-09-19 23:33 - 2012-12-14 22:32 - 00003228 _____ () C:\Windows\System32\Tasks\Norton WSC Integration 2014-09-19 23:33 - 2012-12-14 22:31 - 00000000 ____D () C:\Windows\system32\Drivers\N360x64 2014-09-19 23:22 - 2012-12-14 22:32 - 00000000 ____D () C:\Program Files\Common Files\Symantec Shared 2014-09-19 23:22 - 2012-12-14 22:09 - 00000000 ____D () C:\Users\Bonnie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Norton 2014-09-19 23:22 - 2011-03-31 05:24 - 00000000 ____D () C:\ProgramData\Norton 2014-09-19 16:39 - 2013-09-16 17:08 - 00000000 ____D () C:\Program Files (x86)\Browny02 2014-09-18 22:39 - 2013-05-11 14:04 - 00000000 ____D () C:\ProgramData\HitmanPro 2014-09-18 20:15 - 2012-08-06 17:56 - 00007149 _____ () C:\Windows\InstText.ini 2014-09-17 22:43 - 2013-05-14 23:24 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group 2014-09-17 21:00 - 2013-11-26 15:34 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk 2014-09-16 22:41 - 2014-05-16 21:20 - 00001097 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5.lnk 2014-09-16 22:40 - 2014-05-16 21:20 - 00002986 _____ () C:\Windows\System32\Tasks\GU5SkipUAC 2014-09-16 22:40 - 2014-05-16 21:20 - 00002644 _____ () C:\Windows\System32\Tasks\GlaryInitialize 5 2014-09-16 22:36 - 2014-03-25 17:51 - 00000000 ____D () C:\Users\Bonnie\AppData\Roaming\DiskDefrag 2014-09-15 19:49 - 2014-05-27 20:13 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-09-15 19:49 - 2014-05-27 20:13 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-09-10 02:51 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache 2014-09-09 20:45 - 2014-05-16 21:20 - 00020672 _____ (Glarysoft Ltd) C:\Windows\system32\Drivers\GUBootStartup.sys 2014-09-09 19:42 - 2013-07-18 11:56 - 00307848 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-09-09 19:24 - 2014-04-29 19:06 - 00000000 ___SD () C:\Windows\system32\CompatTel 2014-09-09 18:04 - 2011-10-03 05:29 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-09-09 17:49 - 2009-07-13 23:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared 2014-09-09 17:43 - 2013-12-02 17:35 - 00797394 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI 2014-09-09 17:43 - 2009-07-14 01:13 - 00797394 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-09-09 17:40 - 2013-07-19 17:01 - 00000000 ____D () C:\Windows\system32\MRT 2014-09-09 16:37 - 2014-08-05 20:09 - 00000042 _____ () C:\Users\Bonnie\Desktop\IdentityWord.txt 2014-09-09 13:51 - 2011-10-02 19:05 - 00000000 ____D () C:\Users\Bonnie 2014-09-09 13:49 - 2011-10-10 14:46 - 00000000 ____D () C:\Windows\system32\Macromed 2014-09-09 13:49 - 2011-03-31 05:24 - 00000000 ____D () C:\Windows\SysWOW64\Macromed 2014-09-09 13:49 - 2010-11-21 03:17 - 00000000 ____D () C:\Program Files\Windows Journal 2014-09-09 13:49 - 2010-11-21 03:16 - 00000000 ____D () C:\Windows\ShellNew 2014-09-09 13:48 - 2014-05-16 21:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5 2014-09-09 13:48 - 2014-04-06 20:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2014-09-09 13:48 - 2013-05-22 21:51 - 00000000 ____D () C:\Windows\ERUNT 2014-09-09 13:48 - 2011-10-18 21:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\2BrightSparks 2014-09-09 13:48 - 2011-10-05 01:18 - 00000000 ____D () C:\Program Files\Enigma Software Group 2014-09-09 13:48 - 2011-10-05 00:42 - 00000000 ____D () C:\Program Files (x86)\Glary Utilities 2014-09-09 13:48 - 2011-10-03 05:29 - 00000000 ____D () C:\Users\Bonnie\AppData\Local\Microsoft Help 2014-09-09 13:48 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\servicing 2014-09-09 13:48 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\AppCompat 2014-09-09 13:47 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\registration 2014-09-09 13:39 - 2012-09-27 17:48 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-09-09 13:38 - 2011-10-03 05:27 - 00000000 __RHD () C:\MSOCache 2014-08-29 13:01 - 2011-10-04 11:37 - 101694776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe Files to move or delete: ==================== C:\Users\Bonnie\nircmd.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-09-26 01:19 ==================== End Of Log ============================ Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28-09-2014 02 Ran by Bonnie at 2014-09-28 22:11:58 Running from C:\Users\Bonnie\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Norton Security Suite (Enabled - Up to date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB} AS: Norton Security Suite (Enabled - Up to date) {631E4324-D31C-783F-EC5C-35AD42B18466} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: Norton Security Suite (Enabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Update for Microsoft Office 2007 (KB2508958) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version: - Microsoft) Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated) Adobe AIR (x32 Version: 1.5.0.7220 - Adobe Systems Inc.) Hidden Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.152 - Adobe Systems Incorporated) Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated) Adobe Reader XI (11.0.09) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated) Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.2.152 - Adobe Systems, Inc.) Agatha Christie - 4:50 from Paddington (x32 Version: 2.2.0.95 - WildTangent) Hidden Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.) Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) Auslogics DiskDefrag (HKLM-x32\...\{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1) (Version: 4.5.2.0 - Auslogics Labs Pty Ltd) Avery Wizard 5.0 (HKLM-x32\...\{FC3B3A5D-7058-4627-9F1E-F95CC38B6054}) (Version: 5.0.5 - Avery) Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden Big Fish Games: Game Manager (HKLM-x32\...\BFGC) (Version: 3.0.1.60 - ) Brother MFL-Pro Suite MFC-J615W (HKLM-x32\...\{7FB6B1B7-075B-4B7F-BEB6-97584F73C7B5}) (Version: 1.0.4.0 - Brother Industries, Ltd.) Build-a-lot 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden CCleaner (HKLM\...\CCleaner) (Version: 4.18 - Piriform) Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden Defraggler (HKLM\...\Defraggler) (Version: 2.18 - Piriform) DeskPins (remove only) (HKLM-x32\...\DeskPins) (Version: - ) Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95 - WildTangent) Hidden Dora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden eMachines Games (HKLM-x32\...\WildTangent emachines Master Uninstall) (Version: 1.0.2.4 - WildTangent) eMachines Recovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 5.00.3002 - Acer Incorporated) eMachines Registration (HKLM-x32\...\eMachines Registration) (Version: 1.03.3003 - Acer Incorporated) eMachines ScreenSaver (HKLM-x32\...\eMachines Screensaver) (Version: 1.1.0221.2011 - Acer Incorporated) eMachines Updater (HKLM-x32\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.02.3005 - Acer Incorporated) FileHippo.com Update Checker (HKLM-x32\...\FileHippo.com) (Version: - ) Final Drive: Nitro (x32 Version: 2.2.0.95 - WildTangent) Hidden Fishdom 3 Collector's Edition (HKLM-x32\...\BFG-Fishdom 3 Collector's Edition) (Version: - ) Foxit Cloud (HKLM-x32\...\{41914D8B-9D6E-4764-A1F9-BC43FB6782C1}_is1) (Version: 1.5.129.617 - Foxit Corporation) Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 6.2.3.815 - Foxit Corporation) Glary Utilities Pro 2.56.0.1822 (HKLM-x32\...\Glary Utilities_is1) (Version: 2.56.0.1822 - Glarysoft Ltd) Glary Utilities PRO 5.8 (HKLM-x32\...\Glary Utilities 5) (Version: 5.8.0.15 - Glarysoft Ltd) HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.225 - SurfRight B.V.) Hotkey Utility (HKLM-x32\...\Hotkey Utility) (Version: 2.05.3014 - Acer Incorporated) Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3006 - Acer Incorporated) Internet Explorer (Enable DEP) (HKLM\...\{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb) (Version: - ) Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle) Java Auto Updater (x32 Version: 2.1.67.1 - Oracle, Inc.) Hidden Jewel Quest Heritage (x32 Version: 2.2.0.95 - WildTangent) Hidden Jewel Quest Mysteries 2 Trail of the Midnight Heart (remove only) (HKLM-x32\...\Jewel Quest Mysteries 2 Trail of the Midnight Heart) (Version: - ) Keyboard LEDs (HKLM-x32\...\Keyboard LEDs) (Version: 2.7 - KARPOLAN) Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation) Microsoft Mouse and Keyboard Center (Version: 2.3.188.0 - Microsoft Corporation) Hidden Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft) Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation) Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Office Home and Student 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office OneNote MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Picture It! Express 7.0 (HKLM-x32\...\{369B36BE-3D64-4641-9AEA-808D436FE130}) (Version: 7.0.0.0000 - Microsoft Corporation) Microsoft PowerPoint Viewer (HKLM-x32\...\{95140000-00AF-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation) Microsoft SkyDrive (HKCU\...\SkyDriveSetup.exe) (Version: 16.4.6013.0910 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50701 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (Version: 10.0.50706 - Microsoft Corporation) Hidden Mozilla Firefox 32.0.3 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 32.0.3 (x86 en-US)) (Version: 32.0.3 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 32.0.2 - Mozilla) MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) Mystery P.I. - Stolen in San Francisco (x32 Version: 2.2.0.95 - WildTangent) Hidden Namco All-Stars: PAC-MAN (x32 Version: 2.2.0.95 - WildTangent) Hidden Nero Control Center 10 (x32 Version: 10.6.13000.0.11 - Nero AG) Hidden Nero ControlCenter 10 Help (CHM) (x32 Version: 10.5.10000 - Nero AG) Hidden Nero Core Components 10 (x32 Version: 2.0.19900.9.11 - Nero AG) Hidden Nero DiscSpeed 10 (HKLM-x32\...\{34490F4E-48D0-492E-8249-B48BECF0537C}) (Version: 6.4.10500.1.100 - Nero AG) Nero DiscSpeed 10 Help (CHM) (x32 Version: 10.5.10000 - Nero AG) Hidden Nero Express 10 (HKLM-x32\...\{70550193-1C22-445C-8FA4-564E155DB1A7}) (Version: 10.6.10800.6.100 - Nero AG) Nero Express 10 Help (CHM) (x32 Version: 10.5.10200 - Nero AG) Hidden Nero Multimedia Suite 10 Essentials (HKLM-x32\...\{62BF4BD3-B1F6-4FA2-8388-CC0647ACBF86}) (Version: 10.5.10300 - Nero AG) Nero StartSmart 10 (HKLM-x32\...\{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}) (Version: 10.6.10500.3.100 - Nero AG) Nero StartSmart 10 Help (CHM) (x32 Version: 10.5.10000 - Nero AG) Hidden Nero Update (x32 Version: 11.0.11800.31.0 - Nero AG) Hidden NOOK for PC (HKLM-x32\...\BN_DesktopReader) (Version: 2.5.1.237 - Barnesandnoble.com) Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.1.17869 - Symantec Corporation) Norton Security Suite (HKLM-x32\...\N360) (Version: 21.5.0.19 - Symantec Corporation) NVIDIA Control Panel 307.83 (Version: 307.83 - NVIDIA Corporation) Hidden NVIDIA Display Control Panel (HKLM\...\NVIDIA Display Control Panel) (Version: 1.10 - NVIDIA Corporation) NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10.62.40 - NVIDIA Corporation) NVIDIA ForceWare Network Access Manager (HKLM-x32\...\InstallShield_{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}) (Version: 1.00.7316 - NVIDIA Corporation) NVIDIA ForceWare Network Access Manager (Version: 1.00.7316 - NVIDIA Corporation) Hidden NVIDIA Graphics Driver 307.83 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 307.83 - NVIDIA Corporation) NVIDIA Install Application (Version: 2.1002.109.706 - NVIDIA Corporation) Hidden NVIDIA Stereoscopic 3D Driver (HKLM-x32\...\NVIDIAStereo) (Version: 7.17.12.6684 - NVIDIA Corporation) NVIDIA Update 1.10.8 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.10.8 - NVIDIA Corporation) NVIDIA Update Components (Version: 1.10.8 - NVIDIA Corporation) Hidden OI App Manager (HKLM-x32\...\OI App Manager) (Version: - Optimum Installer) PaperPort Image Printer 64-bit (HKLM\...\{ABA4FAF1-6389-45F9-92CE-3914A4E5C471}) (Version: 1.00.0000 - Nuance Communications, Inc.) PDF to JPG Converter Free 7.2.1 (HKLM-x32\...\PDF to JPG Converter Free_is1) (Version: - PDFAura, Inc.) PDF to Word Converter Free 7.2.1 (HKLM-x32\...\PDF to Word Converter Free_is1) (Version: - PDFAura, Inc.) Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.95 - WildTangent) Hidden Pogo Games (HKLM-x32\...\PogoDGC) (Version: 1.0 - ) <==== ATTENTION Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden Polar Bowler (x32 Version: 2.2.0.95 - WildTangent) Hidden Polar Golfer (x32 Version: 2.2.0.95 - WildTangent) Hidden QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6045 - Realtek Semiconductor Corp.) Recuva (HKLM\...\Recuva) (Version: 1.51 - Piriform) Revo Uninstaller Pro 3.0.8 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.0.8 - VS Revo Group, Ltd.) ScanSoft PaperPort 11 (HKLM-x32\...\{02570AE0-BEE0-4A6C-BE3F-D806E9F2EA17}) (Version: 11.2.0000 - Nuance Communications, Inc.) Smileycons 6.0.1 (HKLM-x32\...\Smileycons_is1) (Version: 6.0.1 - Cloudeight Internet, LLC.) swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden SyncBack (HKLM-x32\...\SyncBack_is1) (Version: - 2BrightSparks) SyncBackFree (HKLM-x32\...\SyncBackFree_is1) (Version: 6.5.30.0 - 2BrightSparks) Taskbar Shuffle version 2.5 (HKLM-x32\...\Taskbar Shuffle_is1) (Version: 2.5 - Jay Elaraj) Torchlight (x32 Version: 2.2.0.95 - WildTangent) Hidden TrayStatus 1.2.3 (HKLM-x32\...\d6b74f60-2e9d-4c60-a8b7-b7d737c44ad4_is1) (Version: 1.2.3.0 - Binary Fortress Software) Unlocker 1.9.1 (HKLM-x32\...\Unlocker) (Version: 1.9.1 - Cedrick Collomb) Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb) Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft) Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version: - Microsoft) Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version: - Microsoft) Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft) Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft) Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version: - Microsoft) Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version: - Microsoft) Update for Microsoft Office OneNote 2007 Help (KB963670) (HKLM-x32\...\{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2744EF05-38E1-4D5D-B333-E021EDAEA245}) (Version: - Microsoft) Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version: - Microsoft) Update for Microsoft Office Script Editor Help (KB963671) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version: - Microsoft) Update for Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version: - Microsoft) Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.95 - WildTangent) Hidden Welcome Center (HKLM-x32\...\eMachines Welcome Center) (Version: 1.02.3102 - Acer Incorporated) Wise Program Uninstaller 1.11 (HKLM-x32\...\Wise Program Uninstaller_is1) (Version: - WiseCleaner.com, Inc.) Zuma's Revenge (x32 Version: 2.2.0.95 - WildTangent) Hidden ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-771612026-841732212-226713872-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Bonnie\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-771612026-841732212-226713872-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Bonnie\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-771612026-841732212-226713872-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Bonnie\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-771612026-841732212-226713872-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Bonnie\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\FileSyncApi64.dll (Microsoft Corporation) ==================== Restore Points ========================= 07-09-2014 09:00:42 Windows Backup 08-09-2014 09:01:43 Windows Backup 09-09-2014 03:51:38 Windows Update 09-09-2014 09:00:51 Windows Backup 09-09-2014 17:34:37 Restore Operation 09-09-2014 18:02:18 Windows Backup 09-09-2014 20:00:03 Windows Backup 09-09-2014 20:43:33 Revo Uninstaller Pro's restore point - TrayStatus 1.2.3 09-09-2014 21:18:30 Windows Update 09-09-2014 23:36:19 Windows Update 10-09-2014 09:00:30 Windows Backup 11-09-2014 09:01:29 Windows Backup 12-09-2014 09:01:18 Windows Backup 13-09-2014 09:00:38 Windows Backup 14-09-2014 09:00:30 Windows Backup 15-09-2014 09:00:26 Windows Backup 16-09-2014 09:00:43 Windows Backup 17-09-2014 02:26:18 Revo Uninstaller Pro's restore point - Foxit PhantomPDF Standard 17-09-2014 02:31:43 Revo Uninstaller Pro's restore point - Foxit Reader 17-09-2014 02:32:26 Revo Uninstaller Pro's restore point - Foxit Cloud 17-09-2014 02:33:16 Revo Uninstaller Pro's restore point - Foxit Reader 17-09-2014 09:00:21 Windows Backup 18-09-2014 02:38:57 Revo Uninstaller Pro's restore point - Catalina Savings Printer 18-09-2014 02:43:04 Revo Uninstaller Pro's restore point - Revo Uninstaller 1.95 18-09-2014 09:00:20 Windows Backup 19-09-2014 02:33:29 Checkpoint by HitmanPro 19-09-2014 02:34:28 Checkpoint by HitmanPro 20-09-2014 02:25:22 Norton Security Suite Registry 20-09-2014 09:00:44 Windows Backup 21-09-2014 00:43:25 Revo Uninstaller Pro's restore point - TrayStatus 1.2.3 21-09-2014 00:47:05 Revo Uninstaller Pro's restore point - TrayStatus 1.2.3 21-09-2014 00:48:38 Revo Uninstaller Pro's restore point - TrayStatus 1.2.3 21-09-2014 00:50:32 Revo Uninstaller Pro's restore point - TrayStatus 1.2.3 21-09-2014 01:03:06 Revo Uninstaller Pro's restore point - TrayStatus 1.2.3 21-09-2014 09:00:46 Windows Backup 22-09-2014 09:00:25 Windows Backup 23-09-2014 09:00:35 Windows Backup 24-09-2014 09:00:25 Windows Backup 24-09-2014 20:36:11 malwaretips.com Preparing for Malware Removal Assistance 25-09-2014 09:00:24 Windows Backup 26-09-2014 09:00:23 Windows Backup 27-09-2014 09:00:58 Windows Backup 28-09-2014 09:00:21 Windows Backup ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-13 22:34 - 2011-12-30 23:06 - 00440010 ____N C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 [url="http://www.007guard.com"]www.007guard.com[/url] 127.0.0.1 007guard.com 127.0.0.1 008i.com 127.0.0.1 [url="http://www.008k.com"]www.008k.com[/url] 127.0.0.1 008k.com 127.0.0.1 [url="http://www.00hq.com"]www.00hq.com[/url] 127.0.0.1 00hq.com 127.0.0.1 010402.com 127.0.0.1 [url="http://www.032439.com"]www.032439.com[/url] 127.0.0.1 032439.com 127.0.0.1 [url="http://www.0scan.com"]www.0scan.com[/url] 127.0.0.1 0scan.com 127.0.0.1 1000gratisproben.com 127.0.0.1 [url="http://www.1000gratisproben.com"]www.1000gratisproben.com[/url] 127.0.0.1 1001namen.com 127.0.0.1 [url="http://www.1001namen.com"]www.1001namen.com[/url] 127.0.0.1 100888290cs.com 127.0.0.1 [url="http://www.100888290cs.com"]www.100888290cs.com[/url] 127.0.0.1 [url="http://www.100sexlinks.com"]www.100sexlinks.com[/url] 127.0.0.1 100sexlinks.com 127.0.0.1 10sek.com 127.0.0.1 [url="http://www.10sek.com"]www.10sek.com[/url] 127.0.0.1 [url="http://www.1-2005-search.com"]www.1-2005-search.com[/url] 127.0.0.1 1-2005-search.com 127.0.0.1 123fporn.info 127.0.0.1 [url="http://www.123fporn.info"]www.123fporn.info[/url] 127.0.0.1 123haustiereundmehr.com 127.0.0.1 [url="http://www.123haustiereundmehr.com"]www.123haustiereundmehr.com[/url] 127.0.0.1 123moviedownload.com There are 1000 more lines. ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {005C54FD-7033-41B8-990F-DF0284C1BB08} - System32\Tasks\{1181BCAC-D8CB-4880-9E21-5F04732D322F} => C:\Users\Bonnie\Documents\My Documents\MY DOWNLOADS\Diskkeeper\Home\Diskeeper2007_Home.exe Task: {01CF0FB0-0CF8-487C-951E-ECB763F3EF07} - System32\Tasks\{78021533-3DD2-468F-9AB8-6429AAC2734D} => C:\Users\Bonnie\Documents\CareerStep110909\Appications Downloaded\Stedman's Dictionaries from Facebook Forum\Spellchecker_2005\Spellchecker 2005\Setup.EXE Task: {02E195C3-7DDD-44D5-A14B-8E4CC541BE07} - System32\Tasks\Norton Security Suite\Norton Error Processor => C:\Program Files (x86)\Norton Security Suite\Engine\21.5.0.19\SymErr.exe [2014-01-30] (Symantec Corporation) Task: {0A203C94-FD6E-42B2-8627-2A3EE939663C} - System32\Tasks\{D1889722-80ED-4848-9463-841FE057C6BC} => C:\Users\Bonnie\Documents\CareerStep110909\Appications Downloaded\Stedman's Dictionaries from Facebook Forum\Spellchecker_2005\Spellchecker 2005\Setup.EXE Task: {0F0DAD4F-8FDA-4D59-A4CB-03D4EA78C4A6} - System32\Tasks\{885113B5-2ED3-4714-8BB5-FD8E4A899449} => C:\Program Files (x86)\Stedmans Medical Eponyms\Medical Eponyms\smep32.exe Task: {14136F15-4ED6-46E0-994B-BC70AC37F20A} - System32\Tasks\{F5C18D0F-079E-412C-BB61-8D52F74FD568} => D:\setup.EXE Task: {1BFF1054-75E3-4AD7-8E93-4882253B17DB} - System32\Tasks\{D1FBB1F5-49C9-44E9-A1BC-C50684CF6CD6} => C:\Users\Bonnie\Documents\CareerStep110909\Appications Downloaded\Stedman's Dictionaries from Facebook Forum\Spellchecker_2005\Spellchecker 2005\Setup.EXE Task: {1D6BC3AC-190C-4F36-A391-D46A02282C80} - System32\Tasks\{DADB5956-372E-4C40-8C0E-158B4491F10F} => D:\setup.EXE Task: {1EF7752C-578B-4328-9131-0FF30DCFA163} - System32\Tasks\{CD57DFD8-5280-44BF-86EA-17A99FE302D9} => C:\Program Files (x86)\Stedmans Medical Eponyms\Medical Eponyms\smep32.exe Task: {20E73B6F-FE38-4CF3-91BD-EFDEFA3BCC28} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation) Task: {21A2387A-25E9-4E87-908B-D1192D249A77} - System32\Tasks\{5DA47900-3260-47DD-B22D-D2F5B94AF490} => D:\setup.EXE Task: {229347CA-53D0-452B-9FF2-40D558E07EAE} - System32\Tasks\{10B5CA08-0E11-4F81-936F-3C046642181A} => C:\Program Files (x86)\IT7Pro\Exe_v7\IT7Pro.exe Task: {244B04DC-E2D7-41B8-8B99-8BE06E7A8F13} - System32\Tasks\{EE955390-3F60-45ED-8525-C9C00D75B803} => D:\setup.EXE Task: {2823B864-5642-48EB-AE49-3B7BCB23F50B} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation) Task: {28551FDD-A3D0-4635-8ACB-30E9187AF6B0} - System32\Tasks\{DF40AE23-B20F-4072-8529-5E929F3FE671} => C:\Program Files (x86)\IT7Pro\Exe_v7\IT7Pro.exe Task: {2A66ADBF-8BCB-4C03-9D7A-A834A8164BE4} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup Task: {2B812EFC-F5A8-4A98-A8BA-7653B63D6D2B} - System32\Tasks\Microsoft_Hardware_Launch_rundll32_exe => Rundll32.exe url.dll,OpenURL [url]http://go.microsoft.com/fwlink/?LinkId=116866[/url] Task: {2EBEC7CA-ECF8-4ABA-9CBE-1C7C9606A4F7} - System32\Tasks\{E1BE30F4-9440-4A02-A5CE-AEB21C5A8A1E} => C:\Program Files (x86)\Stedmans Medical Eponyms\Medical Eponyms\smep32.exe Task: {34908596-B4E3-43E9-B772-882F69004B2E} - System32\Tasks\{A978A120-4746-4791-B1C3-2D041F8873B9} => C:\Users\Bonnie\Documents\CareerStep110909\Appications Downloaded\Stedman's Dictionaries from Facebook Forum\Spellchecker_2005\Spellchecker 2005\Setup.EXE Task: {396085F4-9AAB-4703-81F3-63D3BB55B69A} - System32\Tasks\{95C4CCFE-997B-4C07-BC1A-30777DF19956} => D:\setup.EXE Task: {3D87E10B-3E08-4E97-B2C7-CC0935D29991} - System32\Tasks\{1424C2DE-C1A4-4F5E-AD11-349677A3A35A} => C:\Users\Bonnie\Documents\CareerStep110909\Appications Downloaded\Stedman's Dictionaries from Facebook Forum\Spellchecker_2005\Spellchecker 2005\Setup.EXE Task: {3E4D01AE-A990-4615-A360-3E5E58EAA4D0} - System32\Tasks\{98553DEC-C798-43D4-8B0D-E4E5D8D6CB74} => C:\Users\Bonnie\Documents\CareerStep110909\Appications Downloaded\Stedman's Dictionaries from Facebook Forum\Spellchecker_2005\Spellchecker 2005\Setup.EXE Task: {3EE16EF7-C825-4D41-98CF-B8CF64324477} - System32\Tasks\{5987C26C-AA54-48A2-A664-AE30AC8BF764} => C:\Program Files (x86)\Stedmans Medical Eponyms\Medical Eponyms\smep32.exe Task: {3FF24F59-084C-4D96-872A-8DE07DB4AF19} - System32\Tasks\{624E4B65-6B11-44A9-8729-2984CD9033C0} => C:\Program Files (x86)\Unlocker\Unlocker.exe [2013-01-09] () Task: {41275674-A092-4D96-932C-ECEDCAC44EF3} - System32\Tasks\{BE8A86CE-F509-45AC-B703-053B45F0BB91} => C:\Program Files (x86)\Diskeeper Corporation\Diskeeper Home Setup\setup.exe [2005-11-30] (Diskeeper Corporation ) Task: {4B2F5DB4-D1B2-4D75-9021-A10C9BFEFF20} - System32\Tasks\{B944948B-12D1-4120-BFDC-0C9AFF032AFA} => C:\Users\Bonnie\Documents\CareerStep110909\Appications Downloaded\Stedman's Dictionaries from Facebook Forum\Spellchecker_2005\Spellchecker 2005\Setup.EXE Task: {4D63B953-4A4A-4A7A-B537-EA3B3214D098} - System32\Tasks\{F2C41C5E-57AB-4668-A6F4-6BB6F00AEC91} => C:\Program Files (x86)\Stedmans Medical Eponyms\Medical Eponyms\smep32.exe Task: {4ECFBF3A-43E8-4400-BB0E-D0128D53E0C4} - System32\Tasks\{D15F2DE9-C80D-4EEB-8EA0-25FCC5C168C7} => D:\setup.EXE Task: {5107C225-7621-4197-9EF0-5969F47F345E} - System32\Tasks\{F083FD2E-2778-4D74-B7FB-D96CB9B232A4} => C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe [2012-11-23] (FileHippo.com) Task: {52BCE7A9-EFC5-4416-83C6-074826F27F11} - System32\Tasks\{02102791-0E88-47C0-9376-1DFAC811AAF0} => C:\Program Files (x86)\Red NoteBook\RedNoteBook.exe Task: {56CBE756-EC54-4FE5-9F6C-58316390F5C6} - System32\Tasks\{EFCF6EBF-B68A-4F9F-9DCB-220F75223D32} => C:\Program Files (x86)\Stedmans Medical Eponyms\Medical Eponyms\smep32.exe Task: {5CB043BD-BC5D-4EA5-A102-648FFCA13796} - System32\Tasks\{127E40D2-3A41-4ABE-99CC-465B9B41F62C} => C:\Users\Bonnie\Documents\My Documents\MY DOWNLOADS\Diskkeeper\Home\Diskeeper2007_Home.exe Task: {5DB949BA-34AA-441D-AD81-18F91B99D76D} - System32\Tasks\0 => Iexplore.exe <==== ATTENTION Task: {5E84F1E3-A14E-4B48-91AB-C90B32266631} - System32\Tasks\{C14989A3-2700-4E30-9023-D7682E02E113} => Firefox.exe Task: {6A83CA1A-D5C5-4411-93A3-0C483CC7C73B} - System32\Tasks\{D422B7DD-16B5-44EE-B771-1CE23499ADD3} => D:\setup.EXE Task: {6BA56A18-BD9B-454F-8E09-BA2A43A22130} - System32\Tasks\4784 => Wscript.exe C:\Users\Bonnie\AppData\Local\Temp\launchie.vbs //B <==== ATTENTION Task: {6E2756BA-2CF6-48A0-AFC1-FBD549825232} - System32\Tasks\{25F30E5F-4ACF-4D01-8932-D685C6A9EE4C} => D:\setup.EXE Task: {6E9C0CC2-CACE-44CA-8113-EB13B58EE2BB} - System32\Tasks\{A051D7F4-1A47-4039-A675-6295654E8310} => D:\setup.EXE Task: {71966F80-F87D-4471-B186-91A9B41CF035} - System32\Tasks\SpyHunter4 => C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe Task: {73F6BD11-8D5E-426D-A635-6B9E4B1FA613} - System32\Tasks\{7E2ECE1B-3B86-45BD-B17E-69D1F1A9A02D} => C:\Program Files (x86)\Unlocker\Unlocker.exe [2013-01-09] () Task: {7CD9BBD6-BF86-46EA-9EFC-BD546D999713} - System32\Tasks\GlaryInitialize 5 => C:\Program Files (x86)\Glary Utilities 5\Initialize.exe [2014-09-15] (Glarysoft Ltd) Task: {7DD87CCF-F3E2-4026-8CCA-A2CD86DDC64D} - System32\Tasks\{2DE4ED84-1AC0-4257-AB07-D96419F5901B} => D:\setup.EXE Task: {82E77FA2-ABE1-41C4-869D-0B7D9C4322B0} - System32\Tasks\{D6B2A86E-946D-4302-9E81-FE6F7FB91912} => D:\setup.EXE Task: {8843BA86-370D-49F5-95B8-A8BA034F6EEB} - System32\Tasks\{1939B359-923B-4268-8C16-8A82560BA817} => C:\Program Files (x86)\Microsoft Picture It! 7\Pip.exe [2002-07-16] (Microsoft Corporation) Task: {A06C0437-D61B-4604-9E57-89CA888FC67B} - System32\Tasks\{D5D883E4-A6C3-40D3-B7F3-1630B2CB4109} => C:\Program Files (x86)\Stedmans Medical Eponyms\Medical Eponyms\smep32.exe Task: {A1F3D497-F863-449B-950F-D6204306BA0D} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation) Task: {A58C1ADC-E89D-45B4-B8FD-A9FE09B6F7AE} - System32\Tasks\Norton Security Suite\Norton Error Analyzer => C:\Program Files (x86)\Norton Security Suite\Engine\21.5.0.19\SymErr.exe [2014-01-30] (Symantec Corporation) Task: {A65792EC-192A-4C73-8DEA-1A6931657EBF} - System32\Tasks\{FEEC14F1-CF79-4BF2-89D8-1EF62F7A9806} => C:\Program Files (x86)\IT7Pro\Exe_v7\IT7Pro.exe Task: {AB2D2730-AC2B-450C-BE4C-491C5598401E} - System32\Tasks\GU5SkipUAC => C:\Program Files (x86)\Glary Utilities 5\Integrator.exe [2014-09-15] (Glarysoft Ltd) Task: {AE281D89-B0C6-48BB-9229-30DBD95E4131} - System32\Tasks\{9D35A7B8-4DE2-4DEE-AED3-42C6AE1384B6} => Iexplore.exe [url]http://ui.skype.com/ui/0/5.0.0.152.369/en/abandoninstall?page=tsMain&installinfo=google-toolbar:notoffered;notincluded,google-chrome:notoffered;disabled[/url] Task: {AF1308D6-7891-4B5E-B511-C9DD41CDF365} - System32\Tasks\{188224B7-A15A-4A69-ACD5-E1F615874B12} => C:\Program Files (x86)\Unlocker\Unlocker.exe [2013-01-09] () Task: {AF475D40-3DB6-4578-80A1-0511C29F15A4} - System32\Tasks\{2E59B992-B257-4211-834F-D44CE9350E29} => C:\Users\Bonnie\Documents\CareerStep110909\Appications Downloaded\Stedman's Dictionaries from Facebook Forum\Spellchecker_2005\Spellchecker 2005\Setup.EXE Task: {AF61526E-DBDB-482A-AB7E-715ECE89ED03} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-09-25] (Piriform Ltd) Task: {AFE9B32B-A030-4DDF-B100-525726F59E92} - System32\Tasks\{5E2EAD77-CC79-4972-A7A0-F195E0630C75} => C:\Program Files (x86)\IT7Pro\Exe_v7\IT7Pro.exe Task: {BABFBD1E-AB51-4480-97BC-8547C12D5B13} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2014-03-19] (Microsoft) Task: {BAF587D9-98E9-4ADE-A81C-3DC63A28C4D0} - System32\Tasks\{0FF32535-1A25-4C18-B742-456267A37CD8} => C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe [2012-11-23] (FileHippo.com) Task: {BD3F31B5-9366-4BB8-9ECA-307A7346BBDE} - System32\Tasks\GlaryInitialize => C:\Program Files (x86)\Glary Utilities\initialize.exe [2013-05-27] (Glarysoft Ltd) Task: {BED4553F-124E-4F62-BEB8-B9E9B7C61FC5} - System32\Tasks\Ad-Aware Update (Weekly) => C:\Program Files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe Task: {C2BD4DAC-A056-44BB-9183-71BEC7019EF4} - System32\Tasks\{DC048564-AC99-4F8C-952D-C8BF02F050A7} => Firefox.exe Task: {C2CA6603-93E9-4D24-834F-81AAEE24ACC2} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Security Suite\Engine\21.5.0.19\WSCStub.exe [2014-07-31] (Symantec Corporation) Task: {C6A751A7-91C8-4C3D-B304-76FD4EF0D36F} - System32\Tasks\{D8515773-F0F0-4B6F-B587-AD814F7B3303} => C:\Program Files (x86)\Unlocker\Unlocker.exe [2013-01-09] () Task: {CAF2F3BD-6266-404D-900D-AA8B3C4227BB} - System32\Tasks\{9CD62E55-23DE-4093-B247-27580ECBD21A} => D:\setup.EXE Task: {CD2A73BC-627D-4A9C-A9A5-EF37D6D65002} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation) Task: {DC9A60F4-4FA6-4A0A-922A-322676E82E2F} - System32\Tasks\{5AF99C23-3439-4E48-A006-660CDF6F9EBC} => C:\Users\Bonnie\Documents\My Files\MY DOWNLOADS\Avery Wizard\Avery Wizard 4.0.1.exe Task: {E2E1BA22-2C9E-4DDA-B5BE-A9669EEFE908} - System32\Tasks\{5F7491F5-055E-43B4-8AB1-6C0C13794ABE} => D:\setup.EXE Task: {E4D634D9-DA93-4872-8EFE-5D648AB5C2B0} - System32\Tasks\Event Viewer Tasks\ac8580ce-7f54-4c3e-bdef-da7a8866a46e => Wscript.exe "C:\Users\Bonnie\AppData\Local\Temp\tmpF9B4.vbs" Task: {E6576A38-A607-4BB6-8C02-75B1660083DB} - System32\Tasks\{1E489659-64BE-4A74-A027-58C627CBDD88} => D:\setup.EXE Task: {ECCDED60-D276-4EE4-821C-934246C4F589} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {F36EBADE-B9EC-4303-B912-113F05716D88} - System32\Tasks\{EDD0AA97-682C-4CA0-9160-CBA95F6C8FBD} => C:\Program Files (x86)\Microsoft Office\Options14\MSOO.EXE [2010-02-28] (Microsoft Corporation) Task: {F548A22D-026E-4BA3-8CB6-2C78B765F4DB} - System32\Tasks\{82F30A69-741F-4105-A1DB-29F0CD72139C} => C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe [2012-11-23] (FileHippo.com) Task: {F6767A57-59F9-47E0-AD86-C293DB2A23F9} - System32\Tasks\{6A246B2B-38B6-43A0-B3FE-ECDAE7FF92EE} => D:\setup.EXE Task: {FAC18CA1-FB27-472A-9852-B75E2A3993FD} - System32\Tasks\{3FD6A413-7148-48F0-B752-516587088E89} => C:\Program Files (x86)\Unlocker\Unlocker.exe [2013-01-09] () Task: C:\Windows\Tasks\Ad-Aware Update (Weekly).job => C:\Program Files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe Task: C:\Windows\Tasks\GlaryInitialize 5.job => C:\Program Files (x86)\Glary Utilities 5\Initialize.exe Task: C:\Windows\Tasks\GlaryInitialize.job => C:\Program Files (x86)\Glary Utilities\initialize.exe Task: C:\Windows\Tasks\SpyHunter4.job => C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe Task: C:\Windows\Tasks\SyncBack Unused Shortcut Folder.job => C:\Program Files (x86)\2BrightSparks\SyncBackBonnieTask created by SyncBack.exe ==================== Loaded Modules (whitelisted) ============= 2010-07-15 00:44 - 2010-07-15 00:44 - 00020032 _____ () C:\Program Files (x86)\Unlocker\UnlockerCOM.dll 2014-09-15 03:45 - 2014-09-15 03:45 - 00080160 _____ () C:\Program Files (x86)\Glary Utilities 5\zlib1.dll 2014-09-25 02:27 - 2014-09-25 02:27 - 03715184 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll 2011-01-26 20:48 - 2011-01-26 20:48 - 00237160 _____ () C:\Program Files (x86)\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) AlternateDataStreams: C:\ProgramData\TEMP:0B44CA7A AlternateDataStreams: C:\ProgramData\TEMP:4EFDF5FB AlternateDataStreams: C:\ProgramData\TEMP:6AD65294 ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) MSCONFIG\Services: ForceWare Intelligent Application Manager (IAM) => 2 MSCONFIG\Services: NAUpdate => 2 MSCONFIG\Services: NOBU => 2 MSCONFIG\Services: nSvcIp => 2 MSCONFIG\Services: nvsvc => 2 MSCONFIG\Services: PGMTrusted => 2 MSCONFIG\Services: Stereo Service => 2 MSCONFIG\startupfolder: C:^Users^Bonnie^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^7 Sticky Notes.lnk => C:\Windows\pss\7 Sticky Notes.lnk.Startup MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" MSCONFIG\startupreg: GUDelayStartup => "C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe" -delayrun MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime ========================= Accounts: ========================== Administrator (S-1-5-21-771612026-841732212-226713872-500 - Administrator - Disabled) AdministratorBonnie (S-1-5-21-771612026-841732212-226713872-1004 - Limited - Enabled) => C:\Users\AdministratorBonnie Bonnie (S-1-5-21-771612026-841732212-226713872-1000 - Administrator - Enabled) => C:\Users\Bonnie Guest (S-1-5-21-771612026-841732212-226713872-501 - Limited - Enabled) HomeGroupUser$ (S-1-5-21-771612026-841732212-226713872-1002 - Limited - Enabled) UpdatusUser (S-1-5-21-771612026-841732212-226713872-1005 - Limited - Enabled) => C:\Users\UpdatusUser ==================== Faulty Device Manager Devices ============= Name: F:\ Description: MFC-J615W Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a} Manufacturer: Brother Service: WUDFRd Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19) Resolution: A registry problem was detected. This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options: On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver. Name: E:\ Description: Multi-Card Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a} Manufacturer: Generic- Service: WUDFRd Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19) Resolution: A registry problem was detected. This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options: On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver. Name: AntiLog32 Description: AntiLog32 Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: AntiLog32 Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. ==================== Event log errors: ========================= Application errors: ================== Error: (09/24/2014 04:06:07 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (09/24/2014 03:45:19 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (09/23/2014 11:51:56 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (09/23/2014 10:23:02 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (09/23/2014 10:21:53 PM) (Source: Windows Search Service) (EventID: 7010) (User: ) Description: The index cannot be initialized. Details: The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801) Error: (09/23/2014 10:21:53 PM) (Source: Windows Search Service) (EventID: 3058) (User: ) Description: The application cannot be initialized. Context: Windows Application Details: The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801) Error: (09/23/2014 10:21:53 PM) (Source: Windows Search Service) (EventID: 3028) (User: ) Description: The gatherer object cannot be initialized. Context: Windows Application, SystemIndex Catalog Details: The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801) Error: (09/23/2014 10:21:52 PM) (Source: Windows Search Service) (EventID: 3029) (User: ) Description: The plug-in in <Search.TripoliIndexer> cannot be initialized. Context: Windows Application, SystemIndex Catalog Details: Element not found. (HRESULT : 0x80070490) (0x80070490) Error: (09/23/2014 10:21:52 PM) (Source: Windows Search Service) (EventID: 3029) (User: ) Description: The plug-in in <Search.JetPropStore> cannot be initialized. Context: Windows Application, SystemIndex Catalog Details: The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801) Error: (09/23/2014 10:21:52 PM) (Source: Windows Search Service) (EventID: 9002) (User: ) Description: The Windows Search Service cannot load the property store information. Context: Windows Application, SystemIndex Catalog Details: The content index database is corrupt. (HRESULT : 0xc0041800) (0xc0041800) System errors: ============= Error: (09/24/2014 09:54:00 PM) (Source: DCOM) (EventID: 10010) (User: ) Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} Error: (09/24/2014 04:03:00 PM) (Source: Service Control Manager) (EventID: 7030) (User: ) Description: The NPEService service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. Error: (09/24/2014 03:41:34 PM) (Source: Service Control Manager) (EventID: 7030) (User: ) Description: The NPEService service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. Error: (09/23/2014 10:21:55 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service. Error: (09/23/2014 10:21:53 PM) (Source: Service Control Manager) (EventID: 7024) (User: ) Description: The Windows Search service terminated with service-specific error %%-1073473535. Error: (09/22/2014 10:23:49 PM) (Source: Service Control Manager) (EventID: 7011) (User: ) Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WSearch service. Error: (09/22/2014 10:12:30 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: ) Description: WMPNetworkSvc0x80004005 Error: (09/21/2014 07:29:32 PM) (Source: DCOM) (EventID: 10016) (User: Bonniesdesktop) Description: machine-defaultLocalActivation{9BA05972-F6A8-11CF-A442-00A0C90A8F39}{9BA05972-F6A8-11CF-A442-00A0C90A8F39}BonniesdesktopBonnieS-1-5-21-771612026-841732212-226713872-1000LocalHost (Using LRPC) Microsoft Office Sessions: ========================= CodeIntegrity Errors: =================================== Date: 2014-09-03 11:55:02.397 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Unlocker\UnlockerDriver5.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-09-03 11:55:02.335 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Unlocker\UnlockerDriver5.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-09-03 11:55:02.257 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Unlocker\UnlockerDriver5.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-09-03 11:55:02.148 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Unlocker\UnlockerDriver5.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-09-03 09:43:26.171 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Unlocker\UnlockerDriver5.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-09-03 09:43:26.093 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Unlocker\UnlockerDriver5.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-09-03 09:43:26.000 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Unlocker\UnlockerDriver5.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-09-03 09:43:25.922 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Unlocker\UnlockerDriver5.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2013-10-31 16:19:52.297 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Unlocker\UnlockerDriver5.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2013-10-31 16:19:52.188 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Unlocker\UnlockerDriver5.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. ==================== Memory info =========================== Processor: AMD Athlon(tm) II X2 220 Processor Percentage of memory in use: 70% Total physical RAM: 2815.37 MB Available physical RAM: 836.47 MB Total Pagefile: 5628.91 MB Available Pagefile: 2257.69 MB Total Virtual: 8192 MB Available Virtual: 8191.83 MB ==================== Drives ================================ Drive c: (eMachines) (Fixed) (Total:913.84 GB) (Free:771.9 GB) NTFS Drive g: (FreeAgent GoFlex Drive) (Fixed) (Total:465.76 GB) (Free:308.39 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 931.5 GB) (Disk ID: 35D5C1F3) Partition 1: (Not Active) - (Size=17.6 GB) - (Type=27) Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=913.8 GB) - (Type=07 NTFS) ======================================================== Disk: 3 (Size: 465.8 GB) (Disk ID: 0C87459A) Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS) ==================== End Of Log ============================ [/QUOTE]
Insert quotes…
Verification
Post reply
Top