Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Laptop running slow, possible virus


  • Please log in to reply

#1
psjbob

psjbob

    New Member

  • Member
  • Pip
  • 4 posts

Laptop was purchased black Friday 2017 for Xmas present and is rarely used. When it is used it seems to run really slow. We use it for email, social media and tax purposes earlier this year because our previous one died. The computer is pretty much the same way it was as new other than CCleaner I recently put on to clean it up to see if it would speed up some.

 

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 21.07.2018
Ran by eviei (administrator) on LAPTOP-VCBMR6EO (24-07-2018 14:30:29)
Running from C:\Users\eviei\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads
Loaded Profiles: eviei (Available Profiles: eviei)
Platform: Windows 10 Home Version 1709 16299.248 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(McAfee LLC) C:\Program Files\Common Files\mcafee\SystemCore\mfemms.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\PEF\CORE\PEFService.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\modulecore\ModuleCoreService.exe
(Intel Corporation) C:\Windows\SysWOW64\esif_uf.exe
(HP Inc.) C:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe
(McAfee LLC) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\MMSSHost\MMSSHOST.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(McAfee LLC) C:\Windows\System32\mfevtps.exe
(HP Inc.) C:\Program Files\HP\HP Orbit Service\HPOrbitService.exe
(McAfee, Inc.) C:\Program Files\mcafee\MfeAV\MfeAVSvc.exe
(McAfee LLC) C:\Program Files\Common Files\mcafee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\VSCore_15_8\mcapexe.exe
(McAfee LLC.) C:\Program Files\Common Files\mcafee\amcore\mcshield.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\csp\2.7.371.0\McCSPServiceHost.exe
(HP Inc.) C:\Program Files\HPCommRecovery\HPCommRecovery.exe
(HP Inc.) C:\Program Files (x86)\HP\HP JumpStart Bridge\HPJumpStartBridge.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\TXE Components\DAL\jhi_service.exe
(McAfee, Inc.) C:\Program Files\mcafee\vul\McVulCtr.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1806.18062-0\MsMpEng.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1806.18062-0\NisSrv.exe
() C:\Program Files (x86)\HP\HP JumpStart Launch\HPJumpStartLaunch.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\Temp\DPTF\esif_assist_64.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\platform\McUICnt.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(HP Inc.) C:\Program Files (x86)\HP\HPAudioSwitch\HPAudioSwitch.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\modulecore\ModuleCoreService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 6500 E710n-z\Bin\ScanToPCActivationApp.exe
(HP) C:\Program Files (x86)\HP\HP Wireless Button Driver\HPRadioMgr64.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Apple, Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\secd.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1811.248.1000_x64__kzf8qxf38zg5c\SkypeHost.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
() C:\Windows\System32\Windows.WARP.JITService.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [630168 2017-09-29] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9216000 2017-04-13] (Realtek Semiconductor)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [297272 2017-12-11] (Apple Inc.)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe [705784 2016-06-20] (HP Inc.)
HKLM-x32\...\Run: [HPRadioMgr] => C:\Program Files (x86)\HP\HP Wireless Button Driver\HPRadioMgr64.exe [324488 2016-08-02] (HP)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-3252656029-1357310190-2560453275-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2017-12-08] (Apple Inc.)
HKU\S-1-5-21-3252656029-1357310190-2560453275-1001\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [110392 2017-12-08] (Apple Inc.)
HKU\S-1-5-21-3252656029-1357310190-2560453275-1001\...\Run: [iCloudPhotos] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe [356664 2017-12-08] (Apple Inc.)
HKU\S-1-5-21-3252656029-1357310190-2560453275-1001\...\Run: [HP Officejet 6500 E710n-z (NET)] => C:\Program Files\HP\HP Officejet 6500 E710n-z\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-3252656029-1357310190-2560453275-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [18385368 2018-06-24] (Piriform Ltd)
HKU\S-1-5-21-3252656029-1357310190-2560453275-1001\...\RunOnce: [Uninstall 18.091.0506.0007\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\eviei\AppData\Local\Microsoft\OneDrive\18.091.0506.0007\amd64"
HKU\S-1-5-21-3252656029-1357310190-2560453275-1001\...\RunOnce: [Uninstall 18.091.0506.0007] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\eviei\AppData\Local\Microsoft\OneDrive\18.091.0506.0007"
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{d7c83393-01ff-488e-b4c7-ce4733f24f2d}: [DhcpNameServer] 192.168.1.254
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp17win10.msn.com/?pc=HCTE
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp17win10.msn.com/?pc=HCTE
HKU\S-1-5-21-3252656029-1357310190-2560453275-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp17win10.msn.com/?pc=HCTE
HKU\S-1-5-21-3252656029-1357310190-2560453275-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp17win10.msn.com/?pc=HCTE
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2018-07-24] (Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2016-12-07] (HP Inc.)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2016-12-07] (HP Inc.)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-07-14] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-07-14] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-07-14] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-07-14] (Microsoft Corporation)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll [2018-01-25] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll [2018-01-25] (McAfee, Inc.)
FireFox:
========
FF DefaultProfile: l7f6zkd0.default
FF ProfilePath: C:\Users\eviei\AppData\Roaming\Mozilla\Firefox\Profiles\l7f6zkd0.default [2018-07-17]
FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\McAfee\MSK
FF Extension: (McAfee Anti-Spam Thunderbird Extension) - C:\Program Files\McAfee\MSK [2018-03-20] [Legacy] [not signed]
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2018-01-25] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.56 -> C:\Program Files (x86)\Intel\TXE Components\IPT\npIntelWebAPIIPT.dll [2014-07-02] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\TXE Components\IPT\npIntelWebAPIUpdater.dll [2014-07-02] (Intel Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2018-01-25] ()
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2018-03-20] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-07-14] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-07-14] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll [2018-01-08] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-05-10] (Adobe Systems Inc.)
Chrome:
=======
CHR Profile: C:\Users\eviei\AppData\Local\Google\Chrome\User Data\Default [2018-07-17]
CHR Extension: (Slides) - C:\Users\eviei\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-07-14]
CHR Extension: (Docs) - C:\Users\eviei\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-07-14]
CHR Extension: (Google Drive) - C:\Users\eviei\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-07-14]
CHR Extension: (YouTube) - C:\Users\eviei\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-07-14]
CHR Extension: (Sheets) - C:\Users\eviei\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-07-14]
CHR Extension: (Google Docs Offline) - C:\Users\eviei\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-07-17]
CHR Extension: (Chrome Web Store Payments) - C:\Users\eviei\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-07-14]
CHR Extension: (Gmail) - C:\Users\eviei\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-07-14]
CHR Extension: (Chrome Media Router) - C:\Users\eviei\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-07-14]
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-11-27] (Apple Inc.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [8765104 2018-07-13] (Microsoft Corporation)
S3 ClientAnalyticsService; C:\Program Files\Common Files\McAfee\ClientAnalytics\Legacy\McClientAnalytics.exe [1511728 2017-09-21] (McAfee, Inc.)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-11-24] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-11-24] (Dropbox, Inc.)
R2 esifsvc; C:\WINDOWS\SysWOW64\esif_uf.exe [1419424 2017-03-28] (Intel Corporation)
R2 HP Comm Recover; C:\Program Files\HPCommRecovery\HPCommRecovery.exe [1309184 2016-10-07] (HP Inc.) [File not signed]
R2 HP Orbit Service; C:\Program Files\HP\HP Orbit Service\HPOrbitService.exe [3394072 2017-03-01] (HP Inc.)
R2 HPJumpStartBridge; c:\Program Files (x86)\HP\HP JumpStart Bridge\HPJumpStartBridge.exe [471040 2017-04-03] (HP Inc.)
S3 hpqcaslwmiex; C:\Program Files (x86)\HP\Shared\hpqwmiex.exe [1031704 2016-06-04] (HP)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [332144 2017-11-21] (HP Inc.)
R2 HPWMISVC; c:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe [631800 2016-06-20] (HP Inc.)
R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [356336 2017-03-28] (Intel Corporation)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [887784 2015-09-03] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\TXE Components\DAL\jhi_service.exe [174368 2015-04-21] (Intel Corporation)
R2 McAPExe; C:\Program Files\Common Files\McAfee\VSCore_15_8\McApExe.exe [728296 2018-01-31] (McAfee, Inc.)
S3 McAWFwk; C:\Program Files\Common Files\mcafee\actwiz\McAWFwk.exe [454560 2016-11-15] (McAfee, Inc.)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\2.7.371.0\\McCSPServiceHost.exe [2140888 2017-12-14] (McAfee, Inc.)
S3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [359888 2018-01-26] (McAfee LLC)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe [512976 2018-01-26] (McAfee LLC)
R3 mfevtp; C:\windows\system32\mfevtps.exe [475600 2018-01-26] (McAfee LLC)
R2 ModuleCoreService; C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe [1666224 2017-12-19] (McAfee, Inc.)
R2 PEFService; C:\Program Files\Common Files\McAfee\PEF\CORE\PEFService.exe [1045360 2018-01-30] (McAfee, Inc.)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [324608 2017-04-13] (Realtek Semiconductor)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [278616 2017-08-18] (Synaptics Incorporated)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1806.18062-0\NisSrv.exe [3925648 2018-07-17] (Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1806.18062-0\MsMpEng.exe [100080 2018-07-17] (Microsoft Corporation)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 cfwids; C:\WINDOWS\System32\drivers\cfwids.sys [77216 2018-01-31] (McAfee LLC)
R3 dptf_acpi; C:\WINDOWS\System32\drivers\dptf_acpi.sys [55792 2017-03-28] (Intel Corporation)
R3 dptf_cpu; C:\WINDOWS\System32\drivers\dptf_cpu.sys [52208 2017-03-28] (Intel Corporation)
R3 esif_lf; C:\WINDOWS\system32\DRIVERS\esif_lf.sys [260080 2017-03-28] (Intel Corporation)
S3 HipShieldK; C:\WINDOWS\System32\drivers\HipShieldK.sys [218336 2017-10-09] (McAfee, Inc.)
R3 igfxLP; C:\WINDOWS\system32\DRIVERS\igdkmd64lp.sys [7407064 2017-03-28] (Intel Corporation)
R3 mfeaack; C:\WINDOWS\System32\drivers\mfeaack.sys [496544 2018-01-31] (McAfee LLC)
R3 mfeavfk; C:\WINDOWS\System32\drivers\mfeavfk.sys [357792 2018-01-31] (McAfee LLC)
U3 mfeavfk01; no ImagePath
S0 mfeelamk; C:\WINDOWS\System32\drivers\mfeelamk.sys [83952 2018-01-31] (McAfee LLC)
R3 mfefirek; C:\WINDOWS\System32\drivers\mfefirek.sys [528288 2018-01-31] (McAfee LLC)
R0 mfehidk; C:\WINDOWS\System32\drivers\mfehidk.sys [948128 2018-01-31] (McAfee LLC)
R3 mfencbdc; C:\WINDOWS\System32\DRIVERS\mfencbdc.sys [521128 2017-11-21] (McAfee LLC.)
S3 mfencrk; C:\WINDOWS\System32\DRIVERS\mfencrk.sys [108464 2017-11-21] (McAfee LLC.)
R3 mfeplk; C:\WINDOWS\System32\drivers\mfeplk.sys [115104 2018-01-31] (McAfee LLC)
R0 mfewfpk; C:\WINDOWS\System32\drivers\mfewfpk.sys [252832 2018-01-31] (McAfee LLC)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [954368 2017-04-14] (Realtek )
S3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [420832 2017-04-27] (Realsil Semiconductor Corporation)
R3 RTWlanE; C:\WINDOWS\System32\drivers\rtwlane.sys [6895984 2017-08-18] (Realtek Semiconductor Corporation )
S3 SmbDrv; C:\WINDOWS\System32\drivers\Smb_driver_AMDASF.sys [60504 2017-04-28] (Synaptics Incorporated)
R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [55384 2017-08-18] (Synaptics Incorporated)
R3 TXEIx64; C:\WINDOWS\System32\drivers\TXEIx64.sys [146200 2015-10-15] (Intel Corporation)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [46592 2018-07-17] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [340008 2018-07-17] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [59944 2018-07-17] (Microsoft Corporation)
R3 WirelessButtonDriver64; C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys [30368 2017-06-21] (HP)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2018-07-24 14:29 - 2018-07-24 14:30 - 000000000 ____D C:\FRST
2018-07-24 14:26 - 2018-07-24 14:27 - 001388448 _____ C:\Users\Public\ASR.dat
2018-07-24 14:11 - 2018-07-24 14:11 - 000002442 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk
2018-07-24 14:11 - 2018-07-24 14:11 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools
2018-07-24 14:01 - 2018-07-24 14:01 - 000000000 ___HD C:\OneDriveTemp
2018-07-24 14:01 - 2018-07-24 14:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2018-07-17 16:50 - 2018-07-17 16:50 - 000003936 _____ C:\WINDOWS\System32\Tasks\CCleaner Update
2018-07-17 16:50 - 2018-07-17 16:50 - 000002870 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2018-07-17 16:50 - 2018-07-17 16:50 - 000000870 _____ C:\Users\Public\Desktop\CCleaner.lnk
2018-07-17 16:50 - 2018-07-17 16:50 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2018-07-17 16:50 - 2018-07-17 16:50 - 000000000 ____D C:\Program Files\CCleaner
2018-07-17 16:48 - 2018-07-17 16:49 - 015989160 _____ (Piriform Ltd) C:\Users\eviei\Downloads\ccsetup544.exe
2018-07-14 10:31 - 2018-07-14 10:31 - 000002384 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-07-14 10:31 - 2018-07-14 10:31 - 000002343 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-07-14 10:28 - 2018-07-14 10:28 - 000003418 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2018-07-14 10:28 - 2018-07-14 10:28 - 000003294 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2018-07-24 14:20 - 2017-09-29 09:46 - 000000000 ____D C:\WINDOWS\DeliveryOptimization
2018-07-24 14:16 - 2017-09-29 09:46 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-07-24 14:13 - 2017-09-29 09:46 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2018-07-24 14:12 - 2017-09-29 09:44 - 000000000 ____D C:\WINDOWS\INF
2018-07-24 14:11 - 2017-05-17 15:01 - 000002500 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word.lnk
2018-07-24 14:11 - 2017-05-17 15:01 - 000002499 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk
2018-07-24 14:11 - 2017-05-17 15:01 - 000002463 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access.lnk
2018-07-24 14:11 - 2017-05-17 15:01 - 000002462 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk
2018-07-24 14:11 - 2017-05-17 15:01 - 000002456 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook.lnk
2018-07-24 14:11 - 2017-05-17 15:01 - 000002450 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher.lnk
2018-07-24 14:09 - 2017-05-17 14:59 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2018-07-24 14:04 - 2018-01-06 17:05 - 000004168 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{9EFFB82A-7611-47E7-86AA-97C36493FDC0}
2018-07-24 14:01 - 2018-01-06 17:05 - 000003378 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3252656029-1357310190-2560453275-1001
2018-07-24 14:01 - 2017-11-25 13:31 - 000002374 _____ C:\Users\eviei\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2018-07-24 14:01 - 2017-11-25 13:31 - 000000000 __RDL C:\Users\eviei\OneDrive
2018-07-24 14:00 - 2017-09-29 09:46 - 000000000 ___HD C:\Program Files\WindowsApps
2018-07-24 13:58 - 2017-12-15 13:11 - 000000000 ___RD C:\Users\eviei\iCloudDrive
2018-07-24 13:55 - 2018-01-06 16:35 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-07-24 13:34 - 2017-11-25 06:06 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2018-07-24 13:34 - 2017-11-24 23:18 - 000000000 __SHD C:\Users\eviei\IntelGraphicsProfiles
2018-07-17 19:15 - 2017-12-04 11:07 - 000000000 ____D C:\WINDOWS\system32\MRT
2018-07-17 18:53 - 2018-06-08 12:51 - 000000000 ___HD C:\$WINDOWS.~BT
2018-07-17 18:53 - 2018-01-02 15:59 - 000000000 ___DC C:\WINDOWS\Panther
2018-07-17 18:53 - 2017-12-04 11:07 - 134675576 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2018-07-17 18:52 - 2018-03-29 13:24 - 000563832 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2018-07-17 18:42 - 2018-06-08 09:58 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2018-07-17 16:38 - 2017-09-29 09:37 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-07-14 10:55 - 2017-12-15 13:11 - 000000000 ____D C:\Users\eviei\Documents\Outlook Files
2018-07-14 10:54 - 2017-12-15 13:12 - 000000000 ____D C:\Users\eviei\AppData\Local\25BD9BF9-9D91-4D97-B838-DC3BB88CD26F.aplzod
2018-07-14 10:52 - 2017-05-17 15:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016 Tools
2018-07-14 10:31 - 2017-11-26 13:11 - 000000000 ____D C:\Users\eviei\AppData\Local\Google
2018-07-14 10:30 - 2017-11-26 13:11 - 000000000 ____D C:\Program Files (x86)\Google
2018-07-14 10:21 - 2018-01-06 17:05 - 000000000 ____D C:\WINDOWS\System32\Tasks\McAfee
2018-07-14 10:15 - 2017-07-10 18:32 - 000000000 ____D C:\Program Files (x86)\McAfee
==================== Files in the root of some directories =======
2018-07-24 14:26 - 2018-07-24 14:27 - 001388448 _____ () C:\Users\Public\ASR.dat
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2018-06-08 12:09
==================== End of FRST.txt ============================

 

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21.07.2018
Ran by eviei (24-07-2018 14:33:34)
Running from C:\Users\eviei\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads
Windows 10 Home Version 1709 16299.248 (X64) (2018-01-06 21:07:23)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================
Administrator (S-1-5-21-3252656029-1357310190-2560453275-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3252656029-1357310190-2560453275-503 - Limited - Disabled)
eviei (S-1-5-21-3252656029-1357310190-2560453275-1001 - Administrator - Enabled) => C:\Users\eviei
Guest (S-1-5-21-3252656029-1357310190-2560453275-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-3252656029-1357310190-2560453275-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)

==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.011.20040 - Adobe Systems Incorporated)
Apple Application Support (32-bit) (HKLM-x32\...\{D4C80B0C-CF67-43A7-90C3-466853543B54}) (Version: 6.3 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{B2A2E8AF-BC48-4191-B2C4-3846A19835CA}) (Version: 6.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BD6778C5-6FA5-492A-ADD6-E706339C2A7B}) (Version: 11.0.2.4 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{19589375-5C58-4AFA-842F-8B34744CCEAD}) (Version: 2.5.0.1 - Apple Inc.)
Barn Yarn Collector's Edition (HKLM-x32\...\WTA-0db591fa-a369-4dea-816e-d799d5db286b) (Version: 3.0.2.48 - WildTangent) Hidden
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.44 - Piriform)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.)
CyberLink Power Media Player 14 (HKLM-x32\...\{32C8E300-BDB4-4398-92C2-E9B7D8A233DB}) (Version: 14.0.6.7428 - CyberLink Corp.)
Dropbox 25 GB (HKLM-x32\...\{84D8451D-2ED6-3A59-ABA5-2A447F7C6310}) (Version: 4.1.2.0 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.75.1 - Dropbox, Inc.) Hidden
Energy Star (HKLM\...\{5CB22648-35F8-41BC-9C35-1E41FE6E12A5}) (Version: 1.1.1 - HP Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 67.0.3396.99 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
HP Audio Switch (HKLM-x32\...\{BC852AA8-58F6-4F07-ACB1-7377E52CA4F3}) (Version: 1.0.150.0 - HP Inc.)
HP Documentation (HKLM\...\HP_Documentation) (Version: 1.0.0.1 - HP Inc.)
HP ePrint SW (HKLM-x32\...\{54da9769-2364-4bd3-8139-6400500778b3}) (Version: 5.3.22034 - HP Inc.)
HP JumpStart Apps (HKLM-x32\...\HP JumpStart Apps) (Version: 7.0.21 - HP Inc.)
HP JumpStart Bridge (HKLM-x32\...\{23D5C1E8-0442-4D70-9280-927EF36657CB}) (Version: 1.1.0.378 - HP Inc.)
HP JumpStart Launch (HKLM-x32\...\{81CA40FD-E11B-4DC1-AE33-A71EB044B8B7}) (Version: 1.1.275.0 - HP Inc.)
HP Officejet 6500 E710n-z Basic Device Software (HKLM\...\{D79A5962-7305-41B9-A39E-A98AB598F372}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Officejet 6500 E710n-z Help (HKLM-x32\...\{130E5108-547F-4482-91EE-F45C784E08C7}) (Version: 140.0.2.2 - Hewlett Packard)
HP Officejet 6500 E710n-z Product Improvement Study (HKLM\...\{4207BD5E-6F51-4C57-BC86-A0EBE9088A30}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Orbit (HKLM-x32\...\{04ec2b32-255d-418f-b6ca-dec62b872f5d}) (Version: 1.3.60.240 - HP Inc.)
HP Support Assistant (HKLM-x32\...\{4780AF24-213D-4187-86F2-0014A6D6077B}) (Version: 8.5.37.19 - HP Inc.)
HP Support Solutions Framework (HKLM-x32\...\{00612F78-52C4-46C0-97F0-F50B6036B5E2}) (Version: 12.8.47.1 - HP Inc.)
HP Sure Connect (HKLM-x32\...\{6468C4A5-E47E-405F-B675-A70A70983EA6}) (Version: 1.0.0.29 - HP Inc.)
HP System Event Utility (HKLM-x32\...\{29E20347-C62F-4657-938E-876A182B67F1}) (Version: 1.4.14 - HP Inc.)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HP Wireless Button Driver (HKLM-x32\...\{099DAD2B-56C5-4919-9F82-418C2A018CAE}) (Version: 1.1.18.1 - HP)
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
iCloud (HKLM\...\{99868C9C-C141-4DDE-A2C7-9DDF00F68F17}) (Version: 7.2.0.67 - Apple Inc.)
Intel® Chipset Device Software (HKLM-x32\...\{314d4c01-f54b-4125-a71f-1e2722c29050}) (Version: 10.1.1.40 - Intel® Corporation) Hidden
Intel® Dynamic Platform and Thermal Framework (HKLM-x32\...\{654EE65D-FAA4-4EA6-8C07-DC94E6A304D4}) (Version: 8.1.10608.329 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4568 - Intel Corporation)
Intel® Trusted Execution Engine (HKLM\...\{176E2755-0A17-42C6-88E2-192AB2131278}) (Version: 2.0.0.1094 - Intel Corporation)
iSEEK AnswerWorks English Runtime (HKLM-x32\...\{18A8E78B-9EF2-496E-B310-BCD8E4C1DAB3}) (Version: 010.000.0101 - Vantage Linguistics)
iTunes (HKLM\...\{D7D4465C-B3B6-4BC1-B336-2803FB57BFAF}) (Version: 12.7.2.60 - Apple Inc.)
Letter Quest - Grimm's Journey (HKLM-x32\...\WTA-e4aa9fec-8085-489c-87d6-2854b3929b27) (Version: 3.0.2.118 - WildTangent) Hidden
McAfee LiveSafe (HKLM-x32\...\MSC) (Version: 16.0 R8 - McAfee, Inc.)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.10228.20134 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3252656029-1357310190-2560453275-1001\...\OneDriveSetup.exe) (Version: 18.111.0603.0006 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23506 (HKLM-x32\...\{3ee5e5bb-b7cc-4556-8861-a00a82977d6c}) (Version: 14.0.23506.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23506 (HKLM-x32\...\{23daf363-3020-4059-b3ae-dc4ad39fed19}) (Version: 14.0.23506.0 - Microsoft Corporation)
Mozilla Firefox 57.0.4 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 57.0.4 (x86 en-US)) (Version: 57.0.4 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 57.0 - Mozilla)
Mystika 2 (HKLM-x32\...\WTA-754e3b99-154d-4409-ad3c-613b4f8fe12d) (Version: 1.1.2.4 - WildTangent) Hidden
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.10228.20134 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.10228.20134 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.10228.20134 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.10228.20134 - Microsoft Corporation) Hidden
OpenOffice 4.1.4 (HKLM-x32\...\{BDB210E1-06C5-451F-BDAC-C18DDC7C2F14}) (Version: 4.14.9788 - Apache Software Foundation)
Quicken 2013 (HKLM-x32\...\{034DD4BB-F0D6-4ECF-B064-8E39E3EF7076}) (Version: 22.1.1.21 - Intuit)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.15063.31235 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.16.323.2017 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8110 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{A5107464-AA9B-4177-8129-5FF2F42DD322}) (Version: 1.0.0.91 - REALTEK Semiconductor Corp.)
Runefall (HKLM-x32\...\WTA-aa483fca-a070-4abb-922b-9213492902c9) (Version: 3.0.2.126 - WildTangent) Hidden
Sparkle 2 (HKLM-x32\...\WTA-aacfd9a7-6f41-40c5-b433-ed7b5d4db049) (Version: 3.0.2.51 - WildTangent) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.3.31.31 - Synaptics Incorporated)
TurboTax 2017 (HKLM-x32\...\TurboTax 2017) (Version: 2017.0 - Intuit, Inc)
Update Installer for WildTangent Games App (HKLM-x32\...\{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App) (Version:  - WildTangent) Hidden
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.1.0.28 - WildTangent)
WildTangent Games App for HP (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp) (Version: 4.1.1.36 - WildTangent) Hidden
WildTangent ShortcutProvider (HKLM-x32\...\{80831F60-19D7-43B3-A60C-5CAF8C478DF6}) (Version: 1.0.0.47 - WildTangent) Hidden
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
ContextMenuHandlers1: [McCtxMenuFrmWrk] -> {CCA9EFD3-29ED-430A-BA6D-E6BBFF0A60C2} => c:\Program Files\mcafee\msc\McCtxMenuFrmWrk.dll [2018-01-25] (McAfee, Inc.)
ContextMenuHandlers1: [PhotoStreamsExt] -> {89D984B3-813B-406A-8298-118AFA3A22AE} => C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll [2017-12-08] (Apple Inc.)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2017-03-28] (Intel Corporation)
ContextMenuHandlers6: [McCtxMenuFrmWrk] -> {CCA9EFD3-29ED-430A-BA6D-E6BBFF0A60C2} => c:\Program Files\mcafee\msc\McCtxMenuFrmWrk.dll [2018-01-25] (McAfee, Inc.)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {01440DAC-24D7-48A8-9E99-B810B39874D1} - System32\Tasks\HPAudioSwitch => C:\Program Files (x86)\HP\HPAudioSwitch\HPAudioSwitch.exe [2017-02-02] (HP Inc.)
Task: {04AA1629-EF07-4EAE-A0E5-11833ED2F309} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2017-11-24] (Dropbox, Inc.)
Task: {0573F149-ADBD-46DF-A38E-C6001DEB1551} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-02-09] (Adobe Systems Incorporated)
Task: {0D7A9184-8EE0-447C-A778-A0B287D9E946} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee VirusScan\upgrade.exe [2018-05-04] (McAfee, Inc.)
Task: {17274F53-FA17-4E34-96FF-0E1327054FE9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-07-14] (Google Inc.)
Task: {1951ECBE-969A-4989-9251-0571D58A76C7} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2016-12-07] (HP Inc.)
Task: {24E6D1C4-FD38-45AE-A418-94B279052DCB} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2018-06-24] (Piriform Ltd)
Task: {25C7F0C3-1033-48AF-809F-100972101ACF} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-07-14] (Google Inc.)
Task: {27BF9CF2-4EFD-48C5-90F2-7048C4CE39C6} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-07-24] (Microsoft Corporation)
Task: {2CDE08E0-5FC8-4F6C-9E04-FE40CCD63335} - System32\Tasks\DropboxOEM => C:\Program Files (x86)\Dropbox\DropboxOEM\DropboxOEM.exe [2016-11-28] (DropboxOEM)
Task: {3C5987AB-F2AE-4DE8-BB95-50FF6BE777CF} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2018-06-24] (Piriform Ltd)
Task: {3DB56C06-6D81-42A8-A190-6205156EE673} - System32\Tasks\HPJumpStartLaunch => C:\Program Files (x86)\HP\HP JumpStart Launch\HPJumpStartLaunch.exe [2017-02-01] ()
Task: {423D9321-3159-4E6E-BBC5-C4182B681347} - System32\Tasks\McAfee\McAfee Idle Detection Task
Task: {4393D709-7F5B-4974-A783-A40930AA86A9} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-07-13] (Microsoft Corporation)
Task: {483200C2-9BF2-4D6C-854F-146CB75F18E7} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2017-06-22] (HP Inc.)
Task: {4FADD0EE-4A68-4921-9D23-ABB995D87E9B} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2017-11-24] (Dropbox, Inc.)
Task: {5869F381-9C12-4433-8F12-F98517F48A04} - System32\Tasks\HPCustParticipation HP Officejet 6500 E710n-z => C:\Program Files\HP\HP Officejet 6500 E710n-z\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {5B27AE94-DEDC-40AB-BC87-D400AA59150B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2017-09-27] (HP Inc.)
Task: {66227169-9230-4292-A0B9-B6D8AF889826} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1806.18062-0\MpCmdRun.exe [2018-07-17] (Microsoft Corporation)
Task: {6C60E6FD-3467-413A-8AB7-1E6CDB43844D} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-07-13] (Microsoft Corporation)
Task: {6F079C33-7D67-4EFF-AAC9-3BFBAA30AE83} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1806.18062-0\MpCmdRun.exe [2018-07-17] (Microsoft Corporation)
Task: {6FE15F7D-2137-46C5-B226-8EC2AD9C4945} - System32\Tasks\McAfee\McAfee Auto Maintenance Task Agent
Task: {7B558AB7-85CF-41AE-BDAB-2182951D794F} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-07-24] (Microsoft Corporation)
Task: {7E14EF87-4DE0-4BAE-9910-47BB0017520A} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1806.18062-0\MpCmdRun.exe [2018-07-17] (Microsoft Corporation)
Task: {838A0FD6-004E-4652-AD76-27FE3924805C} - System32\Tasks\McAfee\DAD.Execute.Updates => C:\Program Files\Common Files\McAfee\DynamicAppDownloader\1.1.178\DADUpdater.exe [2018-07-14] (McAfee, Inc.)
Task: {8714AD08-F722-4735-969A-7F49D04D41A0} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2016-12-07] (HP Inc.)
Task: {B5493E25-7FD6-4BBB-B0F2-94637CB2F012} - System32\Tasks\McAfeeLogon => C:\Program Files\Common Files\mcafee\platform\McUICnt.exe [2017-10-04] (McAfee, Inc.)
Task: {C4430160-DAB2-4897-9BA2-5BDD1C6C8B7D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2017-09-20] (HP Inc.)
Task: {C45888EF-4214-47C6-9F4E-1943F54D087D} - System32\Tasks\HPEA3JOBS => C:\Program [Argument = Files\HP\HP ePrint\hpeprint.exe /CheckJobs]
Task: {D0C60BAD-9219-4A90-AA10-D5CEC13D93AA} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-12-07] (HP Inc.)
Task: {D273FAD5-0F89-45C7-A983-298ADC027706} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1806.18062-0\MpCmdRun.exe [2018-07-17] (Microsoft Corporation)
Task: {DEB35B95-2BF1-4493-9464-B6B60D85B669} - System32\Tasks\Microsoft\Office\OfficeOsfInstaller => C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\osfinstaller.exe [2018-07-24] (Microsoft Corporation)
Task: {DECC7D8B-3349-4F4E-9FC4-63CD00CBF1FC} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2017-09-27] (HP Inc.)
Task: {DF08C6B9-02BF-43D3-81E8-F64105EE32EE} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [2016-12-07] (HP Inc.)
Task: {F1D49F29-F083-4149-ABDF-B404B7E40598} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2017-10-12] (Apple Inc.)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Priceline.com.lnk -> C:\Program Files (x86)\HP\Shared\WizLink.exe () -> hxxp://secure.rezserver.com/sdk/v1/LinkFwd?refid=7684&destination=priceline&refclickid=square
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VUDU - Streaming Movies.lnk -> C:\Program Files (x86)\HP\Shared\WizLink.exe () -> hxxp://js.redirect.hp.com/jumpstation?bd=all&c=*&locale=en_us&pf=cnnb&s=VUDU_URL&tp=startmenu
==================== Loaded Modules (Whitelisted) ==============
2017-12-08 02:48 - 2017-12-08 02:48 - 000088888 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2018-01-05 01:13 - 2018-01-05 01:13 - 001356088 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2017-11-29 18:28 - 2018-01-05 17:39 - 001707032 _____ () C:\Program Files\McAfee\MfeAV\RealProtectAMScanIf.dll
2017-11-29 18:28 - 2018-01-05 17:39 - 000572776 _____ () C:\Program Files\McAfee\MfeAV\RepairModule.dll
2017-09-29 09:41 - 2017-09-29 09:41 - 000184432 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2017-02-01 14:50 - 2017-02-01 14:50 - 000459264 _____ () C:\Program Files (x86)\HP\HP JumpStart Launch\HPJumpStartLaunch.exe
2018-02-16 10:12 - 2018-02-10 00:39 - 011044864 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2018-02-16 10:12 - 2018-02-10 00:36 - 001804288 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-12-11 12:05 - 2017-12-11 12:05 - 000088888 _____ () C:\Program Files\iTunes\zlib1.dll
2017-12-11 12:05 - 2017-12-11 12:05 - 001356088 _____ () C:\Program Files\iTunes\libxml2.dll
2018-03-29 13:30 - 2018-03-29 13:34 - 000086528 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1811.248.1000_x64__kzf8qxf38zg5c\SkypeHost.exe
2018-03-29 13:30 - 2018-03-29 13:34 - 000195072 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1811.248.1000_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2017-09-29 09:41 - 2017-09-29 09:41 - 000030208 _____ () C:\WINDOWS\system32\Windows.WARP.JITService.exe
2018-01-05 17:31 - 2018-01-05 17:31 - 000975872 _____ () C:\WINDOWS\system32\FaceProcessor.dll
2018-01-05 17:31 - 2018-01-05 17:31 - 000269696 _____ () C:\WINDOWS\system32\FaceProcessorCore.dll
2017-09-29 09:41 - 2017-09-29 09:41 - 001357464 _____ () C:\WINDOWS\system32\FaceTrackerInternal.dll
2018-01-05 01:14 - 2018-01-05 01:14 - 001042232 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2018-01-05 01:14 - 2018-01-05 01:14 - 000189752 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxslt.dll
2017-12-08 02:49 - 2017-12-08 02:49 - 000076088 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ModuleCoreService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcapexe => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ModuleCoreService => ""="Service"
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2017-03-18 17:03 - 2017-03-18 17:01 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts

==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-3252656029-1357310190-2560453275-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\eviei\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{80232BE6-9493-475A-9810-0446DA5A8F1A}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{85458B21-19AA-42CA-8FEA-8E2C05FFCB8E}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{65F3AACA-CA40-4FC3-B8A5-54DE159C45EB}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{E929CF67-72D3-401F-A921-4CCFC6113C8A}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{51041816-CFD8-4FBB-9C91-D7F17EBBEBAF}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{C2654405-0A64-4A87-8679-6BD42A765D51}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
FirewallRules: [{E8D27CE2-C2E6-4D14-A6A9-49C20C427814}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{619EC73E-671E-42A8-A192-7FF98C822CD4}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{D9349DF4-3E34-4A83-90E6-B3C7014525B0}] => (Allow) C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHost.exe
FirewallRules: [{6D1898D1-808E-44E7-9659-C97D3AD1E83B}] => (Allow) C:\Program Files (x86)\Common Files\Mcafee\MMSSHost\MMSSHost.exe
FirewallRules: [{8DEE9C42-8BC5-4978-8BCD-6E18EE417A4D}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{0AC6E3C1-81CB-4F57-943E-E09CCEEDE14D}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Movie\PowerDVDMovie.exe
FirewallRules: [{46C3EB8B-8623-418F-9DFA-5D3142C82DF4}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD.exe
FirewallRules: [{66C7E78A-74F9-4326-A00F-60D82075E863}] => (Allow) LPort=13148
FirewallRules: [{665ADD2B-32A5-43D5-8D41-77C9C68894F9}] => (Allow) C:\Program Files\HP\HP Orbit Service\HPOrbitService.exe
FirewallRules: [{14231565-7D9B-4120-9FB5-ADF2C5C8A436}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{0D0C1790-F674-4132-86D1-B0403C2C8DF5}] => (Allow) C:\Program Files\HP\HP Officejet 6500 E710n-z\bin\FaxApplications.exe
FirewallRules: [{2CF5CCE0-49C1-4A35-9506-9ADEA4A41FB1}] => (Allow) C:\Program Files\HP\HP Officejet 6500 E710n-z\bin\DigitalWizards.exe
FirewallRules: [{9A10EF45-D259-4FFA-963B-835C6397F5DE}] => (Allow) C:\Program Files\HP\HP Officejet 6500 E710n-z\bin\SendAFax.exe
FirewallRules: [{01D72044-193E-4447-BC21-B42BB5B5D2A3}] => (Allow) C:\Program Files\HP\HP Officejet 6500 E710n-z\Bin\DeviceSetup.exe
FirewallRules: [{9023B2D3-A06C-4121-888B-BE64BEB00EC7}] => (Allow) C:\Program Files\HP\HP Officejet 6500 E710n-z\Bin\HPNetworkCommunicator.exe
FirewallRules: [{B9FB0B2B-70F0-438A-931F-43B524322015}] => (Allow) C:\Program Files\HP\HP Officejet 6500 E710n-z\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{BF39738A-49EE-4FA9-BF35-04A82AB5D052}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdater.exe
FirewallRules: [{D36720A9-A21F-4BA5-BB1C-379A96C29260}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{545516FB-AEB7-4C38-932F-3B9F170AE01A}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{63C4D9A6-8CF2-4A96-869D-AB34BE81EB4D}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{379280B0-A4E3-4283-BA9D-326CDEB78BC0}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{DA705F3C-95C9-4AE7-A2C0-3D17AF271E07}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{A00CD9F6-F82E-465B-B525-8734FFD2F35C}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{FB05CA58-2D0C-4042-8C94-09F244EF625C}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe
FirewallRules: [{E8EF1E96-89B8-46AC-993E-B8C75F9F5552}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe
==================== Restore Points =========================
Could not list restore points
Check "winmgmt" service or repair WMI.

==================== Faulty Device Manager Devices =============
Could not list Devices. Check "winmgmt" service or repair WMI.

==================== Event log errors: =========================
Application errors:
==================
Error: (07/24/2018 02:26:54 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program SystemSettings.exe version 10.0.16299.15 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
Process ID: 2f48
Start Time: 01d4237bc8867081
Termination Time: 4294967295
Application Path: C:\Windows\ImmersiveControlPanel\SystemSettings.exe
Report Id: effc8ed0-f78f-4ae6-bffa-f1a4c1e2dba6
Faulting package full name: windows.immersivecontrolpanel_10.0.1.1000_neutral_neutral_cw5n1h2txyewy
Faulting package-relative application ID: microsoft.windows.immersivecontrolpanel
Error: (07/24/2018 02:26:50 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2486) (User: LAPTOP-VCBMR6EO)
Description: App windows.immersivecontrolpanel_10.0.1.1000_neutral_neutral_cw5n1h2txyewy+microsoft.windows.immersivecontrolpanel did not launch within its allotted time.
Error: (07/24/2018 02:24:37 PM) (Source: ESENT) (EventID: 489) (User: )
Description: SettingSyncHost (5604,P,0) {93306499-F526-40C2-A3FE-DD1C2F13F142}: An attempt to open the file "C:\Users\eviei\AppData\Local\Microsoft\Windows\SettingSync\metastore\meta.edb" for read only access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ".  The open file operation will fail with error -1032 (0xfffffbf8).
Error: (07/24/2018 02:24:27 PM) (Source: ESENT) (EventID: 489) (User: )
Description: SettingSyncHost (5604,P,0) {B0E689AB-BB51-4277-B7EE-D4D503B8973D}: An attempt to open the file "C:\Users\eviei\AppData\Local\Microsoft\Windows\SettingSync\metastore\meta.edb" for read only access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ".  The open file operation will fail with error -1032 (0xfffffbf8).
Error: (07/24/2018 02:24:17 PM) (Source: ESENT) (EventID: 489) (User: )
Description: SettingSyncHost (5604,P,0) {B091D05B-36A9-4DC1-B00B-83A016B2B380}: An attempt to open the file "C:\Users\eviei\AppData\Local\Microsoft\Windows\SettingSync\metastore\meta.edb" for read only access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ".  The open file operation will fail with error -1032 (0xfffffbf8).
Error: (07/24/2018 02:24:05 PM) (Source: ESENT) (EventID: 489) (User: )
Description: SettingSyncHost (5604,P,0) {048EF43D-D77A-4A99-9A3F-8287E3EFA540}: An attempt to open the file "C:\Users\eviei\AppData\Local\Microsoft\Windows\SettingSync\metastore\meta.edb" for read only access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ".  The open file operation will fail with error -1032 (0xfffffbf8).
Error: (07/24/2018 02:18:58 PM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Error while updating Windows Defender status to SECURITY_PRODUCT_STATE_ON.
Error: (07/24/2018 02:18:58 PM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Error while updating Windows Defender status to SECURITY_PRODUCT_STATE_ON.

System errors:
=============
Error: (07/24/2018 02:02:12 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Interactive Services Detection service terminated with the following error:
Incorrect function.
Error: (07/24/2018 01:58:38 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (07/24/2018 01:57:56 PM) (Source: DCOM) (EventID: 10016) (User: LAPTOP-VCBMR6EO)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{8BC3F05E-D86B-11D0-A075-00C04FB68820}
 and APPID
{8BC3F05E-D86B-11D0-A075-00C04FB68820}
 to the user LAPTOP-VCBMR6EO\eviei SID (S-1-5-21-3252656029-1357310190-2560453275-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ContentDeliveryManager_10.0.16299.15_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-350187224-1905355452-1037786396-3028148496-2624191407-3283318427-1255436723). This security permission can be modified using the Component Services administrative tool.
Error: (07/24/2018 01:56:50 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (07/24/2018 01:34:15 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (07/24/2018 01:34:15 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (07/24/2018 01:34:15 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (07/24/2018 01:34:15 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Windows Defender:
===================================
Date: 2018-06-08 12:45:06.809
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {6DF5733E-DBFB-4824-BFF5-43BA55B0B77D}
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2018-07-17 18:52:49.294
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.271.1136.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.15000.2
Error code: 0x80240016
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
Date: 2018-06-08 12:45:12.625
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version: 1.269.913.0
Previous Signature Version: 1.269.911.0
Update Source: User
Signature Type: AntiSpyware
Update Type: Delta
Current Engine Version: 1.1.14901.4
Previous Engine Version: 1.1.14901.4
Error code: 0x80509004
Error description: An unexpected problem occurred. Install any available updates, and then try to start the program again. For information on installing updates, see Help and Support.
Date: 2018-06-08 12:45:12.624
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version: 1.269.913.0
Previous Signature Version: 1.269.911.0
Update Source: User
Signature Type: AntiVirus
Update Type: Delta
Current Engine Version: 1.1.14901.4
Previous Engine Version: 1.1.14901.4
Error code: 0x80509004
Error description: An unexpected problem occurred. Install any available updates, and then try to start the program again. For information on installing updates, see Help and Support.
CodeIntegrity:
===================================
Date: 2018-07-24 14:24:49.807
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
Date: 2018-07-24 14:24:49.803
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
Date: 2018-07-24 14:18:57.966
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
Date: 2018-07-24 14:18:57.962
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
Date: 2018-07-24 14:17:35.490
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
Date: 2018-07-24 14:17:35.486
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
Date: 2018-07-24 14:17:21.287
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
Date: 2018-07-24 14:17:21.282
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
==================== Memory info ===========================
Processor: Intel® Pentium® CPU N3710 @ 1.60GHz
Percentage of memory in use: 66%
Total physical RAM: 4001.58 MB
Available physical RAM: 1333.83 MB
Total Virtual: 4705.58 MB
Available Virtual: 1764.83 MB
==================== Drives ================================
Drive c: (Windows) (Fixed) (Total:450.91 GB) (Free:395.36 GB) NTFS
Drive d: (RECOVERY) (Fixed) (Total:13.62 GB) (Free:1.64 GB) NTFS ==>[system with boot components (obtained from drive)]
\\?\Volume{6bd5e15b-bd27-431d-89cd-ddb7e5872828}\ () (Fixed) (Total:0.25 GB) (Free:0.16 GB) FAT32
\\?\Volume{74344a3a-8a10-4ce3-a77c-0ac1da0d0390}\ (Windows RE tools) (Fixed) (Total:0.96 GB) (Free:0.38 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: B72F9B8C)
Partition: GPT.
==================== End of Addition.txt ============================

Edited by psjbob, 24 July 2018 - 05:08 PM.

  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,885 posts
  • MVP

No obvious malware.  Uninstall Bonjour.  It never seems happy on Win 10.

 

Turn “off” Sync Settings (Settings > Accounts > Sync your Settings > Sync Settings).

 

Open an elevated command prompt:

http://www.howtogeek...-in-windows-10/
http://www.eightforu...indows-8-a.html

(If you open an elevated Command Prompt properly it will say Administrator: Command Prompt in the margin at the top of the window)


Once you have an elevated command prompt:

Type:

 DISM  /Online  /Cleanup-Image  /RestoreHealth

 (I use two spaces so you can be sure to see where one space goes.)
Hit Enter.  This will take a while (10-20 minutes) to complete.  Once the prompt returns:

Reboot.  Open an elevated Command Prompt again and type (with an Enter after the line):

sfc  /scannow



This will also take a few minutes.  

When it finishes it will say one of the following:

Windows did not find any integrity violations (a good thing)
Windows Resource Protection found corrupt files and repaired them (a good thing)
Windows Resource Protection found corrupt files but was unable to fix some (or all) of them (not a good thing)

If you get the last result then type:
findstr  /c:"[SR]"  \windows\logs\cbs\cbs.log  >  %UserProfile%\desktop\junk.txt


Hit Enter.  Then type::


notepad %UserProfile%\desktop\junk.txt

Hit Enter.

 Copy the text from notepad and paste it into a reply.


After you finish SFC, regardless of the result:



1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.  (Each time you run VEW it overwrites the log so copy the first one to a Reply or rename it before running it a second time.)
 

Get Process Explorer

http://live.sysinter...com/procexp.exe
Save it to your desktop then run it (Vista or Win7+ - right click and Run As Administrator).  

View, Select Column, check Verified Signer, OK
Options, Verify Image Signatures


Click twice on the CPU column header  to sort things by CPU usage with the big hitters at the top.  

Wait a full minute then:

File, Save As, Save.  Note the file name.   Open the file  on your desktop and copy and paste the text to a reply.


Copy the next 2 lines:

TASKLIST /SVC  > \junk.txt
notepad \junk.txt

Open an Elevated Command Prompt:
Win 7: Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator
Win 8: http://www.eightforu...indows-8-a.html
win 10: http://www.howtogeek...-in-windows-10/

Right click and Paste (or Edit then Paste) and the copied lines should appear.
Hit Enter if notepad does not open.  Copy and paste the text from notepad into a reply.


Get the free version of Speccy:

http://www.filehippo...ownload_speccy/ 

(Look in the upper right for the Download
Latest Version button  - Do NOT press the large Start Download button on the upper left!)  
Download, Save and Install it.  Tell it you do not need CCLEANER.    Run Speccy.  When it finishes (the little icon in the bottom left will stop moving),
File, Save as Text File,  (to your desktop) note the name it gives. OK.  Open the file in notepad and delete the line that gives the serial number of your Operating System.  
(It will be near the top,  10-20  lines down.) Save the file.  Attach the file to your next post.  Attaching the log is the best option as it is too big for the forum.  Attaching is a multi step process.

First click on More Reply Options
Then scroll down to where you see
Choose File and click on it.  Point it at the file and hit Open.
Now click on Attach this file.

 


  • 0

#3
psjbob

psjbob

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
  • Bonjour Uninstalled
  • Sync turned OFF
  • I ran the DISM command followed by the sfc  /scannow and closed the cmd window before I noticed what it said.
  • When I try and run the VEW program, I keep getting a runtime error. I have downloaded it and tried running it several times with the same result each time. I noticed there were some Windows Updates needed so I ran the updates and tried VEW again but continue getting the runtime error.
  • The junk.txt file that is supposed to come as a result of the Process Explorer gives me an ERROR: NOT FOUND
  • I tried to install Speccy and everything in the summary says Unknown system error: 0x80041002

Edited by psjbob, 10 August 2018 - 07:12 PM.

  • 0

#4
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,885 posts
  • MVP

VEW needs for you to right click and Run As Admin or it won't work.

If you can't get it to work then try:

 

Full Event Log View

http://www.nirsoft.n...t_log_view.html

The download is near the bottom of the page.  Choose the one appropriate for your system.

Download FullEventLogView (32-bit version)
Download FullEventLogView (64-bit version) <===


Right click on the downloaded file and Extract All, Extract.  Doubleclick on FullEventLogView.exe

Once the program starts:  Options, Advanced Options and in the new window uncheck Informational verbose and Undefined.

Show only events from the last 1 Days

OK

Now Edit, Select All

File, Save Selected Items, to your desktop, call it events,  Save.

Close the program.  You should have a file called events.txt on your desktop.  Open it, Edit, Select All, Ctrl + c to copy and then move to a Reply and Ctrl +v to paste it into the reply.



The junk file won't work if you don't use an Elevated Command Prompt.  You should still have a Process Explorer log.  Please post it.



 

Speccy probably uses WMI which might be broken on your PC.  If you post the process explorer log I can tell.


  • 0

#5
psjbob

psjbob

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts

dg1p5k.jpg

 

FullEventLogView

==================================================
Event Time        : 8/13/2018 4:56:40 PM.963
Record ID         : 3629
Event ID          : 1
Level             : Error
Channel           : Microsoft-Windows-CloudStore/Operational
Provider          : Microsoft-Windows-CloudStore
Description       : Error 0x80070003 occurred. See event details for more information.
Opcode            :
Task              :
Keywords          : 0x8000000000000000
Process ID        : 1500
Thread ID         : 1608
Computer          : LAPTOP-VCBMR6EO
User              : LAPTOP-VCBMR6EO\eviei
==================================================
==================================================
Event Time        : 8/13/2018 4:56:40 PM.963
Record ID         : 3630
Event ID          : 1
Level             : Error
Channel           : Microsoft-Windows-CloudStore/Operational
Provider          : Microsoft-Windows-CloudStore
Description       : Error 0x80070003 occurred. See event details for more information.
Opcode            :
Task              :
Keywords          : 0x8000000000000000
Process ID        : 1500
Thread ID         : 1608
Computer          : LAPTOP-VCBMR6EO
User              : LAPTOP-VCBMR6EO\eviei
==================================================
==================================================
Event Time        : 8/13/2018 4:56:40 PM.963
Record ID         : 3631
Event ID          : 1
Level             : Error
Channel           : Microsoft-Windows-CloudStore/Operational
Provider          : Microsoft-Windows-CloudStore
Description       : Error 0x80070003 occurred. See event details for more information.
Opcode            :
Task              :
Keywords          : 0x8000000000000000
Process ID        : 1500
Thread ID         : 1608
Computer          : LAPTOP-VCBMR6EO
User              : LAPTOP-VCBMR6EO\eviei
==================================================
==================================================
Event Time        : 8/13/2018 4:56:40 PM.963
Record ID         : 3632
Event ID          : 1
Level             : Error
Channel           : Microsoft-Windows-CloudStore/Operational
Provider          : Microsoft-Windows-CloudStore
Description       : Error 0x80070003 occurred. See event details for more information.
Opcode            :
Task              :
Keywords          : 0x8000000000000000
Process ID        : 1500
Thread ID         : 1608
Computer          : LAPTOP-VCBMR6EO
User              : LAPTOP-VCBMR6EO\eviei
==================================================
==================================================
Event Time        : 8/13/2018 4:56:41 PM.387
Record ID         : 3633
Event ID          : 1
Level             : Error
Channel           : Microsoft-Windows-CloudStore/Operational
Provider          : Microsoft-Windows-CloudStore
Description       : Error 0x80070003 occurred. See event details for more information.
Opcode            :
Task              :
Keywords          : 0x8000000000000000
Process ID        : 1500
Thread ID         : 1608
Computer          : LAPTOP-VCBMR6EO
User              : LAPTOP-VCBMR6EO\eviei
==================================================
==================================================
Event Time        : 8/13/2018 4:56:41 PM.387
Record ID         : 3634
Event ID          : 1
Level             : Error
Channel           : Microsoft-Windows-CloudStore/Operational
Provider          : Microsoft-Windows-CloudStore
Description       : Error 0x80070003 occurred. See event details for more information.
Opcode            :
Task              :
Keywords          : 0x8000000000000000
Process ID        : 1500
Thread ID         : 1608
Computer          : LAPTOP-VCBMR6EO
User              : LAPTOP-VCBMR6EO\eviei
==================================================
==================================================
Event Time        : 8/13/2018 4:56:41 PM.387
Record ID         : 3635
Event ID          : 1
Level             : Error
Channel           : Microsoft-Windows-CloudStore/Operational
Provider          : Microsoft-Windows-CloudStore
Description       : Error 0x80070003 occurred. See event details for more information.
Opcode            :
Task              :
Keywords          : 0x8000000000000000
Process ID        : 1500
Thread ID         : 1608
Computer          : LAPTOP-VCBMR6EO
User              : LAPTOP-VCBMR6EO\eviei
==================================================
==================================================
Event Time        : 8/13/2018 4:56:41 PM.387
Record ID         : 3636
Event ID          : 1
Level             : Error
Channel           : Microsoft-Windows-CloudStore/Operational
Provider          : Microsoft-Windows-CloudStore
Description       : Error 0x80070003 occurred. See event details for more information.
Opcode            :
Task              :
Keywords          : 0x8000000000000000
Process ID        : 1500
Thread ID         : 1608
Computer          : LAPTOP-VCBMR6EO
User              : LAPTOP-VCBMR6EO\eviei
==================================================
==================================================
Event Time        : 8/13/2018 4:56:42 PM.990
Record ID         : 3637
Event ID          : 1
Level             : Error
Channel           : Microsoft-Windows-CloudStore/Operational
Provider          : Microsoft-Windows-CloudStore
Description       : Error 0x80070003 occurred. See event details for more information.
Opcode            :
Task              :
Keywords          : 0x8000000000000000
Process ID        : 1500
Thread ID         : 6452
Computer          : LAPTOP-VCBMR6EO
User              : LAPTOP-VCBMR6EO\eviei
==================================================
==================================================
Event Time        : 8/13/2018 4:56:42 PM.990
Record ID         : 3638
Event ID          : 1
Level             : Error
Channel           : Microsoft-Windows-CloudStore/Operational
Provider          : Microsoft-Windows-CloudStore
Description       : Error 0x80070003 occurred. See event details for more information.
Opcode            :
Task              :
Keywords          : 0x8000000000000000
Process ID        : 1500
Thread ID         : 6452
Computer          : LAPTOP-VCBMR6EO
User              : LAPTOP-VCBMR6EO\eviei
==================================================
==================================================
Event Time        : 8/13/2018 4:56:42 PM.990
Record ID         : 3639
Event ID          : 1
Level             : Error
Channel           : Microsoft-Windows-CloudStore/Operational
Provider          : Microsoft-Windows-CloudStore
Description       : Error 0x80070003 occurred. See event details for more information.
Opcode            :
Task              :
Keywords          : 0x8000000000000000
Process ID        : 1500
Thread ID         : 6452
Computer          : LAPTOP-VCBMR6EO
User              : LAPTOP-VCBMR6EO\eviei
==================================================
==================================================
Event Time        : 8/13/2018 4:56:42 PM.990
Record ID         : 3640
Event ID          : 1
Level             : Error
Channel           : Microsoft-Windows-CloudStore/Operational
Provider          : Microsoft-Windows-CloudStore
Description       : Error 0x80070003 occurred. See event details for more information.
Opcode            :
Task              :
Keywords          : 0x8000000000000000
Process ID        : 1500
Thread ID         : 6452
Computer          : LAPTOP-VCBMR6EO
User              : LAPTOP-VCBMR6EO\eviei
==================================================
==================================================
Event Time        : 8/13/2018 4:56:43 PM.333
Record ID         : 11415
Event ID          : 6114
Level             : Error
Channel           : Microsoft-Windows-LiveId/Operational
Provider          : Microsoft-Windows-LiveId
Description       : SOAP Request of type Auth for user CID '31dcc87248745643' in production environment received the following error code from the Microsoft Account server: 0x80041012.
Opcode            :
Task              :
Keywords          : Error
Process ID        : 5872
Thread ID         : 12620
Computer          : LAPTOP-VCBMR6EO
User              : NT AUTHORITY\SYSTEM
==================================================
==================================================
Event Time        : 8/13/2018 4:56:49 PM.253
Record ID         : 4956
Event ID          : 10016
Level             : Error
Channel           : System
Provider          : Microsoft-Windows-DistributedCOM
Description       : The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Opcode            :
Task              :
Keywords          : Classic
Process ID        : 1040
Thread ID         : 1304
Computer          : LAPTOP-VCBMR6EO
User              : NT AUTHORITY\LOCAL SERVICE
==================================================
==================================================
Event Time        : 8/13/2018 4:56:49 PM.253
Record ID         : 4955
Event ID          : 10016
Level             : Error
Channel           : System
Provider          : Microsoft-Windows-DistributedCOM
Description       : The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Opcode            :
Task              :
Keywords          : Classic
Process ID        : 1040
Thread ID         : 1104
Computer          : LAPTOP-VCBMR6EO
User              : NT AUTHORITY\LOCAL SERVICE
==================================================
==================================================
Event Time        : 8/13/2018 4:56:50 PM.425
Record ID         : 4958
Event ID          : 10016
Level             : Error
Channel           : System
Provider          : Microsoft-Windows-DistributedCOM
Description       : The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Opcode            :
Task              :
Keywords          : Classic
Process ID        : 1040
Thread ID         : 1104
Computer          : LAPTOP-VCBMR6EO
User              : NT AUTHORITY\LOCAL SERVICE
==================================================
==================================================
Event Time        : 8/13/2018 4:56:50 PM.425
Record ID         : 4957
Event ID          : 10016
Level             : Error
Channel           : System
Provider          : Microsoft-Windows-DistributedCOM
Description       : The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Opcode            :
Task              :
Keywords          : Classic
Process ID        : 1040
Thread ID         : 1104
Computer          : LAPTOP-VCBMR6EO
User              : NT AUTHORITY\LOCAL SERVICE
==================================================
==================================================
Event Time        : 8/13/2018 4:56:51 PM.883
Record ID         : 3641
Event ID          : 1
Level             : Error
Channel           : Microsoft-Windows-CloudStore/Operational
Provider          : Microsoft-Windows-CloudStore
Description       : Error 0x80070003 occurred. See event details for more information.
Opcode            :
Task              :
Keywords          : 0x8000000000000000
Process ID        : 1500
Thread ID         : 1608
Computer          : LAPTOP-VCBMR6EO
User              : LAPTOP-VCBMR6EO\eviei
==================================================
==================================================
Event Time        : 8/13/2018 4:56:51 PM.883
Record ID         : 3642
Event ID          : 1
Level             : Error
Channel           : Microsoft-Windows-CloudStore/Operational
Provider          : Microsoft-Windows-CloudStore
Description       : Error 0x80070003 occurred. See event details for more information.
Opcode            :
Task              :
Keywords          : 0x8000000000000000
Process ID        : 1500
Thread ID         : 1608
Computer          : LAPTOP-VCBMR6EO
User              : LAPTOP-VCBMR6EO\eviei
==================================================
==================================================
Event Time        : 8/13/2018 4:56:51 PM.883
Record ID         : 3643
Event ID          : 1
Level             : Error
Channel           : Microsoft-Windows-CloudStore/Operational
Provider          : Microsoft-Windows-CloudStore
Description       : Error 0x80070003 occurred. See event details for more information.
Opcode            :
Task              :
Keywords          : 0x8000000000000000
Process ID        : 1500
Thread ID         : 1608
Computer          : LAPTOP-VCBMR6EO
User              : LAPTOP-VCBMR6EO\eviei
==================================================
==================================================
Event Time        : 8/13/2018 4:56:51 PM.883
Record ID         : 3644
Event ID          : 1
Level             : Error
Channel           : Microsoft-Windows-CloudStore/Operational
Provider          : Microsoft-Windows-CloudStore
Description       : Error 0x80070003 occurred. See event details for more information.
Opcode            :
Task              :
Keywords          : 0x8000000000000000
Process ID        : 1500
Thread ID         : 1608
Computer          : LAPTOP-VCBMR6EO
User              : LAPTOP-VCBMR6EO\eviei
==================================================
==================================================
Event Time        : 8/13/2018 4:57:01 PM.158
Record ID         : 11421
Event ID          : 6114
Level             : Error
Channel           : Microsoft-Windows-LiveId/Operational
Provider          : Microsoft-Windows-LiveId
Description       : SOAP Request of type Service for user CID '31dcc87248745643' in production environment received the following error code from the Microsoft Account server: 0x800478AD.
Opcode            :
Task              :
Keywords          : Error
Process ID        : 5872
Thread ID         : 6152
Computer          : LAPTOP-VCBMR6EO
User              : LAPTOP-VCBMR6EO\eviei
==================================================
==================================================
Event Time        : 8/13/2018 4:57:04 PM.028
Record ID         : 338
Event ID          : 8025
Level             : 16
Channel           : Microsoft-Windows-HelloForBusiness/Operational
Provider          : Microsoft-Windows-HelloForBusiness
Description       : The Microsoft Passport service started successfully.
Opcode            : Informational (12)
Task              : Service Start (6)
Keywords          : 0x8000000000000001
Process ID        : 12148
Thread ID         : 11300
Computer          : LAPTOP-VCBMR6EO
User              : NT AUTHORITY\SYSTEM
==================================================
==================================================
Event Time        : 8/13/2018 4:57:04 PM.947
Record ID         : 340
Event ID          : 8210
Level             : 16
Channel           : Microsoft-Windows-HelloForBusiness/Operational
Provider          : Microsoft-Windows-HelloForBusiness
Description       : Windows Hello for Business successfully completed the remote desktop prerequisite check.
Opcode            : Informational (12)
Task              : Prerequisites Check (12)
Keywords          : 0x8000000000000001
Process ID        : 5036
Thread ID         : 8976
Computer          : LAPTOP-VCBMR6EO
User              : LAPTOP-VCBMR6EO\eviei
==================================================
==================================================
Event Time        : 8/13/2018 4:57:04 PM.947
Record ID         : 341
Event ID          : 7201
Level             : Error
Channel           : Microsoft-Windows-HelloForBusiness/Operational
Provider          : Microsoft-Windows-HelloForBusiness
Description       : The Primary Account Primary Refresh Token prerequisite check failed.
Opcode            : Informational (12)
Task              : Prerequisites Check (12)
Keywords          : 0x8000000000000001
Process ID        : 5036
Thread ID         : 8976
Computer          : LAPTOP-VCBMR6EO
User              : LAPTOP-VCBMR6EO\eviei
==================================================
==================================================
Event Time        : 8/13/2018 4:57:04 PM.947
Record ID         : 342
Event ID          : 7054
Level             : Error
Channel           : Microsoft-Windows-HelloForBusiness/Operational
Provider          : Microsoft-Windows-HelloForBusiness
Description       : Windows Hello for Business prerequisites check failed.
Error: 0x1
Opcode            : Stop (11)
Task              : Prerequisites Check (12)
Keywords          : 0x8000000000000001
Process ID        : 5036
Thread ID         : 8976
Computer          : LAPTOP-VCBMR6EO
User              : LAPTOP-VCBMR6EO\eviei
==================================================
==================================================
Event Time        : 8/13/2018 4:57:11 PM.519
Record ID         : 5294
Event ID          : 1002
Level             : Warning
Channel           : Microsoft-Windows-Known Folders API Service
Provider          : Microsoft-Windows-KnownFolders
Description       : Error 0x80070005 occurred while verifying known folder {B97D20BB-F46A-4C97-BA10-5E3608430854} with path 'C:\Users\eviei\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup'.
Opcode            :
Task              :
Keywords          : 0x8000000000000000
Process ID        : 7904
Thread ID         : 12052
Computer          : LAPTOP-VCBMR6EO
User              : LAPTOP-VCBMR6EO\eviei
==================================================
==================================================
Event Time        : 8/13/2018 4:57:11 PM.520
Record ID         : 5295
Event ID          : 1002
Level             : Warning
Channel           : Microsoft-Windows-Known Folders API Service
Provider          : Microsoft-Windows-KnownFolders
Description       : Error 0x80070005 occurred while verifying known folder {82A5EA35-D9CD-47C5-9629-E15D2F714E6E} with path 'C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup'.
Opcode            :
Task              :
Keywords          : 0x8000000000000000
Process ID        : 7904
Thread ID         : 12052
Computer          : LAPTOP-VCBMR6EO
User              : LAPTOP-VCBMR6EO\eviei
==================================================
==================================================
Event Time        : 8/13/2018 4:57:39 PM.300
Record ID         : 11442
Event ID          : 6113
Level             : Error
Channel           : Microsoft-Windows-LiveId/Operational
Provider          : Microsoft-Windows-LiveId
Description       : RPC call to function WLIDGetKeyLatest returned the following error code: 0x800488A4.
Opcode            :
Task              :
Keywords          : Error
Process ID        : 5872
Thread ID         : 12620
Computer          : LAPTOP-VCBMR6EO
User              : NT AUTHORITY\SYSTEM
==================================================
==================================================
Event Time        : 8/13/2018 4:58:05 PM.617
Record ID         : 39853
Event ID          : 1000
Level             : Error
Channel           : Application
Provider          : Application Error
Description       : Faulting application name: HPMSGSVC.exe, version: 1.4.11.0, time stamp: 0x57674acb
Faulting module name: HPMSGSVC.exe, version: 1.4.11.0, time stamp: 0x57674acb
Exception code: 0xc0000005
Fault offset: 0x000075ee
Faulting process id: 0x2a68
Faulting application start time: 0x01d43348506a56b2
Faulting application path: C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe
Faulting module path: C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe
Report Id: 378eac5c-4e83-4a60-a3f0-637a8ae0b68e
Faulting package full name:
Faulting package-relative application ID:
Opcode            :
Task              : Application Crashing Events (100)
Keywords          : Classic
Process ID        :
Thread ID         :
Computer          : LAPTOP-VCBMR6EO
User              :
==================================================
==================================================
Event Time        : 8/13/2018 4:58:11 PM.745
Record ID         : 3956
Event ID          : 308
Level             : Warning
Channel           : Microsoft-Windows-Bits-Client/Operational
Provider          : Microsoft-Windows-Bits-Client
Description       : The BITS service shut down successfully, but it was delayed for 247065.765 seconds. This might cause delays when you turn off your computer. For more information on the delay, enable the analytic log for BITS, then stop and restart the BITS service.
Opcode            :
Task              :
Keywords          : 0x4000000000000000
Process ID        : 7632
Thread ID         : 1612
Computer          : LAPTOP-VCBMR6EO
User              : NT AUTHORITY\SYSTEM
==================================================
==================================================
Event Time        : 8/13/2018 4:58:20 PM.300
Record ID         : 11460
Event ID          : 6114
Level             : Error
Channel           : Microsoft-Windows-LiveId/Operational
Provider          : Microsoft-Windows-LiveId
Description       : SOAP Request of type Service for user CID '31dcc87248745643' in production environment received the following error code from the Microsoft Account server: 0x800478AD.
Opcode            :
Task              :
Keywords          : Error
Process ID        : 5872
Thread ID         : 3880
Computer          : LAPTOP-VCBMR6EO
User              : LAPTOP-VCBMR6EO\eviei
==================================================
==================================================
Event Time        : 8/13/2018 4:58:22 PM.252
Record ID         : 11463
Event ID          : 6114
Level             : Error
Channel           : Microsoft-Windows-LiveId/Operational
Provider          : Microsoft-Windows-LiveId
Description       : SOAP Request of type Service for user CID '31dcc87248745643' in production environment received the following error code from the Microsoft Account server: 0x800478AD.
Opcode            :
Task              :
Keywords          : Error
Process ID        : 5872
Thread ID         : 3880
Computer          : LAPTOP-VCBMR6EO
User              : LAPTOP-VCBMR6EO\eviei
==================================================
==================================================
Event Time        : 8/13/2018 4:59:10 PM.333
Record ID         : 5296
Event ID          : 1002
Level             : Warning
Channel           : Microsoft-Windows-Known Folders API Service
Provider          : Microsoft-Windows-KnownFolders
Description       : Error 0x80070002 occurred while verifying known folder {B97D20BB-F46A-4C97-BA10-5E3608430854} with path 'C:\WINDOWS\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup'.
Opcode            :
Task              :
Keywords          : 0x8000000000000000
Process ID        : 12596
Thread ID         : 5316
Computer          : LAPTOP-VCBMR6EO
User              : NT AUTHORITY\SYSTEM
==================================================
==================================================
Event Time        : 8/13/2018 4:59:12 PM.053
Record ID         : 3959
Event ID          : 310
Level             : Warning
Channel           : Microsoft-Windows-Bits-Client/Operational
Provider          : Microsoft-Windows-Bits-Client
Description       : The initialization of the peer helper modules failed with the following error:  0x80070032.
Opcode            :
Task              :
Keywords          : 0x4000000000000000
Process ID        : 13196
Thread ID         : 1152
Computer          : LAPTOP-VCBMR6EO
User              : NT AUTHORITY\SYSTEM
==================================================
==================================================
Event Time        : 8/13/2018 4:59:17 PM.595
Record ID         : 116
Event ID          : 2
Level             : Error
Channel           : Microsoft-Windows-Kernel-EventTracing/Admin
Provider          : Microsoft-Windows-Kernel-EventTracing
Description       : Session "Cloud Files Diagnostic Event Listener" failed to start with the following error: 0xC0000022
Opcode            : Start (12)
Task              : Session (2)
Keywords          : Session
Process ID        : 12152
Thread ID         : 13836
Computer          : LAPTOP-VCBMR6EO
User              : LAPTOP-VCBMR6EO\eviei
==================================================
==================================================
Event Time        : 8/13/2018 4:59:17 PM.839
Record ID         : 117
Event ID          : 2
Level             : Error
Channel           : Microsoft-Windows-Kernel-EventTracing/Admin
Provider          : Microsoft-Windows-Kernel-EventTracing
Description       : Session "CldFltLog" failed to start with the following error: 0xC0000022
Opcode            : Start (12)
Task              : Session (2)
Keywords          : Session
Process ID        : 12152
Thread ID         : 13836
Computer          : LAPTOP-VCBMR6EO
User              : LAPTOP-VCBMR6EO\eviei
==================================================
==================================================
Event Time        : 8/13/2018 4:59:36 PM.412
Record ID         : 3645
Event ID          : 1
Level             : Error
Channel           : Microsoft-Windows-CloudStore/Operational
Provider          : Microsoft-Windows-CloudStore
Description       : Error 0x80070003 occurred. See event details for more information.
Opcode            :
Task              :
Keywords          : 0x8000000000000000
Process ID        : 1500
Thread ID         : 6452
Computer          : LAPTOP-VCBMR6EO
User              : LAPTOP-VCBMR6EO\eviei
==================================================
==================================================
Event Time        : 8/13/2018 4:59:36 PM.412
Record ID         : 3646
Event ID          : 1
Level             : Error
Channel           : Microsoft-Windows-CloudStore/Operational
Provider          : Microsoft-Windows-CloudStore
Description       : Error 0x80070003 occurred. See event details for more information.
Opcode            :
Task              :
Keywords          : 0x8000000000000000
Process ID        : 1500
Thread ID         : 6452
Computer          : LAPTOP-VCBMR6EO
User              : LAPTOP-VCBMR6EO\eviei
==================================================
==================================================
Event Time        : 8/13/2018 4:59:36 PM.412
Record ID         : 3647
Event ID          : 1
Level             : Error
Channel           : Microsoft-Windows-CloudStore/Operational
Provider          : Microsoft-Windows-CloudStore
Description       : Error 0x80070003 occurred. See event details for more information.
Opcode            :
Task              :
Keywords          : 0x8000000000000000
Process ID        : 1500
Thread ID         : 6452
Computer          : LAPTOP-VCBMR6EO
User              : LAPTOP-VCBMR6EO\eviei
==================================================
==================================================
Event Time        : 8/13/2018 4:59:36 PM.412
Record ID         : 3648
Event ID          : 1
Level             : Error
Channel           : Microsoft-Windows-CloudStore/Operational
Provider          : Microsoft-Windows-CloudStore
Description       : Error 0x80070003 occurred. See event details for more information.
Opcode            :
Task              :
Keywords          : 0x8000000000000000
Process ID        : 1500
Thread ID         : 6452
Computer          : LAPTOP-VCBMR6EO
User              : LAPTOP-VCBMR6EO\eviei
==================================================
==================================================
Event Time        : 8/13/2018 4:59:38 PM.063
Record ID         : 5297
Event ID          : 1002
Level             : Warning
Channel           : Microsoft-Windows-Known Folders API Service
Provider          : Microsoft-Windows-KnownFolders
Description       : Error 0x80070005 occurred while verifying known folder {B97D20BB-F46A-4C97-BA10-5E3608430854} with path 'C:\Users\eviei\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup'.
Opcode            :
Task              :
Keywords          : 0x8000000000000000
Process ID        : 10860
Thread ID         : 14520
Computer          : LAPTOP-VCBMR6EO
User              : LAPTOP-VCBMR6EO\eviei
==================================================
==================================================
Event Time        : 8/13/2018 4:59:38 PM.063
Record ID         : 5298
Event ID          : 1002
Level             : Warning
Channel           : Microsoft-Windows-Known Folders API Service
Provider          : Microsoft-Windows-KnownFolders
Description       : Error 0x80070005 occurred while verifying known folder {82A5EA35-D9CD-47C5-9629-E15D2F714E6E} with path 'C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup'.
Opcode            :
Task              :
Keywords          : 0x8000000000000000
Process ID        : 10860
Thread ID         : 14520
Computer          : LAPTOP-VCBMR6EO
User              : LAPTOP-VCBMR6EO\eviei
==================================================
==================================================
Event Time        : 8/13/2018 5:00:02 PM.486
Record ID         : 3649
Event ID          : 1
Level             : Error
Channel           : Microsoft-Windows-CloudStore/Operational
Provider          : Microsoft-Windows-CloudStore
Description       : Error 0x80070003 occurred. See event details for more information.
Opcode            :
Task              :
Keywords          : 0x8000000000000000
Process ID        : 1500
Thread ID         : 6452
Computer          : LAPTOP-VCBMR6EO
User              : LAPTOP-VCBMR6EO\eviei
==================================================
==================================================
Event Time        : 8/13/2018 5:00:02 PM.486
Record ID         : 3650
Event ID          : 1
Level             : Error
Channel           : Microsoft-Windows-CloudStore/Operational
Provider          : Microsoft-Windows-CloudStore
Description       : Error 0x80070003 occurred. See event details for more information.
Opcode            :
Task              :
Keywords          : 0x8000000000000000
Process ID        : 1500
Thread ID         : 6452
Computer          : LAPTOP-VCBMR6EO
User              : LAPTOP-VCBMR6EO\eviei
==================================================
==================================================
Event Time        : 8/13/2018 5:00:02 PM.486
Record ID         : 3651
Event ID          : 1
Level             : Error
Channel           : Microsoft-Windows-CloudStore/Operational
Provider          : Microsoft-Windows-CloudStore
Description       : Error 0x80070003 occurred. See event details for more information.
Opcode            :
Task              :
Keywords          : 0x8000000000000000
Process ID        : 1500
Thread ID         : 6452
Computer          : LAPTOP-VCBMR6EO
User              : LAPTOP-VCBMR6EO\eviei
==================================================
==================================================
Event Time        : 8/13/2018 5:00:02 PM.486
Record ID         : 3652
Event ID          : 1
Level             : Error
Channel           : Microsoft-Windows-CloudStore/Operational
Provider          : Microsoft-Windows-CloudStore
Description       : Error 0x80070003 occurred. See event details for more information.
Opcode            :
Task              :
Keywords          : 0x8000000000000000
Process ID        : 1500
Thread ID         : 6452
Computer          : LAPTOP-VCBMR6EO
User              : LAPTOP-VCBMR6EO\eviei
==================================================
==================================================
Event Time        : 8/13/2018 5:00:14 PM.537
Record ID         : 4961
Event ID          : 10010
Level             : Error
Channel           : System
Provider          : Microsoft-Windows-DistributedCOM
Description       : The server {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} did not register with DCOM within the required timeout.
Opcode            :
Task              :
Keywords          : Classic
Process ID        : 1040
Thread ID         : 1084
Computer          : LAPTOP-VCBMR6EO
User              : LAPTOP-VCBMR6EO\eviei
==================================================
==================================================
Event Time        : 8/13/2018 5:00:52 PM.048
Record ID         : 5299
Event ID          : 1002
Level             : Warning
Channel           : Microsoft-Windows-Known Folders API Service
Provider          : Microsoft-Windows-KnownFolders
Description       : Error 0x80070002 occurred while verifying known folder {C4900540-2379-4C75-844B-64E6FAF8716B} with path 'C:\Users\Public\Pictures\Sample Pictures'.
Opcode            :
Task              :
Keywords          : 0x8000000000000000
Process ID        : 3372
Thread ID         : 13328
Computer          : LAPTOP-VCBMR6EO
User              : LAPTOP-VCBMR6EO\eviei
==================================================
==================================================
Event Time        : 8/13/2018 5:00:52 PM.053
Record ID         : 5300
Event ID          : 1002
Level             : Warning
Channel           : Microsoft-Windows-Known Folders API Service
Provider          : Microsoft-Windows-KnownFolders
Description       : Error 0x80070002 occurred while verifying known folder {2A00375E-224C-49DE-B8D1-440DF7EF3DDC} with path 'C:\WINDOWS\resources\0409'.
Opcode            :
Task              :
Keywords          : 0x8000000000000000
Process ID        : 3372
Thread ID         : 13328
Computer          : LAPTOP-VCBMR6EO
User              : LAPTOP-VCBMR6EO\eviei
==================================================
==================================================
Event Time        : 8/13/2018 5:00:52 PM.062
Record ID         : 5301
Event ID          : 1002
Level             : Warning
Channel           : Microsoft-Windows-Known Folders API Service
Provider          : Microsoft-Windows-KnownFolders
Description       : Error 0x80070002 occurred while verifying known folder {B250C668-F57D-4EE1-A63C-290EE7D1AA1F} with path 'C:\Users\Public\Music\Sample Music'.
Opcode            :
Task              :
Keywords          : 0x8000000000000000
Process ID        : 3372
Thread ID         : 13328
Computer          : LAPTOP-VCBMR6EO
User              : LAPTOP-VCBMR6EO\eviei
==================================================
==================================================
Event Time        : 8/13/2018 5:00:52 PM.081
Record ID         : 5302
Event ID          : 1002
Level             : Warning
Channel           : Microsoft-Windows-Known Folders API Service
Provider          : Microsoft-Windows-KnownFolders
Description       : Error 0x80070002 occurred while verifying known folder {859EAD94-2E85-48AD-A71A-0969CB56A6CD} with path 'C:\Users\Public\Videos\Sample Videos'.
Opcode            :
Task              :
Keywords          : 0x8000000000000000
Process ID        : 3372
Thread ID         : 13328
Computer          : LAPTOP-VCBMR6EO
User              : LAPTOP-VCBMR6EO\eviei
==================================================
==================================================
Event Time        : 8/13/2018 5:00:52 PM.087
Record ID         : 5303
Event ID          : 1002
Level             : Warning
Channel           : Microsoft-Windows-Known Folders API Service
Provider          : Microsoft-Windows-KnownFolders
Description       : Error 0x80070002 occurred while verifying known folder {12D4C69E-24AD-4923-BE19-31321C43A767} with path 'C:\ProgramData\Microsoft\Windows\RetailDemo'.
Opcode            :
Task              :
Keywords          : 0x8000000000000000
Process ID        : 3372
Thread ID         : 13328
Computer          : LAPTOP-VCBMR6EO
User              : LAPTOP-VCBMR6EO\eviei
==================================================
==================================================
Event Time        : 8/13/2018 5:00:52 PM.111
Record ID         : 5304
Event ID          : 1002
Level             : Warning
Channel           : Microsoft-Windows-Known Folders API Service
Provider          : Microsoft-Windows-KnownFolders
Description       : Error 0x80070002 occurred while verifying known folder {C1BAE2D0-10DF-4334-BEDD-7AA20B227A9D} with path 'C:\ProgramData\OEM Links'.
Opcode            :
Task              :
Keywords          : 0x8000000000000000
Process ID        : 3372
Thread ID         : 13328
Computer          : LAPTOP-VCBMR6EO
User              : LAPTOP-VCBMR6EO\eviei
==================================================
==================================================
Event Time        : 8/13/2018 5:00:52 PM.974
Record ID         : 5305
Event ID          : 1002
Level             : Warning
Channel           : Microsoft-Windows-Known Folders API Service
Provider          : Microsoft-Windows-KnownFolders
Description       : Error 0x80070002 occurred while verifying known folder {C4900540-2379-4C75-844B-64E6FAF8716B} with path 'C:\Users\Public\Pictures\Sample Pictures'.
Opcode            :
Task              :
Keywords          : 0x8000000000000000
Process ID        : 3372
Thread ID         : 13328
Computer          : LAPTOP-VCBMR6EO
User              : LAPTOP-VCBMR6EO\eviei
==================================================
==================================================
Event Time        : 8/13/2018 5:00:52 PM.978
Record ID         : 5306
Event ID          : 1002
Level             : Warning
Channel           : Microsoft-Windows-Known Folders API Service
Provider          : Microsoft-Windows-KnownFolders
Description       : Error 0x80070002 occurred while verifying known folder {2A00375E-224C-49DE-B8D1-440DF7EF3DDC} with path 'C:\WINDOWS\resources\0409'.
Opcode            :
Task              :
Keywords          : 0x8000000000000000
Process ID        : 3372
Thread ID         : 13328
Computer          : LAPTOP-VCBMR6EO
User              : LAPTOP-VCBMR6EO\eviei
==================================================
==================================================
Event Time        : 8/13/2018 5:00:52 PM.991
Record ID         : 5307
Event ID          : 1002
Level             : Warning
Channel           : Microsoft-Windows-Known Folders API Service
Provider          : Microsoft-Windows-KnownFolders
Description       : Error 0x80070002 occurred while verifying known folder {B250C668-F57D-4EE1-A63C-290EE7D1AA1F} with path 'C:\Users\Public\Music\Sample Music'.
Opcode            :
Task              :
Keywords          : 0x8000000000000000
Process ID        : 3372
Thread ID         : 13328
Computer          : LAPTOP-VCBMR6EO
User              : LAPTOP-VCBMR6EO\eviei
==================================================
==================================================
Event Time        : 8/13/2018 5:00:53 PM.011
Record ID         : 5308
Event ID          : 1002
Level             : Warning
Channel           : Microsoft-Windows-Known Folders API Service
Provider          : Microsoft-Windows-KnownFolders
Description       : Error 0x80070002 occurred while verifying known folder {859EAD94-2E85-48AD-A71A-0969CB56A6CD} with path 'C:\Users\Public\Videos\Sample Videos'.
Opcode            :
Task              :
Keywords          : 0x8000000000000000
Process ID        : 3372
Thread ID         : 13328
Computer          : LAPTOP-VCBMR6EO
User              : LAPTOP-VCBMR6EO\eviei
==================================================
==================================================
Event Time        : 8/13/2018 5:00:53 PM.018
Record ID         : 5309
Event ID          : 1002
Level             : Warning
Channel           : Microsoft-Windows-Known Folders API Service
Provider          : Microsoft-Windows-KnownFolders
Description       : Error 0x80070002 occurred while verifying known folder {12D4C69E-24AD-4923-BE19-31321C43A767} with path 'C:\ProgramData\Microsoft\Windows\RetailDemo'.
Opcode            :
Task              :
Keywords          : 0x8000000000000000
Process ID        : 3372
Thread ID         : 13328
Computer          : LAPTOP-VCBMR6EO
User              : LAPTOP-VCBMR6EO\eviei
==================================================
==================================================
Event Time        : 8/13/2018 5:00:53 PM.040
Record ID         : 5310
Event ID          : 1002
Level             : Warning
Channel           : Microsoft-Windows-Known Folders API Service
Provider          : Microsoft-Windows-KnownFolders
Description       : Error 0x80070002 occurred while verifying known folder {C1BAE2D0-10DF-4334-BEDD-7AA20B227A9D} with path 'C:\ProgramData\OEM Links'.
Opcode            :
Task              :
Keywords          : 0x8000000000000000
Process ID        : 3372
Thread ID         : 13328
Computer          : LAPTOP-VCBMR6EO
User              : LAPTOP-VCBMR6EO\eviei
==================================================
==================================================
Event Time        : 8/13/2018 5:01:32 PM.035
Record ID         : 3653
Event ID          : 1
Level             : Error
Channel           : Microsoft-Windows-CloudStore/Operational
Provider          : Microsoft-Windows-CloudStore
Description       : Error 0x80070003 occurred. See event details for more information.
Opcode            :
Task              :
Keywords          : 0x8000000000000000
Process ID        : 1500
Thread ID         : 6452
Computer          : LAPTOP-VCBMR6EO
User              : LAPTOP-VCBMR6EO\eviei
==================================================
==================================================
Event Time        : 8/13/2018 5:01:32 PM.035
Record ID         : 3654
Event ID          : 1
Level             : Error
Channel           : Microsoft-Windows-CloudStore/Operational
Provider          : Microsoft-Windows-CloudStore
Description       : Error 0x80070003 occurred. See event details for more information.
Opcode            :
Task              :
Keywords          : 0x8000000000000000
Process ID        : 1500
Thread ID         : 6452
Computer          : LAPTOP-VCBMR6EO
User              : LAPTOP-VCBMR6EO\eviei
==================================================
==================================================
Event Time        : 8/13/2018 5:01:32 PM.035
Record ID         : 3655
Event ID          : 1
Level             : Error
Channel           : Microsoft-Windows-CloudStore/Operational
Provider          : Microsoft-Windows-CloudStore
Description       : Error 0x80070003 occurred. See event details for more information.
Opcode            :
Task              :
Keywords          : 0x8000000000000000
Process ID        : 1500
Thread ID         : 6452
Computer          : LAPTOP-VCBMR6EO
User              : LAPTOP-VCBMR6EO\eviei
==================================================
==================================================
Event Time        : 8/13/2018 5:01:32 PM.035
Record ID         : 3656
Event ID          : 1
Level             : Error
Channel           : Microsoft-Windows-CloudStore/Operational
Provider          : Microsoft-Windows-CloudStore
Description       : Error 0x80070003 occurred. See event details for more information.
Opcode            :
Task              :
Keywords          : 0x8000000000000000
Process ID        : 1500
Thread ID         : 6452
Computer          : LAPTOP-VCBMR6EO
User              : LAPTOP-VCBMR6EO\eviei
==================================================
==================================================
Event Time        : 8/13/2018 5:01:32 PM.752
Record ID         : 3657
Event ID          : 1
Level             : Error
Channel           : Microsoft-Windows-CloudStore/Operational
Provider          : Microsoft-Windows-CloudStore
Description       : Error 0x80070003 occurred. See event details for more information.
Opcode            :
Task              :
Keywords          : 0x8000000000000000
Process ID        : 1500
Thread ID         : 6452
Computer          : LAPTOP-VCBMR6EO
User              : LAPTOP-VCBMR6EO\eviei
==================================================
==================================================
Event Time        : 8/13/2018 5:01:32 PM.752
Record ID         : 3658
Event ID          : 1
Level             : Error
Channel           : Microsoft-Windows-CloudStore/Operational
Provider          : Microsoft-Windows-CloudStore
Description       : Error 0x80070003 occurred. See event details for more information.
Opcode            :
Task              :
Keywords          : 0x8000000000000000
Process ID        : 1500
Thread ID         : 6452
Computer          : LAPTOP-VCBMR6EO
User              : LAPTOP-VCBMR6EO\eviei
==================================================
==================================================
Event Time        : 8/13/2018 5:01:32 PM.752
Record ID         : 3659
Event ID          : 1
Level             : Error
Channel           : Microsoft-Windows-CloudStore/Operational
Provider          : Microsoft-Windows-CloudStore
Description       : Error 0x80070003 occurred. See event details for more information.
Opcode            :
Task              :
Keywords          : 0x8000000000000000
Process ID        : 1500
Thread ID         : 6452
Computer          : LAPTOP-VCBMR6EO
User              : LAPTOP-VCBMR6EO\eviei
==================================================
==================================================
Event Time        : 8/13/2018 5:01:32 PM.752
Record ID         : 3660
Event ID          : 1
Level             : Error
Channel           : Microsoft-Windows-CloudStore/Operational
Provider          : Microsoft-Windows-CloudStore
Description       : Error 0x80070003 occurred. See event details for more information.
Opcode            :
Task              :
Keywords          : 0x8000000000000000
Process ID        : 1500
Thread ID         : 6452
Computer          : LAPTOP-VCBMR6EO
User              : LAPTOP-VCBMR6EO\eviei
==================================================
==================================================
Event Time        : 8/13/2018 5:02:01 PM.623
Record ID         : 11499
Event ID          : 6113
Level             : Error
Channel           : Microsoft-Windows-LiveId/Operational
Provider          : Microsoft-Windows-LiveId
Description       : RPC call to function WLIDAcquireTokensWithNGC returned the following error code: 0x80048051.
Opcode            :
Task              :
Keywords          : Error
Process ID        : 5872
Thread ID         : 12620
Computer          : LAPTOP-VCBMR6EO
User              : NT AUTHORITY\SYSTEM
==================================================
==================================================
Event Time        : 8/13/2018 5:02:01 PM.963
Record ID         : 3661
Event ID          : 1
Level             : Error
Channel           : Microsoft-Windows-CloudStore/Operational
Provider          : Microsoft-Windows-CloudStore
Description       : Error 0x80070003 occurred. See event details for more information.
Opcode            :
Task              :
Keywords          : 0x8000000000000000
Process ID        : 1500
Thread ID         : 6452
Computer          : LAPTOP-VCBMR6EO
User              : LAPTOP-VCBMR6EO\eviei
==================================================
==================================================
Event Time        : 8/13/2018 5:02:01 PM.963
Record ID         : 3662
Event ID          : 1
Level             : Error
Channel           : Microsoft-Windows-CloudStore/Operational
Provider          : Microsoft-Windows-CloudStore
Description       : Error 0x80070003 occurred. See event details for more information.
Opcode            :
Task              :
Keywords          : 0x8000000000000000
Process ID        : 1500
Thread ID         : 6452
Computer          : LAPTOP-VCBMR6EO
User              : LAPTOP-VCBMR6EO\eviei
==================================================
==================================================
Event Time        : 8/13/2018 5:02:01 PM.963
Record ID         : 3663
Event ID          : 1
Level             : Error
Channel           : Microsoft-Windows-CloudStore/Operational
Provider          : Microsoft-Windows-CloudStore
Description       : Error 0x80070003 occurred. See event details for more information.
Opcode            :
Task              :
Keywords          : 0x8000000000000000
Process ID        : 1500
Thread ID         : 6452
Computer          : LAPTOP-VCBMR6EO
User              : LAPTOP-VCBMR6EO\eviei
==================================================
==================================================
Event Time        : 8/13/2018 5:02:01 PM.963
Record ID         : 3664
Event ID          : 1
Level             : Error
Channel           : Microsoft-Windows-CloudStore/Operational
Provider          : Microsoft-Windows-CloudStore
Description       : Error 0x80070003 occurred. See event details for more information.
Opcode            :
Task              :
Keywords          : 0x8000000000000000
Process ID        : 1500
Thread ID         : 6452
Computer          : LAPTOP-VCBMR6EO
User              : LAPTOP-VCBMR6EO\eviei
==================================================
==================================================
Event Time        : 8/13/2018 5:02:19 PM.456
Record ID         : 4962
Event ID          : 10016
Level             : Error
Channel           : System
Provider          : Microsoft-Windows-DistributedCOM
Description       : The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Opcode            :
Task              :
Keywords          : Classic
Process ID        : 1040
Thread ID         : 1900
Computer          : LAPTOP-VCBMR6EO
User              : NT AUTHORITY\LOCAL SERVICE
==================================================
==================================================
Event Time        : 8/13/2018 5:02:19 PM.609
Record ID         : 4963
Event ID          : 7023
Level             : Error
Channel           : System
Provider          : Service Control Manager
Description       : The Interactive Services Detection service terminated with the following error:
Incorrect function.
Opcode            :
Task              :
Keywords          : Classic
Process ID        : 912
Thread ID         : 10732
Computer          : LAPTOP-VCBMR6EO
User              :
==================================================
==================================================
Event Time        : 8/13/2018 5:02:57 PM.769
Record ID         : 3665
Event ID          : 1
Level             : Error
Channel           : Microsoft-Windows-CloudStore/Operational
Provider          : Microsoft-Windows-CloudStore
Description       : Error 0x80070003 occurred. See event details for more information.
Opcode            :
Task              :
Keywords          : 0x8000000000000000
Process ID        : 1500
Thread ID         : 6452
Computer          : LAPTOP-VCBMR6EO
User              : LAPTOP-VCBMR6EO\eviei
==================================================
==================================================
Event Time        : 8/13/2018 5:02:57 PM.769
Record ID         : 3666
Event ID          : 1
Level             : Error
Channel           : Microsoft-Windows-CloudStore/Operational
Provider          : Microsoft-Windows-CloudStore
Description       : Error 0x80070003 occurred. See event details for more information.
Opcode            :
Task              :
Keywords          : 0x8000000000000000
Process ID        : 1500
Thread ID         : 6452
Computer          : LAPTOP-VCBMR6EO
User              : LAPTOP-VCBMR6EO\eviei
==================================================
==================================================
Event Time        : 8/13/2018 5:02:57 PM.769
Record ID         : 3667
Event ID          : 1
Level             : Error
Channel           : Microsoft-Windows-CloudStore/Operational
Provider          : Microsoft-Windows-CloudStore
Description       : Error 0x80070003 occurred. See event details for more information.
Opcode            :
Task              :
Keywords          : 0x8000000000000000
Process ID        : 1500
Thread ID         : 6452
Computer          : LAPTOP-VCBMR6EO
User              : LAPTOP-VCBMR6EO\eviei
==================================================
==================================================
Event Time        : 8/13/2018 5:02:57 PM.769
Record ID         : 3668
Event ID          : 1
Level             : Error
Channel           : Microsoft-Windows-CloudStore/Operational
Provider          : Microsoft-Windows-CloudStore
Description       : Error 0x80070003 occurred. See event details for more information.
Opcode            :
Task              :
Keywords          : 0x8000000000000000
Process ID        : 1500
Thread ID         : 6452
Computer          : LAPTOP-VCBMR6EO
User              : LAPTOP-VCBMR6EO\eviei
==================================================
==================================================
Event Time        : 8/13/2018 5:02:58 PM.537
Record ID         : 5311
Event ID          : 1002
Level             : Warning
Channel           : Microsoft-Windows-Known Folders API Service
Provider          : Microsoft-Windows-KnownFolders
Description       : Error 0x80070002 occurred while verifying known folder {B97D20BB-F46A-4C97-BA10-5E3608430854} with path 'C:\WINDOWS\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup'.
Opcode            :
Task              :
Keywords          : 0x8000000000000000
Process ID        : 15172
Thread ID         : 11812
Computer          : LAPTOP-VCBMR6EO
User              : NT AUTHORITY\SYSTEM
==================================================
==================================================
Event Time        : 8/13/2018 5:04:17 PM.491
Record ID         : 3973
Event ID          : 61
Level             : Warning
Channel           : Microsoft-Windows-Bits-Client/Operational
Provider          : Microsoft-Windows-Bits-Client
Description       : BITS stopped transferring the PreSignInSettingsConfigJSON transfer job that is associated with the https://g.live.com/o...ntsettings/ProdURL. The status code is 0x80072EE2.
Opcode            : Stop (2)
Task              :
Keywords          : 0x4000000000000000
Process ID        : 13196
Thread ID         : 12932
Computer          : LAPTOP-VCBMR6EO
User              : NT AUTHORITY\SYSTEM
==================================================
==================================================
Event Time        : 8/13/2018 5:05:11 PM.364
Record ID         : 3669
Event ID          : 1
Level             : Error
Channel           : Microsoft-Windows-CloudStore/Operational
Provider          : Microsoft-Windows-CloudStore
Description       : Error 0x80070003 occurred. See event details for more information.
Opcode            :
Task              :
Keywords          : 0x8000000000000000
Process ID        : 1500
Thread ID         : 6452
Computer          : LAPTOP-VCBMR6EO
User              : LAPTOP-VCBMR6EO\eviei
==================================================
==================================================
Event Time        : 8/13/2018 5:05:11 PM.364
Record ID         : 3670
Event ID          : 1
Level             : Error
Channel           : Microsoft-Windows-CloudStore/Operational
Provider          : Microsoft-Windows-CloudStore
Description       : Error 0x80070003 occurred. See event details for more information.
Opcode            :
Task              :
Keywords          : 0x8000000000000000
Process ID        : 1500
Thread ID         : 6452
Computer          : LAPTOP-VCBMR6EO
User              : LAPTOP-VCBMR6EO\eviei
==================================================
==================================================
Event Time        : 8/13/2018 5:05:11 PM.364
Record ID         : 3671
Event ID          : 1
Level             : Error
Channel           : Microsoft-Windows-CloudStore/Operational
Provider          : Microsoft-Windows-CloudStore
Description       : Error 0x80070003 occurred. See event details for more information.
Opcode            :
Task              :
Keywords          : 0x8000000000000000
Process ID        : 1500
Thread ID         : 6452
Computer          : LAPTOP-VCBMR6EO
User              : LAPTOP-VCBMR6EO\eviei
==================================================
==================================================
Event Time        : 8/13/2018 5:05:11 PM.364
Record ID         : 3672
Event ID          : 1
Level             : Error
Channel           : Microsoft-Windows-CloudStore/Operational
Provider          : Microsoft-Windows-CloudStore
Description       : Error 0x80070003 occurred. See event details for more information.
Opcode            :
Task              :
Keywords          : 0x8000000000000000
Process ID        : 1500
Thread ID         : 6452
Computer          : LAPTOP-VCBMR6EO
User              : LAPTOP-VCBMR6EO\eviei
==================================================
==================================================
Event Time        : 8/13/2018 5:05:11 PM.723
Record ID         : 3673
Event ID          : 1
Level             : Error
Channel           : Microsoft-Windows-CloudStore/Operational
Provider          : Microsoft-Windows-CloudStore
Description       : Error 0x80070003 occurred. See event details for more information.
Opcode            :
Task              :
Keywords          : 0x8000000000000000
Process ID        : 1500
Thread ID         : 9628
Computer          : LAPTOP-VCBMR6EO
User              : LAPTOP-VCBMR6EO\eviei
==================================================
==================================================
Event Time        : 8/13/2018 5:05:11 PM.723
Record ID         : 3674
Event ID          : 1
Level             : Error
Channel           : Microsoft-Windows-CloudStore/Operational
Provider          : Microsoft-Windows-CloudStore
Description       : Error 0x80070003 occurred. See event details for more information.
Opcode            :
Task              :
Keywords          : 0x8000000000000000
Process ID        : 1500
Thread ID         : 9628
Computer          : LAPTOP-VCBMR6EO
User              : LAPTOP-VCBMR6EO\eviei
==================================================
==================================================
Event Time        : 8/13/2018 5:05:11 PM.723
Record ID         : 3675
Event ID          : 1
Level             : Error
Channel           : Microsoft-Windows-CloudStore/Operational
Provider          : Microsoft-Windows-CloudStore
Description       : Error 0x80070003 occurred. See event details for more information.
Opcode            :
Task              :
Keywords          : 0x8000000000000000
Process ID        : 1500
Thread ID         : 9628
Computer          : LAPTOP-VCBMR6EO
User              : LAPTOP-VCBMR6EO\eviei
==================================================
==================================================
Event Time        : 8/13/2018 5:05:11 PM.723
Record ID         : 3676
Event ID          : 1
Level             : Error
Channel           : Microsoft-Windows-CloudStore/Operational
Provider          : Microsoft-Windows-CloudStore
Description       : Error 0x80070003 occurred. See event details for more information.
Opcode            :
Task              :
Keywords          : 0x8000000000000000
Process ID        : 1500
Thread ID         : 9628
Computer          : LAPTOP-VCBMR6EO
User              : LAPTOP-VCBMR6EO\eviei
==================================================
==================================================
Event Time        : 8/13/2018 5:05:44 PM.757
Record ID         : 3974
Event ID          : 61
Level             : Warning
Channel           : Microsoft-Windows-Bits-Client/Operational
Provider          : Microsoft-Windows-Bits-Client
Description       : BITS stopped transferring the PreSignInSettingsConfigJSON transfer job that is associated with the https://g.live.com/o...ntsettings/ProdURL. The status code is 0x80072EE2.
Opcode            : Stop (2)
Task              :
Keywords          : 0x4000000000000000
Process ID        : 13196
Thread ID         : 12932
Computer          : LAPTOP-VCBMR6EO
User              : NT AUTHORITY\SYSTEM
==================================================
==================================================
Event Time        : 8/13/2018 5:06:19 PM.021
Record ID         : 11502
Event ID          : 6113
Level             : Error
Channel           : Microsoft-Windows-LiveId/Operational
Provider          : Microsoft-Windows-LiveId
Description       : RPC call to function WLIDAcquireTokensWithNGC returned the following error code: 0x80048051.
Opcode            :
Task              :
Keywords          : Error
Process ID        : 5872
Thread ID         : 12620
Computer          : LAPTOP-VCBMR6EO
User              : NT AUTHORITY\SYSTEM
==================================================
 

 

 

 

 

 

 

 

Process CPU Private Bytes Working Set PID Description Company Name Verified Signer
System Idle Process 69.08 52 K 8 K 0   
procexp(1)64.exe 5.93 35,072 K 65,612 K 4816 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation
System 5.24 160 K 1,400 K 4   
Interrupts 5.02 0 K 0 K n/a Hardware Interrupts and DPCs  
MsMpEng.exe 4.72 356,996 K 169,488 K 3756 Antimalware Service Executable Microsoft Corporation (Verified) Microsoft Corporation
SynTPEnh.exe 4.10 7,588 K 24,364 K 11248 Synaptics TouchPad 64-bit Enhancements Synaptics Incorporated (Verified) Synaptics Incorporated
dwm.exe 2.17 58,552 K 74,680 K 11120 Desktop Window Manager Microsoft Corporation (Verified) Microsoft Windows
GoogleUpdate.exe 1.01 6,868 K 17,164 K 9644 Google Installer Google Inc. (Verified) Google Inc
csrss.exe 0.75 2,320 K 4,976 K 3484 Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows Publisher
wuauclt.exe 0.53 86,232 K 84,100 K 448 Windows Update Microsoft Corporation (Verified) Microsoft Windows
TabTip.exe 0.34 3,940 K 15,596 K 10892 Touch Keyboard and Handwriting Panel Microsoft Corporation (Verified) Microsoft Windows
GoogleUpdate.exe 0.29 2,816 K 1,820 K 14128 Google Installer Google Inc. (Verified) Google Inc
mcapexe.exe 0.28 3,008 K 2,760 K 9296 McAfee Access Protection McAfee, Inc. (Verified) McAfee
MicrosoftEdgeCP.exe 0.14 119,620 K 159,636 K 1868 Microsoft Edge Content Process Microsoft Corporation (Verified) Microsoft Corporation
SearchIndexer.exe 0.13 31,784 K 31,392 K 8628 Microsoft Windows Search Indexer Microsoft Corporation (Verified) Microsoft Windows
explorer.exe 0.07 50,924 K 118,928 K 5036 Windows Explorer Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 0.04 1,652 K 5,560 K 4656 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
ModuleCoreService.exe 0.03 27,324 K 37,468 K 3556 McAfee Module Core Service McAfee, Inc. (Verified) McAfee
svchost.exe 0.02 38,840 K 44,644 K 4756 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
MfeAVSvc.exe 0.02 11,156 K 8,516 K 9352 McAfee Cloud AV McAfee, Inc. (Verified) McAfee
CCleaner64.exe 0.02 10,520 K 29,892 K 7960 CCleaner Piriform Ltd (Verified) Piriform Ltd
iPodService.exe 0.01 2,336 K 7,800 K 7608 iPod Service Apple Inc. (Verified) Apple Inc.
csrss.exe 0.01 1,840 K 5,300 K 696 Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows Publisher
IntuitUpdateService.exe 0.01 18,836 K 10,144 K 12252 Intuit Update Service Intuit Inc. (Verified) Intuit
iCloudServices.exe 0.01 45,312 K 51,680 K 4064 iCloud Services Apple Inc. (Verified) Apple Inc.
esif_assist_64.exe 0.01 1,392 K 5,108 K 4980 Intel® Dynamic Platform and Thermal Framework Utility Application Intel Corporation (Verified) Intel® Software
svchost.exe < 0.01 42,140 K 45,460 K 1968 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
setup.exe < 0.01 3,132 K 8,492 K 12460 Google Chrome Installer Google Inc. (Verified) Google Inc
FullEventLogView.exe < 0.01 14,896 K 42,220 K 7284 FullEventLogView NirSoft (Verified) Nir Sofer
svchost.exe < 0.01 8,372 K 13,456 K 1040 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
AppleMobileDeviceService.exe < 0.01 3,480 K 10,248 K 3344 MobileDeviceService Apple Inc. (Verified) Apple Inc.
svchost.exe < 0.01 6,320 K 18,596 K 7484 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe < 0.01 4,444 K 15,508 K 5872 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
fontdrvhost.exe < 0.01 3,860 K 9,012 K 13360 Usermode Font Driver Host Microsoft Corporation (Verified) Microsoft Windows
iTunesHelper.exe < 0.01 4,564 K 15,080 K 12280 iTunesHelper Apple Inc. (Verified) Apple Inc.
svchost.exe < 0.01 5,940 K 22,676 K 1092 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe < 0.01 3,196 K 11,724 K 2356 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
sedlauncher.exe < 0.01 4,144 K 872 K 10576 sedlauncher Microsoft Corporation (Verified) Microsoft Windows
MpCmdRun.exe < 0.01 3,800 K 11,708 K 7848 Microsoft Malware Protection Command Line Utility Microsoft Corporation (Verified) Microsoft Corporation
sedsvc.exe < 0.01 2,444 K 8,292 K 12032 sedsvc Microsoft Corporation (Verified) Microsoft Windows
WUDFHost.exe  25,092 K 13,076 K 548 Windows Driver Foundation - User-mode Driver Framework Host Process Microsoft Corporation (Verified) Microsoft Windows
wlanext.exe  2,004 K 6,600 K 3040 Windows Wireless LAN 802.11 Extensibility Framework Microsoft Corporation (Verified) Microsoft Windows
winlogon.exe  2,324 K 8,172 K 10604 Windows Logon Application Microsoft Corporation (Verified) Microsoft Windows
wininit.exe  1,428 K 5,856 K 780 Windows Start-Up Application Microsoft Corporation (Verified) Microsoft Windows Publisher
Windows.WARP.JITService.exe  1,172 K 5,100 K 12892   (Verified) Microsoft Windows
taskhostw.exe  8,524 K 18,528 K 8640 Host Process for Windows Tasks Microsoft Corporation (Verified) Microsoft Windows
TabTip32.exe  1,356 K 4,788 K 5492 Touch Keyboard and Handwriting Panel Helper Microsoft Corporation (Verified) Microsoft Windows
SynTPHelper.exe  1,020 K 4,552 K 12576 Synaptics Pointing Device Helper Synaptics Incorporated (Verified) Synaptics Incorporated
SynTPEnhService.exe  1,236 K 4,352 K 3688 64-bit Synaptics Pointing Enhance Service Synaptics Incorporated (Verified) Synaptics Incorporated
svchost.exe  4,836 K 15,840 K 12356 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe  9,388 K 25,852 K 3404 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe  12,724 K 27,840 K 520 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe  4,828 K 13,252 K 3352 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe  23,480 K 25,588 K 1572 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe  10,800 K 20,208 K 13196 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe  2,820 K 13,220 K 3028 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe  3,444 K 11,140 K 8716 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe  2,468 K 8,780 K 1636 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe  3,416 K 12,948 K 15148 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe  7,804 K 26,260 K 1132 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe  2,080 K 6,048 K 4188 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe  20,656 K 27,128 K 3416 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe  5,236 K 12,752 K 2464 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe  5,508 K 12,084 K 1892 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe  2,248 K 11,200 K 6080 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe  2,080 K 7,544 K 3160 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe  13,928 K 21,360 K 1296 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe  2,312 K 8,220 K 3548 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe  2,420 K 6,884 K 1096 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe  3,284 K 13,868 K 1352 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe  2,536 K 7,212 K 1780 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe  7,212 K 14,712 K 1424 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe  3,284 K 10,028 K 2324 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe  1,668 K 5,612 K 13992 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe  2,500 K 7,100 K 2808 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe  3,868 K 12,076 K 2596 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe  4,864 K 13,772 K 3448 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe  4,200 K 9,860 K 2072 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe  6,380 K 26,548 K 8028 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe  2,024 K 9,600 K 8492 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe  3,576 K 15,644 K 6808 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe  3,288 K 8,044 K 2580 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe  4,564 K 12,416 K 5944 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe  5,468 K 14,540 K 2936 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe  4,856 K 19,504 K 3772 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe  2,052 K 6,088 K 2604 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe  2,268 K 9,636 K 8464 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe  2,032 K 7,436 K 1980 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe  4,184 K 8,464 K 3328 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe  2,752 K 10,304 K 1500 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe  7,080 K 10,632 K 1684 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe  1,268 K 5,336 K 1988 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe  3,544 K 9,380 K 5912 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe  2,052 K 8,052 K 1444 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe  2,472 K 7,332 K 4908 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe  2,844 K 10,228 K 3696 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe  1,708 K 7,460 K 2212 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe  1,624 K 5,632 K 8840 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe  3,796 K 7,800 K 7096 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe  1,372 K 5,808 K 8060 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe  2,452 K 8,444 K 11544 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe  1,764 K 6,664 K 5124 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe  3,336 K 13,744 K 11452 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe  2,392 K 9,392 K 7760 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe  2,820 K 6,880 K 3476 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe  1,776 K 7,356 K 1764 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe  2,284 K 9,208 K 1364 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe  2,212 K 8,784 K 5904 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe  1,900 K 7,476 K 2204 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe  2,072 K 10,876 K 1824 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe  2,524 K 10,264 K 3592 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe  1,652 K 6,076 K 3364 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe  1,568 K 6,448 K 12840 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe  2,232 K 9,392 K 10136 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe  1,980 K 9,440 K 2144 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe  1,540 K 7,136 K 12148 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe  1,560 K 5,928 K 3640 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe  1,256 K 5,140 K 3740 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe  1,396 K 5,544 K 7192 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe  928 K 3,520 K 404 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
spoolsv.exe  6,520 K 12,976 K 2900 Spooler SubSystem App Microsoft Corporation (Verified) Microsoft Windows
smss.exe  460 K 1,000 K 428 Windows Session Manager Microsoft Corporation (Verified) Microsoft Windows Publisher
smartscreen.exe  9,676 K 15,412 K 6168 Windows Defender SmartScreen Microsoft Corporation (Verified) Microsoft Windows
SkypeHost.exe Suspended 2,652 K 5,264 K 14804 Microsoft Skype Microsoft Corporation (No signature was present in the subject) Microsoft Corporation
sihost.exe  7,188 K 27,752 K 10608 Shell Infrastructure Host Microsoft Corporation (Verified) Microsoft Windows
ShellExperienceHost.exe Suspended 47,672 K 59,020 K 7904 Windows Shell Experience Host Microsoft Corporation (Verified) Microsoft Windows
setup.exe  3,108 K 7,748 K 12912 Google Chrome Installer Google Inc. (Verified) Google Inc
SettingSyncHost.exe  10,612 K 9,428 K 684 Host Process for Setting Synchronization Microsoft Corporation (Verified) Microsoft Windows
services.exe  5,696 K 9,244 K 912 Services and Controller app Microsoft Corporation (Verified) Microsoft Windows Publisher
SecurityHealthService.exe  4,360 K 14,608 K 3648 Windows Security Health Service Microsoft Corporation (Verified) Microsoft Windows Publisher
secd.exe  8,784 K 16,972 K 9000 Apple Security Manager Apple, Inc. (Verified) Apple Inc.
SearchUI.exe Suspended 97,156 K 86,140 K 8960 Search and Cortana application Microsoft Corporation (Verified) Microsoft Windows
ScanToPCActivationApp.exe  3,768 K 16,288 K 12684 ScanToPCActivationApp Hewlett-Packard Co. (Verified) Hewlett Packard
RuntimeBroker.exe  10,016 K 30,996 K 3056 Runtime Broker Microsoft Corporation (Verified) Microsoft Windows
RuntimeBroker.exe  4,788 K 28,628 K 6884 Runtime Broker Microsoft Corporation (Verified) Microsoft Windows
RuntimeBroker.exe  5,732 K 24,268 K 10740 Runtime Broker Microsoft Corporation (Verified) Microsoft Windows
RuntimeBroker.exe  2,136 K 11,972 K 11052 Runtime Broker Microsoft Corporation (Verified) Microsoft Windows
RuntimeBroker.exe  8,832 K 27,812 K 4152 Runtime Broker Microsoft Corporation (Verified) Microsoft Windows
RtkNGUI64.exe  7,348 K 14,064 K 1668 Realtek HD Audio Manager Realtek Semiconductor (Verified) Realtek Semiconductor Corp.
RtkAudioService64.exe  1,952 K 7,508 K 2384 Realtek Audio Service Realtek Semiconductor (Verified) Realtek Semiconductor Corp.
procexp(1).exe  3,012 K 10,240 K 6844 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation
PresentationFontCache.exe  25,080 K 15,424 K 6676 PresentationFontCache.exe Microsoft Corporation (Verified) Microsoft Corporation
PEFService.exe  2,924 K 2,972 K 3632 McAfee PEF Service McAfee, Inc. (Verified) McAfee
OneDrive.exe  14,404 K 44,656 K 12152 Microsoft OneDrive Microsoft Corporation (Verified) Microsoft Corporation
OfficeClickToRun.exe  32,836 K 42,904 K 3372 Microsoft Office Click-to-Run (SxS) Microsoft Corporation (Verified) Microsoft Corporation
notepad.exe  3,588 K 17,992 K 1552 Notepad Microsoft Corporation (Verified) Microsoft Windows
NisSrv.exe  5,124 K 8,092 K 6376 Microsoft Network Realtime Inspection Service Microsoft Corporation (Verified) Microsoft Corporation
MSASCuiL.exe  2,008 K 9,324 K 12792 Windows Defender notification icon Microsoft Corporation (Verified) Microsoft Windows
MpSigStub.exe  1,636 K 6,844 K 11136   
MpCmdRun.exe  2,320 K 8,176 K 15256 Microsoft Malware Protection Command Line Utility Microsoft Corporation (Verified) Microsoft Corporation
mpam-3d9702db.exe  2,048 K 5,232 K 12192 AntiMalware Definition Update Microsoft Corporation (Verified) Microsoft Corporation
ModuleCoreService.exe  11,948 K 7,132 K 3464 McAfee Module Core Service McAfee, Inc. (Verified) McAfee
MMSSHOST.exe  26,856 K 31,280 K 4956 McAfee Management Service Host McAfee, Inc. (Verified) McAfee
MicrosoftEdgeCP.exe  5,988 K 25,772 K 5920 Microsoft Edge Content Process Microsoft Corporation (Verified) Microsoft Corporation
MicrosoftEdgeCP.exe  5,932 K 24,792 K 4840 Microsoft Edge Content Process Microsoft Corporation (Verified) Microsoft Corporation
MicrosoftEdgeCP.exe  5,972 K 24,488 K 10984 Microsoft Edge Content Process Microsoft Corporation (Verified) Microsoft Corporation
MicrosoftEdgeCP.exe  5,692 K 23,124 K 6744 Microsoft Edge Content Process Microsoft Corporation (Verified) Microsoft Corporation
MicrosoftEdge.exe  32,708 K 84,956 K 12484 Microsoft Edge Microsoft Corporation (Verified) Microsoft Corporation
mfevtps.exe  5,348 K 9,628 K 5076 McAfee Process Validation Service McAfee LLC (Verified) McAfee
mfevtps.exe  1,880 K 5,480 K 9016 McAfee Process Validation Service McAfee LLC (Verified) McAfee
mfemms.exe  2,556 K 6,952 K 3516 McAfee Management Service McAfee LLC (Verified) McAfee
mfefire.exe  2,500 K 8,676 K 5524 McAfee Core Firewall Service McAfee LLC (Verified) McAfee
Memory Compression  620 K 97,136 K 1156   
McUICnt.exe  15,156 K 22,868 K 12964 McAfee McAfee, Inc. (Verified) McAfee
mcshield.exe  33,048 K 8,604 K 10076 McAfee Scanner service McAfee LLC. (Verified) McAfee
McCSPServiceHost.exe  7,180 K 9,848 K 11072 McAfee CSP Service Host McAfee, Inc. (Verified) McAfee
lsass.exe  9,336 K 16,780 K 936 Local Security Authority Process Microsoft Corporation (Verified) Microsoft Windows Publisher
jhi_service.exe  1,204 K 5,404 K 12228 Intel® Dynamic Application Loader Host Interface Intel Corporation (Verified) Intel Corporation - Embedded Subsystems and IP Blocks Group
igfxHK.exe  2,452 K 9,120 K 944 igfxHK Module Intel Corporation (Verified) Intel® pGFX
igfxEM.exe  3,624 K 12,716 K 10960 igfxEM Module Intel Corporation (Verified) Intel® pGFX
igfxCUIService.exe  1,968 K 7,840 K 2108 igfxCUIService Module Intel Corporation (Verified) Intel® pGFX
iCloudPhotos.exe  14,756 K 33,720 K 12880 iCloud Photo Library Apple Inc. (Verified) Apple Inc.
iCloudDrive.exe  12,148 K 29,912 K 9304 iCloud Drive Apple Inc. (Verified) Apple Inc.
hpwuschd2.exe  1,268 K 6,360 K 8756 hpwuSchd Application Hewlett-Packard (Verified) Hewlett-Packard Company
HPWMISVC.exe  1,724 K 7,608 K 11780 HP WMI Service HP Inc. (Verified) HP Inc.
HPSupportSolutionsFrameworkService.exe  38,676 K 31,824 K 11940 HP Support Solutions Framework Service HP Inc. (Verified) HP Inc.
HPSF.exe  25,864 K 8,172 K 15048 HP Support Assistant HP Inc. (Verified) HP Inc.
HPRadioMgr64.exe  1,980 K 9,024 K 13596 HP Radio Manager HP (Verified) HP Inc.
HPOrbitService.exe  2,860 K 8,412 K 4500 HP Orbit HP Inc. (Verified) HP Inc.
HPJumpStartLaunch.exe  3,852 K 556 K 12744   (Verified) HP Inc.
HPJumpStartBridge.exe  16,224 K 28,248 K 11764 HP JumpStart Bridge HP Inc. (Verified) HP Inc.
HPCommRecovery.exe  13,684 K 16,588 K 12016 CommRecovery HP Inc. (No signature was present in the subject) HP Inc.
HPAudioSwitch.exe  33,708 K 44,008 K 7744 HPAudioSwitch HP Inc. (Verified) HP Inc.
GoogleUpdate.exe  2,252 K 340 K 12512 Google Installer Google Inc. (Verified) Google Inc
fontdrvhost.exe  2,016 K 3,704 K 540 Usermode Font Driver Host Microsoft Corporation (Verified) Microsoft Windows
esif_uf.exe  1,952 K 6,724 K 3384 Intel® Dynamic Platform and Thermal Framework Intel Corporation (Verified) Intel® Software
DropboxUpdate.exe  2,160 K 232 K 6784 Dropbox Update Dropbox, Inc. (Verified) Dropbox
dllhost.exe  2,112 K 10,268 K 9328 COM Surrogate Microsoft Corporation (Verified) Microsoft Windows
dasHost.exe  7,552 K 18,464 K 4156 Device Association Framework Provider Host Microsoft Corporation (Verified) Microsoft Windows
ctfmon.exe  3,344 K 14,448 K 12292 CTF Loader Microsoft Corporation (Verified) Microsoft Windows
conhost.exe  1,188 K 252 K 12208 Console Window Host Microsoft Corporation (Verified) Microsoft Windows
conhost.exe  5,300 K 6,144 K 10344 Console Window Host Microsoft Corporation (Verified) Microsoft Windows
conhost.exe  1,180 K 4,816 K 3068 Console Window Host Microsoft Corporation (Verified) Microsoft Windows
CompatTelRunner.exe  28,708 K 20,452 K 14420 Microsoft Compatibility Telemetry Microsoft Corporation (Verified) Microsoft Windows
browser_broker.exe  7,804 K 29,272 K 668 Browser_Broker Microsoft Corporation (Verified) Microsoft Windows
audiodg.exe  11,532 K 17,572 K 11516 Windows Audio Device Graph Isolation  Microsoft Corporation (Verified) Microsoft Windows
armsvc.exe  1,392 K 6,188 K 3336 Adobe Acrobat Update Service Adobe Systems Incorporated (Verified) Adobe Systems
APSDaemon.exe  4,996 K 15,964 K 5756 Apple Push Apple Inc. (Verified) Apple Inc.
ApplicationFrameHost.exe  9,824 K 29,008 K 13020 Application Frame Host Microsoft Corporation (Verified) Microsoft Windows
68.0.3440.106_chrome_installer.exe  1,716 K 2,324 K 3200 Google Chrome Installer Google Inc. (Verified) Google Inc

 

 

 

I am running an Elevated Command Prompt, the cmd window says "Administrator Command Prompt" at the top left.

241ldf6.jpg


Edited by psjbob, Yesterday, 03:57 PM.

  • 0

#6
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,885 posts
  • MVP

Appears tasklist.exe does not exist or is not usable on your PC.  Normally it live in System32.  Open FRST.  Put

tasklist.exe

in the FRST Search Box and Search Files.  You will get one file.  If it shows any tasklist.exe files then copy and paste it to a reply.

 

Your logs show CloudStore is not working.  (perhaps the login is incorrect)  There should be a cloud like icon (usually in the hidden icons - click on the up arrow to the left of the clock).  This is the control for One Drive which I assume is the cloud store.

 

See:

https://support.offi...&rs=en-US&ad=US

 

I would disable it for now and see if that helps.

 

 

Also something is wrong with Bits.  Try clearing the Bits cache:

 

net stop BITS
ipconfig /flushdns
ren "%ALLUSERSPROFILE%\Application Data\Microsoft\Network\Downloader\qmgr0.dat" qmgr0.dat.old
ren "%ALLUSERSPROFILE%\Application Data\Microsoft\Network\Downloader\qmgr1.dat" qmgr1.dat.old
net start BITS

 

You should be able to copy the five line and then go to your Elevated Command Prompt and right click and Paste.  Hit Enter if the prompt doesn't return.

 

 

Process Epxlorer shows a very slow system:

 

System Idle Process 69.08 52 K 8 K 0   
procexp(1)64.exe 5.93 35,072 K 65,612 K 4816 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation
System 5.24 160 K 1,400 K 4   
Interrupts 5.02 0 K 0 K n/a Hardware Interrupts and DPCs  
MsMpEng.exe 4.72 356,996 K 169,488 K 3756 Antimalware Service Executable Microsoft Corporation (Verified) Microsoft Corporation
SynTPEnh.exe 4.10 7,588 K 24,364 K 11248 Synaptics TouchPad 64-bit Enhancements Synaptics Incorporated (Verified) Synaptics Incorporated

 

 

 

 

Interrupts at 5.02 usually means a bad driver.  (Perhaps the touchpad driver needs updating as it is using too much CPU)

 

Also Windows Defender is running.  McAfee should have turned it off so they won't fight each other but McAfee is a piece of junk so I am not surprised.  Are you paying for McAfee?

 

See if Latency Monitor will show us anything:

Go to

http://www.resplendence.com/downloads

Scroll down to

System Monitoring Tools

and then find

LatencyMon 6.70 (or it may be a higher number if they update)

Click on Download free home edition

Save it then right click and Run As Admin.  It will install and then start the program.  
It will tell you to click on the Start button but there isn't one.  
Instead click on the green arrowhead (looks like a Play button).   Let it run for at least 20 seconds.  Then hit the red box to stop it.

Edit, Copy Report text to Clipboard then move to a REPLY and Ctrl + v to paste the text into a reply.

 

I downloaded VEW on my WIn 10 and it seems to work as expected.  Looking at the FRST logs I see:

 

 
Could not list restore points
Check "winmgmt" service or repair WMI.

==================== Faulty Device Manager Devices =============
Could not list Devices. Check "winmgmt" service or repair WMI.

 

 

 

 

and if VEW uses wmi that would explain why it doesn't work.  There is also no sign of WMI running in Process Explorer. 

 

Search for

services.msc

hit Enter.

 

This should bring up the services window.  Look for

Windows Management Instrumentation

right click and select Properties then verify the Startup Type is set to Automatic (Apply if you need to change it.)  Then START the service.  Do you get an error?


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP