Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

SnapDo toolbar [Solved]

Started by nigella , Jan 19 2014 03:02 PM

  • This topic is locked This topic is locked

#1
nigella
Posted 19 January 2014 - 03:02 PM

nigella

    Member

  • Member
  • PipPipPip
  • 231 posts
I've been given a friends laptop to attempt to sort out with your help!!

I have found that the laptop is slow, the toolbar keeps refreshing. When I searched for information about this tool bar it said that it was malware. so here is the OTL log below. thank you in advance

OTL logfile created on: 19/01/2014 20:23:08 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Claire\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16428)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.60 Gb Total Physical Memory | 1.96 Gb Available Physical Memory | 54.44% Memory free
7.20 Gb Paging File | 5.13 Gb Available in Paging File | 71.17% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 272.24 Gb Total Space | 191.58 Gb Free Space | 70.37% Space Free | Partition Type: NTFS
Drive D: | 21.69 Gb Total Space | 2.33 Gb Free Space | 10.76% Space Free | Partition Type: NTFS
Drive E: | 3.96 Gb Total Space | 1.08 Gb Free Space | 27.23% Space Free | Partition Type: FAT32

Computer Name: CLAIRE-HP | User Name: Claire | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/01/19 20:23:08 | 000,097,056 | ---- | M] () -- C:\Program Files (x86)\Jump Flip\updateJumpFlip.exe
PRC - [2014/01/19 20:20:18 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Claire\Desktop\OTL.exe
PRC - [2014/01/19 19:50:08 | 000,097,056 | ---- | M] () -- C:\Program Files (x86)\Jump Flip\bin\utilJumpFlip.exe
PRC - [2014/01/04 15:34:53 | 000,143,488 | ---- | M] () -- c:\Program Files (x86)\Optimizer Pro\OptProCrash.exe
PRC - [2014/01/04 15:29:28 | 000,761,536 | ---- | M] () -- C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
PRC - [2013/06/26 18:21:50 | 000,207,528 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2013/06/26 18:21:46 | 000,523,944 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2012/08/27 08:11:39 | 000,042,504 | ---- | M] (COMPANYVERS_NAME) -- C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zbarsvc.exe
PRC - [2012/08/27 08:11:39 | 000,030,096 | ---- | M] (VER_COMPANY_NAME) -- C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zbrmon.exe
PRC - [2012/06/16 02:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ccsvchst.exe
PRC - [2012/02/15 11:58:00 | 000,577,408 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
PRC - [2012/02/15 11:58:00 | 000,034,872 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
PRC - [2011/10/08 02:10:48 | 000,169,528 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe
PRC - [2011/09/13 00:55:46 | 000,227,896 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2011/08/26 21:37:18 | 001,342,008 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
PRC - [2011/08/19 21:48:44 | 000,379,960 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
PRC - [2011/07/20 19:16:56 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
PRC - [2011/07/07 04:13:48 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
PRC - [2011/06/06 19:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/03/23 16:32:20 | 001,740,696 | ---- | M] () -- C:\Program Files (x86)\3 Mobile Broadband\3Connect\BecHelperService.exe
PRC - [2010/04/23 19:00:00 | 000,514,232 | ---- | M] (EasyBits Software AS) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe
PRC - [2010/04/23 19:00:00 | 000,514,232 | ---- | M] (EasyBits Software AS) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe
PRC - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe


========== Modules (No Company Name) ==========

MOD - [2014/01/19 20:20:09 | 000,398,112 | ---- | M] () -- C:\Program Files (x86)\Jump Flip\bin\JumpFlip.BrowserFilter.Helper.dll
MOD - [2014/01/04 15:35:06 | 008,013,664 | ---- | M] () -- C:\Windows\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.mshtml.dll
MOD - [2014/01/04 15:34:38 | 000,146,944 | ---- | M] () -- C:\Program Files (x86)\DealsCompare\150.dll
MOD - [2014/01/04 15:29:28 | 000,761,536 | ---- | M] () -- C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
MOD - [2013/10/29 14:08:06 | 002,869,720 | ---- | M] () -- c:\Program Files (x86)\Optimizer Pro\OptProCrash.dll
MOD - [2013/10/18 20:03:12 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ef0a534be135cd8f0d99d938d8b1814a\System.Windows.Forms.ni.dll
MOD - [2013/10/18 20:02:04 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\29f3ae8d313e62b4daed1107ccd29f9f\System.Configuration.ni.dll
MOD - [2013/09/15 19:58:25 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5aa44bce7933e4de09d935848f868a4b\System.Drawing.ni.dll
MOD - [2013/09/15 19:57:44 | 005,464,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\09db78d6068543df01862a023aca785a\System.Xml.ni.dll
MOD - [2013/09/15 19:57:33 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\5d22a30e587e2cac106b81fb351e7c08\System.ni.dll
MOD - [2013/07/15 20:10:06 | 011,499,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9a6c1b7af18b4d5a91dc7f8d6617522f\mscorlib.ni.dll
MOD - [2012/03/30 20:02:13 | 000,877,952 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\HP.SupportFramework\1.0.0.0__2a4860322af7ba08\HP.SupportFramework.dll


========== Services (SafeList) ==========

SRV:64bit: - [2013/11/26 09:18:09 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013/05/27 05:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2011/09/20 19:52:38 | 001,085,216 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:64bit: - [2011/07/01 05:26:56 | 000,302,592 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)
SRV:64bit: - [2011/06/29 18:49:38 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2011/05/27 19:20:12 | 000,030,520 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv)
SRV:64bit: - [2011/02/17 05:47:28 | 000,682,040 | ---- | M] (Hewlett-Packard) [Auto | Stopped] -- C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe -- (HPAuto)
SRV:64bit: - [2010/10/11 09:48:14 | 000,346,168 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc)
SRV:64bit: - [2010/09/23 01:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/03/03 10:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\IDT\WDM\AESTSr64.exe -- (AESTFilters)
SRV - [2014/01/19 20:23:08 | 000,097,056 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Jump Flip\updateJumpFlip.exe -- (Update Jump Flip)
SRV - [2014/01/19 19:50:08 | 000,097,056 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Jump Flip\bin\utilJumpFlip.exe -- (Util Jump Flip)
SRV - [2014/01/04 15:34:53 | 000,143,488 | ---- | M] () [Auto | Running] -- c:\Program Files (x86)\Optimizer Pro\OptProCrash.exe -- (70e6ca8c)
SRV - [2013/09/19 22:45:18 | 000,038,440 | ---- | M] (Just Develop It) [Auto | Running] -- C:\Program Files (x86)\MyPC Backup\BackupStack.exe -- (BackupStack)
SRV - [2013/06/26 18:21:50 | 000,207,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2013/06/26 18:21:46 | 000,523,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2012/08/27 08:11:39 | 000,042,504 | ---- | M] (COMPANYVERS_NAME) [Auto | Running] -- C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zbarsvc.exe -- (VideoDownloadConverter_4zService)
SRV - [2012/07/13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/06/16 02:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ccSvcHst.exe -- (NIS)
SRV - [2012/02/15 11:58:00 | 000,034,872 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)
SRV - [2011/09/13 00:55:46 | 000,227,896 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2011/09/10 00:10:28 | 000,086,072 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2011/08/01 22:43:36 | 000,195,320 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/07/20 19:16:56 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)
SRV - [2011/06/06 19:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/03/23 16:32:20 | 001,740,696 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\3 Mobile Broadband\3Connect\BecHelperService.exe -- (BecHelperService)
SRV - [2010/10/12 17:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 21:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/06/26 18:21:50 | 000,023,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2013/06/26 18:21:48 | 000,028,840 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2013/06/26 18:21:46 | 000,273,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2013/06/26 18:21:44 | 000,767,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2012/07/06 02:17:58 | 000,037,536 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\srtspx64.sys -- (SRTSPX)
DRV:64bit: - [2012/07/06 02:17:57 | 000,737,952 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2012/06/07 04:43:38 | 000,167,072 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\ccsetx64.sys -- (ccSet_NIS)
DRV:64bit: - [2012/05/22 01:37:12 | 001,129,120 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\symefa64.sys -- (SymEFA)
DRV:64bit: - [2012/04/18 02:13:32 | 000,405,624 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\symnets.sys -- (SymNetS)
DRV:64bit: - [2012/04/18 01:42:14 | 000,190,072 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\ironx64.sys -- (SymIRON)
DRV:64bit: - [2012/04/06 20:49:52 | 004,745,792 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2012/03/27 19:38:36 | 000,175,736 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2012/03/01 06:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/10/16 00:17:18 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/10/16 00:17:18 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/09/21 01:36:50 | 000,620,584 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (btwampfl)
DRV:64bit: - [2011/09/21 01:36:50 | 000,133,672 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bcbtums.sys -- (bcbtums)
DRV:64bit: - [2011/09/21 01:36:50 | 000,089,640 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwdpan.sys -- (BTWDPAN)
DRV:64bit: - [2011/09/21 01:36:44 | 000,178,728 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2011/09/21 01:36:44 | 000,167,976 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2011/09/21 01:36:44 | 000,039,976 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2011/09/21 01:36:44 | 000,021,544 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2011/08/08 12:36:06 | 000,053,376 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2011/07/25 18:18:36 | 000,451,192 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\symds64.sys -- (SymDS)
DRV:64bit: - [2011/07/01 05:26:56 | 000,528,896 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2011/06/29 20:12:28 | 009,371,136 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/06/29 18:11:20 | 000,309,760 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/06/21 02:53:38 | 001,452,080 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011/06/10 22:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/05/27 19:20:12 | 000,043,320 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer)
DRV:64bit: - [2011/05/27 19:20:12 | 000,030,008 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt)
DRV:64bit: - [2011/04/16 10:37:50 | 000,079,488 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata)
DRV:64bit: - [2011/04/16 10:37:50 | 000,040,064 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata)
DRV:64bit: - [2011/03/23 15:15:44 | 000,421,376 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbwwan.sys -- (ewusbmbb)
DRV:64bit: - [2011/03/23 15:15:44 | 000,221,312 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard)
DRV:64bit: - [2011/03/23 15:15:44 | 000,117,248 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_hwusbdev.sys -- (ew_hwusbdev)
DRV:64bit: - [2011/03/23 15:15:44 | 000,086,016 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ew_jubusenum.sys -- (huawei_enumerator)
DRV:64bit: - [2011/03/23 15:15:44 | 000,013,952 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_usbenumfilter.sys -- (ew_usbenumfilter)
DRV:64bit: - [2010/12/02 00:12:06 | 000,250,984 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010/11/21 03:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/21 03:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/11/21 03:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/21 03:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/11/18 04:04:32 | 000,115,216 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2010/07/28 17:13:50 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
DRV:64bit: - [2009/07/14 01:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 01:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 01:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 21:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 21:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 21:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 20:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009/06/10 20:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 20:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 20:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 20:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2012/05/20 16:51:36 | 002,068,600 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120519.009\ex64.sys -- (NAVEX15)
DRV - [2012/05/20 16:51:36 | 000,120,440 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120519.009\eng64.sys -- (NAVENG)
DRV - [2012/04/28 00:18:20 | 000,488,568 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20120518.001\IDSviA64.sys -- (IDSVia64)
DRV - [2012/04/02 23:38:04 | 001,160,824 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20120507.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2012/03/24 12:57:43 | 000,138,360 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2012/03/22 13:54:03 | 000,482,936 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2011/03/23 16:17:48 | 000,010,240 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\SysWOW64\drivers\mdvrmng.sys -- (mdvrmng)
DRV - [2009/07/14 01:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.mysearc...=1563783077&ir=
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://start.mysearc...=1563783077&ir=
IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://eu.ask.com/we...&l=dis&o=HPNTDF
IE:64bit: - HKLM\..\SearchScopes\{67B3D6D9-A186-4164-8FDA-1E215311B07A}: "URL" = http://www.amazon.co...s={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://uk.search.yah...psg&type=HPNTDF
IE:64bit: - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia....h={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...w={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.mysearc...=1563783077&ir=
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://eu.ask.com/we...&l=dis&o=HPNTDF
IE - HKLM\..\SearchScopes\{67B3D6D9-A186-4164-8FDA-1E215311B07A}: "URL" = http://www.amazon.co...s={searchTerms}
IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://uk.search.yah...psg&type=HPNTDF
IE - HKLM\..\SearchScopes\{cf6e4b1c-dbde-457e-9cef-ab8ecac8a5e8}: "URL" = http://search.mywebs...r={searchTerms}
IE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia....h={searchTerms}
IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...w={searchTerms}


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2402188637-1411961547-313052980-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/HPNOT/2
IE - HKU\S-1-5-21-2402188637-1411961547-313052980-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://feed.snapdo.c...e={installDate}
IE - HKU\S-1-5-21-2402188637-1411961547-313052980-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://feed.snapdo.c...e={installDate}
IE - HKU\S-1-5-21-2402188637-1411961547-313052980-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://feed.snapdo.c...e={installDate}
IE - HKU\S-1-5-21-2402188637-1411961547-313052980-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://feed.snapdo.c...e={installDate}
IE - HKU\S-1-5-21-2402188637-1411961547-313052980-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://feed.snapdo.c...e={installDate}
IE - HKU\S-1-5-21-2402188637-1411961547-313052980-1000\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}
IE - HKU\S-1-5-21-2402188637-1411961547-313052980-1000\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://feed.snapdo.c...e={installDate}
IE - HKU\S-1-5-21-2402188637-1411961547-313052980-1000\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://eu.ask.com/we...&l=dis&o=HPNTDF
IE - HKU\S-1-5-21-2402188637-1411961547-313052980-1000\..\SearchScopes\{67B3D6D9-A186-4164-8FDA-1E215311B07A}: "URL" = http://www.amazon.co...s={searchTerms}
IE - HKU\S-1-5-21-2402188637-1411961547-313052980-1000\..\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKU\S-1-5-21-2402188637-1411961547-313052980-1000\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://uk.search.yah...psg&type=HPNTDF
IE - HKU\S-1-5-21-2402188637-1411961547-313052980-1000\..\SearchScopes\{cf6e4b1c-dbde-457e-9cef-ab8ecac8a5e8}: "URL" = http://search.mywebs...r={searchTerms}
IE - HKU\S-1-5-21-2402188637-1411961547-313052980-1000\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia....h={searchTerms}
IE - HKU\S-1-5-21-2402188637-1411961547-313052980-1000\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...w={searchTerms}
IE - HKU\S-1-5-21-2402188637-1411961547-313052980-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@VideoDownloadConverter_4z.com/Plugin: C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\NP4zStub.dll (MindSpark)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\IPSFFPlgn\ [2012/03/27 19:13:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\coFFPlgn\ [2014/01/19 19:47:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\4zffxtbr@VideoDownloadConverter_4z.com: C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin [2012/08/27 08:11:42 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{0011ebb6-4390-4e21-a2e3-8dd2a85e92d2}: C:\Program Files (x86)\DealsCompare\150.xpi [2014/01/04 15:34:40 | 000,021,428 | ---- | M] ()


========== Chrome ==========

CHR - default_search_provider: Mysearchdial ()
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - homepage: http://feed.snapdo.c...Date=04/01/2014
CHR - plugin: First user (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: Error reading preferences file
CHR - Extension: Feven 1.7 = C:\Users\Claire\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajppokcpihekimknckddpgkbiphmaglg\1.26.64_0\crossrider
CHR - Extension: Feven 1.7 = C:\Users\Claire\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajppokcpihekimknckddpgkbiphmaglg\1.26.64_0\
CHR - Extension: Norton Identity Protection = C:\Users\Claire\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.11.8_0\
CHR - Extension: Google Wallet = C:\Users\Claire\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\

O1 HOSTS File: ([2009/06/10 21:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Feven 1.7) - {11111111-1111-1111-1111-110411051194} - C:\Program Files (x86)\Feven 1.7\Feven 1.7-bho64.dll (Feven)
O2 - BHO: (Feven 1.7) - {11111111-1111-1111-1111-110411051194} - C:\Program Files (x86)\Feven 1.7\Feven 1.7-bho.dll (Feven)
O2 - BHO: (DealsCompare) - {2b9129aa-16e0-4bc5-9a60-268fe0254bac} - C:\Program Files (x86)\DealsCompare\150.dll ()
O2 - BHO: (Toolbar BHO) - {312f84fb-8970-4fd3-bddb-7012eac4afc9} - C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zbar.dll (MindSpark)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Search Assistant BHO) - {c547c6c2-561b-4169-a2a5-20ba771ca93b} - C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zSrcAs.dll (MindSpark)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (mysearchdial Helper Object) - {EF5625A3-37AB-4BDB-9875-2A3D91CD0DFD} - C:\Program Files (x86)\Mysearchdial\1.8.21.0\bh\mysearchdial.dll (Ironsource Israel (2011) LTD)
O3:64bit: - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O3 - HKLM\..\Toolbar: (mysearchdial Toolbar) - {3004627E-F8E9-4E8B-909D-316753CBA923} - C:\Program Files (x86)\Mysearchdial\1.8.21.0\mysearchdialTlbr.dll (Ironsource Israel (2011) LTD)
O3 - HKLM\..\Toolbar: (VideoDownloadConverter) - {48586425-6bb7-4f51-8dc6-38c88e3ebb58} - C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zbar.dll (MindSpark)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O3 - HKU\S-1-5-21-2402188637-1411961547-313052980-1000\..\Toolbar\WebBrowser: (VideoDownloadConverter) - {48586425-6BB7-4F51-8DC6-38C88E3EBB58} - C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zbar.dll (MindSpark)
O3 - HKU\S-1-5-21-2402188637-1411961547-313052980-1000\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\coieplg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [SetDefault] C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe (Hewlett-Packard Development Company, L.P.)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe (EasyBits Software AS)
O4 - HKLM..\Run: [HP CoolSense] C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [HPQuickWebProxy] C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [mobilegeni daemon] C:\Program Files (x86)\Mobogenie\DaemonProcess.exe ()
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [VideoDownloadConverter Search Scope Monitor] C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zSrchMn.exe (MindSpark)
O4 - HKLM..\Run: [VideoDownloadConverter_4z Browser Plugin Loader] C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zbrmon.exe (VER_COMPANY_NAME)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2402188637-1411961547-313052980-1000..\Run: [NextLive] C:\Users\Claire\AppData\Roaming\newnext.me\nengine.dll (NewNextDotMe)
O4 - HKU\S-1-5-21-2402188637-1411961547-313052980-1000..\Run: [Optimizer Pro] C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe ()
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-2402188637-1411961547-313052980-1000..\RunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\FlashUtil64_11_9_900_170_ActiveX.exe -update activex File not found
O4 - Startup: C:\Users\Claire\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk = C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe (MyPCBackup.com)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0
O7 - HKU\S-1-5-21-2402188637-1411961547-313052980-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0
O7 - HKU\S-1-5-21-2402188637-1411961547-313052980-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0
O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C747DC7B-481C-4A80-9A7F-8EF56748D58D}: DhcpNameServer = 40.23.1.201 40.23.1.202
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E069F9B0-7C1C-4FC4-979C-9FCD4FACA933}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\OPTIMI~1\OPTPRO~2.DLL) - C:\Program Files (x86)\Optimizer Pro\OptProCrash_x64.dll ()
O20 - AppInit_DLLs: (c:\progra~2\optimi~1\optpro~1.dll) - c:\Program Files (x86)\Optimizer Pro\OptProCrash.dll ()
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll (EasyBits Software Corp.)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{22696d06-5e96-11e2-994d-60d819e12977}\Shell - "" = AutoRun
O33 - MountPoints2\{22696d06-5e96-11e2-994d-60d819e12977}\Shell\AutoRun\command - "" = H:\iLinker.exe
O33 - MountPoints2\{3d4b3b2a-7422-11e1-ae3f-60d819e12977}\Shell - "" = AutoRun
O33 - MountPoints2\{3d4b3b2a-7422-11e1-ae3f-60d819e12977}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{3d4b3c55-7422-11e1-ae3f-60d819e12977}\Shell - "" = AutoRun
O33 - MountPoints2\{3d4b3c55-7422-11e1-ae3f-60d819e12977}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{9d9e8836-cbf5-11e1-9086-ec9a7442cc8d}\Shell - "" = AutoRun
O33 - MountPoints2\{9d9e8836-cbf5-11e1-9086-ec9a7442cc8d}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{9dbfe763-7426-11e1-905a-60d819e12977}\Shell - "" = AutoRun
O33 - MountPoints2\{9dbfe763-7426-11e1-905a-60d819e12977}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2014/01/19 20:19:34 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Claire\Desktop\OTL.exe
[2014/01/04 18:45:37 | 012,625,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmploc.DLL
[2014/01/04 18:45:36 | 012,625,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmploc.DLL
[2014/01/04 18:45:36 | 011,410,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmp.dll
[2014/01/04 18:45:33 | 014,631,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmp.dll
[2014/01/04 15:35:00 | 000,000,000 | ---D | C] -- C:\Users\Claire\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup
[2014/01/04 15:34:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MyPC Backup
[2014/01/04 15:34:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro v3.2
[2014/01/04 15:34:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Optimizer Pro
[2014/01/04 15:34:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DealsCompare
[2014/01/04 15:34:37 | 000,000,000 | ---D | C] -- C:\Users\Claire\AppData\Local\Programs
[2014/01/04 15:34:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Feven 1.7
[2014/01/04 15:16:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\The Sea App (Internet Explorer)
[2014/01/04 15:13:32 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2014/01/04 15:13:30 | 000,574,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2014/01/04 15:13:30 | 000,440,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2014/01/04 15:13:29 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2014/01/04 15:13:29 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2014/01/04 15:13:29 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2014/01/04 15:13:29 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2014/01/04 15:13:28 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2014/01/04 15:13:28 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2014/01/04 15:13:27 | 000,708,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2014/01/04 15:13:27 | 000,553,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2014/01/04 15:13:26 | 000,817,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2014/01/04 15:13:26 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2014/01/04 15:13:23 | 001,928,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2014/01/04 15:13:22 | 001,995,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2014/01/04 15:13:12 | 005,769,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2014/01/04 15:12:54 | 000,000,000 | ---D | C] -- C:\Users\Claire\.android
[2014/01/04 15:12:51 | 000,000,000 | ---D | C] -- C:\Users\Claire\AppData\Local\cache
[2014/01/04 15:12:50 | 000,000,000 | ---D | C] -- C:\Users\Claire\AppData\Roaming\newnext.me
[2014/01/04 15:12:49 | 000,000,000 | ---D | C] -- C:\Users\Claire\AppData\Local\genienext
[2014/01/04 15:12:48 | 000,000,000 | ---D | C] -- C:\Users\Claire\Documents\Mobogenie
[2014/01/04 15:12:48 | 000,000,000 | ---D | C] -- C:\Users\Claire\AppData\Local\Mobogenie
[2014/01/04 15:12:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Jump Flip
[2014/01/04 15:12:09 | 000,000,000 | ---D | C] -- C:\Users\Claire\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mobogenie
[2014/01/04 15:11:29 | 000,000,000 | ---D | C] -- C:\Users\Claire\AppData\Roaming\UpdaterEX
[2014/01/04 15:11:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mobogenie
[2014/01/04 15:11:05 | 000,000,000 | ---D | C] -- C:\Users\Claire\AppData\Roaming\mysearchdial
[2014/01/04 15:10:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mysearchdial
[2014/01/03 22:45:27 | 000,000,000 | ---D | C] -- C:\ac20a298322b0c68b6f5d7d319
[2014/01/03 21:41:33 | 000,692,616 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2014/01/03 21:41:27 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2014/01/03 08:19:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2014/01/03 08:15:55 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imagehlp.dll
[2014/01/03 08:15:32 | 000,230,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\portcls.sys
[2014/01/03 08:15:32 | 000,202,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\scrrun.dll
[2014/01/03 08:15:32 | 000,156,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cscript.exe
[2014/01/03 08:15:32 | 000,150,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wshom.ocx
[2014/01/03 08:15:32 | 000,121,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wshom.ocx
[2014/01/03 08:15:32 | 000,116,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\drmk.sys
[2014/01/03 08:15:31 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\scrrun.dll
[2014/01/03 08:15:31 | 000,126,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cscript.exe
[2014/01/03 08:15:14 | 000,465,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMPhoto.dll
[2014/01/03 08:15:14 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMPhoto.dll
[2014/01/03 08:15:14 | 000,335,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msieftp.dll
[2014/01/03 08:15:14 | 000,301,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msieftp.dll
[2014/01/03 08:11:28 | 000,325,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbport.sys
[2014/01/03 08:11:28 | 000,007,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbd.sys
[2014/01/03 08:07:15 | 000,000,000 | ---D | C] -- C:\Users\Claire\AppData\Local\{F3CDD4B9-1D65-429F-8BD0-920F211B2981}

========== Files - Modified Within 30 Days ==========

[2014/01/19 20:20:18 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Claire\Desktop\OTL.exe
[2014/01/19 20:17:04 | 000,000,296 | ---- | M] () -- C:\Windows\tasks\UpdaterEX.job
[2014/01/19 20:11:03 | 000,000,296 | ---- | M] () -- C:\Windows\tasks\MySearchDial.job
[2014/01/19 20:11:03 | 000,000,059 | ---- | M] () -- C:\Users\Claire\AppData\Roaming\WB.CFG
[2014/01/19 20:09:58 | 000,002,183 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/01/19 20:09:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/01/19 19:54:45 | 000,032,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/01/19 19:54:45 | 000,032,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/01/19 19:52:30 | 000,736,490 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/01/19 19:52:30 | 000,633,788 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/01/19 19:52:30 | 000,115,490 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/01/19 19:47:36 | 000,000,392 | ---- | M] () -- C:\Windows\tasks\DealsCompare Update.job
[2014/01/19 19:44:42 | 000,001,336 | ---- | M] () -- C:\Windows\tasks\Feven 1.7-updater.job
[2014/01/19 19:44:28 | 000,002,020 | ---- | M] () -- C:\Windows\tasks\Feven 1.7-firefoxinstaller.job
[2014/01/19 19:44:28 | 000,001,978 | ---- | M] () -- C:\Windows\tasks\Feven 1.7-chromeinstaller.job
[2014/01/19 19:44:25 | 000,001,238 | ---- | M] () -- C:\Windows\tasks\Feven 1.7-codedownloader.job
[2014/01/19 19:44:25 | 000,001,138 | ---- | M] () -- C:\Windows\tasks\Feven 1.7-enabler.job
[2014/01/19 19:44:25 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/01/19 19:44:09 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/01/19 19:44:00 | 2901,467,136 | -HS- | M] () -- C:\hiberfil.sys
[2014/01/04 15:42:20 | 000,275,712 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/01/04 15:35:06 | 000,001,097 | ---- | M] () -- C:\Users\Claire\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
[2014/01/04 15:34:49 | 000,001,062 | ---- | M] () -- C:\Users\Claire\Desktop\Optimizer Pro.lnk
[2014/01/04 15:20:19 | 012,919,045 | ---- | M] () -- C:\Users\Claire\Documents\skype download - on installing this message came up - 4 1 14.rtf
[2014/01/04 15:11:13 | 000,000,393 | ---- | M] () -- C:\Users\Claire\Desktop\MySearchDial.url
[2014/01/04 15:11:13 | 000,000,388 | ---- | M] () -- C:\Users\Claire\Desktop\FREE Games.url
[2014/01/04 15:11:04 | 000,351,124 | ---- | M] () -- C:\Users\Claire\AppData\Local\mysearchdial-speeddial.crx
[2014/01/04 14:51:22 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForClaire.job
[2014/01/03 21:41:33 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2014/01/03 21:41:33 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2014/01/03 08:53:03 | 001,793,555 | ---- | M] () -- C:\Users\Claire\Documents\album proofs revised.pdf
[2014/01/03 08:46:24 | 000,049,853 | ---- | M] () -- C:\Users\Claire\Documents\FW_ Maternity - return to work.eml
[2014/01/03 08:45:59 | 000,011,927 | ---- | M] () -- C:\Users\Claire\Documents\Maternity benefits etc (again!).eml
[2014/01/03 08:45:39 | 000,784,187 | ---- | M] () -- C:\Users\Claire\Documents\Maternity benefits etc_.eml
[2014/01/03 08:44:32 | 002,584,014 | ---- | M] () -- C:\Users\Claire\Documents\Audioogy job descriptions.eml
[2014/01/03 08:44:10 | 000,047,828 | ---- | M] () -- C:\Users\Claire\Documents\RE_ My return to work reply.eml
[2014/01/03 08:43:39 | 000,013,786 | ---- | M] () -- C:\Users\Claire\Documents\My return to work.eml
[2014/01/03 08:38:29 | 002,077,872 | ---- | M] () -- C:\Users\Claire\Documents\Photos from Claire and Darren's Wedding Day 16th June 2012.eml
[2014/01/03 08:38:05 | 006,076,451 | ---- | M] () -- C:\Users\Claire\Documents\Charlie NHSP.eml
[2014/01/03 08:34:10 | 000,028,179 | ---- | M] () -- C:\Users\Claire\Documents\Nat West.eml
[2014/01/03 08:19:33 | 000,002,212 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk

========== Files Created - No Company Name ==========

[2014/01/19 20:11:03 | 000,000,059 | ---- | C] () -- C:\Users\Claire\AppData\Roaming\WB.CFG
[2014/01/04 15:35:13 | 000,001,336 | ---- | C] () -- C:\Windows\tasks\Feven 1.7-updater.job
[2014/01/04 15:35:06 | 000,001,138 | ---- | C] () -- C:\Windows\tasks\Feven 1.7-enabler.job
[2014/01/04 15:35:05 | 000,001,097 | ---- | C] () -- C:\Users\Claire\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
[2014/01/04 15:34:57 | 000,001,238 | ---- | C] () -- C:\Windows\tasks\Feven 1.7-codedownloader.job
[2014/01/04 15:34:49 | 000,001,062 | ---- | C] () -- C:\Users\Claire\Desktop\Optimizer Pro.lnk
[2014/01/04 15:34:44 | 000,002,020 | ---- | C] () -- C:\Windows\tasks\Feven 1.7-firefoxinstaller.job
[2014/01/04 15:34:40 | 000,000,392 | ---- | C] () -- C:\Windows\tasks\DealsCompare Update.job
[2014/01/04 15:34:29 | 000,001,978 | ---- | C] () -- C:\Windows\tasks\Feven 1.7-chromeinstaller.job
[2014/01/04 15:20:17 | 012,919,045 | ---- | C] () -- C:\Users\Claire\Documents\skype download - on installing this message came up - 4 1 14.rtf
[2014/01/04 15:11:36 | 000,000,296 | ---- | C] () -- C:\Windows\tasks\UpdaterEX.job
[2014/01/04 15:11:20 | 000,000,296 | ---- | C] () -- C:\Windows\tasks\MySearchDial.job
[2014/01/04 15:11:17 | 000,351,124 | ---- | C] () -- C:\Users\Claire\AppData\Local\mysearchdial-speeddial.crx
[2014/01/04 15:11:13 | 000,000,388 | ---- | C] () -- C:\Users\Claire\Desktop\FREE Games.url
[2014/01/04 15:11:12 | 000,000,393 | ---- | C] () -- C:\Users\Claire\Desktop\MySearchDial.url
[2014/01/03 08:53:03 | 001,793,555 | ---- | C] () -- C:\Users\Claire\Documents\album proofs revised.pdf
[2014/01/03 08:46:23 | 000,049,853 | ---- | C] () -- C:\Users\Claire\Documents\FW_ Maternity - return to work.eml
[2014/01/03 08:45:59 | 000,011,927 | ---- | C] () -- C:\Users\Claire\Documents\Maternity benefits etc (again!).eml
[2014/01/03 08:45:38 | 000,784,187 | ---- | C] () -- C:\Users\Claire\Documents\Maternity benefits etc_.eml
[2014/01/03 08:44:31 | 002,584,014 | ---- | C] () -- C:\Users\Claire\Documents\Audioogy job descriptions.eml
[2014/01/03 08:44:10 | 000,047,828 | ---- | C] () -- C:\Users\Claire\Documents\RE_ My return to work reply.eml
[2014/01/03 08:43:39 | 000,013,786 | ---- | C] () -- C:\Users\Claire\Documents\My return to work.eml
[2014/01/03 08:38:28 | 002,077,872 | ---- | C] () -- C:\Users\Claire\Documents\Photos from Claire and Darren's Wedding Day 16th June 2012.eml
[2014/01/03 08:38:03 | 006,076,451 | ---- | C] () -- C:\Users\Claire\Documents\Charlie NHSP.eml
[2014/01/03 08:34:10 | 000,028,179 | ---- | C] () -- C:\Users\Claire\Documents\Nat West.eml
[2014/01/03 08:19:32 | 000,002,212 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2012/07/06 19:31:15 | 000,744,818 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/04/25 21:41:19 | 000,000,031 | -H-- | C] () -- C:\Windows\UKCpInfo.sys
[2012/03/22 13:29:06 | 000,067,156 | ---- | C] () -- C:\Windows\Huawei ModemsUninstall.exe
[2012/03/22 13:29:01 | 000,010,240 | ---- | C] () -- C:\Windows\SysWow64\drivers\mdvrmng.sys

========== ZeroAccess Check ==========

[2009/07/14 04:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/26 02:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/26 01:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 01:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 03:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 01:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== Alternate Data Streams ==========

@Alternate Data Stream - 989 bytes -> C:\Users\Claire\Documents\Bath News & Media Ltd_ - Booking confirmation 10700529.eml:OECustomProperty
@Alternate Data Stream - 924 bytes -> C:\Users\Claire\Documents\Audioogy job descriptions.eml:OECustomProperty
@Alternate Data Stream - 889 bytes -> C:\Users\Claire\Documents\Maternity benefits etc (again!).eml:OECustomProperty
@Alternate Data Stream - 889 bytes -> C:\Users\Claire\Documents\FW_ Maternity - return to work.eml:OECustomProperty
@Alternate Data Stream - 885 bytes -> C:\Users\Claire\Documents\Nat West.eml:OECustomProperty
@Alternate Data Stream - 841 bytes -> C:\Users\Claire\Documents\Maternity benefits etc_.eml:OECustomProperty
@Alternate Data Stream - 800 bytes -> C:\Users\Claire\Documents\My return to work.eml:OECustomProperty
@Alternate Data Stream - 797 bytes -> C:\Users\Claire\Documents\RE_ My return to work reply.eml:OECustomProperty
@Alternate Data Stream - 777 bytes -> C:\Users\Claire\Documents\Charlie NHSP.eml:OECustomProperty
@Alternate Data Stream - 152 bytes -> C:\ProgramData\Temp:0B4227B4
@Alternate Data Stream - 1025 bytes -> C:\Users\Claire\Documents\Photos from Claire and Darren's Wedding Day 16th June 2012.eml:OECustomProperty

< End of report >

Just noticed that OTL also produced a file called extra.txt here it is

OTL Extras logfile created on: 19/01/2014 20:23:08 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Claire\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16428)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.60 Gb Total Physical Memory | 1.96 Gb Available Physical Memory | 54.44% Memory free
7.20 Gb Paging File | 5.13 Gb Available in Paging File | 71.17% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 272.24 Gb Total Space | 191.58 Gb Free Space | 70.37% Space Free | Partition Type: NTFS
Drive D: | 21.69 Gb Total Space | 2.33 Gb Free Space | 10.76% Space Free | Partition Type: NTFS
Drive E: | 3.96 Gb Total Space | 1.08 Gb Free Space | 27.23% Space Free | Partition Type: FAT32

Computer Name: CLAIRE-HP | User Name: Claire | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_USERS\S-1-5-21-2402188637-1411961547-313052980-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{97D299F1-FE6E-4265-898A-C1C9EF944F85}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{F3E70E2A-F24A-42D8-ACC5-02B575E9AC53}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{10715011-257F-4652-A271-0A5DAA9DD445}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{5497EB01-773E-4101-9822-18036F8410FA}" = dir=in | app=c:\program files (x86)\easybits for kids\ezdesktop.exe |
"{AFC5A888-BA15-4398-8BBA-AFC26554F2A1}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{D25A7312-9A76-4307-BC80-4D694CFE9067}" = dir=in | app=c:\windows\system32\ezsharedsvchost.exe |
"{DAC261CE-75D6-4D65-A01A-A2541B3FBF2A}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{F6F99D44-10C5-4DC3-9C00-B01AF48B172D}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"TCP Query User{606EA300-6401-44C0-99A2-080B277AC8E8}C:\users\claire\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe" = protocol=6 | dir=in | app=c:\users\claire\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe |
"UDP Query User{15516B58-D277-4947-BD49-32FF34FC01B4}C:\users\claire\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe" = protocol=17 | dir=in | app=c:\users\claire\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{0576788F-2993-455F-80CD-980114095103}" = HP Security Assistant
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG3100_series" = Canon MG3100 series MP Drivers
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{2856A1C2-70C5-4EC3-AFF7-E5B51E5530A2}" = HP Client Services
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5601F151-A69F-4E30-8C60-37928124CD07}" = HP 3D DriveGuard
"{57DD35E9-D9BB-4089-BB05-EF933C586CB3}" = Broadcom InConcert Maestro
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6E7F4CA3-B2DE-413C-A7A1-43AA5BE19EA1}" = Broadcom Bluetooth Software
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9BCD5A4E-9426-0B45-5C64-37236EAB0207}" = ccc-utility64
"{BF1E75D0-E7AF-4BEA-9FBC-567F0C54BDF9}" = HP Launch Box
"{CC4D56B7-6F18-470B-8734-ABCD75BCF4F1}" = HP Auto
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{E686FBB0-B356-96BE-A9ED-2D8286AA0386}" = ATI Catalyst Install Manager
"{EAA94988-8288-ED48-B179-F94440FA392E}" = AMD Media Foundation Decoders
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Broadcom 802.11 Wireless LAN Adapter" = Broadcom 802.11 Wireless LAN Adapter
"Jump Flip" = Jump Flip
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"MyPC Backup" = MyPC Backup
"SynTPDeinstKey" = Synaptics TouchPad Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00A42832-B21A-4296-B5F4-D296D0BC4A3E}" = HP Quick Launch
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{16B7BDA1-B967-4D2D-8B27-E12727C28350}" = HP CoolSense
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{278A1B10-A463-47A9-DE07-69EB338F14E8}" = Catalyst Control Center InstallProxy
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2E9FE55B-600D-9D6B-FFCE-8C9EB3FC5C83}" = CCC Help Russian
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3677D4D8-E5E0-49FC-B86E-06541CF00BBE}" = opensource
"{402B28F5-39D2-2372-EB02-9679D246C824}" = CCC Help Turkish
"{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}" = Google Earth
"{4D5D18BA-FF9C-40DA-A3B9-661D76EC0FB1}" = HP Documentation
"{50316C0A-CC2A-460A-9EA5-F486E54AC17D}_is1" = AVG PC Tuneup 2011
"{567BA13A-0403-BA6D-6F37-7EBC88526408}" = CCC Help Norwegian
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5999E2DB-F271-4815-9BDC-0133AC527199}" = CCC Help Chinese Standard
"{5C1F73E9-1D71-71E5-719E-39CAEDAD20F9}" = CCC Help Hungarian
"{5CCEE84F-49D5-976C-8B16-3FDDFD521411}" = CCC Help French
"{5EAC5A89-A740-61C8-DB9E-615D65362041}" = CCC Help Danish
"{5F36C538-65DF-6DB5-5EEE-66A5D0B41424}" = CCC Help Polish
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{61C6E2F0-BA5B-EF69-BF55-0B46BB273B4A}" = CCC Help Korean
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6C7D31DA-1A8B-AB14-0A42-67E2FB4AB7C2}" = CCC Help Greek
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.2.0
"{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}" = HP Support Assistant
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp" = WildTangent Games App (HP Games)
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{741006D1-7B2B-4E33-B2B0-831F282EEF64}" = Blio
"{7A14FF9E-FB1B-EDFD-34F5-3AD2BA0A11A4}" = CCC Help English
"{7E9D8AFA-07EC-A3F2-95C2-C7F8DAAA3F0F}" = Catalyst Control Center Graphics Previews Common
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{891BDE9B-4DC4-F7F4-5629-D8905A2F6D3D}" = CCC Help Czech
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140011-0066-0409-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - English
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{92EB5804-F93B-87A8-7D38-6D9C50FA7B26}" = CCC Help Chinese Traditional
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{98457B34-98B3-EB83-8C43-69A22284838B}" = CCC Help Italian
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9FA13759-5C2B-4177-9DDC-0038F8B5BEFD}" = Bing Bar
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A34CB3C1-E5D3-1DDA-8512-EFDE95E16FAB}" = Catalyst Control Center Localization All
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A899DA1F-D626-401C-8651-F2921E3B4CB3}" = 3Connect
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.0) MUI
"{AE856388-AFAD-4753-81DF-D96B19D0A17C}" = HP Setup Manager
"{AF240B18-034B-4A82-B3FC-0B879C4BAE2E}" = HP Software Framework
"{B2977502-C362-54F8-A1C2-C75038BB7E6A}" = CCC Help German
"{B5124B20-3BDD-CD3B-DC11-CE9843A9CD9B}" = AMD VISION Engine Control Center
"{BB4FC2AD-DF12-4EE1-8AA7-2C0A26B5E2FB}" = HP QuickWeb
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CB020C62-566B-608B-439A-851D60C50254}" = CCC Help Spanish
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DBCD5E64-7379-4648-9444-8A6558DCB614}" = HP Recovery Manager
"{DC5F0450-B775-ABEC-4C33-28E5B018F02F}" = CCC Help Portuguese
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DF47ADFA-0364-AACB-F8AD-F9399E933CB8}" = CCC Help Dutch
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E36B46EF-FB85-E51D-620C-EBE5652F8A67}" = CCC Help Thai
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E44578C7-4667-4124-8BC2-1161BCA54978}" = HP Power Manager
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E96CAA2A-0244-4A2A-8403-0C3C9534778B}" = ESU for Microsoft Windows 7 SP1
"{EC7CD381-293E-A6F0-2480-DE8C437E8236}" = CCC Help Swedish
"{ED1BD69A-07E3-418C-91F1-D856582581BF}" = HP On Screen Display
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F30403FF-0146-4633-AAC5-D5CD5C50AE70}" = Catalyst Control Center - Branding
"{F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1}" = HP Setup
"{F761359C-9CED-45AE-9A51-9D6605CD55C4}" = Evernote v. 4.2.3
"{F8E1904D-BB58-7DCD-A09A-86430DC9A783}" = CCC Help Finnish
"{FCC826B2-4C6B-4528-0AA5-1B3FC2FB3E0F}" = CCC Help Japanese
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"3fdd4ffa-d80f-471f-ae25-40d9fa6e281e" = DealsCompare
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Coupon Printer2.0" = Coupon Printer
"EasyBits Magic Desktop" = Magic Desktop
"Feven 1.7" = Feven 1.7
"Google Chrome" = Google Chrome
"Huawei Modems" = Huawei modem
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"Intelli-studio" = SAMSUNG Intelli-studio
"Mobogenie" = Mobogenie
"mysearchdial" = Mysearchdial
"NIS" = Norton Internet Security
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010
"Optimizer Pro_is1" = Optimizer Pro v3.2
"The Sea App" = The Sea App (Internet Explorer)
"VDC_is1" = Video Download Converter version 1.0.0.0
"VideoDownloadConverter_4zbar Uninstall" = VideoDownloadConverter Toolbar
"WildTangent hp Master Uninstall" = HP Games
"WinLiveSuite" = Windows Live Essentials
"WTA-0773474d-4d0f-4c01-80fa-b760dd5e4d06" = Chuzzle Deluxe
"WTA-0edfaaa4-93eb-4f89-8481-497e3e60ee05" = RollerCoaster Tycoon 3: Platinum
"WTA-175e3e39-af54-46c4-bb46-64d0b60bdb7c" = Zuma's Revenge
"WTA-182f40a6-a72e-4eff-ac2f-394899205b92" = Luxor HD
"WTA-23e31bcc-1b52-496d-92ae-a95ee21362e0" = FATE
"WTA-3338cf21-7382-45a1-a979-2e6f62e5f4a0" = Blackhawk Striker 2
"WTA-3398f268-752a-4aae-8dd3-8a3682a06bf3" = Jewel Match 3
"WTA-33ddece6-5fe5-4592-b1ea-7358ea7092ab" = Mah Jong Medley
"WTA-345c521e-b6d9-4c7c-819b-8bce3ebfd38e" = Jewel Quest Mysteries: The Seventh Gate Collector's Edition
"WTA-42ebe52c-e1df-47ec-8d29-30e5f8b44c73" = Polar Golfer
"WTA-4378d1cb-848c-48b8-ac26-28e29a17900e" = Penguins!
"WTA-5b8cbee6-79fe-486c-8e98-dfeb278086c2" = Bejeweled 3
"WTA-5ff4297f-fac5-4cc7-80d8-152186a98348" = Dora's World Adventure
"WTA-67b8a3ef-12a1-4024-b64a-405e1b20f11b" = Torchlight
"WTA-84c3dbd0-151b-4eb5-bc3a-1541ca05069d" = The Treasures of Mystery Island: The Ghost Ship
"WTA-8950283f-4566-4cb4-9122-6d53accc1f91" = Polar Bowler
"WTA-90655054-2c52-4a67-a839-c174240647f4" = Poker Superstars III
"WTA-a5395e8f-0acd-498b-998c-21a1f5eb4985" = Virtual Villagers 4 - The Tree of Life
"WTA-ad40e49a-baa3-4ff4-95eb-f5b34e02a095" = Plants vs. Zombies - Game of the Year
"WTA-b89a9bb9-72d5-4cdb-af1e-3935c944c078" = Final Drive Fury
"WTA-bb43eb8a-6fb5-4c39-98b7-a1fb8f534ffe" = Farmscapes
"WTA-d23e4ae1-348d-4bc0-b7c5-997eff7e907c" = John Deere Drive Green
"WTA-d7e74ab7-3c49-4c07-98e6-fe54474a5f21" = Letters from Nowhere 2
"WTA-e976c1cf-6d8c-42c0-9349-0e8eac549827" = Hoyle Card Games
"WTA-e9f5144d-12f0-410e-a88f-e94c4cee633a" = Cradle of Rome 2
"WTA-eeccd19e-b4fa-49fc-9265-d083598a48cc" = Farm Frenzy

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2402188637-1411961547-313052980-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"UpdaterEX" = Extended Update

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 06/09/2013 13:30:11 | Computer Name = Claire-HP | Source = WinMgmt | ID = 10
Description =

Error - 06/09/2013 13:32:23 | Computer Name = Claire-HP | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://ctldl.windows...uthrootstl.cab>
with error: The data is invalid. .

Error - 06/09/2013 13:32:38 | Computer Name = Claire-HP | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://ctldl.windows...uthrootstl.cab>
with error: The data is invalid. .

Error - 06/09/2013 13:36:28 | Computer Name = Claire-HP | Source = Application Error | ID = 1000
Description = Faulting application name: HPAuto.exe, version: 1.0.12935.3667, time
stamp: 0x4d5cc461 Faulting module name: HPAuto.exe, version: 1.0.12935.3667, time
stamp: 0x4d5cc461 Exception code: 0xc0000005 Fault offset: 0x0000000000007be2 Faulting
process id: 0x938 Faulting application start time: 0x01ceab2796ff6be6 Faulting application
path: C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe Faulting module path:
C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe Report Id: dbbf6df6-171a-11e3-9ba9-60d819e12977

Error - 06/09/2013 13:36:32 | Computer Name = Claire-HP | Source = WinMgmt | ID = 10
Description =

Error - 06/09/2013 13:41:09 | Computer Name = Claire-HP | Source = Application Error | ID = 1000
Description = Faulting application name: HPAuto.exe, version: 1.0.12935.3667, time
stamp: 0x4d5cc461 Faulting module name: HPAuto.exe, version: 1.0.12935.3667, time
stamp: 0x4d5cc461 Exception code: 0xc0000005 Fault offset: 0x0000000000007be2 Faulting
process id: 0x954 Faulting application start time: 0x01ceab284086e78d Faulting application
path: C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe Faulting module path:
C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe Report Id: 837de169-171b-11e3-8f58-60d819e12977

Error - 06/09/2013 13:41:21 | Computer Name = Claire-HP | Source = WinMgmt | ID = 10
Description =

Error - 08/09/2013 12:46:06 | Computer Name = Claire-HP | Source = WinMgmt | ID = 10
Description =

Error - 08/09/2013 12:46:08 | Computer Name = Claire-HP | Source = Application Error | ID = 1000
Description = Faulting application name: HPAuto.exe, version: 1.0.12935.3667, time
stamp: 0x4d5cc461 Faulting module name: HPAuto.exe, version: 1.0.12935.3667, time
stamp: 0x4d5cc461 Exception code: 0xc0000005 Fault offset: 0x0000000000007be2 Faulting
process id: 0x9d8 Faulting application start time: 0x01ceacb2e3571949 Faulting application
path: C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe Faulting module path:
C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe Report Id: 283a06f0-18a6-11e3-8a5a-60d819e12977

Error - 15/09/2013 15:44:04 | Computer Name = Claire-HP | Source = Application Error | ID = 1000
Description = Faulting application name: HPAuto.exe, version: 1.0.12935.3667, time
stamp: 0x4d5cc461 Faulting module name: HPAuto.exe, version: 1.0.12935.3667, time
stamp: 0x4d5cc461 Exception code: 0xc0000005 Fault offset: 0x0000000000007be2 Faulting
process id: 0x8f8 Faulting application start time: 0x01ceb24be9f990cc Faulting application
path: C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe Faulting module path:
C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe Report Id: 2d0f7c8b-1e3f-11e3-9ff0-001e101f7fb6

Error - 15/09/2013 15:44:41 | Computer Name = Claire-HP | Source = WinMgmt | ID = 10
Description =

[ Hewlett-Packard Events ]
Error - 26/06/2013 06:02:10 | Computer Name = Claire-HP | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088 at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace:
at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe
Version:
06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
en-US RAM: 3689 Ram Utilization: 30 TargetSite: Void UpdateAndDetect()

Error - 04/07/2013 15:54:17 | Computer Name = Claire-HP | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088 at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace:
at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe
Version:
06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
en-US RAM: 3689 Ram Utilization: 40 TargetSite: Void UpdateAndDetect()

Error - 14/07/2013 06:24:47 | Computer Name = Claire-HP | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088 at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace:
at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe
Version:
06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
en-US RAM: 3689 Ram Utilization: 50 TargetSite: Void UpdateAndDetect()

Error - 04/08/2013 11:59:25 | Computer Name = Claire-HP | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088 at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace:
at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe
Version:
06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
en-US RAM: 3689 Ram Utilization: TargetSite: Void UpdateAndDetect()

Error - 08/09/2013 12:58:24 | Computer Name = Claire-HP | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088 at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace:
at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe
Version:
06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
en-US RAM: 3689 Ram Utilization: TargetSite: Void UpdateAndDetect()

Error - 04/10/2013 16:20:15 | Computer Name = Claire-HP | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088 at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace:
at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe
Version:
06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
en-US RAM: 3689 Ram Utilization: 50 TargetSite: Void UpdateAndDetect()

Error - 20/10/2013 09:42:45 | Computer Name = Claire-HP | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088 at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace:
at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe
Version:
06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
en-US RAM: 3689 Ram Utilization: TargetSite: Void UpdateAndDetect()

Error - 09/11/2013 10:03:35 | Computer Name = Claire-HP | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088 at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace:
at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe
Version:
06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
en-US RAM: 3689 Ram Utilization: 40 TargetSite: Void UpdateAndDetect()

Error - 23/11/2013 09:37:12 | Computer Name = Claire-HP | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088 at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace:
at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe
Version:
06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
en-US RAM: 3689 Ram Utilization: 50 TargetSite: Void UpdateAndDetect()

Error - 08/12/2013 18:06:59 | Computer Name = Claire-HP | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088 at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace:
at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe
Version:
06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
en-US RAM: 3689 Ram Utilization: 40 TargetSite: Void UpdateAndDetect()

[ HP Software Framework Events ]
Error - 23/11/2013 09:37:51 | Computer Name = Claire-HP | Source = CaslWmi | ID = 5
Description = 2013/11/23 13:37:51.983|00001338|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

Error - 23/11/2013 09:38:09 | Computer Name = Claire-HP | Source = CaslWmi | ID = 5
Description = 2013/11/23 13:38:09.239|00000678|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

Error - 23/11/2013 09:38:16 | Computer Name = Claire-HP | Source = CaslWmi | ID = 5
Description = 2013/11/23 13:38:16.044|0000111C|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

Error - 23/11/2013 09:38:35 | Computer Name = Claire-HP | Source = CaslWmi | ID = 5
Description = 2013/11/23 13:38:35.756|00000E70|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

Error - 08/12/2013 18:07:13 | Computer Name = Claire-HP | Source = CaslWmi | ID = 5
Description = 2013/12/08 22:07:13.824|000015B0|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

Error - 08/12/2013 18:07:19 | Computer Name = Claire-HP | Source = CaslWmi | ID = 5
Description = 2013/12/08 22:07:19.054|00000564|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

Error - 03/01/2014 17:37:55 | Computer Name = Claire-HP | Source = CaslWmi | ID = 5
Description = 2014/01/03 21:37:55.747|000002AC|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

Error - 03/01/2014 17:37:59 | Computer Name = Claire-HP | Source = CaslWmi | ID = 5
Description = 2014/01/03 21:37:59.810|00001484|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

Error - 03/01/2014 17:38:08 | Computer Name = Claire-HP | Source = CaslWmi | ID = 5
Description = 2014/01/03 21:38:08.407|00000424|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

Error - 03/01/2014 17:38:12 | Computer Name = Claire-HP | Source = CaslWmi | ID = 5
Description = 2014/01/03 21:38:12.039|00001764|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

[ System Events ]
Error - 06/01/2014 18:59:59 | Computer Name = Claire-HP | Source = DCOM | ID = 10010
Description =

Error - 06/01/2014 19:00:05 | Computer Name = Claire-HP | Source = DCOM | ID = 10005
Description =

Error - 06/01/2014 19:00:05 | Computer Name = Claire-HP | Source = Service Control Manager | ID = 7038
Description = The upnphost service was unable to log on as NT AUTHORITY\LocalService
with the currently configured password due to the following error: %%1352 To ensure
that the service is configured properly, use the Services snap-in in Microsoft
Management Console (MMC).

Error - 06/01/2014 19:00:05 | Computer Name = Claire-HP | Source = Service Control Manager | ID = 7000
Description = The UPnP Device Host service failed to start due to the following
error: %%1069

Error - 06/01/2014 19:00:05 | Computer Name = Claire-HP | Source = Service Control Manager | ID = 7038
Description = The upnphost service was unable to log on as NT AUTHORITY\LocalService
with the currently configured password due to the following error: %%1352 To ensure
that the service is configured properly, use the Services snap-in in Microsoft
Management Console (MMC).

Error - 06/01/2014 19:00:05 | Computer Name = Claire-HP | Source = Service Control Manager | ID = 7000
Description = The UPnP Device Host service failed to start due to the following
error: %%1069

Error - 19/01/2014 15:44:13 | Computer Name = Claire-HP | Source = Application Popup | ID = 1060
Description = \??\C:\Windows\SysWow64\drivers\mdvrmng.sys has been blocked from
loading due to incompatibility with this system. Please contact your software vendor
for a compatible version of the driver.

Error - 19/01/2014 15:44:13 | Computer Name = Claire-HP | Source = Service Control Manager | ID = 7000
Description = The Mobile IP Route Manager service failed to start due to the following
error: %%1275

Error - 19/01/2014 15:45:00 | Computer Name = Claire-HP | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
cdrom

Error - 19/01/2014 15:45:03 | Computer Name = Claire-HP | Source = Service Control Manager | ID = 7034
Description = The HP Auto service terminated unexpectedly. It has done this 1 time(s).


< End of report >


Thank you again!!!!

Edited by nigella, 19 January 2014 - 03:17 PM.

  • 0

Advertisements

#2
godawgs
Posted 19 January 2014 - 04:14 PM

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Hello nigella, :wave: Welcome to the forums!
:welcome:. My name is godawgs and I will be assisting you with your Virus / Malware issues.
I will start working on your Malware issues. This may, or may not, solve other issues you have with your machine. The fixes are specific to your problem and should only be used for this issue on this machine!

If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed.
If you have not, please adhere to the guidelines below and then carefully follow all future instructions:

You must reply to posts within four days. If you haven't replied within that time, the topic will be closed! If you need additional time to complete things, just let me know.
If you're not sure, or if something unexpected happens, Do NOT continue! Stop and ask!

This board can notify you when a new reply is added to a topic. Please read this topic to find out how to do that.

Please do not run any tools unless instructed to do so.
  • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability. Do as the instructions ask, nothing extra. Do Not run things twice unless instructed.
  • Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  • If I ask a Question just answer it, don't run anything unless directed to.
Please read every post completely before doing anything.
  • Pay special attention to the NOTE: lines, or anything in red. These entries identify an individual issue or important step in the cleanup process.
  • Please make sure you are saving and printing the instructions out prior to each fix, this way you will have them on hand just in case you are unable to access this site. Some of the steps I will be asking you to do may require you to boot into Safe Mode and this process will be much easier for you to perform if the instructions are printed out for you to follow.
  • Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post unless directed otherwise.
Logs from malware diagnostic or removal programs (OTL is one of them) can take some time to analyze.
  • I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forum, (sometimes :lol: )
  • Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
Lastly, Please be aware that removing Malware is a hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. Some infections are so severe that we might encounter situations where the only recourse is to re-format and re-install your operating system. Don't worry, this only happens in severe cases, but, sadly, it does happen.
In light of this be prepared to back up your data. Have means of backing up your data available.

IMPORTANT:Change your browser(s) to download any tools to the desktop.
Follow the directions here
For FireFox check the dot beside "Always ask me where to save files."
For Chrome, check the box beside "Ask where to save each file before downloading"
NOTE: IE8 Does not support changing download locations in this manner. You will need to download the tool(s) to the default folder, usually Downloads, then copy them to the desktop.

I am analyzing your logs now. There is a lot of malicious toolbar and Browser Helper Object rubbish on the machine. I will be back as soon as I have identified all I can see here.
  • 0

#3
godawgs
Posted 19 January 2014 - 04:45 PM

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Hello again. Like I said, I see a lot of dubious toolbars and BHOs on the system and some nefarius programs but nothing major. Let's get started.


Windows Sidebar Advice

Your log shows Windows sidebar running. I recommend that you disable the sidebar.

Microsoft has discovered a security vulnerability in Windows Sidebar and Gadgets. If you are not aware of this, Windows Sidebar(gadgets) has the potential to compromise the security of a machine it is running on as mentioned here. So it would be best to disable this feature.

Download the Disable Windows Sidebar and Gadgets Fix-it on this page to your desktop.

Once downloaded, double-click on MicrosoftFixit50906.msi >> follow the prompts >> reboot your machine if not advised to do so.


Step-2.

Uninstall Programs

1. Please click the Start Orb Posted Image, click Control Panel. Under the Programs or Programs and Features heading click Uninstall a program
2. In the list of programs installed, locate the following program(s):

Jump Flip
DealsCompare
Coupon Printer
Mysearchdial
Feven 1.7
Optimizer Pro v3.2
Video Download Converter version 1.0.0.0
VideoDownloadConverter Toolbar

3. Right click each program and click Uninstall
4. After the programs have been uninstalled, close the Installed Programs window and the Control Panel.
5. Reboot the computer.

Delete the folders associated with the uninstalled programs.(Only do this if you uninstalled the program)


Step-2.

Posted Image OTL Fix

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

1. Please copy all of the text in the quote box below (Do Not copy the word Quote. To do this, highlight everything
inside the quote box (except the word Quote) , right click and click Copy.

:COMMANDS
[createrestorepoint]

:OTL
PRC - [2014/01/19 20:23:08 | 000,097,056 | ---- | M] () -- C:\Program Files (x86)\Jump Flip\updateJumpFlip.exe
PRC - [2014/01/19 19:50:08 | 000,097,056 | ---- | M] () -- C:\Program Files (x86)\Jump Flip\bin\utilJumpFlip.exe
PRC - [2014/01/04 15:34:53 | 000,143,488 | ---- | M] () -- c:\Program Files (x86)\Optimizer Pro\OptProCrash.exe
PRC - [2012/08/27 08:11:39 | 000,042,504 | ---- | M] (COMPANYVERS_NAME) -- C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zbarsvc.exe
PRC - [2012/08/27 08:11:39 | 000,030,096 | ---- | M] (VER_COMPANY_NAME) -- C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zbrmon.exe
SRV - [2014/01/19 20:23:08 | 000,097,056 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Jump Flip\updateJumpFlip.exe -- (Update Jump Flip)
SRV - [2014/01/19 19:50:08 | 000,097,056 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Jump Flip\bin\utilJumpFlip.exe -- (Util Jump Flip)
SRV - [2014/01/04 15:34:53 | 000,143,488 | ---- | M] () [Auto | Running] -- c:\Program Files (x86)\Optimizer Pro\OptProCrash.exe -- (70e6ca8c)
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.mysearc...=1563783077&ir=
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://start.mysearc...=1563783077&ir=
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.mysearc...=1563783077&ir=
IE - HKLM\..\SearchScopes\{cf6e4b1c-dbde-457e-9cef-ab8ecac8a5e8}: "URL" = http://search.mywebs...r={searchTerms}
IE - HKU\S-1-5-21-2402188637-1411961547-313052980-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://feed.snapdo.c...e={installDate}
IE - HKU\S-1-5-21-2402188637-1411961547-313052980-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://feed.snapdo.c...e={installDate}
IE - HKU\S-1-5-21-2402188637-1411961547-313052980-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://feed.snapdo.c...e={installDate}
IE - HKU\S-1-5-21-2402188637-1411961547-313052980-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://feed.snapdo.c...e={installDate}
IE - HKU\S-1-5-21-2402188637-1411961547-313052980-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://feed.snapdo.c...e={installDate}
IE - HKU\S-1-5-21-2402188637-1411961547-313052980-1000\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}
IE - HKU\S-1-5-21-2402188637-1411961547-313052980-1000\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://feed.snapdo.c...e={installDate}
IE - HKU\S-1-5-21-2402188637-1411961547-313052980-1000\..\SearchScopes\{cf6e4b1c-dbde-457e-9cef-ab8ecac8a5e8}: "URL" = http://search.mywebs...r={searchTerms}
FF - HKLM\Software\MozillaPlugins\@VideoDownloadConverter_4z.com/Plugin: C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\NP4zStub.dll (MindSpark)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\4zffxtbr@VideoDownloadConverter_4z.com: C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin [2012/08/27 08:11:42 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{0011ebb6-4390-4e21-a2e3-8dd2a85e92d2}: C:\Program Files (x86)\DealsCompare\150.xpi [2014/01/04 15:34:40 | 000,021,428 | ---- | M] ()
O2:64bit: - BHO: (Feven 1.7) - {11111111-1111-1111-1111-110411051194} - C:\Program Files (x86)\Feven 1.7\Feven 1.7-bho64.dll (Feven)
O2 - BHO: (Feven 1.7) - {11111111-1111-1111-1111-110411051194} - C:\Program Files (x86)\Feven 1.7\Feven 1.7-bho.dll (Feven)
O2 - BHO: (DealsCompare) - {2b9129aa-16e0-4bc5-9a60-268fe0254bac} - C:\Program Files (x86)\DealsCompare\150.dll ()
O2 - BHO: (Toolbar BHO) - {312f84fb-8970-4fd3-bddb-7012eac4afc9} - C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zbar.dll (MindSpark)
O2 - BHO: (mysearchdial Helper Object) - {EF5625A3-37AB-4BDB-9875-2A3D91CD0DFD} - C:\Program Files (x86)\Mysearchdial\1.8.21.0\bh\mysearchdial.dll (Ironsource Israel (2011) LTD)
O3:64bit: - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O3 - HKLM\..\Toolbar: (mysearchdial Toolbar) - {3004627E-F8E9-4E8B-909D-316753CBA923} - C:\Program Files (x86)\Mysearchdial\1.8.21.0\mysearchdialTlbr.dll (Ironsource Israel (2011) LTD)
O3 - HKLM\..\Toolbar: (VideoDownloadConverter) - {48586425-6bb7-4f51-8dc6-38c88e3ebb58} - C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zbar.dll (MindSpark)
O3 - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O3 - HKU\S-1-5-21-2402188637-1411961547-313052980-1000\..\Toolbar\WebBrowser: (VideoDownloadConverter) - {48586425-6BB7-4F51-8DC6-38C88E3EBB58} - C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zbar.dll (MindSpark)
O4 - HKLM..\Run: [VideoDownloadConverter Search Scope Monitor] C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zSrchMn.exe (MindSpark)
O4 - HKLM..\Run: [VideoDownloadConverter_4z Browser Plugin Loader] C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zbrmon.exe (VER_COMPANY_NAME)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2402188637-1411961547-313052980-1000..\Run: [NextLive] C:\Users\Claire\AppData\Roaming\newnext.me\nengine.dll (NewNextDotMe)
O4 - HKU\S-1-5-21-2402188637-1411961547-313052980-1000..\Run: [Optimizer Pro] C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe ()
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\OPTIMI~1\OPTPRO~2.DLL) - C:\Program Files (x86)\Optimizer Pro\OptProCrash_x64.dll ()
O20 - AppInit_DLLs: (c:\progra~2\optimi~1\optpro~1.dll) - c:\Program Files (x86)\Optimizer Pro\OptProCrash.dll ()
O33 - MountPoints2\{22696d06-5e96-11e2-994d-60d819e12977}\Shell - "" = AutoRun
O33 - MountPoints2\{22696d06-5e96-11e2-994d-60d819e12977}\Shell\AutoRun\command - "" = H:\iLinker.exe
O33 - MountPoints2\{3d4b3b2a-7422-11e1-ae3f-60d819e12977}\Shell - "" = AutoRun
O33 - MountPoints2\{3d4b3b2a-7422-11e1-ae3f-60d819e12977}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{3d4b3c55-7422-11e1-ae3f-60d819e12977}\Shell - "" = AutoRun
O33 - MountPoints2\{3d4b3c55-7422-11e1-ae3f-60d819e12977}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{9d9e8836-cbf5-11e1-9086-ec9a7442cc8d}\Shell - "" = AutoRun
O33 - MountPoints2\{9d9e8836-cbf5-11e1-9086-ec9a7442cc8d}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{9dbfe763-7426-11e1-905a-60d819e12977}\Shell - "" = AutoRun
O33 - MountPoints2\{9dbfe763-7426-11e1-905a-60d819e12977}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\AutoRun.exe
[2014/01/04 15:34:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Optimizer Pro
[2014/01/04 15:34:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DealsCompare
[2014/01/04 15:34:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Feven 1.7
[2014/01/04 15:11:05 | 000,000,000 | ---D | C] -- C:\Users\Claire\AppData\Roaming\mysearchdial
[2014/01/04 15:10:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mysearchdial
[2014/01/19 20:11:03 | 000,000,296 | ---- | M] () -- C:\Windows\tasks\MySearchDial.job
[2014/01/19 19:47:36 | 000,000,392 | ---- | M] () -- C:\Windows\tasks\DealsCompare Update.job
[2014/01/19 19:44:42 | 000,001,336 | ---- | M] () -- C:\Windows\tasks\Feven 1.7-updater.job
[2014/01/19 19:44:28 | 000,002,020 | ---- | M] () -- C:\Windows\tasks\Feven 1.7-firefoxinstaller.job
[2014/01/19 19:44:28 | 000,001,978 | ---- | M] () -- C:\Windows\tasks\Feven 1.7-chromeinstaller.job
[2014/01/19 19:44:25 | 000,001,238 | ---- | M] () -- C:\Windows\tasks\Feven 1.7-codedownloader.job
[2014/01/19 19:44:25 | 000,001,138 | ---- | M] () -- C:\Windows\tasks\Feven 1.7-enabler.job
[2014/01/04 15:11:13 | 000,000,393 | ---- | M] () -- C:\Users\Claire\Desktop\MySearchDial.url
[2014/01/04 15:11:13 | 000,000,388 | ---- | M] () -- C:\Users\Claire\Desktop\FREE Games.url
[2014/01/04 15:11:04 | 000,351,124 | ---- | M] () -- C:\Users\Claire\AppData\Local\mysearchdial-speeddial.crx

:FILES
C:\Users\Claire\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajppokcpihekimknckddpgkbiphmaglg\1.26.64_0\
C:\Program Files (x86)\Jump Flip
C:\Program Files (x86)\VideoDownloadConverter_4z
C:\Program Files (x86)\Mysearchdial
ipconfig /flushdns /c
netsh advfirewall reset /c
netsh advfirewall set allprofiles state ON /c

:COMMANDS
[emptytemp]


Warning: This fix is relevant for this system and no other. If you are not this user, DO NOT follow these directions as they could damage the workings of your system.

2. Please re-open Posted Image on your desktop. To do that:
  • Vista and 7 users: Right click the icon and click Run as Administrator
3. Place the mouse pointer inside the Posted Image textbox, right click and click Paste. This will put the above script inside the textbox.
4. Click the Posted Image button.
5. Let the program run unhindered.
6. OTL may ask to reboot the machine. Please do so if asked.
7. Click the Posted Image button.
8. A report will open. Copy and Paste that report in your next reply.
9. If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, (where mmddyyyy_hhmmss is the date of the tool run).


Step-3.

AdwCleaner by Xplode

Download AdwCleaner. Click here and then click the Download Now @ BleepingComputer button. Save the file to the desktop.

NOTE: If you are using IE 8 or above you may get a warning that stops the program from downloading. Just click on the warning and allow the download to complete.

Close all open windows and browsers.
  • Right click the AdwCleaner icon Posted Image on the desktop, click Run as administrator and accept the UAC prompt to run AdwCleaner.

    Posted Image
  • Click the Scan button and wait for the scan to finish.
  • After the Scan has finished the window may or may not show what it found and above the progress bar you will see Pending. Please uncheck elements you don't want to remove. Please don't delete anything at this time.
  • Click the Report button to get the log.
  • Copy and Paste it into your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[R0].txt.
  • Click the X in the upper right corner of the program or click the File menu and click Exit to close the program.
NOTE: If you see AVG Secure Search being targeted for deletion, Here's Why and Here. You can always Reinstall it.


Step-4.

Please run OTL again and click the Posted Image button. Post the log it produces in your next reply.


Step-5.

Things For Your Next Post:
Please post the logs in the order requested. Please don't attach the logs unless I request it.
1. Let me know how the uninstalls went.
2. The OTL fixes log
3. The AdwCleaner[R0].txt log
4. The new OTL.txt log
  • 0

#4
nigella
Posted 19 January 2014 - 07:26 PM

nigella

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 231 posts
the uninstalls appeared to go ok ie seemed to close unexpectedly on some of them.

here is the OTL fix log

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
No active process named updateJumpFlip.exe was found!
No active process named utilJumpFlip.exe was found!
No active process named OptProCrash.exe was found!
No active process named 4zbarsvc.exe was found!
No active process named 4zbrmon.exe was found!
Error: No service named Update Jump Flip was found to stop!
Service\Driver key Update Jump Flip not found.
File C:\Program Files (x86)\Jump Flip\updateJumpFlip.exe not found.
Error: No service named Util Jump Flip was found to stop!
Service\Driver key Util Jump Flip not found.
File C:\Program Files (x86)\Jump Flip\bin\utilJumpFlip.exe not found.
Error: No service named 70e6ca8c was found to stop!
Service\Driver key 70e6ca8c not found.
File c:\Program Files (x86)\Optimizer Pro\OptProCrash.exe not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{cf6e4b1c-dbde-457e-9cef-ab8ecac8a5e8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cf6e4b1c-dbde-457e-9cef-ab8ecac8a5e8}\ not found.
HKU\S-1-5-21-2402188637-1411961547-313052980-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Bar| /E : value set successfully!
HKU\S-1-5-21-2402188637-1411961547-313052980-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Page| /E : value set successfully!
HKU\S-1-5-21-2402188637-1411961547-313052980-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKU\S-1-5-21-2402188637-1411961547-313052980-1000\SOFTWARE\Microsoft\Internet Explorer\Search\\Default_Search_URL| /E : value set successfully!
HKU\S-1-5-21-2402188637-1411961547-313052980-1000\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully!
HKEY_USERS\S-1-5-21-2402188637-1411961547-313052980-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-2402188637-1411961547-313052980-1000\Software\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{006ee092-9658-4fd6-bd8e-a21a348e59f5}\ not found.
Registry key HKEY_USERS\S-1-5-21-2402188637-1411961547-313052980-1000\Software\Microsoft\Internet Explorer\SearchScopes\{cf6e4b1c-dbde-457e-9cef-ab8ecac8a5e8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cf6e4b1c-dbde-457e-9cef-ab8ecac8a5e8}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@VideoDownloadConverter_4z.com/Plugin\ not found.
File C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\NP4zStub.dll not found.
Registry value HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\4zffxtbr@VideoDownloadConverter_4z.com not found.
File C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin not found.
Registry value HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{0011ebb6-4390-4e21-a2e3-8dd2a85e92d2} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0011ebb6-4390-4e21-a2e3-8dd2a85e92d2}\ not found.
File C:\Program Files (x86)\DealsCompare\150.xpi [2014/01/04 15:34:40 | 000,021,428 | ---- | M] not found.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110411051194}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110411051194}\ not found.
File C:\Program Files (x86)\Feven 1.7\Feven 1.7-bho64.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110411051194}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110411051194}\ not found.
File C:\Program Files (x86)\Feven 1.7\Feven 1.7-bho.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2b9129aa-16e0-4bc5-9a60-268fe0254bac}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2b9129aa-16e0-4bc5-9a60-268fe0254bac}\ not found.
File C:\Program Files (x86)\DealsCompare\150.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{312f84fb-8970-4fd3-bddb-7012eac4afc9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{312f84fb-8970-4fd3-bddb-7012eac4afc9}\ not found.
File C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zbar.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EF5625A3-37AB-4BDB-9875-2A3D91CD0DFD}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF5625A3-37AB-4BDB-9875-2A3D91CD0DFD}\ not found.
File C:\Program Files (x86)\Mysearchdial\1.8.21.0\bh\mysearchdial.dll not found.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{ae07101b-46d4-4a98-af68-0333ea26e113} deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ae07101b-46d4-4a98-af68-0333ea26e113}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{3004627E-F8E9-4E8B-909D-316753CBA923} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3004627E-F8E9-4E8B-909D-316753CBA923}\ not found.
File C:\Program Files (x86)\Mysearchdial\1.8.21.0\mysearchdialTlbr.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{48586425-6bb7-4f51-8dc6-38c88e3ebb58} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{48586425-6bb7-4f51-8dc6-38c88e3ebb58}\ not found.
File C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{ae07101b-46d4-4a98-af68-0333ea26e113} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ae07101b-46d4-4a98-af68-0333ea26e113}\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2402188637-1411961547-313052980-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{48586425-6BB7-4F51-8DC6-38C88E3EBB58} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{48586425-6BB7-4F51-8DC6-38C88E3EBB58}\ not found.
File C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\VideoDownloadConverter Search Scope Monitor not found.
File C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zSrchMn.exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\VideoDownloadConverter_4z Browser Plugin Loader not found.
File C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zbrmon.exe not found.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run\\Sidebar deleted successfully.
File move failed. C:\Program Files (x86)\Windows Sidebar\sidebar.exe scheduled to be moved on reboot.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run\\Sidebar deleted successfully.
File move failed. C:\Program Files (x86)\Windows Sidebar\sidebar.exe scheduled to be moved on reboot.
Registry value HKEY_USERS\S-1-5-21-2402188637-1411961547-313052980-1000\Software\Microsoft\Windows\CurrentVersion\Run\\NextLive deleted successfully.
C:\Users\Claire\AppData\Roaming\newnext.me\nengine.dll moved successfully.
Registry value HKEY_USERS\S-1-5-21-2402188637-1411961547-313052980-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Optimizer Pro not found.
File C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe not found.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\PROGRA~2\OPTIMI~1\OPTPRO~2.DLL deleted successfully.
File C:\Program Files (x86)\Optimizer Pro\OptProCrash_x64.dll not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:c:\progra~2\optimi~1\optpro~1.dll deleted successfully.
File c:\Program Files (x86)\Optimizer Pro\OptProCrash.dll not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{22696d06-5e96-11e2-994d-60d819e12977}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{22696d06-5e96-11e2-994d-60d819e12977}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{22696d06-5e96-11e2-994d-60d819e12977}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{22696d06-5e96-11e2-994d-60d819e12977}\ not found.
File H:\iLinker.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3d4b3b2a-7422-11e1-ae3f-60d819e12977}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3d4b3b2a-7422-11e1-ae3f-60d819e12977}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3d4b3b2a-7422-11e1-ae3f-60d819e12977}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3d4b3b2a-7422-11e1-ae3f-60d819e12977}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3d4b3c55-7422-11e1-ae3f-60d819e12977}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3d4b3c55-7422-11e1-ae3f-60d819e12977}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3d4b3c55-7422-11e1-ae3f-60d819e12977}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3d4b3c55-7422-11e1-ae3f-60d819e12977}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9d9e8836-cbf5-11e1-9086-ec9a7442cc8d}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9d9e8836-cbf5-11e1-9086-ec9a7442cc8d}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9d9e8836-cbf5-11e1-9086-ec9a7442cc8d}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9d9e8836-cbf5-11e1-9086-ec9a7442cc8d}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9dbfe763-7426-11e1-905a-60d819e12977}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9dbfe763-7426-11e1-905a-60d819e12977}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9dbfe763-7426-11e1-905a-60d819e12977}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9dbfe763-7426-11e1-905a-60d819e12977}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ not found.
File F:\AutoRun.exe not found.
Folder C:\Program Files (x86)\Optimizer Pro\ not found.
C:\Program Files (x86)\DealsCompare folder moved successfully.
Folder C:\Program Files (x86)\Feven 1.7\ not found.
Folder C:\Users\Claire\AppData\Roaming\mysearchdial\ not found.
Folder C:\Program Files (x86)\Mysearchdial\ not found.
File C:\Windows\tasks\MySearchDial.job not found.
File C:\Windows\tasks\DealsCompare Update.job not found.
File C:\Windows\tasks\Feven 1.7-updater.job not found.
File C:\Windows\tasks\Feven 1.7-firefoxinstaller.job not found.
File C:\Windows\tasks\Feven 1.7-chromeinstaller.job not found.
File C:\Windows\tasks\Feven 1.7-codedownloader.job not found.
File C:\Windows\tasks\Feven 1.7-enabler.job not found.
C:\Users\Claire\Desktop\MySearchDial.url moved successfully.
C:\Users\Claire\Desktop\FREE Games.url moved successfully.
C:\Users\Claire\AppData\Local\mysearchdial-speeddial.crx moved successfully.
========== FILES ==========
Folder C:\Users\Claire\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajppokcpihekimknckddpgkbiphmaglg\1.26.64_0 not found.
C:\Program Files (x86)\Jump Flip folder moved successfully.
File\Folder C:\Program Files (x86)\VideoDownloadConverter_4z not found.
File\Folder C:\Program Files (x86)\Mysearchdial not found.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Claire\Desktop\cmd.bat deleted successfully.
C:\Users\Claire\Desktop\cmd.txt deleted successfully.
< netsh advfirewall reset /c >
Ok.
C:\Users\Claire\Desktop\cmd.bat deleted successfully.
C:\Users\Claire\Desktop\cmd.txt deleted successfully.
< netsh advfirewall set allprofiles state ON /c >
Ok.
C:\Users\Claire\Desktop\cmd.bat deleted successfully.
C:\Users\Claire\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Claire
->Temp folder emptied: 301710735 bytes
->Temporary Internet Files folder emptied: 1409420600 bytes
->Google Chrome cache emptied: 121545358 bytes
->Flash cache emptied: 16439 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1006492800 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 78173 bytes
RecycleBin emptied: 42364824 bytes

Total Files Cleaned = 2,748.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 01192014_234840

Files\Folders moved on Reboot...
File move failed. C:\Program Files (x86)\Windows Sidebar\sidebar.exe scheduled to be moved on reboot.
C:\Users\Claire\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File\Folder C:\Users\Claire\AppData\Local\Temp\~DF54D4AC604F00C6A5.TMP not found!
File\Folder C:\Users\Claire\AppData\Local\Temp\~DF5C9CBCAC5FEC44E4.TMP not found!
File\Folder C:\Users\Claire\AppData\Local\Temp\~DF60D1D3DC640090EE.TMP not found!
File\Folder C:\Users\Claire\AppData\Local\Temp\~DFA71E71778C426117.TMP not found!
File\Folder C:\Users\Claire\AppData\Local\Temp\~DFAD7CFA16A4751A3E.TMP not found!
File\Folder C:\Users\Claire\AppData\Local\Temp\~DFB9AE3F35BBE7C923.TMP not found!
File\Folder C:\Users\Claire\AppData\Local\Temp\~DFC531449B854C2988.TMP not found!
File\Folder C:\Users\Claire\AppData\Local\Temp\~DFF6472BC07AC98AD1.TMP not found!
C:\Users\Claire\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\Y0KTP97J\page__pid__2368298[1].htm moved successfully.
C:\Users\Claire\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\X9QBT4HV\ba[1].htm moved successfully.
C:\Users\Claire\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\UNLB8D22\7773426[1].htm moved successfully.
C:\Users\Claire\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\UNLB8D22\8637129[1].htm moved successfully.
C:\Users\Claire\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BSBUKACP\6315301[1].htm moved successfully.
C:\Users\Claire\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BSBUKACP\7849922[1].htm moved successfully.
C:\Users\Claire\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\AY31QHH2\px[2].htm moved successfully.
C:\Users\Claire\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\AY31QHH2\px[3].htm moved successfully.
C:\Users\Claire\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1PE3EOYM\rt=ifr[6].htm moved successfully.
C:\Users\Claire\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1PE3EOYM\rt=ifr[7].htm moved successfully.
C:\Users\Claire\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\4A72F430-B40C-4D36-A068-CE33ADA5ADF9.dat moved successfully.
C:\Users\Claire\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.
C:\Users\Claire\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\SuggestedSites.dat moved successfully.
C:\Users\Claire\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

here is the AdwCleaner log

# AdwCleaner v3.017 - Report created 20/01/2014 at 01:02:29
# Updated 12/01/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Claire - CLAIRE-HP
# Running from : C:\Users\Claire\Desktop\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****

Service Found : BackupStack

***** [ Files / Folders ] *****

File Found : C:\Users\Claire\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_pflphaooapbgpeakohlggbpidpppgdff_0.localstorage
File Found : C:\Users\Claire\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
File Found : C:\Windows\System32\Tasks\UpdaterEX
File Found : C:\Windows\Tasks\UpdaterEX.job
Folder Found C:\Program Files (x86)\Mobogenie
Folder Found C:\Program Files (x86)\MyPC Backup
Folder Found C:\Users\Claire\AppData\Local\genienext
Folder Found C:\Users\Claire\AppData\Local\Mobogenie
Folder Found C:\Users\Claire\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mobogenie
Folder Found C:\Users\Claire\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup
Folder Found C:\Users\Claire\AppData\Roaming\newnext.me
Folder Found C:\Users\Claire\AppData\Roaming\UpdaterEX
Folder Found C:\Users\Claire\Documents\Mobogenie

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Found : HKCU\Software\AppDataLow\Software\Crossrider
Key Found : HKCU\Software\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff
Key Found : HKCU\Software\InstallCore
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3004627E-F8E9-4E8B-909D-316753CBA923}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{312F84FB-8970-4FD3-BDDB-7012EAC4AFC9}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{48586425-6BB7-4F51-8DC6-38C88E3EBB58}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C547C6C2-561B-4169-A2A5-20BA771CA93B}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF5625A3-37AB-4BDB-9875-2A3D91CD0DFD}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3004627E-F8E9-4E8B-909D-316753CBA923}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{312F84FB-8970-4FD3-BDDB-7012EAC4AFC9}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{48586425-6BB7-4F51-8DC6-38C88E3EBB58}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A86782D8-7B41-452F-A217-1854F72DBA54}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C547C6C2-561B-4169-A2A5-20BA771CA93B}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF5625A3-37AB-4BDB-9875-2A3D91CD0DFD}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\UpdaterEX
Key Found : HKCU\Software\SmartBar
Key Found : HKCU\Software\UpdaterEX
Key Found : [x64] HKCU\Software\InstallCore
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Found : [x64] HKCU\Software\SmartBar
Key Found : [x64] HKCU\Software\UpdaterEX
Key Found : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Found : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Found : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Found : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Found : HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{D40753C7-8A59-4C1F-BE88-C300F4624D5B}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\Mobogenie.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\mypc backup
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Mobogenie
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{17B10E59-09E1-4C39-A738-6774D7AB7778}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{1AD2049E-E483-4425-8555-8E0775ACB631}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{23119123-0854-469D-807A-171568457991}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{2D73F2D0-2FAB-458E-977D-2F9050E0ED60}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{2D9083CE-8758-4704-BA57-3C891D7452BD}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{3E9469AF-E866-4476-B767-810630F1F6E7}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{47700C35-9E3E-4DAD-934C-0CE28A87237C}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{716E443D-7CAA-44F1-866B-F45D00E712CC}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{72063D77-7590-4DA9-A7F8-F5ECAF3632C4}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{7FC87AC5-FA93-476E-A32C-A941229DED0B}
Key Found : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyPC Backup
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [mobilegeni daemon]

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16428

Setting Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tabs] - hxxp://start.mysearchdial.com/?f=2&a=dnldstr0101&cd=2XzuyEtN2Y1L1Qzu0E0Czy0AyByEyEtB0C0Czz0DyC0DtAtDtN0D0Tzu0SyBtAyDtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=1563783077&ir=
Setting Found : HKCU\Software\Microsoft\Internet Explorer\SearchUrl [Default] - hxxp://feed.snapdo.com/?publisher=Tuguu&dpid=Tuguu&co=GB&userid=4d7391ad-1b39-b27c-e3a9-5174d7d38eaa&searchtype=ds&q={searchTerms}&installDate={installDate}

-\\ Google Chrome v32.0.1700.76

[ File : C:\Users\Claire\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Found : homepage
Found : urls_to_restore_on_startup

*************************

AdwCleaner[R0].txt - [8104 octets] - [20/01/2014 01:02:29]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [8164 octets] ##########

Here is the OTL log (quickfix)

OTL logfile created on: 20/01/2014 01:06:28 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Claire\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16428)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.60 Gb Total Physical Memory | 2.27 Gb Available Physical Memory | 63.13% Memory free
7.20 Gb Paging File | 5.55 Gb Available in Paging File | 77.06% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 272.24 Gb Total Space | 193.98 Gb Free Space | 71.25% Space Free | Partition Type: NTFS
Drive D: | 21.69 Gb Total Space | 2.33 Gb Free Space | 10.76% Space Free | Partition Type: NTFS
Drive E: | 3.96 Gb Total Space | 1.08 Gb Free Space | 27.23% Space Free | Partition Type: FAT32

Computer Name: CLAIRE-HP | User Name: Claire | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/01/20 00:59:02 | 001,236,282 | ---- | M] () -- C:\Users\Claire\Desktop\AdwCleaner.exe
PRC - [2014/01/19 20:20:18 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Claire\Desktop\OTL.exe
PRC - [2014/01/04 15:29:28 | 000,761,536 | ---- | M] () -- C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
PRC - [2013/06/26 18:21:50 | 000,207,528 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2013/06/26 18:21:46 | 000,523,944 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2012/06/16 02:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ccsvchst.exe
PRC - [2012/02/15 11:58:00 | 000,577,408 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
PRC - [2012/02/15 11:58:00 | 000,034,872 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
PRC - [2011/10/08 02:10:48 | 000,169,528 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe
PRC - [2011/09/13 00:55:46 | 000,227,896 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2011/08/26 21:37:18 | 001,342,008 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
PRC - [2011/08/19 21:48:44 | 000,379,960 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
PRC - [2011/07/20 19:16:56 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
PRC - [2011/07/07 04:13:48 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
PRC - [2011/06/06 19:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/03/23 16:32:20 | 001,740,696 | ---- | M] () -- C:\Program Files (x86)\3 Mobile Broadband\3Connect\BecHelperService.exe
PRC - [2010/04/23 19:00:00 | 000,514,232 | ---- | M] (EasyBits Software AS) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe
PRC - [2010/04/23 19:00:00 | 000,514,232 | ---- | M] (EasyBits Software AS) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe


========== Modules (No Company Name) ==========

MOD - [2014/01/20 00:59:02 | 001,236,282 | ---- | M] () -- C:\Users\Claire\Desktop\AdwCleaner.exe
MOD - [2014/01/04 15:35:06 | 008,013,664 | ---- | M] () -- C:\Windows\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.mshtml.dll
MOD - [2014/01/04 15:29:28 | 000,761,536 | ---- | M] () -- C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
MOD - [2013/10/18 20:03:12 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ef0a534be135cd8f0d99d938d8b1814a\System.Windows.Forms.ni.dll
MOD - [2013/10/18 20:02:04 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\29f3ae8d313e62b4daed1107ccd29f9f\System.Configuration.ni.dll
MOD - [2013/09/15 19:58:25 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5aa44bce7933e4de09d935848f868a4b\System.Drawing.ni.dll
MOD - [2013/09/15 19:57:44 | 005,464,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\09db78d6068543df01862a023aca785a\System.Xml.ni.dll
MOD - [2013/09/15 19:57:33 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\5d22a30e587e2cac106b81fb351e7c08\System.ni.dll
MOD - [2013/07/15 20:10:06 | 011,499,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9a6c1b7af18b4d5a91dc7f8d6617522f\mscorlib.ni.dll
MOD - [2012/03/30 20:02:13 | 000,877,952 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\HP.SupportFramework\1.0.0.0__2a4860322af7ba08\HP.SupportFramework.dll


========== Services (SafeList) ==========

SRV:64bit: - [2013/11/26 09:18:09 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013/05/27 05:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2011/09/20 19:52:38 | 001,085,216 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:64bit: - [2011/07/01 05:26:56 | 000,302,592 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)
SRV:64bit: - [2011/06/29 18:49:38 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2011/05/27 19:20:12 | 000,030,520 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv)
SRV:64bit: - [2011/02/17 05:47:28 | 000,682,040 | ---- | M] (Hewlett-Packard) [Auto | Stopped] -- C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe -- (HPAuto)
SRV:64bit: - [2010/10/11 09:48:14 | 000,346,168 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc)
SRV:64bit: - [2010/09/23 01:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/03/03 10:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\IDT\WDM\AESTSr64.exe -- (AESTFilters)
SRV - [2013/09/19 22:45:18 | 000,038,440 | ---- | M] (Just Develop It) [Auto | Stopped] -- C:\Program Files (x86)\MyPC Backup\BackupStack.exe -- (BackupStack)
SRV - [2013/06/26 18:21:50 | 000,207,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2013/06/26 18:21:46 | 000,523,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2012/07/13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/06/16 02:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ccSvcHst.exe -- (NIS)
SRV - [2012/02/15 11:58:00 | 000,034,872 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)
SRV - [2011/09/13 00:55:46 | 000,227,896 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2011/09/10 00:10:28 | 000,086,072 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2011/08/01 22:43:36 | 000,195,320 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/07/20 19:16:56 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)
SRV - [2011/06/06 19:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/03/23 16:32:20 | 001,740,696 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\3 Mobile Broadband\3Connect\BecHelperService.exe -- (BecHelperService)
SRV - [2010/10/12 17:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 21:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/06/26 18:21:50 | 000,023,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2013/06/26 18:21:48 | 000,028,840 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2013/06/26 18:21:46 | 000,273,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2013/06/26 18:21:44 | 000,767,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2012/07/06 02:17:58 | 000,037,536 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\srtspx64.sys -- (SRTSPX)
DRV:64bit: - [2012/07/06 02:17:57 | 000,737,952 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2012/06/07 04:43:38 | 000,167,072 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\ccsetx64.sys -- (ccSet_NIS)
DRV:64bit: - [2012/05/22 01:37:12 | 001,129,120 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\symefa64.sys -- (SymEFA)
DRV:64bit: - [2012/04/18 02:13:32 | 000,405,624 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\symnets.sys -- (SymNetS)
DRV:64bit: - [2012/04/18 01:42:14 | 000,190,072 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\ironx64.sys -- (SymIRON)
DRV:64bit: - [2012/04/06 20:49:52 | 004,745,792 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2012/03/27 19:38:36 | 000,175,736 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2012/03/01 06:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/10/16 00:17:18 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/10/16 00:17:18 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/09/21 01:36:50 | 000,620,584 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (btwampfl)
DRV:64bit: - [2011/09/21 01:36:50 | 000,133,672 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bcbtums.sys -- (bcbtums)
DRV:64bit: - [2011/09/21 01:36:50 | 000,089,640 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwdpan.sys -- (BTWDPAN)
DRV:64bit: - [2011/09/21 01:36:44 | 000,178,728 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2011/09/21 01:36:44 | 000,167,976 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2011/09/21 01:36:44 | 000,039,976 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2011/09/21 01:36:44 | 000,021,544 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2011/08/08 12:36:06 | 000,053,376 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2011/07/25 18:18:36 | 000,451,192 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\symds64.sys -- (SymDS)
DRV:64bit: - [2011/07/01 05:26:56 | 000,528,896 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2011/06/29 20:12:28 | 009,371,136 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/06/29 18:11:20 | 000,309,760 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/06/21 02:53:38 | 001,452,080 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011/06/10 22:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/05/27 19:20:12 | 000,043,320 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer)
DRV:64bit: - [2011/05/27 19:20:12 | 000,030,008 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt)
DRV:64bit: - [2011/04/16 10:37:50 | 000,079,488 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata)
DRV:64bit: - [2011/04/16 10:37:50 | 000,040,064 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata)
DRV:64bit: - [2011/03/23 15:15:44 | 000,421,376 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbwwan.sys -- (ewusbmbb)
DRV:64bit: - [2011/03/23 15:15:44 | 000,221,312 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard)
DRV:64bit: - [2011/03/23 15:15:44 | 000,117,248 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_hwusbdev.sys -- (ew_hwusbdev)
DRV:64bit: - [2011/03/23 15:15:44 | 000,086,016 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ew_jubusenum.sys -- (huawei_enumerator)
DRV:64bit: - [2011/03/23 15:15:44 | 000,013,952 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_usbenumfilter.sys -- (ew_usbenumfilter)
DRV:64bit: - [2010/12/02 00:12:06 | 000,250,984 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010/11/21 03:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/21 03:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/11/21 03:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/21 03:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/11/18 04:04:32 | 000,115,216 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2010/07/28 17:13:50 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
DRV:64bit: - [2009/07/14 01:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 01:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 01:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 21:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 21:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 21:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 20:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009/06/10 20:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 20:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 20:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 20:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2012/05/20 16:51:36 | 002,068,600 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120519.009\ex64.sys -- (NAVEX15)
DRV - [2012/05/20 16:51:36 | 000,120,440 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120519.009\eng64.sys -- (NAVENG)
DRV - [2012/04/28 00:18:20 | 000,488,568 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20120518.001\IDSviA64.sys -- (IDSVia64)
DRV - [2012/04/02 23:38:04 | 001,160,824 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20120507.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2012/03/24 12:57:43 | 000,138,360 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2012/03/22 13:54:03 | 000,482,936 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2011/03/23 16:17:48 | 000,010,240 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\SysWOW64\drivers\mdvrmng.sys -- (mdvrmng)
DRV - [2009/07/14 01:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://eu.ask.com/we...&l=dis&o=HPNTDF
IE:64bit: - HKLM\..\SearchScopes\{67B3D6D9-A186-4164-8FDA-1E215311B07A}: "URL" = http://www.amazon.co...s={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://uk.search.yah...psg&type=HPNTDF
IE:64bit: - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia....h={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...w={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://eu.ask.com/we...&l=dis&o=HPNTDF
IE - HKLM\..\SearchScopes\{67B3D6D9-A186-4164-8FDA-1E215311B07A}: "URL" = http://www.amazon.co...s={searchTerms}
IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://uk.search.yah...psg&type=HPNTDF
IE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia....h={searchTerms}
IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...w={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\Claire\Desktop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/HPNOT/2
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKCU\..\SearchScopes,DefaultScope = {2fa28606-de77-4029-af96-b231e3b8f827}
IE - HKCU\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://eu.ask.com/we...&l=dis&o=HPNTDF
IE - HKCU\..\SearchScopes\{67B3D6D9-A186-4164-8FDA-1E215311B07A}: "URL" = http://www.amazon.co...s={searchTerms}
IE - HKCU\..\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://uk.search.yah...psg&type=HPNTDF
IE - HKCU\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia....h={searchTerms}
IE - HKCU\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...w={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\IPSFFPlgn\ [2012/03/27 19:13:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\coFFPlgn\ [2014/01/20 00:48:17 | 000,000,000 | ---D | M]


========== Chrome ==========

CHR - Extension: No name found = C:\Users\Claire\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.11.8_0\
CHR - Extension: No name found = C:\Users\Claire\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\

O1 HOSTS File: ([2009/06/10 21:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\coieplg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [SetDefault] C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe (Hewlett-Packard Development Company, L.P.)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe (EasyBits Software AS)
O4 - HKLM..\Run: [HP CoolSense] C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [HPQuickWebProxy] C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [mobilegeni daemon] C:\Program Files (x86)\Mobogenie\DaemonProcess.exe ()
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - Startup: C:\Users\Claire\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk = C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe (MyPCBackup.com)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0
O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C747DC7B-481C-4A80-9A7F-8EF56748D58D}: DhcpNameServer = 40.23.1.201 40.23.1.202
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E069F9B0-7C1C-4FC4-979C-9FCD4FACA933}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll (EasyBits Software Corp.)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2014/01/20 01:00:58 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/01/19 23:48:41 | 000,000,000 | ---D | C] -- C:\_OTL
[2014/01/19 20:19:34 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Claire\Desktop\OTL.exe
[2014/01/04 15:35:00 | 000,000,000 | ---D | C] -- C:\Users\Claire\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup
[2014/01/04 15:34:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MyPC Backup
[2014/01/04 15:34:37 | 000,000,000 | ---D | C] -- C:\Users\Claire\AppData\Local\Programs
[2014/01/04 15:16:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\The Sea App (Internet Explorer)
[2014/01/04 15:12:54 | 000,000,000 | ---D | C] -- C:\Users\Claire\.android
[2014/01/04 15:12:51 | 000,000,000 | ---D | C] -- C:\Users\Claire\AppData\Local\cache
[2014/01/04 15:12:50 | 000,000,000 | ---D | C] -- C:\Users\Claire\AppData\Roaming\newnext.me
[2014/01/04 15:12:49 | 000,000,000 | ---D | C] -- C:\Users\Claire\AppData\Local\genienext
[2014/01/04 15:12:48 | 000,000,000 | ---D | C] -- C:\Users\Claire\Documents\Mobogenie
[2014/01/04 15:12:48 | 000,000,000 | ---D | C] -- C:\Users\Claire\AppData\Local\Mobogenie
[2014/01/04 15:12:09 | 000,000,000 | ---D | C] -- C:\Users\Claire\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mobogenie
[2014/01/04 15:11:29 | 000,000,000 | ---D | C] -- C:\Users\Claire\AppData\Roaming\UpdaterEX
[2014/01/04 15:11:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mobogenie
[2014/01/03 22:45:27 | 000,000,000 | ---D | C] -- C:\ac20a298322b0c68b6f5d7d319
[2014/01/03 21:41:27 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2014/01/03 08:19:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2014/01/03 08:07:15 | 000,000,000 | ---D | C] -- C:\Users\Claire\AppData\Local\{F3CDD4B9-1D65-429F-8BD0-920F211B2981}

========== Files - Modified Within 30 Days ==========

[2014/01/20 01:09:14 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/01/20 00:59:02 | 001,236,282 | ---- | M] () -- C:\Users\Claire\Desktop\AdwCleaner.exe
[2014/01/20 00:53:47 | 000,032,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/01/20 00:53:47 | 000,032,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/01/20 00:53:11 | 000,736,490 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/01/20 00:53:11 | 000,633,788 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/01/20 00:53:11 | 000,115,490 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/01/20 00:45:40 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/01/20 00:45:25 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/01/20 00:45:20 | 2901,467,136 | -HS- | M] () -- C:\hiberfil.sys
[2014/01/20 00:44:17 | 000,000,296 | ---- | M] () -- C:\Windows\tasks\UpdaterEX.job
[2014/01/19 22:54:08 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForClaire.job
[2014/01/19 20:20:18 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Claire\Desktop\OTL.exe
[2014/01/19 20:11:03 | 000,000,059 | ---- | M] () -- C:\Users\Claire\AppData\Roaming\WB.CFG
[2014/01/19 20:09:58 | 000,002,183 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/01/04 15:42:20 | 000,275,712 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/01/04 15:35:06 | 000,001,097 | ---- | M] () -- C:\Users\Claire\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
[2014/01/04 15:20:19 | 012,919,045 | ---- | M] () -- C:\Users\Claire\Documents\skype download - on installing this message came up - 4 1 14.rtf
[2014/01/03 08:53:03 | 001,793,555 | ---- | M] () -- C:\Users\Claire\Documents\album proofs revised.pdf
[2014/01/03 08:46:24 | 000,049,853 | ---- | M] () -- C:\Users\Claire\Documents\FW_ Maternity - return to work.eml
[2014/01/03 08:45:59 | 000,011,927 | ---- | M] () -- C:\Users\Claire\Documents\Maternity benefits etc (again!).eml
[2014/01/03 08:45:39 | 000,784,187 | ---- | M] () -- C:\Users\Claire\Documents\Maternity benefits etc_.eml
[2014/01/03 08:44:32 | 002,584,014 | ---- | M] () -- C:\Users\Claire\Documents\Audioogy job descriptions.eml
[2014/01/03 08:44:10 | 000,047,828 | ---- | M] () -- C:\Users\Claire\Documents\RE_ My return to work reply.eml
[2014/01/03 08:43:39 | 000,013,786 | ---- | M] () -- C:\Users\Claire\Documents\My return to work.eml
[2014/01/03 08:38:29 | 002,077,872 | ---- | M] () -- C:\Users\Claire\Documents\Photos from Claire and Darren's Wedding Day 16th June 2012.eml
[2014/01/03 08:38:05 | 006,076,451 | ---- | M] () -- C:\Users\Claire\Documents\Charlie NHSP.eml
[2014/01/03 08:34:10 | 000,028,179 | ---- | M] () -- C:\Users\Claire\Documents\Nat West.eml
[2014/01/03 08:19:33 | 000,002,212 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk

========== Files Created - No Company Name ==========

[2014/01/20 00:59:01 | 001,236,282 | ---- | C] () -- C:\Users\Claire\Desktop\AdwCleaner.exe
[2014/01/19 20:11:03 | 000,000,059 | ---- | C] () -- C:\Users\Claire\AppData\Roaming\WB.CFG
[2014/01/04 15:35:05 | 000,001,097 | ---- | C] () -- C:\Users\Claire\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
[2014/01/04 15:20:17 | 012,919,045 | ---- | C] () -- C:\Users\Claire\Documents\skype download - on installing this message came up - 4 1 14.rtf
[2014/01/04 15:11:36 | 000,000,296 | ---- | C] () -- C:\Windows\tasks\UpdaterEX.job
[2014/01/03 08:53:03 | 001,793,555 | ---- | C] () -- C:\Users\Claire\Documents\album proofs revised.pdf
[2014/01/03 08:46:23 | 000,049,853 | ---- | C] () -- C:\Users\Claire\Documents\FW_ Maternity - return to work.eml
[2014/01/03 08:45:59 | 000,011,927 | ---- | C] () -- C:\Users\Claire\Documents\Maternity benefits etc (again!).eml
[2014/01/03 08:45:38 | 000,784,187 | ---- | C] () -- C:\Users\Claire\Documents\Maternity benefits etc_.eml
[2014/01/03 08:44:31 | 002,584,014 | ---- | C] () -- C:\Users\Claire\Documents\Audioogy job descriptions.eml
[2014/01/03 08:44:10 | 000,047,828 | ---- | C] () -- C:\Users\Claire\Documents\RE_ My return to work reply.eml
[2014/01/03 08:43:39 | 000,013,786 | ---- | C] () -- C:\Users\Claire\Documents\My return to work.eml
[2014/01/03 08:38:28 | 002,077,872 | ---- | C] () -- C:\Users\Claire\Documents\Photos from Claire and Darren's Wedding Day 16th June 2012.eml
[2014/01/03 08:38:03 | 006,076,451 | ---- | C] () -- C:\Users\Claire\Documents\Charlie NHSP.eml
[2014/01/03 08:34:10 | 000,028,179 | ---- | C] () -- C:\Users\Claire\Documents\Nat West.eml
[2014/01/03 08:19:32 | 000,002,212 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2012/07/06 19:31:15 | 000,744,818 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/04/25 21:41:19 | 000,000,031 | -H-- | C] () -- C:\Windows\UKCpInfo.sys
[2012/03/22 13:29:06 | 000,067,156 | ---- | C] () -- C:\Windows\Huawei ModemsUninstall.exe
[2012/03/22 13:29:01 | 000,010,240 | ---- | C] () -- C:\Windows\SysWow64\drivers\mdvrmng.sys

========== ZeroAccess Check ==========

[2009/07/14 04:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/26 02:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/26 01:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 01:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 03:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 01:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/03/25 14:48:10 | 000,000,000 | ---D | M] -- C:\Users\Claire\AppData\Roaming\AVG
[2012/03/22 13:29:54 | 000,000,000 | ---D | M] -- C:\Users\Claire\AppData\Roaming\Birdstep Technology
[2014/01/19 23:49:20 | 000,000,000 | ---D | M] -- C:\Users\Claire\AppData\Roaming\newnext.me
[2014/01/03 22:43:59 | 000,000,000 | ---D | M] -- C:\Users\Claire\AppData\Roaming\SoftGrid Client
[2012/03/21 23:14:04 | 000,000,000 | ---D | M] -- C:\Users\Claire\AppData\Roaming\Synaptics
[2012/07/06 19:32:17 | 000,000,000 | ---D | M] -- C:\Users\Claire\AppData\Roaming\TP
[2014/01/04 15:11:29 | 000,000,000 | ---D | M] -- C:\Users\Claire\AppData\Roaming\UpdaterEX
[2012/03/22 18:01:32 | 000,000,000 | ---D | M] -- C:\Users\Claire\AppData\Roaming\Windows Live Writer
[2012/03/25 15:06:24 | 000,000,000 | ---D | M] -- C:\Users\Claire\AppData\Roaming\_MDLogs

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 989 bytes -> C:\Users\Claire\Documents\Bath News & Media Ltd_ - Booking confirmation 10700529.eml:OECustomProperty
@Alternate Data Stream - 924 bytes -> C:\Users\Claire\Documents\Audioogy job descriptions.eml:OECustomProperty
@Alternate Data Stream - 889 bytes -> C:\Users\Claire\Documents\Maternity benefits etc (again!).eml:OECustomProperty
@Alternate Data Stream - 889 bytes -> C:\Users\Claire\Documents\FW_ Maternity - return to work.eml:OECustomProperty
@Alternate Data Stream - 885 bytes -> C:\Users\Claire\Documents\Nat West.eml:OECustomProperty
@Alternate Data Stream - 841 bytes -> C:\Users\Claire\Documents\Maternity benefits etc_.eml:OECustomProperty
@Alternate Data Stream - 800 bytes -> C:\Users\Claire\Documents\My return to work.eml:OECustomProperty
@Alternate Data Stream - 797 bytes -> C:\Users\Claire\Documents\RE_ My return to work reply.eml:OECustomProperty
@Alternate Data Stream - 777 bytes -> C:\Users\Claire\Documents\Charlie NHSP.eml:OECustomProperty
@Alternate Data Stream - 152 bytes -> C:\ProgramData\Temp:0B4227B4
@Alternate Data Stream - 1025 bytes -> C:\Users\Claire\Documents\Photos from Claire and Darren's Wedding Day 16th June 2012.eml:OECustomProperty

< End of report >


thank you
  • 0

#5
godawgs
Posted 19 January 2014 - 10:24 PM

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Thanks for the logs. Please let me know how the computer is behaving after this round.

MyPC Backup Information

MyPCBackup is an online backup service. It is bundled with ad- and malware and can be installed fraudulently. It is not clear before installation that the service costs a monthly fee. By showing annoying dialogs it tries to make the user pay for the service. Payment is in advance for several months, default is 2 years. Initial backup cannot be controlled, it just runs and saves some restore point files.

If your friend didn't knowingly install MyPC Backup I would recommend uninstalling it. And deleting the C:\Program Files (x86)\MyPC Backup folder.


Step-1.

Please uninstall Mobogenie and delete the following folders:

C:\Program Files (x86)\Mobogenie
C:\Users\Claire\AppData\Local\Mobogenie
C:\Users\Claire\.android
C:\Users\Claire\AppData\Local\cache
C:\Users\Claire\AppData\Roaming\newnext.me
C:\Users\Claire\AppData\Local\genienext
C:\Users\Claire\Documents\Mobogenie


Step-2.

Re-run AdwCleaner

Close all open windows and browsers.

Re-open AdwCleaner
  • Right click the AdwCleaner icon, click Run as administrator and accept the UAC prompt to run AdwCleaner.
  • Click the Scan button and wait for the scan to complete.
  • When the Scan has finished the Scan button will be grayed out and the Clean button will be activated.
  • Click the Clean button.
  • Everything checked will be deleted.
  • When the program has finished cleaning a report appears.
  • Once done it will ask to reboot, allow this

    Posted Image
  • On reboot a log will be produced please copy / paste that in your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[S0].txt

Step-3.

Scan with JRT:

Posted Image Please download Junkware Removal Tool to your desktop.

NOTE: Temporarily shut down your protection software now to avoid potential conflicts, how to do so can be read here.

  • Right click the JRT icon Posted Image and click Run as Administrator to run the application.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
NOTE: Reboot the machine and ensure that all security software is now enabled.


Step-3.

Please get me a fresh OTL log. Just open the program and click the Quick Scan button.


Step-4.

Things For Your Next Post:
Please post the logs in the order requested. Please don't attach the logs unless I request it.
1. Let me knwo if the uninstalls were successful
2. The AdwCleaner[S0].txt log
3. The JRT.txt log
4. The new OTL.txt log
  • 0

#6
nigella
Posted 20 January 2014 - 01:57 PM

nigella

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 231 posts
the uninstalls happened without hiccups

here is the AdwCleaner log

# AdwCleaner v3.017 - Report created 20/01/2014 at 18:37:56
# Updated 12/01/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Claire - CLAIRE-HP
# Running from : C:\Users\Claire\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Users\Claire\AppData\Roaming\UpdaterEX
File Deleted : C:\Users\Claire\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_pflphaooapbgpeakohlggbpidpppgdff_0.localstorage
File Deleted : C:\Windows\Tasks\UpdaterEX.job
File Deleted : C:\Windows\System32\Tasks\UpdaterEX

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKCU\Software\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff
Key Deleted : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [mobilegeni daemon]
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D40753C7-8A59-4C1F-BE88-C300F4624D5B}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3004627E-F8E9-4E8B-909D-316753CBA923}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{312F84FB-8970-4FD3-BDDB-7012EAC4AFC9}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{48586425-6BB7-4F51-8DC6-38C88E3EBB58}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A86782D8-7B41-452F-A217-1854F72DBA54}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C547C6C2-561B-4169-A2A5-20BA771CA93B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF5625A3-37AB-4BDB-9875-2A3D91CD0DFD}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3004627E-F8E9-4E8B-909D-316753CBA923}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{312F84FB-8970-4FD3-BDDB-7012EAC4AFC9}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{48586425-6BB7-4F51-8DC6-38C88E3EBB58}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C547C6C2-561B-4169-A2A5-20BA771CA93B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF5625A3-37AB-4BDB-9875-2A3D91CD0DFD}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{17B10E59-09E1-4C39-A738-6774D7AB7778}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1AD2049E-E483-4425-8555-8E0775ACB631}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{23119123-0854-469D-807A-171568457991}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2D73F2D0-2FAB-458E-977D-2F9050E0ED60}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2D9083CE-8758-4704-BA57-3C891D7452BD}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3E9469AF-E866-4476-B767-810630F1F6E7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{47700C35-9E3E-4DAD-934C-0CE28A87237C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{716E443D-7CAA-44F1-866B-F45D00E712CC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{72063D77-7590-4DA9-A7F8-F5ECAF3632C4}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{7FC87AC5-FA93-476E-A32C-A941229DED0B}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\SmartBar
Key Deleted : HKCU\Software\UpdaterEX
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\UpdaterEX

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16428

Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tabs]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\SearchUrl [Default]

-\\ Google Chrome v32.0.1700.76

[ File : C:\Users\Claire\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted : homepage

*************************

AdwCleaner[R0].txt - [8336 octets] - [20/01/2014 01:02:29]
AdwCleaner[R1].txt - [7424 octets] - [20/01/2014 18:35:35]
AdwCleaner[S0].txt - [6455 octets] - [20/01/2014 18:37:56]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [6515 octets] ##########

here is the JRT log file

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.0 (01.07.2014:1)
OS: Windows 7 Home Premium x64
Ran by Claire on 20/01/2014 at 19:07:08.90
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\theseaapp
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\caphyon
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110411051194}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110411051194}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{67B3D6D9-A186-4164-8FDA-1E215311B07A}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{67B3D6D9-A186-4164-8FDA-1E215311B07A}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C585D593-E7F3-4852-A200-561686EE02E4}



~~~ Files



~~~ Folders

Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{006FEBF1-A341-4E26-9F1A-7801BA147AE6}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{00B70000-C51C-4EFE-818D-22624AA3479F}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{02047AF4-E0AE-47AB-B393-320181400409}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{02372FF5-26BA-4345-BD50-8A06865847F5}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{02641801-AF86-41CD-AE20-054320857603}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{02A05D95-4795-46CE-8632-01C0725D42B3}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{02C17ED6-C1D2-46F6-AE74-3A9F7AF6C7B6}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{02D4EDD0-8F62-49DF-8037-8AA3D975C1C8}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{032F0281-607F-4238-87C7-A59B7560A1A5}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{035042C2-F8E4-4C6F-8CDB-A44F16E287E9}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{039684C0-DAA4-4C99-BABB-AFF39F86DAD0}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{0553F8A8-352F-4A32-BD2D-C3A60588CC0F}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{05AF321B-3097-40A6-A783-D32FE2B1C08F}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{06D0FB80-D742-4CA0-A9D3-094949AC4494}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{07C7C7D5-C475-4617-B1E8-F91D33966C86}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{08DF31B7-60D1-487B-88AA-71859AC5CA9E}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{0960244E-CB45-4A6D-9F1B-43BEFAB98C78}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{096A08BE-10BB-4AD8-909C-8CC10BE9C565}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{09C7BF06-7DFE-485A-9993-E87AF67EDEFA}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{0A2C85EF-4334-42D2-8606-E84F7B3758A4}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{0AC52A44-AC7E-4B1B-9D9E-344F640E9265}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{0BF750DF-A470-4CF8-ADB2-20F3E8FDC67E}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{111F9DBC-F061-4B1D-89BD-BFEC0C5696DF}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{117C09E5-3586-4F6C-B9AC-2C25D4CA55D7}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{1198745C-99C9-4500-9967-938E7E1E2C86}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{11FA208F-2491-4B4F-9A52-36D808C7266F}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{126CD78F-36AD-460F-A903-A9923C575DFE}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{129BDE78-B0F7-4315-B3CD-B2483B5A127A}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{14844767-E856-400C-876F-6F12A7E24F82}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{15E6F53D-5391-4932-A1DE-FA1D4CEBF9FB}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{16F2004F-26B9-454D-B8AB-E6AE9A61ED05}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{179F4463-1881-42DB-ABF1-D13412B95531}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{17B96B1C-C0D7-4EBE-BD15-FE808BA2E2E6}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{17FACCA5-F53A-42B0-A640-CA078B4C4AEA}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{19FF2190-5667-44DD-BB70-447913FFBD70}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{1A6F4738-C8DD-4F17-BC70-467B29786D0E}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{1B3CDB0F-424D-4E40-B768-170636827713}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{1D01AFFE-71C3-4C33-81A9-667405F5764E}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{1D3DD950-848F-4489-B04F-7D6E117F58BF}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{1D8EA262-BB81-4D5B-AE0E-660ED7C628A3}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{1D934D4E-A407-4314-BC01-3A28D540E90F}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{1EA7CD02-5F4E-4A72-9A18-5E2E5759A341}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{2001020B-F909-4EBB-A1E6-B0BEA88601E0}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{20ACBA6A-9B74-4212-8A91-99F63A744614}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{2111F094-0CF9-4347-AFC1-CF058E61E9A1}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{21124EF0-0E0E-400A-9754-F3B78ABE2353}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{214795EB-BDF3-43E0-BEA9-EAFC4494B841}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{217F769D-B860-4B72-A66C-F1789DFFDE40}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{2190D762-E3E5-47D3-AA4D-A0EC85C36FC5}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{225C2124-7FEF-4012-92AE-C2796CEEFBA2}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{230DF92A-8699-4FE6-8278-1496FACBD354}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{234D8799-99B2-48D4-82AF-B92A584846DB}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{23DEC7EA-44D7-4159-A1F1-3F3613EF225E}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{24AFC0F3-EF93-4A84-A434-A75EB908942B}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{264006F4-DA6B-4FEA-9BD0-36031AFB4FDB}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{268BCC5A-C814-4F84-8D53-2D7BE5F4191E}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{28A8F8AB-3E86-45C7-975E-627F264D5634}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{28E0FB16-733F-4C2B-9F38-F96ABBB315BA}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{29041735-9579-40AF-8C80-7662E559FAB9}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{29234449-3108-42C9-9F56-7736A928B79E}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{2970C1A1-627C-49FF-BB42-63D8D082FB02}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{29B0DD01-3A76-45D0-A1FB-ADBE225F5423}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{29C3A10E-938B-4BD7-98CE-97AA04C7F324}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{2A34D3D3-D6D7-41B7-AC61-6B6986AE4AF3}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{2A486BA7-B6E2-413B-BF9E-0E61C690D9DB}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{2AB18BC1-43DE-4188-9E9F-537E6A28BDAA}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{2B34133F-236C-4C5F-ABF6-BD4EF4779C83}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{2BB79C69-F18B-4FE3-95DC-A719A1241C52}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{2C0BA808-B634-483B-B1B0-A0CA11CD625C}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{2C77E2A1-6BAB-4820-9EDA-D2D89F2B0512}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{2D3D85A8-073F-4843-84E5-C9D79F51DA6A}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{2EA69C18-E832-4FEC-A3A4-D87398D991E4}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{2F11D06B-1F1E-4BBD-93C1-D355EC854FF1}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{2FC6E864-00FE-404F-A3AC-D6ADFA97480F}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{2FECD4FD-40C7-42F7-BACB-E3C6A7E380E8}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{305E487E-DE42-4FAF-98A8-22F1D2066544}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{3090BB80-E135-4FC0-BFC2-000872B9B71B}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{30B4ACEF-448E-4733-8DD6-904FBD0FAF72}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{31DB074E-0318-4837-BDEA-DFB5803F26CC}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{31FC7BEE-BD67-4F58-A346-4B73CAA7515E}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{323F08C1-DB96-4BB6-9176-659BD7A9AF8A}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{326BB0B6-3C3F-418C-9E5B-525067D26DB7}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{33292D9A-0328-444E-B8A6-E5F2FC101214}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{33E1FFC6-C5B0-4418-AB51-C06130C50C98}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{34A597D2-5652-4925-8BE4-2D7E76DECDEF}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{356E5563-74BC-42AE-8E35-CDE561A72F68}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{367FF424-D783-4FEF-8C64-8F35F9B66855}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{36CA0AE7-8067-4863-B7CF-D79ED1912D6E}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{371B9993-0B16-41BD-836D-63F1377E96E6}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{37623D49-3685-4886-871D-4A525E8DB20E}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{385B8E01-F338-4748-A88F-2A445203B83F}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{38ABDFC6-F1FF-4664-9D7E-9F4A241CEE35}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{39084D5A-5EF4-43E1-972A-28525ECF2491}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{3919C6F0-4DFA-47F1-99B2-3B1CDDCBD6BF}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{395AE905-0248-414A-896D-AB61DDAC3DB8}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{396404D4-ED15-4DAF-A9EF-04436D1ED086}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{397271E1-908E-47EB-8DDF-649C224369A9}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{39ACE3AD-494F-45DC-B86B-0D914FFD923A}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{39F33B2A-A490-4D61-B17B-99CD1CA6703D}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{3A4E5E97-E03D-412B-A5B3-827CC67B7F03}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{3AAE3F7D-BE58-44D3-9632-22467B1C0512}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{3ACBFA5C-E7DF-4FD7-8253-4C0414B34520}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{3AEB07DD-158E-4829-B0EF-9987BC5C382F}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{3B0C0B82-12A1-4069-878C-F53676F85DB5}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{3C754A19-7954-48BB-9F9D-027F26539B71}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{3C930A9B-5982-446D-9873-3287B77BA4F6}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{3D7D37EA-B8BF-4523-8440-28B52BCD4B39}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{3DD115FB-FC27-4472-B7BE-0D69B5BFB3E6}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{3E43880E-7851-4BDB-87E5-45E4B90C4E62}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{402CD29F-B740-4391-8250-E21082811F32}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{406363B8-D29F-4D35-91D5-EC71CC04D0EE}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{41255513-7426-408B-A1F1-FAE62129957F}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{41B45C06-E72C-49FD-83F9-B9FE1537CB81}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{4240BB82-68DB-438A-8130-777A9E9DD6D4}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{424D81C8-02D7-4778-B7E4-193D8619F3A1}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{425EA6A4-DD12-40C1-A6B5-4FE47D09447A}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{42749C1E-340B-41F0-A817-A15FF3E1A68E}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{427DF3CB-4E1D-4FE7-98CD-AC046357628F}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{428CB12F-7939-4698-9A1F-599B26F5D2B0}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{42BBB983-C3FE-4A16-9736-F9C3C3A51025}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{42E9CF33-6EC2-42B7-A8C7-23BE7EDCED16}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{433E3530-4D6B-440F-808F-728E8745FE4D}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{4377205C-EC6B-44D0-8D15-A170225E3353}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{45164A80-CE08-4F32-8F98-E8D837532B85}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{4524350C-AA2D-415B-A1A4-7C2C5C419504}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{4640B62D-832C-45A4-8EC7-44A0E7CDAB85}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{4747F63A-FD3A-4720-87DA-2C7BE776823A}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{47BEB232-D579-4F96-91C5-33A4E75BD96A}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{482B1CAA-006C-44E3-9E4D-11BD5D6F5713}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{48521DAE-DEE5-43A7-B56F-28F419F4B86A}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{49043C1E-E2FB-4655-846F-EDD6D5D340F2}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{496D5CD7-0A0C-4705-91B9-D345501599C9}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{497F80C7-89CB-4E63-9F94-D987CB0435C3}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{4AA2D773-059C-4574-8198-702A694FF4F8}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{4ACE7E18-2244-480F-8C3B-2D28B02DB449}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{4AF2E2F5-E98A-4A1F-81FB-99A3BC117689}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{4B919B38-C280-4EEB-8E0D-D03F667CAA16}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{4C0C88AF-6C62-4629-82B7-4828EE9AF05B}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{4CAB648F-6F3D-4015-AF54-7A183F6580FE}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{4CFC6A81-C2EE-4CFC-B619-9B5CCC31F4ED}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{4E0DF3AE-9DDE-49CB-B654-8AF61C075AC8}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{4F0DA6E9-A32F-4F09-8025-1B99E87FE952}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{4F34667B-7477-4B86-88C2-0E006ABD6914}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{4F818286-AE81-451B-8788-4B6EAC6A9FA7}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{4FAFF0B3-5D4D-401B-A9CF-8751CE4F31DE}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{502EFEB6-E00C-468C-B7F0-1952E3AB373F}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{504D7C15-14D1-479A-B05E-134DF0193039}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{50966AB7-BAD9-4392-8757-14F44ABDD72C}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{50B2E711-C1CC-4AB2-9B72-E7E91834CCE6}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{522B3DFC-B055-4B4A-97FA-659E9F7447AF}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{525359A1-C360-4B36-992C-9FDD6D268D91}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{52CEB7B7-43B3-4091-BB3F-F814E0E51FF8}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{53812433-D420-4BF2-B369-688CDCB39D13}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{540A7D3A-29AB-42C5-8FF9-D7681A6D1787}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{542A0BF0-29BD-4A18-9BBA-8AFF53A639FF}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{5434BDEF-070D-4CEA-AB1B-7C21E308FE9F}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{55AE6F18-5E83-4515-A0CE-EFD626794702}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{560F6690-EDC5-495B-A900-FF9E0E0124C9}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{57B92C96-747A-4BFC-B88E-BD172B223AE5}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{57FA1D92-6DA1-4032-8FEE-4E3159C615E2}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{581EDB9F-346A-4505-9546-6C7637351FF5}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{583ADFE1-730D-44B8-8EE3-39A38B41E121}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{585F5CB1-F33E-4319-B471-03C3D7CBFEF4}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{58BD306F-929B-4975-9959-30337AD3580F}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{59685350-FA05-401E-BFB6-A0327089FA7D}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{5AD59C91-5EDF-42DD-B0F5-1665C5DE58C5}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{5AE17AF2-81EB-4885-843B-6923DA965C2B}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{5CD666DC-1B66-4233-A25A-6DBA97835811}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{5E86EB0D-582C-4714-8512-107C8C56E5F2}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{5EA9C5D0-F000-418E-B87C-05BD488597EE}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{5F16F0D1-1E38-4459-8D97-DF0A5451D5CD}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{5F183163-09C4-4245-AE52-DE2E0F8FA073}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{5FE4F392-4CA0-4A7E-8446-79AFB4FCEE37}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{603DD9BB-8976-4771-8CE3-2DE08C01F2F3}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{6052B7B9-1124-4AD7-8A35-291C7ADB5E16}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{606BFE27-92C6-48D6-AE8A-B5ED85007281}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{60749114-C704-433E-9CE3-4A3147C67AD6}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{60AB6FE0-A97E-4598-A627-19AF19967550}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{62B789A3-8839-477F-A79B-585B3C92C580}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{62C1654E-0EDD-4820-BF3C-E81E00636AD2}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{62ECB334-B1FA-4CC2-B82D-429CCE55FD01}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{63FF890A-4D9D-4EB0-8F3E-37115CF27039}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{643AE56A-847F-4325-95A6-6EBDB7429C2C}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{644F62D3-050B-4EB6-9E8B-02CF94E793A4}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{6472217F-08BC-47B4-9082-C04BA393948A}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{6473F075-D659-44F1-AA7E-7878BBC4BFBD}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{66383A01-0706-4F54-A019-467CEAE2E893}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{6711971B-2F93-4BC2-B5F7-7459087367C3}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{67E1B330-FFCA-4DFE-B64B-7B955346CA50}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{684072F5-BE5B-4F3D-B74D-BD1C407F125C}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{68867757-9064-4573-AD69-2E3AE6E8C30A}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{6910F69F-9F36-4570-8B4D-F3A55D9E9EF4}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{69168EA3-49C4-424E-BD44-DBBCFC63969B}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{6A182317-5F62-4DDE-9E1A-35DF3EC9D09E}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{6A46F18D-D84F-4B6F-A37A-0CC0B21C0969}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{6A9136BC-ADD7-4523-A925-C4E62069EC78}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{6B2C81E5-8906-4B63-BB02-49DB5B59EA45}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{6B838CBE-F1BD-44CA-BC79-F814A0BCD411}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{6B9E7A31-56FA-46D0-884D-628DF5718260}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{6BF7A534-4CE5-4947-A50D-823F19BAA1D9}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{6CAD1C5A-9E26-471B-B3BF-AD373EAE9C54}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{6CB11071-A780-46DC-B91A-1F98664D80E8}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{6D097089-19E5-4305-AD7F-C9187647A59B}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{6D1904CC-9BC6-4449-961C-49692DEAE0EF}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{6D996E0D-2D65-4506-B04D-39597F5BDBF5}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{6DC6F9B0-1C58-445E-A711-6CB3ED5F7BDA}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{6E011FA4-6D49-47E6-98F2-DF55DA5AC19F}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{6E58D371-73D7-4981-AB73-146CE0185114}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{6FC21540-9241-47F6-B2C5-CFE866C97D90}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{70F0CFC8-C9A4-4B00-9344-F4CD292DA550}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{7133BAE7-359D-4A48-AB06-522DA52E4138}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{7209AFBC-8368-48EC-92CD-C9C565C51A9B}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{721997E0-6692-48ED-8A35-CCFED3FDE863}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{728CF9FD-4080-4DAB-AC1F-44683356B3A8}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{738254D5-7163-426C-9E19-E2407EBB36F4}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{746C12DC-E2DA-4669-966E-E9832CADCDB7}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{74AA946F-6F5A-4A18-8E74-281A17C65F86}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{74AEB97F-DEFE-42B2-AD90-05F519E74374}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{766F864B-0AA3-4BE4-AA61-7C40E16A3FD3}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{76ED8FA5-3EF0-44C7-810B-FA48EDCCC4E1}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{774A3499-90C0-4B93-963E-F5074A4F9380}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{782846ED-1424-4058-A36D-7D3B8CEC8AF6}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{78DB8673-83C9-4918-BBBD-EDE3C3ACD0F1}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{7AA6EB95-B400-4517-90DA-41DAF8C40FAF}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{7B0C3557-90CC-4E3E-876B-8F1A34A5AA62}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{7B462ECA-B587-4353-BB00-D0E3ADFE4417}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{7B71680C-C128-4ED2-95AF-6D366C6BE00F}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{7B7FF30C-931E-4D27-8D84-00F3B4ECA349}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{7BBD51F1-3C5E-4744-97A0-1436EC5143DD}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{7BE49F95-E57B-4FF8-8045-24FCCE9DED47}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{7C73A8AD-6077-43E9-8591-5EEB73184684}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{7D10DE9C-39B1-4C2C-B0C7-0C7AA7CF6451}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{7D34907B-2BD3-47D8-BA3F-27EA959C9AB6}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{7D8C1BFA-8935-47BE-A8DF-642186671362}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{7D9B2731-B010-4BFC-A172-C1B4FEC8EC5F}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{7D9D79E2-14BF-4639-9A9F-D06D5D0B0389}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{7DB99733-5F09-4692-B068-DE08844C9D07}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{7DF29C3F-045E-4192-80FF-3B0E74AD3960}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{7DFD0FE3-727B-45A0-B8BC-416CD1265016}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{7E2E3C4F-D471-43B6-8C47-C26FEAD21B40}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{7E7AD8CF-1B39-4CC6-91ED-B9B211393A9A}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{7FEC78A1-8E7C-4E9A-8F5E-DDC691BF517D}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{800A8324-E83A-4E9A-A19D-79F0102D3292}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{806C4902-D779-40DF-94B2-0CE41ACC1BA3}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{80A9F3E7-B025-4BF6-9AB7-183BB1F6154A}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{80FF6A0D-CAD4-4630-A892-3DA059C011BD}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{81AA3146-D863-4ED1-94D2-83601FC79E15}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{822FB74F-3EF3-4552-BCDD-73A905A2B7EC}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{827C7000-97FB-464C-9D94-B262DE59543D}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{829EEBD8-B25A-482E-AA28-5ADC7839EFB5}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{82E69F1F-FE9A-495C-BBAA-CED9D84D9189}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{8306FCC9-F50A-4228-8ABA-65E7FA0DA593}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{83E83881-A6E6-4380-8EF2-4056355EC069}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{859333FB-F0EC-40CA-BDE9-476191CB45B9}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{864DB3B2-5153-476B-971F-C454C655CEF8}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{868FFFDC-B590-44F0-B298-02C4F522631D}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{872B15A9-F978-4E6A-A7A0-A18A09BF5FA0}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{8936EA03-59DA-4B96-A57C-0B8E349377D9}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{89B92D0C-FEAD-474B-A313-FA20C7F1638A}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{8B96470C-581D-4673-8C57-CEE94422F9C1}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{8BAD1AC6-CC3C-42FA-87FB-204D05471DD6}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{8BC26701-CC74-49CA-A855-CC6B4459674C}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{8BD07B85-7173-428B-910F-277E63D22943}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{8BD86419-DED6-4710-955C-CF4E9981ACA2}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{8C4A34B4-A2D0-46F0-BB65-031CC37559C4}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{8C7A01C2-6CE9-481C-9340-664119E3809B}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{8D44DC20-3366-434F-B2B8-FF6FC4D802AD}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{8D79C51D-6B61-406A-8F41-D7F6201EA3D7}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{8D834C6B-5DE8-484F-9A6A-9EE66FFD2CC7}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{8E26B4AA-46D8-4C7A-A54F-606D44236A5B}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{8E444731-D0C9-4E46-846A-48D9803C4BF6}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{8E98431B-5371-49D8-B707-ED2D4174CD80}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{8F1FC2FA-AA93-47A0-9A7D-17C85F3C88D6}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{8F957E70-A264-401A-8646-FEC714476CB2}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{905C128A-BC55-4C39-ACA0-639158F26113}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{90672496-16D9-4D05-B339-4CF662B3C939}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{90A2D5B2-EC3F-48CD-8761-01F1A0426BB4}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{90CBFDAF-63E5-4A36-B584-772DCE651A10}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{90F66FED-C68E-441F-BE85-8B3F74D6070A}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{917B5CBF-F39E-4058-B507-5B214B6C267D}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{91BA7C5E-E45F-406C-A7E5-DD8E00F230C7}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{91BEF50B-2E25-42CA-B36C-6E3800606118}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{91C68C8D-F826-4F6C-8A69-46FC31630D3E}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{9234C79A-F838-4135-BB37-05D84F399ABD}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{92DBE4E6-9C29-40B1-BB89-948E8BDB6703}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{92EBDF90-B42B-4BA7-A967-C00BA3D5BEAB}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{9339A642-E12C-4514-B974-7515DF0FA602}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{9342DAFD-F2E6-46B2-A0BE-37BA29E3C55F}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{94CE908C-F23C-4DD1-9DCB-4F3E223ACB84}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{952FAE42-2D7E-4DB0-A269-5AA7C1E6D9E4}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{955B3E0E-B0EA-4216-8E86-71C3929138D1}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{957DB5CC-17FE-4BFB-B662-A91DC277BFED}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{964DDF76-E889-4938-B096-162A8700CACA}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{966FAEFC-A6B5-46DB-B2DD-A3CAA503ABD0}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{97B49520-0C8D-438E-8B03-7D3DA154AC74}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{991F2DC5-6184-4AB1-B321-6C21AF4156E7}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{9A53899D-1A6A-406A-BB66-5D86ED05392A}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{9ACABACA-9C46-4A82-AECC-BC64AD98AAD1}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{9CC892A4-16B6-4795-9395-B1EBC101EBB6}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{9CEDE299-4B4D-4547-8BCA-96CE2EEF67E6}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{9D1400BB-2EB3-4A9B-AC81-E9697C249BA0}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{9D92EE34-8872-4361-AA13-387FACDD9077}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{9DE6C5AF-E44C-4EBF-AE61-B62A685C7F73}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{9EF4674F-4EDF-4927-91B4-2D005E3B8ABA}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{A03B3E5E-05A8-4C3F-AA9E-7FDAB47A8897}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{A0799A1A-475B-49C3-96D9-B45C7DD13592}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{A0CACFF9-DD80-4B8C-98D9-71AE7F394C44}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{A0F02E59-FCDC-4180-A80D-4F36CCA01BBC}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{A16CCDBF-74FF-41A8-A15C-E104D93972B5}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{A256A4CC-E037-4052-B58E-B3471C11D536}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{A2676119-90C9-43A2-BC59-44B47973D9FE}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{A2712C42-EDF7-48FE-92DE-D22047E76325}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{A27B4BD2-DDF6-40F0-AED6-22C501DA2EB8}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{A3017ED6-CF65-4B9F-9145-D473BE348DCA}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{A3FA8EA6-0D3E-43FF-9457-527E64ED329D}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{A52E415F-3406-4B3F-8AC0-4BDB8D519B79}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{A5AB919E-9F30-4BED-AD26-DC6274B0659B}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{A5C45A55-EE21-43C5-AC26-500549537F95}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{A5E2E47F-6F42-4A76-84C3-C27F97151C65}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{A673C720-9DE0-4988-BBDE-3B0AF0587FFB}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{A770592D-8BF9-4C03-8F41-09ECEBA27048}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{A80958AB-0421-48E7-A3B5-0CF80CCD9AA3}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{A8373323-FB84-4AAE-9524-2BCE3DFE4FC8}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{A8417697-A96D-47AB-ADB7-678F98378FE6}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{AC0DCD76-D5A4-4054-8DE6-CEFB84DE2735}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{AC584AE8-6828-4AA1-831E-4502FECB2261}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{AC82B31F-E060-4040-83B1-E1AC527C8EB4}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{AD97453D-2DE5-46C8-AFC0-34440B0CA5C3}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{AE06498D-07B4-482B-A822-73555801EF65}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{AED92450-D676-402E-9512-1412E17277F8}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{B0048F92-C4D0-48BC-BE65-A752FE157ADB}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{B061F68B-F933-455D-98B9-B29C250FE2DC}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{B0A1EF2A-602B-487B-8347-03B96AFBB54F}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{B0D59DC8-7D08-4C75-87CC-DAC176F4C462}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{B19DBC69-2B3D-415B-8FF7-B3C694B85179}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{B2638879-2C23-4EF6-9D6F-41FB36D67216}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{B2E82B48-EDE9-4EAA-A6D7-E0EE37DF2004}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{B3178386-29B4-4582-9C4E-538A89320259}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{B38AD74C-9C8F-459A-B98C-235458E2B25A}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{B4BCF93B-2048-460E-8BB4-100BDD05601C}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{B5DE3458-91B6-4C6E-BED3-FF482C8A3F93}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{B61771C4-A883-4187-AF7F-DE47C2BB1438}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{B674A240-4BEF-4261-A950-C2722BF8E43D}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{B714BCC9-56FC-4D68-BD2A-A0C2F6C9651D}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{B7D1BE17-49F6-45CB-985B-BB458DA6379D}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{B87AAC23-AD9C-4FE4-9F2E-F77A73E7C7B8}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{B8A472EF-C57B-4194-A619-79E1C802B0EA}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{B8ADF12E-113A-411D-A2C6-C1A1484ACD30}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{B8D7DBAB-85BA-4242-A67D-13CD700E058E}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{B95E628C-E8DF-4FD8-942B-FF4E8F344973}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{B9673360-5F5B-4FAA-9DAB-11DD9E5512CA}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{B984907E-F155-453B-9935-CF2F4A5EA8BF}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{BA8C0C4A-8B73-4C43-9A28-871AFE6A9705}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{BAB2F45B-63BA-4839-AD45-EE0B29DC6F3B}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{BAE9AEEC-2082-4EF8-B17A-1DA8D9AAB187}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{BC068E5D-2064-4556-9D64-F2B9AF36FF8E}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{BC7D7AF3-1F54-4272-AFEF-FA1BDBE05680}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{BD2BA2E3-79B2-4F57-8FA9-36B4970122B1}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{BE60773A-9C7C-4EA8-B438-D9B626952522}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{BEC378E4-C695-4A9A-B76E-FC159B1315C2}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{BEC3B04F-2C83-4AC3-9769-312A8A9E7F33}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{BF8A6962-1DE3-44E1-9161-CFC62017C005}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{C033C9A4-5F68-4640-B484-CAF2E1245349}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{C07EAB15-FB1A-4059-9F2F-E8C2EAEB145E}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{C1180217-AE19-4847-80A5-E1F517291BCF}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{C2481AB3-BF26-4527-884F-5F15F54FA0A3}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{C301F112-661B-4106-B9E4-967A15AC5B05}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{C3426091-99D7-46A1-A569-B3DBA149F2DF}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{C3E7081A-4E6D-4112-B03C-68F9BFF328B3}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{C454C393-C0BD-479D-8BED-34D00928BEE3}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{C4D7CAA8-C668-4F2A-92C4-31FF5322708B}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{C4DA8057-2522-42A6-9AE4-F31F04CE597F}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{C518A96E-2B35-449A-B755-793F84D8F5C6}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{C536DCEF-4E57-4F89-B0EB-69ACC64BB414}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{C5608CFD-AC7A-43AA-9CE1-C9E01F9D5DCD}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{C745971F-8078-4156-9960-4311C8EE61E8}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{C8087D3E-A44C-4E11-B0BD-1BF8B6F3A043}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{C82FB3AC-AFA2-45EA-980D-82088933773C}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{C832DA61-F6A5-49CE-B191-108936529C6D}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{C9C22FB2-AB62-4E8C-B877-16835CDF67DA}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{CA60B394-CA00-40AC-846F-D0EE6CC38E12}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{CA8A4668-2D33-4BD6-8A41-4640704A2017}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{CAAFB39E-E36B-4F1A-B27E-4AB7BB870B35}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{CACC49F6-704D-407C-B376-488959929AFD}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{CC0F8E20-E96D-4A0A-B289-3B5D9FAA29BE}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{CCB673CF-A52A-4221-A355-902EB03552B9}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{CF422C94-23D2-42B1-AA62-34394E429ACD}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{D02BC348-18C8-4A49-99EC-624B839D4C32}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{D03801FF-F7A6-4D16-BC07-169EFC576374}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{D086965E-02A1-4F7C-82C1-1279229B85DA}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{D08E646D-E249-4609-B20E-B3932C95F32D}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{D24D49F1-F81B-45FE-AF85-1B75FD260AA1}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{D321C362-846B-4C0F-A6CA-8C98D5D48332}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{D35B0860-65FA-4DA7-96E8-08488BB12308}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{D3BF6235-C82C-4EC8-8A22-31ECC5FAF691}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{D41B79A4-AA14-4D93-8CBC-D9D0FE6F72D0}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{D4831D0F-4BA1-4902-9BB5-4563205181A5}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{D4E248EC-D7C7-43E6-BC0E-13F8E33ED39A}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{D50CC000-14F8-4469-9FEA-3474C087E015}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{D5BFCCBC-DB2F-40F5-B832-8B04D70075D1}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{D7045B45-80CA-4A51-B4BA-49F302ACE463}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{D74F2C3E-C388-4B2A-8167-DB0FE362CBD4}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{DAB3194C-3417-405B-A7DF-DA21E5172500}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{DAE2B6B7-4BB6-4FE2-A049-5EC8A6676094}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{DC17F52E-2933-4908-8DBF-04D0D1C4B3CD}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{DD41D8DC-5AA1-4C12-A19D-D807C2486A39}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{DD50FDDC-2159-4396-8D53-801DE5FA3841}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{DD994EDC-091A-4565-BAD4-71F13F5EA15B}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{DE21432D-98A4-4A0A-8D01-BE53BED9B9DE}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{DED6FAB2-1FD9-4CE8-A72E-0DC57D9CBEDE}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{DF080889-BD51-46DD-96DC-FE919E08FDD2}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{DF56A4E9-A69F-4DE5-81AC-A45AA12CE3B7}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{E04010BA-8F06-49DE-B1FE-AE4A5095AB8F}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{E0762A4C-8A17-4CB8-AB83-DFA5EAD7C679}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{E14CC3E9-433A-46F4-9D67-BB71D684F3EC}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{E2AA7A1B-BDC0-4102-86E1-3B64480F0748}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{E36014E7-02B3-440B-9803-121E961E868C}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{E3CFB128-D15B-48FB-BAD9-B0C6F930B786}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{E43B8A3F-F138-4FD0-9EA0-71A8953E4F8F}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{E46B9B9D-69B9-4709-8BD6-B0F46B72C980}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{E57BF79F-CCB3-4ED4-ACB5-CF8862E5C816}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{E60DFA44-5835-4CFC-BF20-F7E0325DA474}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{E61D8ACD-02C2-40C2-855E-3B2AA38899F7}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{E71EDE19-E164-45D9-AEC4-A793F5C58A83}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{E7FBE481-D6E6-4CE4-A295-BE30B4834B41}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{E81EAE20-CA5A-4442-B814-3FBDBCE7C046}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{E82FFD30-E104-4E69-BB8E-6CAE307FC298}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{E85A175F-64D7-4E19-8E57-5F8334FE5FEE}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{E8AB4A94-73C1-4C58-8BE2-1E1E15D12AA6}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{E932DF65-DAF7-4176-8E26-11B74F2497FD}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{E9DB3A16-29E7-4EFF-B01C-80F1641E1DF9}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{EA579BE6-980A-42C4-84BA-3AFD40AA2E2A}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{EA6AB3C9-357F-460F-AA09-C7DC44970CE3}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{ED1B36A3-0072-4AB8-BD77-810C40AB4B6F}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{ED40C45C-B5E0-4AF3-84A0-A47888665DEB}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{ED96ADEF-F07D-4222-9E7F-33A3181794C5}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{EDAF9DD4-6029-4292-BDE4-D467DDA11113}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{EDD0F757-E4B6-4D31-B770-1BC3F1E37FA1}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{EE4BF63F-AEA1-41BD-9034-D4E29050C7E3}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{EE6D5484-7B8D-45A9-9606-36A1807015CA}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{EF5B2DEA-F198-4B68-8157-4C86E28163F5}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{EFFE6DC9-5F01-4AD7-A5F9-50FD66A94E53}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{F001512A-91FD-4D24-B08C-B85B05942D04}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{F0B27CEE-9790-43E4-97DC-B7C1EEAA16CC}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{F149F775-4C2E-4F34-A2B0-7F7FA24F76C7}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{F15C8C1D-5388-4DE7-A3A3-7834AADB3657}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{F1DE2293-743A-4499-BF78-B23C9110501B}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{F224CE7A-3124-48E4-B8A3-A0AF268EE37D}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{F3CDD4B9-1D65-429F-8BD0-920F211B2981}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{F4278A5F-DF6B-42DE-93C3-56C52B8463A7}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{F4BB5DE4-880C-4311-AC25-144904832841}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{F51E781A-6ABA-4B56-BDE1-9DE8CF8072D5}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{F5EB9A0F-3F5F-4AB6-95DF-E8B3E1E70287}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{F695E5F2-F8F2-42E1-B306-71B89B11878D}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{F6C8DD5D-FDD6-4505-AB1C-0AF9B1FBDD18}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{F6FD5E2B-033F-472E-A437-166DD832EF02}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{F70DABA5-124B-4D65-8330-1D999ECC9AE1}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{F72A2D09-18FB-4C94-9982-F80EE1494B03}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{F816094C-5FC6-4CCA-B9DB-B1E3E0834251}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{F881B837-9CC2-45DD-9619-7D75FB9BA020}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{F88DC859-16E2-4679-AF6C-6F155B87C5E7}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{F90E0722-8A4D-4363-860E-E309E08B325E}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{FA5FA304-CCB6-4DD2-9F45-9E7DE6D22AE1}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{FAD74CBF-04B5-46BD-B666-CBF44953D62C}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{FB767AB7-7932-4A03-9A95-777A6A4E31CC}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{FBE504D4-8E9F-4B47-9B58-329AFDD75EB9}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{FCA98B5B-6E93-48CA-824A-E8A95EE02345}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{FCAEDD2A-D4A6-4D59-8560-67CAF2C28FEE}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{FCBF4E8C-F405-43F1-8153-B8FA6A02CFCD}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{FCE0E46D-6D7D-423A-8FC8-CB2B7E43C28E}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{FD190D4A-7BE9-4875-8179-C376BFD7D8CF}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{FD2F5F35-7C16-4163-B32A-1297F108A4A2}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{FD6081A8-DA4E-4E41-8820-384B3982AA21}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{FDC08F58-2BE3-457F-9A38-1C8FB17E3DE4}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{FE74AE2F-F538-4AC0-9ED4-F1C683B2B782}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{FE97EEF6-EB62-46EF-A5A5-CCBD3C8AE689}
Successfully deleted: [Empty Folder] C:\Users\Claire\appdata\local\{FF65B4D5-1556-4007-A240-48E901B9379C}



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 20/01/2014 at 19:24:38.20
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

and OTL log

OTL logfile created on: 20/01/2014 19:43:21 - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Claire\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16428)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.60 Gb Total Physical Memory | 2.35 Gb Available Physical Memory | 65.21% Memory free
7.20 Gb Paging File | 5.63 Gb Available in Paging File | 78.10% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 272.24 Gb Total Space | 193.03 Gb Free Space | 70.90% Space Free | Partition Type: NTFS
Drive D: | 21.69 Gb Total Space | 2.33 Gb Free Space | 10.76% Space Free | Partition Type: NTFS
Drive E: | 3.96 Gb Total Space | 1.08 Gb Free Space | 27.23% Space Free | Partition Type: FAT32

Computer Name: CLAIRE-HP | User Name: Claire | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/01/19 20:20:18 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Claire\Desktop\OTL.exe
PRC - [2013/06/26 18:21:50 | 000,207,528 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2013/06/26 18:21:46 | 000,523,944 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2012/06/16 02:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ccsvchst.exe
PRC - [2012/02/15 11:58:00 | 000,577,408 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
PRC - [2012/02/15 11:58:00 | 000,034,872 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
PRC - [2011/10/08 02:10:48 | 000,169,528 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe
PRC - [2011/09/13 00:55:46 | 000,227,896 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2011/08/26 21:37:18 | 001,342,008 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
PRC - [2011/08/19 21:48:44 | 000,379,960 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
PRC - [2011/07/20 19:16:56 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
PRC - [2011/07/07 04:13:48 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
PRC - [2011/06/06 19:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/03/23 16:32:20 | 001,740,696 | ---- | M] () -- C:\Program Files (x86)\3 Mobile Broadband\3Connect\BecHelperService.exe
PRC - [2010/11/21 03:24:03 | 000,302,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cmd.exe
PRC - [2010/04/23 19:00:00 | 000,514,232 | ---- | M] (EasyBits Software AS) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe
PRC - [2010/04/23 19:00:00 | 000,514,232 | ---- | M] (EasyBits Software AS) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe


========== Modules (No Company Name) ==========

MOD - [2013/09/15 19:57:33 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\5d22a30e587e2cac106b81fb351e7c08\System.ni.dll
MOD - [2013/07/15 20:10:06 | 011,499,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9a6c1b7af18b4d5a91dc7f8d6617522f\mscorlib.ni.dll
MOD - [2012/03/30 20:02:13 | 000,877,952 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\HP.SupportFramework\1.0.0.0__2a4860322af7ba08\HP.SupportFramework.dll


========== Services (SafeList) ==========

SRV:64bit: - [2013/11/26 09:18:09 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013/05/27 05:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2011/09/20 19:52:38 | 001,085,216 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:64bit: - [2011/07/01 05:26:56 | 000,302,592 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)
SRV:64bit: - [2011/06/29 18:49:38 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2011/05/27 19:20:12 | 000,030,520 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv)
SRV:64bit: - [2011/02/17 05:47:28 | 000,682,040 | ---- | M] (Hewlett-Packard) [Auto | Stopped] -- C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe -- (HPAuto)
SRV:64bit: - [2010/10/11 09:48:14 | 000,346,168 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc)
SRV:64bit: - [2010/09/23 01:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/03/03 10:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\IDT\WDM\AESTSr64.exe -- (AESTFilters)
SRV - [2013/06/26 18:21:50 | 000,207,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2013/06/26 18:21:46 | 000,523,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2012/07/13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/06/16 02:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ccSvcHst.exe -- (NIS)
SRV - [2012/02/15 11:58:00 | 000,034,872 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)
SRV - [2011/09/13 00:55:46 | 000,227,896 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2011/09/10 00:10:28 | 000,086,072 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2011/08/01 22:43:36 | 000,195,320 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/07/20 19:16:56 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)
SRV - [2011/06/06 19:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/03/23 16:32:20 | 001,740,696 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\3 Mobile Broadband\3Connect\BecHelperService.exe -- (BecHelperService)
SRV - [2010/10/12 17:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 21:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/06/26 18:21:50 | 000,023,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2013/06/26 18:21:48 | 000,028,840 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2013/06/26 18:21:46 | 000,273,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2013/06/26 18:21:44 | 000,767,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2012/07/06 02:17:58 | 000,037,536 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\srtspx64.sys -- (SRTSPX)
DRV:64bit: - [2012/07/06 02:17:57 | 000,737,952 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2012/06/07 04:43:38 | 000,167,072 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\ccsetx64.sys -- (ccSet_NIS)
DRV:64bit: - [2012/05/22 01:37:12 | 001,129,120 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\symefa64.sys -- (SymEFA)
DRV:64bit: - [2012/04/18 02:13:32 | 000,405,624 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\symnets.sys -- (SymNetS)
DRV:64bit: - [2012/04/18 01:42:14 | 000,190,072 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\ironx64.sys -- (SymIRON)
DRV:64bit: - [2012/04/06 20:49:52 | 004,745,792 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2012/03/27 19:38:36 | 000,175,736 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2012/03/01 06:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/10/16 00:17:18 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/10/16 00:17:18 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/09/21 01:36:50 | 000,620,584 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (btwampfl)
DRV:64bit: - [2011/09/21 01:36:50 | 000,133,672 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bcbtums.sys -- (bcbtums)
DRV:64bit: - [2011/09/21 01:36:50 | 000,089,640 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwdpan.sys -- (BTWDPAN)
DRV:64bit: - [2011/09/21 01:36:44 | 000,178,728 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2011/09/21 01:36:44 | 000,167,976 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2011/09/21 01:36:44 | 000,039,976 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2011/09/21 01:36:44 | 000,021,544 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2011/08/08 12:36:06 | 000,053,376 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2011/07/25 18:18:36 | 000,451,192 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\symds64.sys -- (SymDS)
DRV:64bit: - [2011/07/01 05:26:56 | 000,528,896 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2011/06/29 20:12:28 | 009,371,136 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/06/29 18:11:20 | 000,309,760 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/06/21 02:53:38 | 001,452,080 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011/06/10 22:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/05/27 19:20:12 | 000,043,320 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer)
DRV:64bit: - [2011/05/27 19:20:12 | 000,030,008 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt)
DRV:64bit: - [2011/04/16 10:37:50 | 000,079,488 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata)
DRV:64bit: - [2011/04/16 10:37:50 | 000,040,064 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata)
DRV:64bit: - [2011/03/23 15:15:44 | 000,421,376 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbwwan.sys -- (ewusbmbb)
DRV:64bit: - [2011/03/23 15:15:44 | 000,221,312 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard)
DRV:64bit: - [2011/03/23 15:15:44 | 000,117,248 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_hwusbdev.sys -- (ew_hwusbdev)
DRV:64bit: - [2011/03/23 15:15:44 | 000,086,016 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ew_jubusenum.sys -- (huawei_enumerator)
DRV:64bit: - [2011/03/23 15:15:44 | 000,013,952 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_usbenumfilter.sys -- (ew_usbenumfilter)
DRV:64bit: - [2010/12/02 00:12:06 | 000,250,984 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010/11/21 03:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/21 03:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/11/21 03:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/21 03:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/11/18 04:04:32 | 000,115,216 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2010/07/28 17:13:50 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
DRV:64bit: - [2009/07/14 01:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 01:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 01:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 21:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 21:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 21:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 20:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009/06/10 20:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 20:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 20:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 20:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2012/05/20 16:51:36 | 002,068,600 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120519.009\ex64.sys -- (NAVEX15)
DRV - [2012/05/20 16:51:36 | 000,120,440 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120519.009\eng64.sys -- (NAVENG)
DRV - [2012/04/28 00:18:20 | 000,488,568 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20120518.001\IDSviA64.sys -- (IDSVia64)
DRV - [2012/04/02 23:38:04 | 001,160,824 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20120507.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2012/03/24 12:57:43 | 000,138,360 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2012/03/22 13:54:03 | 000,482,936 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2011/03/23 16:17:48 | 000,010,240 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\SysWOW64\drivers\mdvrmng.sys -- (mdvrmng)
DRV - [2009/07/14 01:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{67B3D6D9-A186-4164-8FDA-1E215311B07A}: "URL" = http://www.amazon.co...s={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...w={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...w={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\Claire\Desktop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/HPNOT/2
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKCU\..\SearchScopes,DefaultScope = {67B3D6D9-A186-4164-8FDA-1E215311B07A}
IE - HKCU\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...w={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\IPSFFPlgn\ [2012/03/27 19:13:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\coFFPlgn\ [2014/01/20 18:41:42 | 000,000,000 | ---D | M]


========== Chrome ==========

CHR - Extension: No name found = C:\Users\Claire\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.11.8_0\
CHR - Extension: No name found = C:\Users\Claire\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\

O1 HOSTS File: ([2009/06/10 21:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\coieplg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [SetDefault] C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe (Hewlett-Packard Development Company, L.P.)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe (EasyBits Software AS)
O4 - HKLM..\Run: [HP CoolSense] C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [HPQuickWebProxy] C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0
O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C747DC7B-481C-4A80-9A7F-8EF56748D58D}: DhcpNameServer = 40.23.1.201 40.23.1.202
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E069F9B0-7C1C-4FC4-979C-9FCD4FACA933}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll (EasyBits Software Corp.)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2014/01/20 19:07:03 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2014/01/20 19:06:23 | 001,037,068 | ---- | C] (Thisisu) -- C:\Users\Claire\Desktop\JRT.exe
[2014/01/20 01:00:58 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/01/19 23:48:41 | 000,000,000 | ---D | C] -- C:\_OTL
[2014/01/19 20:19:34 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Claire\Desktop\OTL.exe
[2014/01/04 15:34:37 | 000,000,000 | ---D | C] -- C:\Users\Claire\AppData\Local\Programs
[2014/01/04 15:16:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\The Sea App (Internet Explorer)
[2014/01/03 22:45:27 | 000,000,000 | ---D | C] -- C:\ac20a298322b0c68b6f5d7d319
[2014/01/03 21:41:27 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2014/01/03 08:19:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth

========== Files - Modified Within 30 Days ==========

[2014/01/20 19:33:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/01/20 19:09:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/01/20 19:06:44 | 001,037,068 | ---- | M] (Thisisu) -- C:\Users\Claire\Desktop\JRT.exe
[2014/01/20 18:46:58 | 000,032,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/01/20 18:46:58 | 000,032,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/01/20 18:46:13 | 000,736,490 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/01/20 18:46:13 | 000,633,788 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/01/20 18:46:13 | 000,115,490 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/01/20 18:42:26 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/01/20 18:39:04 | 2901,467,136 | -HS- | M] () -- C:\hiberfil.sys
[2014/01/20 17:53:37 | 000,275,712 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/01/20 00:59:02 | 001,236,282 | ---- | M] () -- C:\Users\Claire\Desktop\AdwCleaner.exe
[2014/01/19 22:54:08 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForClaire.job
[2014/01/19 20:20:18 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Claire\Desktop\OTL.exe
[2014/01/19 20:11:03 | 000,000,059 | ---- | M] () -- C:\Users\Claire\AppData\Roaming\WB.CFG
[2014/01/19 20:09:58 | 000,002,183 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/01/04 15:20:19 | 012,919,045 | ---- | M] () -- C:\Users\Claire\Documents\skype download - on installing this message came up - 4 1 14.rtf
[2014/01/03 08:53:03 | 001,793,555 | ---- | M] () -- C:\Users\Claire\Documents\album proofs revised.pdf
[2014/01/03 08:46:24 | 000,049,853 | ---- | M] () -- C:\Users\Claire\Documents\FW_ Maternity - return to work.eml
[2014/01/03 08:45:59 | 000,011,927 | ---- | M] () -- C:\Users\Claire\Documents\Maternity benefits etc (again!).eml
[2014/01/03 08:45:39 | 000,784,187 | ---- | M] () -- C:\Users\Claire\Documents\Maternity benefits etc_.eml
[2014/01/03 08:44:32 | 002,584,014 | ---- | M] () -- C:\Users\Claire\Documents\Audioogy job descriptions.eml
[2014/01/03 08:44:10 | 000,047,828 | ---- | M] () -- C:\Users\Claire\Documents\RE_ My return to work reply.eml
[2014/01/03 08:43:39 | 000,013,786 | ---- | M] () -- C:\Users\Claire\Documents\My return to work.eml
[2014/01/03 08:38:29 | 002,077,872 | ---- | M] () -- C:\Users\Claire\Documents\Photos from Claire and Darren's Wedding Day 16th June 2012.eml
[2014/01/03 08:38:05 | 006,076,451 | ---- | M] () -- C:\Users\Claire\Documents\Charlie NHSP.eml
[2014/01/03 08:34:10 | 000,028,179 | ---- | M] () -- C:\Users\Claire\Documents\Nat West.eml
[2014/01/03 08:19:33 | 000,002,212 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk

========== Files Created - No Company Name ==========

[2014/01/20 00:59:01 | 001,236,282 | ---- | C] () -- C:\Users\Claire\Desktop\AdwCleaner.exe
[2014/01/19 20:11:03 | 000,000,059 | ---- | C] () -- C:\Users\Claire\AppData\Roaming\WB.CFG
[2014/01/04 15:20:17 | 012,919,045 | ---- | C] () -- C:\Users\Claire\Documents\skype download - on installing this message came up - 4 1 14.rtf
[2014/01/03 08:53:03 | 001,793,555 | ---- | C] () -- C:\Users\Claire\Documents\album proofs revised.pdf
[2014/01/03 08:46:23 | 000,049,853 | ---- | C] () -- C:\Users\Claire\Documents\FW_ Maternity - return to work.eml
[2014/01/03 08:45:59 | 000,011,927 | ---- | C] () -- C:\Users\Claire\Documents\Maternity benefits etc (again!).eml
[2014/01/03 08:45:38 | 000,784,187 | ---- | C] () -- C:\Users\Claire\Documents\Maternity benefits etc_.eml
[2014/01/03 08:44:31 | 002,584,014 | ---- | C] () -- C:\Users\Claire\Documents\Audioogy job descriptions.eml
[2014/01/03 08:44:10 | 000,047,828 | ---- | C] () -- C:\Users\Claire\Documents\RE_ My return to work reply.eml
[2014/01/03 08:43:39 | 000,013,786 | ---- | C] () -- C:\Users\Claire\Documents\My return to work.eml
[2014/01/03 08:38:28 | 002,077,872 | ---- | C] () -- C:\Users\Claire\Documents\Photos from Claire and Darren's Wedding Day 16th June 2012.eml
[2014/01/03 08:38:03 | 006,076,451 | ---- | C] () -- C:\Users\Claire\Documents\Charlie NHSP.eml
[2014/01/03 08:34:10 | 000,028,179 | ---- | C] () -- C:\Users\Claire\Documents\Nat West.eml
[2014/01/03 08:19:32 | 000,002,212 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2012/07/06 19:31:15 | 000,744,818 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/04/25 21:41:19 | 000,000,031 | -H-- | C] () -- C:\Windows\UKCpInfo.sys
[2012/03/22 13:29:06 | 000,067,156 | ---- | C] () -- C:\Windows\Huawei ModemsUninstall.exe
[2012/03/22 13:29:01 | 000,010,240 | ---- | C] () -- C:\Windows\SysWow64\drivers\mdvrmng.sys

========== ZeroAccess Check ==========

[2009/07/14 04:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/26 02:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/26 01:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 01:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 03:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 01:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/03/25 14:48:10 | 000,000,000 | ---D | M] -- C:\Users\Claire\AppData\Roaming\AVG
[2012/03/22 13:29:54 | 000,000,000 | ---D | M] -- C:\Users\Claire\AppData\Roaming\Birdstep Technology
[2014/01/03 22:43:59 | 000,000,000 | ---D | M] -- C:\Users\Claire\AppData\Roaming\SoftGrid Client
[2012/03/21 23:14:04 | 000,000,000 | ---D | M] -- C:\Users\Claire\AppData\Roaming\Synaptics
[2012/07/06 19:32:17 | 000,000,000 | ---D | M] -- C:\Users\Claire\AppData\Roaming\TP
[2012/03/22 18:01:32 | 000,000,000 | ---D | M] -- C:\Users\Claire\AppData\Roaming\Windows Live Writer
[2012/03/25 15:06:24 | 000,000,000 | ---D | M] -- C:\Users\Claire\AppData\Roaming\_MDLogs

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 989 bytes -> C:\Users\Claire\Documents\Bath News & Media Ltd_ - Booking confirmation 10700529.eml:OECustomProperty
@Alternate Data Stream - 924 bytes -> C:\Users\Claire\Documents\Audioogy job descriptions.eml:OECustomProperty
@Alternate Data Stream - 889 bytes -> C:\Users\Claire\Documents\Maternity benefits etc (again!).eml:OECustomProperty
@Alternate Data Stream - 889 bytes -> C:\Users\Claire\Documents\FW_ Maternity - return to work.eml:OECustomProperty
@Alternate Data Stream - 885 bytes -> C:\Users\Claire\Documents\Nat West.eml:OECustomProperty
@Alternate Data Stream - 841 bytes -> C:\Users\Claire\Documents\Maternity benefits etc_.eml:OECustomProperty
@Alternate Data Stream - 800 bytes -> C:\Users\Claire\Documents\My return to work.eml:OECustomProperty
@Alternate Data Stream - 797 bytes -> C:\Users\Claire\Documents\RE_ My return to work reply.eml:OECustomProperty
@Alternate Data Stream - 777 bytes -> C:\Users\Claire\Documents\Charlie NHSP.eml:OECustomProperty
@Alternate Data Stream - 152 bytes -> C:\ProgramData\Temp:0B4227B4
@Alternate Data Stream - 1025 bytes -> C:\Users\Claire\Documents\Photos from Claire and Darren's Wedding Day 16th June 2012.eml:OECustomProperty

< End of report >


:-) thank you
  • 0

#7
godawgs
Posted 20 January 2014 - 03:58 PM

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts

:-) thank you

You are welcome.
Well that cleared a lot of the rubbish. ;) After this run please tell me how the computer is doing and if you are still having the issue with the toolbar.

Before running Steps 1 and 2 please disable any screen saver you have running.


Step-1.

Posted ImageMalwarebytes' Anti-Malware
Please download Malwarebytes' Anti-Malware from Here or Here

Once downloaded, close all programs and browsers on your computer and disable any screen saver you might have running.

Right click the mbam-setup.exe file and click Run As Administrator, then click the Continue button on the UAC window.
  • When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings.
  • When the program has finished installing, make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    Posted Image
    • MBAM will now automatically start and you will see a message stating that you should update the program before performing a scan.
    • As MBAM will automatically update itself after the install, you can press the OK button to close that box and you will now be at the main program as shown below.
    NOTE: When the program loads, Decline the Malwarebytes' Anti-Malware Trial (You can activate this when we've finished, if you so wish)

    Posted Image
  • On the Scanner tab, make sure the the Perform full scan option is selected and then click on the Scan button to start scanning your computer.
    MBAM will now start scanning your computer for malware. This process can take quite a while, so I suggest you go and do something else and periodically check on the status of the scan. When MBAM is scanning it will look like the image below.

    Posted Image
  • When the scan is finished a message box will appear as shown in the image below.

    Posted Image

    You should click on the OK button to close the message box and continue with the removal process.
  • You will now be back at the main Scanner screen. At this point you should click on the Show Results button.
  • A screen displaying all the malware that the program found will be shown as seen in the image below. Please note that the infections found may be different than what is shown in the image.

    Posted Image
  • Make sure that everything is checked EXCEPT items in System Restore (see the image below), and click Remove Selected<---Very Important.

    Posted Image
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note: If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

I recommend that you keep this antimalware program. Run a Quick Scan frequently and a Full Scan every week or so. Update the definition files before running a scan. Click the Update tab and update from there.


Step-2.

Run ESET Online Scanner:

Note: Optimized for Internet Explorer but you can use Chrome or Mozilla FireFox for this scan.

Important! You will need to disable your currently installed Anti-Virus program, how to do so can be read here.

Vista / 7 users: You will need to to right-click on either the Internet Explorer or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

  • Please go here then click on:

    Posted Image

    Note: If using Mozilla Firefox a window will open telling you that you will need to download the ESET Smart Installer. Click on esetsmartinstaller_enu.exe to download the Smart Installer. Save it to the desktop.
    When prompted double click on the Posted Image icon on the desktop. After successful installation of ESET Smart Installer ESET Online Scanner is launched in a new window.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

  • A new window will open:

    Posted Image
  • Select the option YES, I accept the Terms of Use then click on:

    Posted Image
  • When prompted allow the Add-On/Active X to install. The following window will open:

    Posted Image

    • Uncheck the box beside Remove Found Threats
    • Check the box Scan archives.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Posted Image
  • The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Wait for the scan to finish. Do not touch either the Mouse or keyboard during the scan. Otherwise it may stall.
When The Scan is Complete:

A.
If No Threats Were Found:
  • Put a checkmark in Uninstall application on close
  • Close the program
  • Report to me that nothing was found
B.
If Threats Were Found:
  • Click on list of threats found
  • Click on export to text file and save it to the desktop as ESET SCAN.txt
  • Click on Back
  • Put a checkmark in Uninstall application on close Be sure you have saved the file first
  • Click on Finish
  • Close the program
Don't forget to enable your Antivirus program and screen saver.


Step-3.

Run Security Check

Download Security Check from here or here and save it to the Desktop.
  • Right click the SecurityCheck icon Posted Image and click Run as Administrator to run the application. Allow any UAC warnings.
  • Follow the onscreen instructions inside of the black box.

    Posted Image
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
NOTE: If SecurityCheck aborts and you get the following message: UNSUPPORTED OPERATING SYSTEM! ABORTED! try rebooting the system and then run SecurityCheck again.


Step-4.

Things For Your Next Post:
Please post the logs in the order requested. Please don't attach the logs unless I request it.
1. Let me know how the computer is running.
2. The Ma;wareBytes log
3. The ESET scan log (IF it found anything). If it didn't just let me know.
4. The checkup.txt log
  • 0

#8
nigella
Posted 21 January 2014 - 06:59 PM

nigella

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 231 posts
The machine appears to be running better than when I received it

mbam log

Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org

Database version: v2014.01.20.08

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16476
Claire :: CLAIRE-HP [administrator]

Protection: Enabled

21/01/2014 00:50:05
mbam-log-2014-01-21 (00-50-05).txt

Scan type: Full scan (C:\|D:\|E:\|Q:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 344931
Time elapsed: 1 hour(s), 13 minute(s), 11 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 3
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{6DB9FDFE-B718-4962-BE0C-0A5FCE7F7F7B} (PUP.Optional.JumpFlip) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6DB9FDFE-B718-4962-BE0C-0A5FCE7F7F7B} (PUP.Optional.JumpFlip) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\The Sea App (PUP.Optional.TheSeaApp.A) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 1
C:\Program Files (x86)\The Sea App (Internet Explorer) (PUP.Optional.TheSeaApp.A) -> Quarantined and deleted successfully.

Files Detected: 7
C:\Windows\Installer\MSIBA3F.tmp-\Smartbar.Installer.CustomActions.dll (PUP.Optional.SmartBar) -> Quarantined and deleted successfully.
C:\Program Files (x86)\The Sea App (Internet Explorer)\The Sea App.dll.config (PUP.Optional.TheSeaApp.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\The Sea App (Internet Explorer)\Interop.SHDocVw.dll (PUP.Optional.TheSeaApp.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\The Sea App (Internet Explorer)\Microsoft.mshtml.dll (PUP.Optional.TheSeaApp.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\The Sea App (Internet Explorer)\SpicIEx.dll (PUP.Optional.TheSeaApp.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\The Sea App (Internet Explorer)\The Sea App.dll (PUP.Optional.TheSeaApp.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\The Sea App (Internet Explorer)\Uninstall.exe (PUP.Optional.TheSeaApp.A) -> Quarantined and deleted successfully.

(end)


ESET scan

C:\$Recycle.Bin\S-1-5-21-2402188637-1411961547-313052980-1000\$R6WTYSY\Version\OldVersion\Mobogenie2.1.36.zip Win32/NextLive.A application
C:\$Recycle.Bin\S-1-5-21-2402188637-1411961547-313052980-1000\$R6WTYSY\Version\OldVersion\Mobogenie\nengine.dll Win32/NextLive.A application
C:\$Recycle.Bin\S-1-5-21-2402188637-1411961547-313052980-1000\$R6WV6N8\nengine.dll Win32/NextLive.A application
C:\AdwCleaner\Quarantine\C\Users\Claire\AppData\Roaming\UpdaterEX\UpdateProc\UpdateTask.exe.vir a variant of Win32/DealPly.H application
C:\Windows\Installer\MSIBA3F.tmp-\srbs.dll a variant of MSIL/Toolbar.Linkury.C application
C:\_OTL\MovedFiles\01192014_234840\C_Users\Claire\AppData\Roaming\newnext.me\nengine.dll Win32/NextLive.A application

Check up
Results of screen317's Security Check version 0.99.79
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Norton Internet Security
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.75.0.1300
AVG PC Tuneup 2011
Adobe Reader 10.1.0 Adobe Reader out of Date!
Google Chrome 31.0.1650.63
Google Chrome 32.0.1700.76
````````Process Check: objlist.exe by Laurent````````
Norton ccSvcHst.exe
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
Malwarebytes Anti-Malware mbam.exe
Malwarebytes' Anti-Malware mbamscheduler.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 4%
````````````````````End of Log``````````````````````


Thanks for your assistance
  • 0

#9
godawgs
Posted 21 January 2014 - 08:45 PM

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts

The machine appears to be running better than when I received it...Thanks for your assistance

That's what we like to hear. And you are welcome. :)

Let's clean up the things that ESET found and update your Adobe Reader program. Then if everything is ok we will be ready to clean this puppy up.


Step-1.

Posted Image OTL Fix

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

1. Please copy all of the text in the quote box below (Do Not copy the word Quote. To do this, highlight everything
inside the quote box (except the word Quote) , right click and click Copy.

:COMMANDS
[createrestorepoint]

:OTL
C:\$Recycle.Bin\S-1-5-21-2402188637-1411961547-313052980-1000\$R6WTYSY
C:\$Recycle.Bin\S-1-5-21-2402188637-1411961547-313052980-1000\$R6WV6N8
C:\Windows\Installer\MSIBA3F.tmp-\srbs.dll

:COMMANDS
[emptytemp]


Warning: This fix is relevant for this system and no other. If you are not this user, DO NOT follow these directions as they could damage the workings of your system.

2. Please re-open Posted Image on your desktop. To do that:
  • Vista and 7 users: Right click the icon and click Run as Administrator
3. Place the mouse pointer inside the Posted Image textbox, right click and click Paste. This will put the above script inside the textbox.
4. Click the Posted Image button.
5. Let the program run unhindered.
6. OTL may ask to reboot the machine. Please do so if asked.
7. Click the Posted Image button.
8. A report will open. Copy and Paste that report in your next reply.
9. If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, (where mmddyyyy_hhmmss is the date of the tool run).


Step-2.

Update Adobe Reader

Earlier versions of Adobe Reader have known security flaws so it is recommended that you update your copy.
  • Windows Vista /7 Users: Click the Start Orb and click Control Panel. Under the Programs heading click Uninstall a program
  • Remove ALL instances of Adobe Reader. The version(s) I see on the computer are:
    • Adobe Reader 10.1.0
  • Right click each program and cilck Uninstall
  • Re-boot your computer as required.
  • Once ALL versions of Adobe Reader have been uninstalled, download the latest version of Adobe Reader from Here.
  • Remove the check mark next to Yes, install McAfee Security Scan Plus-optional box.
  • Click the Download Now button to download Adobe Reader and follow the directions.
Alternative Option: After uninstalling Adobe Reader, you could try installing Foxit Reader from HERE. Foxit Reader is a much smaller program. It has fewer add-ons therefore loads more quickly.
NOTE: When installing FoxitReader, be careful not to install anything to do with AskBar or any other 3rd party software.


Step-3.

Things For Your Next Post:
Please post the logs in the order requested. Please don't attach the logs unless I request it.
1. Let me know if you have any further issues.
2. The OTL fixes log
  • 0

#10
nigella
Posted 22 January 2014 - 12:22 PM

nigella

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 231 posts
hiya Here is the OTL fixes log

And at the moment I cannot see any other issues

Thanks again for your help

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Claire
->Temp folder emptied: 6163748 bytes
->Temporary Internet Files folder emptied: 62245173 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 14222 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 4652 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 128 bytes
RecycleBin emptied: 89751159 bytes

Total Files Cleaned = 151.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 01222014_171916

Files\Folders moved on Reboot...
C:\Users\Claire\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File\Folder C:\Users\Claire\AppData\Local\Temp\~DF1682E81F39ED626F.TMP not found!
File\Folder C:\Users\Claire\AppData\Local\Temp\~DF20A6E66F69D2578D.TMP not found!
File\Folder C:\Users\Claire\AppData\Local\Temp\~DF3BE0B9E3C754EB3B.TMP not found!
File\Folder C:\Users\Claire\AppData\Local\Temp\~DF4501986911DFBDD1.TMP not found!
File\Folder C:\Users\Claire\AppData\Local\Temp\~DF4DA1553A5B2A3ED1.TMP not found!
File\Folder C:\Users\Claire\AppData\Local\Temp\~DF553592359EAE52F3.TMP not found!
File\Folder C:\Users\Claire\AppData\Local\Temp\~DF816774CB57A597EF.TMP not found!
File\Folder C:\Users\Claire\AppData\Local\Temp\~DFDCB7F0E89084BCAE.TMP not found!
File\Folder C:\Users\Claire\AppData\Local\Temp\~DFDEB1CE50BF8BEA56.TMP not found!
File\Folder C:\Users\Claire\AppData\Local\Temp\~DFE20FDAED08141031.TMP not found!
C:\Users\Claire\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\I1Z5Z6BF\page__pid__2368851[1].htm moved successfully.
C:\Users\Claire\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\4A72F430-B40C-4D36-A068-CE33ADA5ADF9.dat moved successfully.
C:\Users\Claire\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.
C:\Users\Claire\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\SuggestedSites.dat moved successfully.
C:\Users\Claire\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
  • 0

#11
godawgs
Posted 23 January 2014 - 08:31 AM

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
OK! Well done. :thumbsup: Here is the best part of the process! The mullygrubs are gone! That's a technical term for your log(s) appear to be clean! If you have no further issues with your computer, please complete the housekeeping procedures outlined below.
The first thing we need to do is to remove all the tools that we have used. This is so that should you ever be re-infected, you will download updated versions.

If you didn't uninstall ESET after running the program we will do it now.

Step-1.

Uninstall ESET

1. Please click the Start Orb Posted Image, click Control Panel. Under the Programs heading click Uninstall a program
2. In the list of programs installed, locate the following program(s):

ESET

3. Right click the program and click Uninstall
4. After the programs have been uninstalled, close the Installed Programs window and the Control Panel.
5. Reboot the computer.

Delete the folders associated with the uninstalled programs.(Only do this if you uninstalled the program)

1. Using Windows Explorer (to get there right-click your Start button and click "Explore"), please delete the following folders(s) (if present):

C:\Program Files (86)\ESET

2. Close Windows Explorer.

Step-2.

Uninstall AdwCleaner

Re-open AdwCleaner
  • Click the Uninstall button
  • Confirm with yes
Posted Image

Step-3.

OTL Cleanup
1. Please copy all of the text in the Quote box below (Do Not copy the word Quote). To do this, highlight everything inside the Quote box (except the word Quote) , right click and click Copy.

  • :COMMANDS
    [createrestorepoint]

    :FILES
    C:\$Recycle.Bin\S-1-5-21-2402188637-1411961547-313052980-1000\$R6WTYSY
    C:\$Recycle.Bin\S-1-5-21-2402188637-1411961547-313052980-1000\$R6WV6N8
    C:\Windows\Installer\MSIBA3F.tmp-\srbs.dll

    :COMMANDS
    [EMPTYTEMP]

  • Please re-open Posted Image on your desktop.
  • Place the mouse pointer inside the Posted Image textbox, right click and click Paste. This will put the above script inside the textbox.
  • Click the Posted Image button.
  • Let the program run unhindered. When finished click the OK button and close the log that appears.
  • NOTE: I do not need to review the log produced.
  • OTL may ask to reboot the machine. Please do so if asked.
2. Please re-open Posted Image on your desktop.
  • Be sure all other programs are closed as this step will require a reboot.
  • Click on Posted Image
  • You will be prompted to reboot your system. Please do so.
The above process will remove most/all of the tools used and logs created during the cleanup process. After it is finished, OTL will remove itself. This is so that if you are ever infected again you will download the most current copy of the tool.

Step-4.

Delete the following Files and Folders (If Present):

JRT.exe
JRT.txt
esetsmartinstaller_enu.exe (If you used Firefox for the ESET scan)
SecurityCheck.exe
checkup.txt
the Adobe Reader setup file

Delete any other .bat, .log, .reg, .txt, and any other files created during this process, and left on the desktop and empty the Recycle Bin.

Step-5.

Reset Hidden Files and Folders

1. Click the Start Orb and click Computer.
2. In the Menu bar at the top click the Tools menu and click Folder Oprtions...
3. On the Folder Options window click the View tab.
4. In the Advanced settings: box, Under Hidden files and folders, click the Do not show hidden files and folders button.
5. Click the Hide protected operating system files (Recommended) box.
6. Click Apply and then OK

Step-6.

Make a Fresh Restore Point, Clear the Old Restore Points, and Re-enable System Restore

The files in System Restore are protected to prevent any programs from changing those files. This is the only way to clean these files: (You will lose all previous restore points which are likely to be infected, but that's good news).

Note: Do not clear infected/old System Restore points before creating a new System Restore point first!

  • Click the Start Orb. Click Control Panel. Click System and Maintenance
  • Click System
  • In the left column under Tasks, click Advance System Settings and accept the warning if you get one
  • Click the System Protection Tab
  • Windows Vista: In the Available Disks box put a ckeck mark in the box next to OS (?:) (System). Your drive letter will be shown in place of the ?
    Windows 7/8: In the Protection Settings section, make sure the protection for the System drive is ON. If it isn't, click the Configure button and turn it on.

    Note: It may take some time for the system to populate the Available Disks box, so be patient.
  • Click the Create button at the bottom
  • Type in a name fo the restore point, i.e: Clean
  • Click Create
  • A small System Protection window will come up telling you a Restore Point is being created.
  • Another System Protection window will come up telling you the Restore Point has been created, click OK
  • Click OK again.
  • Close the Control Panel
Now we can purge the old Restore Points
  • Click Start(Windows 7 Orb), click Run (or press the Windows key and R together) to bring up the Run box.
  • Copy and Paste the following in the Run box:
    cleanmgr
  • Click OK
    A Disk Cleanup Options popup will open
    Posted Image
  • Click Files from all users on this computer

    A Drive Selection popup will open
    NOTE: You will not see this window unless you have more than one drive or partition on your computer.
    Posted Image
    If you chose Files from all users on this computer above, then click on Continue for UAC prompt.
  • Select the system drive, C:\ and click OK.
  • For a few moments the system will make some calculations
    Posted Image
  • The Disk Cleanup Window will open:
    Posted Image
  • Click the More Options tab.
    NOTE: If there isn't a More Options tab then click the Clean up system files button at the bottom of the window. Disk Cleanup will reload and the More Options button should be visible.
  • Click the Clean up button under the System Restore and Shadow Copies section. (See screenshot below)
    Posted Image
  • In the Disk Cleanup dialog box, click Delete (See screenshot below).
    Posted Image
  • You will get a Disk Cleanup confirmation (See screenshot below)
    Posted Image
  • Click Delete Files, and then click OK.

Preventing Re-Infection

Below, I have included a number of recommendations for how to protect your computer against future malware infections.

SPECIAL NOTICE

“CryptoLocker” is the generic name for an increasingly prevalent and nasty strain of malicious software that encrypts the files on your computer until you pay a ransom. Some variants encrypt you personal files(MP3s, photos, doc files,ect;). But ither variants encrypy virtually every file, including system files. According to reports from security firms, CryptoLocker is most often spread through booby-trapped email attachments, but the malware also can be deployed by hacked and malicious Web sites by exploiting outdated browser plugins.
Unfortunately, there isn't a way to recover the files short of paying the ransom because the encryption uses 2048-bit RSA keys that would take like a quadrillion years to decrypt.
We haven't seen a lot of the CryptoLocker ransomeware in the wild yet, but if enough people pay the ransom to get their files back it will become more prevelant. You can read more about the CryptoLocker ransomware here

Fortunately there is a program that will help prevent this type of ransomeware and other malware. You should download it and install it now.
Click here to go to the CryptoPrevent web page. You can read about the program. There are also a couple of videos toward the end of the page that show the program in action.
Scroll to the bottom of the page and click the Download "CryptoPrevent Installer" button and download the file to the desktop. Close the browser and all open programs.

Right click the CryptoPreventSetup.exe file and click Run as Administrator and OK ant UAC prompts to install the program.
Next, Right click the Cryptoprevent icon on the desktop and click Run as Administrator and OK any UAC prompt to run the program.

Posted Image

When the program opens make sure all boxes are checked and then click the Block button to apply the protection.

NOTE: I don't think the free version has an update tab so you will need to check the web site from time to time to check for newer versions of the program. Or you can pay a one time fee of $15 and get the Premium Edition which includes an automatic updating function.

:Keep Windows Updated:-Windows Updates are constantly being revised to combat the newest hacks and threats. Microsoft releases security updates that help your computer from becoming vulnerable.
Please either enable Automatic Updates or get into the habit of checking Windows Update regularly. They usually have security updates every month. You can set Windows to notify you of Updates so that you can choose, but only do this if you believe you are able to understand which ones are needed. This is a crucial security measure.

Vista and Windows 7 Users:
1. Click Start> All Programs, from the list find Windows Update and click it.

:Turn On Automatic Updates:

Vista and Windows 7
1. Click Start> Control Panel. Click Security. Under Windows Update, Click Turn automatic on or off.
2. On the next page, under Important Updates, Click the Drop down arrow on the right side of the box and Click Install Updates Automatically(recommended).
If you click this setting, click to select the day and time for scheduled updates to occur. You can schedule Automatic Updates for any time of day. Remember, your computer must be on at the scheduled time for updates to be installed. After you set this option, Windows recognizes when you are online and uses your Internet connection to find updates on the Windows Update Web site or on the Microsoft Update Web site that apply to your computer. Updates are downloaded automatically in the background, and you are not notified or interrupted during this process. An icon appears in the notification area of your task bar when the updates are being downloaded. You can point to the icon to view the download status. To pause or to resume the download, right-click the icon, and then click Pause or Resume. When the download is completed, another message appears in the notification area so that you can review the updates that are scheduled for installation. If you choose not to install at that time, Windows starts the installation on your set schedule.

: Keep Java Updated :

WARNING: Java is the #1 exploited program at this time. The Department of Homeland Security recommends that computer users disable Java
See this article and this article.
I would recommend that you completely uninstall Java unless you need it to run an important software or need it to play games on-line.
In that instance I would recommend that you only use Firefox or Chrome to visit those sites and do the following:If you still want to keep Java
  • Click the Start button
  • Click Control Panel
  • Double Click Java - Looks like a coffee cup. You may have to switch to Classical View on the upper left of the Control Panel to see it.
  • Click the Update tab
  • Click Update Now
  • Allow any updates to be downloaded and installed
: Keep Adobe Reader Updated :
  • Open Adobe Reader
  • Click Help on the menu at the top
  • Click Check for Updates
  • Allow any updates to be downloaded and installed
NOTE: Whether you use Adobe Reader, Acrobat or Foxit Reader to read pdf files you need to disable Javascript in the program. There is an exploit out there now that can use it to get on your PC. For Adobe Reader: Click Start, All Programs, Adobe Reader, Edit, Preferences, Click on Javascript in the left column and uncheck Enable Acrobat Javascript. Click OK Close program. It's the same for Foxit Reader except Preferences is under the Tools menu, and you uncheck Enable Javascript Actions.

NOTE: Many installers offer third-party downloads that are installed automatically when you do not uncheck certain checkboxes. While most of the time not being malicious you usually do not want these on your computer. Be careful during the installation process and you will avoid seeing tons of new unwanted toolbars in your favorite web browser.

:Web Browsers:

:Make your Internet Explorer more secure:
1. From within Internet Explorer click on the Tools menu and then click on Options.
2. Click once on the Security tab
3. Click once on the Internet icon so it becomes highlighted.
4. Click once on the Custom Level button.
5. Change the Download signed ActiveX controls to "Prompt"
6. Change the Download unsigned ActiveX controls to "Disable"
7. Change the Initialise and script ActiveX controls not marked as safe to "Disable"
8. Change the Installation of desktop items to "Prompt"
9. Change the Launching programs and files in an IFRAME to "Prompt"
10. When all these settings have been made, click on the OK button.
11. If it prompts you as to whether or not you want to save the settings, click the Yes button.
12. Next press the Apply button and then the OK to exit the Internet Properties page.

This webpage is worth bookmarking/reading for future reference:
Securing Your Web Browser

:Alternate Browsers:

If you use Firefox, I highly recommend these add-ons to keep your PC even more secure.
  • NoScript - for blocking ads and other potential website attacks
  • WebOfTrust - a safe surfing tool for your browser. Traffic-light rating symbols show which websites you can trust when you search, shop and surf on the Web.
  • McAfee SiteAdvisor - this tells you whether the sites you are about to visit are safe or not. A must if you do a lot of Googling
:Install the MVPs Hosts File:
  • MVPS Hosts file-replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.
NOTE: Please read all of the information on the MVP Hosts page before you install the HOSTS file. This file will may result in some of the web sites you visit not working as expected or not at all. There are work arounds for this but you will need to read about them on the web page. If you install the MVP HOSTS file and decide you don't want it you can replace it with the HOSTS file that you were using before. The web page has directions for this.

Preventative programs that will help to keep the nasties away! We will start with Anti Spyware programs. I would advise getting a couple of them at least, and running a full scan at least once a month. Run Quick Scans at least once a week. Download the Free versions. And update the definitions before running scans.

========Anti Spyware========
  • Malwarebytes-Free Version- a powerful tool to search for and eliminate malware found on your computer.
  • SUPERAntiSpyware Free Edition-another scanning tool to find and eliminate malware.
  • SpywareBlaster-to help prevent spyware from installing in the first place. A tutorial can be found here.
  • WinPatrol - will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. Help file and tutorial can be found here.
It's a good idea to clear out all your temp files every now and again. This will help your computer from bogging down and slowing. It also can assist in getting rid of files that may contain malicious code that could re-infect your computer.

========TEMP File Cleaners========
  • TFC by OldTimer-A very powerful cleaning program for 32 and 64 bit OS. Note: You may have this already as part of the fixes you have run.
  • CleanUP-Click the Download CleanUP! link. There is also a Learn how to use CleanUP! link on this page.
========BACKUPS================
  • Keep a backup of your important files.-Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.
  • Tweaking.com's Registry Backup - Download the installer for Registry Backup from the link below and save it to the desktop :
    Link
  • Click one of the Download buttons under Installer
    A tutorial for Registry Backup explaining the various features can be viewed here
========Keep Installed Programs Up to Date========
It is also possible for other programs on your computer to have security vulnerability that can allow malware to infect you. Therefore, it is also a good idea to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities.
A program that will do this is listed below. Download and install the program and run it monthly:
Filehippo Update Checker

Finally, please read How did I get infected in the first place? by Mr. Tony Cline

I'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can then be closed.

IF I have helped you and you want to say "thanks", you can do that by clicking the Rep+ button at the bottom right of this post. :)

I Will Keep This Open For 24 hours or so. If Anything Comes Up - Just Come Back And Let Me Know

Stay Safe :wave:
godawgs
  • 0

#12
godawgs
Posted 27 January 2014 - 12:06 PM

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP