Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Slow Computer / Gorilla Price Problems


  • This topic is locked This topic is locked
5 replies to this topic

#1 sdenise

sdenise

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:04:12 PM

Posted 24 July 2014 - 07:20 PM

My mother's computer has become SOOOOO slow and she can no longer print certain things (like coupons) and my kids play games on her computer all the time so I'm trying to help her fix whatever they did to it. I ran ComboFix and here is the log - if you could please help it would be greatly appreciated!

 

ComboFix 14-07-20.02 - Sarah Doyle 07/20/2014  17:23:20.1.2 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.4061.2512 [GMT -5:00]
Running from: c:\users\Sarah Doyle\Desktop\ComboFix.exe
AV: Norton 360 Premier Edition *Disabled/Updated* {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
FW: Norton 360 Premier Edition *Disabled* {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}
SP: Norton 360 Premier Edition *Enabled/Updated* {631E4324-D31C-783F-EC5C-35AD42B18466}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\GorillaPrice
c:\programdata\GorillaPrice\config.dat
c:\programdata\GorillaPrice\GorillaPrice.exe
c:\programdata\GorillaPrice\WatGorp.exe
c:\users\Sarah Doyle\Documents\~WRL0483.tmp
c:\users\Sarah Doyle\Documents\~WRL0702.tmp
c:\users\Sarah Doyle\Documents\~WRL0942.tmp
c:\users\Sarah Doyle\Documents\~WRL1441.tmp
c:\users\Sarah Doyle\Documents\~WRL1536.tmp
c:\users\Sarah Doyle\Documents\~WRL1567.tmp
c:\users\Sarah Doyle\Documents\~WRL1669.tmp
c:\users\Sarah Doyle\Documents\~WRL2359.tmp
c:\users\Sarah Doyle\Documents\~WRL2376.tmp
c:\users\Sarah Doyle\Documents\~WRL2384.tmp
c:\users\Sarah Doyle\Documents\~WRL2543.tmp
c:\users\Sarah Doyle\Documents\~WRL2546.tmp
c:\users\Sarah Doyle\Documents\~WRL2722.tmp
c:\users\Sarah Doyle\Documents\~WRL2793.tmp
c:\users\Sarah Doyle\Documents\~WRL2916.tmp
c:\users\Sarah Doyle\Documents\~WRL2979.tmp
c:\users\Sarah Doyle\Documents\~WRL3248.tmp
c:\users\Sarah Doyle\Documents\~WRL3328.tmp
c:\users\Sarah Doyle\Documents\~WRL3819.tmp
c:\users\Sarah Doyle\Documents\~WRL3988.tmp
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_WatGorp
-------\Service_WatGorp
.
.
(((((((((((((((((((((((((   Files Created from 2014-06-20 to 2014-07-20  )))))))))))))))))))))))))))))))
.
.
2014-07-20 21:50 . 2010-08-30 13:34 536576 ----a-w- c:\windows\SysWow64\sqlite3.dll
2014-07-20 21:50 . 2014-07-20 21:51 -------- d-----w- C:\AdwCleaner
2014-07-10 09:21 . 2014-07-18 20:36 -------- d-----w- c:\windows\system32\drivers\N360x64\1504000.00D
2014-07-09 21:58 . 2014-06-19 00:53 48640 ----a-w- c:\program files\Internet Explorer\DiagnosticsHub_is.dll
2014-07-09 21:57 . 2014-06-05 14:45 1460736 ----a-w- c:\windows\system32\lsasrv.dll
2014-07-09 21:57 . 2014-06-05 14:26 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2014-07-09 21:57 . 2014-06-05 14:25 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2014-06-27 19:56 . 2014-06-27 19:56 -------- d-----w- c:\users\Sarah Doyle\AppData\Local\Citrix
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-07-10 03:04 . 2011-02-06 10:22 96441528 ----a-w- c:\windows\system32\MRT.exe
2014-05-09 06:14 . 2014-05-13 22:18 477184 ----a-w- c:\windows\system32\aepdu.dll
2014-05-09 06:11 . 2014-05-13 22:18 424448 ----a-w- c:\windows\system32\aeinv.dll
2014-05-09 05:29 . 2013-11-28 19:19 177752 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
2014-04-29 07:09 . 2014-04-29 07:10 332392 ----a-w- c:\windows\system32\RtlCPAPI64.dll
2014-04-29 07:09 . 2014-04-29 07:10 3074664 ----a-w- c:\windows\system32\drivers\RTKVHD64.sys
2014-04-29 07:09 . 2014-04-29 07:10 2519656 ----a-w- c:\windows\system32\RtPgEx64.dll
2014-04-29 07:09 . 2014-04-29 07:10 1560168 ----a-w- c:\windows\system32\RTSnMg64.cpl
2014-04-29 07:09 . 2014-04-29 07:10 149608 ----a-w- c:\windows\system32\RtkCfg64.dll
2014-04-29 07:09 . 2014-04-29 07:10 98408 ----a-w- c:\windows\system32\RCoInst64.dll
2014-04-29 07:09 . 2014-04-29 07:10 78680 ----a-w- c:\windows\system32\RTEEG64A.dll
2014-04-29 07:09 . 2014-04-29 07:10 375128 ----a-w- c:\windows\system32\RTEEP64A.dll
2014-04-29 07:09 . 2014-04-29 07:10 3209320 ----a-w- c:\windows\system32\RtkAPO64.dll
2014-04-29 07:09 . 2014-04-29 07:10 310104 ----a-w- c:\windows\system32\RP3DHT64.dll
2014-04-29 07:09 . 2014-04-29 07:10 310104 ----a-w- c:\windows\system32\RP3DAA64.dll
2014-04-29 07:09 . 2014-04-29 07:10 204120 ----a-w- c:\windows\system32\RTEED64A.dll
2014-04-29 07:09 . 2014-04-29 07:10 1881704 ----a-w- c:\windows\system32\RtkApi64.dll
2014-04-29 07:09 . 2014-04-29 07:10 1247848 ----a-w- c:\windows\system32\RTCOM64.dll
2014-04-29 07:09 . 2014-04-29 07:10 101208 ----a-w- c:\windows\system32\RTEEL64A.dll
2014-04-29 07:09 . 2014-04-29 07:09 2085440 ----a-w- c:\windows\system32\FMAPO64.dll
2014-04-29 07:09 . 2010-10-29 07:30 1698408 ----a-w- c:\windows\RtlExUpd.dll
2014-04-25 02:34 . 2014-06-11 04:09 801280 ----a-w- c:\windows\system32\usp10.dll
2014-04-25 02:06 . 2014-06-11 04:09 626688 ----a-w- c:\windows\SysWow64\usp10.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\users\Sarah Doyle\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\users\Sarah Doyle\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\users\Sarah Doyle\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2014-05-08 21444224]
"Fitbit Connect"="c:\program files (x86)\Fitbit Connect\Fitbit Connect.exe" [2014-05-19 3414560]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"PDF Complete"="c:\program files (x86)\PDF Complete\pdfsty.exe" [2009-10-14 563736]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"Norton Online Backup"="c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" [2010-06-01 1155928]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-12 640376]
"hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-08-20 150016]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"Fitbit Connect"="c:\program files (x86)\Fitbit Connect\Fitbit Connect.exe" [2014-05-19 3414560]
.
c:\users\Sarah Doyle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Sarah Doyle\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-1-2 30714328]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Snapfish PictureMover.lnk - c:\program files (x86)\PictureMover\Bin\PictureMover.exe -det [2010-6-17 1040952]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 AE1000;Linksys AE1000 Driver;c:\windows\system32\DRIVERS\ae1000w7.sys;c:\windows\SYSNATIVE\DRIVERS\ae1000w7.sys [x]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\1504000.00D\SYMDS64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1504000.00D\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\1504000.00D\SYMEFA64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1504000.00D\SYMEFA64.SYS [x]
S1 BHDrvx64;BHDrvx64;c:\program files (x86)\Norton 360 Premier Edition\NortonData\21.2.0.38\Definitions\BASHDefs\20140703.001\BHDrvx64.sys;c:\program files (x86)\Norton 360 Premier Edition\NortonData\21.2.0.38\Definitions\BASHDefs\20140703.001\BHDrvx64.sys [x]
S1 ccSet_N360;N360 Settings Manager;c:\windows\system32\drivers\N360x64\1504000.00D\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\N360x64\1504000.00D\ccSetx64.sys [x]
S1 IDSVia64;IDSVia64;c:\program files (x86)\Norton 360 Premier Edition\NortonData\21.2.0.38\Definitions\IPSDefs\20140718.001\IDSvia64.sys;c:\program files (x86)\Norton 360 Premier Edition\NortonData\21.2.0.38\Definitions\IPSDefs\20140718.001\IDSvia64.sys [x]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\1504000.00D\Ironx64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1504000.00D\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360x64\1504000.00D\SYMNETS.SYS;c:\windows\SYSNATIVE\Drivers\N360x64\1504000.00D\SYMNETS.SYS [x]
S2 CinemaNow Service;CinemaNow Service;c:\program files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe;c:\program files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe [x]
S2 CouponPrinterService;Coupon Printer Service;c:\program files (x86)\Coupons\CouponPrinterService.exe;c:\program files (x86)\Coupons\CouponPrinterService.exe [x]
S2 Fitbit Connect;Fitbit Connect Service;c:\program files (x86)\Fitbit Connect\FitbitConnectService.exe;c:\program files (x86)\Fitbit Connect\FitbitConnectService.exe [x]
S2 GorillaPrice;GorillaPrice;c:\program files (x86)\GorillaPrice\GorillaPrice.exe;c:\program files (x86)\GorillaPrice\GorillaPrice.exe [x]
S2 N360;Norton 360;c:\program files (x86)\Norton 360 Premier Edition\Engine\21.4.0.13\N360.exe;c:\program files (x86)\Norton 360 Premier Edition\Engine\21.4.0.13\N360.exe [x]
S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
S2 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe;c:\program files (x86)\PDF Complete\pdfsvc.exe [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ    hpqcxs08
.
Contents of the 'Scheduled Tasks' folder
.
2014-07-20 c:\windows\Tasks\G2MUpdateTask-S-1-5-21-3384437452-3773703006-463810942-1000.job
- c:\users\Sarah Doyle\AppData\Local\Citrix\GoToMeeting\1468\g2mupdate.exe [2014-07-09 13:16]
.
2014-07-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3384437452-3773703006-463810942-1000Core.job
- c:\users\Sarah Doyle\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-30 02:37]
.
2014-07-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3384437452-3773703006-463810942-1000UA.job
- c:\users\Sarah Doyle\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-30 02:37]
.
2014-07-20 c:\windows\Tasks\HPCeeScheduleForSarah Doyle.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15 10:43]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 164016 ----a-w- c:\users\Sarah Doyle\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 164016 ----a-w- c:\users\Sarah Doyle\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 164016 ----a-w- c:\users\Sarah Doyle\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 164016 ----a-w- c:\users\Sarah Doyle\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2010-01-18 568888]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-10-16 162328]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-10-16 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-10-16 415256]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://sewwithsarah.com/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyServer = http=127.0.0.1:8080
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Open Picture in &Microsoft PhotoDraw - c:\progra~2\MICROS~1\Office\1033\phdintl.dll/phdContext.htm
IE: {{c95fe080-8f5d-11d2-a20b-00aa003c157a} - c:\windows\web\related.htm
TCP: DhcpNameServer = 8.8.4.4 8.8.8.8 68.105.28.11
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{0c62a778-6c37-4da4-8f76-fad6121fa16f} - (no file)
BHO-{62960D20-6D0D-1AB4-4BF1-95B0B5B8783A} - c:\users\SARAHD~1\AppData\Local\Temp\low\COUPON~1.DLL
Toolbar-{5BED3930-2E9E-76D8-BACC-80DF2188D455} - c:\users\SARAHD~1\AppData\Local\Temp\low\CouponsBar.dll
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
WebBrowser-{0C62A778-6C37-4DA4-8F76-FAD6121FA16F} - (no file)
AddRemove-{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE} - c:\program files (x86)\InstallShield Installation Information\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\N360]
"ImagePath"="\"c:\program files (x86)\Norton 360 Premier Edition\Engine\21.4.0.13\N360.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton 360 Premier Edition\Engine\21.4.0.13\diMaster.dll\" /prefetch:1"
--
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\pdfcDispatcher]
"ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
"ImagePath"="\SystemRoot\System32\Drivers\N360x64\1504000.00D\SYMNETS.SYS"
"TrustedImagePaths"="c:\program files (x86)\Norton 360 Premier Edition\Engine\21.4.0.13;c:\program files (x86)\Norton 360 Premier Edition\Engine64\21.4.0.13"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10d.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10d.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
.
**************************************************************************
.
Completion time: 2014-07-20  18:09:15 - machine was rebooted
ComboFix-quarantined-files.txt  2014-07-20 23:09
.
Pre-Run: 516,114,886,656 bytes free
Post-Run: 515,372,453,888 bytes free
.
- - End Of File - - 267C0615C8256B57664DE5A10F4EB612
4DA3C8CF626537C74D37D689D4DFE83C



BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,600 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:12 PM

Posted 29 July 2014 - 07:25 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/542154 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:04:12 PM

Posted 30 July 2014 - 10:53 AM

Hello 

sdenise

,

  • Welcome to Bleeping Computer.
  • My name is fireman4it and I will be helping you with your Malware problem.

    Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
      
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing.
      
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".
  • In the upper right hand corner of the topic you will see a button called Follow This Topic.I suggest you click it and select Immediate E-Mail notification and click on Follow This Topic. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

      
  • Finally, please reply using the Post  button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.
  •   I will be analyzing your log. I will get back to you with instructions.

 

 

1.

Download and run Junkware Removal Tool. ***Your Anti Virus may see this download as malicious, don't worry continue on. 

Please download Junkware Removal Tool to your desktop.

 

  • shut down your protection software now to avoid potential conflicts.
  • run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator"
    the tool will open and start scanning your system
  • please be patient as this can take a while to complete depending on your system's specifications
  • on completion, a log (JRT.txt) is saved to your desktop and will automatically open
  • post the contents of JRT.txt into your next Reply.

 

2.

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#4 sdenise

sdenise
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:04:12 PM

Posted 31 July 2014 - 07:16 PM

Thank you so much for your help! Here are the logs:

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x64
Ran by Sarah Doyle on Thu 07/31/2014 at 17:54:04.11
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

Successfully stopped: [Service] gorillaprice
Successfully deleted: [Service] gorillaprice

 

~~~ Registry Values

 

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3384437452-3773703006-463810942-1000\Software\wajam
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\upgradecodes\f928123a039649549966d4c29d35b1c9
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{87F8AD60-9145-4953-9C50-8CE044CD2B0E}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{ADDC0F40-8763-48FE-921B-9D28929839A8}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{C3FC4EF6-45A9-43B0-95A6-FBEAA417E9BA}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{C3FC4EF6-45A9-43B0-95A6-FBEAA417E9BA}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{62960D20-6D0D-1AB4-4BF1-95B0B5B8783A}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{62960D20-6D0D-1AB4-4BF1-95B0B5B8783A}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{62960D20-6D0D-1AB4-4BF1-95B0B5B8783A}
Successfully deleted: [Registry Key] "hkey_current_user\software\microsoft\internet explorer\low rights\elevationpolicy\{a5aa24ea-11b8-4113-95ae-9ed71deaf12a}"

 

~~~ Files

 

~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\boost_interprocess"
Failed to delete: [Folder] "C:\Program Files (x86)\coupons"
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{004AF57F-2FB6-44BE-8344-1A27584F88DD}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{0061F6AA-7E40-413F-A8A2-771B779EA275}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{01334729-2BFA-41CA-B45E-56B8DC12A774}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{02AB94ED-8063-476C-B746-D75B329A488E}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{02CA36B5-F01E-4AAC-A078-725B453E0563}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{0313C390-52B8-4173-AA3E-993B8E29A180}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{03B63528-52FB-456B-A42A-B35B05088E0E}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{053B4466-5FD1-4F3F-88BD-E7DB856A036A}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{06293253-2474-4E92-A42C-2468A63D069E}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{0756764D-BF69-4816-A5C0-41968AD6175A}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{075BED2B-1D5C-4B42-BAF1-5DD8E5B9B703}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{0807F75D-6C33-46C1-8250-8C743EE85C9F}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{080EEC11-0E6D-4490-AED4-27ADDB39833F}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{084941F9-C3D6-443F-B2EE-98D7AD0F7444}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{092EA5EE-BE5B-406D-8A57-AE9CD474044D}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{0A40B18E-0B00-43DE-95B8-D0E363AA3DF9}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{0A62835E-B4D5-4771-A5F9-CF5040F1C04F}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{0A70427B-A147-4298-91FE-CEC59BCB784A}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{0BD373DA-B98A-41F9-8E19-B8FAAC507C75}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{0C2BED10-2B89-4C2E-80E5-CABF9C5F3E84}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{0CCC860A-AD84-4A52-ADD1-F3E3E302D35E}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{0EE7E7CF-257F-42CF-829A-99F98020DCDE}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{0F164477-88C7-4426-A13D-1933F9CB950D}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{0F325319-58D0-4022-B3EA-D3382609A5EC}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{109A3951-CF81-4E05-9A74-64AF08DDEF94}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{11C4C7C3-4248-4CDF-B3B9-7860AB4DC47A}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{1267D78B-CA12-4E17-8936-1C3C73D697DE}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{12FCB358-378B-4524-8C26-B971DB40BA7B}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{13F6ED38-5E17-4BD7-A171-0306DC68DA54}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{14BB0B47-DF4B-4AAF-87C3-D35732CD135A}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{14BF2923-29C4-4A9F-B9ED-C69747E4A140}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{1529202C-C73D-4248-AA5D-8971D37AC9CB}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{161FEB5C-1F05-428B-A5E3-E00F35F2E092}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{17EAB489-B79F-4DD3-9878-180EE7D125BD}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{19770CB7-D615-4344-B041-324764F667B6}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{1ADD8E56-9D51-44E9-9178-70F86F9250E1}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{1B321131-875C-46AC-AB93-0FB759062EDF}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{1EC3F616-DA10-4A26-93AF-59FB295220BA}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{1EF7B959-3CF9-4369-800C-F5860CFD5531}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{1F342284-002B-44D8-BC50-25B266D6E8B7}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{1FBD644A-C203-48BC-A67A-828456FD165A}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{1FC41ED4-298F-4802-9049-A16400412302}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{20C49011-96CD-4D94-B024-B8E82B06E1E5}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{21AF85FF-0334-4CD8-931B-ED9A34B03837}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{21CB5BE3-3023-4DF5-82CE-2400316AF875}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{21D9FF1A-2B4D-49EF-A625-36F686AAF6CD}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{22C4FD5C-A2C7-47CF-9E77-3738CA2EAEC8}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{2358B362-0247-431B-A539-A7D297F568E0}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{23B99B0E-D69E-46A8-8FC6-D8FC60543CB7}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{240BDBD3-B159-4124-B6E3-423AAF960B2B}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{2541A6E6-55CC-44DB-860E-F0CA597A15D3}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{2737A302-BE0B-4F1F-A3E6-C8F149D119B3}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{29655497-CC76-4C93-9408-DA8B2DB49C58}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{29A6CD43-1959-484E-AF9F-C8FDEE4375AE}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{29B907A0-347F-421C-B416-D80F0A8EDA0C}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{2A1A4817-67CF-4C6F-B004-CF430D5404C9}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{2A466347-7DFA-4EFE-B629-452E4F2D3793}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{2A734883-BC1A-4069-ACF6-4843DE95B2C6}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{2B8AE736-67A3-4F2E-94D0-5909E222BE4B}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{2C3E38C1-9A18-461F-97C3-72DF1D2C87AD}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{2D3541DD-44BC-47C0-B6C8-FF5EFC5BF6BD}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{2DC99801-1EE2-47C1-BD3A-377D6D3B45D3}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{2E0D4DC4-B36A-420C-81F1-358042DE4904}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{2E5F0EBC-639E-44C0-A795-C7C8F5C6FE07}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{2ED60E44-48AE-4960-904D-BBDADC19A0A6}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{30DA7870-152F-4D7A-A2B0-587B2D7CF8C7}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{30EA2D84-7C49-4314-BE4F-3C520E7817F9}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{30EB03D5-F961-4A12-B222-E46D7842740A}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{3127A004-CC89-4C97-9157-1CF9A8AE9C5E}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{317FCA91-399E-4675-B880-4AAF4CFFF5F9}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{31CE5199-C81E-43FF-AE9D-1279F2E2B1F5}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{320F8A11-219A-415F-AE11-C1CE9E327509}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{32473708-1F40-4A5B-8BE4-B002977805FF}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{3296C1EC-E67D-4603-A8BA-DDA20C18A005}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{33483674-7F70-4A80-A0DE-C40CBA14AC58}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{33D45AC1-3DF2-44C6-BB0D-D77AAAFBF1EC}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{345AE30A-914F-434E-9362-B48B944410F0}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{35E610A0-D725-495C-A898-CD0D24B94A25}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{36CD65E6-216D-4A28-ABAE-8AD017FB0592}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{36D7588B-6B3E-4659-A886-937D18E55EE4}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{36DC7C3B-08D7-4D7D-9E02-69A6307D4CAC}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{37112E15-BC22-407F-9AC8-0C9DDA1C6C9F}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{37C51CCA-0E31-4D17-ADBE-43EE7F57D6CD}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{38D25177-EA54-44BF-BA13-F25C4CF2BA76}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{3906BA23-BBE3-4121-9AFE-A6446A264EBC}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{3A49F513-43B9-49D6-84B3-FF5C5B62EC7A}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{3A88C2F9-8F3E-4649-92EB-70453A07D73E}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{3A9C3B70-E205-4BFC-9E9F-571212C86CCF}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{3D0B945B-F1C0-431F-9050-D0813E6C9B70}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{3D9C550F-8D28-4FA0-A224-9154EC9F56B4}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{3E6083C3-030E-436B-9BF0-21A9571FC0CB}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{3E9F1DE9-A738-423C-A6AA-F330D569D58F}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{3F13B0B6-946D-4262-87CA-F07A9F465B7C}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{3FCC9C9E-2676-4AB8-B63F-9CFEE594D36B}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{40F78196-1B4F-418E-9087-C7DABF59A3B3}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{414966A8-709C-4698-9C6F-C070F287A9D1}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{415C8C25-CA79-471B-B6D7-1D6DDFDE2F8B}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{420303DC-66F7-4FF3-B2FF-C05A7B106D11}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{4217950E-1EB7-4D58-B32B-C8F09F40DDA3}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{42DADB9E-1891-474D-94C4-1425210B034D}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{43E15338-C37E-4E41-89C8-B944584826B9}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{4454288F-E26A-41FB-A319-D3A2ADE0193A}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{450724E5-640B-45D9-8232-1E6BA2542381}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{45B6111C-5E00-442E-B275-62133B150ED1}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{45D64EBA-7F96-4096-9D0A-565D83FB1B7F}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{45E895B5-C3F0-4B25-8BA5-0B3151E2CE94}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{48254CAE-ABF6-41B4-ADFB-9051CE02DFAA}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{48262857-93CB-4695-BF76-DE624BF2AF1D}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{4864F76C-C502-44AA-BD03-5A608F8EC9C8}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{490501CC-A618-4B5D-BDA7-04E45C9550FB}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{4927F1B0-C05E-49F1-80CD-9CB63B569310}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{49344F19-C830-46D8-877A-72AA0A87C9CE}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{4958EF8F-B8AD-44F5-A925-1E6CF0270078}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{4A62E408-1F44-4466-A539-4A941CA10920}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{4A6563B6-2EFB-481D-ABA1-C1ADD795C8DC}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{4B086F40-122E-40E7-A6EF-9F9C179F7FFF}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{4D17F434-9A9C-4F83-8843-8D03CD1EB824}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{4D9A6EC7-63B3-4FDC-8C85-ADA5FB1C4DA8}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{4E9C0555-5A02-417F-B35D-EF5B265EC502}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{4F3B936D-A084-4E96-B098-D9BDB8478475}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{4FF2CA92-65AC-4EAC-A02B-8CA547CE38BF}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{50824AB0-4E8D-4FF2-AAB2-A60B6368FFEB}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{50FB92B5-5043-4EBB-9AF8-13E259306A28}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{511128A0-2AC1-432D-AD87-D0B8A3041ECB}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{516998AD-C668-4954-8124-DB08E2228B48}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{5214E7FC-5A21-47FF-BE07-D984EC658F5C}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{52C79843-5864-4A5B-A180-0CCF2A1DA257}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{532FF933-8A9B-457F-B97C-DC9FA7B40716}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{54C35AAB-81C0-409D-827C-87E942A8563F}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{54CFB8EC-F354-492D-A5E5-E37AA7A4A047}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{559AC896-17ED-4FEE-9265-5CCCCB3831B5}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{55D7C561-8F84-4B58-94D5-8EF38DC1587D}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{561E141E-6E76-423F-9E48-623B2ED05B81}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{59E31203-7D47-4D3D-BC1F-8E6A30ECC7C7}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{5A06E6D1-21B2-491F-BCA0-0A4F5AB0DEE4}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{5A56FDA6-0F21-436C-8715-FE98605EA27D}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{5AD0110A-7FE1-4222-BEE9-FF5D5AA3C7E8}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{5B64C5BF-D12B-42C8-BC6A-99A45B190A59}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{5B651C8C-F746-43F8-9450-D605DFFACF18}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{5B770FC1-518C-4AB0-A2A1-304E4D06BED8}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{5C55FF93-7E36-4F4B-81D6-9759007DB519}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{5CABC63E-DD0E-4E51-BDE4-D4E3BD2823EB}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{5D2D50D4-A4CF-4215-AD2C-1EF2FEAC83F3}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{5D9EAA56-1100-4C3C-B0C8-7E50B4BF88E5}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{5E27D0E8-462A-44B7-8D58-3C79CC27B979}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{5E569A9D-5DA4-4E30-8146-63D55F6109B0}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{5E83CF7D-5E4F-44E4-8874-69EB26508A10}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{5FBDA984-13DB-4320-B5BA-57F212EC5F56}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{605E134F-D50C-4F9B-BC9B-29B39D9F1B7F}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{607E2A12-DD2B-4218-8082-E9367D8C12A6}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{60CFA9A4-5CB8-41B4-BBD6-1CF597409D3B}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{616D9436-3857-45A6-BA86-9DE8B7DD88B4}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{61D771C5-F5BA-4DC9-B305-1F7B6A998E8E}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{62E11376-0736-4E87-8F4F-2A8D3059C877}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{63B36324-4A23-46DB-9967-646827CC88B9}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{641D57CA-0312-4A32-9AE1-D987E9A979E3}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{64642786-838E-4967-88B7-9EC38BF10963}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{64D391F8-6272-4443-BAB5-BBC2B1171682}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{64D47ACA-963D-4BB0-8F3F-0EAA63A8ED04}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{64F1E274-D2A8-4B63-AC18-C5B20BD39C9B}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{652450E9-516F-4023-98F7-4B357D8F3DA3}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{65B7865F-9DDC-4274-A825-E515F7DDB121}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{6609A146-DAF9-4284-B3D9-3BB35FC1B16E}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{6620D626-551F-42AC-AEE7-6C0DB516ADEC}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{6624312C-8474-4218-B9FD-791A0C1FF930}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{66365B4A-4204-44E5-99C1-53E78FE21DEC}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{663FB4AC-A0D1-4B28-B308-6433BE202B07}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{665B9D35-46F1-4984-A4A1-9B16A520370E}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{67EC8A22-3EE8-4CE1-ABA7-C250F470151F}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{68DC590B-307C-46EC-8D19-A38E5FC03D84}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{696E3BF7-687C-4CE8-BDAE-5A9B96A51DB8}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{698C07D1-096B-432B-88FB-7787A05596DA}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{6AF56290-8F7F-4296-8040-68826FEFC175}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{6B2A6A06-D3E2-40B5-860C-C6E8327D94DF}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{6B2D4754-530C-482E-BE07-AF078E945026}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{6BB0B174-FEC9-4E1F-B6FC-6E13CCF11DDD}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{6BE25AC7-049F-4CF4-B115-6F695F675DAA}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{6C39F63A-9EAA-47FF-8663-723012070C70}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{6C506A5C-0009-453D-B07E-197612E9E776}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{6C94BDB7-5A09-497C-9197-6677B6BFF7E0}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{6DC78BA2-3E54-4A06-959D-AE578B3A5AAC}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{6F44968F-ACF5-4422-9FE8-6D9CCE160395}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{6F72E587-EB81-48D4-9F19-D453F8630E0A}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{6FA5D555-0CC3-45F2-82C5-406F82747976}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{6FB6F3BB-FE7B-4D02-B3CD-22A55C50E2F8}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{6FC78586-20FF-4FC8-9140-F8208CFB3DEC}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{6FD7E66D-B440-4786-A927-41141CAC5988}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{6FE2BDF0-6B95-4455-A838-733D65F7D681}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{70807811-6735-47EC-B337-AD6AC37795D9}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{7101AAC8-ABFD-4A6C-ACA2-E48846E304C7}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{713CA7C6-0BFA-43EF-BF24-C0811464745C}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{7163D326-62A6-43C2-A181-F9E8C662E143}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{71EA8062-A9F6-412B-BE69-254561F61C09}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{72B75162-3E9D-48BE-8E54-26C0A329A7F8}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{735610F4-0321-42D2-92D4-DDDDB3B78103}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{73ED19E2-7CB4-43C6-AC23-F6BBE709090B}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{7412218F-7DAE-44AD-A088-A58FEE25486A}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{7424BECE-F7F2-41E4-8A88-699C2230DAB1}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{7525D153-9CB3-48A2-82FA-7B3B08249508}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{7565C582-6CC5-48C9-A81F-2525DBFB1D5E}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{75E6F1A9-F4F3-455D-A2BE-6791653E75B6}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{75F0B580-A8D9-40F7-A534-45DFEDD2B4E8}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{766513BA-2F77-40F2-89E8-121492EA6375}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{767D46ED-12E1-487F-9D3A-B97204C54DC1}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{7683C644-D404-4DE9-988E-B09D8287F9B8}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{76F930D7-7327-4649-8282-B2676AA348CD}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{775D74FF-AEBB-4E62-9554-C0F5D32F2432}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{77C9E055-1187-4CE0-A5FF-33AAB47AA7A3}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{785CC016-BC8A-45A4-8587-D210AE2E821C}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{78EDAF34-F694-4A75-88BB-3FAE4FD8F853}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{790669B4-F71E-42B3-AC5F-48756F467638}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{79F91AFB-D9A9-4702-9BB1-C60EA42D61FD}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{7BA5960B-70C1-4E2A-BB40-838FD01A21C9}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{7BB34841-7004-4D6D-9CAE-CC79BD69B2BE}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{7C24121C-7856-44CA-AE34-608B7C16EDB1}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{7C298057-DC95-4071-8C57-52160B879864}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{7DCBED0E-A0B6-4D91-8CD3-4FB32AFBDBA1}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{7DCC757E-8FD3-4DCF-AC0C-B539F663B311}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{7DF8AAF3-6A4F-4F9F-A295-895D512F4AF8}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{805D23B8-86FA-43C4-A7A8-FFCA76A876EE}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{81C5434F-E81D-4C75-A7FB-3DDBCD5951A2}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{81D746A8-ECC1-4D92-84A5-D1241D0585C4}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{826F618B-69A2-4527-ACBA-805757382759}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{839FFA50-1E83-4A28-9059-3A3B75B3E89C}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{8406F34B-48A5-4148-9AFE-CB78B8885156}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{8409BA6C-F4AD-478B-A02F-55C7AE3EC250}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{843AD5FD-E4F0-43E1-82D9-AF09FDE7898F}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{84530AC5-A8FA-4594-B7B7-0883D3997DF5}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{84CEA426-F428-4B87-B986-0556443ACB62}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{867504C5-95E6-47D5-87F2-01C9718B9382}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{86BD07EE-76C5-4FCC-ABC7-330A1DF01913}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{86BEE4F0-6FE6-47BD-A9A6-5B7DA39016C2}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{86C3457D-B7A6-41D3-B08C-29C3F6718402}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{875CFBDD-B9AB-430C-ACB3-353A15DA8838}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{87B50F74-6114-43E9-80C1-2F7135E41859}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{87FCE0F2-8CD5-492F-B3EE-FBC253EDE815}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{89A30028-9DA7-4005-89CD-133382268E8F}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{8A0BEE0B-0155-435F-B002-0FAE556E0ED0}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{8B92B4E7-6EFD-4EA7-80DC-3489C4D83E42}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{8BAB02EB-62DC-4C7F-AB98-32344BD593D6}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{8BC35E00-6448-4628-9001-6F4D291F61D5}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{8C6667E3-2F57-40DB-BC1C-DF37C74CC7FF}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{8C88562C-8BA6-41CA-BBAE-623656DC9B2E}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{8D082664-74B9-4949-931E-37C4C725FD22}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{8D0C5723-F2F4-4C4B-A728-721AC193BD04}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{8E0B84C4-390B-4811-867C-A4BEE903CC36}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{8E2F630A-F5C0-468C-8DBD-5E109497CC92}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{8EAC4081-26FE-4908-9BEA-8424C87A8D6C}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{8EC1F341-CCFC-4EF5-A77D-DCAEF5EB4709}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{8EC8E21D-77BD-4555-AB40-2C0119980B30}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{8ED1F223-7325-4C07-8560-314012940069}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{8FE63C56-84A6-4090-8E82-75AA0CA9BE9F}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{9037F536-C313-444D-8162-C6820ED3A8C8}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{90CF1EB0-559C-4FC4-816E-87B41DB308E0}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{9125257F-47FA-4A1E-A7B7-C6DB7AC7B169}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{914CD56A-8E31-4787-AABE-FB9D3BA632BD}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{9178A27B-285C-498F-B91A-FB371B77968D}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{91F85EF2-1237-42EA-8CEB-E18133671168}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{9348E397-4B94-40C9-BFF5-AED2A7CAAF2B}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{9357143F-8C0F-4E6C-81C5-1B04FDDCE2AE}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{9408946E-FAEF-4D56-A255-BB88D58FE01D}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{9427FAFE-A0AC-4134-B475-50F50EEA4C39}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{942B7F8D-4620-4DC0-BB60-2578B229D2C5}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{957FDCB9-18DE-4BBE-BF13-19A88AD41163}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{95DA0B7C-F3BE-49AF-BC8A-C5D6DC7C09AC}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{95EAD877-3BA5-4CA6-B3B9-EFD52D1C406F}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{96FF06B1-CCC2-40FA-AF6F-B5A9F082461D}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{97D20633-FEB8-4F7D-9C74-708516359CC5}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{97D69969-810F-44F5-9F46-DBF3D4CB2E77}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{98163299-73F6-4060-A2AC-CEF0C4E15C36}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{984E02F7-407F-4DC7-8989-A0DC6594D493}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{9869970F-8300-41F4-9075-CCFC9BC4DC41}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{993A57F2-B504-4153-9F75-824D298240C0}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{99CFA9FB-A26D-4F6E-A23C-D7E56703581D}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{9AAC96AE-13B1-4384-9347-688D4DB1B2A8}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{9AF29555-550C-4994-8759-B0B401A6C4EE}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{9D17AC7D-620A-4ABA-B4E4-C2A88B41BCD0}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{9D4DEF79-9898-4F39-BAC7-DD1D1B684327}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{9D5B42FE-9C3B-4F6C-9862-8FD614FA9856}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{9D94D797-7315-4B22-9714-80FF37E908B0}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{9DF2EA84-F738-4607-9038-24142DCF9194}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{9E98E6FC-021D-433B-B04B-D06E4D1955A7}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{9EBE7353-FA85-4954-BE4D-AFE295404778}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{A09F3B83-2DEC-47CF-9AAF-504CB26390BA}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{A1073FF8-EBA1-4686-8C02-D51A025DBEC0}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{A1A0DD03-FF25-4EDF-9651-FF92288961E5}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{A1B8E04A-8A13-4D8F-A1AC-32AED2F521DF}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{A2040761-995E-415B-86BE-5EB7C32AE2E8}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{A2AA47DB-2714-41C9-9127-5E63766F5F4B}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{A37A7F45-EF34-4371-8488-58DFE35DF20F}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{A4178436-3063-4B8F-B342-5DA0B1F302E3}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{A4D1AE48-294C-4D01-A47B-39BBB9A25056}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{A4FEFB4B-2930-45CA-8780-D9620B39A3AF}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{A5B009A6-F748-47E9-8D12-12EDF6A4D070}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{A5B5A4A2-D61B-4039-B4E8-2A165BE557A8}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{A634D3D9-426D-42A1-8B89-0EA9E9C4DEF8}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{A76D2C45-73A4-4BD6-9FA4-68C4028DE32A}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{A79F53B8-0728-4DA5-9731-F5B3632BE31A}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{A7C30602-7B3C-4EB0-9E82-98B0C1E39E76}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{A7E8DD9C-496C-46D8-B080-B2FAAF2622E2}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{A83F7AEF-484E-48E5-91D6-E1AE54DB1557}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{A9B6DC82-7C6D-4375-BDE7-99183C4C3063}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{A9FC222B-D1E5-4698-8BA3-82BDFBD9EF3C}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{AA760BAA-2BA8-47B5-827F-2D318C056000}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{AAFC0E77-8C18-411F-8900-6863F72B6591}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{AB33F4C3-B28B-4B1D-8945-784078E24050}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{ABD337D8-155B-45AF-B5DB-4B17A0E6F7D3}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{ABE7D1D5-EB37-4DD1-992F-5BCD76701AC8}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{AC1AD09A-BBD4-4B25-A28D-E9BDAE382245}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{ACEF74AA-B5E5-4921-BE68-038C2EA0728F}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{AD935AB0-4A23-460F-9833-F062EFCD8DA3}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{ADA70E9D-F553-416E-9A15-BCDF44A83B2E}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{AE7E8A4A-32EF-423E-92AB-EB4C395D4DC7}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{AED93D07-421C-4CF2-BEB4-A75EDF14C0D1}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{AF19F0B3-8EE3-430A-A61B-3507A78E3BEE}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{AF53B628-F3BC-4574-936D-ECAF5201B4D8}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{AFB06273-0FB5-42A0-BB99-615E0EABFBCA}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{B0970BCA-57B2-49C4-BC93-7C4169C6CE2A}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{B101892F-3326-4F7B-BA30-F5B5573542AB}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{B17E02EF-15E0-4EB2-A1DC-0211C62B4C8D}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{B1A6D989-CF67-4343-99D4-79EFAA9563D0}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{B1D5B228-1EC9-4809-AFEB-16E12DF64BA1}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{B1E77DE2-244B-48CC-B00D-542CA5DEC5E2}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{B23D8DD9-35C2-45FA-97DA-8706FC004637}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{B27A307D-C79B-4A91-9734-B126F5E0B838}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{B28CD705-26A2-4BB8-8017-5CBCA071F73F}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{B318EC23-B3C5-4148-8C81-48DEC4C02298}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{B31AF545-7A85-4BF3-B254-628614634077}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{B3C6A9AB-7D52-4BD6-9098-61534DCD4D94}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{B3D121A5-4B9D-4379-8AFC-822FF9C73F3C}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{B4CBA56A-C90E-4F93-8BA7-52CCB2ECBD2F}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{B4F3A0CF-2367-4F70-93D0-59D1E8656F93}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{B4F9AC03-2B74-4B3F-A433-5A2CA377C653}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{B571EC65-BE4F-40F5-9532-38DC9558ABFB}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{B5C9CC9E-A525-42F0-B5C4-2B8935E96734}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{B750B753-41EC-4A5A-833D-0061C4984AF9}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{B7528FF9-D6FF-444C-8B2B-FD1D55977DB3}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{B7BDBF91-24D3-48F3-A146-6C819B415A3B}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{B805EEDB-99C3-4449-9695-E19D700ECC7A}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{BA05624C-2FD5-43E6-A439-A6E63D2DC580}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{BB9B8FF3-C1E0-4BF3-962F-E849B3DEE46C}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{BD3F3705-E1D7-4217-923B-48ED5ABD892F}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{BEB5FCAA-059A-4DAB-9A54-E8FC95B7B51B}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{BED92315-06E3-4389-BC7D-FC753D3A910E}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{BFAB0019-076C-477E-84E2-281164A4BB47}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{BFC97B13-1630-490A-92AF-29B450E2ACC3}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{BFD9B598-D325-4E07-B223-EF6858E32A5D}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{C0926FC4-9BA8-4B4F-B087-551F88AE45AC}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{C0DCD2EF-D999-466E-87C1-0B0C4D5275A6}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{C16F3CE8-6D1E-43A5-A0E7-995DC6CFFCDF}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{C1983FD0-6C5B-4BF9-BCEF-C241F839F258}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{C21ABBB5-AA38-4251-AE98-BEB264DE114C}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{C2F7CEBF-FC67-4769-96C7-EA37644A0B87}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{C310287F-D129-4D5A-B478-EBF6D94FDC79}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{C3616318-1562-4D35-8FF6-354922C4DA66}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{C42C220D-B8A8-4C2A-AF0B-5A8210453A9F}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{C5846769-A30D-462A-973C-FCAAB65A6A1A}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{C58595BA-B2E5-460C-9EAF-52C55364DED3}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{C5A8D367-C699-46D9-86AD-7D74DAD882F3}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{C63188D8-FB17-4EA5-9DA2-4054DEB11D77}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{C683029A-5689-41C1-8287-8BA37D569393}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{C68F2DE2-74F4-420F-83A8-5AF399542DAC}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{C85C7824-1FF5-44A5-B7BB-65EBF67E31F4}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{CB16AC95-578D-4AC2-B166-A1C88CC5AFC5}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{CB6B5EFB-B371-4BF5-8EE0-8F1D2EA81005}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{CB89EF15-0EB7-4325-8282-BF67E9A6658C}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{CC45E4E9-64DB-44E0-ACB2-81229D8B85DC}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{CC4B178A-E67C-4A01-9F07-A571A47E194C}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{CC53B2CD-3A57-4272-830E-061CC3B955BD}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{CC7E7527-A743-4C19-B6B4-D2E929D5DCF1}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{CCAAE13D-1709-4E61-B2B3-D06124075929}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{CD380FC4-1CD5-468B-AEC7-6AC543F11E15}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{CD4E0CAF-6C41-4EAA-88C0-A31536ED5BF1}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{CE11765F-ED6B-417D-BC04-1242803A1B18}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{CE395FDB-39E6-4DC6-8CF8-B55B043267D5}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{CECC0E68-4BA2-44B8-A6E1-5A43E9D9A7BF}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{CF38A0DD-C30F-434C-BB9F-23F191482A6F}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{CF8FE559-577F-4ED2-BC99-72F6F6582FE6}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{D0911D7E-CA41-4508-B76E-1CF2553287EC}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{D0C17D4B-9981-40C1-B864-CB33645EFCF5}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{D12498E2-ABB3-4E52-80E2-928545BD244F}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{D14FDAAE-0C59-48CA-BCB7-63F720C50C67}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{D15D0A0A-F158-4C6A-90FE-2797ED2D13D2}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{D15D6C7E-C361-446E-B891-B05D4314BBCF}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{D2D10582-283D-41B6-8BBD-9516B69B82E7}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{D3908476-59F5-432C-A6A2-04E2CAE00874}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{D3F0C827-65DE-45E1-ADC5-65EB2948939D}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{D429DE72-9C60-445C-A079-C3298C8AC9BB}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{D46AF526-53D3-49CB-9C51-5E1490422EA5}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{D4A19A95-EB10-46F6-BCE1-079271308E61}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{D4C3DC5A-CA16-4E72-948F-EB94F270191B}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{D51AE2C4-AC5D-4317-972B-A4E6498D5024}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{D5376DE7-BE1D-4953-9637-2957D6DCF483}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{D584A535-5A41-4AF3-86EB-375171114239}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{D595198D-E4B0-4011-AF49-7D64B9C2ABC7}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{D5D63F47-9171-4838-B16E-7DE66E3D5A52}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{D6197070-93FC-458E-AEE6-CF22759D1197}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{D7FAA52A-BC17-4C31-87D1-E0CFA57A0FCC}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{D8191E60-4EDD-4A6B-968D-2BE070EFCF4F}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{D81DFA29-3DA5-4276-A0CA-5E12CA2A20D2}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{D892EFAE-D202-4692-9DEF-E4CBCE05E9A0}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{D9D803B2-567A-4A6F-B496-10BE7E973489}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{DA1E4276-ACB1-4A30-B7DB-BC020EFC1EC1}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{DAD678CF-5C98-4F7D-8A8E-EA6983E02279}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{DB05E5A7-82E9-442B-9854-0178B0050902}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{DC7C031F-6F6D-4179-B55B-CB599A0B385C}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{DCC57BCC-A2C8-4C67-BFD4-55DAD766BEB2}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{DE5894CC-0780-4B90-8F3E-EC67CD5DA1BC}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{DE76565A-5C8B-4A60-8995-31FCFACDBEE9}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{DF2F5950-27E3-4F79-8308-4381622566B2}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{DF2FCFAE-D233-4E69-B417-316B6D8D04F7}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{DF5D2BF8-30C6-4F30-941D-6CACD45FBF00}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{DFDC73B8-50BA-4B99-ADFC-E453ADF0912F}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{DFF877C4-BCA3-4580-9112-CD87686F9EC2}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{E077F6D4-6ADF-442F-82FF-C6A15D4FA15D}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{E0A64D61-8561-4822-9AB8-45DD120105D8}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{E0FDE5DA-2273-4E89-B64F-70EED0F7C954}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{E18E0130-05A0-47FC-B4BB-DB3DCB7BB540}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{E1911FD9-737E-40CA-93BC-D4308A8B7BB3}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{E1BD44BD-B0ED-4EB6-B8F9-48CC5480D6FE}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{E24D2A98-545D-4479-A11B-D17CD1504069}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{E2BE7241-8C13-43CA-8287-CB7E946C1108}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{E3042F0D-8408-4F32-9285-A8283695A847}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{E3B241B7-6EE7-400B-A243-F271FE459523}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{E48B891E-9F08-46F9-A6C5-71E02EF94E5E}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{E545E510-D8AE-4D1B-94AC-4DE9C2F1707A}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{E56E15BC-6933-44CB-8D01-F6684AE715E6}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{E5AE1A4A-FEE7-4E38-9FFA-631CBDD13BB9}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{E5DED1AE-C549-40D3-9769-7D2196C26765}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{E690D5ED-18EF-432A-AC25-A6C6BB722452}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{E6CB19F0-79EA-4774-B962-C698E0DF3E46}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{E6DACCC9-9570-49D7-BFBA-C725397FA5F5}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{E6DF2735-8634-4FF2-96B4-1DB57E044B09}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{E7FB7BCA-0620-4594-8165-34DAD6C54ECF}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{E7FC45F4-7169-440B-9D33-C6723C6B6652}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{E7FE7D8B-C937-4B08-B8B0-10A3067D9104}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{E84AB87A-9384-4368-B708-1E66472C7F4D}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{E84CCE40-4662-4D26-9D83-50C473BE9646}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{EA078E7C-4B57-45E7-858D-C7EEEB832E74}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{EB3ED7D3-0CF0-47EB-9429-0AE79DE2FD48}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{EBD3F171-9F46-4D56-A930-158D1F668364}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{EC19B23A-8C94-4FDD-8EF8-8319EF693EA5}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{ECC5A1BE-30FE-47C4-B4DB-EE4FDA06CC7B}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{ECD54B47-3D58-4ECF-9950-43752F721B4D}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{ED155D6C-7CFF-4EE9-955D-803C34DE883E}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{ED520640-F350-4733-92D9-1277ABE4C850}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{EDAD0719-C803-49DA-9A5D-C7DF2E65BCA5}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{EE59C369-0B9D-43BD-A6B3-908B1B8B779C}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{EFA5DF64-EBFB-4A61-A357-E03DAC231B7F}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{F121F46A-3141-48FF-A831-D22B86F67C29}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{F1281D49-9F09-4713-9F71-05EABFEE7589}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{F215AE6B-55DD-4C6F-A800-D39B9D53FB56}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{F26B433D-754C-4A0A-AC9F-3CE174280FCF}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{F2AB6C3A-5C8D-4C6D-B20E-7EFA86A8956A}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{F3C9A682-6F8E-46C0-87C6-F420F5270F9A}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{F3FF4E00-290D-4A5A-9240-E55D3B3937C8}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{F51B7022-22BF-4579-A6B9-9D4510B543DF}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{F529BF6F-9628-41F1-B928-152772F3ED74}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{F54985AD-3EC1-47A7-8D64-02C96DB0100B}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{F55DC502-D34D-466D-8B84-E3B1A36FEFF7}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{F5EA10C1-D776-4987-8028-8D108A41AC4D}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{F60C2536-43AB-4C34-874B-329357A91874}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{F64521F8-78C5-4721-970F-E2FFCB765DF9}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{F6C95579-4330-4054-88E2-E79B795A7E4E}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{F6D7F0F4-2921-4118-9504-D207515A929A}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{F7D8D0E4-8381-492A-969C-650DCF413614}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{F8C6DEDA-6DF5-4C61-A863-FCDA209D8FD3}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{F8E7D212-DB23-46C2-97B3-99F674CBC436}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{F92EE137-67F4-4524-81F4-2A9E727C8DFF}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{F96B494F-B355-453F-876D-35D8C96B58F8}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{F9755177-51CF-4661-9D10-515A66D7F6C8}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{F9FEA337-3655-42D4-9012-CF637A4CB32C}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{FA4D699E-0CCF-4A2B-BFA9-B59D265552CB}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{FA817903-CFC2-4D92-9457-0E6795344CF4}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{FADE5C56-BE41-4377-9FCA-09DAACBEC037}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{FBF4C1E9-83BF-4F4E-B621-75DEB0BB6784}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{FD37885D-BAD5-4B86-8198-7CF7E0939F17}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{FE3B9ACF-33DE-4406-9DC7-4FC4827A6916}
Successfully deleted: [Empty Folder] C:\Users\Sarah Doyle\appdata\local\{FECA8E2B-3A31-4418-9A71-728CC88616E5}

 

~~~ Event Viewer Logs were cleared

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 07/31/2014 at 18:01:06.65
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

next one:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 31-07-2014 02
Ran by Sarah Doyle (administrator) on SARAHDOYLE-HP on 31-07-2014 18:09:03
Running from C:\Users\Sarah Doyle\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(CinemaNow, Inc.) C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe
(Coupons.com Inc.) C:\Program Files (x86)\Coupons\CouponPrinterService.exe
(Fitbit, Inc.) C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\mdm.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360 Premier Edition\Engine\21.4.0.13\n360.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Windows\System32\PrintIsolationHost.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Symantec Corporation) C:\Program Files (x86)\Norton 360 Premier Edition\Engine\21.4.0.13\n360.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
() C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Fitbit, Inc.) C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe
(Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
(Hewlett-Packard) C:\Program Files (x86)\Hp\Digital Imaging\bin\HpqSRmon.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Macrovision Europe Ltd.) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Companion\companionuser.exe
(Dropbox, Inc.) C:\Users\Sarah Doyle\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM\...\Run: [SmartMenu] => C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [568888 2010-01-18] ()
HKLM-x32\...\Run: [PDF Complete] => C:\Program Files (x86)\PDF Complete\pdfsty.exe [563736 2009-10-14] (PDF Complete Inc)
HKLM-x32\...\Run: [HP Software Update] => c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54576 2008-12-08] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Norton Online Backup] => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-01] (Symantec Corporation)
HKLM-x32\...\Run: [Microsoft Default Manager] => C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [439568 2010-05-10] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe [37232 2008-06-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [640376 2008-06-11] (Adobe Systems Inc.)
HKLM-x32\...\Run: [hpqSRMon] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [150016 2008-08-20] (Hewlett-Packard)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [Fitbit Connect] => C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [3414560 2014-05-19] (Fitbit, Inc.)
HKLM\...\RunOnce: [NCPluginUpdater] => c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\NCPluginUpdater.exe [21720 2014-07-23] (Hewlett-Packard)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3384437452-3773703006-463810942-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21444224 2014-05-08] (Skype Technologies S.A.)
HKU\S-1-5-21-3384437452-3773703006-463810942-1000\...\Run: [Fitbit Connect] => C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [3414560 2014-05-19] (Fitbit, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Snapfish PictureMover.lnk
ShortcutTarget: Snapfish PictureMover.lnk -> C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe (Hewlett-Packard Company)
Startup: C:\Users\Sarah Doyle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Sarah Doyle\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Sarah Doyle\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Sarah Doyle\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Sarah Doyle\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Sarah Doyle\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: OverlayExcluded -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton 360 Premier Edition\Engine64\21.4.0.13\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: OverlayPending -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton 360 Premier Edition\Engine64\21.4.0.13\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: OverlayProtected -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton 360 Premier Edition\Engine64\21.4.0.13\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers-x32: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Sarah Doyle\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Sarah Doyle\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Sarah Doyle\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyServer: http=127.0.0.1:8080
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://sewwithsarah.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {A6C7D7A1-E480-42E9-85AA-5B68FF6BA860} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
SearchScopes: HKLM - {C3FC4EF6-45A9-43B0-95A6-FBEAA417E9BA} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM - {EAB6B068-D676-42F6-BCF5-D5596F9AC40A} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKLM-x32 - {A6C7D7A1-E480-42E9-85AA-5B68FF6BA860} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
SearchScopes: HKLM-x32 - {EAB6B068-D676-42F6-BCF5-D5596F9AC40A} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKCU - {A6C7D7A1-E480-42E9-85AA-5B68FF6BA860} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
SearchScopes: HKCU - {EAB6B068-D676-42F6-BCF5-D5596F9AC40A} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360 Premier Edition\Engine64\21.4.0.13\coIEPlg.dll (Symantec Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360 Premier Edition\Engine\21.4.0.13\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton 360 Premier Edition\Engine\21.4.0.13\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360 Premier Edition\Engine64\21.4.0.13\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - CouponBar - {5BED3930-2E9E-76D8-BACC-80DF2188D455} - C:\Users\SARAHD~1\AppData\Local\Temp\low\CouponsBar.dll No File
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\21.4.0.13\coIEPlg.dll (Symantec Corporation)
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Toolbar: HKCU - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360 Premier Edition\Engine64\21.4.0.13\coIEPlg.dll (Symantec Corporation)
DPF: HKLM-x32 {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect119.cab
Handler: ipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} -  No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: ipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 8.8.4.4 8.8.8.8 68.105.28.11

FireFox:
========
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin HKCU: @citrixonline.com/appdetectorplugin - C:\Users\Sarah Doyle\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF Plugin HKCU: @hulu.com/Hulu Desktop - C:\Windows\..\Users\Default\AppData\Local\HuluDesktop\instances\0.9.13.1\npHDPlg.dll (Hulu LLC)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Sarah Doyle\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Sarah Doyle\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Sarah Doyle\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: CouponNetwork.com/CMDUniversalCouponPrintActivator - C:\Users\SARAHD~1\AppData\Roaming\CATALI~2\NPBCSK~1.DLL (Catalina Marketing Corporation)
FF HKLM-x32\...\Firefox\Extensions: [{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}] - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension
FF Extension: Default Manager - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension [2011-02-06]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.2.0.38\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.2.0.38\coFFPlgn [2014-07-28]
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.2.0.38\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.2.0.38\IPSFF [2014-05-13]

Chrome:
=======
CHR HomePage:
CHR DefaultSearchKeyword: ask.com
CHR DefaultNewTabURL:
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Sarah Doyle\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-23]
CHR Extension: (Skype Click to Call) - C:\Users\Sarah Doyle\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2012-03-28]
CHR Extension: (CouponXplorer) - C:\Users\Sarah Doyle\AppData\Local\Google\Chrome\User Data\Default\Extensions\magdmbkcibdnnfmnamahibddledomccn [2014-07-21]
CHR Extension: (Norton Identity Protection) - C:\Users\Sarah Doyle\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2014-05-14]
CHR Extension: (Google Wallet) - C:\Users\Sarah Doyle\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-20]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-05-14]
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\21.4.0.13\Exts\Chrome.crx [2014-07-10]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 CouponPrinterService; C:\Program Files (x86)\Coupons\CouponPrinterService.exe [176624 2014-02-13] (Coupons.com Inc.)
R2 Fitbit Connect; C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe [1436192 2014-05-19] (Fitbit, Inc.)
R3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [651720 2011-02-06] (Macrovision Europe Ltd.) [File not signed]
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
S3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [248832 2009-05-21] (Hewlett-Packard Co.) [File not signed]
R2 LightScribeService; c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2010-05-19] (Hewlett-Packard Company) [File not signed]
R2 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]
R2 N360; C:\Program Files (x86)\Norton 360 Premier Edition\Engine\21.4.0.13\N360.exe [265040 2014-06-27] (Symantec Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [50688 2011-04-13] (Hewlett-Packard) [File not signed]
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation)
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [635416 2009-10-14] (PDF Complete Inc)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [66048 2011-04-13] (Hewlett-Packard) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 AE1000; C:\Windows\System32\DRIVERS\ae1000w7.sys [1101600 2010-03-23] (Ralink Technology Corp.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R1 BHDrvx64; C:\Program Files (x86)\Norton 360 Premier Edition\NortonData\21.2.0.38\Definitions\BASHDefs\20140718.001\BHDrvx64.sys [1530160 2014-05-09] (Symantec Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1504000.00D\ccSetx64.sys [162392 2014-02-24] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [486192 2014-06-10] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142128 2014-06-11] (Symantec Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton 360 Premier Edition\NortonData\21.2.0.38\Definitions\IPSDefs\20140731.001\IDSvia64.sys [525016 2014-06-26] (Symantec Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton 360 Premier Edition\NortonData\21.2.0.38\Definitions\VirusDefs\20140731.001\ENG64.SYS [126040 2014-07-29] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton 360 Premier Edition\NortonData\21.2.0.38\Definitions\VirusDefs\20140731.001\EX64.SYS [2099288 2014-07-29] (Symantec Corporation)
S3 Serial; C:\Windows\system32\DRIVERS\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
R3 SRTSP; C:\Windows\System32\Drivers\N360x64\1504000.00D\SRTSP64.SYS [875736 2014-02-12] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1504000.00D\SRTSPX64.SYS [36952 2013-10-30] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\N360x64\1504000.00D\SYMDS64.SYS [493656 2013-10-30] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360x64\1504000.00D\SYMEFA64.SYS [1148120 2014-03-03] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-05-09] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360x64\1504000.00D\Ironx64.SYS [264280 2013-10-30] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1504000.00D\SYMNETS.SYS [593112 2014-02-17] (Symantec Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-07-31 18:09 - 2014-07-31 18:09 - 00023983 _____ () C:\Users\Sarah Doyle\Desktop\FRST.txt
2014-07-31 18:08 - 2014-07-31 18:09 - 00000000 ____D () C:\FRST
2014-07-31 18:07 - 2014-07-31 18:07 - 02094080 _____ (Farbar) C:\Users\Sarah Doyle\Desktop\FRST64.exe
2014-07-31 18:01 - 2014-07-31 18:01 - 00056014 _____ () C:\Users\Sarah Doyle\Desktop\JRT.txt
2014-07-31 17:53 - 2014-07-31 17:53 - 01016261 _____ (Thisisu) C:\Users\Sarah Doyle\Desktop\JRT.exe
2014-07-31 17:53 - 2014-07-31 17:53 - 00000000 ____D () C:\Windows\ERUNT
2014-07-20 18:09 - 2014-07-20 18:09 - 00021955 _____ () C:\ComboFix.txt
2014-07-20 17:19 - 2011-06-26 01:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-07-20 17:19 - 2010-11-07 12:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-07-20 17:19 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-07-20 17:19 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-07-20 17:19 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-07-20 17:19 - 2000-08-30 19:00 - 00098816 _____ () C:\Windows\sed.exe
2014-07-20 17:19 - 2000-08-30 19:00 - 00080412 _____ () C:\Windows\grep.exe
2014-07-20 17:19 - 2000-08-30 19:00 - 00068096 _____ () C:\Windows\zip.exe
2014-07-20 17:17 - 2014-07-20 18:09 - 00000000 ____D () C:\Qoobox
2014-07-20 17:17 - 2014-07-20 18:06 - 00000000 ____D () C:\Windows\erdnt
2014-07-20 17:16 - 2014-07-20 17:16 - 05561612 ____R (Swearware) C:\Users\Sarah Doyle\Desktop\ComboFix.exe
2014-07-20 16:50 - 2014-07-20 16:51 - 00000000 ____D () C:\AdwCleaner
2014-07-20 16:50 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-07-20 16:49 - 2014-07-20 16:49 - 01354223 _____ () C:\Users\Sarah Doyle\Desktop\AdwCleaner.exe
2014-07-20 16:49 - 2014-07-20 16:49 - 00001489 _____ () C:\Users\Sarah Doyle\Documents\scan_info.txt
2014-07-20 16:44 - 2014-07-20 16:44 - 00023141 _____ () C:\Users\Sarah Doyle\Desktop\dds.txt
2014-07-20 16:44 - 2014-07-20 16:44 - 00009240 _____ () C:\Users\Sarah Doyle\Desktop\attach.txt
2014-07-15 20:33 - 2014-07-15 20:33 - 00000000 ____D () C:\Windows\System32\Tasks\Norton 360
2014-07-09 16:59 - 2014-06-17 21:18 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-07-09 16:59 - 2014-06-17 20:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2014-07-09 16:59 - 2014-06-17 20:10 - 03157504 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-07-09 16:59 - 2014-06-06 05:10 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-07-09 16:59 - 2014-06-06 04:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-07-09 16:59 - 2014-05-30 03:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-07-09 16:59 - 2014-05-30 03:08 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-07-09 16:59 - 2014-05-30 03:08 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-07-09 16:59 - 2014-05-30 03:08 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-07-09 16:59 - 2014-05-30 03:08 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-07-09 16:59 - 2014-05-30 03:08 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-07-09 16:59 - 2014-05-30 03:08 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-07-09 16:59 - 2014-05-30 02:52 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-07-09 16:59 - 2014-05-30 02:52 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-07-09 16:59 - 2014-05-30 02:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-07-09 16:59 - 2014-05-30 02:52 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-07-09 16:59 - 2014-05-30 02:52 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-07-09 16:59 - 2014-05-30 02:52 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-07-09 16:59 - 2014-05-30 02:52 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-07-09 16:59 - 2014-05-30 01:45 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-07-09 16:58 - 2014-06-20 15:14 - 00266424 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-07-09 16:58 - 2014-06-20 14:39 - 00240824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-07-09 16:58 - 2014-06-18 20:39 - 23464448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-09 16:58 - 2014-06-18 20:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-09 16:58 - 2014-06-18 20:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-07-09 16:58 - 2014-06-18 19:48 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-09 16:58 - 2014-06-18 19:42 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-07-09 16:58 - 2014-06-18 19:42 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-07-09 16:58 - 2014-06-18 19:41 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-07-09 16:58 - 2014-06-18 19:41 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-07-09 16:58 - 2014-06-18 19:32 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-09 16:58 - 2014-06-18 19:31 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-07-09 16:58 - 2014-06-18 19:26 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-07-09 16:58 - 2014-06-18 19:24 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-07-09 16:58 - 2014-06-18 19:24 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-07-09 16:58 - 2014-06-18 19:23 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-07-09 16:58 - 2014-06-18 19:16 - 17276416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-07-09 16:58 - 2014-06-18 19:14 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-07-09 16:58 - 2014-06-18 19:09 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-09 16:58 - 2014-06-18 18:59 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-07-09 16:58 - 2014-06-18 18:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-07-09 16:58 - 2014-06-18 18:53 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-07-09 16:58 - 2014-06-18 18:51 - 05721088 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-09 16:58 - 2014-06-18 18:50 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-09 16:58 - 2014-06-18 18:48 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-09 16:58 - 2014-06-18 18:39 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-07-09 16:58 - 2014-06-18 18:38 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-07-09 16:58 - 2014-06-18 18:37 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-07-09 16:58 - 2014-06-18 18:36 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-07-09 16:58 - 2014-06-18 18:35 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-07-09 16:58 - 2014-06-18 18:33 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-09 16:58 - 2014-06-18 18:32 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-07-09 16:58 - 2014-06-18 18:28 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-07-09 16:58 - 2014-06-18 18:28 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-07-09 16:58 - 2014-06-18 18:27 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-09 16:58 - 2014-06-18 18:27 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-07-09 16:58 - 2014-06-18 18:25 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-07-09 16:58 - 2014-06-18 18:23 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-07-09 16:58 - 2014-06-18 18:22 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-07-09 16:58 - 2014-06-18 18:12 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-07-09 16:58 - 2014-06-18 18:06 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-07-09 16:58 - 2014-06-18 18:01 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-07-09 16:58 - 2014-06-18 17:59 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-07-09 16:58 - 2014-06-18 17:58 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-09 16:58 - 2014-06-18 17:58 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-07-09 16:58 - 2014-06-18 17:52 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-07-09 16:58 - 2014-06-18 17:51 - 13527040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-09 16:58 - 2014-06-18 17:49 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-07-09 16:58 - 2014-06-18 17:46 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-07-09 16:58 - 2014-06-18 17:45 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-07-09 16:58 - 2014-06-18 17:35 - 11742208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-07-09 16:58 - 2014-06-18 17:34 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-09 16:58 - 2014-06-18 17:15 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-07-09 16:58 - 2014-06-18 17:13 - 01791488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-07-09 16:58 - 2014-06-18 17:09 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-07-09 16:58 - 2014-06-18 17:07 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-07-09 16:57 - 2014-06-05 09:45 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-07-09 16:57 - 2014-06-05 09:26 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-07-09 16:57 - 2014-06-05 09:25 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-07-03 18:00 - 2014-07-07 15:22 - 00000000 ____D () C:\Users\Sarah Doyle\Documents\patternsthatfityou.com

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-07-31 18:09 - 2014-07-31 18:09 - 00023983 _____ () C:\Users\Sarah Doyle\Desktop\FRST.txt
2014-07-31 18:09 - 2014-07-31 18:08 - 00000000 ____D () C:\FRST
2014-07-31 18:07 - 2014-07-31 18:07 - 02094080 _____ (Farbar) C:\Users\Sarah Doyle\Desktop\FRST64.exe
2014-07-31 18:06 - 2012-09-04 13:26 - 00001044 _____ () C:\Users\Sarah Doyle\Desktop\Dropbox.lnk
2014-07-31 18:06 - 2012-09-04 13:26 - 00000000 ___RD () C:\Users\Sarah Doyle\Dropbox
2014-07-31 18:06 - 2012-09-04 13:23 - 00000000 ____D () C:\Users\Sarah Doyle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-07-31 18:06 - 2012-09-04 13:22 - 00000000 ____D () C:\Users\Sarah Doyle\AppData\Roaming\Dropbox
2014-07-31 18:05 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-07-31 18:01 - 2014-07-31 18:01 - 00056014 _____ () C:\Users\Sarah Doyle\Desktop\JRT.txt
2014-07-31 17:57 - 2011-11-29 21:37 - 00000932 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3384437452-3773703006-463810942-1000UA.job
2014-07-31 17:56 - 2011-03-01 14:02 - 00000000 ____D () C:\Program Files (x86)\Coupons
2014-07-31 17:54 - 2011-02-06 15:47 - 00000000 ____D () C:\Users\Sarah Doyle\AppData\Roaming\Skype
2014-07-31 17:53 - 2014-07-31 17:53 - 01016261 _____ (Thisisu) C:\Users\Sarah Doyle\Desktop\JRT.exe
2014-07-31 17:53 - 2014-07-31 17:53 - 00000000 ____D () C:\Windows\ERUNT
2014-07-31 17:51 - 2014-06-27 14:56 - 00000598 _____ () C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-3384437452-3773703006-463810942-1000.job
2014-07-31 16:02 - 2011-09-16 10:35 - 00003970 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{8E2E1FA3-95CE-4B4A-B9D0-CE0A88AD3166}
2014-07-31 07:07 - 2010-10-29 02:23 - 01090018 _____ () C:\Windows\WindowsUpdate.log
2014-07-31 02:57 - 2011-11-29 21:37 - 00000880 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3384437452-3773703006-463810942-1000Core.job
2014-07-31 01:51 - 2011-10-31 09:50 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-07-31 01:51 - 2011-02-07 18:23 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2014-07-30 01:59 - 2014-03-05 03:00 - 00003222 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForSarah Doyle
2014-07-30 01:59 - 2014-03-05 03:00 - 00000356 _____ () C:\Windows\Tasks\HPCeeScheduleForSarah Doyle.job
2014-07-30 00:43 - 2010-10-29 02:30 - 00000000 ____D () C:\ProgramData\PDFC
2014-07-28 12:51 - 2009-07-13 23:45 - 00015792 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-28 12:51 - 2009-07-13 23:45 - 00015792 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-28 12:43 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-28 12:43 - 2009-07-13 23:51 - 00064388 _____ () C:\Windows\setupact.log
2014-07-27 18:38 - 2010-10-29 04:34 - 01337208 _____ () C:\Windows\PFRO.log
2014-07-27 12:46 - 2013-12-24 11:46 - 00000000 ____D () C:\Users\Sarah Doyle\AppData\Roaming\.minecraft
2014-07-24 19:32 - 2011-02-06 16:37 - 00000000 ____D () C:\Users\Sarah Doyle\AppData\Local\CrashDumps
2014-07-24 18:24 - 2013-03-13 22:01 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-07-24 18:24 - 2013-03-13 22:01 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-07-23 22:02 - 2013-03-13 22:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-07-22 00:53 - 2014-01-02 00:57 - 00000000 ____D () C:\Program Files (x86)\GorillaPrice
2014-07-20 19:40 - 2014-02-25 23:05 - 00799604 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-07-20 18:09 - 2014-07-20 18:09 - 00021955 _____ () C:\ComboFix.txt
2014-07-20 18:09 - 2014-07-20 17:17 - 00000000 ____D () C:\Qoobox
2014-07-20 18:09 - 2009-07-13 22:20 - 00000000 __RHD () C:\Users\Default
2014-07-20 18:06 - 2014-07-20 17:17 - 00000000 ____D () C:\Windows\erdnt
2014-07-20 18:02 - 2009-07-13 21:34 - 00000215 _____ () C:\Windows\system.ini
2014-07-20 18:00 - 2009-07-13 21:34 - 80478208 _____ () C:\Windows\system32\config\software.bak
2014-07-20 18:00 - 2009-07-13 21:34 - 16252928 _____ () C:\Windows\system32\config\system.bak
2014-07-20 18:00 - 2009-07-13 21:34 - 00262144 _____ () C:\Windows\system32\config\security.bak
2014-07-20 18:00 - 2009-07-13 21:34 - 00262144 _____ () C:\Windows\system32\config\sam.bak
2014-07-20 18:00 - 2009-07-13 21:34 - 00262144 _____ () C:\Windows\system32\config\default.bak
2014-07-20 17:16 - 2014-07-20 17:16 - 05561612 ____R (Swearware) C:\Users\Sarah Doyle\Desktop\ComboFix.exe
2014-07-20 16:51 - 2014-07-20 16:50 - 00000000 ____D () C:\AdwCleaner
2014-07-20 16:49 - 2014-07-20 16:49 - 01354223 _____ () C:\Users\Sarah Doyle\Desktop\AdwCleaner.exe
2014-07-20 16:49 - 2014-07-20 16:49 - 00001489 _____ () C:\Users\Sarah Doyle\Documents\scan_info.txt
2014-07-20 16:44 - 2014-07-20 16:44 - 00023141 _____ () C:\Users\Sarah Doyle\Desktop\dds.txt
2014-07-20 16:44 - 2014-07-20 16:44 - 00009240 _____ () C:\Users\Sarah Doyle\Desktop\attach.txt
2014-07-17 14:00 - 2011-11-29 21:38 - 00002403 _____ () C:\Users\Sarah Doyle\Desktop\Google Chrome.lnk
2014-07-15 20:33 - 2014-07-15 20:33 - 00000000 ____D () C:\Windows\System32\Tasks\Norton 360
2014-07-15 20:27 - 2014-05-13 22:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360 Premier Edition
2014-07-15 20:27 - 2013-11-28 14:19 - 00003238 _____ () C:\Windows\System32\Tasks\Norton WSC Integration
2014-07-15 20:27 - 2013-11-28 14:19 - 00002497 _____ () C:\Users\Public\Desktop\Norton 360.lnk
2014-07-15 20:27 - 2013-11-28 14:16 - 00000000 ____D () C:\Windows\system32\Drivers\N360x64
2014-07-09 23:29 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache
2014-07-09 22:28 - 2009-07-13 23:45 - 00440072 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-09 22:24 - 2009-07-14 02:45 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-09 22:24 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-07-09 22:24 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\Dism
2014-07-09 22:06 - 2013-08-01 22:04 - 00000000 ____D () C:\Windows\system32\MRT
2014-07-09 22:04 - 2011-02-06 05:22 - 96441528 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-07-09 22:03 - 2011-02-06 02:58 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-07-09 08:16 - 2014-06-27 14:56 - 00003646 _____ () C:\Windows\System32\Tasks\G2MUpdateTask-S-1-5-21-3384437452-3773703006-463810942-1000
2014-07-07 15:22 - 2014-07-03 18:00 - 00000000 ____D () C:\Users\Sarah Doyle\Documents\patternsthatfityou.com
2014-07-06 17:22 - 2014-01-02 00:59 - 00000000 ____D () C:\Users\Sarah Doyle\AppData\Roaming\Open Download Manager
2014-07-06 17:22 - 2014-01-02 00:55 - 00000000 ____D () C:\Program Files (x86)\OpenDownloaderManager
2014-07-03 18:02 - 2009-07-14 00:13 - 00782510 _____ () C:\Windows\system32\PerfStringBackup.INI

Some content of TEMP:
====================
C:\Users\Sarah Doyle\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpf5cjk6.dll

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-07-28 00:34

==================== End Of Log ============================

 

Next log:

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 31-07-2014 02
Ran by Sarah Doyle at 2014-07-31 18:10:21
Running from C:\Users\Sarah Doyle\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Norton 360 Premier Edition (Disabled - Up to date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
AS: Norton 360 Premier Edition (Enabled - Up to date) {631E4324-D31C-783F-EC5C-35AD42B18466}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton 360 Premier Edition (Disabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 Update for Microsoft Office 2007 (KB2508958) (HKLM-x32\...\{91120000-0014-0000-0000-0000000FF1CE}_PROR_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version:  - Microsoft)
64 Bit HP CIO Components Installer (Version: 8.2.2 - Hewlett-Packard) Hidden
Adobe Acrobat  9 Standard (HKLM-x32\...\{AC76BA86-1033-0000-BA7E-000000000004}{AC76BA86-1033-0000-BA7E-000000000004}) (Version: 9.0.0 - Adobe Systems)
Adobe Acrobat  9 Standard (x32 Version: 9.0.0 - Adobe Systems) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.3.9130 - Adobe Systems Inc.)
Adobe AIR (x32 Version: 1.5.3.9130 - Adobe Systems Inc.) Hidden
Adobe Flash Player 10 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 10.0.42.34 - Adobe Systems Incorporated)
Amazon Kindle (HKCU\...\Amazon Kindle) (Version:  - Amazon)
Auslogics Disk Defrag (HKLM-x32\...\{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1) (Version: version 3.1 - Auslogics Software Pty Ltd)
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bing Bar (HKLM-x32\...\{77F8A71E-3515-4832-B8B2-2F1EDBD2E0F1}) (Version: 7.0.609.0 - Microsoft Corporation)
Bing Rewards Client Installer (x32 Version: 16.0.345.0 - Microsoft Corporation) Hidden
Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
BufferChm (x32 Version: 130.0.331.000 - Hewlett-Packard) Hidden
Build-a-lot 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Catalina Savings Printer (HKLM-x32\...\{37331C16-3E97-4A20-80D8-BFB43AB0E2FB}) (Version: 1.0.0 - Catalina Marketing Corp) <==== ATTENTION
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
CinemaNow Media Manager (HKLM-x32\...\{6C122441-1861-4CD7-B1C5-A163A6984E12}) (Version: 1.9.1.105 - CinemaNow, Inc.)
Cisco Connect (HKLM-x32\...\Cisco Connect) (Version: 1.4.11299.0 - Cisco Consumer Products LLC)
Citrix Online Launcher (HKLM-x32\...\{3E7E6F1E-7376-475A-8BC9-E3126B20CF5F}) (Version: 1.0.198 - Citrix)
Coupon Printer for Windows (HKLM-x32\...\Coupon Printer for Windows5.0.0.7) (Version: 5.0.0.7 - Coupons.com Incorporated)
CouponBar (HKLM-x32\...\TTB000001.TTB000001Toolbar) (Version:  - ) <==== ATTENTION
CyberLink DVD Suite Deluxe (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 7.0.2823 - CyberLink Corp.)
CyberLink DVD Suite Deluxe (x32 Version: 7.0.2823 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Destinations (x32 Version: 130.0.0.0 - Hewlett-Packard) Hidden
Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95 - WildTangent) Hidden
DocProc (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
Dora's Carnival Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden
Dropbox (HKCU\...\Dropbox) (Version: 2.10.3 - Dropbox, Inc.)
DVD Menu Pack for HP MediaSmart Video (HKLM-x32\...\InstallShield_{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}) (Version: 4.1.4030 - Hewlett-Packard)
DVD Menu Pack for HP MediaSmart Video (x32 Version: 4.1.4030 - Hewlett-Packard) Hidden
Escape Rosecliff Island (x32 Version: 2.2.0.95 - WildTangent) Hidden
FATE (x32 Version: 2.2.0.95 - WildTangent) Hidden
Final Drive Nitro (x32 Version: 2.2.0.95 - WildTangent) Hidden
Fitbit Connect (HKLM-x32\...\{D3CD091B-296B-48E9-9F0F-E9FE53E02E41}) (Version: 1.0.3.5511 - Fitbit Inc.)
Google Chrome (HKCU\...\Google Chrome) (Version: 36.0.1985.125 - Google Inc.)
GorillaPrice (HKLM-x32\...\GorillaPrice) (Version:  - )
GoToMeeting 6.3.0.1468 (HKCU\...\GoToMeeting) (Version: 6.3.0.1468 - CitrixOnline)
GPBaseService2 (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
Heroes of Hellas 2 - Olympia (x32 Version: 2.2.0.95 - WildTangent) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP Advisor (HKLM-x32\...\{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}) (Version: 3.4.12850.3526 - Hewlett-Packard)
HP Customer Experience Enhancements (x32 Version: 6.0.1.8 - Hewlett-Packard) Hidden
HP Game Console (x32 Version:  - WildTangent) Hidden
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.1.3 - WildTangent)
HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
HP MediaSmart CinemaNow 2.0 (HKLM-x32\...\{9008D736-35CA-40DB-A2BE-5F32D954E5AA}) (Version: 2.0 - Hewlett-Packard)
HP MediaSmart DVD (HKLM-x32\...\InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}) (Version: 4.1.4229 - Hewlett-Packard)
HP MediaSmart DVD (x32 Version: 4.1.4229 - Hewlett-Packard) Hidden
HP MediaSmart Music (HKLM-x32\...\InstallShield_{91A34181-9FAD-43AB-A35F-E7A8945B7E1C}) (Version: 4.1.4301 - Hewlett-Packard)
HP MediaSmart Music (x32 Version: 4.1.4301 - Hewlett-Packard) Hidden
HP MediaSmart Photo (HKLM-x32\...\InstallShield_{6DAF8CDC-9B04-413B-A0F2-BCC13CF8A5BF}) (Version: 4.1.4211 - Hewlett-Packard)
HP MediaSmart Photo (x32 Version: 4.1.4211 - Hewlett-Packard) Hidden
HP MediaSmart SmartMenu (HKLM\...\{5B08AF35-B699-4A44-BB89-3E51E70611E8}) (Version: 3.1.1.12 - Hewlett-Packard)
HP MediaSmart Video (HKLM-x32\...\InstallShield_{D12E3E7F-1B13-4933-A915-16C7DD37A095}) (Version: 4.1.4214 - Hewlett-Packard)
HP MediaSmart Video (x32 Version: 4.1.4214 - Hewlett-Packard) Hidden
HP MediaSmart/TouchSmart Netflix (HKLM-x32\...\{BDDA1E1E-204E-4368-B0C2-737F16B76307}) (Version: 1.0.3.0 - Hewlett-Packard)
HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard)
HP Photosmart Essential 3.5 (HKLM\...\HP Photosmart Essential) (Version: 3.5 - HP)
HP Product Detection (HKLM-x32\...\{3C22981C-5C14-4176-B0E8-C2BE71174C41}) (Version: 11.14.0003 - HP)
HP Product Detection (HKLM-x32\...\{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}) (Version: 10.7.9.0 - Hewlett-Packard Company)
HP Scanjet G3010 (HKLM\...\{E2A59F15-F731-4062-9BB7-3C99D8F15756}) (Version: 13.0 - HP)
HP Setup (HKLM-x32\...\{72D90DB3-A16A-4545-B555-868471101833}) (Version: 8.1.4186.3400 - Hewlett-Packard)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{B9A03B7B-E0FF-4FB3-BA83-762E58A1B0AA}) (Version: 10.1.0002 - Hewlett-Packard)
HP Update (HKLM-x32\...\{DE77FE3F-A33D-499A-87AD-5FC406617B40}) (Version: 5.002.003.003 - Hewlett-Packard)
HP Vision Hardware Diagnostics (HKLM\...\{D79A02E9-6713-4335-9668-AAC7474C0C0E}) (Version: 2.1.2.27173 - Hewlett-Packard)
hpg3010 (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
HPPhotosmartEssential (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
Hulu Desktop (HKCU\...\HuluDesktop) (Version: 0.9.13 - Hulu LLC)
Intel® Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2119 - Intel Corporation)
Java 7 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217017FF}) (Version: 7.0.450 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Jewel Quest 3 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Jewel Quest Solitaire 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Kobo (HKLM-x32\...\Kobo) (Version:  - )
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.2823 - CyberLink Corp.)
LabelPrint (x32 Version: 2.5.2823 - CyberLink Corp.) Hidden
LightScribe System Software (HKLM-x32\...\{46BA053F-57B3-4153-BDB6-D37EEC8B12D7}) (Version: 1.18.15.1 - LightScribe)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Default Manager (x32 Version: 2.2.114.0 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-0014-0000-0000-0000000FF1CE}_PROR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Access MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0409-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Office Outlook MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional 2007 (HKLM-x32\...\PROR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Professional 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Publisher MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft PhotoDraw 2000 V2 (HKLM-x32\...\{3C5EA394-1033-11D2-A2CB-00C04F72F31D}) (Version: 2.00.00.0915 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (x32 Version: 3.0.5305.0 - Microsoft Corp.) Hidden
Movie Theme Pack for HP MediaSmart Video (HKLM-x32\...\InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}) (Version: 4.1.4030 - Hewlett-Packard)
Movie Theme Pack for HP MediaSmart Video (x32 Version: 4.1.4030 - Hewlett-Packard) Hidden
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Norton 360 (HKLM-x32\...\N360) (Version: 21.4.0.13 - Symantec Corporation)
Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.1.17869 - Symantec Corporation)
OCR Software by I.R.I.S. 13.0 (HKLM\...\HPOCR) (Version: 13.0 - HP)
PDF Complete Special Edition (HKLM-x32\...\PDF Complete) (Version: 3.5.111 - PDF Complete, Inc)
Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
PhotoNow! (HKLM-x32\...\InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}) (Version: 1.1.6904 - CyberLink Corp.)
PhotoNow! (x32 Version: 1.1.6904 - CyberLink Corp.) Hidden
PictureMover (HKLM-x32\...\{264FE20A-757B-492a-B0C3-4009E2997D8A}) (Version: 3.5.0.28 - Hewlett-Packard Company)
Pirate101 (HKLM-x32\...\{662140BE-138C-4DC1-B4CD-B62C6C855A25}) (Version: 1.0.0 - KingsIsle Entertainment, Inc.)
Plants vs. Zombies (x32 Version: 2.2.0.95 - WildTangent) Hidden
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.95 - WildTangent) Hidden
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.4022 - CyberLink Corp.)
Power2Go (x32 Version: 6.1.4022 - CyberLink Corp.) Hidden
PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 8.0.2906 - CyberLink Corp.)
PowerDirector (x32 Version: 8.0.2906 - CyberLink Corp.) Hidden
PressReader (HKLM-x32\...\{912CED74-88D3-4C5B-ACB0-13231864975D}) (Version: 5.10.621.0 -  NewspaperDirect Inc.)
Print@Home (HKLM-x32\...\{123D4082-3194-4191-9139-067E9157C2B2}) (Version: 2.0.0 - Valassis Interactive Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6463 - Realtek Semiconductor Corp.)
Recovery Manager (x32 Version: 5.5.2926 - CyberLink Corp.) Hidden
Roxio CinemaNow 2.0 (x32 Version: 1.0.284 - Hewlett-Packard) Hidden
Scan (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.9.12585 - Skype Technologies S.A.)
Skype™ 6.16 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
SolutionCenter (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
Unity Web Player (HKCU\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-0014-0000-0000-0000000FF1CE}_PROR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_PROR_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{91120000-0014-0000-0000-0000000FF1CE}_PROR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_PROR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{91120000-0014-0000-0000-0000000FF1CE}_PROR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{91120000-0014-0000-0000-0000000FF1CE}_PROR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update for Microsoft Office Access 2007 Help (KB963663) (HKLM-x32\...\{90120000-0015-0409-0000-0000000FF1CE}_PROR_{6B76A18A-AA1E-42AB-A7AD-6C84BBB43987}) (Version:  - Microsoft)
Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0409-0000-0000000FF1CE}_PROR_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM-x32\...\{90120000-001A-0409-0000-0000000FF1CE}_PROR_{ED38F8A3-4F61-494E-8BCA-E3AC7760C924}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition (HKLM-x32\...\{91120000-0014-0000-0000-0000000FF1CE}_PROR_{53DEC068-4690-4F6B-9946-7D21EF02236B}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0409-0000-0000000FF1CE}_PROR_{0451F231-E3E3-4943-AB9F-58EB96171784}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2883030) 32-Bit Edition (HKLM-x32\...\{91120000-0014-0000-0000-0000000FF1CE}_PROR_{F5DCAB53-C2FD-4E5A-8C83-0F37485E5E89}) (Version:  - Microsoft)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0409-0000-0000000FF1CE}_PROR_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version:  - Microsoft)
Update for Microsoft Office Publisher 2007 Help (KB963667) (HKLM-x32\...\{90120000-0019-0409-0000-0000000FF1CE}_PROR_{2E40DE55-B289-4C8B-8901-5D369B16814F}) (Version:  - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_PROR_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version:  - Microsoft)
Update for Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0409-0000-0000000FF1CE}_PROR_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version:  - Microsoft)
Virtual Families (x32 Version: 2.2.0.95 - WildTangent) Hidden
Virtual Villagers - The Secret City (x32 Version: 2.2.0.95 - WildTangent) Hidden
WebReg (x32 Version: 130.0.132.017 - Hewlett-Packard) Hidden
Wheel of Fortune 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 15.4.3555.0308 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3555.0308 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Messenger Companion Core (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Wizard101 (HKLM-x32\...\{A9E27FF5-6294-46A8-B8FD-77B1DECA3021}) (Version: 1.0.0 - KingsIsle Entertainment, Inc.)
Yahoo! Detect (HKLM-x32\...\YTdetect) (Version:  - )
Zinio Reader 4 (HKLM-x32\...\ZinioReader4.9310D8F796442B71068C511E15D70529A702D19D.1) (Version: 4.0.2811 - Zinio LLC)
Zinio Reader 4 (x32 Version: 4.0.2811 - Zinio LLC) Hidden
Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3384437452-3773703006-463810942-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Sarah Doyle\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3384437452-3773703006-463810942-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Sarah Doyle\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3384437452-3773703006-463810942-1000_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\Sarah Doyle\AppData\Local\Citrix\GoToMeeting\1350\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-3384437452-3773703006-463810942-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Sarah Doyle\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3384437452-3773703006-463810942-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Sarah Doyle\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3384437452-3773703006-463810942-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Sarah Doyle\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3384437452-3773703006-463810942-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Sarah Doyle\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3384437452-3773703006-463810942-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Sarah Doyle\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3384437452-3773703006-463810942-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Sarah Doyle\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3384437452-3773703006-463810942-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Sarah Doyle\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3384437452-3773703006-463810942-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Sarah Doyle\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3384437452-3773703006-463810942-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Sarah Doyle\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3384437452-3773703006-463810942-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Sarah Doyle\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3384437452-3773703006-463810942-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Sarah Doyle\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File

==================== Restore Points  =========================

20-07-2014 22:20:01 ComboFix created restore point
24-07-2014 03:00:15 Windows Update
31-07-2014 05:00:05 Scheduled Checkpoint

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2014-07-20 18:02 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {02FB40DB-F04A-4E47-999C-855C51A1B560} - System32\Tasks\{D1069FD0-437D-496E-87CF-CE7452B31827} => C:\Program Files (x86)\Skype\\Phone\Skype.exe [2014-05-08] (Skype Technologies S.A.)
Task: {0C4EFFF2-C4B4-43C8-88DB-8A2047FC00AB} - \Scheduled Update for Ask Toolbar No Task File <==== ATTENTION
Task: {0F0060B7-E6C0-420A-B239-99E4538E9A30} - System32\Tasks\HPCeeScheduleForSarah Doyle => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {1482AC89-E211-49DF-89AE-F088B4B1B0E8} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3384437452-3773703006-463810942-1000Core => C:\Users\Sarah Doyle\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-29] (Google Inc.)
Task: {2B7F333D-3804-46CF-ABD9-618F2AF9EF20} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-03-21] (Hewlett-Packard)
Task: {2E70B1E6-D427-49CA-9113-7A91E8834BFA} - System32\Tasks\Norton 360\Norton Error Analyzer => C:\Program Files (x86)\Norton 360 Premier Edition\Engine\21.4.0.13\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {45E8B6E1-A331-4AB6-B44C-BD94328E86DF} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {7B19BAE4-40E4-4FD7-8859-94AED4CA9CEF} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3384437452-3773703006-463810942-1000UA => C:\Users\Sarah Doyle\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-29] (Google Inc.)
Task: {875905BD-6A30-40A6-B896-14CD7638A908} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {89545A80-FAE4-4687-A64E-2011EEFE461A} - System32\Tasks\Norton 360\Norton Error Processor => C:\Program Files (x86)\Norton 360 Premier Edition\Engine\21.4.0.13\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {98CCB886-67F8-4CB3-818E-51ECB56DD15B} - System32\Tasks\Registration => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2010-05-25] ()
Task: {BCBD8653-B801-4284-BBB6-A8639A7B5A01} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {C80D57F6-770F-44E5-A531-4C97AA81D0DF} - System32\Tasks\G2MUpdateTask-S-1-5-21-3384437452-3773703006-463810942-1000 => C:\Users\Sarah Doyle\AppData\Local\Citrix\GoToMeeting\1468\g2mupdate.exe [2014-07-09] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {F4806FCA-FBBB-40E3-986B-4D5CCD226CA3} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton 360 Premier Edition\Engine\21.4.0.13\WSCStub.exe [2014-06-26] (Symantec Corporation)
Task: C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-3384437452-3773703006-463810942-1000.job => C:\Users\Sarah Doyle\AppData\Local\Citrix\GoToMeeting\1468\g2mupdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3384437452-3773703006-463810942-1000Core.job => C:\Users\Sarah Doyle\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3384437452-3773703006-463810942-1000UA.job => C:\Users\Sarah Doyle\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForSarah Doyle.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Loaded Modules (whitelisted) =============

2010-01-18 12:21 - 2010-01-18 12:21 - 00568888 _____ () C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
2014-07-31 18:06 - 2014-07-31 18:06 - 00043008 _____ () c:\Users\Sarah Doyle\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpf5cjk6.dll
2013-10-18 18:55 - 2013-10-18 18:55 - 25100288 _____ () C:\Users\Sarah Doyle\AppData\Roaming\Dropbox\bin\libcef.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: GorillaPrice => 2

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (07/31/2014 06:08:14 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.17207, time stamp: 0x53a20c50
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00000000
Faulting process id: 0x14f4
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3

System errors:
=============

Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2014-07-20 17:55:13.550
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-07-20 17:55:13.220
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

Percentage of memory in use: 46%
Total physical RAM: 4061.24 MB
Available physical RAM: 2167.55 MB
Total Pagefile: 10150.42 MB
Available Pagefile: 7925.43 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:584.16 GB) (Free:479.11 GB) NTFS
Drive d: (HP_RECOVERY) (Fixed) (Total:11.92 GB) (Free:0.56 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 596 GB) (Disk ID: 49A6DE84)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=584 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=12 GB) - (Type=07 NTFS)

==================== End Of Log ============================



#5 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:04:12 PM

Posted 31 July 2014 - 08:15 PM

Download attached fixlist.txt file and save it to the Desktop.

NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

 

Attached File  fixlist.txt   1.12KB   3 downloads

 

 

How is your machine running now after running this fix?


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#6 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:04:12 PM

Posted 04 August 2014 - 04:21 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users