Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Performance and other intermittent issues with newer PC


  • Please log in to reply

#1
erindg25

erindg25

    Member

  • Member
  • PipPip
  • 54 posts

Hi all,

 

I purchased a clearance model 2-in-1 (Lenovo Yoga 2, if that matters) several months ago due to needing something relatively inexpensive and portable to take on the road for work.  I don't recall the reason it was on clearance other than it just being a discontinued model- there was no mention of it being a refurb (I *think*).  

 

That being said, this thing has been plagued by performance issues since day 1.  It was virtually unusable out of the box, so I removed a lot of the bloatware, some programs that I was entirely unfamiliar with but definitely weren't critical to the machine or OS, and ran MBAM.  It was decent for a while after, but never great.  Now, it has gotten to the point where it is barely usable again a lot of the time.  So, basically, this thing has been used mostly as a paperweight since November.  The main issues are connectivity and speed, but I'm not running anything that requires heavy power.  It may be that the wireless adapter is faulty, but I thought I'd have someone more knowledgeable than me look this thing over because of the odd programs, redirects, and the fact that MBAM has worked as a temporary solution in the past.

 

The FRST logs are pasted below, and thanks in advance for your help!

 

************************************************************************************************

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 25-06-2017 01
Ran by erin (administrator) on DESKTOP-6S12IL0 (28-06-2017 12:55:58)
Running from C:\Users\erin\Desktop
Loaded Profiles: erin (Available Profiles: erin)
Platform: Windows 10 Home Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Intel Corporation) C:\Windows\SysWOW64\esif_uf.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Windows ® Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe
(Lenovo) C:\ProgramData\LenovoTransition\Server\x64\ymc.exe
(AVAST Software s.r.o.) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
(Intel Corporation) C:\Windows\Temp\DPTF\esif_assist_64.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.12.112.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
() C:\Program Files\Lenovo\LenovoUtility\utility.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgentUserBroker.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\SnippingTool.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [919768 2014-11-20] (Conexant Systems, Inc.)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1830616 2014-04-10] (Conexant Systems, Inc.)
HKLM\...\Run: [LenovoUtility] => C:\Program Files\Lenovo\LenovoUtility\utility.exe [791848 2016-04-23] ()
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [322472 2015-07-22] (Intel Corporation)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2780112 2017-01-20] (Malwarebytes)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3936936 2015-07-09] (Synaptics Incorporated)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [213824 2017-04-16] (AVAST Software)
HKU\S-1-5-21-328612464-2169652915-4037219084-1001\...\RunOnce: [Uninstall 17.3.6799.0327\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\erin\AppData\Local\Microsoft\OneDrive\17.3.6799.0327\amd64"
HKU\S-1-5-21-328612464-2169652915-4037219084-1001\...\RunOnce: [Uninstall 17.3.6799.0327] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\erin\AppData\Local\Microsoft\OneDrive\17.3.6799.0327"
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-04-16] (AVAST Software)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-04-16] (AVAST Software)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2017-03-14] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2017-03-14] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2017-03-14] (Microsoft Corporation)
Startup: C:\Users\erin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2017-03-16]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation)
GroupPolicy: Restriction <==== ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{1f571c5f-1917-4da7-aa9d-60dc83a7272b}: [DhcpNameServer] 150.208.1.3
Tcpip\..\Interfaces\{59864cc1-03da-48e0-85b9-cb2673d02f59}: [DhcpNameServer] 75.75.75.75 75.75.76.76
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://us.search.yahoo.com/yhs/web?hspart=arh&hsimp=yhs-001&type=zxy_e70416baa1271a5808&param1=ArFaIWVoNqArQGMVHFFoNqAqBbFaISEaQGR7xTVoN9I4y7IsQGR7B7JoN9JbDSk8vFE9GqQANFdcFCk8NVM3vqYTNVA9Jmk3vmpdJCk4wVVdJCIXvFFdJGYXNVU9GqYVNUI3wGYGwVM3vmoVwVQ9GqUNNos3wCIYwVA9JmoVwVA9J6ITvFI9ISILNFdcJ6k8NoFcFGUMwVU9J6ITwVM4ICITvFI9GqUNNFxcJqUDNF5bDGUNNEU3wGQGvFM3vGYXvFM9JmoWvFQ4J6ISwVVdJmoUwVI9I6IYNVU4ISoVwVw9IWYUvmpdImISwVU9Jmk4NVA4JmoUwVU4J6oXNVI9JaYTNoU9GqUMNFBcJqQzNEBcGqQANFdcFCk8NoM9JqYUvmk9JaYVNVM4JmIVwVxdJ6IXNVQ4J6ISvFE4ICIYNVM9I6k4wVNdJqYTwVw4JmIYvFI9JqYUwVRdJmIXNVNdICoWNVFbFCILNVVdGSk8vFFoNqAqxrFaIWV6LGJ8NWV4MWtoNqAsQGMVvDIlC6MuNGwuNWIuyDwfC6IeA70eCaV7CaJ5C7MmNGV9MqRoNqAex807ACRoN9JcNX5dQGR7y6NoN9ICzD4py6waQGQXNGZoNpQRy78o&param2=MaRbNqZ4NWJ5
HKU\S-1-5-21-328612464-2169652915-4037219084-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617912&ResetID=131285382747270131&GUID=A1809C8D-EF40-4B57-9384-BEA0FFCEA7F3
HKU\S-1-5-21-328612464-2169652915-4037219084-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo15.msn.com/?pc=LCTE
SearchScopes: HKLM -> DefaultScope {2FBBC7D8-4DF4-46FA-97D7-96F1DACF30F3} URL = 
SearchScopes: HKLM -> {f79e5d1c-5148-469e-9f98-a11d8d7863f4} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSERBM&pc=MSERT1
SearchScopes: HKLM-x32 -> DefaultScope {2FBBC7D8-4DF4-46FA-97D7-96F1DACF30F3} URL = 
SearchScopes: HKLM-x32 -> {f79e5d1c-5148-469e-9f98-a11d8d7863f4} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSERBM&pc=MSERT1
SearchScopes: HKU\S-1-5-21-328612464-2169652915-4037219084-1001 -> DefaultScope {2FBBC7D8-4DF4-46FA-97D7-96F1DACF30F3} URL = 
SearchScopes: HKU\S-1-5-21-328612464-2169652915-4037219084-1001 -> {f79e5d1c-5148-469e-9f98-a11d8d7863f4} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSERBM&pc=MSERT1
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2017-06-21] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2017-03-14] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2017-03-14] (Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2017-01-23] (Microsoft Corporation)
 
FireFox:
========
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2017-01-09] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-06-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-06-28] (Google Inc.)
 
Chrome: 
=======
CHR HomePage: Default -> hxxps://homepage-web.com/?s=lenovo&m=home
CHR StartupUrls: Default -> "hxxps://homepage-web.com/?s=lenovo&m=start"
CHR DefaultSearchURL: Default -> hxxps://secure.homepage-web.com/?partner=lenovo&src=omnibox&q={searchTerms}
CHR DefaultSearchKeyword: Default -> homepage-web.com
CHR DefaultSuggestURL: Default -> hxxps://secure-suggest.homepage-web.com/suggest?format=json&locale={language}&q={searchTerms}
CHR Profile: C:\Users\erin\AppData\Local\Google\Chrome\User Data\Default [2017-06-28]
CHR Extension: (Google Slides) - C:\Users\erin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-11-28]
CHR Extension: (Duolingo on the Web) - C:\Users\erin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aiahmijlpehemcpleichkcokhegllfjl [2017-01-08]
CHR Extension: (Google Docs) - C:\Users\erin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-11-28]
CHR Extension: (Google Drive) - C:\Users\erin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-11-28]
CHR Extension: (YouTube) - C:\Users\erin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-11-28]
CHR Extension: (Google Sheets) - C:\Users\erin\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-11-28]
CHR Extension: (Google Docs Offline) - C:\Users\erin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-01-09]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\erin\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2017-06-28]
CHR Extension: (Chrome Web Store Payments) - C:\Users\erin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-14]
CHR Extension: (Gmail) - C:\Users\erin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-11-28]
CHR Extension: (Chrome Media Router) - C:\Users\erin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-06-28]
CHR HKLM\...\Chrome\Extension: [bpmmandcadflhnnaiclipadomfmdbjbp] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-328612464-2169652915-4037219084-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bpmmandcadflhnnaiclipadomfmdbjbp] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [bpmmandcadflhnnaiclipadomfmdbjbp] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7398336 2017-04-16] (AVAST Software s.r.o.)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [323152 2015-06-29] (Windows ® Win 7 DDK provider)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [261712 2017-04-16] (AVAST Software)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [3042544 2017-03-14] (Microsoft Corporation)
R2 esifsvc; C:\WINDOWS\SysWoW64\esif_uf.exe [1385640 2015-05-26] (Intel Corporation)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [18856 2015-07-22] (Intel Corporation)
R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [373744 2017-01-10] (Intel Corporation)
S2 ImControllerService; C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [61768 2017-02-15] (Lenovo Group Limited)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
R2 ymc; C:\ProgramData\LenovoTransition\Server\x64\ymc.exe [41912 2015-10-13] (Lenovo)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 aswbidsdriver; C:\WINDOWS\system32\drivers\aswbidsdrivera.sys [311808 2017-06-21] (AVAST Software s.r.o.)
R0 aswbidsh; C:\WINDOWS\system32\drivers\aswbidsha.sys [190256 2017-06-21] (AVAST Software s.r.o.)
R0 aswblog; C:\WINDOWS\system32\drivers\aswbloga.sys [334576 2017-06-21] (AVAST Software s.r.o.)
R0 aswbuniv; C:\WINDOWS\system32\drivers\aswbuniva.sys [49016 2017-06-21] (AVAST Software s.r.o.)
S3 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [38296 2017-06-21] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [128648 2017-06-21] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr2.sys [101152 2017-06-21] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\system32\drivers\aswRvrt.sys [75704 2017-06-21] (AVAST Software)
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [1007160 2017-06-21] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [569192 2017-06-21] (AVAST Software)
R2 aswStm; C:\WINDOWS\system32\drivers\aswStm.sys [158880 2017-06-21] (AVAST Software)
R0 aswVmm; C:\WINDOWS\system32\drivers\aswVmm.sys [339696 2017-06-21] (AVAST Software)
R3 dptf_cpu; C:\WINDOWS\System32\drivers\dptf_cpu.sys [43000 2015-05-26] (Intel Corporation)
R3 dptf_pch; C:\WINDOWS\System32\drivers\dptf_pch.sys [41976 2015-05-26] (Intel Corporation)
R3 esif_lf; C:\WINDOWS\system32\DRIVERS\esif_lf.sys [251384 2015-05-26] (Intel Corporation)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77440 2017-04-16] ()
R0 IntelHSWPcc; C:\WINDOWS\System32\drivers\IntelPcc.sys [88256 2015-06-09] (Intel Corporation)
U1 lpsport; no ImagePath
R2 MBAMChameleon; C:\WINDOWS\system32\drivers\MBAMChameleon.sys [176584 2017-01-26] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [251832 2017-06-21] (Malwarebytes)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
S3 NETwNe64; C:\WINDOWS\System32\drivers\NETwew01.sys [3354384 2015-07-10] (Intel Corporation)
R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [33960 2015-07-09] (Synaptics Incorporated)
R3 SPUVCbv; C:\WINDOWS\System32\Drivers\SPUVCbv_x64.sys [744928 2015-06-22] (Sunplus)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
S3 wsvd; C:\WINDOWS\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-06-28 12:55 - 2017-06-28 12:57 - 00017599 _____ C:\Users\erin\Desktop\FRST.txt
2017-06-28 12:55 - 2017-06-28 12:55 - 00000000 ____D C:\FRST
2017-06-28 12:54 - 2017-06-28 12:54 - 02441216 _____ (Farbar) C:\Users\erin\Desktop\FRST64.exe
2017-06-28 12:02 - 2017-06-28 12:02 - 00002351 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-06-28 12:02 - 2017-06-28 12:02 - 00002339 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-06-28 12:00 - 2017-06-28 12:00 - 00003416 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2017-06-28 12:00 - 2017-06-28 12:00 - 00003292 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2017-06-28 11:58 - 2017-06-28 11:58 - 01130328 _____ (Google Inc.) C:\Users\erin\Downloads\ChromeSetup.exe
2017-06-28 11:55 - 2017-06-28 11:55 - 00000000 ___HD C:\OneDriveTemp
2017-06-21 17:10 - 2017-06-21 17:10 - 00000000 ____D C:\Users\erin\AppData\Local\ElevatedDiagnostics
2017-06-21 17:00 - 2017-06-21 17:00 - 00061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys.149808240054603
2017-06-21 16:59 - 2017-06-21 16:59 - 00400456 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2017-06-21 16:56 - 2017-06-21 16:56 - 00003632 _____ C:\WINDOWS\System32\Tasks\{4B7C4E24-0382-47FB-917A-A03D00739710}
2017-06-21 16:56 - 2017-06-21 16:56 - 00000000 ____D C:\ProgramData\SWCUTemp
2017-06-21 16:47 - 2017-06-21 16:47 - 00000036 _____ C:\Users\erin\OneDrive\Documents\MBAM scan 6.21.17.txt
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-06-28 12:55 - 2016-07-16 06:47 - 00000000 ___HD C:\Program Files\WindowsApps
2017-06-28 12:55 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-06-28 12:45 - 2016-07-16 06:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-06-28 12:01 - 2016-11-28 19:26 - 00000000 ____D C:\Program Files (x86)\Google
2017-06-28 11:56 - 2016-07-16 06:47 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2017-06-28 11:56 - 2016-04-23 01:00 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2017-06-28 11:55 - 2016-11-14 11:14 - 00000000 ___RD C:\Users\erin\OneDrive
2017-06-28 11:54 - 2016-11-14 11:14 - 00002367 _____ C:\Users\erin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-06-28 11:52 - 2017-02-03 10:41 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-06-21 17:10 - 2016-07-16 06:47 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-06-21 17:08 - 2017-01-09 12:20 - 00000000 ____D C:\Program Files\Microsoft Office 15
2017-06-21 16:59 - 2017-02-08 22:58 - 00003994 _____ C:\WINDOWS\System32\Tasks\Avast Emergency Update
2017-06-21 16:59 - 2016-11-28 19:24 - 00569192 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2017-06-21 16:59 - 2016-11-28 19:24 - 00339696 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2017-06-21 16:59 - 2016-11-28 19:24 - 00158880 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswstm.sys
2017-06-21 16:59 - 2016-11-28 19:24 - 00158368 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswstm.sys.149808239953102
2017-06-21 16:59 - 2016-11-28 19:24 - 00128648 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2017-06-21 16:59 - 2016-11-28 19:24 - 00101152 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2017-06-21 16:59 - 2016-11-28 19:24 - 00075704 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2017-06-21 16:59 - 2016-11-28 19:24 - 00038296 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
2017-06-21 16:58 - 2016-11-28 19:24 - 01007160 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2017-06-21 16:57 - 2017-02-08 22:58 - 00334576 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbloga.sys
2017-06-21 16:57 - 2017-02-08 22:58 - 00311808 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbidsdrivera.sys
2017-06-21 16:57 - 2017-02-08 22:58 - 00190256 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbidsha.sys
2017-06-21 16:57 - 2017-02-08 22:58 - 00049016 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbuniva.sys
2017-06-21 16:57 - 2017-01-23 08:09 - 00000000 ____D C:\Users\erin\AppData\Roaming\Zoom
2017-06-21 16:56 - 2016-11-28 19:23 - 00000000 ____D C:\Users\erin\AppData\Local\{FE6EC832-DAC6-A48A-B75E-816293367DFA}
2017-06-21 16:56 - 2015-07-16 10:54 - 01225098 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-06-21 16:54 - 2016-11-14 11:11 - 00000000 ____D C:\Users\erin\AppData\Local\Packages
2017-06-21 16:49 - 2017-02-03 10:43 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2017-06-21 16:49 - 2017-01-26 18:47 - 00251832 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-06-21 16:49 - 2016-11-14 11:10 - 00000000 __SHD C:\Users\erin\IntelGraphicsProfiles
2017-06-21 16:48 - 2017-02-03 10:59 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-06-21 16:48 - 2016-07-16 01:04 - 00524288 _____ C:\WINDOWS\system32\config\BBI
2017-06-09 18:08 - 2016-11-14 11:16 - 00000120 ____R C:\Users\erin\OneDrive\Documents\Finances- Personal.url
 
==================== Files in the root of some directories =======
 
2016-12-08 22:24 - 2017-01-23 08:16 - 0000241 _____ () C:\Users\erin\AppData\Roaming\WB.CFG
2017-02-03 10:43 - 2017-02-03 10:43 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
 
Some files in TEMP:
====================
2017-06-21 16:57 - 2017-01-23 11:11 - 0034992 _____ (Zoom Video Communications, Inc.) C:\Users\erin\AppData\Local\Temp\CptInstall.exe
2017-06-21 16:57 - 2017-01-23 11:06 - 0146608 _____ (Zoom Video Communications, Inc.) C:\Users\erin\AppData\Local\Temp\CptShare.dll
2017-06-21 16:57 - 2017-01-23 11:09 - 0090288 _____ () C:\Users\erin\AppData\Local\Temp\zCrashReport.dll
2017-06-21 15:44 - 2017-06-21 16:47 - 0219197 _____ () C:\Users\erin\AppData\Local\Temp\{0FA160D5-FDF2-47E6-A889-072B95BA5BCF}-58.0.3029.110_chrome_installer.exe
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-04-16 23:08
 
==================== End of FRST.txt ============================
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25-06-2017 01
Ran by erin (28-06-2017 12:58:06)
Running from C:\Users\erin\Desktop
Windows 10 Home Version 1607 (X64) (2017-02-03 16:06:50)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-328612464-2169652915-4037219084-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-328612464-2169652915-4037219084-503 - Limited - Disabled)
erin (S-1-5-21-328612464-2169652915-4037219084-1001 - Administrator - Enabled) => C:\Users\erin
Guest (S-1-5-21-328612464-2169652915-4037219084-501 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 17.4.2294 - AVAST Software)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.66.4.0 - Conexant)
Dolby Digital Plus Home Theater (HKLM\...\{7E3D8FA1-6092-469A-955B-68FC4A2C67CA}) (Version: 7.6.5.1 - Dolby Laboratories Inc)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 59.0.3071.115 - Google Inc.)
Google Update Helper (x32 Version: 1.3.33.5 - Google Inc.) Hidden
Intel Collaborative Processor Performance Control (HKLM-x32\...\0E7DAF70-FB54-4B91-B192-7E771C25AEEB) (Version: 1.0.0.1018 - Intel Corporation)
Intel® Chipset Device Software (x32 Version: 10.1.1.7 - Intel® Corporation) Hidden
Intel® Dynamic Platform and Thermal Framework (HKLM-x32\...\{654EE65D-FAA4-4EA6-8C07-DC94E6A304D4}) (Version: 8.1.10600.147 - Intel Corporation)
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1153 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4531 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 14.5.2.1088 - Intel Corporation)
Lenovo EasyCamera (HKLM-x32\...\Sunplus SPUVCb) (Version: 3.5.5.5 - SunplusIT)
Lenovo Experience Improvement (HKLM\...\LenovoExperienceImprovement) (Version: 2.0.9.0 - Lenovo)
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.1.0.4706 - CyberLink Corp.)
Lenovo OneKey Recovery (Version: 8.1.0.4706 - CyberLink Corp.) Hidden
Lenovo Photo Master (HKLM-x32\...\{BC94C56A-3649-420C-8756-2ADEBE399D33}) (Version: 2.5.5720.01 - CyberLink Corp.)
Lenovo QuickOptimizer (HKLM\...\{8D2C871B-1B9F-45AC-9C43-2BB18089CDFA}) (Version: 1.0.019.00 - Lenovo)
Lenovo System Interface Foundation (HKLM\...\{C2E5CA37-C862-4A69-AC6D-24F450A20C16}) (Version: 1.0.070.02 - Lenovo)
LenovoUtility (HKLM-x32\...\InstallShield_{6ADA7E88-8D16-4D0D-BC90-2B93AC5E56DA}) (Version: 3.0.0.3 - Lenovo)
LenovoUtility (x32 Version: 3.0.0.3 - Lenovo) Hidden
Malwarebytes version 3.0.6.1469 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.6.1469 - Malwarebytes)
Metric Collection SDK 35 (x32 Version: 1.2.0010.00 - Lenovo Group Limited) Hidden
Microsoft Office 365 Business - en-us (HKLM\...\O365BusinessRetail - en-us) (Version: 15.0.4937.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-328612464-2169652915-4037219084-1001\...\OneDriveSetup.exe) (Version: 17.3.6917.0607 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4937.1000 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4937.1000 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4937.1000 - Microsoft Corporation) Hidden
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 10.0.1.1 - Qualcomm Atheros)
Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)
REACHit (HKLM-x32\...\{4532E4C5-C84D-4040-A044-ECFCC5C6995B}) (Version: 2.1.0.11 - Lenovo)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.10125.31214 - Realtek Semiconductor Corp.)
Search Provided by Yahoo (HKLM-x32\...\{82A16A61-D221-BBE1-63A1-CB61B32118E1}) (Version:  - ) <==== ATTENTION
SHAREit (HKLM-x32\...\SHAREit_is1) (Version: 2.5.5.1 - Lenovo)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.16.0 - Synaptics Incorporated)
User Manuals (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 4.0.0.1 - Lenovo)
User Manuals (x32 Version: 4.0.0.1 - Lenovo) Hidden
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-328612464-2169652915-4037219084-1001_Classes\CLSID\{cece6816-6107-4dc7-bdbc-20cd5ae1ffed}\localserver32 -> C:\ProgramData\Lenovo\ImController\Plugins\LenovoAppPromotionPlugin\x64\DesktopToastsHelper.exe (Lenovo Group Limited)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0FDE7662-61D1-492C-A07B-2F71023EAF5B} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2017-05-16] (Microsoft Corporation)
Task: {12FAB6B7-62CD-448E-AA41-6AB784C6342C} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\12377992-2d47-4085-a282-a1bb4de17ba3 => powershell.exe -nologo -noninteractive "& {New-Item -Path Registry::HKCU\Software\Lenovo\ImController\ScheduledTasks\12377992-2d47-4085-a282-a1bb4de17ba3 -type directory -force;$conter=Get-Date;$conter=$conter.ToUniversalTime();Set-ItemProperty -Path Registry::HKCU\Software\Lenovo\ImController\ScheduledTasks\12377 (the data entry has 69 more characters).
Task: {264CB75A-ECF6-4E40-B044-BDFFC6B9EF4B} - System32\Tasks\Lenovo\REACHit Agent Startup => C:\Program Files (x86)\Lenovo\REACHit\webAgent.exe [2015-06-12] (Lenovo)
Task: {3ED01480-5779-4210-9170-E4564ADC5AD2} - System32\Tasks\{4B7C4E24-0382-47FB-917A-A03D00739710} => pcalua.exe -a C:\Users\erin\AppData\Local\{FE6EC832-DAC6-A48A-B75E-816293367DFA}\uninst.exe -d C:\Windows\ImmersiveControlPanel -c -FN="C:\Program Files (x86)\Common Files\0f1f386b081f4e95221d2a69c2c1fd10\updtask.exe"-P=/Uninstall /s /noun /DelSelfDir
Task: {3F83EDEC-C2FE-4F5D-8675-76450D0402F3} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2017-04-16] (AVAST Software)
Task: {441CDCA9-CCC1-4236-8257-B1BDC9520CFE} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2017-04-11] (Microsoft Corporation)
Task: {44F1E8EB-36C3-4C08-AD1A-4D0AF02296DC} - System32\Tasks\Lenovo\SHPrompt => C:\Program Files (x86)\Lenovo\SHAREit\ShareitPrompt.exe [2015-09-25] ()
Task: {55D361A3-8E0C-48AB-AC60-EAD8F81DC223} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-06-28] (Google Inc.)
Task: {59FBC0A1-123A-470B-A33F-C7F9B5646DE7} - System32\Tasks\Bing Search Engine sirer => Wscript.exe "C:\ProgramData\{9AFA5F99-10B8-D55F-967E-4B1D0C3CC0D3}\nimo.txt" "687474703a2f2f77617662736c792e636f6d" "433a5c50726f6772616d446174615c7b39414641354639392d313042382d443535462d393637452d3442314430433343433044337d5c746f6e65666f" "433a5c50726f6772616d446174615c7b39414641354639392d313042382d443535462d39 (the data entry has 82 more characters). <==== ATTENTION
Task: {5B6E8A26-2B31-4A54-9181-7A4F3FF0F3BE} - System32\Tasks\Lenovo\Experience Improvement => C:\Program Files\Lenovo\ExperienceImprovement\LenovoExperienceImprovement.exe [2016-11-14] (Lenovo)
Task: {67CF9576-9CC0-4D57-B445-9121539ECC58} - System32\Tasks\CyberLink\Photo Master Gadget startup => C:\Program Files (x86)\Lenovo\Lenovo Photo Master\PhotoMasterWorker.exe [2016-09-22] (CyberLink Corp.)
Task: {85697ED9-C059-4555-8B60-3CC35F7521EC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-06-28] (Google Inc.)
Task: {8D16A2B2-D631-4ABA-9138-C5535C904146} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 35 => C:\Program Files (x86)\Lenovo\Customer Feedback Program 35\Lenovo.TVT.CustomerFeedback.Agent35.exe [2015-07-06] (Lenovo)
Task: {9BB786FA-9A0C-40DE-88AD-6DC0C2AF9F8F} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2017-06-21] (AVAST Software)
Task: {B1061D32-1BEB-443B-8D59-011BA87D6D83} - System32\Tasks\Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_WeeklyTask => reg.exe add hklm\SOFTWARE\Lenovo\SystemUpdatePlugin\scheduler  /v start /t reg_dword /d 1 /f /reg:32
Task: {BB05B78D-A083-4C76-BB17-A339DBA21EB4} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance => Sc.exe START ImControllerService
Task: {CB353300-1EDF-4A88-9745-129D020E498B} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2017-04-11] (Microsoft Corporation)
Task: {E5F741A5-55C5-4A89-9911-75C0BA067E1F} - System32\Tasks\Lenovo\SHUpdate => C:\Program Files (x86)\Lenovo\SHAREit\ShareitUpdater.exe [2015-09-25] ()
Task: {FA05D876-AF8E-489E-8AFF-137AC955B726} - System32\Tasks\Lenovo\REACHit Agent Update => C:\Program Files (x86)\Lenovo\REACHit\webAgent.exe [2015-06-12] (Lenovo)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\Bing Search Engine sirer.job => Wscript.exe  C:\ProgramData\{9AFA5F99-10B8-D55F-967E-4B1D0C3CC0D3}\nimo.txt <==== ATTENTION
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
==================== Loaded Modules (Whitelisted) ==============
 
2016-07-16 06:42 - 2016-07-16 06:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2017-02-03 12:29 - 2017-02-03 12:29 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2017-01-26 18:47 - 2017-04-16 22:56 - 02271520 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\PoliciesControllerImpl.dll
2016-04-23 01:01 - 2015-08-18 22:00 - 00058296 _____ () C:\ProgramData\LenovoTransition\Server\x64\dptf.dll
2017-01-23 08:52 - 2017-01-31 07:34 - 08909512 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2017-02-03 12:29 - 2017-02-03 12:29 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2017-02-03 12:29 - 2017-02-03 12:29 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2017-01-10 10:47 - 2017-01-10 10:47 - 00401896 _____ () C:\WINDOWS\system32\igfxTray.exe
2017-02-03 12:30 - 2017-02-03 12:30 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-02-03 12:30 - 2017-02-03 12:30 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-02-03 12:30 - 2017-02-03 12:30 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2017-02-03 12:30 - 2017-02-03 12:30 - 01033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2017-02-03 12:30 - 2017-02-03 12:30 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-02-03 12:30 - 2017-02-03 12:30 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2017-03-28 14:48 - 2017-03-28 14:49 - 00077312 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.12.112.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2017-03-28 14:48 - 2017-03-28 14:49 - 00182784 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.12.112.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2017-03-28 14:48 - 2017-03-28 14:49 - 41048064 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.12.112.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2017-03-28 14:48 - 2017-03-28 14:49 - 02236896 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.12.112.0_x64__kzf8qxf38zg5c\roottools.dll
2016-04-23 01:01 - 2016-04-23 01:01 - 00791848 _____ () C:\Program Files\Lenovo\LenovoUtility\utility.exe
2016-04-23 01:01 - 2016-04-23 01:01 - 00097048 _____ () C:\Program Files\Lenovo\LenovoUtility\kbdhook.dll
2017-01-09 12:20 - 2017-01-17 04:25 - 00117440 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2016-04-23 01:01 - 2015-09-17 00:45 - 00043960 _____ () C:\ProgramData\LenovoTransition\Server\x64\EnableAutoRotation.dll
2017-06-28 12:02 - 2017-06-22 22:21 - 03807064 _____ () C:\Program Files (x86)\Google\Chrome\Application\59.0.3071.115\libglesv2.dll
2017-06-28 12:02 - 2017-06-22 22:21 - 00100184 _____ () C:\Program Files (x86)\Google\Chrome\Application\59.0.3071.115\libegl.dll
2017-04-16 22:40 - 2017-04-16 22:40 - 00170216 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2016-11-28 19:23 - 2016-11-28 19:23 - 48936448 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2017-04-16 22:41 - 2017-04-16 22:41 - 00176480 _____ () C:\Program Files\AVAST Software\Avast\event_routing_rpc.dll
2017-04-16 22:40 - 2017-04-16 22:40 - 00293936 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll
2017-04-16 22:41 - 2017-04-16 22:41 - 00653520 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2017-06-21 15:53 - 2017-06-21 15:53 - 00325824 _____ () C:\Program Files\Microsoft Office 15\root\office15\AppVIsvStream32.dll
2017-06-21 17:06 - 2017-06-21 17:06 - 00325824 _____ () C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\AppVIsvStream32.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\S-1-5-21-328612464-2169652915-4037219084-1001\...\sharepoint.com -> hxxps://actmasteryla.sharepoint.com
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2015-07-10 06:04 - 2017-01-26 17:50 - 00000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-328612464-2169652915-4037219084-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Lenovo\LenovoWallPaper.jpg
DNS Servers: 75.75.75.75 - 75.75.76.76
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{32526C76-818C-46A8-8E06-21E4939B3ABA}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [{2A84B1A6-526C-45B8-A4DB-53C6F2BAC85A}] => (Allow) C:\Program Files (x86)\Lenovo\SHAREit\SHAREit.exe
FirewallRules: [{74202991-B32E-4829-BF8C-1BF8B57DA676}] => (Allow) C:\Program Files (x86)\Lenovo\SHAREit\SHAREit.exe
FirewallRules: [{DBEF10F4-76FE-46A9-8CF5-D987A8BDE570}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Restore Points =========================
 
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (06/28/2017 11:52:25 AM) (Source: DPTF) (EventID: 256) (User: )
Description: Intel® Dynamic Platform and Thermal Framework : ESIF(8.1.10600.147) TYPE: ERROR
 
DPTF Build Version:  8.1.10600.147
DPTF Build Date:  May 26 2015 13:35:22
Source File:  ..\..\..\Sources\Manager\EsifApplicationInterface.cpp @ line 737
Executing Function:  DptfEvent
Message:  Received unexpected event
Framework Event:  DptfResume [3]
 
Error: (06/21/2017 08:26:18 PM) (Source: DPTF) (EventID: 256) (User: )
Description: Intel® Dynamic Platform and Thermal Framework : ESIF(8.1.10600.147) TYPE: ERROR
 
DPTF Build Version:  8.1.10600.147
DPTF Build Date:  May 26 2015 13:35:22
Source File:  ..\..\..\Sources\Manager\EsifApplicationInterface.cpp @ line 737
Executing Function:  DptfEvent
Message:  Received unexpected event
Framework Event:  DptfResume [3]
 
Error: (06/21/2017 05:08:12 PM) (Source: Microsoft-Windows-RestartManager) (EventID: 10006) (User: DESKTOP-6S12IL0)
Description: Application or service 'Microsoft Office Document Cache Sync Client Interface' could not be shut down.
 
Error: (06/21/2017 04:45:56 PM) (Source: DPTF) (EventID: 256) (User: )
Description: Intel® Dynamic Platform and Thermal Framework : ESIF(8.1.10600.147) TYPE: ERROR
 
DPTF Build Version:  8.1.10600.147
DPTF Build Date:  May 26 2015 13:35:22
Source File:  ..\..\..\Sources\Manager\EsifApplicationInterface.cpp @ line 737
Executing Function:  DptfEvent
Message:  Received unexpected event
Framework Event:  DptfResume [3]
 
Error: (06/21/2017 03:56:51 PM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Error while updating Avast Antivirus status to SECURITY_PRODUCT_STATE_ON (error %3).
 
Error: (06/21/2017 03:56:51 PM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Error while updating Avast Antivirus status to SECURITY_PRODUCT_STATE_ON (error %3).
 
Error: (06/21/2017 03:45:27 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe_wuauserv, version: 10.0.14393.0, time stamp: 0x57899b1c
Faulting module name: msvcrt.dll, version: 7.0.14393.0, time stamp: 0x57899b47
Exception code: 0xc0000005
Fault offset: 0x0000000000055d91
Faulting process id: 0x168
Faulting application start time: 0x01d2b72da363e0fa
Faulting application path: C:\WINDOWS\system32\svchost.exe
Faulting module path: C:\WINDOWS\System32\msvcrt.dll
Report Id: c474d62e-1414-4007-86aa-7910e041835f
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (06/21/2017 03:41:55 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-6S12IL0)
Description: Activation of app Microsoft.Windows.Photos_8wekyb3d8bbwe!App failed with error: -2147023170 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (06/21/2017 03:41:55 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-6S12IL0)
Description: Activation of app Microsoft.Windows.Photos_8wekyb3d8bbwe!App failed with error: -2147023170 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (06/21/2017 03:41:55 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Microsoft.Photos.exe version 1.0.1611.18000 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
 
Process ID: 1d14
 
Start Time: 01d2eaceb1c7302a
 
Termination Time: 4294967295
 
Application Path: C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.1118.10000.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
 
Report Id: 0d071cf9-56c2-11e7-9bd7-c8ff289a93a2
 
Faulting package full name: Microsoft.Windows.Photos_16.1118.10000.0_x64__8wekyb3d8bbwe
 
Faulting package-relative application ID: App
 
 
System errors:
=============
Error: (06/21/2017 05:26:11 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (06/21/2017 04:49:41 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (06/21/2017 04:49:41 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (06/21/2017 04:49:39 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
 and APPID 
{F72671A9-012C-4725-9D2F-2A4D32D65169}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (06/21/2017 04:48:01 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-6S12IL0)
Description: The server CortanaPlaces.PlaceStore did not register with DCOM within the required timeout.
 
Error: (06/21/2017 04:48:00 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-6S12IL0)
Description: The server {3BFADDE5-09ED-42AE-8190-2E68B650CFE6} did not register with DCOM within the required timeout.
 
Error: (06/21/2017 04:47:58 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-6S12IL0)
Description: The server {3BFADDE5-09ED-42AE-8190-2E68B650CFE6} did not register with DCOM within the required timeout.
 
Error: (06/21/2017 04:47:56 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (06/21/2017 04:01:23 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (06/21/2017 03:55:42 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
 and APPID 
{F72671A9-012C-4725-9D2F-2A4D32D65169}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
 
CodeIntegrity:
===================================
  Date: 2017-02-03 09:45:48.714
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-02-03 09:45:48.704
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-02-03 09:45:48.692
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-02-03 09:45:48.680
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i3-4012Y CPU @ 1.50GHz
Percentage of memory in use: 69%
Total physical RAM: 3988.27 MB
Available physical RAM: 1222.89 MB
Total Virtual: 5921.45 MB
Available Virtual: 2713.96 MB
 
==================== Drives ================================
 
Drive c: (Windows) (Fixed) (Total:421.91 GB) (Free:386.79 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:23.18 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 55323E72)
 
Partition: GPT.
 
==================== End of Addition.txt ============================

 

 


  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,012 posts
  • MVP
Could you give me the exact model of your PC?  There are several Yoga 2 models on the Lenovo Support website.
 
Get Process Explorer
 
Save it to your desktop then run it (Vista or Win7+ - right click and Run As Administrator).  
 
View, Select Column, check Verified Signer, OK
Options, Verify Image Signatures
 
 
Click twice on the CPU column header  to sort things by CPU usage with the big hitters at the top.  
 
Wait a full minute then:
 
File, Save As, Save.  Note the file name.   Open the file  on your desktop and copy and paste the text to a reply.
 
 
 
Get the free version of Speccy:
 
http://www.filehippo...download_speccy (Look in the upper right for the Download
Latest Version button  - Do NOT press the large Start Download button on the upper left!)  
Download, Save and Install it.  Tell it you do not need CCLEANER if it tries to install it.    Run Speccy.  When it finishes (the little icon in the bottom left will stop moving), 
File, Save as Text File,  (to your desktop) note the name it gives. OK.  Open the file in notepad and delete the line that gives the serial number of your Operating System.  
(It will be near the top,  10-20  lines down.) Save the file.  Attach the file to your next post.  Attaching the log is the best option as it is too big for the forum.  Attaching is a multi step process.
 
First click on More Reply Options
Then scroll down to where you see
Choose File and click on it.  Point it at the file and hit Open.
Now click on Attach this file.

  • 0

#3
erindg25

erindg25

    Member

  • Topic Starter
  • Member
  • PipPip
  • 54 posts

Hi RKinner, and thanks.

 

Lenovo 2 11, model 20428.

 

Process Explorer file copied below, Speccy log attached.

 

*******************************************************************

 

Process CPU Private Bytes Working Set PID Description Company Name Verified Signer
System Idle Process < 0.01 0 K 4 K 0
AvastSvc.exe 23.06 189,416 K 65,436 K 1908 Avast Service AVAST Software (Verified) AVAST Software s.r.o.
explorer.exe 36.51 54,904 K 102,504 K 4176 Windows Explorer Microsoft Corporation (Verified) Microsoft Windows
procexp64.exe 9.32 30,916 K 64,656 K 4268 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation
System 8.42 128 K 120 K 4
Interrupts 5.35 0 K 0 K n/a Hardware Interrupts and DPCs
svchost.exe 1.66 106,388 K 100,196 K 528 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
SynTPEnh.exe 3.67 6,324 K 20,204 K 6332 Synaptics TouchPad 64-bit Enhancements Synaptics Incorporated (Verified) Synaptics Incorporated
dwm.exe 2.04 65,188 K 59,060 K 376 Desktop Window Manager Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 0.86 7,896 K 12,112 K 952 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
aswidsagenta.exe 0.79 33,656 K 44,292 K 3436 Avast Behavior Shield AVAST Software s.r.o. (Verified) AVAST Software s.r.o.
csrss.exe 0.35 2,252 K 5,108 K 680 Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 0.30 8,228 K 21,380 K 2672 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
chrome.exe 0.14 154,936 K 170,500 K 6516 Google Chrome Google Inc. (Verified) Google Inc
TabTip.exe 0.07 3,872 K 13,736 K 6120 Touch Keyboard and Handwriting Panel Microsoft Corporation (Verified) Microsoft Windows
backgroundTaskHost.exe 7,876 K 21,796 K 9784 Background Task Host Microsoft Corporation (Verified) Microsoft Windows
WUDFHost.exe 0.21 2,704 K 7,524 K 2232 Windows Driver Foundation - User-mode Driver Framework Host Process Microsoft Corporation (Verified) Microsoft Windows
FRST64.exe 0.16 19,932 K 19,164 K 2912 Farbar Recovery Scan Tool Farbar (No signature was present in the subject) Farbar
MicrosoftEdgeCP.exe 1.21 107,412 K 148,360 K 9364 Microsoft Edge Content Process Microsoft Corporation (Verified) Microsoft Corporation
csrss.exe 0.11 1,708 K 3,700 K 580 Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows Publisher
InstallAgent.exe 2,880 K 11,288 K 5328 InstallAgent Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 1.42 11,472 K 24,116 K 892 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
ymc.exe 0.06 29,120 K 21,688 K 2836 Lenovo Yoga Mode Control Lenovo (Verified) LENOVO
InstallAgentUserBroker.exe 5,512 K 18,472 K 4808 InstallAgentUserBroker Microsoft Corporation (Verified) Microsoft Windows
taskhostw.exe 0.05 9,180 K 20,760 K 4504 Host Process for Windows Tasks Microsoft Corporation (Verified) Microsoft Windows
WUDFHost.exe 0.01 25,328 K 23,076 K 1056 Windows Driver Foundation - User-mode Driver Framework Host Process Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 0.03 3,628 K 11,148 K 2300 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
chrome.exe 51,624 K 37,192 K 7296 Google Chrome Google Inc. (Verified) Google Inc
svchost.exe 0.01 13,772 K 29,784 K 552 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
lsass.exe 0.05 6,940 K 14,216 K 804 Local Security Authority Process Microsoft Corporation (Verified) Microsoft Windows Publisher
SearchIndexer.exe 0.05 26,224 K 22,632 K 980 Microsoft Windows Search Indexer Microsoft Corporation (Verified) Microsoft Windows
chrome.exe 130,800 K 74,696 K 9928 Google Chrome Google Inc. (Verified) Google Inc
AvastUI.exe 0.02 21,468 K 42,136 K 6160 Avast Antivirus AVAST Software (Verified) AVAST Software s.r.o.
ONENOTEM.EXE 4,372 K 8,152 K 9708 Send to OneNote Tool Microsoft Corporation (Verified) Microsoft Corporation
SnippingTool.exe 4,044 K 14,636 K 10080 Snipping Tool Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 11,780 K 21,208 K 1796 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
MicrosoftEdge.exe 0.01 25,364 K 65,664 K 4760 Microsoft Edge Microsoft Corporation (Verified) Microsoft Corporation
notepad.exe 3,004 K 14,168 K 8072 Notepad Microsoft Corporation (Verified) Microsoft Windows
notepad.exe 3,032 K 14,168 K 10752 Notepad Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 1.38 90,568 K 93,616 K 516 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
chrome.exe 0.13 440,408 K 390,108 K 9048 Google Chrome Google Inc. (Verified) Google Inc
RuntimeBroker.exe 26,520 K 46,992 K 4684 Runtime Broker Microsoft Corporation (Verified) Microsoft Windows
services.exe < 0.01 3,364 K 7,280 K 788 Services and Controller app Microsoft Corporation (Verified) Microsoft Windows Publisher
officeclicktorun.exe < 0.01 29,544 K 32,064 K 5272 Microsoft Office Click-to-Run Microsoft Corporation (Verified) Microsoft Corporation
esif_assist_64.exe < 0.01 1,524 K 4,192 K 4304 Intel® Dynamic Platform and Thermal Framework Utility Application Intel Corporation (Verified) Intel® Software
svchost.exe 9,284 K 32,540 K 4372 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
Memory Compression < 0.01 600 K 108,916 K 2716
MBAMService.exe < 0.01 19,788 K 20,228 K 2544 Malwarebytes Service Malwarebytes (Verified) Malwarebytes Corporation
WUDFHost.exe 1,284 K 4,864 K 2356 Windows Driver Foundation - User-mode Driver Framework Host Process Microsoft Corporation (Verified) Microsoft Windows
WmiPrvSE.exe 3,548 K 10,200 K 3664 WMI Provider Host Microsoft Corporation (Verified) Microsoft Windows
winlogon.exe 2,320 K 7,860 K 740 Windows Logon Application Microsoft Corporation (Verified) Microsoft Windows
wininit.exe 1,132 K 4,376 K 668 Windows Start-Up Application Microsoft Corporation (Verified) Microsoft Windows Publisher
utility.exe 2,656 K 10,636 K 2244 Lenovo Utility (Verified) LENOVO
taskhostw.exe 8,704 K 13,292 K 7548 Host Process for Windows Tasks Microsoft Corporation (Verified) Microsoft Windows
TabTip32.exe 1,516 K 4,312 K 5364 Touch Keyboard and Handwriting Panel Helper Microsoft Corporation (Verified) Microsoft Windows
SynTPHelper.exe 1,184 K 4,300 K 6040 Synaptics Pointing Device Helper Synaptics Incorporated (Verified) Synaptics Incorporated
svchost.exe 0.02 17,544 K 22,308 K 856 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 0.01 11,136 K 28,144 K 2552 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 5,532 K 14,072 K 1844 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 0.02 17,884 K 26,468 K 1032 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 32,756 K 40,948 K 10260 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 4,496 K 12,576 K 1780 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,456 K 9,148 K 1584 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
spoolsv.exe 6,640 K 14,288 K 1280 Spooler SubSystem App Microsoft Corporation (Verified) Microsoft Windows
smss.exe 460 K 996 K 424 Windows Session Manager Microsoft Corporation (Verified) Microsoft Windows Publisher
smartscreen.exe 15,032 K 27,392 K 6872 SmartScreen Microsoft Corporation (Verified) Microsoft Windows
SkypeHost.exe Suspended 36,444 K 19,716 K 5816 Microsoft Skype Preview Microsoft Corporation (No signature was present in the subject) Microsoft Corporation
sihost.exe 6,932 K 25,100 K 4364 Shell Infrastructure Host Microsoft Corporation (Verified) Microsoft Windows
ShellExperienceHost.exe Suspended 40,428 K 49,560 K 1572 Windows Shell Experience Host Microsoft Corporation (Verified) Microsoft Windows
SettingSyncHost.exe 10,460 K 5,252 K 5504 Host Process for Setting Synchronization Microsoft Corporation (Verified) Microsoft Windows
SearchUI.exe Suspended 73,748 K 71,220 K 5180 Search and Cortana application Microsoft Corporation (Verified) Microsoft Windows
SearchProtocolHost.exe 1,888 K 7,700 K 364 Microsoft Windows Search Protocol Host Microsoft Corporation (Verified) Microsoft Windows
SearchFilterHost.exe 1,568 K 6,412 K 8868 Microsoft Windows Search Filter Host Microsoft Corporation (Verified) Microsoft Windows
SASrv.exe 1,264 K 5,360 K 2612 SmartAudio Service Application Conexant Systems, Inc. (Verified) Conexant Systems
rundll32.exe 9,772 K 12,104 K 10196 Windows host process (Rundll32) Microsoft Corporation (Verified) Microsoft Windows
RemindersServer.exe Suspended 9,068 K 21,300 K 5756 Reminders WinRT OOP Server Microsoft Corporation (Verified) Microsoft Windows
procexp.exe 3,008 K 10,624 K 7900 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation
PresentationFontCache.exe 25,424 K 8,588 K 4724 PresentationFontCache.exe Microsoft Corporation (Verified) Microsoft Corporation
OneDrive.exe 31,884 K 39,812 K 9144 Microsoft OneDrive Microsoft Corporation (Verified) Microsoft Corporation
mbamtray.exe 17,048 K 23,440 K 560 Malwarebytes Tray Application Malwarebytes (Verified) Malwarebytes Corporation
igfxTray.exe 3,668 K 9,824 K 4968 (Verified) Intel® pGFX
igfxHK.exe 2,576 K 8,052 K 4700 igfxHK Module Intel Corporation (Verified) Intel® pGFX
igfxEM.exe 4,316 K 11,132 K 4544 igfxEM Module Intel Corporation (Verified) Intel® pGFX
igfxCUIService.exe 1,948 K 7,952 K 1432 igfxCUIService Module Intel Corporation (Verified) Intel® pGFX
IAStorIcon.exe 20,680 K 29,288 K 2684 IAStorIcon Intel Corporation (Verified) Intel Corporation - Rapid Storage Technology
IAStorDataMgrSvc.exe 28,960 K 38,172 K 7204 IAStorDataSvc Intel Corporation (Verified) Intel Corporation - Rapid Storage Technology
GoogleCrashHandler64.exe 1,724 K 980 K 7220 Google Crash Handler Google Inc. (Verified) Google Inc
GoogleCrashHandler.exe 1,864 K 1,588 K 6264 Google Crash Handler Google Inc. (Verified) Google Inc
fontdrvhost.exe 852 K 2,712 K 6712 Usermode Font Driver Host Microsoft Corporation (Verified) Microsoft Windows
esif_uf.exe 1,788 K 5,640 K 2536 Intel® Dynamic Platform and Thermal Framework Intel Corporation (Verified) Intel® Software
dllhost.exe 2,768 K 10,704 K 7416 COM Surrogate Microsoft Corporation (Verified) Microsoft Windows
dasHost.exe 3,944 K 12,256 K 1884 Device Association Framework Provider Host Microsoft Corporation (Verified) Microsoft Windows
CxAudMsg64.exe 1,744 K 7,060 K 2604 Conexant Audio Message Service Conexant Systems Inc. (Verified) Conexant Systems
CSISYNCCLIENT.EXE 13,212 K 25,960 K 9524 Microsoft Office Document Cache Sync Client Interface Microsoft Corporation (Verified) Microsoft Corporation
chrome.exe 2,532 K 8,556 K 9768 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe < 0.01 38,728 K 44,876 K 4076 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 2,544 K 9,008 K 3216 Google Chrome Google Inc. (Verified) Google Inc
CAudioFilterAgent64.exe 1,896 K 7,400 K 5900 Conexant High Definition Audio Filter Agent Conexant Systems, Inc. (Verified) Conexant Systems
browser_broker.exe 3,484 K 17,940 K 7848 Browser_Broker Microsoft Corporation (Verified) Microsoft Windows
backgroundTaskHost.exe Suspended 8,868 K 35,876 K 4768 Background Task Host Microsoft Corporation (Verified) Microsoft Windows
audiodg.exe 8,256 K 12,312 K 2180 Windows Audio Device Graph Isolation Microsoft Corporation (Verified) Microsoft Windows
ApplicationFrameHost.exe 9,552 K 25,868 K 8564 Application Frame Host Microsoft Corporation (Verified) Microsoft Windows
AdminService.exe 1,788 K 6,064 K 2572 Windows Setup API Windows ® Win 7 DDK provider (Verified) Qualcomm Atheros
 

Attached Files


  • 0

#4
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,012 posts
  • MVP
System Idle Process < 0.01 0 K 4 K 0
AvastSvc.exe 23.06 189,416 K 65,436 K 1908 Avast Service AVAST Software (Verified) AVAST Software s.r.o.
explorer.exe 36.51 54,904 K 102,504 K 4176 Windows Explorer Microsoft Corporation (Verified) Microsoft Windows
procexp64.exe 9.32 30,916 K 64,656 K 4268 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation
System 8.42 128 K 120 K 4
Interrupts 5.35 0 K 0 K n/a Hardware Interrupts and DPCs

 

 

I can see that it would be very very slow from the above.  System Idle (+ procexp64.exe) should be above 90%, Interrupts has to be below about 1.4 in order not to stutter.  Avast is eating up a lot of CPU time but so is Explorer.  Not sure why Explorer is so high.  I suppose it is possible that Explorer has gotten infected and Avast is fighting it but I don't see any other signs of an infection so it may be just that Avast needs to be uninstalled then reinstalled with a fresh download after a reboot.  Let's try that first.  Get a new download from https://www.avast.co...ivirus-download Save it then uninstall Avast.  Reboot.  Right click on your downloaded Avast installer and Run As Admin.  Reboot once it installs and complete the installation by sticking with the Basic (Free) version.  Then make a new Process Explorer log as before and post it.


  • 0

#5
erindg25

erindg25

    Member

  • Topic Starter
  • Member
  • PipPip
  • 54 posts

Hmmm... I'm not 100% sure that Avast entirely uninstalled the first time, so let me know if I need to do it again.  New file copied below.

 

***************************************************************

 

Process CPU Private Bytes Working Set PID Description Company Name Verified Signer
System Idle Process 78.89 0 K 4 K 0
procexp64.exe 5.61 26,380 K 58,820 K 2664 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation
Interrupts 2.32 0 K 0 K n/a Hardware Interrupts and DPCs
SynTPEnh.exe 3.42 5,924 K 20,292 K 6680 Synaptics TouchPad 64-bit Enhancements Synaptics Incorporated (Verified) Synaptics Incorporated
dwm.exe 0.97 32,340 K 44,024 K 352 Desktop Window Manager Microsoft Corporation (Verified) Microsoft Windows
csrss.exe 0.27 2,036 K 4,692 K 676 Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows Publisher
System 1.72 136 K 2,752 K 4
WUDFHost.exe 0.09 2,476 K 8,196 K 2360 Windows Driver Foundation - User-mode Driver Framework Host Process Microsoft Corporation (Verified) Microsoft Windows
TabTip.exe 0.12 3,788 K 14,508 K 5988 Touch Keyboard and Handwriting Panel Microsoft Corporation (Verified) Microsoft Windows
explorer.exe 1.28 33,312 K 78,672 K 5028 Windows Explorer Microsoft Corporation (Verified) Microsoft Windows
ymc.exe 0.04 22,680 K 27,372 K 2940 Lenovo Yoga Mode Control Lenovo (Verified) LENOVO
chrome.exe 0.12 91,232 K 126,432 K 5504 Google Chrome Google Inc. (Verified) Google Inc
AvastUI.exe 0.21 21,580 K 38,412 K 6556 Avast Antivirus AVAST Software (Verified) AVAST Software s.r.o.
AvastSvc.exe 0.34 94,944 K 40,928 K 1952 Avast Service AVAST Software (Verified) AVAST Software s.r.o.
svchost.exe 0.02 3,500 K 12,060 K 2472 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
WUDFHost.exe 0.02 25,272 K 15,448 K 1076 Windows Driver Foundation - User-mode Driver Framework Host Process Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 0.03 9,112 K 23,432 K 900 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
chrome.exe 0.02 70,456 K 111,488 K 6932 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 57,888 K 108,012 K 5492 Google Chrome Google Inc. (Verified) Google Inc
svchost.exe 0.61 60,560 K 71,908 K 496 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
aswidsagenta.exe 0.30 13,220 K 28,476 K 1640 Avast Behavior Shield AVAST Software s.r.o. (Verified) AVAST Software s.r.o.
esif_assist_64.exe < 0.01 1,488 K 4,604 K 4432 Intel® Dynamic Platform and Thermal Framework Utility Application Intel Corporation (Verified) Intel® Software
svchost.exe 0.08 10,112 K 24,416 K 592 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
OneDrive.exe < 0.01 30,996 K 41,440 K 2164 Microsoft OneDrive Microsoft Corporation (Verified) Microsoft Corporation
MBAMService.exe < 0.01 20,000 K 40,200 K 2780 Malwarebytes Service Malwarebytes (Verified) Malwarebytes Corporation
AdminService.exe 1,740 K 6,732 K 2740 Windows Setup API Windows ® Win 7 DDK provider (Verified) Qualcomm Atheros
WUDFHost.exe 1,288 K 5,788 K 2552 Windows Driver Foundation - User-mode Driver Framework Host Process Microsoft Corporation (Verified) Microsoft Windows
WmiPrvSE.exe 5,348 K 13,008 K 8036 WMI Provider Host Microsoft Corporation (Verified) Microsoft Windows
WmiPrvSE.exe 2,972 K 10,152 K 2464 WMI Provider Host Microsoft Corporation (Verified) Microsoft Windows
winlogon.exe 2,096 K 9,520 K 736 Windows Logon Application Microsoft Corporation (Verified) Microsoft Windows
wininit.exe 1,204 K 4,948 K 664 Windows Start-Up Application Microsoft Corporation (Verified) Microsoft Windows Publisher
utility.exe 2,556 K 10,800 K 6384 Lenovo Utility (Verified) LENOVO
taskhostw.exe 0.02 5,724 K 15,468 K 4540 Host Process for Windows Tasks Microsoft Corporation (Verified) Microsoft Windows
TabTip32.exe 1,444 K 4,692 K 6128 Touch Keyboard and Handwriting Panel Helper Microsoft Corporation (Verified) Microsoft Windows
SynTPHelper.exe 1,168 K 4,656 K 7032 Synaptics Pointing Device Helper Synaptics Incorporated (Verified) Synaptics Incorporated
svchost.exe 4,860 K 15,096 K 1840 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe < 0.01 8,852 K 31,276 K 4472 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 0.01 35,944 K 59,028 K 552 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 0.42 14,160 K 23,916 K 1056 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 0.09 5,124 K 10,332 K 956 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 0.01 7,472 K 17,200 K 1400 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,260 K 9,020 K 1544 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 0.02 17,644 K 25,340 K 856 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 6,404 K 19,384 K 2848 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 3,680 K 11,952 K 1708 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 9,352 K 28,572 K 2752 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
spoolsv.exe 5,976 K 14,412 K 1960 Spooler SubSystem App Microsoft Corporation (Verified) Microsoft Windows
smss.exe 484 K 1,220 K 412 Windows Session Manager Microsoft Corporation (Verified) Microsoft Windows Publisher
smartscreen.exe 8,672 K 14,444 K 6176 SmartScreen Microsoft Corporation (Verified) Microsoft Windows
SkypeHost.exe Suspended 31,848 K 1,112 K 5780 Microsoft Skype Microsoft Corporation (No signature was present in the subject) Microsoft Corporation
sihost.exe 5,448 K 22,896 K 4464 Shell Infrastructure Host Microsoft Corporation (Verified) Microsoft Windows
ShellExperienceHost.exe 39,632 K 63,716 K 5016 Windows Shell Experience Host Microsoft Corporation (Verified) Microsoft Windows
services.exe 4,380 K 8,620 K 804 Services and Controller app Microsoft Corporation (Verified) Microsoft Windows Publisher
SearchUI.exe Suspended 50,372 K 91,412 K 4392 Search and Cortana application Microsoft Corporation (Verified) Microsoft Windows
SearchIndexer.exe 0.30 18,144 K 14,700 K 5200 Microsoft Windows Search Indexer Microsoft Corporation (Verified) Microsoft Windows
SASrv.exe 1,264 K 6,100 K 2824 SmartAudio Service Application Conexant Systems, Inc. (Verified) Conexant Systems
RuntimeBroker.exe 13,272 K 30,068 K 4860 Runtime Broker Microsoft Corporation (Verified) Microsoft Windows
rundll32.exe 9,776 K 11,396 K 4504 Windows host process (Rundll32) Microsoft Corporation (Verified) Microsoft Windows
RemindersServer.exe Suspended 8,716 K 18,456 K 5716 Reminders WinRT OOP Server Microsoft Corporation (Verified) Microsoft Windows
procexp.exe 3,040 K 10,400 K 8100 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation
PresentationFontCache.exe 32,444 K 27,128 K 4520 PresentationFontCache.exe Microsoft Corporation (Verified) Microsoft Corporation
OfficeClickToRun.exe 0.11 31,128 K 50,988 K 2808 Microsoft Office Click-to-Run (SxS) Microsoft Corporation (Verified) Microsoft Corporation
MSOSYNC.EXE 1.45 19,896 K 36,856 K 2184 Microsoft Office Document Cache Microsoft Corporation (Verified) Microsoft Corporation
Memory Compression 0.03 84 K 17,388 K 2960
mbamtray.exe 17,340 K 28,372 K 6508 Malwarebytes Tray Application Malwarebytes (Verified) Malwarebytes Corporation
lsass.exe 0.50 6,064 K 16,252 K 812 Local Security Authority Process Microsoft Corporation (Verified) Microsoft Windows Publisher
IntelCpHeciSvc.exe 1,724 K 6,644 K 2800 IntelCpHeciSvc Executable Intel Corporation (Verified) Intel® pGFX
igfxTray.exe 3,584 K 11,084 K 828 (Verified) Intel® pGFX
igfxHK.exe 2,536 K 8,992 K 4620 igfxHK Module Intel Corporation (Verified) Intel® pGFX
igfxEM.exe 3,972 K 12,760 K 4692 igfxEM Module Intel Corporation (Verified) Intel® pGFX
igfxCUIService.exe 1,864 K 8,564 K 1236 igfxCUIService Module Intel Corporation (Verified) Intel® pGFX
IAStorIcon.exe 20,640 K 34,636 K 7536 IAStorIcon Intel Corporation (Verified) Intel Corporation - Rapid Storage Technology
IAStorDataMgrSvc.exe 29,932 K 50,032 K 7748 IAStorDataSvc Intel Corporation (Verified) Intel Corporation - Rapid Storage Technology
GoogleCrashHandler64.exe 1,720 K 240 K 5496 Google Crash Handler Google Inc. (Verified) Google Inc
GoogleCrashHandler.exe 1,844 K 224 K 5392 Google Crash Handler Google Inc. (Verified) Google Inc
fontdrvhost.exe 816 K 2,960 K 6752 Usermode Font Driver Host Microsoft Corporation (Verified) Microsoft Windows
esif_uf.exe 1,848 K 6,752 K 2760 Intel® Dynamic Platform and Thermal Framework Intel Corporation (Verified) Intel® Software
dllhost.exe 2,108 K 9,396 K 6588 COM Surrogate Microsoft Corporation (Verified) Microsoft Windows
dasHost.exe 3,640 K 13,240 K 2324 Device Association Framework Provider Host Microsoft Corporation (Verified) Microsoft Windows
CxAudMsg64.exe 1,732 K 8,000 K 2788 Conexant Audio Message Service Conexant Systems Inc. (Verified) Conexant Systems
csrss.exe 0.04 1,588 K 4,136 K 568 Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows Publisher
chrome.exe 43,108 K 80,344 K 6828 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 2,524 K 9,260 K 7068 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 2,516 K 9,732 K 7124 Google Chrome Google Inc. (Verified) Google Inc
CAudioFilterAgent64.exe 1,992 K 7,980 K 6248 Conexant High Definition Audio Filter Agent Conexant Systems, Inc. (Verified) Conexant Systems
audiodg.exe 8,228 K 12,764 K 6264 Windows Audio Device Graph Isolation Microsoft Corporation (Verified) Microsoft Windows

  • 0

#6
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,012 posts
  • MVP

Much improved.  I think Avast is happy now.  I'm still not happy with the Interrupts and I don't know why your Touchpad is so greedy:

 

Interrupts 2.32 0 K 0 K n/a Hardware Interrupts and DPCs
SynTPEnh.exe 3.42 5,924 K 20,292 K 6680 Synaptics TouchPad 64-bit Enhancements Synaptics Incorporated (Verified) Synaptics Incorporated

 

 

It appears to be the same drive that Lenovo offers on their support page.  Perhaps it just needs refreshing.
 
Search for 
 
device manager
hit Enter.
 
I'm guessing it will be under Mice so click on the arrow in front of Mice and other pointing devices then right click on the Synaptics driver and Uninstall.  (Don't let it remove the drivers if it asks)  Reboot.  It should reinstall it.  Run Process Explorer and see if it made a difference.  
 

Touchpad Driver (Elan, Synaptics) for Windows 10 (64-bit) - Lenovo Yoga 2 11


  • 0

#7
erindg25

erindg25

    Member

  • Topic Starter
  • Member
  • PipPip
  • 54 posts

Done (I think...).

 

*******************************************************************

 

Process CPU Private Bytes Working Set PID Description Company Name Verified Signer
System Idle Process 79.45 0 K 4 K 0
svchost.exe 5.50 131,408 K 56,736 K 520 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
procexp64.exe 4.82 21,896 K 54,056 K 4616 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation
SynTPEnh.exe 2.78 6,012 K 20,928 K 7088 Synaptics TouchPad 64-bit Enhancements Synaptics Incorporated (Verified) Synaptics Incorporated
Interrupts 2.65 0 K 0 K n/a Hardware Interrupts and DPCs
System 1.10 140 K 2,028 K 4
dwm.exe 0.91 29,676 K 40,412 K 364
SearchIndexer.exe 0.74 20,656 K 16,244 K 1116 Microsoft Windows Search Indexer Microsoft Corporation (Verified) Microsoft Windows
csrss.exe 0.53 2,000 K 4,704 K 668
explorer.exe 0.41 33,232 K 78,156 K 5224 Windows Explorer Microsoft Corporation (Verified) Microsoft Windows
TabTip.exe 0.34 3,852 K 14,516 K 5684
svchost.exe 0.18 68,208 K 78,180 K 468 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
chrome.exe 0.14 89,736 K 129,632 K 7144 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 0.13 75,932 K 119,664 K 8060 Google Chrome Google Inc. (Verified) Google Inc
WUDFHost.exe 0.10 2,452 K 7,396 K 2372
chrome.exe 0.06 278,404 K 325,084 K 6148 Google Chrome Google Inc. (Verified) Google Inc
svchost.exe 0.03 3,524 K 11,216 K 2480 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
ymc.exe 0.02 22,156 K 20,300 K 3036 Lenovo Yoga Mode Control Lenovo (Verified) LENOVO
AvastSvc.exe 0.02 114,976 K 39,900 K 976 Avast Service AVAST Software (Verified) AVAST Software s.r.o.
svchost.exe 0.02 9,552 K 23,148 K 888 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
WUDFHost.exe 0.01 25,264 K 11,112 K 1092
svchost.exe 0.01 5,120 K 10,132 K 948 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
AvastUI.exe 0.01 21,168 K 40,716 K 7304 Avast Antivirus AVAST Software (Verified) AVAST Software s.r.o.
mbamtray.exe 0.01 17,696 K 28,984 K 6880 Malwarebytes Tray Application Malwarebytes (Verified) Malwarebytes Corporation
aswidsagenta.exe < 0.01 13,668 K 24,260 K 4260 Avast Behavior Shield AVAST Software s.r.o. (Verified) AVAST Software s.r.o.
esif_assist_64.exe < 0.01 1,480 K 4,724 K 2668
OneDrive.exe < 0.01 30,696 K 41,460 K 7356 Microsoft OneDrive Microsoft Corporation (Verified) Microsoft Corporation
MBAMService.exe < 0.01 19,904 K 30,300 K 2788 Malwarebytes Service Malwarebytes (Verified) Malwarebytes Corporation
TrustedInstaller.exe < 0.01 1,848 K 6,884 K 6280 Windows Modules Installer Microsoft Corporation (Verified) Microsoft Windows
WUDFHost.exe 1,324 K 4,764 K 2540
WmiPrvSE.exe 5,116 K 13,332 K 2552
WmiPrvSE.exe 2,724 K 9,608 K 2420
winlogon.exe 2,160 K 8,256 K 732
wininit.exe 1,212 K 4,540 K 656
utility.exe 2,640 K 11,244 K 6768 Lenovo Utility (Verified) LENOVO
TiWorker.exe 3,500 K 10,012 K 7528
taskhostw.exe 5,908 K 15,428 K 4744 Host Process for Windows Tasks Microsoft Corporation (Verified) Microsoft Windows
TabTip32.exe 1,472 K 4,680 K 4804
SynTPHelper.exe 1,152 K 4,624 K 6676
svchost.exe 18,184 K 24,160 K 844 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 9,648 K 36,212 K 4348 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 14,448 K 23,160 K 1052 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 9,564 K 21,368 K 516 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 4,812 K 13,500 K 1908 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 3,544 K 11,140 K 1860 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,240 K 8,852 K 1760 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 7,768 K 16,316 K 1292 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 7,932 K 19,404 K 3016 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 10,004 K 27,072 K 2796 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 5,960 K 17,044 K 4412 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
spoolsv.exe 5,788 K 10,984 K 1280 Spooler SubSystem App Microsoft Corporation (Verified) Microsoft Windows
smss.exe 520 K 1,108 K 420
smartscreen.exe 8,660 K 14,436 K 6348 SmartScreen Microsoft Corporation (Verified) Microsoft Windows
SkypeHost.exe Suspended 32,652 K 2,516 K 2292 Microsoft Skype Microsoft Corporation (No signature was present in the subject) Microsoft Corporation
sihost.exe 5,956 K 23,240 K 4356 Shell Infrastructure Host Microsoft Corporation (Verified) Microsoft Windows
ShellExperienceHost.exe Suspended 26,916 K 53,632 K 5764 Windows Shell Experience Host Microsoft Corporation (Verified) Microsoft Windows
SettingSyncHost.exe 6,572 K 7,824 K 6636 Host Process for Setting Synchronization Microsoft Corporation (Verified) Microsoft Windows
services.exe 4,412 K 8,308 K 780
SearchUI.exe Suspended 47,564 K 85,756 K 5976 Search and Cortana application Microsoft Corporation (Verified) Microsoft Windows
SASrv.exe 1,264 K 5,624 K 2908
RuntimeBroker.exe 10,232 K 27,948 K 1572 Runtime Broker Microsoft Corporation (Verified) Microsoft Windows
rundll32.exe 9,796 K 11,588 K 4268 Windows host process (Rundll32) Microsoft Corporation (Verified) Microsoft Windows
RemindersServer.exe Suspended 9,756 K 18,672 K 5384 Reminders WinRT OOP Server Microsoft Corporation (Verified) Microsoft Windows
procexp.exe 3,064 K 10,480 K 5792 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation
PresentationFontCache.exe 26,132 K 19,172 K 4408 PresentationFontCache.exe Microsoft Corporation (Verified) Microsoft Corporation
OfficeClickToRun.exe 15,140 K 25,112 K 2804 Microsoft Office Click-to-Run (SxS) Microsoft Corporation (Verified) Microsoft Corporation
Memory Compression 152 K 13,416 K 2176
lsass.exe 5,872 K 14,044 K 796 Local Security Authority Process Microsoft Corporation (Verified) Microsoft Windows Publisher
InstallAgentUserBroker.exe 2,536 K 10,476 K 6232 InstallAgentUserBroker Microsoft Corporation (Verified) Microsoft Windows
InstallAgent.exe 2,752 K 13,028 K 6524 InstallAgent Microsoft Corporation (Verified) Microsoft Windows
igfxTray.exe 3,616 K 11,120 K 5496 (Verified) Intel® pGFX
igfxHK.exe 2,436 K 9,116 K 5356 igfxHK Module Intel Corporation (Verified) Intel® pGFX
igfxEM.exe 3,892 K 12,816 K 5308 igfxEM Module Intel Corporation (Verified) Intel® pGFX
igfxCUIService.exe 1,892 K 8,156 K 1256 igfxCUIService Module Intel Corporation (Verified) Intel® pGFX
IAStorIcon.exe 20,512 K 33,544 K 7480 IAStorIcon Intel Corporation (Verified) Intel Corporation - Rapid Storage Technology
IAStorDataMgrSvc.exe 28,924 K 49,096 K 684 IAStorDataSvc Intel Corporation (Verified) Intel Corporation - Rapid Storage Technology
GoogleCrashHandler64.exe 1,732 K 132 K 4336
GoogleCrashHandler.exe 1,848 K 140 K 3648
fontdrvhost.exe 832 K 2,968 K 7944
esif_uf.exe 1,848 K 5,832 K 2820 Intel® Dynamic Platform and Thermal Framework Intel Corporation (Verified) Intel® Software
dasHost.exe 3,640 K 11,404 K 2308
CxAudMsg64.exe 1,744 K 7,336 K 2832 Conexant Audio Message Service Conexant Systems Inc. (Verified) Conexant Systems
csrss.exe 1,616 K 3,800 K 568
chrome.exe 98,664 K 149,368 K 5608 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 42,088 K 79,328 K 7300 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 61,772 K 99,832 K 6164 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 2,536 K 9,300 K 8116 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 2,516 K 9,760 K 4600 Google Chrome Google Inc. (Verified) Google Inc
CAudioFilterAgent64.exe 1,992 K 8,076 K 6468 Conexant High Definition Audio Filter Agent Conexant Systems, Inc. (Verified) Conexant Systems
audiodg.exe 7,424 K 14,792 K 6728
AdminService.exe 1,736 K 6,184 K 2776 Windows Setup API Windows ® Win 7 DDK provider (Verified) Qualcomm Atheros

  • 0

#8
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,012 posts
  • MVP

Slight improvement 

 

SynTPEnh.exe 2.78  vs 3.42

Intrrupts is still too high and this is new:

 

svchost.exe 5.50 131,408 K 56,736 K 520 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher

 

Let's look and see what is riding on it:

 

 

 
Copy the next 2 lines:
 
TASKLIST /SVC  > \junk.txt
notepad \junk.txt
 
Open an Elevated Command Prompt:
Win 7: Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator
 
Right click and Paste (or Edit then Paste) and the copied lines should appear.
Hit Enter if notepad does not open.  Copy and paste the text from notepad into a reply. 

  • 0

#9
erindg25

erindg25

    Member

  • Topic Starter
  • Member
  • PipPip
  • 54 posts

Also, I just ran Speedtest again, and I'm getting download speeds of 4.97 vs 29.92 on my phone (connected to WiFi).  I really have no idea what's going on there...


  • 0

#10
erindg25

erindg25

    Member

  • Topic Starter
  • Member
  • PipPip
  • 54 posts

Also, I just ran Speedtest again, and I'm getting download speeds of 4.97 vs 29.92 on my phone (connected to WiFi).  I really have no idea what's going on there...


  • 0

Advertisements


#11
erindg25

erindg25

    Member

  • Topic Starter
  • Member
  • PipPip
  • 54 posts

Also, I just ran Speedtest again, and I'm getting download speeds of 4.97 vs 29.92 on my phone (connected to WiFi).  I really have no idea what's going on there...


  • 0

#12
erindg25

erindg25

    Member

  • Topic Starter
  • Member
  • PipPip
  • 54 posts

Also, I just ran Speedtest again, and I'm getting download speeds of 4.97 vs 29.92 on my phone (connected to WiFi).  I really have no idea what's going on there...


  • 0

#13
erindg25

erindg25

    Member

  • Topic Starter
  • Member
  • PipPip
  • 54 posts
 
Image Name                     PID Services                                    
========================= ======== ============================================
System Idle Process              0 N/A                                         
System                           4 N/A                                         
smss.exe                       420 N/A                                         
csrss.exe                      568 N/A                                         
wininit.exe                    656 N/A                                         
csrss.exe                      668 N/A                                         
winlogon.exe                   732 N/A                                         
services.exe                   780 N/A                                         
lsass.exe                      796 KeyIso, SamSs, VaultSvc                     
svchost.exe                    888 BrokerInfrastructure, DcomLaunch, LSM,      
                                   PlugPlay, Power, SystemEventsBroker         
svchost.exe                    948 RpcEptMapper, RpcSs                         
dwm.exe                        364 N/A                                         
svchost.exe                    520 Appinfo, BITS, gpsvc, iphlpsvc,             
                                   LanmanServer, lfsvc, ProfSvc, Schedule,     
                                   SENS, ShellHWDetection, Themes,             
                                   UserManager, UsoSvc, Winmgmt, WpnService,   
                                   wuauserv                                    
svchost.exe                    468 AudioEndpointBuilder,                       
                                   DeviceAssociationService, DsSvc,            
                                   NcbService, Netman, PcaSvc, SensorService,  
                                   SmsRouter, SysMain, TabletInputService,     
                                   TrkWks, wudfsvc                             
svchost.exe                    516 bthserv, CDPSvc, EventSystem, FontCache,    
                                   LicenseManager, netprofm, nsi,              
                                   WdiServiceHost, WinHttpAutoProxySvc         
svchost.exe                    844 Dhcp, EventLog, lmhosts, TimeBrokerSvc,     
                                   wscsvc                                      
svchost.exe                   1052 BFE, CoreMessagingRegistrar, DPS, MpsSvc    
WUDFHost.exe                  1092 N/A                                         
igfxCUIService.exe            1256 igfxCUIService2.0.0.0                       
svchost.exe                   1292 CryptSvc, Dnscache, LanmanWorkstation,      
                                   NlaSvc                                      
svchost.exe                   1760 Audiosrv                                    
svchost.exe                   1860 Wcmsvc                                      
svchost.exe                   1908 WlanSvc                                     
AvastSvc.exe                   976 avast! Antivirus                            
spoolsv.exe                   1280 Spooler                                     
dasHost.exe                   2308 N/A                                         
WUDFHost.exe                  2372 N/A                                         
WmiPrvSE.exe                  2420 N/A                                         
svchost.exe                   2480 SensrSvc, SSDPSRV                           
WUDFHost.exe                  2540 N/A                                         
AdminService.exe              2776 AtherosSvc                                  
MBAMService.exe               2788 MBAMService                                 
svchost.exe                   2796 DiagTrack                                   
OfficeClickToRun.exe          2804 ClickToRunSvc                               
esif_uf.exe                   2820 esifsvc                                     
CxAudMsg64.exe                2832 CxAudMsg                                    
SASrv.exe                     2908 SAService                                   
svchost.exe                   3016 StateRepository, tiledatamodelsvc           
ymc.exe                       3036 ymc                                         
Memory Compression            2176 N/A                                         
aswidsagenta.exe              4260 aswbIDSAgent                                
IAStorDataMgrSvc.exe           684 IAStorDataMgrSvc                            
GoogleCrashHandler.exe        3648 N/A                                         
GoogleCrashHandler64.exe      4336 N/A                                         
WmiPrvSE.exe                  2552 N/A                                         
SearchIndexer.exe             1116 WSearch                                     
esif_assist_64.exe            2668 N/A                                         
rundll32.exe                  4268 N/A                                         
sihost.exe                    4356 N/A                                         
svchost.exe                   4348 CDPUserSvc_1134e9, OneSyncSvc_1134e9,       
                                   PimIndexMaintenanceSvc_1134e9,              
                                   UnistoreSvc_1134e9, UserDataSvc_1134e9      
PresentationFontCache.exe     4408 FontCache3.0.0.0                            
taskhostw.exe                 4744 N/A                                         
RuntimeBroker.exe             1572 N/A                                         
explorer.exe                  5224 N/A                                         
igfxEM.exe                    5308 N/A                                         
igfxHK.exe                    5356 N/A                                         
igfxTray.exe                  5496 N/A                                         
ShellExperienceHost.exe       5764 N/A                                         
SearchUI.exe                  5976 N/A                                         
SkypeHost.exe                 2292 N/A                                         
RemindersServer.exe           5384 N/A                                         
TabTip.exe                    5684 N/A                                         
TabTip32.exe                  4804 N/A                                         
CAudioFilterAgent64.exe       6468 N/A                                         
utility.exe                   6768 N/A                                         
mbamtray.exe                  6880 N/A                                         
SynTPEnh.exe                  7088 N/A                                         
SynTPHelper.exe               6676 N/A                                         
AvastUI.exe                   7304 N/A                                         
OneDrive.exe                  7356 N/A                                         
chrome.exe                    8060 N/A                                         
chrome.exe                    8116 N/A                                         
chrome.exe                    4600 N/A                                         
chrome.exe                    5608 N/A                                         
chrome.exe                    7300 N/A                                         
IAStorIcon.exe                7480 N/A                                         
fontdrvhost.exe               7944 N/A                                         
SettingSyncHost.exe           6636 N/A                                         
chrome.exe                    6148 N/A                                         
InstallAgent.exe              6524 N/A                                         
InstallAgentUserBroker.ex     6232 N/A                                         
chrome.exe                    7144 N/A                                         
chrome.exe                    5812 N/A                                         
TrustedInstaller.exe           760 TrustedInstaller                            
TiWorker.exe                  2948 N/A                                         
dllhost.exe                   7860 N/A                                         
ApplicationFrameHost.exe      5012 N/A                                         
svchost.exe                   3024 ClipSVC                                     
backgroundTaskHost.exe        7512 N/A                                         
smartscreen.exe               6796 N/A                                         
audiodg.exe                   3904 N/A                                         
cmd.exe                       6716 N/A                                         
conhost.exe                   4948 N/A                                         
tasklist.exe                  7248 N/A                                         

  • 0

#14
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,012 posts
  • MVP

svchost that is eating so much CPU is the one with Windows Update so check and see if it has updates for you.

 

Some network adapter drivers have been very badly written for win 10.  Search for

 

device manager

 

hit Enter

 

Find the Network Adpaters and if not open click on the arrow in front to open them.  Find the one you are using and right click and DISABLE.

 

Then switch back to Process Explorer and create a log.  Switch back to Device manager and Enable the adapter.  While there,right click on it and select Properties then Power Management.  Uncheck Allow the Computer to turn off this device to save Power. OK.


  • 0

#15
erindg25

erindg25

    Member

  • Topic Starter
  • Member
  • PipPip
  • 54 posts

Done- here's the log.

 

************************************************************

 

Process CPU Private Bytes Working Set PID Description Company Name Verified Signer
System Idle Process 85.31 0 K 4 K 0
procexp64.exe 4.47 21,916 K 53,448 K 2564 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation
SynTPEnh.exe 2.62 6,248 K 21,208 K 5988 Synaptics TouchPad 64-bit Enhancements Synaptics Incorporated (Verified) Synaptics Incorporated
Interrupts 2.56 0 K 0 K n/a Hardware Interrupts and DPCs
dwm.exe 1.42 36,920 K 44,664 K 1008
csrss.exe 0.89 2,060 K 4,728 K 652
System 0.62 140 K 4,372 K 4
TabTip.exe 0.57 3,800 K 14,576 K 5884
explorer.exe 0.48 34,652 K 84,024 K 3348 Windows Explorer Microsoft Corporation (Verified) Microsoft Windows
WUDFHost.exe 0.47 2,504 K 6,588 K 2264
ymc.exe 0.18 18,188 K 26,240 K 2124 Lenovo Yoga Mode Control Lenovo (Verified) LENOVO
chrome.exe 0.11 92,656 K 129,592 K 6964 Google Chrome Google Inc. (Verified) Google Inc
svchost.exe 0.10 3,484 K 10,832 K 2332 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
WUDFHost.exe 0.05 25,280 K 19,972 K 832
dllhost.exe 0.05 24,112 K 53,080 K 4912 COM Surrogate Microsoft Corporation (Verified) Microsoft Windows
chrome.exe 0.02 71,860 K 111,980 K 5724 Google Chrome Google Inc. (Verified) Google Inc
AvastSvc.exe 0.01 103,548 K 51,680 K 1912 Avast Service AVAST Software (Verified) AVAST Software s.r.o.
AvastUI.exe 0.01 15,436 K 12,740 K 4348 Avast Antivirus AVAST Software (Verified) AVAST Software s.r.o.
svchost.exe 0.01 9,112 K 33,312 K 4808 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 0.01 67,248 K 76,164 K 84 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 0.01 9,716 K 22,468 K 860 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
aswidsagenta.exe < 0.01 14,272 K 20,228 K 2980 Avast Behavior Shield AVAST Software s.r.o. (Verified) AVAST Software s.r.o.
services.exe < 0.01 4,180 K 6,840 K 756
esif_assist_64.exe < 0.01 1,488 K 4,712 K 4732
svchost.exe < 0.01 39,596 K 58,396 K 1116 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
MBAMService.exe < 0.01 19,656 K 22,752 K 2860 Malwarebytes Service Malwarebytes (Verified) Malwarebytes Corporation
WUDFHost.exe 1,308 K 4,260 K 2400
WmiPrvSE.exe 2,920 K 9,160 K 3980
WmiPrvSE.exe 3,008 K 9,688 K 5128
winlogon.exe 2,280 K 7,556 K 712
wininit.exe 1,256 K 4,072 K 632
utility.exe 2,684 K 11,752 K 1000 Lenovo Utility (Verified) LENOVO
taskhostw.exe 6,420 K 15,776 K 4900 Host Process for Windows Tasks Microsoft Corporation (Verified) Microsoft Windows
TabTip32.exe 1,420 K 4,656 K 5960
SynTPHelper.exe 1,160 K 4,608 K 6196
svchost.exe 5,212 K 9,892 K 920 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 10,056 K 26,080 K 2932 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 19,824 K 22,964 K 484 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 10,144 K 22,848 K 80 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 14,472 K 22,716 K 1056 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 6,676 K 18,812 K 1360 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 8,460 K 17,004 K 1340 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,492 K 8,868 K 1504 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 5,164 K 13,288 K 1812 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 4,004 K 11,948 K 1672 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
spoolsv.exe 6,092 K 13,992 K 1412 Spooler SubSystem App Microsoft Corporation (Verified) Microsoft Windows
smss.exe 476 K 892 K 412
smartscreen.exe 8,612 K 14,736 K 4712 SmartScreen Microsoft Corporation (Verified) Microsoft Windows
SkypeHost.exe Suspended 32,604 K 9,912 K 5700 Microsoft Skype Microsoft Corporation (No signature was present in the subject) Microsoft Corporation
sihost.exe 6,024 K 23,884 K 4780 Shell Infrastructure Host Microsoft Corporation (Verified) Microsoft Windows
ShellExperienceHost.exe Suspended 43,316 K 71,044 K 5096 Windows Shell Experience Host Microsoft Corporation (Verified) Microsoft Windows
SettingSyncHost.exe 6,756 K 6,168 K 5520 Host Process for Setting Synchronization Microsoft Corporation (Verified) Microsoft Windows
SearchUI.exe Suspended 84,040 K 136,948 K 5160 Search and Cortana application Microsoft Corporation (Verified) Microsoft Windows
SearchIndexer.exe 26,388 K 20,908 K 5172 Microsoft Windows Search Indexer Microsoft Corporation (Verified) Microsoft Windows
SASrv.exe 1,248 K 5,200 K 3032
RuntimeBroker.exe 15,484 K 38,424 K 4144 Runtime Broker Microsoft Corporation (Verified) Microsoft Windows
rundll32.exe 6,680 K 13,372 K 4836 Windows host process (Rundll32) Microsoft Corporation (Verified) Microsoft Windows
RemindersServer.exe Suspended 9,104 K 19,208 K 5660 Reminders WinRT OOP Server Microsoft Corporation (Verified) Microsoft Windows
procexp.exe 3,092 K 9,988 K 8112 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation
PresentationFontCache.exe 26,244 K 19,548 K 4868 PresentationFontCache.exe Microsoft Corporation (Verified) Microsoft Corporation
OneDrive.exe 31,188 K 41,632 K 6440 Microsoft OneDrive Microsoft Corporation (Verified) Microsoft Corporation
OfficeClickToRun.exe 31,052 K 40,192 K 2840 Microsoft Office Click-to-Run (SxS) Microsoft Corporation (Verified) Microsoft Corporation
Memory Compression 164 K 13,284 K 3120
mbamtray.exe 17,348 K 27,988 K 5092 Malwarebytes Tray Application Malwarebytes (Verified) Malwarebytes Corporation
lsass.exe 5,744 K 12,612 K 764 Local Security Authority Process Microsoft Corporation (Verified) Microsoft Windows Publisher
igfxTray.exe 3,592 K 11,216 K 948 (Verified) Intel® pGFX
igfxHK.exe 2,480 K 9,148 K 5116 igfxHK Module Intel Corporation (Verified) Intel® pGFX
igfxEM.exe 3,936 K 12,660 K 4948 igfxEM Module Intel Corporation (Verified) Intel® pGFX
igfxCUIService.exe 1,888 K 7,852 K 1376 igfxCUIService Module Intel Corporation (Verified) Intel® pGFX
IAStorIcon.exe 16,260 K 39,492 K 7196 IAStorIcon Intel Corporation (Verified) Intel Corporation - Rapid Storage Technology
IAStorDataMgrSvc.exe 24,704 K 52,244 K 7360 IAStorDataSvc Intel Corporation (Verified) Intel Corporation - Rapid Storage Technology
GoogleCrashHandler64.exe 1,756 K 136 K 4888
GoogleCrashHandler.exe 1,832 K 148 K 4936
fontdrvhost.exe 824 K 2,960 K 7332
esif_uf.exe 1,836 K 5,548 K 2832 Intel® Dynamic Platform and Thermal Framework Intel Corporation (Verified) Intel® Software
dllhost.exe 2,260 K 9,548 K 7520 COM Surrogate Microsoft Corporation (Verified) Microsoft Windows
dasHost.exe 3,724 K 11,956 K 2216
CxAudMsg64.exe 1,700 K 7,136 K 2784 Conexant Audio Message Service Conexant Systems Inc. (Verified) Conexant Systems
csrss.exe 1,640 K 3,496 K 564
chrome.exe 42,292 K 80,172 K 6676 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 68,848 K 117,948 K 6332 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 2,532 K 9,264 K 472 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 2,496 K 9,720 K 6228 Google Chrome Google Inc. (Verified) Google Inc
CAudioFilterAgent64.exe 1,976 K 8,044 K 3776 Conexant High Definition Audio Filter Agent Conexant Systems, Inc. (Verified) Conexant Systems
ApplicationFrameHost.exe 5,392 K 18,864 K 7052 Application Frame Host Microsoft Corporation (Verified) Microsoft Windows
AdminService.exe 1,824 K 5,968 K 2792 Windows Setup API Windows ® Win 7 DDK provider (Verified) Qualcomm Atheros

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP