Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Laptop running slow, possible virus

Started by psjbob , Jul 24 2018 12:47 PM

  • Please log in to reply

#1
psjbob
Posted 24 July 2018 - 12:47 PM

psjbob

    Member

  • Member
  • PipPip
  • 19 posts

Laptop was purchased black Friday 2017 for Xmas present and is rarely used. When it is used it seems to run really slow. We use it for email, social media and tax purposes earlier this year because our previous one died. The computer is pretty much the same way it was as new other than CCleaner I recently put on to clean it up to see if it would speed up some.

 

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 21.07.2018
Ran by eviei (administrator) on LAPTOP-VCBMR6EO (24-07-2018 14:30:29)
Running from C:\Users\eviei\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads
Loaded Profiles: eviei (Available Profiles: eviei)
Platform: Windows 10 Home Version 1709 16299.248 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(McAfee LLC) C:\Program Files\Common Files\mcafee\SystemCore\mfemms.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\PEF\CORE\PEFService.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\modulecore\ModuleCoreService.exe
(Intel Corporation) C:\Windows\SysWOW64\esif_uf.exe
(HP Inc.) C:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe
(McAfee LLC) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\MMSSHost\MMSSHOST.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(McAfee LLC) C:\Windows\System32\mfevtps.exe
(HP Inc.) C:\Program Files\HP\HP Orbit Service\HPOrbitService.exe
(McAfee, Inc.) C:\Program Files\mcafee\MfeAV\MfeAVSvc.exe
(McAfee LLC) C:\Program Files\Common Files\mcafee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\VSCore_15_8\mcapexe.exe
(McAfee LLC.) C:\Program Files\Common Files\mcafee\amcore\mcshield.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\csp\2.7.371.0\McCSPServiceHost.exe
(HP Inc.) C:\Program Files\HPCommRecovery\HPCommRecovery.exe
(HP Inc.) C:\Program Files (x86)\HP\HP JumpStart Bridge\HPJumpStartBridge.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\TXE Components\DAL\jhi_service.exe
(McAfee, Inc.) C:\Program Files\mcafee\vul\McVulCtr.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1806.18062-0\MsMpEng.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1806.18062-0\NisSrv.exe
() C:\Program Files (x86)\HP\HP JumpStart Launch\HPJumpStartLaunch.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\Temp\DPTF\esif_assist_64.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\platform\McUICnt.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(HP Inc.) C:\Program Files (x86)\HP\HPAudioSwitch\HPAudioSwitch.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\modulecore\ModuleCoreService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 6500 E710n-z\Bin\ScanToPCActivationApp.exe
(HP) C:\Program Files (x86)\HP\HP Wireless Button Driver\HPRadioMgr64.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Apple, Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\secd.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1811.248.1000_x64__kzf8qxf38zg5c\SkypeHost.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
() C:\Windows\System32\Windows.WARP.JITService.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [630168 2017-09-29] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9216000 2017-04-13] (Realtek Semiconductor)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [297272 2017-12-11] (Apple Inc.)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe [705784 2016-06-20] (HP Inc.)
HKLM-x32\...\Run: [HPRadioMgr] => C:\Program Files (x86)\HP\HP Wireless Button Driver\HPRadioMgr64.exe [324488 2016-08-02] (HP)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-3252656029-1357310190-2560453275-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2017-12-08] (Apple Inc.)
HKU\S-1-5-21-3252656029-1357310190-2560453275-1001\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [110392 2017-12-08] (Apple Inc.)
HKU\S-1-5-21-3252656029-1357310190-2560453275-1001\...\Run: [iCloudPhotos] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe [356664 2017-12-08] (Apple Inc.)
HKU\S-1-5-21-3252656029-1357310190-2560453275-1001\...\Run: [HP Officejet 6500 E710n-z (NET)] => C:\Program Files\HP\HP Officejet 6500 E710n-z\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-3252656029-1357310190-2560453275-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [18385368 2018-06-24] (Piriform Ltd)
HKU\S-1-5-21-3252656029-1357310190-2560453275-1001\...\RunOnce: [Uninstall 18.091.0506.0007\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\eviei\AppData\Local\Microsoft\OneDrive\18.091.0506.0007\amd64"
HKU\S-1-5-21-3252656029-1357310190-2560453275-1001\...\RunOnce: [Uninstall 18.091.0506.0007] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\eviei\AppData\Local\Microsoft\OneDrive\18.091.0506.0007"
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{d7c83393-01ff-488e-b4c7-ce4733f24f2d}: [DhcpNameServer] 192.168.1.254
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp17win10.msn.com/?pc=HCTE
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp17win10.msn.com/?pc=HCTE
HKU\S-1-5-21-3252656029-1357310190-2560453275-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp17win10.msn.com/?pc=HCTE
HKU\S-1-5-21-3252656029-1357310190-2560453275-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp17win10.msn.com/?pc=HCTE
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2018-07-24] (Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2016-12-07] (HP Inc.)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2016-12-07] (HP Inc.)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-07-14] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-07-14] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-07-14] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-07-14] (Microsoft Corporation)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll [2018-01-25] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll [2018-01-25] (McAfee, Inc.)
FireFox:
========
FF DefaultProfile: l7f6zkd0.default
FF ProfilePath: C:\Users\eviei\AppData\Roaming\Mozilla\Firefox\Profiles\l7f6zkd0.default [2018-07-17]
FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\McAfee\MSK
FF Extension: (McAfee Anti-Spam Thunderbird Extension) - C:\Program Files\McAfee\MSK [2018-03-20] [Legacy] [not signed]
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2018-01-25] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.56 -> C:\Program Files (x86)\Intel\TXE Components\IPT\npIntelWebAPIIPT.dll [2014-07-02] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\TXE Components\IPT\npIntelWebAPIUpdater.dll [2014-07-02] (Intel Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2018-01-25] ()
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2018-03-20] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-07-14] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-07-14] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll [2018-01-08] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-05-10] (Adobe Systems Inc.)
Chrome:
=======
CHR Profile: C:\Users\eviei\AppData\Local\Google\Chrome\User Data\Default [2018-07-17]
CHR Extension: (Slides) - C:\Users\eviei\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-07-14]
CHR Extension: (Docs) - C:\Users\eviei\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-07-14]
CHR Extension: (Google Drive) - C:\Users\eviei\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-07-14]
CHR Extension: (YouTube) - C:\Users\eviei\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-07-14]
CHR Extension: (Sheets) - C:\Users\eviei\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-07-14]
CHR Extension: (Google Docs Offline) - C:\Users\eviei\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-07-17]
CHR Extension: (Chrome Web Store Payments) - C:\Users\eviei\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-07-14]
CHR Extension: (Gmail) - C:\Users\eviei\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-07-14]
CHR Extension: (Chrome Media Router) - C:\Users\eviei\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-07-14]
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-11-27] (Apple Inc.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [8765104 2018-07-13] (Microsoft Corporation)
S3 ClientAnalyticsService; C:\Program Files\Common Files\McAfee\ClientAnalytics\Legacy\McClientAnalytics.exe [1511728 2017-09-21] (McAfee, Inc.)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-11-24] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-11-24] (Dropbox, Inc.)
R2 esifsvc; C:\WINDOWS\SysWOW64\esif_uf.exe [1419424 2017-03-28] (Intel Corporation)
R2 HP Comm Recover; C:\Program Files\HPCommRecovery\HPCommRecovery.exe [1309184 2016-10-07] (HP Inc.) [File not signed]
R2 HP Orbit Service; C:\Program Files\HP\HP Orbit Service\HPOrbitService.exe [3394072 2017-03-01] (HP Inc.)
R2 HPJumpStartBridge; c:\Program Files (x86)\HP\HP JumpStart Bridge\HPJumpStartBridge.exe [471040 2017-04-03] (HP Inc.)
S3 hpqcaslwmiex; C:\Program Files (x86)\HP\Shared\hpqwmiex.exe [1031704 2016-06-04] (HP)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [332144 2017-11-21] (HP Inc.)
R2 HPWMISVC; c:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe [631800 2016-06-20] (HP Inc.)
R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [356336 2017-03-28] (Intel Corporation)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [887784 2015-09-03] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\TXE Components\DAL\jhi_service.exe [174368 2015-04-21] (Intel Corporation)
R2 McAPExe; C:\Program Files\Common Files\McAfee\VSCore_15_8\McApExe.exe [728296 2018-01-31] (McAfee, Inc.)
S3 McAWFwk; C:\Program Files\Common Files\mcafee\actwiz\McAWFwk.exe [454560 2016-11-15] (McAfee, Inc.)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\2.7.371.0\\McCSPServiceHost.exe [2140888 2017-12-14] (McAfee, Inc.)
S3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [359888 2018-01-26] (McAfee LLC)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe [512976 2018-01-26] (McAfee LLC)
R3 mfevtp; C:\windows\system32\mfevtps.exe [475600 2018-01-26] (McAfee LLC)
R2 ModuleCoreService; C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe [1666224 2017-12-19] (McAfee, Inc.)
R2 PEFService; C:\Program Files\Common Files\McAfee\PEF\CORE\PEFService.exe [1045360 2018-01-30] (McAfee, Inc.)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [324608 2017-04-13] (Realtek Semiconductor)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [278616 2017-08-18] (Synaptics Incorporated)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1806.18062-0\NisSrv.exe [3925648 2018-07-17] (Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1806.18062-0\MsMpEng.exe [100080 2018-07-17] (Microsoft Corporation)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 cfwids; C:\WINDOWS\System32\drivers\cfwids.sys [77216 2018-01-31] (McAfee LLC)
R3 dptf_acpi; C:\WINDOWS\System32\drivers\dptf_acpi.sys [55792 2017-03-28] (Intel Corporation)
R3 dptf_cpu; C:\WINDOWS\System32\drivers\dptf_cpu.sys [52208 2017-03-28] (Intel Corporation)
R3 esif_lf; C:\WINDOWS\system32\DRIVERS\esif_lf.sys [260080 2017-03-28] (Intel Corporation)
S3 HipShieldK; C:\WINDOWS\System32\drivers\HipShieldK.sys [218336 2017-10-09] (McAfee, Inc.)
R3 igfxLP; C:\WINDOWS\system32\DRIVERS\igdkmd64lp.sys [7407064 2017-03-28] (Intel Corporation)
R3 mfeaack; C:\WINDOWS\System32\drivers\mfeaack.sys [496544 2018-01-31] (McAfee LLC)
R3 mfeavfk; C:\WINDOWS\System32\drivers\mfeavfk.sys [357792 2018-01-31] (McAfee LLC)
U3 mfeavfk01; no ImagePath
S0 mfeelamk; C:\WINDOWS\System32\drivers\mfeelamk.sys [83952 2018-01-31] (McAfee LLC)
R3 mfefirek; C:\WINDOWS\System32\drivers\mfefirek.sys [528288 2018-01-31] (McAfee LLC)
R0 mfehidk; C:\WINDOWS\System32\drivers\mfehidk.sys [948128 2018-01-31] (McAfee LLC)
R3 mfencbdc; C:\WINDOWS\System32\DRIVERS\mfencbdc.sys [521128 2017-11-21] (McAfee LLC.)
S3 mfencrk; C:\WINDOWS\System32\DRIVERS\mfencrk.sys [108464 2017-11-21] (McAfee LLC.)
R3 mfeplk; C:\WINDOWS\System32\drivers\mfeplk.sys [115104 2018-01-31] (McAfee LLC)
R0 mfewfpk; C:\WINDOWS\System32\drivers\mfewfpk.sys [252832 2018-01-31] (McAfee LLC)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [954368 2017-04-14] (Realtek )
S3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [420832 2017-04-27] (Realsil Semiconductor Corporation)
R3 RTWlanE; C:\WINDOWS\System32\drivers\rtwlane.sys [6895984 2017-08-18] (Realtek Semiconductor Corporation )
S3 SmbDrv; C:\WINDOWS\System32\drivers\Smb_driver_AMDASF.sys [60504 2017-04-28] (Synaptics Incorporated)
R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [55384 2017-08-18] (Synaptics Incorporated)
R3 TXEIx64; C:\WINDOWS\System32\drivers\TXEIx64.sys [146200 2015-10-15] (Intel Corporation)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [46592 2018-07-17] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [340008 2018-07-17] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [59944 2018-07-17] (Microsoft Corporation)
R3 WirelessButtonDriver64; C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys [30368 2017-06-21] (HP)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2018-07-24 14:29 - 2018-07-24 14:30 - 000000000 ____D C:\FRST
2018-07-24 14:26 - 2018-07-24 14:27 - 001388448 _____ C:\Users\Public\ASR.dat
2018-07-24 14:11 - 2018-07-24 14:11 - 000002442 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk
2018-07-24 14:11 - 2018-07-24 14:11 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools
2018-07-24 14:01 - 2018-07-24 14:01 - 000000000 ___HD C:\OneDriveTemp
2018-07-24 14:01 - 2018-07-24 14:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2018-07-17 16:50 - 2018-07-17 16:50 - 000003936 _____ C:\WINDOWS\System32\Tasks\CCleaner Update
2018-07-17 16:50 - 2018-07-17 16:50 - 000002870 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2018-07-17 16:50 - 2018-07-17 16:50 - 000000870 _____ C:\Users\Public\Desktop\CCleaner.lnk
2018-07-17 16:50 - 2018-07-17 16:50 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2018-07-17 16:50 - 2018-07-17 16:50 - 000000000 ____D C:\Program Files\CCleaner
2018-07-17 16:48 - 2018-07-17 16:49 - 015989160 _____ (Piriform Ltd) C:\Users\eviei\Downloads\ccsetup544.exe
2018-07-14 10:31 - 2018-07-14 10:31 - 000002384 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-07-14 10:31 - 2018-07-14 10:31 - 000002343 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-07-14 10:28 - 2018-07-14 10:28 - 000003418 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2018-07-14 10:28 - 2018-07-14 10:28 - 000003294 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2018-07-24 14:20 - 2017-09-29 09:46 - 000000000 ____D C:\WINDOWS\DeliveryOptimization
2018-07-24 14:16 - 2017-09-29 09:46 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-07-24 14:13 - 2017-09-29 09:46 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2018-07-24 14:12 - 2017-09-29 09:44 - 000000000 ____D C:\WINDOWS\INF
2018-07-24 14:11 - 2017-05-17 15:01 - 000002500 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word.lnk
2018-07-24 14:11 - 2017-05-17 15:01 - 000002499 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk
2018-07-24 14:11 - 2017-05-17 15:01 - 000002463 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access.lnk
2018-07-24 14:11 - 2017-05-17 15:01 - 000002462 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk
2018-07-24 14:11 - 2017-05-17 15:01 - 000002456 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook.lnk
2018-07-24 14:11 - 2017-05-17 15:01 - 000002450 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher.lnk
2018-07-24 14:09 - 2017-05-17 14:59 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2018-07-24 14:04 - 2018-01-06 17:05 - 000004168 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{9EFFB82A-7611-47E7-86AA-97C36493FDC0}
2018-07-24 14:01 - 2018-01-06 17:05 - 000003378 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3252656029-1357310190-2560453275-1001
2018-07-24 14:01 - 2017-11-25 13:31 - 000002374 _____ C:\Users\eviei\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2018-07-24 14:01 - 2017-11-25 13:31 - 000000000 __RDL C:\Users\eviei\OneDrive
2018-07-24 14:00 - 2017-09-29 09:46 - 000000000 ___HD C:\Program Files\WindowsApps
2018-07-24 13:58 - 2017-12-15 13:11 - 000000000 ___RD C:\Users\eviei\iCloudDrive
2018-07-24 13:55 - 2018-01-06 16:35 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-07-24 13:34 - 2017-11-25 06:06 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2018-07-24 13:34 - 2017-11-24 23:18 - 000000000 __SHD C:\Users\eviei\IntelGraphicsProfiles
2018-07-17 19:15 - 2017-12-04 11:07 - 000000000 ____D C:\WINDOWS\system32\MRT
2018-07-17 18:53 - 2018-06-08 12:51 - 000000000 ___HD C:\$WINDOWS.~BT
2018-07-17 18:53 - 2018-01-02 15:59 - 000000000 ___DC C:\WINDOWS\Panther
2018-07-17 18:53 - 2017-12-04 11:07 - 134675576 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2018-07-17 18:52 - 2018-03-29 13:24 - 000563832 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2018-07-17 18:42 - 2018-06-08 09:58 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2018-07-17 16:38 - 2017-09-29 09:37 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-07-14 10:55 - 2017-12-15 13:11 - 000000000 ____D C:\Users\eviei\Documents\Outlook Files
2018-07-14 10:54 - 2017-12-15 13:12 - 000000000 ____D C:\Users\eviei\AppData\Local\25BD9BF9-9D91-4D97-B838-DC3BB88CD26F.aplzod
2018-07-14 10:52 - 2017-05-17 15:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016 Tools
2018-07-14 10:31 - 2017-11-26 13:11 - 000000000 ____D C:\Users\eviei\AppData\Local\Google
2018-07-14 10:30 - 2017-11-26 13:11 - 000000000 ____D C:\Program Files (x86)\Google
2018-07-14 10:21 - 2018-01-06 17:05 - 000000000 ____D C:\WINDOWS\System32\Tasks\McAfee
2018-07-14 10:15 - 2017-07-10 18:32 - 000000000 ____D C:\Program Files (x86)\McAfee
==================== Files in the root of some directories =======
2018-07-24 14:26 - 2018-07-24 14:27 - 001388448 _____ () C:\Users\Public\ASR.dat
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2018-06-08 12:09
==================== End of FRST.txt ============================

 

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21.07.2018
Ran by eviei (24-07-2018 14:33:34)
Running from C:\Users\eviei\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads
Windows 10 Home Version 1709 16299.248 (X64) (2018-01-06 21:07:23)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================
Administrator (S-1-5-21-3252656029-1357310190-2560453275-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3252656029-1357310190-2560453275-503 - Limited - Disabled)
eviei (S-1-5-21-3252656029-1357310190-2560453275-1001 - Administrator - Enabled) => C:\Users\eviei
Guest (S-1-5-21-3252656029-1357310190-2560453275-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-3252656029-1357310190-2560453275-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)

==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.011.20040 - Adobe Systems Incorporated)
Apple Application Support (32-bit) (HKLM-x32\...\{D4C80B0C-CF67-43A7-90C3-466853543B54}) (Version: 6.3 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{B2A2E8AF-BC48-4191-B2C4-3846A19835CA}) (Version: 6.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BD6778C5-6FA5-492A-ADD6-E706339C2A7B}) (Version: 11.0.2.4 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{19589375-5C58-4AFA-842F-8B34744CCEAD}) (Version: 2.5.0.1 - Apple Inc.)
Barn Yarn Collector's Edition (HKLM-x32\...\WTA-0db591fa-a369-4dea-816e-d799d5db286b) (Version: 3.0.2.48 - WildTangent) Hidden
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.44 - Piriform)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.)
CyberLink Power Media Player 14 (HKLM-x32\...\{32C8E300-BDB4-4398-92C2-E9B7D8A233DB}) (Version: 14.0.6.7428 - CyberLink Corp.)
Dropbox 25 GB (HKLM-x32\...\{84D8451D-2ED6-3A59-ABA5-2A447F7C6310}) (Version: 4.1.2.0 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.75.1 - Dropbox, Inc.) Hidden
Energy Star (HKLM\...\{5CB22648-35F8-41BC-9C35-1E41FE6E12A5}) (Version: 1.1.1 - HP Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 67.0.3396.99 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
HP Audio Switch (HKLM-x32\...\{BC852AA8-58F6-4F07-ACB1-7377E52CA4F3}) (Version: 1.0.150.0 - HP Inc.)
HP Documentation (HKLM\...\HP_Documentation) (Version: 1.0.0.1 - HP Inc.)
HP ePrint SW (HKLM-x32\...\{54da9769-2364-4bd3-8139-6400500778b3}) (Version: 5.3.22034 - HP Inc.)
HP JumpStart Apps (HKLM-x32\...\HP JumpStart Apps) (Version: 7.0.21 - HP Inc.)
HP JumpStart Bridge (HKLM-x32\...\{23D5C1E8-0442-4D70-9280-927EF36657CB}) (Version: 1.1.0.378 - HP Inc.)
HP JumpStart Launch (HKLM-x32\...\{81CA40FD-E11B-4DC1-AE33-A71EB044B8B7}) (Version: 1.1.275.0 - HP Inc.)
HP Officejet 6500 E710n-z Basic Device Software (HKLM\...\{D79A5962-7305-41B9-A39E-A98AB598F372}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Officejet 6500 E710n-z Help (HKLM-x32\...\{130E5108-547F-4482-91EE-F45C784E08C7}) (Version: 140.0.2.2 - Hewlett Packard)
HP Officejet 6500 E710n-z Product Improvement Study (HKLM\...\{4207BD5E-6F51-4C57-BC86-A0EBE9088A30}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Orbit (HKLM-x32\...\{04ec2b32-255d-418f-b6ca-dec62b872f5d}) (Version: 1.3.60.240 - HP Inc.)
HP Support Assistant (HKLM-x32\...\{4780AF24-213D-4187-86F2-0014A6D6077B}) (Version: 8.5.37.19 - HP Inc.)
HP Support Solutions Framework (HKLM-x32\...\{00612F78-52C4-46C0-97F0-F50B6036B5E2}) (Version: 12.8.47.1 - HP Inc.)
HP Sure Connect (HKLM-x32\...\{6468C4A5-E47E-405F-B675-A70A70983EA6}) (Version: 1.0.0.29 - HP Inc.)
HP System Event Utility (HKLM-x32\...\{29E20347-C62F-4657-938E-876A182B67F1}) (Version: 1.4.14 - HP Inc.)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HP Wireless Button Driver (HKLM-x32\...\{099DAD2B-56C5-4919-9F82-418C2A018CAE}) (Version: 1.1.18.1 - HP)
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
iCloud (HKLM\...\{99868C9C-C141-4DDE-A2C7-9DDF00F68F17}) (Version: 7.2.0.67 - Apple Inc.)
Intel® Chipset Device Software (HKLM-x32\...\{314d4c01-f54b-4125-a71f-1e2722c29050}) (Version: 10.1.1.40 - Intel® Corporation) Hidden
Intel® Dynamic Platform and Thermal Framework (HKLM-x32\...\{654EE65D-FAA4-4EA6-8C07-DC94E6A304D4}) (Version: 8.1.10608.329 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4568 - Intel Corporation)
Intel® Trusted Execution Engine (HKLM\...\{176E2755-0A17-42C6-88E2-192AB2131278}) (Version: 2.0.0.1094 - Intel Corporation)
iSEEK AnswerWorks English Runtime (HKLM-x32\...\{18A8E78B-9EF2-496E-B310-BCD8E4C1DAB3}) (Version: 010.000.0101 - Vantage Linguistics)
iTunes (HKLM\...\{D7D4465C-B3B6-4BC1-B336-2803FB57BFAF}) (Version: 12.7.2.60 - Apple Inc.)
Letter Quest - Grimm's Journey (HKLM-x32\...\WTA-e4aa9fec-8085-489c-87d6-2854b3929b27) (Version: 3.0.2.118 - WildTangent) Hidden
McAfee LiveSafe (HKLM-x32\...\MSC) (Version: 16.0 R8 - McAfee, Inc.)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.10228.20134 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3252656029-1357310190-2560453275-1001\...\OneDriveSetup.exe) (Version: 18.111.0603.0006 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23506 (HKLM-x32\...\{3ee5e5bb-b7cc-4556-8861-a00a82977d6c}) (Version: 14.0.23506.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23506 (HKLM-x32\...\{23daf363-3020-4059-b3ae-dc4ad39fed19}) (Version: 14.0.23506.0 - Microsoft Corporation)
Mozilla Firefox 57.0.4 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 57.0.4 (x86 en-US)) (Version: 57.0.4 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 57.0 - Mozilla)
Mystika 2 (HKLM-x32\...\WTA-754e3b99-154d-4409-ad3c-613b4f8fe12d) (Version: 1.1.2.4 - WildTangent) Hidden
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.10228.20134 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.10228.20134 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.10228.20134 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.10228.20134 - Microsoft Corporation) Hidden
OpenOffice 4.1.4 (HKLM-x32\...\{BDB210E1-06C5-451F-BDAC-C18DDC7C2F14}) (Version: 4.14.9788 - Apache Software Foundation)
Quicken 2013 (HKLM-x32\...\{034DD4BB-F0D6-4ECF-B064-8E39E3EF7076}) (Version: 22.1.1.21 - Intuit)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.15063.31235 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.16.323.2017 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8110 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{A5107464-AA9B-4177-8129-5FF2F42DD322}) (Version: 1.0.0.91 - REALTEK Semiconductor Corp.)
Runefall (HKLM-x32\...\WTA-aa483fca-a070-4abb-922b-9213492902c9) (Version: 3.0.2.126 - WildTangent) Hidden
Sparkle 2 (HKLM-x32\...\WTA-aacfd9a7-6f41-40c5-b433-ed7b5d4db049) (Version: 3.0.2.51 - WildTangent) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.3.31.31 - Synaptics Incorporated)
TurboTax 2017 (HKLM-x32\...\TurboTax 2017) (Version: 2017.0 - Intuit, Inc)
Update Installer for WildTangent Games App (HKLM-x32\...\{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App) (Version:  - WildTangent) Hidden
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.1.0.28 - WildTangent)
WildTangent Games App for HP (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp) (Version: 4.1.1.36 - WildTangent) Hidden
WildTangent ShortcutProvider (HKLM-x32\...\{80831F60-19D7-43B3-A60C-5CAF8C478DF6}) (Version: 1.0.0.47 - WildTangent) Hidden
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
ContextMenuHandlers1: [McCtxMenuFrmWrk] -> {CCA9EFD3-29ED-430A-BA6D-E6BBFF0A60C2} => c:\Program Files\mcafee\msc\McCtxMenuFrmWrk.dll [2018-01-25] (McAfee, Inc.)
ContextMenuHandlers1: [PhotoStreamsExt] -> {89D984B3-813B-406A-8298-118AFA3A22AE} => C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll [2017-12-08] (Apple Inc.)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2017-03-28] (Intel Corporation)
ContextMenuHandlers6: [McCtxMenuFrmWrk] -> {CCA9EFD3-29ED-430A-BA6D-E6BBFF0A60C2} => c:\Program Files\mcafee\msc\McCtxMenuFrmWrk.dll [2018-01-25] (McAfee, Inc.)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {01440DAC-24D7-48A8-9E99-B810B39874D1} - System32\Tasks\HPAudioSwitch => C:\Program Files (x86)\HP\HPAudioSwitch\HPAudioSwitch.exe [2017-02-02] (HP Inc.)
Task: {04AA1629-EF07-4EAE-A0E5-11833ED2F309} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2017-11-24] (Dropbox, Inc.)
Task: {0573F149-ADBD-46DF-A38E-C6001DEB1551} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-02-09] (Adobe Systems Incorporated)
Task: {0D7A9184-8EE0-447C-A778-A0B287D9E946} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee VirusScan\upgrade.exe [2018-05-04] (McAfee, Inc.)
Task: {17274F53-FA17-4E34-96FF-0E1327054FE9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-07-14] (Google Inc.)
Task: {1951ECBE-969A-4989-9251-0571D58A76C7} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2016-12-07] (HP Inc.)
Task: {24E6D1C4-FD38-45AE-A418-94B279052DCB} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2018-06-24] (Piriform Ltd)
Task: {25C7F0C3-1033-48AF-809F-100972101ACF} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-07-14] (Google Inc.)
Task: {27BF9CF2-4EFD-48C5-90F2-7048C4CE39C6} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-07-24] (Microsoft Corporation)
Task: {2CDE08E0-5FC8-4F6C-9E04-FE40CCD63335} - System32\Tasks\DropboxOEM => C:\Program Files (x86)\Dropbox\DropboxOEM\DropboxOEM.exe [2016-11-28] (DropboxOEM)
Task: {3C5987AB-F2AE-4DE8-BB95-50FF6BE777CF} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2018-06-24] (Piriform Ltd)
Task: {3DB56C06-6D81-42A8-A190-6205156EE673} - System32\Tasks\HPJumpStartLaunch => C:\Program Files (x86)\HP\HP JumpStart Launch\HPJumpStartLaunch.exe [2017-02-01] ()
Task: {423D9321-3159-4E6E-BBC5-C4182B681347} - System32\Tasks\McAfee\McAfee Idle Detection Task
Task: {4393D709-7F5B-4974-A783-A40930AA86A9} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-07-13] (Microsoft Corporation)
Task: {483200C2-9BF2-4D6C-854F-146CB75F18E7} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2017-06-22] (HP Inc.)
Task: {4FADD0EE-4A68-4921-9D23-ABB995D87E9B} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2017-11-24] (Dropbox, Inc.)
Task: {5869F381-9C12-4433-8F12-F98517F48A04} - System32\Tasks\HPCustParticipation HP Officejet 6500 E710n-z => C:\Program Files\HP\HP Officejet 6500 E710n-z\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {5B27AE94-DEDC-40AB-BC87-D400AA59150B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2017-09-27] (HP Inc.)
Task: {66227169-9230-4292-A0B9-B6D8AF889826} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1806.18062-0\MpCmdRun.exe [2018-07-17] (Microsoft Corporation)
Task: {6C60E6FD-3467-413A-8AB7-1E6CDB43844D} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-07-13] (Microsoft Corporation)
Task: {6F079C33-7D67-4EFF-AAC9-3BFBAA30AE83} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1806.18062-0\MpCmdRun.exe [2018-07-17] (Microsoft Corporation)
Task: {6FE15F7D-2137-46C5-B226-8EC2AD9C4945} - System32\Tasks\McAfee\McAfee Auto Maintenance Task Agent
Task: {7B558AB7-85CF-41AE-BDAB-2182951D794F} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-07-24] (Microsoft Corporation)
Task: {7E14EF87-4DE0-4BAE-9910-47BB0017520A} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1806.18062-0\MpCmdRun.exe [2018-07-17] (Microsoft Corporation)
Task: {838A0FD6-004E-4652-AD76-27FE3924805C} - System32\Tasks\McAfee\DAD.Execute.Updates => C:\Program Files\Common Files\McAfee\DynamicAppDownloader\1.1.178\DADUpdater.exe [2018-07-14] (McAfee, Inc.)
Task: {8714AD08-F722-4735-969A-7F49D04D41A0} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2016-12-07] (HP Inc.)
Task: {B5493E25-7FD6-4BBB-B0F2-94637CB2F012} - System32\Tasks\McAfeeLogon => C:\Program Files\Common Files\mcafee\platform\McUICnt.exe [2017-10-04] (McAfee, Inc.)
Task: {C4430160-DAB2-4897-9BA2-5BDD1C6C8B7D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2017-09-20] (HP Inc.)
Task: {C45888EF-4214-47C6-9F4E-1943F54D087D} - System32\Tasks\HPEA3JOBS => C:\Program [Argument = Files\HP\HP ePrint\hpeprint.exe /CheckJobs]
Task: {D0C60BAD-9219-4A90-AA10-D5CEC13D93AA} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-12-07] (HP Inc.)
Task: {D273FAD5-0F89-45C7-A983-298ADC027706} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1806.18062-0\MpCmdRun.exe [2018-07-17] (Microsoft Corporation)
Task: {DEB35B95-2BF1-4493-9464-B6B60D85B669} - System32\Tasks\Microsoft\Office\OfficeOsfInstaller => C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\osfinstaller.exe [2018-07-24] (Microsoft Corporation)
Task: {DECC7D8B-3349-4F4E-9FC4-63CD00CBF1FC} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2017-09-27] (HP Inc.)
Task: {DF08C6B9-02BF-43D3-81E8-F64105EE32EE} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [2016-12-07] (HP Inc.)
Task: {F1D49F29-F083-4149-ABDF-B404B7E40598} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2017-10-12] (Apple Inc.)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Priceline.com.lnk -> C:\Program Files (x86)\HP\Shared\WizLink.exe () -> hxxp://secure.rezserver.com/sdk/v1/LinkFwd?refid=7684&destination=priceline&refclickid=square
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VUDU - Streaming Movies.lnk -> C:\Program Files (x86)\HP\Shared\WizLink.exe () -> hxxp://js.redirect.hp.com/jumpstation?bd=all&c=*&locale=en_us&pf=cnnb&s=VUDU_URL&tp=startmenu
==================== Loaded Modules (Whitelisted) ==============
2017-12-08 02:48 - 2017-12-08 02:48 - 000088888 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2018-01-05 01:13 - 2018-01-05 01:13 - 001356088 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2017-11-29 18:28 - 2018-01-05 17:39 - 001707032 _____ () C:\Program Files\McAfee\MfeAV\RealProtectAMScanIf.dll
2017-11-29 18:28 - 2018-01-05 17:39 - 000572776 _____ () C:\Program Files\McAfee\MfeAV\RepairModule.dll
2017-09-29 09:41 - 2017-09-29 09:41 - 000184432 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2017-02-01 14:50 - 2017-02-01 14:50 - 000459264 _____ () C:\Program Files (x86)\HP\HP JumpStart Launch\HPJumpStartLaunch.exe
2018-02-16 10:12 - 2018-02-10 00:39 - 011044864 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2018-02-16 10:12 - 2018-02-10 00:36 - 001804288 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-12-11 12:05 - 2017-12-11 12:05 - 000088888 _____ () C:\Program Files\iTunes\zlib1.dll
2017-12-11 12:05 - 2017-12-11 12:05 - 001356088 _____ () C:\Program Files\iTunes\libxml2.dll
2018-03-29 13:30 - 2018-03-29 13:34 - 000086528 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1811.248.1000_x64__kzf8qxf38zg5c\SkypeHost.exe
2018-03-29 13:30 - 2018-03-29 13:34 - 000195072 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1811.248.1000_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2017-09-29 09:41 - 2017-09-29 09:41 - 000030208 _____ () C:\WINDOWS\system32\Windows.WARP.JITService.exe
2018-01-05 17:31 - 2018-01-05 17:31 - 000975872 _____ () C:\WINDOWS\system32\FaceProcessor.dll
2018-01-05 17:31 - 2018-01-05 17:31 - 000269696 _____ () C:\WINDOWS\system32\FaceProcessorCore.dll
2017-09-29 09:41 - 2017-09-29 09:41 - 001357464 _____ () C:\WINDOWS\system32\FaceTrackerInternal.dll
2018-01-05 01:14 - 2018-01-05 01:14 - 001042232 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2018-01-05 01:14 - 2018-01-05 01:14 - 000189752 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxslt.dll
2017-12-08 02:49 - 2017-12-08 02:49 - 000076088 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ModuleCoreService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcapexe => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ModuleCoreService => ""="Service"
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2017-03-18 17:03 - 2017-03-18 17:01 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts

==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-3252656029-1357310190-2560453275-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\eviei\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{80232BE6-9493-475A-9810-0446DA5A8F1A}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{85458B21-19AA-42CA-8FEA-8E2C05FFCB8E}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{65F3AACA-CA40-4FC3-B8A5-54DE159C45EB}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{E929CF67-72D3-401F-A921-4CCFC6113C8A}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{51041816-CFD8-4FBB-9C91-D7F17EBBEBAF}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{C2654405-0A64-4A87-8679-6BD42A765D51}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
FirewallRules: [{E8D27CE2-C2E6-4D14-A6A9-49C20C427814}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{619EC73E-671E-42A8-A192-7FF98C822CD4}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{D9349DF4-3E34-4A83-90E6-B3C7014525B0}] => (Allow) C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHost.exe
FirewallRules: [{6D1898D1-808E-44E7-9659-C97D3AD1E83B}] => (Allow) C:\Program Files (x86)\Common Files\Mcafee\MMSSHost\MMSSHost.exe
FirewallRules: [{8DEE9C42-8BC5-4978-8BCD-6E18EE417A4D}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{0AC6E3C1-81CB-4F57-943E-E09CCEEDE14D}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Movie\PowerDVDMovie.exe
FirewallRules: [{46C3EB8B-8623-418F-9DFA-5D3142C82DF4}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD.exe
FirewallRules: [{66C7E78A-74F9-4326-A00F-60D82075E863}] => (Allow) LPort=13148
FirewallRules: [{665ADD2B-32A5-43D5-8D41-77C9C68894F9}] => (Allow) C:\Program Files\HP\HP Orbit Service\HPOrbitService.exe
FirewallRules: [{14231565-7D9B-4120-9FB5-ADF2C5C8A436}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{0D0C1790-F674-4132-86D1-B0403C2C8DF5}] => (Allow) C:\Program Files\HP\HP Officejet 6500 E710n-z\bin\FaxApplications.exe
FirewallRules: [{2CF5CCE0-49C1-4A35-9506-9ADEA4A41FB1}] => (Allow) C:\Program Files\HP\HP Officejet 6500 E710n-z\bin\DigitalWizards.exe
FirewallRules: [{9A10EF45-D259-4FFA-963B-835C6397F5DE}] => (Allow) C:\Program Files\HP\HP Officejet 6500 E710n-z\bin\SendAFax.exe
FirewallRules: [{01D72044-193E-4447-BC21-B42BB5B5D2A3}] => (Allow) C:\Program Files\HP\HP Officejet 6500 E710n-z\Bin\DeviceSetup.exe
FirewallRules: [{9023B2D3-A06C-4121-888B-BE64BEB00EC7}] => (Allow) C:\Program Files\HP\HP Officejet 6500 E710n-z\Bin\HPNetworkCommunicator.exe
FirewallRules: [{B9FB0B2B-70F0-438A-931F-43B524322015}] => (Allow) C:\Program Files\HP\HP Officejet 6500 E710n-z\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{BF39738A-49EE-4FA9-BF35-04A82AB5D052}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdater.exe
FirewallRules: [{D36720A9-A21F-4BA5-BB1C-379A96C29260}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{545516FB-AEB7-4C38-932F-3B9F170AE01A}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{63C4D9A6-8CF2-4A96-869D-AB34BE81EB4D}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{379280B0-A4E3-4283-BA9D-326CDEB78BC0}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{DA705F3C-95C9-4AE7-A2C0-3D17AF271E07}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{A00CD9F6-F82E-465B-B525-8734FFD2F35C}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{FB05CA58-2D0C-4042-8C94-09F244EF625C}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe
FirewallRules: [{E8EF1E96-89B8-46AC-993E-B8C75F9F5552}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe
==================== Restore Points =========================
Could not list restore points
Check "winmgmt" service or repair WMI.

==================== Faulty Device Manager Devices =============
Could not list Devices. Check "winmgmt" service or repair WMI.

==================== Event log errors: =========================
Application errors:
==================
Error: (07/24/2018 02:26:54 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program SystemSettings.exe version 10.0.16299.15 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
Process ID: 2f48
Start Time: 01d4237bc8867081
Termination Time: 4294967295
Application Path: C:\Windows\ImmersiveControlPanel\SystemSettings.exe
Report Id: effc8ed0-f78f-4ae6-bffa-f1a4c1e2dba6
Faulting package full name: windows.immersivecontrolpanel_10.0.1.1000_neutral_neutral_cw5n1h2txyewy
Faulting package-relative application ID: microsoft.windows.immersivecontrolpanel
Error: (07/24/2018 02:26:50 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2486) (User: LAPTOP-VCBMR6EO)
Description: App windows.immersivecontrolpanel_10.0.1.1000_neutral_neutral_cw5n1h2txyewy+microsoft.windows.immersivecontrolpanel did not launch within its allotted time.
Error: (07/24/2018 02:24:37 PM) (Source: ESENT) (EventID: 489) (User: )
Description: SettingSyncHost (5604,P,0) {93306499-F526-40C2-A3FE-DD1C2F13F142}: An attempt to open the file "C:\Users\eviei\AppData\Local\Microsoft\Windows\SettingSync\metastore\meta.edb" for read only access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ".  The open file operation will fail with error -1032 (0xfffffbf8).
Error: (07/24/2018 02:24:27 PM) (Source: ESENT) (EventID: 489) (User: )
Description: SettingSyncHost (5604,P,0) {B0E689AB-BB51-4277-B7EE-D4D503B8973D}: An attempt to open the file "C:\Users\eviei\AppData\Local\Microsoft\Windows\SettingSync\metastore\meta.edb" for read only access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ".  The open file operation will fail with error -1032 (0xfffffbf8).
Error: (07/24/2018 02:24:17 PM) (Source: ESENT) (EventID: 489) (User: )
Description: SettingSyncHost (5604,P,0) {B091D05B-36A9-4DC1-B00B-83A016B2B380}: An attempt to open the file "C:\Users\eviei\AppData\Local\Microsoft\Windows\SettingSync\metastore\meta.edb" for read only access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ".  The open file operation will fail with error -1032 (0xfffffbf8).
Error: (07/24/2018 02:24:05 PM) (Source: ESENT) (EventID: 489) (User: )
Description: SettingSyncHost (5604,P,0) {048EF43D-D77A-4A99-9A3F-8287E3EFA540}: An attempt to open the file "C:\Users\eviei\AppData\Local\Microsoft\Windows\SettingSync\metastore\meta.edb" for read only access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ".  The open file operation will fail with error -1032 (0xfffffbf8).
Error: (07/24/2018 02:18:58 PM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Error while updating Windows Defender status to SECURITY_PRODUCT_STATE_ON.
Error: (07/24/2018 02:18:58 PM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Error while updating Windows Defender status to SECURITY_PRODUCT_STATE_ON.

System errors:
=============
Error: (07/24/2018 02:02:12 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Interactive Services Detection service terminated with the following error:
Incorrect function.
Error: (07/24/2018 01:58:38 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (07/24/2018 01:57:56 PM) (Source: DCOM) (EventID: 10016) (User: LAPTOP-VCBMR6EO)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{8BC3F05E-D86B-11D0-A075-00C04FB68820}
 and APPID
{8BC3F05E-D86B-11D0-A075-00C04FB68820}
 to the user LAPTOP-VCBMR6EO\eviei SID (S-1-5-21-3252656029-1357310190-2560453275-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ContentDeliveryManager_10.0.16299.15_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-350187224-1905355452-1037786396-3028148496-2624191407-3283318427-1255436723). This security permission can be modified using the Component Services administrative tool.
Error: (07/24/2018 01:56:50 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (07/24/2018 01:34:15 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (07/24/2018 01:34:15 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (07/24/2018 01:34:15 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (07/24/2018 01:34:15 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Windows Defender:
===================================
Date: 2018-06-08 12:45:06.809
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {6DF5733E-DBFB-4824-BFF5-43BA55B0B77D}
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2018-07-17 18:52:49.294
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.271.1136.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.15000.2
Error code: 0x80240016
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
Date: 2018-06-08 12:45:12.625
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version: 1.269.913.0
Previous Signature Version: 1.269.911.0
Update Source: User
Signature Type: AntiSpyware
Update Type: Delta
Current Engine Version: 1.1.14901.4
Previous Engine Version: 1.1.14901.4
Error code: 0x80509004
Error description: An unexpected problem occurred. Install any available updates, and then try to start the program again. For information on installing updates, see Help and Support.
Date: 2018-06-08 12:45:12.624
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version: 1.269.913.0
Previous Signature Version: 1.269.911.0
Update Source: User
Signature Type: AntiVirus
Update Type: Delta
Current Engine Version: 1.1.14901.4
Previous Engine Version: 1.1.14901.4
Error code: 0x80509004
Error description: An unexpected problem occurred. Install any available updates, and then try to start the program again. For information on installing updates, see Help and Support.
CodeIntegrity:
===================================
Date: 2018-07-24 14:24:49.807
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
Date: 2018-07-24 14:24:49.803
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
Date: 2018-07-24 14:18:57.966
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
Date: 2018-07-24 14:18:57.962
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
Date: 2018-07-24 14:17:35.490
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
Date: 2018-07-24 14:17:35.486
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
Date: 2018-07-24 14:17:21.287
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
Date: 2018-07-24 14:17:21.282
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
==================== Memory info ===========================
Processor: Intel® Pentium® CPU N3710 @ 1.60GHz
Percentage of memory in use: 66%
Total physical RAM: 4001.58 MB
Available physical RAM: 1333.83 MB
Total Virtual: 4705.58 MB
Available Virtual: 1764.83 MB
==================== Drives ================================
Drive c: (Windows) (Fixed) (Total:450.91 GB) (Free:395.36 GB) NTFS
Drive d: (RECOVERY) (Fixed) (Total:13.62 GB) (Free:1.64 GB) NTFS ==>[system with boot components (obtained from drive)]
\\?\Volume{6bd5e15b-bd27-431d-89cd-ddb7e5872828}\ () (Fixed) (Total:0.25 GB) (Free:0.16 GB) FAT32
\\?\Volume{74344a3a-8a10-4ce3-a77c-0ac1da0d0390}\ (Windows RE tools) (Fixed) (Total:0.96 GB) (Free:0.38 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: B72F9B8C)
Partition: GPT.
==================== End of Addition.txt ============================

Edited by psjbob, 24 July 2018 - 05:08 PM.

  • 0

Advertisements

#2
RKinner
Posted 04 August 2018 - 05:17 AM

RKinner

    Malware Expert

  • Expert
  • 24,731 posts
  • MVP

No obvious malware.  Uninstall Bonjour.  It never seems happy on Win 10.

 

Turn “off” Sync Settings (Settings > Accounts > Sync your Settings > Sync Settings).

 

Open an elevated command prompt:

http://www.howtogeek...-in-windows-10/
http://www.eightforu...indows-8-a.html

(If you open an elevated Command Prompt properly it will say Administrator: Command Prompt in the margin at the top of the window)


Once you have an elevated command prompt:

Type:

 DISM  /Online  /Cleanup-Image  /RestoreHealth

 (I use two spaces so you can be sure to see where one space goes.)
Hit Enter.  This will take a while (10-20 minutes) to complete.  Once the prompt returns:

Reboot.  Open an elevated Command Prompt again and type (with an Enter after the line):

sfc  /scannow



This will also take a few minutes.  

When it finishes it will say one of the following:

Windows did not find any integrity violations (a good thing)
Windows Resource Protection found corrupt files and repaired them (a good thing)
Windows Resource Protection found corrupt files but was unable to fix some (or all) of them (not a good thing)

If you get the last result then type:
findstr  /c:"[SR]"  \windows\logs\cbs\cbs.log  >  %UserProfile%\desktop\junk.txt


Hit Enter.  Then type::


notepad %UserProfile%\desktop\junk.txt

Hit Enter.

 Copy the text from notepad and paste it into a reply.


After you finish SFC, regardless of the result:



1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.  (Each time you run VEW it overwrites the log so copy the first one to a Reply or rename it before running it a second time.)
 

Get Process Explorer

http://live.sysinter...com/procexp.exe
Save it to your desktop then run it (Vista or Win7+ - right click and Run As Administrator).  

View, Select Column, check Verified Signer, OK
Options, Verify Image Signatures


Click twice on the CPU column header  to sort things by CPU usage with the big hitters at the top.  

Wait a full minute then:

File, Save As, Save.  Note the file name.   Open the file  on your desktop and copy and paste the text to a reply.


Copy the next 2 lines:

TASKLIST /SVC  > \junk.txt
notepad \junk.txt

Open an Elevated Command Prompt:
Win 7: Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator
Win 8: http://www.eightforu...indows-8-a.html
win 10: http://www.howtogeek...-in-windows-10/

Right click and Paste (or Edit then Paste) and the copied lines should appear.
Hit Enter if notepad does not open.  Copy and paste the text from notepad into a reply.


Get the free version of Speccy:

http://www.filehippo...ownload_speccy/ 

(Look in the upper right for the Download
Latest Version button  - Do NOT press the large Start Download button on the upper left!)  
Download, Save and Install it.  Tell it you do not need CCLEANER.    Run Speccy.  When it finishes (the little icon in the bottom left will stop moving),
File, Save as Text File,  (to your desktop) note the name it gives. OK.  Open the file in notepad and delete the line that gives the serial number of your Operating System.  
(It will be near the top,  10-20  lines down.) Save the file.  Attach the file to your next post.  Attaching the log is the best option as it is too big for the forum.  Attaching is a multi step process.

First click on More Reply Options
Then scroll down to where you see
Choose File and click on it.  Point it at the file and hit Open.
Now click on Attach this file.

 


  • 0

#3
psjbob
Posted 10 August 2018 - 07:07 PM

psjbob

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
  • Bonjour Uninstalled
  • Sync turned OFF
  • I ran the DISM command followed by the sfc  /scannow and closed the cmd window before I noticed what it said.
  • When I try and run the VEW program, I keep getting a runtime error. I have downloaded it and tried running it several times with the same result each time. I noticed there were some Windows Updates needed so I ran the updates and tried VEW again but continue getting the runtime error.
  • The junk.txt file that is supposed to come as a result of the Process Explorer gives me an ERROR: NOT FOUND
  • I tried to install Speccy and everything in the summary says Unknown system error: 0x80041002

Edited by psjbob, 10 August 2018 - 07:12 PM.

  • 0

#4
RKinner
Posted 10 August 2018 - 08:50 PM

RKinner

    Malware Expert

  • Expert
  • 24,731 posts
  • MVP

VEW needs for you to right click and Run As Admin or it won't work.

If you can't get it to work then try:

 

Full Event Log View

http://www.nirsoft.n...t_log_view.html

The download is near the bottom of the page.  Choose the one appropriate for your system.

Download FullEventLogView (32-bit version)
Download FullEventLogView (64-bit version) <===


Right click on the downloaded file and Extract All, Extract.  Doubleclick on FullEventLogView.exe

Once the program starts:  Options, Advanced Options and in the new window uncheck Informational verbose and Undefined.

Show only events from the last 1 Days

OK

Now Edit, Select All

File, Save Selected Items, to your desktop, call it events,  Save.

Close the program.  You should have a file called events.txt on your desktop.  Open it, Edit, Select All, Ctrl + c to copy and then move to a Reply and Ctrl +v to paste it into the reply.



The junk file won't work if you don't use an Elevated Command Prompt.  You should still have a Process Explorer log.  Please post it.



 

Speccy probably uses WMI which might be broken on your PC.  If you post the process explorer log I can tell.


  • 0

#5
psjbob
Posted 13 August 2018 - 03:40 PM

psjbob

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts

dg1p5k.jpg

 

FullEventLogView

==================================================
Event Time        : 8/13/2018 4:56:40 PM.963
Record ID         : 3629
Event ID          : 1
Level             : Error
Channel           : Microsoft-Windows-CloudStore/Operational
Provider          : Microsoft-Windows-CloudStore
Description       : Error 0x80070003 occurred. See event details for more information.
Opcode            :
Task              :
Keywords          : 0x8000000000000000
Process ID        : 1500
Thread ID         : 1608
Computer          : LAPTOP-VCBMR6EO
User              : LAPTOP-VCBMR6EO\eviei
==================================================
==================================================
Event Time        : 8/13/2018 4:56:40 PM.963
Record ID         : 3630
Event ID          : 1
Level             : Error
Channel           : Microsoft-Windows-CloudStore/Operational
Provider          : Microsoft-Windows-CloudStore
Description       : Error 0x80070003 occurred. See event details for more information.
Opcode            :
Task              :
Keywords          : 0x8000000000000000
Process ID        : 1500
Thread ID         : 1608
Computer          : LAPTOP-VCBMR6EO
User              : LAPTOP-VCBMR6EO\eviei
==================================================
==================================================
Event Time        : 8/13/2018 4:56:40 PM.963
Record ID         : 3631
Event ID          : 1
Level             : Error
Channel           : Microsoft-Windows-CloudStore/Operational
Provider          : Microsoft-Windows-CloudStore
Description       : Error 0x80070003 occurred. See event details for more information.
Opcode            :
Task              :
Keywords          : 0x8000000000000000
Process ID        : 1500
Thread ID         : 1608
Computer          : LAPTOP-VCBMR6EO
User              : LAPTOP-VCBMR6EO\eviei
==================================================
==================================================
Event Time        : 8/13/2018 4:56:40 PM.963
Record ID         : 3632
Event ID          : 1
Level             : Error
Channel           : Microsoft-Windows-CloudStore/Operational
Provider          : Microsoft-Windows-CloudStore
Description       : Error 0x80070003 occurred. See event details for more information.
Opcode            :
Task              :
Keywords          : 0x8000000000000000
Process ID        : 1500
Thread ID         : 1608
Computer          : LAPTOP-VCBMR6EO
User              : LAPTOP-VCBMR6EO\eviei
==================================================
==================================================
Event Time        : 8/13/2018 4:56:41 PM.387
Record ID         : 3633
Event ID          : 1
Level             : Error
Channel           : Microsoft-Windows-CloudStore/Operational
Provider          : Microsoft-Windows-CloudStore
Description       : Error 0x80070003 occurred. See event details for more information.
Opcode            :
Task              :
Keywords          : 0x8000000000000000
Process ID        : 1500
Thread ID         : 1608
Computer          : LAPTOP-VCBMR6EO
User              : LAPTOP-VCBMR6EO\eviei
==================================================
==================================================
Event Time        : 8/13/2018 4:56:41 PM.387
Record ID         : 3634
Event ID          : 1
Level             : Error
Channel           : Microsoft-Windows-CloudStore/Operational
Provider          : Microsoft-Windows-CloudStore
Description       : Error 0x80070003 occurred. See event details for more information.
Opcode            :
Task              :
Keywords          : 0x8000000000000000
Process ID        : 1500
Thread ID         : 1608
Computer          : LAPTOP-VCBMR6EO
User              : LAPTOP-VCBMR6EO\eviei
==================================================
==================================================
Event Time        : 8/13/2018 4:56:41 PM.387
Record ID         : 3635
Event ID          : 1
Level             : Error
Channel           : Microsoft-Windows-CloudStore/Operational
Provider          : Microsoft-Windows-CloudStore
Description       : Error 0x80070003 occurred. See event details for more information.
Opcode            :
Task              :
Keywords          : 0x8000000000000000
Process ID        : 1500
Thread ID         : 1608
Computer          : LAPTOP-VCBMR6EO
User              : LAPTOP-VCBMR6EO\eviei
==================================================
==================================================
Event Time        : 8/13/2018 4:56:41 PM.387
Record ID         : 3636
Event ID          : 1
Level             : Error
Channel           : Microsoft-Windows-CloudStore/Operational
Provider          : Microsoft-Windows-CloudStore
Description       : Error 0x80070003 occurred. See event details for more information.
Opcode            :
Task              :
Keywords          : 0x8000000000000000
Process ID        : 1500
Thread ID         : 1608
Computer          : LAPTOP-VCBMR6EO
User              : LAPTOP-VCBMR6EO\eviei
==================================================
==================================================
Event Time        : 8/13/2018 4:56:42 PM.990
Record ID         : 3637
Event ID          : 1
Level             : Error
Channel           : Microsoft-Windows-CloudStore/Operational
Provider          : Microsoft-Windows-CloudStore
Description       : Error 0x80070003 occurred. See event details for more information.
Opcode            :
Task              :
Keywords          : 0x8000000000000000
Process ID        : 1500
Thread ID         : 6452
Computer          : LAPTOP-VCBMR6EO
User              : LAPTOP-VCBMR6EO\eviei
==================================================
==================================================
Event Time        : 8/13/2018 4:56:42 PM.990
Record ID         : 3638
Event ID          : 1
Level             : Error
Channel           : Microsoft-Windows-CloudStore/Operational
Provider          : Microsoft-Windows-CloudStore
Description       : Error 0x80070003 occurred. See event details for more information.
Opcode            :
Task              :
Keywords          : 0x8000000000000000
Process ID        : 1500
Thread ID         : 6452
Computer          : LAPTOP-VCBMR6EO
User              : LAPTOP-VCBMR6EO\eviei
==================================================
==================================================
Event Time        : 8/13/2018 4:56:42 PM.990
Record ID         : 3639
Event ID          : 1
Level             : Error
Channel           : Microsoft-Windows-CloudStore/Operational
Provider          : Microsoft-Windows-CloudStore
Description       : Error 0x80070003 occurred. See event details for more information.
Opcode            :
Task              :
Keywords          : 0x8000000000000000
Process ID        : 1500
Thread ID         : 6452
Computer          : LAPTOP-VCBMR6EO
User              : LAPTOP-VCBMR6EO\eviei
==================================================
==================================================
Event Time        : 8/13/2018 4:56:42 PM.990
Record ID         : 3640
Event ID          : 1
Level             : Error
Channel           : Microsoft-Windows-CloudStore/Operational
Provider          : Microsoft-Windows-CloudStore
Description       : Error 0x80070003 occurred. See event details for more information.
Opcode            :
Task              :
Keywords          : 0x8000000000000000
Process ID        : 1500
Thread ID         : 6452
Computer          : LAPTOP-VCBMR6EO
User              : LAPTOP-VCBMR6EO\eviei
==================================================
==================================================
Event Time        : 8/13/2018 4:56:43 PM.333
Record ID         : 11415
Event ID          : 6114
Level             : Error
Channel           : Microsoft-Windows-LiveId/Operational
Provider          : Microsoft-Windows-LiveId
Description       : SOAP Request of type Auth for user CID '31dcc87248745643' in production environment received the following error code from the Microsoft Account server: 0x80041012.
Opcode            :
Task              :
Keywords          : Error
Process ID        : 5872
Thread ID         : 12620
Computer          : LAPTOP-VCBMR6EO
User              : NT AUTHORITY\SYSTEM
==================================================
==================================================
Event Time        : 8/13/2018 4:56:49 PM.253
Record ID         : 4956
Event ID          : 10016
Level             : Error
Channel           : System
Provider          : Microsoft-Windows-DistributedCOM
Description       : The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Opcode            :
Task              :
Keywords          : Classic
Process ID        : 1040
Thread ID         : 1304
Computer          : LAPTOP-VCBMR6EO
User              : NT AUTHORITY\LOCAL SERVICE
==================================================
==================================================
Event Time        : 8/13/2018 4:56:49 PM.253
Record ID         : 4955
Event ID          : 10016
Level             : Error
Channel           : System
Provider          : Microsoft-Windows-DistributedCOM
Description       : The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Opcode            :
Task              :
Keywords          : Classic
Process ID        : 1040
Thread ID         : 1104
Computer          : LAPTOP-VCBMR6EO
User              : NT AUTHORITY\LOCAL SERVICE
==================================================
==================================================
Event Time        : 8/13/2018 4:56:50 PM.425
Record ID         : 4958
Event ID          : 10016
Level             : Error
Channel           : System
Provider          : Microsoft-Windows-DistributedCOM
Description       : The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Opcode            :
Task              :
Keywords          : Classic
Process ID        : 1040
Thread ID         : 1104
Computer          : LAPTOP-VCBMR6EO
User              : NT AUTHORITY\LOCAL SERVICE
==================================================
==================================================
Event Time        : 8/13/2018 4:56:50 PM.425
Record ID         : 4957
Event ID          : 10016
Level             : Error
Channel           : System
Provider          : Microsoft-Windows-DistributedCOM
Description       : The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Opcode            :
Task              :
Keywords          : Classic
Process ID        : 1040
Thread ID         : 1104
Computer          : LAPTOP-VCBMR6EO
User              : NT AUTHORITY\LOCAL SERVICE
==================================================
==================================================
Event Time        : 8/13/2018 4:56:51 PM.883
Record ID         : 3641
Event ID          : 1
Level             : Error
Channel           : Microsoft-Windows-CloudStore/Operational
Provider          : Microsoft-Windows-CloudStore
Description       : Error 0x80070003 occurred. See event details for more information.
Opcode            :
Task              :
Keywords          : 0x8000000000000000
Process ID        : 1500
Thread ID         : 1608
Computer          : LAPTOP-VCBMR6EO
User              : LAPTOP-VCBMR6EO\eviei
==================================================
==================================================
Event Time        : 8/13/2018 4:56:51 PM.883
Record ID         : 3642
Event ID          : 1
Level             : Error
Channel           : Microsoft-Windows-CloudStore/Operational
Provider          : Microsoft-Windows-CloudStore
Description       : Error 0x80070003 occurred. See event details for more information.
Opcode            :
Task              :
Keywords          : 0x8000000000000000
Process ID        : 1500
Thread ID         : 1608
Computer          : LAPTOP-VCBMR6EO
User              : LAPTOP-VCBMR6EO\eviei
==================================================
==================================================
Event Time        : 8/13/2018 4:56:51 PM.883
Record ID         : 3643
Event ID          : 1
Level             : Error
Channel           : Microsoft-Windows-CloudStore/Operational
Provider          : Microsoft-Windows-CloudStore
Description       : Error 0x80070003 occurred. See event details for more information.
Opcode            :
Task              :
Keywords          : 0x8000000000000000
Process ID        : 1500
Thread ID         : 1608
Computer          : LAPTOP-VCBMR6EO
User              : LAPTOP-VCBMR6EO\eviei
==================================================
==================================================
Event Time        : 8/13/2018 4:56:51 PM.883
Record ID         : 3644
Event ID          : 1
Level             : Error
Channel           : Microsoft-Windows-CloudStore/Operational
Provider          : Microsoft-Windows-CloudStore
Description       : Error 0x80070003 occurred. See event details for more information.
Opcode            :
Task              :
Keywords          : 0x8000000000000000
Process ID        : 1500
Thread ID         : 1608
Computer          : LAPTOP-VCBMR6EO
User              : LAPTOP-VCBMR6EO\eviei
==================================================
==================================================
Event Time        : 8/13/2018 4:57:01 PM.158
Record ID         : 11421
Event ID          : 6114
Level             : Error
Channel           : Microsoft-Windows-LiveId/Operational
Provider          : Microsoft-Windows-LiveId
Description       : SOAP Request of type Service for user CID '31dcc87248745643' in production environment received the following error code from the Microsoft Account server: 0x800478AD.
Opcode            :
Task              :
Keywords          : Error
Process ID        : 5872
Thread ID         : 6152
Computer          : LAPTOP-VCBMR6EO
User              : LAPTOP-VCBMR6EO\eviei
==================================================
==================================================
Event Time        : 8/13/2018 4:57:04 PM.028
Record ID         : 338
Event ID          : 8025
Level             : 16
Channel           : Microsoft-Windows-HelloForBusiness/Operational
Provider          : Microsoft-Windows-HelloForBusiness
Description       : The Microsoft Passport service started successfully.
Opcode            : Informational (12)
Task              : Service Start (6)
Keywords          : 0x8000000000000001
Process ID        : 12148
Thread ID         : 11300
Computer          : LAPTOP-VCBMR6EO
User              : NT AUTHORITY\SYSTEM
==================================================
==================================================
Event Time        : 8/13/2018 4:57:04 PM.947
Record ID         : 340
Event ID          : 8210
Level             : 16
Channel           : Microsoft-Windows-HelloForBusiness/Operational
Provider          : Microsoft-Windows-HelloForBusiness
Description       : Windows Hello for Business successfully completed the remote desktop prerequisite check.
Opcode            : Informational (12)
Task              : Prerequisites Check (12)
Keywords          : 0x8000000000000001
Process ID        : 5036
Thread ID         : 8976
Computer          : LAPTOP-VCBMR6EO
User              : LAPTOP-VCBMR6EO\eviei
==================================================
==================================================
Event Time        : 8/13/2018 4:57:04 PM.947
Record ID         : 341
Event ID          : 7201
Level             : Error
Channel           : Microsoft-Windows-HelloForBusiness/Operational
Provider          : Microsoft-Windows-HelloForBusiness
Description       : The Primary Account Primary Refresh Token prerequisite check failed.
Opcode            : Informational (12)
Task              : Prerequisites Check (12)
Keywords          : 0x8000000000000001
Process ID        : 5036
Thread ID         : 8976
Computer          : LAPTOP-VCBMR6EO
User              : LAPTOP-VCBMR6EO\eviei
==================================================
==================================================
Event Time        : 8/13/2018 4:57:04 PM.947
Record ID         : 342
Event ID          : 7054
Level             : Error
Channel           : Microsoft-Windows-HelloForBusiness/Operational
Provider          : Microsoft-Windows-HelloForBusiness
Description       : Windows Hello for Business prerequisites check failed.
Error: 0x1
Opcode            : Stop (11)
Task              : Prerequisites Check (12)
Keywords          : 0x8000000000000001
Process ID        : 5036
Thread ID         : 8976
Computer          : LAPTOP-VCBMR6EO
User              : LAPTOP-VCBMR6EO\eviei
==================================================
==================================================
Event Time        : 8/13/2018 4:57:11 PM.519
Record ID         : 5294
Event ID          : 1002
Level             : Warning
Channel           : Microsoft-Windows-Known Folders API Service
Provider          : Microsoft-Windows-KnownFolders
Description       : Error 0x80070005 occurred while verifying known folder {B97D20BB-F46A-4C97-BA10-5E3608430854} with path 'C:\Users\eviei\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup'.
Opcode            :
Task              :
Keywords          : 0x8000000000000000
Process ID        : 7904
Thread ID         : 12052
Computer          : LAPTOP-VCBMR6EO
User              : LAPTOP-VCBMR6EO\eviei
==================================================
==================================================
Event Time        : 8/13/2018 4:57:11 PM.520
Record ID         : 5295
Event ID          : 1002
Level             : Warning
Channel           : Microsoft-Windows-Known Folders API Service
Provider          : Microsoft-Windows-KnownFolders
Description       : Error 0x80070005 occurred while verifying known folder {82A5EA35-D9CD-47C5-9629-E15D2F714E6E} with path 'C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup'.
Opcode            :
Task              :
Keywords          : 0x8000000000000000
Process ID        : 7904
Thread ID         : 12052
Computer          : LAPTOP-VCBMR6EO
User              : LAPTOP-VCBMR6EO\eviei
==================================================
==================================================
Event Time        : 8/13/2018 4:57:39 PM.300
Record ID         : 11442
Event ID          : 6113
Level             : Error
Channel           : Microsoft-Windows-LiveId/Operational
Provider          : Microsoft-Windows-LiveId
Description       : RPC call to function WLIDGetKeyLatest returned the following error code: 0x800488A4.
Opcode            :
Task              :
Keywords          : Error
Process ID        : 5872
Thread ID         : 12620
Computer          : LAPTOP-VCBMR6EO
User              : NT AUTHORITY\SYSTEM
==================================================
==================================================
Event Time        : 8/13/2018 4:58:05 PM.617
Record ID         : 39853
Event ID          : 1000
Level             : Error
Channel           : Application
Provider          : Application Error
Description       : Faulting application name: HPMSGSVC.exe, version: 1.4.11.0, time stamp: 0x57674acb
Faulting module name: HPMSGSVC.exe, version: 1.4.11.0, time stamp: 0x57674acb
Exception code: 0xc0000005
Fault offset: 0x000075ee
Faulting process id: 0x2a68
Faulting application start time: 0x01d43348506a56b2
Faulting application path: C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe
Faulting module path: C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe
Report Id: 378eac5c-4e83-4a60-a3f0-637a8ae0b68e
Faulting package full name:
Faulting package-relative application ID:
Opcode            :
Task              : Application Crashing Events (100)
Keywords          : Classic
Process ID        :
Thread ID         :
Computer          : LAPTOP-VCBMR6EO
User              :
==================================================
==================================================
Event Time        : 8/13/2018 4:58:11 PM.745
Record ID         : 3956
Event ID          : 308
Level             : Warning
Channel           : Microsoft-Windows-Bits-Client/Operational
Provider          : Microsoft-Windows-Bits-Client
Description       : The BITS service shut down successfully, but it was delayed for 247065.765 seconds. This might cause delays when you turn off your computer. For more information on the delay, enable the analytic log for BITS, then stop and restart the BITS service.
Opcode            :
Task              :
Keywords          : 0x4000000000000000
Process ID        : 7632
Thread ID         : 1612
Computer          : LAPTOP-VCBMR6EO
User              : NT AUTHORITY\SYSTEM
==================================================
==================================================
Event Time        : 8/13/2018 4:58:20 PM.300
Record ID         : 11460
Event ID          : 6114
Level             : Error
Channel           : Microsoft-Windows-LiveId/Operational
Provider          : Microsoft-Windows-LiveId
Description       : SOAP Request of type Service for user CID '31dcc87248745643' in production environment received the following error code from the Microsoft Account server: 0x800478AD.
Opcode            :
Task              :
Keywords          : Error
Process ID        : 5872
Thread ID         : 3880
Computer          : LAPTOP-VCBMR6EO
User              : LAPTOP-VCBMR6EO\eviei
==================================================
==================================================
Event Time        : 8/13/2018 4:58:22 PM.252
Record ID         : 11463
Event ID          : 6114
Level             : Error
Channel           : Microsoft-Windows-LiveId/Operational
Provider          : Microsoft-Windows-LiveId
Description       : SOAP Request of type Service for user CID '31dcc87248745643' in production environment received the following error code from the Microsoft Account server: 0x800478AD.
Opcode            :
Task              :
Keywords          : Error
Process ID        : 5872
Thread ID         : 3880
Computer          : LAPTOP-VCBMR6EO
User              : LAPTOP-VCBMR6EO\eviei
==================================================
==================================================
Event Time        : 8/13/2018 4:59:10 PM.333
Record ID         : 5296
Event ID          : 1002
Level             : Warning
Channel           : Microsoft-Windows-Known Folders API Service
Provider          : Microsoft-Windows-KnownFolders
Description       : Error 0x80070002 occurred while verifying known folder {B97D20BB-F46A-4C97-BA10-5E3608430854} with path 'C:\WINDOWS\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup'.
Opcode            :
Task              :
Keywords          : 0x8000000000000000
Process ID        : 12596
Thread ID         : 5316
Computer          : LAPTOP-VCBMR6EO
User              : NT AUTHORITY\SYSTEM
==================================================
==================================================
Event Time        : 8/13/2018 4:59:12 PM.053
Record ID         : 3959
Event ID          : 310
Level             : Warning
Channel           : Microsoft-Windows-Bits-Client/Operational
Provider          : Microsoft-Windows-Bits-Client
Description       : The initialization of the peer helper modules failed with the following error:  0x80070032.
Opcode            :
Task              :
Keywords          : 0x4000000000000000
Process ID        : 13196
Thread ID         : 1152
Computer          : LAPTOP-VCBMR6EO
User              : NT AUTHORITY\SYSTEM
==================================================
==================================================
Event Time        : 8/13/2018 4:59:17 PM.595
Record ID         : 116
Event ID          : 2
Level             : Error
Channel           : Microsoft-Windows-Kernel-EventTracing/Admin
Provider          : Microsoft-Windows-Kernel-EventTracing
Description       : Session "Cloud Files Diagnostic Event Listener" failed to start with the following error: 0xC0000022
Opcode            : Start (12)
Task              : Session (2)
Keywords          : Session
Process ID        : 12152
Thread ID         : 13836
Computer          : LAPTOP-VCBMR6EO
User              : LAPTOP-VCBMR6EO\eviei
==================================================
==================================================
Event Time        : 8/13/2018 4:59:17 PM.839
Record ID         : 117
Event ID          : 2
Level             : Error
Channel           : Microsoft-Windows-Kernel-EventTracing/Admin
Provider          : Microsoft-Windows-Kernel-EventTracing
Description       : Session "CldFltLog" failed to start with the following error: 0xC0000022
Opcode            : Start (12)
Task              : Session (2)
Keywords          : Session
Process ID        : 12152
Thread ID         : 13836
Computer          : LAPTOP-VCBMR6EO
User              : LAPTOP-VCBMR6EO\eviei
==================================================
==================================================
Event Time        : 8/13/2018 4:59:36 PM.412
Record ID         : 3645
Event ID          : 1
Level             : Error
Channel           : Microsoft-Windows-CloudStore/Operational
Provider          : Microsoft-Windows-CloudStore
Description       : Error 0x80070003 occurred. See event details for more information.
Opcode            :
Task              :
Keywords          : 0x8000000000000000
Process ID        : 1500
Thread ID         : 6452
Computer          : LAPTOP-VCBMR6EO
User              : LAPTOP-VCBMR6EO\eviei
==================================================
==================================================
Event Time        : 8/13/2018 4:59:36 PM.412
Record ID         : 3646
Event ID          : 1
Level             : Error
Channel           : Microsoft-Windows-CloudStore/Operational
Provider          : Microsoft-Windows-CloudStore
Description       : Error 0x80070003 occurred. See event details for more information.
Opcode            :
Task              :
Keywords          : 0x8000000000000000
Process ID        : 1500
Thread ID         : 6452
Computer          : LAPTOP-VCBMR6EO
User              : LAPTOP-VCBMR6EO\eviei
==================================================
==================================================
Event Time        : 8/13/2018 4:59:36 PM.412
Record ID         : 3647
Event ID          : 1
Level             : Error
Channel           : Microsoft-Windows-CloudStore/Operational
Provider          : Microsoft-Windows-CloudStore
Description       : Error 0x80070003 occurred. See event details for more information.
Opcode            :
Task              :
Keywords          : 0x8000000000000000
Process ID        : 1500
Thread ID         : 6452
Computer          : LAPTOP-VCBMR6EO
User              : LAPTOP-VCBMR6EO\eviei
==================================================
==================================================
Event Time        : 8/13/2018 4:59:36 PM.412
Record ID         : 3648
Event ID          : 1
Level             : Error
Channel           : Microsoft-Windows-CloudStore/Operational
Provider          : Microsoft-Windows-CloudStore
Description       : Error 0x80070003 occurred. See event details for more information.
Opcode            :
Task              :
Keywords          : 0x8000000000000000
Process ID        : 1500
Thread ID         : 6452
Computer          : LAPTOP-VCBMR6EO
User              : LAPTOP-VCBMR6EO\eviei
==================================================
==================================================
Event Time        : 8/13/2018 4:59:38 PM.063
Record ID         : 5297
Event ID          : 1002
Level             : Warning
Channel           : Microsoft-Windows-Known Folders API Service
Provider          : Microsoft-Windows-KnownFolders
Description       : Error 0x80070005 occurred while verifying known folder {B97D20BB-F46A-4C97-BA10-5E3608430854} with path 'C:\Users\eviei\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup'.
Opcode            :
Task              :
Keywords          : 0x8000000000000000
Process ID        : 10860
Thread ID         : 14520
Computer          : LAPTOP-VCBMR6EO
User              : LAPTOP-VCBMR6EO\eviei
==================================================
==================================================
Event Time        : 8/13/2018 4:59:38 PM.063
Record ID         : 5298
Event ID          : 1002
Level             : Warning
Channel           : Microsoft-Windows-Known Folders API Service
Provider          : Microsoft-Windows-KnownFolders
Description       : Error 0x80070005 occurred while verifying known folder {82A5EA35-D9CD-47C5-9629-E15D2F714E6E} with path 'C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup'.
Opcode            :
Task              :
Keywords          : 0x8000000000000000
Process ID        : 10860
Thread ID         : 14520
Computer          : LAPTOP-VCBMR6EO
User              : LAPTOP-VCBMR6EO\eviei
==================================================
==================================================
Event Time        : 8/13/2018 5:00:02 PM.486
Record ID         : 3649
Event ID          : 1
Level             : Error
Channel           : Microsoft-Windows-CloudStore/Operational
Provider          : Microsoft-Windows-CloudStore
Description       : Error 0x80070003 occurred. See event details for more information.
Opcode            :
Task              :
Keywords          : 0x8000000000000000
Process ID        : 1500
Thread ID         : 6452
Computer          : LAPTOP-VCBMR6EO
User              : LAPTOP-VCBMR6EO\eviei
==================================================
==================================================
Event Time        : 8/13/2018 5:00:02 PM.486
Record ID         : 3650
Event ID          : 1
Level             : Error
Channel           : Microsoft-Windows-CloudStore/Operational
Provider          : Microsoft-Windows-CloudStore
Description       : Error 0x80070003 occurred. See event details for more information.
Opcode            :
Task              :
Keywords          : 0x8000000000000000
Process ID        : 1500
Thread ID         : 6452
Computer          : LAPTOP-VCBMR6EO
User              : LAPTOP-VCBMR6EO\eviei
==================================================
==================================================
Event Time        : 8/13/2018 5:00:02 PM.486
Record ID         : 3651
Event ID          : 1
Level             : Error
Channel           : Microsoft-Windows-CloudStore/Operational
Provider          : Microsoft-Windows-CloudStore
Description       : Error 0x80070003 occurred. See event details for more information.
Opcode            :
Task              :
Keywords          : 0x8000000000000000
Process ID        : 1500
Thread ID         : 6452
Computer          : LAPTOP-VCBMR6EO
User              : LAPTOP-VCBMR6EO\eviei
==================================================
==================================================
Event Time        : 8/13/2018 5:00:02 PM.486
Record ID         : 3652
Event ID          : 1
Level             : Error
Channel           : Microsoft-Windows-CloudStore/Operational
Provider          : Microsoft-Windows-CloudStore
Description       : Error 0x80070003 occurred. See event details for more information.
Opcode            :
Task              :
Keywords          : 0x8000000000000000
Process ID        : 1500
Thread ID         : 6452
Computer          : LAPTOP-VCBMR6EO
User              : LAPTOP-VCBMR6EO\eviei
==================================================
==================================================
Event Time        : 8/13/2018 5:00:14 PM.537
Record ID         : 4961
Event ID          : 10010
Level             : Error
Channel           : System
Provider          : Microsoft-Windows-DistributedCOM
Description       : The server {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} did not register with DCOM within the required timeout.
Opcode            :
Task              :
Keywords          : Classic
Process ID        : 1040
Thread ID         : 1084
Computer          : LAPTOP-VCBMR6EO
User              : LAPTOP-VCBMR6EO\eviei
==================================================
==================================================
Event Time        : 8/13/2018 5:00:52 PM.048
Record ID         : 5299
Event ID          : 1002
Level             : Warning
Channel           : Microsoft-Windows-Known Folders API Service
Provider          : Microsoft-Windows-KnownFolders
Description       : Error 0x80070002 occurred while verifying known folder {C4900540-2379-4C75-844B-64E6FAF8716B} with path 'C:\Users\Public\Pictures\Sample Pictures'.
Opcode            :
Task              :
Keywords          : 0x8000000000000000
Process ID        : 3372
Thread ID         : 13328
Computer          : LAPTOP-VCBMR6EO
User              : LAPTOP-VCBMR6EO\eviei
==================================================
==================================================
Event Time        : 8/13/2018 5:00:52 PM.053
Record ID         : 5300
Event ID          : 1002
Level             : Warning
Channel           : Microsoft-Windows-Known Folders API Service
Provider          : Microsoft-Windows-KnownFolders
Description       : Error 0x80070002 occurred while verifying known folder {2A00375E-224C-49DE-B8D1-440DF7EF3DDC} with path 'C:\WINDOWS\resources\0409'.
Opcode            :
Task              :
Keywords          : 0x8000000000000000
Process ID        : 3372
Thread ID         : 13328
Computer          : LAPTOP-VCBMR6EO
User              : LAPTOP-VCBMR6EO\eviei
==================================================
==================================================
Event Time        : 8/13/2018 5:00:52 PM.062
Record ID         : 5301
Event ID          : 1002
Level             : Warning
Channel           : Microsoft-Windows-Known Folders API Service
Provider          : Microsoft-Windows-KnownFolders
Description       : Error 0x80070002 occurred while verifying known folder {B250C668-F57D-4EE1-A63C-290EE7D1AA1F} with path 'C:\Users\Public\Music\Sample Music'.
Opcode            :
Task              :
Keywords          : 0x8000000000000000
Process ID        : 3372
Thread ID         : 13328
Computer          : LAPTOP-VCBMR6EO
User              : LAPTOP-VCBMR6EO\eviei
==================================================
==================================================
Event Time        : 8/13/2018 5:00:52 PM.081
Record ID         : 5302
Event ID          : 1002
Level             : Warning
Channel           : Microsoft-Windows-Known Folders API Service
Provider          : Microsoft-Windows-KnownFolders
Description       : Error 0x80070002 occurred while verifying known folder {859EAD94-2E85-48AD-A71A-0969CB56A6CD} with path 'C:\Users\Public\Videos\Sample Videos'.
Opcode            :
Task              :
Keywords          : 0x8000000000000000
Process ID        : 3372
Thread ID         : 13328
Computer          : LAPTOP-VCBMR6EO
User              : LAPTOP-VCBMR6EO\eviei
==================================================
==================================================
Event Time        : 8/13/2018 5:00:52 PM.087
Record ID         : 5303
Event ID          : 1002
Level             : Warning
Channel           : Microsoft-Windows-Known Folders API Service
Provider          : Microsoft-Windows-KnownFolders
Description       : Error 0x80070002 occurred while verifying known folder {12D4C69E-24AD-4923-BE19-31321C43A767} with path 'C:\ProgramData\Microsoft\Windows\RetailDemo'.
Opcode            :
Task              :
Keywords          : 0x8000000000000000
Process ID        : 3372
Thread ID         : 13328
Computer          : LAPTOP-VCBMR6EO
User              : LAPTOP-VCBMR6EO\eviei
==================================================
==================================================
Event Time        : 8/13/2018 5:00:52 PM.111
Record ID         : 5304
Event ID          : 1002
Level             : Warning
Channel           : Microsoft-Windows-Known Folders API Service
Provider          : Microsoft-Windows-KnownFolders
Description       : Error 0x80070002 occurred while verifying known folder {C1BAE2D0-10DF-4334-BEDD-7AA20B227A9D} with path 'C:\ProgramData\OEM Links'.
Opcode            :
Task              :
Keywords          : 0x8000000000000000
Process ID        : 3372
Thread ID         : 13328
Computer          : LAPTOP-VCBMR6EO
User              : LAPTOP-VCBMR6EO\eviei
==================================================
==================================================
Event Time        : 8/13/2018 5:00:52 PM.974
Record ID         : 5305
Event ID          : 1002
Level             : Warning
Channel           : Microsoft-Windows-Known Folders API Service
Provider          : Microsoft-Windows-KnownFolders
Description       : Error 0x80070002 occurred while verifying known folder {C4900540-2379-4C75-844B-64E6FAF8716B} with path 'C:\Users\Public\Pictures\Sample Pictures'.
Opcode            :
Task              :
Keywords          : 0x8000000000000000
Process ID        : 3372
Thread ID         : 13328
Computer          : LAPTOP-VCBMR6EO
User              : LAPTOP-VCBMR6EO\eviei
==================================================
==================================================
Event Time        : 8/13/2018 5:00:52 PM.978
Record ID         : 5306
Event ID          : 1002
Level             : Warning
Channel           : Microsoft-Windows-Known Folders API Service
Provider          : Microsoft-Windows-KnownFolders
Description       : Error 0x80070002 occurred while verifying known folder {2A00375E-224C-49DE-B8D1-440DF7EF3DDC} with path 'C:\WINDOWS\resources\0409'.
Opcode            :
Task              :
Keywords          : 0x8000000000000000
Process ID        : 3372
Thread ID         : 13328
Computer          : LAPTOP-VCBMR6EO
User              : LAPTOP-VCBMR6EO\eviei
==================================================
==================================================
Event Time        : 8/13/2018 5:00:52 PM.991
Record ID         : 5307
Event ID          : 1002
Level             : Warning
Channel           : Microsoft-Windows-Known Folders API Service
Provider          : Microsoft-Windows-KnownFolders
Description       : Error 0x80070002 occurred while verifying known folder {B250C668-F57D-4EE1-A63C-290EE7D1AA1F} with path 'C:\Users\Public\Music\Sample Music'.
Opcode            :
Task              :
Keywords          : 0x8000000000000000
Process ID        : 3372
Thread ID         : 13328
Computer          : LAPTOP-VCBMR6EO
User              : LAPTOP-VCBMR6EO\eviei
==================================================
==================================================
Event Time        : 8/13/2018 5:00:53 PM.011
Record ID         : 5308
Event ID          : 1002
Level             : Warning
Channel           : Microsoft-Windows-Known Folders API Service
Provider          : Microsoft-Windows-KnownFolders
Description       : Error 0x80070002 occurred while verifying known folder {859EAD94-2E85-48AD-A71A-0969CB56A6CD} with path 'C:\Users\Public\Videos\Sample Videos'.
Opcode            :
Task              :
Keywords          : 0x8000000000000000
Process ID        : 3372
Thread ID         : 13328
Computer          : LAPTOP-VCBMR6EO
User              : LAPTOP-VCBMR6EO\eviei
==================================================
==================================================
Event Time        : 8/13/2018 5:00:53 PM.018
Record ID         : 5309
Event ID          : 1002
Level             : Warning
Channel           : Microsoft-Windows-Known Folders API Service
Provider          : Microsoft-Windows-KnownFolders
Description       : Error 0x80070002 occurred while verifying known folder {12D4C69E-24AD-4923-BE19-31321C43A767} with path 'C:\ProgramData\Microsoft\Windows\RetailDemo'.
Opcode            :
Task              :
Keywords          : 0x8000000000000000
Process ID        : 3372
Thread ID         : 13328
Computer          : LAPTOP-VCBMR6EO
User              : LAPTOP-VCBMR6EO\eviei
==================================================
==================================================
Event Time        : 8/13/2018 5:00:53 PM.040
Record ID         : 5310
Event ID          : 1002
Level             : Warning
Channel           : Microsoft-Windows-Known Folders API Service
Provider          : Microsoft-Windows-KnownFolders
Description       : Error 0x80070002 occurred while verifying known folder {C1BAE2D0-10DF-4334-BEDD-7AA20B227A9D} with path 'C:\ProgramData\OEM Links'.
Opcode            :
Task              :
Keywords          : 0x8000000000000000
Process ID        : 3372
Thread ID         : 13328
Computer          : LAPTOP-VCBMR6EO
User              : LAPTOP-VCBMR6EO\eviei
==================================================
==================================================
Event Time        : 8/13/2018 5:01:32 PM.035
Record ID         : 3653
Event ID          : 1
Level             : Error
Channel           : Microsoft-Windows-CloudStore/Operational
Provider          : Microsoft-Windows-CloudStore
Description       : Error 0x80070003 occurred. See event details for more information.
Opcode            :
Task              :
Keywords          : 0x8000000000000000
Process ID        : 1500
Thread ID         : 6452
Computer          : LAPTOP-VCBMR6EO
User              : LAPTOP-VCBMR6EO\eviei
==================================================
==================================================
Event Time        : 8/13/2018 5:01:32 PM.035
Record ID         : 3654
Event ID          : 1
Level             : Error
Channel           : Microsoft-Windows-CloudStore/Operational
Provider          : Microsoft-Windows-CloudStore
Description       : Error 0x80070003 occurred. See event details for more information.
Opcode            :
Task              :
Keywords          : 0x8000000000000000
Process ID        : 1500
Thread ID         : 6452
Computer          : LAPTOP-VCBMR6EO
User              : LAPTOP-VCBMR6EO\eviei
==================================================
==================================================
Event Time        : 8/13/2018 5:01:32 PM.035
Record ID         : 3655
Event ID          : 1
Level             : Error
Channel           : Microsoft-Windows-CloudStore/Operational
Provider          : Microsoft-Windows-CloudStore
Description       : Error 0x80070003 occurred. See event details for more information.
Opcode            :
Task              :
Keywords          : 0x8000000000000000
Process ID        : 1500
Thread ID         : 6452
Computer          : LAPTOP-VCBMR6EO
User              : LAPTOP-VCBMR6EO\eviei
==================================================
==================================================
Event Time        : 8/13/2018 5:01:32 PM.035
Record ID         : 3656
Event ID          : 1
Level             : Error
Channel           : Microsoft-Windows-CloudStore/Operational
Provider          : Microsoft-Windows-CloudStore
Description       : Error 0x80070003 occurred. See event details for more information.
Opcode            :
Task              :
Keywords          : 0x8000000000000000
Process ID        : 1500
Thread ID         : 6452
Computer          : LAPTOP-VCBMR6EO
User              : LAPTOP-VCBMR6EO\eviei
==================================================
==================================================
Event Time        : 8/13/2018 5:01:32 PM.752
Record ID         : 3657
Event ID          : 1
Level             : Error
Channel           : Microsoft-Windows-CloudStore/Operational
Provider          : Microsoft-Windows-CloudStore
Description       : Error 0x80070003 occurred. See event details for more information.
Opcode            :
Task              :
Keywords          : 0x8000000000000000
Process ID        : 1500
Thread ID         : 6452
Computer          : LAPTOP-VCBMR6EO
User              : LAPTOP-VCBMR6EO\eviei
==================================================
==================================================
Event Time        : 8/13/2018 5:01:32 PM.752
Record ID         : 3658
Event ID          : 1
Level             : Error
Channel           : Microsoft-Windows-CloudStore/Operational
Provider          : Microsoft-Windows-CloudStore
Description       : Error 0x80070003 occurred. See event details for more information.
Opcode            :
Task              :
Keywords          : 0x8000000000000000
Process ID        : 1500
Thread ID         : 6452
Computer          : LAPTOP-VCBMR6EO
User              : LAPTOP-VCBMR6EO\eviei
==================================================
==================================================
Event Time        : 8/13/2018 5:01:32 PM.752
Record ID         : 3659
Event ID          : 1
Level             : Error
Channel           : Microsoft-Windows-CloudStore/Operational
Provider          : Microsoft-Windows-CloudStore
Description       : Error 0x80070003 occurred. See event details for more information.
Opcode            :
Task              :
Keywords          : 0x8000000000000000
Process ID        : 1500
Thread ID         : 6452
Computer          : LAPTOP-VCBMR6EO
User              : LAPTOP-VCBMR6EO\eviei
==================================================
==================================================
Event Time        : 8/13/2018 5:01:32 PM.752
Record ID         : 3660
Event ID          : 1
Level             : Error
Channel           : Microsoft-Windows-CloudStore/Operational
Provider          : Microsoft-Windows-CloudStore
Description       : Error 0x80070003 occurred. See event details for more information.
Opcode            :
Task              :
Keywords          : 0x8000000000000000
Process ID        : 1500
Thread ID         : 6452
Computer          : LAPTOP-VCBMR6EO
User              : LAPTOP-VCBMR6EO\eviei
==================================================
==================================================
Event Time        : 8/13/2018 5:02:01 PM.623
Record ID         : 11499
Event ID          : 6113
Level             : Error
Channel           : Microsoft-Windows-LiveId/Operational
Provider          : Microsoft-Windows-LiveId
Description       : RPC call to function WLIDAcquireTokensWithNGC returned the following error code: 0x80048051.
Opcode            :
Task              :
Keywords          : Error
Process ID        : 5872
Thread ID         : 12620
Computer          : LAPTOP-VCBMR6EO
User              : NT AUTHORITY\SYSTEM
==================================================
==================================================
Event Time        : 8/13/2018 5:02:01 PM.963
Record ID         : 3661
Event ID          : 1
Level             : Error
Channel           : Microsoft-Windows-CloudStore/Operational
Provider          : Microsoft-Windows-CloudStore
Description       : Error 0x80070003 occurred. See event details for more information.
Opcode            :
Task              :
Keywords          : 0x8000000000000000
Process ID        : 1500
Thread ID         : 6452
Computer          : LAPTOP-VCBMR6EO
User              : LAPTOP-VCBMR6EO\eviei
==================================================
==================================================
Event Time        : 8/13/2018 5:02:01 PM.963
Record ID         : 3662
Event ID          : 1
Level             : Error
Channel           : Microsoft-Windows-CloudStore/Operational
Provider          : Microsoft-Windows-CloudStore
Description       : Error 0x80070003 occurred. See event details for more information.
Opcode            :
Task              :
Keywords          : 0x8000000000000000
Process ID        : 1500
Thread ID         : 6452
Computer          : LAPTOP-VCBMR6EO
User              : LAPTOP-VCBMR6EO\eviei
==================================================
==================================================
Event Time        : 8/13/2018 5:02:01 PM.963
Record ID         : 3663
Event ID          : 1
Level             : Error
Channel           : Microsoft-Windows-CloudStore/Operational
Provider          : Microsoft-Windows-CloudStore
Description       : Error 0x80070003 occurred. See event details for more information.
Opcode            :
Task              :
Keywords          : 0x8000000000000000
Process ID        : 1500
Thread ID         : 6452
Computer          : LAPTOP-VCBMR6EO
User              : LAPTOP-VCBMR6EO\eviei
==================================================
==================================================
Event Time        : 8/13/2018 5:02:01 PM.963
Record ID         : 3664
Event ID          : 1
Level             : Error
Channel           : Microsoft-Windows-CloudStore/Operational
Provider          : Microsoft-Windows-CloudStore
Description       : Error 0x80070003 occurred. See event details for more information.
Opcode            :
Task              :
Keywords          : 0x8000000000000000
Process ID        : 1500
Thread ID         : 6452
Computer          : LAPTOP-VCBMR6EO
User              : LAPTOP-VCBMR6EO\eviei
==================================================
==================================================
Event Time        : 8/13/2018 5:02:19 PM.456
Record ID         : 4962
Event ID          : 10016
Level             : Error
Channel           : System
Provider          : Microsoft-Windows-DistributedCOM
Description       : The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Opcode            :
Task              :
Keywords          : Classic
Process ID        : 1040
Thread ID         : 1900
Computer          : LAPTOP-VCBMR6EO
User              : NT AUTHORITY\LOCAL SERVICE
==================================================
==================================================
Event Time        : 8/13/2018 5:02:19 PM.609
Record ID         : 4963
Event ID          : 7023
Level             : Error
Channel           : System
Provider          : Service Control Manager
Description       : The Interactive Services Detection service terminated with the following error:
Incorrect function.
Opcode            :
Task              :
Keywords          : Classic
Process ID        : 912
Thread ID         : 10732
Computer          : LAPTOP-VCBMR6EO
User              :
==================================================
==================================================
Event Time        : 8/13/2018 5:02:57 PM.769
Record ID         : 3665
Event ID          : 1
Level             : Error
Channel           : Microsoft-Windows-CloudStore/Operational
Provider          : Microsoft-Windows-CloudStore
Description       : Error 0x80070003 occurred. See event details for more information.
Opcode            :
Task              :
Keywords          : 0x8000000000000000
Process ID        : 1500
Thread ID         : 6452
Computer          : LAPTOP-VCBMR6EO
User              : LAPTOP-VCBMR6EO\eviei
==================================================
==================================================
Event Time        : 8/13/2018 5:02:57 PM.769
Record ID         : 3666
Event ID          : 1
Level             : Error
Channel           : Microsoft-Windows-CloudStore/Operational
Provider          : Microsoft-Windows-CloudStore
Description       : Error 0x80070003 occurred. See event details for more information.
Opcode            :
Task              :
Keywords          : 0x8000000000000000
Process ID        : 1500
Thread ID         : 6452
Computer          : LAPTOP-VCBMR6EO
User              : LAPTOP-VCBMR6EO\eviei
==================================================
==================================================
Event Time        : 8/13/2018 5:02:57 PM.769
Record ID         : 3667
Event ID          : 1
Level             : Error
Channel           : Microsoft-Windows-CloudStore/Operational
Provider          : Microsoft-Windows-CloudStore
Description       : Error 0x80070003 occurred. See event details for more information.
Opcode            :
Task              :
Keywords          : 0x8000000000000000
Process ID        : 1500
Thread ID         : 6452
Computer          : LAPTOP-VCBMR6EO
User              : LAPTOP-VCBMR6EO\eviei
==================================================
==================================================
Event Time        : 8/13/2018 5:02:57 PM.769
Record ID         : 3668
Event ID          : 1
Level             : Error
Channel           : Microsoft-Windows-CloudStore/Operational
Provider          : Microsoft-Windows-CloudStore
Description       : Error 0x80070003 occurred. See event details for more information.
Opcode            :
Task              :
Keywords          : 0x8000000000000000
Process ID        : 1500
Thread ID         : 6452
Computer          : LAPTOP-VCBMR6EO
User              : LAPTOP-VCBMR6EO\eviei
==================================================
==================================================
Event Time        : 8/13/2018 5:02:58 PM.537
Record ID         : 5311
Event ID          : 1002
Level             : Warning
Channel           : Microsoft-Windows-Known Folders API Service
Provider          : Microsoft-Windows-KnownFolders
Description       : Error 0x80070002 occurred while verifying known folder {B97D20BB-F46A-4C97-BA10-5E3608430854} with path 'C:\WINDOWS\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup'.
Opcode            :
Task              :
Keywords          : 0x8000000000000000
Process ID        : 15172
Thread ID         : 11812
Computer          : LAPTOP-VCBMR6EO
User              : NT AUTHORITY\SYSTEM
==================================================
==================================================
Event Time        : 8/13/2018 5:04:17 PM.491
Record ID         : 3973
Event ID          : 61
Level             : Warning
Channel           : Microsoft-Windows-Bits-Client/Operational
Provider          : Microsoft-Windows-Bits-Client
Description       : BITS stopped transferring the PreSignInSettingsConfigJSON transfer job that is associated with the https://g.live.com/o...ntsettings/ProdURL. The status code is 0x80072EE2.
Opcode            : Stop (2)
Task              :
Keywords          : 0x4000000000000000
Process ID        : 13196
Thread ID         : 12932
Computer          : LAPTOP-VCBMR6EO
User              : NT AUTHORITY\SYSTEM
==================================================
==================================================
Event Time        : 8/13/2018 5:05:11 PM.364
Record ID         : 3669
Event ID          : 1
Level             : Error
Channel           : Microsoft-Windows-CloudStore/Operational
Provider          : Microsoft-Windows-CloudStore
Description       : Error 0x80070003 occurred. See event details for more information.
Opcode            :
Task              :
Keywords          : 0x8000000000000000
Process ID        : 1500
Thread ID         : 6452
Computer          : LAPTOP-VCBMR6EO
User              : LAPTOP-VCBMR6EO\eviei
==================================================
==================================================
Event Time        : 8/13/2018 5:05:11 PM.364
Record ID         : 3670
Event ID          : 1
Level             : Error
Channel           : Microsoft-Windows-CloudStore/Operational
Provider          : Microsoft-Windows-CloudStore
Description       : Error 0x80070003 occurred. See event details for more information.
Opcode            :
Task              :
Keywords          : 0x8000000000000000
Process ID        : 1500
Thread ID         : 6452
Computer          : LAPTOP-VCBMR6EO
User              : LAPTOP-VCBMR6EO\eviei
==================================================
==================================================
Event Time        : 8/13/2018 5:05:11 PM.364
Record ID         : 3671
Event ID          : 1
Level             : Error
Channel           : Microsoft-Windows-CloudStore/Operational
Provider          : Microsoft-Windows-CloudStore
Description       : Error 0x80070003 occurred. See event details for more information.
Opcode            :
Task              :
Keywords          : 0x8000000000000000
Process ID        : 1500
Thread ID         : 6452
Computer          : LAPTOP-VCBMR6EO
User              : LAPTOP-VCBMR6EO\eviei
==================================================
==================================================
Event Time        : 8/13/2018 5:05:11 PM.364
Record ID         : 3672
Event ID          : 1
Level             : Error
Channel           : Microsoft-Windows-CloudStore/Operational
Provider          : Microsoft-Windows-CloudStore
Description       : Error 0x80070003 occurred. See event details for more information.
Opcode            :
Task              :
Keywords          : 0x8000000000000000
Process ID        : 1500
Thread ID         : 6452
Computer          : LAPTOP-VCBMR6EO
User              : LAPTOP-VCBMR6EO\eviei
==================================================
==================================================
Event Time        : 8/13/2018 5:05:11 PM.723
Record ID         : 3673
Event ID          : 1
Level             : Error
Channel           : Microsoft-Windows-CloudStore/Operational
Provider          : Microsoft-Windows-CloudStore
Description       : Error 0x80070003 occurred. See event details for more information.
Opcode            :
Task              :
Keywords          : 0x8000000000000000
Process ID        : 1500
Thread ID         : 9628
Computer          : LAPTOP-VCBMR6EO
User              : LAPTOP-VCBMR6EO\eviei
==================================================
==================================================
Event Time        : 8/13/2018 5:05:11 PM.723
Record ID         : 3674
Event ID          : 1
Level             : Error
Channel           : Microsoft-Windows-CloudStore/Operational
Provider          : Microsoft-Windows-CloudStore
Description       : Error 0x80070003 occurred. See event details for more information.
Opcode            :
Task              :
Keywords          : 0x8000000000000000
Process ID        : 1500
Thread ID         : 9628
Computer          : LAPTOP-VCBMR6EO
User              : LAPTOP-VCBMR6EO\eviei
==================================================
==================================================
Event Time        : 8/13/2018 5:05:11 PM.723
Record ID         : 3675
Event ID          : 1
Level             : Error
Channel           : Microsoft-Windows-CloudStore/Operational
Provider          : Microsoft-Windows-CloudStore
Description       : Error 0x80070003 occurred. See event details for more information.
Opcode            :
Task              :
Keywords          : 0x8000000000000000
Process ID        : 1500
Thread ID         : 9628
Computer          : LAPTOP-VCBMR6EO
User              : LAPTOP-VCBMR6EO\eviei
==================================================
==================================================
Event Time        : 8/13/2018 5:05:11 PM.723
Record ID         : 3676
Event ID          : 1
Level             : Error
Channel           : Microsoft-Windows-CloudStore/Operational
Provider          : Microsoft-Windows-CloudStore
Description       : Error 0x80070003 occurred. See event details for more information.
Opcode            :
Task              :
Keywords          : 0x8000000000000000
Process ID        : 1500
Thread ID         : 9628
Computer          : LAPTOP-VCBMR6EO
User              : LAPTOP-VCBMR6EO\eviei
==================================================
==================================================
Event Time        : 8/13/2018 5:05:44 PM.757
Record ID         : 3974
Event ID          : 61
Level             : Warning
Channel           : Microsoft-Windows-Bits-Client/Operational
Provider          : Microsoft-Windows-Bits-Client
Description       : BITS stopped transferring the PreSignInSettingsConfigJSON transfer job that is associated with the https://g.live.com/o...ntsettings/ProdURL. The status code is 0x80072EE2.
Opcode            : Stop (2)
Task              :
Keywords          : 0x4000000000000000
Process ID        : 13196
Thread ID         : 12932
Computer          : LAPTOP-VCBMR6EO
User              : NT AUTHORITY\SYSTEM
==================================================
==================================================
Event Time        : 8/13/2018 5:06:19 PM.021
Record ID         : 11502
Event ID          : 6113
Level             : Error
Channel           : Microsoft-Windows-LiveId/Operational
Provider          : Microsoft-Windows-LiveId
Description       : RPC call to function WLIDAcquireTokensWithNGC returned the following error code: 0x80048051.
Opcode            :
Task              :
Keywords          : Error
Process ID        : 5872
Thread ID         : 12620
Computer          : LAPTOP-VCBMR6EO
User              : NT AUTHORITY\SYSTEM
==================================================
 

 

 

 

 

 

 

 

Process CPU Private Bytes Working Set PID Description Company Name Verified Signer
System Idle Process 69.08 52 K 8 K 0   
procexp(1)64.exe 5.93 35,072 K 65,612 K 4816 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation
System 5.24 160 K 1,400 K 4   
Interrupts 5.02 0 K 0 K n/a Hardware Interrupts and DPCs  
MsMpEng.exe 4.72 356,996 K 169,488 K 3756 Antimalware Service Executable Microsoft Corporation (Verified) Microsoft Corporation
SynTPEnh.exe 4.10 7,588 K 24,364 K 11248 Synaptics TouchPad 64-bit Enhancements Synaptics Incorporated (Verified) Synaptics Incorporated
dwm.exe 2.17 58,552 K 74,680 K 11120 Desktop Window Manager Microsoft Corporation (Verified) Microsoft Windows
GoogleUpdate.exe 1.01 6,868 K 17,164 K 9644 Google Installer Google Inc. (Verified) Google Inc
csrss.exe 0.75 2,320 K 4,976 K 3484 Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows Publisher
wuauclt.exe 0.53 86,232 K 84,100 K 448 Windows Update Microsoft Corporation (Verified) Microsoft Windows
TabTip.exe 0.34 3,940 K 15,596 K 10892 Touch Keyboard and Handwriting Panel Microsoft Corporation (Verified) Microsoft Windows
GoogleUpdate.exe 0.29 2,816 K 1,820 K 14128 Google Installer Google Inc. (Verified) Google Inc
mcapexe.exe 0.28 3,008 K 2,760 K 9296 McAfee Access Protection McAfee, Inc. (Verified) McAfee
MicrosoftEdgeCP.exe 0.14 119,620 K 159,636 K 1868 Microsoft Edge Content Process Microsoft Corporation (Verified) Microsoft Corporation
SearchIndexer.exe 0.13 31,784 K 31,392 K 8628 Microsoft Windows Search Indexer Microsoft Corporation (Verified) Microsoft Windows
explorer.exe 0.07 50,924 K 118,928 K 5036 Windows Explorer Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 0.04 1,652 K 5,560 K 4656 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
ModuleCoreService.exe 0.03 27,324 K 37,468 K 3556 McAfee Module Core Service McAfee, Inc. (Verified) McAfee
svchost.exe 0.02 38,840 K 44,644 K 4756 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
MfeAVSvc.exe 0.02 11,156 K 8,516 K 9352 McAfee Cloud AV McAfee, Inc. (Verified) McAfee
CCleaner64.exe 0.02 10,520 K 29,892 K 7960 CCleaner Piriform Ltd (Verified) Piriform Ltd
iPodService.exe 0.01 2,336 K 7,800 K 7608 iPod Service Apple Inc. (Verified) Apple Inc.
csrss.exe 0.01 1,840 K 5,300 K 696 Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows Publisher
IntuitUpdateService.exe 0.01 18,836 K 10,144 K 12252 Intuit Update Service Intuit Inc. (Verified) Intuit
iCloudServices.exe 0.01 45,312 K 51,680 K 4064 iCloud Services Apple Inc. (Verified) Apple Inc.
esif_assist_64.exe 0.01 1,392 K 5,108 K 4980 Intel® Dynamic Platform and Thermal Framework Utility Application Intel Corporation (Verified) Intel® Software
svchost.exe < 0.01 42,140 K 45,460 K 1968 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
setup.exe < 0.01 3,132 K 8,492 K 12460 Google Chrome Installer Google Inc. (Verified) Google Inc
FullEventLogView.exe < 0.01 14,896 K 42,220 K 7284 FullEventLogView NirSoft (Verified) Nir Sofer
svchost.exe < 0.01 8,372 K 13,456 K 1040 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
AppleMobileDeviceService.exe < 0.01 3,480 K 10,248 K 3344 MobileDeviceService Apple Inc. (Verified) Apple Inc.
svchost.exe < 0.01 6,320 K 18,596 K 7484 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe < 0.01 4,444 K 15,508 K 5872 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
fontdrvhost.exe < 0.01 3,860 K 9,012 K 13360 Usermode Font Driver Host Microsoft Corporation (Verified) Microsoft Windows
iTunesHelper.exe < 0.01 4,564 K 15,080 K 12280 iTunesHelper Apple Inc. (Verified) Apple Inc.
svchost.exe < 0.01 5,940 K 22,676 K 1092 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe < 0.01 3,196 K 11,724 K 2356 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
sedlauncher.exe < 0.01 4,144 K 872 K 10576 sedlauncher Microsoft Corporation (Verified) Microsoft Windows
MpCmdRun.exe < 0.01 3,800 K 11,708 K 7848 Microsoft Malware Protection Command Line Utility Microsoft Corporation (Verified) Microsoft Corporation
sedsvc.exe < 0.01 2,444 K 8,292 K 12032 sedsvc Microsoft Corporation (Verified) Microsoft Windows
WUDFHost.exe  25,092 K 13,076 K 548 Windows Driver Foundation - User-mode Driver Framework Host Process Microsoft Corporation (Verified) Microsoft Windows
wlanext.exe  2,004 K 6,600 K 3040 Windows Wireless LAN 802.11 Extensibility Framework Microsoft Corporation (Verified) Microsoft Windows
winlogon.exe  2,324 K 8,172 K 10604 Windows Logon Application Microsoft Corporation (Verified) Microsoft Windows
wininit.exe  1,428 K 5,856 K 780 Windows Start-Up Application Microsoft Corporation (Verified) Microsoft Windows Publisher
Windows.WARP.JITService.exe  1,172 K 5,100 K 12892   (Verified) Microsoft Windows
taskhostw.exe  8,524 K 18,528 K 8640 Host Process for Windows Tasks Microsoft Corporation (Verified) Microsoft Windows
TabTip32.exe  1,356 K 4,788 K 5492 Touch Keyboard and Handwriting Panel Helper Microsoft Corporation (Verified) Microsoft Windows
SynTPHelper.exe  1,020 K 4,552 K 12576 Synaptics Pointing Device Helper Synaptics Incorporated (Verified) Synaptics Incorporated
SynTPEnhService.exe  1,236 K 4,352 K 3688 64-bit Synaptics Pointing Enhance Service Synaptics Incorporated (Verified) Synaptics Incorporated
svchost.exe  4,836 K 15,840 K 12356 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe  9,388 K 25,852 K 3404 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe  12,724 K 27,840 K 520 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe  4,828 K 13,252 K 3352 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe  23,480 K 25,588 K 1572 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe  10,800 K 20,208 K 13196 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe  2,820 K 13,220 K 3028 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe  3,444 K 11,140 K 8716 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe  2,468 K 8,780 K 1636 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe  3,416 K 12,948 K 15148 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe  7,804 K 26,260 K 1132 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe  2,080 K 6,048 K 4188 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe  20,656 K 27,128 K 3416 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe  5,236 K 12,752 K 2464 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe  5,508 K 12,084 K 1892 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe  2,248 K 11,200 K 6080 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe  2,080 K 7,544 K 3160 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe  13,928 K 21,360 K 1296 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe  2,312 K 8,220 K 3548 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe  2,420 K 6,884 K 1096 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe  3,284 K 13,868 K 1352 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe  2,536 K 7,212 K 1780 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe  7,212 K 14,712 K 1424 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe  3,284 K 10,028 K 2324 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe  1,668 K 5,612 K 13992 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe  2,500 K 7,100 K 2808 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe  3,868 K 12,076 K 2596 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe  4,864 K 13,772 K 3448 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe  4,200 K 9,860 K 2072 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe  6,380 K 26,548 K 8028 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe  2,024 K 9,600 K 8492 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe  3,576 K 15,644 K 6808 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe  3,288 K 8,044 K 2580 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe  4,564 K 12,416 K 5944 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe  5,468 K 14,540 K 2936 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe  4,856 K 19,504 K 3772 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe  2,052 K 6,088 K 2604 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe  2,268 K 9,636 K 8464 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe  2,032 K 7,436 K 1980 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe  4,184 K 8,464 K 3328 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe  2,752 K 10,304 K 1500 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe  7,080 K 10,632 K 1684 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe  1,268 K 5,336 K 1988 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe  3,544 K 9,380 K 5912 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe  2,052 K 8,052 K 1444 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe  2,472 K 7,332 K 4908 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe  2,844 K 10,228 K 3696 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe  1,708 K 7,460 K 2212 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe  1,624 K 5,632 K 8840 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe  3,796 K 7,800 K 7096 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe  1,372 K 5,808 K 8060 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe  2,452 K 8,444 K 11544 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe  1,764 K 6,664 K 5124 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe  3,336 K 13,744 K 11452 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe  2,392 K 9,392 K 7760 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe  2,820 K 6,880 K 3476 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe  1,776 K 7,356 K 1764 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe  2,284 K 9,208 K 1364 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe  2,212 K 8,784 K 5904 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe  1,900 K 7,476 K 2204 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe  2,072 K 10,876 K 1824 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe  2,524 K 10,264 K 3592 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe  1,652 K 6,076 K 3364 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe  1,568 K 6,448 K 12840 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe  2,232 K 9,392 K 10136 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe  1,980 K 9,440 K 2144 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe  1,540 K 7,136 K 12148 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe  1,560 K 5,928 K 3640 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe  1,256 K 5,140 K 3740 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe  1,396 K 5,544 K 7192 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe  928 K 3,520 K 404 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
spoolsv.exe  6,520 K 12,976 K 2900 Spooler SubSystem App Microsoft Corporation (Verified) Microsoft Windows
smss.exe  460 K 1,000 K 428 Windows Session Manager Microsoft Corporation (Verified) Microsoft Windows Publisher
smartscreen.exe  9,676 K 15,412 K 6168 Windows Defender SmartScreen Microsoft Corporation (Verified) Microsoft Windows
SkypeHost.exe Suspended 2,652 K 5,264 K 14804 Microsoft Skype Microsoft Corporation (No signature was present in the subject) Microsoft Corporation
sihost.exe  7,188 K 27,752 K 10608 Shell Infrastructure Host Microsoft Corporation (Verified) Microsoft Windows
ShellExperienceHost.exe Suspended 47,672 K 59,020 K 7904 Windows Shell Experience Host Microsoft Corporation (Verified) Microsoft Windows
setup.exe  3,108 K 7,748 K 12912 Google Chrome Installer Google Inc. (Verified) Google Inc
SettingSyncHost.exe  10,612 K 9,428 K 684 Host Process for Setting Synchronization Microsoft Corporation (Verified) Microsoft Windows
services.exe  5,696 K 9,244 K 912 Services and Controller app Microsoft Corporation (Verified) Microsoft Windows Publisher
SecurityHealthService.exe  4,360 K 14,608 K 3648 Windows Security Health Service Microsoft Corporation (Verified) Microsoft Windows Publisher
secd.exe  8,784 K 16,972 K 9000 Apple Security Manager Apple, Inc. (Verified) Apple Inc.
SearchUI.exe Suspended 97,156 K 86,140 K 8960 Search and Cortana application Microsoft Corporation (Verified) Microsoft Windows
ScanToPCActivationApp.exe  3,768 K 16,288 K 12684 ScanToPCActivationApp Hewlett-Packard Co. (Verified) Hewlett Packard
RuntimeBroker.exe  10,016 K 30,996 K 3056 Runtime Broker Microsoft Corporation (Verified) Microsoft Windows
RuntimeBroker.exe  4,788 K 28,628 K 6884 Runtime Broker Microsoft Corporation (Verified) Microsoft Windows
RuntimeBroker.exe  5,732 K 24,268 K 10740 Runtime Broker Microsoft Corporation (Verified) Microsoft Windows
RuntimeBroker.exe  2,136 K 11,972 K 11052 Runtime Broker Microsoft Corporation (Verified) Microsoft Windows
RuntimeBroker.exe  8,832 K 27,812 K 4152 Runtime Broker Microsoft Corporation (Verified) Microsoft Windows
RtkNGUI64.exe  7,348 K 14,064 K 1668 Realtek HD Audio Manager Realtek Semiconductor (Verified) Realtek Semiconductor Corp.
RtkAudioService64.exe  1,952 K 7,508 K 2384 Realtek Audio Service Realtek Semiconductor (Verified) Realtek Semiconductor Corp.
procexp(1).exe  3,012 K 10,240 K 6844 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation
PresentationFontCache.exe  25,080 K 15,424 K 6676 PresentationFontCache.exe Microsoft Corporation (Verified) Microsoft Corporation
PEFService.exe  2,924 K 2,972 K 3632 McAfee PEF Service McAfee, Inc. (Verified) McAfee
OneDrive.exe  14,404 K 44,656 K 12152 Microsoft OneDrive Microsoft Corporation (Verified) Microsoft Corporation
OfficeClickToRun.exe  32,836 K 42,904 K 3372 Microsoft Office Click-to-Run (SxS) Microsoft Corporation (Verified) Microsoft Corporation
notepad.exe  3,588 K 17,992 K 1552 Notepad Microsoft Corporation (Verified) Microsoft Windows
NisSrv.exe  5,124 K 8,092 K 6376 Microsoft Network Realtime Inspection Service Microsoft Corporation (Verified) Microsoft Corporation
MSASCuiL.exe  2,008 K 9,324 K 12792 Windows Defender notification icon Microsoft Corporation (Verified) Microsoft Windows
MpSigStub.exe  1,636 K 6,844 K 11136   
MpCmdRun.exe  2,320 K 8,176 K 15256 Microsoft Malware Protection Command Line Utility Microsoft Corporation (Verified) Microsoft Corporation
mpam-3d9702db.exe  2,048 K 5,232 K 12192 AntiMalware Definition Update Microsoft Corporation (Verified) Microsoft Corporation
ModuleCoreService.exe  11,948 K 7,132 K 3464 McAfee Module Core Service McAfee, Inc. (Verified) McAfee
MMSSHOST.exe  26,856 K 31,280 K 4956 McAfee Management Service Host McAfee, Inc. (Verified) McAfee
MicrosoftEdgeCP.exe  5,988 K 25,772 K 5920 Microsoft Edge Content Process Microsoft Corporation (Verified) Microsoft Corporation
MicrosoftEdgeCP.exe  5,932 K 24,792 K 4840 Microsoft Edge Content Process Microsoft Corporation (Verified) Microsoft Corporation
MicrosoftEdgeCP.exe  5,972 K 24,488 K 10984 Microsoft Edge Content Process Microsoft Corporation (Verified) Microsoft Corporation
MicrosoftEdgeCP.exe  5,692 K 23,124 K 6744 Microsoft Edge Content Process Microsoft Corporation (Verified) Microsoft Corporation
MicrosoftEdge.exe  32,708 K 84,956 K 12484 Microsoft Edge Microsoft Corporation (Verified) Microsoft Corporation
mfevtps.exe  5,348 K 9,628 K 5076 McAfee Process Validation Service McAfee LLC (Verified) McAfee
mfevtps.exe  1,880 K 5,480 K 9016 McAfee Process Validation Service McAfee LLC (Verified) McAfee
mfemms.exe  2,556 K 6,952 K 3516 McAfee Management Service McAfee LLC (Verified) McAfee
mfefire.exe  2,500 K 8,676 K 5524 McAfee Core Firewall Service McAfee LLC (Verified) McAfee
Memory Compression  620 K 97,136 K 1156   
McUICnt.exe  15,156 K 22,868 K 12964 McAfee McAfee, Inc. (Verified) McAfee
mcshield.exe  33,048 K 8,604 K 10076 McAfee Scanner service McAfee LLC. (Verified) McAfee
McCSPServiceHost.exe  7,180 K 9,848 K 11072 McAfee CSP Service Host McAfee, Inc. (Verified) McAfee
lsass.exe  9,336 K 16,780 K 936 Local Security Authority Process Microsoft Corporation (Verified) Microsoft Windows Publisher
jhi_service.exe  1,204 K 5,404 K 12228 Intel® Dynamic Application Loader Host Interface Intel Corporation (Verified) Intel Corporation - Embedded Subsystems and IP Blocks Group
igfxHK.exe  2,452 K 9,120 K 944 igfxHK Module Intel Corporation (Verified) Intel® pGFX
igfxEM.exe  3,624 K 12,716 K 10960 igfxEM Module Intel Corporation (Verified) Intel® pGFX
igfxCUIService.exe  1,968 K 7,840 K 2108 igfxCUIService Module Intel Corporation (Verified) Intel® pGFX
iCloudPhotos.exe  14,756 K 33,720 K 12880 iCloud Photo Library Apple Inc. (Verified) Apple Inc.
iCloudDrive.exe  12,148 K 29,912 K 9304 iCloud Drive Apple Inc. (Verified) Apple Inc.
hpwuschd2.exe  1,268 K 6,360 K 8756 hpwuSchd Application Hewlett-Packard (Verified) Hewlett-Packard Company
HPWMISVC.exe  1,724 K 7,608 K 11780 HP WMI Service HP Inc. (Verified) HP Inc.
HPSupportSolutionsFrameworkService.exe  38,676 K 31,824 K 11940 HP Support Solutions Framework Service HP Inc. (Verified) HP Inc.
HPSF.exe  25,864 K 8,172 K 15048 HP Support Assistant HP Inc. (Verified) HP Inc.
HPRadioMgr64.exe  1,980 K 9,024 K 13596 HP Radio Manager HP (Verified) HP Inc.
HPOrbitService.exe  2,860 K 8,412 K 4500 HP Orbit HP Inc. (Verified) HP Inc.
HPJumpStartLaunch.exe  3,852 K 556 K 12744   (Verified) HP Inc.
HPJumpStartBridge.exe  16,224 K 28,248 K 11764 HP JumpStart Bridge HP Inc. (Verified) HP Inc.
HPCommRecovery.exe  13,684 K 16,588 K 12016 CommRecovery HP Inc. (No signature was present in the subject) HP Inc.
HPAudioSwitch.exe  33,708 K 44,008 K 7744 HPAudioSwitch HP Inc. (Verified) HP Inc.
GoogleUpdate.exe  2,252 K 340 K 12512 Google Installer Google Inc. (Verified) Google Inc
fontdrvhost.exe  2,016 K 3,704 K 540 Usermode Font Driver Host Microsoft Corporation (Verified) Microsoft Windows
esif_uf.exe  1,952 K 6,724 K 3384 Intel® Dynamic Platform and Thermal Framework Intel Corporation (Verified) Intel® Software
DropboxUpdate.exe  2,160 K 232 K 6784 Dropbox Update Dropbox, Inc. (Verified) Dropbox
dllhost.exe  2,112 K 10,268 K 9328 COM Surrogate Microsoft Corporation (Verified) Microsoft Windows
dasHost.exe  7,552 K 18,464 K 4156 Device Association Framework Provider Host Microsoft Corporation (Verified) Microsoft Windows
ctfmon.exe  3,344 K 14,448 K 12292 CTF Loader Microsoft Corporation (Verified) Microsoft Windows
conhost.exe  1,188 K 252 K 12208 Console Window Host Microsoft Corporation (Verified) Microsoft Windows
conhost.exe  5,300 K 6,144 K 10344 Console Window Host Microsoft Corporation (Verified) Microsoft Windows
conhost.exe  1,180 K 4,816 K 3068 Console Window Host Microsoft Corporation (Verified) Microsoft Windows
CompatTelRunner.exe  28,708 K 20,452 K 14420 Microsoft Compatibility Telemetry Microsoft Corporation (Verified) Microsoft Windows
browser_broker.exe  7,804 K 29,272 K 668 Browser_Broker Microsoft Corporation (Verified) Microsoft Windows
audiodg.exe  11,532 K 17,572 K 11516 Windows Audio Device Graph Isolation  Microsoft Corporation (Verified) Microsoft Windows
armsvc.exe  1,392 K 6,188 K 3336 Adobe Acrobat Update Service Adobe Systems Incorporated (Verified) Adobe Systems
APSDaemon.exe  4,996 K 15,964 K 5756 Apple Push Apple Inc. (Verified) Apple Inc.
ApplicationFrameHost.exe  9,824 K 29,008 K 13020 Application Frame Host Microsoft Corporation (Verified) Microsoft Windows
68.0.3440.106_chrome_installer.exe  1,716 K 2,324 K 3200 Google Chrome Installer Google Inc. (Verified) Google Inc

 

 

 

I am running an Elevated Command Prompt, the cmd window says "Administrator Command Prompt" at the top left.

241ldf6.jpg


Edited by psjbob, 13 August 2018 - 03:57 PM.

  • 0

#6
RKinner
Posted 13 August 2018 - 05:30 PM

RKinner

    Malware Expert

  • Expert
  • 24,731 posts
  • MVP

Appears tasklist.exe does not exist or is not usable on your PC.  Normally it live in System32.  Open FRST.  Put

tasklist.exe

in the FRST Search Box and Search Files.  You will get one file.  If it shows any tasklist.exe files then copy and paste it to a reply.

 

Your logs show CloudStore is not working.  (perhaps the login is incorrect)  There should be a cloud like icon (usually in the hidden icons - click on the up arrow to the left of the clock).  This is the control for One Drive which I assume is the cloud store.

 

See:

https://support.offi...&rs=en-US&ad=US

 

I would disable it for now and see if that helps.

 

 

Also something is wrong with Bits.  Try clearing the Bits cache:

 

net stop BITS
ipconfig /flushdns
ren "%ALLUSERSPROFILE%\Application Data\Microsoft\Network\Downloader\qmgr0.dat" qmgr0.dat.old
ren "%ALLUSERSPROFILE%\Application Data\Microsoft\Network\Downloader\qmgr1.dat" qmgr1.dat.old
net start BITS

 

You should be able to copy the five line and then go to your Elevated Command Prompt and right click and Paste.  Hit Enter if the prompt doesn't return.

 

 

Process Epxlorer shows a very slow system:

 

System Idle Process 69.08 52 K 8 K 0   
procexp(1)64.exe 5.93 35,072 K 65,612 K 4816 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation
System 5.24 160 K 1,400 K 4   
Interrupts 5.02 0 K 0 K n/a Hardware Interrupts and DPCs  
MsMpEng.exe 4.72 356,996 K 169,488 K 3756 Antimalware Service Executable Microsoft Corporation (Verified) Microsoft Corporation
SynTPEnh.exe 4.10 7,588 K 24,364 K 11248 Synaptics TouchPad 64-bit Enhancements Synaptics Incorporated (Verified) Synaptics Incorporated

 

 

 

 

Interrupts at 5.02 usually means a bad driver.  (Perhaps the touchpad driver needs updating as it is using too much CPU)

 

Also Windows Defender is running.  McAfee should have turned it off so they won't fight each other but McAfee is a piece of junk so I am not surprised.  Are you paying for McAfee?

 

See if Latency Monitor will show us anything:

Go to

http://www.resplendence.com/downloads

Scroll down to

System Monitoring Tools

and then find

LatencyMon 6.70 (or it may be a higher number if they update)

Click on Download free home edition

Save it then right click and Run As Admin.  It will install and then start the program.  
It will tell you to click on the Start button but there isn't one.  
Instead click on the green arrowhead (looks like a Play button).   Let it run for at least 20 seconds.  Then hit the red box to stop it.

Edit, Copy Report text to Clipboard then move to a REPLY and Ctrl + v to paste the text into a reply.

 

I downloaded VEW on my WIn 10 and it seems to work as expected.  Looking at the FRST logs I see:

 

 
Could not list restore points
Check "winmgmt" service or repair WMI.

==================== Faulty Device Manager Devices =============
Could not list Devices. Check "winmgmt" service or repair WMI.

 

 

 

 

and if VEW uses wmi that would explain why it doesn't work.  There is also no sign of WMI running in Process Explorer. 

 

Search for

services.msc

hit Enter.

 

This should bring up the services window.  Look for

Windows Management Instrumentation

right click and select Properties then verify the Startup Type is set to Automatic (Apply if you need to change it.)  Then START the service.  Do you get an error?


  • 0

#7
psjbob
Posted 18 August 2018 - 06:14 PM

psjbob

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
I ran FRST to search for tasklist.exe, it return 2 txt file but neither mentions tasklist.
 
 
ICloud & OneDrive work fine and is used by the lady who uses this laptop the most. I just clicked on each icon and they open right up. Doesn't appear to be slow in either case.
 
 
I'm not sure how but I'd like to disable McAfee altogether and run something like AVGFREE instead.
 
 
 
I ran your BITS command in the Elevated Command Prompt and got this,
 
C:\WINDOWS\system32>ipconfig /flushdns
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\WINDOWS\system32>ren "%ALLUSERSPROFILE%\Application Data\Microsoft\Network\Downloader\qmgr0.dat" qmgr0.dat.old
The system cannot find the file specified.
C:\WINDOWS\system32>ren "%ALLUSERSPROFILE%\Application Data\Microsoft\Network\Downloader\qmgr1.dat" qmgr1.dat.old
The system cannot find the file specified.
C:\WINDOWS\system32>net start BITS
The Background Intelligent Transfer Service service is starting.
The Background Intelligent Transfer Service service was started successfully.
 
 
 
Device Manager "Update Driver" did find a newer driver for the touchpad and upgraded to it.
 
 
 
_________________________________________________________________________________________________________
CONCLUSION
_________________________________________________________________________________________________________
Your system appears to be suitable for handling real-time audio and other tasks without dropouts.
LatencyMon has been analyzing your system for  0:00:22  (h:mm:ss) on all processors.

_________________________________________________________________________________________________________
SYSTEM INFORMATION
_________________________________________________________________________________________________________
Computer name:                                        LAPTOP-VCBMR6EO
OS version:                                           Windows 10 , 10.0, build: 16299 (x64)
Hardware:                                            
CPU:                                                  GenuineIntel Intel® Pentium® CPU N3710 @ 1.60GHz
Logical processors:                                   4
Processor groups:                                     1
RAM:                                                  4001 MB total

_________________________________________________________________________________________________________
CPU SPEED
_________________________________________________________________________________________________________
Reported CPU speed:                                   160 MHz
Note: reported execution times may be calculated based on a fixed reported CPU speed. Disable variable speed settings like Intel Speed Step and AMD Cool N Quiet in the BIOS setup for more accurate results.

_________________________________________________________________________________________________________
MEASURED INTERRUPT TO USER PROCESS LATENCIES
_________________________________________________________________________________________________________
The interrupt to process latency reflects the measured interval that a usermode process needed to respond to a hardware request from the moment the interrupt service routine started execution. This includes the scheduling and execution of a DPC routine, the signaling of an event and the waking up of a usermode thread from an idle wait state in response to that event.
Highest measured interrupt to process latency (µs):   502.415756
Average measured interrupt to process latency (µs):   13.456799
Highest measured interrupt to DPC latency (µs):       441.613849
Average measured interrupt to DPC latency (µs):       3.264473

_________________________________________________________________________________________________________
 REPORTED ISRs
_________________________________________________________________________________________________________
Interrupt service routines are routines installed by the OS and device drivers that execute in response to a hardware interrupt signal.
Highest ISR routine execution time (µs):              9.63750
Driver with highest ISR routine execution time:       Wdf01000.sys - Kernel Mode Driver Framework Runtime, Microsoft Corporation
Highest reported total ISR routine time (%):          0.000341
Driver with highest ISR total time:                   Wdf01000.sys - Kernel Mode Driver Framework Runtime, Microsoft Corporation
Total time spent in ISRs (%)                          0.000341
ISR count (execution time <250 µs):                   58
ISR count (execution time 250-500 µs):                0
ISR count (execution time 500-999 µs):                0
ISR count (execution time 1000-1999 µs):              0
ISR count (execution time 2000-3999 µs):              0
ISR count (execution time >=4000 µs):                 0

_________________________________________________________________________________________________________
REPORTED DPCs
_________________________________________________________________________________________________________
DPC routines are part of the interrupt servicing dispatch mechanism and disable the possibility for a process to utilize the CPU while it is interrupted until the DPC has finished execution.
Highest DPC routine execution time (µs):              363.06250
Driver with highest DPC routine execution time:       ndis.sys - Network Driver Interface Specification (NDIS), Microsoft Corporation
Highest reported total DPC routine time (%):          0.048108
Driver with highest DPC total execution time:         storport.sys - Microsoft Storage Port Driver, Microsoft Corporation
Total time spent in DPCs (%)                          0.155903
DPC count (execution time <250 µs):                   9188
DPC count (execution time 250-500 µs):                0
DPC count (execution time 500-999 µs):                10
DPC count (execution time 1000-1999 µs):              0
DPC count (execution time 2000-3999 µs):              0
DPC count (execution time >=4000 µs):                 0

_________________________________________________________________________________________________________
 REPORTED HARD PAGEFAULTS
_________________________________________________________________________________________________________
Hard pagefaults are events that get triggered by making use of virtual memory that is not resident in RAM but backed by a memory mapped file on disk. The process of resolving the hard pagefault requires reading in the memory from disk while the process is interrupted and blocked from execution.
NOTE: some processes were hit by hard pagefaults. If these were programs producing audio, they are likely to interrupt the audio stream resulting in dropouts, clicks and pops. Check the Processes tab to see which programs were hit.
Process with highest pagefault count:                 taskhostw.exe
Total number of hard pagefaults                       332
Hard pagefault count of hardest hit process:          94
Number of processes hit:                              16

_________________________________________________________________________________________________________
 PER CPU DATA
_________________________________________________________________________________________________________
CPU 0 Interrupt cycle time (s):                       0.491357
CPU 0 ISR highest execution time (µs):                7.7250
CPU 0 ISR total execution time (s):                   0.000223
CPU 0 ISR count:                                      40
CPU 0 DPC highest execution time (µs):                363.06250
CPU 0 DPC total execution time (s):                   0.084032
CPU 0 DPC count:                                      6768
_________________________________________________________________________________________________________
CPU 1 Interrupt cycle time (s):                       0.196027
CPU 1 ISR highest execution time (µs):                0.0
CPU 1 ISR total execution time (s):                   0.0
CPU 1 ISR count:                                      0
CPU 1 DPC highest execution time (µs):                186.86250
CPU 1 DPC total execution time (s):                   0.005210
CPU 1 DPC count:                                      221
_________________________________________________________________________________________________________
CPU 2 Interrupt cycle time (s):                       0.381082
CPU 2 ISR highest execution time (µs):                9.63750
CPU 2 ISR total execution time (s):                   0.000075
CPU 2 ISR count:                                      17
CPU 2 DPC highest execution time (µs):                311.8250
CPU 2 DPC total execution time (s):                   0.036943
CPU 2 DPC count:                                      1625
_________________________________________________________________________________________________________
CPU 3 Interrupt cycle time (s):                       0.251381
CPU 3 ISR highest execution time (µs):                3.750
CPU 3 ISR total execution time (s):                   0.000004
CPU 3 ISR count:                                      1
CPU 3 DPC highest execution time (µs):                178.90
CPU 3 DPC total execution time (s):                   0.011502
CPU 3 DPC count:                                      584
_________________________________________________________________________________________________________
 
 
 
The WMI already appears to be set to automatic.

 

 

2hwl57d.png


  • 0

#8
RKinner
Posted 18 August 2018 - 06:34 PM

RKinner

    Malware Expert

  • Expert
  • 24,731 posts
  • MVP
If you got 2 files then you probably hit scan instead of search files.

It appears that am I is now running. Will VEW work now?

Could I see a new process explorer log?
  • 0

#9
psjbob
Posted 18 August 2018 - 09:05 PM

psjbob

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts

Yes, you are right. I was hitting scan instead on search.

 

 

Farbar Recovery Scan Tool (x64) Version: 02.08.2018
Ran by eviei (18-08-2018 22:45:57)
Running from C:\Users\eviei\Desktop
Boot Mode: Normal
================== Search Files: "tasklist.exe" =============
C:\Windows\WinSxS\wow64_microsoft-windows-tasklist_31bf3856ad364e35_10.0.16299.15_none_55840875ffd6d9b4\tasklist.exe
[2017-09-29 09:42][2017-09-29 09:42] 000079872 _____ (Microsoft Corporation) 2A64E6FB3B816318ACA544E6E03F2E56 [File is digitally signed]
C:\Windows\WinSxS\amd64_microsoft-windows-tasklist_31bf3856ad364e35_10.0.16299.15_none_4b2f5e23cb7617b9\tasklist.exe
[2017-09-29 09:42][2017-09-29 09:42] 000099840 _____ (Microsoft Corporation) 1A285AA0784DDC0E1E263871CCDEF976 [File is digitally signed]
C:\Windows\SysWOW64\tasklist.exe
[2017-09-29 09:42][2017-09-29 09:42] 000079872 _____ (Microsoft Corporation) 2A64E6FB3B816318ACA544E6E03F2E56 [File is digitally signed]
C:\Windows\System32\tasklist.exe
[2017-09-29 09:42][2017-09-29 09:42] 000099840 _____ (Microsoft Corporation) 1A285AA0784DDC0E1E263871CCDEF976 [File is digitally signed]
C:\$WINDOWS.~BT\NewOS\Windows\WinSxS\wow64_microsoft-windows-tasklist_31bf3856ad364e35_10.0.17134.1_none_181868daf7dccc74\tasklist.exe
[2018-04-11 19:35][2018-04-11 19:35] 000079872 _____ (Microsoft Corporation) 6B7D2FC3FB98B10A5F77B23DEF745F6F [File not signed]
C:\$WINDOWS.~BT\NewOS\Windows\WinSxS\amd64_microsoft-windows-tasklist_31bf3856ad364e35_10.0.17134.1_none_0dc3be88c37c0a79\tasklist.exe
[2018-04-11 19:34][2018-04-11 19:34] 000100352 _____ (Microsoft Corporation) B12E0F9C42075B4B7AD01D0B6A48485D [File not signed]
C:\$WINDOWS.~BT\NewOS\Windows\SysWOW64\tasklist.exe
[2018-04-11 19:35][2018-04-11 19:35] 000079872 _____ (Microsoft Corporation) 6B7D2FC3FB98B10A5F77B23DEF745F6F [File not signed]
C:\$WINDOWS.~BT\NewOS\Windows\System32\tasklist.exe
[2018-04-11 19:34][2018-04-11 19:34] 000100352 _____ (Microsoft Corporation) B12E0F9C42075B4B7AD01D0B6A48485D [File not signed]

====== End of Search ======

 

 

 

VEW still doesn't run, I get a runtime error.

 

24g4ye1.png

 

Process CPU Private Bytes Working Set PID Description Company Name Verified Signer
MicrosoftEdgeCP.exe 42.81 982,436 K 1,040,616 K 14136 Microsoft Edge Content Process Microsoft Corporation (Verified) Microsoft Corporation
svchost.exe 29.02 56,832 K 59,744 K 5096 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
System Idle Process 7.98 52 K 8 K 0   
procexp(1)64.exe 7.08 31,484 K 64,064 K 13612 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation
MsMpEng.exe 6.37 230,520 K 164,316 K 3832 Antimalware Service Executable Microsoft Corporation (Verified) Microsoft Corporation
MicrosoftEdgeCP.exe 1.65 9,320 K 27,952 K 14120 Microsoft Edge Content Process Microsoft Corporation (Verified) Microsoft Corporation
Interrupts 1.42 0 K 0 K n/a Hardware Interrupts and DPCs  
System 1.21 164 K 3,828 K 4   
dwm.exe 0.72 57,056 K 76,348 K 1204 Desktop Window Manager Microsoft Corporation (Verified) Microsoft Windows
mcapexe.exe 0.30 4,004 K 3,148 K 9000 McAfee Access Protection McAfee, Inc. (Verified) McAfee
csrss.exe 0.26 2,224 K 4,868 K 776 Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows Publisher
smartscreen.exe 0.23 22,180 K 38,772 K 11976 Windows Defender SmartScreen Microsoft Corporation (Verified) Microsoft Windows
explorer.exe 0.14 50,204 K 109,372 K 7172 Windows Explorer Microsoft Corporation (Verified) Microsoft Windows
TabTip.exe 0.10 3,876 K 14,032 K 10020 Touch Keyboard and Handwriting Panel Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 0.09 38,792 K 44,048 K 1720 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
ctfmon.exe 0.08 5,388 K 24,312 K 10008 CTF Loader Microsoft Corporation (Verified) Microsoft Windows
MicrosoftEdge.exe 0.07 33,580 K 85,168 K 12424 Microsoft Edge Microsoft Corporation (Verified) Microsoft Corporation
taskhostw.exe 0.07 9,032 K 19,476 K 6968 Host Process for Windows Tasks Microsoft Corporation (Verified) Microsoft Windows
MMSSHOST.exe 0.06 26,644 K 34,232 K 4928 McAfee Management Service Host McAfee, Inc. (Verified) McAfee
svchost.exe 0.05 4,196 K 9,780 K 2008 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
MicrosoftEdgeCP.exe 0.05 114,100 K 149,468 K 9948 Microsoft Edge Content Process Microsoft Corporation (Verified) Microsoft Corporation
svchost.exe 0.03 1,640 K 5,608 K 4600 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
MicrosoftEdgeCP.exe 0.03 69,156 K 103,484 K 11040 Microsoft Edge Content Process Microsoft Corporation (Verified) Microsoft Corporation
MicrosoftEdgeCP.exe 0.02 5,916 K 26,284 K 14080 Microsoft Edge Content Process Microsoft Corporation (Verified) Microsoft Corporation
MicrosoftEdgeCP.exe 0.02 6,020 K 26,168 K 7236 Microsoft Edge Content Process Microsoft Corporation (Verified) Microsoft Corporation
ModuleCoreService.exe 0.02 24,452 K 36,348 K 3588 McAfee Module Core Service McAfee, Inc. (Verified) McAfee
svchost.exe 0.02 7,516 K 12,720 K 1072 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
AppleMobileDeviceService.exe 0.02 3,456 K 9,484 K 3356 MobileDeviceService Apple Inc. (Verified) Apple Inc.
MfeAVSvc.exe 0.02 11,148 K 8,604 K 9132 McAfee Cloud AV McAfee, Inc. (Verified) McAfee
iPodService.exe 0.02 2,184 K 7,708 K 5116 iPod Service Apple Inc. (Verified) Apple Inc.
svchost.exe 0.02 21,292 K 30,764 K 604 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
CCleaner64.exe 0.01 9,768 K 22,852 K 11752 CCleaner Piriform Ltd (Verified) Piriform Ltd
WUDFHost.exe < 0.01 25,100 K 12,304 K 432 Windows Driver Foundation - User-mode Driver Framework Host Process Microsoft Corporation (Verified) Microsoft Windows
Memory Compression < 0.01 544 K 17,268 K 2112   
esif_assist_64.exe < 0.01 1,372 K 4,640 K 6536 Intel® Dynamic Platform and Thermal Framework Utility Application Intel Corporation (Verified) Intel® Software
svchost.exe < 0.01 3,628 K 8,328 K 2656 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe < 0.01 13,844 K 21,092 K 1328 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe < 0.01 3,336 K 11,904 K 2360 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
csrss.exe < 0.01 1,716 K 4,500 K 676 Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows Publisher
SynTPEnh.exe < 0.01 6,096 K 14,752 K 6632 Synaptics TouchPad 64-bit Enhancements Synaptics Incorporated (Verified) Synaptics Incorporated
SearchIndexer.exe < 0.01 23,676 K 27,476 K 8548 Microsoft Windows Search Indexer Microsoft Corporation (Verified) Microsoft Windows
iTunesHelper.exe < 0.01 4,512 K 14,424 K 9956 iTunesHelper Apple Inc. (Verified) Apple Inc.
svchost.exe < 0.01 9,860 K 31,396 K 1584 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
wlanext.exe  1,948 K 6,284 K 3060 Windows Wireless LAN 802.11 Extensibility Framework Microsoft Corporation (Verified) Microsoft Windows
winlogon.exe  2,460 K 8,060 K 868 Windows Logon Application Microsoft Corporation (Verified) Microsoft Windows
wininit.exe  1,320 K 5,512 K 768 Windows Start-Up Application Microsoft Corporation (Verified) Microsoft Windows Publisher
Windows.WARP.JITService.exe  1,188 K 5,092 K 11008   (Verified) Microsoft Windows
TabTip32.exe  1,416 K 4,596 K 10180 Touch Keyboard and Handwriting Panel Helper Microsoft Corporation (Verified) Microsoft Windows
SynTPHelper.exe  1,020 K 4,088 K 7696 Synaptics Pointing Device Helper Synaptics Incorporated (Verified) Synaptics Incorporated
SynTPEnhService.exe  2,280 K 7,664 K 3784 64-bit Synaptics Pointing Enhance Service Synaptics Incorporated (Verified) Synaptics Incorporated
svchost.exe  3,012 K 10,336 K 14368 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe  5,000 K 17,180 K 6720 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe  5,064 K 11,872 K 1892 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe  6,448 K 13,808 K 2468 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe  2,304 K 8,004 K 3808 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe  2,000 K 7,384 K 3244 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe  5,472 K 14,412 K 2968 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe  9,176 K 26,116 K 3412 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe  3,300 K 9,692 K 2280 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe  3,516 K 18,388 K 7160 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe  14,856 K 22,740 K 3464 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe  5,576 K 15,576 K 8084 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe  3,364 K 10,972 K 3840 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe  2,404 K 6,872 K 1116 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe  2,420 K 8,568 K 1656 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe  2,336 K 10,856 K 3040 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe  8,268 K 32,744 K 6792 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe  7,608 K 15,028 K 1464 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe  2,296 K 7,040 K 2868 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe  4,484 K 14,752 K 8952 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe  1,984 K 12,172 K 9080 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe  5,336 K 21,296 K 3848 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe  920 K 3,600 K 280 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe  2,280 K 9,284 K 1364 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe  4,688 K 17,820 K 1392 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe  2,764 K 10,088 K 1556 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe  18,572 K 15,756 K 1572 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe  6,240 K 9,820 K 1672 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe  2,552 K 7,156 K 1732 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe  2,132 K 11,004 K 1740 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe  1,756 K 7,420 K 1772 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe  2,008 K 9,352 K 2020 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe  1,288 K 5,408 K 1832 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe  2,056 K 7,432 K 1476 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe  2,012 K 8,112 K 2140 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe  1,912 K 7,540 K 2228 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe  1,684 K 7,040 K 2236 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe  2,348 K 6,232 K 2668 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe  3,848 K 11,592 K 2696 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe  4,112 K 7,984 K 3364 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe  4,180 K 13,152 K 3376 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe  1,624 K 6,120 K 3392 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe  2,668 K 6,784 K 3552 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe  4,720 K 13,508 K 3576 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe  1,976 K 6,368 K 3644 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe  1,556 K 5,968 K 3708 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe  2,740 K 9,628 K 3760 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe  1,252 K 5,212 K 3800 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe  2,076 K 6,212 K 4244 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe  1,728 K 6,700 K 4700 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe  2,212 K 8,672 K 5188 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe  4,292 K 12,396 K 5196 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe  2,696 K 7,380 K 5204 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe  3,728 K 9,336 K 5316 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe  2,312 K 11,320 K 5916 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe  1,336 K 5,724 K 6900 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe  1,604 K 6,940 K 7544 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe  2,056 K 8,752 K 7684 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe  3,300 K 6,540 K 7772 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe  1,564 K 5,408 K 8540 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe  2,780 K 8,720 K 10744 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe  2,368 K 9,732 K 12940 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe  3,380 K 14,412 K 1272 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe  1,936 K 6,756 K 14168 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe  1,652 K 6,868 K 8364 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe  1,660 K 6,760 K 5024 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
spoolsv.exe  6,568 K 12,848 K 2616 Spooler SubSystem App Microsoft Corporation (Verified) Microsoft Windows
smss.exe  468 K 964 K 408 Windows Session Manager Microsoft Corporation (Verified) Microsoft Windows Publisher
SkypeHost.exe Suspended 2,684 K 268 K 7124 Microsoft Skype Microsoft Corporation (No signature was present in the subject) Microsoft Corporation
sihost.exe  7,404 K 26,068 K 6568 Shell Infrastructure Host Microsoft Corporation (Verified) Microsoft Windows
ShellExperienceHost.exe Suspended 33,200 K 52,024 K 8168 Windows Shell Experience Host Microsoft Corporation (Verified) Microsoft Windows
SettingSyncHost.exe  13,128 K 11,848 K 9700 Host Process for Setting Synchronization Microsoft Corporation (Verified) Microsoft Windows
services.exe  5,848 K 9,424 K 912 Services and Controller app Microsoft Corporation (Verified) Microsoft Windows Publisher
sedsvc.exe  2,528 K 8,468 K 13036 sedsvc Microsoft Corporation (Verified) Microsoft Windows
SecurityHealthService.exe  4,176 K 14,668 K 3720 Windows Security Health Service Microsoft Corporation (Verified) Microsoft Windows Publisher
secd.exe  4,392 K 15,760 K 9980 Apple Security Manager Apple, Inc. (Verified) Apple Inc.
SearchUI.exe Suspended 47,916 K 52,336 K 8200 Search and Cortana application Microsoft Corporation (Verified) Microsoft Windows
ScanToPCActivationApp.exe  3,580 K 15,084 K 7188 ScanToPCActivationApp Hewlett-Packard Co. (Verified) Hewlett Packard
RuntimeBroker.exe  14,388 K 34,740 K 14228 Runtime Broker Microsoft Corporation (Verified) Microsoft Windows
RuntimeBroker.exe  3,756 K 17,804 K 2356 Runtime Broker Microsoft Corporation (Verified) Microsoft Windows
RuntimeBroker.exe  2,500 K 13,404 K 10620 Runtime Broker Microsoft Corporation (Verified) Microsoft Windows
RuntimeBroker.exe  5,220 K 14,372 K 8920 Runtime Broker Microsoft Corporation (Verified) Microsoft Windows
RuntimeBroker.exe  6,284 K 21,564 K 8232 Runtime Broker Microsoft Corporation (Verified) Microsoft Windows
RtkNGUI64.exe  8,076 K 13,248 K 11208 Realtek HD Audio Manager Realtek Semiconductor (Verified) Realtek Semiconductor Corp.
RtkAudioService64.exe  1,852 K 7,424 K 2480 Realtek Audio Service Realtek Semiconductor (Verified) Realtek Semiconductor Corp.
procexp(1).exe  2,972 K 10,236 K 6740 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation
PresentationFontCache.exe  25,472 K 14,400 K 6864 PresentationFontCache.exe Microsoft Corporation (Verified) Microsoft Corporation
PEFService.exe  3,896 K 8,932 K 3688 McAfee PEF Service McAfee, Inc. (Verified) McAfee
OneDrive.exe  14,232 K 44,356 K 9432 Microsoft OneDrive Microsoft Corporation (Verified) Microsoft Corporation
OfficeClickToRun.exe  32,104 K 40,680 K 3404 Microsoft Office Click-to-Run (SxS) Microsoft Corporation (Verified) Microsoft Corporation
NisSrv.exe  5,372 K 8,484 K 8760 Microsoft Network Realtime Inspection Service Microsoft Corporation (Verified) Microsoft Corporation
MSASCuiL.exe  2,000 K 9,020 K 11068 Windows Defender notification icon Microsoft Corporation (Verified) Microsoft Windows
ModuleCoreService.exe  11,640 K 10,628 K 2544 McAfee Module Core Service McAfee, Inc. (Verified) McAfee
mfevtps.exe  5,628 K 9,920 K 5068 McAfee Process Validation Service McAfee LLC (Verified) McAfee
mfevtps.exe  2,328 K 5,816 K 8512 McAfee Process Validation Service McAfee LLC (Verified) McAfee
mfemms.exe  2,976 K 6,804 K 3568 McAfee Management Service McAfee LLC (Verified) McAfee
mfefire.exe  2,956 K 8,624 K 5516 McAfee Core Firewall Service McAfee LLC (Verified) McAfee
McUICnt.exe  11,892 K 3,512 K 3884 McAfee McAfee, Inc. (Verified) McAfee
mcshield.exe  32,780 K 8,352 K 6356 McAfee Scanner service McAfee LLC. (Verified) McAfee
McCSPServiceHost.exe  6,900 K 13,104 K 9984 McAfee CSP Service Host McAfee, Inc. (Verified) McAfee
lsass.exe  11,244 K 18,788 K 928 Local Security Authority Process Microsoft Corporation (Verified) Microsoft Windows Publisher
Lightshot.exe  10,372 K 33,304 K 12164 Lightshot Skillbrains (No signature was present in the subject) Skillbrains
jhi_service.exe  1,216 K 5,636 K 12456 Intel® Dynamic Application Loader Host Interface Intel Corporation (Verified) Intel Corporation - Embedded Subsystems and IP Blocks Group
IntuitUpdateService.exe  17,628 K 13,096 K 10544 Intuit Update Service Intuit Inc. (Verified) Intuit
igfxHK.exe  2,504 K 8,212 K 7344 igfxHK Module Intel Corporation (Verified) Intel® pGFX
igfxEM.exe  3,604 K 11,324 K 7316 igfxEM Module Intel Corporation (Verified) Intel® pGFX
igfxCUIService.exe  1,948 K 7,696 K 2184 igfxCUIService Module Intel Corporation (Verified) Intel® pGFX
iCloudServices.exe  44,404 K 77,920 K 10264 iCloud Services Apple Inc. (Verified) Apple Inc.
iCloudPhotos.exe  14,520 K 31,256 K 10956 iCloud Photo Library Apple Inc. (Verified) Apple Inc.
iCloudDrive.exe  12,488 K 28,200 K 8248 iCloud Drive Apple Inc. (Verified) Apple Inc.
hpwuschd2.exe  1,308 K 6,248 K 8120 hpwuSchd Application Hewlett-Packard (Verified) Hewlett-Packard Company
HPWMISVC.exe  1,720 K 7,476 K 3444 HP WMI Service HP Inc. (Verified) HP Inc.
HPSupportSolutionsFrameworkService.exe  38,568 K 41,272 K 9904 HP Support Solutions Framework Service HP Inc. (Verified) HP Inc.
HPRadioMgr64.exe  1,976 K 8,772 K 9728 HP Radio Manager HP (Verified) HP Inc.
HPOrbitService.exe  2,860 K 8,436 K 4372 HP Orbit HP Inc. (Verified) HP Inc.
HPJumpStartLaunch.exe  3,992 K 712 K 6956   (Verified) HP Inc.
HPJumpStartBridge.exe  16,148 K 28,544 K 11896 HP JumpStart Bridge HP Inc. (Verified) HP Inc.
HPCommRecovery.exe  13,864 K 16,976 K 4468 CommRecovery HP Inc. (No signature was present in the subject) HP Inc.
HPAudioSwitch.exe  33,692 K 43,900 K 3204 HPAudioSwitch HP Inc. (Verified) HP Inc.
fontdrvhost.exe  3,104 K 5,656 K 512 Usermode Font Driver Host Microsoft Corporation (Verified) Microsoft Windows
fontdrvhost.exe  1,668 K 3,412 K 508 Usermode Font Driver Host Microsoft Corporation (Verified) Microsoft Windows
esif_uf.exe  1,892 K 6,188 K 3428 Intel® Dynamic Platform and Thermal Framework Intel Corporation (Verified) Intel® Software
DropboxUpdate.exe  2,140 K 184 K 6892 Dropbox Update Dropbox, Inc. (Verified) Dropbox
dllhost.exe  4,504 K 12,404 K 13708 COM Surrogate Microsoft Corporation (Verified) Microsoft Windows
dasHost.exe  7,628 K 18,424 K 4288 Device Association Framework Provider Host Microsoft Corporation (Verified) Microsoft Windows
conhost.exe  1,180 K 4,712 K 2272 Console Window Host Microsoft Corporation (Verified) Microsoft Windows
conhost.exe  5,304 K 5,516 K 2532 Console Window Host Microsoft Corporation (Verified) Microsoft Windows
browser_broker.exe  4,652 K 20,508 K 12908 Browser_Broker Microsoft Corporation (Verified) Microsoft Windows
audiodg.exe  28,636 K 34,164 K 13780 Windows Audio Device Graph Isolation  Microsoft Corporation (Verified) Microsoft Windows
armsvc.exe  1,376 K 6,192 K 3348 Adobe Acrobat Update Service Adobe Systems Incorporated (Verified) Adobe Systems
APSDaemon.exe  5,100 K 15,716 K 2248 Apple Push Apple Inc. (Verified) Apple Inc.
ApplicationFrameHost.exe  9,904 K 29,364 K 3488 Application Frame Host Microsoft Corporation (Verified) Microsoft Windows
 

 

 

 

SPECCY still doesn't work either.

 

 

 

 

 

 


  • 0

#10
RKinner
Posted 19 August 2018 - 08:07 PM

RKinner

    Malware Expert

  • Expert
  • 24,731 posts
  • MVP
MicrosoftEdgeCP.exe 42.81 982,436 K 1,040,616 K 14136 Microsoft Edge Content Process Microsoft Corporation (Verified) Microsoft Corporation

 

 

Edge is eating up too much CPU and too much memory.  What sites do you have open?   There is also an svchost process that is eating up too much CPU.  Can't tell which it is but if you hover over it in Process Explorer it should tell you what services are riding on it.


  • 0

Advertisements

#11
psjbob
Posted 19 August 2018 - 10:41 PM

psjbob

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts

I most likely had GeeksToGo open in the Edge browser when I ran Process Explorer.

 

200brig.png

 

 

I reran Process Explorer without GeeksToGo running in Microsoft Edge

 

Process CPU Private Bytes Working Set PID Description Company Name Verified Signer
System Idle Process 57.08 52 K 8 K 0
procexp(1)64.exe 7.39 30,768 K 62,800 K 15712 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation
System 7.74 168 K 4,240 K 4
svchost.exe 6.01 74,536 K 76,612 K 5096 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
Interrupts 6.05 0 K 0 K n/a Hardware Interrupts and DPCs
MsMpEng.exe 4.46 149,408 K 174,768 K 3832 Antimalware Service Executable Microsoft Corporation (Verified) Microsoft Corporation
svchost.exe 2.04 22,400 K 30,564 K 8952 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
dwm.exe 2.69 38,432 K 53,508 K 1204 Desktop Window Manager Microsoft Corporation (Verified) Microsoft Windows
lsass.exe 0.85 9,268 K 16,708 K 928 Local Security Authority Process Microsoft Corporation (Verified) Microsoft Windows Publisher
HPNetworkCommunicator.exe 0.41 2,720 K 10,136 K 13160 HPNetworkCommunicator Hewlett-Packard Co. (Verified) Hewlett Packard
mcapexe.exe 0.32 2,912 K 3,212 K 9000 McAfee Access Protection McAfee, Inc. (Verified) McAfee
csrss.exe 0.55 2,344 K 4,980 K 776 Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows Publisher
TabTip.exe 0.17 3,872 K 14,008 K 10020 Touch Keyboard and Handwriting Panel Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 0.10 2,480 K 7,248 K 2868 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 0.09 39,308 K 44,072 K 1720 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
explorer.exe 0.08 47,772 K 98,348 K 7172 Windows Explorer Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 0.04 3,536 K 9,332 K 5316 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
ctfmon.exe 0.04 5,380 K 23,704 K 10008 CTF Loader Microsoft Corporation (Verified) Microsoft Windows
ModuleCoreService.exe 0.03 25,560 K 38,652 K 3588 McAfee Module Core Service McAfee, Inc. (Verified) McAfee
svchost.exe 0.03 4,572 K 12,524 K 5196 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 0.02 1,644 K 5,616 K 4600 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
dasHost.exe 0.02 7,788 K 18,768 K 4288 Device Association Framework Provider Host Microsoft Corporation (Verified) Microsoft Windows
services.exe 5,828 K 9,428 K 912 Services and Controller app Microsoft Corporation (Verified) Microsoft Windows Publisher
MfeAVSvc.exe 0.02 10,800 K 8,724 K 9132 McAfee Cloud AV McAfee, Inc. (Verified) McAfee
svchost.exe 0.01 3,684 K 9,460 K 2008 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
AppleMobileDeviceService.exe 0.01 3,468 K 9,548 K 3356 MobileDeviceService Apple Inc. (Verified) Apple Inc.
iPodService.exe 0.01 2,188 K 7,644 K 5116 iPod Service Apple Inc. (Verified) Apple Inc.
MMSSHOST.exe 0.01 28,320 K 33,604 K 4928 McAfee Management Service Host McAfee, Inc. (Verified) McAfee
CCleaner64.exe 0.01 10,788 K 22,712 K 11752 CCleaner Piriform Ltd (Verified) Piriform Ltd
svchost.exe 0.04 7,832 K 13,172 K 1072 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 0.01 10,472 K 28,592 K 3412 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
OfficeClickToRun.exe < 0.01 41,132 K 51,120 K 3404 Microsoft Office Click-to-Run (SxS) Microsoft Corporation (Verified) Microsoft Corporation
SynTPEnh.exe < 0.01 6,288 K 15,056 K 6632 Synaptics TouchPad 64-bit Enhancements Synaptics Incorporated (Verified) Synaptics Incorporated
esif_assist_64.exe < 0.01 1,380 K 4,680 K 6536 Intel® Dynamic Platform and Thermal Framework Utility Application Intel Corporation (Verified) Intel® Software
HPSupportSolutionsFrameworkService.exe < 0.01 39,076 K 22,492 K 9904 HP Support Solutions Framework Service HP Inc. (Verified) HP Inc.
svchost.exe < 0.01 2,728 K 10,104 K 1556 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
csrss.exe 0.04 1,756 K 4,632 K 676 Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe < 0.01 12,784 K 20,360 K 1328 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
mfefire.exe < 0.01 2,576 K 8,664 K 5516 McAfee Core Firewall Service McAfee LLC (Verified) McAfee
svchost.exe 2,384 K 6,724 K 1116 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe < 0.01 5,692 K 16,036 K 8084 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
iTunesHelper.exe < 0.01 4,452 K 14,324 K 9956 iTunesHelper Apple Inc. (Verified) Apple Inc.
iCloudPhotos.exe < 0.01 15,752 K 26,860 K 10956 iCloud Photo Library Apple Inc. (Verified) Apple Inc.
SettingSyncHost.exe < 0.01 19,732 K 29,224 K 9700 Host Process for Setting Synchronization Microsoft Corporation (Verified) Microsoft Windows
svchost.exe < 0.01 4,728 K 16,232 K 14528 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
TrustedInstaller.exe < 0.01 2,120 K 7,316 K 4276 Windows Modules Installer Microsoft Corporation (Verified) Microsoft Windows
WUDFHost.exe 25,100 K 12,348 K 432 Windows Driver Foundation - User-mode Driver Framework Host Process Microsoft Corporation (Verified) Microsoft Windows
wlanext.exe 1,992 K 6,504 K 3060 Windows Wireless LAN 802.11 Extensibility Framework Microsoft Corporation (Verified) Microsoft Windows
WinStore.App.exe Suspended 46,728 K 69,920 K 6232 Store Microsoft Corporation (No signature was present in the subject) Microsoft Corporation
winlogon.exe 2,380 K 8,080 K 868 Windows Logon Application Microsoft Corporation (Verified) Microsoft Windows
wininit.exe 1,320 K 5,212 K 768 Windows Start-Up Application Microsoft Corporation (Verified) Microsoft Windows Publisher
TiWorker.exe 2,288 K 8,852 K 14968 Windows Modules Installer Worker Microsoft Corporation (Verified) Microsoft Windows
taskhostw.exe 7,928 K 17,988 K 6968 Host Process for Windows Tasks Microsoft Corporation (Verified) Microsoft Windows
taskhostw.exe 3,444 K 7,728 K 10344 Host Process for Windows Tasks Microsoft Corporation (Verified) Microsoft Windows
TabTip32.exe 1,340 K 4,572 K 10180 Touch Keyboard and Handwriting Panel Helper Microsoft Corporation (Verified) Microsoft Windows
SynTPHelper.exe 1,020 K 4,056 K 7696 Synaptics Pointing Device Helper Synaptics Incorporated (Verified) Synaptics Incorporated
SynTPEnhService.exe 2,224 K 7,620 K 3784 64-bit Synaptics Pointing Enhance Service Synaptics Incorporated (Verified) Synaptics Incorporated
svchost.exe 5,152 K 12,076 K 1892 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,292 K 5,424 K 1832 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 10,016 K 34,000 K 1584 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,600 K 7,280 K 1732 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 6,476 K 10,152 K 1672 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 3,916 K 8,768 K 2656 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,104 K 7,488 K 1476 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,796 K 13,492 K 3040 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 3,916 K 19,436 K 7160 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,496 K 8,720 K 1656 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 17,040 K 18,384 K 1572 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 0.01 13,480 K 29,168 K 604 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 6,312 K 25,960 K 6720 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 9,976 K 19,560 K 15876 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 3,124 K 11,852 K 2360 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 15,908 K 23,848 K 3464 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,264 K 11,296 K 5916 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 5,476 K 14,256 K 2968 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,316 K 9,728 K 12940 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,948 K 8,188 K 12464 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 7,056 K 15,120 K 1464 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,080 K 6,476 K 4244 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,832 K 8,676 K 10744 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,492 K 13,728 K 1540 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 4,084 K 8,212 K 3364 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 4,432 K 13,472 K 3576 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,152 K 12,608 K 9080 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 8,192 K 33,392 K 6792 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 3,280 K 9,824 K 2280 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,060 K 8,088 K 2140 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 3,644 K 14,488 K 1272 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 3,784 K 11,764 K 2696 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 7,492 K 14,996 K 2468 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 4,220 K 17,192 K 1392 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,312 K 7,940 K 3808 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,956 K 7,488 K 3244 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,092 K 11,036 K 1740 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 4,672 K 13,864 K 3376 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 5,536 K 21,676 K 3848 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,084 K 6,332 K 8256 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,792 K 6,108 K 2668 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,568 K 7,364 K 5204 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 3,672 K 7,256 K 7772 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,136 K 8,652 K 5188 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,260 K 9,276 K 1364 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,288 K 9,844 K 14368 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 4,020 K 5,512 K 8540 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,352 K 5,768 K 6900 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,748 K 6,744 K 4700 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,712 K 6,212 K 3392 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,676 K 6,804 K 10092 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,840 K 8,672 K 16232 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,404 K 5,600 K 9008 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,624 K 6,800 K 3552 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,668 K 8,272 K 2236 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,928 K 10,604 K 3760 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,504 K 10,260 K 3644 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,884 K 8,172 K 7684 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,756 K 7,372 K 1772 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,916 K 7,576 K 2228 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,024 K 9,388 K 2020 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,548 K 6,660 K 7544 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,556 K 5,936 K 3708 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,252 K 5,112 K 3800 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 920 K 3,528 K 280 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
spoolsv.exe 6,516 K 12,580 K 2616 Spooler SubSystem App Microsoft Corporation (Verified) Microsoft Windows
smss.exe 468 K 992 K 408 Windows Session Manager Microsoft Corporation (Verified) Microsoft Windows Publisher
smartscreen.exe 9,624 K 15,376 K 12092 Windows Defender SmartScreen Microsoft Corporation (Verified) Microsoft Windows
SkypeHost.exe Suspended 14,356 K 652 K 7124 Microsoft Skype Microsoft Corporation (No signature was present in the subject) Microsoft Corporation
sihost.exe 7,156 K 25,944 K 6568 Shell Infrastructure Host Microsoft Corporation (Verified) Microsoft Windows
ShellExperienceHost.exe Suspended 46,864 K 55,504 K 8168 Windows Shell Experience Host Microsoft Corporation (Verified) Microsoft Windows
sedsvc.exe 2,436 K 8,708 K 13036 sedsvc Microsoft Corporation (Verified) Microsoft Windows
sedlauncher.exe 3,412 K 1,984 K 12392 sedlauncher Microsoft Corporation (Verified) Microsoft Windows
SecurityHealthService.exe 4,256 K 14,676 K 3720 Windows Security Health Service Microsoft Corporation (Verified) Microsoft Windows Publisher
secd.exe 4,396 K 15,572 K 9980 Apple Security Manager Apple, Inc. (Verified) Apple Inc.
SearchUI.exe Suspended 88,376 K 71,964 K 8200 Search and Cortana application Microsoft Corporation (Verified) Microsoft Windows
SearchIndexer.exe 29,412 K 31,912 K 8548 Microsoft Windows Search Indexer Microsoft Corporation (Verified) Microsoft Windows
ScanToPCActivationApp.exe 3,564 K 15,084 K 7188 ScanToPCActivationApp Hewlett-Packard Co. (Verified) Hewlett Packard
RuntimeBroker.exe 7,524 K 20,032 K 8920 Runtime Broker Microsoft Corporation (Verified) Microsoft Windows
RuntimeBroker.exe 7,240 K 3,876 K 16280 Runtime Broker Microsoft Corporation (Verified) Microsoft Windows
RuntimeBroker.exe 6,988 K 24,572 K 4364 Runtime Broker Microsoft Corporation (Verified) Microsoft Windows
RuntimeBroker.exe 3,404 K 17,928 K 1484 Runtime Broker Microsoft Corporation (Verified) Microsoft Windows
RuntimeBroker.exe 3,940 K 2,660 K 16212 Runtime Broker Microsoft Corporation (Verified) Microsoft Windows
RuntimeBroker.exe 3,432 K 11,516 K 196 Runtime Broker Microsoft Corporation (Verified) Microsoft Windows
RuntimeBroker.exe 6,900 K 22,320 K 8232 Runtime Broker Microsoft Corporation (Verified) Microsoft Windows
RuntimeBroker.exe 8,520 K 20,192 K 13220 Runtime Broker Microsoft Corporation (Verified) Microsoft Windows
RtkNGUI64.exe 8,120 K 13,588 K 11208 Realtek HD Audio Manager Realtek Semiconductor (Verified) Realtek Semiconductor Corp.
RtkAudioService64.exe 2,028 K 7,636 K 2480 Realtek Audio Service Realtek Semiconductor (Verified) Realtek Semiconductor Corp.
procexp(1).exe 2,976 K 10,244 K 8524 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation
PresentationFontCache.exe 24,992 K 13,972 K 6864 PresentationFontCache.exe Microsoft Corporation (Verified) Microsoft Corporation
PEFService.exe 2,884 K 8,040 K 3688 McAfee PEF Service McAfee, Inc. (Verified) McAfee
OneDrive.exe 15,756 K 45,416 K 9432 Microsoft OneDrive Microsoft Corporation (Verified) Microsoft Corporation
NisSrv.exe 5,708 K 8,920 K 8760 Microsoft Network Realtime Inspection Service Microsoft Corporation (Verified) Microsoft Corporation
MSASCuiL.exe 2,004 K 9,224 K 11068 Windows Defender notification icon Microsoft Corporation (Verified) Microsoft Windows
ModuleCoreService.exe 11,092 K 10,872 K 2544 McAfee Module Core Service McAfee, Inc. (Verified) McAfee
mfevtps.exe 5,676 K 9,388 K 5068 McAfee Process Validation Service McAfee LLC (Verified) McAfee
mfevtps.exe 1,812 K 5,564 K 8512 McAfee Process Validation Service McAfee LLC (Verified) McAfee
mfemms.exe 2,644 K 7,056 K 3568 McAfee Management Service McAfee LLC (Verified) McAfee
Memory Compression 484 K 48,828 K 2112
McUICnt.exe 11,256 K 2,564 K 3884 McAfee McAfee, Inc. (Verified) McAfee
mcshield.exe 32,712 K 8,188 K 6356 McAfee Scanner service McAfee LLC. (Verified) McAfee
McCSPServiceHost.exe 7,964 K 14,896 K 9984 McAfee CSP Service Host McAfee, Inc. (Verified) McAfee
Lightshot.exe 9,644 K 30,628 K 12164 Lightshot Skillbrains (No signature was present in the subject) Skillbrains
jhi_service.exe 1,216 K 5,500 K 12456 Intel® Dynamic Application Loader Host Interface Intel Corporation (Verified) Intel Corporation - Embedded Subsystems and IP Blocks Group
IntuitUpdateService.exe 18,420 K 2,624 K 10544 Intuit Update Service Intuit Inc. (Verified) Intuit
igfxHK.exe 2,416 K 8,196 K 7344 igfxHK Module Intel Corporation (Verified) Intel® pGFX
igfxEM.exe 3,648 K 11,728 K 7316 igfxEM Module Intel Corporation (Verified) Intel® pGFX
igfxCUIService.exe 1,968 K 8,040 K 2184 igfxCUIService Module Intel Corporation (Verified) Intel® pGFX
iCloudServices.exe 52,432 K 36,428 K 10264 iCloud Services Apple Inc. (Verified) Apple Inc.
iCloudDrive.exe 13,460 K 26,024 K 8248 iCloud Drive Apple Inc. (Verified) Apple Inc.
HxTsr.exe Suspended 11,424 K 44,288 K 12880 Microsoft Outlook Communications Microsoft Corporation (No signature was present in the subject) Microsoft Corporation
HxOutlook.exe Suspended 34,560 K 62,980 K 14132 Microsoft Outlook Microsoft Corporation (No signature was present in the subject) Microsoft Corporation
hpwuschd2.exe 1,236 K 6,176 K 8120 hpwuSchd Application Hewlett-Packard (Verified) Hewlett-Packard Company
HPWMISVC.exe 1,640 K 7,568 K 3444 HP WMI Service HP Inc. (Verified) HP Inc.
HPRadioMgr64.exe 1,944 K 8,660 K 9728 HP Radio Manager HP (Verified) HP Inc.
HPOrbitService.exe 2,856 K 8,544 K 4372 HP Orbit HP Inc. (Verified) HP Inc.
HPJumpStartLaunch.exe 3,848 K 296 K 6956 (Verified) HP Inc.
HPJumpStartBridge.exe 16,176 K 16,168 K 11896 HP JumpStart Bridge HP Inc. (Verified) HP Inc.
HPCommRecovery.exe 14,076 K 16,660 K 4468 CommRecovery HP Inc. (No signature was present in the subject) HP Inc.
HPAudioSwitch.exe 33,560 K 35,656 K 3204 HPAudioSwitch HP Inc. (Verified) HP Inc.
fontdrvhost.exe < 0.01 3,196 K 5,840 K 512 Usermode Font Driver Host Microsoft Corporation (Verified) Microsoft Windows
fontdrvhost.exe 1,892 K 3,676 K 508 Usermode Font Driver Host Microsoft Corporation (Verified) Microsoft Windows
esif_uf.exe 1,860 K 6,224 K 3428 Intel® Dynamic Platform and Thermal Framework Intel Corporation (Verified) Intel® Software
DropboxUpdate.exe 2,140 K 1,576 K 6892 Dropbox Update Dropbox, Inc. (Verified) Dropbox
dllhost.exe 3,088 K 11,472 K 13708 COM Surrogate Microsoft Corporation (Verified) Microsoft Windows
conhost.exe 5,272 K 5,500 K 2532 Console Window Host Microsoft Corporation (Verified) Microsoft Windows
conhost.exe 1,148 K 4,732 K 2272 Console Window Host Microsoft Corporation (Verified) Microsoft Windows
backgroundTaskHost.exe Suspended 10,372 K 708 K 15048 Background Task Host Microsoft Corporation (Verified) Microsoft Windows
backgroundTaskHost.exe Suspended 9,636 K 21,816 K 16136 Background Task Host Microsoft Corporation (Verified) Microsoft Windows
audiodg.exe 12,944 K 19,064 K 12016 Windows Audio Device Graph Isolation Microsoft Corporation (Verified) Microsoft Windows
armsvc.exe 1,304 K 6,232 K 3348 Adobe Acrobat Update Service Adobe Systems Incorporated (Verified) Adobe Systems
APSDaemon.exe 5,256 K 16,068 K 2248 Apple Push Apple Inc. (Verified) Apple Inc.
ApplicationFrameHost.exe 15,532 K 32,276 K 3488 Application Frame Host Microsoft Corporation (Verified) Microsoft Windows

Edited by psjbob, 19 August 2018 - 10:51 PM.

  • 0

#12
RKinner
Posted 20 August 2018 - 03:57 AM

RKinner

    Malware Expert

  • Expert
  • 24,731 posts
  • MVP

I fired up Edge and sent it to your post on Geekstogo and the worst it used on any one instance was about 132,696 K. 

The svchost process is the one that Windows Update uses so it may be downloading and update or they may be something wrong with the update process.  McAfee has been known to interfere with the update process so:

Let's try dumping McAfee and installing the free Avast and see what it looks like then.

 

Download the offline version of the Avast installer and Save it but don't install.  Go to

https://support.avas...-Free-Antivirus

Press Download.  You should get the

 

avast_free_antivirus_setup_offline.exe

 

Save it.

 

Also Download and Save the McAfee Consumer Product Removal tool (MCPR.exe)

http://us.mcafee.com...s/mcpr/mcpr.asp

 

Search for:

 

programs and features

 

hit Enter

Find McAfee's program on the list and click on it.

click on Uninstall

 

Reboot.

 

Right click on MCPR.exe and Run as Admin

 

Follow the prompts and Reboot.

 

Now right click on the avast_free_antivirus_setup_offline.exe and Run As Admin

 

Follow the prompts.  Do not allow it to give you any optional software and stick to the Basic (free version)  avoid the trial.

 

Reboot.

 

Give Windows about 5 minutes to settle down then run Process Explorer.  Wait a minute before saving the log.  Post the log.

 

Tonight while you sleep let Avast do a boot-time scan:

 

Click on the Avast ball.  Then click on Protection, then on Antivirus, then on Other Scans then on Boot-time Scan.  Click on Install Special Definitions.  Click on Run on Next PC Reboot.

  Reboot and let it run a scan.  It may take hours.
Once it finishes it should load windows.   Mute your speakers so it doesn't wake you up when Windows boots.

When you reboot you will see the scan start.  It will tell you where it saves its log.  Usually it's C:\ProgramData\AVAST Software\Avast\report\aswBoot.txt but it might change so verify the location.   This is a hidden location so you will need to tell Windows to let you see it:

http://www.howtogeek...-windows-vista/

Copy and paste the text from the log to a Reply when done.
 

 

If it found anything and removed it then also give me a fresh Process Explorer log.


  • 0

#13
psjbob
Posted 20 August 2018 - 06:10 PM

psjbob

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts

McAfee removed, AVAST installed, Process Explorer run.

 

Process CPU Private Bytes Working Set PID Description Company Name Verified Signer
System Idle Process 63.99 52 K 8 K 0
MsMpEng.exe 11.63 147,052 K 127,596 K 3676 Antimalware Service Executable Microsoft Corporation (Verified) Microsoft Corporation
AvastSvc.exe 9.97 142,664 K 216,148 K 10288 Avast Service AVAST Software (Verified) AVAST Software s.r.o.
procexp(1)64.exe 6.87 35,852 K 76,724 K 10600 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation
Interrupts 1.59 0 K 0 K n/a Hardware Interrupts and DPCs
dwm.exe 1.55 31,688 K 43,784 K 1156 Desktop Window Manager Microsoft Corporation (Verified) Microsoft Windows
System 1.37 160 K 1,768 K 4
csrss.exe 0.70 2,284 K 5,056 K 692 Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows Publisher
AvastUI.exe 0.67 26,500 K 26,584 K 10104 Avast Antivirus AVAST Software (Verified) AVAST Software s.r.o.
svchost.exe 0.47 4,476 K 12,660 K 3364 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
TabTip.exe 0.41 3,796 K 14,224 K 6528 Touch Keyboard and Handwriting Panel Microsoft Corporation (Verified) Microsoft Windows
SearchIndexer.exe 0.21 19,052 K 16,004 K 7572 Microsoft Windows Search Indexer Microsoft Corporation (Verified) Microsoft Windows
explorer.exe 0.12 39,732 K 91,776 K 3460 Windows Explorer Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 0.09 36,016 K 43,816 K 1796 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
aswidsagenta.exe 0.09 21,288 K 39,844 K 10708 Avast Behavior Shield AVAST Software (Verified) AVAST Software s.r.o.
Memory Compression 0.08 256 K 51,680 K 1944
svchost.exe 0.06 5,352 K 8,388 K 1888 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 0.02 12,796 K 18,848 K 1252 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
iPodService.exe 0.01 2,080 K 7,348 K 9136 iPod Service Apple Inc. (Verified) Apple Inc.
svchost.exe 0.01 2,036 K 6,924 K 2616 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 0.01 2,448 K 7,068 K 2000 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
CCleaner64.exe 0.01 9,624 K 23,136 K 3216 CCleaner Piriform Ltd (Verified) Piriform Ltd
svchost.exe 0.01 18,376 K 15,904 K 1712 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
AppleMobileDeviceService.exe 0.01 3,492 K 11,056 K 3376 MobileDeviceService Apple Inc. (Verified) Apple Inc.
svchost.exe 0.01 5,944 K 11,428 K 1032 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
lsass.exe < 0.01 7,748 K 17,044 K 832 Local Security Authority Process Microsoft Corporation (Verified) Microsoft Windows Publisher
esif_assist_64.exe < 0.01 1,344 K 4,656 K 2864 Intel® Dynamic Platform and Thermal Framework Utility Application Intel Corporation (Verified) Intel® Software
csrss.exe < 0.01 1,796 K 4,892 K 584 Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe < 0.01 6,584 K 13,880 K 2428 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe < 0.01 9,252 K 24,540 K 3420 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
OneDrive.exe < 0.01 13,260 K 39,940 K 9080 Microsoft OneDrive Microsoft Corporation (Verified) Microsoft Corporation
fontdrvhost.exe < 0.01 4,112 K 5,340 K 992 Usermode Font Driver Host Microsoft Corporation (Verified) Microsoft Windows
svchost.exe < 0.01 3,700 K 15,804 K 2036 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
SynTPEnh.exe < 0.01 6,004 K 16,476 K 6780 Synaptics TouchPad 64-bit Enhancements Synaptics Incorporated (Verified) Synaptics Incorporated
iTunesHelper.exe < 0.01 4,392 K 14,192 K 8968 iTunesHelper Apple Inc. (Verified) Apple Inc.
svchost.exe < 0.01 3,368 K 7,704 K 2456 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe < 0.01 2,136 K 10,836 K 2820 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
SynTPEnhService.exe < 0.01 2,280 K 7,820 K 3640 64-bit Synaptics Pointing Enhance Service Synaptics Incorporated (Verified) Synaptics Incorporated
WUDFHost.exe 24,992 K 13,232 K 980 Windows Driver Foundation - User-mode Driver Framework Host Process Microsoft Corporation (Verified) Microsoft Windows
wlanext.exe 1,900 K 6,404 K 3052 Windows Wireless LAN 802.11 Extensibility Framework Microsoft Corporation (Verified) Microsoft Windows
WinStore.App.exe Suspended 47,664 K 68,048 K 8628 Store Microsoft Corporation (No signature was present in the subject) Microsoft Corporation
winlogon.exe 2,364 K 9,192 K 776 Windows Logon Application Microsoft Corporation (Verified) Microsoft Windows
wininit.exe 1,288 K 5,652 K 676 Windows Start-Up Application Microsoft Corporation (Verified) Microsoft Windows Publisher
taskhostw.exe 6,220 K 14,152 K 3788 Host Process for Windows Tasks Microsoft Corporation (Verified) Microsoft Windows
TabTip32.exe 1,392 K 4,408 K 2276 Touch Keyboard and Handwriting Panel Helper Microsoft Corporation (Verified) Microsoft Windows
SynTPHelper.exe 1,084 K 4,936 K 6668 Synaptics Pointing Device Helper Synaptics Incorporated (Verified) Synaptics Incorporated
svchost.exe 4,620 K 11,228 K 576 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 3,088 K 8,728 K 2244 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 11,284 K 26,620 K 1016 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 6,720 K 14,428 K 1388 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 4,940 K 16,528 K 3320 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 4,372 K 14,732 K 1132 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 3,404 K 11,716 K 2468 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,196 K 6,736 K 1080 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 6,116 K 16,040 K 10200 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,080 K 7,576 K 3028 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 5,432 K 16,160 K 6632 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,956 K 11,516 K 2220 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 38,244 K 45,452 K 4724 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,316 K 8,232 K 3580 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 5,048 K 13,732 K 2740 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,672 K 10,076 K 1468 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,272 K 7,152 K 4676 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 4,128 K 13,348 K 3568 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 3,268 K 10,232 K 2264 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,936 K 7,256 K 1804 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 7,696 K 30,732 K 1572 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,016 K 6,476 K 3596 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,192 K 9,012 K 1320 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 14,680 K 22,852 K 3504 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,072 K 11,244 K 5428 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,708 K 8,720 K 2236 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 3,172 K 13,900 K 1548 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 4,564 K 18,604 K 3684 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,316 K 8,624 K 1604 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,296 K 9,972 K 6500 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,948 K 10,912 K 1328 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,292 K 5,384 K 1812 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,632 K 5,792 K 2448 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,980 K 8,892 K 5308 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 3,556 K 11,324 K 5272 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,484 K 11,172 K 10216 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 3,760 K 8,036 K 7164 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,664 K 6,416 K 2044 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,572 K 5,384 K 8756 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,992 K 12,300 K 7692 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,340 K 5,780 K 6688 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 912 K 3,464 K 964 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,708 K 7,340 K 1656 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,276 K 8,900 K 2008 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,856 K 7,264 K 1600 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,884 K 9,340 K 2136 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,440 K 5,852 K 3384 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 4,092 K 8,292 K 3472 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,608 K 6,800 K 3544 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,988 K 6,324 K 3560 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,612 K 9,888 K 3624 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,328 K 5,232 K 3652 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,584 K 5,516 K 3200 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,580 K 5,960 K 4196 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,696 K 6,724 K 4828 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,332 K 5,112 K 5028 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,040 K 8,272 K 5280 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,548 K 6,948 K 5880 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,868 K 8,784 K 5912 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 10,048 K 31,112 K 6816 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 3,668 K 11,160 K 7704 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
spoolsv.exe 6,472 K 13,880 K 2940 Spooler SubSystem App Microsoft Corporation (Verified) Microsoft Windows
smss.exe 452 K 1,076 K 392 Windows Session Manager Microsoft Corporation (Verified) Microsoft Windows Publisher
smartscreen.exe 9,848 K 15,368 K 208 Windows Defender SmartScreen Microsoft Corporation (Verified) Microsoft Windows
SkypeHost.exe Suspended 38,884 K 39,120 K 7956 Microsoft Skype Microsoft Corporation (No signature was present in the subject) Microsoft Corporation
sihost.exe 5,512 K 22,352 K 1192 Shell Infrastructure Host Microsoft Corporation (Verified) Microsoft Windows
ShellExperienceHost.exe Suspended 30,684 K 44,292 K 6792 Windows Shell Experience Host Microsoft Corporation (Verified) Microsoft Windows
SettingSyncHost.exe 11,436 K 4,984 K 1288 Host Process for Setting Synchronization Microsoft Corporation (Verified) Microsoft Windows
services.exe 5,464 K 8,632 K 816 Services and Controller app Microsoft Corporation (Verified) Microsoft Windows Publisher
sedsvc.exe 2,600 K 8,376 K 9852 sedsvc Microsoft Corporation (Verified) Microsoft Windows
SecurityHealthService.exe 4,268 K 14,648 K 3604 Windows Security Health Service Microsoft Corporation (Verified) Microsoft Windows Publisher
secd.exe 4,312 K 15,628 K 8556 Apple Security Manager Apple, Inc. (Verified) Apple Inc.
SearchUI.exe Suspended 47,508 K 51,600 K 7228 Search and Cortana application Microsoft Corporation (Verified) Microsoft Windows
SearchProtocolHost.exe 2,100 K 8,248 K 4948 Microsoft Windows Search Protocol Host Microsoft Corporation (Verified) Microsoft Windows
SearchFilterHost.exe 1,672 K 6,700 K 1168 Microsoft Windows Search Filter Host Microsoft Corporation (Verified) Microsoft Windows
ScanToPCActivationApp.exe 3,596 K 15,548 K 8476 ScanToPCActivationApp Hewlett-Packard Co. (Verified) Hewlett Packard
RuntimeBroker.exe 5,140 K 17,888 K 7296 Runtime Broker Microsoft Corporation (Verified) Microsoft Windows
RuntimeBroker.exe 5,232 K 17,616 K 8984 Runtime Broker Microsoft Corporation (Verified) Microsoft Windows
RuntimeBroker.exe 5,928 K 2,568 K 6368 Runtime Broker Microsoft Corporation (Verified) Microsoft Windows
RuntimeBroker.exe 5,380 K 16,712 K 9428 Runtime Broker Microsoft Corporation (Verified) Microsoft Windows
RuntimeBroker.exe 1,808 K 6,180 K 7540 Runtime Broker Microsoft Corporation (Verified) Microsoft Windows
RtkNGUI64.exe 7,768 K 12,936 K 8904 Realtek HD Audio Manager Realtek Semiconductor (Verified) Realtek Semiconductor Corp.
RtkAudioService64.exe 1,752 K 7,120 K 2352 Realtek Audio Service Realtek Semiconductor (Verified) Realtek Semiconductor Corp.
procexp(1).exe 3,268 K 10,052 K 1364 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation
PresentationFontCache.exe 25,640 K 16,848 K 1428 PresentationFontCache.exe Microsoft Corporation (Verified) Microsoft Corporation
OfficeClickToRun.exe 15,156 K 27,236 K 3344 Microsoft Office Click-to-Run (SxS) Microsoft Corporation (Verified) Microsoft Corporation
NisSrv.exe 5,852 K 8,864 K 6088 Microsoft Network Realtime Inspection Service Microsoft Corporation (Verified) Microsoft Corporation
MSASCuiL.exe 1,980 K 8,880 K 8796 Windows Defender notification icon Microsoft Corporation (Verified) Microsoft Windows
Lightshot.exe 10,428 K 10,584 K 8900 Lightshot Skillbrains (No signature was present in the subject) Skillbrains
jhi_service.exe 1,240 K 5,612 K 9652 Intel® Dynamic Application Loader Host Interface Intel Corporation (Verified) Intel Corporation - Embedded Subsystems and IP Blocks Group
IntuitUpdateService.exe 17,560 K 3,528 K 4672 Intuit Update Service Intuit Inc. (Verified) Intuit
igfxHK.exe 2,348 K 8,580 K 6984 igfxHK Module Intel Corporation (Verified) Intel® pGFX
igfxEM.exe 3,328 K 11,616 K 6960 igfxEM Module Intel Corporation (Verified) Intel® pGFX
igfxCUIService.exe 1,876 K 7,908 K 1100 igfxCUIService Module Intel Corporation (Verified) Intel® pGFX
iCloudServices.exe 44,968 K 49,096 K 9212 iCloud Services Apple Inc. (Verified) Apple Inc.
iCloudPhotos.exe 14,212 K 30,552 K 8504 iCloud Photo Library Apple Inc. (Verified) Apple Inc.
iCloudDrive.exe 11,964 K 27,496 K 8456 iCloud Drive Apple Inc. (Verified) Apple Inc.
hpwuschd2.exe 1,272 K 6,020 K 7052 hpwuSchd Application Hewlett-Packard (Verified) Hewlett-Packard Company
HPWMISVC.exe 1,528 K 7,272 K 3392 HP WMI Service HP Inc. (Verified) HP Inc.
HPSupportSolutionsFrameworkService.exe 38,856 K 33,924 K 10028 HP Support Solutions Framework Service HP Inc. (Verified) HP Inc.
HPRadioMgr64.exe 1,908 K 8,604 K 9096 HP Radio Manager HP (Verified) HP Inc.
HPOrbitService.exe 2,840 K 9,760 K 3236 HP Orbit HP Inc. (Verified) HP Inc.
HPJumpStartLaunch.exe 3,980 K 540 K 3752 (Verified) HP Inc.
HPJumpStartBridge.exe 16,084 K 27,616 K 9948 HP JumpStart Bridge HP Inc. (Verified) HP Inc.
HPCommRecovery.exe 13,592 K 16,044 K 8976 CommRecovery HP Inc. (No signature was present in the subject) HP Inc.
HPAudioSwitch.exe 34,000 K 42,868 K 8760 HPAudioSwitch HP Inc. (Verified) HP Inc.
fontdrvhost.exe 1,684 K 3,416 K 1000 Usermode Font Driver Host Microsoft Corporation (Verified) Microsoft Windows
esif_uf.exe 1,888 K 6,604 K 3352 Intel® Dynamic Platform and Thermal Framework Intel Corporation (Verified) Intel® Software
DropboxUpdate.exe 2,088 K 208 K 3668 Dropbox Update Dropbox, Inc. (Verified) Dropbox
dasHost.exe 6,152 K 15,104 K 3152 Device Association Framework Provider Host Microsoft Corporation (Verified) Microsoft Windows
ctfmon.exe 2,916 K 12,704 K 6572 CTF Loader Microsoft Corporation (Verified) Microsoft Windows
conhost.exe 1,144 K 4,676 K 2120 Console Window Host Microsoft Corporation (Verified) Microsoft Windows
AvastBrowserUpdate.exe 2,472 K 676 K 5504 Avast Browser Update AVAST Software (Verified) AVAST Software s.r.o.
AvastBrowserCrashHandler64.exe 1,704 K 268 K 10580 Avast Browser Update AVAST Software (Verified) AVAST Software s.r.o.
AvastBrowserCrashHandler.exe 1,860 K 552 K 10300 Avast Browser Update AVAST Software (Verified) AVAST Software s.r.o.
audiodg.exe 9,748 K 17,036 K 3172 Windows Audio Device Graph Isolation Microsoft Corporation (Verified) Microsoft Windows
armsvc.exe 1,304 K 6,184 K 3328 Adobe Acrobat Update Service Adobe Systems Incorporated (Verified) Adobe Systems
APSDaemon.exe 4,684 K 14,556 K 6384 Apple Push Apple Inc. (Verified) Apple Inc.
ApplicationFrameHost.exe 8,220 K 24,836 K 2280 Application Frame Host Microsoft Corporation (Verified) Microsoft Windows
 
 
 
 
I will run AVAST and post that log after it has finished AND a new Process Explorer log per the rest of your instructions.

  • 0

#14
RKinner
Posted 20 August 2018 - 11:03 PM

RKinner

    Malware Expert

  • Expert
  • 24,731 posts
  • MVP

MsMpEng.exe 11.63 147,052 K 127,596 K 3676 Antimalware Service Executable Microsoft Corporation (Verified) Microsoft Corporation

 

 

Normally Avast will turn off Windows Defender but it didn't this time.  Otherwise things look a lot better.

 

Let me see a new FRST scan and we will use a fixlist to kill it.


  • 0

#15
psjbob
Posted 21 August 2018 - 05:01 PM

psjbob

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts

Results of AVast Boot-time scan. (I deleted the Wild Tangent after seeing them listed.

 

 

08/21/2018 15:18
Scan of C:
 
Scan of *STARTUP
 
File C:\ProgramData\WildTangent\GameInstalls\WTA-0db591fa-a369-4dea-816e-d799d5db286b-extr.exe|>$_OUTDIR\base\Textures\match3\Chicken\Mashet.anim Error 42110 {The file is a decompression bomb.}
File C:\ProgramData\WildTangent\GameInstalls\WTA-0db591fa-a369-4dea-816e-d799d5db286b-extr.exe|>$_OUTDIR\base\Textures\match3\Chicken\Neytral.anim Error 42110 {The file is a decompression bomb.}
File C:\ProgramData\WildTangent\GameInstalls\WTA-0db591fa-a369-4dea-816e-d799d5db286b-extr.exe Error 42110 {The file is a decompression bomb.}
Number of searched folders: 83705
Number of tested files: 956580
Number of infected files: 0
 
 
 
I ran a you fresh Process Explorer log after removing it.
 
Process CPU Private Bytes Working Set PID Description Company Name Verified Signer
System Idle Process 63.93 52 K 8 K 0
aswidsagenta.exe 18.69 39,388 K 54,792 K 6128 Avast Behavior Shield AVAST Software (Verified) AVAST Software s.r.o.
procexp(1)64.exe 7.00 52,000 K 77,536 K 3396 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation
MsMpEng.exe 2.47 143,684 K 142,540 K 3972 Antimalware Service Executable Microsoft Corporation (Verified) Microsoft Corporation
svchost.exe 1.70 32,360 K 54,564 K 5156 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
dwm.exe 1.63 27,404 K 45,732 K 1116 Desktop Window Manager Microsoft Corporation (Verified) Microsoft Windows
Interrupts 1.36 0 K 0 K n/a Hardware Interrupts and DPCs
System 1.05 160 K 2,616 K 4
csrss.exe 0.78 2,288 K 5,548 K 716 Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows Publisher
TabTip.exe 0.56 3,784 K 15,524 K 8732 Touch Keyboard and Handwriting Panel Microsoft Corporation (Verified) Microsoft Windows
AvastUI.exe 0.28 20,412 K 20,780 K 2368 Avast Antivirus AVAST Software (Verified) AVAST Software s.r.o.
explorer.exe 0.09 40,784 K 93,836 K 5284 Windows Explorer Microsoft Corporation (Verified) Microsoft Windows
AvastSvc.exe 0.09 84,996 K 147,760 K 2716 Avast Service AVAST Software (Verified) AVAST Software s.r.o.
svchost.exe 0.05 12,280 K 28,952 K 260 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
HPNetworkCommunicator.exe 0.04 2,692 K 10,132 K 8384 HPNetworkCommunicator Hewlett-Packard Co. (Verified) Hewlett Packard
svchost.exe 0.04 7,884 K 24,436 K 7096 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 0.04 39,516 K 40,756 K 1876 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 0.03 1,776 K 6,164 K 4564 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 0.02 5,912 K 11,940 K 896 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
UpdateAssistant.exe 0.02 2,020 K 1,096 K 3404 UpdateAssistant Microsoft Corporation (Verified) Microsoft Corporation
SettingSyncHost.exe 0.02 12,696 K 20,856 K 8208 Host Process for Setting Synchronization Microsoft Corporation (Verified) Microsoft Windows
iPodService.exe 0.01 2,188 K 8,172 K 9824 iPod Service Apple Inc. (Verified) Apple Inc.
HPSF.exe 0.01 22,460 K 5,952 K 6612 HP Support Assistant HP Inc. (Verified) HP Inc.
lsass.exe 0.01 6,992 K 17,112 K 848 Local Security Authority Process Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 0.01 5,096 K 16,068 K 2636 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 0.01 19,032 K 19,860 K 1452 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 0.01 2,364 K 10,360 K 9676 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
AppleMobileDeviceService.exe 0.01 3,336 K 12,896 K 3668 MobileDeviceService Apple Inc. (Verified) Apple Inc.
CCleaner64.exe 0.01 9,620 K 26,132 K 3152 CCleaner Piriform Ltd (Verified) Piriform Ltd
csrss.exe < 0.01 2,000 K 5,380 K 620 Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows Publisher
WerFault.exe < 0.01 24,776 K 9,528 K 3748 Windows Problem Reporting Microsoft Corporation (Verified) Microsoft Windows
fontdrvhost.exe < 0.01 2,456 K 6,536 K 984 Usermode Font Driver Host Microsoft Corporation (Verified) Microsoft Windows
services.exe < 0.01 6,996 K 10,784 K 832 Services and Controller app Microsoft Corporation (Verified) Microsoft Windows Publisher
HPRadioMgr64.exe < 0.01 1,952 K 9,348 K 9804 HP Radio Manager HP (Verified) HP Inc.
esif_assist_64.exe < 0.01 1,416 K 5,172 K 4060 Intel® Dynamic Platform and Thermal Framework Utility Application Intel Corporation (Verified) Intel® Software
taskhostw.exe < 0.01 5,416 K 14,656 K 5112 Host Process for Windows Tasks Microsoft Corporation (Verified) Microsoft Windows
svchost.exe < 0.01 3,320 K 14,592 K 1268 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
spoolsv.exe < 0.01 6,432 K 16,404 K 2948 Spooler SubSystem App Microsoft Corporation (Verified) Microsoft Windows
OneDrive.exe < 0.01 13,832 K 46,244 K 7444 Microsoft OneDrive Microsoft Corporation (Verified) Microsoft Corporation
SynTPEnh.exe < 0.01 6,148 K 19,944 K 3136 Synaptics TouchPad 64-bit Enhancements Synaptics Incorporated (Verified) Synaptics Incorporated
sedsvc.exe < 0.01 2,648 K 10,104 K 4112 sedsvc Microsoft Corporation (Verified) Microsoft Windows
iTunesHelper.exe < 0.01 4,500 K 16,412 K 7448 iTunesHelper Apple Inc. (Verified) Apple Inc.
Memory Compression < 0.01 96 K 10,572 K 1940
WUDFHost.exe 25,080 K 15,264 K 976 Windows Driver Foundation - User-mode Driver Framework Host Process Microsoft Corporation (Verified) Microsoft Windows
wlanext.exe 1,912 K 7,132 K 2708 Windows Wireless LAN 802.11 Extensibility Framework Microsoft Corporation (Verified) Microsoft Windows
winlogon.exe 2,220 K 10,316 K 792 Windows Logon Application Microsoft Corporation (Verified) Microsoft Windows
wininit.exe 1,684 K 6,688 K 704 Windows Start-Up Application Microsoft Corporation (Verified) Microsoft Windows Publisher
TabTip32.exe 1,436 K 5,172 K 8824 Touch Keyboard and Handwriting Panel Helper Microsoft Corporation (Verified) Microsoft Windows
SynTPHelper.exe 1,016 K 4,844 K 5104 Synaptics Pointing Device Helper Synaptics Incorporated (Verified) Synaptics Incorporated
SynTPEnhService.exe 2,336 K 9,016 K 3916 64-bit Synaptics Pointing Enhance Service Synaptics Incorporated (Verified) Synaptics Incorporated
svchost.exe 4,864 K 12,268 K 2156 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 12,808 K 22,052 K 1224 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,400 K 7,584 K 1044 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 56,260 K 53,512 K 3720 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 3,628 K 10,296 K 3328 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,708 K 10,956 K 1360 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 4,484 K 12,992 K 3256 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 3,656 K 19,224 K 5292 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 5,564 K 17,912 K 6364 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,872 K 8,052 K 1536 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,204 K 7,224 K 4340 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 4,132 K 15,496 K 1768 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 4,288 K 13,120 K 3652 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 3,788 K 13,292 K 2448 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,408 K 5,976 K 1884 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 5,268 K 23,148 K 3660 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,600 K 11,836 K 2688 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,404 K 7,572 K 1640 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 4,872 K 9,052 K 1564 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 8,992 K 27,876 K 3684 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 3,156 K 12,368 K 2084 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 6,784 K 15,748 K 1340 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 4,204 K 10,908 K 3784 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,420 K 9,160 K 452 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,788 K 6,508 K 7660 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,192 K 8,020 K 1868 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,236 K 11,624 K 1608 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 3,304 K 11,528 K 1168 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 5,084 K 12,364 K 1752 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,576 K 9,064 K 1480 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,332 K 12,020 K 3704 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,080 K 8,336 K 3024 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,700 K 13,172 K 7512 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,400 K 13,692 K 10540 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 8,288 K 33,732 K 4156 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,164 K 7,420 K 2540 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,692 K 9,328 K 10024 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 4,560 K 14,448 K 3844 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,852 K 8,072 K 3368 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 3,332 K 9,640 K 1844 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 3,076 K 8,104 K 2408 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,948 K 8,172 K 9600 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,796 K 6,524 K 2416 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 4,712 K 21,576 K 3988 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,340 K 9,984 K 1284 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,024 K 10,296 K 1792 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 3,604 K 7,048 K 6000 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,848 K 5,908 K 6304 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,428 K 6,104 K 5196 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,724 K 11,356 K 3904 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,096 K 7,412 K 3856 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,288 K 9,452 K 3272 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,388 K 9,596 K 1980 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,000 K 3,964 K 968 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,996 K 7,780 K 1208 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,108 K 8,264 K 2028 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,712 K 7,408 K 2036 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,864 K 6,728 K 3036 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,468 K 5,588 K 2552 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,600 K 7,608 K 3804 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 3,268 K 8,980 K 3832 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,696 K 6,684 K 3880 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,372 K 5,748 K 3944 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,720 K 6,760 K 3952 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,860 K 7,256 K 5744 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,728 K 7,540 K 5676 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,112 K 9,628 K 4804 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 3,224 K 8,832 K 8196 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
sppsvc.exe 2,516 K 8,636 K 7332 Microsoft Software Protection Platform Service Microsoft Corporation (Verified) Microsoft Windows
smss.exe 576 K 1,252 K 428 Windows Session Manager Microsoft Corporation (Verified) Microsoft Windows Publisher
smartscreen.exe 13,876 K 20,080 K 7768 Windows Defender SmartScreen Microsoft Corporation (Verified) Microsoft Windows
SkypeHost.exe Suspended 2,720 K 5,012 K 3680 Microsoft Skype Microsoft Corporation (No signature was present in the subject) Microsoft Corporation
sihost.exe 5,900 K 23,404 K 3564 Shell Infrastructure Host Microsoft Corporation (Verified) Microsoft Windows
ShellExperienceHost.exe Suspended 30,864 K 67,400 K 6960 Windows Shell Experience Host Microsoft Corporation (Verified) Microsoft Windows
SecurityHealthService.exe 2,920 K 12,016 K 3892 Windows Security Health Service Microsoft Corporation (Verified) Microsoft Windows Publisher
secd.exe 4,408 K 18,392 K 9612 Apple Security Manager Apple, Inc. (Verified) Apple Inc.
SearchUI.exe Suspended 47,936 K 90,356 K 4268 Search and Cortana application Microsoft Corporation (Verified) Microsoft Windows
SearchIndexer.exe 20,588 K 20,644 K 7700 Microsoft Windows Search Indexer Microsoft Corporation (Verified) Microsoft Windows
ScanToPCActivationApp.exe 3,496 K 15,880 K 6724 ScanToPCActivationApp Hewlett-Packard Co. (Verified) Hewlett Packard
RuntimeBroker.exe 2,176 K 8,468 K 9636 Runtime Broker Microsoft Corporation (Verified) Microsoft Windows
RuntimeBroker.exe 1,984 K 7,688 K 3060 Runtime Broker Microsoft Corporation (Verified) Microsoft Windows
RuntimeBroker.exe 5,656 K 20,816 K 3508 Runtime Broker Microsoft Corporation (Verified) Microsoft Windows
RuntimeBroker.exe 1,852 K 6,792 K 7292 Runtime Broker Microsoft Corporation (Verified) Microsoft Windows
RtkNGUI64.exe 8,208 K 17,080 K 1428 Realtek HD Audio Manager Realtek Semiconductor (Verified) Realtek Semiconductor Corp.
RtkAudioService64.exe 1,812 K 8,268 K 2276 Realtek Audio Service Realtek Semiconductor (Verified) Realtek Semiconductor Corp.
procexp(1).exe 2,996 K 10,184 K 10804 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation
PresentationFontCache.exe 25,648 K 19,132 K 4820 PresentationFontCache.exe Microsoft Corporation (Verified) Microsoft Corporation
OfficeClickToRun.exe 15,056 K 32,180 K 3644 Microsoft Office Click-to-Run (SxS) Microsoft Corporation (Verified) Microsoft Corporation
NisSrv.exe 5,300 K 9,468 K 8716 Microsoft Network Realtime Inspection Service Microsoft Corporation (Verified) Microsoft Corporation
MSASCuiL.exe 1,988 K 9,944 K 3088 Windows Defender notification icon Microsoft Corporation (Verified) Microsoft Windows
Lightshot.exe 11,068 K 13,704 K 2296 Lightshot Skillbrains (No signature was present in the subject) Skillbrains
jhi_service.exe 1,376 K 6,452 K 10356 Intel® Dynamic Application Loader Host Interface Intel Corporation (Verified) Intel Corporation - Embedded Subsystems and IP Blocks Group
IntuitUpdateService.exe 20,948 K 10,248 K 11192 Intuit Update Service Intuit Inc. (Verified) Intuit
igfxHK.exe 2,432 K 9,416 K 5632 igfxHK Module Intel Corporation (Verified) Intel® pGFX
igfxEM.exe 3,468 K 12,684 K 5608 igfxEM Module Intel Corporation (Verified) Intel® pGFX
igfxCUIService.exe 2,020 K 8,992 K 2000 igfxCUIService Module Intel Corporation (Verified) Intel® pGFX
iCloudServices.exe 40,352 K 58,104 K 7608 iCloud Services Apple Inc. (Verified) Apple Inc.
iCloudPhotos.exe 14,744 K 35,492 K 6616 iCloud Photo Library Apple Inc. (Verified) Apple Inc.
iCloudDrive.exe 12,532 K 32,940 K 7048 iCloud Drive Apple Inc. (Verified) Apple Inc.
hpwuschd2.exe 1,272 K 6,612 K 9884 hpwuSchd Application Hewlett-Packard (Verified) Hewlett-Packard Company
HPWMISVC.exe 1,444 K 6,528 K 6700 HP WMI Service HP Inc. (Verified) HP Inc.
HPSupportSolutionsFrameworkService.exe 37,444 K 40,272 K 10596 HP Support Solutions Framework Service HP Inc. (Verified) HP Inc.
HPOrbitService.exe 2,884 K 10,920 K 4500 HP Orbit HP Inc. (Verified) HP Inc.
HPMSGSVC.exe 2,072 K 9,336 K 9692 HP Message Service HP Inc. (Verified) HP Inc.
HPMSGSVC.exe Suspended 320 K 288 K 8648 HP Message Service HP Inc. (Verified) HP Inc.
HPJumpStartLaunch.exe 4,032 K 1,448 K 5092 (Verified) HP Inc.
HPJumpStartBridge.exe 19,388 K 27,000 K 10560 HP JumpStart Bridge HP Inc. (Verified) HP Inc.
HPCommRecovery.exe 13,128 K 16,336 K 10340 CommRecovery HP Inc. (No signature was present in the subject) HP Inc.
HPAudioSwitch.exe 35,164 K 42,644 K 9864 HPAudioSwitch HP Inc. (Verified) HP Inc.
fontdrvhost.exe 1,644 K 4,260 K 988 Usermode Font Driver Host Microsoft Corporation (Verified) Microsoft Windows
esif_uf.exe 1,956 K 7,172 K 3628 Intel® Dynamic Platform and Thermal Framework Intel Corporation (Verified) Intel® Software
dasHost.exe 6,664 K 18,320 K 2216 Device Association Framework Provider Host Microsoft Corporation (Verified) Microsoft Windows
ctfmon.exe 2,884 K 13,656 K 8720 CTF Loader Microsoft Corporation (Verified) Microsoft Windows
conhost.exe 1,204 K 5,532 K 2724 Console Window Host Microsoft Corporation (Verified) Microsoft Windows
backgroundTaskHost.exe Suspended 11,720 K 24,860 K 8248 Background Task Host Microsoft Corporation (Verified) Microsoft Windows
backgroundTaskHost.exe Suspended 8,176 K 14,592 K 8260 Background Task Host Microsoft Corporation (Verified) Microsoft Windows
AvastBrowserCrashHandler64.exe 1,712 K 204 K 9200 Avast Browser Update AVAST Software (Verified) AVAST Software s.r.o.
AvastBrowserCrashHandler.exe 1,804 K 620 K 6624 Avast Browser Update AVAST Software (Verified) AVAST Software s.r.o.
audiodg.exe 10,704 K 14,872 K 2352 Windows Audio Device Graph Isolation Microsoft Corporation (Verified) Microsoft Windows
armsvc.exe 1,592 K 6,960 K 3636 Adobe Acrobat Update Service Adobe Systems Incorporated (Verified) Adobe Systems
APSDaemon.exe 5,168 K 17,340 K 9460 Apple Push Apple Inc. (Verified) Apple Inc.
 
 
FRST Log
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 19.08.2018 02
Ran by eviei (administrator) on LAPTOP-VCBMR6EO (21-08-2018 18:43:46)
Running from C:\Users\eviei\Desktop
Loaded Profiles: eviei (Available Profiles: eviei)
Platform: Windows 10 Home Version 1709 16299.248 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: "C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe" -- "%1")
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Intel Corporation) C:\Windows\SysWOW64\esif_uf.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1807.18075-0\MsMpEng.exe
(Intel Corporation) C:\Windows\Temp\DPTF\esif_assist_64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(HP Inc.) C:\Program Files\HP\HP Orbit Service\HPOrbitService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
() C:\Program Files (x86)\HP\HP JumpStart Launch\HPJumpStartLaunch.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Update\1.4.154.333\AvastBrowserCrashHandler.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Update\1.4.154.333\AvastBrowserCrashHandler64.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1807.18075-0\NisSrv.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 6500 E710n-z\Bin\ScanToPCActivationApp.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(HP) C:\Program Files (x86)\HP\HP Wireless Button Driver\HPRadioMgr64.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(HP Inc.) C:\Program Files (x86)\HP\HPAudioSwitch\HPAudioSwitch.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Skillbrains) C:\Program Files (x86)\Skillbrains\lightshot\5.4.0.35\Lightshot.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Apple, Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\secd.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.210.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(HP Inc.) C:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe
(HP Inc.) C:\Program Files\HPCommRecovery\HPCommRecovery.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe
(HP Inc.) C:\Program Files (x86)\HP\HP JumpStart Bridge\HPJumpStartBridge.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\TXE Components\DAL\jhi_service.exe
(Microsoft Corporation) C:\Program Files\rempl\sedsvc.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.16299.245_none_16ec1d963212a637\TiWorker.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [630168 2017-09-29] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9216000 2017-04-13] (Realtek Semiconductor)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [297272 2017-12-11] (Apple Inc.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [242392 2018-08-21] (AVAST Software)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe [705784 2016-06-20] (HP Inc.)
HKLM-x32\...\Run: [HPRadioMgr] => C:\Program Files (x86)\HP\HP Wireless Button Driver\HPRadioMgr64.exe [324488 2016-08-02] (HP)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Lightshot] => C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe [225944 2017-04-11] ()
HKU\S-1-5-21-3252656029-1357310190-2560453275-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2017-12-08] (Apple Inc.)
HKU\S-1-5-21-3252656029-1357310190-2560453275-1001\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [110392 2017-12-08] (Apple Inc.)
HKU\S-1-5-21-3252656029-1357310190-2560453275-1001\...\Run: [iCloudPhotos] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe [356664 2017-12-08] (Apple Inc.)
HKU\S-1-5-21-3252656029-1357310190-2560453275-1001\...\Run: [HP Officejet 6500 E710n-z (NET)] => C:\Program Files\HP\HP Officejet 6500 E710n-z\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-3252656029-1357310190-2560453275-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [18385368 2018-06-24] (Piriform Ltd)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{d7c83393-01ff-488e-b4c7-ce4733f24f2d}: [DhcpNameServer] 192.168.1.254
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp17win10.msn.com/?pc=HCTE
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp17win10.msn.com/?pc=HCTE
HKU\S-1-5-21-3252656029-1357310190-2560453275-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp17win10.msn.com/?pc=HCTE
HKU\S-1-5-21-3252656029-1357310190-2560453275-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp17win10.msn.com/?pc=HCTE
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2018-08-18] (Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2016-12-07] (HP Inc.)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2016-12-07] (HP Inc.)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-08-18] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-08-18] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-08-18] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-08-18] (Microsoft Corporation)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} -  No File
 
FireFox:
========
FF DefaultProfile: l7f6zkd0.default
FF ProfilePath: C:\Users\eviei\AppData\Roaming\Mozilla\Firefox\Profiles\l7f6zkd0.default [2018-08-21]
FF Extension: (Avast SafePrice) - C:\Users\eviei\AppData\Roaming\Mozilla\Firefox\Profiles\l7f6zkd0.default\Extensions\[email protected] [2018-08-20]
FF Extension: (Avast Online Security) - C:\Users\eviei\AppData\Roaming\Mozilla\Firefox\Profiles\l7f6zkd0.default\Extensions\[email protected] [2018-08-20]
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.56 -> C:\Program Files (x86)\Intel\TXE Components\IPT\npIntelWebAPIIPT.dll [2014-07-02] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\TXE Components\IPT\npIntelWebAPIUpdater.dll [2014-07-02] (Intel Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2018-03-20] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-07-14] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-07-14] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-06-29] (Adobe Systems Inc.)
 
Chrome: 
=======
CHR Profile: C:\Users\eviei\AppData\Local\Google\Chrome\User Data\Default [2018-08-21]
CHR Extension: (Slides) - C:\Users\eviei\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-07-14]
CHR Extension: (Docs) - C:\Users\eviei\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-07-14]
CHR Extension: (Google Drive) - C:\Users\eviei\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-07-14]
CHR Extension: (YouTube) - C:\Users\eviei\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-07-14]
CHR Extension: (Sheets) - C:\Users\eviei\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-07-14]
CHR Extension: (Google Docs Offline) - C:\Users\eviei\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-07-17]
CHR Extension: (Avast Online Security) - C:\Users\eviei\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2018-08-21]
CHR Extension: (Chrome Web Store Payments) - C:\Users\eviei\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-07-14]
CHR Extension: (Gmail) - C:\Users\eviei\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-07-14]
CHR Extension: (Chrome Media Router) - C:\Users\eviei\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-08-20]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-11-27] (Apple Inc.)
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7994520 2018-08-21] (AVAST Software)
S2 avast; C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-08-20] (AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [322464 2018-08-21] (AVAST Software)
S3 avastm; C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-08-20] (AVAST Software)
S3 AvastWscReporter; C:\Program Files\AVAST Software\Avast\wsc_proxy.exe [57504 2018-08-21] (AVAST Software)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [8853984 2018-08-09] (Microsoft Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-11-24] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-11-24] (Dropbox, Inc.)
R2 esifsvc; C:\WINDOWS\SysWOW64\esif_uf.exe [1419424 2017-03-28] (Intel Corporation)
R2 HP Comm Recover; C:\Program Files\HPCommRecovery\HPCommRecovery.exe [1309184 2016-10-07] (HP Inc.) [File not signed]
R2 HP Orbit Service; C:\Program Files\HP\HP Orbit Service\HPOrbitService.exe [3394072 2017-03-01] (HP Inc.)
R2 HPJumpStartBridge; c:\Program Files (x86)\HP\HP JumpStart Bridge\HPJumpStartBridge.exe [471040 2017-04-03] (HP Inc.)
S3 hpqcaslwmiex; C:\Program Files (x86)\HP\Shared\hpqwmiex.exe [1031704 2016-06-04] (HP)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [332144 2017-11-21] (HP Inc.)
R2 HPWMISVC; c:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe [631800 2016-06-20] (HP Inc.)
R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [356336 2017-03-28] (Intel Corporation)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [887784 2015-09-03] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\TXE Components\DAL\jhi_service.exe [174368 2015-04-21] (Intel Corporation)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [324608 2017-04-13] (Realtek Semiconductor)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [360456 2018-04-13] (Synaptics Incorporated)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1807.18075-0\NisSrv.exe [3905952 2018-08-10] (Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1807.18075-0\MsMpEng.exe [110944 2018-08-10] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [199712 2018-08-21] (AVAST Software)
R1 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdrivera.sys [229384 2018-08-21] (AVAST Software)
R0 aswbidsh; C:\WINDOWS\System32\drivers\aswbidsha.sys [201320 2018-08-21] (AVAST Software)
R0 aswblog; C:\WINDOWS\System32\drivers\aswbloga.sys [346664 2018-08-21] (AVAST Software)
R0 aswbuniv; C:\WINDOWS\System32\drivers\aswbuniva.sys [59568 2018-08-21] (AVAST Software)
R0 aswElam; C:\WINDOWS\System32\drivers\aswElam.sys [15360 2018-08-20] (AVAST Software)
R1 aswHdsKe; C:\WINDOWS\System32\drivers\aswHdsKe.sys [249016 2018-08-21] (AVAST Software)
S3 aswHwid; C:\WINDOWS\System32\drivers\aswHwid.sys [46968 2018-08-21] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [163272 2018-08-21] (AVAST Software)
R1 aswRdr; C:\WINDOWS\System32\drivers\aswRdr2.sys [111864 2018-08-21] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [85968 2018-08-21] (AVAST Software)
R1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [1027720 2018-08-21] (AVAST Software)
R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [467232 2018-08-21] (AVAST Software)
R2 aswStm; C:\WINDOWS\System32\drivers\aswStm.sys [214800 2018-08-21] (AVAST Software)
R0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [381560 2018-08-21] (AVAST Software)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd.)
R3 dptf_acpi; C:\WINDOWS\System32\drivers\dptf_acpi.sys [55792 2017-03-28] (Intel Corporation)
R3 dptf_cpu; C:\WINDOWS\System32\drivers\dptf_cpu.sys [52208 2017-03-28] (Intel Corporation)
R3 esif_lf; C:\WINDOWS\system32\DRIVERS\esif_lf.sys [260080 2017-03-28] (Intel Corporation)
R3 igfxLP; C:\WINDOWS\system32\DRIVERS\igdkmd64lp.sys [7407064 2017-03-28] (Intel Corporation)
S3 rspLLL; C:\WINDOWS\System32\DRIVERS\rspLLL64.sys [26368 2015-07-13] (Resplendence Software Projects Sp.)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [954368 2017-04-14] (Realtek )
S3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [420832 2017-04-27] (Realsil Semiconductor Corporation)
R3 RTWlanE; C:\WINDOWS\System32\drivers\rtwlane.sys [7904088 2018-04-20] (Realtek Semiconductor Corporation )
S3 SmbDrv; C:\WINDOWS\System32\drivers\Smb_driver_AMDASF.sys [60504 2017-04-28] (Synaptics Incorporated)
R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [55304 2018-04-13] (Synaptics Incorporated)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd.)
R3 TXEIx64; C:\WINDOWS\System32\drivers\TXEIx64.sys [146200 2015-10-15] (Intel Corporation)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [46584 2018-08-10] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [340008 2018-08-10] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [61992 2018-08-10] (Microsoft Corporation)
R3 WirelessButtonDriver64; C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys [34960 2018-02-02] (HP)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-08-21 18:43 - 2018-08-21 18:45 - 000018937 _____ C:\Users\eviei\Desktop\FRST.txt
2018-08-21 18:36 - 2018-08-21 18:36 - 000000000 ___HD C:\OneDriveTemp
2018-08-21 18:29 - 2018-08-21 18:29 - 000000683 _____ C:\Users\eviei\Desktop\aswBoot.txt
2018-08-21 14:44 - 2018-08-21 14:44 - 000379608 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2018-08-21 12:24 - 2018-08-21 12:25 - 013669907 _____ C:\Users\eviei\Downloads\windows10.0-kb4090914-x64_c72e85e0ed037eee289e3793c01b5f0a0f7b63f1.msu
2018-08-21 12:15 - 2018-08-21 12:15 - 000000000 ____D C:\Users\eviei\AppData\Local\ElevatedDiagnostics
2018-08-21 01:10 - 2018-08-21 18:43 - 000000000 ____D C:\Users\eviei\AppData\Local\CrashDumps
2018-08-20 22:19 - 2018-08-21 01:09 - 000000000 ____D C:\WINDOWS\Minidump
2018-08-20 20:02 - 2018-08-21 14:53 - 000000000 _____ C:\WINDOWS\SysWOW64\last.dump
2018-08-20 19:53 - 2018-08-20 19:53 - 000000000 ____D C:\Users\eviei\AppData\Roaming\AVAST Software
2018-08-20 19:52 - 2018-08-20 19:52 - 000001986 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Free Antivirus.lnk
2018-08-20 19:52 - 2018-08-20 19:52 - 000001974 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2018-08-20 19:52 - 2018-08-20 19:52 - 000000000 ____D C:\WINDOWS\System32\Tasks\Avast Software
2018-08-20 19:51 - 2018-08-21 17:56 - 000004264 _____ C:\WINDOWS\System32\Tasks\Avast Emergency Update
2018-08-20 19:51 - 2018-08-20 19:51 - 000002581 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Secure Browser.lnk
2018-08-20 19:51 - 2018-08-20 19:51 - 000002546 _____ C:\Users\Public\Desktop\Avast Secure Browser.lnk
2018-08-20 19:45 - 2018-08-20 19:53 - 000000000 ____D C:\Users\eviei\AppData\Local\AVAST Software
2018-08-20 19:45 - 2018-08-20 19:45 - 000003458 _____ C:\WINDOWS\System32\Tasks\AvastUpdateTaskMachineUA
2018-08-20 19:45 - 2018-08-20 19:45 - 000003334 _____ C:\WINDOWS\System32\Tasks\AvastUpdateTaskMachineCore
2018-08-20 19:45 - 2018-08-20 19:45 - 000000000 ____D C:\Program Files (x86)\AVAST Software
2018-08-20 19:44 - 2018-08-21 14:44 - 000467232 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2018-08-20 19:44 - 2018-08-21 14:44 - 000381560 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2018-08-20 19:44 - 2018-08-21 14:44 - 000214800 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2018-08-20 19:44 - 2018-08-21 14:44 - 000199712 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswArPot.sys
2018-08-20 19:44 - 2018-08-21 14:44 - 000163272 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2018-08-20 19:44 - 2018-08-21 14:44 - 000111864 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2018-08-20 19:44 - 2018-08-21 14:44 - 000085968 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2018-08-20 19:44 - 2018-08-21 14:44 - 000046968 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
2018-08-20 19:44 - 2018-08-21 14:42 - 001027720 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2018-08-20 19:44 - 2018-08-21 14:42 - 000346664 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbloga.sys
2018-08-20 19:44 - 2018-08-21 14:42 - 000249016 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHdsKe.sys
2018-08-20 19:44 - 2018-08-21 14:42 - 000229384 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsdrivera.sys
2018-08-20 19:44 - 2018-08-21 14:42 - 000201320 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsha.sys
2018-08-20 19:44 - 2018-08-21 14:42 - 000059568 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbuniva.sys
2018-08-20 19:44 - 2018-08-20 19:43 - 000015360 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswElam.sys
2018-08-20 19:43 - 2018-08-20 19:43 - 000000000 ____D C:\Program Files\Common Files\AVAST Software
2018-08-20 19:41 - 2018-08-20 19:41 - 000000000 ____D C:\Program Files\AVAST Software
2018-08-20 19:40 - 2018-08-20 20:10 - 000000000 ____D C:\ProgramData\AVAST Software
2018-08-20 19:10 - 2018-08-20 19:10 - 010593472 _____ (McAfee, Inc.) C:\Users\eviei\Downloads\MCPR.exe
2018-08-20 19:07 - 2018-08-20 19:10 - 262470744 _____ (AVAST Software) C:\Users\eviei\Downloads\avast_free_antivirus_setup_offline (1).exe
2018-08-18 23:22 - 2018-08-18 23:22 - 000000000 ____D C:\Windows.old
2018-08-18 22:45 - 2018-08-18 22:54 - 000002007 _____ C:\Users\eviei\Desktop\Search.txt
2018-08-18 19:55 - 2018-08-18 19:57 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LatencyMon
2018-08-18 19:55 - 2018-08-18 19:57 - 000000000 ____D C:\Program Files\LatencyMon
2018-08-18 19:55 - 2015-07-13 11:16 - 000026368 _____ (Resplendence Software Projects Sp.) C:\WINDOWS\system32\Drivers\rspLLL64.sys
2018-08-18 19:53 - 2018-08-18 19:54 - 002476504 _____ (Resplendence Software Projects Sp. ) C:\Users\eviei\Desktop\LatencyMon.exe
2018-08-18 19:01 - 2018-08-18 20:00 - 000009489 _____ C:\Users\eviei\Desktop\reply.txt
2018-08-18 18:57 - 2018-08-18 18:57 - 000002442 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk
2018-08-18 18:57 - 2018-08-18 18:57 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools
2018-08-18 18:42 - 2018-08-18 18:42 - 000000000 _____ C:\junk.txtnet stop BITS
2018-08-14 08:38 - 2018-08-18 20:22 - 000000036 _____ C:\WINDOWS\progress.ini
2018-08-14 08:15 - 2018-08-14 08:15 - 000000000 ____D C:\Users\eviei\Documents\Lightshot
2018-08-14 08:14 - 2018-08-18 19:43 - 000000420 _____ C:\WINDOWS\Tasks\update-sys.job
2018-08-14 08:14 - 2018-08-18 19:43 - 000000420 _____ C:\WINDOWS\Tasks\update-S-1-5-21-3252656029-1357310190-2560453275-1001.job
2018-08-14 08:14 - 2018-08-14 08:14 - 000003410 _____ C:\WINDOWS\System32\Tasks\update-S-1-5-21-3252656029-1357310190-2560453275-1001
2018-08-14 08:14 - 2018-08-14 08:14 - 000003346 _____ C:\WINDOWS\System32\Tasks\update-sys
2018-08-14 08:14 - 2018-08-14 08:14 - 000000425 _____ C:\Users\eviei\AppData\Local\UserProducts.xml
2018-08-14 08:14 - 2018-08-14 08:14 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lightshot
2018-08-14 08:14 - 2018-08-14 08:14 - 000000000 ____D C:\Program Files (x86)\Skillbrains
2018-08-14 07:57 - 2018-08-21 18:43 - 002413056 _____ (Farbar) C:\Users\eviei\Desktop\FRST64.exe
2018-08-13 17:28 - 2018-08-21 18:40 - 000020836 _____ C:\Users\eviei\Desktop\Hardware Interrupts and DPCs.txt
2018-08-13 17:07 - 2018-08-13 17:07 - 000127680 _____ C:\Users\eviei\Desktop\events.txt
2018-08-13 17:01 - 2018-08-14 07:54 - 000000000 ____D C:\Users\eviei\Desktop\fulleventlogview-x64
2018-08-13 17:01 - 2018-08-13 17:01 - 000096374 _____ C:\Users\eviei\Desktop\fulleventlogview-x64.zip
2018-08-10 21:03 - 2018-08-10 21:03 - 006889184 _____ (Piriform Ltd) C:\Users\eviei\Desktop\spsetup132.exe
2018-08-10 20:56 - 2018-08-10 20:56 - 000000844 _____ C:\Users\Public\Desktop\Speccy.lnk
2018-08-10 20:56 - 2018-08-10 20:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speccy
2018-08-10 20:56 - 2018-08-10 20:56 - 000000000 ____D C:\Program Files\Speccy
2018-08-10 20:47 - 2018-08-13 17:34 - 000000000 _____ C:\junk.txt
2018-08-10 20:43 - 2018-08-10 20:43 - 000020534 _____ C:\Users\eviei\Desktop\System Idle Process.txt
2018-08-10 20:40 - 2018-08-10 20:03 - 002724512 _____ (Sysinternals - www.sysinternals.com) C:\Users\eviei\Desktop\procexp(1).exe
2018-08-10 20:39 - 2018-08-21 18:38 - 000041800 _____ (Sysinternals - www.sysinternals.com) C:\WINDOWS\system32\Drivers\PROCEXP152.SYS
2018-08-10 20:16 - 2018-08-18 20:23 - 000000000 ___HD C:\$GetCurrent
2018-08-10 20:12 - 2018-08-18 20:13 - 000000000 ____D C:\Windows10Upgrade
2018-08-10 20:04 - 2018-08-18 19:49 - 000000000 ____D C:\Program Files\rempl
2018-08-10 20:04 - 2018-08-10 20:04 - 000000000 ____D C:\WINDOWS\UpdateAssistant
2018-08-10 19:12 - 2018-08-10 19:12 - 000061440 _____ ( ) C:\Users\eviei\Downloads\VEW.exe
2018-08-10 19:09 - 2018-08-18 22:52 - 000000255 _____ C:\VEW.txt
2018-08-10 19:05 - 2018-08-10 19:05 - 000061440 _____ ( ) C:\Users\eviei\Desktop\VEW.exe.d933ir8.partial
2018-08-10 18:48 - 2018-08-10 18:48 - 000054905 _____ C:\sfcdetails.txt
2018-08-10 17:38 - 2018-06-29 04:09 - 000170496 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll
2018-08-10 17:38 - 2018-06-29 03:58 - 000462336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2018-08-10 17:38 - 2018-06-13 17:14 - 000033792 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2018-08-10 17:38 - 2018-06-13 17:02 - 002786304 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2018-08-10 17:38 - 2018-06-08 02:07 - 000400896 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2018-08-10 17:38 - 2018-06-08 02:02 - 000253440 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2018-08-10 17:38 - 2018-06-08 01:57 - 001345024 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2018-08-10 17:38 - 2018-05-11 17:54 - 001300992 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2018-08-10 17:38 - 2018-05-03 02:19 - 000496640 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2018-08-10 17:38 - 2018-03-29 23:44 - 000030208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll
2018-08-10 17:38 - 2018-03-29 23:43 - 000067072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2018-08-10 17:38 - 2018-03-29 23:36 - 000825856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2018-08-10 17:38 - 2018-03-29 23:35 - 000858112 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2018-08-10 17:38 - 2018-03-29 23:35 - 000249856 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2018-08-10 17:38 - 2018-03-29 23:33 - 000084480 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2018-08-10 17:38 - 2018-03-29 23:33 - 000065024 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2018-08-10 17:38 - 2018-03-29 23:25 - 001055744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2018-08-10 17:38 - 2018-03-13 01:25 - 001346560 _____ (Microsoft Corporation) C:\WINDOWS\system32\qmgr.dll
2018-08-10 17:38 - 2018-03-01 03:30 - 000264040 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotifyIcon.exe
2018-08-10 17:38 - 2018-03-01 02:03 - 000065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usoapi.dll
2018-08-10 17:38 - 2018-03-01 01:53 - 000107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
2018-08-10 17:38 - 2018-03-01 01:53 - 000092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\usoapi.dll
2018-08-10 17:38 - 2018-03-01 01:53 - 000039424 _____ (Microsoft Corporation) C:\WINDOWS\system32\UsoClient.exe
2018-08-10 16:36 - 2018-06-08 14:09 - 000130808 _____ (Microsoft Corporation) C:\WINDOWS\system32\osrss.dll
2018-07-24 14:47 - 2018-07-24 14:48 - 000000168 _____ C:\Users\eviei\Desktop\Geeks 2 Go.url
2018-07-24 14:29 - 2018-08-21 18:43 - 000000000 ____D C:\FRST
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-08-21 18:36 - 2017-12-15 13:11 - 000000000 ___RD C:\Users\eviei\iCloudDrive
2018-08-21 18:36 - 2017-11-25 13:31 - 000000000 __RDL C:\Users\eviei\OneDrive
2018-08-21 18:34 - 2018-01-06 17:05 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-08-21 18:34 - 2017-11-25 06:06 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2018-08-21 18:34 - 2017-11-24 23:18 - 000000000 __SHD C:\Users\eviei\IntelGraphicsProfiles
2018-08-21 18:34 - 2017-07-10 18:30 - 000000000 ____D C:\Program Files (x86)\WildGames
2018-08-21 18:34 - 2017-05-17 14:58 - 000000948 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job
2018-08-21 18:34 - 2017-05-17 14:58 - 000000944 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job
2018-08-21 18:33 - 2017-09-29 04:45 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2018-08-21 18:30 - 2017-09-29 09:46 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2018-08-21 18:27 - 2017-07-10 18:29 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2018-08-21 18:27 - 2017-07-10 18:29 - 000000000 ____D C:\Program Files (x86)\WildTangent Games
2018-08-21 18:26 - 2017-11-25 13:41 - 000000000 ____D C:\Users\eviei\AppData\Roaming\WildTangent
2018-08-21 18:26 - 2017-07-10 18:29 - 000000000 ____D C:\ProgramData\WildTangent
2018-08-21 18:08 - 2018-01-06 16:35 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-08-21 17:55 - 2018-07-17 16:50 - 000004210 _____ C:\WINDOWS\System32\Tasks\CCleaner Update
2018-08-21 17:46 - 2018-01-06 17:05 - 000004008 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskMachineUA
2018-08-21 17:46 - 2018-01-06 17:05 - 000003776 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskMachineCore
2018-08-21 15:04 - 2017-09-29 09:46 - 000000000 ____D C:\WINDOWS\DeliveryOptimization
2018-08-21 14:44 - 2017-09-29 09:46 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2018-08-21 12:14 - 2017-09-29 09:46 - 000000000 ____D C:\WINDOWS\system32\NDF
2018-08-21 01:57 - 2017-09-29 09:46 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-08-21 01:56 - 2017-09-29 09:46 - 000000000 ___HD C:\Program Files\WindowsApps
2018-08-21 01:10 - 2017-09-29 09:44 - 000000000 ____D C:\WINDOWS\INF
2018-08-21 00:58 - 2018-01-06 16:41 - 000000000 ____D C:\Users\eviei
2018-08-20 22:02 - 2018-01-06 18:10 - 000000000 ____D C:\Users\eviei\AppData\Local\PlaceholderTileLogoFolder
2018-08-20 21:51 - 2017-09-29 04:45 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2018-08-20 21:40 - 2018-04-12 06:19 - 000000000 ___HD C:\$WINDOWS.~BT
2018-08-20 21:40 - 2017-09-29 09:46 - 000000000 ____D C:\WINDOWS\Registration
2018-08-20 21:39 - 2018-01-06 17:03 - 000003813 _____ C:\WINDOWS\diagwrn.xml
2018-08-20 21:39 - 2018-01-06 17:03 - 000003813 _____ C:\WINDOWS\diagerr.xml
2018-08-20 21:39 - 2018-01-06 16:42 - 000000000 ____D C:\Users\eviei\AppData\Local\Packages
2018-08-20 20:54 - 2018-01-02 15:59 - 000000000 ___DC C:\WINDOWS\Panther
2018-08-20 19:16 - 2018-01-06 17:05 - 000000000 ____D C:\WINDOWS\System32\Tasks\McAfee
2018-08-20 19:11 - 2017-11-26 13:11 - 000000000 ____D C:\Users\eviei\AppData\Local\Google
2018-08-20 19:05 - 2018-01-06 17:05 - 000004168 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{9EFFB82A-7611-47E7-86AA-97C36493FDC0}
2018-08-18 22:47 - 2017-12-04 11:07 - 000000000 ____D C:\WINDOWS\system32\MRT
2018-08-18 20:36 - 2017-12-04 11:07 - 137343192 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2018-08-18 20:36 - 2017-09-29 09:37 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-08-18 19:00 - 2017-09-29 09:46 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2018-08-18 18:57 - 2017-05-17 15:01 - 000002500 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word.lnk
2018-08-18 18:57 - 2017-05-17 15:01 - 000002499 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk
2018-08-18 18:57 - 2017-05-17 15:01 - 000002463 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access.lnk
2018-08-18 18:57 - 2017-05-17 15:01 - 000002462 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk
2018-08-18 18:57 - 2017-05-17 15:01 - 000002456 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook.lnk
2018-08-18 18:57 - 2017-05-17 15:01 - 000002450 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher.lnk
2018-08-18 18:55 - 2017-05-17 14:59 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2018-08-18 18:49 - 2017-12-15 13:12 - 000000000 ____D C:\Users\eviei\AppData\Local\25BD9BF9-9D91-4D97-B838-DC3BB88CD26F.aplzod
2018-08-14 09:48 - 2017-09-29 09:46 - 000000000 ____D C:\WINDOWS\rescache
2018-08-14 08:11 - 2018-01-29 12:14 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2018-08-14 07:55 - 2018-07-14 10:31 - 000002308 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-08-14 07:55 - 2018-07-14 10:31 - 000002267 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-08-13 17:24 - 2017-11-24 23:18 - 000000000 ____D C:\Users\eviei\AppData\Local\VirtualStore
2018-08-10 16:10 - 2018-01-29 12:15 - 000004562 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2018-08-10 06:59 - 2018-01-06 17:05 - 000003378 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3252656029-1357310190-2560453275-1001
2018-08-10 06:59 - 2017-11-25 13:31 - 000002374 _____ C:\Users\eviei\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2018-08-10 06:47 - 2018-06-08 09:58 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2018-08-06 11:31 - 2018-06-08 10:00 - 000836480 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2018-08-06 11:31 - 2018-06-08 10:00 - 000181120 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
 
==================== Files in the root of some directories =======
 
2018-08-14 08:14 - 2018-08-14 08:14 - 000000003 _____ () C:\Users\eviei\AppData\Local\updater.log
2018-08-14 08:14 - 2018-08-14 08:14 - 000000425 _____ () C:\Users\eviei\AppData\Local\UserProducts.xml
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2018-08-14 08:41
 
==================== End of FRST.txt ============================

  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP