hpg3 Posted November 8, 2016 Author Report Share Posted November 8, 2016 (edited) http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 this is what I got this time Should I just run it again to get the files again ? Edited November 8, 2016 by hpg3 Link to post Share on other sites
hpg3 Posted November 8, 2016 Author Report Share Posted November 8, 2016 (edited) Do you have a fax, I could fax it to you. I copied the entire thing in Word, 18 pages or start a new topic and try again Edited November 8, 2016 by hpg3 Link to post Share on other sites
hpg3 Posted November 8, 2016 Author Report Share Posted November 8, 2016 OTL Extras logfile created on: 11/8/2016 5:08:07 PM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Howard\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.11.9600.18449) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 5.75 Gb Total Physical Memory | 3.48 Gb Available Physical Memory | 60.54% Memory free 11.50 Gb Paging File | 8.77 Gb Available in Paging File | 76.27% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 455.84 Gb Total Space | 394.76 Gb Free Space | 86.60% Space Free | Partition Type: NTFS Drive J: | 7.45 Gb Total Space | 4.69 Gb Free Space | 63.01% Space Free | Partition Type: FAT32 Computer Name: HOWARD-PC | User Name: Howard | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) [HKEY_USERS\S-1-5-21-16268802-1566341955-461656969-1000\SOFTWARE\Classes\<extension>] .html [@ = ChromeHTML] -- Reg Error: Key error. File not found ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1" http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1" http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error. ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{02C4B789-945B-42AF-84B5-E5A44689F972}" = lport=10243 | protocol=6 | dir=in | app=system | "{11381CB0-55D4-43A0-804B-E3931C21D23A}" = lport=2869 | protocol=6 | dir=in | app=system | "{2BE88AB1-DE53-45BA-8682-C1077A5A7A5E}" = rport=138 | protocol=17 | dir=out | app=system | "{2DC66062-86F3-4826-BBB4-9CCB0B9D098F}" = lport=139 | protocol=6 | dir=in | app=system | "{3BA3AFD2-9F52-45D2-9218-74B5190FFD6C}" = rport=137 | protocol=17 | dir=out | app=system | "{49A99F35-43C9-406E-9E04-1A51ACAE3BCB}" = rport=445 | protocol=6 | dir=out | app=system | "{4AEACB0C-4402-4A25-911D-B6DD4CBBD75F}" = lport=2869 | protocol=6 | dir=in | app=system | "{4FB76F36-9DCF-4E5B-A065-986971D10B68}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{605F380C-53C4-49BB-989A-9DE77A10EFB0}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{6165C2A6-C150-4B69-943B-71C1881DC86F}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{670668B0-C4E1-449A-BBF9-5308CDBFD86D}" = rport=10243 | protocol=6 | dir=out | app=system | "{67A749B5-CD4A-4B2E-9277-C33586D1A4E6}" = rport=139 | protocol=6 | dir=out | app=system | "{7A4E1D09-2877-4C10-9BA4-9FC475E85DBB}" = lport=5357 | protocol=6 | dir=in | name=ws-eventing tcp port 5357 | "{7F0113AC-F229-41B2-845B-745951502631}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{8868327D-6A71-4F1B-B391-63E1BAE3D7F1}" = lport=5353 | protocol=17 | dir=in | app=c:\program files (x86)\google\chrome\application\chrome.exe | "{8F76B9E2-84DF-4A6A-92CB-B095CBF1BEA5}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{A9ED3743-7FD9-4AE5-9BB1-5B862E6AB979}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{BDB3D842-3F94-41DA-9097-65233B444F26}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{BFC4D17B-A762-4381-A0DF-41958BC8F8D2}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{C0A8F039-1779-42D8-A9C3-EDBC47C51DF4}" = lport=445 | protocol=6 | dir=in | app=system | "{C9F4F8C7-B26D-450F-9D4A-32EECD7AC7BF}" = lport=138 | protocol=17 | dir=in | app=system | "{CCA20E33-D934-4F8A-BB91-9085A20E30D6}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{CCC53B94-DDB6-42F9-81D3-F3DE272A3CB8}" = lport=137 | protocol=17 | dir=in | app=system | "{F3E31018-5226-4501-94D8-3222BB41AD19}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{F9F7A7EF-F1E8-46FD-8D33-5B1A802E5336}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{01E5AE3D-81D5-4446-84BC-E96F9426AF57}" = protocol=17 | dir=in | app=c:\users\howard\appdata\local\temp\7zs6a6c\hpdiagnosticcoreui.exe | "{06771EBE-5D50-4F23-85BD-357519EF5852}" = protocol=17 | dir=in | app=c:\users\howard\appdata\local\temp\7zs3f59\hpdiagnosticcoreui.exe | "{06B9CCF2-D34F-4742-959D-476728EAF2B8}" = protocol=6 | dir=in | app=c:\users\howard\appdata\local\temp\7zs150f\hpdiagnosticcoreui.exe | "{08590306-0678-473F-A6DB-83F862BBBB83}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\platform\mcsvchost\mcsvhost.exe | "{09B46751-1627-4965-9669-B3FEDBD55B57}" = protocol=6 | dir=in | app=c:\users\howard\appdata\local\temp\7zs1b65\hpdiagnosticcoreui.exe | "{12037A6E-4078-4D93-AB11-9BB165B743E8}" = protocol=17 | dir=in | app=c:\users\howard\appdata\local\temp\7zs6407\hpdiagnosticcoreui.exe | "{13BD7366-4441-445A-B74C-B91781D016CA}" = protocol=1 | dir=out | [email protected],-28544 | "{154AA26E-126D-4A5B-9DC0-0588B97910E6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{18CEA0B5-CC5F-45A3-B425-11ED5CCFB1DD}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{193F4C43-8740-45E3-A325-E6C434D01EE8}" = protocol=6 | dir=in | app=c:\users\howard\appdata\local\temp\7zs63d6\hpdiagnosticcoreui.exe | "{1DD677DB-5A22-409A-ABCC-A4DB39E8B0C5}" = protocol=6 | dir=in | app=c:\users\howard\appdata\local\temp\7zs7f6e\hpdiagnosticcoreui.exe | "{245124C2-A2DB-4D13-9C10-F33EF04C2A30}" = dir=in | app=c:\program files\hp\hp officejet pro 6830\bin\faxapplications.exe | "{2EAB6C2B-5157-4437-8DE5-EB3533C10E42}" = dir=in | app=c:\program files\hp\hp officejet pro 6830\bin\digitalwizards.exe | "{30B1ED07-C6C9-42EA-B025-8DAB8ADE27FF}" = dir=in | app=c:\program files\hp\hp officejet pro 6830\bin\sendafax.exe | "{32587C62-5993-486C-9DB2-856FC1864BE1}" = protocol=17 | dir=in | app=c:\users\howard\appdata\local\temp\7zs2c41\hpdiagnosticcoreui.exe | "{37A6EE52-E2E7-4D9B-83B9-C8EE8BE15C23}" = protocol=17 | dir=in | app=c:\users\howard\appdata\local\temp\7zs2bcf\hpdiagnosticcoreui.exe | "{3A1E8E61-9127-4DE1-8AD7-6694B519C0BA}" = protocol=17 | dir=in | app=c:\users\howard\appdata\local\temp\7zs1b13\hpdiagnosticcoreui.exe | "{54A5E398-E538-4695-9A8F-A337C137026F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{55B5CF70-8682-4BD0-A7F0-55DF82EB3B8D}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{5B52EFBD-19D4-4ABB-8AAE-C3E67EFBE7A1}" = protocol=6 | dir=in | app=c:\users\howard\appdata\local\temp\7zs603e\hpdiagnosticcoreui.exe | "{5C2A2BB2-3BA8-416A-AA6B-6DD042C5C7AA}" = protocol=6 | dir=in | app=c:\users\howard\appdata\local\temp\7zs31a0\hpdiagnosticcoreui.exe | "{5E5ABE2D-3FDA-4108-9A90-D6638129D5A3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{61DFE1A2-570C-4770-9C4B-B3E8E5D30457}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{65DCC3CD-8964-40C7-A581-ECC1B93EA7D2}" = protocol=17 | dir=in | app=c:\users\howard\appdata\local\temp\7zs7f6e\hpdiagnosticcoreui.exe | "{6687B6DB-7705-48C4-8C85-86E90C739275}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{70ABA383-2B6F-4EA0-8211-9BB594B62D0F}" = protocol=58 | dir=in | [email protected],-28545 | "{72C7B53C-B67F-4DDB-BEAD-92AABB3ED65E}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\platform\mcsvchost\mcsvhost.exe | "{74739885-B64C-423E-8461-74081D42566B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{8465FF4D-DABA-4338-B67C-AEDA4D5B3EBD}" = protocol=17 | dir=in | app=c:\users\howard\appdata\local\temp\7zs603e\hpdiagnosticcoreui.exe | "{86004FAB-4A08-4171-84EA-FF0AEEDD3B0C}" = protocol=6 | dir=in | app=c:\users\howard\appdata\local\temp\7zs1b13\hpdiagnosticcoreui.exe | "{8C9DC199-1EF6-4118-B231-46BAE9A312B4}" = protocol=6 | dir=in | app=c:\users\howard\appdata\local\temp\7zs2bcf\hpdiagnosticcoreui.exe | "{8F374204-0A17-4F20-9C61-0A3E15DD7323}" = protocol=6 | dir=in | app=c:\users\howard\appdata\local\temp\7zs6407\hpdiagnosticcoreui.exe | "{901E9B46-A27A-4940-ABDC-926D256FD5F7}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{97C30663-2508-47CE-B894-13085B072C28}" = protocol=17 | dir=in | app=c:\users\howard\appdata\local\temp\7zs035c\hpdiagnosticcoreui.exe | "{A3AC7AF8-E19E-4E24-B6D6-F36B1EC3E6DC}" = protocol=17 | dir=in | app=c:\users\howard\appdata\local\temp\7zs31a0\hpdiagnosticcoreui.exe | "{A7BE6349-F186-4370-9C2D-4EFAA186F81B}" = protocol=6 | dir=out | app=system | "{A85CC163-F6C2-4D7C-BF5C-23125DFD7B5D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{A95BAF37-7620-4505-A8D2-E6C2189C1C54}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{B07AE0EC-6DCB-4241-B703-1539B0603868}" = protocol=17 | dir=in | app=c:\users\howard\appdata\local\temp\7zs150f\hpdiagnosticcoreui.exe | "{B92671D6-27E7-49FD-83FB-465C716D18A5}" = protocol=17 | dir=in | app=c:\users\howard\appdata\local\temp\7zs316f\hpdiagnosticcoreui.exe | "{BB73E4A1-6C38-43CA-A657-09D0C67FA9D9}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{BC0CC9CB-79D0-490E-8BE0-F83D8B75F519}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{BD477EA7-F581-4402-ABCD-1E6A57BC7AD9}" = protocol=6 | dir=in | app=c:\users\howard\appdata\local\temp\7zs2c41\hpdiagnosticcoreui.exe | "{C00F55C6-E05C-451C-A177-0F91C00465E0}" = protocol=58 | dir=out | [email protected],-28546 | "{C21092D1-CEA5-4825-AF73-0EC11196B336}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{C226656D-4B5B-4E2C-BA08-59DE826C472D}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{C29911B2-A4A7-4E59-A88A-4569F031ACEC}" = protocol=17 | dir=in | app=c:\users\howard\appdata\local\temp\7zs1b65\hpdiagnosticcoreui.exe | "{C88CCB10-B7B3-477B-81C8-8AAB18865FB8}" = protocol=6 | dir=in | app=c:\users\howard\appdata\local\temp\7zs6a6c\hpdiagnosticcoreui.exe | "{C8AA23FF-624C-4796-8E66-7B7B7B8A21E5}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{CA714121-410E-4128-B5FA-7F9CBA8ABA15}" = protocol=6 | dir=in | app=c:\users\howard\appdata\local\temp\7zs316f\hpdiagnosticcoreui.exe | "{CA8223E5-1C63-45E3-BEF9-12E81F8C38B5}" = protocol=6 | dir=in | app=c:\users\howard\appdata\local\temp\7zs035c\hpdiagnosticcoreui.exe | "{CC2A99B1-7E1C-4BFC-B826-443B0FD64B1B}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe | "{CDE74878-8442-4722-9C86-51644581EDF1}" = dir=in | app=c:\program files\hp\hp officejet pro 6830\bin\hpnetworkcommunicatorcom.exe | "{D1CCA3A5-FB23-4F58-9B80-9D4A907CD19E}" = dir=in | app=c:\program files\hp\hp officejet pro 6830\bin\devicesetup.exe | "{D8D9BA9C-5BAD-4D46-8497-EDDD54C8B145}" = protocol=17 | dir=in | app=c:\users\howard\appdata\local\temp\7zs63d6\hpdiagnosticcoreui.exe | "{F33CC057-ACA2-4363-AC5A-55C6155BCA0D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{F4CF6797-F4B3-477C-BC44-747EEC072B05}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{F7642B4E-3424-4F4E-95F5-89EDA6686B15}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{F9F3A039-CCB4-447E-BC22-86DF2F5E10C2}" = protocol=6 | dir=in | app=c:\users\howard\appdata\local\temp\7zs3f59\hpdiagnosticcoreui.exe | "{FD71117D-0729-44D2-9722-7D2B00071FDE}" = protocol=1 | dir=in | [email protected],-28543 | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant "{26784146-6E05-3FF9-9335-786C7C0FB5BE}" = Microsoft .NET Framework 4.5.2 "{26A24AE4-039D-4CA4-87B4-2F64180111F0}" = Java 8 Update 111 (64-bit) "{2E4AF2A6-50EA-4260-9BA4-5E582D11879A}" = Apple Mobile Device Support "{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}" = Bonjour "{724A887F-2B55-4306-B6F9-8F0E7A04B1B5}" = iCloud "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer "{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010 "{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.2 "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{96ABEAD3-67AE-4BF7-8A16-F745352049B3}" = Product Improvement Study for HP Officejet Pro 6830 "{98040AB6-D667-409C-81E7-DB65836B3EE0}" = HP Officejet Pro 6830 Basic Device Software "{A6B0442B-E159-444B-B49D-6B9AC531EAE3}" = Apple Application Support (64-bit) "{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb" = Internet Explorer (Enable DEP) "{C73A3942-84C8-4597-9F9B-EE227DCBA758}" = Dell Dock "{CAED120A-1F05-4B8F-B76E-A3EA5C328AB8}" = ANT Drivers Installer x64 "{E06357A3-5F44-B1AE-F4BA-9DAC26A209C9}" = ccc-utility64 "{EF79C448-6946-4D71-8134-03407888C054}" = Shared C Run-time for x64 "98157A226B40B173301B0F53C8E98C47805D5152" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (04/19/2012 2.3.1.0) "CCleaner" = CCleaner "D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2" = Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1) "F9D2A789F9CFF8CEC36B544F53877C80F1F73C46" = Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0D29B7E9-CDFF-807D-1D4E-FFB77D809836}" = CCC Help Italian "{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup "{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}" = Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 "{144D9816-818D-C36E-33A0-889A19C5EDA6}" = CCC Help Portuguese "{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD "{16FCDD97-AE09-476B-88CD-261D852BD34C}" = Marketsplash Shortcuts "{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{18BED011-2EEF-1148-E90C-D6556565B2EC}" = CCC Help Polish "{20C2435C-5B06-2E12-5087-116D8EF658B8}" = CCC Help Korean "{21A196EC-241B-4A79-970B-E9585F1CE90C}" = AVEO UVC Like Driver "{21DFBF7E-DC05-4E87-A7D1-D5631A23ECED}" = AQUAZONE DESKTOP GARDEN "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}" = Skype™ 7.5 "{26791563-0BDF-1FBE-CC21-994A09559CCE}" = Catalyst Control Center Graphics Previews Common "{26A24AE4-039D-4CA4-87B4-2F32180111F0}" = Java 8 Update 111 "{28693307-6F99-4B5D-9FA3-4D9132DDA716}" = HP Officejet Pro 6830 Help "{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}" = essvatgt "{34927EBC-98D4-4D53-98BE-510DF5999F50}" = Adobe AIR "{35505AE1-27E2-4206-B3BF-58771803B8D0}" = IncrediMail "{3A25676C-038C-504A-FA32-F971B36BF7EE}" = Catalyst Control Center Graphics Previews Vista "{3AA7FDD6-E358-453D-BC77-22E3CF81DA83}" = Super Glinx! "{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform "{3B8FF075-F41B-89DD-41F7-B90A6A01B8F8}" = Catalyst Control Center Graphics Full New "{3D5044A5-97B8-45C0-B956-BB2376569188}" = Windows Live Movie Maker "{3D5D6CFC-3097-425A-8D8F-7EAF5D57641D}" = Garmin USB Drivers "{40B739E1-40CC-4F0D-9BA1-B75492FFA732}" = Super Nisqually! "{42938595-0D83-404D-9F73-F8177FDD531A}" = ESScore "{44453D07-5BDB-45F8-E3DF-20A7F76407D0}" = CCC Help Czech "{4537EA4B-F603-4181-89FB-2953FC695AB1}" = netbrdg "{466E1C7A-AEAF-2F55-26E2-A727B761AAB0}" = CCC Help Dutch "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{50ED6ABB-078C-8B17-1181-DC6DDB4E52DC}" = Catalyst Control Center InstallProxy "{5250BDEA-3EA9-441C-8233-9CBEC6A799BD}" = Garmin Express Tray "{5316DFC9-CE99-4458-9AB3-E8726EDE0210}" = skin0001 "{56E55229-CBE7-211E-0CD1-AB3712AF177A}" = CCC Help Danish "{56EC47AA-5813-4FF6-8E75-544026FBEA83}" = Apple Software Update "{5CE2D957-59C2-4489-481E-2E38EAE59762}" = CCC Help Spanish "{5DEB2BA0-0E1F-D5CB-A0C4-F738590BE973}" = Catalyst Control Center Core Implementation "{605A4E39-613C-4A12-B56F-DEFBE6757237}" = SHASTA "{608D2A3C-6889-4C11-9B54-A42F45ACBFDB}" = fflink "{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}" = Google Update Helper "{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail "{643EAE81-920C-4931-9F0B-4B343B225CA6}" = ESSBrwr "{6675371D-22CD-F426-DC4C-9DDF594D0BBE}" = CCC Help Chinese Traditional "{6839108F-BC82-30BC-776F-D635EDA2B3D4}" = CCC Help Russian "{6B1ADEE1-1595-82C4-6FB9-97B65F68E9EE}" = CCC Help Swedish "{6B206787-2964-D9D8-A1F6-7D98B6BCD7F9}" = CCC Help Hungarian "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{73EFFD76-009E-A554-AA1F-106DBE475525}" = CCC Help French "{775FCAEB-C804-02B9-135F-D9A189A1CCDC}" = CCC Help English "{77D41B26-31DE-4EBA-F974-26D67B728FDB}" = CCC Help Turkish "{788A0222-5690-4212-AA9C-C48FD0E1C9AE}" = Photo Notifier and Animation Creator "{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide "{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials "{833FE2B0-DCD7-8995-6374-F69F1A84055F}" = CCC Help German "{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert "{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync "{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}" = Skype Click to Call "{8943CE61-53BD-475E-90E1-A580869E98A2}" = staticcr "{8A502E38-29C9-49FA-BCFA-D727CA062589}" = ESSTOOLS "{8D0BED50-BD2B-5EBA-7F04-5513F1B9EC74}" = CCC Help Thai "{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini "{90140011-0066-0409-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - English "{912D30CF-F39E-4B31-AD9A-123C6B794EE2}" = HP Update "{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui "{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010 "{98C7AEBC-350A-52D6-6886-76FB98C6A503}" = Catalyst Control Center Graphics Full Existing "{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{A0C18B96-AB79-46BD-8321-6FA83E6D25B9}" = Google Earth "{A301896D-9F55-4492-B518-30EAC4C723E1}" = Super Collapse! "{A33E7B0C-B99C-4EC9-B702-8A328B161AF9}" = Roxio Burn "{A53F1B50-A664-4D28-92FE-DD5F507F34BC}" = Elevated Installer "{A69D7B32-2BE9-42BF-B576-69B5E0FF7394}" = Catalyst Control Center - Branding "{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software "{AB73CF18-528A-4E18-83B2-380CD0BC8EA7}" = Calendar Creator "{AC76BA86-0804-1033-1959-001824205020}" = Adobe Refresh Manager "{AC76BA86-7AD7-1033-7B44-AC0F074E4100}" = Adobe Acrobat Reader DC "{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9 "{AE1EC58E-B2AC-4959-A4C2-C38202A25239}" = Garmin WebUpdater "{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK "{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}" = OfotoXMI "{B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}" = Roxio Burn "{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore "{BE6F906F-9F86-5CED-E122-8C6A162295B8}" = Skins "{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem driver "{CA6BCA2F-EDEB-408F-850B-31404BE16A61}" = I.R.I.S. OCR "{ce085a78-074e-4823-8dc1-8a721b94b76d}" = Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 "{D1B261D6-EBAE-4129-8EFB-C04E14DCEF6A}" = Garmin Express "{D1E89604-DFBE-2DF8-BE82-A0076107AA32}" = CCC Help Finnish "{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare software "{D4B07658-F443-4445-A261-E643996E139D}" = Apple Application Support (32-bit) "{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery "{d74c733b-9216-49f5-ae3a-14bf3a3d66f5}" = Garmin Express "{DB02F716-6275-42E9-B8D2-83BA2BF5100B}" = SFR "{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update "{E50D9AC2-EB3C-3161-FF97-4E800D106D0E}" = CCC Help Norwegian "{E65DADC9-D6B1-6706-41DE-FA19149869E5}" = Catalyst Control Center Graphics Light "{EBF60699-3D2E-6677-D504-5B4846171C8E}" = ccc-core-static "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F4044E58-9707-2918-1DA9-D3E400F0B699}" = CCC Help Japanese "{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}" = SKINXSDK "{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call "{F70ACEA1-05C5-6D98-9C0C-F3AD818E1E33}" = CCC Help Chinese Standard "{F835D378-5073-8C86-70EF-9A3B739F9897}" = CCC Help Greek "{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}" = Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 "{F9593CFB-D836-49BC-BFF1-0E669A411D9F}" = WIRELESS "{FCDB1C92-03C6-4C76-8625-371224256091}" = ESSPDock "{FFD3A1EB-F550-3309-7AFE-17E4BB778423}" = Catalyst Control Center Localization All "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 23 ActiveX "Adobe Flash Player NPAPI" = Adobe Flash Player 23 NPAPI "Belarc Advisor" = Belarc Advisor 8.3 "CameraUserGuide-PSA1100IS" = Canon PowerShot A1100 IS Camera User Guide "CameraWindowDC" = Canon Utilities CameraWindow DC "CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX "CameraWindowLauncher" = Canon Utilities CameraWindow "CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX "Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX "Dell Dock" = Dell Dock "Google Chrome" = Google Chrome "GoToAssist" = GoToAssist Corporate "IncrediMail" = IncrediMail 2.5 "Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware version 2.2.1.1043 "MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX "MyCamera" = Canon Utilities MyCamera "MyCameraDC" = Canon Utilities MyCamera DC "NBRTWizard" = Norton Bootable Recovery Tool Wizard "NS" = Norton Security "Office14.Click2Run" = Microsoft Office Click-to-Run 2010 "Personal Printing Guide" = Canon Personal Printing Guide "Photo Notifier and Animation Creator" = Photo Notifier and Animation Creator "PhotoStitch" = Canon Utilities PhotoStitch "RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX "SoftwareStarterGuide-DCSD40_46" = Canon Digital Camera Solution Disk 40-46 Software Starter Guide "VzInHomeAgent" = Vz In-Home Agent "WebPost" = Microsoft Web Publishing Wizard 1.52 "WinLiveSuite_Wave3" = Windows Live Essentials "ZoomBrowser EX" = Canon Utilities ZoomBrowser EX "ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 10/29/2016 4:14:52 PM | Computer Name = Howard-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 2527 Error - 10/29/2016 4:15:03 PM | Computer Name = Howard-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 10/29/2016 4:15:03 PM | Computer Name = Howard-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 12667 Error - 10/29/2016 4:15:03 PM | Computer Name = Howard-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 12667 Error - 10/31/2016 2:29:37 PM | Computer Name = Howard-PC | Source = Application Hang | ID = 1002 Description = The program IEXPLORE.EXE version 11.0.9600.18450 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 179c Start Time: 01d233a0a7fe1389 Termination Time: 37 Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE Report Id: Error - 10/31/2016 3:04:42 PM | Computer Name = Howard-PC | Source = Application Error | ID = 1000 Description = Faulting application name: IEXPLORE.EXE, version: 11.0.9600.18450, time stamp: 0x57c77728 Faulting module name: MSHTML.dll, version: 11.0.9600.18450, time stamp: 0x57c79ab7 Exception code: 0xc0000005 Fault offset: 0x003f5bf9 Faulting process id: 0x1610 Faulting application start time: 0x01d233a4bc521b9c Faulting application path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE Faulting module path: C:\Windows\system32\MSHTML.dll Report Id: e0d125ec-9f9c-11e6-a65e-b8ac6fc07b3a Error - 11/2/2016 6:42:28 PM | Computer Name = Howard-PC | Source = Application Hang | ID = 1002 Description = The program googleearth.exe version 7.1.7.2606 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: ad8 Start Time: 01d2355a47877ebf Termination Time: 25 Application Path: C:\Program Files (x86)\Google\Google Earth\client\googleearth.exe Report Id: 9ea305a8-a14d-11e6-a1e2-b8ac6fc07b3a Error - 11/6/2016 8:42:51 AM | Computer Name = Howard-PC | Source = Application Error | ID = 1000 Description = Faulting application name: IEXPLORE.EXE, version: 11.0.9600.18450, time stamp: 0x57c77728 Faulting module name: atiumdva.dll, version: 8.14.10.308, time stamp: 0x4dae373c Exception code: 0xc0000005 Fault offset: 0x00007b65 Faulting process id: 0x7c0 Faulting application start time: 0x01d2382996fe49c5 Faulting application path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE Faulting module path: C:\Windows\system32\atiumdva.dll Report Id: 8751bd96-a41e-11e6-a17c-b8ac6fc07b3a Error - 11/7/2016 5:51:14 PM | Computer Name = Howard-PC | Source = Application Error | ID = 1000 Description = Faulting application name: IEXPLORE.EXE, version: 11.0.9600.18450, time stamp: 0x57c77728 Faulting module name: MSHTML.dll, version: 11.0.9600.18450, time stamp: 0x57c79ab7 Exception code: 0xc0000005 Fault offset: 0x003f5bf9 Faulting process id: 0x72c Faulting application start time: 0x01d2393f51b360dc Faulting application path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE Faulting module path: C:\Windows\system32\MSHTML.dll Report Id: 4d775091-a534-11e6-b899-b8ac6fc07b3a Error - 11/7/2016 7:37:23 PM | Computer Name = Howard-PC | Source = Application Error | ID = 1000 Description = Faulting application name: IEXPLORE.EXE, version: 11.0.9600.18450, time stamp: 0x57c77728 Faulting module name: MSHTML.dll, version: 11.0.9600.18450, time stamp: 0x57c79ab7 Exception code: 0xc0000005 Fault offset: 0x003f5bf9 Faulting process id: 0xa48 Faulting application start time: 0x01d2394115c55a7f Faulting application path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE Faulting module path: C:\Windows\system32\MSHTML.dll Report Id: 21a5b10d-a543-11e6-b899-b8ac6fc07b3a [ Dell Events ] Error - 8/8/2013 5:43:42 PM | Computer Name = Howard-PC | Source = DataSafe | ID = 17 Description = The process was interrupted before completion. Error - 8/9/2013 7:48:33 PM | Computer Name = Howard-PC | Source = DataSafe | ID = 17 Description = The process was interrupted before completion. Error - 8/9/2013 7:48:34 PM | Computer Name = Howard-PC | Source = DataSafe | ID = 17 Description = The process was interrupted before completion. Error - 8/11/2013 8:07:07 PM | Computer Name = Howard-PC | Source = DataSafe | ID = 17 Description = The process was interrupted before completion. Error - 8/11/2013 8:07:07 PM | Computer Name = Howard-PC | Source = DataSafe | ID = 17 Description = The process was interrupted before completion. Error - 8/12/2013 11:27:00 PM | Computer Name = Howard-PC | Source = DataSafe | ID = 17 Description = The process was interrupted before completion. Error - 8/12/2013 11:27:00 PM | Computer Name = Howard-PC | Source = DataSafe | ID = 17 Description = The process was interrupted before completion. Error - 10/13/2013 4:47:20 PM | Computer Name = Howard-PC | Source = DataSafe | ID = 17 Description = The process was interrupted before completion. Error - 10/13/2013 4:47:20 PM | Computer Name = Howard-PC | Source = DataSafe | ID = 17 Description = The process was interrupted before completion. Error - 7/27/2014 9:21:09 AM | Computer Name = Howard-PC | Source = DataSafe | ID = 17 Description = The process was interrupted before completion. [ Media Center Events ] Error - 8/25/2016 3:41:03 PM | Computer Name = Howard-PC | Source = MCUpdate | ID = 0 Description = 3:41:03 PM - Failed to retrieve nettv (Error: PackageName is invalid.) Error - 8/26/2016 9:23:31 PM | Computer Name = Howard-PC | Source = MCUpdate | ID = 0 Description = 9:23:30 PM - Failed to retrieve nettv (Error: PackageName is invalid.) Error - 8/27/2016 9:56:29 AM | Computer Name = Howard-PC | Source = MCUpdate | ID = 0 Description = 9:56:29 AM - Failed to retrieve nettv (Error: PackageName is invalid.) Error - 8/27/2016 12:37:45 PM | Computer Name = Howard-PC | Source = MCUpdate | ID = 0 Description = 12:37:45 PM - Failed to retrieve nettv (Error: PackageName is invalid.) Error - 8/28/2016 10:45:35 AM | Computer Name = Howard-PC | Source = MCUpdate | ID = 0 Description = 10:45:35 AM - Failed to retrieve nettv (Error: PackageName is invalid.) Error - 8/28/2016 1:54:55 PM | Computer Name = Howard-PC | Source = MCUpdate | ID = 0 Description = 1:54:55 PM - Failed to retrieve nettv (Error: PackageName is invalid.) Error - 8/29/2016 10:58:28 AM | Computer Name = Howard-PC | Source = MCUpdate | ID = 0 Description = 10:58:28 AM - Failed to retrieve nettv (Error: PackageName is invalid.) Error - 8/29/2016 4:15:29 PM | Computer Name = Howard-PC | Source = MCUpdate | ID = 0 Description = 4:15:29 PM - Failed to retrieve nettv (Error: PackageName is invalid.) Error - 8/30/2016 6:06:51 PM | Computer Name = Howard-PC | Source = MCUpdate | ID = 0 Description = 6:06:51 PM - Failed to retrieve nettv (Error: PackageName is invalid.) Error - 8/31/2016 4:20:23 PM | Computer Name = Howard-PC | Source = MCUpdate | ID = 0 Description = 4:20:23 PM - Failed to retrieve nettv (Error: PackageName is invalid.) [ System Events ] Error - 11/8/2016 12:53:23 PM | Computer Name = Howard-PC | Source = Service Control Manager | ID = 7034 Description = The Client Virtualization Handler service terminated unexpectedly. It has done this 1 time(s). Error - 11/8/2016 12:53:23 PM | Computer Name = Howard-PC | Source = Service Control Manager | ID = 7031 Description = The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service. Error - 11/8/2016 12:53:23 PM | Computer Name = Howard-PC | Source = Service Control Manager | ID = 7031 Description = The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service. Error - 11/8/2016 12:53:23 PM | Computer Name = Howard-PC | Source = Service Control Manager | ID = 7034 Description = The Office Software Protection Platform service terminated unexpectedly. It has done this 1 time(s). Error - 11/8/2016 12:53:26 PM | Computer Name = Howard-PC | Source = Service Control Manager | ID = 7034 Description = The Application Virtualization Client service terminated unexpectedly. It has done this 1 time(s). Error - 11/8/2016 12:53:53 PM | Computer Name = Howard-PC | Source = Service Control Manager | ID = 7038 Description = The WSearch service was unable to log on as NT AUTHORITY\SYSTEM with the currently configured password due to the following error: %%50 To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC). Error - 11/8/2016 12:53:53 PM | Computer Name = Howard-PC | Source = Service Control Manager | ID = 7000 Description = The Windows Search service failed to start due to the following error: %%1069 Error - 11/8/2016 12:53:53 PM | Computer Name = Howard-PC | Source = Service Control Manager | ID = 7038 Description = The WMPNetworkSvc service was unable to log on as NT AUTHORITY\NetworkService with the currently configured password due to the following error: %%50 To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC). Error - 11/8/2016 12:53:53 PM | Computer Name = Howard-PC | Source = Service Control Manager | ID = 7000 Description = The Windows Media Player Network Sharing Service service failed to start due to the following error: %%1069 Error - 11/8/2016 3:22:45 PM | Computer Name = Howard-PC | Source = DCOM | ID = 10010 Description = < End of report > Link to post Share on other sites
hpg3 Posted November 8, 2016 Author Report Share Posted November 8, 2016 (edited) I did get the second file to paste I did see run fix on one of the tabs after the file ran. you don't want me to hit that, do yo Edited November 8, 2016 by hpg3 Link to post Share on other sites
hpg3 Posted November 8, 2016 Author Report Share Posted November 8, 2016 OTL logfile created on: 11/8/2016 3:52:10 PM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Howard\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.11.9600.18449) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 5.75 Gb Total Physical Memory | 3.54 Gb Available Physical Memory | 61.57% Memory free 11.50 Gb Paging File | 8.81 Gb Available in Paging File | 76.67% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 455.84 Gb Total Space | 394.77 Gb Free Space | 86.60% Space Free | Partition Type: NTFS Drive J: | 7.45 Gb Total Space | 4.69 Gb Free Space | 63.01% Space Free | Partition Type: FAT32 Computer Name: HOWARD-PC | User Name: Howard | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - File not found -- PRC - [2016/11/08 15:50:46 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Howard\Downloads\OTL.com PRC - [2016/10/21 19:02:44 | 000,082,128 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2016/09/23 21:23:21 | 000,289,080 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Security\Engine\22.8.0.50\ns.exe PRC - [2016/07/28 15:57:52 | 000,288,920 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.31.5\GoogleCrashHandler.exe PRC - [2016/05/03 15:20:07 | 000,308,336 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe PRC - [2014/10/08 17:18:56 | 000,211,104 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe PRC - [2014/10/08 17:18:50 | 000,534,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe PRC - [2013/08/10 13:10:33 | 000,444,840 | ---- | M] (IncrediMail, Ltd.) -- C:\Program Files (x86)\IncrediMail\Bin\IncMail.exe PRC - [2013/08/10 13:10:33 | 000,297,384 | ---- | M] (IncrediMail, Ltd.) -- C:\Program Files (x86)\IncrediMail\Bin\ImApp.exe PRC - [2010/08/20 18:53:08 | 000,689,472 | ---- | M] (SoftThinks SAS) -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe PRC - [2010/02/28 01:33:14 | 000,077,664 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\OFFICEVIRT.EXE PRC - [2009/06/09 09:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe ========== Modules (No Company Name) ========== MOD - [2013/08/10 13:10:34 | 000,072,104 | ---- | M] () -- C:\Program Files (x86)\IncrediMail\Bin\wlessfp1.dll MOD - [2013/08/10 13:10:33 | 000,272,808 | ---- | M] () -- C:\Program Files (x86)\IncrediMail\Bin\ImLookExU.dll MOD - [2013/08/10 13:10:33 | 000,133,544 | ---- | M] () -- C:\Program Files (x86)\IncrediMail\Bin\ImComUtlU.dll MOD - [2013/08/10 13:10:33 | 000,080,296 | ---- | M] () -- C:\Program Files (x86)\IncrediMail\Bin\ImAppRU.dll MOD - [2013/08/10 13:10:33 | 000,033,128 | ---- | M] () -- C:\Program Files (x86)\IncrediMail\Bin\IMHttpComm.dll MOD - [2013/07/18 21:16:16 | 000,108,888 | ---- | M] () -- C:\Program Files (x86)\IncrediMail\Bin\PMC.dll MOD - [2010/02/28 01:33:14 | 000,077,664 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\OFFICEVIRT.EXE ========== Services (SafeList) ========== SRV:64bit: - [2016/08/31 19:11:19 | 000,114,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService) SRV:64bit: - [2015/04/27 14:23:32 | 001,254,400 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\SysNative\diagtrack.dll -- (DiagTrack) SRV:64bit: - [2013/05/27 00:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV:64bit: - [2011/04/20 01:04:20 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\WINDOWS\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2009/06/09 09:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService) SRV - [2016/10/26 16:42:16 | 000,270,016 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2016/10/25 10:37:48 | 000,985,616 | ---- | M] (Garmin Ltd. or its subsidiaries) [On_Demand | Stopped] -- C:\Program Files Link to post Share on other sites
hpg3 Posted November 8, 2016 Author Report Share Posted November 8, 2016 (x86)\Garmin\Device Interaction Service\GarminService.exe -- (Garmin Device Interaction Service) SRV - [2016/10/21 19:02:44 | 000,082,128 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2016/09/23 21:23:21 | 000,289,080 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Security\Engine\22.8.0.50\NS.exe -- (NS) SRV - [2015/02/18 19:11:32 | 000,315,488 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2014/10/08 17:18:56 | 000,211,104 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa) SRV - [2014/10/08 17:18:50 | 000,534,184 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist) SRV - [2014/04/11 22:08:08 | 000,103,608 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2014/03/20 17:49:18 | 000,067,224 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2013/08/10 13:56:09 | 000,013,720 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Citrix\GoToAssist\896\g2aservice.exe -- (GoToAssist) SRV - [2010/08/20 18:53:08 | 000,689,472 | ---- | M] (SoftThinks SAS) [Auto | Running] -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe -- (SftService) ========== Driver Services (SafeList) ========== DRV:64bit: - [2016/10/17 15:05:15 | 000,100,592 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent) DRV:64bit: - [2016/09/23 12:05:27 | 000,567,512 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\SysNative\drivers\NSx64\1608000.032\symnets.sys -- (SymNetS) DRV:64bit: - [2016/09/23 12:04:19 | 001,628,888 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\SysNative\drivers\NSx64\1608000.032\symefasi64.sys -- (SymEFASI) DRV:64bit: - [2016/09/23 12:00:16 | 000,289,520 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\SysNative\drivers\NSx64\1608000.032\ironx64.sys -- (SymIRON) DRV:64bit: - [2016/09/23 11:59:13 | 000,784,624 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\NSx64\1608000.032\srtsp64.sys -- (SRTSP) DRV:64bit: - [2016/09/23 11:59:13 | 000,049,400 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\SysNative\drivers\NSx64\1608000.032\srtspx64.sys -- (SRTSPX) DRV:64bit: - [2016/06/01 22:34:17 | 000,174,328 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\SysNative\drivers\NSx64\1608000.032\ccsetx64.sys -- (ccSet_NS) DRV:64bit: - [2014/10/08 17:18:54 | 000,273,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\Sftplaylh.sys -- (Sftplay) DRV:64bit: - [2014/10/08 17:18:54 | 000,029,352 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\Sftredirlh.sys -- (Sftredir) DRV:64bit: - [2014/10/08 17:18:54 | 000,023,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\Sftvollh.sys -- (Sftvol) DRV:64bit: - [2014/10/08 17:18:50 | 000,766,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\Sftfslh.sys -- (Sftfs) DRV:64bit: - [2013/03/31 17:32:04 | 000,082,600 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\amd_sata.sys -- (amd_sata) DRV:64bit: - [2013/03/31 17:32:04 | 000,042,664 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\amd_xata.sys -- (amd_xata) DRV:64bit: - [2012/07/26 07:32:08 | 000,307,968 | ---- | M] (D-vitec) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\dvitdcnt.sys -- (D-Vitec) DRV:64bit: - [2012/07/26 00:32:22 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011/04/20 01:44:50 | 009,319,936 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\atikmdag.sys -- (atikmdag) DRV:64bit: - [2011/04/20 01:44:50 | 009,319,936 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2011/04/20 00:22:34 | 000,306,176 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010/11/20 04:33:36 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010/11/20 02:07:06 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010/11/11 00:11:52 | 000,141,384 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\sscdserd.sys -- (sscdserd) Link to post Share on other sites
hpg3 Posted November 8, 2016 Author Report Share Posted November 8, 2016 DRV:64bit: - [2010/11/11 00:11:50 | 000,172,104 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\sscdmdm.sys -- (sscdmdm) DRV:64bit: - [2010/11/11 00:11:50 | 000,136,264 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\sscdbus.sys -- (sscdbus) DRV:64bit: - [2010/11/11 00:11:50 | 000,019,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\sscdmdfl.sys -- (sscdmdfl) DRV:64bit: - [2010/09/06 16:26:36 | 000,265,728 | ---- | M] (AVEO Corp) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\AVEOdcnt.sys -- (AVEO) DRV:64bit: - [2009/10/01 01:34:30 | 000,121,872 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService) DRV:64bit: - [2009/08/06 07:43:58 | 000,320,040 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\k57nd60a.sys -- (k57nd60a) DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009/07/09 03:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64) DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009/05/05 13:00:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\AtiPcie.sys -- (AtiPcie) DRV:64bit: - [2008/11/11 12:42:00 | 000,033,792 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\lgx64modem.sys -- (USBModem) DRV:64bit: - [2008/11/11 12:42:00 | 000,027,136 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\lgx64diag.sys -- (UsbDiag) DRV:64bit: - [2008/11/11 12:42:00 | 000,017,920 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\lgx64bus.sys -- (usbbus) DRV:64bit: - [2006/11/01 12:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\WimFltr.sys -- (WimFltr) DRV - [2016/10/28 15:01:01 | 001,012,952 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Norton Security\NortonData\22.5.0.124\Definitions\IPSDefs\20161107.001\IDSviA64.sys -- (IDSVia64) DRV - [2016/10/04 13:16:01 | 000,497,368 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl) DRV - [2016/10/04 13:16:01 | 000,156,888 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv) DRV - [2016/09/07 15:26:54 | 001,854,712 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Norton Security\NortonData\22.5.0.124\Definitions\BASHDefs\20161102.001\BHDrvx64.sys -- (BHDrvx64) DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE:64bit: - HKLM\..\SearchScopes\{EDDB42BC-9E18-4D95-AB9B-8FD2B15B5CD9}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{5FDFB204-9CF0-46DE-B287-BEBCE2D873E3}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = Link to post Share on other sites
hpg3 Posted November 8, 2016 Author Report Share Posted November 8, 2016 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-16268802-1566341955-461656969-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/ IE - HKU\S-1-5-21-16268802-1566341955-461656969-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US IE - HKU\S-1-5-21-16268802-1566341955-461656969-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 72 04 50 5B 81 ED D0 01 [binary data] IE - HKU\S-1-5-21-16268802-1566341955-461656969-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page_TIMESTAMP = E7 B4 BE 08 CB 95 D1 01 [binary data] IE - HKU\S-1-5-21-16268802-1566341955-461656969-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SyncHomePage Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy = Reg Error: Value error. IE - HKU\S-1-5-21-16268802-1566341955-461656969-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-16268802-1566341955-461656969-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02 IE - HKU\S-1-5-21-16268802-1566341955-461656969-1000\..\SearchScopes\{260231E7-2071-4156-A136-BA08B5892000}: "URL" = https://search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default IE - HKU\S-1-5-21-16268802-1566341955-461656969-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\S-1-5-21-16268802-1566341955-461656969-1000\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = https://nortonsafe.search.ask.com/web?q={searchTerms}&o=APN11913&l=dis&prt=NS&chn=1000&geo=US&ver=22&locale=en_US&guid=F3289CFD-94B3-4714-9D33-050C22617C52&doi=2016-09-01&gct=kwd&qsrc=2869 IE - HKU\S-1-5-21-16268802-1566341955-461656969-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-16268802-1566341955-461656969-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_23_0_0_205.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=11.111.2: C:\Program Files\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=11.111.2: C:\Program Files\Java\jre1.8.0_111\bin\plugin2\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_23_0_0_205.dll () FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files (x86)\Canon\ZoomBrowser EX\Program\NPCIG.dll (CANON INC.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=11.111.2: C:\Program Files (x86)\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=11.111.2: C:\Program Files (x86)\Java\jre1.8.0_111\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) 64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{C1A2A613-35F1-4FCF-B27F-2840527B6556}: C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.5.0.124\COFFADDON\ [2016/10/17 18:06:24 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{C1A2A613-35F1-4FCF-B27F-2840527B6556}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.5.0.124\coFFAddon\ [2016/10/17 18:06:24 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\McAfee\MSK [2014/07/05 12:56:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Howard\AppData\Roaming\Mozilla\Extensions Link to post Share on other sites
hpg3 Posted November 8, 2016 Author Report Share Posted November 8, 2016 ========== Chrome ========== CHR - Extension: No name found = C:\Users\Howard\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\ CHR - Extension: No name found = C:\Users\Howard\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\ CHR - Extension: No name found = C:\Users\Howard\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\ CHR - Extension: No name found = C:\Users\Howard\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd\15.1120.0.4_0\ CHR - Extension: No name found = C:\Users\Howard\AppData\Local\Google\Chrome\User Data\Default\Extensions\ccnfinpfichedahfpkjopilbkingahem\2.0.0.28_0\ CHR - Extension: No name found = C:\Users\Howard\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe\2015.7.1.12_0\ CHR - Extension: No name found = C:\Users\Howard\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.60_0\ CHR - Extension: No name found = C:\Users\Howard\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehehgijaidopomcfpkigakimeoglkjpa\2.0.1.28_0\ CHR - Extension: No name found = C:\Users\Howard\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehngjfcoagpidhngidmiiomeakpampjh\1.0.0.8_0\ CHR - Extension: No name found = C:\Users\Howard\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkkcgfbgohboipdhliafmacjnhjbhmim\0.0.0.6_0\ CHR - Extension: No name found = C:\Users\Howard\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_0\ CHR - Extension: No name found = C:\Users\Howard\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif\1.0.5_0\ CHR - Extension: No name found = C:\Users\Howard\AppData\Local\Google\Chrome\User Data\Default\Extensions\jninklaodadoeedinndhhlcflpmagfhd\1.27_0\ CHR - Extension: No name found = C:\Users\Howard\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\8.5.0.9167_0\ CHR - Extension: No name found = C:\Users\Howard\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\ CHR - Extension: No name found = C:\Users\Howard\AppData\Local\Google\Chrome\User Data\Default\Extensions\omenbmgpkbkmloombbdefdpfcclpcjdk\1.0.0_0\ CHR - Extension: No name found = C:\Users\Howard\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\ CHR - Extension: No name found = C:\Users\Howard\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5316.725.0.15_1\ O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\WINDOWS\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security\Engine64\22.8.0.50\coieplg.dll (Symantec Corporation) O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_111\bin\ssv.dll (Oracle Corporation) O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_111\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security\Engine\22.8.0.50\coIEPlg.dll (Symantec Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_111\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_111\bin\jp2ssv.dll (Oracle Corporation) O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3:64bit: - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security\Engine64\22.8.0.50\coieplg.dll (Symantec Corporation) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security\Engine\22.8.0.50\coIEPlg.dll (Symantec Corporation) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3:64bit: - HKU\S-1-5-21-16268802-1566341955-461656969-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3:64bit: - HKU\S-1-5-21-16268802-1566341955-461656969-1000\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security\Engine64\22.8.0.50\coieplg.dll (Symantec Corporation) O3 - HKU\S-1-5-21-16268802-1566341955-461656969-1000\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security\Engine\22.8.0.50\coIEPlg.dll (Symantec Corporation) Link to post Share on other sites
hpg3 Posted November 8, 2016 Author Report Share Posted November 8, 2016 O4 - HKLM..\Run: [] File not found O4 - HKU\.DEFAULT..\Run: [GarminExpressTrayApp] C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe (Garmin Ltd. or its subsidiaries) O4 - HKU\S-1-5-18..\Run: [GarminExpressTrayApp] C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe (Garmin Ltd. or its subsidiaries) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-16268802-1566341955-461656969-1000..\Run: [IncrediMail] C:\Program Files (x86)\IncrediMail\bin\IncMail.exe (IncrediMail, Ltd.) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O9:64bit: - Extra Button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print\SmartPrintSetup.exe (Hewlett-Packard) O9:64bit: - Extra 'Tools' menuitem : HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print\SmartPrintSetup.exe (Hewlett-Packard) O9 - Extra Button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print\SmartPrintSetup.exe (Hewlett-Packard) O9 - Extra 'Tools' menuitem : HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print\SmartPrintSetup.exe (Hewlett-Packard) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://oas.support.microsoft.com/ActiveX/MSDcode.cab (Microsoft Data Collection Control) O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://www.pcpitstop.com/betapit/PCPitStop.CAB (PCPitstop Utility) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: Garmin Communicator Plug-In https://static.garmincdn.com/gcp/ie/4.2.0.0/GarminAxControl_32.CAB (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A41C7912-4B27-4591-BBB2-02F2998AF13A}: DhcpNameServer = 192.168.1.1 O18:64bit: - Protocol\Handler\belarc - No CLSID value found O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll (Belarc, Inc.) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\WINDOWS\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files (x86)\Citrix\GoToAssist\896\G2AWinLogon_x64.dll) - C:\Program Files (x86)\Citrix\GoToAssist\896\g2awinlogon_x64.dll (Citrix Online, a division of Citrix Systems, Inc.) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2011/08/04 18:13:52 | 000,000,110 | -H-- | M] () - J:\autorun.inf -- [ FAT32 ] O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2016/11/08 10:53:11 | 000,192,216 | ---- | C] (Malwarebytes) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys [2016/11/08 10:53:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware [2016/11/08 10:52:59 | 000,140,672 | ---- | C] (Malwarebytes) -- C:\Windows\SysNative\drivers\mbamchameleon.sys [2016/11/08 10:52:59 | 000,064,896 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mwac.sys [2016/11/08 10:52:59 | 000,027,008 | ---- | C] (Malwarebytes) -- C:\Windows\SysNative\drivers\mbam.sys Link to post Share on other sites
hpg3 Posted November 8, 2016 Author Report Share Posted November 8, 2016 [2016/11/08 10:52:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes Anti-Malware [2016/10/31 20:04:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth [2016/10/24 17:55:48 | 000,142,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\poqexec.exe [2016/10/24 17:55:48 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\poqexec.exe [2016/10/22 17:22:31 | 000,110,144 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-64.dll [2016/10/22 17:22:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2016/10/16 14:04:07 | 000,000,000 | ---D | C] -- C:\Users\Howard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2016/11/08 15:42:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2016/11/08 15:06:18 | 000,022,464 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2016/11/08 15:06:18 | 000,022,464 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2016/11/08 15:05:25 | 000,783,424 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2016/11/08 15:05:25 | 000,662,836 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2016/11/08 15:05:25 | 000,122,446 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2016/11/08 15:03:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2016/11/08 14:58:17 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2016/11/08 14:58:08 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2016/11/08 14:58:02 | 334,737,407 | -HS- | M] () -- C:\hiberfil.sys [2016/11/08 11:20:34 | 000,192,216 | ---- | M] (Malwarebytes) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys [2016/11/08 10:53:03 | 000,001,100 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2016/11/08 09:05:45 | 000,415,603 | ---- | M] () -- C:\Windows\SysNative\drivers\NSx64\1608000.032\VT20161108.005 [2016/11/06 10:30:58 | 000,001,284 | ---- | M] () -- C:\Users\Howard\Desktop\Norton Installation Files.lnk [2016/11/05 09:59:31 | 000,007,605 | ---- | M] () -- C:\Users\Howard\AppData\Local\Resmon.ResmonCfg [2016/11/03 18:05:13 | 000,002,185 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2016/10/31 20:04:51 | 000,002,146 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk [2016/10/26 16:42:15 | 000,796,352 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2016/10/26 16:42:15 | 000,142,528 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2016/10/24 18:20:00 | 002,291,393 | ---- | M] () -- C:\Windows\SysNative\drivers\NSx64\1608000.032\Cat.DB [2016/10/24 13:56:27 | 000,410,638 | ---- | M] () -- C:\Windows\SysNative\drivers\NSx64\1608000.032\VT20161024.005 [2016/10/22 17:21:39 | 000,110,144 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-64.dll [2016/10/22 17:21:39 | 000,110,144 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\WindowsAccessBridge-64.dll [2016/10/22 17:20:58 | 000,097,856 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll [2016/10/22 16:27:04 | 000,370,191 | ---- | M] () -- C:\Users\Howard\Documents\Scan.pdf [2016/10/18 06:16:22 | 000,410,638 | ---- | M] () -- C:\Windows\SysNative\drivers\NSx64\1608000.032\VT20161018.006 [2016/10/17 18:12:36 | 000,157,329 | ---- | M] () -- C:\Users\Howard\Documents\Scan0002.pdf [2016/10/17 18:07:39 | 000,156,709 | ---- | M] () -- C:\Users\Howard\Documents\Scan0001.pdf [2016/10/17 18:05:49 | 000,002,294 | ---- | M] () -- C:\Users\Public\Desktop\Norton Security.lnk [2016/10/17 15:05:15 | 000,100,592 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS [2016/10/17 15:05:15 | 000,008,319 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT [2016/10/17 15:05:15 | 000,000,854 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2016/11/08 10:53:03 | 000,001,100 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2016/11/06 10:30:58 | 000,001,284 | ---- | C] () -- C:\Users\Howard\Desktop\Norton Installation Files.lnk [2016/10/31 20:04:51 | 000,002,146 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk [2016/10/22 16:27:03 | 000,370,191 | ---- | C] () -- C:\Users\Howard\Documents\Scan.pdf [2016/10/17 18:12:36 | 000,157,329 | ---- | C] () -- C:\Users\Howard\Documents\Scan0002.pdf [2016/10/17 18:07:39 | 000,156,709 | ---- | C] () -- C:\Users\Howard\Documents\Scan0001.pdf [2015/07/24 12:05:10 | 000,312,320 | ---- | C] () -- C:\Users\Howard\Calender Kitchen 2.bcc [2015/02/28 14:21:05 | 000,000,288 | ---- | C] () -- C:\Users\Howard\AppData\Roaming\.backup.dm [2015/02/05 16:29:53 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\MFC_InstDrvDLL.dll [2014/12/21 13:13:23 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini [2014/01/02 18:30:27 | 000,007,605 | ---- | C] () -- C:\Users\Howard\AppData\Local\Resmon.ResmonCfg [2013/08/10 13:55:58 | 000,103,832 | ---- | C] () -- C:\Users\Howard\GoToAssistDownloadHelper.exe [2013/08/10 13:15:07 | 000,005,632 | ---- | C] () -- C:\Users\Howard\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ========== ZeroAccess Check ========== [2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] Link to post Share on other sites
hpg3 Posted November 8, 2016 Author Report Share Posted November 8, 2016 This is all I need a drink [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\WINDOWS\SysNative\shell32.dll -- [2015/08/06 13:04:07 | 014,176,768 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2015/08/06 12:44:51 | 012,875,776 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\WINDOWS\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 03:19:04 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\WINDOWS\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:373E1720 < End of report > Link to post Share on other sites
flashh4 Posted November 8, 2016 Report Share Posted November 8, 2016 Ok .... now we are getting somewhere !! I can work with this !! Be back with a OTL fix shortly ! Link to post Share on other sites
hpg3 Posted November 8, 2016 Author Report Share Posted November 8, 2016 The CPU usage seem better, it's only bouncing around 50 and not up to 100 Link to post Share on other sites
flashh4 Posted November 8, 2016 Report Share Posted November 8, 2016 Sorry but i have to read threw every thing to type a fix !! I need you to remove this Program in the Control Panel first thing >>> PCPitstop Utility We need to Run an OTL fix !!Warning This fix is only relevant for this system and no other, using on another computer may cause problems. Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot * Double-click OTL.exe to start the program. This is the OTL program i had you download !!! * Copy and Paste the following code into the text box of the OTL tool/program ! Start with and include the colon plus :OTL Copy everthing in RED and Paste into the box in the OTL program !! Pic of where to Paste fix then click Run >>> http://smg.photobucket.com/user/flashh4/media/Paste OTL script here.png.html :OTLIE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7IE:64bit: - HKLM\..\SearchScopes\{EDDB42BC-9E18-4D95-AB9B-8FD2B15B5CD9}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBoxIE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRCIE - HKLM\..\SearchScopes\{5FDFB204-9CF0-46DE-B287-BEBCE2D873E3}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBoxIE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =IE - HKU\S-1-5-21-16268802-1566341955-461656969-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}IE - HKU\S-1-5-21-16268802-1566341955-461656969-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02IE - HKU\S-1-5-21-16268802-1566341955-461656969-1000\..\SearchScopes\{260231E7-2071-4156-A136-BA08B5892000}: "URL" = https://search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_defaultIE - HKU\S-1-5-21-16268802-1566341955-461656969-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7IE - HKU\S-1-5-21-16268802-1566341955-461656969-1000\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = https://nortonsafe.search.ask.com/web?q={searchTerms}&o=APN11913&l=dis&prt=NS&chn=1000&geo=US&ver=22&locale=en_US&guid=F3289CFD-94B3-4714-9D33-050C22617C52&doi=2016-09-01&gct=kwd&qsrc=2869FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_23_0_0_205.dll File not foundFF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not foundFF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found[2014/07/05 12:56:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Howard\AppData\Roaming\Mozilla\ExtensionsCHR - Extension: No name found = C:\Users\Howard\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\CHR - Extension: No name found = C:\Users\Howard\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\CHR - Extension: No name found = C:\Users\Howard\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\CHR - Extension: No name found = C:\Users\Howard\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd\15.1120.0.4_0\CHR - Extension: No name found = C:\Users\Howard\AppData\Local\Google\Chrome\User Data\Default\Extensions\ccnfinpfichedahfpkjopilbkingahem\2.0.0.28_0\CHR - Extension: No name found = C:\Users\Howard\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe\2015.7.1.12_0\CHR - Extension: No name found = C:\Users\Howard\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.60_0\CHR - Extension: No name found = C:\Users\Howard\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehehgijaidopomcfpkigakimeoglkjpa\2.0.1.28_0\CHR - Extension: No name found = C:\Users\Howard\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehngjfcoagpidhngidmiiomeakpampjh\1.0.0.8_0\CHR - Extension: No name found = C:\Users\Howard\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkkcgfbgohboipdhliafmacjnhjbhmim\0.0.0.6_0\CHR - Extension: No name found = C:\Users\Howard\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_0\CHR - Extension: No name found = C:\Users\Howard\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif\1.0.5_0\CHR - Extension: No name found = C:\Users\Howard\AppData\Local\Google\Chrome\User Data\Default\Extensions\jninklaodadoeedinndhhlcflpmagfhd\1.27_0\CHR - Extension: No name found = C:\Users\Howard\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\8.5.0.9167_0\CHR - Extension: No name found = C:\Users\Howard\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\CHR - Extension: No name found = C:\Users\Howard\AppData\Local\Google\Chrome\User Data\Default\Extensions\omenbmgpkbkmloombbdefdpfcclpcjdk\1.0.0_0\CHR - Extension: No name found = C:\Users\Howard\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\CHR - Extension: No name found = C:\Users\Howard\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5316.725.0.15_1\ O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.O4 - HKLM..\Run: [] File not foundO4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not foundO4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not foundO4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not foundO1364bit: - gopher Prefix: missingO13 - gopher Prefix: missingO18:64bit: - Protocol\Handler\belarc - No CLSID value foundO18:64bit: - Protocol\Handler\livecall - No CLSID value foundO18:64bit: - Protocol\Handler\msnim - No CLSID value foundO18:64bit: - Protocol\Handler\skype4com - No CLSID value foundO18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value foundO21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:373E1720 :Commands [emptyjava][emptyflash][EMPTYTEMP][RESETHOSTS][CREATERESTOREPOINT][Reboot] # Then click the Run Fix button at the top. # Click http://img.photobucket.com/albums/v317/flashh4/btnOK.png[/IMG] # Please post the contents of the fix log file back here if you are prompted to open the file. It can also be found at C:\_OTL\Moved Files as MMDDYYY_HHMMSS.log where MMDDYYY is date format and HHMMSS is time format. Remember to enable your real time protection. Post me the return log when you get it ! Thanks Chuck Link to post Share on other sites
hpg3 Posted November 8, 2016 Author Report Share Posted November 8, 2016 Chuck, this is very confusing, you want me to delete Pitstop utility what is We need to Run an OTL fix !! Link to post Share on other sites
flashh4 Posted November 8, 2016 Report Share Posted November 8, 2016 Yes remove the Pitstop utility .......... Open the OTL Icon ....... Copy everthing in RED and Paste into the box in the OTL program !! Pic of where to Paste fix then click Run >>>http://smg.photobucket.com/user/flashh4/media/Paste OTL script here.png.html Link to post Share on other sites
hpg3 Posted November 8, 2016 Author Report Share Posted November 8, 2016 I went into the control panel and programs and features. I don't see pitstop utility in the list the other part is confusing, I don't understand what to do. Link to post Share on other sites
flashh4 Posted November 8, 2016 Report Share Posted November 8, 2016 Ok this is a Picture of the OTL program i had you download & run .... find it , let me know when you do ? >>>>>> http://smg.photobucket.com/user/flashh4/media/Paste OTL script here.png.html Link to post Share on other sites
hpg3 Posted November 8, 2016 Author Report Share Posted November 8, 2016 OK I still have the icon up. so copy all of the red and paste it in the box. what about the pitstop utility Link to post Share on other sites
flashh4 Posted November 8, 2016 Report Share Posted November 8, 2016 Yes copy all that is in RED: .................... Yes i want you to remove/uninstall the PITSTOP UTILITY !! Copy this below: :OTLIE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7IE:64bit: - HKLM\..\SearchScopes\{EDDB42BC-9E18-4D95-AB9B-8FD2B15B5CD9}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBoxIE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRCIE - HKLM\..\SearchScopes\{5FDFB204-9CF0-46DE-B287-BEBCE2D873E3}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBoxIE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =IE - HKU\S-1-5-21-16268802-1566341955-461656969-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}IE - HKU\S-1-5-21-16268802-1566341955-461656969-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02IE - HKU\S-1-5-21-16268802-1566341955-461656969-1000\..\SearchScopes\{260231E7-2071-4156-A136-BA08B5892000}: "URL" = https://search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_defaultIE - HKU\S-1-5-21-16268802-1566341955-461656969-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7IE - HKU\S-1-5-21-16268802-1566341955-461656969-1000\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = https://nortonsafe.search.ask.com/web?q={searchTerms}&o=APN11913&l=dis&prt=NS&chn=1000&geo=US&ver=22&locale=en_US&guid=F3289CFD-94B3-4714-9D33-050C22617C52&doi=2016-09-01&gct=kwd&qsrc=2869FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_23_0_0_205.dll File not foundFF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not foundFF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found[2014/07/05 12:56:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Howard\AppData\Roaming\Mozilla\ExtensionsCHR - Extension: No name found = C:\Users\Howard\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\CHR - Extension: No name found = C:\Users\Howard\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\CHR - Extension: No name found = C:\Users\Howard\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\CHR - Extension: No name found = C:\Users\Howard\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd\15.1120.0.4_0\CHR - Extension: No name found = C:\Users\Howard\AppData\Local\Google\Chrome\User Data\Default\Extensions\ccnfinpfichedahfpkjopilbkingahem\2.0.0.28_0\CHR - Extension: No name found = C:\Users\Howard\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe\2015.7.1.12_0\CHR - Extension: No name found = C:\Users\Howard\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.60_0\CHR - Extension: No name found = C:\Users\Howard\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehehgijaidopomcfpkigakimeoglkjpa\2.0.1.28_0\CHR - Extension: No name found = C:\Users\Howard\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehngjfcoagpidhngidmiiomeakpampjh\1.0.0.8_0\CHR - Extension: No name found = C:\Users\Howard\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkkcgfbgohboipdhliafmacjnhjbhmim\0.0.0.6_0\CHR - Extension: No name found = C:\Users\Howard\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_0\CHR - Extension: No name found = C:\Users\Howard\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif\1.0.5_0\CHR - Extension: No name found = C:\Users\Howard\AppData\Local\Google\Chrome\User Data\Default\Extensions\jninklaodadoeedinndhhlcflpmagfhd\1.27_0\CHR - Extension: No name found = C:\Users\Howard\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\8.5.0.9167_0\CHR - Extension: No name found = C:\Users\Howard\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\CHR - Extension: No name found = C:\Users\Howard\AppData\Local\Google\Chrome\User Data\Default\Extensions\omenbmgpkbkmloombbdefdpfcclpcjdk\1.0.0_0\CHR - Extension: No name found = C:\Users\Howard\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\CHR - Extension: No name found = C:\Users\Howard\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5316.725.0.15_1\ O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.O4 - HKLM..\Run: [] File not foundO4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not foundO4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not foundO4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not foundO1364bit: - gopher Prefix: missingO13 - gopher Prefix: missingO18:64bit: - Protocol\Handler\belarc - No CLSID value foundO18:64bit: - Protocol\Handler\livecall - No CLSID value foundO18:64bit: - Protocol\Handler\msnim - No CLSID value foundO18:64bit: - Protocol\Handler\skype4com - No CLSID value foundO18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value foundO21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:373E1720 :Commands [emptyjava][emptyflash][EMPTYTEMP][RESETHOSTS][CREATERESTOREPOINT][Reboot] Then PASTE it into the box that i posted a picture of with arrow pointing to. Then click the RUN FIX button !!! Link to post Share on other sites
hpg3 Posted November 8, 2016 Author Report Share Posted November 8, 2016 I did the paste, but what about the pitstop it's not on the list Link to post Share on other sites
flashh4 Posted November 8, 2016 Report Share Posted November 8, 2016 Nope that is altogether different .... just for get it for now and run the fix !! Link to post Share on other sites
hpg3 Posted November 9, 2016 Author Report Share Posted November 9, 2016 OMG that was scary, it open and there was a large file but I think I deleted it by mistake Link to post Share on other sites
flashh4 Posted November 9, 2016 Report Share Posted November 9, 2016 Look on your desk top , is it there ? or in your task bar ? Link to post Share on other sites
Recommended Posts