Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Computer is slow and browser closes randomly


  • This topic is locked This topic is locked
26 replies to this topic

#1 haylee03

haylee03

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:27 PM

Posted 20 August 2017 - 12:38 AM

Random pop ups when browsing in addition to the issues listed in the title.

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20-08-2017
Ran by Carmen (administrator) on NO (20-08-2017 01:28:24)
Running from C:\Users\Carmen\Downloads
Loaded Profiles: Carmen (Available Profiles: Carmen)
Platform: Windows 8.1 Connected (Update) (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Intel Corporation) C:\Windows\System32\DptfParticipantProcessorService.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe
() C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
(Intel® Corporation) C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\systemcore\mfemms.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\systemcore\mfefire.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(McAfee, Inc.) C:\Program Files\mcafee\msc\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\systemcore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.587\SSScheduler.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe
(CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE
(CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMUPDT.EXE
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\CSP\1.6.1180.0\McCSPServiceHost.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\CSISYNCCLIENT.EXE
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\platform\McUICnt.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.Reader_6.4.9926.18751_x64__8wekyb3d8bbwe\glcnd.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7637208 2014-09-15] (Realtek Semiconductor)
HKLM\...\Run: [DptfPolicyLpmServiceHelper] => C:\Windows\System32\DptfPolicyLpmServiceHelper.exe [111488 2014-09-05] (Intel Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2855664 2014-09-05] (Synaptics Incorporated)
HKLM\...\Run: [WindowsDefender] => "%ProgramFiles%\Windows Defender\MSASCuiL.exe"
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe [507192 2014-07-21] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1314432 2016-06-09] (CANON INC.)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [235624 2014-07-30] (CANON INC.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2017-07-12]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.587\SSScheduler.exe (McAfee, Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: 0.0.0.1 mssplus.mcafee.com
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{4D0ADDEB-31D9-4238-9CB1-5AF7A9C0E29C}: [DhcpNameServer] 40.24.1.16
Tcpip\..\Interfaces\{CB0963E0-3858-4923-A1A1-8FEB0F0421BB}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{CD583523-C98E-49DE-A412-DBBDB5184897}: [DhcpNameServer] 172.20.10.1
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT14/1
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT14/1
HKU\S-1-5-21-3531763432-3889044873-1211089148-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT14/1
HKU\S-1-5-21-3531763432-3889044873-1211089148-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://js.redirect.hp.com/jumpstation?bd=all&c=144&locale=ww_ww&pf=cnnb&s=ieHPtab&tp=iehome
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> {DB542ED2-7AC3-4C78-A9A2-E11615D24237} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-3531763432-3889044873-1211089148-1001 -> {DB542ED2-7AC3-4C78-A9A2-E11615D24237} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2016-12-28] (Microsoft Corporation)
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2016-02-23] (CANON INC.)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2016-12-28] (Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2016-12-28] (Microsoft Corporation)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2016-02-23] (CANON INC.)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2016-12-28] (Microsoft Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2016-02-23] (CANON INC.)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2016-02-23] (CANON INC.)
Toolbar: HKU\S-1-5-21-3531763432-3889044873-1211089148-1001 -> Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2016-02-23] (CANON INC.)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-28] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-28] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-28] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-28] (Microsoft Corporation)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll [2015-09-27] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll [2015-09-27] (McAfee, Inc.)
 
FireFox:
========
FF DefaultProfile: 654jel5f.default
FF ProfilePath: C:\Users\Carmen\AppData\Roaming\Mozilla\Firefox\Profiles\654jel5f.default [2017-03-02]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: (McAfee Anti-Spam Thunderbird Extension) - C:\Program Files\McAfee\MSK [2015-09-11] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_26_0_0_151.dll [2017-08-17] ()
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2015-09-27] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_26_0_0_151.dll [2017-08-17] ()
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll [2015-10-29] (CANON INC.)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2015-09-27] ()
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-12-28] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-12-28] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-27] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-27] (Google Inc.)
 
Chrome: 
=======
CHR Profile: C:\Users\Carmen\AppData\Local\Google\Chrome\User Data\Default [2017-08-20]
CHR Extension: (Google Slides) - C:\Users\Carmen\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-03-01]
CHR Extension: (Google Docs) - C:\Users\Carmen\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-03-01]
CHR Extension: (Google Drive) - C:\Users\Carmen\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-03-01]
CHR Extension: (YouTube) - C:\Users\Carmen\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-03-01]
CHR Extension: (Google Docs Offline) - C:\Users\Carmen\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-03-01]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Carmen\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-09]
CHR Extension: (Gmail) - C:\Users\Carmen\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-03-01]
CHR Extension: (Chrome Media Router) - C:\Users\Carmen\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-08-08]
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
S2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2251992 2013-11-13] (Broadcom Corporation.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [3699904 2016-12-28] (Microsoft Corporation)
R2 DptfParticipantAcpiProcessorService; C:\Windows\system32\DptfParticipantProcessorService.exe [115656 2014-09-05] (Intel Corporation)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [368048 2015-07-21] (McAfee, Inc.)
R2 HPWMISVC; c:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [476984 2014-07-21] (Hewlett-Packard Development Company, L.P.)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [318568 2014-09-15] (Intel Corporation)
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [84616 2014-05-15] ()
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [733696 2013-07-01] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [822232 2013-07-01] (Intel® Corporation)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [782608 2015-09-27] (McAfee, Inc.)
S3 McAWFwk; c:\Program Files\Common Files\McAfee\ActWiz\McAWFwk.exe [332528 2014-03-12] (McAfee, Inc.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.587\McCHSvc.exe [404376 2017-06-29] (McAfee, Inc.)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.6.1180.0\McCSPServiceHost.exe [1694152 2015-09-01] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [368048 2015-07-21] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [368048 2015-07-21] (McAfee, Inc.)
S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [639456 2015-07-17] (McAfee, Inc.)
S4 McOobeSv2; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [368048 2015-07-21] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [368048 2015-07-21] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [368048 2015-07-21] (McAfee, Inc.)
R3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [232656 2015-06-29] (McAfee, Inc.)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [373704 2015-07-06] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [254792 2015-06-29] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [368048 2015-07-21] (McAfee, Inc.)
S2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [50688 2013-05-16] (Hewlett-Packard) [File not signed]
S2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [66048 2013-05-16] (Hewlett-Packard) [File not signed]
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [292568 2014-09-15] (Realtek Semiconductor)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [220912 2014-09-05] (Synaptics Incorporated)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-01-12] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2017-01-12] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 AX88772; C:\Windows\system32\DRIVERS\ax88772.sys [113864 2013-07-18] (ASIX Electronics Corp.)
R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [170712 2013-11-13] (Broadcom Corporation.)
R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [7532760 2015-04-27] (Broadcom Corporation)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [77536 2015-07-02] (McAfee, Inc.)
S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.)
R3 DptfDevAcpiProc; C:\Windows\system32\DRIVERS\DptfDevAcpiProc.sys [198808 2014-09-05] (Intel Corporation)
S3 DptfDevDisplay; C:\Windows\System32\drivers\DptfDevDisplay.sys [70752 2014-09-05] (Intel Corporation)
S3 DptfDevDram; C:\Windows\System32\drivers\DptfDevDram.sys [145640 2014-09-05] (Intel Corporation)
S3 DptfDevFan; C:\Windows\System32\drivers\DptfDevFan.sys [50640 2014-09-05] (Intel Corporation)
R3 DptfDevGen; C:\Windows\system32\DRIVERS\DptfDevGen.sys [78504 2014-09-05] (Intel Corporation)
S3 DptfDevPch; C:\Windows\System32\drivers\DptfDevPch.sys [116752 2014-09-05] (Intel Corporation)
S3 DptfDevPower; C:\Windows\System32\drivers\DptfDevPower.sys [71808 2014-09-05] (Intel Corporation)
R3 DptfManager; C:\Windows\system32\DRIVERS\DptfManager.sys [493240 2014-09-05] (Intel Corporation)
R3 GPIO; C:\Windows\System32\drivers\iaiogpioe.sys [31232 2014-08-11] (Intel Corporation)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [207208 2015-05-19] (McAfee, Inc.)
R3 iaioi2c; C:\Windows\System32\drivers\iaioi2ce.sys [69632 2014-08-11] (Intel Corporation)
R0 MBI; C:\Windows\System32\drivers\MBI.sys [29464 2014-08-04] (Intel Corporation)
R3 mfeaack; C:\Windows\System32\drivers\mfeaack.sys [412440 2015-07-02] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [347800 2015-07-02] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [80920 2015-07-02] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [496888 2015-07-02] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [875928 2015-07-02] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [529080 2015-06-28] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [109728 2015-06-28] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [344704 2015-07-02] (McAfee, Inc.)
R1 MpKslf4c6b6e7; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{CEE53CF1-6C23-45C0-B8C4-A38D971281F2}\MpKslf4c6b6e7.sys [44928 2017-08-20] (Microsoft Corporation)
S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.)
R3 SynRMIHID; C:\Windows\system32\DRIVERS\SynRMIHID.sys [42736 2014-09-05] (Synaptics Incorporated)
R3 TXEIx64; C:\Windows\System32\drivers\TXEIx64.sys [88592 2014-01-15] (Intel Corporation)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [46600 2017-02-10] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [274776 2017-01-12] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [117592 2017-01-12] (Microsoft Corporation)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2013-07-22] (Hewlett-Packard Development Company, L.P.)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-08-20 01:28 - 2017-08-20 01:29 - 000021668 _____ C:\Users\Carmen\Downloads\FRST.txt
2017-08-20 01:27 - 2017-08-20 01:28 - 000000000 ____D C:\FRST
2017-08-20 01:25 - 2017-08-20 01:25 - 002395648 _____ (Farbar) C:\Users\Carmen\Downloads\FRST64.exe
2017-08-17 16:23 - 2017-08-17 16:23 - 000948574 _____ C:\Users\Carmen\Downloads\Drama-Menu-Resource-Pack-NEW.pdf
2017-08-08 15:12 - 2017-08-01 20:17 - 000107520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2017-08-08 15:12 - 2017-07-21 06:40 - 000518144 _____ C:\Windows\SysWOW64\msjetoledb40.dll
2017-08-08 15:12 - 2017-07-21 06:40 - 000290816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msjtes40.dll
2017-08-08 15:12 - 2017-07-15 03:10 - 000536688 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2017-08-08 15:12 - 2017-07-15 03:06 - 000449840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2017-08-08 15:12 - 2017-07-13 23:49 - 025733632 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2017-08-08 15:12 - 2017-07-13 22:35 - 005981184 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2017-08-08 15:12 - 2017-07-13 21:40 - 015254016 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2017-08-08 15:12 - 2017-07-13 19:54 - 020270080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2017-08-08 15:12 - 2017-07-13 19:17 - 004546048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2017-08-08 15:12 - 2017-07-08 13:14 - 000376672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\clfs.sys
2017-08-08 15:12 - 2017-07-08 12:12 - 004169728 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2017-08-08 15:12 - 2017-07-08 10:45 - 007078912 _____ (Microsoft Corporation) C:\Windows\system32\glcndFilter.dll
2017-08-08 15:12 - 2017-07-08 10:05 - 003631616 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll
2017-08-08 15:12 - 2017-07-08 09:39 - 005274624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\glcndFilter.dll
2017-08-08 15:12 - 2017-07-08 09:37 - 007797248 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Data.Pdf.dll
2017-08-08 15:12 - 2017-07-08 09:23 - 002749952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll
2017-08-08 15:12 - 2017-07-08 08:59 - 005270016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Data.Pdf.dll
2017-08-08 15:12 - 2017-07-07 20:46 - 000377688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volmgrx.sys
2017-08-08 15:12 - 2017-07-07 20:16 - 007440728 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2017-08-08 15:12 - 2017-07-01 06:47 - 001311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msjet40.dll
2017-08-08 15:12 - 2017-07-01 06:47 - 000866816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswdat10.dll
2017-08-08 15:12 - 2017-07-01 06:47 - 000641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswstr10.dll
2017-08-08 15:12 - 2017-07-01 06:47 - 000616448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrepl40.dll
2017-08-08 15:12 - 2017-07-01 06:47 - 000475648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxbde40.dll
2017-08-08 15:12 - 2017-07-01 06:47 - 000375808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mspbde40.dll
2017-08-08 15:12 - 2017-07-01 06:47 - 000343552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrd3x40.dll
2017-08-08 15:12 - 2017-07-01 06:47 - 000339968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msexcl40.dll
2017-08-08 15:12 - 2017-07-01 06:47 - 000310272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrd2x40.dll
2017-08-08 15:12 - 2017-07-01 06:47 - 000272896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstext40.dll
2017-08-08 15:12 - 2017-07-01 06:47 - 000240640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msltus40.dll
2017-08-08 15:12 - 2017-07-01 06:47 - 000144896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msjint40.dll
2017-08-08 15:12 - 2017-07-01 06:47 - 000083968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msjter40.dll
2017-08-08 15:12 - 2017-06-24 09:46 - 000424448 _____ (Microsoft Corporation) C:\Windows\system32\mprapi.dll
2017-08-08 15:12 - 2017-06-24 09:16 - 000352768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mprapi.dll
2017-08-08 15:12 - 2017-06-13 10:23 - 000499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dnsapi.dll
2017-08-08 15:12 - 2017-06-13 10:19 - 000383488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wlansec.dll
2017-08-08 15:12 - 2017-06-13 10:11 - 000238080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wlanapi.dll
2017-08-08 15:12 - 2017-06-13 10:07 - 000304128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wlanmsm.dll
2017-08-08 15:12 - 2017-06-13 07:17 - 000656384 _____ (Microsoft Corporation) C:\Windows\system32\dnsapi.dll
2017-08-08 15:12 - 2017-06-13 07:16 - 000252416 _____ (Microsoft Corporation) C:\Windows\system32\dnsrslvr.dll
2017-08-08 15:12 - 2017-06-13 02:47 - 000445440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\nwifi.sys
2017-08-08 15:12 - 2017-06-13 01:22 - 001436160 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2017-08-08 15:12 - 2017-06-13 01:03 - 000302080 _____ (Microsoft Corporation) C:\Windows\system32\wlanapi.dll
2017-08-08 15:12 - 2017-06-13 00:50 - 001547264 _____ (Microsoft Corporation) C:\Windows\system32\wlansvc.dll
2017-08-08 15:12 - 2017-06-11 17:14 - 000276320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
2017-08-08 15:12 - 2017-06-11 13:13 - 000301056 _____ (Microsoft Corporation) C:\Windows\system32\umrdp.dll
2017-08-08 15:12 - 2017-06-11 13:11 - 000346112 _____ (Microsoft Corporation) C:\Windows\system32\SessEnv.dll
2017-08-08 15:12 - 2017-06-11 13:02 - 002778112 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2017-08-08 15:12 - 2017-06-11 13:02 - 000299520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SessEnv.dll
2017-08-08 15:12 - 2017-06-11 12:52 - 002463744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2017-08-08 15:12 - 2017-06-07 18:48 - 002457936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2017-08-08 15:12 - 2017-06-06 21:25 - 000428888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2017-08-08 15:12 - 2017-06-06 11:38 - 000607232 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2017-08-08 15:12 - 2017-06-06 10:44 - 000530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2017-08-08 15:12 - 2017-05-27 09:42 - 001115136 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2017-08-08 15:11 - 2017-07-15 03:10 - 000140016 _____ (Microsoft Corporation) C:\Windows\system32\wermgr.exe
2017-08-08 15:11 - 2017-07-15 03:06 - 000136832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wermgr.exe
2017-08-08 15:11 - 2017-07-14 13:08 - 000037888 _____ (Microsoft Corporation) C:\Windows\system32\werdiagcontroller.dll
2017-08-08 15:11 - 2017-07-14 11:44 - 000033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\werdiagcontroller.dll
2017-08-08 15:11 - 2017-07-13 23:44 - 000576512 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2017-08-08 15:11 - 2017-07-13 23:19 - 000817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2017-08-08 15:11 - 2017-07-13 22:26 - 001033216 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2017-08-08 15:11 - 2017-07-13 22:10 - 000806912 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2017-08-08 15:11 - 2017-07-13 21:23 - 003240960 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2017-08-08 15:11 - 2017-07-13 21:07 - 001545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2017-08-08 15:11 - 2017-07-13 20:58 - 000800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2017-08-08 15:11 - 2017-07-13 19:48 - 000499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2017-08-08 15:11 - 2017-07-13 19:38 - 000663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2017-08-08 15:11 - 2017-07-13 19:17 - 000880640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2017-08-08 15:11 - 2017-07-13 19:12 - 000693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2017-08-08 15:11 - 2017-07-13 19:09 - 013663744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2017-08-08 15:11 - 2017-07-13 18:53 - 002767872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2017-08-08 15:11 - 2017-07-13 18:50 - 001314816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2017-08-08 15:11 - 2017-07-13 18:48 - 000710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2017-08-08 15:11 - 2017-07-07 20:16 - 001674520 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2017-08-08 15:11 - 2017-07-07 20:16 - 001534072 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2017-08-08 15:11 - 2017-07-07 20:16 - 001499920 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2017-08-08 15:11 - 2017-07-07 20:16 - 001370328 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2017-08-08 15:11 - 2017-07-07 20:16 - 000086360 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pdc.sys
2017-08-08 15:11 - 2017-06-15 07:17 - 002551808 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll
2017-08-08 15:11 - 2017-06-15 07:16 - 001920000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssrch.dll
2017-08-08 15:11 - 2017-06-13 10:51 - 000324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2017-08-08 15:11 - 2017-06-13 10:16 - 000024064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wfdprov.dll
2017-08-08 15:11 - 2017-06-13 02:09 - 000445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2017-08-08 15:11 - 2017-06-13 01:16 - 000445952 _____ (Microsoft Corporation) C:\Windows\system32\wlansec.dll
2017-08-08 15:11 - 2017-06-13 01:10 - 000028672 _____ (Microsoft Corporation) C:\Windows\system32\wfdprov.dll
2017-08-08 15:11 - 2017-06-13 01:07 - 000301568 _____ (Microsoft Corporation) C:\Windows\system32\ProximityService.dll
2017-08-08 15:11 - 2017-06-13 00:54 - 000374272 _____ (Microsoft Corporation) C:\Windows\system32\wlanmsm.dll
2017-08-08 15:11 - 2017-06-09 06:47 - 000448629 _____ C:\Windows\system32\ApnDatabase.xml
2017-08-08 15:11 - 2017-06-08 10:01 - 001737600 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2017-08-08 15:11 - 2017-06-08 10:01 - 001502000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2017-08-08 15:11 - 2017-05-27 09:38 - 000056832 _____ (Microsoft Corporation) C:\Windows\system32\rdsdwmdr.dll
2017-08-02 23:09 - 2017-08-17 15:00 - 000000342 _____ C:\Windows\Tasks\HPCeeScheduleForCarmen.job
2017-08-02 23:09 - 2017-08-15 16:39 - 000003158 _____ C:\Windows\System32\Tasks\HPCeeScheduleForCarmen
2017-08-02 23:09 - 2017-08-02 23:09 - 000003162 _____ C:\Windows\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3531763432-3889044873-1211089148-1001
2017-08-02 23:06 - 2017-05-03 16:11 - 000103600 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2017-08-02 23:06 - 2017-05-03 06:43 - 001555968 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2017-08-02 23:06 - 2017-05-03 06:43 - 001206272 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2017-08-02 23:06 - 2017-05-03 06:43 - 000620544 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2017-08-02 23:06 - 2017-05-03 06:43 - 000535552 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2017-08-02 23:06 - 2017-05-03 06:43 - 000325632 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2017-08-02 23:06 - 2017-05-03 06:43 - 000311296 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
2017-08-02 23:06 - 2017-05-03 06:43 - 000217088 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2017-08-02 23:06 - 2017-05-03 06:43 - 000127488 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2017-08-02 23:03 - 2017-06-06 13:52 - 003120640 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2017-08-02 23:03 - 2017-06-06 12:08 - 002712576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2017-08-02 23:02 - 2017-07-06 01:52 - 000119296 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\bthpan.sys
2017-08-02 23:02 - 2017-06-15 15:02 - 000990040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2017-08-02 23:02 - 2017-06-11 15:21 - 000590848 _____ (Microsoft Corporation) C:\Windows\system32\wvc.dll
2017-08-02 23:02 - 2017-06-11 14:43 - 000371200 _____ (Microsoft Corporation) C:\Windows\system32\msinfo32.exe
2017-08-02 23:02 - 2017-06-11 14:08 - 000358912 _____ (Microsoft Corporation) C:\Windows\system32\Wldap32.dll
2017-08-02 23:02 - 2017-06-11 14:00 - 000962560 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2017-08-02 23:02 - 2017-06-11 13:35 - 000325120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Wldap32.dll
2017-08-02 23:02 - 2017-06-11 13:31 - 000781312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2017-08-02 23:02 - 2017-06-11 08:15 - 002013528 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2017-08-02 23:02 - 2017-06-06 13:42 - 000925696 _____ (Microsoft Corporation) C:\Windows\system32\autoconv.exe
2017-08-02 23:02 - 2017-06-06 13:36 - 000168448 _____ (Microsoft Corporation) C:\Windows\system32\uudf.dll
2017-08-02 23:02 - 2017-06-06 13:35 - 000517120 _____ (Microsoft Corporation) C:\Windows\system32\uReFS.dll
2017-08-02 23:02 - 2017-06-06 12:11 - 000557568 _____ (Microsoft Corporation) C:\Windows\system32\untfs.dll
2017-08-02 23:02 - 2017-06-06 12:11 - 000220672 _____ (Microsoft Corporation) C:\Windows\system32\ifsutil.dll
2017-08-02 23:02 - 2017-06-06 12:03 - 000837632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\autoconv.exe
2017-08-02 23:02 - 2017-06-06 11:57 - 000141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uudf.dll
2017-08-02 23:02 - 2017-06-06 11:56 - 000375296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uReFS.dll
2017-08-02 23:02 - 2017-06-06 11:02 - 000513536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\untfs.dll
2017-08-02 23:02 - 2017-06-06 11:02 - 000197120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ifsutil.dll
2017-08-02 23:02 - 2017-06-03 09:27 - 002346496 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2017-08-02 23:02 - 2017-06-03 09:03 - 001549312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2017-08-02 23:02 - 2017-05-31 14:20 - 000470360 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2017-08-02 23:02 - 2017-05-15 13:03 - 000379744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2017-08-02 23:02 - 2017-05-09 07:37 - 000658432 _____ (Microsoft Corporation) C:\Windows\system32\WSDApi.dll
2017-08-02 23:02 - 2017-05-09 07:28 - 000193024 _____ (Microsoft Corporation) C:\Windows\system32\DAFWSD.dll
2017-08-02 23:02 - 2017-05-02 13:08 - 000415744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2017-08-02 23:02 - 2017-05-02 13:08 - 000243200 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2017-08-02 23:02 - 2017-05-02 11:31 - 000329216 _____ (Microsoft Corporation) C:\Windows\system32\srvsvc.dll
2017-08-02 23:02 - 2017-05-02 11:31 - 000207360 _____ (Microsoft Corporation) C:\Windows\system32\smbwmiv2.dll
2017-08-02 23:02 - 2017-04-30 09:48 - 000080078 _____ C:\Windows\system32\normidna.nls
2017-08-02 23:02 - 2017-04-27 18:13 - 001292288 _____ (Microsoft Corporation) C:\Windows\system32\certutil.exe
2017-08-02 23:02 - 2017-04-27 18:11 - 001060352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe
2017-08-02 23:02 - 2016-05-18 14:54 - 000053248 _____ (Microsoft Corporation) C:\Windows\system32\certenc.dll
2017-08-02 23:02 - 2016-05-18 14:15 - 000044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll
2017-08-02 23:01 - 2017-06-11 14:25 - 000478720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wvc.dll
2017-08-02 23:01 - 2017-06-11 14:15 - 001436672 _____ (Microsoft Corporation) C:\Windows\system32\wdc.dll
2017-08-02 23:01 - 2017-06-11 14:07 - 000416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sysmon.ocx
2017-08-02 23:01 - 2017-06-11 13:58 - 000334336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msinfo32.exe
2017-08-02 23:01 - 2017-06-11 13:40 - 001323008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdc.dll
2017-08-02 23:01 - 2017-06-06 13:38 - 000039424 _____ (Microsoft Corporation) C:\Windows\system32\cnvfat.dll
2017-08-02 23:01 - 2017-06-06 13:36 - 000020992 _____ (Microsoft Corporation) C:\Windows\system32\convert.exe
2017-08-02 23:01 - 2017-06-06 12:13 - 000177664 _____ (Microsoft Corporation) C:\Windows\system32\ulib.dll
2017-08-02 23:01 - 2017-06-06 12:11 - 000131072 _____ (Microsoft Corporation) C:\Windows\system32\ufat.dll
2017-08-02 23:01 - 2017-06-06 12:11 - 000088064 _____ (Microsoft Corporation) C:\Windows\system32\uexfat.dll
2017-08-02 23:01 - 2017-06-06 11:59 - 000034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cnvfat.dll
2017-08-02 23:01 - 2017-06-06 11:03 - 000143360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ulib.dll
2017-08-02 23:01 - 2017-06-06 11:02 - 000106496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ufat.dll
2017-08-02 23:01 - 2017-06-06 11:02 - 000074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uexfat.dll
2017-08-02 23:01 - 2017-05-15 15:09 - 000057688 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\stornvme.sys
2017-08-02 23:01 - 2017-05-09 07:35 - 000555520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSDApi.dll
2017-08-02 23:01 - 2017-05-09 07:29 - 000025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wsdchngr.dll
2017-08-02 23:01 - 2017-05-09 07:29 - 000014848 _____ (Microsoft Corporation) C:\Windows\system32\snmptrap.exe
2017-08-02 23:01 - 2017-05-09 07:28 - 000030208 _____ (Microsoft Corporation) C:\Windows\system32\wsdchngr.dll
2017-08-02 23:01 - 2017-05-02 13:09 - 000686592 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2017-08-02 23:01 - 2017-05-02 11:41 - 000044032 _____ (Microsoft Corporation) C:\Windows\system32\sscore.dll
2017-08-02 23:01 - 2017-05-02 10:35 - 000031744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sscore.dll
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-08-20 01:15 - 2015-09-06 18:15 - 000003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3531763432-3889044873-1211089148-1001
2017-08-20 01:10 - 2013-08-22 08:36 - 000000000 ____D C:\Windows\AppReadiness
2017-08-17 16:42 - 2015-10-23 09:48 - 000700928 ___SH C:\Users\Carmen\Downloads\Thumbs.db
2017-08-17 16:32 - 2016-11-09 17:20 - 000000000 ____D C:\Users\Carmen\Documents\Headshots
2017-08-17 15:06 - 2014-11-20 21:42 - 000956476 _____ C:\Windows\system32\PerfStringBackup.INI
2017-08-17 15:06 - 2013-08-22 06:36 - 000000000 ____D C:\Windows\Inf
2017-08-17 15:04 - 2015-09-06 18:16 - 000000000 ____D C:\Users\Carmen\OneDrive
2017-08-17 15:01 - 2016-06-06 14:35 - 000567296 ___SH C:\Users\Carmen\Desktop\Thumbs.db
2017-08-17 15:00 - 2013-08-22 07:45 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2017-08-17 15:00 - 2013-08-22 06:25 - 000262144 ___SH C:\Windows\system32\config\ELAM
2017-08-17 14:59 - 2013-08-22 07:44 - 000486992 _____ C:\Windows\system32\FNTCACHE.DAT
2017-08-17 14:59 - 2013-08-22 06:25 - 000524288 ___SH C:\Windows\system32\config\BBI
2017-08-17 14:57 - 2015-09-08 19:38 - 000000000 ____D C:\Windows\system32\MRT
2017-08-17 14:57 - 2013-08-22 08:36 - 000000000 ____D C:\Windows\SysWOW64\inetsrv
2017-08-17 14:57 - 2013-08-22 08:36 - 000000000 ____D C:\Windows\system32\inetsrv
2017-08-17 14:54 - 2015-09-08 19:38 - 140394280 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-08-17 14:54 - 2013-08-22 08:20 - 000000000 ____D C:\Windows\CbsTemp
2017-08-17 14:33 - 2015-09-19 20:20 - 000004288 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-08-17 14:33 - 2013-08-22 08:36 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2017-08-17 14:33 - 2013-08-22 08:36 - 000000000 ____D C:\Windows\system32\Macromed
2017-08-17 09:35 - 2016-03-09 12:41 - 000544424 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2017-08-11 14:45 - 2017-01-12 15:18 - 000000000 ____D C:\ProgramData\CanonIJPLM
2017-08-07 23:39 - 2017-03-01 18:30 - 000002215 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-08-07 23:39 - 2017-03-01 18:30 - 000002203 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-08-04 16:29 - 2015-09-08 22:27 - 000000000 ____D C:\Windows\system32\appraiser
2017-08-03 11:19 - 2013-08-22 08:36 - 000000000 ___HD C:\Program Files\WindowsApps
2017-08-02 23:09 - 2017-06-22 15:26 - 000002337 _____ C:\Users\Carmen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive for Business.lnk
2017-08-02 23:09 - 2015-09-07 14:00 - 000003170 _____ C:\Windows\System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-3531763432-3889044873-1211089148-1001
2017-07-28 17:03 - 2017-06-19 01:59 - 000835576 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-07-28 17:03 - 2017-06-19 01:59 - 000177648 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
 
==================== Files in the root of some directories =======
 
2016-07-14 00:10 - 2016-07-14 00:10 - 000000446 _____ () C:\Users\Carmen\AppData\Roaming\CSharpAnalytics-MeasurementSession
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-08-02 23:15
 
==================== End of FRST.txt ============================
 
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-08-2017
Ran by Carmen (20-08-2017 01:30:07)
Running from C:\Users\Carmen\Downloads
Windows 8.1 Connected (Update) (X64) (2015-09-07 01:10:17)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-3531763432-3889044873-1211089148-500 - Administrator - Disabled)
Carmen (S-1-5-21-3531763432-3889044873-1211089148-1001 - Administrator - Enabled) => C:\Users\Carmen
Guest (S-1-5-21-3531763432-3889044873-1211089148-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3531763432-3889044873-1211089148-1003 - Limited - Enabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: McAfee Anti-Virus and Anti-Spyware (Disabled - Up to date) {DA9F8ED0-D0DE-39CC-F55A-51AB4CC1B556}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee Anti-Virus and Anti-Spyware (Disabled - Up to date) {61FE6F34-F6E4-3642-CFEA-6AD93746FFEB}
FW: McAfee Firewall (Disabled) {E2A40FF5-9AB1-3894-DE05-F89EB212F22D}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
64 Bit HP CIO Components Installer (HKLM\...\{345F3F90-0505-4EDF-B7A9-5E3AC1AC6CE4}) (Version: 15.2.1 - Hewlett-Packard) Hidden
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Flash Player 26 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 26.0.0.151 - Adobe Systems Incorporated)
Apple Application Support (32-bit) (HKLM-x32\...\{7FA9ECCF-A2DE-4DA1-BFF3-81260DBDA68F}) (Version: 4.1.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{691F30EB-9009-475A-B8A9-E1BF39598FD5}) (Version: 4.1.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
Blackboard Collaborate Launcher (HKLM-x32\...\{AEED1D32-C837-405A-8009-6660E3883C9E}) (Version: 1.6.4.0 - Blackboard)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Broadcom 802.11 Wireless LAN Adapter (HKLM\...\Broadcom 802.11 Wireless LAN Adapter) (Version:  - Broadcom Corporation)
Broadcom Bluetooth Drivers (HKLM\...\{0A1B4690-E176-4533-8058-939480AEE1D0}) (Version: 12.0.0.9840 - Broadcom Corporation)
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.7.0.0 - Canon Inc.)
Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version: 1.5.3.3 - Canon Inc.)
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.6.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: 1.1.15.23 - Canon Inc.)
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version: 4.3.0 - Canon Inc.)
Canon MX490 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX490_series) (Version: 1.02 - Canon Inc.)
Canon MX490 series On-screen Manual (HKLM-x32\...\Canon MX490 series On-screen Manual) (Version: 7.7.1 - Canon Inc.)
Canon MX490 series User Registration (HKLM-x32\...\Canon MX490 series User Registration) (Version:  - ‭Canon Inc.)
Canon My Image Garden (HKLM-x32\...\Canon My Image Garden) (Version: 3.5.1 - Canon Inc.)
Canon My Image Garden Design Files (HKLM-x32\...\Canon My Image Garden Design Files) (Version: 3.5.0 - Canon Inc.)
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.3.0 - Canon Inc.)
Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.7.1 - Canon Inc.)
Canon Speed Dial Utility (HKLM-x32\...\Speed Dial Utility) (Version: 1.6.0 - Canon Inc.)
DisableMSDefender (HKLM\...\{74FE39A0-FB76-47CD-84BA-91E2BBB17EF2}) (Version: 1.0.0 - Hewlett-Packard Company) Hidden
Draft IT (HKLM-x32\...\{1CB765A7-7E47-4E9A-9D67-ADEE04860DF2}) (Version: 4.0.3 - CADlogic Limited)
EPSON XP-410 Series Printer Uninstall (HKLM\...\EPSON XP-410 Series) (Version:  - SEIKO EPSON Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 60.0.3112.90 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (HKLM-x32\...\{6F340107-F9AA-47C6-B54C-C3A19F11553F}) (Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP Documentation (HKLM-x32\...\{9BCC40C6-8A7C-4134-AF7D-9C2332E2DA80}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.7745.4851 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{904822F1-6C7D-4B91-B936-6A1C0810544C}) (Version: 7.7.34.34 - Hewlett-Packard Company)
HP System Event Utility (HKLM-x32\...\{7E9E39C4-3BD8-46E8-823F-A546A87E810C}) (Version: 1.1.12 - Hewlett-Packard Company)
HP Utility Center (HKLM\...\{403E9EFF-C4B4-4308-BA4E-7093B6BA03D5}) (Version: 2.5.5 - Hewlett-Packard Company)
HP Wireless Button Driver (HKLM-x32\...\{30B2D1D8-0A07-4B71-9553-0710C5D31E35}) (Version: 1.1.2.1 - Hewlett-Packard Company)
Intel® Dynamic Platform and Thermal Framework (HKLM-x32\...\FFD10ECE-F715-4a86-9BD8-F6F47DA5DA1C) (Version: 7.10.0.2210 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3925 - Intel Corporation)
Intel® Sideband Fabric Device Driver (HKLM-x32\...\C5A8BC6E-723A-4C0F-96E1-C426D1A4BCA9) (Version: 1.70.305.16316 - Intel Corporation)
Intel® Trusted Execution Engine (HKLM\...\{176E2755-0A17-42C6-88E2-192AB2131278}) (Version: 1.0.0.1064 - Intel Corporation)
McAfee LiveSafe - Internet Security (HKLM-x32\...\MSC) (Version: 14.0.4127 - McAfee, Inc.)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.11.587.1 - McAfee, Inc.)
Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 16.0.7571.2109 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3531763432-3889044873-1211089148-1001\...\OneDriveSetup.exe) (Version: 17.3.6943.0625 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.7571.2109 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.7571.2109 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.7571.2109 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.7571.2109 - Microsoft Corporation) Hidden
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.30176 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7339 - Realtek Semiconductor Corp.)
Samsung Printer Live Update (HKLM-x32\...\Samsung Printer Live Update) (Version: 1.01.00:04(2013-04-22) - Samsung Electronics Co., Ltd.)
Sawbuck (HKLM-x32\...\{459BFE07-FCF3-4274-AC8B-8E8DDA7214BA}) (Version: 0.6.8.0 - Google Inc)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 18.1.29.0 - Synaptics Incorporated)
WinRAR 5.40 beta 2 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.2 - win.rar GmbH)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-3531763432-3889044873-1211089148-1001_Classes\CLSID\{162C6FB5-44D3-435B-903D-E613FA093FB5}\InprocServer32 -> C:\Users\Carmen\AppData\Local\Microsoft\OneDrive\17.3.6943.0625\amd64\FileCoAuthLib64.dll (Microsoft Corporation)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-05-21] (Igor Pavlov)
ContextMenuHandlers1: [McCtxMenuFrmWrk] -> {CCA9EFD3-29ED-430A-BA6D-E6BBFF0A60C2} => c:\Program Files\mcafee\msc\McCtxMenuFrmWrk.dll [2015-09-27] (McAfee, Inc.)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-06-20] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-06-20] (Alexander Roshal)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-05-21] (Igor Pavlov)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\Windows\system32\igfxDTCM.dll [2014-09-15] (Intel Corporation)
ContextMenuHandlers6: [McCtxMenuFrmWrk] -> {CCA9EFD3-29ED-430A-BA6D-E6BBFF0A60C2} => c:\Program Files\mcafee\msc\McCtxMenuFrmWrk.dll [2015-09-27] (McAfee, Inc.)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-06-20] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-06-20] (Alexander Roshal)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {177C236E-6DB7-4973-8F59-4C316D267A68} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-12-28] (Microsoft Corporation)
Task: {23CD64DA-E7A4-41C3-86BE-62ED4FBC94F5} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [2017-08-01] (HP Inc.)
Task: {49554C86-963E-4E3D-83EA-9869C65A89B9} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2016-12-28] (Microsoft Corporation)
Task: {5591513F-389E-44E0-A72F-0D840945E079} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2017-08-03] (HP Inc.)
Task: {586F0A6F-E93F-44F2-A5CE-DE8979911235} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2014-08-21] (Hewlett-Packard Company)
Task: {5BF62C80-0194-4797-BD25-7DBE8FDF932B} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-08-17] (Adobe Systems Incorporated)
Task: {6F04F3A8-CBA0-4BF5-96EA-3EE6C52BEBF4} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2017-08-03] (HP Inc.)
Task: {7DC885F2-1B31-4BEB-A899-2B945B208F81} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2014-08-21] (Hewlett-Packard Company)
Task: {7FB70317-ACE0-4F79-9B36-BDADC8E46A87} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2016-12-28] (Microsoft Corporation)
Task: {87B947A2-0274-417B-A101-B0F02C627D57} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2015-08-27] (Apple Inc.)
Task: {905D29E8-77E4-4640-BE0E-503BA9BBFFD7} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-03-01] (Google Inc.)
Task: {ADE67E3B-D3F1-496B-A151-538768CFE4DE} - System32\Tasks\HPCeeScheduleForCarmen => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {BA8DCC7D-BF7B-4BFB-AD51-FB10F10057BB} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-03-01] (Google Inc.)
Task: {BAE1FB71-821B-485B-9589-3C662876FBDC} - System32\Tasks\McAfee\McAfee Auto Maintenance Task Agent
Task: {CD0A119F-8BF1-47C8-82CF-045CB1DE0F86} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2016-12-28] (Microsoft Corporation)
Task: {D2753379-CBB0-4B7F-963E-9E984F62340F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Pending HPSA Messages Reminder => c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\Detection_toastNotify.exe [2017-08-08] (Hewlett-Packard)
Task: {D6ADA214-C7C3-4106-992E-5BCDDBF5BE1A} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-12-28] (Microsoft Corporation)
Task: {EBE98A77-A365-4888-8E32-BF8585E2791F} - System32\Tasks\McAfeeLogon => C:\Program Files\Common Files\McAfee\platform\McUICnt.exe [2015-07-21] (McAfee, Inc.)
Task: {F030826D-932F-43A7-90DC-CB4AEBDC03DA} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPSFReport.exe [2016-02-18] (Hewlett-Packard)
Task: {F0FD689A-2176-4C76-BFFD-ACDC59045F1D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2016-12-07] (HP Inc.)
Task: {F312C81F-97F9-43DE-A7F2-F1A6E76C0967} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee VirusScan\upgrade.exe [2017-04-12] (McAfee, Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\HPCeeScheduleForCarmen.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
==================== Loaded Modules (Whitelisted) ==============
 
2014-12-22 11:18 - 2014-12-22 11:18 - 000029184 _____ () C:\Windows\System32\ssj2mlm.dll
2015-12-17 19:38 - 2015-12-17 19:38 - 000085800 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-12-17 19:38 - 2015-12-17 19:38 - 001328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2017-01-12 15:25 - 2014-05-15 20:25 - 000084616 _____ () C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
2016-10-23 00:20 - 2016-12-28 10:03 - 008924864 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2017-08-07 23:39 - 2017-08-02 00:39 - 003824472 _____ () C:\Program Files (x86)\Google\Chrome\Application\60.0.3112.90\libglesv2.dll
2017-08-07 23:39 - 2017-08-02 00:39 - 000100184 _____ () C:\Program Files (x86)\Google\Chrome\Application\60.0.3112.90\libegl.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\iaioi2ce.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McNaiAnn => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\S-1-5-21-3531763432-3889044873-1211089148-1001\...\sharepoint.com -> hxxps://nacc-files.sharepoint.com
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 06:25 - 2017-07-12 21:12 - 000000887 _____ C:\Windows\system32\Drivers\etc\hosts
 
0.0.0.1 mssplus.mcafee.com
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3531763432-3889044873-1211089148-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Carmen\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{42C16D1A-253E-474F-82BB-90D0DA1DDB2C}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{967A2785-69CE-42AE-9778-819C994FEC0A}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{0B38496B-21A4-4CE4-94D2-CA3D3DD24729}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{FB5045F9-1D10-4047-A00A-D46117F032BF}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{24F4ABBC-D2AE-4CD8-8F36-DDC37B793B81}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPSOCKSVC.exe
FirewallRules: [{0BBFAB0B-A920-439A-85D8-DADE5A7E85DE}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{AC149910-355A-4C0A-8C37-5DA0B22D4EDE}] => (Allow) C:\Users\Carmen\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{77068E72-FCE8-46AA-AF4C-5E9A941D8DF4}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{6C6B28A3-69D0-42AD-A4A3-D66543862BC9}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{3E789B09-4AA0-4A9B-B1E7-54F6154D64FE}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{66F95ACF-6B74-4367-A56B-9306F0244168}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [TCP Query User{DBB3FDCD-BD65-42F5-852F-40C81C58BFC6}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{CD6AE76C-0E95-4895-9339-2592BEB8BE2E}C:\users\carmen\appdata\local\temp\rar$exa0.744\terraria.v1.3.0.7\terraria.exe] => (Allow) C:\users\carmen\appdata\local\temp\rar$exa0.744\terraria.v1.3.0.7\terraria.exe
FirewallRules: [UDP Query User{A0907828-41E4-4963-8212-B14A82BA7D65}C:\users\carmen\appdata\local\temp\rar$exa0.744\terraria.v1.3.0.7\terraria.exe] => (Allow) C:\users\carmen\appdata\local\temp\rar$exa0.744\terraria.v1.3.0.7\terraria.exe
FirewallRules: [TCP Query User{5E15B56C-51B1-42FF-8540-C69F0F1B96C5}C:\gog games\undertale\undertale.exe] => (Allow) C:\gog games\undertale\undertale.exe
FirewallRules: [UDP Query User{3B44BB31-8E3B-4A75-9777-A54FA6712D41}C:\gog games\undertale\undertale.exe] => (Allow) C:\gog games\undertale\undertale.exe
FirewallRules: [TCP Query User{407E8C04-3DCF-4919-80FA-DCE19C5BF87C}C:\gog games\undertale\undertale.exe] => (Block) C:\gog games\undertale\undertale.exe
FirewallRules: [UDP Query User{611C7D36-0B59-463E-83B6-0499EA608BC6}C:\gog games\undertale\undertale.exe] => (Block) C:\gog games\undertale\undertale.exe
FirewallRules: [{922CC3F0-8439-4BEB-91AF-4DADC48C489D}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{0EB8557C-6473-4C71-A5D3-118EAB6F24C8}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{0CADBC87-8B7B-4BB1-85BD-0AA100D3D422}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{FB5B18F0-2C26-47D4-9757-B9B635FC7FD8}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{17FB6FED-D4A7-4386-AAC0-A790AA41EB2D}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [TCP Query User{ADC9E3D7-F9E2-4A29-B3E6-681CEB8E43BD}C:\users\carmen\appdata\local\programs\blackboard\blackboard collaborate launcher\resources\java\jre1.7.0_80\bin\javaw.exe] => (Block) C:\users\carmen\appdata\local\programs\blackboard\blackboard collaborate launcher\resources\java\jre1.7.0_80\bin\javaw.exe
FirewallRules: [UDP Query User{CE2222AE-9558-459D-8DBA-0216FA34F5B0}C:\users\carmen\appdata\local\programs\blackboard\blackboard collaborate launcher\resources\java\jre1.7.0_80\bin\javaw.exe] => (Block) C:\users\carmen\appdata\local\programs\blackboard\blackboard collaborate launcher\resources\java\jre1.7.0_80\bin\javaw.exe
FirewallRules: [{395C0F99-7551-4191-837F-525E235411E3}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{B6B8FB4D-D3DF-42E2-9318-12D3C73AA282}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe
 
==================== Restore Points =========================
 
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (08/20/2017 01:02:58 AM) (Source: ESENT) (EventID: 482) (User: )
Description: SettingSyncHost (3176) {61A48DC6-454C-4ADC-AF5B-2BFABABD8C5C}: An attempt to write to the file "C:\Users\Carmen\AppData\Local\Microsoft\Windows\SettingSync\metastore\edbres00001.jrs" at offset 524288 (0x0000000000080000) for 0 (0x00000000) bytes failed after 0.000 seconds with system error 112 (0x00000070): "There is not enough space on the disk. ".  The write operation will fail with error -1808 (0xfffff8f0).  If this error persists then the file may be damaged and may need to be restored from a previous backup.
 
Error: (08/20/2017 01:02:58 AM) (Source: ESENT) (EventID: 482) (User: )
Description: SettingSyncHost (3176) {61A48DC6-454C-4ADC-AF5B-2BFABABD8C5C}: An attempt to write to the file "C:\Users\Carmen\AppData\Local\Microsoft\Windows\SettingSync\metastore\edbres00001.jrs" at offset 524288 (0x0000000000080000) for 0 (0x00000000) bytes failed after 0.000 seconds with system error 112 (0x00000070): "There is not enough space on the disk. ".  The write operation will fail with error -1808 (0xfffff8f0).  If this error persists then the file may be damaged and may need to be restored from a previous backup.
 
Error: (08/20/2017 01:02:58 AM) (Source: ESENT) (EventID: 482) (User: )
Description: SettingSyncHost (3176) {61A48DC6-454C-4ADC-AF5B-2BFABABD8C5C}: An attempt to write to the file "C:\Users\Carmen\AppData\Local\Microsoft\Windows\SettingSync\metastore\edbres00001.jrs" at offset 524288 (0x0000000000080000) for 0 (0x00000000) bytes failed after 0.000 seconds with system error 112 (0x00000070): "There is not enough space on the disk. ".  The write operation will fail with error -1808 (0xfffff8f0).  If this error persists then the file may be damaged and may need to be restored from a previous backup.
 
Error: (08/20/2017 01:02:58 AM) (Source: ESENT) (EventID: 482) (User: )
Description: SettingSyncHost (3176) {61A48DC6-454C-4ADC-AF5B-2BFABABD8C5C}: An attempt to write to the file "C:\Users\Carmen\AppData\Local\Microsoft\Windows\SettingSync\metastore\edbres00001.jrs" at offset 524288 (0x0000000000080000) for 0 (0x00000000) bytes failed after 0.000 seconds with system error 112 (0x00000070): "There is not enough space on the disk. ".  The write operation will fail with error -1808 (0xfffff8f0).  If this error persists then the file may be damaged and may need to be restored from a previous backup.
 
Error: (08/20/2017 01:02:58 AM) (Source: ESENT) (EventID: 482) (User: )
Description: SettingSyncHost (3176) {61A48DC6-454C-4ADC-AF5B-2BFABABD8C5C}: An attempt to write to the file "C:\Users\Carmen\AppData\Local\Microsoft\Windows\SettingSync\metastore\edbres00001.jrs" at offset 524288 (0x0000000000080000) for 0 (0x00000000) bytes failed after 0.000 seconds with system error 112 (0x00000070): "There is not enough space on the disk. ".  The write operation will fail with error -1808 (0xfffff8f0).  If this error persists then the file may be damaged and may need to be restored from a previous backup.
 
Error: (08/20/2017 01:02:58 AM) (Source: ESENT) (EventID: 482) (User: )
Description: SettingSyncHost (3176) {61A48DC6-454C-4ADC-AF5B-2BFABABD8C5C}: An attempt to write to the file "C:\Users\Carmen\AppData\Local\Microsoft\Windows\SettingSync\metastore\edbres00001.jrs" at offset 524288 (0x0000000000080000) for 0 (0x00000000) bytes failed after 0.000 seconds with system error 112 (0x00000070): "There is not enough space on the disk. ".  The write operation will fail with error -1808 (0xfffff8f0).  If this error persists then the file may be damaged and may need to be restored from a previous backup.
 
Error: (08/20/2017 01:02:58 AM) (Source: ESENT) (EventID: 482) (User: )
Description: SettingSyncHost (3176) {61A48DC6-454C-4ADC-AF5B-2BFABABD8C5C}: An attempt to write to the file "C:\Users\Carmen\AppData\Local\Microsoft\Windows\SettingSync\metastore\edbres00001.jrs" at offset 524288 (0x0000000000080000) for 0 (0x00000000) bytes failed after 0.000 seconds with system error 112 (0x00000070): "There is not enough space on the disk. ".  The write operation will fail with error -1808 (0xfffff8f0).  If this error persists then the file may be damaged and may need to be restored from a previous backup.
 
Error: (08/20/2017 01:02:58 AM) (Source: ESENT) (EventID: 482) (User: )
Description: SettingSyncHost (3176) {61A48DC6-454C-4ADC-AF5B-2BFABABD8C5C}: An attempt to write to the file "C:\Users\Carmen\AppData\Local\Microsoft\Windows\SettingSync\metastore\edbres00001.jrs" at offset 524288 (0x0000000000080000) for 0 (0x00000000) bytes failed after 0.000 seconds with system error 112 (0x00000070): "There is not enough space on the disk. ".  The write operation will fail with error -1808 (0xfffff8f0).  If this error persists then the file may be damaged and may need to be restored from a previous backup.
 
Error: (08/20/2017 01:02:58 AM) (Source: ESENT) (EventID: 482) (User: )
Description: SettingSyncHost (3176) {61A48DC6-454C-4ADC-AF5B-2BFABABD8C5C}: An attempt to write to the file "C:\Users\Carmen\AppData\Local\Microsoft\Windows\SettingSync\metastore\edbres00001.jrs" at offset 524288 (0x0000000000080000) for 0 (0x00000000) bytes failed after 0.000 seconds with system error 112 (0x00000070): "There is not enough space on the disk. ".  The write operation will fail with error -1808 (0xfffff8f0).  If this error persists then the file may be damaged and may need to be restored from a previous backup.
 
Error: (08/20/2017 01:02:58 AM) (Source: ESENT) (EventID: 482) (User: )
Description: SettingSyncHost (3176) {61A48DC6-454C-4ADC-AF5B-2BFABABD8C5C}: An attempt to write to the file "C:\Users\Carmen\AppData\Local\Microsoft\Windows\SettingSync\metastore\edbres00001.jrs" at offset 524288 (0x0000000000080000) for 0 (0x00000000) bytes failed after 0.000 seconds with system error 112 (0x00000070): "There is not enough space on the disk. ".  The write operation will fail with error -1808 (0xfffff8f0).  If this error persists then the file may be damaged and may need to be restored from a previous backup.
 
 
System errors:
=============
Error: (08/17/2017 03:04:57 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {209500FC-6B45-4693-8871-6296C4843751} did not register with DCOM within the required timeout.
 
Error: (08/17/2017 02:54:05 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070070: Microsoft .NET Framework 4.7 for Windows 8.1 and Windows Server 2012 R2 for x64 (KB3186539).
 
Error: (08/17/2017 02:52:27 PM) (Source: volsnap) (EventID: 36) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
 
Error: (08/15/2017 04:37:22 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.
 
Error: (08/11/2017 02:44:02 PM) (Source: volsnap) (EventID: 36) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
 
Error: (08/08/2017 04:32:44 PM) (Source: volsnap) (EventID: 36) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
 
Error: (08/08/2017 02:09:43 PM) (Source: volsnap) (EventID: 36) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
 
Error: (08/08/2017 01:39:26 PM) (Source: DCOM) (EventID: 10010) (User: NO)
Description: The server {04630607-788E-45BA-BD5F-0E7E118FE5AC} did not register with DCOM within the required timeout.
 
Error: (08/04/2017 04:57:40 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {209500FC-6B45-4693-8871-6296C4843751} did not register with DCOM within the required timeout.
 
Error: (08/03/2017 11:11:58 AM) (Source: volsnap) (EventID: 36) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
 
 
CodeIntegrity:
===================================
  Date: 2017-06-07 08:03:04.369
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-06-07 08:03:02.899
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Celeron® CPU N2840 @ 2.16GHz
Percentage of memory in use: 72%
Total physical RAM: 1939.04 MB
Available physical RAM: 538.81 MB
Total Virtual: 2999.3 MB
Available Virtual: 674.19 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:21.37 GB) (Free:0.15 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 29.1 GB) (Disk ID: A136D194)
 
Partition: GPT.
 
==================== End of Addition.txt ============================

 



BC AdBot (Login to Remove)

 


#2 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,361 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:10:27 PM

Posted 23 August 2017 - 10:55 AM

haylee03:

 
:welcome: to the Bleeping Computer Virus, Trojans, Spyware, and Malware Removal Logs Forum.  My name is Phil.  May I address you by your first name?
 
I will be assisting you with your computer issues.  I will endeavor to respond within a reasonable time, normally 48 hours after your last post.
 
I would ask that you please continue to copy and paste the contents of all requested log files directly into your replies.   Please do not use "code" or "quote" boxes.  Thank you for your anticipated cooperation.
 
I will need some time to review your FRST logs.  That could take a day or two.
 
PLEASE DO NOT RUN ANY ADDITIONAL SCANS OR ANTI-MALWARE REMOVAL TOOLS UNTIL YOU HAVE RECEIVED A RESPONSE FROM ME.
Doing so would complicate the situation and it would cause further delays in resolving your issues.  It could also potentially result in harm to your computer because my "fix" will be based on the FRST scan logs you have already submitted.
 
Thank you and have a great day.
 
Regards,
-Phil

Member of the Unified Network of Instructors and Trusted Eliminators


#3 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,361 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:10:27 PM

Posted 23 August 2017 - 12:26 PM

haylee03:

Thank you for your patience while I analyzed your FRST logs.

Before we start dealing with the problems you are experiencing, I would ask that you to take note of the following points:

  • I am a Bleeping Computer volunteer, so I ask you to be patient. I know it is frustrating when your computer is not working properly, but malware removal takes time.
  • Please also remember that I can only dedicate a limited number of hours a day to helping people. We may live in different time zones, which may cause delays in responding.
  • If I have not responded to you within 48 hours, please send me a personal message. Likewise, I expect you to respond within 48 hours, and sooner is better because we can fix your computer faster.
  • If I have not heard from you in three days, I will "bump" your post. After five days of no response, I will consider that you no longer need my assistance and this thread will be closed.
  • Logs can take a while to research, so please be patient.
  • Some issues just cannot be solved so you must be prepared for this.
  • Please read and follow the instructions in the exact sequence that they are posted to avoid making a bad situation worse.
  • Please print or copy and save the instructions.
  • Back up all your data and important files on another (external) drive before starting to run malware removal tools. Malware removal can cause unpredictable and unintended issues.
  • You should try to limit your browsing with this computer until you are given the "All Clear." Some malware applications steal passwords.
  • Please do not install or uninstall any applications, unless directed. Don't run any scripts or tools on your own because unsupervised usage may cause more harm than good.
  • Please use only the tools you have been instructed to use.
  • If you are using CD/DVD emulation software, this should be uninstalled or disabled as it can interfere with the removal of some malware. It can be turned off with Defogger and then turned back on when you get the "All Clear."
  • Please copy and paste the requested log files inside your post(s), unless otherwise instructed. Please do not use code or quote boxes.
  • There are no silly questions. Ask for clarification, if you have any questions or concerns.
  • Bleeping Computer does not support any piracy. Evidence of illegal OS, software, cracks/keygens, etc., will be revealed by scan logs, and if found, further assistance may be suspended. Uninstall such software before proceeding!
  • Any P2P software such as uTorrent, BitTorrent, Kazaa, etc. must be uninstalled or completely disabled. P2P software is a major security risk to your computer and may have been the route the malware used to infect your computer.
  • Failure to follow these guidelines may result in assistance being withdrawn and your thread being closed.
  • I am volunteering my time to help you, and I will need you to help me. Together, we can, hopefully, disinfect your computer and get if functioning properly again. That is my only aim.

.

OK, let's get started ...

.

:step1: I actually surprised that your computer is working at all! What is the make and model of your computer, and how old is it?

That is a very small hard drive, possibly an SSD? You definitely need more free storage space on that computer, unless its use is limited to emails and surfing.
 

Drive c: () (Fixed) (Total:21.37 GB) (Free:0.15 GB) NTFS

 
The C: drive has less than 1 percent free space. Windows normally requires 10 to 15% free space on the OS drive, in your case, Drive C:. Windows will thrash around seriously trying to operate with so little free space and response times will be very slow.

I also want to create a Restore Point, as a part of my FRST "fixlist" script. We need to clear to some hard disk space for the Restore Point to be created, and also to permit FRST to have room to function. There are lots of errors in the "Addition.txt" log file that indicate that Wndows is completely running out of room to function normally.

Please download CCleaner from here.

  • Double Click the setup file to install CCleaner.
  • Select the "Cleaner" module, (top on left side).
  • Click on "Run Cleaner"
  • Wait until the cleaning is finished, and then exit the program.
  • Do NOT run the Registry Cleaner. Bleeping Computer does NOT recommend the use of registry cleaners and PC optimizers.
  • Please let me know how many GB/MB were cleaned in your next response.

.

:step2: The "FRST.txt" and "Addition.txt" logs show that you have McAfee Security Scan Plus installed on your computer. This program is not recommended. See this link for more information. I would recommend that you uninstall this program via the Control Panel. Follow only Step :step1: in the article that I linked to, if you decide to uninstall it. Please let me know what you decide.

The "Addition.txt" file also shows that you have McAfee LiveSafe - Internet Security installed on your computer.

 

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: McAfee Anti-Virus and Anti-Spyware (Disabled - Up to date) {DA9F8ED0-D0DE-39CC-F55A-51AB4CC1B556}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee Anti-Virus and Anti-Spyware (Disabled - Up to date) {61FE6F34-F6E4-3642-CFEA-6AD93746FFEB}
FW: McAfee Firewall (Disabled) {E2A40FF5-9AB1-3894-DE05-F89EB212F22D}

 

That program is disabled. You are relying on Windows Defender to protect your computer. In light of the scarcity of space on your computer, I would recommend uninstalling that McAfee product as well. Instructions to do so can be found here. Please let me know what you decide to do. It is your computer, so it is your decision.

.

:step3: Please run a FRST fix for me.

NOTICE: This FRST "fixlist" script was written specifically for this user, for use on this individual computer. Running this on another computer may cause damage to your operating system.
 

Start::
CreateRestorePoint:
CloseProcesses:
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3531763432-3889044873-1211089148-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://js.redirect.hp.com/jumpstation?bd=all&c=144&locale=ww_ww&pf=cnnb&s=ieHPtab&tp=iehome
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> {DB542ED2-7AC3-4C78-A9A2-E11615D24237} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-3531763432-3889044873-1211089148-1001 -> {DB542ED2-7AC3-4C78-A9A2-E11615D24237} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
VirusTotal: C:\users\carmen\appdata\local\temp\rar$exa0.744\terraria.v1.3.0.7\terraria.exe;C:\gog games\undertale\undertale.exe
EmptyTemp:
End::
  • Please highlight the entire contents of the code box above, from the "Start::" line to the "End::" line, including both of those lines, right click, and select "Copy", which will copy the "fix" script into the Windows clipboard.
  • Right click FRST/FRST64.exe, and select "Run as Administrator".
  • Press Fix button once and wait.
  • Please reboot the computer, if requested.
  • A log file called "fixlog.txt" will be saved in the same folder as the FRST program is located.
  • Please copy and paste the contents of the "fixlog.txt" file into your next reply.

.


Thank you and have a great day.

Regards,
-Phil
 


Member of the Unified Network of Instructors and Trusted Eliminators


#4 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,361 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:10:27 PM

Posted 26 August 2017 - 11:30 AM

haylee03:

 
Are you still there?  Do you still require assistance?  It has been three days since I last posted to you.
 
According to Forum policy, topics must be concluded after five days of non-response from the Topic Starter.
 
If I have not heard from you in another two days, I will conclude your topic.  You can always reopen it by sending a Personal Message to a Moderator.
 
Thank you and have a great day.
 
Regards,
-Phil

Member of the Unified Network of Instructors and Trusted Eliminators


#5 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,361 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:10:27 PM

Posted 28 August 2017 - 04:40 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

Member of the Unified Network of Instructors and Trusted Eliminators


#6 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,361 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:10:27 PM

Posted 29 August 2017 - 12:20 PM

Topic has been reopened at the request of the original poster.

 

Awaiting replay from haylee03.


Member of the Unified Network of Instructors and Trusted Eliminators


#7 haylee03

haylee03
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:27 PM

Posted 29 August 2017 - 09:55 PM

Hello,

Thank you for reopening the post. So what is the first step? I'm confused 



#8 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,361 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:10:27 PM

Posted 30 August 2017 - 06:50 AM

haylee03:

 

Thank you for your post.  I did reply to your Private Message and told you how to proceed.  I guess that you have not read it yet.

 

I would like you to review my previous post, here.  Please answer the questions that I asked, follow the directions supplied, and run the supplied FRST "fixlist" script.

 

Thank you and have a great day.

 

Regards,

-Phil


Member of the Unified Network of Instructors and Trusted Eliminators


#9 haylee03

haylee03
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:27 PM

Posted 01 September 2017 - 02:59 PM

 I am having troubles downloading the CCleaner. I deleted my files and a error pop up showed. 



#10 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,361 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:10:27 PM

Posted 02 September 2017 - 11:53 AM

haylee03:

 

Thank you for your post.  I did provide you with a download link to CCleaner in my post.  It can be downloaded from here.

 

 

 

I deleted my files and a error pop up showed.

 

 

 

What files did you delete, and why?  What was the error message?

 

I need more information to be able to properly assess the situation and determine the best course of action.

 

Did you backup all of your files, as I suggested in my introductory comments in this post?

 

Thank you and have a great day.

 

Regards,

-Phil


Member of the Unified Network of Instructors and Trusted Eliminators


#11 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,361 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:10:27 PM

Posted 05 September 2017 - 11:40 AM

haylee03:

 
Are you still there?  Do you still require assistance?  It has been three days since I last posted to you.
 
According to Forum policy, topics must be concluded after five days of non-response from the Topic Starter.
 
If I have not heard from you in another two days, I will conclude your topic.  You can always reopen it by sending a Personal Message to a Moderator.
 
Thank you and have a great day.
 
Regards,
-Phil

Member of the Unified Network of Instructors and Trusted Eliminators


#12 haylee03

haylee03
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:27 PM

Posted 05 September 2017 - 09:52 PM

I deleted all my files and backed them up as suggested.  The reason why I deleted the files is because when I tried to download the CCleaner, it would say that there was full disk. I still am not able to download due to the full disk.The error message was unable to download. 



#13 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,361 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:10:27 PM

Posted 06 September 2017 - 01:00 PM

haylee03:

 

Thank you for your post.  The lack of available free hard disk space is your major issue right now.  We need to free up some space.  CCleaner is an excellent tool for doing that, but if you can't download it because of insufficient space, let's try using Windows to try and free up some space.

 

Please launch the Windows File Explorer (the file folder in your task bar, lower left corner, on most computers).  You can also press the "Windows logo" key, plus "E", at the same time, and File Explorer will launch.  Navigate to Drive C: in the left pane.  Right click Drive C: and select "Properties" at the bottom of the list.  When that opens, select the "Disk Cleanup" under the "General" tab, which is the tab that it should open to by itself.  Click the box "Clean up system files."  Follow the prompts.  Depending on how much there is to be removed, and the speed of your computer and hard drive, this could take some time.  Be patient.  Allow it to finish.

 

When the Windows Cleanup is done, please report back the amount of "Free space" on your hard drive, as reported by File Explorer in the "Properties" of Drive C:.

 

Thank you and have a great day.

 

Regards,

-Phil


Member of the Unified Network of Instructors and Trusted Eliminators


#14 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,361 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:10:27 PM

Posted 09 September 2017 - 12:34 PM

haylee03:

 
Are you still there?  Do you still require assistance?  It has been three days since I last posted to you.
 
According to Forum policy, topics must be concluded after five days of non-response from the Topic Starter.
 
If I have not heard from you in another two days, I will conclude your topic.  You can always reopen it by sending a Personal Message to a Moderator.
 
Thank you and have a great day.
 
Regards,
-Phil
 

Member of the Unified Network of Instructors and Trusted Eliminators


#15 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,361 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:10:27 PM

Posted 11 September 2017 - 01:01 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

Member of the Unified Network of Instructors and Trusted Eliminators





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users