[Getting lots of popups]

Ok, ran the clean up and reboot. will get online for a while and dee if I have any popups. Thanks for all your help. Will update you after I use the computer for a bit. Anything else I need to do?

[Getting lots of popups]

All processes killed

========== OTL ==========

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D944BB61-2E34-4DBF-A683-47E505C587DC}\ not found.

HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!

HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!

HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!

HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!

HKEY_USERS\S-1-5-21-1138369966-3132292373-3564050637-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!

Registry key HKEY_USERS\S-1-5-21-1138369966-3132292373-3564050637-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.

Registry key HKEY_USERS\S-1-5-21-1138369966-3132292373-3564050637-1000\Software\Microsoft\Internet Explorer\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D944BB61-2E34-4DBF-A683-47E505C587DC}\ not found.

Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.

Registry value HKEY_USERS\S-1-5-21-1138369966-3132292373-3564050637-1000\Software\Microsoft\Windows\CurrentVersion\Run\\RESTART_STICKY_NOTES deleted successfully.

Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.

Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.

========== COMMANDS ==========

 

[EMPTYJAVA]

 

User: All Users

 

User: Default

 

User: Default User

 

User: Heather

 

User: Public

 

Total Java Files Cleaned = 0.00 mb

 

 

[EMPTYFLASH]

 

User: All Users

 

User: Default

 

User: Default User

 

User: Heather

->Flash cache emptied: 14216 bytes

 

User: Public

 

Total Flash Files Cleaned = 0.00 mb

 

 

[EMPTYTEMP]

 

User: All Users

 

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: Heather

->Temp folder emptied: 92942658 bytes

->Temporary Internet Files folder emptied: 597780803 bytes

->Google Chrome cache emptied: 444846636 bytes

->Flash cache emptied: 0 bytes

 

User: Public

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32 (64bit) .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 365062411 bytes

%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 13400863 bytes

%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 17485409 bytes

RecycleBin emptied: 77646852 bytes

 

Total Files Cleaned = 1,535.00 mb

 

C:\Windows\System32\drivers\etc\Hosts moved successfully.

HOSTS file reset successfully

Restore point Set: OTL Restore Point

 

OTL by OldTimer - Version 3.2.69.0 log created on 01052014_121139

 

Files\Folders moved on Reboot...

C:\Users\Heather\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

C:\Users\Heather\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.

 

PendingFileRenameOperations files...

 

Registry entries deleted on Reboot...

[Getting lots of popups]

Ok. Went ahead and got that done. Will talk to you when we get back from church tomorrow afternoon, Thanks again.

[Getting lots of popups]

OTL Extras logfile created on: 1/4/2014 11:25:15 PM - Run 1

OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Heather\Downloads

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.11.9600.16428)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

 

1.86 Gb Total Physical Memory | 0.81 Gb Available Physical Memory | 43.70% Memory free

3.71 Gb Paging File | 2.07 Gb Available in Paging File | 55.92% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 279.47 Gb Total Space | 219.62 Gb Free Space | 78.58% Space Free | Partition Type: NTFS

Drive D: | 14.46 Gb Total Space | 1.61 Gb Free Space | 11.12% Space Free | Partition Type: NTFS

Drive E: | 3.96 Gb Total Space | 1.08 Gb Free Space | 27.33% Space Free | Partition Type: FAT32

Unable to calculate disk information.

 

Computer Name: HEATHER-HP | User Name: Heather | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 

========== Extra Registry (SafeList) ==========

 

 

========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

 

[HKEY_USERS\S-1-5-21-1138369966-3132292373-3564050637-1000\SOFTWARE\Classes\<extension>]

.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

 

========== Shell Spawning ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [edit] -- Reg Error: Key error.

htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"

http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [MediaMonkey.1Play] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" "%1" (Ventis Media Inc.)

Directory [MediaMonkey.2PlayNext] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" /NEXT "%1" (Ventis Media Inc.)

Directory [MediaMonkey.3Enqueue] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" /ADD "%1" (Ventis Media Inc.)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

 

========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

 

========== Firewall Settings ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

 

========== Authorized Applications List ==========

 

 

========== Vista Active Open Ports Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{0274FC23-F28E-4209-A7BE-A1F6D4427DBD}" = rport=138 | protocol=17 | dir=out | app=system | 

"{052FC421-1755-476A-80F6-66040F13FE5D}" = lport=445 | protocol=6 | dir=in | app=system | 

"{056F81CA-7277-4716-99E3-2AD834107975}" = lport=10243 | protocol=6 | dir=in | app=system | 

"{074EABE4-65E9-4CA1-8F11-4682A627341D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 

"{0B77E067-1E45-4230-B360-6908A7727E16}" = rport=139 | protocol=6 | dir=out | app=system | 

"{1364AB05-DF4B-42A3-8C87-7AA60E2E8277}" = rport=10243 | protocol=6 | dir=out | app=system | 

"{143BD02A-870C-4886-8726-6D0AF642C1BB}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 

"{24EC0E76-3551-45CD-9A3D-DFB2513CD3BC}" = rport=137 | protocol=17 | dir=out | app=system | 

"{37876F80-0FFB-4A17-A55A-A778F9C10AFA}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 

"{4D695AEA-EB8E-46B9-AF6D-AD713446ED14}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 

"{536232F0-67A1-493E-8EFA-792735908CA0}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 | 

"{66E54E0A-517D-4040-A8E0-9280EE202BC5}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 

"{67284EF9-54C8-4B17-BC07-F4EB72145028}" = rport=445 | protocol=6 | dir=out | app=system | 

"{6780E539-ADD0-436D-AB9A-528844164D2F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 

"{802AE2D0-2E2B-418B-8A15-4F9711DD551E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 

"{8B6FF54C-D8E5-4BF6-9965-FC740DD8035C}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 

"{8B97C794-5526-4D2C-A3D8-2F3A251E4F97}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 

"{97247ACD-2B0C-4D65-9A73-5398E3F6852E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 

"{A9C62A29-D2C7-4CFD-ADAB-CFB2C87585D8}" = lport=2869 | protocol=6 | dir=in | app=system | 

"{B57EFF07-A15E-4788-8B91-BC2493D1E8B3}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 

"{C1A8F361-C94F-4EC8-9AB7-D609AD873C50}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 

"{D87628A4-C7B6-4D03-A493-F2DA7A380868}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 

"{E23C5A92-3F18-485E-AEA0-F2C47D1F48A9}" = lport=138 | protocol=17 | dir=in | app=system | 

"{ED633FC6-1EDC-4269-8649-AEA7C3E1E814}" = lport=137 | protocol=17 | dir=in | app=system | 

"{FDBC6B83-0FFD-43E2-83FC-974BC5CA7500}" = lport=139 | protocol=6 | dir=in | app=system | 

 

========== Vista Active Application Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{0F7F85B3-69C9-4FFA-A47F-900EB84DA674}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 

"{1DD7C0FA-8534-4507-9921-B7E9F0100080}" = protocol=58 | dir=in | [email protected],-28545 | 

"{28F4E3DB-81E3-427B-B0DC-695DD4F2BBAE}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 

"{2CAD8BD3-2BE1-4FAD-A736-965B6ABFC8E6}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 

"{2CB9E60E-DEA7-47C3-9CBA-8E7D8765A155}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 

"{3311F27B-5064-491D-B408-DEC71BB36413}" = protocol=17 | dir=in | app=c:\program files (x86)\hewlett-packard\mediasmart\roxionow\rnow.exe | 

"{3B3BAC28-020B-423B-A84B-8411795936D9}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 

"{3C568FC5-2C98-4E0F-8FB1-146BF417F719}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 

"{41B3D50A-ED76-4BD7-A3EB-8DB03E421DF6}" = protocol=6 | dir=in | app=c:\program files (x86)\roxio\roxionow player\rnowshell.exe | 

"{52360138-6339-469A-BE00-357A68858FB0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 

"{53034B48-C775-42F8-AAAE-38DAD60DAB0C}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 

"{63B41EA2-9851-49DC-A6CF-2DE79E099F4C}" = protocol=6 | dir=out | app=system | 

"{63DAC05A-00C9-4200-9577-84E7071FF09B}" = protocol=6 | dir=in | app=c:\program files (x86)\hewlett-packard\mediasmart\roxionow\rnow.exe | 

"{64FAFE42-7290-415A-B74B-69C9DC3CFCAF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 

"{6EB5B81B-45D8-4CC8-966F-72D322443D3A}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 

"{755E8584-4BA2-49E6-A663-FA6D7A8508D0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 

"{7895E9E6-D92C-4F6E-A46D-0773F3FD322D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 

"{7C166D6D-D30E-468A-BF55-2B6043761CE0}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 

"{98D3C615-F210-4D5B-B540-0094F64E2DCE}" = protocol=1 | dir=in | [email protected],-28543 | 

"{A26BEB69-95FE-467C-901C-06FB767C20F2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 

"{B61594E7-EF73-4F16-823C-6068A90CF36E}" = protocol=58 | dir=out | [email protected],-28546 | 

"{B9E2C0BC-71D8-43CD-8DE4-8717FC05A93C}" = protocol=1 | dir=out | [email protected],-28544 | 

"{BD3D72C4-4075-4AB4-9972-AFEE10464FC9}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 

"{BE568172-3F31-4532-8CD2-D80BBFE84226}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 

"{C01D2718-D0AC-4FB6-A191-F802E0E01DA7}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 

"{CE2B7890-30EB-44D4-9C4B-D891A7F67E1F}" = protocol=17 | dir=in | app=c:\program files (x86)\roxio\roxionow player\rnowshell.exe | 

"{D53DB605-5FBA-4819-BD8A-486A5E68A2B2}" = protocol=58 | dir=out | [email protected],-503 | 

"{D9B5F0F8-0171-41ED-B85E-A6E63395776F}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 

"{DD354BB9-57FC-4B92-B2D6-76AED2B72862}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 

"{E3DE7F47-D873-4F15-99E4-62A77F49DE63}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 

"{E7072F34-F647-42FD-970C-3E06ADB5E653}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | 

"{E76C8B05-67FA-47D1-AA3B-98DC7F78AA6F}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 

"{EA3A8610-09EB-4495-B093-6E757ABAF43F}" = protocol=58 | dir=in | app=system | 

"{FB74416D-EB30-418A-AE75-631FC9FA2F6D}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 

"TCP Query User{4E9106B6-804B-4914-B95E-DCD5E23BF10C}C:\users\heather\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\heather\appdata\roaming\spotify\spotify.exe | 

"TCP Query User{C4238A8C-1272-4B2B-86D9-7102DA894CD1}C:\users\heather\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\heather\appdata\roaming\spotify\spotify.exe | 

"UDP Query User{2FA4FBF9-95FB-4C99-9990-36E75C8DCE80}C:\users\heather\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\heather\appdata\roaming\spotify\spotify.exe | 

"UDP Query User{A74062CA-E09F-44F1-9CEF-CF4C723CBEFF}C:\users\heather\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\heather\appdata\roaming\spotify\spotify.exe | 

 

========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam

"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements

"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer

"{0EDEB615-1A60-425E-8306-0E10519C7B55}" = RoxioNow Player

"{120262A6-7A4B-4889-AE85-F5E5688D3683}" = HP MovieStore

"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update

"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions

"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections

"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App

"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery

"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery

"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology

"{5036764A-435D-40C9-869C-31085A3D741D}" = HP Setup

"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module

"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack

"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module

"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components

"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE

"{68A55875-B6DD-41E8-8CF6-F193D9C47051}" = HP Documentation

"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.1.0

"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp" = WildTangent Games App for HP

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update

"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger

"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform

"{872B1C80-38EC-4A31-A25C-980820593900}" = HP Power Manager

"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver

"{8B52057C-15DB-433E-957C-E279BC7D07E3}" = HP QuickWeb

"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime

"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT

"{9008D736-35CA-40DB-A2BE-5F32D954E5AA}" = HP MovieStore

"{90140011-0066-0409-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - English

"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker

"{9368DDD5-CE7F-4BD7-A83A-F00FABE338EC}" = Blio

"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{9D3D8C60-A55F-4123-B2B9-173F09590E16}" = REALTEK Wireless LAN Driver

"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail

"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh

"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common

"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer

"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer

"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.05)

"{AE856388-AFAD-4753-81DF-D96B19D0A17C}" = Compaq Setup Manager

"{BB1C717E-376C-4AA1-8940-81BFC38D9778}" = HP Quick Launch

"{BFD1ABD7-9417-41CB-B1F6-04BE4CB9820D}" = HP Software Framework

"{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader

"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail

"{CA43FE4F-9FF2-4AD7-88F0-CC3BAC17B226}" = HP Support Assistant

"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86

"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support

"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform

"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64

"{D322A9E3-758B-4D60-A7C4-65C88FD378D0}" = Bing Bar

"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common

"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform

"{D7670221-BF9B-4DFF-B26B-5BE55A87329F}" = HP On Screen Display

"{DBCD5E64-7379-4648-9444-8A6558DCB614}" = Recovery Manager

"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources

"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh

"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10

"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime

"{E96CAA2A-0244-4A2A-8403-0C3C9534778B}" = ESU for Microsoft Windows 7 SP1

"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger

"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F761359C-9CED-45AE-9A51-9D6605CD55C4}" = Evernote v. 4.2.3

"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center

"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials

"Adobe Digital Editions 2.0" = Adobe Digital Editions 2.0

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX

"Adobe Shockwave Player" = Adobe Shockwave Player 11.5

"Canon MG2100 series On-screen Manual" = Canon MG2100 series On-screen Manual

"Canon MG2100 series User Registration" = Canon MG2100 series User Registration

"CanonMyPrinter" = Canon My Printer

"CanonSolutionMenuEX" = Canon Solution Menu EX

"Easy-PhotoPrint EX" = Canon Easy-PhotoPrint EX

"Google Chrome" = Google Chrome

"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300

"MediaMonkey_is1" = MediaMonkey 3.2

"MP Navigator EX 5.0" = Canon MP Navigator EX 5.0

"NIS" = Norton Internet Security

"Office14.Click2Run" = Microsoft Office Click-to-Run 2010

"WildTangent hp Master Uninstall" = HP Games

"WinLiveSuite" = Windows Live Essentials

"WTA-07dd4a15-af59-4f9b-87b4-19ce85e0b66c" = Farm Frenzy

"WTA-0ec51801-033d-4617-a050-728e77631270" = Polar Bowler

"WTA-227c80a2-21c7-4185-a0b0-a747053828d1" = Cradle of Rome 2

"WTA-28c40a23-2cb0-4857-93ac-3ae881416080" = Governor of Poker 2 Premium Edition

"WTA-40436781-0771-43e9-90f1-f0b21871e7c7" = Namco All-Stars: PAC-MAN

"WTA-4321a835-a749-4fc6-9097-d1516a02a344" = Virtual Villagers 5 - New Believers

"WTA-5f7cb5e7-e662-4dd4-ae4b-cb001ab0ed67" = Poker Superstars III

"WTA-61144ec7-9623-40f1-916b-a08b810a39ff" = Bounce Symphony

"WTA-654b1f4c-49e0-4a89-9c31-880e05927973" = Mystery of Mortlake Mansion

"WTA-657aa79f-4740-4ffd-9d42-7443fee74ca9" = Cake Mania

"WTA-87609f51-e7c2-4747-a175-99957dc2679b" = Polar Golfer

"WTA-887c9daf-c718-423e-9d37-2bf81aae537f" = Mah Jong Medley

"WTA-89c8791f-2f2c-4afe-aa76-918bcf703b33" = Plants vs. Zombies - Game of the Year

"WTA-9c483297-2c0b-4e52-8714-3b478983a0f6" = Penguins!

"WTA-a201309e-54cb-471b-b2b2-cb08d6e23a57" = Slingo Supreme

"WTA-adece886-22ed-47b6-bba0-9ec02042ca6f" = Agatha Christie - Peril at End House

"WTA-bee71dbf-9875-4bd0-9f51-2863426d06d3" = FATE

"WTA-c005653b-ab05-4da1-9723-a638f23175ee" = Chuzzle Deluxe

"WTA-c6c46fe9-d8cd-47fd-bdde-a0231815943f" = Zuma Deluxe

"WTA-cc617191-81c5-4649-8255-3d37d9d6141b" = Bejeweled 3

"WTA-cf9d7d2b-16a6-477e-af0e-f37c0373f8ff" = Blasterball 3

"WTA-e5a22790-5f26-46b4-bd19-f0b3a53ae654" = Vacation Quest - The Hawaiian Islands

"WTA-f745116d-0448-476d-aa2a-f3d3a85f096d" = Blackhawk Striker 2

"WTA-fe2f2ce9-ea5d-4ff8-bc0c-8f0f98a5259a" = Chronicles of Albian

"WTA-fe6c4247-8a9d-46b0-a840-2b2f416b3657" = Jewel Quest: The Sleepless Star - Collector's Edition

 

========== HKEY_USERS Uninstall List ==========

 

[HKEY_USERS\S-1-5-21-1138369966-3132292373-3564050637-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Amazon Kindle" = Amazon Kindle

"DigitalSite" = Update for PDF Writer

"Spotify" = Spotify

"UnityWebPlayer" = Unity Web Player

 

========== Last 20 Event Log Errors ==========

 

[ Application Events ]

Error - 1/4/2014 9:19:26 PM | Computer Name = Heather-HP | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledSPRetry 665500

 

Error - 1/4/2014 9:19:27 PM | Computer Name = Heather-HP | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: Continuously busy for more than a second

 

Error - 1/4/2014 9:19:27 PM | Computer Name = Heather-HP | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledEvent 666499

 

Error - 1/4/2014 9:19:27 PM | Computer Name = Heather-HP | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledSPRetry 666499

 

Error - 1/4/2014 9:44:49 PM | Computer Name = Heather-HP | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: Continuously busy for more than a second

 

Error - 1/4/2014 9:44:49 PM | Computer Name = Heather-HP | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledEvent 1014

 

Error - 1/4/2014 9:44:49 PM | Computer Name = Heather-HP | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledSPRetry 1014

 

Error - 1/4/2014 9:44:51 PM | Computer Name = Heather-HP | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: Continuously busy for more than a second

 

Error - 1/4/2014 9:44:51 PM | Computer Name = Heather-HP | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledEvent 2200

 

Error - 1/4/2014 9:44:51 PM | Computer Name = Heather-HP | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledSPRetry 2200

 

[ Hewlett-Packard Events ]

Error - 9/2/2013 3:15:13 PM | Computer Name = Heather-HP | Source = HPSF.exe | ID = 4000

Description = 

 

Error - 10/2/2013 12:02:16 AM | Computer Name = Heather-HP | Source = HPSF.exe | ID = 4000

Description = 

 

Error - 10/20/2013 10:36:37 PM | Computer Name = Heather-HP | Source = HPSF.exe | ID = 4000

Description = 

 

Error - 10/20/2013 10:38:52 PM | Computer Name = Heather-HP | Source = HPSF.exe | ID = 4000

Description = 

 

Error - 10/27/2013 10:52:35 PM | Computer Name = Heather-HP | Source = HPSF.exe | ID = 4000

Description = 

 

Error - 12/8/2013 11:35:54 PM | Computer Name = Heather-HP | Source = HPSF.exe | ID = 4000

Description = 

 

Error - 12/8/2013 11:37:59 PM | Computer Name = Heather-HP | Source = HPSF.exe | ID = 4000

Description = 

 

Error - 12/8/2013 11:38:04 PM | Computer Name = Heather-HP | Source = HPSF.exe | ID = 4000

Description = 

 

Error - 12/15/2013 11:24:55 PM | Computer Name = Heather-HP | Source = HPSF.exe | ID = 4000

Description = 

 

Error - 12/22/2013 11:28:50 PM | Computer Name = Heather-HP | Source = HPSF.exe | ID = 4000

Description = 

 

 

< End of report >

[Getting lots of popups]

OTL logfile created on: 1/4/2014 11:25:15 PM - Run 1

OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Heather\Downloads

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.11.9600.16428)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

 

1.86 Gb Total Physical Memory | 0.81 Gb Available Physical Memory | 43.70% Memory free

3.71 Gb Paging File | 2.07 Gb Available in Paging File | 55.92% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 279.47 Gb Total Space | 219.62 Gb Free Space | 78.58% Space Free | Partition Type: NTFS

Drive D: | 14.46 Gb Total Space | 1.61 Gb Free Space | 11.12% Space Free | Partition Type: NTFS

Drive E: | 3.96 Gb Total Space | 1.08 Gb Free Space | 27.33% Space Free | Partition Type: FAT32

Unable to calculate disk information.

 

Computer Name: HEATHER-HP | User Name: Heather | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 

========== Processes (SafeList) ==========

 

PRC - [2014/01/04 23:24:04 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Heather\Downloads\OTL.com

PRC - [2013/12/09 12:10:40 | 001,168,896 | ---- | M] (Spotify Ltd) -- C:\Users\Heather\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe

PRC - [2013/12/03 19:48:06 | 000,863,184 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

PRC - [2013/09/05 07:04:00 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

PRC - [2013/07/23 01:46:22 | 000,240,288 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\SeaPort.EXE

PRC - [2013/06/26 18:21:50 | 000,207,528 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

PRC - [2013/06/26 18:21:46 | 000,523,944 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

PRC - [2011/08/04 16:08:56 | 000,593,032 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\Solution Menu EX\CNSEUPDT.EXE

PRC - [2011/08/04 16:06:12 | 001,612,920 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE

PRC - [2011/06/28 02:41:08 | 000,168,504 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe

PRC - [2011/06/16 17:03:42 | 000,103,992 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe

PRC - [2011/06/15 17:58:28 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe

PRC - [2011/06/14 14:29:22 | 000,587,320 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe

PRC - [2011/06/14 14:29:22 | 000,026,680 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe

PRC - [2011/06/13 16:47:12 | 000,336,440 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe

PRC - [2011/05/24 16:36:26 | 000,138,760 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\19.0.0.128\ccSvcHst.exe

PRC - [2010/12/30 20:44:00 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

PRC - [2010/12/30 20:43:00 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

PRC - [2010/12/27 16:30:00 | 001,817,088 | ---- | M] (Realsil Microelectronics Inc.) -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe

PRC - [2010/11/26 07:09:12 | 000,399,344 | ---- | M] (Roxio) -- C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe

PRC - [2010/09/13 18:32:32 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

PRC - [2010/09/13 18:32:30 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

 

 

========== Modules (No Company Name) ==========

 

MOD - [2013/12/03 19:48:04 | 000,399,312 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ppgooglenaclpluginchrome.dll

MOD - [2013/12/03 19:48:02 | 004,055,504 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\pdf.dll

MOD - [2013/12/03 19:47:11 | 000,702,416 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\libglesv2.dll

MOD - [2013/12/03 19:47:11 | 000,099,792 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\libegl.dll

MOD - [2013/12/03 19:47:08 | 001,619,408 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ffmpegsumo.dll

MOD - [2013/10/09 10:13:59 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ef0a534be135cd8f0d99d938d8b1814a\System.Windows.Forms.ni.dll

MOD - [2013/10/09 10:13:32 | 003,348,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\4eef5a3a4d0ed6d6fd882947a70df530\WindowsBase.ni.dll

MOD - [2013/10/09 10:13:25 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\29f3ae8d313e62b4daed1107ccd29f9f\System.Configuration.ni.dll

MOD - [2013/09/15 16:29:02 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\d473c19e69818875b9c739cad8f386a5\System.Runtime.Remoting.ni.dll

MOD - [2013/08/19 16:30:50 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\9a1bc983c28c695729b3e46acdc6933e\System.Management.ni.dll

MOD - [2013/08/19 16:30:49 | 000,475,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\ebdb3050959d9be47d33d2c77d6cc291\IAStorUtil.ni.dll

MOD - [2013/08/15 02:32:49 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5aa44bce7933e4de09d935848f868a4b\System.Drawing.ni.dll

MOD - [2013/08/15 02:32:22 | 005,464,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\09db78d6068543df01862a023aca785a\System.Xml.ni.dll

MOD - [2013/08/15 02:32:13 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\5d22a30e587e2cac106b81fb351e7c08\System.ni.dll

MOD - [2013/07/18 12:00:50 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\34002b75cd0faab68bf8079299c1aa46\IAStorCommon.ni.dll

MOD - [2013/07/17 12:05:34 | 011,499,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9a6c1b7af18b4d5a91dc7f8d6617522f\mscorlib.ni.dll

MOD - [2012/11/28 14:13:52 | 000,087,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll

MOD - [2012/11/28 14:13:30 | 001,242,512 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll

MOD - [2011/07/12 20:41:16 | 000,877,112 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\HP.SupportFramework\1.0.0.0__2a4860322af7ba08\HP.SupportFramework.dll

 

 

========== Services (SafeList) ==========

 

SRV - [2013/12/16 18:53:14 | 000,227,904 | ---- | M] (WildTangent) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe -- (GamesAppIntegrationService)

SRV - [2013/12/10 13:39:01 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2013/09/05 07:04:00 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)

SRV - [2013/07/23 01:46:22 | 000,240,288 | ---- | M] (Microsoft Corporation.) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\SeaPort.EXE -- (BBUpdate)

SRV - [2013/07/23 01:46:22 | 000,193,696 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BBSvc.EXE -- (BBSvc)

SRV - [2013/06/26 18:21:50 | 000,207,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)

SRV - [2013/06/26 18:21:46 | 000,523,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)

SRV - [2011/06/21 15:57:34 | 000,085,560 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)

SRV - [2011/06/16 17:03:42 | 000,103,992 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)

SRV - [2011/06/14 14:29:22 | 000,026,680 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)

SRV - [2011/05/24 16:36:26 | 000,138,760 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\19.0.0.128\ccSvcHst.exe -- (NIS)

SRV - [2010/12/30 20:44:00 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)

SRV - [2010/12/30 20:43:00 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)

SRV - [2010/12/27 16:30:00 | 001,817,088 | ---- | M] (Realsil Microelectronics Inc.) [Auto | Running] -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe -- (IconMan_R)

SRV - [2010/11/26 07:09:12 | 000,399,344 | ---- | M] (Roxio) [Auto | Running] -- C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe -- (RoxioNow Service)

SRV - [2010/10/12 10:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)

SRV - [2010/09/13 18:32:32 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)

SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

 

 

========== Driver Services (SafeList) ==========

 

DRV - [2013/12/03 11:27:32 | 001,526,488 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\BASHDefs\20131203.001\BHDrvx64.sys -- (BHDrvx64)

DRV - [2013/11/21 07:39:16 | 000,484,952 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)

DRV - [2013/11/21 07:39:16 | 000,137,648 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)

DRV - [2013/10/25 13:17:18 | 000,521,816 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\IPSDefs\20131206.001\IDSviA64.sys -- (IDSVia64)

DRV - [2013/10/21 18:33:15 | 002,099,288 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\VirusDefs\20131209.001\ex64.sys -- (NAVEX15)

DRV - [2013/10/21 18:33:15 | 000,126,040 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\VirusDefs\20131209.001\eng64.sys -- (NAVENG)

DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

 

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\..\SearchScopes,DefaultScope = 

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}

 

 

IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 

 

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 

 

IE - HKU\S-1-5-21-1138369966-3132292373-3564050637-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/CQNOT/1

IE - HKU\S-1-5-21-1138369966-3132292373-3564050637-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/

IE - HKU\S-1-5-21-1138369966-3132292373-3564050637-1000\..\SearchScopes,DefaultScope = 

IE - HKU\S-1-5-21-1138369966-3132292373-3564050637-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox

IE - HKU\S-1-5-21-1138369966-3132292373-3564050637-1000\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}

IE - HKU\S-1-5-21-1138369966-3132292373-3564050637-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1138369966-3132292373-3564050637-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

 

 

========== FireFox ==========

 

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)

FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll (McAfee, Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Heather\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\IPSFF [2013/10/10 17:27:36 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\coFFPlgn\ [2012/08/10 16:11:41 | 000,000,000 | ---D | M]

 

 

========== Chrome  ==========

 

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},

CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll

CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\pdf.dll

CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll

CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL

CHR - plugin: CANON iMAGE GATEWAY Album Plugin Utility for IJ (Enabled) = C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL

CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll

CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll

CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll

CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll

CHR - Extension: Google Docs = C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\

CHR - Extension: Google Drive = C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\

CHR - Extension: YouTube = C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\

CHR - Extension: Google Search = C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\

CHR - Extension: Pinterest = C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic\1.1_0\

CHR - Extension: Norton Identity Protection = C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\6.0.2_0\

CHR - Extension: Google Wallet = C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\

CHR - Extension: Gmail = C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

 

O1 HOSTS File: ([2009/06/10 14:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll (McAfee, Inc.)

O2 - BHO: (Bing Bar Helper) - {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BingExt.dll (Microsoft Corporation.)

O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.0.0.128\CoIEPlg.dll (Symantec Corporation)

O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.0.0.128\IPS\IPSBHO.dll (Symantec Corporation)

O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.0.0.128\CoIEPlg.dll (Symantec Corporation)

O3 - HKLM\..\Toolbar: (Bing Bar) - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BingExt.dll (Microsoft Corporation.)

O3 - HKU\S-1-5-21-1138369966-3132292373-3564050637-1000\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.0.0.128\CoIEPlg.dll (Symantec Corporation)

O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)

O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)

O4 - HKLM..\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe (Hewlett-Packard Development Company, L.P.)

O4 - HKLM..\Run: [HPQuickWebProxy] C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe (Hewlett-Packard Company)

O4 - HKLM..\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)

O4 - HKU\S-1-5-19..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-20..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-21-1138369966-3132292373-3564050637-1000..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe File not found

O4 - HKU\S-1-5-21-1138369966-3132292373-3564050637-1000..\Run: [spotify Web Helper] C:\Users\Heather\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)

O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)

O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

O13 - gopher Prefix: missing

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 192.168.2.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{36F5EB81-152C-49FC-9C23-1F8F832FC9F7}: DhcpNameServer = 192.168.2.1 192.168.2.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B53BB598-61A9-4CBC-BEFF-62F7B4216142}: DhcpNameServer = 192.168.2.1 192.168.2.1

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

 

========== Files/Folders - Created Within 30 Days ==========

 

[2014/01/04 17:33:17 | 000,000,000 | ---D | C] -- C:\Users\Heather\AppData\Roaming\Malwarebytes

[2014/01/04 17:33:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2014/01/04 17:33:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2014/01/04 17:32:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware

[2014/01/04 17:32:29 | 000,000,000 | ---D | C] -- C:\Users\Heather\AppData\Local\Programs

[2014/01/04 17:07:46 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT

[2014/01/04 16:50:18 | 000,000,000 | ---D | C] -- C:\AdwCleaner

[2014/01/02 18:04:03 | 000,000,000 | ---D | C] -- C:\Users\Heather\AppData\Roaming\WildTangent

[2013/12/31 18:08:42 | 000,000,000 | ---D | C] -- C:\Users\Heather\AppData\Local\Adobe_Systems_Incorporate

[2013/12/31 18:07:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe

[2013/12/31 18:07:31 | 000,000,000 | ---D | C] -- C:\Users\Heather\Documents\My Digital Editions

[2013/12/12 08:33:12 | 012,625,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmploc.DLL

[2013/12/12 08:33:12 | 011,410,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmp.dll

[2013/12/12 08:30:58 | 000,440,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll

[2013/12/12 08:30:56 | 000,553,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll

[2013/12/12 08:30:55 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll

[2013/12/12 08:30:53 | 001,928,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl

[2013/12/12 01:42:39 | 000,301,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msieftp.dll

[2013/12/12 01:42:34 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMPhoto.dll

[2013/12/12 01:41:33 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\scrrun.dll

[2013/12/12 01:41:33 | 000,126,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cscript.exe

[2013/12/12 01:41:33 | 000,121,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wshom.ocx

[2013/12/11 05:19:29 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\elshyph.dll

[2013/12/11 05:19:20 | 000,645,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jsIntl.dll

[2013/12/11 05:19:20 | 000,164,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll

[2013/12/11 05:19:20 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe

[2013/12/11 05:19:13 | 000,034,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll

[2013/12/11 05:19:11 | 001,051,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll

[2013/12/11 05:19:11 | 000,616,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat

[2013/12/11 05:19:11 | 000,610,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll

[2013/12/11 05:19:11 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec

[2013/12/11 05:19:11 | 000,233,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll

[2013/12/11 05:19:11 | 000,151,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe

[2013/12/11 05:19:11 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe

[2013/12/11 05:19:11 | 000,127,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll

[2013/12/11 05:19:11 | 000,116,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll

[2013/12/11 05:19:11 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe

[2013/12/11 05:19:11 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll

[2013/12/11 05:19:11 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll

[2013/12/11 05:19:11 | 000,083,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll

[2013/12/11 05:19:11 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe

[2013/12/11 05:19:11 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll

[2013/12/11 05:19:11 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll

[2013/12/11 05:19:11 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx

[2013/12/11 05:19:11 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MshtmlDac.dll

[2013/12/11 05:19:11 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll

[2013/12/11 05:19:11 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll

[2013/12/11 05:19:11 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll

[2013/12/11 05:19:11 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll

[2013/12/11 05:19:11 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll

[2013/12/11 05:19:11 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll

[2013/12/11 05:19:11 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe

[2013/12/09 12:11:29 | 000,692,616 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe

 

========== Files - Modified Within 30 Days ==========

 

[2014/01/04 23:05:58 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2014/01/04 23:05:29 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2014/01/04 23:05:19 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2014/01/04 17:45:45 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2014/01/04 17:44:18 | 1494,110,208 | -HS- | M] () -- C:\hiberfil.sys

[2014/01/04 17:33:07 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2014/01/03 07:03:46 | 000,000,005 | ---- | M] () -- C:\Users\Heather\AppData\Roaming\WBPU-Q5-TTL.DAT

[2014/01/03 07:03:42 | 000,000,103 | ---- | M] () -- C:\Users\Heather\AppData\Roaming\WB.CFG

[2014/01/03 07:03:41 | 000,000,005 | ---- | M] () -- C:\Users\Heather\AppData\Roaming\WBPU-TTL.DAT

[2014/01/02 18:05:20 | 000,002,424 | ---- | M] () -- C:\Users\Public\Desktop\WildTangent Games App - hp.lnk

[2013/12/31 18:07:38 | 000,002,204 | ---- | M] () -- C:\Users\Heather\Application Data\Microsoft\Internet Explorer\Quick Launch\Adobe Digital Editions 2.0.lnk

[2013/12/31 18:07:38 | 000,002,180 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Digital Editions 2.0.lnk

[2013/12/21 02:23:59 | 004,682,656 | ---- | M] () -- C:\Users\Heather\Documents\chrissybflietatt.rtf

[2013/12/21 01:50:53 | 015,865,933 | ---- | M] () -- C:\Users\Heather\Documents\bfieandbear.rtf

[2013/12/19 15:06:27 | 000,232,696 | ---- | M] () -- C:\Users\Heather\Documents\jasonganoungtattoo.rtf

[2013/12/11 05:19:29 | 000,194,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\elshyph.dll

[2013/12/11 05:19:20 | 000,645,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jsIntl.dll

[2013/12/11 05:19:20 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll

[2013/12/11 05:19:20 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe

[2013/12/11 05:19:13 | 000,034,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll

[2013/12/11 05:19:12 | 000,062,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx

[2013/12/11 05:19:11 | 001,051,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll

[2013/12/11 05:19:11 | 000,616,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat

[2013/12/11 05:19:11 | 000,610,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll

[2013/12/11 05:19:11 | 000,337,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec

[2013/12/11 05:19:11 | 000,233,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll

[2013/12/11 05:19:11 | 000,151,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe

[2013/12/11 05:19:11 | 000,139,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe

[2013/12/11 05:19:11 | 000,127,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll

[2013/12/11 05:19:11 | 000,116,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll

[2013/12/11 05:19:11 | 000,112,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe

[2013/12/11 05:19:11 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll

[2013/12/11 05:19:11 | 000,086,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll

[2013/12/11 05:19:11 | 000,083,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll

[2013/12/11 05:19:11 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe

[2013/12/11 05:19:11 | 000,069,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll

[2013/12/11 05:19:11 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll

[2013/12/11 05:19:11 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\MshtmlDac.dll

[2013/12/11 05:19:11 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll

[2013/12/11 05:19:11 | 000,056,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll

[2013/12/11 05:19:11 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll

[2013/12/11 05:19:11 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll

[2013/12/11 05:19:11 | 000,032,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll

[2013/12/11 05:19:11 | 000,024,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll

[2013/12/11 05:19:11 | 000,016,284 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf

[2013/12/11 05:19:11 | 000,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe

[2013/12/10 13:38:58 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe

[2013/12/10 13:38:58 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

[2013/12/07 04:37:58 | 000,002,733 | ---- | M] () -- C:\Users\Heather\Documents\editor letter.rtf

 

========== Files Created - No Company Name ==========

 

[2014/01/04 17:33:07 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2013/12/31 18:07:38 | 000,002,204 | ---- | C] () -- C:\Users\Heather\Application Data\Microsoft\Internet Explorer\Quick Launch\Adobe Digital Editions 2.0.lnk

[2013/12/31 18:07:38 | 000,002,192 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Digital Editions 2.0.lnk

[2013/12/31 18:07:38 | 000,002,180 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Digital Editions 2.0.lnk

[2013/12/31 11:15:47 | 000,000,005 | ---- | C] () -- C:\Users\Heather\AppData\Roaming\WBPU-Q5-TTL.DAT

[2013/12/21 02:23:59 | 004,682,656 | ---- | C] () -- C:\Users\Heather\Documents\chrissybflietatt.rtf

[2013/12/21 01:50:52 | 015,865,933 | ---- | C] () -- C:\Users\Heather\Documents\bfieandbear.rtf

[2013/12/19 15:06:26 | 000,232,696 | ---- | C] () -- C:\Users\Heather\Documents\jasonganoungtattoo.rtf

[2013/12/11 05:19:11 | 000,016,284 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf

[2013/12/09 12:12:02 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2013/12/07 04:37:58 | 000,002,733 | ---- | C] () -- C:\Users\Heather\Documents\editor letter.rtf

[2013/10/18 10:37:08 | 000,000,103 | ---- | C] () -- C:\Users\Heather\AppData\Roaming\WB.CFG

[2013/10/18 10:37:08 | 000,000,005 | ---- | C] () -- C:\Users\Heather\AppData\Roaming\WBPU-TTL.DAT

[2012/08/12 18:36:03 | 000,000,017 | ---- | C] () -- C:\Windows\SysWow64\shortcut_ex.dat

[2012/08/10 16:18:47 | 000,744,030 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2012/04/20 14:54:12 | 000,451,072 | ---- | C] () -- C:\Windows\SysWow64\ISSRemoveSP.exe

 

========== ZeroAccess Check ==========

 

[2009/07/13 21:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

 

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

 

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 19:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 18:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 18:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 20:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 18:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

 

========== LOP Check ==========

 

[2013/01/07 17:50:54 | 000,000,000 | ---D | M] -- C:\Users\Heather\AppData\Roaming\Awem

[2012/08/11 10:20:27 | 000,000,000 | ---D | M] -- C:\Users\Heather\AppData\Roaming\Blio

[2013/05/25 20:51:42 | 000,000,000 | ---D | M] -- C:\Users\Heather\AppData\Roaming\Canon

[2012/08/11 15:54:46 | 000,000,000 | ---D | M] -- C:\Users\Heather\AppData\Roaming\Flood Light Games

[2012/08/18 16:15:33 | 000,000,000 | ---D | M] -- C:\Users\Heather\AppData\Roaming\funkitron

[2012/08/16 20:28:48 | 000,000,000 | ---D | M] -- C:\Users\Heather\AppData\Roaming\Mystery of Mortlake Mansion

[2014/01/04 16:57:15 | 000,000,000 | ---D | M] -- C:\Users\Heather\AppData\Roaming\SoftGrid Client

[2012/08/24 18:29:46 | 000,000,000 | ---D | M] -- C:\Users\Heather\AppData\Roaming\SpinTop Games

[2014/01/04 16:56:14 | 000,000,000 | ---D | M] -- C:\Users\Heather\AppData\Roaming\Spotify

[2012/08/10 16:14:01 | 000,000,000 | ---D | M] -- C:\Users\Heather\AppData\Roaming\Synaptics

[2012/08/10 16:19:30 | 000,000,000 | ---D | M] -- C:\Users\Heather\AppData\Roaming\TP

[2013/09/25 08:52:24 | 000,000,000 | ---D | M] -- C:\Users\Heather\AppData\Roaming\Unity

[2014/01/02 18:04:06 | 000,000,000 | ---D | M] -- C:\Users\Heather\AppData\Roaming\WildTangent

[2013/06/04 22:40:00 | 000,000,000 | ---D | M] -- C:\Users\Heather\AppData\Roaming\Windows Live Writer

[2012/08/27 09:23:45 | 000,000,000 | ---D | M] -- C:\Users\Heather\AppData\Roaming\YoudaGames

 

========== Purity Check ==========

 

 

 

< End of report >

[Getting lots of popups]

Thanks for all your help. I will have to finish up tomorrow after we get back from church. 

[Getting lots of popups]

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Home Premium 

Boot Device: \Device\HarddiskVolume1

Install Date: 8/10/2012 5:08:45 PM

System Uptime: 1/4/2014 5:54:41 PM (1 hours ago)

.

Motherboard: Hewlett-Packard |  | 3672

Processor: Intel® Celeron® CPU B800 @ 1.50GHz | CPU1 | 795/1333mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 279 GiB total, 219.62 GiB free.

D: is FIXED (NTFS) - 14 GiB total, 1.608 GiB free.

E: is FIXED (FAT32) - 4 GiB total, 1.082 GiB free.

F: is CDROM (CDFS)

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP76: 12/10/2013 9:29:47 AM - Windows Update

RP77: 12/11/2013 5:15:39 AM - Windows Update

RP78: 12/12/2013 8:28:29 AM - Windows Update

RP79: 12/17/2013 9:53:56 AM - Windows Update

RP80: 12/20/2013 12:54:45 PM - Windows Update

RP81: 12/24/2013 8:11:51 AM - Windows Update

RP82: 12/27/2013 11:25:21 AM - Windows Update

RP83: 12/31/2013 11:04:58 AM - Windows Update

RP84: 1/3/2014 11:59:51 AM - Windows Update

.

==== Installed Programs ======================

.

Adobe Digital Editions 2.0

Adobe Flash Player 11 ActiveX

Adobe Reader XI (11.0.05)

Adobe Shockwave Player 11.5

Agatha Christie - Peril at End House

Amazon Kindle

Apple Application Support

Apple Mobile Device Support

Apple Software Update

Bejeweled 3

Bing Bar

Blackhawk Striker 2

Blasterball 3

Blio

Bonjour

Bounce Symphony

Cake Mania

Canon Easy-PhotoPrint EX

Canon MG2100 series MP Drivers

Canon MG2100 series On-screen Manual

Canon MG2100 series User Registration

Canon MP Navigator EX 5.0

Canon My Printer

Canon Solution Menu EX

Chronicles of Albian

Chuzzle Deluxe

Cisco EAP-FAST Module

Cisco LEAP Module

Cisco PEAP Module

Compaq Setup Manager

Cradle of Rome 2

CyberLink YouCam

D3DX10

ESU for Microsoft Windows 7 SP1

Evernote v. 4.2.3

Farm Frenzy

FATE

Google Chrome

Google Update Helper

Governor of Poker 2 Premium Edition

Hewlett-Packard ACLM.NET v1.1.1.0

HP Auto

HP Client Services

HP Customer Experience Enhancements

HP Documentation

HP Games

HP Launch Box

HP MovieStore

HP On Screen Display

HP Power Manager

HP Quick Launch

HP QuickWeb

HP Setup

HP Software Framework

HP Support Assistant

Intel® Control Center

Intel® Management Engine Components

Intel® Processor Graphics

Intel® Rapid Storage Technology

iTunes

Jewel Quest: The Sleepless Star - Collector's Edition

Junk Mail filter update

Mah Jong Medley

Malwarebytes Anti-Malware version 1.75.0.1300

McAfee Security Scan Plus

MediaMonkey 3.2

Mesh Runtime

Microsoft .NET Framework 4 Client Profile

Microsoft Application Error Reporting

Microsoft Office 2010

Microsoft Office Click-to-Run 2010

Microsoft Office Starter 2010 - English

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft WSE 3.0 Runtime

MSVCRT

MSVCRT_amd64

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

Mystery of Mortlake Mansion

Namco All-Stars: PAC-MAN

Norton Internet Security

Penguins!

Plants vs. Zombies - Game of the Year

PlayReady PC Runtime x86

Poker Superstars III

Polar Bowler

Polar Golfer

Realtek Ethernet Controller Driver

Realtek High Definition Audio Driver

Realtek PCIE Card Reader

REALTEK Wireless LAN Driver

Recovery Manager

RoxioNow Player

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)

Slingo Supreme

Spotify

Synaptics TouchPad Driver

Unity Web Player

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft .NET Framework 4 Client Profile (KB2836939)

Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3)

Update for PDF Writer

Update Installer for WildTangent Games App

Vacation Quest - The Hawaiian Islands

Virtual Villagers 5 - New Believers

WildTangent Games App for HP

Windows Live Communications Platform

Windows Live Essentials

Windows Live ID Sign-in Assistant

Windows Live Installer

Windows Live Language Selector

Windows Live Mail

Windows Live Mesh

Windows Live Mesh ActiveX Control for Remote Connections

Windows Live Messenger

Windows Live MIME IFilter

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live Remote Client

Windows Live Remote Client Resources

Windows Live Remote Service

Windows Live Remote Service Resources

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

Zuma Deluxe

.

==== End Of File ===========================

[Getting lots of popups]

DDS (Ver_2012-11-20.01) - NTFS_AMD64 

Internet Explorer: 11.0.9600.16428

Run by Heather at 18:30:07 on 2014-01-04

Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.1900.399 [GMT -7:00]

.

AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Norton Internet Security *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

.

============== Running Processes ===============

.

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe

C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe

C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe

C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe

C:\Program Files (x86)\Norton Internet Security\Engine\19.0.0.128\ccSvcHst.exe

C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe

C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\taskhost.exe

C:\Program Files (x86)\Norton Internet Security\Engine\19.0.0.128\ccSvcHst.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE

C:\Users\Heather\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe

C:\Windows\System32\StikyNot.exe

C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar1.exe

C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar2.exe

C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe

C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe

C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe

C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\splwow64.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\Canon\Solution Menu EX\CNSEUPDT.EXE

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Windows\system32\taskeng.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Windows\System32\svchost.exe -k secsvcs

C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\Windows\system32\wuauclt.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\SeaPort.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Windows\SysWOW64\notepad.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

mWinlogon: Userinit = userinit.exe,

BHO: MSS+ Identifier: {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll

BHO: Bing Bar Helper: {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BingExt.dll

BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.0.0.128\CoIEPlg.dll

BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.0.0.128\IPS\IPSBHO.dll

BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.0.0.128\CoIEPlg.dll

TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.0.0.128\CoIEPlg.dll

TB: Bing Bar: {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BingExt.dll

uRun: [spotify Web Helper] "C:\Users\Heather\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"

uRun: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe

mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

mRun: [HPQuickWebProxy] "C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe"

mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe

mRun: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe

mRun: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe

mPolicies-Explorer: NoActiveDesktop = dword:1

mPolicies-Explorer: NoActiveDesktopChanges = dword:1

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204

TCP: NameServer = 192.168.2.1 192.168.2.1

TCP: Interfaces\{36F5EB81-152C-49FC-9C23-1F8F832FC9F7} : DHCPNameServer = 192.168.2.1 192.168.2.1

TCP: Interfaces\{36F5EB81-152C-49FC-9C23-1F8F832FC9F7}\84541445845425D28405F5E4564777F627B6 : DHCPNameServer = 192.168.2.1 192.168.2.1

TCP: Interfaces\{36F5EB81-152C-49FC-9C23-1F8F832FC9F7}\84541445845425D28405F5E4564777F627B6F513 : DHCPNameServer = 192.168.2.1 192.168.2.1

TCP: Interfaces\{B53BB598-61A9-4CBC-BEFF-62F7B4216142} : DHCPNameServer = 192.168.2.1 192.168.2.1

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

SSODL: WebCheck - <orphaned>

mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome

x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s

x64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe

x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe

x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe

x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe

x64-Run: [setDefault] C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe

x64-Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon

x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>

x64-Notify: igfxcui - igfxdev.dll

x64-SSODL: WebCheck - <orphaned>

.

============= SERVICES / DRIVERS ===============

.

R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\NISx64\1300000.080\SymDS64.sys [2012-4-20 451192]

R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\NISx64\1300000.080\SymEFA64.sys [2012-4-20 1083512]

R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\BASHDefs\20131203.001\BHDrvx64.sys [2013-12-3 1526488]

R1 ccSet_NIS;Norton Internet Security Settings Manager;C:\Windows\System32\drivers\NISx64\1300000.080\ccSetx64.sys [2012-4-20 165512]

R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\IPSDefs\20131206.001\IDSviA64.sys [2013-12-6 521816]

R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\NISx64\1300000.080\Ironx64.sys [2012-4-20 189560]

R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\NISx64\1300000.080\symnets.sys [2012-4-20 396408]

R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2012-4-20 98208]

R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2013-4-22 822504]

R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-6-21 85560]

R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]

R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-6-16 103992]

R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2011-6-14 26680]

R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-4-20 13336]

R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2012-4-20 1817088]

R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\19.0.0.128\ccSvcHst.exe [2012-4-20 138760]

R2 RoxioNow Service;RoxioNow Service;C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-11-26 399344]

R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2013-6-26 523944]

R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-4-20 2656280]

R3 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\SeaPort.EXE [2013-7-23 240288]

R3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\System32\drivers\clwvd.sys [2010-7-28 31088]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2013-11-28 137648]

R3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\System32\drivers\RtsPStor.sys [2012-4-20 335464]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-4-20 436840]

R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\Windows\System32\drivers\rtl8192ce.sys [2012-4-20 1145448]

R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2013-6-26 767144]

R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2013-6-26 273576]

R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2013-6-26 28840]

R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2013-6-26 23208]

R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2013-6-26 207528]

S2 BBSvc;BingBar Service;C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BBSvc.EXE [2013-7-23 193696]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S3 GamesAppIntegrationService;GamesAppIntegrationService;C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [2013-12-16 227904]

S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]

S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2013-12-12 111616]

S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [2013-9-6 288776]

S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]

S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]

S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]

S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-8-28 1255736]

S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]

.

=============== Created Last 30 ================

.

2014-01-05 00:33:17 -------- d-----w- C:\Users\Heather\AppData\Roaming\Malwarebytes

2014-01-05 00:33:06 -------- d-----w- C:\ProgramData\Malwarebytes

2014-01-05 00:32:48 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys

2014-01-05 00:32:48 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2014-01-05 00:32:29 -------- d-----w- C:\Users\Heather\AppData\Local\Programs

2014-01-05 00:07:46 -------- d-----w- C:\Windows\ERUNT

2014-01-04 23:50:18 -------- d-----w- C:\AdwCleaner

2014-01-03 19:04:08 10315576 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{9E024B92-D303-4684-AF81-06FB27EA7A42}\mpengine.dll

2014-01-03 01:04:03 -------- d-----w- C:\Users\Heather\AppData\Roaming\WildTangent

2014-01-01 01:08:42 -------- d-----w- C:\Users\Heather\AppData\Local\Adobe_Systems_Incorporate

2013-12-12 15:33:14 167424 ----a-w- C:\Program Files\Windows Media Player\wmplayer.exe

2013-12-12 15:33:14 164864 ----a-w- C:\Program Files (x86)\Windows Media Player\wmplayer.exe

2013-12-12 15:33:13 12625920 ----a-w- C:\Windows\System32\wmploc.DLL

2013-12-12 15:33:12 12625408 ----a-w- C:\Windows\SysWow64\wmploc.DLL

2013-12-12 15:31:00 293072 ----a-w- C:\Program Files\Internet Explorer\sqmapi.dll

2013-12-12 15:31:00 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2013-12-12 15:31:00 2724864 ----a-w- C:\Windows\System32\mshtml.tlb

2013-12-12 15:31:00 235216 ----a-w- C:\Program Files (x86)\Internet Explorer\sqmapi.dll

2013-12-12 08:42:39 335360 ----a-w- C:\Windows\System32\msieftp.dll

2013-12-12 08:42:39 301568 ----a-w- C:\Windows\SysWow64\msieftp.dll

2013-12-12 08:42:37 3155968 ----a-w- C:\Windows\System32\win32k.sys

2013-12-12 08:42:34 465920 ----a-w- C:\Windows\System32\WMPhoto.dll

2013-12-12 08:42:34 417792 ----a-w- C:\Windows\SysWow64\WMPhoto.dll

2013-12-12 08:42:26 81408 ----a-w- C:\Windows\System32\imagehlp.dll

2013-12-12 08:42:26 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll

2013-12-12 08:41:48 2048 ----a-w- C:\Windows\SysWow64\tzres.dll

2013-12-12 08:41:48 2048 ----a-w- C:\Windows\System32\tzres.dll

2013-12-12 08:41:35 230400 ----a-w- C:\Windows\System32\drivers\portcls.sys

2013-12-12 08:41:35 116736 ----a-w- C:\Windows\System32\drivers\drmk.sys

2013-12-12 08:41:33 202752 ----a-w- C:\Windows\System32\scrrun.dll

2013-12-12 08:41:33 168960 ----a-w- C:\Windows\System32\wscript.exe

2013-12-12 08:41:33 163840 ----a-w- C:\Windows\SysWow64\scrrun.dll

2013-12-12 08:41:33 156160 ----a-w- C:\Windows\System32\cscript.exe

2013-12-12 08:41:33 150016 ----a-w- C:\Windows\System32\wshom.ocx

2013-12-12 08:41:33 141824 ----a-w- C:\Windows\SysWow64\wscript.exe

2013-12-12 08:41:33 126976 ----a-w- C:\Windows\SysWow64\cscript.exe

2013-12-12 08:41:33 121856 ----a-w- C:\Windows\SysWow64\wshom.ocx

2013-12-09 19:11:29 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

.

==================== Find3M  ====================

.

2013-12-10 20:38:58 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2013-11-26 10:18:23 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll

2013-11-26 09:48:07 66048 ----a-w- C:\Windows\System32\iesetup.dll

2013-11-26 09:46:25 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll

2013-11-26 09:18:39 139264 ----a-w- C:\Windows\System32\ieUnatt.exe

2013-11-26 09:18:09 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe

2013-11-26 09:16:57 708608 ----a-w- C:\Windows\System32\jscript9diag.dll

2013-11-26 08:35:02 5769216 ----a-w- C:\Windows\System32\jscript9.dll

2013-11-26 08:28:16 553472 ----a-w- C:\Windows\SysWow64\jscript9diag.dll

2013-11-26 08:16:12 4243968 ----a-w- C:\Windows\SysWow64\jscript9.dll

2013-11-26 08:02:16 1995264 ----a-w- C:\Windows\System32\inetcpl.cpl

2013-11-26 07:32:06 1928192 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2013-11-26 07:07:57 2334208 ----a-w- C:\Windows\System32\wininet.dll

2013-11-26 06:33:33 1820160 ----a-w- C:\Windows\SysWow64\wininet.dll

2013-11-19 10:33:38 267936 ------w- C:\Windows\System32\MpSigStub.exe

2013-10-12 02:30:42 830464 ----a-w- C:\Windows\System32\nshwfp.dll

2013-10-12 02:29:21 859648 ----a-w- C:\Windows\System32\IKEEXT.DLL

2013-10-12 02:29:08 324096 ----a-w- C:\Windows\System32\FWPUCLNT.DLL

2013-10-12 02:03:08 656896 ----a-w- C:\Windows\SysWow64\nshwfp.dll

2013-10-12 02:01:25 216576 ----a-w- C:\Windows\SysWow64\FWPUCLNT.DLL

.

============= FINISH: 18:31:01.53 ===============

[Getting lots of popups]

Results of screen317's Security Check version 0.99.78  

 Windows 7 Service Pack 1 x64 (UAC is enabled)  

 Internet Explorer 11  

``````````````Antivirus/Firewall Check:`````````````` 

 Windows Firewall Enabled!  

Norton Internet Security   

 WMI entry may not exist for antivirus; attempting automatic update. 

`````````Anti-malware/Other Utilities Check:````````` 

 Malwarebytes Anti-Malware version 1.75.0.1300  

 Adobe Reader XI  

 Google Chrome 31.0.1650.57  

 Google Chrome 31.0.1650.63  

````````Process Check: objlist.exe by Laurent````````  

 Norton ccSvcHst.exe 

`````````````````System Health check````````````````` 

 Total Fragmentation on Drive C: 1% 

````````````````````End of Log`````````````````````` 

[Getting lots of popups]

Ok, I think that is all. Let me know if I need to do anything else. Thanks!

[Getting lots of popups]

Malwarebytes Anti-Malware 1.75.0.1300

www.malwarebytes.org

 

Database version: v2014.01.04.08

 

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 11.0.9600.16476

Heather :: HEATHER-HP [administrator]

 

1/4/2014 5:34:37 PM

mbam-log-2014-01-04 (17-34-37).txt

 

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 210854

Time elapsed: 6 minute(s), 14 second(s)

 

Memory Processes Detected: 0

(No malicious items detected)

 

Memory Modules Detected: 0

(No malicious items detected)

 

Registry Keys Detected: 0

(No malicious items detected)

 

Registry Values Detected: 0

(No malicious items detected)

 

Registry Data Items Detected: 0

(No malicious items detected)

 

Folders Detected: 0

(No malicious items detected)

 

Files Detected: 4

C:\Users\Heather\AppData\Local\Temp\ICReinstall_PDFWriterSetup.exe (PUP.Optional.Bundle) -> Quarantined and deleted successfully.

C:\Users\Heather\Downloads\expertpdf7.exe (PUP.Optional.InstallIQ) -> Quarantined and deleted successfully.

C:\Users\Heather\Downloads\filewhiz_d6624754.exe (PUP.Optional.InstallIQ) -> Quarantined and deleted successfully.

C:\Users\Heather\Downloads\PDFWriterSetup.exe (PUP.Optional.Bundle) -> Quarantined and deleted successfully.

 

(end)

[Getting lots of popups]

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 6.0.9 (01.01.2014:1)

OS: Windows 7 Home Premium x64

Ran by Heather on Sat 01/04/2014 at 17:07:50.44

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

 

 

~~~ Services

 

 

 

~~~ Registry Values

 

 

 

~~~ Registry Keys

 

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{F3EFB319-44BB-458B-AE19-38777B2159EE}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{F3EFB319-44BB-458B-AE19-38777B2159EE}

 

 

 

~~~ Files

 

Successfully deleted: [File] C:\Windows\syswow64\sho7155.tmp

Successfully deleted: [File] C:\Windows\syswow64\sho9929.tmp

Successfully deleted: [File] C:\Windows\syswow64\shoA789.tmp

Successfully deleted: [File] C:\Windows\syswow64\shoB8AC.tmp

Successfully deleted: [File] C:\Windows\syswow64\shoC971.tmp

 

 

 

~~~ Folders

 

Successfully deleted: [Empty Folder] C:\Users\Heather\appdata\local\{08ED12F3-6D7C-4822-9B32-E018103AD9D4}

Successfully deleted: [Empty Folder] C:\Users\Heather\appdata\local\{121E094E-6059-4BE9-83DE-31278B33A17F}

Successfully deleted: [Empty Folder] C:\Users\Heather\appdata\local\{1D7434CD-40C1-4BC8-AFAF-D827C06E8251}

Successfully deleted: [Empty Folder] C:\Users\Heather\appdata\local\{22372744-455E-4E8C-AA60-19F484ECAF66}

Successfully deleted: [Empty Folder] C:\Users\Heather\appdata\local\{30DDCF5B-8999-40FF-A148-DEAF22E3E4BB}

Successfully deleted: [Empty Folder] C:\Users\Heather\appdata\local\{331F61FE-6CF2-4854-8329-A8E24AFA45C8}

Successfully deleted: [Empty Folder] C:\Users\Heather\appdata\local\{35ECF916-D9C6-4C9B-B1D0-CDA68616AA6B}

Successfully deleted: [Empty Folder] C:\Users\Heather\appdata\local\{3A0F837E-ED58-41D5-BE94-9F626B691F8E}

Successfully deleted: [Empty Folder] C:\Users\Heather\appdata\local\{3CF14F7D-5617-4773-9758-7466C32D7F40}

Successfully deleted: [Empty Folder] C:\Users\Heather\appdata\local\{6D57793F-8A61-4E7E-856B-0237B2B00520}

Successfully deleted: [Empty Folder] C:\Users\Heather\appdata\local\{76315C5C-BF15-4880-BE37-F50678424CD9}

Successfully deleted: [Empty Folder] C:\Users\Heather\appdata\local\{79412D3B-CB37-41E3-9984-E4F78E00C41E}

Successfully deleted: [Empty Folder] C:\Users\Heather\appdata\local\{7B0DE728-49FD-431B-AA2D-49DA2D9CFFF1}

Successfully deleted: [Empty Folder] C:\Users\Heather\appdata\local\{83F54E86-9B07-4560-B06D-4BE66AE206B3}

Successfully deleted: [Empty Folder] C:\Users\Heather\appdata\local\{88E7C29A-3225-4D91-9459-B30E6CBEEF42}

Successfully deleted: [Empty Folder] C:\Users\Heather\appdata\local\{A10516B9-BCBC-413D-BA38-8C81B49BD393}

Successfully deleted: [Empty Folder] C:\Users\Heather\appdata\local\{A4556C1D-C1FD-4195-BE7B-80318F548C5E}

Successfully deleted: [Empty Folder] C:\Users\Heather\appdata\local\{A5362C2B-8E85-40DE-BF34-A5C5440EDAB3}

Successfully deleted: [Empty Folder] C:\Users\Heather\appdata\local\{B7B4E8DD-FF1D-4A7F-B97D-EEC84A99D9EF}

Successfully deleted: [Empty Folder] C:\Users\Heather\appdata\local\{C2E75C03-E580-4C18-9693-997543595A81}

Successfully deleted: [Empty Folder] C:\Users\Heather\appdata\local\{C94CF1EB-3618-493C-9076-D2B88A97CBF3}

Successfully deleted: [Empty Folder] C:\Users\Heather\appdata\local\{DAFEC4D7-439C-4D3D-96EC-F9105EE2D1D8}

Successfully deleted: [Empty Folder] C:\Users\Heather\appdata\local\{E3372862-BDA7-4173-80FD-F3D3B8D3C5BC}

Successfully deleted: [Empty Folder] C:\Users\Heather\appdata\local\{ECEFA725-6823-4290-A404-201F33510412}

Successfully deleted: [Empty Folder] C:\Users\Heather\appdata\local\{FBA73C6C-D64B-473B-A972-72EF77E7526C}

 

 

 

~~~ Event Viewer Logs were cleared

 

 

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on Sat 01/04/2014 at 17:19:29.86

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

[Getting lots of popups]

# AdwCleaner v3.016 - Report created 04/01/2014 at 16:56:32

# Updated 23/12/2013 by Xplode

# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)

# Username : Heather - HEATHER-HP

# Running from : C:\Users\Heather\Downloads\adwcleaner.exe

# Option : Clean

 

***** [ Services ] *****

 

 

***** [ Files / Folders ] *****

 

Folder Deleted : C:\Users\Heather\AppData\Roaming\digitalsite

File Deleted : C:\Windows\Tasks\digitalsite.job

File Deleted : C:\Windows\System32\Tasks\digitalsite

 

***** [ Shortcuts ] *****

 

 

***** [ Registry ] *****

 

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}

Key Deleted : HKCU\Software\dsiteproducts

Key Deleted : HKLM\Software\InstallIQ

 

***** [ Browsers ] *****

 

-\\ Internet Explorer v11.0.9600.16428

 

 

-\\ Google Chrome v31.0.1650.63

 

[ File : C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Default\preferences ]

 

 

*************************

 

AdwCleaner[R0].txt - [2597 octets] - [04/01/2014 16:51:40]

AdwCleaner[s0].txt - [2156 octets] - [04/01/2014 16:56:32]

 

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [2216 octets] ##########

[Getting lots of popups]

Hello. I am getting alot of popups and my internet is starting to run slower than normal. Can you help me out?

Thanks. 

Heather