Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Farbar froze during scan

Started by debodun , Oct 08 2019 11:34 AM

Please log in to reply

#16
RKinner

Posted 10 October 2019 - 02:48 PM

Malware Expert

Expert
24,625 posts

Not sure what that is. Guess it didn't work. Go on to the next step.

#17
debodun

Posted 11 October 2019 - 01:09 PM

Member

Topic Starter
Member
567 posts

This is the Process Explorer scan file you requested:

Process   CPU   Private Bytes   Working Set   PID   Verified Signer
armsvc.exe       1,180 K   4,092 K   1620   (Verified) Adobe Inc.
audiodg.exe       15,896 K   16,084 K   3136   (Verified) Microsoft Windows
csrss.exe       1,964 K   4,440 K   368   (Verified) Microsoft Windows
hkcmd.exe       2,164 K   6,568 K   1836   (Verified) Intel Corporation
igfxpers.exe       1,896 K   6,324 K   1844   (Verified) Intel Corporation
igfxsrvc.exe       2,064 K   6,436 K   1940   (Verified) Intel Corporation
igfxtray.exe       2,284 K   6,648 K   1828   (Verified) Intel Corporation
lsass.exe       3,976 K   11,348 K   532   (Verified) Microsoft Windows
lsm.exe       2,372 K   4,328 K   544   (Verified) Microsoft Windows
mDNSResponder.exe       2,032 K   5,800 K   2044   (Verified) Apple Inc.
msseces.exe       5,764 K   13,492 K   1864   (Verified) Microsoft Corporation
NisSrv.exe       14,544 K   10,224 K   2492   (Verified) Microsoft Corporation
procexp.exe       2,376 K   7,820 K   1264   (Verified) Microsoft Corporation
services.exe       5,036 K   9,624 K   524   (Verified) Microsoft Windows
smss.exe       452 K   1,256 K   284   (Verified) Microsoft Windows
spoolsv.exe       6,560 K   11,844 K   1180   (Verified) Microsoft Windows
svchost.exe       4,996 K   10,616 K   1208   (Verified) Microsoft Windows
svchost.exe       4,440 K   8,804 K   1540   (Verified) Microsoft Windows
svchost.exe       2,892 K   7,568 K   344   (Verified) Microsoft Windows
svchost.exe       1,976 K   6,704 K   1384   (Verified) Microsoft Windows
svchost.exe       17,652 K   18,268 K   880   (Verified) Microsoft Windows
svchost.exe       3,796 K   9,276 K   636   (Verified) Microsoft Windows
svchost.exe       11,884 K   13,388 K   1252   (Verified) Microsoft Windows
svchost.exe       3,716 K   7,564 K   716   (Verified) Microsoft Windows
svchost.exe       7,392 K   13,396 K   960   (Verified) Microsoft Windows
svchost.exe       91,540 K   98,364 K   920   (Verified) Microsoft Windows
taskhost.exe       5,956 K   12,280 K   3716   (Verified) Microsoft Windows
wininit.exe       1,504 K   4,680 K   420   (Verified) Microsoft Windows
winlogon.exe       2,912 K   7,440 K   476   (Verified) Microsoft Windows
WmiPrvSE.exe       2,536 K   6,840 K   372   (Verified) Microsoft Windows
TeamViewer_Service.exe   < 0.01   4,124 K   10,976 K   1672   (Verified) TeamViewer
svchost.exe   < 0.01   20,724 K   33,964 K   992   (Verified) Microsoft Windows
svchost.exe   < 0.01   14,760 K   17,580 K   1052   (Verified) Microsoft Windows
taskhost.exe   < 0.01   7,428 K   11,528 K   1412   (Verified) Microsoft Windows
SearchIndexer.exe   < 0.01   35,932 K   18,980 K   2444   (Verified) Microsoft Windows
AppleMobileDeviceService.exe   0.01   2,772 K   8,820 K   2020   (Verified) Apple Inc.
explorer.exe   0.03   31,704 K   54,024 K   1520   (Verified) Microsoft Windows
csrss.exe   0.13   2,328 K   11,352 K   432   (Verified) Microsoft Windows
MsMpEng.exe   0.13   141,448 K   154,284 K   780   (Verified) Microsoft Corporation
System   0.14   272 K   2,064 K   4
Interrupts   0.19   0 K   0 K   n/a
dwm.exe   0.31   29,028 K   24,456 K   1496   (Verified) Microsoft Windows
procexp64.exe   3.31   23,380 K   43,828 K   3892   (Verified) Microsoft Corporation
System Idle Process   95.74   0 K   24 K   0

#18
RKinner

Posted 11 October 2019 - 03:39 PM

Malware Expert

Expert
24,625 posts

Process Explorer looks good. Can you get Speccy to work?

Let's also try Minitoolbox:

Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:

Flush DNS
Report IE Proxy Settings
~~Reset IE Proxy Settings~~
Report FF Proxy Settings
~~Reset FF Proxy Settings~~
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer Errors
List Installed Programs
List Devices
List Users, Partitions and Memory size.
List Minidump Files

Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

#19
debodun

Posted 11 October 2019 - 03:50 PM

Member

Topic Starter
Member
567 posts

Will run Speccy this weekend. I already have it, but it is version 1.14.288. Is that okay?

#20
RKinner

Posted 11 October 2019 - 03:57 PM

Malware Expert

Expert
24,625 posts

should be ok

#21
debodun

Posted 12 October 2019 - 11:33 AM

Member

Topic Starter
Member
567 posts

Here is the Speccy scan file:

Attached Files

OWNER-PC.txt 954.08KB 158 downloads

#22
debodun

Posted 12 October 2019 - 01:41 PM

Member

Topic Starter
Member
567 posts

BTW - I noticed somehow that the date display format in the taskbar was somehow changed from MM/DD/YYYY to DD/MM/YYYY, but that was easily corrected. I just wondered if that had anything to do with any of the scans I ran.

#23
RKinner

Posted 12 October 2019 - 09:44 PM

Malware Expert

Expert
24,625 posts

Don't think the date format makes any difference but might indicate a bit got changed by mistake. Speccy doesn't show much wrong. Your hard drive is reporting

C3 Hardware ECC Recovered 100 (100) Data 0000402F10

Hard drives, supporting this attribute
Samsung, Seagate, IBM (Hitachi), Fujitsu (not all models), Maxtor, Western Digital (not all models)
Description
Hardware ECC Recovered S.M.A.R.T. parameter indicates time between ECC-corrected errors.
Recommendations
Although this parameter is not considered critical by the most hardware vendors, degradation of this parameter may indicate electromechanical problems of the disk. Regular backup is recommended. If no other (critical) parameters report a problem, hardware replacement is recommended on mission critical systems only.

Try a new copy of FRST and let's see if it will work now.

Get FRST from http://www.bleepingc...very-scan-tool/You need to download the appropriate tool for your PC. If you don't know if you have a 32 or 64 bit system get them both. Only one will work and that's the right one.
Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
Check the Addition.txt box
Press Scan button.
It will produce a log called FRST.txt in the same directory the tool is run from.
Please copy and paste log back here.
It will generate another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

#24
debodun

Posted 13 October 2019 - 02:07 PM

Member

Topic Starter
Member
567 posts

FRST scan

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 12-10-2019 02
Ran by Owner (administrator) on OWNER-PC (Hewlett-Packard HP Compaq dc5700 Small Form Factor) (13-10-2019 15:55:47)
Running from C:\Users\Owner\Desktop
Loaded Profiles: Owner (Available Profiles: Owner)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Adobe Inc. -> Adobe Systems) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Apple Inc. -> Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxtray.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(TeamViewer -> TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1353680 2016-11-14] (Microsoft Corporation -> Microsoft Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{2D46B6DC-2207-486B-B523-A557E6D54B47}] -> C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{2D46B6DC-2207-486B-B523-A557E6D54B47}] -> C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{A6EADE66-0000-0000-484E-7E8A45000000}] -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Esl\AiodLite.dll [2019-05-02] (Adobe Inc. -> Adobe Systems, Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0976F330-BF25-4F6F-B0B1-665D9BF7BCC0} - System32\Tasks\{68760510-2907-489D-B7A2-C35A3446BE71} => C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\EasyShare.exe [151552 2005-07-22] () [File not signed]
Task: {0A0C5E8A-2FCE-4C99-B12F-00B4B70AFB83} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [561984 2011-06-01] (Apple Inc. -> Apple Inc.)
Task: {41E2110D-1421-413B-8E62-70C64466298F} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_270_Plugin.exe [1457720 2019-10-10] (Adobe Inc. -> Adobe)
Task: {5D084169-00AD-4D36-A448-C9A76FB459A9} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2019-10-10] (Adobe Inc. -> Adobe)
Task: {6B4D3DDA-9B0C-4B4E-A917-B9A141F6ED35} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [3129184 2012-09-24] (Piriform Ltd -> Piriform Ltd)
Task: {A149C588-D529-48EB-BAE0-95CA7AC5FE1C} - System32\Tasks\{304152A7-70D0-4E91-9F4E-DBD1652C7AAC} => C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\EasyShare.exe [151552 2005-07-22] () [File not signed]
Task: {DDB1A270-9C47-4E77-9F28-24AAF8986644} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1236048 2019-07-24] (Adobe Inc. -> Adobe Systems)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62
Tcpip\..\Interfaces\{E05E619F-5932-445D-9D21-1FC2630E6BEE}: [DhcpNameServer] 209.18.47.61 209.18.47.62

Internet Explorer:
==================
HKU\S-1-5-21-3384263181-369055421-3260215636-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab

FireFox:
========
FF DefaultProfile: 8wi3sbs5.default-1412761564967
FF ProfilePath: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\8wi3sbs5.default-1412761564967 [2019-10-13]
FF Homepage: Mozilla\Firefox\Profiles\8wi3sbs5.default-1412761564967 -> hxxps://www.google.com/?gws_rd=ssl
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_32_0_0_270.dll [2019-10-10] (Adobe Inc. -> )
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_270.dll [2019-10-10] (Adobe Inc. -> )
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll [2012-10-04] (Adobe Systems, Inc.) [File not signed]
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2012-03-06] (Apple Inc. -> )
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2014-08-12] (Google Inc -> Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.21.2 -> C:\Windows\SysWOW64\npDeployJava1.dll [2013-04-04] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2019-07-31] (Adobe Inc. -> Adobe Systems Inc.)

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [119864 2016-11-14] (Microsoft Corporation -> Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [361816 2016-11-14] (Microsoft Corporation -> Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Windows -> Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [295000 2016-08-25] (Microsoft Corporation -> Microsoft Corporation)
R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [135928 2016-08-25] (Microsoft Corporation -> Microsoft Corporation)
S3 rspLLL; C:\Windows\System32\DRIVERS\rspLLL64.sys [26368 2015-07-13] (Daniel Terhell -> Resplendence Software Projects Sp.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-10-13 15:55 - 2019-10-13 15:57 - 000008170 _____ C:\Users\Owner\Desktop\FRST.txt
2019-10-13 15:25 - 2019-10-13 15:25 - 001616384 _____ (Farbar) C:\Users\Owner\Desktop\FRST64.exe
2019-10-10 16:17 - 2019-10-10 16:17 - 000023698 _____ C:\Users\Owner\Documents\events.txt
2019-10-09 09:52 - 2019-10-09 09:52 - 000022517 _____ C:\Users\Owner\Documents\computer check items.odt
2019-10-05 11:25 - 2019-10-05 11:25 - 000010066 _____ C:\Users\Owner\Documents\Weight 2020.ods

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-10-13 15:56 - 2015-05-23 12:52 - 000000000 ____D C:\FRST
2019-10-13 15:55 - 2016-11-16 13:13 - 000000000 ____D C:\Users\Owner\AppData\LocalLow\Mozilla
2019-10-13 14:46 - 2019-01-01 12:13 - 000018965 _____ C:\Users\Owner\Documents\Celebrity Deaths 2019.odt
2019-10-13 12:30 - 2017-06-29 11:22 - 000017486 _____ C:\Users\Owner\Documents\riddles.odt
2019-10-13 12:00 - 2009-07-14 00:45 - 000026576 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2019-10-13 12:00 - 2009-07-14 00:45 - 000026576 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2019-10-13 11:56 - 2009-07-14 01:13 - 000782510 _____ C:\Windows\system32\PerfStringBackup.INI
2019-10-13 11:56 - 2009-07-13 23:20 - 000000000 ____D C:\Windows\inf
2019-10-13 11:52 - 2009-07-14 01:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2019-10-11 15:32 - 2014-01-13 19:27 - 000018574 _____ C:\Users\Owner\Documents\Home Delivered Meals.ods
2019-10-11 15:03 - 2014-11-07 08:53 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2019-10-10 15:41 - 2017-09-11 15:35 - 000001564 _____ C:\VEW.txt
2019-10-10 09:58 - 2018-03-13 14:58 - 000004462 _____ C:\Windows\system32\Tasks\Adobe Flash Player NPAPI Notifier
2019-10-10 09:58 - 2013-02-09 11:03 - 000004312 _____ C:\Windows\system32\Tasks\Adobe Flash Player Updater
2019-10-10 09:58 - 2012-03-31 07:33 - 000842296 _____ (Adobe) C:\Windows\SysWOW64\FlashPlayerApp.exe
2019-10-10 09:58 - 2011-12-17 16:43 - 000175160 _____ (Adobe) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2019-10-10 09:58 - 2011-12-17 16:43 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2019-10-10 09:58 - 2011-12-17 16:43 - 000000000 ____D C:\Windows\system32\Macromed
2019-10-07 15:39 - 2018-12-17 16:23 - 000025322 _____ C:\Users\Owner\Documents\data.odt
2019-10-06 15:09 - 2012-01-12 12:24 - 000000000 ___RD C:\Users\Owner\Desktop\misc house contents
2019-10-05 11:22 - 2018-12-01 12:07 - 000010874 _____ C:\Users\Owner\Documents\Weight 2019.ods
2019-10-04 12:07 - 2016-09-28 10:41 - 000012607 _____ C:\Users\Owner\Documents\Christmas sale.odt
2019-09-30 17:20 - 2012-07-22 09:28 - 000000000 ____D C:\ProgramData\TEMP
2019-09-30 17:20 - 2012-07-22 09:28 - 000000000 ____D C:\Program Files (x86)\SpywareBlaster
2019-09-30 16:53 - 2018-12-03 13:37 - 000017659 _____ C:\Users\Owner\Documents\Net Worth 2019.ods
2019-09-30 14:17 - 2012-01-12 12:21 - 000000000 ____D C:\Users\Owner\Desktop\silver, jewelry, coins
2019-09-24 15:54 - 2012-01-12 12:23 - 000000000 ____D C:\Users\Owner\Desktop\Things For Sale
2019-09-21 14:25 - 2012-01-12 12:21 - 000000000 ____D C:\Users\Owner\Desktop\House Pics
2019-09-14 16:12 - 2017-06-15 16:21 - 004337906 _____ C:\Users\Owner\Documents\Other things for sale (all).odt

==================== SigCheck ===============================

(There is no automatic fix for files that do not pass verification.)

LastRegBack: 2019-08-24 13:23
==================== End of FRST.txt ============================

#25
debodun

Posted 13 October 2019 - 02:08 PM

Member

Topic Starter
Member
567 posts

Addition scan

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-10-2019 02
Ran by Owner (13-10-2019 15:59:32)
Running from C:\Users\Owner\Desktop
Windows 7 Ultimate Service Pack 1 (X64) (2011-12-17 19:41:25)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-3384263181-369055421-3260215636-500 - Administrator - Disabled)
Guest (S-1-5-21-3384263181-369055421-3260215636-501 - Limited - Disabled)
Owner (S-1-5-21-3384263181-369055421-3260215636-1000 - Administrator - Enabled) => C:\Users\Owner

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {71A27EC9-3DA6-45FC-60A7-004F623C6189}
AS: Microsoft Security Essentials (Enabled - Up to date) {CAC39F2D-1B9C-4A72-5A17-3B3D19BB2B34}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 19.012.20040 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe Flash Player 32 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 32.0.0.270 - Adobe)
Adobe Flash Player 32 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 32.0.0.270 - Adobe)
Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.8.638 - Adobe Systems, Inc.)
Apple Application Support (HKLM-x32\...\{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}) (Version: 2.1.7 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}) (Version: 5.1.1.4 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CardRd81 (HKLM-x32\...\{54C8FE84-89C4-40E8-976C-439EB0729BD6}) (Version: 4.00.0000.0004 - EASTMAN KODAK Company) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 3.23 - Piriform)
CCScore (HKLM-x32\...\{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}) (Version: 5.00.0000.0011 - EASTMAN KODAK Company) Hidden
CR2 (HKLM-x32\...\{432C3720-37BF-4BD7-8E49-F38E090246D0}) (Version: 4.00.0000.0003 - EASTMAN KODAK Company) Hidden
EKS Dinner With Moriarty (HKLM-x32\...\EKS Dinner With Moriarty) (Version: - )
EKS Sherlock (HKLM-x32\...\EKS Sherlock) (Version: - )
ESSBrwr (HKLM-x32\...\{643EAE81-920C-4931-9F0B-4B343B225CA6}) (Version: 5.00.0000.0004 - EASTMAN KODAK Company) Hidden
ESSCDBK (HKLM-x32\...\{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}) (Version: 5.00.0000.0004 - EASTMAN KODAK Company) Hidden
ESScore (HKLM-x32\...\{9D8FEE90-0377-49A9-AEFB-525BDE549BA4}) (Version: 5.00.0000.0037 - EASTMAN KODAK Company) Hidden
ESSCT (HKLM-x32\...\{8BB4B58A-A402-4DE8-8FCD-287E60B88DD8}) (Version: 5.00.0000.0003 - EASTMAN KODAK Company) Hidden
ESSgui (HKLM-x32\...\{91517631-A9F3-4B7C-B482-43E0068FD55A}) (Version: 5.00.0000.0013 - EASTMAN KODAK Company) Hidden
ESShelp (HKLM-x32\...\{87843A41-7808-4F2E-B13F-25C1E67CF2FD}) (Version: 5.00.0000.0005 - EASTMAN KODAK Company) Hidden
ESSini (HKLM-x32\...\{8E92D746-CD9F-4B90-9668-42B74C14F765}) (Version: 5.00.0000.0010 - EASTMAN KODAK Company) Hidden
ESSPCD (HKLM-x32\...\{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}) (Version: 5.00.0000.0007 - EASTMAN KODAK Company) Hidden
ESSPDock (HKLM-x32\...\{FCDB1C92-03C6-4C76-8625-371224256091}) (Version: 5.00.0000.0020 - EASTMAN KODAK Company) Hidden
ESSSONIC (HKLM-x32\...\{4F677FC7-7AA8-412B-A957-F13CBE1C7331}) (Version: 5.00.0000.0002 - EASTMAN KODAK Company) Hidden
ESSTOOLS (HKLM-x32\...\{8A502E38-29C9-49FA-BCFA-D727CA062589}) (Version: 5.00.0000.0004 - EASTMAN KODAK Company) Hidden
ESSTUTOR (HKLM-x32\...\{CA60320D-6A16-49C8-A34F-84EEF4799567}) (Version: 5.00.0000.0002 - EASTMAN KODAK Company) Hidden
ESSvpaht (HKLM-x32\...\{A5B3EB8A-4071-42F0-8E8E-7A8342AA8E69}) (Version: 5.00.0000.0001 - EASTMAN KODAK Company) Hidden
ESSvpot (HKLM-x32\...\{48C82F7A-F100-4DAB-A310-8E18BF2159E1}) (Version: 5.00.0000.0001 - EASTMAN KODAK Company) Hidden
Free MIDI to MP3 Converter 1.0 (HKLM-x32\...\{181E1175-1FF8-4EA5-BC08-A7CA39B85502}_is1) (Version: - PolySoft Solutions)
HLPIndex (HKLM-x32\...\{38441BE7-79B0-42B8-8297-833704F949FE}) (Version: 5.00.0000.0002 - EASTMAN KODAK Company) Hidden
HLPPDOCK (HKLM-x32\...\{154508C0-07C5-4659-A7A0-E49968750D21}) (Version: 5.00.0000.0001 - EASTMAN KODAK Company) Hidden
HLPRFO (HKLM-x32\...\{AADAC983-FDE9-42FA-8FD9-7BB324155593}) (Version: 5.00.0000.0001 - EASTMAN KODAK Company) Hidden
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.6.0 - LIGHTNING UK!)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1930 - Intel Corporation)
iTunes (HKLM\...\{4BDE7544-0A08-4AD9-8A8F-4B7944471C36}) (Version: 10.6.0.40 - Apple Inc.)
Kodak EasyShare software (HKLM-x32\...\{D32470A1-B10C-4059-BA53-CF0486F68EBC}) (Version: - Eastman Kodak Company)
KSU (HKLM-x32\...\{B997C2A0-4383-41BF-B76E-9B8B7ECFB267}) (Version: 632.62.0002.0001 - EASTMAN KODAK Company) Hidden
Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.10.209.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Mozilla Firefox 69.0.3 (x64 en-US) (HKLM\...\Mozilla Firefox 69.0.3 (x64 en-US)) (Version: 69.0.3 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Notifier (HKLM-x32\...\{0008546E-DF6E-4CC1-AFD0-2CB8E16C95A2}) (Version: 5.00.0000.0001 - EASTMAN KODAK Company) Hidden
OpenOffice 4.1.1 (HKLM-x32\...\{9395F41D-0F80-432E-9A59-B8E477E7E163}) (Version: 4.11.9775 - Apache Software Foundation)
OTtBP (HKLM-x32\...\{F71760CD-0F8B-4DCC-B7B7-6B223CC3843C}) (Version: 5.00.0000.0003 - EASTMAN KODAK Company) Hidden
OTtBPSDK (HKLM-x32\...\{3CA39B0C-BA85-4D42-AC0F-1FF5F60C3353}) (Version: 4.00.0000.0000 - EASTMAN KODAK Company) Hidden
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
QuickTime (HKLM-x32\...\QuickTime) (Version: - )
SFR (HKLM-x32\...\{DB02F716-6275-42E9-B8D2-83BA2BF5100B}) (Version: 5.00.0000.0005 - Eastman Kodak Company) Hidden
SHASTA (HKLM-x32\...\{605A4E39-613C-4A12-B56F-DEFBE6757237}) (Version: 5.00.0000.0003 - EASTMAN KODAK Company) Hidden
SKIN0001 (HKLM-x32\...\{FDF9943A-3D5C-46B3-9679-586BD237DDEE}) (Version: 5.00.0000.0007 - EASTMAN KODAK Company) Hidden
SKINXSDK (HKLM-x32\...\{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}) (Version: 5.00.0000.0004 - EASTMAN KODAK Company) Hidden
Skype™ 5.5 (HKLM-x32\...\{F1CECE09-7CBE-4E98-B435-DA87CDA86167}) (Version: 5.5.124 - Skype Technologies S.A.)
Speccy (HKLM\...\Speccy) (Version: 1.14 - Piriform)
SpywareBlaster 5.5 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.5.0 - BrightFort LLC)
StuffIt Expander 2011 15.0.8 (HKLM-x32\...\{4D4ABFF9-4E06-44A0-86B1-DEEB7C5CA382}_is1) (Version: 15.0.8 - Smith Micro Software, Inc.)
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TeamViewer 7 (HKLM-x32\...\TeamViewer 7) (Version: 7.0.12541 - TeamViewer)
VLC media player 1.1.11 (HKLM-x32\...\VLC media player) (Version: 1.1.11 - VideoLAN)
VPRINTOL (HKLM-x32\...\{999D43F4-9709-4887-9B1A-83EBB15A8370}) (Version: 5.00.0000.0002 - EASTMAN KODAK Company) Hidden
WIRELESS (HKLM-x32\...\{F9593CFB-D836-49BC-BFF1-0E669A411D9F}) (Version: 5.00.0000.0001 - EASTMAN KODAK Company) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ContextMenuHandlers1: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers2: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamext.dll [2013-04-04] (Malwarebytes Corporation -> Malwarebytes Corporation)
ContextMenuHandlers4: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2009-09-23] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamext.dll [2013-04-04] (Malwarebytes Corporation -> Malwarebytes Corporation)

==================== Codecs (Whitelisted) ==================

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

WMI:subscription\__FilterToConsumerBinding->CommandLineEventConsumer.Name=\"BVTConsumer\"",Filter="__EventFilter.Name=\"BVTFilter\"::
WMI:subscription\__EventFilter->BVTFilter::[Query => SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99]
WMI:subscription\CommandLineEventConsumer->BVTConsumer::[CommandLineTemplate => cscript KernCap.vbs][WorkingDirectory => C:\\tools\\kernrate]

==================== Loaded Modules (Whitelisted) ==============

2019-05-13 16:49 - 2016-02-09 23:54 - 000154624 _____ (Smith Micro Software Inc.) [File not signed] C:\Program Files (x86)\Smith Micro\StuffIt Expander 2011\ExpanderExt.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:5C321E34 [125]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\S-1-5-21-3384263181-369055421-3260215636-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-3384263181-369055421-3260215636-1000\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-3384263181-369055421-3260215636-1000\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-3384263181-369055421-3260215636-1000\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-3384263181-369055421-3260215636-1000\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-3384263181-369055421-3260215636-1000\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-3384263181-369055421-3260215636-1000\...\0411dd.com -> 0411dd.com
IE restricted site: HKU\S-1-5-21-3384263181-369055421-3260215636-1000\...\0511zfhl.com -> 0511zfhl.com
IE restricted site: HKU\S-1-5-21-3384263181-369055421-3260215636-1000\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-3384263181-369055421-3260215636-1000\...\0632qyw.com -> 0632qyw.com
IE restricted site: HKU\S-1-5-21-3384263181-369055421-3260215636-1000\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-3384263181-369055421-3260215636-1000\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-3384263181-369055421-3260215636-1000\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-3384263181-369055421-3260215636-1000\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-3384263181-369055421-3260215636-1000\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-3384263181-369055421-3260215636-1000\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-3384263181-369055421-3260215636-1000\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-3384263181-369055421-3260215636-1000\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-3384263181-369055421-3260215636-1000\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-3384263181-369055421-3260215636-1000\...\1001movie.com -> 1001movie.com

There are 6091 more sites.

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:34 - 2014-07-05 11:08 - 000000098 _____ C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3384263181-369055421-3260215636-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 209.18.47.61 - 209.18.47.62
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.

MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\qttask.exe" -atboottime

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{0E227B60-E7FB-4017-9EC7-A62A5EFA8967}] => (Allow) C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\EasyShare.exe () [File not signed]
FirewallRules: [{C86A2602-2440-441D-972C-BEC7E06FC3E4}] => (Allow) C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\EasyShare.exe () [File not signed]
FirewallRules: [{217F7D9C-49CD-4ED9-9050-3C2E4E9D8CC2}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{3994F65F-7D58-4F72-86D1-2E5CD9A2AD1F}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [TCP Query User{D2F24F04-D188-44AF-8CAB-1440B2782E38}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [UDP Query User{1A10243C-DC57-4AFE-AD3D-54A683104F27}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{D920EAFE-1F31-4BB5-BC15-E747556F30C0}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{D0FFCD08-CDC4-41E1-B87C-BCCEA99F34B6}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)

==================== Restore Points =========================

05-01-2018 11:32:58 Windows Update
09-01-2018 15:19:09 Windows Update
19-01-2018 13:53:13 Windows Update
22-01-2018 14:01:03 Windows Update
26-01-2018 15:34:58 Windows Update
13-02-2018 14:49:09 Windows Update
05-03-2018 14:08:47 Windows Update
13-03-2018 13:20:54 Windows Update
30-03-2018 14:10:28 Windows Update
10-04-2018 13:22:19 Windows Update
19-04-2018 13:29:46 Windows Update
05-05-2018 16:40:18 Windows Update
08-05-2018 13:51:18 Windows Update
12-06-2018 13:28:59 Windows Update
06-07-2018 14:15:59 Windows Update
10-07-2018 13:30:24 Windows Update
14-08-2018 13:35:43 Windows Update
07-09-2018 14:46:51 Scheduled Checkpoint
11-09-2018 13:31:49 Windows Update
26-09-2018 15:33:47 Scheduled Checkpoint
26-11-2018 17:48:35 Windows Update
13-05-2019 16:49:49 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501
13-05-2019 16:50:49 Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501

==================== Faulty Device Manager Devices =============

Name: PS/2 Compatible Mouse
Description: PS/2 Compatible Mouse
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

==================== Event log errors: =========================

Application errors:
==================
Error: (10/13/2019 11:53:30 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (10/12/2019 10:22:29 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (10/11/2019 12:26:05 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (10/10/2019 08:52:20 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (10/09/2019 08:51:32 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (10/08/2019 10:18:28 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (10/07/2019 12:08:26 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (10/06/2019 12:03:31 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

System errors:
=============
Error: (09/07/2019 12:38:33 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 20.

Error: (06/23/2019 09:59:14 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Search service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (06/23/2019 09:59:14 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.

Error: (06/23/2019 09:59:14 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server:
{9E175B6D-F52A-11D8-B9A5-505054503030}

Error: (01/24/2019 05:38:52 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 4:37:25 PM on ‎1/‎24/‎2019 was unexpected.

Error: (12/16/2018 03:33:08 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.

Error: (12/16/2018 03:33:08 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.

Error: (12/16/2018 03:33:08 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.

CodeIntegrity:
===================================

Date: 2019-10-09 15:43:11.799
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows.old\Windows\winsxs\x86_microsoft-windows-securestartup-core_31bf3856ad364e35_6.1.7600.16385_none_34b0fc0c53728e43\fveapibase.dll because the set of per-page image hashes could not be found on the system.

Date: 2019-10-09 15:43:10.114
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows.old\Windows\winsxs\x86_microsoft-windows-securestartup-core_31bf3856ad364e35_6.1.7600.16385_none_34b0fc0c53728e43\fveapibase.dll because the set of per-page image hashes could not be found on the system.

Date: 2019-10-09 15:43:08.461
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows.old\Windows\winsxs\x86_microsoft-windows-securestartup-core_31bf3856ad364e35_6.1.7600.16385_none_34b0fc0c53728e43\fveapibase.dll because the set of per-page image hashes could not be found on the system.

Date: 2019-10-09 15:43:01.862
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows.old\Windows\winsxs\x86_microsoft-windows-s..trics-sensoradapter_31bf3856ad364e35_6.1.7600.16385_none_13881e44d6ccca6b\winbiosensoradapter.dll because the set of per-page image hashes could not be found on the system.

Date: 2019-10-09 15:43:00.224
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows.old\Windows\winsxs\x86_microsoft-windows-s..trics-sensoradapter_31bf3856ad364e35_6.1.7600.16385_none_13881e44d6ccca6b\winbiosensoradapter.dll because the set of per-page image hashes could not be found on the system.

Date: 2019-10-09 15:42:58.570
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows.old\Windows\winsxs\x86_microsoft-windows-s..trics-sensoradapter_31bf3856ad364e35_6.1.7600.16385_none_13881e44d6ccca6b\winbiosensoradapter.dll because the set of per-page image hashes could not be found on the system.

Date: 2019-10-09 15:42:54.280
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows.old\Windows\winsxs\x86_microsoft-windows-s..rics-storageadapter_31bf3856ad364e35_6.1.7600.16385_none_d67ca3c3b6af653e\winbiostorageadapter.dll because the set of per-page image hashes could not be found on the system.

Date: 2019-10-09 15:42:52.611
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows.old\Windows\winsxs\x86_microsoft-windows-s..rics-storageadapter_31bf3856ad364e35_6.1.7600.16385_none_d67ca3c3b6af653e\winbiostorageadapter.dll because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

BIOS: Hewlett-Packard 786E2 v02.04 04/13/2007
Motherboard: Hewlett-Packard 0A60h
Processor: Intel® Core™2 CPU 6300 @ 1.86GHz
Percentage of memory in use: 71%
Total physical RAM: 3063.31 MB
Available physical RAM: 882.38 MB
Total Virtual: 6124.77 MB
Available Virtual: 3668.41 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:929.56 GB) (Free:730.87 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (OS_TOOLS) (Fixed) (Total:1.95 GB) (Free:1.75 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: CF2E5F36)
Partition 1: (Active) - (Size=929.6 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=2 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

#26
RKinner

Posted 13 October 2019 - 03:02 PM

Malware Expert

Expert
24,625 posts

Doesn't look too bad. How is it running?

We can fix these errors if you want:

Error: (10/13/2019 11:53:30 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Download the attached fixlist.txt to the same location as FRST

Run FRST and press Fix
A fix log will be generated please post that

Reboot if the fix doesn't reboot it for you

Run FRST again as before. Make sure Addition.txt is checked and hit Scan. Post both logs.

If it is still booting slow we can look at the boot log. Search for

msconfig

hit Enter.

Click on the Boot tab then check the box for Boot Log and hit OK. Reboot and then look for c:\Windows\ntbtlog.txt. Copy and paste the text into a reply.

See: https://www.techrepu...lp-of-msconfig/

if you have problems.

Attached Files

fixlist.txt 1.15KB 150 downloads

#27
debodun

Posted 14 October 2019 - 09:37 AM

Member

Topic Starter
Member
567 posts

I timed it this morning. After pressing the power button, it is 1 min 51 sec until the startup chime sounds and it is 9 min 48 sec until the HD light goes off and all process in the Task Manager return to 0 (except System Idle Process). I have 33 desktop icons. Would that make any difference in boot time?

#28
RKinner

Posted 14 October 2019 - 10:01 AM

Malware Expert

Expert
24,625 posts

You only have:

3.00 GB Dual-Channel DDR2 @ 332MHz (5-5-5-15)

Boot up time is highly dependent on the amount of RAM. Any chance of finding some more RAM? DDR2 is pretty old but Ebay might have some or check locally for used computer parts. Speccy says you have a slot free.

We can try Latency Monitor and see if it shows any problems:

OK. Let's try Latency Monitor:

Go to

http://www.resplendence.com/downloads

Scroll down to

System Monitoring Tools

and then find

LatencyMon 6.70 (or it may be a higher number if they update)

Click on Download free home edition

Save it then right click and Run As Admin. It will install and then start the program.
It will tell you to click on the Start button but there isn't one.
Instead click on the green arrowhead (looks like a Play button). Let it run for at least 20 seconds. Then hit the red box to stop it.

Edit, Copy Report text to Clipboard then move to a REPLY and Ctrl + v to paste the text into a reply.

EDIT: About your icons. Best to keep them to a minimum. I make a new folder called Shortcuts and move most of the icons to Shortcuts.

#29
debodun

Posted 14 October 2019 - 12:09 PM

Member

Topic Starter
Member
567 posts

_________________________________________________________________________________________________________
CONCLUSION
_________________________________________________________________________________________________________
Your system appears to be suitable for handling real-time audio and other tasks without dropouts.
LatencyMon has been analyzing your system for 0:00:47 (h:mm:ss) on all processors.

_________________________________________________________________________________________________________
SYSTEM INFORMATION
_________________________________________________________________________________________________________
Computer name:                                        OWNER-PC
OS version:                                           Windows 7 Service Pack 1 , 6.1, build: 7601 (x64)
Hardware:                                             HP Compaq dc5700 Small Form Factor, Hewlett-Packard, 0A60h
CPU:                                                  GenuineIntel Intel® Core™2 CPU 6300 @ 1.86GHz
Logical processors:                                   2
Processor groups:                                     1
RAM:                                                  3063 MB total

_________________________________________________________________________________________________________
CPU SPEED
_________________________________________________________________________________________________________
Reported CPU speed:                                   1862 MHz

Note: reported execution times may be calculated based on a fixed reported CPU speed. Disable variable speed settings like Intel Speed Step and AMD Cool N Quiet in the BIOS setup for more accurate results.

_________________________________________________________________________________________________________
MEASURED INTERRUPT TO USER PROCESS LATENCIES
_________________________________________________________________________________________________________
The interrupt to process latency reflects the measured interval that a usermode process needed to respond to a hardware request from the moment the interrupt service routine started execution. This includes the scheduling and execution of a DPC routine, the signaling of an event and the waking up of a usermode thread from an idle wait state in response to that event.

Highest measured interrupt to process latency (µs):   162.230711
Average measured interrupt to process latency (µs):   4.201069

Highest measured interrupt to DPC latency (µs):       158.381168
Average measured interrupt to DPC latency (µs):       1.762160

_________________________________________________________________________________________________________
REPORTED ISRs
_________________________________________________________________________________________________________
Interrupt service routines are routines installed by the OS and device drivers that execute in response to a hardware interrupt signal.

Highest ISR routine execution time (µs):              36.312030
Driver with highest ISR routine execution time:       dxgkrnl.sys - DirectX Graphics Kernel, Microsoft Corporation

Highest reported total ISR routine time (%):          0.008857
Driver with highest ISR total time:                   dxgkrnl.sys - DirectX Graphics Kernel, Microsoft Corporation

Total time spent in ISRs (%)                          0.012701

ISR count (execution time <250 µs):                   2959
ISR count (execution time 250-500 µs):                0
ISR count (execution time 500-999 µs):                0
ISR count (execution time 1000-1999 µs):              0
ISR count (execution time 2000-3999 µs):              0
ISR count (execution time >=4000 µs):                 0

_________________________________________________________________________________________________________
REPORTED DPCs
_________________________________________________________________________________________________________
DPC routines are part of the interrupt servicing dispatch mechanism and disable the possibility for a process to utilize the CPU while it is interrupted until the DPC has finished execution.

Highest DPC routine execution time (µs):              97.872180
Driver with highest DPC routine execution time:       ndis.sys - NDIS 6.20 driver, Microsoft Corporation

Highest reported total DPC routine time (%):          0.017490
Driver with highest DPC total execution time:         ndis.sys - NDIS 6.20 driver, Microsoft Corporation

Total time spent in DPCs (%)                          0.052784

DPC count (execution time <250 µs):                   14159
DPC count (execution time 250-500 µs):                0
DPC count (execution time 500-999 µs):                0
DPC count (execution time 1000-1999 µs):              0
DPC count (execution time 2000-3999 µs):              0
DPC count (execution time >=4000 µs):                 0

_________________________________________________________________________________________________________
REPORTED HARD PAGEFAULTS
_________________________________________________________________________________________________________
Hard pagefaults are events that get triggered by making use of virtual memory that is not resident in RAM but backed by a memory mapped file on disk. The process of resolving the hard pagefault requires reading in the memory from disk while the process is interrupted and blocked from execution.

NOTE: some processes were hit by hard pagefaults. If these were programs producing audio, they are likely to interrupt the audio stream resulting in dropouts, clicks and pops. Check the Processes tab to see which programs were hit.

Process with highest pagefault count:                 latmon.exe

Total number of hard pagefaults                       1
Hard pagefault count of hardest hit process:          1
Number of processes hit:                              1

_________________________________________________________________________________________________________
PER CPU DATA
_________________________________________________________________________________________________________
CPU 0 Interrupt cycle time (s):                       0.200676
CPU 0 ISR highest execution time (µs):                36.312030
CPU 0 ISR total execution time (s):                   0.012142
CPU 0 ISR count:                                      2959
CPU 0 DPC highest execution time (µs):                97.872180
CPU 0 DPC total execution time (s):                   0.043372
CPU 0 DPC count:                                      10833
_________________________________________________________________________________________________________
CPU 1 Interrupt cycle time (s):                       0.032726
CPU 1 ISR highest execution time (µs):                0.0
CPU 1 ISR total execution time (s):                   0.0
CPU 1 ISR count:                                      0
CPU 1 DPC highest execution time (µs):                24.962406
CPU 1 DPC total execution time (s):                   0.007088
CPU 1 DPC count:                                      3326
_________________________________________________________________________________________________________