I believe my computer is infected with some sort of malware. It is experiencing extremely slow performance and sometimes programs will not respond at all to being opened.
FRST.txt
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20.06.2018
Ran by Panda (administrator) on DESKTOP-FD836MB (23-06-2018 09:34:46)
Running from C:\Users\Panda\Downloads
Loaded Profiles: Panda (Available Profiles: Panda)
Platform: Windows 10 Pro 10240.16389 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\Install\{8CD08D98-A76C-4CE8-AF17-08991CE6B6A2}\67.0.3396.87_66.0.3359.181_chrome_updater.exe
(Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(Google Inc.) C:\Windows\Temp\CR_9E567.tmp\setup.exe
(Google Inc.) C:\Windows\Temp\CR_9E567.tmp\setup.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.10240.17020_none_1152834562020692\TiWorker.exe
(Apple Inc.) C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe
(Microsoft Corporation) C:\Users\Panda\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe
(Microsoft Corporation) C:\Users\Panda\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Users\Panda\AppData\Local\Microsoft\OneDrive\18.091.0506.0007\FileSyncConfig.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Farbar) C:\Users\Panda\Downloads\FRST64(1).exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [298296 2018-04-08] (Apple Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3954368 2018-05-13] (Synaptics Incorporated)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-11-04] (Advanced Micro Devices, Inc.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{a4802978-8537-4f0a-a30b-84fa6d59cbe1}: [DhcpNameServer] 192.168.0.1
Internet Explorer:
==================
HKU\S-1-5-21-986361752-4009122850-50874618-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://dell15.msn.com/?pc=DCTE
HKU\S-1-5-21-986361752-4009122850-50874618-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell15.msn.com/?pc=DCTE
FireFox:
========
FF DefaultProfile: xibflz7e.default-1528258222814
FF ProfilePath: C:\Users\Panda\AppData\Roaming\Mozilla\Firefox\Profiles\xibflz7e.default-1528258222814 [2018-06-23]
FF Plugin: @videolan.org/vlc,version=3.0.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2018-04-19] (VideoLAN)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-18] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-18] (Google Inc.)
Chrome:
=======
CHR Profile: C:\Users\Panda\AppData\Local\Google\Chrome\User Data\Default [2018-05-13]
CHR Extension: (Slides) - C:\Users\Panda\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-05-13]
CHR Extension: (Docs) - C:\Users\Panda\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-05-13]
CHR Extension: (Google Drive) - C:\Users\Panda\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-05-13]
CHR Extension: (YouTube) - C:\Users\Panda\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-05-13]
CHR Extension: (Google Docs Offline) - C:\Users\Panda\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-05-13]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Panda\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-05-13]
CHR Extension: (Gmail) - C:\Users\Panda\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-05-13]
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2018-03-29] (Apple Inc.)
R2 osrss; C:\Windows\system32\osrss.dll [108584 2018-01-18] (Microsoft Corporation)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [255168 2018-05-13] (Synaptics Incorporated)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-10] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-10] (Microsoft Corporation)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWT6.sys [110096 2018-05-13] (Advanced Micro Devices)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [587264 2015-07-10] (Realtek )
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [51392 2018-05-13] (Synaptics Incorporated)
S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-10] ()
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-07-10] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Corporation)
R2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Corporation)
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2018-06-23 09:34 - 2018-06-23 09:37 - 000007896 _____ C:\Users\Panda\Downloads\FRST.txt
2018-06-23 09:34 - 2018-06-23 09:34 - 000000000 ____D C:\FRST
2018-06-23 09:32 - 2018-06-23 09:34 - 002412544 _____ (Farbar) C:\Users\Panda\Downloads\FRST64(1).exe
2018-06-23 09:31 - 2018-06-23 09:32 - 000002359 _____ C:\Users\Panda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2018-06-23 09:18 - 2018-06-23 09:18 - 000016148 _____ C:\Windows\system32\DESKTOP-FD836MB_Panda_HistoryPrediction.bin
2018-06-05 21:10 - 2018-06-05 21:10 - 000000000 ____D C:\Users\Panda\Desktop\Old Firefox Data
2018-06-04 22:32 - 2018-06-04 22:35 - 002413056 _____ (Farbar) C:\Users\Panda\Downloads\FRST64.exe
2018-06-03 22:36 - 2018-06-03 22:36 - 000000000 ____D C:\Windows\system32\SleepStudy
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2018-06-23 09:36 - 2015-07-10 04:04 - 000000000 ___HD C:\Program Files\WindowsApps
2018-06-23 09:36 - 2015-07-10 04:04 - 000000000 ____D C:\Windows\AppReadiness
2018-06-23 09:35 - 2018-05-04 08:02 - 000000000 ___RD C:\Users\Panda\OneDrive
2018-06-23 09:31 - 2015-07-10 03:55 - 000000000 ____D C:\Windows\CbsTemp
2018-06-23 09:19 - 2018-05-13 11:56 - 000000000 ____D C:\Users\Panda\AppData\LocalLow\Mozilla
2018-06-23 09:18 - 2018-05-04 07:56 - 000000000 ____D C:\Users\Panda
2018-06-23 09:14 - 2018-05-13 11:56 - 000000000 ____D C:\Program Files\Mozilla Firefox
2018-06-23 09:14 - 2018-05-13 11:56 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-06-23 09:14 - 2015-07-10 05:21 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-06-08 07:45 - 2018-05-13 11:56 - 000001005 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2018-06-03 04:41 - 2015-07-10 02:05 - 000131072 ___SH C:\Windows\system32\config\BBI
2018-05-27 00:07 - 2018-05-14 22:09 - 000000000 ____D C:\Program Files\rempl
2018-05-26 23:54 - 2018-05-03 17:01 - 014882574 _____ C:\Windows\system32\PerfStringBackup.INI
2018-05-26 23:54 - 2015-07-17 01:56 - 000159918 _____ C:\Windows\system32\prfh0404.dat
2018-05-26 23:54 - 2015-07-17 01:56 - 000048888 _____ C:\Windows\system32\prfc0404.dat
2018-05-26 23:54 - 2015-07-17 01:46 - 000708630 _____ C:\Windows\system32\perfh01D.dat
2018-05-26 23:54 - 2015-07-17 01:46 - 000141976 _____ C:\Windows\system32\perfc01D.dat
2018-05-26 23:54 - 2015-07-17 01:15 - 000777106 _____ C:\Windows\system32\perfh015.dat
2018-05-26 23:54 - 2015-07-17 01:15 - 000148480 _____ C:\Windows\system32\perfc015.dat
2018-05-26 23:54 - 2015-07-17 01:06 - 000776688 _____ C:\Windows\system32\perfh013.dat
2018-05-26 23:54 - 2015-07-17 01:06 - 000150366 _____ C:\Windows\system32\perfc013.dat
2018-05-26 23:54 - 2015-07-17 00:56 - 000415588 _____ C:\Windows\system32\perfh014.dat
2018-05-26 23:54 - 2015-07-17 00:56 - 000069268 _____ C:\Windows\system32\perfc014.dat
2018-05-26 23:54 - 2015-07-17 00:36 - 000493018 _____ C:\Windows\system32\perfh011.dat
2018-05-26 23:54 - 2015-07-17 00:36 - 000130454 _____ C:\Windows\system32\perfc011.dat
2018-05-26 23:54 - 2015-07-17 00:25 - 000771270 _____ C:\Windows\system32\perfh010.dat
2018-05-26 23:54 - 2015-07-17 00:25 - 000142510 _____ C:\Windows\system32\perfc010.dat
2018-05-26 23:54 - 2015-07-17 00:06 - 000384858 _____ C:\Windows\system32\perfh00D.dat
2018-05-26 23:54 - 2015-07-17 00:06 - 000056464 _____ C:\Windows\system32\perfc00D.dat
2018-05-26 23:54 - 2015-07-16 23:59 - 000400704 _____ C:\Windows\system32\perfh00B.dat
2018-05-26 23:54 - 2015-07-16 23:59 - 000073804 _____ C:\Windows\system32\perfc00B.dat
2018-05-26 23:54 - 2015-07-16 23:50 - 000511756 _____ C:\Windows\system32\perfh008.dat
2018-05-26 23:54 - 2015-07-16 23:50 - 000081212 _____ C:\Windows\system32\perfc008.dat
2018-05-26 23:54 - 2015-07-16 23:40 - 000732530 _____ C:\Windows\system32\perfh007.dat
2018-05-26 23:54 - 2015-07-16 23:40 - 000146058 _____ C:\Windows\system32\perfc007.dat
2018-05-26 23:54 - 2015-07-16 23:30 - 000429396 _____ C:\Windows\system32\perfh006.dat
2018-05-26 23:54 - 2015-07-16 23:30 - 000071776 _____ C:\Windows\system32\perfc006.dat
2018-05-26 23:54 - 2015-07-16 02:35 - 000436050 _____ C:\Windows\system32\prfh0804.dat
2018-05-26 23:54 - 2015-07-16 02:35 - 000130454 _____ C:\Windows\system32\prfc0804.dat
2018-05-26 23:54 - 2015-07-16 02:18 - 000699408 _____ C:\Windows\system32\perfh01F.dat
2018-05-26 23:54 - 2015-07-16 02:18 - 000140910 _____ C:\Windows\system32\perfc01F.dat
2018-05-26 23:54 - 2015-07-16 02:09 - 000762324 _____ C:\Windows\system32\perfh019.dat
2018-05-26 23:54 - 2015-07-16 02:09 - 000147794 _____ C:\Windows\system32\perfc019.dat
2018-05-26 23:54 - 2015-07-16 02:00 - 000770132 _____ C:\Windows\system32\prfh0816.dat
2018-05-26 23:54 - 2015-07-16 02:00 - 000148548 _____ C:\Windows\system32\prfc0816.dat
2018-05-26 23:54 - 2015-07-16 01:51 - 000754374 _____ C:\Windows\system32\prfh0416.dat
2018-05-26 23:54 - 2015-07-16 01:51 - 000145364 _____ C:\Windows\system32\prfc0416.dat
2018-05-26 23:54 - 2015-07-16 01:42 - 000782818 _____ C:\Windows\system32\perfh00C.dat
2018-05-26 23:54 - 2015-07-16 01:42 - 000146138 _____ C:\Windows\system32\perfc00C.dat
2018-05-26 23:54 - 2015-07-16 01:33 - 000779312 _____ C:\Windows\system32\perfh00A.dat
2018-05-26 23:54 - 2015-07-16 01:33 - 000151606 _____ C:\Windows\system32\perfc00A.dat
2018-05-26 23:54 - 2015-07-16 01:24 - 000395414 _____ C:\Windows\system32\perfh001.dat
2018-05-26 23:54 - 2015-07-16 01:24 - 000056464 _____ C:\Windows\system32\perfc001.dat
2018-05-26 23:54 - 2015-07-10 04:02 - 000000000 ____D C:\Windows\INF
2018-05-26 11:48 - 2017-09-29 08:18 - 000000000 ___HD C:\$WINDOWS.~BT
2018-05-26 11:47 - 2015-07-16 02:50 - 000000000 ____D C:\Windows\Panther
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2018-06-03 05:50
==================== End of FRST.txt ============================
Additional.txt
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20.06.2018
Ran by Panda (23-06-2018 09:38:40)
Running from C:\Users\Panda\Downloads
Windows 10 Pro 10240.16389 (X64) (2018-05-04 01:23:46)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-986361752-4009122850-50874618-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-986361752-4009122850-50874618-503 - Limited - Disabled)
Guest (S-1-5-21-986361752-4009122850-50874618-501 - Limited - Disabled)
Panda (S-1-5-21-986361752-4009122850-50874618-1001 - Administrator - Enabled) => C:\Users\Panda
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
AMD Catalyst Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD)
Apple Application Support (32-bit) (HKLM-x32\...\{543F829B-4591-4B2F-AF63-6E6E6AE59EB2}) (Version: 6.4 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{0ECA3BB5-4410-414B-B226-241FF1C12CD0}) (Version: 6.4 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{9E005AAA-81A3-478E-8944-532D350952EE}) (Version: 11.3.1.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{A30EA700-5515-48F0-88B0-9E99DC356B88}) (Version: 2.6.0.1 - Apple Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 66.0.3359.181 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
iTunes (HKLM\...\{3D8C6B05-FE24-4B9C-A57C-B8E1FA39E83D}) (Version: 12.7.4.80 - Apple Inc.)
Microsoft OneDrive (HKU\S-1-5-21-986361752-4009122850-50874618-1001\...\OneDriveSetup.exe) (Version: 18.091.0506.0007 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Mozilla Firefox 60.0.2 (x64 en-US) (HKLM\...\Mozilla Firefox 60.0.2 (x64 en-US)) (Version: 60.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 60.0 - Mozilla)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7564 - Realtek Semiconductor Corp.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.15.2 - Synaptics Incorporated)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{5009B7EE-8A15-4A23-B404-15E31D02DA67}) (Version: 2.43.0.0 - Microsoft Corporation)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.2 - VideoLAN)
Windows Setup Remediations (x64) (KB4023057) (HKLM\...\{5534e02f-0f5d-40dd-ba92-bea38d22384d}.sdb) (Version: - )
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiacm64.dll [2015-11-04] (Advanced Micro Devices, Inc.)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {20A97314-4E3C-43D0-897F-C7F1FDD4AE4C} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2018-01-08] (Apple Inc.)
Task: {6FA8DF9F-62FF-4B00-A168-332B8DE7333B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-05-13] (Google Inc.)
Task: {B7EC55D9-B551-41E7-9FE8-616094D04FA6} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-05-13] (Google Inc.)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2015-07-10 04:00 - 2015-07-10 04:00 - 000032768 _____ () C:\Windows\SYSTEM32\licensemanagerapi.dll
2015-07-16 03:03 - 2015-07-16 03:03 - 000403968 _____ () C:\Windows\System32\diagtrack_wininternal.dll
2018-03-16 15:19 - 2018-03-16 15:19 - 000088888 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2018-03-16 15:19 - 2018-03-16 15:19 - 001356088 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-07-10 04:00 - 2015-07-10 04:00 - 002498296 _____ () C:\Windows\system32\CoreUIComponents.dll
2015-07-10 03:59 - 2015-07-10 03:59 - 000429056 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2015-07-10 04:00 - 2015-07-10 06:15 - 006579712 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2015-07-10 04:00 - 2015-07-10 06:15 - 000471040 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2015-07-10 04:00 - 2015-07-10 06:15 - 002274816 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2015-07-10 04:04 - 2015-07-10 04:02 - 000000824 _____ C:\Windows\system32\Drivers\etc\hosts
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-986361752-4009122850-50874618-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
HKLM\...\StartupApproved\Run: => "SynTPEnh"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "StartCCC"
HKU\S-1-5-21-986361752-4009122850-50874618-1001\...\StartupApproved\Run: => "OneDrive"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{41878D65-2167-4D27-A2BB-D9B929B3B588}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{AA1C7FCC-285D-4303-9C8E-E4AB7A1F40FE}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{8A774613-9F21-4FB2-A68D-00605C3539CD}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
FirewallRules: [{0A01F3B7-0A60-4CF7-8303-112FF7E15498}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{0FF07FDD-F30E-4245-8CC4-382A2C8FFECA}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{985760FC-D399-4DA8-B7FB-7DF9CC55EFC3}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{64D71815-4563-4682-BFB2-FF0834DDA072}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{76372FAB-AC41-4998-BC50-69A38DC573FA}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [TCP Query User{3D154315-3CE1-4AE7-A2F2-FEC49685A970}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{1933A113-7DFD-49E1-81E0-FF1EBE8A2043}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [{7BEEB283-B28C-4799-B0C2-263ED8E694CC}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Restore Points =========================
13-05-2018 11:53:22 Windows Modules Installer
14-05-2018 21:34:06 Windows Modules Installer
27-05-2018 00:05:26 Windows Update
30-05-2018 21:24:21 Windows Update
==================== Faulty Device Manager Devices =============
Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (06/23/2018 09:18:32 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004C003
Command-line arguments:
RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=bd3762d7-270d-4760-8fb3-d829ca45278a;NotificationInterval=1440;Trigger=UserLogon;SessionId=1
Error: (06/23/2018 09:18:31 AM) (Source: Software Protection Platform Service) (EventID: 1014) (User: )
Description: Acquisition of End User License failed. hr=0xC004C003
Sku Id=bd3762d7-270d-4760-8fb3-d829ca45278a
Error: (06/23/2018 09:18:31 AM) (Source: Software Protection Platform Service) (EventID: 8200) (User: )
Description: License acquisition failure details.
hr=0xC004C003
Error: (06/23/2018 09:15:47 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x8007139F
Command-line arguments:
RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=bd3762d7-270d-4760-8fb3-d829ca45278a;NotificationInterval=1440;Trigger=NetworkAvailable
Error: (06/23/2018 09:15:47 AM) (Source: Software Protection Platform Service) (EventID: 1014) (User: )
Description: Acquisition of End User License failed. hr=0xC004C003
Sku Id=bd3762d7-270d-4760-8fb3-d829ca45278a
Error: (06/23/2018 09:15:47 AM) (Source: Software Protection Platform Service) (EventID: 8200) (User: )
Description: License acquisition failure details.
hr=0xC004C003
Error: (06/09/2018 08:35:48 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-FD836MB)
Description: Activation of app Microsoft.Windows.Photos_8wekyb3d8bbwe!App failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Error: (06/09/2018 08:28:01 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-FD836MB)
Description: Activation of app Microsoft.WindowsAlarms_8wekyb3d8bbwe!App failed with error: -2147023170 See the Microsoft-Windows-TWinUI/Operational log for additional information.
System errors:
=============
Error: (06/23/2018 09:13:51 AM) (Source: BTHUSB) (EventID: 5) (User: )
Description: The Bluetooth driver expected an HCI event with a certain size but did not receive it.
Error: (06/23/2018 09:13:40 AM) (Source: Microsoft-Windows-HAL) (EventID: 13) (User: NT AUTHORITY)
Description: The system watchdog timer was triggered.
Error: (06/23/2018 09:14:32 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 7:57:33 AM on 6/8/2018 was unexpected.
Error: (06/09/2018 08:55:12 AM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.
Error: (06/09/2018 08:55:08 AM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.
Error: (06/09/2018 08:55:02 AM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.
Error: (06/09/2018 08:54:50 AM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.
Error: (06/09/2018 08:54:34 AM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.
Windows Defender:
===================================
Date: 2018-06-08 07:39:57.698
Description:
Windows Defender scan has been stopped before completion.
Scan ID: {1619040C-6648-4EF3-8D7E-3120232DF14F}
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2018-06-06 22:07:46.929
Description:
Windows Defender scan has been stopped before completion.
Scan ID: {169DD700-449E-42AE-B398-68C78B68AEFC}
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2018-06-05 21:19:06.653
Description:
Windows Defender scan has been stopped before completion.
Scan ID: {96633E39-F2B7-4269-8D3B-9FD006EC75AE}
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2018-06-04 22:26:07.254
Description:
Windows Defender scan has been stopped before completion.
Scan ID: {69C2F9DF-EA07-47C4-AE04-D2064D916A09}
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2018-06-03 06:51:16.816
Description:
Windows Defender scan has been stopped before completion.
Scan ID: {078E41DE-56F6-4CC6-8526-1F145CD33194}
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2018-05-27 00:05:22.202
Description:
Windows Defender has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.269.141.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.14901.4
Error code: 0x80240017
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
CodeIntegrity:
===================================
Date: 2018-06-09 08:27:41.653
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
Date: 2018-06-09 08:27:37.487
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
Date: 2018-06-04 21:26:52.029
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
Date: 2018-06-04 21:26:51.845
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
Date: 2018-06-03 04:37:49.190
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
Date: 2018-06-03 04:37:48.774
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
Date: 2018-05-28 08:44:58.694
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
Date: 2018-05-28 08:44:58.523
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i7-3632QM CPU @ 2.20GHz
Percentage of memory in use: 40%
Total physical RAM: 8139.28 MB
Available physical RAM: 4803.6 MB
Total Virtual: 9419.28 MB
Available Virtual: 6003.45 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:930.96 GB) (Free:887.55 GB) NTFS
\\?\Volume{cddd924f-bebc-4a53-9733-d7ef5882b71a}\ (Windows RE tools) (Fixed) (Total:0.44 GB) (Free:0.42 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 1A3085F6)
Partition: GPT.
==================== End of Addition.txt ============================
Thank you for your time and assistance,
Max