Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help

User Tag List

Need Help with Computer Issues

This is a discussion on Need Help with Computer Issues within the Virus/Trojan/Spyware Help forums, part of the Tech Support Forum category. This computer and my wife's computer are set up with file sharing and both are having issues. I want to


Reply
 
Thread Tools Search this Thread
Old 05-03-2020, 11:51 AM   #1
Registered Member
 
Join Date: Jan 2005
Location: Colorado
Posts: 56
OS: Windows 8.1



This computer and my wife's computer are set up with file sharing and both are having issues. I want to get this computer fixed and then I will probably have to do this again with my wife's.

This computer becomes non responsive and hangs often. It will also not open programs and I have to restart it to get it to open the program. I do not have install disks or reboot disks.

Here is my log Thank you:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 03-05-2020
Ran by Daniel (administrator) on HOMEPC (Hewlett-Packard 23-g017c) (03-05-2020 12:32:48)
Running from C:\Users\Daniel\Desktop
Loaded Profiles: Daniel & QBDataServiceUser28 (Available Profiles: Daniel & QBDataServiceUser28)
Platform: Windows 8.1 (Update) (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

( (Advanced Micro Devices Inc.) [File not signed]) [File is in use ] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
( (ATI Technologies Inc.) [File not signed]) [File is in use ] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
() [File not signed] C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe
() [File not signed] C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
(Adobe Inc. -> Adobe Systems) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Andrea Electronics -> Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(CyberLink Corp. -> CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(CyberLink Corp. -> CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe
(CyberLink Corp. -> CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <21>
(HP Inc -> HP Inc.) C:\Program Files\HP\HP OfficeJet Pro 9010 series\Bin\HPNetworkCommunicatorCom.exe
(HP Inc -> HP Inc.) C:\Program Files\HP\HP OfficeJet Pro 9010 series\Bin\ScanToPCActivationApp.exe
(HP Inc. -> HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Intuit Inc.) [File not signed] C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe
(Intuit, Inc. -> Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
(Intuit, Inc. -> Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(McAfee, Inc. -> McAfee LLC.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(McAfee, Inc. -> McAfee, LLC) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
(McAfee, Inc. -> McAfee, LLC) C:\Windows\System32\mfevtps.exe
(McAfee, LLC -> McAfee, LLC.) C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe <2>
(McAfee, LLC. -> McAfee, LLC) C:\Program Files\Common Files\McAfee\VSCore_20_1\mcapexe.exe
(McAfee, LLC. -> McAfee, LLC.) C:\Program Files\Common Files\McAfee\CSP\3.4.105.0\McCSPServiceHost.exe
(McAfee, LLC. -> McAfee, LLC.) C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHOST.exe
(McAfee, LLC. -> McAfee, LLC.) C:\Program Files\Common Files\McAfee\ModuleCore\ProtectedModuleHost.exe
(McAfee, LLC. -> McAfee, LLC.) C:\Program Files\Common Files\McAfee\PEF\CORE\PEFService.exe
(McAfee, LLC. -> McAfee, LLC.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(McAfee, LLC. -> McAfee, LLC.) C:\Program Files\mcafee\MfeAV\MfeAVSvc.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\livecomm.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atiesrxx.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe <2>
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(SAP -> SAP SE or an SAP affiliate company) C:\Program Files (x86)\Intuit\QuickBooks 2018\QBDBMgrN.exe
(Softex Inc.) [File not signed] C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe
(Wondershare Technology Co.,Ltd -> Wondershare) C:\Program Files (x86)\Wondershare\WAF\2.4.3.228\WsAppService.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7198424 2013-08-23] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [SimplePass] => C:\Program Files\Hewlett-Packard\SimplePass\HPSmplPass.exe [2755640 2013-09-26] (Softex Incorporated -> Hewlett-Packard)
HKLM\...\Run: [OPBHOBroker] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe [155704 2013-09-26] (Softex Incorporated -> Hewlett-Packard)
HKLM\...\Run: [OPBHOBrokerDesktop] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe [155704 2013-09-26] (Softex Incorporated -> Hewlett-Packard)
HKLM-x32\...\Run: [StartCCC] => c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-09-11] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [YouCam Service] => c:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [267224 2013-09-01] (CyberLink Corp. -> CyberLink Corp.)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
HKU\S-1-5-21-541829613-2727475704-1047741498-1001\...\Run: [Spotify] => C:\Users\Daniel\AppData\Roaming\Spotify\Spotify.exe [22825376 2020-03-18] (Spotify AB -> Spotify Ltd)
HKU\S-1-5-21-541829613-2727475704-1047741498-1001\...\Run: [HP OfficeJet Pro 9010 series (NET)] => C:\Program Files\HP\HP OfficeJet Pro 9010 series\Bin\ScanToPCActivationApp.exe [4071840 2018-12-10] (HP Inc -> HP Inc.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\81.0.4044.129\Installer\chrmstp.exe [2020-05-01] (Google LLC -> Google LLC)
HKLM\Software\...\Authentication\Credential Providers: [{538C240D-3DEE-4032-AB4C-08A3A6EB0861}] -> c:\Program Files (x86)\CyberLink\YouCam\CLCredProv\x64\CLCredProv.dll [2013-09-01] (CyberLink Corp. -> CyberLink)
HKLM\Software\...\Authentication\Credential Providers: [{F3F1B0FA-4775-41d8-8578-436772D93FB4}] -> C:\Program Files\Hewlett-Packard\SimplePass\OmniPassCredProv.dll [2013-09-26] (Softex Inc..) [File not signed]
HKLM\Software\...\Authentication\Credential Provider Filters: [{F3F1B0FA-4775-41d8-8578-436772D93FB4}] -> C:\Program Files\Hewlett-Packard\SimplePass\OmniPassCredProv.dll [2013-09-26] (Softex Inc..) [File not signed]
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Intuit Data Protect.lnk [2018-06-27]
ShortcutTarget: Intuit Data Protect.lnk -> C:\Program Files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe (Intuit, Inc. -> Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk [2018-06-27]
ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit, Inc. -> Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnk [2018-06-27]
ShortcutTarget: QuickBooks_Standard_21.lnk -> C:\Program Files (x86)\Intuit\QuickBooks 2018\QBW32.EXE (Intuit, Inc. -> Intuit Inc.)

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {06E88D07-CDDD-4236-89D6-507411BA70E3} - System32\Tasks\QBScheduledReport => C:\Program Files (x86)\Common Files\Intuit\QuickBooks\ScheduledReports\ScheduledReports.Scheduler.exe [382792 2020-04-22] (Intuit, Inc. -> Intuit Inc.)
Task: {09C60F2A-CAF7-4D25-B31C-D604943D898C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-03-22] (Google Inc -> Google Inc.)
Task: {0CC6F4A5-F5F4-4798-8625-EEFEDE288F97} - System32\Tasks\HPCustParticipation HP OfficeJet Pro 9010 series => C:\Program Files\HP\HP OfficeJet Pro 9010 series\Bin\HPCustPartic.exe [6692256 2019-07-25] (HP Inc -> HP Inc.)
Task: {15360D51-ED96-43B7-90AE-401BD20E3610} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [115448 2020-04-21] (Microsoft Corporation -> Microsoft Corporation)
Task: {28AA727C-8D2E-43A7-AF69-D11CE7FB588F} - System32\Tasks\DRScanner Startup => C:\Program Files (x86)\Trend Micro\DRScanner\DRScanner.exe [6078920 2020-02-22] (Trend Micro, Inc. -> Trend Micro Inc.)
Task: {313AEF4F-7D6C-4835-8955-03B0A6672BC5} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1242704 2020-02-25] (Adobe Inc. -> Adobe Systems)
Task: {3AC1688A-6DFA-4174-B766-D6A7E5EBA99A} - System32\Tasks\McAfee\McAfee Auto Maintenance Task Agent => {ABCECA3B-EA5A-496B-A021-5C6BAB365E5C} C:\Program Files\Common Files\McAfee\TaskScheduler\McAMTaskAgent.exe [1072312 2020-02-04] (McAfee, LLC. -> McAfee, LLC.)
Task: {3B991AB2-DF08-4B7E-ADE6-8067E2D66CBF} - System32\Tasks\CLVDLauncher => c:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [339008 2013-03-12] (CyberLink Corp. -> CyberLink Corp.)
Task: {58FFC590-CF60-46D2-AAB2-6281799D1246} - System32\Tasks\McAfeeLogon => C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe [761424 2020-02-05] (McAfee, LLC. -> McAfee, LLC.)
Task: {5AFDECD2-9DFD-46E4-A942-BB3DF15DD061} - System32\Tasks\CLMLSvc_P2G8 => c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111576 2013-08-05] (CyberLink Corp. -> CyberLink)
Task: {73185AEF-8404-4D02-A5B0-CEBB734BB90B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe
Task: {8B87510D-F4BA-4ADB-BEFC-AB713F1F5F46} - System32\Tasks\McAfee\DAD.Execute.Updates => C:\Program Files\Common Files\McAfee\DynamicAppDownloader\1.4.134\DADUpdater.exe [4147336 2020-03-20] (McAfee, Inc. -> McAfee, LLC)
Task: {91ABDF8F-89D3-4726-BADB-BFE6279ED64A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe
Task: {A5D57E65-1848-45A9-BB2A-FAA572CEE97E} - System32\Tasks\G2MUpdateTask-S-1-5-21-541829613-2727475704-1047741498-1001 => C:\Users\Daniel\AppData\Local\GoToMeeting\17359\g2mupdate.exe [32256 2020-04-07] (LogMeIn, Inc. -> LogMeIn, Inc.)
Task: {C68E3F0F-D3F9-4637-A1A9-EFB3AEED985E} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [24702832 2020-04-10] (Microsoft Corporation -> Microsoft Corporation)
"C:\Windows\System32\Tasks\McAfee\McAfee Idle Detection Task" was unlocked. <==== ATTENTION
Task: {C7D35114-9D71-43D8-AF78-85FFC3B8507C} - System32\Tasks\McAfee\McAfee Idle Detection Task => {ABCDCA3B-DE6B-5A7C-B132-6D7CBA63E5C5} C:\Program Files\Common Files\McAfee\TaskScheduler\McAMTaskAgent.exe [1072312 2020-02-04] (McAfee, LLC. -> McAfee, LLC.)
Task: {C7F3C1AB-A73E-4AF8-8DB8-D32C98405B6C} - System32\Tasks\G2MUploadTask-S-1-5-21-541829613-2727475704-1047741498-1001 => C:\Users\Daniel\AppData\Local\GoToMeeting\17359\g2mupload.exe [32256 2020-04-07] (LogMeIn, Inc. -> LogMeIn, Inc.)
Task: {CC000EA5-7F82-4A2D-BD46-07436DA43168} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [1448320 2020-04-21] (Microsoft Corporation -> Microsoft Corporation)
Task: {CCF02621-7482-4A3C-AEDA-F1C7E1C44E99} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-03-22] (Google Inc -> Google Inc.)
Task: {D1CA06C3-5F53-4C2A-B64D-B268FCF3A68D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [136056 2019-01-02] (HP Inc. -> HP Inc.)
Task: {D31A61B3-7829-4180-81EB-7D1E25E33A69} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [115448 2020-04-21] (Microsoft Corporation -> Microsoft Corporation)
Task: {D8D0DB40-F8D7-4AB6-B474-8C722FF5F43A} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee VirusScan\upgrade.exe [4552120 2020-01-06] (McAfee, LLC -> McAfee, LLC.)
Task: {DD97FD2C-C168-4224-BC20-ED3965425688} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [24702832 2020-04-10] (Microsoft Corporation -> Microsoft Corporation)
Task: {DE923C74-FCB0-48B8-84A3-58017D2B2C84} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [651632 2017-09-27] (HP Inc. -> HP Inc.)
Task: {EED6E666-6A5C-4D29-943C-36FB38CD5F45} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task => {3519154C-227E-47F3-9CC9-12C3F05817F1}
Task: {FA5348E8-24A2-4C97-856B-DD5FAC1BC928} - System32\Tasks\McAfee\McAfee DAT Built in test => C:\Program Files\Common Files\McAfee\AMContent\scanners\x86_64\datrep\1.0.9.577\mcdatrep.exe [1826656 2019-12-12] (McAfee, Inc. -> McAfee, LLC.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-541829613-2727475704-1047741498-1001.job => C:\Users\Daniel\AppData\Local\GoToMeeting\17359\g2mupdate.exe
Task: C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-541829613-2727475704-1047741498-1001.job => C:\Users\Daniel\AppData\Local\GoToMeeting\17359\g2mupload.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 07 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704 2011-08-31] (Apple Inc. -> Apple Inc.)
Winsock: Catalog5-x64 07 C:\Program Files\Bonjour\mdnsNSP.dll [132968 2011-08-31] (Apple Inc. -> Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.88.1
Tcpip\..\Interfaces\{D4308C2F-E7B5-424E-98F9-2EBCD3AE793F}: [DhcpNameServer] 192.168.88.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPDSK14/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPDSK14/1
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPDSK14/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPDSK14/1
HKU\S-1-5-21-541829613-2727475704-1047741498-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPDSK14/1
HKU\S-1-5-21-541829613-2727475704-1047741498-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPDSK14/1
HKU\S-1-5-21-541829613-2727475704-1047741498-1004\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPDSK14/1
HKU\S-1-5-21-541829613-2727475704-1047741498-1004\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPDSK14/1
URLSearchHook: [S-1-5-21-541829613-2727475704-1047741498-1004] ATTENTION => Default URLSearchHook is missing
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\S-1-5-21-541829613-2727475704-1047741498-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\S-1-5-21-541829613-2727475704-1047741498-1004 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2020-01-13] (Microsoft Corporation -> Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll => No File
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll => No File
Handler-x32: intu-help-qb11 - {5AFDE6E8-AD0F-450B-818F-21D1CDC2E3EE} - C:\Program Files (x86)\Intuit\QuickBooks 2018\HelpAsyncPluggableProtocol.dll [2020-04-22] (Intuit, Inc. -> Intuit, Inc.)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2020-04-07] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2020-04-07] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2020-04-07] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2020-04-07] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\SysWOW64\mscoree.dll [2013-08-21] (Microsoft Windows -> Microsoft Corporation)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files\McAfee\MSC\McSnIePl64.dll [2020-02-05] (McAfee, LLC. -> McAfee, LLC.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files (x86)\McAfee\MSC\McSnIePl.dll [2020-02-05] (McAfee, LLC. -> McAfee, LLC.)

FireFox:
========
FF Plugin: @mcafee.com/MSC,version=10 -> C:\Program Files\McAfee\MSC\npMcSnFFPl64.dll [2020-02-05] (McAfee, LLC. -> )
FF Plugin-x32: @mcafee.com/MSC,version=10 -> C:\Program Files (x86)\McAfee\MSC\npMcSnFFPl.dll [2020-02-05] (McAfee, LLC. -> )
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2020-01-13] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2013-02-05] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @wildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2012-10-12] (WildTangent Inc -> )
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2020-03-05] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-541829613-2727475704-1047741498-1001: @zoom.us/ZoomVideoPlugin -> C:\Users\Daniel\AppData\Roaming\Zoom\bin\npzoomplugin.dll [2020-04-22] (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FF Plugin HKU\S-1-5-21-541829613-2727475704-1047741498-1001: SkypeForBusinessPlugin-16.2 -> C:\Users\Daniel\AppData\Local\Microsoft\SkypeForBusinessPlugin\16.2.0.511\npGatewayNpapi.dll [2019-08-03] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin HKU\S-1-5-21-541829613-2727475704-1047741498-1001: SkypeForBusinessPlugin64-16.2 -> C:\Users\Daniel\AppData\Local\Microsoft\SkypeForBusinessPlugin\16.2.0.511\npGatewayNpapi-x64.dll [2019-08-03] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Users\Daniel\AppData\Roaming\mozilla\plugins\npatgpc.dll [2020-04-24]

Chrome:
=======
CHR Profile: C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default [2020-05-03]
CHR Notifications: Default -> hxxps://calendar.google.com; hxxps://www.facebook.com
CHR Extension: (Docs) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-03-22]
CHR Extension: (Google Drive) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-03-22]
CHR Extension: (WOT Web of Trust, Website Reputation Ratings) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2020-03-30]
CHR Extension: (YouTube) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-03-22]
CHR Extension: (Adblock Plus - free ad blocker) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2020-04-06]
CHR Extension: (Satellite & Earth Maps) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejoikpaoingpnebdnolankempckocjbj [2019-12-15]
CHR Extension: (Google Docs Offline) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-04-21]
CHR Extension: (Cisco Webex Extension) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlhmfgmfgeifomenelglieieghnjghma [2020-04-24]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-10-03]
CHR Extension: (Gmail) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-04-23]
CHR Extension: (Chrome Media Router) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-04-22]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD External Events Utility; C:\WINDOWS\system32\atiesrxx.exe [239616 2013-09-11] (Microsoft Windows Hardware Compatibility Publisher -> AMD)
R2 Cachedrv server; C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe [109568 2013-09-26] () [File not signed]
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [10626648 2020-04-10] (Microsoft Corporation -> Microsoft Corporation)
S3 ClientAnalyticsService; C:\Program Files\Common Files\McAfee\ClientAnalytics\Legacy\McClientAnalytics.exe [1508656 2018-05-31] (McAfee, Inc. -> McAfee, Inc.)
R2 CyberLink PowerDVD 12 Media Server Monitor Service; c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe [77576 2013-08-12] (CyberLink Corp. -> CyberLink)
R2 CyberLink PowerDVD 12 Media Server Service; c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe [298760 2013-08-12] (CyberLink Corp. -> CyberLink)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [347512 2018-12-06] (HP Inc. -> HP Inc.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [6933272 2020-03-17] (Malwarebytes Inc -> Malwarebytes)
R2 McAPExe; C:\Program Files\Common Files\McAfee\VSCore_20_1\McApExe.exe [758864 2020-02-05] (McAfee, LLC. -> McAfee, LLC)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\3.4.105.0\\McCSPServiceHost.exe [2687856 2020-01-25] (McAfee, LLC. -> McAfee, LLC.)
S3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe [639048 2020-01-09] (McAfee, Inc. -> McAfee, LLC)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe [639048 2020-01-09] (McAfee, Inc. -> McAfee, LLC)
R3 mfevtp; C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe [639048 2020-01-09] (McAfee, Inc. -> McAfee, LLC)
R2 ModuleCoreService; C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe [1737992 2020-02-06] (McAfee, LLC -> McAfee, LLC.)
R2 omniserv; C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe [87552 2013-09-26] (Softex Inc.) [File not signed]
R2 PEFService; C:\Program Files\Common Files\McAfee\PEF\CORE\PEFService.exe [1373912 2020-02-04] (McAfee, LLC. -> McAfee, LLC.)
S3 QBFCService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [65536 2018-04-27] (Intuit Inc.) [File not signed]
R2 QBVSS; C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [1537536 2018-04-27] (Intuit Inc.) [File not signed]
R3 QuickBooksDB28; C:\Program Files (x86)\Intuit\QuickBooks 2018\QBDBMgrN.exe [133904 2020-04-22] (SAP -> SAP SE or an SAP affiliate company)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [289496 2013-08-23] (Realtek Semiconductor Corp -> Realtek Semiconductor)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-01-12] (Microsoft Corporation -> Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2017-01-12] (Microsoft Corporation -> Microsoft Corporation)
R2 WsAppService; C:\Program Files (x86)\Wondershare\WAF\2.4.3.228\WsAppService.exe [493280 2017-07-28] (Wondershare Technology Co.,Ltd -> Wondershare)
S3 WsDrvInst; C:\Program Files (x86)\Wondershare\MobileTrans\DriverInstall.exe [X]

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 amdkmdag; C:\WINDOWS\system32\DRIVERS\atikmdag.sys [12526592 2013-09-11] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.)
R3 amdkmdap; C:\WINDOWS\system32\DRIVERS\atikmpag.sys [619008 2013-09-11] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.)
R0 amdkmpfd; C:\WINDOWS\System32\drivers\amdkmpfd.sys [36096 2013-05-22] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
R3 athr; C:\WINDOWS\system32\DRIVERS\athwbx.sys [3859968 2013-08-15] (Microsoft Windows Hardware Compatibility Publisher -> Qualcomm Atheros Communications, Inc.)
S3 bcmfn2; C:\WINDOWS\System32\drivers\bcmfn2.sys [17624 2013-08-12] (Broadcom Corporation -> Windows (R) Win 7 DDK provider)
R3 cfwids; C:\WINDOWS\System32\drivers\cfwids.sys [75896 2020-01-15] (McAfee, Inc. -> McAfee, LLC)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131904 2018-12-12] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 HipShieldK; C:\WINDOWS\System32\drivers\HipShieldK.sys [217912 2019-06-04] (McAfee, LLC -> McAfee, Inc.)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [214496 2020-05-03] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248968 2020-05-03] (Malwarebytes Inc -> Malwarebytes)
R3 mfeaack; C:\WINDOWS\System32\drivers\mfeaack.sys [527272 2020-01-15] (McAfee, Inc. -> McAfee, LLC)
R3 mfeavfk; C:\WINDOWS\System32\drivers\mfeavfk.sys [380840 2020-01-15] (McAfee, Inc. -> McAfee, LLC)
S0 mfeelamk; C:\WINDOWS\System32\drivers\mfeelamk.sys [85920 2020-01-15] (Microsoft Windows Early Launch Anti-malware Publisher -> McAfee, LLC)
R3 mfefirek; C:\WINDOWS\System32\drivers\mfefirek.sys [521128 2020-01-15] (McAfee, Inc. -> McAfee, LLC)
R0 mfehidk; C:\WINDOWS\System32\drivers\mfehidk.sys [997800 2020-01-15] (McAfee, Inc. -> McAfee, LLC)
R3 mfencbdc; C:\WINDOWS\System32\DRIVERS\mfencbdc.sys [594360 2019-12-23] (McAfee, Inc. -> McAfee LLC.)
S3 mfencrk; C:\WINDOWS\System32\DRIVERS\mfencrk.sys [107960 2019-12-23] (McAfee, Inc. -> McAfee LLC.)
R3 mfeplk; C:\WINDOWS\System32\drivers\mfeplk.sys [116856 2020-01-15] (McAfee, Inc. -> McAfee, LLC)
R0 mfewfpk; C:\WINDOWS\System32\drivers\mfewfpk.sys [252328 2020-01-15] (McAfee, Inc. -> McAfee, LLC)
R3 npf; C:\WINDOWS\system32\drivers\npf.sys [36600 2018-01-31] (Riverbed Technology, Inc. -> Riverbed Technology, Inc.)
R3 RSP2STOR; C:\WINDOWS\system32\DRIVERS\RtsP2Stor.sys [290008 2013-07-05] (Realtek Semiconductor Corp -> Realtek Semiconductor Corp.)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [167232 2018-12-12] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [46600 2017-02-10] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [274776 2017-01-12] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [117592 2017-01-12] (Microsoft Windows -> Microsoft Corporation)
S3 mfeplk01; \Device\mfeplk01.sys [X]
S3 mfeplk02; \Device\mfeplk02.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ===================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-05-03 12:32 - 2020-05-03 12:34 - 000030486 _____ C:\Users\Daniel\Desktop\FRST.txt
2020-05-03 12:31 - 2020-05-03 12:33 - 000000000 ____D C:\FRST
2020-05-03 12:29 - 2020-05-03 12:29 - 000000944 _____ C:\Users\Daniel\Desktop\FRST64.exe - Shortcut.lnk
2020-05-03 12:25 - 2020-05-03 12:26 - 002283520 _____ (Farbar) C:\Users\Daniel\Desktop\FRST64.exe
2020-05-03 09:55 - 2020-05-03 09:55 - 000214496 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2020-05-03 09:54 - 2020-05-03 09:54 - 000248968 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2020-04-29 18:51 - 2018-06-22 17:08 - 000370424 _____ (Riverbed Technology, Inc.) C:\WINDOWS\system32\wpcap.dll
2020-04-29 18:51 - 2018-06-22 17:08 - 000282360 _____ (Riverbed Technology, Inc.) C:\WINDOWS\SysWOW64\wpcap.dll
2020-04-29 18:51 - 2018-06-22 17:08 - 000107768 _____ (Riverbed Technology, Inc.) C:\WINDOWS\system32\Packet.dll
2020-04-29 18:51 - 2018-06-22 17:08 - 000098040 _____ (Riverbed Technology, Inc.) C:\WINDOWS\SysWOW64\Packet.dll
2020-04-29 18:51 - 2018-01-31 12:16 - 000036600 _____ (Riverbed Technology, Inc.) C:\WINDOWS\system32\Drivers\npf.sys
2020-04-24 13:52 - 2020-04-24 15:19 - 000000000 __SHD C:\Users\Daniel\Documents\cache
2020-04-24 13:51 - 2020-05-01 10:40 - 000000000 ____D C:\Users\Daniel\AppData\Local\WebEx
2020-04-24 13:51 - 2020-04-24 13:51 - 003650688 _____ (Cisco Webex LLC) C:\Users\Daniel\Downloads\Cisco_WebEx_Add-On.exe
2020-04-24 13:51 - 2020-04-24 13:51 - 002920768 _____ (Cisco Webex LLC) C:\Users\Daniel\Downloads\,coloradoevents,159351289979894045,1513114671,EC,00639802,SDJTSwAAAARQfINvPVwDSxEkY7bEyfeIbXHltVF_EpThEKppl0l7eQ2,1_webex.exe
2020-04-24 13:51 - 2020-04-24 13:51 - 000000000 ____D C:\Users\Daniel\AppData\Roaming\Mozilla
2020-04-24 09:53 - 2020-04-24 09:53 - 000078168 _____ (Zoom Video Communications, Inc.) C:\Users\Daniel\Downloads\Zoom_a90e860ee85aa307 (1).exe
2020-04-24 09:39 - 2020-04-24 09:40 - 000078168 _____ (Zoom Video Communications, Inc.) C:\Users\Daniel\Downloads\Zoom_a90e860ee85aa307.exe
2020-04-22 12:20 - 2020-04-22 12:20 - 000078168 _____ (Zoom Video Communications, Inc.) C:\Users\Daniel\Downloads\Zoom_o42a8sofizku_7e0aee1f240f2478.exe
2020-04-22 12:19 - 2020-04-22 12:19 - 000078168 _____ (Zoom Video Communications, Inc.) C:\Users\Daniel\Downloads\Zoom_o42a8sofizku_562edd8281a19674 (1).exe
2020-04-22 12:01 - 2020-04-22 12:01 - 000078168 _____ (Zoom Video Communications, Inc.) C:\Users\Daniel\Downloads\Zoom_o42a8sofizku_562edd8281a19674.exe
2020-04-22 11:20 - 2020-04-22 11:20 - 000000000 ____D C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zoom
2020-04-22 11:15 - 2020-04-22 11:15 - 000777965 _____ C:\Users\Daniel\Downloads\Grand Foundation Electric Utility Grant App.pdf
2020-04-22 09:57 - 2020-04-22 09:58 - 000239199 _____ C:\Users\Daniel\Downloads\EDITEDJacksonCounty-SBGF-App-1.pdf
2020-04-16 11:47 - 2020-03-31 00:23 - 001368080 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2020-04-16 11:47 - 2020-03-30 23:57 - 007362512 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2020-04-16 11:47 - 2020-03-30 23:42 - 001737520 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2020-04-16 11:47 - 2020-03-30 22:49 - 001500888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2020-04-16 11:47 - 2020-03-30 22:47 - 025754624 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2020-04-16 11:47 - 2020-03-30 22:31 - 000060416 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf3216.dll
2020-04-16 11:47 - 2020-03-30 22:22 - 000580608 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2020-04-16 11:47 - 2020-03-30 22:11 - 000785920 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2020-04-16 11:47 - 2020-03-30 22:10 - 005499904 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2020-04-16 11:47 - 2020-03-30 22:08 - 020290048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2020-04-16 11:47 - 2020-03-30 21:59 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf3216.dll
2020-04-16 11:47 - 2020-03-30 21:52 - 000497152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2020-04-16 11:47 - 2020-03-30 21:43 - 000654848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2020-04-16 11:47 - 2020-03-30 21:42 - 001033216 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2020-04-16 11:47 - 2020-03-30 21:35 - 015468544 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2020-04-16 11:47 - 2020-03-30 21:34 - 000809472 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2020-04-16 11:47 - 2020-03-30 21:23 - 001756672 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2020-04-16 11:47 - 2020-03-30 21:22 - 000880640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2020-04-16 11:47 - 2020-03-30 21:20 - 004859392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2020-04-16 11:47 - 2020-03-30 21:20 - 004112384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2020-04-16 11:47 - 2020-03-30 21:19 - 001085440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2020-04-16 11:47 - 2020-03-30 21:17 - 000696320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2020-04-16 11:47 - 2020-03-30 21:14 - 013854720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2020-04-16 11:47 - 2020-03-30 21:10 - 001493504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2020-04-16 11:47 - 2020-03-30 21:09 - 001566720 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2020-04-16 11:47 - 2020-03-30 20:59 - 004387328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2020-04-16 11:47 - 2020-03-30 20:58 - 000800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2020-04-16 11:47 - 2020-03-30 20:56 - 001332224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2020-04-16 11:47 - 2020-03-30 20:54 - 000710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2020-04-16 11:47 - 2020-03-27 08:25 - 000035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\sxssrv.dll
2020-04-16 11:47 - 2020-03-27 06:41 - 001680896 _____ (Microsoft Corporation) C:\WINDOWS\system32\workfolderssvc.dll
2020-04-16 11:47 - 2020-03-23 18:29 - 000341504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll
2020-04-16 11:47 - 2020-03-18 23:26 - 000374008 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2020-04-16 11:47 - 2020-03-18 22:11 - 000316152 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2020-04-16 11:47 - 2020-03-18 21:53 - 000096768 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2020-04-16 11:47 - 2020-03-18 21:17 - 000078336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
2020-04-16 11:47 - 2020-03-11 18:40 - 001310720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjet40.dll
2020-04-16 11:47 - 2020-03-10 02:09 - 001764856 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2020-04-16 11:47 - 2020-03-10 01:57 - 001135904 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2020-04-16 11:47 - 2020-03-10 01:22 - 001489728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2020-04-16 11:47 - 2020-03-10 00:27 - 000860672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2020-04-16 11:47 - 2020-03-10 00:08 - 003727360 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSAT.exe
2020-04-16 11:47 - 2020-03-09 23:57 - 000083456 _____ (Microsoft Corporation) C:\WINDOWS\system32\umpo.dll
2020-04-16 11:47 - 2020-03-09 23:42 - 000452608 _____ (Microsoft Corporation) C:\WINDOWS\system32\ipnathlp.dll
2020-04-16 11:47 - 2020-03-07 23:20 - 000217400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Storage.ApplicationData.dll
2020-04-16 11:47 - 2020-03-07 22:31 - 000136816 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2020-04-16 11:47 - 2020-03-07 22:03 - 000955640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2020-04-16 11:47 - 2020-03-07 21:44 - 000166248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Storage.ApplicationData.dll
2020-04-16 11:47 - 2020-03-07 21:22 - 000788096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2020-04-16 11:47 - 2020-03-07 20:45 - 004168704 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2020-04-16 11:47 - 2020-03-07 20:03 - 001479680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsecedit.dll
2020-04-16 11:47 - 2020-03-07 19:39 - 001335808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsecedit.dll
2020-04-16 11:47 - 2020-03-07 19:39 - 000045056 _____ (Microsoft Corporation) C:\WINDOWS\system32\srumapi.dll
2020-04-16 11:47 - 2020-03-07 19:37 - 000274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\scecli.dll
2020-04-16 11:47 - 2020-03-07 19:33 - 000175104 _____ (Microsoft Corporation) C:\WINDOWS\system32\srumsvc.dll
2020-04-16 11:47 - 2020-03-07 19:29 - 003718144 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2020-04-16 11:47 - 2020-03-07 19:24 - 000606720 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2020-04-16 11:47 - 2020-03-07 19:23 - 000036352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srumapi.dll
2020-04-16 11:47 - 2020-03-07 19:21 - 000214528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scecli.dll
2020-04-16 11:47 - 2020-03-07 19:19 - 000150016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srumsvc.dll
2020-04-16 11:47 - 2020-03-07 17:25 - 000353792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd3x40.dll
2020-04-16 11:47 - 2020-03-07 17:25 - 000241152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msltus40.dll
2020-04-16 11:47 - 2020-02-13 02:01 - 000989648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2020-04-16 11:47 - 2020-02-08 14:03 - 000162416 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2020-04-16 11:47 - 2020-02-05 08:20 - 001717760 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2020-04-16 11:47 - 2020-02-05 08:20 - 000802816 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2020-04-16 11:47 - 2020-02-05 08:20 - 000738816 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2020-04-16 11:47 - 2020-02-05 08:20 - 000634368 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2020-04-16 11:47 - 2020-02-05 08:20 - 000505344 _____ (Microsoft Corporation) C:\WINDOWS\system32\centel.dll
2020-04-16 11:47 - 2020-02-05 08:20 - 000456704 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2020-04-16 11:47 - 2020-02-05 08:20 - 000315904 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2020-04-16 11:47 - 2020-02-05 08:20 - 000257024 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2020-04-16 11:15 - 2020-04-16 11:15 - 000323092 _____ C:\Users\Daniel\Downloads\Cratex Rubber Brochure.pdf
2020-04-16 11:14 - 2020-04-16 11:15 - 002014108 _____ C:\Users\Daniel\Downloads\Spedecut Catalog.pdf
2020-04-14 08:20 - 2020-04-14 08:20 - 000687256 _____ (HP Inc., LP) C:\WINDOWS\system32\HPWia2Drv.dll
2020-04-14 08:19 - 2020-04-14 08:19 - 004944424 _____ (HP Inc.) C:\WINDOWS\system32\HPScanTEDrv_x64.dll
2020-04-14 08:19 - 2020-04-14 08:19 - 003573320 _____ (HP Inc.) C:\WINDOWS\SysWOW64\HPScanTEDrv.dll
2020-04-14 08:19 - 2020-04-14 08:19 - 001354600 _____ (HP Inc.) C:\WINDOWS\system32\HPScanTEDrv_x64_DiscoveryLibDyn.dll
2020-04-14 08:19 - 2020-04-14 08:19 - 000989032 _____ (HP Inc.) C:\WINDOWS\SysWOW64\DiscoveryLibDyn.dll
2020-04-09 13:43 - 2020-04-09 13:43 - 000004974 _____ C:\Users\Daniel\Downloads\5b538b1717af4c76b1c795409b7390c8 (1).pdf
2020-04-09 13:38 - 2020-04-09 13:39 - 000004237 _____ C:\Users\Daniel\Downloads\5b538b1717af4c76b1c795409b7390c8.pdf
2020-04-06 15:02 - 2020-04-06 15:02 - 000364472 _____ (LogMeIn, Inc.) C:\Users\Daniel\Downloads\GoToMeeting Opener.exe

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-05-03 12:26 - 2018-03-22 19:16 - 000003596 _____ C:\WINDOWS\system32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-541829613-2727475704-1047741498-1001
2020-05-03 12:19 - 2018-03-21 18:07 - 000000000 ___DO C:\Users\Daniel\SkyDrive
2020-05-03 12:17 - 2014-07-02 23:15 - 000065536 _____ C:\WINDOWS\system32\spu_storage.bin
2020-05-03 12:00 - 2018-03-21 18:06 - 000003922 _____ C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{75B7D421-5167-49AC-A59C-D7F49F36E418}
2020-05-03 11:36 - 2020-03-23 11:54 - 000000558 _____ C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-541829613-2727475704-1047741498-1001.job
2020-05-03 10:45 - 2018-03-23 12:46 - 000000000 ____D C:\WINDOWS\system32\Tasks\McAfee
2020-05-03 10:38 - 2018-11-10 16:01 - 000000000 ____D C:\Users\Daniel\AppData\Local\Spotify
2020-05-03 10:38 - 2018-11-10 16:00 - 000000000 ____D C:\Users\Daniel\AppData\Roaming\Spotify
2020-05-03 09:54 - 2013-08-22 08:45 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2020-05-03 09:53 - 2013-08-22 07:25 - 000262144 ___SH C:\WINDOWS\system32\config\BBI
2020-05-03 09:51 - 2018-06-27 14:10 - 000000090 _____ C:\WINDOWS\QBChanUtil_Trigger.ini
2020-05-03 09:44 - 2013-08-22 07:36 - 000000000 ____D C:\WINDOWS\Inf
2020-05-03 09:41 - 2013-08-22 07:25 - 000262144 ___SH C:\WINDOWS\system32\config\ELAM
2020-05-01 21:28 - 2013-08-22 09:20 - 000000000 ____D C:\WINDOWS\CbsTemp
2020-05-01 14:55 - 2018-03-22 19:19 - 000002251 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2020-05-01 14:55 - 2018-03-22 19:19 - 000002210 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2020-05-01 14:55 - 2018-03-22 19:19 - 000002210 _____ C:\ProgramData\Desktop\Google Chrome.lnk
2020-05-01 10:32 - 2018-07-27 15:28 - 000000000 ____D C:\Program Files (x86)\Brother
2020-04-24 15:38 - 2018-03-21 18:05 - 000000000 ____D C:\Users\Daniel\AppData\Local\Packages
2020-04-24 15:24 - 2019-04-24 11:20 - 000000000 ____D C:\Users\Daniel\Documents\Danny
2020-04-24 09:43 - 2019-07-27 10:45 - 000153312 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2020-04-22 11:20 - 2020-04-01 10:20 - 000000000 ____D C:\Users\Daniel\AppData\Roaming\Zoom
2020-04-21 10:46 - 2013-08-22 09:36 - 000000000 ____D C:\WINDOWS\rescache
2020-04-21 09:50 - 2013-08-22 09:36 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2020-04-21 09:47 - 2014-07-02 23:52 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2020-04-18 12:57 - 2013-08-22 08:44 - 000512336 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2020-04-18 12:49 - 2018-04-02 01:21 - 000000000 ___SD C:\WINDOWS\system32\CompatTel
2020-04-15 09:45 - 2018-06-24 11:18 - 000003172 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-541829613-2727475704-1047741498-1001
2020-04-15 09:44 - 2019-05-12 11:47 - 000002345 _____ C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive for Business.lnk
2020-04-07 14:38 - 2020-03-23 11:54 - 000003652 _____ C:\WINDOWS\system32\Tasks\G2MUploadTask-S-1-5-21-541829613-2727475704-1047741498-1001
2020-04-07 14:38 - 2020-03-23 11:54 - 000003556 _____ C:\WINDOWS\system32\Tasks\G2MUpdateTask-S-1-5-21-541829613-2727475704-1047741498-1001
2020-04-07 14:38 - 2020-03-23 11:54 - 000000654 _____ C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-541829613-2727475704-1047741498-1001.job
2020-04-07 14:38 - 2020-03-23 11:54 - 000000000 ____D C:\Users\Daniel\AppData\Local\GoToMeeting

==================== Files in the root of some directories ========

2018-06-29 12:48 - 2018-06-29 12:49 - 000053498 _____ () C:\Users\Daniel\AppData\Roaming\QBFileDrTool.log
2018-06-29 13:11 - 2019-05-18 15:16 - 000483992 _____ () C:\Users\Daniel\AppData\Roaming\QBFileDrTool_HOMEPC.log
2019-05-04 15:53 - 2019-06-04 12:12 - 000344220 _____ () C:\Users\Daniel\AppData\Local\ars.cache
2019-05-04 15:54 - 2019-06-04 12:13 - 000951294 _____ () C:\Users\Daniel\AppData\Local\census.cache
2019-05-04 15:17 - 2019-05-04 15:17 - 000000036 _____ () C:\Users\Daniel\AppData\Local\housecall.guid.cache
2019-09-27 11:57 - 2019-09-27 11:57 - 000007607 _____ () C:\Users\Daniel\AppData\Local\Resmon.ResmonCfg
2019-05-04 15:24 - 2019-06-04 10:08 - 000000010 _____ () C:\Users\Daniel\AppData\Local\sponge.last.runtime.cache

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)


LastRegBack: 2020-05-01 11:43
==================== End of FRST.txt ========================
Attached Files
File Type: txt Addition.txt (67.0 KB, 8 views)
dem66 is offline   Reply With Quote
Sponsored Links
Advertisement
 
Old 05-04-2020, 04:04 AM   #2
Moderator
Security Team
 
Gary R's Avatar
 
Join Date: Jul 2008
Location: Yorkshire
Posts: 662
OS: W8.1 x64, Mint Cinnamon 19.2 x64, MX Linux x64



My initial impression is that this does not sound like a problem caused by Malware, but I'll look though your FRST logs, and get back to you as soon as I've finished.
__________________
Gary R is offline   Reply With Quote
Old 05-04-2020, 05:18 AM   #3
Moderator
Security Team
 
Gary R's Avatar
 
Join Date: Jul 2008
Location: Yorkshire
Posts: 662
OS: W8.1 x64, Mint Cinnamon 19.2 x64, MX Linux x64



No obvious signs of an active Malware infection in your logs, however there are a few things need attention, and a few files I'd like to scan to check they're OK.

First ...

Please uninstall the following Chrome Extensions ....

Quote:
Satellite & Earth Maps ejoikpaoingpnebdnolankempckocjbj
Chrome Web Store Payments nmmhkkegccagdldgiimedpiccmgmieda
Chrome Media Router pkedcjkdefgpdelpbcmbmeomcjbeemfm
https://www.timeatlas.com/uninstall-chrome-extensions/

Next ...
  • Start FRST in a similar manner to when you ran a scan earlier, but this time when it opens ....
  • Press Ctrl+y (Ctrl and y keys at the same time)
  • A blank randomly named .txt Notepad file will open.
  • Copy and paste the following into it ....
Code:
CreateRestorePoint:
VirusTotal: C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe;C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe;C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe;C:\Program Files\Hewlett-Packard\SimplePass\OmniPassCredProv.dll
URLSearchHook: [S-1-5-21-541829613-2727475704-1047741498-1004] ATTENTION => Default URLSearchHook is missing
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\S-1-5-21-541829613-2727475704-1047741498-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\S-1-5-21-541829613-2727475704-1047741498-1004 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
S3 mfeplk01; \Device\mfeplk01.sys [X]
S3 mfeplk02; \Device\mfeplk02.sys [X]
FirewallRules: [{AA373C9C-3B2F-4D3F-BE9C-C73F1CAFB629}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\HPConnectedMusic.exe No File
FirewallRules: [{EEA7A25D-8F33-47F8-8EA1-51CEE74C7F6F}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\HPConnectedMusic.exe No File
FirewallRules: [{7ADF3509-C3C7-40DD-AB5F-7662955452ED}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\spotify_helper.exe No File
FirewallRules: [{42DA86DC-894D-47DE-8B62-B4599E01BBBD}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\spotify_helper.exe No File
FirewallRules: [{6A6080EC-311B-4B21-8CA1-92B7928F1BB4}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe No File
FirewallRules: [{A319ED43-4805-4D58-8E2D-A876F108C67C}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe No File
FirewallRules: [{FA1C78B8-6B1D-420D-B51E-E4E9A06DA003}] => (Allow) C:\Users\Daniel\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe No File
FirewallRules: [{560E5C54-E798-43BB-A445-42B6345F78D7}] => (Allow) C:\Users\Daniel\AppData\Local\Temp\HouseCall\tmase\nmap\nmap.exe No File
FirewallRules: [{820C0B00-536E-4255-98D2-D0247D9FEC25}] => (Allow) C:\Users\Daniel\AppData\Local\Temp\HouseCall\tmase\nmap\bonjour.exe No File
FirewallRules: [{92614732-E085-4442-A77F-2FEAD1222EC8}] => (Allow) C:\Users\Daniel\AppData\Local\Temp\HouseCall\tmase\nmap\nmap.exe No File
FirewallRules: [{D19487CF-FA4C-4331-92EB-5C7C9C0CA0A7}] => (Allow) C:\Users\Daniel\AppData\Local\Temp\HouseCall\tmase\nmap\bonjour.exe No File
FirewallRules: [{67D0BA9D-DE4F-4E7E-A181-63A0C77EE394}] => (Allow) C:\Users\Daniel\AppData\Local\Temp\HouseCall\tmase\nmap\nmap.exe No File
FirewallRules: [{58D1934C-2908-45EA-8ECA-6F11ED77E7D7}] => (Allow) C:\Users\Daniel\AppData\Local\Temp\HouseCall\tmase\nmap\bonjour.exe No File
FirewallRules: [{E48BA123-BAC9-40AB-8486-6067167C30F2}] => (Allow) C:\Users\Daniel\AppData\Local\Temp\7zS0E30\HP.EasyStart.exe No File
FirewallRules: [{B2EFEC07-67CE-4690-8B69-BE10E9077B3B}] => (Allow) C:\Users\Daniel\AppData\Local\Temp\7zS2524\HPDiagnosticCoreUI.exe No File
FirewallRules: [{AC35289C-0F96-4AC9-A1F0-CC45FDAF36F0}] => (Allow) C:\Users\Daniel\AppData\Local\Temp\7zS2524\HPDiagnosticCoreUI.exe No File
FirewallRules: [{19C98486-A7F1-4A75-A248-3D29F61D9FCF}] => (Allow) C:\Users\Daniel\AppData\Local\Temp\7zS2C80\HPDiagnosticCoreUI.exe No File
FirewallRules: [{DB2F31A5-A10B-4E9E-B7E3-38C3BFA6F9D9}] => (Allow) C:\Users\Daniel\AppData\Local\Temp\7zS2C80\HPDiagnosticCoreUI.exe No File
FirewallRules: [{1488DA0A-5446-4C8F-8C99-6579EAB1ECEE}] => (Allow) C:\Users\Daniel\AppData\Local\Temp\7zS4D2E\HPDiagnosticCoreUI.exe No File
FirewallRules: [{7CE0ED4C-76BA-4EC4-A43A-55F8765D239D}] => (Allow) C:\Users\Daniel\AppData\Local\Temp\7zS4D2E\HPDiagnosticCoreUI.exe No File
FirewallRules: [{C0E234E7-9316-450A-8D44-6B6E42AB8BF8}] => (Allow) C:\Users\Daniel\AppData\Local\Temp\7zS5C18\HP.EasyStart.exe No File
FirewallRules: [{C9C78473-FE54-48D1-A29C-C443D24FC052}] => (Allow) C:\Users\Daniel\AppData\Roaming\Zoom\bin\airhost.exe No File
EmptyTemp:
Hosts:
cmd: ipconfig /flushdns
  • Press Ctrl+s to save fixlist.txt
NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system
  • Now press the Fix button once and wait.
  • FRST will process fixlist.txt
  • When finished, it will produce a log fixlog.txt in the same folder/directory as FRST64.exe
  • Please post me the log

Question 1 ... did you install McAffee yourself, or did it come pre-installed with your computer ?

Question 2 ... any improvement in your Computer ?
__________________
Gary R is offline   Reply With Quote
Sponsored Links
Advertisement
 
Old 05-05-2020, 08:58 AM   #4
Registered Member
 
Join Date: Jan 2005
Location: Colorado
Posts: 56
OS: Windows 8.1



Thank you so much for helping me. Here is my fixlog.txt:

Fix result of Farbar Recovery Scan Tool (x64) Version: 03-05-2020
Ran by Daniel (05-05-2020 09:53:03) Run:1
Running from C:\Users\Daniel\Desktop
Loaded Profiles: Daniel & QBDataServiceUser28 (Available Profiles: Daniel & QBDataServiceUser28)
Boot Mode: Normal
==============================================

fixlist content:
*****************

*****************


==== End of Fixlog 09:53:03 ====

I uninstalled the extensions you asked me to. I can't remember if McAffee was pre-installed or not but I know we just renewed our subscription recently. There has been no improvements to this computer.

Thanks Again.
dem66 is offline   Reply With Quote
Old 05-05-2020, 02:01 PM   #5
Moderator
Security Team
 
Gary R's Avatar
 
Join Date: Jul 2008
Location: Yorkshire
Posts: 662
OS: W8.1 x64, Mint Cinnamon 19.2 x64, MX Linux x64



Your fixlog shows that you did not copy/paste the fixlist I gave you.

Please try again, following the instructions that I gave you in my last post closely.

If you're still unable to run the fix, please let me know and I'll give you an alternate method to achieve the same thing.
__________________
Gary R is offline   Reply With Quote
Old 05-06-2020, 09:22 AM   #6
Registered Member
 
Join Date: Jan 2005
Location: Colorado
Posts: 56
OS: Windows 8.1



Sorry not sure what happened the first time here is the log:

Fix result of Farbar Recovery Scan Tool (x64) Version: 03-05-2020
Ran by Daniel (06-05-2020 10:08:59) Run:5
Running from C:\Users\Daniel\Desktop
Loaded Profiles: Daniel & QBDataServiceUser28 (Available Profiles: Daniel & QBDataServiceUser28)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:
VirusTotal: C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe;C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe;C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe;C:\Program Files\Hewlett-Packard\SimplePass\OmniPassCredProv.dll
URLSearchHook: [S-1-5-21-541829613-2727475704-1047741498-1004] ATTENTION => Default URLSearchHook is missing
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\S-1-5-21-541829613-2727475704-1047741498-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\S-1-5-21-541829613-2727475704-1047741498-1004 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
S3 mfeplk01; \Device\mfeplk01.sys [X]
S3 mfeplk02; \Device\mfeplk02.sys [X]
FirewallRules: [{AA373C9C-3B2F-4D3F-BE9C-C73F1CAFB629}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\HPConnectedMusic.exe No File
FirewallRules: [{EEA7A25D-8F33-47F8-8EA1-51CEE74C7F6F}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\HPConnectedMusic.exe No File
FirewallRules: [{7ADF3509-C3C7-40DD-AB5F-7662955452ED}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\spotify_helper.exe No File
FirewallRules: [{42DA86DC-894D-47DE-8B62-B4599E01BBBD}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\spotify_helper.exe No File
FirewallRules: [{6A6080EC-311B-4B21-8CA1-92B7928F1BB4}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe No File
FirewallRules: [{A319ED43-4805-4D58-8E2D-A876F108C67C}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe No File
FirewallRules: [{FA1C78B8-6B1D-420D-B51E-E4E9A06DA003}] => (Allow) C:\Users\Daniel\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe No File
FirewallRules: [{560E5C54-E798-43BB-A445-42B6345F78D7}] => (Allow) C:\Users\Daniel\AppData\Local\Temp\HouseCall\tmase\nmap\nmap.exe No File
FirewallRules: [{820C0B00-536E-4255-98D2-D0247D9FEC25}] => (Allow) C:\Users\Daniel\AppData\Local\Temp\HouseCall\tmase\nmap\bonjour.exe No File
FirewallRules: [{92614732-E085-4442-A77F-2FEAD1222EC8}] => (Allow) C:\Users\Daniel\AppData\Local\Temp\HouseCall\tmase\nmap\nmap.exe No File
FirewallRules: [{D19487CF-FA4C-4331-92EB-5C7C9C0CA0A7}] => (Allow) C:\Users\Daniel\AppData\Local\Temp\HouseCall\tmase\nmap\bonjour.exe No File
FirewallRules: [{67D0BA9D-DE4F-4E7E-A181-63A0C77EE394}] => (Allow) C:\Users\Daniel\AppData\Local\Temp\HouseCall\tmase\nmap\nmap.exe No File
FirewallRules: [{58D1934C-2908-45EA-8ECA-6F11ED77E7D7}] => (Allow) C:\Users\Daniel\AppData\Local\Temp\HouseCall\tmase\nmap\bonjour.exe No File
FirewallRules: [{E48BA123-BAC9-40AB-8486-6067167C30F2}] => (Allow) C:\Users\Daniel\AppData\Local\Temp\7zS0E30\HP.EasyStart.exe No File
FirewallRules: [{B2EFEC07-67CE-4690-8B69-BE10E9077B3B}] => (Allow) C:\Users\Daniel\AppData\Local\Temp\7zS2524\HPDiagnosticCoreUI.exe No File
FirewallRules: [{AC35289C-0F96-4AC9-A1F0-CC45FDAF36F0}] => (Allow) C:\Users\Daniel\AppData\Local\Temp\7zS2524\HPDiagnosticCoreUI.exe No File
FirewallRules: [{19C98486-A7F1-4A75-A248-3D29F61D9FCF}] => (Allow) C:\Users\Daniel\AppData\Local\Temp\7zS2C80\HPDiagnosticCoreUI.exe No File
FirewallRules: [{DB2F31A5-A10B-4E9E-B7E3-38C3BFA6F9D9}] => (Allow) C:\Users\Daniel\AppData\Local\Temp\7zS2C80\HPDiagnosticCoreUI.exe No File
FirewallRules: [{1488DA0A-5446-4C8F-8C99-6579EAB1ECEE}] => (Allow) C:\Users\Daniel\AppData\Local\Temp\7zS4D2E\HPDiagnosticCoreUI.exe No File
FirewallRules: [{7CE0ED4C-76BA-4EC4-A43A-55F8765D239D}] => (Allow) C:\Users\Daniel\AppData\Local\Temp\7zS4D2E\HPDiagnosticCoreUI.exe No File
FirewallRules: [{C0E234E7-9316-450A-8D44-6B6E42AB8BF8}] => (Allow) C:\Users\Daniel\AppData\Local\Temp\7zS5C18\HP.EasyStart.exe No File
FirewallRules: [{C9C78473-FE54-48D1-A29C-C443D24FC052}] => (Allow) C:\Users\Daniel\AppData\Roaming\Zoom\bin\airhost.exe No File
EmptyTemp:
Hosts:
cmd: ipconfig /flushdns
*****************

Restore point was successfully created.
VirusTotal: C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe => https://www.virustotal.com/file/6960...is/1518509222/
VirusTotal: C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe => https://www.virustotal.com/file/8717...is/1518509522/
VirusTotal: C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe => https://www.virustotal.com/file/550d...is/1587547067/
VirusTotal: C:\Program Files\Hewlett-Packard\SimplePass\OmniPassCredProv.dll => https://www.virustotal.com/file/ef7b...is/1459357667/
Could not restore Default URLSearchHook.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC} => not found
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC} => not found
HKU\S-1-5-21-541829613-2727475704-1047741498-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC} => not found
HKU\S-1-5-21-541829613-2727475704-1047741498-1004\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC} => not found
mfeplk01 => service not found.
mfeplk02 => service not found.
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{AA373C9C-3B2F-4D3F-BE9C-C73F1CAFB629}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{EEA7A25D-8F33-47F8-8EA1-51CEE74C7F6F}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{7ADF3509-C3C7-40DD-AB5F-7662955452ED}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{42DA86DC-894D-47DE-8B62-B4599E01BBBD}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{6A6080EC-311B-4B21-8CA1-92B7928F1BB4}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{A319ED43-4805-4D58-8E2D-A876F108C67C}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{FA1C78B8-6B1D-420D-B51E-E4E9A06DA003}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{560E5C54-E798-43BB-A445-42B6345F78D7}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{820C0B00-536E-4255-98D2-D0247D9FEC25}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{92614732-E085-4442-A77F-2FEAD1222EC8}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{D19487CF-FA4C-4331-92EB-5C7C9C0CA0A7}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{67D0BA9D-DE4F-4E7E-A181-63A0C77EE394}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{58D1934C-2908-45EA-8ECA-6F11ED77E7D7}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{E48BA123-BAC9-40AB-8486-6067167C30F2}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{B2EFEC07-67CE-4690-8B69-BE10E9077B3B}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{AC35289C-0F96-4AC9-A1F0-CC45FDAF36F0}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{19C98486-A7F1-4A75-A248-3D29F61D9FCF}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{DB2F31A5-A10B-4E9E-B7E3-38C3BFA6F9D9}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{1488DA0A-5446-4C8F-8C99-6579EAB1ECEE}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{7CE0ED4C-76BA-4EC4-A43A-55F8765D239D}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C0E234E7-9316-450A-8D44-6B6E42AB8BF8}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C9C78473-FE54-48D1-A29C-C443D24FC052}" => not found
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

========= ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========


=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 1055400 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 270916041 B
Edge => 0 B
Chrome => 858275096 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 3303710 B
systemprofile32 => 3304311 B
LocalService => 3832514 B
NetworkService => 3836132 B
Daniel => 96891385 B
QBDataServiceUser28 => 96891385 B

RecycleBin => 4460204 B
EmptyTemp: => 1.3 GB temporary data Removed.

================================


The system needed a reboot.
dem66 is offline   Reply With Quote
Old 05-06-2020, 02:31 PM   #7
Moderator
Security Team
 
Gary R's Avatar
 
Join Date: Jul 2008
Location: Yorkshire
Posts: 662
OS: W8.1 x64, Mint Cinnamon 19.2 x64, MX Linux x64



OK, as I expected, the unsigned files I scripted to scan at VirusTotal came back clean, so I'd now like to run an online scan of your whole machine, to ensure I didn't miss anything in your FRST logs, and so that we can eliminate Malware as being the source of your problems.

Once we've done that (or not, dependant on the scan results) we can try a few other things to see if we can find the source of your problems.

Download ESET Online Scanner and save it to your desktop.
  • Right-click on esetonlinescanner_enu.exe and select Run as Administrator.
  • When the tool opens, click Get Started.
  • Read and accept the license agreement.
  • At the Welcome to ESET Online Scanner window, click Get Started.
  • Select whether you would like to send anonymous data to ESET.
  • Note: if you see the "Welcome Back to ESET Online Scanner" screen, click Computer Scan > Full Scan.
  • Click on the Full Scan option.
  • Select Enable ESET to detect and remove potentially unwanted applications, then click Start scan.
  • ESET will now begin scanning your computer. This may take some time.
  • When the scan is finished and if threats have been detected, select Save scan log. Save it to your desktop as eset.txt. Click on Continue.
  • ESET Online Scanner may ask if you'd like to turn on the Periodic Scan feature. Click on Continue.
  • On the next screen, you can leave feedback about the program if you wish. Check the box for Delete application data on closing. If you left feedback, click Submit and continue. If not, Close without feedback.
  • Open the scan log on your desktop (eset.txt) and copy and paste its contents into your next reply.
__________________
Gary R is offline   Reply With Quote
Old 05-08-2020, 08:51 AM   #8
Registered Member
 
Join Date: Jan 2005
Location: Colorado
Posts: 56
OS: Windows 8.1



No threats were found.
dem66 is offline   Reply With Quote
Old 05-08-2020, 01:41 PM   #9
Moderator
Security Team
 
Gary R's Avatar
 
Join Date: Jul 2008
Location: Yorkshire
Posts: 662
OS: W8.1 x64, Mint Cinnamon 19.2 x64, MX Linux x64



OK, well the next thing is to check your Windows System Files for corruption ?

Please do the following ...
  • Start FRST in a similar manner to when you ran a scan earlier, but this time when it opens ....
  • Press Ctrl+y (Ctrl and y keys at the same time)
  • A blank randomly named .txt Notepad file will open.
  • Copy and paste the following into it ....
Code:
CMD: DISM.exe /Online /Cleanup-image /Restorehealth
  • Press Ctrl+s to save fixlist.txt
NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system
  • Now press the Fix button once and wait.
  • FRST will process fixlist.txt and run a system file scan using Deployment Image Servicing and Management (DISM) tool, repairing any corrupted files it finds. This uses Windows Update Client, so dependant on your processor, and connection speed, this may take some time to complete (on my machine it took just over half an hour).
  • When finished, it will produce a log fixlog.txt in the same folder/directory as FRST64.exe
  • Please post me the log

Also, please let me know if this has any effect on your problems.
__________________
Gary R is offline   Reply With Quote
Old 05-10-2020, 05:07 PM   #10
Registered Member
 
Join Date: Jan 2005
Location: Colorado
Posts: 56
OS: Windows 8.1



I will let you know in the next few days if there has been any improvement in my computer.

Fix result of Farbar Recovery Scan Tool (x64) Version: 10-05-2020 03
Ran by Daniel (10-05-2020 09:55:42) Run:7
Running from C:\Users\Daniel\Desktop
Loaded Profiles: Daniel & QBDataServiceUser28
Boot Mode: Normal
==============================================

fixlist content:
*****************
CMD: DISM.exe /Online /Cleanup-image /Restorehealth
*****************


========= DISM.exe /Online /Cleanup-image /Restorehealth =========


Deployment Image Servicing and Management tool
Version: 6.3.9600.19408

Image Version: 6.3.9600.19397

The restore operation completed successfully. The component store corruption was repaired.
The operation completed successfully.

========= End of CMD: =========


==== End of Fixlog 11:08:09 ====
dem66 is offline   Reply With Quote
Old 05-10-2020, 09:37 PM   #11
Moderator
Security Team
 
Gary R's Avatar
 
Join Date: Jul 2008
Location: Yorkshire
Posts: 662
OS: W8.1 x64, Mint Cinnamon 19.2 x64, MX Linux x64



OK, please let me know how things are as soon as you're able to, if haven't heard back from you by Thursday I'll presume things are OK, and close the topic.
__________________
Gary R is offline   Reply With Quote
Old 05-11-2020, 11:17 AM   #12
Registered Member
 
Join Date: Jan 2005
Location: Colorado
Posts: 56
OS: Windows 8.1



My computer seemed to be behaving better this morning except for it still has the issue with Google Chrome. I started my computer up and started Google Chrome and was also using Quickbooks. When I got done I closed Quickbooks and Google Chrome. I decided to try to open Google Chrome to see if it would re-open (this is one of the issues I was having it would not re-open with out re-starting the computer) it did not open. I had to shutdown the computer and re-start it for it to open.

Also when I shut down my computer it says "This App is preventing Windows from shutting down" (paraphrased) I don't recognize the App the thumbnail is too small too read. So I have to say shut down anyway.
dem66 is offline   Reply With Quote
Old 05-11-2020, 02:13 PM   #13
Moderator
Security Team
 
Gary R's Avatar
 
Join Date: Jul 2008
Location: Yorkshire
Posts: 662
OS: W8.1 x64, Mint Cinnamon 19.2 x64, MX Linux x64



OK, first thing to try is to uninstall Google Chrome, and then re-install a new clean copy.

So Uninstall Chrome using the instructions posted HERE

Please ensure you select the option to Also delete your browsing data as this will delete your current User Profile, which is where most Chrome problems tend to be located.

Once you've uninstalled Chrome ... restart your computer (it's important you do this)

Now install a new clean copy of Chrome

Please let me know if your problems are still present.
__________________
Gary R is offline   Reply With Quote
Old 05-13-2020, 11:28 AM   #14
Registered Member
 
Join Date: Jan 2005
Location: Colorado
Posts: 56
OS: Windows 8.1



Ok I installed a clean version of Chrome. I will have to try it out for a few days and then I will report back.

Thank you.
dem66 is offline   Reply With Quote
Old 05-13-2020, 11:31 AM   #15
Moderator
Security Team
 
Gary R's Avatar
 
Join Date: Jul 2008
Location: Yorkshire
Posts: 662
OS: W8.1 x64, Mint Cinnamon 19.2 x64, MX Linux x64



OK, talk to you then.
__________________
Gary R is offline   Reply With Quote
Old 05-14-2020, 11:39 AM   #16
Registered Member
 
Join Date: Jan 2005
Location: Colorado
Posts: 56
OS: Windows 8.1



I followed your instructions on uninstalling Chrome and Browsing Data and re-installing a clean version of Chrome. I still have the same issue where I will be using Chrome and then close it and if I try to reopen it it wont open. Then I have to restart my computer to get Chrome to reopen. This does not happen every time but often.

When I restarted my computer this time it came up with an error window saying Windows would have to restart. I couldn't get the error written down fast enough but it said something like "Page Fault in non Paged Area".

Could I have issues with my operating system?
dem66 is offline   Reply With Quote
Old 05-14-2020, 02:35 PM   #17
Moderator
Security Team
 
Gary R's Avatar
 
Join Date: Jul 2008
Location: Yorkshire
Posts: 662
OS: W8.1 x64, Mint Cinnamon 19.2 x64, MX Linux x64



OK, let's have another check of your system files, I know this seems like duplication of effort since we've already checked them with DISM, but sometimes a different tool finds and fixes different things, so this time we're going to use SFC (system file check).

So ....
  • Start FRST in a similar manner to when you ran a scan earlier, but this time when it opens ....
  • Press Ctrl+y (Ctrl and y keys at the same time)
  • A blank randomly named .txt Notepad file will open.
  • Copy and paste the following into it ....
Code:
CMD: sfc /scannow
  • Press Ctrl+s to save fixlist.txt
NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system
  • Now press the Fix button once and wait.
  • FRST will process fixlist.txt and will check your system files for errors and fix them if it can. This can take some time.
  • When finished, it will produce a log fixlog.txt in the same folder/directory as FRST64.exe
  • Please post me the log



Check to see if that improves things at all ....
  • If it does, please let me know.
  • If it does not (and only if it does not) please follow the instructions below.


  • Start FRST in a similar manner to when you ran a scan earlier, but this time when it opens ....
  • Press Ctrl+y (Ctrl and y keys at the same time)
  • A blank randomly named .txt Notepad file will open.
  • Copy and paste the following into it ....
Code:
SystemRestore: On
CreateRestorePoint:
CMD: ECHO Y|CHKDSK C: /F
Reboot:
  • Press Ctrl+s to save fixlist.txt
NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system
  • Now press the Fix button once and wait.
  • FRST will process fixlist.txt and will reboot your computer. When it restarts it will check your hard drive for errors and fix any it finds. Dependant on the size of your hard drive, and the speed of your processor, and the amount of damage found, this can take quite a while, sometimes hours.
  • When finished, it will produce a log fixlog.txt in the same folder/directory as FRST64.exe
  • Please post me the log, and let me know if you are still experiencing problems.
__________________
Gary R is offline   Reply With Quote
Old 05-15-2020, 09:31 AM   #18
Registered Member
 
Join Date: Jan 2005
Location: Colorado
Posts: 56
OS: Windows 8.1



I followed the first part of the instructions and have posted the log below. It looks like it did not work correctly. I have FRST64.exe and a short cut for FRST64.exe on my Desktop (I am not sure why). I ran the FRST64.exe first and followed the instructions (I did cliick CTRL s) and when I clicked fix it said it could not find fixlist.txt. So I closed all the windows and ran the shot cut for FRST64.exe and it produced the following results:

Fix result of Farbar Recovery Scan Tool (x64) Version: 13-05-2020 01
Ran by Daniel (15-05-2020 10:15:40) Run:8
Running from C:\Users\Daniel\Desktop
Loaded Profiles: Daniel & QBDataServiceUser28
Boot Mode: Normal
==============================================

fixlist content:
*****************
CMD: sfc /scannow
*****************


========= sfc /scannow =========



Beginning system scan. This process will take some time.


Another servicing or repair operation is currently running.

Wait for this to finish and run sfc again.


========= End of CMD: =========


==== End of Fixlog 10:16:12 ====

Thank you.
dem66 is offline   Reply With Quote
Old 05-15-2020, 12:24 PM   #19
Moderator
Security Team
 
Gary R's Avatar
 
Join Date: Jul 2008
Location: Yorkshire
Posts: 662
OS: W8.1 x64, Mint Cinnamon 19.2 x64, MX Linux x64



OK, please reboot your computer, and then try running the first fix (the sfc /scannow) again.

Let me know if there are any problems.
__________________
Gary R is offline   Reply With Quote
Old 05-16-2020, 09:35 AM   #20
Registered Member
 
Join Date: Jan 2005
Location: Colorado
Posts: 56
OS: Windows 8.1



Ok here is the log I will see if there is any improvement:

Fix result of Farbar Recovery Scan Tool (x64) Version: 13-05-2020 01
Ran by Daniel (16-05-2020 09:51:12) Run:9
Running from C:\Users\Daniel\Desktop
Loaded Profiles: Daniel & QBDataServiceUser28
Boot Mode: Normal
==============================================

fixlist content:
*****************
CMD: sfc /scannow
*****************


========= sfc /scannow =========



Beginning system scan. This process will take some time.



Beginning verification phase of system scan.

Verification 0% complete.Verification 0% complete.Verification 1% complete.Verification 1% complete.Verification 1% complete.Verification 2% complete.Verification 2% complete.Verification 2% complete.Verification 3% complete.Verification 3% complete.Verification 4% complete.Verification 4% complete.Verification 4% complete.Verification 5% complete.Verification 5% complete.Verification 5% complete.Verification 6% complete.Verification 6% complete.Verification 7% complete.Verification 7% complete.Verification 7% complete.Verification 8% complete.Verification 8% complete.Verification 8% complete.Verification 9% complete.Verification 9% complete.Verification 9% complete.Verification 10% complete.Verification 10% complete.Verification 11% complete.Verification 11% complete.Verification 11% complete.Verification 12% complete.Verification 12% complete.Verification 12% complete.Verification 13% complete.Verification 13% complete.Verification 14% complete.Verification 14% complete.Verification 14% complete.Verification 15% complete.Verification 15% complete.Verification 15% complete.Verification 16% complete.Verification 16% complete.Verification 17% complete.Verification 17% complete.Verification 17% complete.Verification 18% complete.Verification 18% complete.Verification 18% complete.Verification 19% complete.Verification 19% complete.Verification 19% complete.Verification 20% complete.Verification 20% complete.Verification 21% complete.Verification 21% complete.Verification 21% complete.Verification 22% complete.Verification 22% complete.Verification 22% complete.Verification 23% complete.Verification 23% complete.Verification 24% complete.Verification 24% complete.Verification 24% complete.Verification 25% complete.Verification 25% complete.Verification 25% complete.Verification 26% complete.Verification 26% complete.Verification 26% complete.Verification 27% complete.Verification 27% complete.Verification 28% complete.Verification 28% complete.Verification 28% complete.Verification 29% complete.Verification 29% complete.Verification 29% complete.Verification 30% complete.Verification 30% complete.Verification 31% complete.Verification 31% complete.Verification 31% complete.Verification 32% complete.Verification 32% complete.Verification 32% complete.Verification 33% complete.Verification 33% complete.Verification 34% complete.Verification 34% complete.Verification 34% complete.Verification 35% complete.Verification 35% complete.Verification 35% complete.Verification 36% complete.Verification 36% complete.Verification 36% complete.Verification 37% complete.Verification 37% complete.Verification 38% complete.Verification 38% complete.Verification 38% complete.Verification 39% complete.Verification 39% complete.Verification 39% complete.Verification 40% complete.Verification 40% complete.Verification 41% complete.Verification 41% complete.Verification 41% complete.Verification 42% complete.Verification 42% complete.Verification 42% complete.Verification 43% complete.Verification 43% complete.Verification 44% complete.Verification 44% complete.Verification 44% complete.Verification 45% complete.Verification 45% complete.Verification 45% complete.Verification 46% complete.Verification 46% complete.Verification 46% complete.Verification 47% complete.Verification 47% complete.Verification 48% complete.Verification 48% complete.Verification 48% complete.Verification 49% complete.Verification 49% complete.Verification 49% complete.Verification 50% complete.Verification 50% complete.Verification 51% complete.Verification 51% complete.Verification 51% complete.Verification 52% complete.Verification 52% complete.Verification 52% complete.Verification 53% complete.Verification 53% complete.Verification 53% complete.Verification 54% complete.Verification 54% complete.Verification 55% complete.Verification 55% complete.Verification 55% complete.Verification 56% complete.Verification 56% complete.Verification 56% complete.Verification 57% complete.Verification 57% complete.Verification 58% complete.Verification 58% complete.Verification 58% complete.Verification 59% complete.Verification 59% complete.Verification 59% complete.Verification 60% complete.Verification 60% complete.Verification 61% complete.Verification 61% complete.Verification 61% complete.Verification 62% complete.Verification 62% complete.Verification 62% complete.Verification 63% complete.Verification 63% complete.Verification 63% complete.Verification 64% complete.Verification 64% complete.Verification 65% complete.Verification 65% complete.Verification 65% complete.Verification 66% complete.Verification 66% complete.Verification 66% complete.Verification 67% complete.Verification 67% complete.Verification 68% complete.Verification 68% complete.Verification 68% complete.Verification 69% complete.Verification 69% complete.Verification 69% complete.Verification 70% complete.Verification 70% complete.Verification 70% complete.Verification 71% complete.Verification 71% complete.Verification 72% complete.Verification 72% complete.Verification 72% complete.Verification 73% complete.Verification 73% complete.Verification 73% complete.Verification 74% complete.Verification 74% complete.Verification 75% complete.Verification 75% complete.Verification 75% complete.Verification 76% complete.Verification 76% complete.Verification 76% complete.Verification 77% complete.Verification 77% complete.Verification 78% complete.Verification 78% complete.Verification 78% complete.Verification 79% complete.Verification 79% complete.Verification 79% complete.Verification 80% complete.Verification 80% complete.Verification 80% complete.Verification 81% complete.Verification 81% complete.Verification 82% complete.Verification 82% complete.Verification 82% complete.Verification 83% complete.Verification 83% complete.Verification 83% complete.Verification 84% complete.Verification 84% complete.Verification 85% complete.Verification 85% complete.Verification 85% complete.Verification 86% complete.Verification 86% complete.Verification 86% complete.Verification 87% complete.Verification 87% complete.Verification 88% complete.Verification 88% complete.Verification 88% complete.Verification 89% complete.Verification 89% complete.Verification 89% complete.Verification 90% complete.Verification 90% complete.Verification 90% complete.Verification 91% complete.Verification 91% complete.Verification 92% complete.Verification 92% complete.Verification 92% complete.Verification 93% complete.Verification 93% complete.Verification 93% complete.Verification 94% complete.Verification 94% complete.Verification 95% complete.Verification 95% complete.Verification 95% complete.Verification 96% complete.Verification 96% complete.Verification 96% complete.Verification 97% complete.Verification 97% complete.Verification 97% complete.Verification 98% complete.Verification 98% complete.Verification 99% complete.Verification 99% complete.Verification 99% complete.Verification 100% complete.


Windows Resource Protection did not find any integrity violations.


========= End of CMD: =========


==== End of Fixlog 10:33:32 ====
dem66 is offline   Reply With Quote
Reply

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 03:44 PM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts