Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

100% Disk Usage

Started by ttbcs , Feb 26 2017 06:15 PM

Please log in to reply

#1
ttbcs

Posted 26 February 2017 - 06:15 PM

Member

Member
102 posts

Not sure if this is windows problem or malware but the system lags. Disk usage is often at or near 100% not always the same program at the top of the list but they are regular system files. I also have a windows update that never completes.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 26-02-2017
Ran by brilh (administrator) on WHEEZY-BREEZY (26-02-2017 15:27:05)
Running from C:\Users\brilh\Desktop
Loaded Profiles: brilh (Available Profiles: brilh)
Platform: Windows 10 Home Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() C:\Program Files (x86)\FarStone\TotalRecovery Pro\EFB\FBAgent.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
(Zhuhai Kingsoft Office Software Co.,Ltd) C:\Program Files (x86)\Kingsoft\WPS Office\9.1.0.5247\wtoolex\wpsupdatesvr.exe
(Intel Corporation) C:\Windows\System32\ibtsiva.exe
() C:\Program Files (x86)\Intel\Intel® Security Assist\isaHelperService.exe
(Intel Corporation) C:\Windows\SysWOW64\esif_uf.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files (x86)\FarStone\TotalRecovery Pro\EFB\DCNTranProc.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Intel Corporation) C:\Windows\SysWOW64\IntelCpHeciSvc.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(ASUSTek Computer INC.) C:\ProgramData\AsTouchPanel\AsPatchTouchPanel64.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUSTek Computer Inc) C:\Program Files (x86)\ASUS\Giftbox\Asusgiftbox.exe
(Intel Corporation) C:\Windows\Temp\DPTF\esif_assist_64.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Intel Corporation) C:\Program Files\Intel\IntelSGXPSW\bin\x64\Release\aesm_service.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\FAX Utility\FUFAXRCV.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\FAX Utility\FUFAXSTM.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Apple, Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\secd.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(ASUSTek Computer Inc) C:\Program Files (x86)\ASUS\Giftbox\Asusgiftbox.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler64.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.500\SSScheduler.exe
(ASUSTek Computer Inc) C:\Program Files (x86)\ASUS\Giftbox\Asusgiftbox.exe
(ASUSTek Computer Inc) C:\Program Files (x86)\ASUS\Giftbox\Asusgiftbox.exe
(Microsoft Corporation) C:\Windows\SoftwareDistribution\Download\Install\AM_Delta.exe
(Microsoft Corporation) C:\Windows\System32\MpSigStub.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176440 2016-09-09] (Apple Inc.)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1087184 2016-01-20] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FUFAXRCV] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe [653352 2017-02-16] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FUFAXSTM] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [862248 2017-02-16] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-1653167707-1689203770-351288938-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2016-09-09] (Apple Inc.)
HKU\S-1-5-21-1653167707-1689203770-351288938-1001\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [110392 2016-09-09] (Apple Inc.)
HKU\S-1-5-21-1653167707-1689203770-351288938-1001\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [67896 2016-09-09] (Apple Inc.)
HKU\S-1-5-21-1653167707-1689203770-351288938-1001\...\Run: [iCloudPhotos] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe [356664 2016-09-09] (Apple Inc.)
HKU\S-1-5-21-1653167707-1689203770-351288938-1001\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [465920 2016-10-24] (Microsoft Corporation)
Lsa: [Notification Packages] scecli C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2017-02-26]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.500\SSScheduler.exe (McAfee, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: 0.0.0.1 mssplus.mcafee.com
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{4b9986b0-856e-428d-843c-0a99acb8811b}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKU\S-1-5-21-1653167707-1689203770-351288938-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus15.msn.com/?pc=ASTE
HKU\S-1-5-21-1653167707-1689203770-351288938-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus15.msn.com/?pc=ASTE
BHO-x32: True Key Helper -> {0F4B8786-5502-4803-8EBC-F652A1153BB6} -> C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll [2017-02-07] (Intel Security)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2017-01-16] (Microsoft Corporation)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2015-09-03] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\GROOVEEX.DLL [2017-01-16] (Microsoft Corporation)
Toolbar: HKLM-x32 - True Key - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll [2017-02-07] (Intel Security)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-01-14] (Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2017-01-16] (Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-01-14] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2017-01-16] (Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-01-14] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2017-01-16] (Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-01-14] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2017-01-16] (Microsoft Corporation)

FireFox:
========
FF DefaultProfile: tvwpm36g.default
FF ProfilePath: C:\Users\brilh\AppData\Roaming\Mozilla\Firefox\Profiles\tvwpm36g.default [2017-02-26]
FF Homepage: Mozilla\Firefox\Profiles\tvwpm36g.default -> hxxp://ccsd.net/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_24_0_0_221.dll [2017-02-19] ()
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-01-14] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_24_0_0_221.dll [2017-02-19] ()
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2015-07-10] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2015-07-10] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2015-07-10] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2015-07-10] (Foxit Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-08-24] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-08-24] (Intel Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2017-01-16] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-09-30] (Adobe Systems Inc.)

Chrome:
=======
CHR HomePage: Default -> hxxps://www.google.com/
CHR StartupUrls: Default -> "hxxps://www.google.com/"
CHR Profile: C:\Users\brilh\AppData\Local\Google\Chrome\User Data\Default [2017-02-26]
CHR Extension: (Google Slides) - C:\Users\brilh\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-09-09]
CHR Extension: (Google Docs) - C:\Users\brilh\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-09-09]
CHR Extension: (Google Drive) - C:\Users\brilh\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-09-09]
CHR Extension: (YouTube) - C:\Users\brilh\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-09-09]
CHR Extension: (Google Sheets) - C:\Users\brilh\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-09-09]
CHR Extension: (Google Docs Offline) - C:\Users\brilh\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-09-09]
CHR Extension: (Chrome Web Store Payments) - C:\Users\brilh\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-02-04]
CHR Extension: (Running Fox) - C:\Users\brilh\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcogoppjgcggbmflbmiihnbbdcbnbkjp [2016-10-26]
CHR Extension: (Gmail) - C:\Users\brilh\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-09-09]
CHR Extension: (Chrome Media Router) - C:\Users\brilh\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-26]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AESMService; C:\Program Files\Intel\IntelSGXPSW\bin\x64\Release\aesm_service.exe [3715208 2015-12-14] (Intel Corporation)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-08-05] (Apple Inc.)
S2 ASUS Flip Service; C:\Program Files\ASUS\ASUS FlipLock\FlipService.exe [14776 2015-11-18] (ASUS)
S2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [3699904 2016-12-28] (Microsoft Corporation)
S3 cplspcon; C:\Windows\system32\IntelCpHDCPSvc.exe [613352 2016-02-17] (Intel Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-06] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-06] (Dropbox, Inc.)
R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [144560 2012-05-16] (Seiko Epson Corporation)
R2 esifsvc; C:\Windows\SysWOW64\esif_uf.exe [1392792 2015-10-01] (Intel Corporation)
R2 FBAgent; C:\Program Files (x86)\FarStone\TotalRecovery Pro\EFB\FBAgent.exe [73032 2014-08-12] ()
R2 ibtsiva; C:\Windows\system32\ibtsiva.exe [165616 2015-11-12] (Intel Corporation)
R2 igfxCUIService2.0.0.0; C:\Windows\system32\igfxCUIService.exe [365032 2016-02-17] (Intel Corporation)
R3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [881152 2015-05-22] (Intel® Corporation)
S3 Intel® Security Assist; C:\Program Files (x86)\Intel\Intel® Security Assist\isa.exe [335872 2015-05-19] (Intel Corporation) [File not signed]
S3 Intel® WiDi SAM; C:\Program Files (x86)\Intel Corporation\Intel WiDi\Intel® Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe [19088 2015-09-17] (Intel Corporation)
R2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel® Security Assist\isaHelperService.exe [7680 2015-05-19] () [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [207648 2015-10-16] (Intel Corporation)
R2 Kingsoft_WPS_UpdateService; C:\Program Files (x86)\Kingsoft\WPS Office\9.1.0.5247\wtoolex\wpsupdatesvr.exe [133480 2016-03-31] (Zhuhai Kingsoft Office Software Co.,Ltd)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.500\McCHSvc.exe [329480 2017-01-18] (McAfee, Inc.)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268192 2016-02-08] ()
R2 Tran_Process_Proc; C:\Program Files (x86)\FarStone\TotalRecovery Pro\EFB\DCNTranProc.exe [71024 2014-03-25] ()
S2 TrueKey; C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe [996824 2017-02-06] (McAfee, Inc.)
S2 TrueKeyScheduler; C:\Program Files\TrueKey\McTkSchedulerService.exe [16248 2017-02-06] (McAfee, Inc.)
S3 TrueKeyServiceHelper; C:\Program Files\TrueKey\McAfee.TrueKey.ServiceHelper.exe [86864 2017-02-06] (McAfee, Inc.)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2016-10-25] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2016-10-25] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3833248 2016-02-08] (Intel® Corporation)
S2 InstallerService; C:\Program Files\TrueKey\Mcafee.TrueKey.InstallerService.exe -originalversion 4.4.127.0 [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AsusPTPDrv; C:\Windows\System32\drivers\AsusPTPFilter.sys [94712 2016-04-01] (ASUS Corporation)
S3 AX88772; C:\Windows\System32\drivers\ax88772.sys [111616 2015-10-29] (ASIX Electronics Corp.)
R3 dptf_acpi; C:\Windows\System32\drivers\dptf_acpi.sys [57304 2015-10-01] (Intel Corporation)
R3 dptf_cpu; C:\Windows\System32\drivers\dptf_cpu.sys [52200 2015-10-01] (Intel Corporation)
R3 esif_lf; C:\Windows\system32\DRIVERS\esif_lf.sys [260072 2015-10-01] (Intel Corporation)
S3 farmntio; C:\Windows\system32\drivers\farmntio.sys [25144 2014-03-25] () [File not signed]
R3 HID_PCI; C:\Windows\System32\drivers\HID_PCI.sys [47928 2015-09-29] (Intel)
R3 iaLPSS2_I2C; C:\Windows\System32\drivers\iaLPSS2_I2C.sys [185128 2015-06-16] (Intel Corporation)
R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [300304 2015-11-13] (Intel Corporation)
R3 ISH; C:\Windows\System32\drivers\ISH.sys [134968 2015-10-08] (Intel)
R3 ISH_BusDriver; C:\Windows\System32\drivers\ISH_BusDriver.sys [71480 2015-10-08] (Intel)
S3 NETwNb64; C:\Windows\System32\drivers\Netwbw02.sys [3485696 2015-10-29] (Intel Corporation)
R3 Netwtw04; C:\Windows\System32\drivers\Netwtw04.sys [7135504 2016-02-27] (Intel Corporation)
R3 PtpFilterDriver; C:\Windows\System32\drivers\PtpFilterDriver.sys [53736 2016-11-07] ()
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-10-29] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [293216 2015-10-29] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-29] (Microsoft Corporation)
U0 msahci; system32\drivers\msahci.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-02-26 15:27 - 2017-02-26 15:27 - 00020360 _____ C:\Users\brilh\Desktop\FRST.txt
2017-02-26 15:26 - 2017-02-26 15:27 - 00000000 ____D C:\FRST
2017-02-26 15:18 - 2017-02-26 15:26 - 02423296 _____ (Farbar) C:\Users\brilh\Desktop\FRST64.exe
2017-02-26 15:15 - 2017-02-26 15:15 - 00002011 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2017-02-26 15:15 - 2017-02-26 15:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2017-02-26 15:10 - 2017-02-26 15:10 - 00000000 ___HD C:\OneDriveTemp
2017-02-26 15:03 - 2017-02-26 15:03 - 00004608 ___RH C:\farstone_pe.letter
2017-02-19 14:38 - 2017-02-19 14:38 - 00000000 ____D C:\Windows\SysWOW64\BestPractices
2017-02-19 14:38 - 2017-02-19 14:38 - 00000000 ____D C:\Windows\system32\BestPractices
2017-02-19 12:46 - 2017-02-19 14:31 - 00003550 _____ C:\Windows\System32\Tasks\ASUS Live Update1
2017-02-04 23:38 - 2017-02-04 23:45 - 3741494573 _____ C:\Users\brilh\Downloads\2011-03-01-joseph-smith-the-prophet-of-the-restoration-1080p-eng.mp4

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-02-26 15:26 - 2016-09-08 18:58 - 00000000 ____D C:\Users\brilh\AppData\Local\ASUS GIFTBOX
2017-02-26 15:25 - 2016-09-08 18:58 - 00000206 _____ C:\Users\brilh\AppData\Roaming\sp_data.sys
2017-02-26 15:25 - 2016-03-31 20:17 - 00000424 _____ C:\Windows\Tasks\WpsNotifyTask_Administrator.job
2017-02-26 15:23 - 2016-12-10 13:31 - 00000000 ____D C:\Users\brilh\AppData\LocalLow\Mozilla
2017-02-26 15:22 - 2016-03-31 20:17 - 00000424 _____ C:\Windows\Tasks\WpsUpdateTask_Administrator.job
2017-02-26 15:13 - 2016-10-26 09:27 - 00000000 ____D C:\Program Files\McAfee Security Scan
2017-02-26 15:10 - 2016-10-26 08:55 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2017-02-26 15:10 - 2016-09-08 19:02 - 00000000 ___RD C:\Users\brilh\OneDrive
2017-02-26 15:06 - 2016-10-10 14:23 - 00000000 ___RD C:\Users\brilh\iCloudDrive
2017-02-26 15:04 - 2016-09-08 18:58 - 00000000 __SHD C:\Users\brilh\IntelGraphicsProfiles
2017-02-26 15:04 - 2016-09-08 18:55 - 00000180 _____ C:\Windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2017-02-26 15:04 - 2016-03-31 20:17 - 00000944 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job
2017-02-26 15:02 - 2016-12-10 13:23 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-02-26 15:02 - 2016-10-26 08:56 - 00000000 ____D C:\Program Files\TrueKey
2017-02-26 15:02 - 2016-09-09 16:23 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-02-26 15:02 - 2016-03-31 19:59 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-02-26 15:01 - 2015-10-29 22:28 - 00524288 ___SH C:\Windows\system32\config\BBI
2017-02-26 15:00 - 2016-09-26 15:00 - 00000943 _____ C:\Windows\Tasks\EPSON XP-830 Series Update {017BBBE3-34D1-4C29-A686-9A99BD456715}.job
2017-02-26 14:58 - 2016-03-31 20:17 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2017-02-26 14:57 - 2016-12-15 18:43 - 00000000 ____D C:\Users\brilh\AppData\Local\ElevatedDiagnostics
2017-02-26 14:51 - 2015-10-29 23:11 - 00000000 ____D C:\Windows\CbsTemp
2017-02-26 14:45 - 2015-10-29 23:24 - 00000000 ___HD C:\Program Files\WindowsApps
2017-02-26 14:45 - 2015-10-29 23:24 - 00000000 ____D C:\Windows\AppReadiness
2017-02-26 14:44 - 2016-09-08 18:58 - 00000000 ____D C:\Users\brilh\AppData\Local\Packages
2017-02-26 14:37 - 2016-03-31 20:17 - 00000948 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job
2017-02-19 15:04 - 2016-09-26 15:00 - 00000000 ____D C:\Program Files (x86)\EPSON Software
2017-02-19 15:00 - 2016-09-26 15:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON Software
2017-02-19 14:59 - 2016-03-31 20:05 - 00879220 _____ C:\Windows\system32\PerfStringBackup.INI
2017-02-19 14:59 - 2015-10-29 23:21 - 00000000 ____D C:\Windows\INF
2017-02-19 14:48 - 2016-05-28 10:39 - 00000000 __RHD C:\Users\Public\AccountPictures
2017-02-19 14:44 - 2016-03-31 19:56 - 00346336 _____ C:\Windows\system32\FNTCACHE.DAT
2017-02-19 14:39 - 2015-10-29 23:24 - 00000000 ___SD C:\Windows\SysWOW64\F12
2017-02-19 14:39 - 2015-10-29 23:24 - 00000000 ___SD C:\Windows\system32\F12
2017-02-19 14:39 - 2015-10-29 23:24 - 00000000 ____D C:\Windows\system32\oobe
2017-02-19 14:39 - 2015-10-29 23:24 - 00000000 ____D C:\Windows\system32\migwiz
2017-02-19 14:38 - 2015-10-29 23:24 - 00000000 ___RD C:\Windows\PrintDialog
2017-02-19 14:38 - 2015-10-29 23:24 - 00000000 ___RD C:\Windows\ImmersiveControlPanel
2017-02-19 14:38 - 2015-10-29 23:24 - 00000000 ___RD C:\Windows\DevicesFlow
2017-02-19 14:38 - 2015-10-29 23:24 - 00000000 ____D C:\Windows\Provisioning
2017-02-19 14:38 - 2015-10-29 23:24 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2017-02-19 14:38 - 2015-10-29 23:24 - 00000000 ____D C:\Program Files\Windows Defender
2017-02-19 14:38 - 2015-10-29 23:24 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2017-02-19 14:38 - 2015-10-29 23:24 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2017-02-19 14:31 - 2016-05-28 11:04 - 00003540 _____ C:\Windows\System32\Tasks\ASUS Live Update2
2017-02-19 12:47 - 2016-09-09 16:21 - 00002274 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-02-19 10:10 - 2017-01-16 14:10 - 20359768 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2017-02-19 10:10 - 2015-10-29 23:24 - 00000000 ____D C:\Windows\SysWOW64\Macromed

==================== Files in the root of some directories =======

2016-09-08 18:58 - 2017-02-26 15:25 - 0000206 _____ () C:\Users\brilh\AppData\Roaming\sp_data.sys
2016-05-28 10:50 - 2016-05-28 10:50 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Some files in TEMP:
====================
2015-08-02 15:58 - 2015-08-02 15:58 - 0118784 _____ () C:\Users\brilh\AppData\Local\Temp\xmlUpdater.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-12-10 13:51

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 26-02-2017
Ran by brilh (26-02-2017 15:28:47)
Running from C:\Users\brilh\Desktop
Windows 10 Home Version 1511 (X64) (2016-09-09 02:55:32)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-1653167707-1689203770-351288938-500 - Administrator - Disabled)
brilh (S-1-5-21-1653167707-1689203770-351288938-1001 - Administrator - Enabled) => C:\Users\brilh
DefaultAccount (S-1-5-21-1653167707-1689203770-351288938-503 - Limited - Disabled)
Guest (S-1-5-21-1653167707-1689203770-351288938-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.020.20042 - Adobe Systems Incorporated)
Adobe Flash Player 24 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 24.0.0.221 - Adobe Systems Incorporated)
Alcor Micro USB Card Reader Driver (HKLM-x32\...\InstallShield_{7BCB15FE-CC5D-4C6D-B1C6-B0AF74EE09E0}) (Version: 20.6.20117.44471 - Alcor Micro Corp.)
Alcor Micro USB Card Reader Driver (x32 Version: 20.6.20117.44471 - Alcor Micro Corp.) Hidden
Apple Application Support (32-bit) (HKLM-x32\...\{29DB9165-5FC1-48F0-9188-26123F526848}) (Version: 5.0.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{5905C8CF-1C88-4478-A48E-4E458AD1BC7E}) (Version: 5.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{D4D86CB2-2370-4691-8272-3869EDED6C64}) (Version: 10.0.0.18 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
ASUS FlipLock (HKLM\...\{7C7F8DAC-8ADA-4B86-BCB6-48B6FFB673DD}) (Version: 1.0.14 - ASUS)
ASUS GIFTBOX (HKLM-x32\...\ASUS GIFTBOX) (Version: 7.3.8 - ASUSTek Computer Inc)
ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.4.3 - ASUS)
ASUS PTP Driver (HKLM-x32\...\{7618E419-9124-4E6C-9AF4-487A6DDEC1C5}) (Version: 11.0.9 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 3.15.0003 - ASUS)
ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 4.1.6 - ASUS)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0043 - ASUS)
AudioWizard (HKLM-x32\...\{57E770A2-2BAF-4CAA-BAA3-BD896E2254D3}) (Version: 1.0.0.159 - ICEpower a/s)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Device Setup (HKLM-x32\...\{8D6B05E0-F457-408C-9D13-549334D8FAE1}) (Version: 2.0.3 - ASUSTek Computer Inc.)
Dropbox 25 GB (HKLM-x32\...\{736A97C6-8766-3699-84A9-71736C5E0CE3}) (Version: 3.1.11.0 - Dropbox, Inc.)
Dropbox Update Helper (x32 Version: 1.3.59.1 - Dropbox, Inc.) Hidden
Easy Photo Scan (HKLM-x32\...\{1021AA9F-6A0A-4128-B89B-1A05A8DD1770}) (Version: 1.00.0009 - Seiko Epson Corporation)
Epson Customer Participation (HKLM\...\{814FA673-A085-403C-9545-747FC1495069}) (Version: 1.6.0.0 - SEIKO EPSON CORPORATION)
Epson Event Manager (HKLM-x32\...\{9F205E94-9E42-4486-A92A-DF3F6CB85444}) (Version: 3.10.0061 - Seiko Epson Corporation)
Epson FAX Utility (HKLM-x32\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 2.00.00 - Seiko Epson Corporation)
Epson PC-FAX Driver (HKLM-x32\...\EPSON PC-FAX Driver 2) (Version: - Seiko Epson Corporation)
Epson Print CD (HKLM-x32\...\{D16A31F9-276D-4968-A753-FFEAC56995D0}) (Version: 2.44.00 - Seiko Epson Corporation)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation)
Epson Software Updater (HKLM-x32\...\{7BAC3F7A-B963-468E-982E-B5608A87408D}) (Version: 4.4.4 - SEIKO EPSON CORPORATION)
EPSON XP-830 Series Printer Uninstall (HKLM\...\EPSON XP-830 Series) (Version: - Seiko Epson Corporation)
Epson XP-830 User’s Guide version 1.0 (HKLM-x32\...\UsersGuideEpson XP-830 User’s Guide_is1) (Version: 1.0 - )
EpsonNet Print (HKLM\...\{0CB4EF8E-EE5B-49F6-8376-A702C222D6DA}) (Version: 3.1.3.0 - SEIKO EPSON Corporation)
Evernote v. 5.9.1 (HKLM-x32\...\{5EA1DED0-5285-11E5-8AA1-0050569584E9}) (Version: 5.9.1.8742 - Evernote Corp.)
FirstClass Client (HKLM-x32\...\{0038724E-8537-443D-A9BF-BFC35B7660B9}) (Version: 16.013 - OpenText)
Foxit PhantomPDF (HKLM-x32\...\{39263796-F296-43AF-909C-FCF99592BAC4}) (Version: 7.2.52.1209 - Foxit Software Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 56.0.2924.87 - Google Inc.)
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
iCloud (HKLM\...\{CE29BC77-C5AE-49D8-A8C0-FDAF6ACF74DF}) (Version: 6.0.1.41 - Apple Inc.)
Intel Security True Key (HKLM\...\TrueKey) (Version: 4.13.125.1 - Intel Security)
Intel® Chipset Device Software (x32 Version: 10.1.1.11 - Intel® Corporation) Hidden
Intel® Dynamic Platform and Thermal Framework (HKLM-x32\...\{654EE65D-FAA4-4EA6-8C07-DC94E6A304D4}) (Version: 8.1.10604.207 - Intel Corporation)
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1173 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4380 - Intel Corporation)
Intel® Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 30.100.1519.7 - Intel Corporation)
Intel® WiDi (HKLM\...\{6B15F1EF-F3A8-4C29-BF9E-18EB3683A83D}) (Version: 6.0.60.0 - Intel Corporation)
Intel® WiDi Software Asset Manager (x32 Version: 3.2.1184 - Intel Corporation) Hidden
Intel® Wireless Bluetooth® (HKLM-x32\...\{4DA9DC19-4E1D-4B10-A726-A5F2A1BC7265}) (Version: 18.1.1546.2762 - Intel Corporation)
Intel® Integrated Sensor Solution (HKLM-x32\...\{ceca3c09-cc87-478c-b746-354048b4de4b}) (Version: 3.0.12.3053 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{d5572863-793c-4ec8-872a-43cccc68b948}) (Version: 18.40.0 - Intel Corporation)
Intel® Security Assist (HKLM-x32\...\{4B230374-6475-4A73-BA6E-41015E9C5013}) (Version: 1.0.0.532 - Intel Corporation)
ISS_Drivers_x64 (Version: 3.0.12.3053 - Intel Corporation) Hidden
iTunes (HKLM\...\{9946A4F7-E0FD-4A33-82D1-06CBFFBBB9F9}) (Version: 12.5.1.21 - Apple Inc.)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.11.500.3 - McAfee, Inc.)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.7571.2109 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1653167707-1689203770-351288938-1001\...\OneDriveSetup.exe) (Version: 17.3.6743.1212 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Mozilla Firefox 51.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 51.0.1 (x86 en-US)) (Version: 51.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 51.0.1.6234 - Mozilla)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.9.2 - Notepad++ Team)
Office 16 Click-to-Run Extensibility Component (Version: 16.0.7571.2109 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.7571.2109 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (Version: 16.0.7571.2109 - Microsoft Corporation) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7779 - Realtek Semiconductor Corp.)
The Weather Channel (HKU\S-1-5-21-1653167707-1689203770-351288938-1001\...\The Weather Channel) (Version: - The Weather Channel, LLC weather.com®)
TotalRecovery Pro (HKLM-x32\...\TotalRecovery) (Version: 10.0.11.2 - FarStone Inc.)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Windows Driver Package - ASUS (AsusPTPDrv) HIDClass (03/18/2016 11.0.0.9) (HKLM\...\689E9F7827C3AF1059D6C80D6C7F4EF89E2D7E72) (Version: 03/18/2016 11.0.0.9 - ASUS)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 3.1.0 - ASUS)
WPS Office for ASUS (HKLM-x32\...\Kingsoft Office) (Version: 9.1.0.5247 - Kingsoft Corp.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0722299F-98D4-497E-AB9C-A22F64F5B593} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-02-19] (Adobe Systems Incorporated)
Task: {1467FC7B-4E76-4ACF-98CD-730E989B2BF5} - System32\Tasks\Update Checker => C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe [2016-08-01] ()
Task: {15083A71-CBF5-4A68-8C13-E155C4149091} - System32\Tasks\ATK Package A22126881260 => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\SimAppExec.exe [2015-09-22] (ASUSTek Computer Inc.)
Task: {1B535D50-0958-4045-AE5E-23D59D37454C} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {20C1D40F-C2A0-4851-BFD3-022389165A13} - System32\Tasks\IntelWiDi-Upgrade-91ba0caa-28a7-4f47-8d08-f71b4b10fbec => C:\Program Files (x86)\Intel Corporation\Intel WiDi\Intel® Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe [2015-09-17] (Intel Corporation)
Task: {2A0A26B6-26B2-42DF-844D-6CBB89F17FBB} - System32\Tasks\WRUStartup => C:\Program Files\Intel Corporation\Intel WiDi\WRU.exe [2016-01-27] ()
Task: {2ACB098F-E170-4EE3-9D6B-05A1FDCA5F5C} - System32\Tasks\WRU => C:\Program Files\Intel Corporation\Intel WiDi\WRU.exe [2016-01-27] ()
Task: {375121A6-E89A-40D2-A80C-26B4ACF91422} - System32\Tasks\IntelWiDi-Upgrade-91ba0caa-28a7-4f47-8d08-f71b4b10fbec-Logon => C:\Program Files (x86)\Intel Corporation\Intel WiDi\Intel® Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe [2015-09-17] (Intel Corporation)
Task: {3962849F-A4B9-47E2-B944-3FB611B6CCC9} - System32\Tasks\Intel\Intel Telemetry 2 => C:\Program Files\Intel\Telemetry 2.0\lrio.exe [2015-06-05] (Intel Corporation)
Task: {4E9AA461-2953-41AF-9F0D-06FAB28A13D5} - System32\Tasks\ATK Package 36D18D69AFC3 => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\SimAppExec.exe [2015-09-22] (ASUSTek Computer Inc.)
Task: {5213B378-161D-4EB8-90CF-3141608A70BD} - System32\Tasks\ASUS\ASUS Product Register Service => C:\Program Files (x86)\ASUS\APRP\aprp.exe [2016-01-19] (ASUSTek Computer Inc.)
Task: {5790D537-8563-4BD1-9BB6-7C48CCE37F32} - System32\Tasks\ASUS Live Update2 => C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe [2016-08-01] ()
Task: {5DD2BF2E-DA23-4686-86AD-1E33A083EC15} - System32\Tasks\EPSON XP-830 Series Update {017BBBE3-34D1-4C29-A686-9A99BD456715} => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSPKE.EXE [2013-11-22] (SEIKO EPSON CORPORATION)
Task: {6620CE17-773C-4476-9FA0-AC2169E0A197} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe
Task: {683853BF-4F97-454F-89E7-2B866D551954} - System32\Tasks\ASUS\ASUS GIFTBOX => C:\Program Files (x86)\ASUS\Giftbox\asusgiftbox.exe [2016-12-08] (ASUSTek Computer Inc)
Task: {6A81C1B7-44C1-4E26-8A1E-25F85507A157} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-12-28] (Microsoft Corporation)
Task: {7A63B230-03C7-40A5-A7BC-9A9F105903A1} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2016-03-24] (Realtek Semiconductor)
Task: {7C170E52-7231-41FD-862F-E1C66F09EA06} - System32\Tasks\WpsNotifyTask_Administrator => C:\Program Files (x86)\Kingsoft\WPS Office\9.1.0.5247\wtoolex\wpsnotify.exe [2016-03-31] (Zhuhai Kingsoft Office Software Co.,Ltd)
Task: {86C25D1C-3C69-46F3-A373-68427770A352} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-12-28] (Microsoft Corporation)
Task: {8E9DC989-A198-471C-AE40-A6C639C44264} - System32\Tasks\WpsUpdateTask_Administrator => C:\Program Files (x86)\Kingsoft\WPS Office\9.1.0.5247\wtoolex\wpsupdate.exe [2016-03-31] (Zhuhai Kingsoft Office Software Co.,Ltd)
Task: {947399AF-0605-448B-9734-2DBCFD02A809} - System32\Tasks\CheckFlipService => C:\Program Files\ASUS\ASUS FlipLock\CheckFlipService.exe [2015-11-18] ()
Task: {A1495DCF-43BD-44C6-9530-31B153BEC9A0} - System32\Tasks\ASUS Live Update1 => C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe [2016-08-01] ()
Task: {A77938CB-978F-4084-A365-09153A6B92A1} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-11-06] (Dropbox, Inc.)
Task: {AE2855DE-3393-4F5E-AE41-5E6A4F6AA07E} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2015-05-25] (ASUSTek Computer Inc.)
Task: {AF6F5843-44ED-491D-B71D-656A6BDE19E9} - System32\Tasks\RtHDVBg_ListenToDevice => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2016-03-24] (Realtek Semiconductor)
Task: {B04E3210-F92E-49DB-AC9D-05932F65FA1C} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-10-21] (Adobe Systems Incorporated)
Task: {BA3A0207-956C-4C83-8BEE-EC0449602D3A} - System32\Tasks\ASUS Patch for Touch Panel => C:\ProgramData\AsTouchPanel\AsPatchTouchPanel64.exe [2016-03-07] (ASUSTek Computer INC.)
Task: {C5986D57-A5D5-43E9-8E8D-08C6A494CC57} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-09-09] (Google Inc.)
Task: {E608BA94-1217-4075-A1DA-FEC325DAA163} - System32\Tasks\ASUS Splendid ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2016-02-23] (ASUS)
Task: {E9FEA1CA-0BEA-481B-8727-1D4B7E0E4E22} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-11-06] (Dropbox, Inc.)
Task: {EC62F157-537D-4476-BE94-A06EABA1E1EC} - System32\Tasks\DropboxOEM => C:\Program Files (x86)\Dropbox\DropboxOEM\DropboxOEM.exe [2016-04-04] ()
Task: {FA27EACC-052A-4966-8FD1-A15B4A34C2C5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-09-09] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\EPSON XP-830 Series Update {017BBBE3-34D1-4C29-A686-9A99BD456715}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSPKE.EXE :/EXE:{017BBBE3-34D1-4C29-A686-9A99BD456715} /F:Update WORKGROUP\BREEZYS-TAB$ ĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi
Task: C:\Windows\Tasks\WpsNotifyTask_Administrator.job => C:\Program Files (x86)\Kingsoft\WPS Office\9.1.0.5247\wtoolex\wpsnotify.exe
Task: C:\Windows\Tasks\WpsUpdateTask_Administrator.job => C:\Program Files (x86)\Kingsoft\WPS Office\9.1.0.5247\wtoolex\wpsupdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2015-10-29 23:17 - 2015-10-29 23:17 - 00028672 _____ () C:\Windows\SYSTEM32\efsext.dll
2015-10-29 23:18 - 2015-10-29 23:18 - 00185856 _____ () C:\Windows\SYSTEM32\ism32k.dll
2014-08-12 22:30 - 2014-08-12 22:30 - 00073032 _____ () C:\Program Files (x86)\FarStone\TotalRecovery Pro\EFB\FBAgent.exe
2015-05-19 08:11 - 2015-05-19 08:11 - 00007680 _____ () C:\Program Files (x86)\Intel\Intel® Security Assist\isaHelperService.exe
2016-09-01 17:12 - 2016-09-01 17:12 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-09-01 17:12 - 2016-09-01 17:12 - 01353528 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-03-25 01:14 - 2014-03-25 01:14 - 00071024 _____ () C:\Program Files (x86)\FarStone\TotalRecovery Pro\EFB\DCNTranProc.exe
2017-01-17 19:27 - 2016-10-25 01:42 - 02656952 _____ () C:\Windows\system32\CoreUIComponents.dll
2017-01-17 19:27 - 2016-10-25 01:42 - 02656952 _____ () C:\Windows\System32\CoreUIComponents.dll
2016-05-17 14:42 - 2016-05-17 14:42 - 00230064 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll
2016-02-17 18:02 - 2016-02-17 18:02 - 00394216 _____ () C:\Windows\system32\igfxTray.exe
2016-03-31 20:05 - 2015-12-06 20:14 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-09-10 06:05 - 2016-06-30 19:48 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2017-01-17 19:27 - 2016-10-24 20:49 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-01-17 19:27 - 2016-10-24 20:44 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-01-17 19:27 - 2016-10-24 20:45 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-01-17 19:27 - 2016-10-24 20:48 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2014-03-25 01:14 - 2014-03-25 01:14 - 00088576 _____ () C:\Program Files (x86)\FarStone\TotalRecovery Pro\EFB\zlibwapi.dll
2015-08-17 23:18 - 2015-08-17 23:18 - 00332800 _____ () C:\Program Files (x86)\FarStone\TotalRecovery Pro\EFB\FBCmdDsp.dll
2015-08-17 20:30 - 2015-08-17 20:30 - 00085504 _____ () C:\Program Files (x86)\FarStone\TotalRecovery Pro\EFB\FlBckpBk.dll
2015-08-17 20:28 - 2015-08-17 20:28 - 00323584 _____ () C:\Program Files (x86)\FarStone\TotalRecovery Pro\EFB\FlBckpRt.dll
2015-08-17 20:26 - 2015-08-17 20:26 - 00223232 _____ () C:\Program Files (x86)\FarStone\TotalRecovery Pro\EFB\DiskClone.dll
2014-11-24 19:22 - 2014-11-24 19:22 - 00089088 _____ () C:\Program Files (x86)\FarStone\TotalRecovery Pro\EFB\EfbCheckImg.dll
2014-09-21 18:40 - 2014-09-21 18:40 - 00194560 _____ () C:\Program Files (x86)\FarStone\TotalRecovery Pro\EFB\EFBSearchTool.dll
2015-07-26 21:50 - 2015-07-26 21:50 - 00224256 _____ () C:\Program Files (x86)\FarStone\TotalRecovery Pro\EFB\DiskMgr.dll
2014-09-21 18:40 - 2014-09-21 18:40 - 00022528 _____ () C:\Program Files (x86)\FarStone\TotalRecovery Pro\EFB\FBEventMgr.dll
2015-08-17 21:23 - 2015-08-17 21:23 - 00114176 _____ () C:\Program Files (x86)\FarStone\TotalRecovery Pro\EFB\EasyFuncs.dll
2014-05-20 19:04 - 2014-05-20 19:04 - 00018432 _____ () C:\Program Files (x86)\FarStone\TotalRecovery Pro\EFB\FSToken.dll
2015-08-17 23:17 - 2015-08-17 23:17 - 00104448 _____ () C:\Program Files (x86)\FarStone\TotalRecovery Pro\EFB\BootConfig.dll
2014-03-13 23:04 - 2014-03-13 23:04 - 00012288 _____ () C:\Program Files (x86)\FarStone\TotalRecovery Pro\EFB\FSFat32.dll
2014-03-13 23:04 - 2014-03-13 23:04 - 00201216 _____ () C:\Program Files (x86)\FarStone\TotalRecovery Pro\EFB\NtfsLib.dll
2014-03-13 23:04 - 2014-03-13 23:04 - 00013312 _____ () C:\Program Files (x86)\FarStone\TotalRecovery Pro\EFB\VssNew.dll
2014-09-21 18:41 - 2014-09-21 18:41 - 00239104 _____ () C:\Program Files (x86)\FarStone\TotalRecovery Pro\EFB\diskpart.dll
2014-11-04 16:44 - 2014-11-04 16:44 - 00017408 _____ () C:\Program Files (x86)\FarStone\TotalRecovery Pro\EFB\VDiskConvert.dll
2014-09-03 18:41 - 2014-09-03 18:41 - 00037888 _____ () C:\Program Files (x86)\FarStone\TotalRecovery Pro\EFB\RapidClone.dll
2014-08-19 17:23 - 2014-08-19 17:23 - 00075264 _____ () C:\Program Files (x86)\FarStone\TotalRecovery Pro\EFB\DiskInterface.dll
2014-03-25 01:14 - 2014-03-25 01:14 - 00194048 _____ () C:\Program Files (x86)\FarStone\TotalRecovery Pro\EFB\NetTool.dll
2014-03-25 01:14 - 2014-03-25 01:14 - 00157552 _____ () C:\Program Files (x86)\FarStone\TotalRecovery Pro\EFB\FtpPipeModule.dll
2014-03-25 01:14 - 2014-03-25 01:14 - 00091584 _____ () C:\Program Files (x86)\FarStone\TotalRecovery Pro\EFB\TransferManager.dll
2014-03-25 01:14 - 2014-03-25 01:14 - 00062832 _____ () C:\Program Files (x86)\FarStone\TotalRecovery Pro\EFB\CommonFun.dll
2014-03-25 01:14 - 2014-03-25 01:14 - 00054712 _____ () C:\Program Files (x86)\FarStone\TotalRecovery Pro\EFB\FTPFunModule.dll
2014-03-25 01:14 - 2014-03-25 01:14 - 00617952 _____ () C:\Program Files (x86)\FarStone\TotalRecovery Pro\EFB\XpIcfOpt.dll
2016-02-23 17:56 - 2016-02-23 17:56 - 00027648 _____ () C:\Program Files (x86)\ASUS\Splendid\DetectDisplayDC.dll
2016-02-23 17:56 - 2016-02-23 17:56 - 00124928 _____ () C:\Program Files (x86)\ASUS\Splendid\CCTAdjust.dll
2016-02-23 17:56 - 2016-02-23 17:56 - 00029184 _____ () C:\Program Files (x86)\ASUS\Splendid\VideoEnhance.dll
2016-12-08 06:22 - 2016-12-08 06:22 - 01937408 _____ () C:\Program Files (x86)\ASUS\Giftbox\ffmpeg.dll
2016-09-01 17:13 - 2016-09-01 17:13 - 01041720 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2016-09-01 17:13 - 2016-09-01 17:13 - 00080184 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2016-09-01 17:12 - 2016-09-01 17:12 - 00189752 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxslt.dll
2015-10-16 05:14 - 2015-10-16 05:14 - 01243936 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2016-12-08 06:22 - 2016-12-08 06:22 - 02177536 _____ () C:\Program Files (x86)\ASUS\Giftbox\libglesv2.dll
2016-12-08 06:22 - 2016-12-08 06:22 - 00079360 _____ () C:\Program Files (x86)\ASUS\Giftbox\libegl.dll
2016-12-08 06:22 - 2016-12-08 06:22 - 03561984 _____ () C:\Program Files (x86)\ASUS\Giftbox\node.dll
2016-12-08 06:19 - 2016-12-08 06:22 - 00289792 _____ () \\?\C:\Program Files (x86)\ASUS\Giftbox\node_modules\appcloud-native-utils\anu.node

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-10-29 23:24 - 2017-02-26 15:15 - 00000857 ____A C:\Windows\system32\Drivers\etc\hosts

0.0.0.1 mssplus.mcafee.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1653167707-1689203770-351288938-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\brilh\OneDrive\Pictures\adam\halloween 2016\IMG_1019.JPG
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{0AB285CC-EE95-405B-A7DE-861B186EB5C7}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{0319ADC4-73B3-44B9-90E8-C6BEDBB8AF38}] => (Allow) C:\Program Files\Intel Corporation\Intel WiDi\WiDiApp.exe
FirewallRules: [{A31264F3-ED62-4EE7-BC10-49549ABB05D8}] => (Allow) C:\Program Files\Intel Corporation\Intel WiDi\WiDiAppOld.exe
FirewallRules: [{E9B18F5C-C6FE-4BEF-BFF3-45D911D7CFBF}] => (Allow) C:\Program Files\Intel Corporation\Intel WiDi\Next\WirelessDisplay.exe
FirewallRules: [{2552EECE-A01D-47BE-986D-EC4266F2C330}] => (Allow) C:\Program Files\Intel Corporation\Intel WiDi\SmartAgentTest.exe
FirewallRules: [{7808AD19-6B5A-45DD-AAA3-B64FF17C0FAB}] => (Allow) C:\Program Files (x86)\FarStone\TotalRecovery Pro\EFB\FBAgent.exe
FirewallRules: [{6D974594-4C18-41B3-A7A2-A21EEFE4CC95}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{A74FB363-40B5-4DB7-B2D8-6B60CFF7A409}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{C5AF42EB-81B1-4A9B-9521-6BC1A9FCA32D}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{82DCCAD4-12BE-4C42-B947-9364EBB7FC33}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{2D9D98ED-97DE-4837-B6B6-1B8606CCA686}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{10767E9B-793D-41E2-946D-447A8884B2A6}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{073BAAA8-EA53-47DD-9178-48514DB31F70}] => (Allow) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
FirewallRules: [{4A179843-924B-4C7D-B6D8-CAE6255FF2AF}] => (Allow) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
FirewallRules: [{19D77E0F-4A0E-47D2-A22C-88AF9BDC6262}] => (Allow) C:\Users\brilh\AppData\Local\Temp\WZSE0.TMP\Network\EpsonNetSetup\ENEasyApp.exe
FirewallRules: [{1E337926-8F41-4544-9F71-BB2F14CCF995}] => (Allow) C:\Users\brilh\AppData\Local\Temp\WZSE0.TMP\Network\EpsonNetSetup\ENEasyApp.exe
FirewallRules: [{93AB316D-D6EA-4FCF-B676-56C57795F8DC}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{88B1F0F0-F834-4F1A-A3B1-74907B334CD8}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{E79A9B39-40AB-4370-9A40-B2318CF94F39}] => (Allow) LPort=810
FirewallRules: [{C527238C-4664-4764-A63F-CACCCB450558}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

09-01-2017 17:04:21 Installed Epson Printer Connection Checker
19-02-2017 12:29:31 Windows Update
19-02-2017 15:02:16 Installed FAX Utility
26-02-2017 14:56:42 Windows Update

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (02/26/2017 02:56:59 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (02/19/2017 03:34:57 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7125

Error: (02/19/2017 03:34:57 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 7125

Error: (02/19/2017 03:34:57 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (02/19/2017 03:15:59 PM) (Source: IntelDalJhi) (EventID: 4) (User: )
Description: Intel® Dynamic Application Loader Host Interface Service initialization failure - the spooler applet is invalid.

Error: (02/19/2017 03:02:25 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (02/19/2017 12:59:37 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 10797

Error: (02/19/2017 12:59:37 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 10797

Error: (02/19/2017 12:59:37 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (02/19/2017 12:59:36 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9141

System errors:
=============
Error: (02/26/2017 03:18:59 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Software Protection service hung on starting.

Error: (02/26/2017 03:16:12 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Downloaded Maps Manager service hung on starting.

Error: (02/26/2017 03:15:52 PM) (Source: DCOM) (EventID: 10016) (User: WHEEZY-BREEZY)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
and APPID
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
to the user WHEEZY-BREEZY\brilh SID (S-1-5-21-1653167707-1689203770-351288938-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742). This security permission can be modified using the Component Services administrative tool.

Error: (02/26/2017 03:12:25 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Intel® Management and Security Application Local Management Service service hung on starting.

Error: (02/26/2017 03:10:20 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Delivery Optimization service hung on starting.

Error: (02/26/2017 03:07:36 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Intel® SGX AESM service hung on starting.

Error: (02/26/2017 03:03:30 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The TrueKey service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (02/26/2017 03:03:30 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the TrueKey service to connect.

Error: (02/26/2017 03:03:29 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The TrueKeyScheduler service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (02/26/2017 03:03:29 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the TrueKeyScheduler service to connect.

CodeIntegrity:
===================================
Date: 2017-02-19 14:46:21.389
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2017-01-16 12:49:51.283
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-12-17 12:14:45.412
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-12-10 14:09:36.458
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-12-10 12:59:10.308
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-11-11 17:58:54.902
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-11-07 17:25:53.698
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-10-26 11:00:39.916
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-10-23 18:29:58.371
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-10-23 17:00:59.915
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: Intel® Core™ i5-6200U CPU @ 2.30GHz
Percentage of memory in use: 41%
Total physical RAM: 6009.81 MB
Available physical RAM: 3505.97 MB
Total Virtual: 6969.81 MB
Available Virtual: 4568.68 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:930.75 GB) (Free:786.91 GB) NTFS ==>[system with boot components (obtained from drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 8EB684E2)

Partition: GPT.

==================== End of Addition.txt ============================

#2
RKinner

Posted 27 February 2017 - 07:29 AM

Malware Expert

Expert
24,624 posts

Get Process Explorer

http://live.sysinter...com/procexp.exe

Save it to your desktop then run it (Vista or Win7+ - right click and Run As Administrator).

View, Select Column, check Verified Signer, OK

Options, Verify Image Signatures

Click twice on the CPU column header to sort things by CPU usage with the big hitters at the top.

Wait a full minute then:

File, Save As, Save. Note the file name. Open the file on your desktop and copy and paste the text to a reply.

#3
ttbcs

Posted 28 February 2017 - 01:47 PM

Member

Topic Starter
Member
102 posts

Process   CPU   Private Bytes   Working Set   PID   Description   Company Name   Verified Signer
System Idle Process   88.92   0 K   4 K   0
Interrupts   2.23   0 K   0 K   n/a   Hardware Interrupts and DPCs
procexp64.exe   2.06   59,620 K   66,980 K   5712   Sysinternals Process Explorer   Sysinternals - www.sysinternals.com   (Verified) Microsoft Corporation
svchost.exe   1.90   57,356 K   95,376 K   476   Host Process for Windows Services   Microsoft Corporation   (Verified) Microsoft Windows Publisher
System   1.77   124 K   976 K   4
dwm.exe   1.31   37,612 K   48,888 K   356   Desktop Window Manager   Microsoft Corporation   (Verified) Microsoft Windows
MsMpEng.exe   0.50   415,840 K   167,260 K   2880   Antimalware Service Executable   Microsoft Corporation   (Verified) Microsoft Corporation
sihost.exe   0.24   4,236 K   18,396 K   4424   Shell Infrastructure Host   Microsoft Corporation   (Verified) Microsoft Windows
csrss.exe   0.20   2,056 K   6,608 K   612   Client Server Runtime Process   Microsoft Corporation   (Verified) Microsoft Windows Publisher
lsass.exe   0.19   6,636 K   18,120 K   760   Local Security Authority Process   Microsoft Corporation   (Verified) Microsoft Windows Publisher
TabTip.exe   0.15   2,828 K   11,828 K   5840   Touch Keyboard and Handwriting Panel   Microsoft Corporation   (Verified) Microsoft Windows
TrustedInstaller.exe   0.13   1,848 K   6,384 K   8052   Windows Modules Installer   Microsoft Corporation   (Verified) Microsoft Windows
svchost.exe   0.12   4,896 K   9,672 K   908   Host Process for Windows Services   Microsoft Corporation   (Verified) Microsoft Windows Publisher
svchost.exe   0.07   7,492 K   20,184 K   844   Host Process for Windows Services   Microsoft Corporation   (Verified) Microsoft Windows Publisher
svchost.exe   0.05   7,308 K   17,492 K   1440   Host Process for Windows Services   Microsoft Corporation   (Verified) Microsoft Windows Publisher
iCloudServices.exe   0.04   32,724 K   53,684 K   2392   iCloud Services   Apple Inc.   (Verified) Apple Inc.
explorer.exe   0.02   43,748 K   98,000 K   1056   Windows Explorer   Microsoft Corporation   (Verified) Microsoft Windows
WUDFHost.exe   0.02   2,252 K   6,700 K   1784   Windows Driver Foundation - User-mode Driver Framework Host Process   Microsoft Corporation   (Verified) Microsoft Windows
EEventManager.exe   0.02   2,740 K   10,764 K   5620   EEventManager Application   SEIKO EPSON CORPORATION   (Verified) SEIKO EPSON CORPORATION
AppleMobileDeviceService.exe   0.01   3,312 K   12,160 K   2396   MobileDeviceService   Apple Inc.   (Verified) Apple Inc.
iPodService.exe   0.01   2,040 K   7,664 K   5784   iPodService Module (64-bit)   Apple Inc.   (Verified) Apple Inc.
SearchIndexer.exe   0.01   23,584 K   25,236 K   4328   Microsoft Windows Search Indexer   Microsoft Corporation   (Verified) Microsoft Windows
svchost.exe   0.01   3,348 K   12,480 K   360   Host Process for Windows Services   Microsoft Corporation   (Verified) Microsoft Windows Publisher
Asusgiftbox.exe   0.01   29,076 K   32,884 K   2332   ASUS GIFTBOX   ASUSTek Computer Inc   (Verified) ASUS GIFTBOX
conhost.exe   < 0.01   1,184 K   5,552 K   6952   Console Window Host   Microsoft Corporation   (Verified) Microsoft Windows
SystemSettingsBroker.exe   < 0.01   4,276 K   19,960 K   6640   System Settings Broker   Microsoft Corporation   (Verified) Microsoft Windows
SocketHeciServer.exe   < 0.01   1,404 K   6,548 K   1240   Intel® Capability Licensing Service TCP IP Interface   Intel® Corporation   (Verified) Intel® Trusted Connect Service
svchost.exe   < 0.01   19,380 K   30,664 K   1232   Host Process for Windows Services   Microsoft Corporation   (Verified) Microsoft Windows Publisher
esif_assist_64.exe   < 0.01   1,152 K   4,252 K   4464   Intel® Dynamic Platform and Thermal Framework Utility Application   Intel Corporation   (Verified) Intel® Software
csrss.exe   < 0.01   1,488 K   4,108 K   540   Client Server Runtime Process   Microsoft Corporation   (Verified) Microsoft Windows Publisher
SearchUI.exe   < 0.01   38,564 K   86,140 K   1204   Search and Cortana application   Microsoft Corporation   (Verified) Microsoft Windows
FUFAXRCV.exe   < 0.01   6,136 K   15,448 K   5576   Fax Reception   SEIKO EPSON CORPORATION   (Verified) SEIKO EPSON CORPORATION
FUFAXSTM.exe   < 0.01   9,576 K   19,872 K   88   Fax Transmission   SEIKO EPSON CORPORATION   (Verified) SEIKO EPSON CORPORATION
svchost.exe   < 0.01   11,008 K   25,904 K   7880   Host Process for Windows Services   Microsoft Corporation   (Verified) Microsoft Windows Publisher
iTunesHelper.exe   < 0.01   3,996 K   15,004 K   776   iTunesHelper   Apple Inc.   (Verified) Apple Inc.
ZeroConfigService.exe       4,136 K   15,676 K   2848   Intel® PROSet/Wireless Zero Configure Service   Intel® Corporation   (Verified) Intel Corporation-Wireless Connectivity Solutions
WUDFHost.exe       24,848 K   35,056 K   1084   Windows Driver Foundation - User-mode Driver Framework Host Process   Microsoft Corporation   (Verified) Microsoft Windows
wuauclt.exe       2,188 K   9,800 K   3848   Windows Update   Microsoft Corporation   (Verified) Microsoft Windows
wpsupdatesvr.exe       1,192 K   4,920 K   2472   WPS Office Expansion tool   Zhuhai Kingsoft Office Software Co.,Ltd   (Verified) Zhuhai Kingsoft Office Software Co.
WmiPrvSE.exe       3,504 K   11,960 K   1500   WMI Provider Host   Microsoft Corporation   (Verified) Microsoft Windows
WmiPrvSE.exe       4,776 K   12,512 K   6184   WMI Provider Host   Microsoft Corporation   (Verified) Microsoft Windows
wlanext.exe       4,224 K   15,480 K   2188   Windows Wireless LAN 802.11 Extensibility Framework   Microsoft Corporation   (Verified) Microsoft Windows
winlogon.exe       2,304 K   10,496 K   672   Windows Logon Application   Microsoft Corporation   (Verified) Microsoft Windows
wininit.exe       1,100 K   4,700 K   636   Windows Start-Up Application   Microsoft Corporation   (Verified) Microsoft Windows Publisher
WifiPowerManager.exe       35,724 K   38,776 K   3248   WifiPowerManager       (Verified) ASUSTeK Computer Inc.
WerFault.exe       54,548 K   22,336 K   4796   Windows Problem Reporting   Microsoft Corporation   (Verified) Microsoft Windows
WerFault.exe       55,444 K   21,476 K   7016   Windows Problem Reporting   Microsoft Corporation   (Verified) Microsoft Windows
USBChargerPlus.exe       1,856 K   4,988 K   4612   ASUS USB Charger Plus   ASUSTek Computer Inc.   (Verified) ASUSTeK Computer Inc.
unsecapp.exe       1,124 K   5,924 K   3156   Sink to receive asynchronous callbacks for WMI client application   Microsoft Corporation   (Verified) Microsoft Windows
TiWorker.exe       1,860 K   8,108 K   6456   Windows Modules Installer Worker   Microsoft Corporation   (Verified) Microsoft Windows
taskhostw.exe       6,240 K   15,796 K   4400   Host Process for Windows Tasks   Microsoft Corporation   (Verified) Microsoft Windows
TabTip32.exe       1,068 K   4,064 K   5936   Touch Keyboard and Handwriting Panel Helper   Microsoft Corporation   (Verified) Microsoft Windows
svchost.exe       4,304 K   17,108 K   2684   Host Process for Windows Services   Microsoft Corporation   (Verified) Microsoft Windows Publisher
svchost.exe       6,224 K   22,704 K   2212   Host Process for Windows Services   Microsoft Corporation   (Verified) Microsoft Windows Publisher
svchost.exe       9,956 K   29,964 K   488   Host Process for Windows Services   Microsoft Corporation   (Verified) Microsoft Windows Publisher
svchost.exe       12,856 K   26,532 K   1704   Host Process for Windows Services   Microsoft Corporation   (Verified) Microsoft Windows Publisher
svchost.exe       9,264 K   25,656 K   1012   Host Process for Windows Services   Microsoft Corporation   (Verified) Microsoft Windows Publisher
svchost.exe       7,288 K   25,564 K   7184   Host Process for Windows Services   Microsoft Corporation   (Verified) Microsoft Windows Publisher
svchost.exe       2,096 K   8,496 K   2624   Host Process for Windows Services   Microsoft Corporation   (Verified) Microsoft Windows Publisher
StikyNot.exe       5,352 K   17,852 K   5340   Sticky Notes   Microsoft Corporation   (Verified) Microsoft Windows
SSScheduler.exe       1,168 K   5,048 K   5640   McAfee Security Scanner Scheduler   McAfee, Inc.   (Verified) McAfee
spoolsv.exe       6,856 K   16,512 K   1636   Spooler SubSystem App   Microsoft Corporation   (Verified) Microsoft Windows
smss.exe       384 K   1,192 K   372   Windows Session Manager   Microsoft Corporation   (Verified) Microsoft Windows Publisher
ShellExperienceHost.exe   Suspended   24,068 K   72,804 K   4704   Windows Shell Experience Host   Microsoft Corporation   (Verified) Microsoft Windows
SettingSyncHost.exe       7,508 K   9,396 K   7500   Host Process for Setting Synchronization   Microsoft Corporation   (Verified) Microsoft Windows
services.exe       4,992 K   7,716 K   748   Services and Controller app   Microsoft Corporation   (Verified) Microsoft Windows Publisher
secd.exe       4,044 K   16,672 K   5888   Apple Security Manager   Apple, Inc.   (Verified) Apple Inc.
RuntimeBroker.exe       6,048 K   25,156 K   5000   Runtime Broker   Microsoft Corporation   (Verified) Microsoft Windows
RegSrvc.exe       1,668 K   8,508 K   2888   Intel® PROSet/Wireless Registry Service   Intel® Corporation   (Verified) Intel Corporation-Wireless Connectivity Solutions
RAVCpl64.exe       3,852 K   5,108 K   5224   Realtek HD Audio Manager   Realtek Semiconductor   (Verified) Realtek Semiconductor Corp
RAVBg64.exe       5,644 K   5,088 K   5216   HD Audio Background Process   Realtek Semiconductor   (Verified) Realtek Semiconductor Corp
procexp.exe       2,636 K   9,424 K   7300   Sysinternals Process Explorer   Sysinternals - www.sysinternals.com   (Verified) Microsoft Corporation
PresentationFontCache.exe       25,480 K   18,416 K   4880   PresentationFontCache.exe   Microsoft Corporation   (Verified) Microsoft Corporation
OneDriveStandaloneUpdater.exe       18,624 K   9,048 K   3812   Standalone Updater   Microsoft Corporation   (Verified) Microsoft Corporation
OfficeClickToRun.exe       15,156 K   31,076 K   2916   Microsoft Office Click-to-Run (SxS)   Microsoft Corporation   (Verified) Microsoft Corporation
NisSrv.exe       11,684 K   3,980 K   4340   Microsoft Network Realtime Inspection Service   Microsoft Corporation   (Verified) Microsoft Corporation
NetworkUXBroker.exe       4,508 K   16,212 K   6732   Network UX Broker   Microsoft Corporation   (Verified) Microsoft Windows
MpSigStub.exe       1,144 K   5,316 K   7356   Microsoft Malware Protection Signature Update Stub   Microsoft Corporation   (Verified) Microsoft Corporation
MpCmdRun.exe       2,912 K   10,480 K   5908   Microsoft Malware Protection Command Line Utility   Microsoft Corporation   (Verified) Microsoft Corporation
MpCmdRun.exe       2,292 K   8,464 K   3620   Microsoft Malware Protection Command Line Utility   Microsoft Corporation   (Verified) Microsoft Corporation
MpCmdRun.exe       1,936 K   6,608 K   4200   Microsoft Malware Protection Command Line Utility   Microsoft Corporation   (Verified) Microsoft Corporation
mDNSResponder.exe       1,604 K   6,020 K   2244   Bonjour Service   Apple Inc.   (Verified) Apple Inc.
LMS.exe       3,304 K   11,336 K   1796   Intel® Local Management Service   Intel Corporation   (Verified) Intel Corporation - Embedded Subsystems and IP Blocks Group
LiveUpdate.exe       25,976 K   27,332 K   7320   ASUS Live Update   ASUSTeK Computer Inc.   (Verified) ASUSTeK Computer Inc.
jhi_service.exe       2,932 K   9,752 K   6356   Intel® Dynamic Application Loader Host Interface   Intel Corporation   (Verified) Intel Corporation - Embedded Subsystems and IP Blocks Group
isaHelperService.exe       780 K   3,432 K   2252           (No signature was present in the subject)
IntelSoftwareAssetManagerService.exe       15,544 K   13,276 K   5932   IntelSoftwareAssetManagerService.exe   Intel Corporation   (Verified) Intel® Software Asset Manager
IntelCpHeciSvc.exe       1,700 K   6,872 K   1884   IntelCpHeciSvc Executable   Intel Corporation   (Verified) Intel® pGFX
InstallAgent.exe       2,172 K   13,316 K   6056   InstallAgent   Microsoft Corporation   (Verified) Microsoft Windows
igfxTray.exe       3,172 K   10,600 K   2448           (Verified) Intel® pGFX
igfxHK.exe       2,052 K   8,776 K   4940   igfxHK Module   Intel Corporation   (Verified) Intel® pGFX
igfxEM.exe       3,676 K   11,920 K   2388   igfxEM Module   Intel Corporation   (Verified) Intel® pGFX
igfxCUIService.exe       1,692 K   8,212 K   1260   igfxCUIService Module   Intel Corporation   (Verified) Intel® pGFX
iCloudPhotos.exe       10,476 K   28,372 K   4088   iCloud Photo Library   Apple Inc.   (Verified) Apple Inc.
iCloudPhotos.exe   Suspended   740 K   6,004 K   5100   iCloud Photo Library   Apple Inc.   (Verified) Apple Inc.
iCloudDrive.exe       12,268 K   30,104 K   2464   iCloud Drive   Apple Inc.   (Verified) Apple Inc.
iCloudDrive.exe   Suspended   1,156 K   5,480 K   8000   iCloud Drive   Apple Inc.   (Verified) Apple Inc.
ibtsiva.exe       972 K   4,708 K   2300   Intel® Wireless Bluetooth® iBtSiva Service   Intel Corporation   (Verified) Intel Corporation-Wireless Connectivity Solutions
HControl.exe       2,120 K   8,340 K   4368   HControl   ASUSTek Computer Inc.   (Verified) ASUSTeK Computer Inc.
GoogleCrashHandler64.exe       1,408 K   1,052 K   7068   Google Crash Handler   Google Inc.   (Verified) Google Inc
GoogleCrashHandler.exe       1,572 K   1,340 K   7060   Google Crash Handler   Google Inc.   (Verified) Google Inc
GFNEXSrv.exe       808 K   3,364 K   1532   GFNEXSrv   ASUSTek Computer Inc.   (Verified) ASUSTeK Computer Inc.
FlipService.exe       7,012 K   11,720 K   2280   FlipService_GMR   ASUS   (Verified) ASUSTeK Computer Inc.
FlipControlPTP.exe       27,352 K   29,080 K   4076   FlipControlPTP       (Verified) ASUSTeK Computer Inc.
FlipController.exe       17,032 K   33,572 K   2936   FlipController_GMR_2       (Verified) ASUSTeK Computer Inc.
FlipController.exe       17,392 K   34,464 K   4500   FlipController_GMR_2       (Verified) ASUSTeK Computer Inc.
FBAgent.exe       13,588 K   14,832 K   812           (Verified) FarStone Technology
EvtEng.exe       4,100 K   13,136 K   2344   Intel® PROSet/Wireless Event Log Service   Intel® Corporation   (Verified) Intel Corporation-Wireless Connectivity Solutions
esif_uf.exe       1,676 K   6,356 K   2224   Intel® Dynamic Platform and Thermal Framework   Intel Corporation   (Verified) Intel® Software
escsvc64.exe       1,040 K   4,828 K   2288   Epson Scanner Service (64bit)   Seiko Epson Corporation   (Verified) SEIKO EPSON Corporation
EPCP.exe       5,412 K   12,592 K   2404   Epson Customer Participation   SEIKO EPSON CORPORATION   (Verified) SEIKO EPSON CORPORATION
DMedia.exe       1,496 K   7,000 K   2328   ATK Media   ASUSTek Computer Inc.   (Verified) ASUSTeK Computer Inc.
dllhost.exe       1,832 K   9,528 K   6784   COM Surrogate   Microsoft Corporation   (Verified) Microsoft Windows
DCNTranProc.exe       2,268 K   6,972 K   2716           (Verified) Farstone Technology Inc
dasHost.exe       2,200 K   8,208 K   2544   Device Association Framework Provider Host   Microsoft Corporation   (Verified) Microsoft Windows
conhost.exe       1,108 K   5,004 K   2260   Console Window Host   Microsoft Corporation   (Verified) Microsoft Windows
audiodg.exe       8,760 K   14,008 K   7348   Windows Audio Device Graph Isolation    Microsoft Corporation   (Verified) Microsoft Windows
ATKOSD2.exe       1,760 K   8,232 K   2376   ATKOSD2   ASUSTek Computer Inc.   (Verified) ASUSTeK Computer Inc.
Asusgiftbox.exe       52,004 K   48,296 K   7568   ASUS GIFTBOX   ASUSTek Computer Inc   (Verified) ASUS GIFTBOX
Asusgiftbox.exe       19,368 K   8,496 K   7172   ASUS GIFTBOX   ASUSTek Computer Inc   (Verified) ASUS GIFTBOX
Asusgiftbox.exe       1,656 K   5,944 K   6212   ASUS GIFTBOX   ASUSTek Computer Inc   (Verified) ASUS GIFTBOX
AsPatchTouchPanel64.exe       1,680 K   4,956 K   4668   ASUS Patch For Touch Panel   ASUSTek Computer INC.   (Verified) ASUSTeK Computer Inc.
AsLdrSrv.exe       1,448 K   5,256 K   1560   ASLDR Service   ASUSTek Computer Inc.   (Verified) ASUSTeK Computer Inc.
armsvc.exe       1,460 K   5,888 K   2232   Adobe Acrobat Update Service   Adobe Systems Incorporated   (Verified) Adobe Systems
APSDaemon.exe       5,180 K   16,492 K   4516   Apple Push   Apple Inc.   (Verified) Apple Inc.
ApplePhotoStreams.exe       11,832 K   37,560 K   2568   iCloud Photo Stream   Apple Inc.   (Verified) Apple Inc.
AM_Delta.exe       692 K   5,636 K   4868   AntiMalware Definition Update   Microsoft Corporation   (Verified) Microsoft Corporation
aesm_service.exe       2,732 K   10,844 K   6312   Intel® SGX Application Enclave Services Manager   Intel Corporation   (Verified) Intel® Corporation
ACMON.exe       4,404 K   5,240 K   4860   ACMON    ASUS   (No signature was present in the subject) ASUS

#4
ttbcs

Posted 10 March 2017 - 11:52 AM

Member

Topic Starter
Member
102 posts

#5
RKinner

Posted 10 March 2017 - 01:50 PM

Malware Expert

Expert
24,624 posts

Not sure what happened. The forum software just coughed out this notification today and the last post doesn't look too healthy.

I'm seeing a lot of problems.

First uninstall Bonjour. It doesn't seem to be ready for Win 10 and is causing errors. You will get a new version when you download or update most Apple software.

Then let's check the file system:

Open an elevated command prompt:

http://www.howtogeek...-in-windows-10/

If you open an elevated command prompt it will by default open in c:\Windows\system32

Once you have an elevated command prompt:

Type(with an Enter after each line):


 DISM  /Online  /Cleanup-Image  /RestoreHealth

(I use two spaces so you can be sure to see where one space goes.)

This will take a while to complete. Once the prompt returns:

Reboot.

Open an elevated Command Prompt again and type (with an Enter after the line):

sfc  /scannow

This will also take a few minutes.

When it finishes it will say one of the following:

Windows did not find any integrity violations (a good thing)

Windows Resource Protection found corrupt files and repaired them (a good thing)

Windows Resource Protection found corrupt files but was unable to fix some (or all) of them (not a good thing)

If you get the last result then type:


findstr  /c:"[SR]"  \windows\logs\cbs\cbs.log  >  \junk.txt

Hit Enter. Then type::


notepad  \junk.txt

Hit Enter.

Copy the text from notepad and paste it into a reply.

After you finish SFC, regardless of the result:

1. Please download the Event Viewer Tool by Vino Rosso

http://images.malwar...om/vino/VEW.exe

and save it to your Desktop:

2. Right-click VEW.exe and Run AS Administrator

3. Under 'Select log to query', select:

* System

4. Under 'Select type to list', select:

* Error

* Warning

Then use the 'Number of events' as follows:

1. Click the radio button for 'Number of events'

Type 20 in the 1 to 20 box

Then click the Run button.

Notepad will open with the output log.

Please post the Output log in your next reply then repeat but select Application. (Each time you run VEW it overwrites the log so copy the first one to a Reply or rename it before running it a second time.)

Process Explorer tells me you probably have a bad driver.

Interrupts 2.23 is way too high but we will look again after the above.

#6
ttbcs

Posted 14 March 2017 - 10:30 PM

Member

Topic Starter
Member
102 posts

I uninstalled Bonjour

Ran the command prompts, no issuses

Vino's Event Viewer v01c run on Windows 7 in English
Report run at 14/03/2017 9:23:33 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 28/02/2017 7:29:02 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 15/12/2016 11:03:33 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 14/12/2016 11:41:07 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 26/10/2016 5:34:27 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 01/10/2016 4:32:53 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 14/03/2017 11:42:08 PM
Type: Error Category: 0
Event: 7023 Source: Service Control Manager
The Interactive Services Detection service terminated with the following error: Incorrect function.

Log: 'System' Date/Time: 14/03/2017 11:40:08 PM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The InstallerService service failed to start due to the following error: The system cannot find the file specified.

Log: 'System' Date/Time: 14/03/2017 11:38:41 PM
Type: Error Category: 0
Event: 7031 Source: Service Control Manager
The User Data Access_48f3f0 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Log: 'System' Date/Time: 14/03/2017 11:38:41 PM
Type: Error Category: 0
Event: 7031 Source: Service Control Manager
The User Data Storage_48f3f0 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Log: 'System' Date/Time: 14/03/2017 11:38:41 PM
Type: Error Category: 0
Event: 7031 Source: Service Control Manager
The Contact Data_48f3f0 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Log: 'System' Date/Time: 14/03/2017 11:38:41 PM
Type: Error Category: 0
Event: 7031 Source: Service Control Manager
The Sync Host_48f3f0 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Log: 'System' Date/Time: 10/03/2017 11:42:34 PM
Type: Error Category: 0
Event: 36 Source: Volsnap
The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

Log: 'System' Date/Time: 09/03/2017 1:37:49 PM
Type: Error Category: 0
Event: 12 Source: TPM
The device driver for the Trusted Platform Module (TPM) encountered an error in the TPM hardware, which might prevent some applications using TPM services from operating correctly. Please restart your computer to reset the TPM hardware. For further assistance on this hardware issue, please contact the computer manufacturer for more information.

Log: 'System' Date/Time: 28/02/2017 8:01:44 PM
Type: Error Category: 0
Event: 12 Source: TPM
The device driver for the Trusted Platform Module (TPM) encountered an error in the TPM hardware, which might prevent some applications using TPM services from operating correctly. Please restart your computer to reset the TPM hardware. For further assistance on this hardware issue, please contact the computer manufacturer for more information.

Log: 'System' Date/Time: 28/02/2017 7:59:55 PM
Type: Error Category: 0
Event: 7009 Source: Service Control Manager
A timeout was reached (30000 milliseconds) while waiting for the Sync Host_46c05 service to connect.

Log: 'System' Date/Time: 28/02/2017 7:59:55 PM
Type: Error Category: 0
Event: 7009 Source: Service Control Manager
A timeout was reached (30000 milliseconds) while waiting for the User Data Storage_46c05 service to connect.

Log: 'System' Date/Time: 28/02/2017 7:59:45 PM
Type: Error Category: 0
Event: 7031 Source: Service Control Manager
The User Data Access_46c05 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Log: 'System' Date/Time: 28/02/2017 7:59:45 PM
Type: Error Category: 0
Event: 7031 Source: Service Control Manager
The User Data Storage_46c05 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Log: 'System' Date/Time: 28/02/2017 7:59:45 PM
Type: Error Category: 0
Event: 7031 Source: Service Control Manager
The Contact Data_46c05 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Log: 'System' Date/Time: 28/02/2017 7:59:45 PM
Type: Error Category: 0
Event: 7031 Source: Service Control Manager
The Sync Host_46c05 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Log: 'System' Date/Time: 28/02/2017 7:31:24 PM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The TrueKey service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

Log: 'System' Date/Time: 28/02/2017 7:31:24 PM
Type: Error Category: 0
Event: 7009 Source: Service Control Manager
A timeout was reached (30000 milliseconds) while waiting for the TrueKey service to connect.

Log: 'System' Date/Time: 28/02/2017 7:31:24 PM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The TrueKeyScheduler service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

Log: 'System' Date/Time: 28/02/2017 7:31:24 PM
Type: Error Category: 0
Event: 7009 Source: Service Control Manager
A timeout was reached (30000 milliseconds) while waiting for the TrueKeyScheduler service to connect.

Log: 'System' Date/Time: 28/02/2017 7:30:54 PM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The InstallerService service failed to start due to the following error: The system cannot find the file specified.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 14/03/2017 11:40:44 PM
Type: Warning Category: 7
Event: 37 Source: Microsoft-Windows-Kernel-Processor-Power
The speed of processor 3 in group 0 is being limited by system firmware. The processor has been in this reduced performance state for 71 seconds since the last report.

Log: 'System' Date/Time: 14/03/2017 11:40:14 PM
Type: Warning Category: 0
Event: 17 Source: Microsoft-Windows-WHEA-Logger
A corrected hardware error has occurred. Component: PCI Express Root Port Error Source: Advanced Error Reporting (PCI Express) Bus:Device:Function: 0x0:0x1C:0x0 Vendor ID:Device ID: 0x8086:0x9D15 Class Code: 0x30400 The details view of this entry contains further information.

Log: 'System' Date/Time: 14/03/2017 11:40:14 PM
Type: Warning Category: 0
Event: 17 Source: Microsoft-Windows-WHEA-Logger
A corrected hardware error has occurred. Component: PCI Express Root Port Error Source: Advanced Error Reporting (PCI Express) Bus:Device:Function: 0x0:0x1C:0x0 Vendor ID:Device ID: 0x8086:0x9D15 Class Code: 0x30400 The details view of this entry contains further information.

Log: 'System' Date/Time: 14/03/2017 11:39:40 PM
Type: Warning Category: 212
Event: 219 Source: Microsoft-Windows-Kernel-PnP
The driver \Driver\WUDFRd failed to load for the device HID\Vid_8086&Pid_0002\6&c4bf18&0&0000.

Log: 'System' Date/Time: 14/03/2017 11:39:40 PM
Type: Warning Category: 212
Event: 219 Source: Microsoft-Windows-Kernel-PnP
The driver \Driver\WudfRd failed to load for the device HID\Vid_0086&Pid_0001\6&394140d8&0&0000.

Log: 'System' Date/Time: 14/03/2017 11:39:33 PM
Type: Warning Category: 0
Event: 1 Source: ISH
Intel® ISH Interface is being reset.

Log: 'System' Date/Time: 14/03/2017 11:39:33 PM
Type: Warning Category: 212
Event: 219 Source: Microsoft-Windows-Kernel-PnP
The driver \Driver\WUDFRd failed to load for the device ACPI\INT3400\2&daba3ff&1.

Log: 'System' Date/Time: 14/03/2017 11:38:57 PM
Type: Warning Category: 0
Event: 10002 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN Extensibility Module has stopped. Module Path: C:\Windows\System32\IWMSSvc.dll

Log: 'System' Date/Time: 14/03/2017 12:21:32 PM
Type: Warning Category: 0
Event: 36 Source: Microsoft-Windows-Time-Service
The time service has not synchronized the system time for 86400 seconds because none of the time service providers provided a usable time stamp. The time service will not update the local system time until it is able to synchronize with a time source. If the local system is configured to act as a time server for clients, it will stop advertising as a time source to clients. The time service will continue to retry and sync time with its time sources. Check system event log for other W32time events for more details. Run 'w32tm /resync' to force an instant time synchronization.

Log: 'System' Date/Time: 14/03/2017 12:21:30 PM
Type: Warning Category: 0
Event: 1 Source: ISH
Intel® ISH Interface is being reset.

Log: 'System' Date/Time: 11/03/2017 12:03:14 AM
Type: Warning Category: 0
Event: 4 Source: HID_PCI
HID PCI Minidriver for ISH is being disabled.

Log: 'System' Date/Time: 11/03/2017 12:03:14 AM
Type: Warning Category: 0
Event: 4 Source: HID_PCI
HID PCI Minidriver for ISH is being disabled.

Log: 'System' Date/Time: 10/03/2017 8:09:54 PM
Type: Warning Category: 0
Event: 1 Source: ISH
Intel® ISH Interface is being reset.

Log: 'System' Date/Time: 10/03/2017 6:48:06 PM
Type: Warning Category: 0
Event: 4 Source: HID_PCI
HID PCI Minidriver for ISH is being disabled.

Log: 'System' Date/Time: 10/03/2017 6:48:06 PM
Type: Warning Category: 0
Event: 4 Source: HID_PCI
HID PCI Minidriver for ISH is being disabled.

Log: 'System' Date/Time: 10/03/2017 6:23:24 PM
Type: Warning Category: 0
Event: 17 Source: Microsoft-Windows-WHEA-Logger
A corrected hardware error has occurred. Component: PCI Express Root Port Error Source: Advanced Error Reporting (PCI Express) Bus:Device:Function: 0x0:0x1C:0x0 Vendor ID:Device ID: 0x8086:0x9D15 Class Code: 0x30400 The details view of this entry contains further information.

Log: 'System' Date/Time: 10/03/2017 6:13:30 PM
Type: Warning Category: 0
Event: 17 Source: Microsoft-Windows-WHEA-Logger
A corrected hardware error has occurred. Component: PCI Express Root Port Error Source: Advanced Error Reporting (PCI Express) Bus:Device:Function: 0x0:0x1C:0x0 Vendor ID:Device ID: 0x8086:0x9D15 Class Code: 0x30400 The details view of this entry contains further information.

Log: 'System' Date/Time: 10/03/2017 6:09:18 PM
Type: Warning Category: 0
Event: 17 Source: Microsoft-Windows-WHEA-Logger
A corrected hardware error has occurred. Component: PCI Express Root Port Error Source: Advanced Error Reporting (PCI Express) Bus:Device:Function: 0x0:0x1C:0x0 Vendor ID:Device ID: 0x8086:0x9D15 Class Code: 0x30400 The details view of this entry contains further information.

Log: 'System' Date/Time: 10/03/2017 6:09:04 PM
Type: Warning Category: 0
Event: 17 Source: Microsoft-Windows-WHEA-Logger
A corrected hardware error has occurred. Component: PCI Express Root Port Error Source: Advanced Error Reporting (PCI Express) Bus:Device:Function: 0x0:0x1C:0x0 Vendor ID:Device ID: 0x8086:0x9D15 Class Code: 0x30400 The details view of this entry contains further information.

Log: 'System' Date/Time: 10/03/2017 6:05:44 PM
Type: Warning Category: 0
Event: 17 Source: Microsoft-Windows-WHEA-Logger
A corrected hardware error has occurred. Component: PCI Express Root Port Error Source: Advanced Error Reporting (PCI Express) Bus:Device:Function: 0x0:0x1C:0x0 Vendor ID:Device ID: 0x8086:0x9D15 Class Code: 0x30400 The details view of this entry contains further information.

Vino's Event Viewer v01c run on Windows 7 in English
Report run at 14/03/2017 9:30:15 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 15/03/2017 4:23:37 AM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application name: iCloudPhotos.exe, version: 105.0.0.21, time stamp: 0x57a82682 Faulting module name: iCloudPhotos_main.dll, version: 105.0.0.21, time stamp: 0x57d32c57 Exception code: 0xc0000005 Fault offset: 0x00026eb8 Faulting process id: 0x1820 Faulting application start time: 0x01d29d43e9c2330f Faulting application path: C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe Faulting module path: C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos_main.dll Report Id: 8f442c56-39e7-4659-a245-85bb68ad411a Faulting package full name: Faulting package-relative application ID:

Log: 'Application' Date/Time: 15/03/2017 2:23:08 AM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application name: iCloudPhotos.exe, version: 105.0.0.21, time stamp: 0x57a82682 Faulting module name: iCloudPhotos_main.dll, version: 105.0.0.21, time stamp: 0x57d32c57 Exception code: 0xc0000005 Fault offset: 0x00026eb8 Faulting process id: 0xb38 Faulting application start time: 0x01d29d331401f685 Faulting application path: C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe Faulting module path: C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos_main.dll Report Id: 49fc31a2-58d9-4782-a7ce-698b76e1acc2 Faulting package full name: Faulting package-relative application ID:

Log: 'Application' Date/Time: 15/03/2017 1:22:27 AM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application name: iCloudPhotos.exe, version: 105.0.0.21, time stamp: 0x57a82682 Faulting module name: iCloudPhotos_main.dll, version: 105.0.0.21, time stamp: 0x57d32c57 Exception code: 0xc0000005 Fault offset: 0x00026eb8 Faulting process id: 0x5f0 Faulting application start time: 0x01d29d2a97f4174a Faulting application path: C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe Faulting module path: C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos_main.dll Report Id: 95ff010e-9f8f-4d52-ab30-a6e1de362376 Faulting package full name: Faulting package-relative application ID:

Log: 'Application' Date/Time: 14/03/2017 1:23:15 PM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application name: iCloudPhotos.exe, version: 105.0.0.21, time stamp: 0x57a82682 Faulting module name: iCloudPhotos_main.dll, version: 105.0.0.21, time stamp: 0x57d32c57 Exception code: 0xc0000005 Fault offset: 0x00026eb8 Faulting process id: 0x21b4 Faulting application start time: 0x01d29cc61f24909b Faulting application path: C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe Faulting module path: C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos_main.dll Report Id: 0786fdcf-9266-4380-97b4-cac4e480d5df Faulting package full name: Faulting package-relative application ID:

Log: 'Application' Date/Time: 14/03/2017 12:23:04 PM
Type: Error Category: 0
Event: 513 Source: Microsoft-Windows-CAPI2
Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied. .

Log: 'Application' Date/Time: 14/03/2017 12:22:16 PM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application name: iCloudPhotos.exe, version: 105.0.0.21, time stamp: 0x57a82682 Faulting module name: iCloudPhotos_main.dll, version: 105.0.0.21, time stamp: 0x57d32c57 Exception code: 0xc0000005 Fault offset: 0x000f8bc6 Faulting process id: 0x8dc Faulting application start time: 0x01d29cbd9bd22bae Faulting application path: C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe Faulting module path: C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos_main.dll Report Id: ba6c7a7a-28a0-43f3-91bf-cf63877f606b Faulting package full name: Faulting package-relative application ID:

Log: 'Application' Date/Time: 11/03/2017 12:03:19 AM
Type: Error Category: 0
Event: 100 Source: Bonjour Service
The event description cannot be found.

Log: 'Application' Date/Time: 11/03/2017 12:03:19 AM
Type: Error Category: 0
Event: 100 Source: Bonjour Service
The event description cannot be found.

Log: 'Application' Date/Time: 11/03/2017 12:03:19 AM
Type: Error Category: 0
Event: 100 Source: Bonjour Service
The event description cannot be found.

Log: 'Application' Date/Time: 11/03/2017 12:03:18 AM
Type: Error Category: 0
Event: 100 Source: Bonjour Service
The event description cannot be found.

Log: 'Application' Date/Time: 11/03/2017 12:03:18 AM
Type: Error Category: 0
Event: 100 Source: Bonjour Service
The event description cannot be found.

Log: 'Application' Date/Time: 11/03/2017 12:03:18 AM
Type: Error Category: 0
Event: 100 Source: Bonjour Service
The event description cannot be found.

Log: 'Application' Date/Time: 11/03/2017 12:03:16 AM
Type: Error Category: 0
Event: 100 Source: Bonjour Service
The event description cannot be found.

Log: 'Application' Date/Time: 11/03/2017 12:03:16 AM
Type: Error Category: 0
Event: 100 Source: Bonjour Service
The event description cannot be found.

Log: 'Application' Date/Time: 11/03/2017 12:03:16 AM
Type: Error Category: 0
Event: 100 Source: Bonjour Service
The event description cannot be found.

Log: 'Application' Date/Time: 11/03/2017 12:03:15 AM
Type: Error Category: 0
Event: 100 Source: Bonjour Service
The event description cannot be found.

Log: 'Application' Date/Time: 11/03/2017 12:03:15 AM
Type: Error Category: 0
Event: 100 Source: Bonjour Service
The event description cannot be found.

Log: 'Application' Date/Time: 11/03/2017 12:03:15 AM
Type: Error Category: 0
Event: 100 Source: Bonjour Service
The event description cannot be found.

Log: 'Application' Date/Time: 10/03/2017 8:10:25 PM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application name: iCloudPhotos.exe, version: 105.0.0.21, time stamp: 0x57a82682 Faulting module name: iCloudPhotos_main.dll, version: 105.0.0.21, time stamp: 0x57d32c57 Exception code: 0xc0000005 Fault offset: 0x00026eb8 Faulting process id: 0xf34 Faulting application start time: 0x01d299da59fff66d Faulting application path: C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe Faulting module path: C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos_main.dll Report Id: ff009b0e-f0f7-4fea-aaa9-627d943ebe88 Faulting package full name: Faulting package-relative application ID:

Log: 'Application' Date/Time: 10/03/2017 8:09:53 PM
Type: Error Category: 0
Event: 100 Source: Bonjour Service
The event description cannot be found.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 14/03/2017 1:34:36 PM
Type: Warning Category: 7
Event: 507 Source: ESENT
Music.UI (7792) {F85E623E-DE4B-4D32-930A-4C378C2079C1}: A request to read from the file "C:\Users\brilh\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\LocalState\Database\2cef7a62ac071d8b\EntClientDb.edb" at offset 90112 (0x0000000000016000) for 8192 (0x00002000) bytes succeeded, but took an abnormally long time (20 seconds) to be serviced by the OS. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.

Log: 'Application' Date/Time: 10/03/2017 10:28:27 PM
Type: Warning Category: 7
Event: 508 Source: ESENT
Music.UI (9132) {7218B651-FF5F-48C0-9C54-715EA9787604}: A request to write to the file "C:\Users\brilh\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\LocalState\Database\2cef7a62ac071d8b\EntClientDb.edb" at offset 0 (0x0000000000000000) for 8192 (0x00002000) bytes succeeded, but took an abnormally long time (19 seconds) to be serviced by the OS. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.

Log: 'Application' Date/Time: 10/03/2017 10:27:02 PM
Type: Warning Category: 7
Event: 510 Source: ESENT
Music.UI (9132) {7218B651-FF5F-48C0-9C54-715EA9787604}: A request to write to the file "C:\Users\brilh\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\LocalState\Database\2cef7a62ac071d8b\EntClientDb.edb" at offset 4022272 (0x00000000003d6000) for 8192 (0x00002000) bytes succeeded, but took an abnormally long time (66 seconds) to be serviced by the OS. In addition, 5 other I/O requests to this file have also taken an abnormally long time to be serviced since the last message regarding this problem was posted 26 seconds ago. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.

Log: 'Application' Date/Time: 10/03/2017 10:26:36 PM
Type: Warning Category: 1
Event: 533 Source: ESENT
Music.UI (9132) {7218B651-FF5F-48C0-9C54-715EA9787604}: A request to write to the file "C:\Users\brilh\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\LocalState\Database\2cef7a62ac071d8b\EntClientDb.edb" at offset 3981312 (0x00000000003cc000) for 8192 (0x00002000) bytes has not completed for 36 second(s). This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.

Log: 'Application' Date/Time: 10/03/2017 10:26:36 PM
Type: Warning Category: 1
Event: 533 Source: ESENT
Music.UI (9132) {7218B651-FF5F-48C0-9C54-715EA9787604}: A request to write to the file "C:\Users\brilh\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\LocalState\Database\2cef7a62ac071d8b\EntClientDb.edb" at offset 3678208 (0x0000000000382000) for 8192 (0x00002000) bytes has not completed for 36 second(s). This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.

Log: 'Application' Date/Time: 10/03/2017 10:26:36 PM
Type: Warning Category: 1
Event: 533 Source: ESENT
Music.UI (9132) {7218B651-FF5F-48C0-9C54-715EA9787604}: A request to write to the file "C:\Users\brilh\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\LocalState\Database\2cef7a62ac071d8b\EntClientDb.edb" at offset 4022272 (0x00000000003d6000) for 8192 (0x00002000) bytes has not completed for 36 second(s). This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.

Log: 'Application' Date/Time: 10/03/2017 10:26:36 PM
Type: Warning Category: 1
Event: 533 Source: ESENT
Music.UI (9132) {7218B651-FF5F-48C0-9C54-715EA9787604}: A request to write to the file "C:\Users\brilh\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\LocalState\Database\2cef7a62ac071d8b\EntClientDb.edb" at offset 4030464 (0x00000000003d8000) for 8192 (0x00002000) bytes has not completed for 36 second(s). This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.

Log: 'Application' Date/Time: 10/03/2017 10:26:36 PM
Type: Warning Category: 1
Event: 533 Source: ESENT
Music.UI (9132) {7218B651-FF5F-48C0-9C54-715EA9787604}: A request to write to the file "C:\Users\brilh\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\LocalState\Database\2cef7a62ac071d8b\EntClientDb.edb" at offset 4014080 (0x00000000003d4000) for 8192 (0x00002000) bytes has not completed for 36 second(s). This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.

Log: 'Application' Date/Time: 10/03/2017 10:26:36 PM
Type: Warning Category: 7
Event: 510 Source: ESENT
Music.UI (9132) {7218B651-FF5F-48C0-9C54-715EA9787604}: A request to write to the file "C:\Users\brilh\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\LocalState\Database\2cef7a62ac071d8b\EntClientDb.edb" at offset 131072 (0x0000000000020000) for 8192 (0x00002000) bytes succeeded, but took an abnormally long time (39 seconds) to be serviced by the OS. In addition, 2 other I/O requests to this file have also taken an abnormally long time to be serviced since the last message regarding this problem was posted 96 seconds ago. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.

Log: 'Application' Date/Time: 10/03/2017 10:25:56 PM
Type: Warning Category: 7
Event: 508 Source: ESENT
Music.UI (9132) {7218B651-FF5F-48C0-9C54-715EA9787604}: A request to write to the file "C:\Users\brilh\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\LocalState\Database\2cef7a62ac071d8b\edb.log" at offset 729088 (0x00000000000b2000) for 4096 (0x00001000) bytes succeeded, but took an abnormally long time (20 seconds) to be serviced by the OS. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.

Log: 'Application' Date/Time: 10/03/2017 10:25:14 PM
Type: Warning Category: 1
Event: 532 Source: ESENT
Music.UI (9132) {7218B651-FF5F-48C0-9C54-715EA9787604}: A request to read from the file "C:\Users\brilh\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\LocalState\Database\2cef7a62ac071d8b\EntClientDb.edb" at offset 344064 (0x0000000000054000) for 8192 (0x00002000) bytes has not completed for 36 second(s). This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.

Log: 'Application' Date/Time: 10/03/2017 10:25:14 PM
Type: Warning Category: 7
Event: 507 Source: ESENT
Music.UI (9132) {7218B651-FF5F-48C0-9C54-715EA9787604}: A request to read from the file "C:\Users\brilh\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\LocalState\Database\2cef7a62ac071d8b\EntClientDb.edb" at offset 344064 (0x0000000000054000) for 8192 (0x00002000) bytes succeeded, but took an abnormally long time (24 seconds) to be serviced by the OS. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.

Log: 'Application' Date/Time: 10/03/2017 6:29:29 PM
Type: Warning Category: 7
Event: 510 Source: ESENT
Music.UI (3984) {BF89BDCD-ECAC-404C-93C4-08A5561DF2E9}: A request to write to the file "C:\Users\brilh\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\LocalState\Database\2cef7a62ac071d8b\edb.log" at offset 1945600 (0x00000000001db000) for 12288 (0x00003000) bytes succeeded, but took an abnormally long time (62 seconds) to be serviced by the OS. In addition, 0 other I/O requests to this file have also taken an abnormally long time to be serviced since the last message regarding this problem was posted 62 seconds ago. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.

Log: 'Application' Date/Time: 10/03/2017 6:29:06 PM
Type: Warning Category: 7
Event: 510 Source: ESENT
Music.UI (3984) {BF89BDCD-ECAC-404C-93C4-08A5561DF2E9}: A request to write to the file "C:\Users\brilh\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\LocalState\Database\2cef7a62ac071d8b\EntClientDb.edb" at offset 1015808 (0x00000000000f8000) for 8192 (0x00002000) bytes succeeded, but took an abnormally long time (132 seconds) to be serviced by the OS. In addition, 1 other I/O requests to this file have also taken an abnormally long time to be serviced since the last message regarding this problem was posted 79 seconds ago. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.

Log: 'Application' Date/Time: 10/03/2017 6:29:04 PM
Type: Warning Category: 1
Event: 533 Source: ESENT
Music.UI (3984) {BF89BDCD-ECAC-404C-93C4-08A5561DF2E9}: A request to write to the file "C:\Users\brilh\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\LocalState\Database\2cef7a62ac071d8b\edb.log" at offset 1945600 (0x00000000001db000) for 12288 (0x00003000) bytes has not completed for 36 second(s). This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.

Log: 'Application' Date/Time: 10/03/2017 6:28:26 PM
Type: Warning Category: 7
Event: 508 Source: ESENT
Music.UI (3984) {BF89BDCD-ECAC-404C-93C4-08A5561DF2E9}: A request to write to the file "C:\Users\brilh\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\LocalState\Database\2cef7a62ac071d8b\edb.log" at offset 1941504 (0x00000000001da000) for 4096 (0x00001000) bytes succeeded, but took an abnormally long time (92 seconds) to be serviced by the OS. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.

Log: 'Application' Date/Time: 10/03/2017 6:27:46 PM
Type: Warning Category: 7
Event: 510 Source: ESENT
Music.UI (3984) {BF89BDCD-ECAC-404C-93C4-08A5561DF2E9}: A request to write to the file "C:\Users\brilh\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\LocalState\Database\2cef7a62ac071d8b\EntClientDb.edb" at offset 1540096 (0x0000000000178000) for 8192 (0x00002000) bytes succeeded, but took an abnormally long time (92 seconds) to be serviced by the OS. In addition, 1 other I/O requests to this file have also taken an abnormally long time to be serviced since the last message regarding this problem was posted 36 seconds ago. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.

Log: 'Application' Date/Time: 10/03/2017 6:27:40 PM
Type: Warning Category: 1
Event: 533 Source: ESENT
Music.UI (3984) {BF89BDCD-ECAC-404C-93C4-08A5561DF2E9}: A request to write to the file "C:\Users\brilh\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\LocalState\Database\2cef7a62ac071d8b\EntClientDb.edb" at offset 1654784 (0x0000000000194000) for 8192 (0x00002000) bytes has not completed for 36 second(s). This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.

Log: 'Application' Date/Time: 10/03/2017 6:27:32 PM
Type: Warning Category: 1
Event: 533 Source: ESENT
Music.UI (3984) {BF89BDCD-ECAC-404C-93C4-08A5561DF2E9}: A request to write to the file "C:\Users\brilh\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\LocalState\Database\2cef7a62ac071d8b\EntClientDb.edb" at offset 3301376 (0x0000000000326000) for 8192 (0x00002000) bytes has not completed for 36 second(s). This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.

Log: 'Application' Date/Time: 10/03/2017 6:27:32 PM
Type: Warning Category: 1
Event: 533 Source: ESENT
Music.UI (3984) {BF89BDCD-ECAC-404C-93C4-08A5561DF2E9}: A request to write to the file "C:\Users\brilh\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\LocalState\Database\2cef7a62ac071d8b\EntClientDb.edb" at offset 32768 (0x0000000000008000) for 8192 (0x00002000) bytes has not completed for 36 second(s). This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.

#7
RKinner

Posted 15 March 2017 - 07:04 AM

Malware Expert

Expert
24,624 posts

You have a lot of intel driver errors showing so go to your PC maker's website and see if they have any updates for you. Failing that try the intel site. http://www.intel.com...ort/detect.html

iCloud service is not working so if you use it see if there is a newer version otherwise uninstall it.

Your time is not synced. Time sync is critical. IF the time is too far off you won't be able to open https sites.

Log: 'System' Date/Time: 14/03/2017 12:21:32 PM
Type: Warning Category: 0
Event: 36 Source: Microsoft-Windows-Time-Service
The time service has not synchronized the system time for 86400 seconds because none of the time service providers provided a usable time stamp. The time service will not update the local system time until it is able to synchronize with a time source. If the local system is configured to act as a time server for clients, it will stop advertising as a time source to clients. The time service will continue to retry and sync time with its time sources. Check system event log for other W32time events for more details. Run 'w32tm /resync' to force an instant time synchronization.

Follow the procedure after Configure Internet Time (NTP) options in Windows 10

on http://winaero.com/b...-in-windows-10/

See if changing the Server: (in the picture under: Once you click it, you will be able to enable NTP and specify a custom time server if required:) to a different server will help. Also make sure that the time and date settings are close to the real time or it can't sync.

Based on some of the application errors you may have a failing hard drive (tho that may be because of the intel drivers problem) so let's get a speccy log:

Get the free version of Speccy:

http://www.filehippo...download_speccy (Look in the upper right for the Download

Latest Version button - Do NOT press the large Start Download button on the upper left!)

Download, Save and Install it. Tell it you do not need CCLEANER. Run Speccy. When it finishes (the little icon in the bottom left will stop moving),

File, Save as Text File, (to your desktop) note the name it gives. OK. Open the file in notepad and delete the line that gives the serial number of your Operating System.

(It will be near the top, 10-20 lines down.) Save the file. Attach the file to your next post. Attaching the log is the best option as it is too big for the forum. Attaching is a multi step process.

First click on More Reply Options

Then scroll down to where you see

Choose File and click on it. Point it at the file and hit Open.

Now click on Attach this file.

#8
ttbcs

Posted 15 March 2017 - 09:44 PM

Member

Topic Starter
Member
102 posts

asus didn't find any updates so I went with the intel tool. I ran apple update too. Time is synced.

Attached Files

WHEEZY-BREEZY.txt 122.73KB 496 downloads

#9
RKinner

Posted 16 March 2017 - 06:09 AM

Malware Expert

Expert
24,624 posts

UGLY!

I hate Seagate drives. They just don't hold up. If you look in the Speccy log you will see:

Hard drives

ST1000LM035-1RK172

Manufacturer Seagate

Heads 16

Cylinders 121,601

Tracks 31,008,255

Sectors 1,953,520,065

SATA type SATA-III 6.0Gb/s

Device type Fixed

ATA Standard ACS3

Serial Number WCB028T0

Firmware Version Number SDM1

LBA Size 48-bit LBA

Power On Count 207 times

Power On Time 5.3 days

Speed 5400 RPM

Features S.M.A.R.T., APM, NCQ

Max. Transfer Mode SATA III 6.0Gb/s

Used Transfer Mode SATA III 6.0Gb/s

Interface SATA

Capacity 931 GB

Real size 1,000,204,886,016 bytes

RAID Type None

S.M.A.R.T

...

BC

Attribute name Command Timeout

Real value 231,931,772,982

Current 100

Worst 100

Threshold 0

Raw Value 0000360036

Status Good

This is why you are getting 100% disk usage. It has to resend the commands and resend then so the drive is always busy.

I think your only hope is to get a new drive and clone the old one before it fails completely. I recommend Western Digital Black but anything but Seagate.

You can try seagate's seatools and let it run an extended test but I expect it will tell you the same thing.

http://www.seagate.c...ols-win-master/

#10
ttbcs

Posted 18 March 2017 - 04:15 PM

Member

Topic Starter
Member
102 posts

Okay, thanks for all your help. The laptop is new and still under warranty so if you are sure that it is a hardware issue I'll just take it back and have them fix it.