CPU Running slow

hpg3 · November 8, 2016

http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 this is what I got this time Should I just run it again to get the files again ?

Edited November 8, 2016 by hpg3

hpg3 · November 8, 2016

Do you have a fax, I could fax it to you. I copied the entire thing in Word, 18 pages or start a new topic and try again

Edited November 8, 2016 by hpg3

hpg3 · November 8, 2016

OTL Extras logfile created on: 11/8/2016 5:08:07 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Howard\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.18449)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.75 Gb Total Physical Memory | 3.48 Gb Available Physical Memory | 60.54% Memory free
11.50 Gb Paging File | 8.77 Gb Available in Paging File | 76.27% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 455.84 Gb Total Space | 394.76 Gb Free Space | 86.60% Space Free | Partition Type: NTFS
Drive J: | 7.45 Gb Total Space | 4.69 Gb Free Space | 63.01% Space Free | Partition Type: FAT32

Computer Name: HOWARD-PC | User Name: Howard | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-16268802-1566341955-461656969-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02C4B789-945B-42AF-84B5-E5A44689F972}" = lport=10243 | protocol=6 | dir=in | app=system |
"{11381CB0-55D4-43A0-804B-E3931C21D23A}" = lport=2869 | protocol=6 | dir=in | app=system |
"{2BE88AB1-DE53-45BA-8682-C1077A5A7A5E}" = rport=138 | protocol=17 | dir=out | app=system |
"{2DC66062-86F3-4826-BBB4-9CCB0B9D098F}" = lport=139 | protocol=6 | dir=in | app=system |
"{3BA3AFD2-9F52-45D2-9218-74B5190FFD6C}" = rport=137 | protocol=17 | dir=out | app=system |
"{49A99F35-43C9-406E-9E04-1A51ACAE3BCB}" = rport=445 | protocol=6 | dir=out | app=system |
"{4AEACB0C-4402-4A25-911D-B6DD4CBBD75F}" = lport=2869 | protocol=6 | dir=in | app=system |
"{4FB76F36-9DCF-4E5B-A065-986971D10B68}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{605F380C-53C4-49BB-989A-9DE77A10EFB0}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{6165C2A6-C150-4B69-943B-71C1881DC86F}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{670668B0-C4E1-449A-BBF9-5308CDBFD86D}" = rport=10243 | protocol=6 | dir=out | app=system |
"{67A749B5-CD4A-4B2E-9277-C33586D1A4E6}" = rport=139 | protocol=6 | dir=out | app=system |
"{7A4E1D09-2877-4C10-9BA4-9FC475E85DBB}" = lport=5357 | protocol=6 | dir=in | name=ws-eventing tcp port 5357 |
"{7F0113AC-F229-41B2-845B-745951502631}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{8868327D-6A71-4F1B-B391-63E1BAE3D7F1}" = lport=5353 | protocol=17 | dir=in | app=c:\program files (x86)\google\chrome\application\chrome.exe |
"{8F76B9E2-84DF-4A6A-92CB-B095CBF1BEA5}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A9ED3743-7FD9-4AE5-9BB1-5B862E6AB979}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{BDB3D842-3F94-41DA-9097-65233B444F26}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{BFC4D17B-A762-4381-A0DF-41958BC8F8D2}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{C0A8F039-1779-42D8-A9C3-EDBC47C51DF4}" = lport=445 | protocol=6 | dir=in | app=system |
"{C9F4F8C7-B26D-450F-9D4A-32EECD7AC7BF}" = lport=138 | protocol=17 | dir=in | app=system |
"{CCA20E33-D934-4F8A-BB91-9085A20E30D6}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{CCC53B94-DDB6-42F9-81D3-F3DE272A3CB8}" = lport=137 | protocol=17 | dir=in | app=system |
"{F3E31018-5226-4501-94D8-3222BB41AD19}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F9F7A7EF-F1E8-46FD-8D33-5B1A802E5336}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01E5AE3D-81D5-4446-84BC-E96F9426AF57}" = protocol=17 | dir=in | app=c:\users\howard\appdata\local\temp\7zs6a6c\hpdiagnosticcoreui.exe |
"{06771EBE-5D50-4F23-85BD-357519EF5852}" = protocol=17 | dir=in | app=c:\users\howard\appdata\local\temp\7zs3f59\hpdiagnosticcoreui.exe |
"{06B9CCF2-D34F-4742-959D-476728EAF2B8}" = protocol=6 | dir=in | app=c:\users\howard\appdata\local\temp\7zs150f\hpdiagnosticcoreui.exe |
"{08590306-0678-473F-A6DB-83F862BBBB83}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\platform\mcsvchost\mcsvhost.exe |
"{09B46751-1627-4965-9669-B3FEDBD55B57}" = protocol=6 | dir=in | app=c:\users\howard\appdata\local\temp\7zs1b65\hpdiagnosticcoreui.exe |
"{12037A6E-4078-4D93-AB11-9BB165B743E8}" = protocol=17 | dir=in | app=c:\users\howard\appdata\local\temp\7zs6407\hpdiagnosticcoreui.exe |
"{13BD7366-4441-445A-B74C-B91781D016CA}" = protocol=1 | dir=out | [email protected],-28544 |
"{154AA26E-126D-4A5B-9DC0-0588B97910E6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{18CEA0B5-CC5F-45A3-B425-11ED5CCFB1DD}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{193F4C43-8740-45E3-A325-E6C434D01EE8}" = protocol=6 | dir=in | app=c:\users\howard\appdata\local\temp\7zs63d6\hpdiagnosticcoreui.exe |
"{1DD677DB-5A22-409A-ABCC-A4DB39E8B0C5}" = protocol=6 | dir=in | app=c:\users\howard\appdata\local\temp\7zs7f6e\hpdiagnosticcoreui.exe |
"{245124C2-A2DB-4D13-9C10-F33EF04C2A30}" = dir=in | app=c:\program files\hp\hp officejet pro 6830\bin\faxapplications.exe |
"{2EAB6C2B-5157-4437-8DE5-EB3533C10E42}" = dir=in | app=c:\program files\hp\hp officejet pro 6830\bin\digitalwizards.exe |
"{30B1ED07-C6C9-42EA-B025-8DAB8ADE27FF}" = dir=in | app=c:\program files\hp\hp officejet pro 6830\bin\sendafax.exe |
"{32587C62-5993-486C-9DB2-856FC1864BE1}" = protocol=17 | dir=in | app=c:\users\howard\appdata\local\temp\7zs2c41\hpdiagnosticcoreui.exe |
"{37A6EE52-E2E7-4D9B-83B9-C8EE8BE15C23}" = protocol=17 | dir=in | app=c:\users\howard\appdata\local\temp\7zs2bcf\hpdiagnosticcoreui.exe |
"{3A1E8E61-9127-4DE1-8AD7-6694B519C0BA}" = protocol=17 | dir=in | app=c:\users\howard\appdata\local\temp\7zs1b13\hpdiagnosticcoreui.exe |
"{54A5E398-E538-4695-9A8F-A337C137026F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{55B5CF70-8682-4BD0-A7F0-55DF82EB3B8D}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{5B52EFBD-19D4-4ABB-8AAE-C3E67EFBE7A1}" = protocol=6 | dir=in | app=c:\users\howard\appdata\local\temp\7zs603e\hpdiagnosticcoreui.exe |
"{5C2A2BB2-3BA8-416A-AA6B-6DD042C5C7AA}" = protocol=6 | dir=in | app=c:\users\howard\appdata\local\temp\7zs31a0\hpdiagnosticcoreui.exe |
"{5E5ABE2D-3FDA-4108-9A90-D6638129D5A3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{61DFE1A2-570C-4770-9C4B-B3E8E5D30457}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{65DCC3CD-8964-40C7-A581-ECC1B93EA7D2}" = protocol=17 | dir=in | app=c:\users\howard\appdata\local\temp\7zs7f6e\hpdiagnosticcoreui.exe |
"{6687B6DB-7705-48C4-8C85-86E90C739275}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{70ABA383-2B6F-4EA0-8211-9BB594B62D0F}" = protocol=58 | dir=in | [email protected],-28545 |
"{72C7B53C-B67F-4DDB-BEAD-92AABB3ED65E}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\platform\mcsvchost\mcsvhost.exe |
"{74739885-B64C-423E-8461-74081D42566B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8465FF4D-DABA-4338-B67C-AEDA4D5B3EBD}" = protocol=17 | dir=in | app=c:\users\howard\appdata\local\temp\7zs603e\hpdiagnosticcoreui.exe |
"{86004FAB-4A08-4171-84EA-FF0AEEDD3B0C}" = protocol=6 | dir=in | app=c:\users\howard\appdata\local\temp\7zs1b13\hpdiagnosticcoreui.exe |
"{8C9DC199-1EF6-4118-B231-46BAE9A312B4}" = protocol=6 | dir=in | app=c:\users\howard\appdata\local\temp\7zs2bcf\hpdiagnosticcoreui.exe |
"{8F374204-0A17-4F20-9C61-0A3E15DD7323}" = protocol=6 | dir=in | app=c:\users\howard\appdata\local\temp\7zs6407\hpdiagnosticcoreui.exe |
"{901E9B46-A27A-4940-ABDC-926D256FD5F7}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{97C30663-2508-47CE-B894-13085B072C28}" = protocol=17 | dir=in | app=c:\users\howard\appdata\local\temp\7zs035c\hpdiagnosticcoreui.exe |
"{A3AC7AF8-E19E-4E24-B6D6-F36B1EC3E6DC}" = protocol=17 | dir=in | app=c:\users\howard\appdata\local\temp\7zs31a0\hpdiagnosticcoreui.exe |
"{A7BE6349-F186-4370-9C2D-4EFAA186F81B}" = protocol=6 | dir=out | app=system |
"{A85CC163-F6C2-4D7C-BF5C-23125DFD7B5D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A95BAF37-7620-4505-A8D2-E6C2189C1C54}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{B07AE0EC-6DCB-4241-B703-1539B0603868}" = protocol=17 | dir=in | app=c:\users\howard\appdata\local\temp\7zs150f\hpdiagnosticcoreui.exe |
"{B92671D6-27E7-49FD-83FB-465C716D18A5}" = protocol=17 | dir=in | app=c:\users\howard\appdata\local\temp\7zs316f\hpdiagnosticcoreui.exe |
"{BB73E4A1-6C38-43CA-A657-09D0C67FA9D9}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{BC0CC9CB-79D0-490E-8BE0-F83D8B75F519}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{BD477EA7-F581-4402-ABCD-1E6A57BC7AD9}" = protocol=6 | dir=in | app=c:\users\howard\appdata\local\temp\7zs2c41\hpdiagnosticcoreui.exe |
"{C00F55C6-E05C-451C-A177-0F91C00465E0}" = protocol=58 | dir=out | [email protected],-28546 |
"{C21092D1-CEA5-4825-AF73-0EC11196B336}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{C226656D-4B5B-4E2C-BA08-59DE826C472D}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{C29911B2-A4A7-4E59-A88A-4569F031ACEC}" = protocol=17 | dir=in | app=c:\users\howard\appdata\local\temp\7zs1b65\hpdiagnosticcoreui.exe |
"{C88CCB10-B7B3-477B-81C8-8AAB18865FB8}" = protocol=6 | dir=in | app=c:\users\howard\appdata\local\temp\7zs6a6c\hpdiagnosticcoreui.exe |
"{C8AA23FF-624C-4796-8E66-7B7B7B8A21E5}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{CA714121-410E-4128-B5FA-7F9CBA8ABA15}" = protocol=6 | dir=in | app=c:\users\howard\appdata\local\temp\7zs316f\hpdiagnosticcoreui.exe |
"{CA8223E5-1C63-45E3-BEF9-12E81F8C38B5}" = protocol=6 | dir=in | app=c:\users\howard\appdata\local\temp\7zs035c\hpdiagnosticcoreui.exe |
"{CC2A99B1-7E1C-4BFC-B826-443B0FD64B1B}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{CDE74878-8442-4722-9C86-51644581EDF1}" = dir=in | app=c:\program files\hp\hp officejet pro 6830\bin\hpnetworkcommunicatorcom.exe |
"{D1CCA3A5-FB23-4F58-9B80-9D4A907CD19E}" = dir=in | app=c:\program files\hp\hp officejet pro 6830\bin\devicesetup.exe |
"{D8D9BA9C-5BAD-4D46-8497-EDDD54C8B145}" = protocol=17 | dir=in | app=c:\users\howard\appdata\local\temp\7zs63d6\hpdiagnosticcoreui.exe |
"{F33CC057-ACA2-4363-AC5A-55C6155BCA0D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{F4CF6797-F4B3-477C-BC44-747EEC072B05}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F7642B4E-3424-4F4E-95F5-89EDA6686B15}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F9F3A039-CCB4-447E-BC22-86DF2F5E10C2}" = protocol=6 | dir=in | app=c:\users\howard\appdata\local\temp\7zs3f59\hpdiagnosticcoreui.exe |
"{FD71117D-0729-44D2-9722-7D2B00071FDE}" = protocol=1 | dir=in | [email protected],-28543 |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{26784146-6E05-3FF9-9335-786C7C0FB5BE}" = Microsoft .NET Framework 4.5.2
"{26A24AE4-039D-4CA4-87B4-2F64180111F0}" = Java 8 Update 111 (64-bit)
"{2E4AF2A6-50EA-4260-9BA4-5E582D11879A}" = Apple Mobile Device Support
"{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}" = Bonjour
"{724A887F-2B55-4306-B6F9-8F0E7A04B1B5}" = iCloud
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
"{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.2
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96ABEAD3-67AE-4BF7-8A16-F745352049B3}" = Product Improvement Study for HP Officejet Pro 6830
"{98040AB6-D667-409C-81E7-DB65836B3EE0}" = HP Officejet Pro 6830 Basic Device Software
"{A6B0442B-E159-444B-B49D-6B9AC531EAE3}" = Apple Application Support (64-bit)
"{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb" = Internet Explorer (Enable DEP)
"{C73A3942-84C8-4597-9F9B-EE227DCBA758}" = Dell Dock
"{CAED120A-1F05-4B8F-B76E-A3EA5C328AB8}" = ANT Drivers Installer x64
"{E06357A3-5F44-B1AE-F4BA-9DAC26A209C9}" = ccc-utility64
"{EF79C448-6946-4D71-8134-03407888C054}" = Shared C Run-time for x64
"98157A226B40B173301B0F53C8E98C47805D5152" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (04/19/2012 2.3.1.0)
"CCleaner" = CCleaner
"D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2" = Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1)
"F9D2A789F9CFF8CEC36B544F53877C80F1F73C46" = Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0D29B7E9-CDFF-807D-1D4E-FFB77D809836}" = CCC Help Italian
"{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup
"{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}" = Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005
"{144D9816-818D-C36E-33A0-889A19C5EDA6}" = CCC Help Portuguese
"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD
"{16FCDD97-AE09-476B-88CD-261D852BD34C}" = Marketsplash Shortcuts
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18BED011-2EEF-1148-E90C-D6556565B2EC}" = CCC Help Polish
"{20C2435C-5B06-2E12-5087-116D8EF658B8}" = CCC Help Korean
"{21A196EC-241B-4A79-970B-E9585F1CE90C}" = AVEO UVC Like Driver
"{21DFBF7E-DC05-4E87-A7D1-D5631A23ECED}" = AQUAZONE DESKTOP GARDEN
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}" = Skype™ 7.5
"{26791563-0BDF-1FBE-CC21-994A09559CCE}" = Catalyst Control Center Graphics Previews Common
"{26A24AE4-039D-4CA4-87B4-2F32180111F0}" = Java 8 Update 111
"{28693307-6F99-4B5D-9FA3-4D9132DDA716}" = HP Officejet Pro 6830 Help
"{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}" = essvatgt
"{34927EBC-98D4-4D53-98BE-510DF5999F50}" = Adobe AIR
"{35505AE1-27E2-4206-B3BF-58771803B8D0}" = IncrediMail
"{3A25676C-038C-504A-FA32-F971B36BF7EE}" = Catalyst Control Center Graphics Previews Vista
"{3AA7FDD6-E358-453D-BC77-22E3CF81DA83}" = Super Glinx!
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3B8FF075-F41B-89DD-41F7-B90A6A01B8F8}" = Catalyst Control Center Graphics Full New
"{3D5044A5-97B8-45C0-B956-BB2376569188}" = Windows Live Movie Maker
"{3D5D6CFC-3097-425A-8D8F-7EAF5D57641D}" = Garmin USB Drivers
"{40B739E1-40CC-4F0D-9BA1-B75492FFA732}" = Super Nisqually!
"{42938595-0D83-404D-9F73-F8177FDD531A}" = ESScore
"{44453D07-5BDB-45F8-E3DF-20A7F76407D0}" = CCC Help Czech
"{4537EA4B-F603-4181-89FB-2953FC695AB1}" = netbrdg
"{466E1C7A-AEAF-2F55-26E2-A727B761AAB0}" = CCC Help Dutch
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50ED6ABB-078C-8B17-1181-DC6DDB4E52DC}" = Catalyst Control Center InstallProxy
"{5250BDEA-3EA9-441C-8233-9CBEC6A799BD}" = Garmin Express Tray
"{5316DFC9-CE99-4458-9AB3-E8726EDE0210}" = skin0001
"{56E55229-CBE7-211E-0CD1-AB3712AF177A}" = CCC Help Danish
"{56EC47AA-5813-4FF6-8E75-544026FBEA83}" = Apple Software Update
"{5CE2D957-59C2-4489-481E-2E38EAE59762}" = CCC Help Spanish
"{5DEB2BA0-0E1F-D5CB-A0C4-F738590BE973}" = Catalyst Control Center Core Implementation
"{605A4E39-613C-4A12-B56F-DEFBE6757237}" = SHASTA
"{608D2A3C-6889-4C11-9B54-A42F45ACBFDB}" = fflink
"{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}" = Google Update Helper
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{643EAE81-920C-4931-9F0B-4B343B225CA6}" = ESSBrwr
"{6675371D-22CD-F426-DC4C-9DDF594D0BBE}" = CCC Help Chinese Traditional
"{6839108F-BC82-30BC-776F-D635EDA2B3D4}" = CCC Help Russian
"{6B1ADEE1-1595-82C4-6FB9-97B65F68E9EE}" = CCC Help Swedish
"{6B206787-2964-D9D8-A1F6-7D98B6BCD7F9}" = CCC Help Hungarian
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73EFFD76-009E-A554-AA1F-106DBE475525}" = CCC Help French
"{775FCAEB-C804-02B9-135F-D9A189A1CCDC}" = CCC Help English
"{77D41B26-31DE-4EBA-F974-26D67B728FDB}" = CCC Help Turkish
"{788A0222-5690-4212-AA9C-C48FD0E1C9AE}" = Photo Notifier and Animation Creator
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{833FE2B0-DCD7-8995-6374-F69F1A84055F}" = CCC Help German
"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}" = Skype Click to Call
"{8943CE61-53BD-475E-90E1-A580869E98A2}" = staticcr
"{8A502E38-29C9-49FA-BCFA-D727CA062589}" = ESSTOOLS
"{8D0BED50-BD2B-5EBA-7F04-5513F1B9EC74}" = CCC Help Thai
"{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini
"{90140011-0066-0409-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - English
"{912D30CF-F39E-4B31-AD9A-123C6B794EE2}" = HP Update
"{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{98C7AEBC-350A-52D6-6886-76FB98C6A503}" = Catalyst Control Center Graphics Full Existing
"{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A0C18B96-AB79-46BD-8321-6FA83E6D25B9}" = Google Earth
"{A301896D-9F55-4492-B518-30EAC4C723E1}" = Super Collapse!
"{A33E7B0C-B99C-4EC9-B702-8A328B161AF9}" = Roxio Burn
"{A53F1B50-A664-4D28-92FE-DD5F507F34BC}" = Elevated Installer
"{A69D7B32-2BE9-42BF-B576-69B5E0FF7394}" = Catalyst Control Center - Branding
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software
"{AB73CF18-528A-4E18-83B2-380CD0BC8EA7}" = Calendar Creator
"{AC76BA86-0804-1033-1959-001824205020}" = Adobe Refresh Manager
"{AC76BA86-7AD7-1033-7B44-AC0F074E4100}" = Adobe Acrobat Reader DC
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AE1EC58E-B2AC-4959-A4C2-C38202A25239}" = Garmin WebUpdater
"{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK
"{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}" = OfotoXMI
"{B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}" = Roxio Burn
"{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore
"{BE6F906F-9F86-5CED-E122-8C6A162295B8}" = Skins
"{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem driver
"{CA6BCA2F-EDEB-408F-850B-31404BE16A61}" = I.R.I.S. OCR
"{ce085a78-074e-4823-8dc1-8a721b94b76d}" = Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005
"{D1B261D6-EBAE-4129-8EFB-C04E14DCEF6A}" = Garmin Express
"{D1E89604-DFBE-2DF8-BE82-A0076107AA32}" = CCC Help Finnish
"{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare software
"{D4B07658-F443-4445-A261-E643996E139D}" = Apple Application Support (32-bit)
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{d74c733b-9216-49f5-ae3a-14bf3a3d66f5}" = Garmin Express
"{DB02F716-6275-42E9-B8D2-83BA2BF5100B}" = SFR
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E50D9AC2-EB3C-3161-FF97-4E800D106D0E}" = CCC Help Norwegian
"{E65DADC9-D6B1-6706-41DE-FA19149869E5}" = Catalyst Control Center Graphics Light
"{EBF60699-3D2E-6677-D504-5B4846171C8E}" = ccc-core-static
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F4044E58-9707-2918-1DA9-D3E400F0B699}" = CCC Help Japanese
"{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}" = SKINXSDK
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F70ACEA1-05C5-6D98-9C0C-F3AD818E1E33}" = CCC Help Chinese Standard
"{F835D378-5073-8C86-70EF-9A3B739F9897}" = CCC Help Greek
"{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}" = Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005
"{F9593CFB-D836-49BC-BFF1-0E669A411D9F}" = WIRELESS
"{FCDB1C92-03C6-4C76-8625-371224256091}" = ESSPDock
"{FFD3A1EB-F550-3309-7AFE-17E4BB778423}" = Catalyst Control Center Localization All
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 23 ActiveX
"Adobe Flash Player NPAPI" = Adobe Flash Player 23 NPAPI
"Belarc Advisor" = Belarc Advisor 8.3
"CameraUserGuide-PSA1100IS" = Canon PowerShot A1100 IS Camera User Guide
"CameraWindowDC" = Canon Utilities CameraWindow DC
"CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
"CameraWindowLauncher" = Canon Utilities CameraWindow
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
"Dell Dock" = Dell Dock
"Google Chrome" = Google Chrome
"GoToAssist" = GoToAssist Corporate
"IncrediMail" = IncrediMail 2.5
"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware version 2.2.1.1043
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"MyCamera" = Canon Utilities MyCamera
"MyCameraDC" = Canon Utilities MyCamera DC
"NBRTWizard" = Norton Bootable Recovery Tool Wizard
"NS" = Norton Security
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010
"Personal Printing Guide" = Canon Personal Printing Guide
"Photo Notifier and Animation Creator" = Photo Notifier and Animation Creator
"PhotoStitch" = Canon Utilities PhotoStitch
"RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX
"SoftwareStarterGuide-DCSD40_46" = Canon Digital Camera Solution Disk 40-46 Software Starter Guide
"VzInHomeAgent" = Vz In-Home Agent
"WebPost" = Microsoft Web Publishing Wizard 1.52
"WinLiveSuite_Wave3" = Windows Live Essentials
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 10/29/2016 4:14:52 PM | Computer Name = Howard-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2527

Error - 10/29/2016 4:15:03 PM | Computer Name = Howard-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 10/29/2016 4:15:03 PM | Computer Name = Howard-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 12667

Error - 10/29/2016 4:15:03 PM | Computer Name = Howard-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 12667

Error - 10/31/2016 2:29:37 PM | Computer Name = Howard-PC | Source = Application Hang | ID = 1002
Description = The program IEXPLORE.EXE version 11.0.9600.18450 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel.    Process ID: 179c    Start
Time: 01d233a0a7fe1389    Termination Time: 37    Application Path: C:\Program Files (x86)\Internet
Explorer\IEXPLORE.EXE    Report Id:

Error - 10/31/2016 3:04:42 PM | Computer Name = Howard-PC | Source = Application Error | ID = 1000
Description = Faulting application name: IEXPLORE.EXE, version: 11.0.9600.18450,
time stamp: 0x57c77728 Faulting module name: MSHTML.dll, version: 11.0.9600.18450,
time stamp: 0x57c79ab7 Exception code: 0xc0000005 Fault offset: 0x003f5bf9 Faulting
process id: 0x1610 Faulting application start time: 0x01d233a4bc521b9c Faulting application
path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE Faulting module path:
C:\Windows\system32\MSHTML.dll Report Id: e0d125ec-9f9c-11e6-a65e-b8ac6fc07b3a

Error - 11/2/2016 6:42:28 PM | Computer Name = Howard-PC | Source = Application Hang | ID = 1002
Description = The program googleearth.exe version 7.1.7.2606 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel.    Process ID: ad8    Start
Time: 01d2355a47877ebf    Termination Time: 25    Application Path: C:\Program Files (x86)\Google\Google
Earth\client\googleearth.exe    Report Id: 9ea305a8-a14d-11e6-a1e2-b8ac6fc07b3a

Error - 11/6/2016 8:42:51 AM | Computer Name = Howard-PC | Source = Application Error | ID = 1000
Description = Faulting application name: IEXPLORE.EXE, version: 11.0.9600.18450,
time stamp: 0x57c77728 Faulting module name: atiumdva.dll, version: 8.14.10.308,
time stamp: 0x4dae373c Exception code: 0xc0000005 Fault offset: 0x00007b65 Faulting
process id: 0x7c0 Faulting application start time: 0x01d2382996fe49c5 Faulting application
path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE Faulting module path:
C:\Windows\system32\atiumdva.dll Report Id: 8751bd96-a41e-11e6-a17c-b8ac6fc07b3a

Error - 11/7/2016 5:51:14 PM | Computer Name = Howard-PC | Source = Application Error | ID = 1000
Description = Faulting application name: IEXPLORE.EXE, version: 11.0.9600.18450,
time stamp: 0x57c77728 Faulting module name: MSHTML.dll, version: 11.0.9600.18450,
time stamp: 0x57c79ab7 Exception code: 0xc0000005 Fault offset: 0x003f5bf9 Faulting
process id: 0x72c Faulting application start time: 0x01d2393f51b360dc Faulting application
path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE Faulting module path:
C:\Windows\system32\MSHTML.dll Report Id: 4d775091-a534-11e6-b899-b8ac6fc07b3a

Error - 11/7/2016 7:37:23 PM | Computer Name = Howard-PC | Source = Application Error | ID = 1000
Description = Faulting application name: IEXPLORE.EXE, version: 11.0.9600.18450,
time stamp: 0x57c77728 Faulting module name: MSHTML.dll, version: 11.0.9600.18450,
time stamp: 0x57c79ab7 Exception code: 0xc0000005 Fault offset: 0x003f5bf9 Faulting
process id: 0xa48 Faulting application start time: 0x01d2394115c55a7f Faulting application
path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE Faulting module path:
C:\Windows\system32\MSHTML.dll Report Id: 21a5b10d-a543-11e6-b899-b8ac6fc07b3a

[ Dell Events ]
Error - 8/8/2013 5:43:42 PM | Computer Name = Howard-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 8/9/2013 7:48:33 PM | Computer Name = Howard-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 8/9/2013 7:48:34 PM | Computer Name = Howard-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 8/11/2013 8:07:07 PM | Computer Name = Howard-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 8/11/2013 8:07:07 PM | Computer Name = Howard-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 8/12/2013 11:27:00 PM | Computer Name = Howard-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 8/12/2013 11:27:00 PM | Computer Name = Howard-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 10/13/2013 4:47:20 PM | Computer Name = Howard-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 10/13/2013 4:47:20 PM | Computer Name = Howard-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 7/27/2014 9:21:09 AM | Computer Name = Howard-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

[ Media Center Events ]
Error - 8/25/2016 3:41:03 PM | Computer Name = Howard-PC | Source = MCUpdate | ID = 0
Description = 3:41:03 PM - Failed to retrieve nettv (Error: PackageName is invalid.)

Error - 8/26/2016 9:23:31 PM | Computer Name = Howard-PC | Source = MCUpdate | ID = 0
Description = 9:23:30 PM - Failed to retrieve nettv (Error: PackageName is invalid.)

Error - 8/27/2016 9:56:29 AM | Computer Name = Howard-PC | Source = MCUpdate | ID = 0
Description = 9:56:29 AM - Failed to retrieve nettv (Error: PackageName is invalid.)

Error - 8/27/2016 12:37:45 PM | Computer Name = Howard-PC | Source = MCUpdate | ID = 0
Description = 12:37:45 PM - Failed to retrieve nettv (Error: PackageName is invalid.)

Error - 8/28/2016 10:45:35 AM | Computer Name = Howard-PC | Source = MCUpdate | ID = 0
Description = 10:45:35 AM - Failed to retrieve nettv (Error: PackageName is invalid.)

Error - 8/28/2016 1:54:55 PM | Computer Name = Howard-PC | Source = MCUpdate | ID = 0
Description = 1:54:55 PM - Failed to retrieve nettv (Error: PackageName is invalid.)

Error - 8/29/2016 10:58:28 AM | Computer Name = Howard-PC | Source = MCUpdate | ID = 0
Description = 10:58:28 AM - Failed to retrieve nettv (Error: PackageName is invalid.)

Error - 8/29/2016 4:15:29 PM | Computer Name = Howard-PC | Source = MCUpdate | ID = 0
Description = 4:15:29 PM - Failed to retrieve nettv (Error: PackageName is invalid.)

Error - 8/30/2016 6:06:51 PM | Computer Name = Howard-PC | Source = MCUpdate | ID = 0
Description = 6:06:51 PM - Failed to retrieve nettv (Error: PackageName is invalid.)

Error - 8/31/2016 4:20:23 PM | Computer Name = Howard-PC | Source = MCUpdate | ID = 0
Description = 4:20:23 PM - Failed to retrieve nettv (Error: PackageName is invalid.)

[ System Events ]
Error - 11/8/2016 12:53:23 PM | Computer Name = Howard-PC | Source = Service Control Manager | ID = 7034
Description = The Client Virtualization Handler service terminated unexpectedly.
It has done this 1 time(s).

Error - 11/8/2016 12:53:23 PM | Computer Name = Howard-PC | Source = Service Control Manager | ID = 7031
Description = The Windows Search service terminated unexpectedly. It has done this
1 time(s). The following corrective action will be taken in 30000 milliseconds:
Restart the service.

Error - 11/8/2016 12:53:23 PM | Computer Name = Howard-PC | Source = Service Control Manager | ID = 7031
Description = The Windows Media Player Network Sharing Service service terminated
unexpectedly. It has done this 1 time(s). The following corrective action will
be taken in 30000 milliseconds: Restart the service.

Error - 11/8/2016 12:53:23 PM | Computer Name = Howard-PC | Source = Service Control Manager | ID = 7034
Description = The Office Software Protection Platform service terminated unexpectedly.
It has done this 1 time(s).

Error - 11/8/2016 12:53:26 PM | Computer Name = Howard-PC | Source = Service Control Manager | ID = 7034
Description = The Application Virtualization Client service terminated unexpectedly.
It has done this 1 time(s).

Error - 11/8/2016 12:53:53 PM | Computer Name = Howard-PC | Source = Service Control Manager | ID = 7038
Description = The WSearch service was unable to log on as NT AUTHORITY\SYSTEM with
the currently configured password due to the following error:   %%50    To ensure that
the service is configured properly, use the Services snap-in in Microsoft Management
Console (MMC).

Error - 11/8/2016 12:53:53 PM | Computer Name = Howard-PC | Source = Service Control Manager | ID = 7000
Description = The Windows Search service failed to start due to the following error:
   %%1069

Error - 11/8/2016 12:53:53 PM | Computer Name = Howard-PC | Source = Service Control Manager | ID = 7038
Description = The WMPNetworkSvc service was unable to log on as NT AUTHORITY\NetworkService
with the currently configured password due to the following error:   %%50    To ensure
that the service is configured properly, use the Services snap-in in Microsoft
Management Console (MMC).

Error - 11/8/2016 12:53:53 PM | Computer Name = Howard-PC | Source = Service Control Manager | ID = 7000
Description = The Windows Media Player Network Sharing Service service failed to
start due to the following error:   %%1069

Error - 11/8/2016 3:22:45 PM | Computer Name = Howard-PC | Source = DCOM | ID = 10010
Description =

< End of report >

hpg3 · November 8, 2016

I did get the second file to paste I did see run fix on one of the tabs after the file ran. you don't want me to hit that, do yo

Edited November 8, 2016 by hpg3

hpg3 · November 8, 2016

OTL logfile created on: 11/8/2016 3:52:10 PM - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Howard\Downloads

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.11.9600.18449)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.75 Gb Total Physical Memory | 3.54 Gb Available Physical Memory | 61.57% Memory free

11.50 Gb Paging File | 8.81 Gb Available in Paging File | 76.67% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 455.84 Gb Total Space | 394.77 Gb Free Space | 86.60% Space Free | Partition Type: NTFS

Drive J: | 7.45 Gb Total Space | 4.69 Gb Free Space | 63.01% Space Free | Partition Type: FAT32

Computer Name: HOWARD-PC | User Name: Howard | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - File not found --

PRC - [2016/11/08 15:50:46 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Howard\Downloads\OTL.com

PRC - [2016/10/21 19:02:44 | 000,082,128 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

PRC - [2016/09/23 21:23:21 | 000,289,080 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Security\Engine\22.8.0.50\ns.exe

PRC - [2016/07/28 15:57:52 | 000,288,920 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.31.5\GoogleCrashHandler.exe

PRC - [2016/05/03 15:20:07 | 000,308,336 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe

PRC - [2014/10/08 17:18:56 | 000,211,104 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

PRC - [2014/10/08 17:18:50 | 000,534,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

PRC - [2013/08/10 13:10:33 | 000,444,840 | ---- | M] (IncrediMail, Ltd.) -- C:\Program Files (x86)\IncrediMail\Bin\IncMail.exe

PRC - [2013/08/10 13:10:33 | 000,297,384 | ---- | M] (IncrediMail, Ltd.) -- C:\Program Files (x86)\IncrediMail\Bin\ImApp.exe

PRC - [2010/08/20 18:53:08 | 000,689,472 | ---- | M] (SoftThinks SAS) -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe

PRC - [2010/02/28 01:33:14 | 000,077,664 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\OFFICEVIRT.EXE

PRC - [2009/06/09 09:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe

========== Modules (No Company Name) ==========

MOD - [2013/08/10 13:10:34 | 000,072,104 | ---- | M] () -- C:\Program Files (x86)\IncrediMail\Bin\wlessfp1.dll

MOD - [2013/08/10 13:10:33 | 000,272,808 | ---- | M] () -- C:\Program Files (x86)\IncrediMail\Bin\ImLookExU.dll

MOD - [2013/08/10 13:10:33 | 000,133,544 | ---- | M] () -- C:\Program Files (x86)\IncrediMail\Bin\ImComUtlU.dll

MOD - [2013/08/10 13:10:33 | 000,080,296 | ---- | M] () -- C:\Program Files (x86)\IncrediMail\Bin\ImAppRU.dll

MOD - [2013/08/10 13:10:33 | 000,033,128 | ---- | M] () -- C:\Program Files (x86)\IncrediMail\Bin\IMHttpComm.dll

MOD - [2013/07/18 21:16:16 | 000,108,888 | ---- | M] () -- C:\Program Files (x86)\IncrediMail\Bin\PMC.dll

MOD - [2010/02/28 01:33:14 | 000,077,664 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\OFFICEVIRT.EXE

========== Services (SafeList) ==========

SRV:64bit: - [2016/08/31 19:11:19 | 000,114,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)

SRV:64bit: - [2015/04/27 14:23:32 | 001,254,400 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\SysNative\diagtrack.dll -- (DiagTrack)

SRV:64bit: - [2013/05/27 00:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV:64bit: - [2011/04/20 01:04:20 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\WINDOWS\SysNative\atiesrxx.exe -- (AMD External Events Utility)

SRV:64bit: - [2009/06/09 09:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)

SRV - [2016/10/26 16:42:16 | 000,270,016 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2016/10/25 10:37:48 | 000,985,616 | ---- | M] (Garmin Ltd. or its subsidiaries) [On_Demand | Stopped] -- C:\Program Files

hpg3 · November 8, 2016

(x86)\Garmin\Device Interaction Service\GarminService.exe -- (Garmin Device Interaction Service)

SRV - [2016/10/21 19:02:44 | 000,082,128 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)

SRV - [2016/09/23 21:23:21 | 000,289,080 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Security\Engine\22.8.0.50\NS.exe -- (NS)

SRV - [2015/02/18 19:11:32 | 000,315,488 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)

SRV - [2014/10/08 17:18:56 | 000,211,104 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)

SRV - [2014/10/08 17:18:50 | 000,534,184 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)

SRV - [2014/04/11 22:08:08 | 000,103,608 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2014/03/20 17:49:18 | 000,067,224 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

SRV - [2013/08/10 13:56:09 | 000,013,720 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Citrix\GoToAssist\896\g2aservice.exe -- (GoToAssist)

SRV - [2010/08/20 18:53:08 | 000,689,472 | ---- | M] (SoftThinks SAS) [Auto | Running] -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe -- (SftService)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2016/10/17 15:05:15 | 000,100,592 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)

DRV:64bit: - [2016/09/23 12:05:27 | 000,567,512 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\SysNative\drivers\NSx64\1608000.032\symnets.sys -- (SymNetS)

DRV:64bit: - [2016/09/23 12:04:19 | 001,628,888 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\SysNative\drivers\NSx64\1608000.032\symefasi64.sys -- (SymEFASI)

DRV:64bit: - [2016/09/23 12:00:16 | 000,289,520 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\SysNative\drivers\NSx64\1608000.032\ironx64.sys -- (SymIRON)

DRV:64bit: - [2016/09/23 11:59:13 | 000,784,624 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\NSx64\1608000.032\srtsp64.sys -- (SRTSP)

DRV:64bit: - [2016/09/23 11:59:13 | 000,049,400 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\SysNative\drivers\NSx64\1608000.032\srtspx64.sys -- (SRTSPX)

DRV:64bit: - [2016/06/01 22:34:17 | 000,174,328 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\SysNative\drivers\NSx64\1608000.032\ccsetx64.sys -- (ccSet_NS)

DRV:64bit: - [2014/10/08 17:18:54 | 000,273,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\Sftplaylh.sys -- (Sftplay)

DRV:64bit: - [2014/10/08 17:18:54 | 000,029,352 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\Sftredirlh.sys -- (Sftredir)

DRV:64bit: - [2014/10/08 17:18:54 | 000,023,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\Sftvollh.sys -- (Sftvol)

DRV:64bit: - [2014/10/08 17:18:50 | 000,766,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\Sftfslh.sys -- (Sftfs)

DRV:64bit: - [2013/03/31 17:32:04 | 000,082,600 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\amd_sata.sys -- (amd_sata)

DRV:64bit: - [2013/03/31 17:32:04 | 000,042,664 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\amd_xata.sys -- (amd_xata)

DRV:64bit: - [2012/07/26 07:32:08 | 000,307,968 | ---- | M] (D-vitec) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\dvitdcnt.sys -- (D-Vitec)

DRV:64bit: - [2012/07/26 00:32:22 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)

DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)

DRV:64bit: - [2011/04/20 01:44:50 | 009,319,936 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\atikmdag.sys -- (atikmdag)

DRV:64bit: - [2011/04/20 01:44:50 | 009,319,936 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\atikmdag.sys -- (amdkmdag)

DRV:64bit: - [2011/04/20 00:22:34 | 000,306,176 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\atikmpag.sys -- (amdkmdap)

DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2010/11/20 04:33:36 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2010/11/20 02:07:06 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV:64bit: - [2010/11/11 00:11:52 | 000,141,384 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\sscdserd.sys -- (sscdserd)

hpg3 · November 8, 2016

DRV:64bit: - [2010/11/11 00:11:50 | 000,172,104 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\sscdmdm.sys -- (sscdmdm)

DRV:64bit: - [2010/11/11 00:11:50 | 000,136,264 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\sscdbus.sys -- (sscdbus)

DRV:64bit: - [2010/11/11 00:11:50 | 000,019,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\sscdmdfl.sys -- (sscdmdfl)

DRV:64bit: - [2010/09/06 16:26:36 | 000,265,728 | ---- | M] (AVEO Corp) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\AVEOdcnt.sys -- (AVEO)

DRV:64bit: - [2009/10/01 01:34:30 | 000,121,872 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)

DRV:64bit: - [2009/08/06 07:43:58 | 000,320,040 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\k57nd60a.sys -- (k57nd60a)

DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009/07/09 03:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)

DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV:64bit: - [2009/05/05 13:00:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\AtiPcie.sys -- (AtiPcie)

DRV:64bit: - [2008/11/11 12:42:00 | 000,033,792 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\lgx64modem.sys -- (USBModem)

DRV:64bit: - [2008/11/11 12:42:00 | 000,027,136 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\lgx64diag.sys -- (UsbDiag)

DRV:64bit: - [2008/11/11 12:42:00 | 000,017,920 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\lgx64bus.sys -- (usbbus)

DRV:64bit: - [2006/11/01 12:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\WimFltr.sys -- (WimFltr)

DRV - [2016/10/28 15:01:01 | 001,012,952 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Norton Security\NortonData\22.5.0.124\Definitions\IPSDefs\20161107.001\IDSviA64.sys -- (IDSVia64)

DRV - [2016/10/04 13:16:01 | 000,497,368 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)

DRV - [2016/10/04 13:16:01 | 000,156,888 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)

DRV - [2016/09/07 15:26:54 | 001,854,712 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Norton Security\NortonData\22.5.0.124\Definitions\BASHDefs\20161102.001\BHDrvx64.sys -- (BHDrvx64)

DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}

IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE:64bit: - HKLM\..\SearchScopes\{EDDB42BC-9E18-4D95-AB9B-8FD2B15B5CD9}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKLM\..\SearchScopes\{5FDFB204-9CF0-46DE-B287-BEBCE2D873E3}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox

IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =

hpg3 · November 8, 2016

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-16268802-1566341955-461656969-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/

IE - HKU\S-1-5-21-16268802-1566341955-461656969-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US

IE - HKU\S-1-5-21-16268802-1566341955-461656969-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 72 04 50 5B 81 ED D0 01 [binary data]

IE - HKU\S-1-5-21-16268802-1566341955-461656969-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page_TIMESTAMP = E7 B4 BE 08 CB 95 D1 01 [binary data]

IE - HKU\S-1-5-21-16268802-1566341955-461656969-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SyncHomePage Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy = Reg Error: Value error.

IE - HKU\S-1-5-21-16268802-1566341955-461656969-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\S-1-5-21-16268802-1566341955-461656969-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02

IE - HKU\S-1-5-21-16268802-1566341955-461656969-1000\..\SearchScopes\{260231E7-2071-4156-A136-BA08B5892000}: "URL" = https://search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default

IE - HKU\S-1-5-21-16268802-1566341955-461656969-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKU\S-1-5-21-16268802-1566341955-461656969-1000\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = https://nortonsafe.search.ask.com/web?q={searchTerms}&o=APN11913&l=dis&prt=NS&chn=1000&geo=US&ver=22&locale=en_US&guid=F3289CFD-94B3-4714-9D33-050C22617C52&doi=2016-09-01&gct=kwd&qsrc=2869

IE - HKU\S-1-5-21-16268802-1566341955-461656969-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-16268802-1566341955-461656969-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_23_0_0_205.dll File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=11.111.2: C:\Program Files\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=11.111.2: C:\Program Files\Java\jre1.8.0_111\bin\plugin2\npjp2.dll (Oracle Corporation)

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_23_0_0_205.dll ()

FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files (x86)\Canon\ZoomBrowser EX\Program\NPCIG.dll (CANON INC.)

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=11.111.2: C:\Program Files (x86)\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=11.111.2: C:\Program Files (x86)\Java\jre1.8.0_111\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{C1A2A613-35F1-4FCF-B27F-2840527B6556}: C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.5.0.124\COFFADDON\ [2016/10/17 18:06:24 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{C1A2A613-35F1-4FCF-B27F-2840527B6556}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.5.0.124\coFFAddon\ [2016/10/17 18:06:24 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\McAfee\MSK

[2014/07/05 12:56:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Howard\AppData\Roaming\Mozilla\Extensions

hpg3 · November 8, 2016

========== Chrome ==========

CHR - Extension: No name found = C:\Users\Howard\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\

CHR - Extension: No name found = C:\Users\Howard\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\

CHR - Extension: No name found = C:\Users\Howard\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\

CHR - Extension: No name found = C:\Users\Howard\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd\15.1120.0.4_0\

CHR - Extension: No name found = C:\Users\Howard\AppData\Local\Google\Chrome\User Data\Default\Extensions\ccnfinpfichedahfpkjopilbkingahem\2.0.0.28_0\

CHR - Extension: No name found = C:\Users\Howard\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe\2015.7.1.12_0\

CHR - Extension: No name found = C:\Users\Howard\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.60_0\

CHR - Extension: No name found = C:\Users\Howard\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehehgijaidopomcfpkigakimeoglkjpa\2.0.1.28_0\

CHR - Extension: No name found = C:\Users\Howard\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehngjfcoagpidhngidmiiomeakpampjh\1.0.0.8_0\

CHR - Extension: No name found = C:\Users\Howard\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkkcgfbgohboipdhliafmacjnhjbhmim\0.0.0.6_0\

CHR - Extension: No name found = C:\Users\Howard\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_0\

CHR - Extension: No name found = C:\Users\Howard\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif\1.0.5_0\

CHR - Extension: No name found = C:\Users\Howard\AppData\Local\Google\Chrome\User Data\Default\Extensions\jninklaodadoeedinndhhlcflpmagfhd\1.27_0\

CHR - Extension: No name found = C:\Users\Howard\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\8.5.0.9167_0\

CHR - Extension: No name found = C:\Users\Howard\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\

CHR - Extension: No name found = C:\Users\Howard\AppData\Local\Google\Chrome\User Data\Default\Extensions\omenbmgpkbkmloombbdefdpfcclpcjdk\1.0.0_0\

CHR - Extension: No name found = C:\Users\Howard\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\

CHR - Extension: No name found = C:\Users\Howard\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5316.725.0.15_1\

O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\WINDOWS\SysNative\drivers\etc\hosts

O2:64bit: - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security\Engine64\22.8.0.50\coieplg.dll (Symantec Corporation)

O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_111\bin\ssv.dll (Oracle Corporation)

O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_111\bin\jp2ssv.dll (Oracle Corporation)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security\Engine\22.8.0.50\coIEPlg.dll (Symantec Corporation)

O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_111\bin\ssv.dll (Oracle Corporation)

O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_111\bin\jp2ssv.dll (Oracle Corporation)

O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O3:64bit: - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security\Engine64\22.8.0.50\coieplg.dll (Symantec Corporation)

O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security\Engine\22.8.0.50\coIEPlg.dll (Symantec Corporation)

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3:64bit: - HKU\S-1-5-21-16268802-1566341955-461656969-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O3:64bit: - HKU\S-1-5-21-16268802-1566341955-461656969-1000\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security\Engine64\22.8.0.50\coieplg.dll (Symantec Corporation)

O3 - HKU\S-1-5-21-16268802-1566341955-461656969-1000\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security\Engine\22.8.0.50\coIEPlg.dll (Symantec Corporation)

hpg3 · November 8, 2016

O4 - HKLM..\Run: [] File not found

O4 - HKU\.DEFAULT..\Run: [GarminExpressTrayApp] C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe (Garmin Ltd. or its subsidiaries)

O4 - HKU\S-1-5-18..\Run: [GarminExpressTrayApp] C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe (Garmin Ltd. or its subsidiaries)

O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-21-16268802-1566341955-461656969-1000..\Run: [IncrediMail] C:\Program Files (x86)\IncrediMail\bin\IncMail.exe (IncrediMail, Ltd.)

O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found

O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O9:64bit: - Extra Button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print\SmartPrintSetup.exe (Hewlett-Packard)

O9:64bit: - Extra 'Tools' menuitem : HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print\SmartPrintSetup.exe (Hewlett-Packard)

O9 - Extra Button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print\SmartPrintSetup.exe (Hewlett-Packard)

O9 - Extra 'Tools' menuitem : HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print\SmartPrintSetup.exe (Hewlett-Packard)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

O1364bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://oas.support.microsoft.com/ActiveX/MSDcode.cab (Microsoft Data Collection Control)

O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://www.pcpitstop.com/betapit/PCPitStop.CAB (PCPitstop Utility)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O16 - DPF: Garmin Communicator Plug-In https://static.garmincdn.com/gcp/ie/4.2.0.0/GarminAxControl_32.CAB (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A41C7912-4B27-4591-BBB2-02F2998AF13A}: DhcpNameServer = 192.168.1.1

O18:64bit: - Protocol\Handler\belarc - No CLSID value found

O18:64bit: - Protocol\Handler\livecall - No CLSID value found

O18:64bit: - Protocol\Handler\msnim - No CLSID value found

O18:64bit: - Protocol\Handler\skype4com - No CLSID value found

O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found

O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll (Belarc, Inc.)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\WINDOWS\SysNative\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)

O20:64bit: - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files (x86)\Citrix\GoToAssist\896\G2AWinLogon_x64.dll) - C:\Program Files (x86)\Citrix\GoToAssist\896\g2awinlogon_x64.dll (Citrix Online, a division of Citrix Systems, Inc.)

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2011/08/04 18:13:52 | 000,000,110 | -H-- | M] () - J:\autorun.inf -- [ FAT32 ]

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2016/11/08 10:53:11 | 000,192,216 | ---- | C] (Malwarebytes) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys

[2016/11/08 10:53:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

[2016/11/08 10:52:59 | 000,140,672 | ---- | C] (Malwarebytes) -- C:\Windows\SysNative\drivers\mbamchameleon.sys

[2016/11/08 10:52:59 | 000,064,896 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mwac.sys

[2016/11/08 10:52:59 | 000,027,008 | ---- | C] (Malwarebytes) -- C:\Windows\SysNative\drivers\mbam.sys

hpg3 · November 8, 2016

[2016/11/08 10:52:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes Anti-Malware

[2016/10/31 20:04:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth

[2016/10/24 17:55:48 | 000,142,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\poqexec.exe

[2016/10/24 17:55:48 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\poqexec.exe

[2016/10/22 17:22:31 | 000,110,144 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-64.dll

[2016/10/22 17:22:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java

[2016/10/16 14:04:07 | 000,000,000 | ---D | C] -- C:\Users\Howard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2016/11/08 15:42:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2016/11/08 15:06:18 | 000,022,464 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2016/11/08 15:06:18 | 000,022,464 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2016/11/08 15:05:25 | 000,783,424 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2016/11/08 15:05:25 | 000,662,836 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2016/11/08 15:05:25 | 000,122,446 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2016/11/08 15:03:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2016/11/08 14:58:17 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2016/11/08 14:58:08 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2016/11/08 14:58:02 | 334,737,407 | -HS- | M] () -- C:\hiberfil.sys

[2016/11/08 11:20:34 | 000,192,216 | ---- | M] (Malwarebytes) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys

[2016/11/08 10:53:03 | 000,001,100 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2016/11/08 09:05:45 | 000,415,603 | ---- | M] () -- C:\Windows\SysNative\drivers\NSx64\1608000.032\VT20161108.005

[2016/11/06 10:30:58 | 000,001,284 | ---- | M] () -- C:\Users\Howard\Desktop\Norton Installation Files.lnk

[2016/11/05 09:59:31 | 000,007,605 | ---- | M] () -- C:\Users\Howard\AppData\Local\Resmon.ResmonCfg

[2016/11/03 18:05:13 | 000,002,185 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk

[2016/10/31 20:04:51 | 000,002,146 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk

[2016/10/26 16:42:15 | 000,796,352 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe

[2016/10/26 16:42:15 | 000,142,528 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

[2016/10/24 18:20:00 | 002,291,393 | ---- | M] () -- C:\Windows\SysNative\drivers\NSx64\1608000.032\Cat.DB

[2016/10/24 13:56:27 | 000,410,638 | ---- | M] () -- C:\Windows\SysNative\drivers\NSx64\1608000.032\VT20161024.005

[2016/10/22 17:21:39 | 000,110,144 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-64.dll

[2016/10/22 17:21:39 | 000,110,144 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\WindowsAccessBridge-64.dll

[2016/10/22 17:20:58 | 000,097,856 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll

[2016/10/22 16:27:04 | 000,370,191 | ---- | M] () -- C:\Users\Howard\Documents\Scan.pdf

[2016/10/18 06:16:22 | 000,410,638 | ---- | M] () -- C:\Windows\SysNative\drivers\NSx64\1608000.032\VT20161018.006

[2016/10/17 18:12:36 | 000,157,329 | ---- | M] () -- C:\Users\Howard\Documents\Scan0002.pdf

[2016/10/17 18:07:39 | 000,156,709 | ---- | M] () -- C:\Users\Howard\Documents\Scan0001.pdf

[2016/10/17 18:05:49 | 000,002,294 | ---- | M] () -- C:\Users\Public\Desktop\Norton Security.lnk

[2016/10/17 15:05:15 | 000,100,592 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS

[2016/10/17 15:05:15 | 000,008,319 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT

[2016/10/17 15:05:15 | 000,000,854 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2016/11/08 10:53:03 | 000,001,100 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2016/11/06 10:30:58 | 000,001,284 | ---- | C] () -- C:\Users\Howard\Desktop\Norton Installation Files.lnk

[2016/10/31 20:04:51 | 000,002,146 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk

[2016/10/22 16:27:03 | 000,370,191 | ---- | C] () -- C:\Users\Howard\Documents\Scan.pdf

[2016/10/17 18:12:36 | 000,157,329 | ---- | C] () -- C:\Users\Howard\Documents\Scan0002.pdf

[2016/10/17 18:07:39 | 000,156,709 | ---- | C] () -- C:\Users\Howard\Documents\Scan0001.pdf

[2015/07/24 12:05:10 | 000,312,320 | ---- | C] () -- C:\Users\Howard\Calender Kitchen 2.bcc

[2015/02/28 14:21:05 | 000,000,288 | ---- | C] () -- C:\Users\Howard\AppData\Roaming\.backup.dm

[2015/02/05 16:29:53 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\MFC_InstDrvDLL.dll

[2014/12/21 13:13:23 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini

[2014/01/02 18:30:27 | 000,007,605 | ---- | C] () -- C:\Users\Howard\AppData\Local\Resmon.ResmonCfg

[2013/08/10 13:55:58 | 000,103,832 | ---- | C] () -- C:\Users\Howard\GoToAssistDownloadHelper.exe

[2013/08/10 13:15:07 | 000,005,632 | ---- | C] () -- C:\Users\Howard\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== ZeroAccess Check ==========

[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

hpg3 · November 8, 2016

This is all I need a drink

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

"" = C:\WINDOWS\SysNative\shell32.dll -- [2015/08/06 13:04:07 | 014,176,768 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2015/08/06 12:44:51 | 012,875,776 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64

"" = C:\WINDOWS\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 03:19:04 | 000,606,208 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64

"" = C:\WINDOWS\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:373E1720

< End of report >

flashh4 · November 8, 2016

Ok .... now we are getting somewhere !! I can work with this !!

Be back with a OTL fix shortly !

hpg3 · November 8, 2016

The CPU usage seem better, it's only bouncing around 50 and not up to 100

flashh4 · November 8, 2016

Sorry but i have to read threw every thing to type a fix !!

I need you to remove this Program in the Control Panel first thing >>> PCPitstop Utility

We need to Run an OTL fix !!
Warning This fix is only relevant for this system and no other, using on another computer may cause problems.

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

* Double-click OTL.exe to start the program. This is the OTL program i had you download !!!
* Copy and Paste the following code into the text box of the OTL tool/program ! Start with and include the colon plus :OTL
Copy everthing in RED and Paste into the box in the OTL program !! Pic of where to Paste fix then click Run >>> http://smg.photobucket.com/user/flashh4/media/Paste OTL script here.png.html

:OTL
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE:64bit: - HKLM\..\SearchScopes\{EDDB42BC-9E18-4D95-AB9B-8FD2B15B5CD9}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{5FDFB204-9CF0-46DE-B287-BEBCE2D873E3}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-16268802-1566341955-461656969-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-16268802-1566341955-461656969-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02
IE - HKU\S-1-5-21-16268802-1566341955-461656969-1000\..\SearchScopes\{260231E7-2071-4156-A136-BA08B5892000}: "URL" = https://search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
IE - HKU\S-1-5-21-16268802-1566341955-461656969-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\S-1-5-21-16268802-1566341955-461656969-1000\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = https://nortonsafe.search.ask.com/web?q={searchTerms}&o=APN11913&l=dis&prt=NS&chn=1000&geo=US&ver=22&locale=en_US&guid=F3289CFD-94B3-4714-9D33-050C22617C52&doi=2016-09-01&gct=kwd&qsrc=2869
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_23_0_0_205.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
[2014/07/05 12:56:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Howard\AppData\Roaming\Mozilla\Extensions
CHR - Extension: No name found = C:\Users\Howard\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\
CHR - Extension: No name found = C:\Users\Howard\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\
CHR - Extension: No name found = C:\Users\Howard\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\
CHR - Extension: No name found = C:\Users\Howard\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd\15.1120.0.4_0\
CHR - Extension: No name found = C:\Users\Howard\AppData\Local\Google\Chrome\User Data\Default\Extensions\ccnfinpfichedahfpkjopilbkingahem\2.0.0.28_0\
CHR - Extension: No name found = C:\Users\Howard\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe\2015.7.1.12_0\
CHR - Extension: No name found = C:\Users\Howard\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.60_0\
CHR - Extension: No name found = C:\Users\Howard\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehehgijaidopomcfpkigakimeoglkjpa\2.0.1.28_0\
CHR - Extension: No name found = C:\Users\Howard\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehngjfcoagpidhngidmiiomeakpampjh\1.0.0.8_0\
CHR - Extension: No name found = C:\Users\Howard\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkkcgfbgohboipdhliafmacjnhjbhmim\0.0.0.6_0\
CHR - Extension: No name found = C:\Users\Howard\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_0\
CHR - Extension: No name found = C:\Users\Howard\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif\1.0.5_0\
CHR - Extension: No name found = C:\Users\Howard\AppData\Local\Google\Chrome\User Data\Default\Extensions\jninklaodadoeedinndhhlcflpmagfhd\1.27_0\
CHR - Extension: No name found = C:\Users\Howard\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\8.5.0.9167_0\
CHR - Extension: No name found = C:\Users\Howard\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\
CHR - Extension: No name found = C:\Users\Howard\AppData\Local\Google\Chrome\User Data\Default\Extensions\omenbmgpkbkmloombbdefdpfcclpcjdk\1.0.0_0\
CHR - Extension: No name found = C:\Users\Howard\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\
CHR - Extension: No name found = C:\Users\Howard\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5316.725.0.15_1\
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O18:64bit: - Protocol\Handler\belarc - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:373E1720

:Commands

[emptyjava]
[emptyflash]
[EMPTYTEMP]
[RESETHOSTS]
[CREATERESTOREPOINT]
[Reboot]

# Then click the Run Fix button at the top.
# Click http://img.photobucket.com/albums/v317/flashh4/btnOK.png[/IMG]
# Please post the contents of the fix log file back here if you are prompted to open the file. It can also be found at C:\_OTL\Moved Files as MMDDYYY_HHMMSS.log where MMDDYYY is date format and HHMMSS is time format.
Remember to enable your real time protection.

Post me the return log when you get it !

Thanks

Chuck

hpg3 · November 8, 2016

Chuck, this is very confusing, you want me to delete Pitstop utility what is We need to Run an OTL fix !!

flashh4 · November 8, 2016

Yes remove the Pitstop utility .......... Open the OTL Icon ....... Copy everthing in RED and Paste into the box in the OTL program !! Pic of where to Paste fix then click Run >>>http://smg.photobucket.com/user/flashh4/media/Paste OTL script here.png.html

hpg3 · November 8, 2016

I went into the control panel and programs and features. I don't see pitstop utility in the list the other part is confusing, I don't understand what to do.

flashh4 · November 8, 2016

Ok this is a Picture of the OTL program i had you download & run .... find it , let me know when you do ? >>>>>> http://smg.photobucket.com/user/flashh4/media/Paste OTL script here.png.html

hpg3 · November 8, 2016

OK I still have the icon up. so copy all of the red and paste it in the box. what about the pitstop utility

flashh4 · November 8, 2016

Yes copy all that is in RED: .................... Yes i want you to remove/uninstall the PITSTOP UTILITY !!

Copy this below:

:OTL
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE:64bit: - HKLM\..\SearchScopes\{EDDB42BC-9E18-4D95-AB9B-8FD2B15B5CD9}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{5FDFB204-9CF0-46DE-B287-BEBCE2D873E3}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-16268802-1566341955-461656969-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-16268802-1566341955-461656969-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02
IE - HKU\S-1-5-21-16268802-1566341955-461656969-1000\..\SearchScopes\{260231E7-2071-4156-A136-BA08B5892000}: "URL" = https://search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
IE - HKU\S-1-5-21-16268802-1566341955-461656969-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\S-1-5-21-16268802-1566341955-461656969-1000\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = https://nortonsafe.search.ask.com/web?q={searchTerms}&o=APN11913&l=dis&prt=NS&chn=1000&geo=US&ver=22&locale=en_US&guid=F3289CFD-94B3-4714-9D33-050C22617C52&doi=2016-09-01&gct=kwd&qsrc=2869
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_23_0_0_205.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
[2014/07/05 12:56:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Howard\AppData\Roaming\Mozilla\Extensions
CHR - Extension: No name found = C:\Users\Howard\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\
CHR - Extension: No name found = C:\Users\Howard\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\
CHR - Extension: No name found = C:\Users\Howard\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\
CHR - Extension: No name found = C:\Users\Howard\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd\15.1120.0.4_0\
CHR - Extension: No name found = C:\Users\Howard\AppData\Local\Google\Chrome\User Data\Default\Extensions\ccnfinpfichedahfpkjopilbkingahem\2.0.0.28_0\
CHR - Extension: No name found = C:\Users\Howard\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe\2015.7.1.12_0\
CHR - Extension: No name found = C:\Users\Howard\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.60_0\
CHR - Extension: No name found = C:\Users\Howard\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehehgijaidopomcfpkigakimeoglkjpa\2.0.1.28_0\
CHR - Extension: No name found = C:\Users\Howard\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehngjfcoagpidhngidmiiomeakpampjh\1.0.0.8_0\
CHR - Extension: No name found = C:\Users\Howard\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkkcgfbgohboipdhliafmacjnhjbhmim\0.0.0.6_0\
CHR - Extension: No name found = C:\Users\Howard\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_0\
CHR - Extension: No name found = C:\Users\Howard\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif\1.0.5_0\
CHR - Extension: No name found = C:\Users\Howard\AppData\Local\Google\Chrome\User Data\Default\Extensions\jninklaodadoeedinndhhlcflpmagfhd\1.27_0\
CHR - Extension: No name found = C:\Users\Howard\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\8.5.0.9167_0\
CHR - Extension: No name found = C:\Users\Howard\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\
CHR - Extension: No name found = C:\Users\Howard\AppData\Local\Google\Chrome\User Data\Default\Extensions\omenbmgpkbkmloombbdefdpfcclpcjdk\1.0.0_0\
CHR - Extension: No name found = C:\Users\Howard\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\
CHR - Extension: No name found = C:\Users\Howard\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5316.725.0.15_1\
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O18:64bit: - Protocol\Handler\belarc - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:373E1720

:Commands

[emptyjava]
[emptyflash]
[EMPTYTEMP]
[RESETHOSTS]
[CREATERESTOREPOINT]
[Reboot]

Then PASTE it into the box that i posted a picture of with arrow pointing to. Then click the RUN FIX button !!!

hpg3 · November 8, 2016

I did the paste, but what about the pitstop it's not on the list

flashh4 · November 8, 2016

Nope that is altogether different .... just for get it for now and run the fix !!

hpg3 · November 9, 2016

OMG that was scary, it open and there was a large file but I think I deleted it by mistake

flashh4 · November 9, 2016

Look on your desk top , is it there ? or in your task bar ?

CPU Running slow

Recommended Posts

Link to post

Share on other sites

Top Posters In This Topic

Popular Days

Top Posters In This Topic

Popular Days

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites