My computer is experiencing extremely slow performance. In task manager, Disk is usually at 100%. I had posted this previously, but sustained a serious injury that kept me in the hospital and in bed recouping for several days, so I missed the 72 hour deadline to reply, so I am submitting another post. Thank you for your help
FRST.txt
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20.06.2018
Ran by Panda (administrator) on DESKTOP-FD836MB (23-06-2018 09:34:46)
Running from C:\Users\Panda\Downloads
Loaded Profiles: Panda (Available Profiles: Panda)
Platform: Windows 10 Pro 10240.16389 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\Install\{8CD08D98-A76C-4CE8-AF17-08991CE6B6A2}\67.0.3396.87_66.0.3359.181_chrome_updater.exe
(Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(Google Inc.) C:\Windows\Temp\CR_9E567.tmp\setup.exe
(Google Inc.) C:\Windows\Temp\CR_9E567.tmp\setup.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.10240.17020_none_1152834562020692\TiWorker.exe
(Apple Inc.) C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe
(Microsoft Corporation) C:\Users\Panda\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe
(Microsoft Corporation) C:\Users\Panda\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Users\Panda\AppData\Local\Microsoft\OneDrive\18.091.0506.0007\FileSyncConfig.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Farbar) C:\Users\Panda\Downloads\FRST64(1).exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [298296 2018-04-08] (Apple Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3954368 2018-05-13] (Synaptics Incorporated)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-11-04] (Advanced Micro Devices, Inc.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{a4802978-8537-4f0a-a30b-84fa6d59cbe1}: [DhcpNameServer] 192.168.0.1
Internet Explorer:
==================
HKU\S-1-5-21-986361752-4009122850-50874618-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://dell15.msn.com/?pc=DCTE
HKU\S-1-5-21-986361752-4009122850-50874618-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell15.msn.com/?pc=DCTE
FireFox:
========
FF DefaultProfile: xibflz7e.default-1528258222814
FF ProfilePath: C:\Users\Panda\AppData\Roaming\Mozilla\Firefox\Profiles\xibflz7e.default-1528258222814 [2018-06-23]
FF Plugin: @videolan.org/vlc,version=3.0.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2018-04-19] (VideoLAN)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-18] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-18] (Google Inc.)
Chrome:
=======
CHR Profile: C:\Users\Panda\AppData\Local\Google\Chrome\User Data\Default [2018-05-13]
CHR Extension: (Slides) - C:\Users\Panda\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-05-13]
CHR Extension: (Docs) - C:\Users\Panda\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-05-13]
CHR Extension: (Google Drive) - C:\Users\Panda\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-05-13]
CHR Extension: (YouTube) - C:\Users\Panda\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-05-13]
CHR Extension: (Google Docs Offline) - C:\Users\Panda\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-05-13]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Panda\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-05-13]
CHR Extension: (Gmail) - C:\Users\Panda\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-05-13]
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2018-03-29] (Apple Inc.)
R2 osrss; C:\Windows\system32\osrss.dll [108584 2018-01-18] (Microsoft Corporation)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [255168 2018-05-13] (Synaptics Incorporated)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-10] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-10] (Microsoft Corporation)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWT6.sys [110096 2018-05-13] (Advanced Micro Devices)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [587264 2015-07-10] (Realtek )
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [51392 2018-05-13] (Synaptics Incorporated)
S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-10] ()
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-07-10] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Corporation)
R2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Corporation)
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2018-06-23 09:34 - 2018-06-23 09:37 - 000007896 _____ C:\Users\Panda\Downloads\FRST.txt
2018-06-23 09:34 - 2018-06-23 09:34 - 000000000 ____D C:\FRST
2018-06-23 09:32 - 2018-06-23 09:34 - 002412544 _____ (Farbar) C:\Users\Panda\Downloads\FRST64(1).exe
2018-06-23 09:31 - 2018-06-23 09:32 - 000002359 _____ C:\Users\Panda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2018-06-23 09:18 - 2018-06-23 09:18 - 000016148 _____ C:\Windows\system32\DESKTOP-FD836MB_Panda_HistoryPrediction.bin
2018-06-05 21:10 - 2018-06-05 21:10 - 000000000 ____D C:\Users\Panda\Desktop\Old Firefox Data
2018-06-04 22:32 - 2018-06-04 22:35 - 002413056 _____ (Farbar) C:\Users\Panda\Downloads\FRST64.exe
2018-06-03 22:36 - 2018-06-03 22:36 - 000000000 ____D C:\Windows\system32\SleepStudy
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2018-06-23 09:36 - 2015-07-10 04:04 - 000000000 ___HD C:\Program Files\WindowsApps
2018-06-23 09:36 - 2015-07-10 04:04 - 000000000 ____D C:\Windows\AppReadiness
2018-06-23 09:35 - 2018-05-04 08:02 - 000000000 ___RD C:\Users\Panda\OneDrive
2018-06-23 09:31 - 2015-07-10 03:55 - 000000000 ____D C:\Windows\CbsTemp
2018-06-23 09:19 - 2018-05-13 11:56 - 000000000 ____D C:\Users\Panda\AppData\LocalLow\Mozilla
2018-06-23 09:18 - 2018-05-04 07:56 - 000000000 ____D C:\Users\Panda
2018-06-23 09:14 - 2018-05-13 11:56 - 000000000 ____D C:\Program Files\Mozilla Firefox
2018-06-23 09:14 - 2018-05-13 11:56 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-06-23 09:14 - 2015-07-10 05:21 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-06-08 07:45 - 2018-05-13 11:56 - 000001005 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2018-06-03 04:41 - 2015-07-10 02:05 - 000131072 ___SH C:\Windows\system32\config\BBI
2018-05-27 00:07 - 2018-05-14 22:09 - 000000000 ____D C:\Program Files\rempl
2018-05-26 23:54 - 2018-05-03 17:01 - 014882574 _____ C:\Windows\system32\PerfStringBackup.INI
2018-05-26 23:54 - 2015-07-17 01:56 - 000159918 _____ C:\Windows\system32\prfh0404.dat
2018-05-26 23:54 - 2015-07-17 01:56 - 000048888 _____ C:\Windows\system32\prfc0404.dat
2018-05-26 23:54 - 2015-07-17 01:46 - 000708630 _____ C:\Windows\system32\perfh01D.dat
2018-05-26 23:54 - 2015-07-17 01:46 - 000141976 _____ C:\Windows\system32\perfc01D.dat
2018-05-26 23:54 - 2015-07-17 01:15 - 000777106 _____ C:\Windows\system32\perfh015.dat
2018-05-26 23:54 - 2015-07-17 01:15 - 000148480 _____ C:\Windows\system32\perfc015.dat
2018-05-26 23:54 - 2015-07-17 01:06 - 000776688 _____ C:\Windows\system32\perfh013.dat
2018-05-26 23:54 - 2015-07-17 01:06 - 000150366 _____ C:\Windows\system32\perfc013.dat
2018-05-26 23:54 - 2015-07-17 00:56 - 000415588 _____ C:\Windows\system32\perfh014.dat
2018-05-26 23:54 - 2015-07-17 00:56 - 000069268 _____ C:\Windows\system32\perfc014.dat
2018-05-26 23:54 - 2015-07-17 00:36 - 000493018 _____ C:\Windows\system32\perfh011.dat
2018-05-26 23:54 - 2015-07-17 00:36 - 000130454 _____ C:\Windows\system32\perfc011.dat
2018-05-26 23:54 - 2015-07-17 00:25 - 000771270 _____ C:\Windows\system32\perfh010.dat
2018-05-26 23:54 - 2015-07-17 00:25 - 000142510 _____ C:\Windows\system32\perfc010.dat
2018-05-26 23:54 - 2015-07-17 00:06 - 000384858 _____ C:\Windows\system32\perfh00D.dat
2018-05-26 23:54 - 2015-07-17 00:06 - 000056464 _____ C:\Windows\system32\perfc00D.dat
2018-05-26 23:54 - 2015-07-16 23:59 - 000400704 _____ C:\Windows\system32\perfh00B.dat
2018-05-26 23:54 - 2015-07-16 23:59 - 000073804 _____ C:\Windows\system32\perfc00B.dat
2018-05-26 23:54 - 2015-07-16 23:50 - 000511756 _____ C:\Windows\system32\perfh008.dat
2018-05-26 23:54 - 2015-07-16 23:50 - 000081212 _____ C:\Windows\system32\perfc008.dat
2018-05-26 23:54 - 2015-07-16 23:40 - 000732530 _____ C:\Windows\system32\perfh007.dat
2018-05-26 23:54 - 2015-07-16 23:40 - 000146058 _____ C:\Windows\system32\perfc007.dat
2018-05-26 23:54 - 2015-07-16 23:30 - 000429396 _____ C:\Windows\system32\perfh006.dat
2018-05-26 23:54 - 2015-07-16 23:30 - 000071776 _____ C:\Windows\system32\perfc006.dat
2018-05-26 23:54 - 2015-07-16 02:35 - 000436050 _____ C:\Windows\system32\prfh0804.dat
2018-05-26 23:54 - 2015-07-16 02:35 - 000130454 _____ C:\Windows\system32\prfc0804.dat
2018-05-26 23:54 - 2015-07-16 02:18 - 000699408 _____ C:\Windows\system32\perfh01F.dat
2018-05-26 23:54 - 2015-07-16 02:18 - 000140910 _____ C:\Windows\system32\perfc01F.dat
2018-05-26 23:54 - 2015-07-16 02:09 - 000762324 _____ C:\Windows\system32\perfh019.dat
2018-05-26 23:54 - 2015-07-16 02:09 - 000147794 _____ C:\Windows\system32\perfc019.dat
2018-05-26 23:54 - 2015-07-16 02:00 - 000770132 _____ C:\Windows\system32\prfh0816.dat
2018-05-26 23:54 - 2015-07-16 02:00 - 000148548 _____ C:\Windows\system32\prfc0816.dat
2018-05-26 23:54 - 2015-07-16 01:51 - 000754374 _____ C:\Windows\system32\prfh0416.dat
2018-05-26 23:54 - 2015-07-16 01:51 - 000145364 _____ C:\Windows\system32\prfc0416.dat
2018-05-26 23:54 - 2015-07-16 01:42 - 000782818 _____ C:\Windows\system32\perfh00C.dat
2018-05-26 23:54 - 2015-07-16 01:42 - 000146138 _____ C:\Windows\system32\perfc00C.dat
2018-05-26 23:54 - 2015-07-16 01:33 - 000779312 _____ C:\Windows\system32\perfh00A.dat
2018-05-26 23:54 - 2015-07-16 01:33 - 000151606 _____ C:\Windows\system32\perfc00A.dat
2018-05-26 23:54 - 2015-07-16 01:24 - 000395414 _____ C:\Windows\system32\perfh001.dat
2018-05-26 23:54 - 2015-07-16 01:24 - 000056464 _____ C:\Windows\system32\perfc001.dat
2018-05-26 23:54 - 2015-07-10 04:02 - 000000000 ____D C:\Windows\INF
2018-05-26 11:48 - 2017-09-29 08:18 - 000000000 ___HD C:\$WINDOWS.~BT
2018-05-26 11:47 - 2015-07-16 02:50 - 000000000 ____D C:\Windows\Panther
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2018-06-03 05:50
==================== End of FRST.txt ============================
Additional.txt
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20.06.2018
Ran by Panda (23-06-2018 09:38:40)
Running from C:\Users\Panda\Downloads
Windows 10 Pro 10240.16389 (X64) (2018-05-04 01:23:46)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-986361752-4009122850-50874618-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-986361752-4009122850-50874618-503 - Limited - Disabled)
Guest (S-1-5-21-986361752-4009122850-50874618-501 - Limited - Disabled)
Panda (S-1-5-21-986361752-4009122850-50874618-1001 - Administrator - Enabled) => C:\Users\Panda
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
AMD Catalyst Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD)
Apple Application Support (32-bit) (HKLM-x32\...\{543F829B-4591-4B2F-AF63-6E6E6AE59EB2}) (Version: 6.4 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{0ECA3BB5-4410-414B-B226-241FF1C12CD0}) (Version: 6.4 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{9E005AAA-81A3-478E-8944-532D350952EE}) (Version: 11.3.1.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{A30EA700-5515-48F0-88B0-9E99DC356B88}) (Version: 2.6.0.1 - Apple Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 66.0.3359.181 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
iTunes (HKLM\...\{3D8C6B05-FE24-4B9C-A57C-B8E1FA39E83D}) (Version: 12.7.4.80 - Apple Inc.)
Microsoft OneDrive (HKU\S-1-5-21-986361752-4009122850-50874618-1001\...\OneDriveSetup.exe) (Version: 18.091.0506.0007 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Mozilla Firefox 60.0.2 (x64 en-US) (HKLM\...\Mozilla Firefox 60.0.2 (x64 en-US)) (Version: 60.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 60.0 - Mozilla)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7564 - Realtek Semiconductor Corp.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.15.2 - Synaptics Incorporated)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{5009B7EE-8A15-4A23-B404-15E31D02DA67}) (Version: 2.43.0.0 - Microsoft Corporation)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.2 - VideoLAN)
Windows Setup Remediations (x64) (KB4023057) (HKLM\...\{5534e02f-0f5d-40dd-ba92-bea38d22384d}.sdb) (Version: - )
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiacm64.dll [2015-11-04] (Advanced Micro Devices, Inc.)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {20A97314-4E3C-43D0-897F-C7F1FDD4AE4C} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2018-01-08] (Apple Inc.)
Task: {6FA8DF9F-62FF-4B00-A168-332B8DE7333B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-05-13] (Google Inc.)
Task: {B7EC55D9-B551-41E7-9FE8-616094D04FA6} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-05-13] (Google Inc.)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2015-07-10 04:00 - 2015-07-10 04:00 - 000032768 _____ () C:\Windows\SYSTEM32\licensemanagerapi.dll
2015-07-16 03:03 - 2015-07-16 03:03 - 000403968 _____ () C:\Windows\System32\diagtrack_wininternal.dll
2018-03-16 15:19 - 2018-03-16 15:19 - 000088888 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2018-03-16 15:19 - 2018-03-16 15:19 - 001356088 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-07-10 04:00 - 2015-07-10 04:00 - 002498296 _____ () C:\Windows\system32\CoreUIComponents.dll
2015-07-10 03:59 - 2015-07-10 03:59 - 000429056 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2015-07-10 04:00 - 2015-07-10 06:15 - 006579712 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2015-07-10 04:00 - 2015-07-10 06:15 - 000471040 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2015-07-10 04:00 - 2015-07-10 06:15 - 002274816 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2015-07-10 04:04 - 2015-07-10 04:02 - 000000824 _____ C:\Windows\system32\Drivers\etc\hosts
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-986361752-4009122850-50874618-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
HKLM\...\StartupApproved\Run: => "SynTPEnh"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "StartCCC"
HKU\S-1-5-21-986361752-4009122850-50874618-1001\...\StartupApproved\Run: => "OneDrive"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{41878D65-2167-4D27-A2BB-D9B929B3B588}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{AA1C7FCC-285D-4303-9C8E-E4AB7A1F40FE}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{8A774613-9F21-4FB2-A68D-00605C3539CD}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
FirewallRules: [{0A01F3B7-0A60-4CF7-8303-112FF7E15498}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{0FF07FDD-F30E-4245-8CC4-382A2C8FFECA}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{985760FC-D399-4DA8-B7FB-7DF9CC55EFC3}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{64D71815-4563-4682-BFB2-FF0834DDA072}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{76372FAB-AC41-4998-BC50-69A38DC573FA}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [TCP Query User{3D154315-3CE1-4AE7-A2F2-FEC49685A970}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{1933A113-7DFD-49E1-81E0-FF1EBE8A2043}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [{7BEEB283-B28C-4799-B0C2-263ED8E694CC}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Restore Points =========================
13-05-2018 11:53:22 Windows Modules Installer
14-05-2018 21:34:06 Windows Modules Installer
27-05-2018 00:05:26 Windows Update
30-05-2018 21:24:21 Windows Update
==================== Faulty Device Manager Devices =============
Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (06/23/2018 09:18:32 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004C003
Command-line arguments:
RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=bd3762d7-270d-4760-8fb3-d829ca45278a;NotificationInterval=1440;Trigger=UserLogon;SessionId=1
Error: (06/23/2018 09:18:31 AM) (Source: Software Protection Platform Service) (EventID: 1014) (User: )
Description: Acquisition of End User License failed. hr=0xC004C003
Sku Id=bd3762d7-270d-4760-8fb3-d829ca45278a
Error: (06/23/2018 09:18:31 AM) (Source: Software Protection Platform Service) (EventID: 8200) (User: )
Description: License acquisition failure details.
hr=0xC004C003
Error: (06/23/2018 09:15:47 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x8007139F
Command-line arguments:
RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=bd3762d7-270d-4760-8fb3-d829ca45278a;NotificationInterval=1440;Trigger=NetworkAvailable
Error: (06/23/2018 09:15:47 AM) (Source: Software Protection Platform Service) (EventID: 1014) (User: )
Description: Acquisition of End User License failed. hr=0xC004C003
Sku Id=bd3762d7-270d-4760-8fb3-d829ca45278a
Error: (06/23/2018 09:15:47 AM) (Source: Software Protection Platform Service) (EventID: 8200) (User: )
Description: License acquisition failure details.
hr=0xC004C003
Error: (06/09/2018 08:35:48 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-FD836MB)
Description: Activation of app Microsoft.Windows.Photos_8wekyb3d8bbwe!App failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Error: (06/09/2018 08:28:01 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-FD836MB)
Description: Activation of app Microsoft.WindowsAlarms_8wekyb3d8bbwe!App failed with error: -2147023170 See the Microsoft-Windows-TWinUI/Operational log for additional information.
System errors:
=============
Error: (06/23/2018 09:13:51 AM) (Source: BTHUSB) (EventID: 5) (User: )
Description: The Bluetooth driver expected an HCI event with a certain size but did not receive it.
Error: (06/23/2018 09:13:40 AM) (Source: Microsoft-Windows-HAL) (EventID: 13) (User: NT AUTHORITY)
Description: The system watchdog timer was triggered.
Error: (06/23/2018 09:14:32 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 7:57:33 AM on 6/8/2018 was unexpected.
Error: (06/09/2018 08:55:12 AM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.
Error: (06/09/2018 08:55:08 AM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.
Error: (06/09/2018 08:55:02 AM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.
Error: (06/09/2018 08:54:50 AM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.
Error: (06/09/2018 08:54:34 AM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.
Windows Defender:
===================================
Date: 2018-06-08 07:39:57.698
Description:
Windows Defender scan has been stopped before completion.
Scan ID: {1619040C-6648-4EF3-8D7E-3120232DF14F}
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2018-06-06 22:07:46.929
Description:
Windows Defender scan has been stopped before completion.
Scan ID: {169DD700-449E-42AE-B398-68C78B68AEFC}
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2018-06-05 21:19:06.653
Description:
Windows Defender scan has been stopped before completion.
Scan ID: {96633E39-F2B7-4269-8D3B-9FD006EC75AE}
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2018-06-04 22:26:07.254
Description:
Windows Defender scan has been stopped before completion.
Scan ID: {69C2F9DF-EA07-47C4-AE04-D2064D916A09}
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2018-06-03 06:51:16.816
Description:
Windows Defender scan has been stopped before completion.
Scan ID: {078E41DE-56F6-4CC6-8526-1F145CD33194}
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2018-05-27 00:05:22.202
Description:
Windows Defender has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.269.141.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.14901.4
Error code: 0x80240017
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
CodeIntegrity:
===================================
Date: 2018-06-09 08:27:41.653
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
Date: 2018-06-09 08:27:37.487
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
Date: 2018-06-04 21:26:52.029
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
Date: 2018-06-04 21:26:51.845
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
Date: 2018-06-03 04:37:49.190
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
Date: 2018-06-03 04:37:48.774
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
Date: 2018-05-28 08:44:58.694
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
Date: 2018-05-28 08:44:58.523
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i7-3632QM CPU @ 2.20GHz
Percentage of memory in use: 40%
Total physical RAM: 8139.28 MB
Available physical RAM: 4803.6 MB
Total Virtual: 9419.28 MB
Available Virtual: 6003.45 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:930.96 GB) (Free:887.55 GB) NTFS
\\?\Volume{cddd924f-bebc-4a53-9733-d7ef5882b71a}\ (Windows RE tools) (Fixed) (Total:0.44 GB) (Free:0.42 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 1A3085F6)
Partition: GPT.
==================== End of Addition.txt ============================
Thank you for your help,
Max