Getting lots of popups


Recommended Posts

Howdy wyomingmommyof2 and welcome to BestTechie !!!  

My name is flashh4 (Chuck) and i will be assisting you with the cleaning of your computer.

Run these 1 at a time & post each log as you get it ! Work them as your time permits you to !!

If you don't understand something, please don't hesitate to ask for clarification before proceeding !!! You can PM me if you need to !!
Do Not Remove anything or run any tools/programs until advised to do so !

Perform all actions in the order given.

Please stay with us until we give you the "All Clean Speech"! Just because the problem has stopped it may still need some clean-up !  

Please note that all instructions given are customized for this computer only, the tools used may cause damage if used on a computer with different infections.  

If you think you have similar problems, please post a log in the Malware Removal forum and wait for help.  


===================================


AdwCleaner
       
Please download adwcleaner by Xplode onto your desktop.
Double click on AdwCleaner.exe to run the tool again.
       Windows XP : Double click on the icon to run it.

       Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"

    *Click on the Scan button.
    *AdwCleaner will begin to scan your computer like it did before.
    *After the scan has finished .......
    
    This time, click on the Clean button.
    
    *Press OK when asked to close all programs and follow the onscreen prompts.
    *Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
    *After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
    *Copy and paste the contents of that logfile in your next reply.
    *A copy of that logfile will also be saved in the C:\AdwCleaner folder.



NEXT

thisisujrt-1.gif
    Please download Junkware Removal Tool and save to your desk top.

    Shut down your protection software now to avoid potential conflicts.

    * Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    * The tool will open and start scanning your system.
    * Please be patient as this can take a while to complete depending on your system's specifications.
    * On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    * Post the contents of JRT.txt into your next reply !

Re-Boot your computer now !!


NEXT


MALWAREBYTES with Pics:

Please download Malwarebytes' Anti-Malware to your desktop.


    * Double-click  mbam-setup.exe and follow the prompts to install the program.
    * At the end, be sure a checkmark is placed next to  Update Malwarebytes' Anti-Malware and  Launch Malwarebytes' Anti-Malware, then click  Finish.
    * If an update is found, it will download and install the latest version.
    * Once the program has loaded, select  Perform quick scan, then click Scan.

mbam-1.jpg


When the scan is complete, click  OK, then  Show Results to view the results.

scan-finished.jpg

    *  Then click  Remove Selected .
    * When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
    * Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.

The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
    Or via the Logs tab when the application is started.



Please don't attach the scans / logs, use "copy/paste".

 

 

Do these one at a time & copy & paste the logs that will pop=up save them & post here !! After you get one done & posted go on to the next one !!


Post next:
1. AdwCleaner Log
2. Junkware Removal Log
3. Malwarebytes log

 

Thanks
Chuck

Link to post
Share on other sites
# AdwCleaner v3.016 - Report created 04/01/2014 at 16:56:32

# Updated 23/12/2013 by Xplode

# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)

# Username : Heather - HEATHER-HP

# Running from : C:\Users\Heather\Downloads\adwcleaner.exe

# Option : Clean

 

***** [ Services ] *****

 

 

***** [ Files / Folders ] *****

 

Folder Deleted : C:\Users\Heather\AppData\Roaming\digitalsite

File Deleted : C:\Windows\Tasks\digitalsite.job

File Deleted : C:\Windows\System32\Tasks\digitalsite

 

***** [ Shortcuts ] *****

 

 

***** [ Registry ] *****

 

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}

Key Deleted : HKCU\Software\dsiteproducts

Key Deleted : HKLM\Software\InstallIQ

 

***** [ Browsers ] *****

 

-\\ Internet Explorer v11.0.9600.16428

 

 

-\\ Google Chrome v31.0.1650.63

 

[ File : C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Default\preferences ]

 

 

*************************

 

AdwCleaner[R0].txt - [2597 octets] - [04/01/2014 16:51:40]

AdwCleaner[s0].txt - [2156 octets] - [04/01/2014 16:56:32]

 

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [2216 octets] ##########

Link to post
Share on other sites
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 6.0.9 (01.01.2014:1)

OS: Windows 7 Home Premium x64

Ran by Heather on Sat 01/04/2014 at 17:07:50.44

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

 

 

~~~ Services

 

 

 

~~~ Registry Values

 

 

 

~~~ Registry Keys

 

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{F3EFB319-44BB-458B-AE19-38777B2159EE}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{F3EFB319-44BB-458B-AE19-38777B2159EE}

 

 

 

~~~ Files

 

Successfully deleted: [File] C:\Windows\syswow64\sho7155.tmp

Successfully deleted: [File] C:\Windows\syswow64\sho9929.tmp

Successfully deleted: [File] C:\Windows\syswow64\shoA789.tmp

Successfully deleted: [File] C:\Windows\syswow64\shoB8AC.tmp

Successfully deleted: [File] C:\Windows\syswow64\shoC971.tmp

 

 

 

~~~ Folders

 

Successfully deleted: [Empty Folder] C:\Users\Heather\appdata\local\{08ED12F3-6D7C-4822-9B32-E018103AD9D4}

Successfully deleted: [Empty Folder] C:\Users\Heather\appdata\local\{121E094E-6059-4BE9-83DE-31278B33A17F}

Successfully deleted: [Empty Folder] C:\Users\Heather\appdata\local\{1D7434CD-40C1-4BC8-AFAF-D827C06E8251}

Successfully deleted: [Empty Folder] C:\Users\Heather\appdata\local\{22372744-455E-4E8C-AA60-19F484ECAF66}

Successfully deleted: [Empty Folder] C:\Users\Heather\appdata\local\{30DDCF5B-8999-40FF-A148-DEAF22E3E4BB}

Successfully deleted: [Empty Folder] C:\Users\Heather\appdata\local\{331F61FE-6CF2-4854-8329-A8E24AFA45C8}

Successfully deleted: [Empty Folder] C:\Users\Heather\appdata\local\{35ECF916-D9C6-4C9B-B1D0-CDA68616AA6B}

Successfully deleted: [Empty Folder] C:\Users\Heather\appdata\local\{3A0F837E-ED58-41D5-BE94-9F626B691F8E}

Successfully deleted: [Empty Folder] C:\Users\Heather\appdata\local\{3CF14F7D-5617-4773-9758-7466C32D7F40}

Successfully deleted: [Empty Folder] C:\Users\Heather\appdata\local\{6D57793F-8A61-4E7E-856B-0237B2B00520}

Successfully deleted: [Empty Folder] C:\Users\Heather\appdata\local\{76315C5C-BF15-4880-BE37-F50678424CD9}

Successfully deleted: [Empty Folder] C:\Users\Heather\appdata\local\{79412D3B-CB37-41E3-9984-E4F78E00C41E}

Successfully deleted: [Empty Folder] C:\Users\Heather\appdata\local\{7B0DE728-49FD-431B-AA2D-49DA2D9CFFF1}

Successfully deleted: [Empty Folder] C:\Users\Heather\appdata\local\{83F54E86-9B07-4560-B06D-4BE66AE206B3}

Successfully deleted: [Empty Folder] C:\Users\Heather\appdata\local\{88E7C29A-3225-4D91-9459-B30E6CBEEF42}

Successfully deleted: [Empty Folder] C:\Users\Heather\appdata\local\{A10516B9-BCBC-413D-BA38-8C81B49BD393}

Successfully deleted: [Empty Folder] C:\Users\Heather\appdata\local\{A4556C1D-C1FD-4195-BE7B-80318F548C5E}

Successfully deleted: [Empty Folder] C:\Users\Heather\appdata\local\{A5362C2B-8E85-40DE-BF34-A5C5440EDAB3}

Successfully deleted: [Empty Folder] C:\Users\Heather\appdata\local\{B7B4E8DD-FF1D-4A7F-B97D-EEC84A99D9EF}

Successfully deleted: [Empty Folder] C:\Users\Heather\appdata\local\{C2E75C03-E580-4C18-9693-997543595A81}

Successfully deleted: [Empty Folder] C:\Users\Heather\appdata\local\{C94CF1EB-3618-493C-9076-D2B88A97CBF3}

Successfully deleted: [Empty Folder] C:\Users\Heather\appdata\local\{DAFEC4D7-439C-4D3D-96EC-F9105EE2D1D8}

Successfully deleted: [Empty Folder] C:\Users\Heather\appdata\local\{E3372862-BDA7-4173-80FD-F3D3B8D3C5BC}

Successfully deleted: [Empty Folder] C:\Users\Heather\appdata\local\{ECEFA725-6823-4290-A404-201F33510412}

Successfully deleted: [Empty Folder] C:\Users\Heather\appdata\local\{FBA73C6C-D64B-473B-A972-72EF77E7526C}

 

 

 

~~~ Event Viewer Logs were cleared

 

 

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on Sat 01/04/2014 at 17:19:29.86

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Link to post
Share on other sites
Malwarebytes Anti-Malware 1.75.0.1300

www.malwarebytes.org

 

Database version: v2014.01.04.08

 

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 11.0.9600.16476

Heather :: HEATHER-HP [administrator]

 

1/4/2014 5:34:37 PM

mbam-log-2014-01-04 (17-34-37).txt

 

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 210854

Time elapsed: 6 minute(s), 14 second(s)

 

Memory Processes Detected: 0

(No malicious items detected)

 

Memory Modules Detected: 0

(No malicious items detected)

 

Registry Keys Detected: 0

(No malicious items detected)

 

Registry Values Detected: 0

(No malicious items detected)

 

Registry Data Items Detected: 0

(No malicious items detected)

 

Folders Detected: 0

(No malicious items detected)

 

Files Detected: 4

C:\Users\Heather\AppData\Local\Temp\ICReinstall_PDFWriterSetup.exe (PUP.Optional.Bundle) -> Quarantined and deleted successfully.

C:\Users\Heather\Downloads\expertpdf7.exe (PUP.Optional.InstallIQ) -> Quarantined and deleted successfully.

C:\Users\Heather\Downloads\filewhiz_d6624754.exe (PUP.Optional.InstallIQ) -> Quarantined and deleted successfully.

C:\Users\Heather\Downloads\PDFWriterSetup.exe (PUP.Optional.Bundle) -> Quarantined and deleted successfully.

 

(end)
Link to post
Share on other sites

Thanks Wyomommy, i think we need to look a little deeper, i want to make sure we get those pop-ups stopped !! !

 

 

Security Check

Please download and save SecurityCheck.exe to your Desktop from one of the links below.

Link 1 >>> http://screen317.spywareinfoforum.org/SecurityCheck.exe.

Link 2 >>> http://screen317.changelog.fr/SecurityCheck.exe

    * Double click SecurityCheck.exe and follow the onscreen instructions inside the black box.
    * A Notepad document should open automatically called checkup.txt
    * Please post the contents of that document in your next reply.
 

 

 

 

NEXT

 

 

 

 

Download DDS and save it to your Desktop.  >>> DDS


    Double click dds.scr to run the tool.
    If using Vista or Windows 7 you will be prompted by UAC, please allow the prompt.
    DDS will now scan your computer.
    When the scan is complete, DDS will open two (2) logs:
        DDS.txt
        Attach.txt
    If not saved these logs will be automatically deleted when closed, so save both to your Desktop.
    Please note it is important that you post BOTH logs in your topic.


Please note: DDS will ask you to attach the second log (Attach.txt), please ignore this notice and post the log instead.


Any problems downloading or running DDS.scr, try THIS alternate (DDS.com) version of DDS http://download.bleepingcomputer.com/sUBs/dds.com

 

 

 

 

 

NEXT

 

 

 

 

Download OldTimer to your desk top !
Links: http://oldtimer.geekstogo.com/OTL.com http://oldtimer.geekstogo.com/OTL.scr  
 
If you already have a copy of OTL delete it and use this version.  (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).

* Double click OTL.exe to launch the program.
* Check the following.

o Scan all users.
o Standard Output. o Lop check.
o Purity check. oExtra Registry > Use SafeList  

* Under Extra Registry section, select Use SafeList
* Click the Run Scan button and wait for the scan to finish (usually about 10-15 mins).
* When finished it will produce two logs.

o OTL.txt (open on your desktop).
o Extras.txt (minimised in your taskbar) The Extras.txt file will only appear the very first time you run OTL.

* Please post me both logs. This may have to be broken into more than one post !   



Post Next:
 

1. Security Check log

2. DDS logs

3. OTL log

 

 

Thanks

Chuck

 

Leave all the programs installed until we are done so if need be we can run one again ! We will remove all when done !

Link to post
Share on other sites
Results of screen317's Security Check version 0.99.78  

 Windows 7 Service Pack 1 x64 (UAC is enabled)  

 Internet Explorer 11  

``````````````Antivirus/Firewall Check:`````````````` 

 Windows Firewall Enabled!  

Norton Internet Security   

 WMI entry may not exist for antivirus; attempting automatic update. 

`````````Anti-malware/Other Utilities Check:````````` 

 Malwarebytes Anti-Malware version 1.75.0.1300  

 Adobe Reader XI  

 Google Chrome 31.0.1650.57  

 Google Chrome 31.0.1650.63  

````````Process Check: objlist.exe by Laurent````````  

 Norton ccSvcHst.exe 

`````````````````System Health check````````````````` 

 Total Fragmentation on Drive C: 1% 

````````````````````End of Log`````````````````````` 
Link to post
Share on other sites
DDS (Ver_2012-11-20.01) - NTFS_AMD64 

Internet Explorer: 11.0.9600.16428

Run by Heather at 18:30:07 on 2014-01-04

Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.1900.399 [GMT -7:00]

.

AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Norton Internet Security *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

.

============== Running Processes ===============

.

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe

C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe

C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe

C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe

C:\Program Files (x86)\Norton Internet Security\Engine\19.0.0.128\ccSvcHst.exe

C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe

C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\taskhost.exe

C:\Program Files (x86)\Norton Internet Security\Engine\19.0.0.128\ccSvcHst.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE

C:\Users\Heather\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe

C:\Windows\System32\StikyNot.exe

C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar1.exe

C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar2.exe

C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe

C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe

C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe

C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\splwow64.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\Canon\Solution Menu EX\CNSEUPDT.EXE

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Windows\system32\taskeng.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Windows\System32\svchost.exe -k secsvcs

C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\Windows\system32\wuauclt.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\SeaPort.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Windows\SysWOW64\notepad.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.


mWinlogon: Userinit = userinit.exe,

BHO: MSS+ Identifier: {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll

BHO: Bing Bar Helper: {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BingExt.dll

BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.0.0.128\CoIEPlg.dll

BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.0.0.128\IPS\IPSBHO.dll

BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.0.0.128\CoIEPlg.dll

TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.0.0.128\CoIEPlg.dll

TB: Bing Bar: {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BingExt.dll

uRun: [spotify Web Helper] "C:\Users\Heather\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"

uRun: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe

mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

mRun: [HPQuickWebProxy] "C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe"

mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe

mRun: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe

mRun: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe

mPolicies-Explorer: NoActiveDesktop = dword:1

mPolicies-Explorer: NoActiveDesktopChanges = dword:1

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204

TCP: NameServer = 192.168.2.1 192.168.2.1

TCP: Interfaces\{36F5EB81-152C-49FC-9C23-1F8F832FC9F7} : DHCPNameServer = 192.168.2.1 192.168.2.1

TCP: Interfaces\{36F5EB81-152C-49FC-9C23-1F8F832FC9F7}\84541445845425D28405F5E4564777F627B6 : DHCPNameServer = 192.168.2.1 192.168.2.1

TCP: Interfaces\{36F5EB81-152C-49FC-9C23-1F8F832FC9F7}\84541445845425D28405F5E4564777F627B6F513 : DHCPNameServer = 192.168.2.1 192.168.2.1

TCP: Interfaces\{B53BB598-61A9-4CBC-BEFF-62F7B4216142} : DHCPNameServer = 192.168.2.1 192.168.2.1

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

SSODL: WebCheck - <orphaned>

mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome

x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s

x64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe

x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe

x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe

x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe

x64-Run: [setDefault] C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe

x64-Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon

x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>

x64-Notify: igfxcui - igfxdev.dll

x64-SSODL: WebCheck - <orphaned>

.

============= SERVICES / DRIVERS ===============

.

R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\NISx64\1300000.080\SymDS64.sys [2012-4-20 451192]

R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\NISx64\1300000.080\SymEFA64.sys [2012-4-20 1083512]

R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\BASHDefs\20131203.001\BHDrvx64.sys [2013-12-3 1526488]

R1 ccSet_NIS;Norton Internet Security Settings Manager;C:\Windows\System32\drivers\NISx64\1300000.080\ccSetx64.sys [2012-4-20 165512]

R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\IPSDefs\20131206.001\IDSviA64.sys [2013-12-6 521816]

R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\NISx64\1300000.080\Ironx64.sys [2012-4-20 189560]

R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\NISx64\1300000.080\symnets.sys [2012-4-20 396408]

R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2012-4-20 98208]

R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2013-4-22 822504]

R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-6-21 85560]

R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]

R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-6-16 103992]

R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2011-6-14 26680]

R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-4-20 13336]

R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2012-4-20 1817088]

R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\19.0.0.128\ccSvcHst.exe [2012-4-20 138760]

R2 RoxioNow Service;RoxioNow Service;C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-11-26 399344]

R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2013-6-26 523944]

R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-4-20 2656280]

R3 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\SeaPort.EXE [2013-7-23 240288]

R3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\System32\drivers\clwvd.sys [2010-7-28 31088]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2013-11-28 137648]

R3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\System32\drivers\RtsPStor.sys [2012-4-20 335464]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-4-20 436840]

R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\Windows\System32\drivers\rtl8192ce.sys [2012-4-20 1145448]

R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2013-6-26 767144]

R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2013-6-26 273576]

R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2013-6-26 28840]

R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2013-6-26 23208]

R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2013-6-26 207528]

S2 BBSvc;BingBar Service;C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BBSvc.EXE [2013-7-23 193696]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S3 GamesAppIntegrationService;GamesAppIntegrationService;C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [2013-12-16 227904]

S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]

S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2013-12-12 111616]

S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [2013-9-6 288776]

S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]

S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]

S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]

S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-8-28 1255736]

S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]

.

=============== Created Last 30 ================

.

2014-01-05 00:33:17 -------- d-----w- C:\Users\Heather\AppData\Roaming\Malwarebytes

2014-01-05 00:33:06 -------- d-----w- C:\ProgramData\Malwarebytes

2014-01-05 00:32:48 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys

2014-01-05 00:32:48 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2014-01-05 00:32:29 -------- d-----w- C:\Users\Heather\AppData\Local\Programs

2014-01-05 00:07:46 -------- d-----w- C:\Windows\ERUNT

2014-01-04 23:50:18 -------- d-----w- C:\AdwCleaner

2014-01-03 19:04:08 10315576 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{9E024B92-D303-4684-AF81-06FB27EA7A42}\mpengine.dll

2014-01-03 01:04:03 -------- d-----w- C:\Users\Heather\AppData\Roaming\WildTangent

2014-01-01 01:08:42 -------- d-----w- C:\Users\Heather\AppData\Local\Adobe_Systems_Incorporate

2013-12-12 15:33:14 167424 ----a-w- C:\Program Files\Windows Media Player\wmplayer.exe

2013-12-12 15:33:14 164864 ----a-w- C:\Program Files (x86)\Windows Media Player\wmplayer.exe

2013-12-12 15:33:13 12625920 ----a-w- C:\Windows\System32\wmploc.DLL

2013-12-12 15:33:12 12625408 ----a-w- C:\Windows\SysWow64\wmploc.DLL

2013-12-12 15:31:00 293072 ----a-w- C:\Program Files\Internet Explorer\sqmapi.dll

2013-12-12 15:31:00 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2013-12-12 15:31:00 2724864 ----a-w- C:\Windows\System32\mshtml.tlb

2013-12-12 15:31:00 235216 ----a-w- C:\Program Files (x86)\Internet Explorer\sqmapi.dll

2013-12-12 08:42:39 335360 ----a-w- C:\Windows\System32\msieftp.dll

2013-12-12 08:42:39 301568 ----a-w- C:\Windows\SysWow64\msieftp.dll

2013-12-12 08:42:37 3155968 ----a-w- C:\Windows\System32\win32k.sys

2013-12-12 08:42:34 465920 ----a-w- C:\Windows\System32\WMPhoto.dll

2013-12-12 08:42:34 417792 ----a-w- C:\Windows\SysWow64\WMPhoto.dll

2013-12-12 08:42:26 81408 ----a-w- C:\Windows\System32\imagehlp.dll

2013-12-12 08:42:26 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll

2013-12-12 08:41:48 2048 ----a-w- C:\Windows\SysWow64\tzres.dll

2013-12-12 08:41:48 2048 ----a-w- C:\Windows\System32\tzres.dll

2013-12-12 08:41:35 230400 ----a-w- C:\Windows\System32\drivers\portcls.sys

2013-12-12 08:41:35 116736 ----a-w- C:\Windows\System32\drivers\drmk.sys

2013-12-12 08:41:33 202752 ----a-w- C:\Windows\System32\scrrun.dll

2013-12-12 08:41:33 168960 ----a-w- C:\Windows\System32\wscript.exe

2013-12-12 08:41:33 163840 ----a-w- C:\Windows\SysWow64\scrrun.dll

2013-12-12 08:41:33 156160 ----a-w- C:\Windows\System32\cscript.exe

2013-12-12 08:41:33 150016 ----a-w- C:\Windows\System32\wshom.ocx

2013-12-12 08:41:33 141824 ----a-w- C:\Windows\SysWow64\wscript.exe

2013-12-12 08:41:33 126976 ----a-w- C:\Windows\SysWow64\cscript.exe

2013-12-12 08:41:33 121856 ----a-w- C:\Windows\SysWow64\wshom.ocx

2013-12-09 19:11:29 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

.

==================== Find3M  ====================

.

2013-12-10 20:38:58 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2013-11-26 10:18:23 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll

2013-11-26 09:48:07 66048 ----a-w- C:\Windows\System32\iesetup.dll

2013-11-26 09:46:25 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll

2013-11-26 09:18:39 139264 ----a-w- C:\Windows\System32\ieUnatt.exe

2013-11-26 09:18:09 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe

2013-11-26 09:16:57 708608 ----a-w- C:\Windows\System32\jscript9diag.dll

2013-11-26 08:35:02 5769216 ----a-w- C:\Windows\System32\jscript9.dll

2013-11-26 08:28:16 553472 ----a-w- C:\Windows\SysWow64\jscript9diag.dll

2013-11-26 08:16:12 4243968 ----a-w- C:\Windows\SysWow64\jscript9.dll

2013-11-26 08:02:16 1995264 ----a-w- C:\Windows\System32\inetcpl.cpl

2013-11-26 07:32:06 1928192 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2013-11-26 07:07:57 2334208 ----a-w- C:\Windows\System32\wininet.dll

2013-11-26 06:33:33 1820160 ----a-w- C:\Windows\SysWow64\wininet.dll

2013-11-19 10:33:38 267936 ------w- C:\Windows\System32\MpSigStub.exe

2013-10-12 02:30:42 830464 ----a-w- C:\Windows\System32\nshwfp.dll

2013-10-12 02:29:21 859648 ----a-w- C:\Windows\System32\IKEEXT.DLL

2013-10-12 02:29:08 324096 ----a-w- C:\Windows\System32\FWPUCLNT.DLL

2013-10-12 02:03:08 656896 ----a-w- C:\Windows\SysWow64\nshwfp.dll

2013-10-12 02:01:25 216576 ----a-w- C:\Windows\SysWow64\FWPUCLNT.DLL

.

============= FINISH: 18:31:01.53 ===============

Link to post
Share on other sites
.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Home Premium 

Boot Device: \Device\HarddiskVolume1

Install Date: 8/10/2012 5:08:45 PM

System Uptime: 1/4/2014 5:54:41 PM (1 hours ago)

.

Motherboard: Hewlett-Packard |  | 3672

Processor: Intel® Celeron® CPU B800 @ 1.50GHz | CPU1 | 795/1333mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 279 GiB total, 219.62 GiB free.

D: is FIXED (NTFS) - 14 GiB total, 1.608 GiB free.

E: is FIXED (FAT32) - 4 GiB total, 1.082 GiB free.

F: is CDROM (CDFS)

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP76: 12/10/2013 9:29:47 AM - Windows Update

RP77: 12/11/2013 5:15:39 AM - Windows Update

RP78: 12/12/2013 8:28:29 AM - Windows Update

RP79: 12/17/2013 9:53:56 AM - Windows Update

RP80: 12/20/2013 12:54:45 PM - Windows Update

RP81: 12/24/2013 8:11:51 AM - Windows Update

RP82: 12/27/2013 11:25:21 AM - Windows Update

RP83: 12/31/2013 11:04:58 AM - Windows Update

RP84: 1/3/2014 11:59:51 AM - Windows Update

.

==== Installed Programs ======================

.

Adobe Digital Editions 2.0

Adobe Flash Player 11 ActiveX

Adobe Reader XI (11.0.05)

Adobe Shockwave Player 11.5

Agatha Christie - Peril at End House

Amazon Kindle

Apple Application Support

Apple Mobile Device Support

Apple Software Update

Bejeweled 3

Bing Bar

Blackhawk Striker 2

Blasterball 3

Blio

Bonjour

Bounce Symphony

Cake Mania

Canon Easy-PhotoPrint EX

Canon MG2100 series MP Drivers

Canon MG2100 series On-screen Manual

Canon MG2100 series User Registration

Canon MP Navigator EX 5.0

Canon My Printer

Canon Solution Menu EX

Chronicles of Albian

Chuzzle Deluxe

Cisco EAP-FAST Module

Cisco LEAP Module

Cisco PEAP Module

Compaq Setup Manager

Cradle of Rome 2

CyberLink YouCam

D3DX10

ESU for Microsoft Windows 7 SP1

Evernote v. 4.2.3

Farm Frenzy

FATE

Google Chrome

Google Update Helper

Governor of Poker 2 Premium Edition

Hewlett-Packard ACLM.NET v1.1.1.0

HP Auto

HP Client Services

HP Customer Experience Enhancements

HP Documentation

HP Games

HP Launch Box

HP MovieStore

HP On Screen Display

HP Power Manager

HP Quick Launch

HP QuickWeb

HP Setup

HP Software Framework

HP Support Assistant

Intel® Control Center

Intel® Management Engine Components

Intel® Processor Graphics

Intel® Rapid Storage Technology

iTunes

Jewel Quest: The Sleepless Star - Collector's Edition

Junk Mail filter update

Mah Jong Medley

Malwarebytes Anti-Malware version 1.75.0.1300

McAfee Security Scan Plus

MediaMonkey 3.2

Mesh Runtime

Microsoft .NET Framework 4 Client Profile

Microsoft Application Error Reporting

Microsoft Office 2010

Microsoft Office Click-to-Run 2010

Microsoft Office Starter 2010 - English

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft WSE 3.0 Runtime

MSVCRT

MSVCRT_amd64

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

Mystery of Mortlake Mansion

Namco All-Stars: PAC-MAN

Norton Internet Security

Penguins!

Plants vs. Zombies - Game of the Year

PlayReady PC Runtime x86

Poker Superstars III

Polar Bowler

Polar Golfer

Realtek Ethernet Controller Driver

Realtek High Definition Audio Driver

Realtek PCIE Card Reader

REALTEK Wireless LAN Driver

Recovery Manager

RoxioNow Player

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)

Slingo Supreme

Spotify

Synaptics TouchPad Driver

Unity Web Player

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft .NET Framework 4 Client Profile (KB2836939)

Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3)

Update for PDF Writer

Update Installer for WildTangent Games App

Vacation Quest - The Hawaiian Islands

Virtual Villagers 5 - New Believers

WildTangent Games App for HP

Windows Live Communications Platform

Windows Live Essentials

Windows Live ID Sign-in Assistant

Windows Live Installer

Windows Live Language Selector

Windows Live Mail

Windows Live Mesh

Windows Live Mesh ActiveX Control for Remote Connections

Windows Live Messenger

Windows Live MIME IFilter

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live Remote Client

Windows Live Remote Client Resources

Windows Live Remote Service

Windows Live Remote Service Resources

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

Zuma Deluxe

.

==== End Of File ===========================
Link to post
Share on other sites
OTL logfile created on: 1/4/2014 11:25:15 PM - Run 1

OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Heather\Downloads

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.11.9600.16428)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

 

1.86 Gb Total Physical Memory | 0.81 Gb Available Physical Memory | 43.70% Memory free

3.71 Gb Paging File | 2.07 Gb Available in Paging File | 55.92% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 279.47 Gb Total Space | 219.62 Gb Free Space | 78.58% Space Free | Partition Type: NTFS

Drive D: | 14.46 Gb Total Space | 1.61 Gb Free Space | 11.12% Space Free | Partition Type: NTFS

Drive E: | 3.96 Gb Total Space | 1.08 Gb Free Space | 27.33% Space Free | Partition Type: FAT32

Unable to calculate disk information.

 

Computer Name: HEATHER-HP | User Name: Heather | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 

========== Processes (SafeList) ==========

 

PRC - [2014/01/04 23:24:04 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Heather\Downloads\OTL.com

PRC - [2013/12/09 12:10:40 | 001,168,896 | ---- | M] (Spotify Ltd) -- C:\Users\Heather\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe

PRC - [2013/12/03 19:48:06 | 000,863,184 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

PRC - [2013/09/05 07:04:00 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

PRC - [2013/07/23 01:46:22 | 000,240,288 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\SeaPort.EXE

PRC - [2013/06/26 18:21:50 | 000,207,528 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

PRC - [2013/06/26 18:21:46 | 000,523,944 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

PRC - [2011/08/04 16:08:56 | 000,593,032 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\Solution Menu EX\CNSEUPDT.EXE

PRC - [2011/08/04 16:06:12 | 001,612,920 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE

PRC - [2011/06/28 02:41:08 | 000,168,504 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe

PRC - [2011/06/16 17:03:42 | 000,103,992 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe

PRC - [2011/06/15 17:58:28 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe

PRC - [2011/06/14 14:29:22 | 000,587,320 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe

PRC - [2011/06/14 14:29:22 | 000,026,680 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe

PRC - [2011/06/13 16:47:12 | 000,336,440 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe

PRC - [2011/05/24 16:36:26 | 000,138,760 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\19.0.0.128\ccSvcHst.exe

PRC - [2010/12/30 20:44:00 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

PRC - [2010/12/30 20:43:00 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

PRC - [2010/12/27 16:30:00 | 001,817,088 | ---- | M] (Realsil Microelectronics Inc.) -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe

PRC - [2010/11/26 07:09:12 | 000,399,344 | ---- | M] (Roxio) -- C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe

PRC - [2010/09/13 18:32:32 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

PRC - [2010/09/13 18:32:30 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

 

 

========== Modules (No Company Name) ==========

 

MOD - [2013/12/03 19:48:04 | 000,399,312 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ppgooglenaclpluginchrome.dll

MOD - [2013/12/03 19:48:02 | 004,055,504 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\pdf.dll

MOD - [2013/12/03 19:47:11 | 000,702,416 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\libglesv2.dll

MOD - [2013/12/03 19:47:11 | 000,099,792 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\libegl.dll

MOD - [2013/12/03 19:47:08 | 001,619,408 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ffmpegsumo.dll

MOD - [2013/10/09 10:13:59 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ef0a534be135cd8f0d99d938d8b1814a\System.Windows.Forms.ni.dll

MOD - [2013/10/09 10:13:32 | 003,348,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\4eef5a3a4d0ed6d6fd882947a70df530\WindowsBase.ni.dll

MOD - [2013/10/09 10:13:25 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\29f3ae8d313e62b4daed1107ccd29f9f\System.Configuration.ni.dll

MOD - [2013/09/15 16:29:02 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\d473c19e69818875b9c739cad8f386a5\System.Runtime.Remoting.ni.dll

MOD - [2013/08/19 16:30:50 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\9a1bc983c28c695729b3e46acdc6933e\System.Management.ni.dll

MOD - [2013/08/19 16:30:49 | 000,475,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\ebdb3050959d9be47d33d2c77d6cc291\IAStorUtil.ni.dll

MOD - [2013/08/15 02:32:49 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5aa44bce7933e4de09d935848f868a4b\System.Drawing.ni.dll

MOD - [2013/08/15 02:32:22 | 005,464,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\09db78d6068543df01862a023aca785a\System.Xml.ni.dll

MOD - [2013/08/15 02:32:13 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\5d22a30e587e2cac106b81fb351e7c08\System.ni.dll

MOD - [2013/07/18 12:00:50 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\34002b75cd0faab68bf8079299c1aa46\IAStorCommon.ni.dll

MOD - [2013/07/17 12:05:34 | 011,499,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9a6c1b7af18b4d5a91dc7f8d6617522f\mscorlib.ni.dll

MOD - [2012/11/28 14:13:52 | 000,087,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll

MOD - [2012/11/28 14:13:30 | 001,242,512 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll

MOD - [2011/07/12 20:41:16 | 000,877,112 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\HP.SupportFramework\1.0.0.0__2a4860322af7ba08\HP.SupportFramework.dll

 

 

========== Services (SafeList) ==========

 

SRV - [2013/12/16 18:53:14 | 000,227,904 | ---- | M] (WildTangent) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe -- (GamesAppIntegrationService)

SRV - [2013/12/10 13:39:01 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2013/09/05 07:04:00 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)

SRV - [2013/07/23 01:46:22 | 000,240,288 | ---- | M] (Microsoft Corporation.) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\SeaPort.EXE -- (BBUpdate)

SRV - [2013/07/23 01:46:22 | 000,193,696 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BBSvc.EXE -- (BBSvc)

SRV - [2013/06/26 18:21:50 | 000,207,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)

SRV - [2013/06/26 18:21:46 | 000,523,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)

SRV - [2011/06/21 15:57:34 | 000,085,560 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)

SRV - [2011/06/16 17:03:42 | 000,103,992 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)

SRV - [2011/06/14 14:29:22 | 000,026,680 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)

SRV - [2011/05/24 16:36:26 | 000,138,760 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\19.0.0.128\ccSvcHst.exe -- (NIS)

SRV - [2010/12/30 20:44:00 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)

SRV - [2010/12/30 20:43:00 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)

SRV - [2010/12/27 16:30:00 | 001,817,088 | ---- | M] (Realsil Microelectronics Inc.) [Auto | Running] -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe -- (IconMan_R)

SRV - [2010/11/26 07:09:12 | 000,399,344 | ---- | M] (Roxio) [Auto | Running] -- C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe -- (RoxioNow Service)

SRV - [2010/10/12 10:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)

SRV - [2010/09/13 18:32:32 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)

SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

 

 

========== Driver Services (SafeList) ==========

 

DRV - [2013/12/03 11:27:32 | 001,526,488 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\BASHDefs\20131203.001\BHDrvx64.sys -- (BHDrvx64)

DRV - [2013/11/21 07:39:16 | 000,484,952 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)

DRV - [2013/11/21 07:39:16 | 000,137,648 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)

DRV - [2013/10/25 13:17:18 | 000,521,816 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\IPSDefs\20131206.001\IDSviA64.sys -- (IDSVia64)

DRV - [2013/10/21 18:33:15 | 002,099,288 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\VirusDefs\20131209.001\ex64.sys -- (NAVEX15)

DRV - [2013/10/21 18:33:15 | 000,126,040 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\VirusDefs\20131209.001\eng64.sys -- (NAVENG)

DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

 

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\..\SearchScopes,DefaultScope = 

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}

 

 

IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 

 

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 

 

IE - HKU\S-1-5-21-1138369966-3132292373-3564050637-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/CQNOT/1

IE - HKU\S-1-5-21-1138369966-3132292373-3564050637-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/

IE - HKU\S-1-5-21-1138369966-3132292373-3564050637-1000\..\SearchScopes,DefaultScope = 

IE - HKU\S-1-5-21-1138369966-3132292373-3564050637-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox

IE - HKU\S-1-5-21-1138369966-3132292373-3564050637-1000\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}

IE - HKU\S-1-5-21-1138369966-3132292373-3564050637-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1138369966-3132292373-3564050637-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

 

 

========== FireFox ==========

 

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)

FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll (McAfee, Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Heather\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\IPSFF [2013/10/10 17:27:36 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\coFFPlgn\ [2012/08/10 16:11:41 | 000,000,000 | ---D | M]

 

 

========== Chrome  ==========

 

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},

CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll

CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\pdf.dll

CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll

CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL

CHR - plugin: CANON iMAGE GATEWAY Album Plugin Utility for IJ (Enabled) = C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL

CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll

CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll

CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll

CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll

CHR - Extension: Google Docs = C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\

CHR - Extension: Google Drive = C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\

CHR - Extension: YouTube = C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\

CHR - Extension: Google Search = C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\

CHR - Extension: Pinterest = C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic\1.1_0\

CHR - Extension: Norton Identity Protection = C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\6.0.2_0\

CHR - Extension: Google Wallet = C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\

CHR - Extension: Gmail = C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

 

O1 HOSTS File: ([2009/06/10 14:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll (McAfee, Inc.)

O2 - BHO: (Bing Bar Helper) - {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BingExt.dll (Microsoft Corporation.)

O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.0.0.128\CoIEPlg.dll (Symantec Corporation)

O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.0.0.128\IPS\IPSBHO.dll (Symantec Corporation)

O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.0.0.128\CoIEPlg.dll (Symantec Corporation)

O3 - HKLM\..\Toolbar: (Bing Bar) - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BingExt.dll (Microsoft Corporation.)

O3 - HKU\S-1-5-21-1138369966-3132292373-3564050637-1000\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.0.0.128\CoIEPlg.dll (Symantec Corporation)

O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)

O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)

O4 - HKLM..\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe (Hewlett-Packard Development Company, L.P.)

O4 - HKLM..\Run: [HPQuickWebProxy] C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe (Hewlett-Packard Company)

O4 - HKLM..\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)

O4 - HKU\S-1-5-19..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-20..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-21-1138369966-3132292373-3564050637-1000..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe File not found

O4 - HKU\S-1-5-21-1138369966-3132292373-3564050637-1000..\Run: [spotify Web Helper] C:\Users\Heather\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)

O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)

O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

O13 - gopher Prefix: missing

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 192.168.2.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{36F5EB81-152C-49FC-9C23-1F8F832FC9F7}: DhcpNameServer = 192.168.2.1 192.168.2.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B53BB598-61A9-4CBC-BEFF-62F7B4216142}: DhcpNameServer = 192.168.2.1 192.168.2.1

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

 

========== Files/Folders - Created Within 30 Days ==========

 

[2014/01/04 17:33:17 | 000,000,000 | ---D | C] -- C:\Users\Heather\AppData\Roaming\Malwarebytes

[2014/01/04 17:33:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2014/01/04 17:33:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2014/01/04 17:32:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware

[2014/01/04 17:32:29 | 000,000,000 | ---D | C] -- C:\Users\Heather\AppData\Local\Programs

[2014/01/04 17:07:46 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT

[2014/01/04 16:50:18 | 000,000,000 | ---D | C] -- C:\AdwCleaner

[2014/01/02 18:04:03 | 000,000,000 | ---D | C] -- C:\Users\Heather\AppData\Roaming\WildTangent

[2013/12/31 18:08:42 | 000,000,000 | ---D | C] -- C:\Users\Heather\AppData\Local\Adobe_Systems_Incorporate

[2013/12/31 18:07:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe

[2013/12/31 18:07:31 | 000,000,000 | ---D | C] -- C:\Users\Heather\Documents\My Digital Editions

[2013/12/12 08:33:12 | 012,625,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmploc.DLL

[2013/12/12 08:33:12 | 011,410,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmp.dll

[2013/12/12 08:30:58 | 000,440,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll

[2013/12/12 08:30:56 | 000,553,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll

[2013/12/12 08:30:55 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll

[2013/12/12 08:30:53 | 001,928,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl

[2013/12/12 01:42:39 | 000,301,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msieftp.dll

[2013/12/12 01:42:34 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMPhoto.dll

[2013/12/12 01:41:33 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\scrrun.dll

[2013/12/12 01:41:33 | 000,126,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cscript.exe

[2013/12/12 01:41:33 | 000,121,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wshom.ocx

[2013/12/11 05:19:29 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\elshyph.dll

[2013/12/11 05:19:20 | 000,645,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jsIntl.dll

[2013/12/11 05:19:20 | 000,164,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll

[2013/12/11 05:19:20 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe

[2013/12/11 05:19:13 | 000,034,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll

[2013/12/11 05:19:11 | 001,051,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll

[2013/12/11 05:19:11 | 000,616,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat

[2013/12/11 05:19:11 | 000,610,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll

[2013/12/11 05:19:11 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec

[2013/12/11 05:19:11 | 000,233,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll

[2013/12/11 05:19:11 | 000,151,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe

[2013/12/11 05:19:11 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe

[2013/12/11 05:19:11 | 000,127,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll

[2013/12/11 05:19:11 | 000,116,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll

[2013/12/11 05:19:11 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe

[2013/12/11 05:19:11 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll

[2013/12/11 05:19:11 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll

[2013/12/11 05:19:11 | 000,083,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll

[2013/12/11 05:19:11 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe

[2013/12/11 05:19:11 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll

[2013/12/11 05:19:11 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll

[2013/12/11 05:19:11 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx

[2013/12/11 05:19:11 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MshtmlDac.dll

[2013/12/11 05:19:11 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll

[2013/12/11 05:19:11 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll

[2013/12/11 05:19:11 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll

[2013/12/11 05:19:11 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll

[2013/12/11 05:19:11 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll

[2013/12/11 05:19:11 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll

[2013/12/11 05:19:11 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe

[2013/12/09 12:11:29 | 000,692,616 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe

 

========== Files - Modified Within 30 Days ==========

 

[2014/01/04 23:05:58 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2014/01/04 23:05:29 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2014/01/04 23:05:19 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2014/01/04 17:45:45 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2014/01/04 17:44:18 | 1494,110,208 | -HS- | M] () -- C:\hiberfil.sys

[2014/01/04 17:33:07 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2014/01/03 07:03:46 | 000,000,005 | ---- | M] () -- C:\Users\Heather\AppData\Roaming\WBPU-Q5-TTL.DAT

[2014/01/03 07:03:42 | 000,000,103 | ---- | M] () -- C:\Users\Heather\AppData\Roaming\WB.CFG

[2014/01/03 07:03:41 | 000,000,005 | ---- | M] () -- C:\Users\Heather\AppData\Roaming\WBPU-TTL.DAT

[2014/01/02 18:05:20 | 000,002,424 | ---- | M] () -- C:\Users\Public\Desktop\WildTangent Games App - hp.lnk

[2013/12/31 18:07:38 | 000,002,204 | ---- | M] () -- C:\Users\Heather\Application Data\Microsoft\Internet Explorer\Quick Launch\Adobe Digital Editions 2.0.lnk

[2013/12/31 18:07:38 | 000,002,180 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Digital Editions 2.0.lnk

[2013/12/21 02:23:59 | 004,682,656 | ---- | M] () -- C:\Users\Heather\Documents\chrissybflietatt.rtf

[2013/12/21 01:50:53 | 015,865,933 | ---- | M] () -- C:\Users\Heather\Documents\bfieandbear.rtf

[2013/12/19 15:06:27 | 000,232,696 | ---- | M] () -- C:\Users\Heather\Documents\jasonganoungtattoo.rtf

[2013/12/11 05:19:29 | 000,194,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\elshyph.dll

[2013/12/11 05:19:20 | 000,645,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jsIntl.dll

[2013/12/11 05:19:20 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll

[2013/12/11 05:19:20 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe

[2013/12/11 05:19:13 | 000,034,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll

[2013/12/11 05:19:12 | 000,062,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx

[2013/12/11 05:19:11 | 001,051,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll

[2013/12/11 05:19:11 | 000,616,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat

[2013/12/11 05:19:11 | 000,610,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll

[2013/12/11 05:19:11 | 000,337,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec

[2013/12/11 05:19:11 | 000,233,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll

[2013/12/11 05:19:11 | 000,151,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe

[2013/12/11 05:19:11 | 000,139,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe

[2013/12/11 05:19:11 | 000,127,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll

[2013/12/11 05:19:11 | 000,116,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll

[2013/12/11 05:19:11 | 000,112,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe

[2013/12/11 05:19:11 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll

[2013/12/11 05:19:11 | 000,086,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll

[2013/12/11 05:19:11 | 000,083,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll

[2013/12/11 05:19:11 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe

[2013/12/11 05:19:11 | 000,069,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll

[2013/12/11 05:19:11 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll

[2013/12/11 05:19:11 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\MshtmlDac.dll

[2013/12/11 05:19:11 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll

[2013/12/11 05:19:11 | 000,056,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll

[2013/12/11 05:19:11 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll

[2013/12/11 05:19:11 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll

[2013/12/11 05:19:11 | 000,032,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll

[2013/12/11 05:19:11 | 000,024,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll

[2013/12/11 05:19:11 | 000,016,284 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf

[2013/12/11 05:19:11 | 000,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe

[2013/12/10 13:38:58 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe

[2013/12/10 13:38:58 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

[2013/12/07 04:37:58 | 000,002,733 | ---- | M] () -- C:\Users\Heather\Documents\editor letter.rtf

 

========== Files Created - No Company Name ==========

 

[2014/01/04 17:33:07 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2013/12/31 18:07:38 | 000,002,204 | ---- | C] () -- C:\Users\Heather\Application Data\Microsoft\Internet Explorer\Quick Launch\Adobe Digital Editions 2.0.lnk

[2013/12/31 18:07:38 | 000,002,192 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Digital Editions 2.0.lnk

[2013/12/31 18:07:38 | 000,002,180 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Digital Editions 2.0.lnk

[2013/12/31 11:15:47 | 000,000,005 | ---- | C] () -- C:\Users\Heather\AppData\Roaming\WBPU-Q5-TTL.DAT

[2013/12/21 02:23:59 | 004,682,656 | ---- | C] () -- C:\Users\Heather\Documents\chrissybflietatt.rtf

[2013/12/21 01:50:52 | 015,865,933 | ---- | C] () -- C:\Users\Heather\Documents\bfieandbear.rtf

[2013/12/19 15:06:26 | 000,232,696 | ---- | C] () -- C:\Users\Heather\Documents\jasonganoungtattoo.rtf

[2013/12/11 05:19:11 | 000,016,284 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf

[2013/12/09 12:12:02 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2013/12/07 04:37:58 | 000,002,733 | ---- | C] () -- C:\Users\Heather\Documents\editor letter.rtf

[2013/10/18 10:37:08 | 000,000,103 | ---- | C] () -- C:\Users\Heather\AppData\Roaming\WB.CFG

[2013/10/18 10:37:08 | 000,000,005 | ---- | C] () -- C:\Users\Heather\AppData\Roaming\WBPU-TTL.DAT

[2012/08/12 18:36:03 | 000,000,017 | ---- | C] () -- C:\Windows\SysWow64\shortcut_ex.dat

[2012/08/10 16:18:47 | 000,744,030 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2012/04/20 14:54:12 | 000,451,072 | ---- | C] () -- C:\Windows\SysWow64\ISSRemoveSP.exe

 

========== ZeroAccess Check ==========

 

[2009/07/13 21:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

 

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

 

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 19:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 18:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 18:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 20:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 18:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

 

========== LOP Check ==========

 

[2013/01/07 17:50:54 | 000,000,000 | ---D | M] -- C:\Users\Heather\AppData\Roaming\Awem

[2012/08/11 10:20:27 | 000,000,000 | ---D | M] -- C:\Users\Heather\AppData\Roaming\Blio

[2013/05/25 20:51:42 | 000,000,000 | ---D | M] -- C:\Users\Heather\AppData\Roaming\Canon

[2012/08/11 15:54:46 | 000,000,000 | ---D | M] -- C:\Users\Heather\AppData\Roaming\Flood Light Games

[2012/08/18 16:15:33 | 000,000,000 | ---D | M] -- C:\Users\Heather\AppData\Roaming\funkitron

[2012/08/16 20:28:48 | 000,000,000 | ---D | M] -- C:\Users\Heather\AppData\Roaming\Mystery of Mortlake Mansion

[2014/01/04 16:57:15 | 000,000,000 | ---D | M] -- C:\Users\Heather\AppData\Roaming\SoftGrid Client

[2012/08/24 18:29:46 | 000,000,000 | ---D | M] -- C:\Users\Heather\AppData\Roaming\SpinTop Games

[2014/01/04 16:56:14 | 000,000,000 | ---D | M] -- C:\Users\Heather\AppData\Roaming\Spotify

[2012/08/10 16:14:01 | 000,000,000 | ---D | M] -- C:\Users\Heather\AppData\Roaming\Synaptics

[2012/08/10 16:19:30 | 000,000,000 | ---D | M] -- C:\Users\Heather\AppData\Roaming\TP

[2013/09/25 08:52:24 | 000,000,000 | ---D | M] -- C:\Users\Heather\AppData\Roaming\Unity

[2014/01/02 18:04:06 | 000,000,000 | ---D | M] -- C:\Users\Heather\AppData\Roaming\WildTangent

[2013/06/04 22:40:00 | 000,000,000 | ---D | M] -- C:\Users\Heather\AppData\Roaming\Windows Live Writer

[2012/08/27 09:23:45 | 000,000,000 | ---D | M] -- C:\Users\Heather\AppData\Roaming\YoudaGames

 

========== Purity Check ==========

 

 

 

< End of report >
Link to post
Share on other sites
OTL Extras logfile created on: 1/4/2014 11:25:15 PM - Run 1

OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Heather\Downloads

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.11.9600.16428)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

 

1.86 Gb Total Physical Memory | 0.81 Gb Available Physical Memory | 43.70% Memory free

3.71 Gb Paging File | 2.07 Gb Available in Paging File | 55.92% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 279.47 Gb Total Space | 219.62 Gb Free Space | 78.58% Space Free | Partition Type: NTFS

Drive D: | 14.46 Gb Total Space | 1.61 Gb Free Space | 11.12% Space Free | Partition Type: NTFS

Drive E: | 3.96 Gb Total Space | 1.08 Gb Free Space | 27.33% Space Free | Partition Type: FAT32

Unable to calculate disk information.

 

Computer Name: HEATHER-HP | User Name: Heather | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 

========== Extra Registry (SafeList) ==========

 

 

========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

 

[HKEY_USERS\S-1-5-21-1138369966-3132292373-3564050637-1000\SOFTWARE\Classes\<extension>]

.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

 

========== Shell Spawning ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [edit] -- Reg Error: Key error.

htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"

http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [MediaMonkey.1Play] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" "%1" (Ventis Media Inc.)

Directory [MediaMonkey.2PlayNext] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" /NEXT "%1" (Ventis Media Inc.)

Directory [MediaMonkey.3Enqueue] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" /ADD "%1" (Ventis Media Inc.)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

 

========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

 

========== Firewall Settings ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

 

========== Authorized Applications List ==========

 

 

========== Vista Active Open Ports Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{0274FC23-F28E-4209-A7BE-A1F6D4427DBD}" = rport=138 | protocol=17 | dir=out | app=system | 

"{052FC421-1755-476A-80F6-66040F13FE5D}" = lport=445 | protocol=6 | dir=in | app=system | 

"{056F81CA-7277-4716-99E3-2AD834107975}" = lport=10243 | protocol=6 | dir=in | app=system | 

"{074EABE4-65E9-4CA1-8F11-4682A627341D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 

"{0B77E067-1E45-4230-B360-6908A7727E16}" = rport=139 | protocol=6 | dir=out | app=system | 

"{1364AB05-DF4B-42A3-8C87-7AA60E2E8277}" = rport=10243 | protocol=6 | dir=out | app=system | 

"{143BD02A-870C-4886-8726-6D0AF642C1BB}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 

"{24EC0E76-3551-45CD-9A3D-DFB2513CD3BC}" = rport=137 | protocol=17 | dir=out | app=system | 

"{37876F80-0FFB-4A17-A55A-A778F9C10AFA}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 

"{4D695AEA-EB8E-46B9-AF6D-AD713446ED14}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 

"{536232F0-67A1-493E-8EFA-792735908CA0}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 | 

"{66E54E0A-517D-4040-A8E0-9280EE202BC5}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 

"{67284EF9-54C8-4B17-BC07-F4EB72145028}" = rport=445 | protocol=6 | dir=out | app=system | 

"{6780E539-ADD0-436D-AB9A-528844164D2F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 

"{802AE2D0-2E2B-418B-8A15-4F9711DD551E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 

"{8B6FF54C-D8E5-4BF6-9965-FC740DD8035C}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 

"{8B97C794-5526-4D2C-A3D8-2F3A251E4F97}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 

"{97247ACD-2B0C-4D65-9A73-5398E3F6852E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 

"{A9C62A29-D2C7-4CFD-ADAB-CFB2C87585D8}" = lport=2869 | protocol=6 | dir=in | app=system | 

"{B57EFF07-A15E-4788-8B91-BC2493D1E8B3}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 

"{C1A8F361-C94F-4EC8-9AB7-D609AD873C50}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 

"{D87628A4-C7B6-4D03-A493-F2DA7A380868}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 

"{E23C5A92-3F18-485E-AEA0-F2C47D1F48A9}" = lport=138 | protocol=17 | dir=in | app=system | 

"{ED633FC6-1EDC-4269-8649-AEA7C3E1E814}" = lport=137 | protocol=17 | dir=in | app=system | 

"{FDBC6B83-0FFD-43E2-83FC-974BC5CA7500}" = lport=139 | protocol=6 | dir=in | app=system | 

 

========== Vista Active Application Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{0F7F85B3-69C9-4FFA-A47F-900EB84DA674}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 

"{1DD7C0FA-8534-4507-9921-B7E9F0100080}" = protocol=58 | dir=in | [email protected],-28545 | 

"{28F4E3DB-81E3-427B-B0DC-695DD4F2BBAE}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 

"{2CAD8BD3-2BE1-4FAD-A736-965B6ABFC8E6}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 

"{2CB9E60E-DEA7-47C3-9CBA-8E7D8765A155}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 

"{3311F27B-5064-491D-B408-DEC71BB36413}" = protocol=17 | dir=in | app=c:\program files (x86)\hewlett-packard\mediasmart\roxionow\rnow.exe | 

"{3B3BAC28-020B-423B-A84B-8411795936D9}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 

"{3C568FC5-2C98-4E0F-8FB1-146BF417F719}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 

"{41B3D50A-ED76-4BD7-A3EB-8DB03E421DF6}" = protocol=6 | dir=in | app=c:\program files (x86)\roxio\roxionow player\rnowshell.exe | 

"{52360138-6339-469A-BE00-357A68858FB0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 

"{53034B48-C775-42F8-AAAE-38DAD60DAB0C}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 

"{63B41EA2-9851-49DC-A6CF-2DE79E099F4C}" = protocol=6 | dir=out | app=system | 

"{63DAC05A-00C9-4200-9577-84E7071FF09B}" = protocol=6 | dir=in | app=c:\program files (x86)\hewlett-packard\mediasmart\roxionow\rnow.exe | 

"{64FAFE42-7290-415A-B74B-69C9DC3CFCAF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 

"{6EB5B81B-45D8-4CC8-966F-72D322443D3A}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 

"{755E8584-4BA2-49E6-A663-FA6D7A8508D0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 

"{7895E9E6-D92C-4F6E-A46D-0773F3FD322D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 

"{7C166D6D-D30E-468A-BF55-2B6043761CE0}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 

"{98D3C615-F210-4D5B-B540-0094F64E2DCE}" = protocol=1 | dir=in | [email protected],-28543 | 

"{A26BEB69-95FE-467C-901C-06FB767C20F2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 

"{B61594E7-EF73-4F16-823C-6068A90CF36E}" = protocol=58 | dir=out | [email protected],-28546 | 

"{B9E2C0BC-71D8-43CD-8DE4-8717FC05A93C}" = protocol=1 | dir=out | [email protected],-28544 | 

"{BD3D72C4-4075-4AB4-9972-AFEE10464FC9}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 

"{BE568172-3F31-4532-8CD2-D80BBFE84226}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 

"{C01D2718-D0AC-4FB6-A191-F802E0E01DA7}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 

"{CE2B7890-30EB-44D4-9C4B-D891A7F67E1F}" = protocol=17 | dir=in | app=c:\program files (x86)\roxio\roxionow player\rnowshell.exe | 

"{D53DB605-5FBA-4819-BD8A-486A5E68A2B2}" = protocol=58 | dir=out | [email protected],-503 | 

"{D9B5F0F8-0171-41ED-B85E-A6E63395776F}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 

"{DD354BB9-57FC-4B92-B2D6-76AED2B72862}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 

"{E3DE7F47-D873-4F15-99E4-62A77F49DE63}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 

"{E7072F34-F647-42FD-970C-3E06ADB5E653}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | 

"{E76C8B05-67FA-47D1-AA3B-98DC7F78AA6F}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 

"{EA3A8610-09EB-4495-B093-6E757ABAF43F}" = protocol=58 | dir=in | app=system | 

"{FB74416D-EB30-418A-AE75-631FC9FA2F6D}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 

"TCP Query User{4E9106B6-804B-4914-B95E-DCD5E23BF10C}C:\users\heather\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\heather\appdata\roaming\spotify\spotify.exe | 

"TCP Query User{C4238A8C-1272-4B2B-86D9-7102DA894CD1}C:\users\heather\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\heather\appdata\roaming\spotify\spotify.exe | 

"UDP Query User{2FA4FBF9-95FB-4C99-9990-36E75C8DCE80}C:\users\heather\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\heather\appdata\roaming\spotify\spotify.exe | 

"UDP Query User{A74062CA-E09F-44F1-9CEF-CF4C723CBEFF}C:\users\heather\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\heather\appdata\roaming\spotify\spotify.exe | 

 

========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam

"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements

"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer

"{0EDEB615-1A60-425E-8306-0E10519C7B55}" = RoxioNow Player

"{120262A6-7A4B-4889-AE85-F5E5688D3683}" = HP MovieStore

"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update

"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions

"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections

"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App

"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery

"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery

"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology

"{5036764A-435D-40C9-869C-31085A3D741D}" = HP Setup

"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module

"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack

"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module

"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components

"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE

"{68A55875-B6DD-41E8-8CF6-F193D9C47051}" = HP Documentation

"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.1.0

"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp" = WildTangent Games App for HP

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update

"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger

"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform

"{872B1C80-38EC-4A31-A25C-980820593900}" = HP Power Manager

"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver

"{8B52057C-15DB-433E-957C-E279BC7D07E3}" = HP QuickWeb

"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime

"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT

"{9008D736-35CA-40DB-A2BE-5F32D954E5AA}" = HP MovieStore

"{90140011-0066-0409-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - English

"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker

"{9368DDD5-CE7F-4BD7-A83A-F00FABE338EC}" = Blio

"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{9D3D8C60-A55F-4123-B2B9-173F09590E16}" = REALTEK Wireless LAN Driver

"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail

"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh

"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common

"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer

"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer

"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.05)

"{AE856388-AFAD-4753-81DF-D96B19D0A17C}" = Compaq Setup Manager

"{BB1C717E-376C-4AA1-8940-81BFC38D9778}" = HP Quick Launch

"{BFD1ABD7-9417-41CB-B1F6-04BE4CB9820D}" = HP Software Framework

"{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader

"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail

"{CA43FE4F-9FF2-4AD7-88F0-CC3BAC17B226}" = HP Support Assistant

"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86

"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support

"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform

"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64

"{D322A9E3-758B-4D60-A7C4-65C88FD378D0}" = Bing Bar

"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common

"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform

"{D7670221-BF9B-4DFF-B26B-5BE55A87329F}" = HP On Screen Display

"{DBCD5E64-7379-4648-9444-8A6558DCB614}" = Recovery Manager

"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources

"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh

"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10

"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime

"{E96CAA2A-0244-4A2A-8403-0C3C9534778B}" = ESU for Microsoft Windows 7 SP1

"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger

"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F761359C-9CED-45AE-9A51-9D6605CD55C4}" = Evernote v. 4.2.3

"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center

"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials

"Adobe Digital Editions 2.0" = Adobe Digital Editions 2.0

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX

"Adobe Shockwave Player" = Adobe Shockwave Player 11.5

"Canon MG2100 series On-screen Manual" = Canon MG2100 series On-screen Manual

"Canon MG2100 series User Registration" = Canon MG2100 series User Registration

"CanonMyPrinter" = Canon My Printer

"CanonSolutionMenuEX" = Canon Solution Menu EX

"Easy-PhotoPrint EX" = Canon Easy-PhotoPrint EX

"Google Chrome" = Google Chrome

"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300

"MediaMonkey_is1" = MediaMonkey 3.2

"MP Navigator EX 5.0" = Canon MP Navigator EX 5.0

"NIS" = Norton Internet Security

"Office14.Click2Run" = Microsoft Office Click-to-Run 2010

"WildTangent hp Master Uninstall" = HP Games

"WinLiveSuite" = Windows Live Essentials

"WTA-07dd4a15-af59-4f9b-87b4-19ce85e0b66c" = Farm Frenzy

"WTA-0ec51801-033d-4617-a050-728e77631270" = Polar Bowler

"WTA-227c80a2-21c7-4185-a0b0-a747053828d1" = Cradle of Rome 2

"WTA-28c40a23-2cb0-4857-93ac-3ae881416080" = Governor of Poker 2 Premium Edition

"WTA-40436781-0771-43e9-90f1-f0b21871e7c7" = Namco All-Stars: PAC-MAN

"WTA-4321a835-a749-4fc6-9097-d1516a02a344" = Virtual Villagers 5 - New Believers

"WTA-5f7cb5e7-e662-4dd4-ae4b-cb001ab0ed67" = Poker Superstars III

"WTA-61144ec7-9623-40f1-916b-a08b810a39ff" = Bounce Symphony

"WTA-654b1f4c-49e0-4a89-9c31-880e05927973" = Mystery of Mortlake Mansion

"WTA-657aa79f-4740-4ffd-9d42-7443fee74ca9" = Cake Mania

"WTA-87609f51-e7c2-4747-a175-99957dc2679b" = Polar Golfer

"WTA-887c9daf-c718-423e-9d37-2bf81aae537f" = Mah Jong Medley

"WTA-89c8791f-2f2c-4afe-aa76-918bcf703b33" = Plants vs. Zombies - Game of the Year

"WTA-9c483297-2c0b-4e52-8714-3b478983a0f6" = Penguins!

"WTA-a201309e-54cb-471b-b2b2-cb08d6e23a57" = Slingo Supreme

"WTA-adece886-22ed-47b6-bba0-9ec02042ca6f" = Agatha Christie - Peril at End House

"WTA-bee71dbf-9875-4bd0-9f51-2863426d06d3" = FATE

"WTA-c005653b-ab05-4da1-9723-a638f23175ee" = Chuzzle Deluxe

"WTA-c6c46fe9-d8cd-47fd-bdde-a0231815943f" = Zuma Deluxe

"WTA-cc617191-81c5-4649-8255-3d37d9d6141b" = Bejeweled 3

"WTA-cf9d7d2b-16a6-477e-af0e-f37c0373f8ff" = Blasterball 3

"WTA-e5a22790-5f26-46b4-bd19-f0b3a53ae654" = Vacation Quest - The Hawaiian Islands

"WTA-f745116d-0448-476d-aa2a-f3d3a85f096d" = Blackhawk Striker 2

"WTA-fe2f2ce9-ea5d-4ff8-bc0c-8f0f98a5259a" = Chronicles of Albian

"WTA-fe6c4247-8a9d-46b0-a840-2b2f416b3657" = Jewel Quest: The Sleepless Star - Collector's Edition

 

========== HKEY_USERS Uninstall List ==========

 

[HKEY_USERS\S-1-5-21-1138369966-3132292373-3564050637-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Amazon Kindle" = Amazon Kindle

"DigitalSite" = Update for PDF Writer

"Spotify" = Spotify

"UnityWebPlayer" = Unity Web Player

 

========== Last 20 Event Log Errors ==========

 

[ Application Events ]

Error - 1/4/2014 9:19:26 PM | Computer Name = Heather-HP | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledSPRetry 665500

 

Error - 1/4/2014 9:19:27 PM | Computer Name = Heather-HP | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: Continuously busy for more than a second

 

Error - 1/4/2014 9:19:27 PM | Computer Name = Heather-HP | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledEvent 666499

 

Error - 1/4/2014 9:19:27 PM | Computer Name = Heather-HP | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledSPRetry 666499

 

Error - 1/4/2014 9:44:49 PM | Computer Name = Heather-HP | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: Continuously busy for more than a second

 

Error - 1/4/2014 9:44:49 PM | Computer Name = Heather-HP | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledEvent 1014

 

Error - 1/4/2014 9:44:49 PM | Computer Name = Heather-HP | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledSPRetry 1014

 

Error - 1/4/2014 9:44:51 PM | Computer Name = Heather-HP | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: Continuously busy for more than a second

 

Error - 1/4/2014 9:44:51 PM | Computer Name = Heather-HP | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledEvent 2200

 

Error - 1/4/2014 9:44:51 PM | Computer Name = Heather-HP | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledSPRetry 2200

 

[ Hewlett-Packard Events ]

Error - 9/2/2013 3:15:13 PM | Computer Name = Heather-HP | Source = HPSF.exe | ID = 4000

Description = 

 

Error - 10/2/2013 12:02:16 AM | Computer Name = Heather-HP | Source = HPSF.exe | ID = 4000

Description = 

 

Error - 10/20/2013 10:36:37 PM | Computer Name = Heather-HP | Source = HPSF.exe | ID = 4000

Description = 

 

Error - 10/20/2013 10:38:52 PM | Computer Name = Heather-HP | Source = HPSF.exe | ID = 4000

Description = 

 

Error - 10/27/2013 10:52:35 PM | Computer Name = Heather-HP | Source = HPSF.exe | ID = 4000

Description = 

 

Error - 12/8/2013 11:35:54 PM | Computer Name = Heather-HP | Source = HPSF.exe | ID = 4000

Description = 

 

Error - 12/8/2013 11:37:59 PM | Computer Name = Heather-HP | Source = HPSF.exe | ID = 4000

Description = 

 

Error - 12/8/2013 11:38:04 PM | Computer Name = Heather-HP | Source = HPSF.exe | ID = 4000

Description = 

 

Error - 12/15/2013 11:24:55 PM | Computer Name = Heather-HP | Source = HPSF.exe | ID = 4000

Description = 

 

Error - 12/22/2013 11:28:50 PM | Computer Name = Heather-HP | Source = HPSF.exe | ID = 4000

Description = 

 

 

< End of report >

Link to post
Share on other sites

Good morning wyomingmommyof2, ok lets remove a bunch from the OTL scan !

 

We need to Run an OTL fix !!
Warning This fix is only relevant for this system and no other, using on another computer may cause problems.

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

    * Double-click OTL.exe to start the program.
    * Copy and Paste the following code into the customFix.png.  text box of the OTL tool/program ! Start with and include the colon plus  :OTL

:OTLIE - HKLM\..\SearchScopes,DefaultScope =IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRCIE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...ebay.com/?_nkw={searchTerms}IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =IE - HKU\S-1-5-21-1138369966-3132292373-3564050637-1000\..\SearchScopes,DefaultScope =IE - HKU\S-1-5-21-1138369966-3132292373-3564050637-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBoxIE - HKU\S-1-5-21-1138369966-3132292373-3564050637-1000\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...ebay.com/?_nkw={searchTerms}FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not foundFF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not foundO4 - HKU\S-1-5-21-1138369966-3132292373-3564050637-1000..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe File not foundO4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not foundO4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not foundO13 - gopher Prefix: missing  :Commands[emptyjava][emptyflash][EMPTYTEMP][RESETHOSTS][CREATERESTOREPOINT][Reboot]

# Then click the Run Fix button at the top.
# Click btnOK.png
# Please post the contents of the fix log file back here if you are prompted to open the file. It can also be found at C:\_OTL\Moved Files as MMDDYYY_HHMMSS.log where MMDDYYY is date format and HHMMSS is time format.
Remember to enable your real time protection.

 

Post that log next !!

 

Thanks

Chuck

Link to post
Share on other sites
All processes killed

========== OTL ==========

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D944BB61-2E34-4DBF-A683-47E505C587DC}\ not found.

HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!

HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!

HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!

HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!

HKEY_USERS\S-1-5-21-1138369966-3132292373-3564050637-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!

Registry key HKEY_USERS\S-1-5-21-1138369966-3132292373-3564050637-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.

Registry key HKEY_USERS\S-1-5-21-1138369966-3132292373-3564050637-1000\Software\Microsoft\Internet Explorer\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D944BB61-2E34-4DBF-A683-47E505C587DC}\ not found.

Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.

Registry value HKEY_USERS\S-1-5-21-1138369966-3132292373-3564050637-1000\Software\Microsoft\Windows\CurrentVersion\Run\\RESTART_STICKY_NOTES deleted successfully.

Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.

Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.


========== COMMANDS ==========

 

[EMPTYJAVA]

 

User: All Users

 

User: Default

 

User: Default User

 

User: Heather

 

User: Public

 

Total Java Files Cleaned = 0.00 mb

 

 

[EMPTYFLASH]

 

User: All Users

 

User: Default

 

User: Default User

 

User: Heather

->Flash cache emptied: 14216 bytes

 

User: Public

 

Total Flash Files Cleaned = 0.00 mb

 

 

[EMPTYTEMP]

 

User: All Users

 

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: Heather

->Temp folder emptied: 92942658 bytes

->Temporary Internet Files folder emptied: 597780803 bytes

->Google Chrome cache emptied: 444846636 bytes

->Flash cache emptied: 0 bytes

 

User: Public

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32 (64bit) .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 365062411 bytes

%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 13400863 bytes

%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 17485409 bytes

RecycleBin emptied: 77646852 bytes

 

Total Files Cleaned = 1,535.00 mb

 

C:\Windows\System32\drivers\etc\Hosts moved successfully.

HOSTS file reset successfully

Restore point Set: OTL Restore Point

 

OTL by OldTimer - Version 3.2.69.0 log created on 01052014_121139

 

Files\Folders moved on Reboot...

C:\Users\Heather\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

C:\Users\Heather\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.

 

PendingFileRenameOperations files...

 

Registry entries deleted on Reboot...
Link to post
Share on other sites

Hi, ok that looks good, lets do some clean up & see how it's running & if you have any problems we need to fix !

 

Clean up with OTL


    Right-click OTL.exe and select " Run as administrator " to run it.
    This will remove all the tools we used to clean your pc.
    Close all other programs apart from OTL as this step will require a reboot
    On the OTL main screen, press the CleanUp! button
    Say Yes to the prompt and then allow the program to reboot your computer.

You can now delete any tools we used if they remain on your Desktop.

 

 

 

Reboot, then let me know how it's running !! It will speed up after a few normal re-boots !!

Got any pop-ups ?

 

 

Chuck

Link to post
Share on other sites

Not unless it gets those pop-ups but i thnk we got rid of those !! You let me know, ok ! if not we can do some more checking !!

 

 

 
Congratulation you are clean !!!

Any of the logs that you created for use in the forums or remaining tools that have not yet been removed can be deleted so they aren't cluttering up your desktop.

This is my standard "All Clean Speech." You may have some already installed, these are just recommendations !

Here are some tips to reduce the potential for spyware infection in the future:

Make your Internet Explorer more secure - This can be done by following these simple instructions:

 *From within Internet Explorer click on the Tools menu and then click on Options.
 *Click once on the Security tab
 *Click once on the Internet icon so it becomes highlighted.
 *Click once on the Custom Level button.
 *Change the Download signed ActiveX controls to Prompt
 *Change the Download unsigned ActiveX controls to Disable
 *Change the Initialize and script ActiveX controls not marked as safe to Disable
 *Change the Installation of desktop items to Prompt
 *Change the Launching programs and files in an IFRAME to Prompt
 *Change the Navigate sub-frames across different domains to Prompt
 *When all these settings have been made, click on the OK button.
 *If it prompts you as to whether or not you want to save the settings, press the Yes button.
 *Next press the Apply button and then the OK to exit the Internet Properties page.

==========================

Make your Mozilla Firefox more secure - This can be done by adding these add-ons:

   NoScript
   AdBlockPlus

=============================

Use and update an anti-virus software - I can not overemphasize the need for you to use and update your anti-virus application on a regular basis. With the ever increasing number of new variants of malware arriving on the scene daily, you become very susceptible to an attack without updated protection.

=============================

Free Anti-Virus

  Avast Free Antivirus
  Avira Free Antivirus 2013
  PC Tools AntiVirus Free
  Ad-Aware Free Antivirus

========================

Free Firewall
Using a third-party firewall will allow you to give/deny access for applications that want to go online. Without a firewall your computer is susceptible to being hacked and taken over. Simply using a firewall in its default configuration can lower your risk greatly. A tutorial on firewalls can be found here.

 Online Armor Free
 Agnitum Outpost Firewall Free
 Comodo Firewall

=======================

Make sure you keep your Windows OS current. Windows XP users can visit  Windows updatedefault.asp regularly to download and install any critical updates and service packs. Windows Vista/7 users can open the Start menu > All Programs > Windows Update > Check for Updates (in left hand task pane) to update these systems. Without these you are leaving the back door open.

=======================

Consider a custom hosts file such as MVPS HOSTS. This custom hosts file effectively blocks a wide range of unwanted ads, banners, 3rd party Cookies, 3rd party page counters, web bugs, and many hijackers. For information on how to download and install, please read this tutorial by WinHelp2002
Note: Be sure to follow the instructions to disable the DNS Client service before installing a custom hosts file.

==========================

WOT(Web of Trust) As "Googling" is such an integral part of internet life, this free browser add on warns you about risky websites that try to scam visitors, deliver malware or send spam. It is especially helpful when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites. WOT has an add-on available for Firefox, Internet Explorer as well as Google Chrome.

==========================

If you are behind on some updates, please visit the http://secunia.com/vulnerability_scanning/online/]Secunia Software Inspector   
Update any vulnerable software you have. Many malware now use zero day exploits in outdated versions of browsers and third party programs like Flash Player,Java Runtime , Winzip, Acrobat Reader etc to allow them to install silently without your knowledge or detection by your antivirus protection.

==========================

I also recommend that you read the following:
How to prevent malware by miekiemoes

==========================

To insure better safety, these are a must have:
Rule #1 ........ Good Antivirus
Rule #2 ........ Good Firewall
Rule #3 ........ Good Router is Great ! (optional but best)


Happy surfing and Stay Clean
Chuck
 

If you see our/my ad please respond !!

Link to post
Share on other sites
Guest
This topic is now closed to further replies.