Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Sluggish startup and numerous restarts


  • Please log in to reply

#1
pnavce

pnavce

    Member

  • Member
  • PipPip
  • 29 posts

PC runs slow all the time. PC is very sluggish on startup, often taking as long as 10 minutes till ready for use. Frequently PC will not become ready and I have to manually turn off and restart, sometimes 3 or 4 times before PC will actually come alive for use. Once a program is open (i.e. MS Word) and do something else for a time, then MS Word will have to be closed and restarted to make it work. Opening of most every program can take up to 3-4 minutes for it to actually open up. 

Frequently the PC will restart on its own 4-5 times during initial start up procedure.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:20-02-2016
Ran by Philip (administrator) on PHILIP-HP (20-02-2016 10:58:05)
Running from C:\Users\Philip\Desktop
Loaded Profiles: Philip (Available Profiles: Philip & DefaultAppPool)
Platform: Windows 10 Home (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13885696 2015-06-24] (Realtek Semiconductor)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7021880 2015-12-30] (AVAST Software)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596528 2015-10-06] (Oracle Corporation)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2015-06-17] (Apple Inc.)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [25122080 2016-02-16] (Dropbox, Inc.)
HKU\S-1-5-21-639460975-812874640-734877944-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8590760 2015-12-08] (Piriform Ltd)
HKU\S-1-5-21-639460975-812874640-734877944-1000\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1403304 2016-01-28] (Garmin Ltd. or its subsidiaries)
HKU\S-1-5-21-639460975-812874640-734877944-1000\...\RunOnce: [Uninstall C:\Users\Philip\AppData\Local\Microsoft\OneDrive\17.3.5892.0626_1\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Philip\AppData\Local\Microsoft\OneDrive\17.3.5892.0626_1\amd64"
HKU\S-1-5-21-639460975-812874640-734877944-1000\...\Policies\system: [EnableLUA] 1
HKU\S-1-5-21-639460975-812874640-734877944-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\WLXPGSS.SCR [301936 2010-09-22] (Microsoft Corporation)
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1403304 2016-01-28] (Garmin Ltd. or its subsidiaries)
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-12-30] (AVAST Software)
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 205.171.3.26 205.171.2.26
Tcpip\..\Interfaces\{34c50cc4-74f8-48a4-9b40-58e9a7f1c13e}: [DhcpNameServer] 192.168.0.1 205.171.3.26 205.171.2.26
 
Internet Explorer:
==================
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSE1
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,First Home Page = hxxp://go.microsoft.com/fwlink/?LinkID=226786&Mkt=en-US&Src=WD8&Tid=000328B9&OHP=http%3A%2F%2Fwww.google.com&OSP=
HKU\S-1-5-21-639460975-812874640-734877944-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
HKU\S-1-5-21-639460975-812874640-734877944-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.msn.com/?pc=AV01
HKU\S-1-5-21-639460975-812874640-734877944-1000\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://js.redirect.hp.com/jumpstation?bd=all&c=143&locale=ww_ww&pf=cnnb&s=ieHPtab&tp=iehome
SearchScopes: HKLM -> {3CC8EA46-C645-4134-A48D-0C77F46A73B3} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKLM -> {AC4E08EF-2183-450E-B346-D4163BA55119} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM -> {D1564CAF-8680-4433-9C61-28CBD2EB9C6C} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKLM -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL = 
SearchScopes: HKLM -> {E036A19D-ADDA-4EDB-A48C-6EB3B5C33BCC} URL = 
SearchScopes: HKLM -> {E9004766-02D9-486D-9039-AC1A3A664D31} URL = hxxp://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
SearchScopes: HKLM-x32 -> {3CC8EA46-C645-4134-A48D-0C77F46A73B3} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKLM-x32 -> {D1564CAF-8680-4433-9C61-28CBD2EB9C6C} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKU\.DEFAULT -> {3CC8EA46-C645-4134-A48D-0C77F46A73B3} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKU\.DEFAULT -> {4C4C7AAB-5854-4241-A414-E2F1EF119C4A} URL = hxxp://www.dnsbasic.com/?prt=DNSBASIC111&sp=&keywords={searchTerms}
SearchScopes: HKU\.DEFAULT -> {AC4E08EF-2183-450E-B346-D4163BA55119} URL = 
SearchScopes: HKU\.DEFAULT -> {E9004766-02D9-486D-9039-AC1A3A664D31} URL = 
SearchScopes: HKU\S-1-5-21-639460975-812874640-734877944-1000 -> {3CC8EA46-C645-4134-A48D-0C77F46A73B3} URL = 
SearchScopes: HKU\S-1-5-21-639460975-812874640-734877944-1000 -> {AC4E08EF-2183-450E-B346-D4163BA55119} URL = 
SearchScopes: HKU\S-1-5-21-639460975-812874640-734877944-1000 -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKU\S-1-5-21-639460975-812874640-734877944-1000 -> {DE75352B-8935-40B9-A404-7A62C342044C} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\S-1-5-21-639460975-812874640-734877944-1000 -> {E9004766-02D9-486D-9039-AC1A3A664D31} URL = 
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-12-30] (AVAST Software)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-12-31] (Google Inc.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\ssv.dll [2015-12-02] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-12-30] (AVAST Software)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll [2010-09-22] (Microsoft Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-12-31] (Google Inc.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\jp2ssv.dll [2015-12-02] (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-12-31] (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-12-31] (Google Inc.)
Toolbar: HKU\.DEFAULT -> No Name - {42435041-3100-A76A-76A7-7A786E7484D7} -  No File
Toolbar: HKU\S-1-5-21-639460975-812874640-734877944-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-12-31] (Google Inc.)
DPF: HKLM-x32 {ADACAA8F-3595-47FE-9C31-9C7471B9BEC7} hxxp://webcam.villageviewchristianacademy.com/cab/OCXChecker_8570.cab
 
FireFox:
========
FF ProfilePath: C:\Users\Philip\AppData\Roaming\Mozilla\Firefox\Profiles\ztmfvorq.default
FF SelectedSearchEngine: Vosteran
FF NewTab: about:newtab
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_19_0_0_245.dll [2015-12-02] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_245.dll [2015-12-02] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2015-12-02] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2015-12-02] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-09-22] (Microsoft Corporation)
FF Plugin-x32: @oberon-media.com/ONCAdapter -> C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.14\npapicomadapter.dll [No File]
FF Plugin-x32: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 -> C:\Users\Philip\AppData\Roaming\Visan\plugins\npRLSecurePluginLayer.dll [2011-05-13] (RocketLife, LLP)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin-x32: GvNPRT -> C:\Program Files (x86)\GvNPRT\nprt_gvx.dll [2013-05-31] ( )
FF Plugin HKU\S-1-5-21-639460975-812874640-734877944-1000: @citrixonline.com/appdetectorplugin -> C:\Users\Philip\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2014-08-02] (Citrix Online)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL [2006-10-26] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2015-02-26] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2015-02-26] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2015-02-26] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2015-02-26] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2015-02-26] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nprt_gvx.dll [2013-05-31] ( )
FF Extension: No Name - C:\Users\Philip\AppData\Roaming\Mozilla\Firefox\Profiles\ztmfvorq.default\extensions\[email protected] [not found]
FF Extension: No Name - C:\Program Files (x86)\IObit Apps Toolbar\FF [not found]
FF Extension: No Name - C:\Users\Philip\AppData\Roaming\Mozilla\Firefox\Profiles\ztmfvorq.default\extensions\[email protected] [not found]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-12-30]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: Avast SafePrice - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2015-12-30]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.only-search.com/?babsrc=HP_kms&affID=129428&tt=020914_onst&mntrid=345900FFFF1FF7EB&tsp=5362
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR DefaultSearchURL: Default -> hxxps://www.google.de/search?q={searchTerms}
CHR DefaultSearchKeyword: Default -> google
CHR Profile: C:\Users\Philip\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Philip\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-04-24]
CHR Extension: (Google Docs) - C:\Users\Philip\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-04-24]
CHR Extension: (Google Drive) - C:\Users\Philip\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-05]
CHR Extension: (YouTube) - C:\Users\Philip\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-28]
CHR Extension: (Shopping Assistant 40) - C:\Users\Philip\AppData\Local\Google\Chrome\User Data\Default\Extensions\cekonfccladjgbdhpgobceahgjdcdbod [2015-12-02]
CHR Extension: (Google Search) - C:\Users\Philip\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-05]
CHR Extension: (Google Sheets) - C:\Users\Philip\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-04-24]
CHR Extension: (Google Docs Offline) - C:\Users\Philip\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-28]
CHR Extension: (New Tab Helper 40) - C:\Users\Philip\AppData\Local\Google\Chrome\User Data\Default\Extensions\jloeihbcjbkgigodmcacomgfihpiaiip [2016-02-12]
CHR Extension: (Ghostery) - C:\Users\Philip\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2016-02-20]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Philip\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-30]
CHR Extension: (Gmail) - C:\Users\Philip\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-24]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2015-12-30]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-12-30]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S4 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [226440 2015-12-30] (AVAST Software)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2015-12-07] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2015-12-07] (Dropbox, Inc.)
S4 ForceWare Intelligent Application Manager (IAM); C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe [496232 2010-03-04] ()
S3 Garmin Device Interaction Service; C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe [803856 2016-01-28] (Garmin Ltd. or its subsidiaries)
S4 HBAdmin; C:\Program Files (x86)\PogoplugPC\HBADMIN.EXE [903456 2013-06-11] (Cloud Engines, Inc.)
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2010-10-22] (Hewlett-Packard Co.) [File not signed]
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [26168 2015-12-20] (Hewlett-Packard Company)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
S4 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2013-01-16] (Hewlett-Packard Company) [File not signed]
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
S4 nSvcIp; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe [209000 2010-03-04] ()
S4 PACSPTISVR-Sound_Organizer; C:\Program Files (x86)\Sony\Sound Organizer\Sony.Earth\PACSPTISVR.exe [167208 2014-07-16] (Sony Corporation)
S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
S4 Roxio UPnP Renderer 9; C:\Program Files (x86)\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe [57344 2006-11-26] (Sonic Solutions) [File not signed]
S4 Roxio Upnp Server 9; C:\Program Files (x86)\Roxio\Digital Home 9\RoxioUpnpService9.exe [294912 2006-11-26] (Sonic Solutions) [File not signed]
S4 RoxLiveShare9; C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe [303104 2006-11-27] (Sonic Solutions) [File not signed]
S4 RoxMediaDB9; C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe [880640 2006-11-27] (Sonic Solutions) [File not signed]
S4 RoxWatch9; C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe [159744 2006-11-27] (Sonic Solutions) [File not signed]
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [303360 2015-06-24] (Realtek Semiconductor)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-10] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-10] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2015-12-30] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [97648 2015-12-30] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-12-30] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2015-12-30] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1065208 2016-01-22] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [464256 2016-01-22] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [155304 2015-12-30] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [273784 2015-12-30] (AVAST Software)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2015-10-19] (Windows ® Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2015-10-19] (Windows ® Win 7 DDK provider)
S3 ICDUSB3; C:\Windows\System32\Drivers\ICDUSB3.sys [13312 2008-08-18] (Sony Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2015-12-02] (Malwarebytes)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2013-03-14] (Corel Corporation)
S1 RxFilter; C:\Windows\System32\DRIVERS\RxFilter.sys [58880 2006-11-27] (Sonic Solutions) [File not signed]
S1 RxFilter; C:\Windows\SysWOW64\DRIVERS\RxFilter.sys [58880 2006-11-27] (Sonic Solutions) [File not signed]
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [16152 2014-02-10] ()
S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2013-01-20] (Anchorfree Inc.)
S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-10] ()
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-07-10] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Corporation)
R3 xcetap0; C:\Windows\System32\drivers\xcetap0.sys [39712 2013-04-12] (Cloud Engines, Inc.)
U3 idsvc; no ImagePath
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
U3 wpcsvc; no ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-02-20 10:58 - 2016-02-20 10:58 - 00027762 _____ C:\Users\Philip\Desktop\FRST.txt
2016-02-20 10:57 - 2016-02-20 10:58 - 00000000 ____D C:\FRST
2016-02-20 10:56 - 2016-02-20 10:57 - 02371072 _____ (Farbar) C:\Users\Philip\Desktop\FRST64.exe
2016-02-20 10:31 - 2016-02-20 10:31 - 00016148 _____ C:\WINDOWS\system32\PHILIP-HP_Philip_HistoryPrediction.bin
2016-02-19 20:52 - 2016-02-19 20:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-02-02 10:25 - 2016-02-02 10:25 - 00216607 _____ C:\Users\Philip\Desktop\Eternal.pptx
2016-02-02 08:46 - 2016-02-02 08:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin
2016-02-01 14:08 - 2016-02-01 14:08 - 00439653 _____ C:\Users\Philip\Documents\Dir Page4.sla
2016-02-01 14:06 - 2016-02-01 14:06 - 00497793 _____ C:\Users\Philip\Documents\Dir Page3.sla
2016-02-01 14:03 - 2016-02-01 14:03 - 00473125 _____ C:\Users\Philip\Documents\Dir Page2.sla
2016-02-01 11:44 - 2016-02-01 11:45 - 00039490 _____ C:\Users\Philip\Documents\Dir Cover.sla
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-02-20 11:01 - 2015-04-24 19:26 - 00000926 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-02-20 10:55 - 2013-04-20 09:21 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-02-20 10:46 - 2015-12-07 14:40 - 00000928 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job
2016-02-20 10:11 - 2015-10-17 13:48 - 00004152 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{F4140177-63A6-4AFC-84AD-3A41C42186E3}
2016-02-20 10:09 - 2013-03-14 00:35 - 00000000 ___RD C:\Users\Philip\Dropbox
2016-02-20 10:09 - 2013-03-14 00:32 - 00000000 ____D C:\Users\Philip\AppData\Roaming\Dropbox
2016-02-20 10:07 - 2015-12-07 14:40 - 00000924 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job
2016-02-20 10:07 - 2015-04-24 19:26 - 00000922 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-02-19 22:57 - 2015-08-03 19:54 - 00000000 ____D C:\Users\Philip
2016-02-19 22:00 - 2015-08-03 19:53 - 01022402 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-02-19 22:00 - 2015-07-10 06:02 - 00000000 ____D C:\WINDOWS\INF
2016-02-19 20:53 - 2015-12-07 14:40 - 00000000 ____D C:\Program Files (x86)\Dropbox
2016-02-19 20:05 - 2015-04-24 19:30 - 00002274 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-02-19 20:04 - 2015-04-24 19:30 - 00002262 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-02-19 19:17 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-02-19 19:10 - 2015-07-10 06:04 - 00000000 ___HD C:\Program Files\WindowsApps
2016-02-19 18:49 - 2015-07-10 05:55 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-02-19 18:46 - 2013-08-13 21:15 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-02-19 18:45 - 2015-12-31 23:05 - 00000000 ____D C:\Users\DefaultAppPool
2016-02-19 18:33 - 2013-03-26 06:54 - 146614896 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-02-19 18:29 - 2015-07-10 07:21 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-02-19 18:23 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2016-02-15 14:40 - 2016-01-18 11:48 - 00000000 ____D C:\Users\Philip\Downloads\HP Downloads
2016-02-12 10:13 - 2015-04-24 19:34 - 00004280 _____ C:\WINDOWS\System32\Tasks\avast! Emergency Update
2016-02-02 17:47 - 2015-07-10 06:06 - 00828920 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-02-02 17:47 - 2015-07-10 06:06 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-02-02 13:55 - 2015-04-24 19:26 - 00003984 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2016-02-02 13:55 - 2015-04-24 19:26 - 00003752 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2016-02-02 12:23 - 2010-12-02 04:38 - 00000000 ____D C:\ProgramData\Hewlett-Packard
2016-02-02 08:46 - 2014-07-28 20:41 - 00003624 _____ C:\WINDOWS\System32\Tasks\GarminUpdaterTask
2016-02-02 08:46 - 2013-04-26 10:29 - 00000000 ____D C:\Program Files (x86)\Garmin
2016-02-02 08:46 - 2013-04-26 10:28 - 00000000 ____D C:\ProgramData\Package Cache
2016-01-29 19:39 - 2015-02-02 10:17 - 00001087 _____ C:\Users\Philip\Desktop\BerBible.lnk
2016-01-22 18:23 - 2015-04-24 19:22 - 01065208 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsnx.sys
2016-01-22 18:23 - 2015-04-24 19:22 - 00464256 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsp.sys
 
==================== Files in the root of some directories =======
 
2014-12-05 09:51 - 2014-12-09 10:48 - 0000062 _____ () C:\Users\Philip\AppData\Roaming\WB.CFG
2013-03-16 13:57 - 2015-05-04 11:33 - 0015872 _____ () C:\Users\Philip\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-12-08 09:28 - 2013-12-08 09:28 - 0000094 _____ () C:\Users\Philip\AppData\Local\fusioncache.dat
2013-04-05 10:44 - 2013-04-05 10:44 - 0004096 ____H () C:\Users\Philip\AppData\Local\keyfile3.drm
2015-03-04 10:13 - 2015-03-04 10:13 - 0007605 _____ () C:\Users\Philip\AppData\Local\Resmon.ResmonCfg
2014-06-14 08:44 - 2015-09-18 07:06 - 0012648 _____ () C:\Users\Philip\AppData\Local\rx_audio.Cache
2013-04-20 19:25 - 2015-09-18 07:06 - 1756336 _____ () C:\Users\Philip\AppData\Local\rx_image.Cache
2015-08-02 12:11 - 2015-08-02 12:11 - 0000000 _____ () C:\Users\Philip\AppData\Local\{4B34A0BA-4AB0-4466-9273-5906A2178034}
2014-11-02 21:33 - 2014-11-02 21:33 - 0000000 _____ () C:\Users\Philip\AppData\Local\{5242F248-9B2A-4529-AA59-0C34561433DA}
2015-05-16 23:00 - 2015-05-16 23:00 - 0000000 _____ () C:\Users\Philip\AppData\Local\{58B93EDB-21C4-4F26-B02F-417A118F58BB}
2015-11-12 14:17 - 2015-11-12 14:17 - 0000000 _____ () C:\Users\Philip\AppData\Local\{5F2C83A2-5C2B-4675-8608-436BED9CA8A5}
2014-12-03 23:58 - 2014-12-03 23:58 - 0000000 _____ () C:\Users\Philip\AppData\Local\{BC7F1FAC-30CF-498A-906C-397D1B1600E6}
2013-05-20 06:06 - 2013-05-20 06:06 - 0000000 _____ () C:\ProgramData\38213a382622542039_c
2013-03-14 13:39 - 2016-01-18 12:00 - 0007210 _____ () C:\ProgramData\hpzinstall.log
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-02-12 09:59
 
==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version:20-02-2016
Ran by Philip (2016-02-20 11:22:36)
Running from C:\Users\Philip\Desktop
Windows 10 Home (X64) (2015-08-04 01:35:23)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-639460975-812874640-734877944-500 - Administrator - Disabled)
ASPNET (S-1-5-21-639460975-812874640-734877944-1004 - Limited - Enabled)
DefaultAccount (S-1-5-21-639460975-812874640-734877944-503 - Limited - Disabled)
Guest (S-1-5-21-639460975-812874640-734877944-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-639460975-812874640-734877944-1002 - Limited - Enabled)
Philip (S-1-5-21-639460975-812874640-734877944-1000 - Administrator - Enabled) => C:\Users\Philip
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
7-Zip 15.12 (x64 edition) (HKLM\...\{23170F69-40C1-2702-1512-000001000000}) (Version: 15.12.00.0 - Igor Pavlov)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 19.0.0.241 - Adobe Systems Incorporated)
Adobe Flash Player 19 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 19.0.0.245 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
AIO_Scan (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}) (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ArcSoft Print Creations - Album Page (HKLM-x32\...\{E6B4117F-AC59-4B13-9274-EB136E8897EE}) (Version:  - ArcSoft)
ArcSoft Print Creations - Funhouse (HKLM-x32\...\{9591C049-5CAE-4E89-A8D9-191F1899628B}) (Version:  - ArcSoft)
ArcSoft Print Creations - Greeting Card (HKLM-x32\...\{F04F9557-81A9-4293-BC49-2C216FA325A7}) (Version:  - ArcSoft)
ArcSoft Print Creations - Photo Book (HKLM-x32\...\{56589DFE-0C29-4DFE-8E42-887B771ECD23}) (Version:  - ArcSoft)
ArcSoft Print Creations - Photo Calendar (HKLM-x32\...\{CA9ED5E4-1548-485B-A293-417840060158}) (Version:  - ArcSoft)
ArcSoft Print Creations - Scrapbook (HKLM-x32\...\{B0D83FCD-9D42-43ED-8315-250326AADA02}) (Version:  - ArcSoft)
ArcSoft Print Creations - Slimline Card (HKLM-x32\...\{007B37D9-0C45-4202-834B-DD5FAAE99D63}) (Version:  - ArcSoft)
ArcSoft Print Creations (HKLM-x32\...\{CAE8A0F1-B498-4C23-95FA-55047E730C8F}) (Version: 2.8.255.384 - ArcSoft)
Audacity 2.0.6 (HKLM-x32\...\Audacity_is1) (Version: 2.0.6 - Audacity Team)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 11.1.2245 - AVAST Software)
BerBible (HKLM-x32\...\BerBible) (Version: 2.41 - LaSofStuf)
BufferChm (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
C4200 (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
c4200_Help (x32 Version: 82.0.210.000 - Hewlett-Packard) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.13 - Piriform)
CCScore (x32 Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden
Copy (x32 Version: 130.0.428.000 - Hewlett-Packard) Hidden
CyberLink DVD Suite Deluxe (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 7.0.2823 - CyberLink Corp.)
D110 (x32 Version: 140.0.283.000 - Hewlett-Packard) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Destinations (x32 Version: 130.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
Digital Voice Editor 3 (HKLM-x32\...\{6CCC133E-9A2F-4CAA-8866-75D029CD3AB3}) (Version: 3.3.01.11240 - Sony Corporation)
DocProc (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
Dropbox (HKLM-x32\...\Dropbox) (Version: 3.14.7 - Dropbox, Inc.)
Dropbox Update Helper (x32 Version: 1.3.27.77 - Dropbox, Inc.) Hidden
DVD Menu Pack for HP MediaSmart Video (HKLM-x32\...\InstallShield_{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}) (Version: 4.1.4030 - Hewlett-Packard)
DVD Menu Pack for HP MediaSmart Video (x32 Version: 4.1.4030 - Hewlett-Packard) Hidden
Elevated Installer (x32 Version: 4.1.16.0 - Garmin Ltd or its subsidiaries) Hidden
ESSBrwr (x32 Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden
ESSCDBK (x32 Version: 8.03.0000.0001 - EASTMAN KODAK Company) Hidden
ESScore (x32 Version: 8.03.0000.0001 - EASTMAN KODAK Company) Hidden
ESSgui (x32 Version: 8.03.0000.0001 - EASTMAN KODAK Company) Hidden
ESSini (x32 Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden
ESSPCD (x32 Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden
ESSPDock (x32 Version: 6.03.0001.0004 - EASTMAN KODAK Company) Hidden
ESSTOOLS (x32 Version: 5.00.0000.0004 - EASTMAN KODAK Company) Hidden
essvatgt (x32 Version: 8.00.0000.0001 - EASTMAN KODAK Company) Hidden
Extended Update (HKU\S-1-5-21-639460975-812874640-734877944-1000\...\Digital Sites) (Version:  - Extended Update) <==== ATTENTION
fflink (x32 Version: 6.02.1001.0001 - EASTMAN KODAK Company) Hidden
File Opener Packages (HKU\S-1-5-21-639460975-812874640-734877944-1000\...\File Opener Packages) (Version:  - ) <==== ATTENTION
Free YouTube Downloader 4.0.305 (HKLM-x32\...\{A7E19604-93AF-4611-8C9F-CE509C2B286F}_is1) (Version:  - HOW Inc.)
Garmin Express (HKLM-x32\...\{0733d53f-b41d-47cc-b336-d95751c4b2cb}) (Version: 4.1.16.0 - Garmin Ltd or its subsidiaries)
Garmin Express (x32 Version: 4.1.16.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (x32 Version: 4.1.16.0 - Garmin Ltd or its subsidiaries) Hidden
GeoVision ADPCM (HKLM-x32\...\GeoADPCM) (Version:  - )
GeoVision Audio (HKLM-x32\...\GeoAudio) (Version:  - )
GeoVision H264 (HKLM-x32\...\Codec_264) (Version:  - )
GeoVision JPEG (HKLM-x32\...\Codec_jpeg) (Version:  - )
GeoVision MJPG (HKLM-x32\...\Codec_MJPG) (Version:  - )
GeoVision MPEG4 (HKLM-x32\...\GEOXCodec) (Version:  - )
GeoVision MPEG4 ASP (HKLM-x32\...\Codec_amp4) (Version:  - )
GeoVision MPEG4 AVC (HKLM-x32\...\Codec_AVC) (Version:  - )
GeoVision MXPG (HKLM-x32\...\Codec_MXPG) (Version:  - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 48.0.2564.116 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.7210.1528 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.21.169 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
GPBaseService2 (x32 Version: 140.0.211.000 - Hewlett-Packard) Hidden
GPL Ghostscript (HKLM\...\GPL Ghostscript 9.07) (Version: 9.07 - Artifex Software Inc.)
HP Advisor (HKLM-x32\...\{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}) (Version: 3.4.10262.3295 - Hewlett-Packard)
HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP MediaSmart CinemaNow 2.0 (HKLM-x32\...\{9008D736-35CA-40DB-A2BE-5F32D954E5AA}) (Version: 2.0 - Hewlett-Packard)
HP MediaSmart DVD (HKLM-x32\...\InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}) (Version: 4.1.4229 - Hewlett-Packard)
HP MediaSmart Music (HKLM-x32\...\InstallShield_{91A34181-9FAD-43AB-A35F-E7A8945B7E1C}) (Version: 4.1.4301 - Hewlett-Packard)
HP MediaSmart Photo (HKLM-x32\...\InstallShield_{6DAF8CDC-9B04-413B-A0F2-BCC13CF8A5BF}) (Version: 4.1.4211 - Hewlett-Packard)
HP MediaSmart SmartMenu (HKLM\...\{5B08AF35-B699-4A44-BB89-3E51E70611E8}) (Version: 3.1.1.12 - Hewlett-Packard)
HP MediaSmart Video (HKLM-x32\...\InstallShield_{D12E3E7F-1B13-4933-A915-16C7DD37A095}) (Version: 4.1.4214 - Hewlett-Packard)
HP MediaSmart/TouchSmart Netflix (HKLM-x32\...\{BDDA1E1E-204E-4368-B0C2-737F16B76307}) (Version: 1.0.3.0 - Hewlett-Packard)
HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard)
HP Photosmart C4200 All-In-One Driver Software 13.0 Rel. 1 (HKLM\...\{14BC5667-22B0-4DC4-8205-597053BBDDC9}) (Version: 13.0 - HP)
HP Photosmart D110 All-In-One Driver Software 14.0 Rel. 7 (HKLM\...\{DBC1DE57-B55A-4D57-9769-1DB9BE506AF7}) (Version: 14.0 - HP)
HP Photosmart Essential 3.5 (HKLM\...\HP Photosmart Essential) (Version: 3.5 - HP)
HP Setup (HKLM-x32\...\{72D90DB3-A16A-4545-B555-868471101833}) (Version: 8.1.4186.3400 - Hewlett-Packard)
HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
HP Support Information (HKLM-x32\...\{B9A03B7B-E0FF-4FB3-BA83-762E58A1B0AA}) (Version: 10.1.0002 - Hewlett-Packard)
HP Support Solutions Framework (HKLM-x32\...\{E2CB09C1-3C76-4395-BB47-50C066535CF8}) (Version: 12.0.30.473 - HP)
HP Update (HKLM-x32\...\{97486FBE-A3FC-4783-8D55-EA37E9D171CC}) (Version: 5.005.000.002 - Hewlett-Packard)
HP Vision Hardware Diagnostics (HKLM\...\{D79A02E9-6713-4335-9668-AAC7474C0C0E}) (Version: 2.1.2.27173 - Hewlett-Packard)
HPAppStudio (x32 Version: 140.0.95.000 - Hewlett-Packard) Hidden
HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden
HPPhotoGadget (x32 Version: 130.0.282.000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabelContent1 (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPPhotosmartEssential (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
Java 8 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218060F0}) (Version: 8.0.600.27 - Oracle Corporation)
Java 8 Update 66 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218066F0}) (Version: 8.0.660.17 - Oracle Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
kgcbaby (x32 Version: 5.03.0000.0002 - EASTMAN KODAK Company) Hidden
kgchday (x32 Version: 5.03.0000.0002 - EASTMAN KODAK Company) Hidden
kgchlwn (x32 Version: 5.03.0000.0002 - EASTMAN KODAK Company) Hidden
kgcinvt (x32 Version: 5.03.0000.0003 - EASTMAN KODAK Company) Hidden
kgckids (x32 Version: 6.03.0001.0001 - EASTMAN KODAK Company) Hidden
kgcmove (x32 Version: 6.03.0001.0001 - EASTMAN KODAK Company) Hidden
kgcvday (x32 Version: 5.03.0000.0002 - EASTMAN KODAK Company) Hidden
Kodak EasyShare software (HKLM-x32\...\{D32470A1-B10C-4059-BA53-CF0486F68EBC}) (Version:  - Eastman Kodak Company)
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.2823 - CyberLink Corp.)
LabelPrint (x32 Version: 2.5.2823 - CyberLink Corp.) Hidden
LightScribe System Software (HKLM-x32\...\{F132000C-1CBA-458F-BF2F-FD43D59410F9}) (Version: 1.18.27.10 - LightScribe)
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
MarketResearch (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 1.1 (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-0081-0409-0000-0000000FF1CE}) (Version: 14.0.6123.5001 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Movie Theme Pack for HP MediaSmart Video (HKLM-x32\...\InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}) (Version: 4.1.4030 - Hewlett-Packard)
Movie Theme Pack for HP MediaSmart Video (x32 Version: 4.1.4030 - Hewlett-Packard) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MyDVD-VR Recorder (x32 Version: 1.0 - Sonic) Hidden
netbrdg (x32 Version: 7.01.0000.0001 - EASTMAN KODAK Company) Hidden
Network64 (Version: 140.0.215.000 - Hewlett-Packard) Hidden
Network64 (Version: 140.0.221.000 - Hewlett-Packard) Hidden
NVIDIA Display Control Panel (HKLM\...\NVIDIA Display Control Panel) (Version: 6.14.11.9739 - NVIDIA Corporation)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10.57.35 - NVIDIA Corporation)
NVIDIA ForceWare Network Access Manager (HKLM-x32\...\{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}) (Version: 1.00.7330.0 - NVIDIA Corporation)
OCR Software by I.R.I.S. 13.0 (HKLM\...\HPOCR) (Version: 13.0 - HP)
OfotoXMI (x32 Version: 8.03.0000.0001 - EASTMAN KODAK Company) Hidden
PaperPort 8.0 SE (HKLM-x32\...\{AEF2D1F3-0696-11D5-8E6A-00C04F7FA234}) (Version: 1.0.0.0000 - ScanSoft, Inc.)
PhotoNow! (HKLM-x32\...\InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}) (Version: 1.1.6904 - CyberLink Corp.)
PhotoNow! (x32 Version: 1.1.6904 - CyberLink Corp.) Hidden
PictureMover (HKLM-x32\...\{264FE20A-757B-492a-B0C3-4009E2997D8A}) (Version: 3.5.0.28 - Hewlett-Packard Company)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Pogoplug PC (HKLM\...\PogoplugPC) (Version: 1.1.14 - Cloud Engines Inc.)
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.4022 - CyberLink Corp.)
Power2Go (x32 Version: 6.1.4022 - CyberLink Corp.) Hidden
PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 8.0.2906 - CyberLink Corp.)
PowerDirector (x32 Version: 8.0.2906 - CyberLink Corp.) Hidden
PS_AIO_07_D110_SW_Min (x32 Version: 140.0.142.000 - Hewlett-Packard) Hidden
PS_AIO_Software_min (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
QuickTime 7 (HKLM-x32\...\{627FFC10-CE0A-497F-BA2B-208CAC638010}) (Version: 7.77.80.95 - Apple Inc.)
QuickTransfer (x32 Version: 140.0.98.000 - Hewlett-Packard) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7535 - Realtek Semiconductor Corp.)
Recovery Manager (x32 Version: 5.5.2926 - CyberLink Corp.) Hidden
Roxio Easy Media Creator 9 Suite (HKLM-x32\...\{938B1CD7-7C60-491E-AA90-1F1888168240}) (Version: 9.0.546 - Roxio)
Scan (x32 Version: 140.0.80.000 - Hewlett-Packard) Hidden
Scribus 1.4.3 (HKLM-x32\...\Scribus 1.4.3) (Version: 1.4.3 - The Scribus Team)
SFR (x32 Version: 8.01.0000.0001 - Eastman Kodak Company) Hidden
SHASTA (x32 Version: 7.01.0000.0001 - EASTMAN KODAK Company) Hidden
skin0001 (x32 Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden
SKINXSDK (x32 Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden
SolutionCenter (x32 Version: 140.0.214.000 - Hewlett-Packard) Hidden
Sonic MyDVD-VR (HKLM-x32\...\InstallShield_{897CA0D9-948F-4E5B-A20E-535E1060D3E6}) (Version: 1.0 - Sonic)
Sound Organizer (HKLM-x32\...\{1452627B-3FC3-4979-A11A-C5F877D8286E}) (Version: 1.6.0.07210 - Sony Corporation)
staticcr (x32 Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden
Status (x32 Version: 140.0.256.000 - Hewlett-Packard) Hidden
Toolbox (x32 Version: 140.0.428.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
UnloadSupport (x32 Version: 11.0.0 - Hewlett-Packard) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
VD64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
VPRINTOL (x32 Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden
WebReg (x32 Version: 140.0.212.017 - Hewlett-Packard) Hidden
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB  (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
WIRELESS (x32 Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden
X264 (HKLM-x32\...\Codec_X264) (Version:  - )
Xingtone Ringtone Maker (HKLM-x32\...\{625304B0-2976-473B-AD81-5CA376093F03}) (Version: 4.2.19 - Xingtone)
XVID (HKLM-x32\...\Codec_XVID) (Version:  - )
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {00505FF0-E928-420C-8DA5-97CDE79B53BD} - System32\Tasks\SpeedFixToolSoftware_Popup => C:\Program Files (x86)\Speed Fix Tool Software\Splash.exe
Task: {02D91BEF-3A26-4129-AA00-60364263828A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2016-01-12] (Hewlett-Packard Company)
Task: {0614E216-9586-4DC9-9417-9663E71FFA81} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {0698A421-BA70-4236-BE7B-2A746840404E} - \Test TimeTrigger -> No File <==== ATTENTION
Task: {09BABDC9-99EA-4465-A940-77FF89F54D12} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-12-07] (Dropbox, Inc.)
Task: {09DD22EA-249F-4834-94E9-2F324E944E0D} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {0E8551ED-005D-40C6-90E3-80D5843F8DBB} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\Windows\ehome\ehPrivJob.exe
Task: {11AF3AA0-A9DB-4F38-8EDD-306D6180CFF7} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {1310B42C-525D-49D6-BCE0-09D1BB6B1523} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe
Task: {1456B46F-A247-4C2C-8653-93B8C827FC5F} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-12-07] (Dropbox, Inc.)
Task: {1706F8DD-8668-440E-B22C-E92ABD6DA2AF} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\Windows\ehome\ehrec.exe
Task: {1783E824-100B-4B39-9E3B-E6F94844C9E9} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HPSAObjUtilTask => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\UtilTask.exe
Task: {17F73DFC-DCD3-4BD9-9BEC-30234BAA7C91} - \Only-search -> No File <==== ATTENTION
Task: {1AFCEDCC-2A0D-4695-BF1D-C31BB9199D40} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-01-06] (Hewlett-Packard)
Task: {27C411B7-E322-486B-938E-48EF225CFC07} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {2F0B2903-9F5B-4E96-8394-51698C1980DD} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\Windows\ehome\ehPrivJob.exe
Task: {351F3C64-F585-4C33-BF7B-90CA8F288023} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {35946DAF-22EF-4486-98A6-039BE6992D5F} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {3691FF85-D708-409B-BE7A-284ADA2BCFB2} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\Windows\ehome\ehPrivJob.exe
Task: {392AAB2B-15F7-48B1-B07E-0BE480D834F6} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\Windows\ehome\mcupdate.exe
Task: {40D0A9FA-78DC-4284-A82A-38A059DDFD4F} - System32\Tasks\Driver Booster SkipUAC (Philip) => C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe
Task: {4174D0B1-D662-4442-BE05-E74FDA7AB687} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {4312DFEF-6E07-4F86-BC8F-68B9BE54654D} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe [2016-01-28] ()
Task: {56E1AD91-2C83-4A50-BB32-B5CCEB3762A6} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe
Task: {5BD0BC53-AA00-4823-9473-D55798540212} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {5C23735B-1122-4F15-B170-89C1F7409A8D} - System32\Tasks\{6D0103AF-6F33-4C54-BD2B-FFAB8DE252B9} => pcalua.exe -a "C:\Program Files (x86)\IObit\Advanced SystemCare 7\SecurityHole_Backup\KB2467173.exe" -d C:\Windows\system32 -c /quiet /norestart
Task: {5C5D937A-68CC-4B09-95AA-393ACFD90B58} - System32\Tasks\avastBCLRestartS-1-5-21-639460975-812874640-734877944-1000 => Chrome.exe 
Task: {694F780A-553E-4771-A952-F20C1AF3087E} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-02-19] (Microsoft Corporation)
Task: {69B7AFF5-E1DC-464B-BD98-780906C53408} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated)
Task: {72D25743-AA3E-4476-BD77-F0AD4EF63224} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-13] (Google Inc.)
Task: {75E207A5-0575-446A-974A-D178024369F1} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\Windows\ehome\ehrec.exe
Task: {7B0DFFF0-6088-41CF-A75A-878BA845C91F} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\Windows\ehome\ehPrivJob.exe
Task: {7B2BFF7F-F1AC-48C6-89A0-5A9AFE3B34EC} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {8465E2C1-36AD-4EA3-8ECA-5C561635B621} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\Windows\ehome\ehPrivJob.exe
Task: {86F416AC-443F-4B40-B4A1-34EAD02939BF} - System32\Tasks\Driver Booster SkipUAC (SYSTEM) => C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe
Task: {9389671E-A3CE-4626-ACF0-B1DCE16DED5D} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {9730BF4E-B078-4657-B1D6-89B66760A931} - System32\Tasks\Uninstaller_SkipUac_Philip => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe
Task: {9D68AD1A-3850-45B6-BC03-009D74EB709E} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\Windows\ehome\ehPrivJob.exe
Task: {A1D35F98-7D4F-4EC2-9239-00601DC46FCE} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\Windows\ehome\ehPrivJob.exe
Task: {A489B528-91C6-4184-A0AF-723508AC6495} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\Windows\ehome\MCUpdate.exe
Task: {A894259E-D7D0-41BB-AED3-1D8F66401E39} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\Windows\ehome\ehPrivJob.exe
Task: {ADE3A310-7B95-4665-B4EF-598AB49C151D} - System32\Tasks\RecoveryCDWin7 => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2010-05-25] ()
Task: {AFDA4FCB-849F-49E0-AC6A-9AF99D238E46} - System32\Tasks\{33C559CA-E8B3-45B6-8CCC-5DC2EDB8D57F} => pcalua.exe -a F:\Setup.exe -d F:\
Task: {B053EC82-AEA9-483A-AD51-485C32ED7D50} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-12-30] (AVAST Software)
Task: {B0FB044E-C79D-45A7-8A1A-062D6A0BBE14} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {B10439E1-E185-4DB2-807B-DD6AC98B530E} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\Windows\ehome\ehPrivJob.exe
Task: {B6E317D1-CC76-4435-8634-1D2B46764574} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {B92A5C1F-2083-497F-B44F-60F380623673} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {B981BCFB-32FA-42EE-B838-B59BE6E051A1} - System32\Tasks\Registration => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2010-05-25] ()
Task: {BB82A9AB-B99A-4D18-B96A-1A756FC106A4} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-13] (Google Inc.)
Task: {BC838727-5365-48B0-88F0-AC4478CF7933} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {C4B4BB85-3123-4476-B7C1-5833EA1A03F2} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {C4D5D3CC-58F8-43D2-AC4F-FA91F4439F57} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {C9F10005-5314-4640-BBAC-B7815B40AB05} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-12-08] (Piriform Ltd)
Task: {CE3778CA-4B76-493D-BDD5-F48AAA2A1B6A} - System32\Tasks\{0946B3FD-C7EF-4455-ABAA-47FE6CB61B6C} => pcalua.exe -a "C:\Program Files\DomaIQ Uninstaller\DomaIQUninstall.exe"
Task: {D27836F0-6DD0-4826-8F30-EED415CE822F} - System32\Tasks\ServicePlan => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2010-05-25] ()
Task: {D75219D2-29CB-43C3-B4F4-05181EB8753E} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {DC12AA39-FB94-4A48-B7D9-41BC5B2804C4} - System32\Tasks\EasyShare Registration Task => Rundll32.exe C:\PROGRA~3\Kodak\EasyShareSetup\$REGIS~1\Registration_8.3.20.1.sxt [email protected]
Task: {E111B6F5-600C-4B29-96AA-96F4A661A027} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-12-02] (Adobe Systems Incorporated)
Task: {E8FA7856-F1C0-48C9-88EE-4613503C97E8} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {F809B3DB-23B7-4759-B88C-17638039582F} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\Windows\ehome\mcupdate.exe
Task: {FAE16E51-0B80-4FD5-8CD0-313C90870864} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {FC168DBD-8327-4CC8-BEBE-28B294DC8806} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {FD66ECF2-E748-4178-9DBA-A8C7B3648511} - System32\Tasks\SpeedFixToolSoftware_Start => C:\Program Files (x86)\Speed Fix Tool Software\SpeedFixToolSoftware.exe
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\EasyShare Registration Task.job => C:\Windows\system32\rundll32.exeZC:\PROGRA~3\Kodak\EasyShareSetup\$REGIS~1\Registration_8.3.20.1.sxt
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-07-10 06:00 - 2015-07-10 06:00 - 00028160 _____ () C:\WINDOWS\SYSTEM32\efsext.dll
2015-08-03 23:39 - 2015-08-03 23:39 - 00032768 _____ () C:\WINDOWS\SYSTEM32\licensemanagerapi.dll
2015-10-17 14:08 - 2015-08-11 04:14 - 00404480 _____ () C:\WINDOWS\System32\diagtrack_wininternal.dll
2015-10-17 14:14 - 2015-09-17 01:48 - 02494712 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2015-10-17 14:14 - 2015-09-17 01:48 - 02494712 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2015-10-17 14:14 - 2015-09-17 00:43 - 02028544 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RulesService.dll
2015-12-09 15:09 - 2015-11-24 23:17 - 00471040 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2015-12-09 15:09 - 2015-11-24 23:17 - 00619008 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SignalsManager.dll
2015-12-09 15:11 - 2015-11-24 23:20 - 06569472 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2015-12-09 15:10 - 2015-11-24 23:17 - 01808384 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2015-10-17 14:14 - 2015-09-17 00:43 - 02274816 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-10-17 14:08 - 2015-09-17 00:48 - 00429056 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2015-12-30 23:06 - 2015-12-30 23:06 - 00103888 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-12-30 23:06 - 2015-12-30 23:06 - 00125512 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2016-02-19 18:17 - 2016-02-19 18:17 - 02835968 _____ () C:\Program Files\AVAST Software\Avast\defs\16021901\algo.dll
2015-12-30 23:06 - 2015-12-30 23:06 - 00469008 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2016-02-20 10:15 - 2016-02-20 10:15 - 02835968 _____ () C:\Program Files\AVAST Software\Avast\defs\16022000\algo.dll
2015-12-30 23:06 - 2015-12-30 23:06 - 40539648 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2016-02-19 20:51 - 2016-01-12 13:44 - 00034768 _____ () C:\Program Files (x86)\Dropbox\Client\_multiprocessing.pyd
2016-02-19 20:50 - 2016-01-12 13:45 - 00019408 _____ () C:\Program Files (x86)\Dropbox\Client\faulthandler.pyd
2016-02-19 20:50 - 2016-01-12 13:44 - 00116688 _____ () C:\Program Files (x86)\Dropbox\Client\pywintypes27.dll
2016-02-19 20:51 - 2016-01-12 13:44 - 00093640 _____ () C:\Program Files (x86)\Dropbox\Client\_ctypes.pyd
2016-02-19 20:51 - 2016-01-12 13:44 - 00018376 _____ () C:\Program Files (x86)\Dropbox\Client\select.pyd
2016-02-19 20:51 - 2016-02-16 13:39 - 00019760 _____ () C:\Program Files (x86)\Dropbox\Client\tornado.speedups.pyd
2016-02-19 20:51 - 2016-01-12 13:46 - 00105928 _____ () C:\Program Files (x86)\Dropbox\Client\win32api.pyd
2016-02-19 20:50 - 2016-01-12 13:44 - 00392144 _____ () C:\Program Files (x86)\Dropbox\Client\pythoncom27.dll
2016-02-19 20:51 - 2016-02-16 13:39 - 00381752 _____ () C:\Program Files (x86)\Dropbox\Client\win32com.shell.shell.pyd
2016-02-19 20:51 - 2016-01-12 13:44 - 00692688 _____ () C:\Program Files (x86)\Dropbox\Client\unicodedata.pyd
2016-02-19 20:50 - 2016-02-16 13:38 - 00020816 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._constant_time.pyd
2016-02-19 20:51 - 2016-01-12 13:45 - 00112592 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_backend.pyd
2016-02-19 20:50 - 2016-02-16 13:38 - 01682760 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._openssl.pyd
2016-02-19 20:50 - 2016-02-16 13:38 - 00020808 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._padding.pyd
2016-02-19 20:51 - 2016-02-16 13:39 - 00020800 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_python_x66cf7a7cx17a72769.pyd
2016-02-19 20:51 - 2016-02-16 13:39 - 00021840 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_unicode_environ_win32_x8bf8e68bx9968e850.pyd
2016-02-19 20:50 - 2016-02-16 13:39 - 00038696 _____ () C:\Program Files (x86)\Dropbox\Client\fastpath.pyd
2016-02-19 20:50 - 2016-01-12 13:46 - 00020936 _____ () C:\Program Files (x86)\Dropbox\Client\mmapfile.pyd
2016-02-19 20:51 - 2016-01-12 13:46 - 00024528 _____ () C:\Program Files (x86)\Dropbox\Client\win32event.pyd
2016-02-19 20:51 - 2016-01-12 13:47 - 00114640 _____ () C:\Program Files (x86)\Dropbox\Client\win32security.pyd
2016-02-19 20:51 - 2016-01-12 13:46 - 00124880 _____ () C:\Program Files (x86)\Dropbox\Client\win32file.pyd
2016-02-19 20:51 - 2016-02-16 13:39 - 00021832 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_pywin_kernel32_x64d8f881xc8c369be.pyd
2016-02-19 20:51 - 2016-01-12 13:46 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32clipboard.pyd
2016-02-19 20:51 - 2016-01-12 13:46 - 00175560 _____ () C:\Program Files (x86)\Dropbox\Client\win32gui.pyd
2016-02-19 20:51 - 2016-01-12 13:47 - 00030160 _____ () C:\Program Files (x86)\Dropbox\Client\win32pipe.pyd
2016-02-19 20:51 - 2016-01-12 13:47 - 00043472 _____ () C:\Program Files (x86)\Dropbox\Client\win32process.pyd
2016-02-19 20:51 - 2016-01-12 13:47 - 00028616 _____ () C:\Program Files (x86)\Dropbox\Client\win32ts.pyd
2016-02-19 20:51 - 2016-01-12 13:47 - 00048592 _____ () C:\Program Files (x86)\Dropbox\Client\win32service.pyd
2016-02-19 20:50 - 2016-02-16 13:39 - 00026456 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox.infinite.win.compiled._driverinstallation.pyd
2016-02-19 20:51 - 2016-01-12 13:46 - 00057808 _____ () C:\Program Files (x86)\Dropbox\Client\win32evtlog.pyd
2016-02-19 20:51 - 2016-01-12 13:47 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32profile.pyd
2016-02-19 20:50 - 2016-02-16 13:38 - 00117056 _____ () C:\Program Files (x86)\Dropbox\Client\breakpad.client.windows.handler.pyd
2016-02-19 20:50 - 2016-02-16 13:39 - 00024392 _____ () C:\Program Files (x86)\Dropbox\Client\librsyncffi.compiled._librsyncffi.pyd
2016-02-19 20:50 - 2016-01-12 13:47 - 00036296 _____ () C:\Program Files (x86)\Dropbox\Client\librsync.dll
2016-02-19 20:50 - 2016-02-16 13:39 - 00031568 _____ () C:\Program Files (x86)\Dropbox\Client\enterprise_data.compiled._enterprise_data.pyd
2016-02-19 20:50 - 2015-11-04 19:04 - 00293392 _____ () C:\Program Files (x86)\Dropbox\Client\EnterpriseDataAdapter.dll
2016-02-19 20:51 - 2016-02-16 13:39 - 00023376 _____ () C:\Program Files (x86)\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.pyd
2016-02-19 20:51 - 2016-01-12 13:44 - 00134608 _____ () C:\Program Files (x86)\Dropbox\Client\_elementtree.pyd
2016-02-19 20:50 - 2016-01-12 13:44 - 00134088 _____ () C:\Program Files (x86)\Dropbox\Client\pyexpat.pyd
2016-02-19 20:50 - 2016-01-12 13:45 - 00240584 _____ () C:\Program Files (x86)\Dropbox\Client\jpegtran.pyd
2016-02-19 20:50 - 2016-02-16 13:39 - 00052024 _____ () C:\Program Files (x86)\Dropbox\Client\psutil._psutil_windows.pyd
2016-02-19 20:51 - 2016-02-16 13:39 - 00020800 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.iphlpapi._winffi_iphlpapi.pyd
2016-02-19 20:51 - 2016-02-16 13:39 - 00021824 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.kernel32._winffi_kernel32.pyd
2016-02-19 20:51 - 2016-02-16 13:39 - 00019776 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winerror._winffi_winerror.pyd
2016-02-19 20:51 - 2016-02-16 13:39 - 00020800 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.wininet._winffi_wininet.pyd
2016-02-19 20:50 - 2016-02-16 13:38 - 00020280 _____ () C:\Program Files (x86)\Dropbox\Client\cpuid.compiled._cpuid.pyd
2016-02-19 20:51 - 2016-01-12 13:47 - 00350152 _____ () C:\Program Files (x86)\Dropbox\Client\winxpgui.pyd
2016-02-19 20:51 - 2016-02-16 13:39 - 00022352 _____ () C:\Program Files (x86)\Dropbox\Client\winverifysignature.compiled._VerifySignature.pyd
2016-02-19 20:50 - 2016-02-16 13:39 - 00084792 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_sqlite_ext.DLL
2016-02-19 20:50 - 2016-02-16 13:39 - 01826096 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtCore.pyd
2016-02-19 20:51 - 2016-01-12 13:45 - 00083912 _____ () C:\Program Files (x86)\Dropbox\Client\sip.pyd
2016-02-19 20:50 - 2016-02-16 13:39 - 03928880 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWidgets.pyd
2016-02-19 20:50 - 2016-02-16 13:39 - 01971504 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtGui.pyd
2016-02-19 20:50 - 2016-02-16 13:39 - 00531248 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtNetwork.pyd
2016-02-19 20:50 - 2016-02-16 13:39 - 00132912 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKit.pyd
2016-02-19 20:50 - 2016-02-16 13:39 - 00223544 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKitWidgets.pyd
2016-02-19 20:50 - 2016-02-16 13:39 - 00207672 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtPrintSupport.pyd
2016-02-19 20:50 - 2016-02-16 13:39 - 00158008 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineWidgets.pyd
2016-02-19 20:50 - 2016-02-16 13:39 - 00042808 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebChannel.pyd
2016-02-19 20:50 - 2016-01-12 13:49 - 00017864 _____ () C:\Program Files (x86)\Dropbox\Client\libEGL.dll
2016-02-19 20:50 - 2016-01-12 13:49 - 01631184 _____ () C:\Program Files (x86)\Dropbox\Client\libGLESv2.dll
2016-02-19 20:51 - 2016-02-16 13:39 - 00024904 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_wpad_proxy_win_x752e3d61xdcfdcc84.pyd
2016-02-19 20:50 - 2016-02-16 13:39 - 00546096 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQuick.pyd
2016-02-19 20:50 - 2016-02-16 13:39 - 00357680 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQml.pyd
2016-02-19 20:51 - 2016-01-12 13:52 - 00697304 _____ () C:\Program Files (x86)\Dropbox\Client\QtQuick\Controls\qtquickcontrolsplugin.dll
2016-02-19 20:03 - 2016-02-17 23:15 - 16808600 _____ () C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.116\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\ProgramData\Temp:F2721624
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE restricted site: HKU\S-1-5-21-639460975-812874640-734877944-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-639460975-812874640-734877944-1000\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-639460975-812874640-734877944-1000\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-639460975-812874640-734877944-1000\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-639460975-812874640-734877944-1000\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-639460975-812874640-734877944-1000\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-639460975-812874640-734877944-1000\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-639460975-812874640-734877944-1000\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-639460975-812874640-734877944-1000\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-639460975-812874640-734877944-1000\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-639460975-812874640-734877944-1000\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-639460975-812874640-734877944-1000\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-639460975-812874640-734877944-1000\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-639460975-812874640-734877944-1000\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-639460975-812874640-734877944-1000\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-639460975-812874640-734877944-1000\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-639460975-812874640-734877944-1000\...\1001movie.com -> 1001movie.com
IE restricted site: HKU\S-1-5-21-639460975-812874640-734877944-1000\...\1001night.biz -> 1001night.biz
IE restricted site: HKU\S-1-5-21-639460975-812874640-734877944-1000\...\100gal.net -> 100gal.net
IE restricted site: HKU\S-1-5-21-639460975-812874640-734877944-1000\...\100sexlinks.com -> 100sexlinks.com
 
There are 4788 more sites.
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 21:34 - 2014-10-09 06:13 - 00000098 ____A C:\WINDOWS\system32\Drivers\etc\hosts
 
127.0.0.1       localhost
::1       localhost
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-639460975-812874640-734877944-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Philip\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\transcodedwallpaper.jpg
DNS Servers: 192.168.0.1 - 205.171.3.26
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\Services: ACDaemon => 2
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: Apple Mobile Device => 2
MSCONFIG\Services: AxInstSV => 3
MSCONFIG\Services: bthserv => 3
MSCONFIG\Services: Fax => 3
MSCONFIG\Services: ForceWare Intelligent Application Manager (IAM) => 2
MSCONFIG\Services: Garmin Device Interaction Service => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: gusvc => 3
MSCONFIG\Services: HBAdmin => 2
MSCONFIG\Services: hidserv => 3
MSCONFIG\Services: LightScribeService => 2
MSCONFIG\Services: nSvcIp => 2
MSCONFIG\Services: PACSPTISVR-Sound_Organizer => 3
MSCONFIG\Services: RasAuto => 3
MSCONFIG\Services: RasMan => 3
MSCONFIG\Services: RemoteRegistry => 3
MSCONFIG\Services: Roxio UPnP Renderer 9 => 3
MSCONFIG\Services: Roxio Upnp Server 9 => 2
MSCONFIG\Services: RoxLiveShare9 => 2
MSCONFIG\Services: RoxMediaDB9 => 3
MSCONFIG\Services: RoxWatch9 => 2
MSCONFIG\Services: RpcLocator => 3
MSCONFIG\Services: stllssvr => 3
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Event Reminder.lnk => C:\Windows\pss\Event Reminder.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk => C:\Windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Kodak EasyShare software.lnk => C:\Windows\pss\Kodak EasyShare software.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Snapfish PictureMover.lnk => C:\Windows\pss\Snapfish PictureMover.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Philip^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: ArcSoft Connection Service => C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: DMXLauncher => "C:\Program Files (x86)\Roxio\Media Experience\DMXLauncher.exe"
MSCONFIG\startupreg: GarminExpressTrayApp => "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe"
MSCONFIG\startupreg: GrooveMonitor => "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: HPAdvisorDock => C:\Program Files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe
MSCONFIG\startupreg: hpqSRMon => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
MSCONFIG\startupreg: hpsysdrv => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
MSCONFIG\startupreg: IndexSearch => C:\Program Files (x86)\Scansoft\PaperPort\IndexSearch.exe
MSCONFIG\startupreg: ISUSPM => "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
MSCONFIG\startupreg: ISUSPM Startup => c:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
MSCONFIG\startupreg: ISUSScheduler => "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start
MSCONFIG\startupreg: LightScribe Control Panel => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
MSCONFIG\startupreg: PogoplugPC => "C:\Program Files (x86)\PogoplugPC\ppserver.exe" --starthidden
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: RoxWatchTray => "C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
MSCONFIG\startupreg: RTHDVCPL => "C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
MSCONFIG\startupreg: SmartMenu => C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe /background
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
HKLM\...\StartupApproved\Run: => "RTHDVCPL"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "QuickTime Task"
HKU\S-1-5-21-639460975-812874640-734877944-1000\...\StartupApproved\Run: => "CCleaner Monitoring"
HKU\S-1-5-21-639460975-812874640-734877944-1000\...\StartupApproved\Run: => "GarminExpressTrayApp"
HKU\S-1-5-21-639460975-812874640-734877944-1000\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-639460975-812874640-734877944-1000\...\StartupApproved\Run: => "Uninstall C:\Users\Philip\AppData\Local\Microsoft\OneDrive\17.3.5892.0626_1\amd64"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => (Allow) LPort=808
FirewallRules: [{8851A981-CB82-415C-BC93-7ADC1BC8D8AD}] => (Allow) C:\Program Files (x86)\PogoplugPC\PPSERVER.EXE
FirewallRules: [{A2C1852F-68CA-4425-8E0A-8EE851C6A4EC}] => (Allow) C:\Program Files (x86)\PogoplugPC\PPSERVER.EXE
FirewallRules: [{AA741059-3B6F-471D-A2F7-F201A4633E35}] => (Allow) C:\Program Files (x86)\PogoplugPC\PPSERVER.EXE
FirewallRules: [{5AE9F53C-99A1-4E82-B145-B02C1E38A07E}] => (Allow) C:\Program Files (x86)\PogoplugPC\PPSERVER.EXE
FirewallRules: [{D5D31ADF-A31A-4F60-96CA-53E91DE122BC}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{20F71518-D54A-4718-A577-DA34D7D90BA4}] => (Allow) E:\setup\hpznui40.exe
FirewallRules: [{DB7EC269-9093-4181-A2E2-87AF133A47F1}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{FAC19ED6-7EE4-4017-B57D-A42F1619AA2C}] => (Allow) LPort=1900
FirewallRules: [{D6B4C133-5A73-42BB-A340-12E347EA20BD}] => (Allow) LPort=2869
FirewallRules: [{A6F0AB9C-9568-4DA8-86C5-0BFB65F7CC05}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{BC7BAF0A-A5F4-45D4-9CB4-F2174577674C}] => (Allow) C:\Program Files (x86)\HP\digital imaging\smart web printing\smartwebprintexe.exe
FirewallRules: [{62012CB3-9369-48FF-AF6E-1FA659D2D3CF}] => (Allow) C:\Program Files (x86)\HP\hp software update\hpwucli.exe
FirewallRules: [{4CE2B9C3-88FA-41A6-AC93-346EE6000155}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgh.exe
FirewallRules: [{690831A1-50B2-4C18-BF5F-99EEE1B7FA24}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgm.exe
FirewallRules: [{272CDD14-17E8-47CC-9DDF-30A5ECD98E9C}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
FirewallRules: [{4320D996-4DBC-4B44-BF84-555702366650}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe
FirewallRules: [{5126047E-C5F0-4A0C-A6CD-1F1A4AF585F5}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqpse.exe
FirewallRules: [{813E4DA0-6479-496D-B652-27C31BD51918}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqpsapp.exe
FirewallRules: [{7E328AE2-ADA0-4FF2-9D86-C08381DB0F5C}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqsudi.exe
FirewallRules: [{E25E0511-4346-493A-9B20-F242DA9037CB}] => (Allow) C:\Program Files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe
FirewallRules: [{F3CA5410-E635-48E7-8F18-A6A4723514FA}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe
FirewallRules: [{C3B8CC51-5F27-420A-A717-1A0ABB792CF6}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqnrs08.exe
FirewallRules: [{E19DCA82-6DA9-4819-8140-CA6880CCCE43}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exe
FirewallRules: [{BAFD490B-1B96-46C3-A1F8-897B88B65FF8}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe
FirewallRules: [{AA1CEA63-8332-4F55-AE4D-E970622F1EAD}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcopy2.exe
FirewallRules: [{4318C4D2-028A-4292-AAC9-E223EADF541C}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe
FirewallRules: [{3CA582C2-7BD3-4253-AA72-89C381EDD5B4}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe
FirewallRules: [{FD7CC0C8-4C8C-409B-996C-493D0F23B83A}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
FirewallRules: [{8FE3052C-1D2D-4A25-A5C9-4B82CA3FF9D3}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
FirewallRules: [{F413CF23-FBF3-40E4-91DA-AF714610C4C4}] => (Allow) C:\Program Files (x86)\Windows Live\Sync\WindowsLiveSync.exe
FirewallRules: [{7AA9B531-8FE1-47D9-AA30-E5EA96726B17}] => (Allow) svchost.exe
FirewallRules: [{5E660EED-E5CC-4FB8-AF2E-2413CE5CF6B6}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{3A4AA022-AB72-4670-9634-4241ED823756}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Music\HPTouchSmartMusic.exe
FirewallRules: [{B75ECFBA-D37F-4BAE-9C33-E78BA06A16F4}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\MediaSmart\Video\HPMediaSmartVideo.exe
FirewallRules: [{50736050-3D2D-475C-9E17-798764D819C4}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\MediaSmart\Photo\HPMediaSmartPhoto.exe
FirewallRules: [{E6B55E67-6655-440E-BFA1-DD4438BB2A46}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPDVDSmart.exe
FirewallRules: [{D544AE79-49CD-4C22-9237-185A4A8D584F}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\MediaSmart\CinemaNow\CinemaNow.exe
FirewallRules: [{7B6D146C-62DE-4F56-BB2C-FA2F7D02BEAA}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\MediaSmart\CinemaNow\CinemaNow.exe
FirewallRules: [{216F593C-14D1-4E30-AAFE-05F71CD09FEF}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDirector\PDR8.EXE
FirewallRules: [{551315E9-FA43-4217-BB22-8DEB64882E7F}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{3ACA59BB-F55C-4901-B558-3E81718EDD49}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
 
==================== Restore Points =========================
 
25-01-2016 12:16:08 Windows Update
29-01-2016 21:44:55 Windows Update
02-02-2016 08:44:41 Garmin Express
12-02-2016 09:59:40 Windows Update
12-02-2016 10:04:07 Windows Update
19-02-2016 18:32:20 Windows Update
 
==================== Faulty Device Manager Devices =============
 
Could not list Devices. Check "winmgmt" service or repair WMI.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (02/20/2016 10:42:16 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: PHILIP-HP)
Description: Activation of app Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy!App failed with error: -2147023169 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (02/20/2016 10:42:16 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program ShellExperienceHost.exe version 10.0.10240.16515 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
 
Process ID: 1578
 
Start Time: 01d16bf1f9d57eec
 
Termination Time: 4294967295
 
Application Path: C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
 
Report Id: 7cd74c09-d7e8-11e5-9be1-7071bcc95541
 
Faulting package full name: Microsoft.Windows.ShellExperienceHost_10.0.10240.16384_neutral_neutral_cw5n1h2txyewy
 
Faulting package-relative application ID: App
 
Error: (02/20/2016 10:18:37 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: PHILIP-HP)
Description: Activation of app Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy!App failed with error: -2147024891 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (02/20/2016 10:18:36 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: PHILIP-HP)
Description: Package Microsoft.Windows.ShellExperienceHost_10.0.10240.16384_neutral_neutral_cw5n1h2txyewy+App was terminated because it took too long to suspend.
 
Error: (02/20/2016 10:18:37 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program ShellExperienceHost.exe version 10.0.10240.16515 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
 
Process ID: 88
 
Start Time: 01d16bf05b61cf29
 
Termination Time: 4294967295
 
Application Path: C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
 
Report Id: 2905b995-d7e5-11e5-9be1-7071bcc95541
 
Faulting package full name: Microsoft.Windows.ShellExperienceHost_10.0.10240.16384_neutral_neutral_cw5n1h2txyewy
 
Faulting package-relative application ID: App
 
Error: (02/20/2016 10:12:12 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: PHILIP-HP)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (02/20/2016 10:09:26 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: PHILIP-HP)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2147024865 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (02/20/2016 10:09:26 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: PHILIP-HP)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (02/19/2016 10:41:35 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program explorer.exe version 10.0.10240.16603 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
 
Process ID: c30
 
Start Time: 01d16b6d8e755163
 
Termination Time: 0
 
Application Path: C:\Windows\explorer.exe
 
Report Id: 5953773b-d780-11e5-9be1-7071bcc95541
 
Faulting package full name: 
 
Faulting package-relative application ID:
 
Error: (02/19/2016 10:28:22 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: PHILIP-HP)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
 
System errors:
=============
Error: (02/20/2016 10:23:03 AM) (Source: DCOM) (EventID: 10010) (User: PHILIP-HP)
Description: {005A3A96-BAC4-4B0A-94EA-C0CE100EA736}
 
Error: (02/20/2016 10:12:12 AM) (Source: DCOM) (EventID: 10010) (User: PHILIP-HP)
Description: CortanaUI.AppXtpp90jhw9p0njjb85kvhxpppgrqfp117.mca
 
Error: (02/20/2016 10:09:26 AM) (Source: DCOM) (EventID: 10001) (User: PHILIP-HP)
Description: "C:\WINDOWS\system32\backgroundTaskHost.exe" -ServerName:CortanaUI.AppXy7vb4pc2dr3kc93kfc509b1d0arkfb2x.mca31CortanaUI.AppXr0dtzccx33hvam1xwfz3c1354p6222qd.mcaUnavailableUnavailable
 
Error: (02/20/2016 10:09:26 AM) (Source: DCOM) (EventID: 10010) (User: PHILIP-HP)
Description: CortanaUI.AppXtpp90jhw9p0njjb85kvhxpppgrqfp117.mca
 
Error: (02/19/2016 10:57:40 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Access_Session1 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (02/19/2016 10:57:40 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Storage_Session1 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (02/19/2016 10:57:40 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Contact Data_Session1 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (02/19/2016 10:57:40 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Sync Host_Session1 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (02/19/2016 10:28:22 PM) (Source: DCOM) (EventID: 10010) (User: PHILIP-HP)
Description: CortanaUI.AppXtpp90jhw9p0njjb85kvhxpppgrqfp117.mca
 
Error: (02/19/2016 10:21:02 PM) (Source: DCOM) (EventID: 10001) (User: PHILIP-HP)
Description: "C:\WINDOWS\system32\backgroundTaskHost.exe" -ServerName:CortanaUI.AppXy7vb4pc2dr3kc93kfc509b1d0arkfb2x.mca31CortanaUI.AppXr0dtzccx33hvam1xwfz3c1354p6222qd.mcaUnavailableUnavailable
 
 
CodeIntegrity:
===================================
  Date: 2016-02-19 18:28:36.261
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\RxFilter.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-01-29 17:38:06.825
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\RxFilter.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-01-18 18:59:11.022
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\RxFilter.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-01-18 18:56:02.144
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\RxFilter.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-01-18 18:51:53.324
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\RxFilter.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-01-18 18:12:42.733
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\RxFilter.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-01-18 12:01:14.619
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\RxFilter.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-01-15 21:22:22.767
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\RxFilter.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-01-11 08:06:30.015
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\RxFilter.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-01-04 10:36:09.372
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\RxFilter.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Processor: AMD Sempron™ 145 Processor
Percentage of memory in use: 87%
Total physical RAM: 1791.3 MB
Available physical RAM: 218.33 MB
Total Virtual: 2687.3 MB
Available Virtual: 1159.08 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:285.01 GB) (Free:168.08 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (HP_RECOVERY) (Fixed) (Total:12.54 GB) (Free:1.53 GB) NTFS ==>[system with boot components (obtained from drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 298.1 GB) (Disk ID: F5B63439)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=285 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=450 MB) - (Type=27)
Partition 4: (Not Active) - (Size=12.5 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================

Attached Files


  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,031 posts
  • MVP
I'm not seeing any malware.  Let's check a few things to see if we can figure out why your PC is slow.
 
 
You can do a separate post for each log if you like.
 
Get Process Explorer
 
Save it to your desktop then run it (Vista or Win7 - right click and Run As Administrator).  
 
View, Select Column, check Verified Signer, OK
Options, Verify Image Signatures
 
 
Click twice on the CPU column header  to sort things by CPU usage with the big hitters at the top.  
 
Wait a full minute then:
 
File, Save As, Save.  Open the file Procexp.txt on your desktop and copy and paste the text to a reply.
 
Get the free version of Speccy:
 
http://www.filehippo...download_speccy (Look in the upper right for the Download
Latest Version button  - Do NOT press the large Start Download button on the upper left!)  Download, Save and Install it.  Run Speccy.  When it finishes (the little icon in the bottom left will stop moving), File, Save as Text File,  (to your desktop) note the name it gives. OK.  Open the file in notepad and delete the line that gives the serial number of your Operating System.  (It will be near the top about 10 lines down.) Attach the file to your next post.
 
 
 
Download BlueScreenView
 
Double click on BlueScreenView.exe file to run the program.
When scanning is done, go Edit, Select All.
 
Go File, Save Selected Items, and save the report as BSOD.txt.
Open BSOD.txt in Notepad, copy all content, and paste it into your next reply.
 

  • 0

#3
pnavce

pnavce

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts

Here is the 'procexp' file

Process CPU Private Bytes Working Set PID Description Company Name Verified Signer
System Idle Process 47.31 0 K 4 K 0
SettingSyncHost.exe 15.70 11,540 K 24,172 K 2436 Host Process for Setting Synchronization Microsoft Corporation (Verified) Microsoft Windows
MsMpEng.exe 6.77 136,596 K 84,660 K 2160 Antimalware Service Executable Microsoft Corporation (Verified) Microsoft Corporation
procexp64.exe 5.21 25,436 K 58,520 K 7028 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation
explorer.exe 3.97 29,864 K 78,340 K 9212 Windows Explorer Microsoft Corporation (Verified) Microsoft Windows
SearchProtocolHost.exe 3.60 4,924 K 7,436 K 3384 Microsoft Windows Search Protocol Host Microsoft Corporation (Verified) Microsoft Windows
System 2.08 608 K 153,748 K 4
Interrupts 1.83 0 K 0 K n/a Hardware Interrupts and DPCs
svchost.exe 1.81 21,184 K 36,172 K 4340 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
SearchIndexer.exe 1.73 35,764 K 29,832 K 2864 Microsoft Windows Search Indexer Microsoft Corporation (Verified) Microsoft Windows
dwm.exe 1.69 31,904 K 50,348 K 4992 Desktop Window Manager Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 1.47 35,232 K 45,408 K 3340 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
csrss.exe 1.16 1,636 K 7,152 K 5836 Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1.13 39,768 K 52,140 K 908 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
chrome.exe 0.92 62,860 K 72,308 K 1468 Google Chrome Google Inc. (Verified) Google Inc
AdobeARM.exe 0.64 2,488 K 9,328 K 5796 Adobe Reader and Acrobat Manager Adobe Systems Incorporated (Verified) Adobe Systems
sihost.exe 0.63 4,308 K 18,116 K 460 Shell Infrastructure Host Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 0.63 5,268 K 9,748 K 744 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
Dropbox.exe 0.58 137,592 K 61,244 K 5824 Dropbox Dropbox, Inc. (Verified) Dropbox
chrome.exe 0.26 52,508 K 57,044 K 4972 Google Chrome Google Inc. (Verified) Google Inc
svchost.exe 0.16 7,320 K 19,544 K 704 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
AvastSvc.exe 0.16 77,548 K 40,512 K 1560 avast! Service AVAST Software (Verified) AVAST Software a.s.
AvastUI.exe 0.15 19,360 K 21,876 K 2808 avast! Antivirus AVAST Software (Verified) AVAST Software a.s.
chrome.exe 0.11 17,312 K 42,320 K 5148 Google Chrome Google Inc. (Verified) Google Inc
services.exe 0.08 3,288 K 6,368 K 632 Services and Controller app Microsoft Corporation (Verified) Microsoft Windows Publisher
reader_sl.exe 0.07 1,508 K 4,468 K 9044 Adobe Acrobat SpeedLauncher Adobe Systems Incorporated (Verified) Adobe Systems
svchost.exe 0.04 11,452 K 26,792 K 1048 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
RuntimeBroker.exe 0.03 12,436 K 36,516 K 5900 Runtime Broker Microsoft Corporation (Verified) Microsoft Windows
taskhostw.exe 0.03 5,968 K 14,488 K 5780 Host Process for Windows Tasks Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 0.02 21,964 K 24,576 K 416 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 0.02 2,384 K 8,268 K 3220 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 0.01 5,364 K 18,612 K 368 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
conhost.exe 0.01 1,188 K 304 K 5536 Console Window Host Microsoft Corporation (Verified) Microsoft Windows
msdtc.exe 0.01 2,672 K 8,412 K 3944 Microsoft Distributed Transaction Coordinator Service Microsoft Corporation (Verified) Microsoft Windows
dllhost.exe 0.01 4,512 K 12,156 K 1328 COM Surrogate Microsoft Corporation (Verified) Microsoft Windows
SearchProtocolHost.exe < 0.01 1,420 K 6,548 K 9208 Microsoft Windows Search Protocol Host Microsoft Corporation (Verified) Microsoft Windows
csrss.exe < 0.01 1,376 K 3,532 K 476 Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows Publisher
CompatTelRunner.exe < 0.01 9,820 K 1,840 K 5688 Microsoft Compatibility Telemetry Microsoft Corporation (Verified) Microsoft Corporation
svchost.exe < 0.01 12,628 K 34,512 K 2824 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe < 0.01 7,004 K 23,296 K 3932 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
WmiPrvSE.exe 6,292 K 12,720 K 4700 WMI Provider Host Microsoft Corporation (Verified) Microsoft Windows
WmiPrvSE.exe 1,964 K 7,604 K 7340 WMI Provider Host Microsoft Corporation (Verified) Microsoft Windows
WmiPrvSE.exe 2,404 K 7,148 K 5928 WMI Provider Host Microsoft Corporation (Verified) Microsoft Windows
winlogon.exe 2,240 K 12,028 K 5372 Windows Logon Application Microsoft Corporation (Verified) Microsoft Windows
wininit.exe 976 K 3,696 K 564 Windows Start-Up Application Microsoft Corporation (Verified) Microsoft Windows Publisher
VSSVC.exe 1,364 K 6,556 K 1760 Microsoft® Volume Shadow Copy Service Microsoft Corporation (Verified) Microsoft Windows
unsecapp.exe 1,400 K 6,616 K 2100 Sink to receive asynchronous callbacks for WMI client application Microsoft Corporation (Verified) Microsoft Windows
taskhostw.exe 1,464 K 6,516 K 1408 Host Process for Windows Tasks Microsoft Corporation (Verified) Microsoft Windows
taskeng.exe 1,096 K 5,932 K 3676 Task Scheduler Engine Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 7,920 K 16,940 K 1124 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 4,416 K 9,544 K 728 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 18,152 K 25,872 K 884 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 3,856 K 7,092 K 1552 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,184 K 5,120 K 5972 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,624 K 13,684 K 5420 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,680 K 6,100 K 3588 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 3,948 K 11,000 K 1880 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 3,564 K 6,636 K 1432 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
spoolsv.exe 7,404 K 17,032 K 1868 Spooler SubSystem App Microsoft Corporation (Verified) Microsoft Windows
SMSvcHost.exe 9,504 K 7,244 K 3720 SMSvcHost.exe Microsoft Corporation (Verified) Microsoft Corporation
smss.exe 424 K 684 K 348 Windows Session Manager Microsoft Corporation (Verified) Microsoft Windows Publisher
ShellExperienceHost.exe Suspended 17,444 K 39,816 K 8836 Windows Shell Experience Host Microsoft Corporation (Verified) Microsoft Windows
SearchUI.exe 38,384 K 54,004 K 3564 Search and Cortana application Microsoft Corporation (Verified) Microsoft Windows
SearchFilterHost.exe 1,208 K 5,604 K 8740 Microsoft Windows Search Filter Host Microsoft Corporation (Verified) Microsoft Windows
rundll32.exe 1,784 K 7,168 K 8176 Windows host process (Rundll32) Microsoft Corporation (Verified) Microsoft Windows
RtkAudioService64.exe 1,544 K 6,080 K 1304 Realtek Audio Service Realtek Semiconductor (Verified) Realtek Semiconductor Corp
RemindersServer.exe 6,388 K 14,656 K 6460 Reminders WinRT OOP Server Microsoft Corporation (Verified) Microsoft Windows
RAVBg64.exe 5,740 K 12,704 K 4024 HD Audio Background Process Realtek Semiconductor (Verified) Realtek Semiconductor Corp
procexp.exe 2,732 K 8,252 K 828 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation
nvvsvc.exe 1,356 K 5,732 K 924 NVIDIA Driver Helper Service, Version 197.39 NVIDIA Corporation (Verified) NVIDIA Corporation
NisSrv.exe 10,624 K 7,804 K 2164 Microsoft Network Realtime Inspection Service Microsoft Corporation (Verified) Microsoft Corporation
mqsvc.exe 3,412 K 9,364 K 2092 Message Queuing Service Microsoft Corporation (Verified) Microsoft Windows
MpCmdRun.exe 2,988 K 9,736 K 2208 Microsoft Malware Protection Command Line Utility Microsoft Corporation (Verified) Microsoft Corporation
lsass.exe 6,316 K 13,272 K 640 Local Security Authority Process Microsoft Corporation (Verified) Microsoft Windows Publisher
InstallAgent.exe 1,592 K 10,712 K 7808 InstallAgent Microsoft Corporation (Verified) Microsoft Windows
HPSupportSolutionsFrameworkService.exe 21,692 K 22,636 K 2556 HP Support Solutions Framework Service Hewlett-Packard Company (Verified) Hewlett-Packard Company
fontdrvhost.exe 792 K 2,532 K 5864 Usermode Font Driver Host Microsoft Corporation (Verified) Microsoft Windows
dllhost.exe 3,404 K 8,752 K 2364 COM Surrogate Microsoft Corporation (Verified) Microsoft Windows
DismHost.exe 1,612 K 1,040 K 232 Dism Host Servicing Process Microsoft Corporation (Verified) Microsoft Corporation
dasHost.exe 4,156 K 14,636 K 464 Device Association Framework Provider Host Microsoft Corporation (Verified) Microsoft Windows
CompatTelRunner.exe 684 K 48 K 5368 Microsoft Compatibility Telemetry Microsoft Corporation (Verified) Microsoft Corporation
chrome.exe 37,000 K 47,184 K 1032 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 60,796 K 14,784 K 5380 Google Chrome Google Inc. (Verified) Google Inc
audiodg.exe 8,420 K 8,920 K 6256 Windows Audio Device Graph Isolation Microsoft Corporation (Verified) Microsoft Windows
armsvc.exe 1,240 K 5,216 K 1444 Adobe Acrobat Update Service Adobe Systems Incorporated (Verified) Adobe Systems

  • 0

#4
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,031 posts
  • MVP

Do you have all of your Windows updates?

 

Windows 10 Technical Preview Update Rollup: January 27, 2015 is supposed to fix issues with SettingSyncHost.exe 


  • 1

#5
pnavce

pnavce

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts

I am trying to respond to your question, but it does seem to be going through.

 

At shut down yesterday, WIN 10 did a 30 minute upgrade to my PC. Today it does seem to be working better, but still way below par.

Phil


  • 0

#6
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,031 posts
  • MVP

Close all programs and run Process Explorer again.

 

Normally we expect to see System Idle as the top process.  If you see svchost.exe or SettingSyncHost.exe at the top then right click  on whichever is at the top (you can hit space bar if it jumps around too much) select  Suspend.  Then if you stopped it from jumping by hitting Space, hit Space again to make it jump around.  What is now at the top?

 

(You can right click on the process and select Resume to put it back the way it was)

 

To check Windows Updates in 10:

 

http://www.cnet.com/...e-recovery-tab/


  • 0

#7
pnavce

pnavce

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts

Thru 'procexp' it shows System Idle Process on top line all the time.

2nd line is predominately procexp64.exe

This is true with or without jumping taking place (occasionally 2nd line changes)

 

Looked at WIN 10 = settings - etc and it says that everything is up to date. 

 

Thank you so far


  • 0

#8
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,031 posts
  • MVP

Is it running any faster now?


  • 0

#9
pnavce

pnavce

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts

Speed has improved a little, but the restarts are still occurring even though less often. Some programs take a long time opening and Chrome or IE have to be restarted if left not in use for over 10 minutes. Nothing is consistently wrong the same all the time, everything varies without rime or reason. Guess that I am still not fixed. Any suggestions you have would be greatly appreciated. 

Thank you


  • 0

#10
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,031 posts
  • MVP

OK.  Let's do BlueScreenView now"

 

 
Download BlueScreenView
 
Double click on BlueScreenView.exe file to run the program.
When scanning is done, go Edit, Select All.
 
Go File, Save Selected Items, and save the report as BSOD.txt.
Open BSOD.txt in Notepad, copy all content, and paste it into your next reply.

  • 0

Advertisements


#11
pnavce

pnavce

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts

First of all your link is broke - I get a 404 not found error

But I did find it on my own and and the lower left corner shows "0" Crashes. So I assume that the program ran and found none, even though I did not see it run anything. 

Anyhow need something else to try, as that did not do anything.

Thanks

Phil


  • 0

#12
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,031 posts
  • MVP

Not sure why the link didn't work.  Appears to be the correct one.

 

http://www.nirsoft.n...creen_view.html

 

I just copied the link in my previous post and it looks like this:

http://www.nirsoft.n...een_view.html 

 

Somehow it picked up some weird stuff at the end.

 

So no blue screens.  What ever is taking you down is below the operating system.  Have you run the builtin memory check?

 

http://www.softwareo...ndows-10&faq=95

 

Your Process Explorer log was pretty ugly.  See if it runs better with only Microsoft stuff:

 

From the taskbar, search System Configuration.
 
Select the top result, System Configuration desktop app.
 
On the Boot tab, check Boot log
 
On the Go to Services tab and click on the box to hide Microsoft Services then uncheck
everything that remains except your antivirus and anything related to your wifi or Ethernet.  Go to Startup tab and uncheck everything except your antivirus and anything related to your wifi or Ethernet..  OK and
reboot. 
 
Run a Process Explorer log and post it.
 
Find the file C:\Windows\ntbtlog.txt and either open it and copy and paste or if too big, attach it.
 
Did it have any problems booting this time?
 
 

  • 0

#13
pnavce

pnavce

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts

Yes the reboot is running a little faster, but I can't say it is anywhere near where it could be. 

I have attached the two files you asked for.

procexp still seems to be quite active in jumping around and the top line does not remain constant either. 

Phil

Attached Files


  • 0

#14
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,031 posts
  • MVP

Run FRST, type: dxgkrnl.sys in the box and then Search Files.  Does it find it?  Where?  Repeat for RxFilter.sys

 

What jumps to the top of process explorer besides System Idle?  (Hitting Space will stop or start the jumping)  Can you catch a log with something other than System Idle at the top?)


  • 0

#15
pnavce

pnavce

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts

Had to go backwards to put "Dropbox" back into start up - I use this continuously for work with others on other pc's. This did cause the start up process to slow down, but did not cause any restarts to take place. 

 

Opened FRST

entered"dxgkrnl.sys

Search Files completed."Search.txt" is saved in the same directory FRST is located. *Search 01*

 

entered "RxFilter.sys

Search Files completed."Search.txt" is saved in the same directory FRST is located. *Search 02*

 

Checked a few times and each time the System Idle Process now stays on top

Still seems like there is a large number of svchost.exe '### Host Process for WIndows S... going on. But I have no knowledge of what these things are - so I leave them alone (smart boy:)) )

 

Am attaching those files collected above.

 

Attached Files


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP