Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Program Freezes When Connecting To Internet (Browsing, Updating, etc.)


  • This topic is locked This topic is locked
12 replies to this topic

#1 MrGeneral

MrGeneral

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:06:06 AM

Posted 14 February 2017 - 05:00 PM

Hi,
 
Whenever I try to use a program that connects to the internet, the program freezes. This includes browsing the internet or updating. 
 
I have never had a problem with the computer. This problem began to occur out of nowhere. I am able to use Google Chrome for a few minutes after which the program freezes. When I ran the FRST tool, I was unable to update it. If I attempted to update it, the program would freeze.
 
Computer: Dell XPS 13
Processor: i5 7th generation
OS: Windows 10
Ram: 8gb
Storage: 256 gb SSD
Computer Age: 5 months
 
Thank you so much!!
 
Here are my logs:
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14-02-2017
Ran by howar (administrator) on DESKTOP-GNSDLT1 (14-02-2017 16:41:42)
Running from C:\Users\howar\Desktop
Loaded Profiles: howar (Available Profiles: howar)
Platform: Windows 10 Home Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\k18647a.inf_amd64_d30e8907e2541ff2\igfxCUIService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Intel Corporation) C:\Windows\System32\Intel\DPTF\esif_uf.exe
(Windows ® Win 7 DDK provider) C:\Windows\System32\AdminService.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\k18647a.inf_amd64_d30e8907e2541ff2\IntelCpHDCPSvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Dell) C:\Program Files\Dell\SARemediation\agent\DellSupportAssistRemedationService.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Security Assist\isaHelperService.exe
(Rivet Networks) C:\Program Files\Killer Networking\Network Manager\KillerService.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe
(Intel Security, Inc.) C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe
(Waves Audio Ltd.) C:\Program Files\Waves\MaxxAudio\WavesSysSvc64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\k18647a.inf_amd64_d30e8907e2541ff2\IntelCpHeciSvc.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Intel Corporation) C:\Windows\Temp\DPTF\esif_assist_64.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\k18647a.inf_amd64_d30e8907e2541ff2\igfxEM.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\platform\mcsvchost\McSvHost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.105.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler64.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\VSCore_15_6\mcapexe.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Waves Audio Ltd.) C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe
(Spotify Ltd) C:\Users\howar\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Spotify Ltd) C:\Users\howar\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\CSP\2.3.253.0\McCSPServiceHost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\platform\McUICnt.exe
(Intel Security) C:\Program Files\Common Files\McAfee\ClientAnalytics\Legacy\McClientAnalytics.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Dell Inc.) C:\Program Files (x86)\Dell Customer Connect\DCCService.exe
(Dell) C:\Program Files\Dell\Dell Foundation Services\DFSSvc.exe
(Dell Inc.) C:\Program Files\Dell\Dell Help & Support\MDLCSvc.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe
(Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpService.exe
(Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpTray.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Dell) C:\Program Files\Dell\Dell Product Registration\PRSvc.exe
(Dell Inc.) C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVault.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Dell) C:\Program Files\Dell\Dell Foundation Services\DFS.Common.Agent.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\saUpd.exe
() C:\Program Files (x86)\McAfee\SiteAdvisor\Download\saUpgrade64.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\Temp217624924\saInst.exe
(Microsoft Corporation) C:\Windows\System32\WerFault.exe
Failed to access process -> FRST64.exe
(Microsoft Corporation) C:\Windows\System32\WerFault.exe
Failed to access process -> FRST64.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9089560 2016-12-07] (Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [320568 2016-06-14] (Intel Corporation)
HKLM\...\Run: [RtHDVBg_WAVES_SKYLAKE] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1489432 2016-12-07] (Realtek Semiconductor)
HKLM\...\Run: [WavesSvc] => C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe [940976 2016-11-19] (Waves Audio Ltd.)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [26220296 2017-02-06] (Dropbox, Inc.)
HKU\S-1-5-21-2823807680-2409936962-4156565755-1001\...\Run: [Spotify] => C:\Users\howar\AppData\Roaming\Spotify\Spotify.exe [7133808 2017-02-13] (Spotify Ltd)
HKU\S-1-5-21-2823807680-2409936962-4156565755-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2881824 2017-01-18] (Valve Corporation)
HKU\S-1-5-21-2823807680-2409936962-4156565755-1001\...\Run: [Spotify Web Helper] => C:\Users\howar\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1446000 2017-02-13] (Spotify Ltd)
ShellIconOverlayIdentifiers: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-06] (Dropbox, Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 137.113.81.46 137.113.81.47 137.113.81.102 137.113.81.101
Tcpip\..\Interfaces\{3433ea8f-3432-4907-b60d-3b9cfd798cf7}: [DhcpNameServer] 137.113.81.46 137.113.81.47 137.113.81.102 137.113.81.101
Tcpip\..\Interfaces\{d572de9e-3649-4ac9-9f81-be1a2a04b89c}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
HKU\S-1-5-21-2823807680-2409936962-4156565755-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell17win10.msn.com/?pc=DCTE
SearchScopes: HKU\S-1-5-21-2823807680-2409936962-4156565755-1001 -> DefaultScope {ABBE1D52-350D-4014-96CE-A04DD8DE5874} URL = 
SearchScopes: HKU\S-1-5-21-2823807680-2409936962-4156565755-1001 -> {ABBE1D52-350D-4014-96CE-A04DD8DE5874} URL = 
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2016-12-28] (Microsoft Corporation)
BHO: McAfee WebAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2016-12-12] (McAfee, Inc.)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2016-12-28] (Microsoft Corporation)
BHO-x32: McAfee WebAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2016-12-12] (McAfee, Inc.)
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2016-12-12] (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2016-12-12] (McAfee, Inc.)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-28] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-28] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-28] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-28] (Microsoft Corporation)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2016-12-12] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2016-12-12] (McAfee, Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll [2016-12-21] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll [2016-12-21] (McAfee, Inc.)
 
FireFox:
========
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF Extension: (McAfee WebAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi [2017-02-09]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: (McAfee Anti-Spam Thunderbird Extension) - C:\Program Files\McAfee\MSK [2017-02-13] [not signed]
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2016-12-21] ()
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2016-12-21] ()
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-12-28] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-18] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-18] (Google Inc.)
 
Chrome: 
=======
CHR Profile: C:\Users\howar\AppData\Local\Google\Chrome\User Data\Default [2017-02-14]
CHR Extension: (Google Slides) - C:\Users\howar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-10-19]
CHR Extension: (Google Docs) - C:\Users\howar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-10-19]
CHR Extension: (Google Drive) - C:\Users\howar\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-10-19]
CHR Extension: (YouTube) - C:\Users\howar\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-10-19]
CHR Extension: (Google Sheets) - C:\Users\howar\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-10-19]
CHR Extension: (McAfee® WebAdvisor) - C:\Users\howar\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2016-12-02]
CHR Extension: (Google Docs Offline) - C:\Users\howar\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-10-20]
CHR Extension: (Chrome Web Store Payments) - C:\Users\howar\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-19]
CHR Extension: (Gmail) - C:\Users\howar\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-10-19]
CHR Extension: (Chrome Media Router) - C:\Users\howar\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-13]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 0188381487108055mcinstcleanup; C:\WINDOWS\TEMP\018838~1.EXE [883024 2017-02-14] (McAfee, Inc.)
R2 AtherosSvc; C:\WINDOWS\system32\AdminService.exe [355760 2016-12-19] (Windows ® Win 7 DDK provider)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [3699904 2016-12-28] (Microsoft Corporation)
U3 ClientAnalyticsService; C:\Program Files\Common Files\McAfee\ClientAnalytics\Legacy\McClientAnalytics.exe [1701840 2016-12-08] (Intel Security)
R3 cphs; C:\WINDOWS\System32\DriverStore\FileRepository\k18647a.inf_amd64_d30e8907e2541ff2\IntelCpHeciSvc.exe [310240 2016-12-07] (Intel Corporation)
R2 cplspcon; C:\WINDOWS\System32\DriverStore\FileRepository\k18647a.inf_amd64_d30e8907e2541ff2\IntelCpHDCPSvc.exe [488928 2016-12-07] (Intel Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-10-19] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-10-19] (Dropbox, Inc.)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [46400 2017-02-06] (Dropbox, Inc.)
R2 Dell Customer Connect; C:\Program Files (x86)\Dell Customer Connect\DCCService.exe [130936 2016-12-21] (Dell Inc.)
R2 Dell Foundation Services; C:\Program Files\Dell\Dell Foundation Services\DFSSvc.exe [97616 2017-01-11] (Dell)
R2 Dell Help & Support; C:\Program Files\Dell\Dell Help & Support\MDLCSvc.exe [78672 2016-09-13] (Dell Inc.)
R2 Dell SupportAssist Remediation; C:\Program Files\Dell\SARemediation\agent\DellSupportAssistRemedationService.exe [111136 2016-05-27] (Dell)
R2 DellDataVault; C:\Program Files\Dell\DellDataVault\DellDataVault.exe [2572024 2016-06-23] (Dell Inc.)
R2 DellDataVaultWiz; C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe [202488 2016-06-23] (Dell Inc.)
R2 DellUpdate; C:\Program Files (x86)\Dell Update\DellUpService.exe [229376 2016-05-02] (Dell Inc.)
R2 esifsvc; C:\WINDOWS\system32\Intel\DPTF\esif_uf.exe [2223864 2016-12-20] (Intel Corporation)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2016-12-09] (McAfee, Inc.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [17976 2016-06-14] (Intel Corporation)
R2 igfxCUIService2.0.0.0; C:\WINDOWS\System32\DriverStore\FileRepository\k18647a.inf_amd64_d30e8907e2541ff2\igfxCUIService.exe [350688 2016-12-07] (Intel Corporation)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [974632 2016-02-19] (Intel® Corporation)
S3 Intel® Security Assist; C:\Program Files (x86)\Intel\Intel® Security Assist\isa.exe [335872 2016-03-02] (Intel Corporation) [File not signed]
R2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel® Security Assist\isaHelperService.exe [8704 2016-03-02] (Intel Corporation) [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [215328 2016-05-16] (Intel Corporation)
R2 Killer Service V2; C:\Program Files\Killer Networking\Network Manager\KillerService.exe [457432 2016-06-16] (Rivet Networks)
R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [188352 2016-12-12] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\Common Files\McAfee\VSCore_15_6\McApExe.exe [989632 2017-01-18] (McAfee, Inc.)
S3 McAWFwk; C:\Program Files\Common Files\McAfee\ActWiz\McAWFwk.exe [419096 2016-04-01] (McAfee, Inc.)
R2 McBootDelayStartSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2016-12-09] (McAfee, Inc.)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\2.3.253.0\\McCSPServiceHost.exe [2053568 2016-11-16] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2016-12-09] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [641520 2016-12-09] (McAfee, Inc.)
S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [1342904 2016-12-15] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [641520 2016-12-09] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [641520 2016-12-09] (McAfee, Inc.)
R3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [241040 2016-11-14] (McAfee, Inc.)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [383032 2016-11-14] (McAfee, Inc.)
R3 mfevtp; C:\Windows\system32\mfevtps.exe [342768 2016-11-14] (McAfee, Inc.)
R2 ModuleCoreService; C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe [1465840 2016-12-22] (McAfee, Inc.)
S3 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2016-12-09] (McAfee, Inc.)
R2 PEFService; C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe [1104304 2016-11-15] (Intel Security, Inc.)
R2 Product Registration; C:\Program Files\Dell\Dell Product Registration\PRSvc.exe [80208 2016-09-22] (Dell)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [338456 2016-12-07] (Realtek Semiconductor)
R2 SupportAssistAgent; C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [31704 2016-09-09] (Dell Inc.)
S3 ThunderboltService; c:\Program Files (x86)\Intel\Thunderbolt Software\tbtsvc.exe [1897184 2016-05-17] (Intel Corporation)
R2 WavesSysSvc; C:\Program Files\Waves\MaxxAudio\WavesSysSvc64.exe [410032 2016-11-19] (Waves Audio Ltd.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 BfLwf; C:\WINDOWS\system32\DRIVERS\bwcW10x64.sys [135800 2016-05-05] (Rivet Networks, LLC.)
R3 cfwids; C:\WINDOWS\System32\drivers\cfwids.sys [88456 2016-11-18] (McAfee, Inc.)
R3 DDDriver; C:\WINDOWS\system32\drivers\DDDriver64Dcsa.sys [32464 2016-06-23] (Dell Computer Corporation)
R3 DellProf; C:\WINDOWS\system32\drivers\DellProf.sys [24240 2016-06-23] (Dell Computer Corporation)
R3 dptf_acpi; C:\WINDOWS\System32\drivers\dptf_acpi.sys [79920 2016-12-20] (Intel Corporation)
R3 dptf_cpu; C:\WINDOWS\System32\drivers\dptf_cpu.sys [65088 2016-05-19] (Intel Corporation)
R3 esif_lf; C:\WINDOWS\System32\drivers\esif_lf.sys [358968 2016-12-20] (Intel Corporation)
R3 HidEventFilter; C:\WINDOWS\System32\drivers\HidEventFilter.sys [63496 2017-01-05] (Intel Corporation)
S3 HipShieldK; C:\WINDOWS\System32\drivers\HipShieldK.sys [216704 2016-08-02] (McAfee, Inc.)
R3 iaLPSS2_GPIO2; C:\WINDOWS\System32\drivers\iaLPSS2_GPIO2.sys [98600 2016-12-15] (Intel Corporation)
R3 iaLPSS2_I2C; C:\WINDOWS\System32\drivers\iaLPSS2_I2C.sys [193328 2016-12-15] (Intel Corporation)
S3 iaLPSS2_SPI; C:\WINDOWS\System32\drivers\iaLPSS2_SPI.sys [152376 2016-05-17] (Intel Corporation)
S3 iaLPSS2_UART2; C:\WINDOWS\System32\drivers\iaLPSS2_UART2.sys [281400 2016-05-17] (Intel Corporation)
R3 igfx; C:\WINDOWS\System32\DriverStore\FileRepository\k18647a.inf_amd64_d30e8907e2541ff2\igdkmd64.sys [10597344 2016-12-07] (Intel Corporation)
R3 IntcAudioBus; C:\WINDOWS\System32\drivers\IntcAudioBus.sys [234600 2016-11-23] (Intel® Corporation)
R3 IntcOED; C:\WINDOWS\System32\drivers\IntcOED.sys [737384 2016-11-23] (Intel® Corporation)
R3 mfeaack; C:\WINDOWS\System32\drivers\mfeaack.sys [484576 2016-11-18] (McAfee, Inc.)
R3 mfeavfk; C:\WINDOWS\System32\drivers\mfeavfk.sys [366320 2016-11-18] (McAfee, Inc.)
S0 mfeelamk; C:\WINDOWS\System32\drivers\mfeelamk.sys [85048 2016-11-18] (McAfee, Inc.)
R3 mfefirek; C:\WINDOWS\System32\drivers\mfefirek.sys [518184 2016-11-18] (McAfee, Inc.)
R0 mfehidk; C:\WINDOWS\System32\drivers\mfehidk.sys [916432 2016-11-18] (McAfee, Inc.)
R3 mfencbdc; C:\WINDOWS\System32\DRIVERS\mfencbdc.sys [498152 2016-10-24] (McAfee, Inc.)
S3 mfencrk; C:\WINDOWS\System32\DRIVERS\mfencrk.sys [109336 2016-10-24] (McAfee, Inc.)
R3 mfeplk; C:\WINDOWS\System32\drivers\mfeplk.sys [110248 2016-11-18] (McAfee, Inc.)
R3 mfesapsn; C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [46240 2016-06-06] (McAfee, Inc.)
R0 mfewfpk; C:\WINDOWS\System32\drivers\mfewfpk.sys [254800 2016-11-18] (McAfee, Inc.)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 Qcamain10x64; C:\WINDOWS\system32\DRIVERS\Qcamain10x64.sys [2411944 2016-12-14] (Qualcomm Atheros, Inc.)
R3 RTSPER; C:\WINDOWS\system32\DRIVERS\RtsPer.sys [796672 2016-12-15] (Realsil Semiconductor Corporation)
S3 rtux64w10; C:\WINDOWS\System32\drivers\rtux64w10.sys [343808 2015-12-22] (Realtek                                                                )
R3 VirtualButtons; C:\WINDOWS\System32\drivers\VirtualButtons.sys [31280 2015-04-14] (Intel Corporation)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
S3 dbx; system32\DRIVERS\dbx.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-02-14 16:41 - 2017-02-14 16:42 - 00027370 _____ C:\Users\howar\Desktop\FRST.txt
2017-02-14 16:37 - 2017-02-14 16:41 - 00000000 ____D C:\FRST
2017-02-14 16:37 - 2017-02-14 16:35 - 02422272 _____ (Farbar) C:\Users\howar\Desktop\FRST64.exe
2017-02-14 16:29 - 2017-02-14 16:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2017-02-14 16:27 - 2017-02-14 16:27 - 00000000 ___HD C:\OneDriveTemp
2017-02-14 14:50 - 2017-02-14 14:55 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-02-14 14:46 - 2017-02-14 14:46 - 00001177 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2017-02-14 14:46 - 2017-02-14 14:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2017-02-14 14:45 - 2017-02-14 14:46 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2017-02-14 14:45 - 2017-02-14 14:45 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-02-14 14:45 - 2016-03-10 14:09 - 00065408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2017-02-14 14:45 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2017-02-14 14:45 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-02-13 22:19 - 2017-02-13 22:19 - 00000000 ____D C:\Users\howar\OneDrive\Documents\Out of the Park Developments
2017-02-13 17:18 - 2017-02-13 17:18 - 07111171 _____ C:\Users\howar\Downloads\01 11.pdf
2017-02-13 09:21 - 2017-02-13 09:21 - 04096707 _____ C:\Users\howar\Downloads\111W17.07 (1).pptx
2017-02-12 22:49 - 2017-02-12 22:50 - 03877145 _____ C:\Users\howar\Downloads\111W17.09 (1).pptx
2017-02-12 16:24 - 2017-02-12 16:24 - 02180409 _____ C:\Users\howar\Downloads\111W17.13.pptx
2017-02-12 16:24 - 2017-02-12 16:24 - 01388005 _____ C:\Users\howar\Downloads\111W17.10 (1).pptx
2017-02-12 14:23 - 2017-02-12 14:23 - 00000000 ____D C:\Users\howar\OneDrive\Documents\Custom Office Templates
2017-02-12 14:05 - 2017-02-12 14:05 - 02452597 _____ C:\Users\howar\Downloads\111W17.11.pptx
2017-02-12 14:01 - 2017-02-12 14:01 - 01388005 _____ C:\Users\howar\Downloads\111W17.10.pptx
2017-02-12 13:58 - 2017-02-12 13:58 - 03877145 _____ C:\Users\howar\Downloads\111W17.09.pptx
2017-02-12 13:49 - 2017-02-12 13:49 - 06118676 _____ C:\Users\howar\Downloads\111W17.08.pptx
2017-02-11 17:04 - 2017-02-11 17:04 - 04096707 _____ C:\Users\howar\Downloads\111W17.07.pptx
2017-02-10 15:12 - 2017-02-13 22:26 - 00000000 ____D C:\Users\howar\Downloads\Fire Emblem - Path of Radiance (USA)
2017-02-10 14:58 - 2017-02-12 14:21 - 00000000 ____D C:\Program Files (x86)\AnyToISO
2017-02-10 14:47 - 2017-02-10 14:47 - 00000000 ____D C:\Users\howar\Downloads\New folder
2017-02-10 13:57 - 2017-02-10 13:57 - 00000000 ____D C:\Users\howar\OneDrive\Documents\Dolphin Emulator
2017-02-10 13:15 - 2014-04-27 22:16 - 00025919 _____ C:\Users\howar\OneDrive\Documents\Merchant Paper ^LLN12.docx
2017-02-10 13:15 - 2014-04-27 19:42 - 00026178 _____ C:\Users\howar\OneDrive\Documents\Merchant Paper ^LN12.docx
2017-02-10 13:15 - 2014-04-25 12:04 - 00025144 _____ C:\Users\howar\OneDrive\Documents\Merchant Paper ^N1.docx
2017-02-10 13:15 - 2014-03-30 16:11 - 00761058 _____ C:\Users\howar\OneDrive\Documents\Jury Nullification and the Ethics of Jurors.pptx
2017-02-10 13:08 - 2007-04-04 18:54 - 00107368 _____ (Microsoft Corporation) C:\WINDOWS\system32\xinput1_3.dll
2017-02-10 13:08 - 2007-04-04 18:53 - 00081768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xinput1_3.dll
2017-02-10 13:07 - 2017-02-10 13:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dolphin
2017-02-10 13:07 - 2017-02-10 13:08 - 00000000 ____D C:\Program Files\Dolphin
2017-02-08 09:06 - 2017-02-08 09:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2017-02-06 23:38 - 2017-02-06 23:38 - 00046400 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe
2017-02-06 23:38 - 2017-02-06 23:38 - 00046192 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys
2017-02-06 23:38 - 2017-02-06 23:38 - 00046192 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys
2017-02-06 23:38 - 2017-02-06 23:38 - 00046192 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys
2017-02-01 21:03 - 2017-02-01 21:03 - 01383558 _____ C:\Users\howar\Downloads\srep40668.pdf
2017-02-01 21:02 - 2017-02-01 21:02 - 00000000 ____D C:\Users\howar\AppData\LocalLow\Temp
2017-01-31 23:21 - 2017-01-31 23:24 - 10876732 _____ C:\Users\howar\Downloads\01 30b (1).pdf
2017-01-31 23:17 - 2017-01-31 23:20 - 10876732 _____ C:\Users\howar\Downloads\01 30b.pdf
2017-01-27 00:34 - 2016-12-21 02:08 - 00142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
2017-01-27 00:34 - 2016-12-20 23:44 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe
2017-01-26 21:51 - 2017-01-26 21:53 - 04837248 _____ C:\Users\howar\Downloads\01 25c.pdf
2017-01-26 21:23 - 2017-01-26 21:24 - 03312964 _____ C:\Users\howar\Downloads\01 25b.pdf
2017-01-26 21:15 - 2017-01-26 21:16 - 01209167 _____ C:\Users\howar\Downloads\01 25a.pdf
2017-01-26 21:11 - 2017-01-26 21:11 - 00996482 _____ C:\Users\howar\Downloads\01 25.pdf
2017-01-25 15:36 - 2017-01-25 15:52 - 00037208 _____ C:\Users\howar\Downloads\Winter 2017 COLISCAN RAW DATA (WEDNESDAY) .xlsx
2017-01-25 15:08 - 2017-01-25 15:08 - 00018263 _____ C:\Users\howar\Downloads\Winter 2017 COLISCAN RAW DATA (WEDNESDAY) (1).xlsx
2017-01-25 15:05 - 2017-01-25 15:05 - 00018263 _____ C:\Users\howar\Downloads\Winter 2017 COLISCAN RAW DATA (WEDNESDAY).xlsx
2017-01-24 14:08 - 2017-01-24 14:08 - 00000000 ____D C:\WINDOWS\SysWOW64\Dell
2017-01-24 14:08 - 2017-01-24 14:08 - 00000000 ____D C:\Program Files (x86)\Dell Customer Connect
2017-01-23 23:44 - 2017-01-23 23:44 - 00720383 _____ C:\Users\howar\Downloads\water-05-00243-v2.pdf
2017-01-23 20:57 - 2017-01-23 20:57 - 02821879 _____ C:\Users\howar\Downloads\111W17.05.pptx
2017-01-23 20:41 - 2017-01-23 20:42 - 03491714 _____ C:\Users\howar\Downloads\111W17.04.pptx
2017-01-23 20:41 - 2017-01-23 20:41 - 03084556 _____ C:\Users\howar\Downloads\111W17.03 (3).pptx
2017-01-23 20:33 - 2017-01-23 20:33 - 03084556 _____ C:\Users\howar\Downloads\111W17.03 (2).pptx
2017-01-23 20:31 - 2017-01-23 20:31 - 03084556 _____ C:\Users\howar\Downloads\111W17.03.pptx
2017-01-23 20:31 - 2017-01-23 20:31 - 03084556 _____ C:\Users\howar\Downloads\111W17.03 (1).pptx
2017-01-23 20:03 - 2017-01-23 20:03 - 01925492 _____ C:\Users\howar\Downloads\111W17.02.pptx
2017-01-23 19:06 - 2017-01-23 19:07 - 04045746 _____ C:\Users\howar\Downloads\111W17.01.pptx
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-02-14 16:34 - 2016-10-14 02:20 - 00000000 ____D C:\Program Files (x86)\McAfee
2017-02-14 16:31 - 2016-12-01 16:22 - 00000000 ____D C:\Program Files (x86)\Steam
2017-02-14 16:30 - 2016-04-25 14:58 - 01477650 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-02-14 16:27 - 2016-10-19 14:11 - 00000000 ____D C:\Users\howar\AppData\Local\Spotify
2017-02-14 16:27 - 2016-10-19 14:10 - 00000000 ____D C:\Users\howar\AppData\Roaming\Spotify
2017-02-14 16:27 - 2016-10-19 13:35 - 00000000 ___RD C:\Users\howar\OneDrive
2017-02-14 16:26 - 2016-10-21 10:46 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-02-14 16:26 - 2016-10-19 13:33 - 00000000 __SHD C:\Users\howar\IntelGraphicsProfiles
2017-02-14 16:25 - 2016-07-16 01:04 - 00524288 _____ C:\WINDOWS\system32\config\BBI
2017-02-14 16:13 - 2017-01-07 20:20 - 00004034 _____ C:\WINDOWS\System32\Tasks\Intel Security DAT Reputation (AMCore) periodic endpoint safety pulse
2017-02-14 15:58 - 2016-12-28 23:21 - 00004222 _____ C:\WINDOWS\System32\Tasks\Intel Security DAT Reputation (AMCore) Post DAT update endpoint safety pulse
2017-02-14 15:18 - 2016-10-21 10:36 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-02-14 14:57 - 2016-07-16 06:47 - 00000000 ___HD C:\Program Files\WindowsApps
2017-02-14 14:57 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-02-14 14:50 - 2016-07-16 01:04 - 00032768 _____ C:\WINDOWS\system32\config\ELAM
2017-02-14 14:49 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\NDF
2017-02-14 12:54 - 2016-10-14 02:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
2017-02-14 12:54 - 2016-10-14 02:16 - 00000000 ____D C:\Program Files\Dell
2017-02-14 11:34 - 2016-07-16 06:45 - 00000000 ____D C:\WINDOWS\INF
2017-02-13 22:28 - 2016-10-14 02:20 - 00000000 ____D C:\ProgramData\McAfee
2017-02-12 16:24 - 2016-10-19 13:33 - 00000000 ____D C:\Users\howar\AppData\Local\Packages
2017-02-11 16:25 - 2016-10-14 02:21 - 00000000 ____D C:\Program Files\Common Files\McAfee
2017-02-11 16:25 - 2016-07-16 06:47 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
2017-02-11 16:24 - 2016-10-21 10:46 - 00003126 _____ C:\WINDOWS\System32\Tasks\McAfeeLogon
2017-02-11 16:24 - 2016-10-21 10:46 - 00000000 ____D C:\WINDOWS\System32\Tasks\McAfee
2017-02-10 13:08 - 2016-10-21 10:39 - 00000000 ____D C:\Users\howar
2017-02-10 13:08 - 2016-10-14 02:17 - 00000000 ____D C:\ProgramData\Package Cache
2017-02-10 11:54 - 2016-11-26 20:28 - 00002298 _____ C:\Users\howar\Desktop\Kindle.lnk
2017-02-10 11:53 - 2016-11-26 20:28 - 00000000 ____D C:\Users\howar\AppData\Local\Amazon
2017-02-08 09:06 - 2016-10-14 02:20 - 00000000 ____D C:\Program Files (x86)\Dropbox
2017-02-07 13:45 - 2016-10-19 13:38 - 00002274 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-02-07 13:45 - 2016-10-19 13:38 - 00002262 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-01-29 18:21 - 2016-07-16 06:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-01-24 05:55 - 2016-12-18 12:52 - 00003290 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2
2017-01-24 05:55 - 2016-10-19 13:35 - 00002369 _____ C:\Users\howar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-01-19 16:25 - 2016-07-16 06:47 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-01-19 16:23 - 2016-10-14 02:30 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-01-07 20:24
 
==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-02-2017
Ran by howar (14-02-2017 16:42:16)
Running from C:\Users\howar\Desktop
Windows 10 Home Version 1607 (X64) (2016-10-21 15:47:29)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2823807680-2409936962-4156565755-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2823807680-2409936962-4156565755-503 - Limited - Disabled)
Guest (S-1-5-21-2823807680-2409936962-4156565755-501 - Limited - Disabled)
howar (S-1-5-21-2823807680-2409936962-4156565755-1001 - Administrator - Enabled) => C:\Users\howar

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {8BCDACFA-D264-3528-5EF8-E94FD0BC1FBC}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {30AC4D1E-F45E-3AA6-6448-D23DAB3B5501}
FW: McAfee Firewall (Enabled) {B3F62DDF-980B-3470-75A7-407A2E6F58C7}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Amazon Kindle (HKU\S-1-5-21-2823807680-2409936962-4156565755-1001\...\Amazon Kindle) (Version: 1.19.2.46095 - Amazon)
Asmedia USB Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.16.33.1 - Asmedia Technology)
Dell Customer Connect (HKLM-x32\...\{4FA72FF9-DD64-43A8-8704-6380A11F11D5}) (Version: 1.4.15.0 - Dell Inc.)
Dell Data Vault (Version: 4.3.9.0 - Dell Inc.) Hidden
Dell Digital Delivery (HKLM-x32\...\{AB7F2792-2ED1-4C5C-9F28-680E5110BF72}) (Version: 3.1.1018.0 - Dell Products, LP)
Dell Foundation Services (HKLM\...\{BDB50421-E961-42F3-B803-6DAC6F173834}) (Version: 3.4.16100.0 - Dell Inc.)
Dell Help & Support (HKLM-x32\...\InstallShield_{7E780845-303D-4B46-9746-9D49D94D16AB}) (Version: 2.3.22.0 - Dell Inc.)
Dell Help & Support (Version: 2.3.22.0 - Dell Inc.) Hidden
Dell Product Registration (HKLM-x32\...\InstallShield_{85B14AE3-1624-45BE-942B-A528DF6F1CCE}) (Version: 3.0.123.0 - Dell Inc.)
Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 1.2.6793.01 - Dell)
Dell SupportAssist Remediation (HKLM-x32\...\{a0522d0f-5e35-4b85-b628-394feee01218}) (Version: 2.0.1.91 - Dell Inc.)
Dell SupportAssist Remediation (Version: 2.0.1.91 - Dell Inc.) Hidden
Dell SupportAssistAgent (HKLM-x32\...\{27130E51-9555-408B-8134-7BFF54EDE27B}) (Version: 1.3.0.72 - Dell)
Dell Update - SupportAssist Update Plugin (HKLM\...\{9C4529AA-575C-452C-9026-E80C5D3FC0DD}) (Version: 2.0.1.91 - Dell Inc.)
Dell Update (HKLM-x32\...\{FB198E80-F1AB-4A6F-B3E3-F7442FC91FD2}) (Version: 1.9.4.0 - Dell Inc.)
Dolphin (HKLM-x32\...\Dolphin) (Version: 5.0 - Dolphin Team)
Dropbox (HKLM-x32\...\Dropbox) (Version: 19.4.13 - Dropbox, Inc.)
Dropbox 20 GB (HKLM-x32\...\{66F32794-1046-359C-AC86-8C70C6A2421D}) (Version: 4.0.16.0 - Dropbox, Inc.)
Dropbox Update Helper (x32 Version: 1.3.59.1 - Dropbox, Inc.) Hidden
DSC/AA Factory Installer (Version: 1.2.6793.01 - PC-Doctor, Inc.) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 56.0.2924.87 - Google Inc.)
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
Intel® Chipset Device Software (x32 Version: 10.1.1.32 - Intel® Corporation) Hidden
Intel® Dynamic Platform and Thermal Framework (HKLM-x32\...\{654EE65D-FAA4-4EA6-8C07-DC94E6A304D4}) (Version: 8.2.10900.330 - Intel Corporation)
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.5.0.1015 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 21.20.16.4526 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 15.0.1.1040 - Intel Corporation)
Intel® Virtual Buttons (HKLM-x32\...\1992736F-C90A-481C-B21B-EE34CAD07387) (Version: 1.1.0.21 - Intel Corporation)
Intel® Security Assist (HKLM-x32\...\{8B08DDA1-FDE7-4897-8EB6-E0B048A6D88B}) (Version: 1.0.1.618 - Intel Corporation)
Killer Bandwidth Control Filter Driver (Version: 1.1.61.1286 - Rivet Networks) Hidden
Killer Network Manager (Version: 1.1.61.1286 - Rivet Networks) Hidden
Killer Wireless Suite (HKLM-x32\...\{E70DB50B-10B4-46BC-9DE2-AB8B49E061EE}) (Version: 1.1.61.1286 - Rivet Networks)
Killer Wireless-AC Drivers (Version: 1.1.61.1286 - Rivet Networks) Hidden
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Maxx Audio Installer (x64) (Version: 2.7.8942.2 - Waves Audio Ltd.) Hidden
McAfee LiveSafe (HKLM-x32\...\MSC) (Version: 14.0.3061 - McAfee, Inc.)
McAfee WebAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.0.228 - McAfee, Inc.)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.7571.2109 - Microsoft Corporation)
Microsoft Office Home and Student 2016 - en-us (HKLM\...\HomeStudentRetail - en-us) (Version: 16.0.7571.2109 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2823807680-2409936962-4156565755-1001\...\OneDriveSetup.exe) (Version: 17.3.6743.1212 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23918 (HKLM-x32\...\{dab68466-3a7d-41a8-a5cf-415e3ff8ef71}) (Version: 14.0.23918.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23506 (HKLM-x32\...\{23daf363-3020-4059-b3ae-dc4ad39fed19}) (Version: 14.0.23506.0 - Microsoft Corporation)
Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.7571.2109 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (Version: 16.0.7571.2109 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.7571.2109 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (x32 Version: 16.0.7571.2109 - Microsoft Corporation) Hidden
Out of the Park Baseball 17 (HKLM\...\Steam App 402430) (Version: - Out of the Park Developments)
Product Registration (Version: 3.0.123.0 - Dell Inc.) Hidden
Qualcomm Atheros Bluetooth Installer (64) (HKLM\...\{628988B4-3FA5-4EA6-BAA3-DA640F6718BD}) (Version: 10.0.0.256 - Qualcomm Atheros)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.14393.21292 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7989 - Realtek Semiconductor Corp.)
Spotify (HKU\S-1-5-21-2823807680-2409936962-4156565755-1001\...\Spotify) (Version: 1.0.48.103.g15edf1ec - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Thunderbolt™ Software (HKLM-x32\...\{FBD934F4-FC23-4044-8392-3551DC8D972F}) (Version: 16.1.47.275 - Intel Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2823807680-2409936962-4156565755-1001_Classes\CLSID\{a9872fee-5a55-4ecb-9b0f-b06fedcf14d1}\localserver32 -> C:\Program Files\Waves\MaxxAudio\MaxxAudioPro.exe (Waves Audio Ltd)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {1786DD16-899F-468E-BCC8-AA3D09918F67} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-12-28] (Microsoft Corporation)
Task: {27FAA362-D69D-40FC-860E-DC123CB6546B} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\Dell\SupportAssist\uaclauncher.exe [2016-03-24] (PC-Doctor, Inc.)
Task: {293B3398-B329-42E8-B482-C546C66D39ED} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssist.exe [2016-09-09] (Dell Inc.)
Task: {35D90076-A53E-409B-BA29-AD691E7FF0A6} - System32\Tasks\McAfee\McAfee Idle Detection Task
Task: {37D0DC7D-C4FD-4B8E-9BDF-81CFF180119C} - System32\Tasks\PCDDataUploadTask => uaclauncher.exe
Task: {38A72F9F-D723-4C96-BF56-39B27E710C75} - System32\Tasks\Intel Security DAT Reputation (AMCore) Post DAT update endpoint safety pulse => C:\Program Files\Common Files\McAfee\AMContent\scanners\x86_64\datrep\1.50.1291.1\mcdatrep.exe [2017-02-11] (McAfee, Inc.)
Task: {51D2238A-259A-4BD9-8FEA-53AF4161BFBE} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-10-19] (Google Inc.)
Task: {5A822802-54DB-42CE-A661-6B188F37DDAE} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\Dell\SupportAssist\sessionchecker.exe [2016-03-24] (PC-Doctor, Inc.)
Task: {619673EA-5F86-4845-A584-449F992AAAA1} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {682EDEF0-5727-445A-BBC9-36A32F985D7C} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt application when hardware is detected => Thunderbolt.exe
Task: {86F25E8A-97B1-477B-B4E3-B8125F25256C} - System32\Tasks\Intel PTT EK Recertification => C:\Program Files\Intel\iCLS Client\IntelPTTEKRecertification.exe [2016-02-19] (Intel® Corporation)
Task: {8EDD36FC-2139-435C-8259-7A8407BAFCA1} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-12-28] (Microsoft Corporation)
Task: {9081F74B-2198-4286-A40B-9F01DE60C0BF} - System32\Tasks\Intel Security DAT Reputation (AMCore) periodic endpoint safety pulse => C:\Program Files\Common Files\McAfee\AMContent\scanners\x86_64\datrep\1.50.1291.1\mcdatrep.exe [2017-02-11] (McAfee, Inc.)
Task: {9947C4A4-E0BF-462D-87DD-6FE593AB6F06} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt application on login if service is up => Thunderbolt.exe
Task: {9DC6C073-0880-42D3-907F-D81D0830AEC7} - System32\Tasks\McAfeeLogon => C:\Program Files\Common Files\McAfee\platform\McUICnt.exe [2016-12-09] (McAfee, Inc.)
Task: {9FCEDED3-6A90-4DD8-97EB-EECB1FF8DCF0} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-10-19] (Dropbox, Inc.)
Task: {A8226D47-C518-4265-A609-78E075F47C84} - System32\Tasks\OneDrive Standalone Update Task => C:\Users\howar\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\OneDriveStandaloneUpdater.exe
Task: {AC513E21-E231-4E3D-BF16-51D12A15ACEB} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt service when hardware is detected => sc.exe start ThunderboltService
Task: {B0CAB8CC-A642-44D0-BA2D-D23078757994} - System32\Tasks\RtHDVBg_PushButton => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2016-12-07] (Realtek Semiconductor)
Task: {C5C36048-B21E-4AFD-B878-760273CF6F4F} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-10-19] (Dropbox, Inc.)
Task: {CB433F34-50F6-4F58-B746-1C874ED19C85} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-10-19] (Google Inc.)
Task: {D54461FA-5CFE-4138-8E10-ACF5D91C7AB3} - System32\Tasks\DropboxOEM => C:\Program Files (x86)\Dropbox\DropboxOEM\DropboxOEM.exe [2016-07-18] (DropboxOEM)
Task: {E855E859-93E9-476F-897E-9D042354BF87} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt service on boot if driver is up => tbtsvc.exe
Task: {F8B70F34-5A8D-45AF-83B5-7AADACEE743A} - System32\Tasks\McAfee\McAfee Auto Maintenance Task Agent

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\RunDLC.job => cmd /c sc start Dell Help Support WORKGROUP DESKTOP GNSDLT1

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2016-07-16 06:42 - 2016-07-16 06:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-12-13 14:24 - 2016-12-09 05:29 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-12-13 14:24 - 2016-12-09 05:29 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
2016-10-21 14:34 - 2016-10-21 14:34 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2017-01-10 15:20 - 2016-12-21 02:09 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2017-01-10 15:20 - 2016-12-21 01:54 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-01-10 15:20 - 2016-12-21 01:48 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-01-10 15:20 - 2016-12-21 01:48 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2017-01-10 15:20 - 2016-12-21 01:48 - 01033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2017-01-10 15:20 - 2016-12-21 01:48 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-01-10 15:20 - 2016-12-21 01:53 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2017-02-06 07:46 - 2017-02-06 07:46 - 00073728 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.105.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2017-02-06 07:46 - 2017-02-06 07:46 - 00179712 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.105.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2017-02-06 07:46 - 2017-02-06 07:46 - 42895872 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.105.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2017-02-06 07:46 - 2017-02-06 07:46 - 02215424 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.105.0_x64__kzf8qxf38zg5c\roottools.dll
2017-02-14 16:34 - 2017-02-14 16:34 - 07616680 _____ () C:\Program Files (x86)\McAfee\SiteAdvisor\Download\saUpgrade64.exe
2017-01-10 15:20 - 2016-12-21 01:49 - 04046848 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Signals.dll
2016-12-01 16:25 - 2016-12-23 13:28 - 00657184 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2016-12-01 16:25 - 2016-08-31 20:02 - 04969248 _____ () C:\Program Files (x86)\Steam\v8.dll
2016-12-01 16:25 - 2017-01-18 20:30 - 02327840 _____ () C:\Program Files (x86)\Steam\video.dll
2016-12-01 16:25 - 2016-08-31 20:02 - 01563936 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2016-12-01 16:25 - 2016-08-31 20:02 - 01195296 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2016-12-01 16:25 - 2016-01-27 02:49 - 02549760 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2016-12-01 16:25 - 2016-01-27 02:49 - 00491008 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2016-12-01 16:25 - 2016-01-27 02:49 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2016-12-01 16:25 - 2016-01-27 02:49 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2016-12-01 16:25 - 2016-01-27 02:49 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2016-12-01 16:25 - 2017-01-18 20:30 - 00838432 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2016-12-16 08:57 - 2017-01-04 22:12 - 68813088 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7\libcef.dll
2016-12-01 16:25 - 2017-01-18 20:30 - 00383776 _____ () C:\Program Files (x86)\Steam\steam.dll
2017-02-08 09:06 - 2017-02-06 23:48 - 00801600 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_watchdog.dll
2016-10-28 18:07 - 2017-01-13 18:53 - 00035792 _____ () C:\Program Files (x86)\Dropbox\Client\_multiprocessing.pyd
2016-10-28 18:07 - 2017-01-13 18:53 - 00100296 _____ () C:\Program Files (x86)\Dropbox\Client\_ctypes.pyd
2016-10-28 18:07 - 2017-01-13 18:53 - 00018888 _____ () C:\Program Files (x86)\Dropbox\Client\select.pyd
2016-10-28 18:07 - 2017-02-06 23:50 - 00019776 _____ () C:\Program Files (x86)\Dropbox\Client\tornado.speedups.pyd
2016-10-28 18:07 - 2017-01-13 18:53 - 00694224 _____ () C:\Program Files (x86)\Dropbox\Client\unicodedata.pyd
2017-02-08 09:06 - 2017-02-06 23:50 - 00020824 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._constant_time.pyd
2016-10-28 18:07 - 2017-01-13 18:54 - 00123856 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_backend.pyd
2017-02-08 09:06 - 2017-02-06 23:50 - 01682768 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._openssl.pyd
2017-02-08 09:06 - 2017-02-06 23:50 - 00020816 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._padding.pyd
2017-02-08 09:06 - 2017-01-13 18:53 - 00145864 _____ () C:\Program Files (x86)\Dropbox\Client\pyexpat.pyd
2017-02-08 09:06 - 2017-01-13 18:54 - 00019408 _____ () C:\Program Files (x86)\Dropbox\Client\faulthandler.pyd
2017-02-08 09:06 - 2017-01-13 18:53 - 00116688 _____ () C:\Program Files (x86)\Dropbox\Client\pywintypes27.dll
2016-10-28 18:07 - 2017-01-13 18:56 - 00105928 _____ () C:\Program Files (x86)\Dropbox\Client\win32api.pyd
2016-10-28 18:07 - 2017-02-06 23:50 - 00022864 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.crt.compiled._winffi_crt.pyd
2017-02-08 09:06 - 2017-02-06 23:50 - 00052544 _____ () C:\Program Files (x86)\Dropbox\Client\psutil._psutil_windows.pyd
2017-02-08 09:06 - 2017-02-06 23:50 - 00038712 _____ () C:\Program Files (x86)\Dropbox\Client\fastpath.pyd
2017-02-08 09:06 - 2017-01-13 18:53 - 00392144 _____ () C:\Program Files (x86)\Dropbox\Client\pythoncom27.dll
2017-02-08 09:06 - 2017-01-13 18:56 - 00020936 _____ () C:\Program Files (x86)\Dropbox\Client\mmapfile.pyd
2016-10-28 18:07 - 2017-01-13 18:56 - 00024528 _____ () C:\Program Files (x86)\Dropbox\Client\win32event.pyd
2016-10-28 18:07 - 2017-01-13 18:57 - 00116176 _____ () C:\Program Files (x86)\Dropbox\Client\win32security.pyd
2016-10-28 18:07 - 2017-02-06 23:50 - 00381760 _____ () C:\Program Files (x86)\Dropbox\Client\win32com.shell.shell.pyd
2016-10-28 18:07 - 2017-01-13 18:56 - 00124880 _____ () C:\Program Files (x86)\Dropbox\Client\win32file.pyd
2016-10-28 18:07 - 2017-02-06 23:50 - 00026456 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.kernel32.compiled._winffi_kernel32.pyd
2016-10-28 18:07 - 2017-01-13 18:56 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32clipboard.pyd
2016-10-28 18:07 - 2017-01-13 18:56 - 00175560 _____ () C:\Program Files (x86)\Dropbox\Client\win32gui.pyd
2016-10-28 18:07 - 2017-01-13 18:57 - 00030160 _____ () C:\Program Files (x86)\Dropbox\Client\win32pipe.pyd
2016-10-28 18:07 - 2017-01-13 18:57 - 00043472 _____ () C:\Program Files (x86)\Dropbox\Client\win32process.pyd
2016-10-28 18:07 - 2017-01-13 18:57 - 00048592 _____ () C:\Program Files (x86)\Dropbox\Client\win32service.pyd
2016-10-28 18:07 - 2017-01-13 18:56 - 00057808 _____ () C:\Program Files (x86)\Dropbox\Client\win32evtlog.pyd
2016-10-28 18:07 - 2017-01-13 18:57 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32profile.pyd
2017-02-08 09:06 - 2017-02-06 23:50 - 00246608 _____ () C:\Program Files (x86)\Dropbox\Client\breakpad.client.windows.handler.pyd
2017-02-08 09:06 - 2017-02-06 23:50 - 00027488 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox.infinite.win.compiled._driverinstallation.pyd
2016-10-28 18:07 - 2017-01-13 18:55 - 00241104 _____ () C:\Program Files (x86)\Dropbox\Client\_jpegtran.pyd
2017-02-08 09:06 - 2017-02-06 23:50 - 00022336 _____ () C:\Program Files (x86)\Dropbox\Client\cpuid.compiled._cpuid.pyd
2016-10-28 18:07 - 2017-01-13 18:57 - 00028616 _____ () C:\Program Files (x86)\Dropbox\Client\win32ts.pyd
2017-02-08 09:06 - 2017-02-06 23:50 - 01826104 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtCore.pyd
2016-10-28 18:07 - 2017-01-13 18:54 - 00083912 _____ () C:\Program Files (x86)\Dropbox\Client\sip.pyd
2017-02-08 09:06 - 2017-02-06 23:50 - 01972536 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtGui.pyd
2017-02-08 09:06 - 2017-02-06 23:50 - 03928896 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWidgets.pyd
2017-02-08 09:06 - 2017-02-06 23:50 - 00531264 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtNetwork.pyd
2016-10-28 18:07 - 2017-02-06 23:50 - 00025432 _____ () C:\Program Files (x86)\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.pyd
2017-02-08 09:06 - 2017-02-06 23:50 - 00133432 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKit.pyd
2017-02-08 09:06 - 2017-02-06 23:50 - 00224064 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKitWidgets.pyd
2017-02-08 09:06 - 2017-02-06 23:50 - 00207680 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtPrintSupport.pyd
2017-01-23 21:37 - 2017-02-06 23:50 - 00021840 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.user32.compiled._winffi_user32.pyd
2016-10-28 18:07 - 2017-02-06 23:50 - 00069968 _____ () C:\Program Files (x86)\Dropbox\Client\windisplaytoast.compiled._DisplayToast.pyd
2017-01-23 21:37 - 2017-02-06 23:50 - 00022872 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.iphlpapi.compiled._winffi_iphlpapi.pyd
2017-01-23 21:37 - 2017-02-06 23:50 - 00021848 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winerror.compiled._winffi_winerror.pyd
2017-01-23 21:37 - 2017-02-06 23:50 - 00022872 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.wininet.compiled._winffi_wininet.pyd
2016-10-28 18:07 - 2017-01-13 18:57 - 00350152 _____ () C:\Program Files (x86)\Dropbox\Client\winxpgui.pyd
2017-02-08 09:06 - 2017-02-06 23:50 - 00103232 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWinExtras.pyd
2016-10-28 18:07 - 2017-02-06 23:50 - 00023896 _____ () C:\Program Files (x86)\Dropbox\Client\winverifysignature.compiled._VerifySignature.pyd
2017-02-08 09:06 - 2017-02-06 23:50 - 00025936 _____ () C:\Program Files (x86)\Dropbox\Client\librsyncffi.compiled._librsyncffi.pyd
2017-02-08 09:06 - 2017-01-13 18:51 - 00036296 _____ () C:\Program Files (x86)\Dropbox\Client\librsync.dll
2017-02-08 09:06 - 2017-02-06 23:50 - 00033112 _____ () C:\Program Files (x86)\Dropbox\Client\enterprise_data.compiled._enterprise_data.pyd
2017-02-08 09:06 - 2016-12-22 01:58 - 00293392 _____ () C:\Program Files (x86)\Dropbox\Client\EnterpriseDataAdapter.dll
2017-02-08 09:06 - 2017-02-06 23:50 - 00084288 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_sqlite_ext.DLL
2017-02-08 09:06 - 2017-01-13 19:02 - 00017864 _____ () C:\Program Files (x86)\Dropbox\Client\libEGL.dll
2017-02-08 09:06 - 2017-01-13 19:02 - 01631184 _____ () C:\Program Files (x86)\Dropbox\Client\libGLESv2.dll
2017-02-08 09:06 - 2017-02-06 23:50 - 00042816 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebChannel.pyd
2017-02-08 09:06 - 2017-02-06 23:50 - 00171336 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineWidgets.pyd
2017-02-08 09:06 - 2017-02-06 23:50 - 00357688 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQml.pyd
2016-10-28 18:07 - 2017-01-13 18:57 - 00060880 _____ () C:\Program Files (x86)\Dropbox\Client\win32print.pyd
2016-10-28 18:07 - 2017-02-06 23:50 - 00026456 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winhttp.compiled._winffi_winhttp.pyd
2016-12-21 10:24 - 2016-12-21 10:24 - 00134008 _____ () C:\Program Files (x86)\Dell Customer Connect\ServiceTagPlusPlus.dll
2016-05-02 16:52 - 2016-05-02 16:52 - 00134144 _____ () C:\Program Files (x86)\Dell Update\ServiceTagPlusPlus.dll
2016-05-16 23:50 - 2016-05-16 23:50 - 01243936 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ModuleCoreService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcapexe => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McNaiAnn => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ModuleCoreService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-10-30 02:24 - 2015-10-30 02:21 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2823807680-2409936962-4156565755-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\howar\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: Media is not connected to internet.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => LPort=139
FirewallRules: [UDP Query User{5C4ED59E-7B05-4BE3-AEF2-690979359AF7}C:\users\howar\appdata\roaming\spotify\spotify.exe] => C:\users\howar\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{32BC640A-0B50-41AE-A47D-B651FE7BA62D}C:\users\howar\appdata\roaming\spotify\spotify.exe] => C:\users\howar\appdata\roaming\spotify\spotify.exe
FirewallRules: [{4099AD02-7DAC-4A44-B46F-0D18DA9C89BA}] => C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{1696F169-752A-48B5-A26C-1BB1D691CC30}] => C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{AA798D2D-190E-434C-9B5C-61396FFDA09C}] => C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{893D7E51-1482-44BC-A0DC-9222599167F0}] => C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{216C43DF-4363-4408-B867-F0063D1B242D}] => C:\Program Files (x86)\Steam\steamapps\common\Out of the Park Baseball 17\ootp17.exe
FirewallRules: [{6231ECD4-1916-4729-BDE6-C55771087BD8}] => C:\Program Files (x86)\Steam\steamapps\common\Out of the Park Baseball 17\ootp17.exe
FirewallRules: [{03AC36E5-EC89-41A8-8025-E6A7B82EDA4F}] => C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{799E3A1E-31C8-4B85-845E-8C8760FAE61C}] => C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{832FFDAB-91E7-4B60-B40F-C10CEC79F178}] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{634373AC-2004-4451-B8B6-A76E9F3A90CB}] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe

==================== Restore Points =========================

07-01-2017 20:24:31 Windows Update
12-01-2017 19:22:44 Windows Update
29-01-2017 18:21:38 Windows Update
10-02-2017 13:07:56 Installed DirectX

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (02/14/2017 04:26:16 PM) (Source: DbxSvc) (EventID: 320) (User: )
Description: Failed to connect to the driver: (-2147024894) The system cannot find the file specified.

Error: (02/14/2017 04:25:43 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-GNSDLT1)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (02/14/2017 04:08:39 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program chrome.exe version 56.0.2924.87 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 1c90

Start Time: 01d287055e2ee229

Termination Time: 10

Application Path: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

Report Id: a59618d0-f2f8-11e6-93a1-9cb6d0118dfe

Faulting package full name:

Faulting package-relative application ID:

Error: (02/14/2017 03:52:26 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program chrome.exe version 56.0.2924.87 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 22bc

Start Time: 01d287035c531ddf

Termination Time: 22

Application Path: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

Report Id: d074e4f8-f2f6-11e6-93a1-9cb6d0118dfe

Faulting package full name:

Faulting package-relative application ID:

Error: (02/14/2017 03:45:18 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program chrome.exe version 56.0.2924.87 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 2654

Start Time: 01d286fcba06835d

Termination Time: 12

Application Path: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

Report Id: 73779d53-f2f5-11e6-93a1-9cb6d0118dfe

Faulting package full name:

Faulting package-relative application ID:

Error: (02/14/2017 02:50:21 PM) (Source: DbxSvc) (EventID: 320) (User: )
Description: Failed to connect to the driver: (-2147024894) The system cannot find the file specified.

Error: (02/14/2017 02:41:02 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: DESKTOP-GNSDLT1)
Description: Package Microsoft.Windows.Cortana_1.7.0.14393_neutral_neutral_cw5n1h2txyewy+CortanaUI was terminated because it took too long to suspend.

Error: (02/14/2017 01:22:32 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program chrome.exe version 56.0.2924.87 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 23bc

Start Time: 01d286edc4e89947

Termination Time: 5

Application Path: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

Report Id: 21cbcca4-f2e1-11e6-93a0-9cb6d0118dfe

Faulting package full name:

Faulting package-relative application ID:

Error: (02/14/2017 01:10:52 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program chrome.exe version 56.0.2924.87 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 2a08

Start Time: 01d286ece7274142

Termination Time: 60000

Application Path: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

Report Id: 2f6d04ca-f2e0-11e6-93a0-9cb6d0118dfe

Faulting package full name:

Faulting package-relative application ID:

Error: (02/14/2017 01:09:51 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program chrome.exe version 56.0.2924.87 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 2b94

Start Time: 01d286e14683e9a6

Termination Time: 4294967295

Application Path: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

Report Id: 5f4666af-f2df-11e6-93a0-9cb6d0118dfe

Faulting package full name:

Faulting package-relative application ID:


System errors:
=============
Error: (02/14/2017 04:41:08 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (02/14/2017 04:39:02 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (02/14/2017 04:26:20 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
and APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (02/14/2017 04:26:18 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (02/14/2017 04:26:18 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (02/14/2017 04:25:43 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-GNSDLT1)
Description: The server CortanaUI.AppXv10pzw7gdgcvvk5tn6zk80hbaekm7g3d.mca did not register with DCOM within the required timeout.

Error: (02/14/2017 04:25:41 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-GNSDLT1)
Description: The server {0002DF02-0000-0000-C000-000000000046} did not register with DCOM within the required timeout.

Error: (02/14/2017 04:25:40 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (02/14/2017 04:08:39 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (02/14/2017 04:02:14 PM) (Source: DCOM) (EventID: 10029) (User: NT AUTHORITY)
Description: The activation of the CLSID {E782BE15-9936-4A7F-8DF9-9AB95D229DF1} timed out waiting for the service ClientAnalyticsService to stop.


==================== Memory info ===========================

Processor: Intel® Core™ i5-7200U CPU @ 2.50GHz
Percentage of memory in use: 35%
Total physical RAM: 8077.63 MB
Available physical RAM: 5191.34 MB
Total Virtual: 13965.63 MB
Available Virtual: 11139.94 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:225.26 GB) (Free:152.84 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 238.5 GB) (Disk ID: 98BD45FF)

Partition: GPT.

==================== End of Addition.txt ============================

Attached Files


Edited by Oh My!, 14 February 2017 - 05:18 PM.


BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,617 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:06 AM

Posted 14 February 2017 - 05:15 PM

Greetings MrGeneral and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. Please allow me just a bit of time to review what you have posted.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,617 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:06 AM

Posted 14 February 2017 - 05:34 PM

Thank you for your patience.

Are you having any issues using Edge or Internet Exlplorer?

Does your computer freeze when not using the browser/internet?

Please do this.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows Key + R on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it as fixlist.txt in the same location/folder as FRST.exe (<<<Important)
CreateRestorePoint:
CloseProcesses:
SearchScopes: HKU\S-1-5-21-2823807680-2409936962-4156565755-1001 -> DefaultScope {ABBE1D52-350D-4014-96CE-A04DD8DE5874} URL = 
SearchScopes: HKU\S-1-5-21-2823807680-2409936962-4156565755-1001 -> {ABBE1D52-350D-4014-96CE-A04DD8DE5874} URL = 
S2 0188381487108055mcinstcleanup; C:\WINDOWS\TEMP\018838~1.EXE [883024 2017-02-14] (McAfee, Inc.)
C:\WINDOWS\TEMP\018838~1.EXE
  • Right click on FRST.exe, select Run as administrator then press the Fix button
  • When completed he tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Launching Chrome Without Plugins or Extensions

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type in chrome --disable-extensions and press Enter
  • Check the browser behavior
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Reply to questions
  • Fixlog
  • How does Chrome work without Plugins?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#4 MrGeneral

MrGeneral
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:06:06 AM

Posted 14 February 2017 - 05:54 PM

Hi Gary,

 

You can call me Keith! Thank you so much for helping me out.

 

Yes, I also had issues with running Edge. I was able to do a search through Bing but whenever I clicked on any of the results, the page would load forever.

 

The computer does not have any problems with programs that do not connect to the internet.

 

Chrome still froze after a bit of browsing with the extensions disabled.

 

Thanks!

 

Here are the logs:

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 14-02-2017
Ran by howar (14-02-2017 17:43:26) Run:1
Running from C:\Users\howar\Desktop
Loaded Profiles: howar (Available Profiles: howar)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
SearchScopes: HKU\S-1-5-21-2823807680-2409936962-4156565755-1001 -> DefaultScope {ABBE1D52-350D-4014-96CE-A04DD8DE5874} URL = 
SearchScopes: HKU\S-1-5-21-2823807680-2409936962-4156565755-1001 -> {ABBE1D52-350D-4014-96CE-A04DD8DE5874} URL = 
S2 0188381487108055mcinstcleanup; C:\WINDOWS\TEMP\018838~1.EXE [883024 2017-02-14] (McAfee, Inc.)
C:\WINDOWS\TEMP\018838~1.EXE
*****************
 
Restore point was successfully created.
Processes closed successfully.
HKU\S-1-5-21-2823807680-2409936962-4156565755-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-21-2823807680-2409936962-4156565755-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{ABBE1D52-350D-4014-96CE-A04DD8DE5874} => key removed successfully
HKCR\CLSID\{ABBE1D52-350D-4014-96CE-A04DD8DE5874} => key not found. 
HKLM\System\CurrentControlSet\Services\0188381487108055mcinstcleanup => key removed successfully
0188381487108055mcinstcleanup => service removed successfully
C:\WINDOWS\TEMP\018838~1.EXE => moved successfully
 
 
The system needed a reboot.
 
==== End of Fixlog 17:43:34 ====


#5 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,617 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:06 AM

Posted 14 February 2017 - 06:07 PM

You are quite welcome Keith.

Please do this.

===================================================

Boot into Safe Mode with Networking and check your browser performance then complete the next 2 steps.

===================================================

Malwarebytes AdwCleaner

-------------------
  • Please download AdwCleaner and save it on your desktop.
  • Close all open programs and internet browser
  • Double click on AdwCleaner.exe, click Run, then select I agree if it appears
  • Click Scan
  • Once the scan has completed if there are threats found you will see Found 3 threats or something similar above the progress bar
  • Click each tab under Results and uncheck any items you want to keep
  • Click on Clean
  • Confirm the cleaning and rebooting of your computer by clicking OK
  • Click OK twice to finish the removal process by automatically rebooting your computer
  • Once completed an AdwCleaner document will open on your desktop
  • Copy and paste the contents in your reply
===================================================

Farbar's MiniToolBox

--------------------
  • Please download MiniToolBox, save it to your desktop
  • Please close any Firefox browsers you may have open
  • Double click the icon to launch the program
  • Make sure only the following options are checked:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries

  • Click Go and once the scan is completed a MTB.txt Notepad document will open on your desktop
  • Please copy and paste the contents in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Safe Mode with Networking?
  • AdwCleaner log
  • MTB.txt

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#6 MrGeneral

MrGeneral
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:06:06 AM

Posted 14 February 2017 - 06:40 PM

Gary,

 

When I booted into safe mode with networking, I was unable to connect to the internet. So I could not test chrome out.

 

I tried Chrome after the two scans and it still froze after a few minutes.

 

Thanks for your help!

 

Here are the logs:

 

Adwcleaner logs:

 

# AdwCleaner v6.043 - Logfile created 14/02/2017 at 18:29:03
# Updated on 27/01/2017 by Malwarebytes
# Database : 2017-01-27.1 [Local]
# Operating System : Windows 10 Home  (X64)
# Username : howar - DESKTOP-GNSDLT1
# Running from : C:\Users\howar\Desktop\AdwCleaner.exe
# Mode: Clean
 
 
 
***** [ Services ] *****
 
 
 
***** [ Folders ] *****
 
[-] Folder deleted: C:\ProgramData\640930fa-ad39-4918-b8cd-402c35c4f693
 
 
***** [ Files ] *****
 
 
 
***** [ DLL ] *****
 
 
 
***** [ WMI ] *****
 
 
 
***** [ Shortcuts ] *****
 
 
 
***** [ Scheduled Tasks ] *****
 
 
 
***** [ Registry ] *****
 
 
 
***** [ Web browsers ] *****
 
[-] [C:\Users\howar\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: aol.com
[-] [C:\Users\howar\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: ask.com
 
 
*************************
 
:: "Tracing" keys deleted
:: Winsock settings cleared
 
*************************
 
C:\AdwCleaner\AdwCleaner[C0].txt - [1047 Bytes] - [14/02/2017 18:29:03]
C:\AdwCleaner\AdwCleaner[S0].txt - [1337 Bytes] - [14/02/2017 18:28:28]
 
########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [1193 Bytes] ##########
 
MTB logs:
 
MiniToolBox by Farbar  Version: 17-06-2016
Ran by howar (administrator) on 14-02-2017 at 18:31:52
Running from "C:\Users\howar\Desktop"
Microsoft Windows 10 Home  (X64)
Model: XPS 13 9360 Manufacturer: Dell Inc.
Boot Mode: Normal
***************************************************************************
 
========================= Flush DNS: ===================================
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========================= IE Proxy Settings: ============================== 
 
Proxy is not enabled.
No Proxy Server is set.
 
"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================
========================= IP Configuration: ================================
 
Killer Wireless-n/a/ac 1535 Wireless Network Adapter = Wi-Fi (Connected)
Bluetooth Device (Personal Area Network) = Bluetooth Network Connection (Media disconnected)
 
 
# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4
 
reset
set global
set interface interface="Wi-Fi" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Local Area Connection* 3" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Ethernet" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Local Area Connection* 1" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Bluetooth Network Connection" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
 
 
popd
# End of IPv4 configuration
 
 
 
Windows IP Configuration
 
   Host Name . . . . . . . . . . . . : DESKTOP-GNSDLT1
   Primary Dns Suffix  . . . . . . . : 
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : ad.wlu.edu
 
Wireless LAN adapter Local Area Connection* 3:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft Wi-Fi Direct Virtual Adapter
   Physical Address. . . . . . . . . : 9E-B6-D0-11-8D-FD
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Wireless LAN adapter Wi-Fi:
 
   Connection-specific DNS Suffix  . : ad.wlu.edu
   Description . . . . . . . . . . . : Killer Wireless-n/a/ac 1535 Wireless Network Adapter
   Physical Address. . . . . . . . . : 9C-B6-D0-11-8D-FD
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::d95e:2a02:de63:3a0f%5(Preferred) 
   IPv4 Address. . . . . . . . . . . : 10.0.90.32(Preferred) 
   Subnet Mask . . . . . . . . . . . : 255.255.0.0
   Lease Obtained. . . . . . . . . . : Tuesday, February 14, 2017 6:31:14 PM
   Lease Expires . . . . . . . . . . : Wednesday, February 15, 2017 6:31:13 AM
   Default Gateway . . . . . . . . . : 10.0.0.1
   DHCP Server . . . . . . . . . . . : 137.113.150.67
   DHCPv6 IAID . . . . . . . . . . . : 43824848
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1F-9B-F1-01-9C-B6-D0-11-8D-FD
   DNS Servers . . . . . . . . . . . : 137.113.81.46
                                       137.113.81.47
                                       137.113.81.102
                                       137.113.81.101
   NetBIOS over Tcpip. . . . . . . . : Enabled
 
Ethernet adapter Bluetooth Network Connection:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Bluetooth Device (Personal Area Network)
   Physical Address. . . . . . . . . : 9C-B6-D0-11-8D-FE
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter isatap.ad.wlu.edu:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : ad.wlu.edu
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
Server:  mdc3.ad.wlu.edu
Address:  137.113.81.46
 
Name:    google.com
Addresses:  2607:f8b0:4004:80f::200e
 216.58.218.238
 
 
Pinging google.com [216.58.218.238] with 32 bytes of data:
Reply from 216.58.218.238: bytes=32 time=59ms TTL=53
Reply from 216.58.218.238: bytes=32 time=13ms TTL=53
 
Ping statistics for 216.58.218.238:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 13ms, Maximum = 59ms, Average = 36ms
Server:  mdc3.ad.wlu.edu
Address:  137.113.81.46
 
Name:    yahoo.com
Addresses:  2001:4998:c:a06::2:4008
 2001:4998:44:204::a7
 2001:4998:58:c02::a9
 98.139.183.24
 98.138.253.109
 206.190.36.45
 
 
Pinging yahoo.com [206.190.36.45] with 32 bytes of data:
Reply from 206.190.36.45: bytes=32 time=132ms TTL=46
Reply from 206.190.36.45: bytes=32 time=91ms TTL=46
 
Ping statistics for 206.190.36.45:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 91ms, Maximum = 132ms, Average = 111ms
 
Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
 
Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
  6...9e b6 d0 11 8d fd ......Microsoft Wi-Fi Direct Virtual Adapter
  5...9c b6 d0 11 8d fd ......Killer Wireless-n/a/ac 1535 Wireless Network Adapter
 18...9c b6 d0 11 8d fe ......Bluetooth Device (Personal Area Network)
  1...........................Software Loopback Interface 1
  8...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
===========================================================================
 
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0         10.0.0.1       10.0.90.32     40
         10.0.0.0      255.255.0.0         On-link        10.0.90.32    296
       10.0.90.32  255.255.255.255         On-link        10.0.90.32    296
     10.0.255.255  255.255.255.255         On-link        10.0.90.32    296
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    331
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    331
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    331
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    331
        224.0.0.0        240.0.0.0         On-link        10.0.90.32    296
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    331
  255.255.255.255  255.255.255.255         On-link        10.0.90.32    296
===========================================================================
Persistent Routes:
  None
 
IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  1    331 ::1/128                  On-link
  5    296 fe80::/64                On-link
  5    296 fe80::d95e:2a02:de63:3a0f/128
                                    On-link
  1    331 ff00::/8                 On-link
  5    296 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================
 
Catalog5 01 C:\WINDOWS\SysWoW64\napinsp.dll [55808] (Microsoft Corporation)
Catalog5 02 C:\WINDOWS\SysWoW64\pnrpnsp.dll [70656] (Microsoft Corporation)
Catalog5 03 C:\WINDOWS\SysWoW64\pnrpnsp.dll [70656] (Microsoft Corporation)
Catalog5 04 C:\WINDOWS\SysWoW64\NLAapi.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\WINDOWS\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog5 06 C:\WINDOWS\SysWoW64\winrnr.dll [24064] (Microsoft Corporation)
Catalog5 07 C:\WINDOWS\SysWoW64\wshbth.dll [51712] (Microsoft Corporation)
Catalog9 01 C:\WINDOWS\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 02 C:\WINDOWS\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 03 C:\WINDOWS\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 04 C:\WINDOWS\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 05 C:\WINDOWS\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 06 C:\WINDOWS\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 07 C:\WINDOWS\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 08 C:\WINDOWS\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 09 C:\WINDOWS\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 10 C:\WINDOWS\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 11 C:\WINDOWS\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 12 C:\WINDOWS\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 13 C:\WINDOWS\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\napinsp.dll [67584] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\NLAapi.dll [80896] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [31744] (Microsoft Corporation)
x64-Catalog5 07 C:\Windows\System32\wshbth.dll [62976] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 12 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 13 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
 
**** End of log ****
 


#7 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,617 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:06 AM

Posted 14 February 2017 - 08:07 PM

Greetings Keith.

The good news is your issue is not malware related. We just need to figure out what is causing your difficulty.

Are there other devices connected to your network and if so are they working ok?

Do you have a separate modem and wireless router?

Do this.
  • Right click on the Start button and select Command Prompt (Admin)
  • Type ipconfig /release then hit Enter
  • Type ipconfig /renew then hit Enter
  • Test your Internet

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#8 MrGeneral

MrGeneral
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:06:06 AM

Posted 15 February 2017 - 12:40 AM

Hi Gary,

Glad to hear malware isn't the issue. Yes, many other devices work on the network. I have also tried switching networks and have had the same issue. One of the networks is a school network.

I performed those actions in the command prompt and the problem is still there.

It is strange because any other program on my pc works fine. But when I use chrome for a few minutes it freezes up. When I use Edge the pages load forever.

Thanks,
Keith

#9 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,617 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:06 AM

Posted 15 February 2017 - 01:15 PM

Thank you for the information Keith.

This is next.

===================================================

Reinstalling Network Adapter

----------
  • Press windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type devmgmt.msc and press Enter
  • Expand the Network Adapter section by clicking + sign
  • Right click on Killer Wireless-n/a/ac 1535 Wireless Network Adapter and select Uninstall, then OK
  • Reboot your computer
  • Connect to your Network Adapter and re-enter any required information
  • Check your internet access
  • If you are still having issues complete the next step
===================================================

Complete Internet Repair

--------------------
  • Please download comintrep.zip and save it to your desktop
  • Double click the icon and select Run
  • Click Extract
  • Double click the Complete Internet Repair folder on your desktop
  • Double click the CIntRep.exe icon
  • Place a checkmark next to the following entries:

Reset Internet Protocol (TCP/IP)
Repair Winsock (Reset Catalog)
Renew Internet Connections
Flush DNS Resolver Cache

Repair Internet Explorer 6.0.2900
Clear Windows Update History
Repair Windows / Automatic Updates
Repair SSL / HTTPS / Cryptography
Reset Windows Firewall Configuration
Restore the default hosts file
Repair Workgroup Computers view

  • Click Go!
  • Ignore any error messages for now
  • Click OK to reboot your computer
  • Check your internet access
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Results?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#10 MrGeneral

MrGeneral
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:06:06 AM

Posted 15 February 2017 - 10:28 PM

Hi Gary,

 

It works perfectly now!!

 

Thank you so much!

 

I really appreciate all of your help.



#11 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,617 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:06 AM

Posted 15 February 2017 - 10:43 PM

Greetings.

Glad to hear that.

Just a couple more follow up things, if you don't mind.

===================================================

ESET Online Scanner

--------------------

I'd like us to scan your machine with ESET OnlineScan This process may may take several hours, that is normal.
  • Download esetsmartinstaller_enu.exe and save it to your Desktop
  • Double click the icon
  • Check YES, I accept the Terms of Use
  • Click the Start button
  • Accept any security warnings from your browser
  • Click Advanced settings
  • Check the following items

Enable detection of potentially unwanted applications
Remove found threats
Scan archives
Scan for potentially unsafe applications
Enable Anti-Stealth technology

  • Click Start
  • ESET will then download updates and begin scanning your computer
  • If no threats are found simply click Uninstall application on close and hit Finish
  • If threats are found click List of found threats
  • Click Export to text file
  • Save the file on your Desktop as ESET.txt
  • Click Back
  • Review the list of entries and if there are any you want to keep stop and copy/paste the ESET.txt report in your reply for my review
  • If you do not wish to keep any of the entries check Uninstall application on close and Delete quarantined files
  • Click Finish
  • Close the ESET Online Scanner window
  • Copy and paste the contents of ESET.txt in your reply
===================================================

screen317's Security Check

--------------------
  • Please download screen317's Security Check to your desktop
  • Double-click icon to launch the program
  • Click OK
  • Select Run Note: If you receive an error message saying UNSUPPORTED OPERATING SYSTEM! ABORTED! reboot your computer and attempt to run it again
  • Allow the program to run
  • A Notepad document will open on your desktop. Please copy and paste the contents in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • ESET log
  • Security Check log
  • How is your computer running?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#12 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,617 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:06 AM

Posted 19 February 2017 - 09:09 AM

Greetings,

===================================================

Do You Still Need Help?

It has been 3 days since my last post.
  • Do you still need help with this?
  • If you have not replied within 48 hours I will assume you have abandoned the Topic and it will be closed.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#13 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,617 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:06 AM

Posted 22 February 2017 - 01:33 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users