Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

'Lock-up' happens whilst browsing [Solved]


  • This topic is locked This topic is locked

#1
70delboy

70delboy

    Member

  • Member
  • PipPipPip
  • 147 posts

Hi .. I hope you can shed some light on this problem.

 

For some time I have noticed my computer running more slowly, in other words email takes longer to download and display, IE runs slowly and Google browsing is also affected.

 

Recently though it has been locking-up completely; by that I mean that in a browsing session the mouse cursor stops responding to the mouse.  There is no way to recover from this other than a forced power down.  Then computer seems to boot up normally and functions properly again, until the next lock-up.  There is no obvious logic to this as it does not happen in every session. 

 

The AV is not detecting anything and I have run Malwarebytes without any result.

 

Here are the FRST results

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-03-2015
Ran by Del (administrator) on DEL-PC on 09-04-2015 19:59:38
Running from C:\Users\Del\Desktop
Loaded Profiles: Del (Available profiles: Del & Yvonne & delwinxp & Yvonnewinxp)
Platform: Microsoft Windows 7 Home Premium  Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Sophos Limited) C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Seagate Technology LLC) C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Sony Corporation) C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe
(Sophos Limited) C:\Program Files\Sophos\AutoUpdate\ALMon.exe
(CANON INC.) C:\Program Files\Canon\Quick Menu\CNQMMAIN.EXE
(Garmin Ltd or its subsidiaries) C:\Program Files\Garmin\Express Tray\ExpressTray.exe
(Microsoft Corporation) C:\Users\Del\AppData\Local\Microsoft\OneDrive\OneDrive.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(Sony Corporation) C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Intuit) C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
(Sophos Limited) C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
(Sophos Limited) C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
(SupportSoft, Inc.) C:\Program Files\Common Files\SupportSoft\bin\consrcclient.exe
(Sophos Limited) C:\Program Files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe
(SupportSoft, Inc.) C:\Program Files\O2LAS\bin\tgsrvc.exe
(CANON INC.) C:\Program Files\Canon\Quick Menu\CNQMUPDT.EXE
(CANON INC.) C:\Program Files\Canon\Quick Menu\CNQMSWCS.EXE
(Garmin Ltd or its subsidiaries) C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil32_15_0_0_189_ActiveX.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59240 2011-09-27] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\qttask.exe [421888 2012-01-12] (Apple Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [PMBVolumeWatcher] => C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe [651832 2011-08-24] (Sony Corporation)
HKLM\...\Run: [Sophos AutoUpdate Monitor] => C:\Program Files\Sophos\AutoUpdate\almon.exe [1593640 2015-01-30] (Sophos Limited)
HKLM\...\Run: [CanonQuickMenu] => C:\Program Files\Canon\Quick Menu\CNQMMAIN.EXE [1285704 2014-08-08] (CANON INC.)
HKLM\...\Run: [SpeedZooka Scheduler] => C:\Program Files\SpeedZooka\SpeedZookaScheduler.exe
HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox]  ATTENTION! ====> ZeroAccess?
HKU\S-1-5-21-2568410734-3031030142-1223416489-1001\...\Run: [GarminExpressTrayApp] => C:\Program Files\Garmin\Express Tray\ExpressTray.exe [688984 2014-12-31] (Garmin Ltd or its subsidiaries)
HKU\S-1-5-21-2568410734-3031030142-1223416489-1001\...\Run: [OneDrive] => C:\Users\Del\AppData\Local\Microsoft\OneDrive\OneDrive.exe [281248 2015-03-13] (Microsoft Corporation)
HKU\S-1-5-21-2568410734-3031030142-1223416489-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [5529880 2015-03-13] (Piriform Ltd)
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files\Garmin\Express Tray\ExpressTray.exe [688984 2014-12-31] (Garmin Ltd or its subsidiaries)
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [280576 2013-11-01] (Microsoft Corporation)
AppInit_DLLs: C:\PROGRA~1\Sophos\SOPHOS~1\sophos_detoured.dll => C:\Program Files\Sophos\Sophos Anti-Virus\sophos_detoured.dll [275352 2014-09-15] (Sophos Limited)
AppInit_DLLs: L, C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL => C:\Program Files\Sophos\Sophos Anti-Virus\sophos_detoured.dll [275352 2014-09-15] (Sophos Limited)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Del\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\FileSyncShell.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Del\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\FileSyncShell.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Del\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\FileSyncShell.dll (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2568410734-3031030142-1223416489-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...d=ie&ar=msnhome
HKU\S-1-5-21-2568410734-3031030142-1223416489-1001\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKU\S-1-5-21-2568410734-3031030142-1223416489-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.msn.com/?o...U219DHP&pc=U219
SearchScopes: HKLM -> DefaultScope value is missing.
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2011-09-05] (Adobe Systems Incorporated)
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2014-07-07] (CANON INC.)
BHO: Protect My Choices (Beta) -> {3DFCDCA1-AEAC-4302-A690-BFB683568BAA} -> C:\Program Files\DigitalAdvertisingAlliance\Protect My Choices\pmc.dll [2013-01-15] (Digital Advertising Alliance)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2013-12-18] (Oracle Corporation)
BHO: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-12-18] (Oracle Corporation)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2014-07-07] (CANON INC.)
Toolbar: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001 -> Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2014-07-07] (CANON INC.)
DPF: {01113300-3E00-11D2-8470-0060089874ED} http://ias.broadband...oad/tgctlcm.cab
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.appl...ex/qtplugin.cab
DPF: {0A43D7AC-D6C1-4622-B309-BF975F427C0E} https://internetbank...frontdoorFD.cab
DPF: {4E62C4DE-627D-4604-B157-4B7D6B09F02E} https://moneymanager...unttracking.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab
Handler: intu-help-qb3 - {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - C:\Program Files\Intuit\QuickBooks 2010\HelpAsyncPluggableProtocol.dll [2013-02-02] (Intuit, Inc.)
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\system32\mscoree.dll [2010-11-05] (Microsoft Corporation)
Winsock: Catalog9 01 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760] (Sophos Limited)
Winsock: Catalog9 02 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760] (Sophos Limited)
Winsock: Catalog9 03 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760] (Sophos Limited)
Winsock: Catalog9 04 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760] (Sophos Limited)
Winsock: Catalog9 05 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760] (Sophos Limited)
Winsock: Catalog9 06 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760] (Sophos Limited)
Winsock: Catalog9 07 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760] (Sophos Limited)
Winsock: Catalog9 08 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760] (Sophos Limited)
Winsock: Catalog9 19 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760] (Sophos Limited)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF Plugin: @canon.com/EPPEX -> C:\Program Files\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll [2011-11-30] (CANON INC.)
FF Plugin: @garmin.com/GpsControl -> C:\Program Files\Garmin GPS Plugin\npGarmin.dll [2013-10-09] (GARMIN Corp.)
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2013-12-18] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2013-12-18] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2009-07-10] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2011-09-05] (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Users\Del\AppData\Roaming\Mozilla\Extensions\[email protected]
FF Extension: Games by 7Go - C:\Users\Del\AppData\Roaming\Mozilla\Extensions\[email protected] [2013-09-18]
FF HKU\S-1-5-21-2568410734-3031030142-1223416489-1001\...\Firefox\Extensions: [[email protected]] - C:\Users\Del\AppData\Roaming\Mozilla\Extensions\[email protected]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 FreeAgentGoNext Service; C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe [189736 2009-09-25] (Seagate Technology LLC)
R2 Garmin Core Update Service; C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [451416 2014-12-31] (Garmin Ltd or its subsidiaries)
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-03-17] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation)
R2 QBCFMonitorService; c:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [45056 2013-02-02] (Intuit) [File not signed]
S3 QBFCService; c:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [61440 2009-07-23] (Intuit Inc.) [File not signed]
R2 SAVAdminService; C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe [288552 2014-09-15] (Sophos Limited)
R2 SAVService; C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe [208168 2014-09-15] (Sophos Limited)
R2 Sophos AutoUpdate Service; C:\Program Files\Sophos\AutoUpdate\ALsvc.exe [340776 2015-01-30] (Sophos Limited)
R2 SupportSoft Remote Control Client; C:\Program Files\Common Files\supportsoft\bin\consrcclient.exe [2080272 2012-11-06] (SupportSoft, Inc.)
R2 swi_service; C:\Program Files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe [3274536 2014-09-15] (Sophos Limited)
S2 swi_update; C:\ProgramData\Sophos\Web Intelligence\swi_update.exe [1487144 2014-09-15] (Sophos Limited)
R2 tgsrvc_o2las; C:\Program Files\O2LAS\bin\tgsrvc.exe [213008 2012-11-06] (SupportSoft, Inc.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
S2 Seagate Sync Service; "C:\Program Files\Seagate\Sync\SeaSyncServices.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 FreshIO; C:\Program Files\FreshDevices\FreshDiagnose\FreshIO.sys [2410 2004-10-26] () [File not signed]
R0 giveio; C:\Windows\System32\giveio.sys [5248 1996-04-03] () [File not signed]
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-03-17] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2015-04-09] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-03-17] (Malwarebytes Corporation)
S3 PSSDK42; C:\Windows\system32\Drivers\pssdk42.sys [38976 2015-03-26] (microOLAP Technologies LTD)
S3 PSSDKLBF; C:\Windows\system32\Drivers\pssdklbf.sys [53312 2015-03-26] (microOLAP Technologies LTD)
R0 pwdrvio; C:\Windows\System32\pwdrvio.sys [15688 2013-09-30] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [10320 2013-09-30] ()
S3 RapportIaso; c:\programdata\trusteer\rapport\store\exts\rapportms\baseline\rapportiaso.sys [21520 2012-06-30] (Trusteer Ltd.)
R1 SAVOnAccess; C:\Windows\System32\DRIVERS\savonaccess.sys [134912 2014-09-15] (Sophos Limited)
S3 silabenm; C:\Windows\System32\DRIVERS\silabenm.sys [47176 2010-07-28] (Silicon Laboratories)
S3 silabser; C:\Windows\System32\DRIVERS\silabser.sys [58112 2010-07-28] (Silicon Laboratories)
R1 SKMScan; C:\Windows\System32\DRIVERS\skmscan.sys [33408 2014-09-15] (Sophos Limited)
S4 SophosBootDriver; C:\Windows\System32\DRIVERS\SophosBootDriver.sys [23680 2014-09-15] (Sophos Limited)
R0 speedfan; C:\Windows\System32\speedfan.sys [25240 2011-03-18] (Almico Software)
R3 vncmirror; C:\Windows\System32\DRIVERS\vncmirror.sys [4608 2011-05-31] (RealVNC Ltd.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [20992 2009-07-14] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-09 18:55 - 2015-04-09 20:00 - 00016429 _____ () C:\Users\Del\Desktop\FRST.txt
2015-04-09 18:54 - 2015-04-09 18:54 - 01135104 _____ (Farbar) C:\Users\Del\Desktop\FRST.exe
2015-04-09 18:39 - 2015-04-09 18:56 - 00041884 _____ () C:\Users\Del\Desktop\Addition.txt
2015-04-09 18:33 - 2015-04-09 18:34 - 00041886 _____ () C:\Users\Del\Downloads\Addition.txt
2015-04-09 18:32 - 2015-04-09 19:59 - 00000000 ____D () C:\FRST
2015-04-09 18:32 - 2015-04-09 18:34 - 00038472 _____ () C:\Users\Del\Downloads\FRST.txt
2015-04-09 11:30 - 2015-04-09 11:30 - 00000000 ___SD () C:\Windows\system32\GWX
2015-04-09 11:25 - 2015-04-09 11:25 - 00000000 ___HD () C:\OneDriveTemp
2015-04-09 08:18 - 2015-04-09 16:48 - 00000168 _____ () C:\Windows\setupact.log
2015-04-09 08:18 - 2015-04-09 08:18 - 00000000 _____ () C:\Windows\setuperr.log
2015-04-05 20:52 - 2015-04-05 20:52 - 00001185 _____ () C:\Users\Del\Desktop\TreeSize Free.lnk
2015-04-05 20:52 - 2015-04-05 20:52 - 00000000 ____D () C:\Users\Del\AppData\Roaming\JAM Software
2015-04-05 20:52 - 2015-04-05 20:52 - 00000000 ____D () C:\Program Files\JAM Software
2015-04-05 20:51 - 2015-04-05 20:51 - 06639264 _____ (JAM Software ) C:\Users\Del\Downloads\TreeSizeFreeSetup.exe
2015-04-04 19:36 - 2015-04-04 19:37 - 05344528 _____ (Piriform Ltd) C:\Users\Del\Downloads\ccsetup504.exe
2015-04-04 18:33 - 2015-04-04 18:33 - 00000000 ____D () C:\ProgramData\Auslogics
2015-04-04 18:32 - 2015-04-08 20:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Auslogics
2015-04-04 18:32 - 2015-04-04 18:33 - 00000000 ____D () C:\Program Files\Auslogics
2015-04-04 18:32 - 2015-04-04 18:32 - 07213472 _____ (Auslogics Labs Pty Ltd ) C:\Users\Del\Downloads\disk-defrag-setup.exe
2015-04-04 18:32 - 2015-04-04 18:32 - 00001133 _____ () C:\Users\Del\Desktop\Auslogics DiskDefrag.lnk
2015-04-04 17:13 - 2015-04-04 18:30 - 00000000 ____D () C:\Program Files\SpeedZooka
2015-04-04 17:12 - 2015-04-04 17:13 - 12406408 _____ (ZookaWare) C:\Users\Del\Downloads\speedzookasetup.exe
2015-04-02 19:25 - 2015-04-02 19:25 - 00000509 _____ () C:\Users\Del\Desktop\ebaytext.txt
2015-03-29 14:48 - 2015-03-29 14:48 - 00001028 _____ () C:\Users\Public\Desktop\CPUID CPU-Z.lnk
2015-03-29 14:48 - 2015-03-29 14:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID
2015-03-29 14:47 - 2015-03-29 14:47 - 00000000 ____D () C:\Program Files\CPUID
2015-03-29 10:49 - 2015-03-29 10:49 - 00001348 _____ () C:\Users\Del\Desktop\march29ahci.txt
2015-03-25 18:09 - 2015-03-25 18:09 - 00001860 _____ () C:\Users\Public\Desktop\Garmin Express.lnk
2015-03-25 18:09 - 2015-03-25 18:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin
2015-03-22 12:28 - 2015-03-22 12:28 - 00000000 ____D () C:\Users\Del\AppData\Roaming\Dell
2015-03-22 12:28 - 2015-03-22 12:28 - 00000000 ____D () C:\ProgramData\PCDr
2015-03-22 12:28 - 2015-03-22 12:28 - 00000000 ____D () C:\ProgramData\PC-Doctor for Windows
2015-03-22 12:28 - 2015-03-22 12:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
2015-03-22 12:28 - 2015-03-22 12:28 - 00000000 ____D () C:\Program Files\Dell Support Center
2015-03-22 12:27 - 2015-03-22 12:27 - 00000000 ____D () C:\Program Files\Dell
2015-03-22 12:25 - 2015-03-22 12:25 - 00000000 ____D () C:\Users\Del\AppData\Roaming\PCDr
2015-03-17 20:39 - 2015-01-14 12:27 - 02894848 _____ () C:\Windows\system32\pwNative.exe
2015-03-17 20:39 - 2013-09-30 17:26 - 00015688 ____N () C:\Windows\system32\pwdrvio.sys
2015-03-17 20:39 - 2013-09-30 17:26 - 00010320 ____N () C:\Windows\system32\pwdspio.sys
2015-03-17 20:31 - 2015-03-17 20:39 - 00000000 ____D () C:\Program Files\MiniTool Partition Wizard Free 9.0
2015-03-17 20:31 - 2015-03-17 20:31 - 00001143 _____ () C:\Users\Public\Desktop\MiniTool Partition Wizard Free.lnk
2015-03-17 20:31 - 2015-03-17 20:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MiniTool Partition Wizard Free 9.0
2015-03-13 20:15 - 2015-03-13 20:15 - 00000000 ____D () C:\Users\Del\Downloads\AS SSD Benchmark
2015-03-13 20:14 - 2015-03-13 20:14 - 00286305 _____ () C:\Users\Del\Downloads\AS SSD Benchmark.zip
2015-03-12 10:12 - 2015-02-26 04:11 - 02381312 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-03-12 10:12 - 2015-02-24 03:32 - 00342696 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-03-12 10:12 - 2015-02-21 01:41 - 12827648 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-03-12 10:12 - 2015-02-21 01:27 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-03-12 10:12 - 2015-02-21 01:27 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-03-12 10:12 - 2015-02-21 01:25 - 19720192 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-03-12 10:12 - 2015-02-21 00:32 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-03-12 10:12 - 2015-02-20 03:22 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-03-12 10:12 - 2015-02-20 03:22 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-03-12 10:12 - 2015-02-20 03:09 - 00503296 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-03-12 10:12 - 2015-02-20 03:08 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-03-12 10:12 - 2015-02-20 03:08 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-03-12 10:12 - 2015-02-20 03:06 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-03-12 10:12 - 2015-02-20 03:03 - 02278400 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-03-12 10:12 - 2015-02-20 03:01 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-03-12 10:12 - 2015-02-20 03:00 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-03-12 10:12 - 2015-02-20 02:58 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-03-12 10:12 - 2015-02-20 02:56 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-03-12 10:12 - 2015-02-20 02:56 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-03-12 10:12 - 2015-02-20 02:56 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-03-12 10:12 - 2015-02-20 02:50 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-03-12 10:12 - 2015-02-20 02:41 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-03-12 10:12 - 2015-02-20 02:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-03-12 10:12 - 2015-02-20 02:30 - 04300288 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-03-12 10:12 - 2015-02-20 02:24 - 02052608 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-03-12 10:12 - 2015-02-20 02:24 - 00689152 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-03-12 10:12 - 2015-02-20 02:24 - 00684544 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-03-12 10:12 - 2015-02-20 02:23 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-03-12 10:12 - 2015-02-20 02:01 - 01888256 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-03-12 10:12 - 2015-02-20 01:57 - 01311232 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-03-12 10:12 - 2015-02-20 01:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-03-12 10:12 - 2015-02-03 04:16 - 03973048 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-03-12 10:12 - 2015-02-03 04:16 - 03917760 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-03-12 10:12 - 2015-02-03 04:16 - 00078784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-03-12 10:12 - 2015-02-03 04:12 - 11411968 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2015-03-12 10:12 - 2015-02-03 04:12 - 03209728 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2015-03-12 10:12 - 2015-02-03 04:12 - 01329664 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2015-03-12 10:12 - 2015-02-03 04:12 - 01230848 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-03-12 10:12 - 2015-02-03 04:12 - 01174528 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-03-12 10:12 - 2015-02-03 04:12 - 01005056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2015-03-12 10:12 - 2015-02-03 04:12 - 00988160 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2015-03-12 10:12 - 2015-02-03 04:12 - 00744960 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2015-03-12 10:12 - 2015-02-03 04:12 - 00617984 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2015-03-12 10:12 - 2015-02-03 04:12 - 00519680 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2015-03-12 10:12 - 2015-02-03 04:12 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2015-03-12 10:12 - 2015-02-03 04:12 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2015-03-12 10:12 - 2015-02-03 04:12 - 00475136 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-03-12 10:12 - 2015-02-03 04:12 - 00442880 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2015-03-12 10:12 - 2015-02-03 04:12 - 00406016 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2015-03-12 10:12 - 2015-02-03 04:12 - 00400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-03-12 10:12 - 2015-02-03 04:12 - 00374784 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2015-03-12 10:12 - 2015-02-03 04:12 - 00354816 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2015-03-12 10:12 - 2015-02-03 04:12 - 00275968 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2015-03-12 10:12 - 2015-02-03 04:12 - 00265216 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2015-03-12 10:12 - 2015-02-03 04:12 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2015-03-12 10:12 - 2015-02-03 04:12 - 00179200 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-03-12 10:12 - 2015-02-03 04:12 - 00171520 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
2015-03-12 10:12 - 2015-02-03 04:12 - 00157184 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2015-03-12 10:12 - 2015-02-03 04:12 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-03-12 10:12 - 2015-02-03 04:12 - 00103936 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2015-03-12 10:12 - 2015-02-03 04:12 - 00103424 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2015-03-12 10:12 - 2015-02-03 04:12 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2015-03-12 10:12 - 2015-02-03 04:12 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-03-12 10:12 - 2015-02-03 04:12 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-03-12 10:12 - 2015-02-03 04:12 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2015-03-12 10:12 - 2015-02-03 04:12 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-03-12 10:12 - 2015-02-03 04:12 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-03-12 10:12 - 2015-02-03 04:12 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll
2015-03-12 10:12 - 2015-02-03 04:12 - 00027648 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-03-12 10:12 - 2015-02-03 04:12 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2015-03-12 10:12 - 2015-02-03 04:12 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2015-03-12 10:12 - 2015-02-03 04:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2015-03-12 10:12 - 2015-02-03 04:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2015-03-12 10:12 - 2015-02-03 04:11 - 12625408 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2015-03-12 10:12 - 2015-02-03 04:11 - 00262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-03-12 10:12 - 2015-02-03 04:11 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2015-03-12 10:12 - 2015-02-03 04:11 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2015-03-12 10:12 - 2015-02-03 04:11 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2015-03-12 10:12 - 2015-02-03 04:11 - 00023040 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2015-03-12 10:12 - 2015-02-03 04:11 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2015-03-12 10:12 - 2015-02-03 04:11 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe
2015-03-12 10:12 - 2015-02-03 04:11 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe
2015-03-12 10:12 - 2015-02-03 04:10 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll
2015-03-12 10:12 - 2015-02-03 04:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2015-03-12 10:12 - 2015-02-03 04:08 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-03-12 10:12 - 2015-02-03 04:00 - 00593920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2015-03-12 10:12 - 2015-02-03 03:26 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2015-03-12 10:12 - 2015-01-31 00:56 - 00370488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-03-12 10:12 - 2014-10-31 23:22 - 00521384 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2015-03-12 10:11 - 2015-03-06 06:15 - 00137656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-03-12 10:11 - 2015-03-06 06:15 - 00067512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-03-12 10:11 - 2015-03-06 06:10 - 01061376 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-03-12 10:11 - 2015-03-06 06:10 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-03-12 10:11 - 2015-03-06 06:10 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-03-12 10:11 - 2015-03-06 06:10 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-03-12 10:11 - 2015-03-06 06:10 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-03-12 10:11 - 2015-03-06 06:10 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-03-12 10:11 - 2015-03-06 06:10 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-03-12 10:11 - 2015-03-06 06:10 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-03-12 10:11 - 2015-03-06 06:10 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-03-12 10:11 - 2015-03-06 06:10 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-03-12 10:11 - 2015-03-06 06:10 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-03-12 10:11 - 2015-03-06 06:09 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-03-12 10:11 - 2015-03-06 06:09 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-03-12 10:11 - 2015-03-06 06:07 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-03-12 10:11 - 2015-03-06 06:07 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-03-12 10:11 - 2015-03-06 06:06 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-03-12 10:11 - 2015-02-20 05:13 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-03-12 10:11 - 2015-02-20 05:13 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-03-12 10:11 - 2015-02-20 05:13 - 00026624 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-03-12 10:11 - 2015-02-20 05:13 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-03-12 10:11 - 2015-02-20 04:09 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-03-12 10:11 - 2015-02-13 06:26 - 12875264 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-03-12 10:11 - 2015-02-04 03:54 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-03-12 10:11 - 2015-01-31 04:33 - 02744320 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2015-03-12 10:11 - 2015-01-31 04:33 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2015-03-12 10:11 - 2015-01-31 01:48 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2015-03-12 10:11 - 2015-01-17 03:30 - 00828928 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-09 19:43 - 2011-06-20 19:29 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-09 18:44 - 2009-11-27 22:44 - 01224168 _____ () C:\Windows\WindowsUpdate.log
2015-04-09 18:23 - 2009-07-14 05:34 - 00014832 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-09 18:23 - 2009-07-14 05:34 - 00014832 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-09 17:18 - 2015-01-25 12:07 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-04-09 16:50 - 2014-06-25 19:24 - 00000000 ___RD () C:\Users\Del\OneDrive
2015-04-09 16:49 - 2011-06-20 19:29 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-09 16:49 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-09 08:25 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\LogFiles
2015-04-08 19:43 - 2012-09-09 20:05 - 00004934 _____ () C:\Users\Del\Desktop\dgcontacts.csv
2015-04-04 19:38 - 2013-09-17 20:13 - 00000971 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2015-04-04 19:38 - 2013-09-17 20:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-04-04 19:38 - 2013-09-17 20:13 - 00000000 ____D () C:\Program Files\CCleaner
2015-04-04 17:47 - 2014-06-25 11:49 - 00000000 _____ () C:\Windows\system32\vireng.log
2015-04-01 13:58 - 2015-02-05 20:13 - 00000000 ____D () C:\ProgramData\CanonIJPLM
2015-03-31 17:45 - 2009-11-27 15:00 - 00778834 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-29 10:10 - 2009-07-14 05:53 - 00032620 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-03-26 10:37 - 2012-01-23 13:53 - 00053312 _____ (microOLAP Technologies LTD) C:\Windows\system32\Drivers\pssdklbf.sys
2015-03-26 10:37 - 2012-01-23 13:53 - 00038976 _____ (microOLAP Technologies LTD) C:\Windows\system32\Drivers\pssdk42.sys
2015-03-25 19:25 - 2015-01-25 12:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-03-25 19:25 - 2015-01-25 12:07 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2015-03-25 19:25 - 2013-09-22 18:44 - 00001066 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-03-25 18:10 - 2014-02-12 12:13 - 00000000 ____D () C:\ProgramData\Package Cache
2015-03-25 18:09 - 2014-02-12 12:13 - 00000000 ____D () C:\ProgramData\Garmin
2015-03-25 18:09 - 2014-02-12 12:13 - 00000000 ____D () C:\Program Files\Garmin
2015-03-22 12:35 - 2013-11-06 09:41 - 00000000 ____D () C:\temp
2015-03-22 12:24 - 2013-12-14 13:10 - 00000000 ____D () C:\Users\Del\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell
2015-03-22 12:24 - 2009-12-09 13:23 - 00000000 ____D () C:\Users\Del\AppData\Local\Deployment
2015-03-22 11:58 - 2014-06-25 20:32 - 06089928 _____ (Microsoft Corporation) C:\Users\Del\Downloads\OneDriveSetup.exe
2015-03-17 07:15 - 2015-01-25 12:07 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-03-17 07:15 - 2015-01-25 12:07 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-03-17 07:15 - 2013-09-22 18:44 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-03-16 15:25 - 2009-07-14 08:48 - 00000000 ____D () C:\Windows\ShellNew
2015-03-13 22:50 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\rescache
2015-03-13 08:56 - 2014-06-25 19:24 - 00002156 _____ () C:\Users\Del\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2015-03-12 12:46 - 2009-07-14 05:33 - 00293056 _____ () C:\Windows\system32\FNTCACHE.DAT

==================== Files in the root of some directories =======

2009-12-02 13:37 - 2014-12-04 09:46 - 0007615 _____ () C:\Users\Del\AppData\Local\Resmon.ResmonCfg

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-04-04 17:42

==================== End Of Log ============================

 

 

and Addition.txt

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 11-03-2015
Ran by Del at 2015-04-09 20:00:19
Running from C:\Users\Del\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Sophos Anti-Virus (Enabled - Up to date) {6BABF8F7-3EB6-BD1D-9167-8C5ECA060A29}
AS: Sophos Anti-Virus (Enabled - Up to date) {D0CA1913-188C-B293-ABD7-B72CB1814094}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe AIR (HKLM\...\Adobe AIR) (Version: 3.5.0.1060 - Adobe Systems Incorporated)
Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.189 - Adobe Systems Incorporated)
Adobe Reader X (10.1.1) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.1 - Adobe Systems Incorporated)
ANT Drivers Installer x86 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Apple Application Support (HKLM\...\{A83279FD-CA4B-4206-9535-90974DE76654}) (Version: 2.1.5 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Auslogics DiskDefrag (HKLM\...\{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1) (Version: 5.4.0.0 - Auslogics Labs Pty Ltd)
Blueline 1.1.1 (HKLM\...\Blueline_is1) (Version:  - )
Canon Easy-WebPrint EX (HKLM\...\Easy-WebPrint EX) (Version: 1.5.0.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM\...\Canon_IJ_Scan_Utility) (Version: 1.1.10.15 - Canon Inc.)
Canon Inkjet Printer Driver Add-On Module (HKLM\...\CANONIJINBOXADDON100) (Version:  - )
Canon MG7500 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG7500_series) (Version: 1.00 - Canon Inc.)
Canon MG7500 series On-screen Manual (HKLM\...\Canon MG7500 series On-screen Manual) (Version: 7.7.1 - Canon Inc.)
Canon MG7500 series User Registration (HKLM\...\Canon MG7500 series User Registration) (Version:  - ‭Canon Inc.)
Canon My Image Garden (HKLM\...\Canon My Image Garden) (Version: 3.1.1 - Canon Inc.)
Canon My Image Garden Design Files (HKLM\...\Canon My Image Garden Design Files) (Version: 3.1.0 - Canon Inc.)
Canon My Printer (HKLM\...\CanonMyPrinter) (Version: 3.2.1 - Canon Inc.)
Canon Quick Menu (HKLM\...\CanonQuickMenu) (Version: 2.5.0 - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.04 - Piriform)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Coupon Printer (HKLM\...\Coupon Printer2.2.0.5) (Version: 2.2.0.5 - Coupons.com Inc.)
CPUID CPU-Z 1.72 (HKLM\...\CPUID CPU-Z_is1) (Version:  - )
Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 1.0.6584.52 - Dell)
Dell System Detect - 1  (HKU\S-1-5-21-2568410734-3031030142-1223416489-1001\...\73f463568823ebbe) (Version: 6.0.0.9 - Dell)
Dell System Detect (HKU\S-1-5-21-2568410734-3031030142-1223416489-1001\...\9204f5692a8faf3b) (Version: 5.4.0.4 - Dell)
Digital Advertising Alliance Protect My Choices (Beta) (HKLM\...\{F0BF9C38-5639-4F0F-A818-AEA288C0A96E}) (Version: 1.2.0.0 - Digital Advertising Alliance)
Elevated Installer (Version: 3.2.27.0 - Garmin Ltd or its subsidiaries) Hidden
Epson Copy Utility 3.5 (HKLM\...\{AA72FB28-73B4-49E5-B6B4-E78F44BBD0AD}) (Version: 3.5.0.0 - )
EPSON TWAIN 5 (HKLM\...\{254BEB3E-1085-4D66-9CDC-0152C0DC2E93}) (Version: 5.71.0000 - SEIKO EPSON Corp.)
FreshDiagnose (HKLM\...\FreshDevices - FreshDiagnose_is1) (Version:  - )
Garmin Communicator Plugin (HKLM\...\{032A13FF-D26D-4844-9597-7EF698627985}) (Version: 4.1.0 - Garmin Ltd or its subsidiaries)
Garmin Express (HKLM\...\{855d8086-4275-4bd3-a7a8-b44da3a56d7a}) (Version: 3.2.27.0 - Garmin Ltd or its subsidiaries)
Garmin Express (Version: 3.2.27.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (Version: 3.2.27.0 - Garmin Ltd or its subsidiaries) Hidden
Google Earth Plug-in (HKLM\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.26.9 - Google Inc.) Hidden
Hawke BRC 1.0.9 (HKLM\...\{44F2B651-A86A-4B6C-8563-07B66F00F8F8}_is1) (Version:  - Hawke Sport Optics)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1930 - Intel Corporation)
Intel® TV Wizard (HKLM\...\TVWiz) (Version:  - Intel Corporation)
Japanese Fonts Support For Adobe Reader 9 (HKLM\...\{AC76BA86-7AD7-5760-0000-900000000003}) (Version: 9.0.0 - Adobe Systems Incorporated)
Java 7 Update 51 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.510 - Oracle)
Junk Mail filter update (Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware version 2.1.4.1018 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.4.1018 - Malwarebytes Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office 2000 Professional (HKLM\...\{00010409-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.2720 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2568410734-3031030142-1223416489-1001\...\OneDriveSetup.exe) (Version: 17.3.4726.0226 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (HKLM\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
MiniTool Partition Wizard Free 9.0 (HKLM\...\{05D996FA-ADCB-4D23-BA3C-A7C184A8FAC6}_is1) (Version:  - MiniTool Solution Ltd.)
MotoCalc 8.07 (HKLM\...\MotoCalc 8_is1) (Version:  - Capable Computing, Inc.)
MSXML 4.0 SP2 Parser and SDK (HKLM\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
O2 BB Assisted Controls V2 (HKLM\...\{B0F51838-4AF7-4784-88DD-C86D7D8AF804}) (Version: 1 - SupportSoft)
P&O Cruises Live Ship Tracker (HKLM\...\com.pocruises.LiveShipTracker.A0C66AABAFAD54D5C6C22F9F89EA0FC11C49AF59.1) (Version: 1.3.15 - Carnival plc)
P&O Cruises Live Ship Tracker (Version: 1.3.15 - Carnival plc) Hidden
PMB (HKLM\...\{B6A98E5F-D6A7-46FB-9E9D-1F7BF443491C}) (Version: 5.8.02.10270 - Sony Corporation)
QuickBooks (Version: 20.0.4017.807 - Intuit Inc.) Hidden
QuickBooks Simple Start 2010 Free Edition (HKLM\...\{0700E22B-A419-40A5-BD20-04BF618CA0F9}) (Version: 20.0.4017.807 - Intuit Inc.)
QuickTime (HKLM\...\{7BE15435-2D3E-4B58-867F-9C75BED0208C}) (Version: 7.71.80.42 - Apple Inc.)
RC Plane Master (HKLM\...\RC Plane Master) (Version:  - )
Remote Keyboard Lite (HKLM\...\{7C621473-99FD-4800-B2F5-4F390AA46E0C}) (Version: 1.2.0.09270 - Sony Corporation)
Remote Keyboard Lite (Version: 1.2.0.09270 - Sony Corporation) Hidden
Seagate Manager Installer (HKLM\...\InstallShield_{2A30052B-831C-41D3-8044-3C0388066350}) (Version: 2.01.0600 - Seagate)
Seagate Manager Installer (Version: 2.01.0600 - Seagate) Hidden
Silicon Laboratories CP210x VCP Drivers for Windows XP/2003 Server/Vista/7 (HKLM\...\{EFC7DF4A-D0A1-4622-9104-10D8D2B5C82B}) (Version: 6.1.00 - Silicon Laboratories, Inc.)
Sophos Anti-Virus (HKLM\...\{D929B3B5-56C6-46CC-B3A3-A1A784CBB8E4}) (Version: 10.3.13 - Sophos Limited)
Sophos AutoUpdate (HKLM\...\{7CD26A0C-9B59-4E84-B5EE-B386B2F7AA16}) (Version: 4.1.0.273 - Sophos Limited)
SpeedFan (remove only) (HKLM\...\SpeedFan) (Version:  - )
Supportsoft Mirror Driver 1.8.0 (HKLM\...\ConsMirror_is1) (Version: 1.8.0 - Consona.)
Supportsoft Printer Driver 1.7.0 (HKLM\...\ConsPrinter_is1) (Version: 1.7.0 - Consona.)
TreeSize Free V3.3.2 (HKLM\...\TreeSize Free_is1) (Version: 3.3.2 - JAM Software)
VirusTotal Uploader 2.2 (HKLM\...\VTUploader) (Version:  - )
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB  (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live Sign-in Assistant (HKLM\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Sync (HKLM\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live Upload Tool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001_Classes\CLSID\{05EC5C13-D255-4592-9CCB-98615172F0D6}\InprocServer32 -> c:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001_Classes\CLSID\{0ADF9C35-0D5E-4B75-88DD-B64868907E17}\InprocServer32 -> c:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001_Classes\CLSID\{123FAF7F-3FB1-4B8F-AD18-0047401D436A}\InprocServer32 -> c:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001_Classes\CLSID\{37A2FC00-1795-4679-94A3-A153F1A8BB54}\InprocServer32 -> c:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001_Classes\CLSID\{37A2FC02-1795-4679-94A3-A153F1A8BB54}\InprocServer32 -> c:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001_Classes\CLSID\{4716D3CE-55DB-4D2A-818C-87D912895890}\InprocServer32 -> c:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001_Classes\CLSID\{4844F3F7-2161-4AC4-B219-B3B4311782AA}\InprocServer32 -> c:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001_Classes\CLSID\{4A56F19E-9F50-4F43-93C8-050E44AA83A9}\InprocServer32 -> c:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001_Classes\CLSID\{4E5E74B5-8EB5-4859-A335-837EED412620}\InprocServer32 -> c:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001_Classes\CLSID\{5428A9ED-6CD8-11D6-9C8A-0001023DCAA2}\InprocServer32 -> c:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001_Classes\CLSID\{547C8F00-5567-4AE3-8BB0-CC3CE2AB9070}\InprocServer32 -> c:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001_Classes\CLSID\{57D590F1-91EB-44CE-8088-AE4AE19D30A1}\InprocServer32 -> c:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001_Classes\CLSID\{596801D8-2C9D-4627-9C67-195CB81B655A}\InprocServer32 -> c:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001_Classes\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282}\InprocServer32 -> C:\Users\Del\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\FileSyncShell.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001_Classes\CLSID\{5B7331FA-8910-4748-A8A4-60B445041F28}\InprocServer32 -> c:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001_Classes\CLSID\{5ED8AC89-B2DE-476D-8EEA-E170B2FCB058}\InprocServer32 -> c:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001_Classes\CLSID\{7694F1CD-A55B-4B7C-8820-A90892EB4E9E}\InprocServer32 -> c:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001_Classes\CLSID\{7B37E4E2-C62F-4914-9620-8FB5062718CC}\localserver32 -> C:\Users\Del\AppData\Local\Microsoft\OneDrive\OneDrive.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001_Classes\CLSID\{7DBF8260-30AD-4D1B-876A-8032B87B809F}\InprocServer32 -> c:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001_Classes\CLSID\{810CADD9-2658-4820-BA95-30199625191E}\localserver32 -> C:\Program Files\Intuit\QuickBooks 2010\qbw32.exe (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001_Classes\CLSID\{828E5386-74CF-4019-B356-C857CD028A7D}\InprocServer32 -> c:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001_Classes\CLSID\{82CC31B3-53B4-4161-A4E9-6B4F1290A6C8}\InprocServer32 -> c:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001_Classes\CLSID\{8572570D-12D9-4F2C-8BB8-EB8848178B94}\InprocServer32 -> c:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001_Classes\CLSID\{8E590317-1329-11D1-B70B-00805F29CD16}\localserver32 -> C:\Program Files\Intuit\QuickBooks 2010\qbw32.exe (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001_Classes\CLSID\{8FEDE364-AB37-4551-80C9-6D468E222AB2}\InprocServer32 -> c:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001_Classes\CLSID\{9D9B61F2-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> c:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001_Classes\CLSID\{9D9B61F3-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> c:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001_Classes\CLSID\{9D9B61F4-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> c:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001_Classes\CLSID\{9D9B61F5-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> c:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001_Classes\CLSID\{9D9B61F6-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> c:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001_Classes\CLSID\{9D9B61F7-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> c:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Del\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\FileSyncShell.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001_Classes\CLSID\{A63E42D0-9C63-47B5-ABF2-0C839EC20778}\InprocServer32 -> c:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001_Classes\CLSID\{A63E42D2-9C63-47B5-ABF2-0C839EC20778}\InprocServer32 -> c:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001_Classes\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30}\InprocServer32 -> C:\Users\Del\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\FileSyncShell.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001_Classes\CLSID\{AB807329-7324-431B-8B36-DBD581F56E0B}\localserver32 -> C:\Users\Del\AppData\Local\Microsoft\OneDrive\OneDrive.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001_Classes\CLSID\{AF5E0A13-CEAB-47CE-991D-77E82CD1BF3F}\InprocServer32 -> c:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001_Classes\CLSID\{B10BFAC3-EFF1-40D9-ADA0-BEBE037C24CA}\InprocServer32 -> c:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001_Classes\CLSID\{B66F2BF1-91EB-44CE-8088-AE4AE19D30A1}\InprocServer32 -> c:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Del\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\FileSyncShell.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Del\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\FileSyncShell.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001_Classes\CLSID\{D14FD6B3-6A9F-4537-9460-07B836707127}\InprocServer32 -> c:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001_Classes\CLSID\{D4A12AAF-E15E-470B-A6B6-63032186F91F}\InprocServer32 -> c:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001_Classes\CLSID\{D9B9C060-0954-11D3-9E07-00104BD2BE34}\InprocServer32 -> c:\Program Files\Common Files\Intuit\QuickBooks\ViewSource.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001_Classes\CLSID\{D9BC6F81-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> c:\Program Files\Common Files\Intuit\QuickBooks\cominifile.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001_Classes\CLSID\{D9BC6F84-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> c:\Program Files\Common Files\Intuit\QuickBooks\cominifile.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001_Classes\CLSID\{D9BC6F87-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> c:\Program Files\Common Files\Intuit\QuickBooks\cominifile.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001_Classes\CLSID\{D9BC6FA1-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> c:\Program Files\Common Files\Intuit\QuickBooks\GraphSeriesCol.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001_Classes\CLSID\{D9BC6FA6-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> c:\Program Files\Common Files\Intuit\QuickBooks\GraphSeriesCol.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001_Classes\CLSID\{D9BC6FB2-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> c:\Program Files\Common Files\Intuit\QuickBooks\StorageClasses.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001_Classes\CLSID\{DCB2B478-EFF6-48F6-B718-13E98876854E}\InprocServer32 -> c:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001_Classes\CLSID\{DFD0AF10-B86C-4AF3-B609-1348D513E565}\InprocServer32 -> c:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001_Classes\CLSID\{E1A173E1-D957-4C3E-A098-43756A3DB454}\InprocServer32 -> c:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001_Classes\CLSID\{E1A173E3-D957-4C3E-A098-43756A3DB454}\InprocServer32 -> c:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001_Classes\CLSID\{EADA914E-5B08-4E85-8440-5A087504DF87}\InprocServer32 -> c:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001_Classes\CLSID\{EAEF733D-5B08-4E85-8440-5A087504DF87}\InprocServer32 -> c:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Del\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\FileSyncShell.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001_Classes\CLSID\{F2C593CC-74B2-4F71-8556-DD4D426D0409}\InprocServer32 -> c:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Del\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\FileSyncApi.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001_Classes\CLSID\{FAC93D42-FFC2-11d1-9DEB-0008C7A08EBA}\localserver32 -> C:\Program Files\Intuit\QuickBooks 2010\qbw32.exe (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001_Classes\CLSID\{FB17915F-06D1-4214-A902-CC5EE05186E9}\InprocServer32 -> c:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)

==================== Restore Points  =========================

29-01-2015 10:01:07 Windows Update
01-02-2015 11:55:03 Windows Update
08-02-2015 17:04:38 Windows Update
15-02-2015 11:15:07 Windows Update
23-02-2015 11:25:21 Scheduled Checkpoint
23-02-2015 12:57:25 Windows Update
04-03-2015 10:01:48 Windows Update
07-03-2015 17:21:21 Windows Update
12-03-2015 10:13:23 Windows Update
17-03-2015 10:05:49 Windows Update
22-03-2015 11:55:14 Windows Update
25-03-2015 18:08:12 Garmin Express
25-03-2015 18:10:26 Garmin Express
26-03-2015 10:42:12 Removed tbbMeter Loader Service
26-03-2015 10:43:53 Removed tbbMeter.
26-03-2015 10:45:06 Removed tbbMeter Loader Service
28-03-2015 12:31:28 Windows Update
31-03-2015 14:47:08 Windows Update
09-04-2015 11:28:36 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:04 - 2013-09-26 17:00 - 00000098 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1       localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {4220E91D-159A-40F3-BF52-F11C873327DD} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-27] (Google Inc.)
Task: {8CD64B89-617D-49BB-A81C-5392866C8E7E} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {94B2FBB8-7924-4917-9FAD-F4A1DF91F125} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\Dell\SupportAssist\sessionchecker.exe [2015-02-03] (PC-Doctor, Inc.)
Task: {A919F893-4B86-4251-8158-370AFBF29525} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-27] (Google Inc.)
Task: {B8B97699-8FB6-489F-A5DE-2FEC2EDD4665} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {D1B3BD8F-D98B-409E-8531-897BEF05098C} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-25] (Microsoft Corporation)
Task: {ECB4A6BC-E614-4E12-A8F3-5E89FCA3E458} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {FB108B20-9816-4D63-A91E-C4B5EAECE20A} - System32\Tasks\GarminUpdaterTask => C:\Program Files\Garmin\Express Self Updater\ExpressSelfUpdater.exe [2014-12-31] ()
Task: {FBE2BA1B-8D87-47DC-9C89-73F36FC0D02D} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-03-13] (Piriform Ltd)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) ==============

2013-11-06 09:41 - 2012-02-01 18:09 - 00026112 _____ () C:\Windows\System32\VNCpm.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\Del\Desktop\passport  Y.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\Del\Desktop\passport  Y.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\Yvonne\Desktop\specs.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\Yvonne\Desktop\specs.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\Yvonne\Documents\del and me 2010.eml:OECustomProperty

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SAVService => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SAVService => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SprtListen => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SprtListenPush => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SupportSoft Remote Control Client => ""="Service"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2568410734-3031030142-1223416489-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Del\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.254

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk => C:\Windows\pss\QuickBooks Update Agent.lnk.CommonStartup

==================== Accounts: =============================

Administrator (S-1-5-21-2568410734-3031030142-1223416489-500 - Administrator - Disabled)
Del (S-1-5-21-2568410734-3031030142-1223416489-1001 - Administrator - Enabled) => C:\Users\Del
delwinxp (S-1-5-21-2568410734-3031030142-1223416489-1009 - Administrator - Enabled) => C:\Users\delwinxp
Guest (S-1-5-21-2568410734-3031030142-1223416489-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2568410734-3031030142-1223416489-1016 - Limited - Enabled)
SophosSAUDEL-PC0 (S-1-5-21-2568410734-3031030142-1223416489-1023 - Limited - Enabled)
Yvonne (S-1-5-21-2568410734-3031030142-1223416489-1008 - Limited - Enabled) => C:\Users\Yvonne
Yvonnewinxp (S-1-5-21-2568410734-3031030142-1223416489-1010 - Administrator - Enabled) => C:\Users\Yvonnewinxp

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (04/09/2015 07:41:04 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".Error in manifest or policy file "Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"2" on line Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8".
Definition is Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.30729.6161".
Please use sxstrace.exe for detailed diagnosis.

Error: (04/08/2015 07:43:47 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: EXCEL.EXE, version: 9.0.0.2719, time stamp: 0x36f43422
Faulting module name: MSO9.DLL, version: 9.0.0.2720, time stamp: 0x36f47555
Exception code: 0xc0000005
Fault offset: 0x0006fe31
Faulting process id: 0x2278
Faulting application start time: 0xEXCEL.EXE0
Faulting application path: EXCEL.EXE1
Faulting module path: EXCEL.EXE2
Report Id: EXCEL.EXE3

Error: (04/07/2015 07:28:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: CNQMUPDT.EXE, version: 2.5.0.0, time stamp: 0x53c4bba5
Faulting module name: CNMDWLD.DLL, version: 1.0.0.0, time stamp: 0x4f5eedc8
Exception code: 0xc0000005
Fault offset: 0x000023c6
Faulting process id: 0x133c
Faulting application start time: 0xCNQMUPDT.EXE0
Faulting application path: CNQMUPDT.EXE1
Faulting module path: CNQMUPDT.EXE2
Report Id: CNQMUPDT.EXE3

Error: (04/07/2015 07:27:46 PM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: The index cannot be initialized.

Details:
 The process cannot access the file because it is being used by another process.  (HRESULT : 0x80070020) (0x80070020)

Error: (04/07/2015 07:27:46 PM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: The application cannot be initialized.

Context: Windows Application

Details:
 The process cannot access the file because it is being used by another process.  (HRESULT : 0x80070020) (0x80070020)

Error: (04/07/2015 07:27:46 PM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: The gatherer object cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
 The process cannot access the file because it is being used by another process.  (HRESULT : 0x80070020) (0x80070020)

Error: (04/07/2015 07:27:46 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: The plug-in in <Search.TripoliIndexer> cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
 The process cannot access the file because it is being used by another process.  (HRESULT : 0x80070020) (0x80070020)

Error: (04/04/2015 06:07:35 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".Error in manifest or policy file "Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"2" on line Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8".
Definition is Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.30729.6161".
Please use sxstrace.exe for detailed diagnosis.

Error: (04/02/2015 00:49:23 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".Error in manifest or policy file "Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"2" on line Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8".
Definition is Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.30729.6161".
Please use sxstrace.exe for detailed diagnosis.

Error: (04/02/2015 09:09:09 AM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: The backup did not complete because of an error writing to the backup location J:\. The error is: The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006).

System errors:
=============
Error: (04/09/2015 07:15:48 PM) (Source: DCOM) (EventID: 10016) (User: Del-PC)
Description: application-specificLocalActivation{B77C4C36-0154-4C52-AB49-FAA03837E47F}{EA022610-0748-4C24-B229-6C507EBDFDBB}Del-PCDelS-1-5-21-2568410734-3031030142-1223416489-1001LocalHost (Using LRPC)

Error: (04/09/2015 06:20:20 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.

Error: (04/09/2015 06:20:20 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

Error: (04/09/2015 04:49:57 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Garmin Core Update Service service failed to start due to the following error:
%%1053

Error: (04/09/2015 04:49:57 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Garmin Core Update Service service to connect.

Error: (04/09/2015 04:48:28 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 16:45:18 on ‎09/‎04/‎2015 was unexpected.

Error: (04/09/2015 04:32:22 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

Error: (04/09/2015 04:32:14 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.

Error: (04/09/2015 00:12:00 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 12:09:47 on ‎09/‎04/‎2015 was unexpected.

Error: (04/09/2015 11:24:55 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the MBAMScheduler service.

Microsoft Office Sessions:
=========================
Error: (04/09/2015 07:41:04 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.30729.6161"c:\program files\minitool partition wizard free 9.0\x64\PartitionWizard.exec:\program files\minitool partition wizard free 9.0\x64\Microsoft.VC90.CRT.MANIFEST4

Error: (04/08/2015 07:43:47 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: EXCEL.EXE9.0.0.271936f43422MSO9.DLL9.0.0.272036f47555c00000050006fe31227801d0722b8a00a84eC:\Program Files\Microsoft Office\Office\EXCEL.EXEC:\Program Files\Microsoft Office\Office\MSO9.DLL306087f0-de1f-11e4-aeed-0024e811b7db

Error: (04/07/2015 07:28:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: CNQMUPDT.EXE2.5.0.053c4bba5CNMDWLD.DLL1.0.0.04f5eedc8c0000005000023c6133c01d0716085cd9ec1C:\Program Files\Canon\Quick Menu\CNQMUPDT.EXEC:\Program Files\Canon\Quick Menu\CNMDWLD.DLLd3048982-dd53-11e4-8e06-0024e811b7db

Error: (04/07/2015 07:27:46 PM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description:
Details:
 The process cannot access the file because it is being used by another process.  (HRESULT : 0x80070020) (0x80070020)

Error: (04/07/2015 07:27:46 PM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: Context: Windows Application

Details:
 The process cannot access the file because it is being used by another process.  (HRESULT : 0x80070020) (0x80070020)

Error: (04/07/2015 07:27:46 PM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: Context: Windows Application, SystemIndex Catalog

Details:
 The process cannot access the file because it is being used by another process.  (HRESULT : 0x80070020) (0x80070020)

Error: (04/07/2015 07:27:46 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: Context: Windows Application, SystemIndex Catalog

Details:
 The process cannot access the file because it is being used by another process.  (HRESULT : 0x80070020) (0x80070020)
Search.TripoliIndexer

Error: (04/04/2015 06:07:35 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.30729.6161"c:\program files\minitool partition wizard free 9.0\x64\PartitionWizard.exec:\program files\minitool partition wizard free 9.0\x64\Microsoft.VC90.CRT.MANIFEST4

Error: (04/02/2015 00:49:23 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.30729.6161"c:\program files\minitool partition wizard free 9.0\x64\PartitionWizard.exec:\program files\minitool partition wizard free 9.0\x64\Microsoft.VC90.CRT.MANIFEST4

Error: (04/02/2015 09:09:09 AM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: J:\The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006)

==================== Memory info ===========================

Processor: Pentium® Dual-Core CPU E5300 @ 2.60GHz
Percentage of memory in use: 47%
Total physical RAM: 3061.18 MB
Available physical RAM: 1616.96 MB
Total Pagefile: 6120.64 MB
Available Pagefile: 4033.99 MB
Total Virtual: 2047.88 MB
Available Virtual: 1918.45 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:283.03 GB) (Free:121.47 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (RECOVERY) (Fixed) (Total:15 GB) (Free:7.57 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: A0000000)
Partition 1: (Not Active) - (Size=63 MB) - (Type=DE)
Partition 2: (Not Active) - (Size=15 GB) - (Type=07 NTFS)
Partition 3: (Active) - (Size=283 GB) - (Type=07 NTFS)

==================== End Of Log ============================


  • 0

Advertisements


#2
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,583 posts

Hi. My name is Brian, and I would be happy to look into your issue.
 


- General Instructions -

  • Please read all instructions and fixes thoroughly. Read the ENTIRE post BEFORE performing any steps so you understand all that needs to be done.
  • I would advise printing any instructions for easy reference as some of the fixes may require you to boot in Safe mode. Access to these instructions may not be available in Safe Mode.
  • Any fixes provided by myself are for this log file only and should not be used on any other systems.
  • Do not run any other removal software or perform updates other than the ones I provide, as it will complicate the cleaning process.
  • It's very likely that part of our cleanup will include emptying your recycle bin. If you use your recycle bin as an archive and do not wish this to be emptied, please let me know.
  • You have 4 days to reply to each post or the topic will be closed. You will be able to request that the topic be re-opened by sending me a PM (Personal Message) or PM a moderator.
  • Please feel free to ask any questions, especially if you are having problems with my instructions.


- Save ALL Tools to your Desktop-

 

All tools that I have you download should be placed on the desktop unless otherwise stated. If you are familiar with how to save files to the desktop then you can skip this step.
 
Since you are continuing with this step then I assume you are unfamiliar with saving files to your desktop. As a result it's easiest if you configure your browser(s) to download any tools to the desktop by default. Please use the appropriate instructions below depending on the browser you are using.
Chrome.JPGGoogle Chrome - Click the "Customize and control Google Chrome" button in the upper right-corner of the browser.Settings.JPG Choose Settings. at the bottom of the screen click the
"Show advanced settings..." link. Scroll down to find the Downloads section and click the Change... button. Select your desktop and click OK.
Firefox.JPGMozilla Firefox - Click the "Open Menu" button in the upper right-corner of the browser. Settings.JPG Choose Options. In the downloads section, click the Browse button, click on the Desktop folder
and the click the "Select Folder" button. Click OK to get out of the Options menu.
IE.jpgInternet Explorer - Click the Tools menu in the upper right-corner of the browser. Tools.JPG Select View downloads. Select the Options link in the lower left of the window. Click Browse and
select the Desktop and then choose the Select Folder button. Click OK to get out of the download options screen and then click Close to get out of the View Downloads screen.
NOTE: IE8 Does not support changing download locations in this manner. You will need to download the tool(s) to the default folder, usually Downloads, then copy them to the desktop.
 

- Finally Before We Start-

 
Removing malware is a complicated multiple step process, Please stay with me until I have declared your system clean. I strongly recommend you backup your personal files and folders. Although rare, attempting to remove malware can render your machine unbootable or cause data loss. Having backups of your data is your responsibility. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.

 

 

 

 

Sorry for the delay.

 

Let's take a look. I have a feeling you may need to go over to the hardware guys but let's see. Please do the following.

 

Step#1 - Warnings

Registry Cleaners
I see that you have CCleaner & SpeedZooka installed. These may be good products, but I wanted to caution you on running the registry cleaning functionality of the tools. Please avoid this as it can do more harm than good.

 

Step#2 - FRST Fix
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
1. Download attached file and save it to the Desktop. Attached File  fixlist.txt   979bytes   89 downloads
Note. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work (in this case...the desktop).
2. Run FRST by Right-Clicking on the file and choosing Run as administrator.
3. Press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
4. When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post the contents of it in your reply.

 

Step#3 - Rootkit Scan
1. Download aswMBR to your desktop.
2. Right-click on aswMBR.exe and select Run as administrator to run it.
3. If you get a question about Virtualization Technology, answer Yes.
4. If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
5. Click the "Scan" button to start scan.
6. On completion of the scan click "Save log", save it to your desktop and post in your next reply.
NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

 

 

Step#4 - ChkDsk Scan
1. Click your Start Orb in the lower left of your computer and type cmd in the search box.
2. Once the cmd program is found, right-click on it with your mouse and select Run as administrator as shown below.
ElevateCommandPrompt.JPG
3. Answer Yes when asked to allow.
4. You should now have a black window open that you can type in to.
5. Please type chkdsk and then press enter.
6. Chkdsk will start to run. Please allow it to finish. You will know it is running when you see text as follows.
Chkdsk.JPG
 
7. Download ListChkdskResult.exe by SleepyDude and save it on your desktop. If it's already downloaded to your desktop, just skip this step.
8. Right-click this file and select Run as administrator (Allow if prompted) and a text file will open (and also be saved on the desktop as ListChkdskResult.txt).
    Please copy the contents of this file and paste into your next post.

 

 

 

Items for your next post

1. FRST Fix Log

2. Rootkit Scan Log

3. Chkdsk Results


  • 0

#3
70delboy

70delboy

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 147 posts

Hi Brian

 

Thanks for taking up my problem.  I have run FRST and FRSTfix.log is below.

 

When I attempted to download aswMBR my AV (Sophos) blocked it saying that Mal/HTML Gen-A was present on that site. I have Avast already on my desktop, is that the same?

 

Chkdsk was run and log is attached.

 

FRSTfix.log

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 13-04-2015
Ran by Del at 2015-04-14 13:57:33 Run:1
Running from C:\Users\Del\Desktop
Loaded Profiles: Del (Available profiles: Del & Yvonne)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
CreateRestorePoint:
HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox]  ATTENTION! ====> ZeroAccess?
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2568410734-3031030142-1223416489-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKLM -> DefaultScope value is missing.
Toolbar: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
AlternateDataStreams: C:\Users\Del\Desktop\passport  Y.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\Del\Desktop\passport  Y.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\Yvonne\Desktop\specs.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\Yvonne\Desktop\specs.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
Cmd: wevtutil cl application
Cmd: wevtutil cl system
Cmd: wevtutil cl security
EmptyTemp:
 
*****************

Restore point was successfully created.
HKLM\Software\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InprocServer32\\Default => Value was restored successfully.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
"HKU\S-1-5-21-2568410734-3031030142-1223416489-1001\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKU\S-1-5-21-2568410734-3031030142-1223416489-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} => value deleted successfully.
HKCR\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068} => Key not found.
"C:\Users\Del\Desktop\passport  Y.jpeg" => ":3or4kl4x13tuuug3Byamue2s4b" ADS not found.
C:\Users\Del\Desktop\passport  Y.jpeg => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS removed successfully.
"C:\Users\Yvonne\Desktop\specs.jpeg" => ":3or4kl4x13tuuug3Byamue2s4b" ADS not found.
C:\Users\Yvonne\Desktop\specs.jpeg => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS removed successfully.

=========  wevtutil cl application =========

========= End of CMD: =========

=========  wevtutil cl system =========

========= End of CMD: =========

=========  wevtutil cl security =========

========= End of CMD: =========

EmptyTemp: => Removed 3 GB temporary data.

The system needed a reboot.

==== End of Fixlog 14:12:06 ====

 

 

ChkdskResult

 

ListChkdskResult by SleepyDude v0.1.7 Beta | 21-09-2013

------< Log generate on 14/04/2015 14:55:41 >------
Category: 0
Computer Name: Del-PC
Event Code: 26212
Record Number: 156380
Source Name: Chkdsk
Time Written: 04-14-2015 @ 13:51:05
Event Type: Information
User:
Message: Chkdsk was executed in read-only mode on a volume snapshot. 

Checking file system on C:
The type of the file system is NTFS.
Volume label is OS.

WARNING!  F parameter not specified.
Running CHKDSK in read-only mode.

CHKDSK is verifying files (stage 1 of 3)...
  476672 file records processed.                                        

File verification completed.
  2755 large file records processed.                                  

  0 bad file records processed.                                    

  0 EA records processed.                                          

  109 reparse records processed.                                     

CHKDSK is verifying indexes (stage 2 of 3)...
  553962 index entries processed.                                       

Index verification completed.
  0 unindexed files scanned.                                       

  0 unindexed files recovered.                                     

CHKDSK is verifying security descriptors (stage 3 of 3)...
  476672 file SDs/SIDs processed.                                       

Cleaning up 4316 unused index entries from index $SII of file 0x9.
Cleaning up 4316 unused index entries from index $SDH of file 0x9.
Cleaning up 4316 unused security descriptors.
Security descriptor verification completed.
  38646 data files processed.                                          

CHKDSK is verifying Usn Journal...
  36411000 USN bytes processed.                                           

Usn Journal verification completed.
Windows has checked the file system and found no problems.

 296776703 KB total disk space.
 159817664 KB in 227411 files.
    131420 KB in 38647 indexes.
         0 KB in bad sectors.
    593295 KB in use by the system.
     65536 KB occupied by the log file.
 136234324 KB available on disk.

      4096 bytes in each allocation unit.
  74194175 total allocation units on disk.
  34058581 allocation units available on disk.

 

-----------------------------------------------------------------------

 

 

Hope that info is useful!

Delboy


  • 0

#4
70delboy

70delboy

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 147 posts

Hi Brian

 

Tried to download aswMBR again, this time it worked!

 

Ran aswMBR twice, each time it got stuck on the same line in C:\users.  I have attached the log.

 

Is that useful?

delboy

 

 

aswMBR version 1.0.1.2290 Copyright© 2014 AVAST Software
Run date: 2015-04-14 16:04:19
-----------------------------
16:04:19.426    OS Version: Windows 6.1.7601 Service Pack 1
16:04:19.426    Number of processors: 2 586 0x170A
16:04:19.504    ComputerName: DEL-PC  UserName: Del
16:04:55.587    Initialize success
16:04:55.634    VM: initialized successfully
16:04:55.634    VM: Intel CPU supported
16:04:59.666    VM: supported disk I/O ataport.SYS
16:05:05.126    AVAST engine defs: 15041400
16:05:08.573    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
16:05:08.589    Disk 0 Vendor: WDC_WD3200AAKS-75L9A0 02.03E02 Size: 305245MB BusType: 3
16:05:08.604    Disk 1  \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP2T0L0-3
16:05:08.604    Disk 1 Vendor: Samsung_SSD_850_EVO_250GB EMT01B6Q Size: 238475MB BusType: 3
16:05:08.901    VM: Disk 0 MBR read successfully
16:05:08.901    Disk 0 MBR scan
16:05:08.916    Disk 0 Windows 7 default MBR code
16:05:08.963    Disk 0 Partition 1 00     DE   Dell Utility Dell 8.0       62 MB offset 63
16:05:08.979    Disk 0 Partition 2 00     07      HPFS/NTFS NTFS        15360 MB offset 129024
16:05:08.994    Disk 0 Partition 3 80 (A) 07      HPFS/NTFS NTFS       289821 MB offset 31586304
16:05:08.994    Disk 0 default boot code
16:05:09.010    Disk 0 scanning sectors +625139712
16:05:09.182    Disk 0 scanning C:\Windows\system32\drivers
16:05:34.454    Service scanning
16:05:56.231    Modules scanning
16:05:56.247    Disk 0 trace - called modules:
16:05:56.340    ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS pciide.sys
16:05:56.356    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86346030]
16:05:56.372    3 CLASSPNP.SYS[8b5b959e] -> nt!IofCallDriver -> [0x85e9c918]
16:05:56.387    5 ACPI.sys[8b03b3d4] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x855ca908]
16:05:57.152    AVAST engine scan C:\Windows
16:06:04.000    AVAST engine scan C:\Windows\system32
16:11:36.100    AVAST engine scan C:\Windows\system32\drivers
16:11:51.014    AVAST engine scan C:\Users\Del
16:14:32.593    Disk 0 statistics 2494298/0/278 @ 4.31 MB/s
16:14:32.593    Scan stopped
16:14:55.852    Disk 0 MBR has been saved successfully to "C:\Users\Del\Desktop\MBR.dat"
16:14:55.868    The log file has been saved successfully to "C:\Users\Del\Desktop\aswMBRlog.txt"

 


  • 0

#5
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,583 posts

Yes, that information was helpful. Thank you.
 

For some time I have noticed my computer running more slowly, in other words email takes longer to download and display, IE runs slowly and Google browsing is also affected.

 

Have you checked your internet speed recently? Do you know if you are getting the speeds that you are supposed to?
 
Step#1 - Internet Speed Check
Would you mind doing this speed test and let me know what is reported?

1. Go to http://www.speedtest.net
2. Wait until the BEGIN TEST button appears and click on it.
    BeginTest.JPG
 
3. When it's finished please let me know the Ping, Download Speed and Upload Speed
    Results.JPG


  • 0

#6
70delboy

70delboy

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 147 posts

Hi Brian

 

I suspected broadband speed when I first noticed the problem and although the speed is a little lower than usual (usually 12.2 down, 1.1 up) its not a huge difference.

 

Speedtest says 15ms ping, 10.52 Down, 0.94 Up.

 

Would that have any bearing on the lock-up problem?

 

By the way, it locked up when I was trying to exit from the failed aswMBR test, this time followed with a BSOD.  Not seen that before.  Forced restart necessary to continue.

 

What do you suggest?

 

delboy


  • 0

#7
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,583 posts

I suspected broadband speed when I first noticed the problem and although the speed is a little lower than usual (usually 12.2 down, 1.1 up) its not a huge difference.

 

Speedtest says 15ms ping, 10.52 Down, 0.94 Up.

 

Would that have any bearing on the lock-up problem?

 

 

That looks good then. No that should not have any issue with the lock-up. Please do the following.

 

Step#1 - Retrieve System Information
1. Download Speccy to your desktop. The setup file will be named spsetup126.exe or something similar.
2. Double-click on this file and install it. Note: Please ensure that you uncheck any foistware that may be presented during the install (i.e. Chrome Browser install).
3. When the program opens it will retrieve some information regarding your system.
4. Once it's done, select the File menu and choose Publish snapshot. Answer Yes to the confirmation message.
5. On the next screen that comes up, choose the Copy to Clipboard button and paste this link in your next reply.

 

Step#2 - BSOD Log
1. Please download the 32-bit version of Bluescreenview from here and save it to your desktop.
2. Right-click on the downloaded file (bluescreenview.zip) and select Extract All. Click the Extract button and a folder will open with the contents that were extracted.
3. Right-click on BlueScreenView.exe and select Run as administrator. If prompted to Allow, please answer yes.
4. Once the program opens and finishes scanning, click on the Edit menu and choose Select All.
5. Then click on the file menu...Save selected Items...and save it to your desktop named BSOD.txt.
6. Open the BSOD.txt file in notepad (you can simply double-click on the file from the desktop to do this) and copy/paste the contents of this in your next reply.

 

 

 

Items for your next post

1. Speccy Link

2. BSOD info


  • 0

#8
70delboy

70delboy

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 147 posts

Hi Brian

 

Here are the logs you wanted

 

 

 

http://speccy.pirifo...tfMKtmC2vt1XzNA

 

 

 

 

==================================================
Dump File         : 041415-20217-01.dmp
Crash Time        : 14/04/2015 15:56:56
Bug Check String  :
Bug Check Code    : 0x00000101
Parameter 1       : 0x00000061
Parameter 2       : 0x00000000
Parameter 3       : 0x807c2120
Parameter 4       : 0x00000001
Caused By Driver  : ntkrnlpa.exe
Caused By Address : ntkrnlpa.exe+dedd8
File Description  : NT Kernel & System
Product Name      : Microsoft® Windows® Operating System
Company           : Microsoft Corporation
File Version      : 6.1.7601.18741 (win7sp1_gdr.150202-1526)
Processor         : 32-bit
Crash Address     : ntkrnlpa.exe+dedd8
Stack Address 1   : ntkrnlpa.exe+7b207
Stack Address 2   : ntkrnlpa.exe+7a853
Stack Address 3   : ntkrnlpa.exe+7a700
Computer Name     :
Full Path         : C:\Windows\Minidump\041415-20217-01.dmp
Processors Count  : 2
Major Version     : 15
Minor Version     : 7601
Dump File Size    : 145,304
Dump File Time    : 14/04/2015 15:58:56
==================================================

 

delboy

 


  • 0

#9
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,583 posts

Thanks for the information. Can you provide me another Addition log? I don't need the FRST log.

 

Step#1 - Let's get that Addition.txt File
1. Right click on FRST and select Run as administrator.
2. Ensure that the Addition.txt check box is checked in the Optional Scan area at the bottom of the screen.
3. Press the Scan button.
4. It will produce a log called FRST.txt in the same directory the tool is run from (which should now be the desktop). We will not need this log this time.
5. Another log will be created (Addition.txt - also located in the same directory as FRST.exe).
6. Please paste the contents of the Addition.txt log in your next reply.

 

How often does you machine lock up? Daily? Weekly?

 

Thanks.


  • 0

#10
70delboy

70delboy

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 147 posts

Hi Brian

 

Here is the Addition log as requested.

 

As far as how often I see a lock-up that's difficult to say as it depends largely on the length of time I use the computer.  I think I am right when I say that if it locks-up then I cannot remember a second lock-up in the same day. But it might be 3 or 4 times a week on different days.

 

Hope that helps

delboy

 

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 15-04-2015 02
Ran by Del at 2015-04-15 15:27:09
Running from C:\Users\Del\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Sophos Anti-Virus (Enabled - Up to date) {6BABF8F7-3EB6-BD1D-9167-8C5ECA060A29}
AS: Sophos Anti-Virus (Enabled - Up to date) {D0CA1913-188C-B293-ABD7-B72CB1814094}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe AIR (HKLM\...\Adobe AIR) (Version: 3.5.0.1060 - Adobe Systems Incorporated)
Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.189 - Adobe Systems Incorporated)
Adobe Reader X (10.1.1) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.1 - Adobe Systems Incorporated)
ANT Drivers Installer x86 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Apple Application Support (HKLM\...\{A83279FD-CA4B-4206-9535-90974DE76654}) (Version: 2.1.5 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Auslogics DiskDefrag (HKLM\...\{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1) (Version: 5.4.0.0 - Auslogics Labs Pty Ltd)
Blueline 1.1.1 (HKLM\...\Blueline_is1) (Version:  - )
Canon Easy-WebPrint EX (HKLM\...\Easy-WebPrint EX) (Version: 1.5.0.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM\...\Canon_IJ_Scan_Utility) (Version: 1.1.10.15 - Canon Inc.)
Canon Inkjet Printer Driver Add-On Module (HKLM\...\CANONIJINBOXADDON100) (Version:  - )
Canon MG7500 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG7500_series) (Version: 1.00 - Canon Inc.)
Canon MG7500 series On-screen Manual (HKLM\...\Canon MG7500 series On-screen Manual) (Version: 7.7.1 - Canon Inc.)
Canon MG7500 series User Registration (HKLM\...\Canon MG7500 series User Registration) (Version:  - ‭Canon Inc.)
Canon My Image Garden (HKLM\...\Canon My Image Garden) (Version: 3.1.1 - Canon Inc.)
Canon My Image Garden Design Files (HKLM\...\Canon My Image Garden Design Files) (Version: 3.1.0 - Canon Inc.)
Canon My Printer (HKLM\...\CanonMyPrinter) (Version: 3.2.1 - Canon Inc.)
Canon Quick Menu (HKLM\...\CanonQuickMenu) (Version: 2.5.0 - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.04 - Piriform)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Coupon Printer (HKLM\...\Coupon Printer2.2.0.5) (Version: 2.2.0.5 - Coupons.com Inc.)
CPUID CPU-Z 1.72 (HKLM\...\CPUID CPU-Z_is1) (Version:  - )
Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 1.0.6584.52 - Dell)
Dell System Detect - 1  (HKU\S-1-5-21-2568410734-3031030142-1223416489-1001\...\73f463568823ebbe) (Version: 6.0.0.9 - Dell)
Dell System Detect (HKU\S-1-5-21-2568410734-3031030142-1223416489-1001\...\9204f5692a8faf3b) (Version: 5.4.0.4 - Dell)
Digital Advertising Alliance Protect My Choices (Beta) (HKLM\...\{F0BF9C38-5639-4F0F-A818-AEA288C0A96E}) (Version: 1.2.0.0 - Digital Advertising Alliance)
Elevated Installer (Version: 4.0.15.0 - Garmin Ltd or its subsidiaries) Hidden
Epson Copy Utility 3.5 (HKLM\...\{AA72FB28-73B4-49E5-B6B4-E78F44BBD0AD}) (Version: 3.5.0.0 - )
EPSON TWAIN 5 (HKLM\...\{254BEB3E-1085-4D66-9CDC-0152C0DC2E93}) (Version: 5.71.0000 - SEIKO EPSON Corp.)
FreshDiagnose (HKLM\...\FreshDevices - FreshDiagnose_is1) (Version:  - )
Garmin Communicator Plugin (HKLM\...\{032A13FF-D26D-4844-9597-7EF698627985}) (Version: 4.1.0 - Garmin Ltd or its subsidiaries)
Garmin Express (HKLM\...\{50755d67-ae60-4e47-b3d6-ce44d01b5a95}) (Version: 4.0.15.0 - Garmin Ltd or its subsidiaries)
Garmin Express (Version: 4.0.15.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (Version: 4.0.15.0 - Garmin Ltd or its subsidiaries) Hidden
Google Chrome (HKLM\...\Google Chrome) (Version: 41.0.2272.118 - Google Inc.)
Google Earth Plug-in (HKLM\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.6227.252 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.26.9 - Google Inc.) Hidden
Hawke BRC 1.0.9 (HKLM\...\{44F2B651-A86A-4B6C-8563-07B66F00F8F8}_is1) (Version:  - Hawke Sport Optics)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1930 - Intel Corporation)
Intel® TV Wizard (HKLM\...\TVWiz) (Version:  - Intel Corporation)
Japanese Fonts Support For Adobe Reader 9 (HKLM\...\{AC76BA86-7AD7-5760-0000-900000000003}) (Version: 9.0.0 - Adobe Systems Incorporated)
Java 7 Update 51 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.510 - Oracle)
Junk Mail filter update (Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware version 2.1.4.1018 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.4.1018 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft Office 2000 Professional (HKLM\...\{00010409-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.2720 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2568410734-3031030142-1223416489-1001\...\OneDriveSetup.exe) (Version: 17.3.4726.0226 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (HKLM\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
MiniTool Partition Wizard Free 9.0 (HKLM\...\{05D996FA-ADCB-4D23-BA3C-A7C184A8FAC6}_is1) (Version:  - MiniTool Solution Ltd.)
MotoCalc 8.07 (HKLM\...\MotoCalc 8_is1) (Version:  - Capable Computing, Inc.)
MSXML 4.0 SP2 Parser and SDK (HKLM\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
O2 BB Assisted Controls V2 (HKLM\...\{B0F51838-4AF7-4784-88DD-C86D7D8AF804}) (Version: 1 - SupportSoft)
P&O Cruises Live Ship Tracker (HKLM\...\com.pocruises.LiveShipTracker.A0C66AABAFAD54D5C6C22F9F89EA0FC11C49AF59.1) (Version: 1.3.15 - Carnival plc)
P&O Cruises Live Ship Tracker (Version: 1.3.15 - Carnival plc) Hidden
PMB (HKLM\...\{B6A98E5F-D6A7-46FB-9E9D-1F7BF443491C}) (Version: 5.8.02.10270 - Sony Corporation)
QuickBooks (Version: 20.0.4017.807 - Intuit Inc.) Hidden
QuickBooks Simple Start 2010 Free Edition (HKLM\...\{0700E22B-A419-40A5-BD20-04BF618CA0F9}) (Version: 20.0.4017.807 - Intuit Inc.)
QuickTime (HKLM\...\{7BE15435-2D3E-4B58-867F-9C75BED0208C}) (Version: 7.71.80.42 - Apple Inc.)
RC Plane Master (HKLM\...\RC Plane Master) (Version:  - )
Remote Keyboard Lite (HKLM\...\{7C621473-99FD-4800-B2F5-4F390AA46E0C}) (Version: 1.2.0.09270 - Sony Corporation)
Remote Keyboard Lite (Version: 1.2.0.09270 - Sony Corporation) Hidden
Seagate Manager Installer (HKLM\...\InstallShield_{2A30052B-831C-41D3-8044-3C0388066350}) (Version: 2.01.0600 - Seagate)
Seagate Manager Installer (Version: 2.01.0600 - Seagate) Hidden
Silicon Laboratories CP210x VCP Drivers for Windows XP/2003 Server/Vista/7 (HKLM\...\{EFC7DF4A-D0A1-4622-9104-10D8D2B5C82B}) (Version: 6.1.00 - Silicon Laboratories, Inc.)
Sophos Anti-Virus (HKLM\...\{D929B3B5-56C6-46CC-B3A3-A1A784CBB8E4}) (Version: 10.3.13 - Sophos Limited)
Sophos AutoUpdate (HKLM\...\{7CD26A0C-9B59-4E84-B5EE-B386B2F7AA16}) (Version: 4.1.0.273 - Sophos Limited)
Speccy (HKLM\...\Speccy) (Version: 1.28 - Piriform)
SpeedFan (remove only) (HKLM\...\SpeedFan) (Version:  - )
Supportsoft Mirror Driver 1.8.0 (HKLM\...\ConsMirror_is1) (Version: 1.8.0 - Consona.)
Supportsoft Printer Driver 1.7.0 (HKLM\...\ConsPrinter_is1) (Version: 1.7.0 - Consona.)
TreeSize Free V3.3.2 (HKLM\...\TreeSize Free_is1) (Version: 3.3.2 - JAM Software)
VirusTotal Uploader 2.2 (HKLM\...\VTUploader) (Version:  - )
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB  (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live Sign-in Assistant (HKLM\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Sync (HKLM\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live Upload Tool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001_Classes\CLSID\{05EC5C13-D255-4592-9CCB-98615172F0D6}\InprocServer32 -> c:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001_Classes\CLSID\{0ADF9C35-0D5E-4B75-88DD-B64868907E17}\InprocServer32 -> c:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001_Classes\CLSID\{123FAF7F-3FB1-4B8F-AD18-0047401D436A}\InprocServer32 -> c:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001_Classes\CLSID\{37A2FC00-1795-4679-94A3-A153F1A8BB54}\InprocServer32 -> c:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001_Classes\CLSID\{37A2FC02-1795-4679-94A3-A153F1A8BB54}\InprocServer32 -> c:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001_Classes\CLSID\{4716D3CE-55DB-4D2A-818C-87D912895890}\InprocServer32 -> c:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001_Classes\CLSID\{4844F3F7-2161-4AC4-B219-B3B4311782AA}\InprocServer32 -> c:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001_Classes\CLSID\{4A56F19E-9F50-4F43-93C8-050E44AA83A9}\InprocServer32 -> c:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001_Classes\CLSID\{4E5E74B5-8EB5-4859-A335-837EED412620}\InprocServer32 -> c:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001_Classes\CLSID\{5428A9ED-6CD8-11D6-9C8A-0001023DCAA2}\InprocServer32 -> c:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001_Classes\CLSID\{547C8F00-5567-4AE3-8BB0-CC3CE2AB9070}\InprocServer32 -> c:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001_Classes\CLSID\{57D590F1-91EB-44CE-8088-AE4AE19D30A1}\InprocServer32 -> c:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001_Classes\CLSID\{596801D8-2C9D-4627-9C67-195CB81B655A}\InprocServer32 -> c:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001_Classes\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282}\InprocServer32 -> C:\Users\Del\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\FileSyncShell.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001_Classes\CLSID\{5B7331FA-8910-4748-A8A4-60B445041F28}\InprocServer32 -> c:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001_Classes\CLSID\{5ED8AC89-B2DE-476D-8EEA-E170B2FCB058}\InprocServer32 -> c:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001_Classes\CLSID\{7694F1CD-A55B-4B7C-8820-A90892EB4E9E}\InprocServer32 -> c:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001_Classes\CLSID\{7B37E4E2-C62F-4914-9620-8FB5062718CC}\localserver32 -> C:\Users\Del\AppData\Local\Microsoft\OneDrive\OneDrive.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001_Classes\CLSID\{7DBF8260-30AD-4D1B-876A-8032B87B809F}\InprocServer32 -> c:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001_Classes\CLSID\{810CADD9-2658-4820-BA95-30199625191E}\localserver32 -> C:\Program Files\Intuit\QuickBooks 2010\qbw32.exe (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001_Classes\CLSID\{828E5386-74CF-4019-B356-C857CD028A7D}\InprocServer32 -> c:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001_Classes\CLSID\{82CC31B3-53B4-4161-A4E9-6B4F1290A6C8}\InprocServer32 -> c:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001_Classes\CLSID\{8572570D-12D9-4F2C-8BB8-EB8848178B94}\InprocServer32 -> c:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001_Classes\CLSID\{8E590317-1329-11D1-B70B-00805F29CD16}\localserver32 -> C:\Program Files\Intuit\QuickBooks 2010\qbw32.exe (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001_Classes\CLSID\{8FEDE364-AB37-4551-80C9-6D468E222AB2}\InprocServer32 -> c:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001_Classes\CLSID\{9D9B61F2-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> c:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001_Classes\CLSID\{9D9B61F3-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> c:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001_Classes\CLSID\{9D9B61F4-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> c:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001_Classes\CLSID\{9D9B61F5-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> c:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001_Classes\CLSID\{9D9B61F6-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> c:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001_Classes\CLSID\{9D9B61F7-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> c:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Del\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\FileSyncShell.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001_Classes\CLSID\{A63E42D0-9C63-47B5-ABF2-0C839EC20778}\InprocServer32 -> c:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001_Classes\CLSID\{A63E42D2-9C63-47B5-ABF2-0C839EC20778}\InprocServer32 -> c:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001_Classes\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30}\InprocServer32 -> C:\Users\Del\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\FileSyncShell.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001_Classes\CLSID\{AB807329-7324-431B-8B36-DBD581F56E0B}\localserver32 -> C:\Users\Del\AppData\Local\Microsoft\OneDrive\OneDrive.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001_Classes\CLSID\{AF5E0A13-CEAB-47CE-991D-77E82CD1BF3F}\InprocServer32 -> c:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001_Classes\CLSID\{B10BFAC3-EFF1-40D9-ADA0-BEBE037C24CA}\InprocServer32 -> c:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001_Classes\CLSID\{B66F2BF1-91EB-44CE-8088-AE4AE19D30A1}\InprocServer32 -> c:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Del\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\FileSyncShell.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Del\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\FileSyncShell.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001_Classes\CLSID\{D14FD6B3-6A9F-4537-9460-07B836707127}\InprocServer32 -> c:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001_Classes\CLSID\{D4A12AAF-E15E-470B-A6B6-63032186F91F}\InprocServer32 -> c:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001_Classes\CLSID\{D9B9C060-0954-11D3-9E07-00104BD2BE34}\InprocServer32 -> c:\Program Files\Common Files\Intuit\QuickBooks\ViewSource.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001_Classes\CLSID\{D9BC6F81-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> c:\Program Files\Common Files\Intuit\QuickBooks\cominifile.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001_Classes\CLSID\{D9BC6F84-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> c:\Program Files\Common Files\Intuit\QuickBooks\cominifile.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001_Classes\CLSID\{D9BC6F87-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> c:\Program Files\Common Files\Intuit\QuickBooks\cominifile.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001_Classes\CLSID\{D9BC6FA1-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> c:\Program Files\Common Files\Intuit\QuickBooks\GraphSeriesCol.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001_Classes\CLSID\{D9BC6FA6-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> c:\Program Files\Common Files\Intuit\QuickBooks\GraphSeriesCol.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001_Classes\CLSID\{D9BC6FB2-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> c:\Program Files\Common Files\Intuit\QuickBooks\StorageClasses.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001_Classes\CLSID\{DCB2B478-EFF6-48F6-B718-13E98876854E}\InprocServer32 -> c:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001_Classes\CLSID\{DFD0AF10-B86C-4AF3-B609-1348D513E565}\InprocServer32 -> c:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001_Classes\CLSID\{E1A173E1-D957-4C3E-A098-43756A3DB454}\InprocServer32 -> c:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001_Classes\CLSID\{E1A173E3-D957-4C3E-A098-43756A3DB454}\InprocServer32 -> c:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001_Classes\CLSID\{EADA914E-5B08-4E85-8440-5A087504DF87}\InprocServer32 -> c:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001_Classes\CLSID\{EAEF733D-5B08-4E85-8440-5A087504DF87}\InprocServer32 -> c:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Del\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\FileSyncShell.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001_Classes\CLSID\{F2C593CC-74B2-4F71-8556-DD4D426D0409}\InprocServer32 -> c:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Del\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\FileSyncApi.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001_Classes\CLSID\{FAC93D42-FFC2-11d1-9DEB-0008C7A08EBA}\localserver32 -> C:\Program Files\Intuit\QuickBooks 2010\qbw32.exe (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001_Classes\CLSID\{FB17915F-06D1-4214-A902-CC5EE05186E9}\InprocServer32 -> c:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)

==================== Restore Points  =========================

04-03-2015 10:01:48 Windows Update
07-03-2015 17:21:21 Windows Update
12-03-2015 10:13:23 Windows Update
17-03-2015 10:05:49 Windows Update
22-03-2015 11:55:14 Windows Update
25-03-2015 18:08:12 Garmin Express
25-03-2015 18:10:26 Garmin Express
26-03-2015 10:42:12 Removed tbbMeter Loader Service
26-03-2015 10:43:53 Removed tbbMeter.
26-03-2015 10:45:06 Removed tbbMeter Loader Service
28-03-2015 12:31:28 Windows Update
31-03-2015 14:47:08 Windows Update
09-04-2015 11:28:36 Windows Update
10-04-2015 08:22:57 Garmin Express
10-04-2015 08:34:07 Garmin Express
11-04-2015 09:13:12 Windows Update
12-04-2015 17:20:15 Windows Backup
14-04-2015 13:57:48 Restore Point Created by FRST
14-04-2015 15:14:12 avast! antivirus system restore point
15-04-2015 09:20:03 avast! antivirus system restore point

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:04 - 2013-09-26 17:00 - 00000098 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1       localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {4220E91D-159A-40F3-BF52-F11C873327DD} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-27] (Google Inc.)
Task: {8CD64B89-617D-49BB-A81C-5392866C8E7E} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {94B2FBB8-7924-4917-9FAD-F4A1DF91F125} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\Dell\SupportAssist\sessionchecker.exe [2015-02-03] (PC-Doctor, Inc.)
Task: {A919F893-4B86-4251-8158-370AFBF29525} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-27] (Google Inc.)
Task: {B8B97699-8FB6-489F-A5DE-2FEC2EDD4665} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {D0A19339-A8A1-48F8-80BB-9DE76C86463A} - System32\Tasks\GarminUpdaterTask => C:\Program Files\Garmin\Express Self Updater\ExpressSelfUpdater.exe
Task: {D1B3BD8F-D98B-409E-8531-897BEF05098C} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-25] (Microsoft Corporation)
Task: {ECB4A6BC-E614-4E12-A8F3-5E89FCA3E458} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {FBE2BA1B-8D87-47DC-9C89-73F36FC0D02D} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-03-13] (Piriform Ltd)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) ==============

2013-11-06 09:41 - 2012-02-01 18:09 - 00026112 _____ () C:\Windows\System32\VNCpm.dll
2015-04-14 15:16 - 2015-04-14 15:16 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2015-04-14 15:16 - 2015-04-14 15:16 - 00104400 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-04-14 15:16 - 2015-04-14 15:16 - 00081728 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\Del\Desktop\passport  Y.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\Yvonne\Desktop\specs.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\Yvonne\Documents\del and me 2010.eml:OECustomProperty

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SAVService => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SAVService => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SprtListen => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SprtListenPush => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SupportSoft Remote Control Client => ""="Service"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2568410734-3031030142-1223416489-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Del\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.254

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk => C:\Windows\pss\QuickBooks Update Agent.lnk.CommonStartup

==================== Accounts: =============================

Administrator (S-1-5-21-2568410734-3031030142-1223416489-500 - Administrator - Disabled)
Del (S-1-5-21-2568410734-3031030142-1223416489-1001 - Administrator - Enabled) => C:\Users\Del
Guest (S-1-5-21-2568410734-3031030142-1223416489-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2568410734-3031030142-1223416489-1016 - Limited - Enabled)
SophosSAUDEL-PC0 (S-1-5-21-2568410734-3031030142-1223416489-1023 - Limited - Enabled)
Yvonne (S-1-5-21-2568410734-3031030142-1223416489-1008 - Limited - Enabled) => C:\Users\Yvonne

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (04/15/2015 09:21:32 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: wlmail.exe, version: 14.0.8089.726, time stamp: 0x4a6ce53d
Faulting module name: MSMAIL.DLL, version: 14.0.8089.726, time stamp: 0x4a6ce58f
Exception code: 0xc0000005
Fault offset: 0x0021ccde
Faulting process id: 0x1754
Faulting application start time: 0xwlmail.exe0
Faulting application path: wlmail.exe1
Faulting module path: wlmail.exe2
Report Id: wlmail.exe3

Error: (04/15/2015 09:20:03 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.

Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {0083948e-414f-426c-9d3c-6dffa30604e6}

Error: (04/14/2015 03:20:14 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary enafoxwc.

System Error:
The system cannot find the file specified.
.

Error: (04/14/2015 03:19:46 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary enafoxwc.

System Error:
The system cannot find the file specified.
.

Error: (04/14/2015 03:14:18 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary enafoxwc.

System Error:
The system cannot find the file specified.
.

Error: (04/14/2015 03:14:12 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.

Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {710c5547-0c69-4acb-8d9b-e9705834e207}

System errors:
=============
Error: (04/15/2015 09:15:51 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The MBAMScheduler service failed to start due to the following error:
%%1053

Error: (04/15/2015 09:15:51 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the MBAMScheduler service to connect.

Error: (04/15/2015 09:14:42 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Garmin Device Interaction Service service failed to start due to the following error:
%%1053

Error: (04/15/2015 09:14:42 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Garmin Device Interaction Service service to connect.

Error: (04/14/2015 10:08:48 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.

Error: (04/14/2015 08:08:07 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Garmin Device Interaction Service service.

Error: (04/14/2015 04:30:35 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 43. The internal error state is 252.

Error: (04/14/2015 04:29:18 PM) (Source: VDS Basic Provider) (EventID: 1) (User: )
Description: Unexpected failure. Error code: [email protected]

Error: (04/14/2015 04:02:31 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Software Protection service failed to start due to the following error:
%%1053

Error: (04/14/2015 04:02:31 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Software Protection service to connect.

Microsoft Office Sessions:
=========================
Error: (04/15/2015 09:21:32 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: wlmail.exe14.0.8089.7264a6ce53dMSMAIL.DLL14.0.8089.7264a6ce58fc00000050021ccde175401d0775511c36a91C:\Program Files\Windows Live\Mail\wlmail.exeC:\Program Files\Windows Live\Mail\MSMAIL.DLL6bd89f48-e348-11e4-b2e8-0024e811b7db

Error: (04/15/2015 09:20:03 AM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005, Access is denied.

Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {0083948e-414f-426c-9d3c-6dffa30604e6}

Error: (04/14/2015 03:20:14 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddLegacyDriverFiles: Unable to back up image of binary enafoxwc.

System Error:
The system cannot find the file specified.

Error: (04/14/2015 03:19:46 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddLegacyDriverFiles: Unable to back up image of binary enafoxwc.

System Error:
The system cannot find the file specified.

Error: (04/14/2015 03:14:18 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddLegacyDriverFiles: Unable to back up image of binary enafoxwc.

System Error:
The system cannot find the file specified.

Error: (04/14/2015 03:14:12 PM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005, Access is denied.

Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {710c5547-0c69-4acb-8d9b-e9705834e207}

==================== Memory info ===========================

Processor: Pentium® Dual-Core CPU E5300 @ 2.60GHz
Percentage of memory in use: 42%
Total physical RAM: 3061.18 MB
Available physical RAM: 1757.93 MB
Total Pagefile: 6120.64 MB
Available Pagefile: 4150.98 MB
Total Virtual: 2047.88 MB
Available Virtual: 1918.48 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:283.03 GB) (Free:128.4 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (RECOVERY) (Fixed) (Total:15 GB) (Free:7.57 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: A0000000)
Partition 1: (Not Active) - (Size=63 MB) - (Type=DE)
Partition 2: (Not Active) - (Size=15 GB) - (Type=07 NTFS)
Partition 3: (Active) - (Size=283 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 72025BA2)

==================== End Of Log ============================


  • 0

Advertisements


#11
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,583 posts

Thanks for the info. Please do the following.

 

Step#1 - FRST Fix
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
1. Download attached file and save it to the Desktop. Attached File  fixlist.txt   26bytes   78 downloads
Note. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work (in this case...the desktop).
2. Run FRST by Right-Clicking on the file and choosing Run as administrator.
3. Press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
4. When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post the contents of it in your reply.

 

Step#2 - AdWCleaner
1. Please download AdwCleaner by Xplode onto your desktop.
2. Close all open programs and internet browsers.
3. Right-click on AdwCleaner.exe and select Run as administrator to run the tool.
4. Click on Scan.
5. After the scan is complete click on "Clean"
6. Confirm each time with Ok.
7. Your computer will be rebooted automatically. A text file will open after the restart.
8. Please post the content of that logfile with your next answer.
9. If need be, you can also find the logfile at C:\AdwCleaner\AdwCleaner[S0].txt as well.

 

Step#3 - JRT
1. Download Junkware Removal Tool to your desktop.
1. Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
2. The tool will open and start scanning your system.
3. Please be patient as this can take a while to complete depending on your system's specifications.
4. On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
5. Close the text file and reboot your machine.
6. Post the contents of JRT.txt into your next message.

 

 

Items for your next post

1. FRST Fix Log

2. AdwCleaner log

3. Junkware log


  • 0

#12
70delboy

70delboy

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 147 posts

Hi Brian

 

Have run the tree programms as instructed. The results are as follows.

 

 

FRST

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 15-04-2015 02
Ran by Del (administrator) on DEL-PC on 15-04-2015 15:25:58
Running from C:\Users\Del\Desktop
Loaded Profiles: Del (Available profiles: Del & Yvonne)
Platform: Microsoft Windows 7 Home Premium  Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Sophos Limited) C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Sony Corporation) C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe
(Sophos Limited) C:\Program Files\Sophos\AutoUpdate\ALMon.exe
(CANON INC.) C:\Program Files\Canon\Quick Menu\CNQMMAIN.EXE
(Microsoft Corporation) C:\Users\Del\AppData\Local\Microsoft\OneDrive\OneDrive.exe
(Seagate Technology LLC) C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(Sony Corporation) C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Intuit) C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
(Sophos Limited) C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
(Sophos Limited) C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
(SupportSoft, Inc.) C:\Program Files\Common Files\SupportSoft\bin\consrcclient.exe
(Sophos Limited) C:\Program Files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe
(SupportSoft, Inc.) C:\Program Files\O2LAS\bin\tgsrvc.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(CANON INC.) C:\Program Files\Canon\Quick Menu\CNQMUPDT.EXE
(CANON INC.) C:\Program Files\Canon\Quick Menu\CNQMSWCS.EXE
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil32_15_0_0_189_ActiveX.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59240 2011-09-27] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\qttask.exe [421888 2012-01-12] (Apple Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [PMBVolumeWatcher] => C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe [651832 2011-08-24] (Sony Corporation)
HKLM\...\Run: [Sophos AutoUpdate Monitor] => C:\Program Files\Sophos\AutoUpdate\almon.exe [1593640 2015-01-30] (Sophos Limited)
HKLM\...\Run: [CanonQuickMenu] => C:\Program Files\Canon\Quick Menu\CNQMMAIN.EXE [1285704 2014-08-08] (CANON INC.)
HKLM\...\Run: [SpeedZooka Scheduler] => C:\Program Files\SpeedZooka\SpeedZookaScheduler.exe
HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox]  ATTENTION! ====> ZeroAccess?
HKU\S-1-5-21-2568410734-3031030142-1223416489-1001\...\Run: [GarminExpressTrayApp] => "C:\Program Files\Garmin\Express Tray\ExpressTray.exe"
HKU\S-1-5-21-2568410734-3031030142-1223416489-1001\...\Run: [OneDrive] => C:\Users\Del\AppData\Local\Microsoft\OneDrive\OneDrive.exe [281248 2015-03-13] (Microsoft Corporation)
HKU\S-1-5-21-2568410734-3031030142-1223416489-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [5529880 2015-03-13] (Piriform Ltd)
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files\Garmin\Express Tray\tray.exe [1010008 2015-04-08] (Garmin Ltd. or its subsidiaries)
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [280576 2013-11-01] (Microsoft Corporation)
AppInit_DLLs: C:\PROGRA~1\Sophos\SOPHOS~1\sophos_detoured.dll => C:\Program Files\Sophos\Sophos Anti-Virus\sophos_detoured.dll [275352 2014-09-15] (Sophos Limited)
AppInit_DLLs: L, C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL => C:\Program Files\Sophos\Sophos Anti-Virus\sophos_detoured.dll [275352 2014-09-15] (Sophos Limited)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Del\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\FileSyncShell.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Del\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\FileSyncShell.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Del\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\FileSyncShell.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...d=ie&ar=msnhome
HKU\S-1-5-21-2568410734-3031030142-1223416489-1001\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKU\S-1-5-21-2568410734-3031030142-1223416489-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.co.uk/
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2011-09-05] (Adobe Systems Incorporated)
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2014-07-07] (CANON INC.)
BHO: Protect My Choices (Beta) -> {3DFCDCA1-AEAC-4302-A690-BFB683568BAA} -> C:\Program Files\DigitalAdvertisingAlliance\Protect My Choices\pmc.dll [2013-01-15] (Digital Advertising Alliance)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2013-12-18] (Oracle Corporation)
BHO: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22] (Microsoft Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-04-14] (Google Inc.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-12-18] (Oracle Corporation)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2014-07-07] (CANON INC.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-04-14] (Google Inc.)
Toolbar: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001 -> Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2014-07-07] (CANON INC.)
Toolbar: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-04-14] (Google Inc.)
DPF: {01113300-3E00-11D2-8470-0060089874ED} http://ias.broadband...oad/tgctlcm.cab
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.appl...ex/qtplugin.cab
DPF: {0A43D7AC-D6C1-4622-B309-BF975F427C0E} https://internetbank...frontdoorFD.cab
DPF: {4E62C4DE-627D-4604-B157-4B7D6B09F02E} https://moneymanager...unttracking.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab
Handler: intu-help-qb3 - {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - C:\Program Files\Intuit\QuickBooks 2010\HelpAsyncPluggableProtocol.dll [2013-02-02] (Intuit, Inc.)
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\system32\mscoree.dll [2010-11-05] (Microsoft Corporation)
Winsock: Catalog9 01 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760] (Sophos Limited)
Winsock: Catalog9 02 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760] (Sophos Limited)
Winsock: Catalog9 03 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760] (Sophos Limited)
Winsock: Catalog9 04 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760] (Sophos Limited)
Winsock: Catalog9 05 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760] (Sophos Limited)
Winsock: Catalog9 06 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760] (Sophos Limited)
Winsock: Catalog9 07 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760] (Sophos Limited)
Winsock: Catalog9 08 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760] (Sophos Limited)
Winsock: Catalog9 19 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760] (Sophos Limited)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF Plugin: @canon.com/EPPEX -> C:\Program Files\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll [2011-11-30] (CANON INC.)
FF Plugin: @garmin.com/GpsControl -> C:\Program Files\Garmin GPS Plugin\npGarmin.dll [2013-10-09] (GARMIN Corp.)
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2013-12-18] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2013-12-18] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2009-07-10] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2011-09-05] (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Users\Del\AppData\Roaming\Mozilla\Extensions\[email protected]
FF Extension: Games by 7Go - C:\Users\Del\AppData\Roaming\Mozilla\Extensions\[email protected] [2013-09-18]
FF HKU\S-1-5-21-2568410734-3031030142-1223416489-1001\...\Firefox\Extensions: [[email protected]] - C:\Users\Del\AppData\Roaming\Mozilla\Extensions\[email protected]

Chrome:
=======
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\Del\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Del\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-04-14]
CHR Extension: (Docs) - C:\Users\Del\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-04-14]
CHR Extension: (Google Drive) - C:\Users\Del\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-04-14]
CHR Extension: (YouTube) - C:\Users\Del\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-04-14]
CHR Extension: (Google Search) - C:\Users\Del\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-04-14]
CHR Extension: (Google Sheets) - C:\Users\Del\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-04-14]
CHR Extension: (Google Wallet) - C:\Users\Del\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-04-14]
CHR Extension: (Gmail) - C:\Users\Del\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-14]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 FreeAgentGoNext Service; C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe [189736 2009-09-25] (Seagate Technology LLC)
S2 Garmin Device Interaction Service; C:\Program Files\Garmin\Device Interaction Service\GarminService.exe [708616 2015-04-08] (Garmin Ltd. or its subsidiaries)
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-03-17] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation)
R2 QBCFMonitorService; c:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [45056 2013-02-02] (Intuit) [File not signed]
S3 QBFCService; c:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [61440 2009-07-23] (Intuit Inc.) [File not signed]
R2 SAVAdminService; C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe [288552 2014-09-15] (Sophos Limited)
R2 SAVService; C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe [208168 2014-09-15] (Sophos Limited)
R2 Sophos AutoUpdate Service; C:\Program Files\Sophos\AutoUpdate\ALsvc.exe [340776 2015-01-30] (Sophos Limited)
R2 SupportSoft Remote Control Client; C:\Program Files\Common Files\supportsoft\bin\consrcclient.exe [2080272 2012-11-06] (SupportSoft, Inc.)
R2 swi_service; C:\Program Files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe [3274536 2014-09-15] (Sophos Limited)
S2 swi_update; C:\ProgramData\Sophos\Web Intelligence\swi_update.exe [1487144 2014-09-15] (Sophos Limited)
R2 tgsrvc_o2las; C:\Program Files\O2LAS\bin\tgsrvc.exe [213008 2012-11-06] (SupportSoft, Inc.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
S2 Seagate Sync Service; "C:\Program Files\Seagate\Sync\SeaSyncServices.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 FreshIO; C:\Program Files\FreshDevices\FreshDiagnose\FreshIO.sys [2410 2004-10-26] () [File not signed]
R0 giveio; C:\Windows\System32\giveio.sys [5248 1996-04-03] () [File not signed]
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-03-17] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2015-04-15] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-03-17] (Malwarebytes Corporation)
S3 PSSDK42; C:\Windows\system32\Drivers\pssdk42.sys [38976 2015-03-26] (microOLAP Technologies LTD)
S3 PSSDKLBF; C:\Windows\system32\Drivers\pssdklbf.sys [53312 2015-03-26] (microOLAP Technologies LTD)
R0 pwdrvio; C:\Windows\System32\pwdrvio.sys [15688 2013-09-30] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [10320 2013-09-30] ()
S3 RapportIaso; c:\programdata\trusteer\rapport\store\exts\rapportms\baseline\rapportiaso.sys [21520 2012-06-30] (Trusteer Ltd.)
R1 SAVOnAccess; C:\Windows\System32\DRIVERS\savonaccess.sys [134912 2014-09-15] (Sophos Limited)
S3 silabenm; C:\Windows\System32\DRIVERS\silabenm.sys [47176 2010-07-28] (Silicon Laboratories)
S3 silabser; C:\Windows\System32\DRIVERS\silabser.sys [58112 2010-07-28] (Silicon Laboratories)
R1 SKMScan; C:\Windows\System32\DRIVERS\skmscan.sys [33408 2014-09-15] (Sophos Limited)
S4 SophosBootDriver; C:\Windows\System32\DRIVERS\SophosBootDriver.sys [23680 2014-09-15] (Sophos Limited)
R0 speedfan; C:\Windows\System32\speedfan.sys [25240 2011-03-18] (Almico Software)
R3 vncmirror; C:\Windows\System32\DRIVERS\vncmirror.sys [4608 2011-05-31] (RealVNC Ltd.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [20992 2009-07-14] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-15 09:23 - 2015-04-14 15:16 - 00788272 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\asw8268.tmp
2015-04-15 09:23 - 2015-04-14 15:16 - 00427736 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\asw95FD.tmp
2015-04-15 09:23 - 2015-04-14 15:16 - 00208024 _____ () C:\Windows\system32\Drivers\asw9948.tmp
2015-04-15 09:23 - 2015-04-14 15:16 - 00106912 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\asw9CF1.tmp
2015-04-15 09:23 - 2015-04-14 15:16 - 00081728 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\asw902F.tmp
2015-04-15 09:23 - 2015-04-14 15:16 - 00073440 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\asw93D9.tmp
2015-04-15 09:23 - 2015-04-14 15:16 - 00049904 _____ () C:\Windows\system32\Drivers\asw9502.tmp
2015-04-15 09:23 - 2015-04-14 15:16 - 00024144 _____ () C:\Windows\system32\Drivers\asw930D.tmp
2015-04-15 09:16 - 2015-04-15 09:16 - 00000000 ___HD () C:\OneDriveTemp
2015-04-14 20:34 - 2015-04-14 20:34 - 00002124 _____ () C:\Users\Del\Desktop\BSOD.txt
2015-04-14 20:31 - 2015-04-14 20:34 - 00000000 ____D () C:\Users\Del\Desktop\bluescreenview
2015-04-14 20:30 - 2015-04-14 20:30 - 00066913 _____ () C:\Users\Del\Desktop\bluescreenview.zip
2015-04-14 20:23 - 2015-04-14 20:23 - 00000943 _____ () C:\Users\Public\Desktop\Speccy.lnk
2015-04-14 20:23 - 2015-04-14 20:23 - 00000000 ____D () C:\Program Files\Speccy
2015-04-14 20:21 - 2015-04-14 20:21 - 05127432 _____ (Piriform Ltd) C:\Users\Del\Desktop\spsetup128.exe
2015-04-14 16:14 - 2015-04-14 16:14 - 00000512 _____ () C:\Users\Del\Desktop\MBR.dat
2015-04-14 16:01 - 2015-04-14 16:01 - 00000000 ____D () C:\Users\Del\AppData\Roaming\AVAST Software
2015-04-14 15:58 - 2015-04-14 15:58 - 298437934 _____ () C:\Windows\MEMORY.DMP
2015-04-14 15:58 - 2015-04-14 15:58 - 00145304 _____ () C:\Windows\Minidump\041415-20217-01.dmp
2015-04-14 15:58 - 2015-04-14 15:58 - 00002032 _____ () C:\Windows\PFRO.log
2015-04-14 15:58 - 2015-04-14 15:58 - 00000000 ____D () C:\Windows\Minidump
2015-04-14 15:26 - 2015-04-14 15:27 - 05200384 _____ (AVAST Software) C:\Users\Del\Desktop\aswmbr.exe
2015-04-14 15:24 - 2015-04-14 15:24 - 00000000 ____D () C:\Users\Del\AppData\Roaming\Google
2015-04-14 15:19 - 2015-04-14 15:19 - 00002081 _____ () C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2015-04-14 15:19 - 2015-04-14 15:19 - 00000000 ____D () C:\Windows\system32\vbox
2015-04-14 15:19 - 2015-04-14 15:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2015-04-14 15:18 - 2015-04-14 15:18 - 00002207 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-04-14 15:18 - 2015-04-14 15:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-04-14 15:18 - 2015-04-14 15:18 - 00000000 ____D () C:\ProgramData\Google
2015-04-14 15:16 - 2015-04-14 15:16 - 00043112 _____ (Avast Software s.r.o.) C:\Windows\avastSS.scr
2015-04-14 15:14 - 2015-04-14 15:14 - 00000000 ____D () C:\Program Files\AVAST Software
2015-04-14 14:55 - 2015-04-14 14:55 - 00197679 _____ () C:\Users\Del\Desktop\ListChkdskResult.exe
2015-04-14 14:55 - 2015-04-14 14:55 - 00004722 _____ () C:\Users\Del\Desktop\ListChkdskResult.txt
2015-04-14 13:57 - 2015-04-15 15:25 - 00000000 ____D () C:\Users\Del\Desktop\FRST-OlderVersion
2015-04-12 16:00 - 2015-04-12 16:00 - 00000000 ____D () C:\Users\Del\Documents\Family Tree Maker
2015-04-12 16:00 - 2015-04-12 16:00 - 00000000 ____D () C:\Users\Del\AppData\Local\IsolatedStorage
2015-04-12 16:00 - 2015-04-12 16:00 - 00000000 ____D () C:\Users\Del\AppData\Local\Ancestry.com
2015-04-11 09:05 - 2015-04-15 09:13 - 00000840 _____ () C:\Windows\setupact.log
2015-04-11 09:05 - 2015-04-11 09:05 - 00000000 _____ () C:\Windows\setuperr.log
2015-04-10 08:33 - 2015-04-10 08:33 - 00001862 _____ () C:\Users\Public\Desktop\Garmin Express.lnk
2015-04-10 08:33 - 2015-04-10 08:33 - 00000000 ____D () C:\Users\Default\AppData\Local\Garmin_Ltd._or_its_subsid
2015-04-10 08:33 - 2015-04-10 08:33 - 00000000 ____D () C:\Users\Default User\AppData\Local\Garmin_Ltd._or_its_subsid
2015-04-10 08:33 - 2015-04-10 08:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin
2015-04-09 18:55 - 2015-04-15 15:26 - 00017741 _____ () C:\Users\Del\Desktop\FRST.txt
2015-04-09 18:54 - 2015-04-15 15:25 - 01136640 _____ (Farbar) C:\Users\Del\Desktop\FRST.exe
2015-04-09 18:39 - 2015-04-09 20:00 - 00041932 _____ () C:\Users\Del\Desktop\Addition.txt
2015-04-09 18:33 - 2015-04-09 18:34 - 00041886 _____ () C:\Users\Del\Downloads\Addition.txt
2015-04-09 18:32 - 2015-04-15 15:26 - 00000000 ____D () C:\FRST
2015-04-09 18:32 - 2015-04-09 18:34 - 00038472 _____ () C:\Users\Del\Downloads\FRST.txt
2015-04-09 11:30 - 2015-04-09 11:30 - 00000000 ___SD () C:\Windows\system32\GWX
2015-04-05 20:52 - 2015-04-05 20:52 - 00001185 _____ () C:\Users\Del\Desktop\TreeSize Free.lnk
2015-04-05 20:52 - 2015-04-05 20:52 - 00000000 ____D () C:\Users\Del\AppData\Roaming\JAM Software
2015-04-05 20:52 - 2015-04-05 20:52 - 00000000 ____D () C:\Program Files\JAM Software
2015-04-05 20:51 - 2015-04-05 20:51 - 06639264 _____ (JAM Software ) C:\Users\Del\Downloads\TreeSizeFreeSetup.exe
2015-04-04 19:36 - 2015-04-04 19:37 - 05344528 _____ (Piriform Ltd) C:\Users\Del\Downloads\ccsetup504.exe
2015-04-04 18:33 - 2015-04-04 18:33 - 00000000 ____D () C:\ProgramData\Auslogics
2015-04-04 18:32 - 2015-04-08 20:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Auslogics
2015-04-04 18:32 - 2015-04-04 18:33 - 00000000 ____D () C:\Program Files\Auslogics
2015-04-04 18:32 - 2015-04-04 18:32 - 07213472 _____ (Auslogics Labs Pty Ltd ) C:\Users\Del\Downloads\disk-defrag-setup.exe
2015-04-04 18:32 - 2015-04-04 18:32 - 00001133 _____ () C:\Users\Del\Desktop\Auslogics DiskDefrag.lnk
2015-04-04 17:13 - 2015-04-04 18:30 - 00000000 ____D () C:\Program Files\SpeedZooka
2015-04-04 17:12 - 2015-04-04 17:13 - 12406408 _____ (ZookaWare) C:\Users\Del\Downloads\speedzookasetup.exe
2015-04-02 19:25 - 2015-04-02 19:25 - 00000509 _____ () C:\Users\Del\Desktop\ebaytext.txt
2015-03-29 14:48 - 2015-03-29 14:48 - 00001028 _____ () C:\Users\Public\Desktop\CPUID CPU-Z.lnk
2015-03-29 14:48 - 2015-03-29 14:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID
2015-03-29 14:47 - 2015-03-29 14:47 - 00000000 ____D () C:\Program Files\CPUID
2015-03-29 10:49 - 2015-03-29 10:49 - 00001348 _____ () C:\Users\Del\Desktop\march29ahci.txt
2015-03-22 12:28 - 2015-03-22 12:28 - 00000000 ____D () C:\Users\Del\AppData\Roaming\Dell
2015-03-22 12:28 - 2015-03-22 12:28 - 00000000 ____D () C:\ProgramData\PCDr
2015-03-22 12:28 - 2015-03-22 12:28 - 00000000 ____D () C:\ProgramData\PC-Doctor for Windows
2015-03-22 12:28 - 2015-03-22 12:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
2015-03-22 12:28 - 2015-03-22 12:28 - 00000000 ____D () C:\Program Files\Dell Support Center
2015-03-22 12:27 - 2015-03-22 12:27 - 00000000 ____D () C:\Program Files\Dell
2015-03-22 12:25 - 2015-03-22 12:25 - 00000000 ____D () C:\Users\Del\AppData\Roaming\PCDr
2015-03-17 20:39 - 2015-01-14 12:27 - 02894848 _____ () C:\Windows\system32\pwNative.exe
2015-03-17 20:39 - 2013-09-30 17:26 - 00015688 ____N () C:\Windows\system32\pwdrvio.sys
2015-03-17 20:39 - 2013-09-30 17:26 - 00010320 ____N () C:\Windows\system32\pwdspio.sys
2015-03-17 20:31 - 2015-03-17 20:39 - 00000000 ____D () C:\Program Files\MiniTool Partition Wizard Free 9.0
2015-03-17 20:31 - 2015-03-17 20:31 - 00001143 _____ () C:\Users\Public\Desktop\MiniTool Partition Wizard Free.lnk
2015-03-17 20:31 - 2015-03-17 20:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MiniTool Partition Wizard Free 9.0

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-15 15:22 - 2015-01-25 12:07 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-04-15 15:22 - 2011-06-20 19:29 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-15 15:22 - 2009-11-27 22:44 - 01545710 _____ () C:\Windows\WindowsUpdate.log
2015-04-15 12:00 - 2014-06-25 11:49 - 00000000 _____ () C:\Windows\system32\vireng.log
2015-04-15 09:23 - 2009-07-14 05:34 - 00014832 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-15 09:23 - 2009-07-14 05:34 - 00014832 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-15 09:16 - 2014-06-25 19:24 - 00000000 ___RD () C:\Users\Del\OneDrive
2015-04-15 09:15 - 2011-06-20 19:29 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-15 09:14 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-14 16:00 - 2011-06-20 19:29 - 00000000 ____D () C:\Users\Del\AppData\Local\Google
2015-04-14 15:18 - 2011-06-20 19:29 - 00000000 ____D () C:\Program Files\Google
2015-04-11 19:53 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2015-04-11 19:21 - 2009-11-27 15:00 - 00782470 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-10 19:32 - 2011-10-17 19:20 - 00000000 ____D () C:\Program Files\SpeedFan
2015-04-10 08:34 - 2014-02-12 12:13 - 00000000 ____D () C:\ProgramData\Package Cache
2015-04-10 08:33 - 2014-02-12 12:13 - 00000000 ____D () C:\ProgramData\Garmin
2015-04-10 08:33 - 2014-02-12 12:13 - 00000000 ____D () C:\Program Files\Garmin
2015-04-10 08:17 - 2015-02-05 20:13 - 00000000 ____D () C:\ProgramData\CanonIJPLM
2015-04-09 08:25 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\LogFiles
2015-04-08 19:43 - 2012-09-09 20:05 - 00004934 _____ () C:\Users\Del\Desktop\dgcontacts.csv
2015-04-04 19:38 - 2013-09-17 20:13 - 00000971 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2015-04-04 19:38 - 2013-09-17 20:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-04-04 19:38 - 2013-09-17 20:13 - 00000000 ____D () C:\Program Files\CCleaner
2015-03-29 10:10 - 2009-07-14 05:53 - 00032620 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-03-26 10:37 - 2012-01-23 13:53 - 00053312 _____ (microOLAP Technologies LTD) C:\Windows\system32\Drivers\pssdklbf.sys
2015-03-26 10:37 - 2012-01-23 13:53 - 00038976 _____ (microOLAP Technologies LTD) C:\Windows\system32\Drivers\pssdk42.sys
2015-03-25 19:25 - 2015-01-25 12:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-03-25 19:25 - 2015-01-25 12:07 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2015-03-25 19:25 - 2013-09-22 18:44 - 00001066 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-03-22 12:35 - 2013-11-06 09:41 - 00000000 ____D () C:\temp
2015-03-22 12:24 - 2013-12-14 13:10 - 00000000 ____D () C:\Users\Del\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell
2015-03-22 12:24 - 2009-12-09 13:23 - 00000000 ____D () C:\Users\Del\AppData\Local\Deployment
2015-03-22 11:58 - 2014-06-25 20:32 - 06089928 _____ (Microsoft Corporation) C:\Users\Del\Downloads\OneDriveSetup.exe
2015-03-17 07:15 - 2015-01-25 12:07 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-03-17 07:15 - 2015-01-25 12:07 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-03-17 07:15 - 2013-09-22 18:44 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-03-16 15:25 - 2009-07-14 08:48 - 00000000 ____D () C:\Windows\ShellNew

==================== Files in the root of some directories =======

2009-12-02 13:37 - 2014-12-04 09:46 - 0007615 _____ () C:\Users\Del\AppData\Local\Resmon.ResmonCfg

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-04-15 11:56

==================== End Of Log ============================

 

 

 

 

adwCleaner

 

# AdwCleaner v4.201 - Logfile created 15/04/2015 at 18:36:45
# Updated 08/04/2015 by Xplode
# Database : 2015-04-15.1 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x86)
# Username : Del - DEL-PC
# Running from : C:\Users\Del\Desktop\adwcleaner_4.201.exe
# Option : Cleaning

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupon Printer
Folder Deleted : C:\Program Files\Coupon Printer
Folder Deleted : C:\Users\Del\AppData\Roaming\download Manager

***** [ Scheduled tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\*\shell\filescout
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Coupon Printer2.2.0.5
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\tubeask.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.tubeask.com
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <-loopback>

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17689

-\\ Google Chrome v41.0.2272.118

[C:\Users\Del\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://uk.ask.com/web?q={searchTerms}

*************************

AdwCleaner[R0].txt - [3192 bytes] - [23/09/2013 14:25:32]
AdwCleaner[R1].txt - [1797 bytes] - [15/04/2015 18:33:50]
AdwCleaner[S0].txt - [3351 bytes] - [23/09/2013 14:46:51]
AdwCleaner[S1].txt - [1746 bytes] - [15/04/2015 18:36:45]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1805  bytes] ##########

 

 

JRT

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.5.4 (04.13.2015:1)
OS: Windows 7 Home Premium x86
Ran by Del on 15/04/2015 at 18:47:44.61
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

 

~~~ Registry Values

 

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3DFCDCA1-AEAC-4302-A690-BFB683568BAA}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{3DFCDCA1-AEAC-4302-A690-BFB683568BAA}

 

~~~ Files

Successfully deleted: [Task] PCDEventLauncherTask
Successfully deleted: [File] C:\Windows\couponprinter.ocx

 

~~~ Folders

Successfully deleted: [Folder] C:\ProgramData\pcdr
Successfully deleted: [Folder] C:\Users\Del\AppData\Roaming\pcdr
Successfully deleted: [Folder] C:\Users\Del\appdata\locallow\pcdr

 

~~~ Event Viewer Logs were cleared

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 15/04/2015 at 18:50:01.70
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

delboy


  • 0

#13
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,583 posts

Can you do Step#1 please? It looks like you did the Scan instead of the Fix. I need the contents of the fixlog.txt

 

Thanks.


  • 0

#14
70delboy

70delboy

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 147 posts

Brian

 

Sorry here it is ...copied the wrong file!

 

Fixlog

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 15-04-2015 02
Ran by Del at 2015-04-15 18:27:34 Run:2
Running from C:\Users\Del\Desktop
Loaded Profiles: Del (Available profiles: Del & Yvonne)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
cmd: vssadmin list writers
*****************

=========  vssadmin list writers =========

vssadmin 1.1 - Volume Shadow Copy Service administrative command-line tool
© Copyright 2001-2005 Microsoft Corp.

Writer name: 'Task Scheduler Writer'
   Writer Id: {d61d61c8-d73a-4eee-8cdd-f6f9786b7124}
   Writer Instance Id: {1bddd48e-5052-49db-9b07-b96f96727e6b}
   State: [1] Stable
   Last error: No error

Writer name: 'VSS Metadata Store Writer'
   Writer Id: {75dfb225-e2e4-4d39-9ac9-ffaff65ddf06}
   Writer Instance Id: {088e7a7d-09a8-4cc6-a609-ad90e75ddc93}
   State: [1] Stable
   Last error: No error

Writer name: 'Performance Counters Writer'
   Writer Id: {0bada1de-01a9-4625-8278-69e735f39dd2}
   Writer Instance Id: {f0086dda-9efc-47c5-8eb6-a944c3d09381}
   State: [1] Stable
   Last error: No error

Writer name: 'System Writer'
   Writer Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Instance Id: {0083948e-414f-426c-9d3c-6dffa30604e6}
   State: [5] Waiting for completion
   Last error: No error

Writer name: 'MSSearch Service Writer'
   Writer Id: {cd3f2362-8bef-46c7-9181-d62844cdc0b2}
   Writer Instance Id: {17d7dca4-0d23-45a7-99b4-769011f30182}
   State: [5] Waiting for completion
   Last error: No error

Writer name: 'ASR Writer'
   Writer Id: {be000cbe-11fe-4426-9c58-531aa6355fc4}
   Writer Instance Id: {0f97c618-27fb-4126-b25c-b79f33fc2c38}
   State: [1] Stable
   Last error: No error

Writer name: 'WMI Writer'
   Writer Id: {a6ad56c2-b509-4e6c-bb19-49d8f43532f0}
   Writer Instance Id: {52b10fc5-a648-4a06-a98b-02c54f32b593}
   State: [5] Waiting for completion
   Last error: No error

Writer name: 'BITS Writer'
   Writer Id: {4969d978-be47-48b0-b100-f328f07ac1e0}
   Writer Instance Id: {b98e3d07-c414-4124-bf6a-8cb27a321bf6}
   State: [1] Stable
   Last error: No error

Writer name: 'Registry Writer'
   Writer Id: {afbab4a2-367d-4d15-a586-71dbb18f8485}
   Writer Instance Id: {5dcac322-89e2-4072-9400-56154236669e}
   State: [1] Stable
   Last error: No error

Writer name: 'Shadow Copy Optimization Writer'
   Writer Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Writer Instance Id: {332aa1e7-2b95-417b-bcbd-7b3c7cd2b352}
   State: [1] Stable
   Last error: No error

Writer name: 'COM+ REGDB Writer'
   Writer Id: {542da469-d3e1-473c-9f4f-7847f01fc64f}
   Writer Instance Id: {19dc6fab-dc43-40d3-aad4-5e7b1e313dca}
   State: [1] Stable
   Last error: No error

========= End of CMD: =========

 

 

delboy

==== End of Fixlog 18:27:46 ====


  • 0

#15
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,583 posts

Do you use the Seagate software to backup your files/computer onto an external drive?

 

Also, please do the following.

 

Step#1 - System File Checker
1. Click your Start Orb in the lower left of your computer and type cmd in the search box.
2. Once the cmd program is found, right-click on it with your mouse and select Run as administrator as shown below.
ElevateCommandPrompt.JPG

3. Answer Yes when asked to allow.
4. You should now have a black window open that you can type in to.
5. Type sfc /scannow and hit enter to start the scan. Please notice the space between sfc and /scannow.
6. Once the scan finishes please copy and paste the following into the command prompt window and hit enter.
    findstr /c:"[SR]" %windir%\logs\cbs\cbs.log >%userprofile%\Desktop\sfcdetails.txt
7. This will place a new file on your desktop named sfcdetails.txt. Please copy/past the contents of this file into your next post.

 

Step#2 - Security Check
1. Download Security Check from here or here or here.
2. Save it to your Desktop.
3. Right-click SecurityCheck.exe and select Run as administrator. Follow the onscreen instructions inside of the black box.
4. A Notepad document should open automatically called checkup.txt; please post the contents of that document.
Note: Don't be alarmed if the process runs for 10 to 15 minutes before completing. If it runs for over 30 minutes, just close the program and try running it again.

NOTE: If SecurityCheck aborts and you get the following message: UNSUPPORTED OPERATING SYSTEM! ABORTED! try rebooting the system and then run SecurityCheck again.

 

 

Step#3 - ESET Online Scanner and Post Results
Before running this scan, please temporarily disable your antivirus software to avoid conflicts. You can re-enable once it's done. Instructions for doing this on many AVs are here. This scan can take hours to run but is necessary to ensure we don't miss anything. Plan accordingly.

 

  • Please go here and click on 1.JPG
  • Note: This site is optimized for Internet Explorer. Please use it for this scan. If you wish to use Firefox or Chrome you will be asked to download the ESET Smart Installer first (esetsmartinstaller_enu.exe). Go ahead and download and run this file.
  • Please accept the ESET Online Scanner EULA and click Start.
  • If prompted, allow the Add-On/Active X to install. If you have problems with this step please see this link.
  • Make sure Enable detection of potentially unwanted applications is selected.
  • Click the Advanced Settings link.
  • Make sure Remove found threats is NOT checked.
  • Make sure Scan archives IS checked.
  • Make sure Scan for potentially unsafe applications IS checked.
  • Make sure Enable Anti-Stealth technology IS checked
  • 2.JPG
     
  • Click on Start
  • The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed, if anything was detected please click the List of found threats link.
  • ThreatsFound.JPG
     
  • Then click the Copy to Clipboard link and paste this information into your next reply.
  • CopyToClipboard.JPG

     

     

  • Then you may click the Back button.
  • Check Uninstall Application on Close before clicking finish.

 
Items for your next post

1. Answer to question regarding Seagate software

2. SFC Results

3. Security Check Results
4. Contents of the ESET log file

 


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP