Sponsored By

hpg3

CPU Running slow

96 posts in this topic

Do you have a fax, I could fax it to you. I copied the entire thing in Word, 18 pages  or start a new topic and try again

Edited by hpg3

Share this post


Link to post
Share on other sites

OTL Extras logfile created on: 11/8/2016 5:08:07 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Howard\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.18449)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
5.75 Gb Total Physical Memory | 3.48 Gb Available Physical Memory | 60.54% Memory free
11.50 Gb Paging File | 8.77 Gb Available in Paging File | 76.27% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 455.84 Gb Total Space | 394.76 Gb Free Space | 86.60% Space Free | Partition Type: NTFS
Drive J: | 7.45 Gb Total Space | 4.69 Gb Free Space | 63.01% Space Free | Partition Type: FAT32
 
Computer Name: HOWARD-PC | User Name: Howard | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-16268802-1566341955-461656969-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02C4B789-945B-42AF-84B5-E5A44689F972}" = lport=10243 | protocol=6 | dir=in | app=system |
"{11381CB0-55D4-43A0-804B-E3931C21D23A}" = lport=2869 | protocol=6 | dir=in | app=system |
"{2BE88AB1-DE53-45BA-8682-C1077A5A7A5E}" = rport=138 | protocol=17 | dir=out | app=system |
"{2DC66062-86F3-4826-BBB4-9CCB0B9D098F}" = lport=139 | protocol=6 | dir=in | app=system |
"{3BA3AFD2-9F52-45D2-9218-74B5190FFD6C}" = rport=137 | protocol=17 | dir=out | app=system |
"{49A99F35-43C9-406E-9E04-1A51ACAE3BCB}" = rport=445 | protocol=6 | dir=out | app=system |
"{4AEACB0C-4402-4A25-911D-B6DD4CBBD75F}" = lport=2869 | protocol=6 | dir=in | app=system |
"{4FB76F36-9DCF-4E5B-A065-986971D10B68}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{605F380C-53C4-49BB-989A-9DE77A10EFB0}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{6165C2A6-C150-4B69-943B-71C1881DC86F}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{670668B0-C4E1-449A-BBF9-5308CDBFD86D}" = rport=10243 | protocol=6 | dir=out | app=system |
"{67A749B5-CD4A-4B2E-9277-C33586D1A4E6}" = rport=139 | protocol=6 | dir=out | app=system |
"{7A4E1D09-2877-4C10-9BA4-9FC475E85DBB}" = lport=5357 | protocol=6 | dir=in | name=ws-eventing tcp port 5357 |
"{7F0113AC-F229-41B2-845B-745951502631}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{8868327D-6A71-4F1B-B391-63E1BAE3D7F1}" = lport=5353 | protocol=17 | dir=in | app=c:\program files (x86)\google\chrome\application\chrome.exe |
"{8F76B9E2-84DF-4A6A-92CB-B095CBF1BEA5}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A9ED3743-7FD9-4AE5-9BB1-5B862E6AB979}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{BDB3D842-3F94-41DA-9097-65233B444F26}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{BFC4D17B-A762-4381-A0DF-41958BC8F8D2}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{C0A8F039-1779-42D8-A9C3-EDBC47C51DF4}" = lport=445 | protocol=6 | dir=in | app=system |
"{C9F4F8C7-B26D-450F-9D4A-32EECD7AC7BF}" = lport=138 | protocol=17 | dir=in | app=system |
"{CCA20E33-D934-4F8A-BB91-9085A20E30D6}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{CCC53B94-DDB6-42F9-81D3-F3DE272A3CB8}" = lport=137 | protocol=17 | dir=in | app=system |
"{F3E31018-5226-4501-94D8-3222BB41AD19}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F9F7A7EF-F1E8-46FD-8D33-5B1A802E5336}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01E5AE3D-81D5-4446-84BC-E96F9426AF57}" = protocol=17 | dir=in | app=c:\users\howard\appdata\local\temp\7zs6a6c\hpdiagnosticcoreui.exe |
"{06771EBE-5D50-4F23-85BD-357519EF5852}" = protocol=17 | dir=in | app=c:\users\howard\appdata\local\temp\7zs3f59\hpdiagnosticcoreui.exe |
"{06B9CCF2-D34F-4742-959D-476728EAF2B8}" = protocol=6 | dir=in | app=c:\users\howard\appdata\local\temp\7zs150f\hpdiagnosticcoreui.exe |
"{08590306-0678-473F-A6DB-83F862BBBB83}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\platform\mcsvchost\mcsvhost.exe |
"{09B46751-1627-4965-9669-B3FEDBD55B57}" = protocol=6 | dir=in | app=c:\users\howard\appdata\local\temp\7zs1b65\hpdiagnosticcoreui.exe |
"{12037A6E-4078-4D93-AB11-9BB165B743E8}" = protocol=17 | dir=in | app=c:\users\howard\appdata\local\temp\7zs6407\hpdiagnosticcoreui.exe |
"{13BD7366-4441-445A-B74C-B91781D016CA}" = protocol=1 | dir=out | [email protected],-28544 |
"{154AA26E-126D-4A5B-9DC0-0588B97910E6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{18CEA0B5-CC5F-45A3-B425-11ED5CCFB1DD}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{193F4C43-8740-45E3-A325-E6C434D01EE8}" = protocol=6 | dir=in | app=c:\users\howard\appdata\local\temp\7zs63d6\hpdiagnosticcoreui.exe |
"{1DD677DB-5A22-409A-ABCC-A4DB39E8B0C5}" = protocol=6 | dir=in | app=c:\users\howard\appdata\local\temp\7zs7f6e\hpdiagnosticcoreui.exe |
"{245124C2-A2DB-4D13-9C10-F33EF04C2A30}" = dir=in | app=c:\program files\hp\hp officejet pro 6830\bin\faxapplications.exe |
"{2EAB6C2B-5157-4437-8DE5-EB3533C10E42}" = dir=in | app=c:\program files\hp\hp officejet pro 6830\bin\digitalwizards.exe |
"{30B1ED07-C6C9-42EA-B025-8DAB8ADE27FF}" = dir=in | app=c:\program files\hp\hp officejet pro 6830\bin\sendafax.exe |
"{32587C62-5993-486C-9DB2-856FC1864BE1}" = protocol=17 | dir=in | app=c:\users\howard\appdata\local\temp\7zs2c41\hpdiagnosticcoreui.exe |
"{37A6EE52-E2E7-4D9B-83B9-C8EE8BE15C23}" = protocol=17 | dir=in | app=c:\users\howard\appdata\local\temp\7zs2bcf\hpdiagnosticcoreui.exe |
"{3A1E8E61-9127-4DE1-8AD7-6694B519C0BA}" = protocol=17 | dir=in | app=c:\users\howard\appdata\local\temp\7zs1b13\hpdiagnosticcoreui.exe |
"{54A5E398-E538-4695-9A8F-A337C137026F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{55B5CF70-8682-4BD0-A7F0-55DF82EB3B8D}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{5B52EFBD-19D4-4ABB-8AAE-C3E67EFBE7A1}" = protocol=6 | dir=in | app=c:\users\howard\appdata\local\temp\7zs603e\hpdiagnosticcoreui.exe |
"{5C2A2BB2-3BA8-416A-AA6B-6DD042C5C7AA}" = protocol=6 | dir=in | app=c:\users\howard\appdata\local\temp\7zs31a0\hpdiagnosticcoreui.exe |
"{5E5ABE2D-3FDA-4108-9A90-D6638129D5A3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{61DFE1A2-570C-4770-9C4B-B3E8E5D30457}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{65DCC3CD-8964-40C7-A581-ECC1B93EA7D2}" = protocol=17 | dir=in | app=c:\users\howard\appdata\local\temp\7zs7f6e\hpdiagnosticcoreui.exe |
"{6687B6DB-7705-48C4-8C85-86E90C739275}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{70ABA383-2B6F-4EA0-8211-9BB594B62D0F}" = protocol=58 | dir=in | [email protected],-28545 |
"{72C7B53C-B67F-4DDB-BEAD-92AABB3ED65E}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\platform\mcsvchost\mcsvhost.exe |
"{74739885-B64C-423E-8461-74081D42566B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8465FF4D-DABA-4338-B67C-AEDA4D5B3EBD}" = protocol=17 | dir=in | app=c:\users\howard\appdata\local\temp\7zs603e\hpdiagnosticcoreui.exe |
"{86004FAB-4A08-4171-84EA-FF0AEEDD3B0C}" = protocol=6 | dir=in | app=c:\users\howard\appdata\local\temp\7zs1b13\hpdiagnosticcoreui.exe |
"{8C9DC199-1EF6-4118-B231-46BAE9A312B4}" = protocol=6 | dir=in | app=c:\users\howard\appdata\local\temp\7zs2bcf\hpdiagnosticcoreui.exe |
"{8F374204-0A17-4F20-9C61-0A3E15DD7323}" = protocol=6 | dir=in | app=c:\users\howard\appdata\local\temp\7zs6407\hpdiagnosticcoreui.exe |
"{901E9B46-A27A-4940-ABDC-926D256FD5F7}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{97C30663-2508-47CE-B894-13085B072C28}" = protocol=17 | dir=in | app=c:\users\howard\appdata\local\temp\7zs035c\hpdiagnosticcoreui.exe |
"{A3AC7AF8-E19E-4E24-B6D6-F36B1EC3E6DC}" = protocol=17 | dir=in | app=c:\users\howard\appdata\local\temp\7zs31a0\hpdiagnosticcoreui.exe |
"{A7BE6349-F186-4370-9C2D-4EFAA186F81B}" = protocol=6 | dir=out | app=system |
"{A85CC163-F6C2-4D7C-BF5C-23125DFD7B5D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A95BAF37-7620-4505-A8D2-E6C2189C1C54}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{B07AE0EC-6DCB-4241-B703-1539B0603868}" = protocol=17 | dir=in | app=c:\users\howard\appdata\local\temp\7zs150f\hpdiagnosticcoreui.exe |
"{B92671D6-27E7-49FD-83FB-465C716D18A5}" = protocol=17 | dir=in | app=c:\users\howard\appdata\local\temp\7zs316f\hpdiagnosticcoreui.exe |
"{BB73E4A1-6C38-43CA-A657-09D0C67FA9D9}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{BC0CC9CB-79D0-490E-8BE0-F83D8B75F519}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{BD477EA7-F581-4402-ABCD-1E6A57BC7AD9}" = protocol=6 | dir=in | app=c:\users\howard\appdata\local\temp\7zs2c41\hpdiagnosticcoreui.exe |
"{C00F55C6-E05C-451C-A177-0F91C00465E0}" = protocol=58 | dir=out | [email protected],-28546 |
"{C21092D1-CEA5-4825-AF73-0EC11196B336}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{C226656D-4B5B-4E2C-BA08-59DE826C472D}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{C29911B2-A4A7-4E59-A88A-4569F031ACEC}" = protocol=17 | dir=in | app=c:\users\howard\appdata\local\temp\7zs1b65\hpdiagnosticcoreui.exe |
"{C88CCB10-B7B3-477B-81C8-8AAB18865FB8}" = protocol=6 | dir=in | app=c:\users\howard\appdata\local\temp\7zs6a6c\hpdiagnosticcoreui.exe |
"{C8AA23FF-624C-4796-8E66-7B7B7B8A21E5}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{CA714121-410E-4128-B5FA-7F9CBA8ABA15}" = protocol=6 | dir=in | app=c:\users\howard\appdata\local\temp\7zs316f\hpdiagnosticcoreui.exe |
"{CA8223E5-1C63-45E3-BEF9-12E81F8C38B5}" = protocol=6 | dir=in | app=c:\users\howard\appdata\local\temp\7zs035c\hpdiagnosticcoreui.exe |
"{CC2A99B1-7E1C-4BFC-B826-443B0FD64B1B}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{CDE74878-8442-4722-9C86-51644581EDF1}" = dir=in | app=c:\program files\hp\hp officejet pro 6830\bin\hpnetworkcommunicatorcom.exe |
"{D1CCA3A5-FB23-4F58-9B80-9D4A907CD19E}" = dir=in | app=c:\program files\hp\hp officejet pro 6830\bin\devicesetup.exe |
"{D8D9BA9C-5BAD-4D46-8497-EDDD54C8B145}" = protocol=17 | dir=in | app=c:\users\howard\appdata\local\temp\7zs63d6\hpdiagnosticcoreui.exe |
"{F33CC057-ACA2-4363-AC5A-55C6155BCA0D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{F4CF6797-F4B3-477C-BC44-747EEC072B05}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F7642B4E-3424-4F4E-95F5-89EDA6686B15}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F9F3A039-CCB4-447E-BC22-86DF2F5E10C2}" = protocol=6 | dir=in | app=c:\users\howard\appdata\local\temp\7zs3f59\hpdiagnosticcoreui.exe |
"{FD71117D-0729-44D2-9722-7D2B00071FDE}" = protocol=1 | dir=in | [email protected],-28543 |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{26784146-6E05-3FF9-9335-786C7C0FB5BE}" = Microsoft .NET Framework 4.5.2
"{26A24AE4-039D-4CA4-87B4-2F64180111F0}" = Java 8 Update 111 (64-bit)
"{2E4AF2A6-50EA-4260-9BA4-5E582D11879A}" = Apple Mobile Device Support
"{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}" = Bonjour
"{724A887F-2B55-4306-B6F9-8F0E7A04B1B5}" = iCloud
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
"{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.2
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96ABEAD3-67AE-4BF7-8A16-F745352049B3}" = Product Improvement Study for HP Officejet Pro 6830
"{98040AB6-D667-409C-81E7-DB65836B3EE0}" = HP Officejet Pro 6830 Basic Device Software
"{A6B0442B-E159-444B-B49D-6B9AC531EAE3}" = Apple Application Support (64-bit)
"{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb" = Internet Explorer (Enable DEP)
"{C73A3942-84C8-4597-9F9B-EE227DCBA758}" = Dell Dock
"{CAED120A-1F05-4B8F-B76E-A3EA5C328AB8}" = ANT Drivers Installer x64
"{E06357A3-5F44-B1AE-F4BA-9DAC26A209C9}" = ccc-utility64
"{EF79C448-6946-4D71-8134-03407888C054}" = Shared C Run-time for x64
"98157A226B40B173301B0F53C8E98C47805D5152" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (04/19/2012 2.3.1.0)
"CCleaner" = CCleaner
"D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2" = Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB  (02/06/2007 3.1)
"F9D2A789F9CFF8CEC36B544F53877C80F1F73C46" = Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0D29B7E9-CDFF-807D-1D4E-FFB77D809836}" = CCC Help Italian
"{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup
"{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}" = Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005
"{144D9816-818D-C36E-33A0-889A19C5EDA6}" = CCC Help Portuguese
"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD
"{16FCDD97-AE09-476B-88CD-261D852BD34C}" = Marketsplash Shortcuts
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18BED011-2EEF-1148-E90C-D6556565B2EC}" = CCC Help Polish
"{20C2435C-5B06-2E12-5087-116D8EF658B8}" = CCC Help Korean
"{21A196EC-241B-4A79-970B-E9585F1CE90C}" = AVEO UVC Like Driver
"{21DFBF7E-DC05-4E87-A7D1-D5631A23ECED}" = AQUAZONE DESKTOP GARDEN
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}" = Skype™ 7.5
"{26791563-0BDF-1FBE-CC21-994A09559CCE}" = Catalyst Control Center Graphics Previews Common
"{26A24AE4-039D-4CA4-87B4-2F32180111F0}" = Java 8 Update 111
"{28693307-6F99-4B5D-9FA3-4D9132DDA716}" = HP Officejet Pro 6830 Help
"{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}" = essvatgt
"{34927EBC-98D4-4D53-98BE-510DF5999F50}" = Adobe AIR
"{35505AE1-27E2-4206-B3BF-58771803B8D0}" = IncrediMail
"{3A25676C-038C-504A-FA32-F971B36BF7EE}" = Catalyst Control Center Graphics Previews Vista
"{3AA7FDD6-E358-453D-BC77-22E3CF81DA83}" = Super Glinx!
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3B8FF075-F41B-89DD-41F7-B90A6A01B8F8}" = Catalyst Control Center Graphics Full New
"{3D5044A5-97B8-45C0-B956-BB2376569188}" = Windows Live Movie Maker
"{3D5D6CFC-3097-425A-8D8F-7EAF5D57641D}" = Garmin USB Drivers
"{40B739E1-40CC-4F0D-9BA1-B75492FFA732}" = Super Nisqually!
"{42938595-0D83-404D-9F73-F8177FDD531A}" = ESScore
"{44453D07-5BDB-45F8-E3DF-20A7F76407D0}" = CCC Help Czech
"{4537EA4B-F603-4181-89FB-2953FC695AB1}" = netbrdg
"{466E1C7A-AEAF-2F55-26E2-A727B761AAB0}" = CCC Help Dutch
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50ED6ABB-078C-8B17-1181-DC6DDB4E52DC}" = Catalyst Control Center InstallProxy
"{5250BDEA-3EA9-441C-8233-9CBEC6A799BD}" = Garmin Express Tray
"{5316DFC9-CE99-4458-9AB3-E8726EDE0210}" = skin0001
"{56E55229-CBE7-211E-0CD1-AB3712AF177A}" = CCC Help Danish
"{56EC47AA-5813-4FF6-8E75-544026FBEA83}" = Apple Software Update
"{5CE2D957-59C2-4489-481E-2E38EAE59762}" = CCC Help Spanish
"{5DEB2BA0-0E1F-D5CB-A0C4-F738590BE973}" = Catalyst Control Center Core Implementation
"{605A4E39-613C-4A12-B56F-DEFBE6757237}" = SHASTA
"{608D2A3C-6889-4C11-9B54-A42F45ACBFDB}" = fflink
"{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}" = Google Update Helper
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{643EAE81-920C-4931-9F0B-4B343B225CA6}" = ESSBrwr
"{6675371D-22CD-F426-DC4C-9DDF594D0BBE}" = CCC Help Chinese Traditional
"{6839108F-BC82-30BC-776F-D635EDA2B3D4}" = CCC Help Russian
"{6B1ADEE1-1595-82C4-6FB9-97B65F68E9EE}" = CCC Help Swedish
"{6B206787-2964-D9D8-A1F6-7D98B6BCD7F9}" = CCC Help Hungarian
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73EFFD76-009E-A554-AA1F-106DBE475525}" = CCC Help French
"{775FCAEB-C804-02B9-135F-D9A189A1CCDC}" = CCC Help English
"{77D41B26-31DE-4EBA-F974-26D67B728FDB}" = CCC Help Turkish
"{788A0222-5690-4212-AA9C-C48FD0E1C9AE}" = Photo Notifier and Animation Creator
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{833FE2B0-DCD7-8995-6374-F69F1A84055F}" = CCC Help German
"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}" = Skype Click to Call
"{8943CE61-53BD-475E-90E1-A580869E98A2}" = staticcr
"{8A502E38-29C9-49FA-BCFA-D727CA062589}" = ESSTOOLS
"{8D0BED50-BD2B-5EBA-7F04-5513F1B9EC74}" = CCC Help Thai
"{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini
"{90140011-0066-0409-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - English
"{912D30CF-F39E-4B31-AD9A-123C6B794EE2}" = HP Update
"{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{98C7AEBC-350A-52D6-6886-76FB98C6A503}" = Catalyst Control Center Graphics Full Existing
"{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A0C18B96-AB79-46BD-8321-6FA83E6D25B9}" = Google Earth
"{A301896D-9F55-4492-B518-30EAC4C723E1}" = Super Collapse!
"{A33E7B0C-B99C-4EC9-B702-8A328B161AF9}" = Roxio Burn
"{A53F1B50-A664-4D28-92FE-DD5F507F34BC}" = Elevated Installer
"{A69D7B32-2BE9-42BF-B576-69B5E0FF7394}" = Catalyst Control Center - Branding
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software
"{AB73CF18-528A-4E18-83B2-380CD0BC8EA7}" = Calendar Creator
"{AC76BA86-0804-1033-1959-001824205020}" = Adobe Refresh Manager
"{AC76BA86-7AD7-1033-7B44-AC0F074E4100}" = Adobe Acrobat Reader DC
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AE1EC58E-B2AC-4959-A4C2-C38202A25239}" = Garmin WebUpdater
"{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK
"{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}" = OfotoXMI
"{B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}" = Roxio Burn
"{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore
"{BE6F906F-9F86-5CED-E122-8C6A162295B8}" = Skins
"{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem driver
"{CA6BCA2F-EDEB-408F-850B-31404BE16A61}" = I.R.I.S. OCR
"{ce085a78-074e-4823-8dc1-8a721b94b76d}" = Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005
"{D1B261D6-EBAE-4129-8EFB-C04E14DCEF6A}" = Garmin Express
"{D1E89604-DFBE-2DF8-BE82-A0076107AA32}" = CCC Help Finnish
"{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare software
"{D4B07658-F443-4445-A261-E643996E139D}" = Apple Application Support (32-bit)
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{d74c733b-9216-49f5-ae3a-14bf3a3d66f5}" = Garmin Express
"{DB02F716-6275-42E9-B8D2-83BA2BF5100B}" = SFR
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E50D9AC2-EB3C-3161-FF97-4E800D106D0E}" = CCC Help Norwegian
"{E65DADC9-D6B1-6706-41DE-FA19149869E5}" = Catalyst Control Center Graphics Light
"{EBF60699-3D2E-6677-D504-5B4846171C8E}" = ccc-core-static
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F4044E58-9707-2918-1DA9-D3E400F0B699}" = CCC Help Japanese
"{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}" = SKINXSDK
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F70ACEA1-05C5-6D98-9C0C-F3AD818E1E33}" = CCC Help Chinese Standard
"{F835D378-5073-8C86-70EF-9A3B739F9897}" = CCC Help Greek
"{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}" = Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005
"{F9593CFB-D836-49BC-BFF1-0E669A411D9F}" = WIRELESS
"{FCDB1C92-03C6-4C76-8625-371224256091}" = ESSPDock
"{FFD3A1EB-F550-3309-7AFE-17E4BB778423}" = Catalyst Control Center Localization All
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 23 ActiveX
"Adobe Flash Player NPAPI" = Adobe Flash Player 23 NPAPI
"Belarc Advisor" = Belarc Advisor 8.3
"CameraUserGuide-PSA1100IS" = Canon PowerShot A1100 IS Camera User Guide
"CameraWindowDC" = Canon Utilities CameraWindow DC
"CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
"CameraWindowLauncher" = Canon Utilities CameraWindow
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
"Dell Dock" = Dell Dock
"Google Chrome" = Google Chrome
"GoToAssist" = GoToAssist Corporate
"IncrediMail" = IncrediMail 2.5
"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware version 2.2.1.1043
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"MyCamera" = Canon Utilities MyCamera
"MyCameraDC" = Canon Utilities MyCamera DC
"NBRTWizard" = Norton Bootable Recovery Tool Wizard
"NS" = Norton Security
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010
"Personal Printing Guide" = Canon Personal Printing Guide
"Photo Notifier and Animation Creator" = Photo Notifier and Animation Creator
"PhotoStitch" = Canon Utilities PhotoStitch
"RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX
"SoftwareStarterGuide-DCSD40_46" = Canon Digital Camera Solution Disk 40-46 Software Starter Guide
"VzInHomeAgent" = Vz In-Home Agent
"WebPost" = Microsoft Web Publishing Wizard 1.52
"WinLiveSuite_Wave3" = Windows Live Essentials
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 10/29/2016 4:14:52 PM | Computer Name = Howard-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2527
 
Error - 10/29/2016 4:15:03 PM | Computer Name = Howard-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 10/29/2016 4:15:03 PM | Computer Name = Howard-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 12667
 
Error - 10/29/2016 4:15:03 PM | Computer Name = Howard-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 12667
 
Error - 10/31/2016 2:29:37 PM | Computer Name = Howard-PC | Source = Application Hang | ID = 1002
Description = The program IEXPLORE.EXE version 11.0.9600.18450 stopped interacting
 with Windows and was closed. To see if more information about the problem is available,
 check the problem history in the Action Center control panel.    Process ID: 179c    Start
 Time: 01d233a0a7fe1389    Termination Time: 37    Application Path: C:\Program Files (x86)\Internet
 Explorer\IEXPLORE.EXE    Report Id:  
 
Error - 10/31/2016 3:04:42 PM | Computer Name = Howard-PC | Source = Application Error | ID = 1000
Description = Faulting application name: IEXPLORE.EXE, version: 11.0.9600.18450,
 time stamp: 0x57c77728  Faulting module name: MSHTML.dll, version: 11.0.9600.18450,
 time stamp: 0x57c79ab7  Exception code: 0xc0000005  Fault offset: 0x003f5bf9  Faulting
 process id: 0x1610  Faulting application start time: 0x01d233a4bc521b9c  Faulting application
 path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE  Faulting module path:
 C:\Windows\system32\MSHTML.dll  Report Id: e0d125ec-9f9c-11e6-a65e-b8ac6fc07b3a
 
Error - 11/2/2016 6:42:28 PM | Computer Name = Howard-PC | Source = Application Hang | ID = 1002
Description = The program googleearth.exe version 7.1.7.2606 stopped interacting
 with Windows and was closed. To see if more information about the problem is available,
 check the problem history in the Action Center control panel.    Process ID: ad8    Start
 Time: 01d2355a47877ebf    Termination Time: 25    Application Path: C:\Program Files (x86)\Google\Google
 Earth\client\googleearth.exe    Report Id: 9ea305a8-a14d-11e6-a1e2-b8ac6fc07b3a 
 
Error - 11/6/2016 8:42:51 AM | Computer Name = Howard-PC | Source = Application Error | ID = 1000
Description = Faulting application name: IEXPLORE.EXE, version: 11.0.9600.18450,
 time stamp: 0x57c77728  Faulting module name: atiumdva.dll, version: 8.14.10.308,
 time stamp: 0x4dae373c  Exception code: 0xc0000005  Fault offset: 0x00007b65  Faulting
 process id: 0x7c0  Faulting application start time: 0x01d2382996fe49c5  Faulting application
 path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE  Faulting module path:
 C:\Windows\system32\atiumdva.dll  Report Id: 8751bd96-a41e-11e6-a17c-b8ac6fc07b3a
 
Error - 11/7/2016 5:51:14 PM | Computer Name = Howard-PC | Source = Application Error | ID = 1000
Description = Faulting application name: IEXPLORE.EXE, version: 11.0.9600.18450,
 time stamp: 0x57c77728  Faulting module name: MSHTML.dll, version: 11.0.9600.18450,
 time stamp: 0x57c79ab7  Exception code: 0xc0000005  Fault offset: 0x003f5bf9  Faulting
 process id: 0x72c  Faulting application start time: 0x01d2393f51b360dc  Faulting application
 path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE  Faulting module path:
 C:\Windows\system32\MSHTML.dll  Report Id: 4d775091-a534-11e6-b899-b8ac6fc07b3a
 
Error - 11/7/2016 7:37:23 PM | Computer Name = Howard-PC | Source = Application Error | ID = 1000
Description = Faulting application name: IEXPLORE.EXE, version: 11.0.9600.18450,
 time stamp: 0x57c77728  Faulting module name: MSHTML.dll, version: 11.0.9600.18450,
 time stamp: 0x57c79ab7  Exception code: 0xc0000005  Fault offset: 0x003f5bf9  Faulting
 process id: 0xa48  Faulting application start time: 0x01d2394115c55a7f  Faulting application
 path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE  Faulting module path:
 C:\Windows\system32\MSHTML.dll  Report Id: 21a5b10d-a543-11e6-b899-b8ac6fc07b3a
 
[ Dell Events ]
Error - 8/8/2013 5:43:42 PM | Computer Name = Howard-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.
 
Error - 8/9/2013 7:48:33 PM | Computer Name = Howard-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.
 
Error - 8/9/2013 7:48:34 PM | Computer Name = Howard-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.
 
Error - 8/11/2013 8:07:07 PM | Computer Name = Howard-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.
 
Error - 8/11/2013 8:07:07 PM | Computer Name = Howard-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.
 
Error - 8/12/2013 11:27:00 PM | Computer Name = Howard-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.
 
Error - 8/12/2013 11:27:00 PM | Computer Name = Howard-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.
 
Error - 10/13/2013 4:47:20 PM | Computer Name = Howard-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.
 
Error - 10/13/2013 4:47:20 PM | Computer Name = Howard-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.
 
Error - 7/27/2014 9:21:09 AM | Computer Name = Howard-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.
 
[ Media Center Events ]
Error - 8/25/2016 3:41:03 PM | Computer Name = Howard-PC | Source = MCUpdate | ID = 0
Description = 3:41:03 PM - Failed to retrieve nettv (Error: PackageName is invalid.)

 
Error - 8/26/2016 9:23:31 PM | Computer Name = Howard-PC | Source = MCUpdate | ID = 0
Description = 9:23:30 PM - Failed to retrieve nettv (Error: PackageName is invalid.)

 
Error - 8/27/2016 9:56:29 AM | Computer Name = Howard-PC | Source = MCUpdate | ID = 0
Description = 9:56:29 AM - Failed to retrieve nettv (Error: PackageName is invalid.)

 
Error - 8/27/2016 12:37:45 PM | Computer Name = Howard-PC | Source = MCUpdate | ID = 0
Description = 12:37:45 PM - Failed to retrieve nettv (Error: PackageName is invalid.)

 
Error - 8/28/2016 10:45:35 AM | Computer Name = Howard-PC | Source = MCUpdate | ID = 0
Description = 10:45:35 AM - Failed to retrieve nettv (Error: PackageName is invalid.)

 
Error - 8/28/2016 1:54:55 PM | Computer Name = Howard-PC | Source = MCUpdate | ID = 0
Description = 1:54:55 PM - Failed to retrieve nettv (Error: PackageName is invalid.)

 
Error - 8/29/2016 10:58:28 AM | Computer Name = Howard-PC | Source = MCUpdate | ID = 0
Description = 10:58:28 AM - Failed to retrieve nettv (Error: PackageName is invalid.)

 
Error - 8/29/2016 4:15:29 PM | Computer Name = Howard-PC | Source = MCUpdate | ID = 0
Description = 4:15:29 PM - Failed to retrieve nettv (Error: PackageName is invalid.)

 
Error - 8/30/2016 6:06:51 PM | Computer Name = Howard-PC | Source = MCUpdate | ID = 0
Description = 6:06:51 PM - Failed to retrieve nettv (Error: PackageName is invalid.)

 
Error - 8/31/2016 4:20:23 PM | Computer Name = Howard-PC | Source = MCUpdate | ID = 0
Description = 4:20:23 PM - Failed to retrieve nettv (Error: PackageName is invalid.)

 
[ System Events ]
Error - 11/8/2016 12:53:23 PM | Computer Name = Howard-PC | Source = Service Control Manager | ID = 7034
Description = The Client Virtualization Handler service terminated unexpectedly.
  It has done this 1 time(s).
 
Error - 11/8/2016 12:53:23 PM | Computer Name = Howard-PC | Source = Service Control Manager | ID = 7031
Description = The Windows Search service terminated unexpectedly.  It has done this
 1 time(s).  The following corrective action will be taken in 30000 milliseconds:
 Restart the service.
 
Error - 11/8/2016 12:53:23 PM | Computer Name = Howard-PC | Source = Service Control Manager | ID = 7031
Description = The Windows Media Player Network Sharing Service service terminated
 unexpectedly.  It has done this 1 time(s).  The following corrective action will
 be taken in 30000 milliseconds: Restart the service.
 
Error - 11/8/2016 12:53:23 PM | Computer Name = Howard-PC | Source = Service Control Manager | ID = 7034
Description = The Office Software Protection Platform service terminated unexpectedly.
  It has done this 1 time(s).
 
Error - 11/8/2016 12:53:26 PM | Computer Name = Howard-PC | Source = Service Control Manager | ID = 7034
Description = The Application Virtualization Client service terminated unexpectedly.
  It has done this 1 time(s).
 
Error - 11/8/2016 12:53:53 PM | Computer Name = Howard-PC | Source = Service Control Manager | ID = 7038
Description = The WSearch service was unable to log on as NT AUTHORITY\SYSTEM with
 the currently configured password due to the following error:   %%50    To ensure that
 the service is configured properly, use the Services snap-in in Microsoft Management
 Console (MMC).
 
Error - 11/8/2016 12:53:53 PM | Computer Name = Howard-PC | Source = Service Control Manager | ID = 7000
Description = The Windows Search service failed to start due to the following error:
   %%1069
 
Error - 11/8/2016 12:53:53 PM | Computer Name = Howard-PC | Source = Service Control Manager | ID = 7038
Description = The WMPNetworkSvc service was unable to log on as NT AUTHORITY\NetworkService
 with the currently configured password due to the following error:   %%50    To ensure
 that the service is configured properly, use the Services snap-in in Microsoft
Management Console (MMC).
 
Error - 11/8/2016 12:53:53 PM | Computer Name = Howard-PC | Source = Service Control Manager | ID = 7000
Description = The Windows Media Player Network Sharing Service service failed to
 start due to the following error:   %%1069
 
Error - 11/8/2016 3:22:45 PM | Computer Name = Howard-PC | Source = DCOM | ID = 10010
Description =
 
 
< End of report >

Share this post


Link to post
Share on other sites

I did get the second file to paste  I did see  run fix on  one of the tabs after the file ran.  you don't want me to hit that, do yo

 

Edited by hpg3

Share this post


Link to post
Share on other sites

OTL logfile created on: 11/8/2016 3:52:10 PM - Run 1

OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Howard\Downloads

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.11.9600.18449)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

 

5.75 Gb Total Physical Memory | 3.54 Gb Available Physical Memory | 61.57% Memory free

11.50 Gb Paging File | 8.81 Gb Available in Paging File | 76.67% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 455.84 Gb Total Space | 394.77 Gb Free Space | 86.60% Space Free | Partition Type: NTFS

Drive J: | 7.45 Gb Total Space | 4.69 Gb Free Space | 63.01% Space Free | Partition Type: FAT32

 

Computer Name: HOWARD-PC | User Name: Howard | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 

========== Processes (SafeList) ==========

 

PRC - File not found --

PRC - [2016/11/08 15:50:46 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Howard\Downloads\OTL.com

PRC - [2016/10/21 19:02:44 | 000,082,128 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

PRC - [2016/09/23 21:23:21 | 000,289,080 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Security\Engine\22.8.0.50\ns.exe

PRC - [2016/07/28 15:57:52 | 000,288,920 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.31.5\GoogleCrashHandler.exe

PRC - [2016/05/03 15:20:07 | 000,308,336 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe

PRC - [2014/10/08 17:18:56 | 000,211,104 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

PRC - [2014/10/08 17:18:50 | 000,534,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

PRC - [2013/08/10 13:10:33 | 000,444,840 | ---- | M] (IncrediMail, Ltd.) -- C:\Program Files (x86)\IncrediMail\Bin\IncMail.exe

PRC - [2013/08/10 13:10:33 | 000,297,384 | ---- | M] (IncrediMail, Ltd.) -- C:\Program Files (x86)\IncrediMail\Bin\ImApp.exe

PRC - [2010/08/20 18:53:08 | 000,689,472 | ---- | M] (SoftThinks SAS) -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe

PRC - [2010/02/28 01:33:14 | 000,077,664 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\OFFICEVIRT.EXE

PRC - [2009/06/09 09:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe

 

 

========== Modules (No Company Name) ==========

 

MOD - [2013/08/10 13:10:34 | 000,072,104 | ---- | M] () -- C:\Program Files (x86)\IncrediMail\Bin\wlessfp1.dll

MOD - [2013/08/10 13:10:33 | 000,272,808 | ---- | M] () -- C:\Program Files (x86)\IncrediMail\Bin\ImLookExU.dll

MOD - [2013/08/10 13:10:33 | 000,133,544 | ---- | M] () -- C:\Program Files (x86)\IncrediMail\Bin\ImComUtlU.dll

MOD - [2013/08/10 13:10:33 | 000,080,296 | ---- | M] () -- C:\Program Files (x86)\IncrediMail\Bin\ImAppRU.dll

MOD - [2013/08/10 13:10:33 | 000,033,128 | ---- | M] () -- C:\Program Files (x86)\IncrediMail\Bin\IMHttpComm.dll

MOD - [2013/07/18 21:16:16 | 000,108,888 | ---- | M] () -- C:\Program Files (x86)\IncrediMail\Bin\PMC.dll

MOD - [2010/02/28 01:33:14 | 000,077,664 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\OFFICEVIRT.EXE

 

 

========== Services (SafeList) ==========

 

SRV:64bit: - [2016/08/31 19:11:19 | 000,114,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)

SRV:64bit: - [2015/04/27 14:23:32 | 001,254,400 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\SysNative\diagtrack.dll -- (DiagTrack)

SRV:64bit: - [2013/05/27 00:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV:64bit: - [2011/04/20 01:04:20 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\WINDOWS\SysNative\atiesrxx.exe -- (AMD External Events Utility)

SRV:64bit: - [2009/06/09 09:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)

SRV - [2016/10/26 16:42:16 | 000,270,016 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2016/10/25 10:37:48 | 000,985,616 | ---- | M] (Garmin Ltd. or its subsidiaries) [On_Demand | Stopped] -- C:\Program Files

Share this post


Link to post
Share on other sites

(x86)\Garmin\Device Interaction Service\GarminService.exe -- (Garmin Device Interaction Service)

SRV - [2016/10/21 19:02:44 | 000,082,128 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)

SRV - [2016/09/23 21:23:21 | 000,289,080 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Security\Engine\22.8.0.50\NS.exe -- (NS)

SRV - [2015/02/18 19:11:32 | 000,315,488 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)

SRV - [2014/10/08 17:18:56 | 000,211,104 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)

SRV - [2014/10/08 17:18:50 | 000,534,184 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)

SRV - [2014/04/11 22:08:08 | 000,103,608 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2014/03/20 17:49:18 | 000,067,224 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

SRV - [2013/08/10 13:56:09 | 000,013,720 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Citrix\GoToAssist\896\g2aservice.exe -- (GoToAssist)

SRV - [2010/08/20 18:53:08 | 000,689,472 | ---- | M] (SoftThinks SAS) [Auto | Running] -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe -- (SftService)

 

 

========== Driver Services (SafeList) ==========

 

DRV:64bit: - [2016/10/17 15:05:15 | 000,100,592 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)

DRV:64bit: - [2016/09/23 12:05:27 | 000,567,512 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\SysNative\drivers\NSx64\1608000.032\symnets.sys -- (SymNetS)

DRV:64bit: - [2016/09/23 12:04:19 | 001,628,888 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\SysNative\drivers\NSx64\1608000.032\symefasi64.sys -- (SymEFASI)

DRV:64bit: - [2016/09/23 12:00:16 | 000,289,520 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\SysNative\drivers\NSx64\1608000.032\ironx64.sys -- (SymIRON)

DRV:64bit: - [2016/09/23 11:59:13 | 000,784,624 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\NSx64\1608000.032\srtsp64.sys -- (SRTSP)

DRV:64bit: - [2016/09/23 11:59:13 | 000,049,400 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\SysNative\drivers\NSx64\1608000.032\srtspx64.sys -- (SRTSPX)

DRV:64bit: - [2016/06/01 22:34:17 | 000,174,328 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\SysNative\drivers\NSx64\1608000.032\ccsetx64.sys -- (ccSet_NS)

DRV:64bit: - [2014/10/08 17:18:54 | 000,273,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\Sftplaylh.sys -- (Sftplay)

DRV:64bit: - [2014/10/08 17:18:54 | 000,029,352 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\Sftredirlh.sys -- (Sftredir)

DRV:64bit: - [2014/10/08 17:18:54 | 000,023,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\Sftvollh.sys -- (Sftvol)

DRV:64bit: - [2014/10/08 17:18:50 | 000,766,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\Sftfslh.sys -- (Sftfs)

DRV:64bit: - [2013/03/31 17:32:04 | 000,082,600 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\amd_sata.sys -- (amd_sata)

DRV:64bit: - [2013/03/31 17:32:04 | 000,042,664 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\amd_xata.sys -- (amd_xata)

DRV:64bit: - [2012/07/26 07:32:08 | 000,307,968 | ---- | M] (D-vitec) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\dvitdcnt.sys -- (D-Vitec)

DRV:64bit: - [2012/07/26 00:32:22 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)

DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)

DRV:64bit: - [2011/04/20 01:44:50 | 009,319,936 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\atikmdag.sys -- (atikmdag)

DRV:64bit: - [2011/04/20 01:44:50 | 009,319,936 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\atikmdag.sys -- (amdkmdag)

DRV:64bit: - [2011/04/20 00:22:34 | 000,306,176 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\atikmpag.sys -- (amdkmdap)

DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2010/11/20 04:33:36 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2010/11/20 02:07:06 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV:64bit: - [2010/11/11 00:11:52 | 000,141,384 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\sscdserd.sys -- (sscdserd)

Share this post


Link to post
Share on other sites

DRV:64bit: - [2010/11/11 00:11:50 | 000,172,104 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\sscdmdm.sys -- (sscdmdm)

DRV:64bit: - [2010/11/11 00:11:50 | 000,136,264 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\sscdbus.sys -- (sscdbus)

DRV:64bit: - [2010/11/11 00:11:50 | 000,019,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\sscdmdfl.sys -- (sscdmdfl)

DRV:64bit: - [2010/09/06 16:26:36 | 000,265,728 | ---- | M] (AVEO Corp) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\AVEOdcnt.sys -- (AVEO)

DRV:64bit: - [2009/10/01 01:34:30 | 000,121,872 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)

DRV:64bit: - [2009/08/06 07:43:58 | 000,320,040 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\k57nd60a.sys -- (k57nd60a)

DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009/07/09 03:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)

DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV:64bit: - [2009/05/05 13:00:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\AtiPcie.sys -- (AtiPcie)

DRV:64bit: - [2008/11/11 12:42:00 | 000,033,792 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\lgx64modem.sys -- (USBModem)

DRV:64bit: - [2008/11/11 12:42:00 | 000,027,136 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\lgx64diag.sys -- (UsbDiag)

DRV:64bit: - [2008/11/11 12:42:00 | 000,017,920 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\lgx64bus.sys -- (usbbus)

DRV:64bit: - [2006/11/01 12:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\WimFltr.sys -- (WimFltr)

DRV - [2016/10/28 15:01:01 | 001,012,952 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Norton Security\NortonData\22.5.0.124\Definitions\IPSDefs\20161107.001\IDSviA64.sys -- (IDSVia64)

DRV - [2016/10/04 13:16:01 | 000,497,368 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)

DRV - [2016/10/04 13:16:01 | 000,156,888 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)

DRV - [2016/09/07 15:26:54 | 001,854,712 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Norton Security\NortonData\22.5.0.124\Definitions\BASHDefs\20161102.001\BHDrvx64.sys -- (BHDrvx64)

DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\SysWOW64\drivers\wimmount.sys -- (WIMMount)

 

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}

IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE:64bit: - HKLM\..\SearchScopes\{EDDB42BC-9E18-4D95-AB9B-8FD2B15B5CD9}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKLM\..\SearchScopes\{5FDFB204-9CF0-46DE-B287-BEBCE2D873E3}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox

IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

 

 

IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =

Share this post


Link to post
Share on other sites

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

 

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

 

IE - HKU\S-1-5-21-16268802-1566341955-461656969-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/

IE - HKU\S-1-5-21-16268802-1566341955-461656969-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US

IE - HKU\S-1-5-21-16268802-1566341955-461656969-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 72 04 50 5B 81 ED D0 01  [binary data]

IE - HKU\S-1-5-21-16268802-1566341955-461656969-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page_TIMESTAMP = E7 B4 BE 08 CB 95 D1 01  [binary data]

IE - HKU\S-1-5-21-16268802-1566341955-461656969-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SyncHomePage Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy = Reg Error: Value error.

IE - HKU\S-1-5-21-16268802-1566341955-461656969-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\S-1-5-21-16268802-1566341955-461656969-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02

IE - HKU\S-1-5-21-16268802-1566341955-461656969-1000\..\SearchScopes\{260231E7-2071-4156-A136-BA08B5892000}: "URL" = https://search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default

IE - HKU\S-1-5-21-16268802-1566341955-461656969-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKU\S-1-5-21-16268802-1566341955-461656969-1000\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = https://nortonsafe.search.ask.com/web?q={searchTerms}&o=APN11913&l=dis&prt=NS&chn=1000&geo=US&ver=22&locale=en_US&guid=F3289CFD-94B3-4714-9D33-050C22617C52&doi=2016-09-01&gct=kwd&qsrc=2869

IE - HKU\S-1-5-21-16268802-1566341955-461656969-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-16268802-1566341955-461656969-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

 

 

========== FireFox ==========

 

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_23_0_0_205.dll File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=11.111.2: C:\Program Files\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=11.111.2: C:\Program Files\Java\jre1.8.0_111\bin\plugin2\npjp2.dll (Oracle Corporation)

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_23_0_0_205.dll ()

FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files (x86)\Canon\ZoomBrowser EX\Program\NPCIG.dll (CANON INC.)

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=11.111.2: C:\Program Files (x86)\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=11.111.2: C:\Program Files (x86)\Java\jre1.8.0_111\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

 

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{C1A2A613-35F1-4FCF-B27F-2840527B6556}: C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.5.0.124\COFFADDON\ [2016/10/17 18:06:24 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{C1A2A613-35F1-4FCF-B27F-2840527B6556}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.5.0.124\coFFAddon\ [2016/10/17 18:06:24 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\McAfee\MSK

 

[2014/07/05 12:56:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Howard\AppData\Roaming\Mozilla\Extensions

 

Share this post


Link to post
Share on other sites

========== Chrome  ==========

 

CHR - Extension: No name found = C:\Users\Howard\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\

CHR - Extension: No name found = C:\Users\Howard\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\

CHR - Extension: No name found = C:\Users\Howard\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\

CHR - Extension: No name found = C:\Users\Howard\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd\15.1120.0.4_0\

CHR - Extension: No name found = C:\Users\Howard\AppData\Local\Google\Chrome\User Data\Default\Extensions\ccnfinpfichedahfpkjopilbkingahem\2.0.0.28_0\

CHR - Extension: No name found = C:\Users\Howard\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe\2015.7.1.12_0\

CHR - Extension: No name found = C:\Users\Howard\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.60_0\

CHR - Extension: No name found = C:\Users\Howard\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehehgijaidopomcfpkigakimeoglkjpa\2.0.1.28_0\

CHR - Extension: No name found = C:\Users\Howard\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehngjfcoagpidhngidmiiomeakpampjh\1.0.0.8_0\

CHR - Extension: No name found = C:\Users\Howard\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkkcgfbgohboipdhliafmacjnhjbhmim\0.0.0.6_0\

CHR - Extension: No name found = C:\Users\Howard\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_0\

CHR - Extension: No name found = C:\Users\Howard\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif\1.0.5_0\

CHR - Extension: No name found = C:\Users\Howard\AppData\Local\Google\Chrome\User Data\Default\Extensions\jninklaodadoeedinndhhlcflpmagfhd\1.27_0\

CHR - Extension: No name found = C:\Users\Howard\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\8.5.0.9167_0\

CHR - Extension: No name found = C:\Users\Howard\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\

CHR - Extension: No name found = C:\Users\Howard\AppData\Local\Google\Chrome\User Data\Default\Extensions\omenbmgpkbkmloombbdefdpfcclpcjdk\1.0.0_0\

CHR - Extension: No name found = C:\Users\Howard\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\

CHR - Extension: No name found = C:\Users\Howard\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5316.725.0.15_1\

 

O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\WINDOWS\SysNative\drivers\etc\hosts

O2:64bit: - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security\Engine64\22.8.0.50\coieplg.dll (Symantec Corporation)

O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_111\bin\ssv.dll (Oracle Corporation)

O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_111\bin\jp2ssv.dll (Oracle Corporation)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security\Engine\22.8.0.50\coIEPlg.dll (Symantec Corporation)

O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_111\bin\ssv.dll (Oracle Corporation)

O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_111\bin\jp2ssv.dll (Oracle Corporation)

O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O3:64bit: - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security\Engine64\22.8.0.50\coieplg.dll (Symantec Corporation)

O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security\Engine\22.8.0.50\coIEPlg.dll (Symantec Corporation)

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3:64bit: - HKU\S-1-5-21-16268802-1566341955-461656969-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O3:64bit: - HKU\S-1-5-21-16268802-1566341955-461656969-1000\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security\Engine64\22.8.0.50\coieplg.dll (Symantec Corporation)

O3 - HKU\S-1-5-21-16268802-1566341955-461656969-1000\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security\Engine\22.8.0.50\coIEPlg.dll (Symantec Corporation)

Share this post


Link to post
Share on other sites

O4 - HKLM..\Run: []  File not found

O4 - HKU\.DEFAULT..\Run: [GarminExpressTrayApp] C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe (Garmin Ltd. or its subsidiaries)

O4 - HKU\S-1-5-18..\Run: [GarminExpressTrayApp] C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe (Garmin Ltd. or its subsidiaries)

O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-21-16268802-1566341955-461656969-1000..\Run: [IncrediMail] C:\Program Files (x86)\IncrediMail\bin\IncMail.exe (IncrediMail, Ltd.)

O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk =  File not found

O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk =  File not found

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O9:64bit: - Extra Button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print\SmartPrintSetup.exe (Hewlett-Packard)

O9:64bit: - Extra 'Tools' menuitem : HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print\SmartPrintSetup.exe (Hewlett-Packard)

O9 - Extra Button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print\SmartPrintSetup.exe (Hewlett-Packard)

O9 - Extra 'Tools' menuitem : HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print\SmartPrintSetup.exe (Hewlett-Packard)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

O1364bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://oas.support.microsoft.com/ActiveX/MSDcode.cab (Microsoft Data Collection Control)

O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://www.pcpitstop.com/betapit/PCPitStop.CAB (PCPitstop Utility)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O16 - DPF: Garmin Communicator Plug-In https://static.garmincdn.com/gcp/ie/4.2.0.0/GarminAxControl_32.CAB (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A41C7912-4B27-4591-BBB2-02F2998AF13A}: DhcpNameServer = 192.168.1.1

O18:64bit: - Protocol\Handler\belarc - No CLSID value found

O18:64bit: - Protocol\Handler\livecall - No CLSID value found

O18:64bit: - Protocol\Handler\msnim - No CLSID value found

O18:64bit: - Protocol\Handler\skype4com - No CLSID value found

O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found

O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll (Belarc, Inc.)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\WINDOWS\SysNative\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)

O20:64bit: - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files (x86)\Citrix\GoToAssist\896\G2AWinLogon_x64.dll) - C:\Program Files (x86)\Citrix\GoToAssist\896\g2awinlogon_x64.dll (Citrix Online, a division of Citrix Systems, Inc.)

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2011/08/04 18:13:52 | 000,000,110 | -H-- | M] () - J:\autorun.inf -- [ FAT32 ]

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

 

========== Files/Folders - Created Within 30 Days ==========

 

[2016/11/08 10:53:11 | 000,192,216 | ---- | C] (Malwarebytes) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys

[2016/11/08 10:53:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

[2016/11/08 10:52:59 | 000,140,672 | ---- | C] (Malwarebytes) -- C:\Windows\SysNative\drivers\mbamchameleon.sys

[2016/11/08 10:52:59 | 000,064,896 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mwac.sys

[2016/11/08 10:52:59 | 000,027,008 | ---- | C] (Malwarebytes) -- C:\Windows\SysNative\drivers\mbam.sys

Share this post


Link to post
Share on other sites

[2016/11/08 10:52:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes Anti-Malware

[2016/10/31 20:04:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth

[2016/10/24 17:55:48 | 000,142,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\poqexec.exe

[2016/10/24 17:55:48 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\poqexec.exe

[2016/10/22 17:22:31 | 000,110,144 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-64.dll

[2016/10/22 17:22:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java

[2016/10/16 14:04:07 | 000,000,000 | ---D | C] -- C:\Users\Howard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

 

========== Files - Modified Within 30 Days ==========

 

[2016/11/08 15:42:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2016/11/08 15:06:18 | 000,022,464 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2016/11/08 15:06:18 | 000,022,464 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2016/11/08 15:05:25 | 000,783,424 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2016/11/08 15:05:25 | 000,662,836 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2016/11/08 15:05:25 | 000,122,446 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2016/11/08 15:03:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2016/11/08 14:58:17 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2016/11/08 14:58:08 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2016/11/08 14:58:02 | 334,737,407 | -HS- | M] () -- C:\hiberfil.sys

[2016/11/08 11:20:34 | 000,192,216 | ---- | M] (Malwarebytes) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys

[2016/11/08 10:53:03 | 000,001,100 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2016/11/08 09:05:45 | 000,415,603 | ---- | M] () -- C:\Windows\SysNative\drivers\NSx64\1608000.032\VT20161108.005

[2016/11/06 10:30:58 | 000,001,284 | ---- | M] () -- C:\Users\Howard\Desktop\Norton Installation Files.lnk

[2016/11/05 09:59:31 | 000,007,605 | ---- | M] () -- C:\Users\Howard\AppData\Local\Resmon.ResmonCfg

[2016/11/03 18:05:13 | 000,002,185 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk

[2016/10/31 20:04:51 | 000,002,146 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk

[2016/10/26 16:42:15 | 000,796,352 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe

[2016/10/26 16:42:15 | 000,142,528 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

[2016/10/24 18:20:00 | 002,291,393 | ---- | M] () -- C:\Windows\SysNative\drivers\NSx64\1608000.032\Cat.DB

[2016/10/24 13:56:27 | 000,410,638 | ---- | M] () -- C:\Windows\SysNative\drivers\NSx64\1608000.032\VT20161024.005

[2016/10/22 17:21:39 | 000,110,144 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-64.dll

[2016/10/22 17:21:39 | 000,110,144 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\WindowsAccessBridge-64.dll

[2016/10/22 17:20:58 | 000,097,856 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll

[2016/10/22 16:27:04 | 000,370,191 | ---- | M] () -- C:\Users\Howard\Documents\Scan.pdf

[2016/10/18 06:16:22 | 000,410,638 | ---- | M] () -- C:\Windows\SysNative\drivers\NSx64\1608000.032\VT20161018.006

[2016/10/17 18:12:36 | 000,157,329 | ---- | M] () -- C:\Users\Howard\Documents\Scan0002.pdf

[2016/10/17 18:07:39 | 000,156,709 | ---- | M] () -- C:\Users\Howard\Documents\Scan0001.pdf

[2016/10/17 18:05:49 | 000,002,294 | ---- | M] () -- C:\Users\Public\Desktop\Norton Security.lnk

[2016/10/17 15:05:15 | 000,100,592 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS

[2016/10/17 15:05:15 | 000,008,319 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT

[2016/10/17 15:05:15 | 000,000,854 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

 

========== Files Created - No Company Name ==========

 

[2016/11/08 10:53:03 | 000,001,100 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2016/11/06 10:30:58 | 000,001,284 | ---- | C] () -- C:\Users\Howard\Desktop\Norton Installation Files.lnk

[2016/10/31 20:04:51 | 000,002,146 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk

[2016/10/22 16:27:03 | 000,370,191 | ---- | C] () -- C:\Users\Howard\Documents\Scan.pdf

[2016/10/17 18:12:36 | 000,157,329 | ---- | C] () -- C:\Users\Howard\Documents\Scan0002.pdf

[2016/10/17 18:07:39 | 000,156,709 | ---- | C] () -- C:\Users\Howard\Documents\Scan0001.pdf

[2015/07/24 12:05:10 | 000,312,320 | ---- | C] () -- C:\Users\Howard\Calender  Kitchen 2.bcc

[2015/02/28 14:21:05 | 000,000,288 | ---- | C] () -- C:\Users\Howard\AppData\Roaming\.backup.dm

[2015/02/05 16:29:53 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\MFC_InstDrvDLL.dll

[2014/12/21 13:13:23 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini

[2014/01/02 18:30:27 | 000,007,605 | ---- | C] () -- C:\Users\Howard\AppData\Local\Resmon.ResmonCfg

[2013/08/10 13:55:58 | 000,103,832 | ---- | C] () -- C:\Users\Howard\GoToAssistDownloadHelper.exe

[2013/08/10 13:15:07 | 000,005,632 | ---- | C] () -- C:\Users\Howard\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

 

========== ZeroAccess Check ==========

 

[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

 

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

 

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

Share this post


Link to post
Share on other sites

This is all   I need a drink

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

"" = C:\WINDOWS\SysNative\shell32.dll -- [2015/08/06 13:04:07 | 014,176,768 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2015/08/06 12:44:51 | 012,875,776 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64

"" = C:\WINDOWS\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 03:19:04 | 000,606,208 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64

"" = C:\WINDOWS\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

 

========== Purity Check ==========

 

 

 

========== Alternate Data Streams ==========

 

@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:373E1720

 

< End of report >

Share this post


Link to post
Share on other sites

Ok .... now we are getting somewhere !! I can work with this !!

Be back with a OTL fix shortly !

Share this post


Link to post
Share on other sites

Sorry but i have to read threw every thing to type a fix !!

I need you to remove this Program in the Control Panel first thing  >>>  PCPitstop Utility

 

We need to Run an OTL fix !!
Warning This fix is only relevant for this system and no other, using on another computer may cause problems.

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

    * Double-click OTL.exe to start the program. This is the OTL program i had you download !!!
    * Copy and Paste the following code into the text box of the OTL tool/program ! Start with and include the colon plus  :OTL
Copy everthing in RED and Paste into the box in the OTL program !! Pic of where to Paste fix then click Run >>> http://smg.photobucket.com/user/flashh4/media/Paste OTL script here.png.html

:OTL
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE:64bit: - HKLM\..\SearchScopes\{EDDB42BC-9E18-4D95-AB9B-8FD2B15B5CD9}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{5FDFB204-9CF0-46DE-B287-BEBCE2D873E3}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-16268802-1566341955-461656969-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-16268802-1566341955-461656969-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02
IE - HKU\S-1-5-21-16268802-1566341955-461656969-1000\..\SearchScopes\{260231E7-2071-4156-A136-BA08B5892000}: "URL" = https://search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
IE - HKU\S-1-5-21-16268802-1566341955-461656969-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\S-1-5-21-16268802-1566341955-461656969-1000\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = https://nortonsafe.search.ask.com/web?q={searchTerms}&o=APN11913&l=dis&prt=NS&chn=1000&geo=US&ver=22&locale=en_US&guid=F3289CFD-94B3-4714-9D33-050C22617C52&doi=2016-09-01&gct=kwd&qsrc=2869
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_23_0_0_205.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
[2014/07/05 12:56:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Howard\AppData\Roaming\Mozilla\Extensions
CHR - Extension: No name found = C:\Users\Howard\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\
CHR - Extension: No name found = C:\Users\Howard\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\
CHR - Extension: No name found = C:\Users\Howard\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\
CHR - Extension: No name found = C:\Users\Howard\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd\15.1120.0.4_0\
CHR - Extension: No name found = C:\Users\Howard\AppData\Local\Google\Chrome\User Data\Default\Extensions\ccnfinpfichedahfpkjopilbkingahem\2.0.0.28_0\
CHR - Extension: No name found = C:\Users\Howard\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe\2015.7.1.12_0\
CHR - Extension: No name found = C:\Users\Howard\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.60_0\
CHR - Extension: No name found = C:\Users\Howard\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehehgijaidopomcfpkigakimeoglkjpa\2.0.1.28_0\
CHR - Extension: No name found = C:\Users\Howard\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehngjfcoagpidhngidmiiomeakpampjh\1.0.0.8_0\
CHR - Extension: No name found = C:\Users\Howard\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkkcgfbgohboipdhliafmacjnhjbhmim\0.0.0.6_0\
CHR - Extension: No name found = C:\Users\Howard\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_0\
CHR - Extension: No name found = C:\Users\Howard\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif\1.0.5_0\
CHR - Extension: No name found = C:\Users\Howard\AppData\Local\Google\Chrome\User Data\Default\Extensions\jninklaodadoeedinndhhlcflpmagfhd\1.27_0\
CHR - Extension: No name found = C:\Users\Howard\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\8.5.0.9167_0\
CHR - Extension: No name found = C:\Users\Howard\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\
CHR - Extension: No name found = C:\Users\Howard\AppData\Local\Google\Chrome\User Data\Default\Extensions\omenbmgpkbkmloombbdefdpfcclpcjdk\1.0.0_0\
CHR - Extension: No name found = C:\Users\Howard\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\
CHR - Extension: No name found = C:\Users\Howard\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5316.725.0.15_1\   
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: []  File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found  
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk =  File not found
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk =  File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O18:64bit: - Protocol\Handler\belarc - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:373E1720

 


 
:Commands

[emptyjava]
[emptyflash]
[EMPTYTEMP]
[RESETHOSTS]
[CREATERESTOREPOINT]
[Reboot]


# Then click the Run Fix button at the top.
# Click http://img.photobucket.com/albums/v317/flashh4/btnOK.png[/IMG]
# Please post the contents of the fix log file back here if you are prompted to open the file. It can also be found at C:\_OTL\Moved Files as MMDDYYY_HHMMSS.log where MMDDYYY is date format and HHMMSS is time format.
Remember to enable your real time protection.
 

 

Post me the return log when you get it !

Thanks

Chuck

Share this post


Link to post
Share on other sites

 I went into the control panel and programs and features.  I don't see pitstop utility in the list  the other part is confusing, I don't understand what to do.

Share this post


Link to post
Share on other sites

Yes copy all that is in RED:  ....................  Yes i want you to remove/uninstall the PITSTOP UTILITY !!

Copy this below:

:OTL
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE:64bit: - HKLM\..\SearchScopes\{EDDB42BC-9E18-4D95-AB9B-8FD2B15B5CD9}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{5FDFB204-9CF0-46DE-B287-BEBCE2D873E3}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-16268802-1566341955-461656969-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-16268802-1566341955-461656969-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02
IE - HKU\S-1-5-21-16268802-1566341955-461656969-1000\..\SearchScopes\{260231E7-2071-4156-A136-BA08B5892000}: "URL" = https://search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
IE - HKU\S-1-5-21-16268802-1566341955-461656969-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\S-1-5-21-16268802-1566341955-461656969-1000\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = https://nortonsafe.search.ask.com/web?q={searchTerms}&o=APN11913&l=dis&prt=NS&chn=1000&geo=US&ver=22&locale=en_US&guid=F3289CFD-94B3-4714-9D33-050C22617C52&doi=2016-09-01&gct=kwd&qsrc=2869
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_23_0_0_205.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
[2014/07/05 12:56:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Howard\AppData\Roaming\Mozilla\Extensions
CHR - Extension: No name found = C:\Users\Howard\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\
CHR - Extension: No name found = C:\Users\Howard\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\
CHR - Extension: No name found = C:\Users\Howard\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\
CHR - Extension: No name found = C:\Users\Howard\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd\15.1120.0.4_0\
CHR - Extension: No name found = C:\Users\Howard\AppData\Local\Google\Chrome\User Data\Default\Extensions\ccnfinpfichedahfpkjopilbkingahem\2.0.0.28_0\
CHR - Extension: No name found = C:\Users\Howard\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe\2015.7.1.12_0\
CHR - Extension: No name found = C:\Users\Howard\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.60_0\
CHR - Extension: No name found = C:\Users\Howard\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehehgijaidopomcfpkigakimeoglkjpa\2.0.1.28_0\
CHR - Extension: No name found = C:\Users\Howard\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehngjfcoagpidhngidmiiomeakpampjh\1.0.0.8_0\
CHR - Extension: No name found = C:\Users\Howard\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkkcgfbgohboipdhliafmacjnhjbhmim\0.0.0.6_0\
CHR - Extension: No name found = C:\Users\Howard\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_0\
CHR - Extension: No name found = C:\Users\Howard\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif\1.0.5_0\
CHR - Extension: No name found = C:\Users\Howard\AppData\Local\Google\Chrome\User Data\Default\Extensions\jninklaodadoeedinndhhlcflpmagfhd\1.27_0\
CHR - Extension: No name found = C:\Users\Howard\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\8.5.0.9167_0\
CHR - Extension: No name found = C:\Users\Howard\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\
CHR - Extension: No name found = C:\Users\Howard\AppData\Local\Google\Chrome\User Data\Default\Extensions\omenbmgpkbkmloombbdefdpfcclpcjdk\1.0.0_0\
CHR - Extension: No name found = C:\Users\Howard\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\
CHR - Extension: No name found = C:\Users\Howard\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5316.725.0.15_1\   
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: []  File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found  
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk =  File not found
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk =  File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O18:64bit: - Protocol\Handler\belarc - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:373E1720

 


 
:Commands

[emptyjava]
[emptyflash]
[EMPTYTEMP]
[RESETHOSTS]
[CREATERESTOREPOINT]
[Reboot]

 

 

Then PASTE it into the box that i posted a picture of with arrow pointing to. Then click the RUN FIX button !!!

Share this post


Link to post
Share on other sites

Nope that is altogether different .... just for get it for now and run the fix !!

 

Share this post


Link to post
Share on other sites

Look on your desk top , is it there ? or in your task bar ?

 

 

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.