Hi
I have noticed for some time that all is not well with my computer. By this I mean that sometimes it can take up to 20 or 30 minutes to allow IE or Mail to open. During this wait the desktop is shown normally and if I open Task Manager I can see CPU usage is stuck at 100%.
Eventually I will be able to open IE and start to use it but often it will freeze (eg 'MSN is nor responding' message) a couple of times before being useable.
Even after these events the computer still performs rather slowly on Google searches for instance.
I noticed WSHelper in Task Manager which I think means WonderShare has been loaded - not deliberately.
Can you help?
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 28-06-2016
Ran by Del (administrator) on DEL-PC (28-06-2016 19:07:50)
Running from C:\Users\Del\Desktop
Loaded Profiles: Del (Available Profiles: Del & Yvonne)
Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Garmin Ltd. or its subsidiaries) C:\Program Files\Garmin\Device Interaction Service\GarminService.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Sony Corporation) C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe
(CANON INC.) C:\Program Files\Canon\Quick Menu\CNQMMAIN.EXE
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Wondershare) C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Malwarebytes) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files\Evernote\Evernote\EvernoteClipper.exe
(SourceForge.net) C:\Program Files\Password Safe\pwsafe.exe
(Malwarebytes) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(Sony Corporation) C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe
(Intuit) C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
(SupportSoft, Inc.) C:\Program Files\Common Files\SupportSoft\bin\consrcclient.exe
(SupportSoft, Inc.) C:\Program Files\O2LAS\bin\tgsrvc.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(CANON INC.) C:\Program Files\Canon\Quick Menu\CNQMUPDT.EXE
(CANON INC.) C:\Program Files\Canon\Quick Menu\CNQMSWCS.EXE
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Samsung Electronics.) C:\Program Files\Samsung\Samsung Magician\Samsung Magician.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe
(Dell Inc.) C:\Program Files\Dell Update\DellUpService.exe
(Dell Inc.) C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
(Dell Inc.) C:\Program Files\Dell Update\DellUpTray.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVault.exe
(PC-Doctor, Inc.) C:\Program Files\Dell\SupportAssist\uaclauncher.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Windows Live\Mail\wlmail.exe
(Microsoft Corporation) C:\Program Files\Windows Live\Contacts\wlcomm.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59240 2011-09-27] (Apple Inc.)
HKLM\...\Run: [PMBVolumeWatcher] => C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe [651832 2011-08-24] (Sony Corporation)
HKLM\...\Run: [CanonQuickMenu] => C:\Program Files\Canon\Quick Menu\CNQMMAIN.EXE [1285704 2014-08-08] (CANON INC.)
HKLM\...\Run: [SpeedZooka Scheduler] => C:\Program Files\SpeedZooka\SpeedZookaScheduler.exe
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [981688 2015-04-30] (Microsoft Corporation)
HKLM\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2072928 2014-10-31] (Wondershare)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7408312 2016-06-27] (AVAST Software)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [596504 2016-04-01] (Oracle Corporation)
HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] <==== ATTENTION
HKU\S-1-5-21-2568410734-3031030142-1223416489-1001\...\Run: [GarminExpressTrayApp] => "C:\Program Files\Garmin\Express Tray\ExpressTray.exe"
HKU\S-1-5-21-2568410734-3031030142-1223416489-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [6690008 2016-05-13] (Piriform Ltd)
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files\Garmin\Express Tray\tray.exe [1010008 2015-04-08] (Garmin Ltd. or its subsidiaries)
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [280576 2013-11-01] (Microsoft Corporation)
AppInit_DLLs: C:\PROGRA~1\Sophos\SOPHOS~1\sophos_detoured.dll => No File
AppInit_DLLs: LL => No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2016-05-09] (AVAST Software)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk [2009-11-29]
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
Startup: C:\Users\Del\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk [2015-08-24]
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
Startup: C:\Users\Del\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Password Safe.lnk [2016-06-16]
ShortcutTarget: Password Safe.lnk -> C:\Program Files\Password Safe\pwsafe.exe (SourceForge.net)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{07EB6271-F601-432E-A97D-49E29996489E}: [DhcpNameServer] 192.168.1.254
Internet Explorer:
==================
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2568410734-3031030142-1223416489-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2568410734-3031030142-1223416489-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.co.uk/
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001 -> 400E6695BB724B18BB5774F9B7E4317E URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
SearchScopes: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2014-07-07] (CANON INC.)
BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_91\bin\ssv.dll [2016-05-25] (Oracle Corporation)
BHO: Advertising Cookie Opt-out -> {8E425EB4-ADBD-4816-B1E8-49BB9DECF034} -> C:\Program Files\Google\Advertising Cookie Opt-out\opt_out.dll [2013-01-10] (Google Inc)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-05-09] (AVAST Software)
BHO: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22] (Microsoft Corporation)
BHO: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files\Evernote\Evernote\EvernoteIE.dll [2015-12-01] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-28] (Google Inc.)
BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-05-25] (Oracle Corporation)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2014-07-07] (CANON INC.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-28] (Google Inc.)
Toolbar: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001 -> Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2014-07-07] (CANON INC.)
Toolbar: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-28] (Google Inc.)
DPF: {01113300-3E00-11D2-8470-0060089874ED} hxxp://ias.broadband.o2.co.uk/sdccommon/download/tgctlcm.cab
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {0A43D7AC-D6C1-4622-B309-BF975F427C0E} hxxps://internetbankingplus1.firstdirect.com/ibplus/frontdoorFD.cab
DPF: {4E62C4DE-627D-4604-B157-4B7D6B09F02E} hxxps://moneymanager.egg.com/Pinsafe/accounttracking.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: intu-help-qb3 - {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - C:\Program Files\Intuit\QuickBooks 2010\HelpAsyncPluggableProtocol.dll [2013-02-02] (Intuit, Inc.)
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\system32\mscoree.dll [2010-11-05] (Microsoft Corporation)
FireFox:
========
FF Plugin: @canon.com/EPPEX -> C:\Program Files\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll [2011-11-30] (CANON INC.)
FF Plugin: @garmin.com/GpsControl -> C:\Program Files\Garmin GPS Plugin\npGarmin.dll [2013-10-09] (GARMIN Corp.)
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-05-25] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-05-25] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2009-07-10] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-05-27] (Adobe Systems Inc.)
FF Extension: Games by 7Go - C:\Users\Del\AppData\Roaming\Mozilla\Extensions\
[email protected] [2013-09-18] [not signed]
FF HKLM\...\Firefox\Extensions: [
[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-05-09]
FF HKLM\...\Firefox\Extensions: [
[email protected]] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: Avast SafePrice - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-05-09]
Chrome:
=======
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\Del\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Del\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-04-14]
CHR Extension: (Google Docs) - C:\Users\Del\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-04-14]
CHR Extension: (Google Drive) - C:\Users\Del\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-04-14]
CHR Extension: (YouTube) - C:\Users\Del\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-04-14]
CHR Extension: (Google Search) - C:\Users\Del\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-04-14]
CHR Extension: (Google Sheets) - C:\Users\Del\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-04-14]
CHR Extension: (Google Wallet) - C:\Users\Del\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-04-14]
CHR Extension: (Gmail) - C:\Users\Del\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-14]
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [243296 2016-05-09] (AVAST Software)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4422704 2016-05-09] (Avast Software)
R2 DellDataVault; C:\Program Files\Dell\DellDataVault\DellDataVault.exe [1958648 2016-03-11] (Dell Inc.)
R2 DellDataVaultWiz; C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe [185080 2016-03-11] (Dell Inc.)
R2 DellUpdate; C:\Program Files\Dell Update\DellUpService.exe [237272 2015-08-27] (Dell Inc.)
R2 Garmin Device Interaction Service; C:\Program Files\Garmin\Device Interaction Service\GarminService.exe [708616 2015-04-08] (Garmin Ltd. or its subsidiaries)
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2015-04-30] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [284504 2015-04-30] (Microsoft Corporation)
R2 QBCFMonitorService; c:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [45056 2013-02-02] (Intuit) [File not signed]
S3 QBFCService; c:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [61440 2009-07-23] (Intuit Inc.) [File not signed]
R2 SupportAssistAgent; C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [31928 2016-04-22] (Dell Inc.)
R2 SupportSoft Remote Control Client; C:\Program Files\Common Files\supportsoft\bin\consrcclient.exe [2080272 2012-11-06] (SupportSoft, Inc.)
R2 tgsrvc_o2las; C:\Program Files\O2LAS\bin\tgsrvc.exe [213008 2012-11-06] (SupportSoft, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
S2 Seagate Sync Service; "C:\Program Files\Seagate\Sync\SeaSyncServices.exe" [X]
S3 WsDrvInst; "C:\Program Files\Wondershare\MobileTrans\DriverInstall.exe" [X]
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [32792 2016-05-09] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [35096 2016-05-09] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [91168 2016-05-09] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [91232 2016-05-09] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [58776 2016-05-09] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [815792 2016-05-09] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [449640 2016-05-09] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [124808 2016-05-09] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [221368 2016-05-09] (AVAST Software)
R3 DDDriver; C:\Windows\System32\drivers\DDDriver32Dcsa.sys [29400 2015-09-11] (Dell Computer Corporation)
R3 DellProf; C:\Windows\System32\drivers\DellProf.sys [22192 2015-05-22] (Dell Computer Corporation)
S3 FreshIO; C:\Program Files\FreshDevices\FreshDiagnose\FreshIO.sys [2410 2004-10-26] () [File not signed]
R0 giveio; C:\Windows\System32\giveio.sys [5248 1996-04-03] () [File not signed]
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [24448 2016-03-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [170200 2016-06-28] (Malwarebytes)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [53120 2016-03-10] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [245096 2015-03-04] (Microsoft Corporation)
R0 ngvss; C:\Windows\system32\Drivers\ngvss.sys [136432 2016-05-09] (AVAST Software)
S3 PSSDK42; C:\Windows\system32\Drivers\pssdk42.sys [38976 2015-03-26] (microOLAP Technologies LTD)
S3 PSSDKLBF; C:\Windows\system32\Drivers\pssdklbf.sys [53312 2015-03-26] (microOLAP Technologies LTD)
R0 pwdrvio; C:\Windows\System32\pwdrvio.sys [15688 2013-09-30] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [10320 2013-09-30] ()
S3 RapportIaso; c:\programdata\trusteer\rapport\store\exts\rapportms\baseline\rapportiaso.sys [21520 2012-06-30] (Trusteer Ltd.)
S3 silabenm; C:\Windows\System32\DRIVERS\silabenm.sys [47176 2010-07-28] (Silicon Laboratories)
S3 silabser; C:\Windows\System32\DRIVERS\silabser.sys [58112 2010-07-28] (Silicon Laboratories)
R0 speedfan; C:\Windows\System32\speedfan.sys [25240 2011-03-18] (Almico Software)
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [262984 2016-05-09] (Avast Software)
R3 vncmirror; C:\Windows\System32\DRIVERS\vncmirror.sys [4608 2011-05-31] (RealVNC Ltd.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-06-28 19:07 - 2016-06-28 19:08 - 00020074 _____ C:\Users\Del\Desktop\FRST.txt
2016-06-28 19:07 - 2016-06-28 19:07 - 00000000 ____D C:\FRST
2016-06-28 19:06 - 2016-06-28 19:07 - 01740288 _____ (Farbar) C:\Users\Del\Desktop\FRST.exe
2016-06-28 07:34 - 2016-06-28 07:34 - 00000000 ___HD C:\OneDriveTemp
2016-06-16 19:21 - 2016-06-16 19:50 - 00000000 ____D C:\Users\Del\Documents\My Safes
2016-06-16 19:20 - 2016-06-28 07:34 - 00000000 ____D C:\Users\Del\AppData\Local\PasswordSafe
2016-06-16 19:19 - 2016-06-16 19:19 - 00000994 _____ C:\Users\Del\Desktop\Password Safe.lnk
2016-06-16 19:19 - 2016-06-16 19:19 - 00000000 ____D C:\Users\Del\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Password Safe
2016-06-16 19:19 - 2016-06-16 19:19 - 00000000 ____D C:\Program Files\Password Safe
2016-06-15 09:18 - 2016-06-28 07:35 - 00299574 _____ C:\Windows\ntbtlog.txt
2016-05-29 22:13 - 2016-05-29 22:14 - 06893688 _____ (Piriform Ltd) C:\Users\Del\Desktop\ccsetup518.exe
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-06-28 18:40 - 2011-06-20 19:29 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-06-28 18:12 - 2009-07-14 05:34 - 00015152 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-06-28 18:12 - 2009-07-14 05:34 - 00015152 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-06-28 07:40 - 2009-11-27 15:00 - 00782470 _____ C:\Windows\system32\PerfStringBackup.INI
2016-06-28 07:40 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\inf
2016-06-28 07:35 - 2015-01-25 12:07 - 00170200 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-06-28 07:34 - 2014-06-25 19:24 - 00000000 ___RD C:\Users\Del\OneDrive
2016-06-28 07:34 - 2009-07-14 05:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-06-19 18:25 - 2009-12-02 13:37 - 00007615 _____ C:\Users\Del\AppData\Local\Resmon.ResmonCfg
2016-06-15 21:40 - 2009-11-27 15:13 - 00400040 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2016-06-12 09:20 - 2011-10-17 19:20 - 00000000 ____D C:\Program Files\SpeedFan
2016-06-04 16:47 - 2015-02-05 20:13 - 00000000 ____D C:\ProgramData\CanonIJPLM
2016-06-02 18:55 - 2016-02-25 15:18 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-05-29 22:15 - 2013-09-17 20:13 - 00000971 _____ C:\Users\Public\Desktop\CCleaner.lnk
==================== Files in the root of some directories =======
2009-12-02 13:37 - 2016-06-19 18:25 - 0007615 _____ () C:\Users\Del\AppData\Local\Resmon.ResmonCfg
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2016-06-27 10:18
==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 28-06-2016
Ran by Del (2016-06-28 19:08:15)
Running from C:\Users\Del\Desktop
Microsoft Windows 7 Home Premium Service Pack 1 (X86) (2009-11-27 13:56:13)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-2568410734-3031030142-1223416489-500 - Administrator - Disabled)
Del (S-1-5-21-2568410734-3031030142-1223416489-1001 - Administrator - Enabled) => C:\Users\Del
Guest (S-1-5-21-2568410734-3031030142-1223416489-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2568410734-3031030142-1223416489-1016 - Limited - Enabled)
SophosSAUDEL-PC0 (S-1-5-21-2568410734-3031030142-1223416489-1023 - Limited - Enabled)
Yvonne (S-1-5-21-2568410734-3031030142-1223416489-1008 - Limited - Enabled) => C:\Users\Yvonne
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Microsoft Security Essentials (Disabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Microsoft Security Essentials (Disabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Acrobat Reader DC (HKLM\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.016.20045 - Adobe Systems Incorporated)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 21.0.0.198 - Adobe Systems Incorporated)
Adobe Flash Player 21 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 21.0.0.242 - Adobe Systems Incorporated)
ANT Drivers Installer x86 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Apple Application Support (HKLM\...\{A83279FD-CA4B-4206-9535-90974DE76654}) (Version: 2.1.5 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Auslogics DiskDefrag (HKLM\...\{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1) (Version: 5.4.0.0 - Auslogics Labs Pty Ltd)
Avast Free Antivirus (HKLM\...\Avast) (Version: 11.2.2262 - AVAST Software)
Blueline 1.1.1 (HKLM\...\Blueline_is1) (Version: - )
Canon Easy-WebPrint EX (HKLM\...\Easy-WebPrint EX) (Version: 1.5.0.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM\...\Canon_IJ_Scan_Utility) (Version: 1.1.10.15 - Canon Inc.)
Canon Inkjet Printer Driver Add-On Module (HKLM\...\CANONIJINBOXADDON100) (Version: - )
Canon MG7500 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG7500_series) (Version: 1.00 - Canon Inc.)
Canon MG7500 series On-screen Manual (HKLM\...\Canon MG7500 series On-screen Manual) (Version: 7.7.1 - Canon Inc.)
Canon MG7500 series User Registration (HKLM\...\Canon MG7500 series User Registration) (Version: - Canon Inc.)
Canon My Image Garden (HKLM\...\Canon My Image Garden) (Version: 3.1.1 - Canon Inc.)
Canon My Image Garden Design Files (HKLM\...\Canon My Image Garden Design Files) (Version: 3.1.0 - Canon Inc.)
Canon My Printer (HKLM\...\CanonMyPrinter) (Version: 3.2.1 - Canon Inc.)
Canon Quick Menu (HKLM\...\CanonQuickMenu) (Version: 2.5.0 - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.18 - Piriform)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
CPUID CPU-Z 1.72 (HKLM\...\CPUID CPU-Z_is1) (Version: - )
Dell Data Vault (Version: 4.3.8.0 - Dell Inc.) Hidden
Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 1.2.6793.01 - Dell)
Dell SupportAssistAgent (HKLM\...\{3ED468C2-2235-4747-90AD-A7A34F0FE70A}) (Version: 1.2.2.8 - Dell)
Dell System Detect - 1 (HKU\S-1-5-21-2568410734-3031030142-1223416489-1001\...\73f463568823ebbe) (Version: 6.0.0.18 - Dell)
Dell Update (HKLM\...\{DB82968B-57A4-4397-81A5-ECAB21B5DFCD}) (Version: 1.7.1015.0 - Dell Inc.)
Digital Advertising Alliance Protect My Choices (Beta) (HKLM\...\{F0BF9C38-5639-4F0F-A818-AEA288C0A96E}) (Version: 1.2.0.0 - Digital Advertising Alliance)
Elevated Installer (Version: 4.0.15.0 - Garmin Ltd or its subsidiaries) Hidden
Epson Copy Utility 3.5 (HKLM\...\{AA72FB28-73B4-49E5-B6B4-E78F44BBD0AD}) (Version: 3.5.0.0 - )
EPSON TWAIN 5 (HKLM\...\{254BEB3E-1085-4D66-9CDC-0152C0DC2E93}) (Version: 5.71.0000 - SEIKO EPSON Corp.)
Evernote v. 5.9.6 (HKLM\...\{A542D366-9877-11E5-B101-005056951CAD}) (Version: 5.9.6.9494 - Evernote Corp.)
FreshDiagnose (HKLM\...\FreshDevices - FreshDiagnose_is1) (Version: - )
Garmin Communicator Plugin (HKLM\...\{032A13FF-D26D-4844-9597-7EF698627985}) (Version: 4.1.0 - Garmin Ltd or its subsidiaries)
Garmin Express (HKLM\...\{50755d67-ae60-4e47-b3d6-ce44d01b5a95}) (Version: 4.0.15.0 - Garmin Ltd or its subsidiaries)
Garmin Express (Version: 4.0.15.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (Version: 4.0.15.0 - Garmin Ltd or its subsidiaries) Hidden
Google Advertising Cookie Opt-out (HKLM\...\{D1A87CF6-1DFD-470D-800A-CDC1CE5F7E54}) (Version: 1.0.1.0 - Google Inc)
Google Earth Plug-in (HKLM\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.7619.1252 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.30.3 - Google Inc.) Hidden
Hawke BRC 1.0.9 (HKLM\...\{44F2B651-A86A-4B6C-8563-07B66F00F8F8}_is1) (Version: - Hawke Sport Optics)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1930 - Intel Corporation)
Intel® Processor Identification Utility (HKLM\...\{A92A4DB0-CD37-42D1-BE1D-603D53C24328}) (Version: 1.0.0.0 - Intel Corporation)
Intel® TV Wizard (HKLM\...\TVWiz) (Version: - Intel Corporation)
Intel® Driver Update Utility (HKLM\...\{8409c4f7-2340-4933-a304-5d37db4fb48b}) (Version: 2.0.0.29 - Intel)
Japanese Fonts Support For Adobe Reader 9 (HKLM\...\{AC76BA86-7AD7-5760-0000-900000000003}) (Version: 9.0.0 - Adobe Systems Incorporated)
Java 8 Update 91 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218091F0}) (Version: 8.0.910.14 - Oracle Corporation)
Junk Mail filter update (Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft Office 2000 Professional (HKLM\...\{00010409-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.2720 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2568410734-3031030142-1223416489-1001\...\OneDriveSetup.exe) (Version: 17.3.6390.0509 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (HKLM\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
MiniTool Partition Wizard Free 9.0 (HKLM\...\{05D996FA-ADCB-4D23-BA3C-A7C184A8FAC6}_is1) (Version: - MiniTool Solution Ltd.)
MotoCalc 8.07 (HKLM\...\MotoCalc 8_is1) (Version: - Capable Computing, Inc.)
MSXML 4.0 SP2 Parser and SDK (HKLM\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
O2 BB Assisted Controls V2 (HKLM\...\{B0F51838-4AF7-4784-88DD-C86D7D8AF804}) (Version: 1 - SupportSoft)
P&O Cruises Live Ship Tracker (HKLM\...\com.pocruises.LiveShipTracker.A0C66AABAFAD54D5C6C22F9F89EA0FC11C49AF59.1) (Version: 1.3.15 - Carnival plc)
P&O Cruises Live Ship Tracker (Version: 1.3.15 - Carnival plc) Hidden
Password Safe (HKLM\...\Password Safe) (Version: - )
PMB (HKLM\...\{B6A98E5F-D6A7-46FB-9E9D-1F7BF443491C}) (Version: 5.8.02.10270 - Sony Corporation)
QuickBooks (Version: 20.0.4017.807 - Intuit Inc.) Hidden
QuickBooks Simple Start 2010 Free Edition (HKLM\...\{0700E22B-A419-40A5-BD20-04BF618CA0F9}) (Version: 20.0.4017.807 - Intuit Inc.)
QuickTime 7 (HKLM\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
RC Plane Master (HKLM\...\RC Plane Master) (Version: - )
Remote Keyboard Lite (HKLM\...\{7C621473-99FD-4800-B2F5-4F390AA46E0C}) (Version: 1.2.0.09270 - Sony Corporation)
Remote Keyboard Lite (Version: 1.2.0.09270 - Sony Corporation) Hidden
SafeZone Stable 1.48.2066.101 (Version: 1.48.2066.101 - Avast Software) Hidden
Samsung Data Migration (HKLM\...\{D4DE3DB4-7734-47E5-8D92-B80146311406}) (Version: 2.7 - Samsung)
Samsung Magician (HKLM\...\{29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1) (Version: 4.5.1 - Samsung Electronics)
Silicon Laboratories CP210x VCP Drivers for Windows XP/2003 Server/Vista/7 (HKLM\...\{EFC7DF4A-D0A1-4622-9104-10D8D2B5C82B}) (Version: 6.1.00 - Silicon Laboratories, Inc.)
Speccy (HKLM\...\Speccy) (Version: 1.28 - Piriform)
SpeedFan (remove only) (HKLM\...\SpeedFan) (Version: - )
Supportsoft Mirror Driver 1.8.0 (HKLM\...\ConsMirror_is1) (Version: 1.8.0 - Consona.)
Supportsoft Printer Driver 1.7.0 (HKLM\...\ConsPrinter_is1) (Version: 1.7.0 - Consona.)
TreeSize Free V3.3.2 (HKLM\...\TreeSize Free_is1) (Version: 3.3.2 - JAM Software)
VirusTotal Uploader 2.2 (HKLM\...\VTUploader) (Version: - )
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live Sign-in Assistant (HKLM\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Sync (HKLM\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live Upload Tool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001_Classes\CLSID\{05EC5C13-D255-4592-9CCB-98615172F0D6}\InprocServer32 -> c:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001_Classes\CLSID\{0ADF9C35-0D5E-4B75-88DD-B64868907E17}\InprocServer32 -> c:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001_Classes\CLSID\{123FAF7F-3FB1-4B8F-AD18-0047401D436A}\InprocServer32 -> c:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001_Classes\CLSID\{162C6FB5-44D3-435B-903D-E613FA093FB5}\InprocServer32 -> C:\Users\Del\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\FileCoAuthLib.dll ()
CustomCLSID: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001_Classes\CLSID\{37A2FC00-1795-4679-94A3-A153F1A8BB54}\InprocServer32 -> c:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001_Classes\CLSID\{37A2FC02-1795-4679-94A3-A153F1A8BB54}\InprocServer32 -> c:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001_Classes\CLSID\{4716D3CE-55DB-4D2A-818C-87D912895890}\InprocServer32 -> c:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001_Classes\CLSID\{4844F3F7-2161-4AC4-B219-B3B4311782AA}\InprocServer32 -> c:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001_Classes\CLSID\{4A56F19E-9F50-4F43-93C8-050E44AA83A9}\InprocServer32 -> c:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001_Classes\CLSID\{4E5E74B5-8EB5-4859-A335-837EED412620}\InprocServer32 -> c:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001_Classes\CLSID\{5428A9ED-6CD8-11D6-9C8A-0001023DCAA2}\InprocServer32 -> c:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001_Classes\CLSID\{547C8F00-5567-4AE3-8BB0-CC3CE2AB9070}\InprocServer32 -> c:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001_Classes\CLSID\{57D590F1-91EB-44CE-8088-AE4AE19D30A1}\InprocServer32 -> c:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001_Classes\CLSID\{596801D8-2C9D-4627-9C67-195CB81B655A}\InprocServer32 -> c:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001_Classes\CLSID\{5B7331FA-8910-4748-A8A4-60B445041F28}\InprocServer32 -> c:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001_Classes\CLSID\{5ED8AC89-B2DE-476D-8EEA-E170B2FCB058}\InprocServer32 -> c:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001_Classes\CLSID\{7694F1CD-A55B-4B7C-8820-A90892EB4E9E}\InprocServer32 -> c:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001_Classes\CLSID\{7DBF8260-30AD-4D1B-876A-8032B87B809F}\InprocServer32 -> c:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001_Classes\CLSID\{810CADD9-2658-4820-BA95-30199625191E}\localserver32 -> C:\Program Files\Intuit\QuickBooks 2010\qbw32.exe (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001_Classes\CLSID\{828E5386-74CF-4019-B356-C857CD028A7D}\InprocServer32 -> c:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001_Classes\CLSID\{82CC31B3-53B4-4161-A4E9-6B4F1290A6C8}\InprocServer32 -> c:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001_Classes\CLSID\{8572570D-12D9-4F2C-8BB8-EB8848178B94}\InprocServer32 -> c:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001_Classes\CLSID\{8E590317-1329-11D1-B70B-00805F29CD16}\localserver32 -> C:\Program Files\Intuit\QuickBooks 2010\qbw32.exe (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001_Classes\CLSID\{8FEDE364-AB37-4551-80C9-6D468E222AB2}\InprocServer32 -> c:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001_Classes\CLSID\{9D9B61F2-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> c:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001_Classes\CLSID\{9D9B61F3-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> c:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001_Classes\CLSID\{9D9B61F4-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> c:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001_Classes\CLSID\{9D9B61F5-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> c:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001_Classes\CLSID\{9D9B61F6-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> c:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001_Classes\CLSID\{9D9B61F7-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> c:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001_Classes\CLSID\{A63E42D0-9C63-47B5-ABF2-0C839EC20778}\InprocServer32 -> c:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001_Classes\CLSID\{A63E42D2-9C63-47B5-ABF2-0C839EC20778}\InprocServer32 -> c:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001_Classes\CLSID\{AF5E0A13-CEAB-47CE-991D-77E82CD1BF3F}\InprocServer32 -> c:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001_Classes\CLSID\{B10BFAC3-EFF1-40D9-ADA0-BEBE037C24CA}\InprocServer32 -> c:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001_Classes\CLSID\{B66F2BF1-91EB-44CE-8088-AE4AE19D30A1}\InprocServer32 -> c:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001_Classes\CLSID\{D14FD6B3-6A9F-4537-9460-07B836707127}\InprocServer32 -> c:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001_Classes\CLSID\{D4A12AAF-E15E-470B-A6B6-63032186F91F}\InprocServer32 -> c:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001_Classes\CLSID\{D9B9C060-0954-11D3-9E07-00104BD2BE34}\InprocServer32 -> c:\Program Files\Common Files\Intuit\QuickBooks\ViewSource.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001_Classes\CLSID\{D9BC6F81-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> c:\Program Files\Common Files\Intuit\QuickBooks\cominifile.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001_Classes\CLSID\{D9BC6F84-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> c:\Program Files\Common Files\Intuit\QuickBooks\cominifile.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001_Classes\CLSID\{D9BC6F87-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> c:\Program Files\Common Files\Intuit\QuickBooks\cominifile.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001_Classes\CLSID\{D9BC6FA1-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> c:\Program Files\Common Files\Intuit\QuickBooks\GraphSeriesCol.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001_Classes\CLSID\{D9BC6FA6-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> c:\Program Files\Common Files\Intuit\QuickBooks\GraphSeriesCol.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001_Classes\CLSID\{D9BC6FB2-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> c:\Program Files\Common Files\Intuit\QuickBooks\StorageClasses.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001_Classes\CLSID\{DCB2B478-EFF6-48F6-B718-13E98876854E}\InprocServer32 -> c:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001_Classes\CLSID\{DFD0AF10-B86C-4AF3-B609-1348D513E565}\InprocServer32 -> c:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001_Classes\CLSID\{E1A173E1-D957-4C3E-A098-43756A3DB454}\InprocServer32 -> c:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001_Classes\CLSID\{E1A173E3-D957-4C3E-A098-43756A3DB454}\InprocServer32 -> c:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001_Classes\CLSID\{EADA914E-5B08-4E85-8440-5A087504DF87}\InprocServer32 -> c:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001_Classes\CLSID\{EAEF733D-5B08-4E85-8440-5A087504DF87}\InprocServer32 -> c:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001_Classes\CLSID\{F2C593CC-74B2-4F71-8556-DD4D426D0409}\InprocServer32 -> c:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001_Classes\CLSID\{FAC93D42-FFC2-11d1-9DEB-0008C7A08EBA}\localserver32 -> C:\Program Files\Intuit\QuickBooks 2010\qbw32.exe (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001_Classes\CLSID\{FB17915F-06D1-4214-A902-CC5EE05186E9}\InprocServer32 -> c:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {164C059B-1EB3-47D0-A107-7E700F508F57} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\Dell\SupportAssist\uaclauncher.exe [2016-03-24] (PC-Doctor, Inc.)
Task: {2BD69B71-B84A-4531-BF0D-2B5FED4B4043} - System32\Tasks\SpeedFixToolPro_Popup => C:\Program Files\Speed Fix Tool Pro\Splash.exe
Task: {381C4D86-47CF-4802-9296-742570C447F8} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-04-22] (Adobe Systems Incorporated)
Task: {4220E91D-159A-40F3-BF52-F11C873327DD} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {6700FFF6-E4FA-4E2A-85BF-CEF4A252A8CD} - System32\Tasks\SamsungMagician => C:\Program Files\Samsung\Samsung Magician\Samsung Magician.exe [2014-09-28] (Samsung Electronics.)
Task: {7EE8B7F1-56B0-4094-A031-B182E86FCB34} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2016-06-02] (AVAST Software)
Task: {8F6481E2-81DA-4183-B2EA-B97786166D04} - System32\Tasks\SystemToolsDailyTest-Retry => uaclauncher.exe
Task: {9B62277F-FE5D-41CB-8BB5-47B3E4E768B6} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-05-09] (AVAST Software)
Task: {A0BE39EA-1F57-4271-8B9D-2DE89B277B2E} - System32\Tasks\PCDDataUploadTask => uaclauncher.exe
Task: {A919F893-4B86-4251-8158-370AFBF29525} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {C3D75BFF-B14D-4DCA-AABF-226CA81E5EE5} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\Dell\SupportAssist\sessionchecker.exe [2016-03-24] (PC-Doctor, Inc.)
Task: {D0A19339-A8A1-48F8-80BB-9DE76C86463A} - System32\Tasks\GarminUpdaterTask => C:\Program Files\Garmin\Express Self Updater\ExpressSelfUpdater.exe
Task: {E66E2604-3592-490E-BDD4-599480532A2B} - System32\Tasks\SafeZone scheduled Autoupdate 1458723209 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2016-04-15] (Avast Software)
Task: {E66F3A92-1D1D-4E42-9FAE-4AB2A6B6436C} - System32\Tasks\SpeedFixToolPro_Start => C:\Program Files\Speed Fix Tool Pro\SpeedFixToolPro.exe
Task: {EE190C43-E582-4733-80C6-79372FFD854E} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssist.exe [2016-04-22] (Dell Inc.)
Task: {FBE2BA1B-8D87-47DC-9C89-73F36FC0D02D} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-05-13] (Piriform Ltd)
Task: {FC730A38-A49E-4B31-BF8B-49D8E77E2D17} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2016-05-09 18:18 - 2016-05-09 18:18 - 00123344 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2016-05-09 18:18 - 2016-05-09 18:18 - 00135816 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2016-06-27 20:50 - 2016-06-27 20:50 - 02948608 _____ () C:\Program Files\AVAST Software\Avast\defs\16062701\algo.dll
2016-05-09 18:18 - 2016-05-09 18:18 - 00309912 _____ () C:\Program Files\AVAST Software\Avast\browser_pass.dll
2016-05-09 18:18 - 2016-05-09 18:18 - 00479680 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2016-06-28 11:34 - 2016-06-28 11:34 - 02944512 _____ () C:\Program Files\AVAST Software\Avast\defs\16062800\algo.dll
2013-11-06 09:41 - 2012-02-01 18:09 - 00026112 _____ () C:\Windows\System32\VNCpm.dll
2016-05-23 20:42 - 2016-05-23 20:42 - 00679624 _____ () C:\Users\Del\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\ClientTelemetry.dll
2016-02-13 16:28 - 2014-10-31 17:37 - 01498112 _____ () C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\DAQExp.dll
2016-02-13 16:28 - 2014-05-19 18:19 - 00137728 _____ () C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\CBSCreateVC.dll
2016-03-14 17:33 - 2016-03-14 17:33 - 40539648 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2015-12-01 16:37 - 2015-12-01 16:37 - 00439504 _____ () C:\Program Files\Evernote\Evernote\libxml2.dll
2015-12-01 16:37 - 2015-12-01 16:37 - 00321232 _____ () C:\Program Files\Evernote\Evernote\libtidy.dll
2015-04-29 13:49 - 2014-09-28 17:59 - 00019872 _____ () C:\Program Files\Samsung\Samsung Magician\SAMSUNG_SSD.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\Users\Del\Desktop\passport Y.jpeg:3or4kl4x13tuuug3Byamue2s4b [87]
AlternateDataStreams: C:\Users\Yvonne\Desktop\specs.jpeg:3or4kl4x13tuuug3Byamue2s4b [87]
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\38910314.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\38910314.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SprtListen => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SprtListenPush => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SupportSoft Remote Control Client => ""="Service"
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
IE trusted site: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001\...\dell.com -> dell.com
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 03:04 - 2013-09-26 17:00 - 00000098 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
::1 localhost
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-2568410734-3031030142-1223416489-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Del\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk => C:\Windows\pss\QuickBooks Update Agent.lnk.CommonStartup
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [WMP-In-UDP-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [WMP-Out-UDP-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [WMP-Out-TCP-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [{E926E57D-011D-4F63-BCC5-FFCFDC28D091}] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [{CE504808-152F-4073-8BB9-0F8E7C4D30C6}] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [{AB3FBA72-52C3-4476-9A38-230DBE05659B}] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [{A8616B58-176D-4754-BFDE-646050AF6178}] => (Allow) C:\Users\Del\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{2094D451-408F-42B5-B104-79CD697DE53F}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{417A793D-7470-4EE0-B25E-9EBF1F6227BE}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
==================== Restore Points =========================
01-04-2016 22:29:36 Dell Update: eDellRoot Removal
04-04-2016 11:04:39 Windows Update
05-04-2016 09:57:33 Dell Update: eDellRoot Removal
08-04-2016 11:17:41 Dell Update: eDellRoot Removal
11-04-2016 16:06:47 Windows Update
14-04-2016 17:08:23 Dell Update: eDellRoot Removal
17-04-2016 17:13:36 Dell Update: eDellRoot Removal
20-04-2016 09:00:49 Windows Update
20-04-2016 20:14:35 Dell Update: eDellRoot Removal
24-04-2016 14:43:06 Dell Update: eDellRoot Removal
27-04-2016 19:40:46 Windows Update
04-05-2016 11:39:48 Windows Update
04-05-2016 11:39:48 Dell Update: eDellRoot Removal
07-05-2016 13:59:33 Dell Update: eDellRoot Removal
10-05-2016 15:41:56 Dell Update: eDellRoot Removal
10-05-2016 15:42:48 Dell Update: eDellRoot Removal
11-05-2016 14:34:04 Windows Update
13-05-2016 15:42:43 Dell Update: eDellRoot Removal
15-05-2016 19:11:16 Windows Update
17-05-2016 11:38:11 Dell Update: eDellRoot Removal
19-05-2016 18:28:01 Windows Update
20-05-2016 12:13:52 Dell Update: eDellRoot Removal
23-05-2016 16:40:49 Dell Update: eDellRoot Removal
23-05-2016 17:06:56 Windows Update
26-05-2016 19:22:31 Dell Update: eDellRoot Removal
26-05-2016 19:32:13 Dell Update: eDellRoot Removal
26-05-2016 19:36:38 Windows Update
29-05-2016 22:12:43 Dell Update: eDellRoot Removal
30-05-2016 11:43:17 Windows Update
02-06-2016 18:45:13 Dell Update: eDellRoot Removal
04-06-2016 16:49:21 Windows Update
05-06-2016 18:45:17 Dell Update: eDellRoot Removal
10-06-2016 18:32:07 Dell Update: eDellRoot Removal
10-06-2016 19:22:11 Windows Update
13-06-2016 19:09:49 Dell Update: eDellRoot Removal
14-06-2016 18:14:42 Windows Update
16-06-2016 19:09:50 Dell Update: eDellRoot Removal
16-06-2016 19:10:11 Dell Update: eDellRoot Removal
18-06-2016 17:43:07 Windows Update
19-06-2016 22:02:55 Dell Update: eDellRoot Removal
21-06-2016 18:53:06 Windows Update
23-06-2016 11:59:01 Dell Update: eDellRoot Removal
26-06-2016 17:04:18 Dell Update: eDellRoot Removal
26-06-2016 18:59:24 Windows Update
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (06/28/2016 08:20:15 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program iexplore.exe version 11.0.9600.17937 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
Process ID: 1ec0
Start Time: 01d1d10d31a846a0
Termination Time: 0
Application Path: C:\Program Files\Internet Explorer\iexplore.exe
Report Id:
Error: (06/28/2016 07:40:44 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program iexplore.exe version 11.0.9600.17937 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
Process ID: 574
Start Time: 01d1d107dfe65aad
Termination Time: 87
Application Path: C:\Program Files\Internet Explorer\iexplore.exe
Report Id:
Error: (06/25/2016 05:44:39 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: CNQMUPDT.EXE, version: 2.5.0.0, time stamp: 0x53c4bba5
Faulting module name: CNMDWLD.DLL, version: 1.0.0.0, time stamp: 0x4f5eedc8
Exception code: 0xc0000005
Fault offset: 0x000023c6
Faulting process id: 0xf9c
Faulting application start time: 0xCNQMUPDT.EXE0
Faulting application path: CNQMUPDT.EXE1
Faulting module path: CNQMUPDT.EXE2
Report Id: CNQMUPDT.EXE3
Error: (06/25/2016 05:32:54 PM) (Source: ESENT) (EventID: 490) (User: )
Description: taskhost (2352) WebCacheLocal: An attempt to open the file "C:\Users\Yvonne\AppData\Local\Microsoft\Windows\WebCache\V01.chk" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8).
Error: (06/22/2016 11:28:38 AM) (Source: ESENT) (EventID: 215) (User: )
Description: wlmail (6320) C:\Users\Yvonne\AppData\Local\Microsoft\Windows Live Mail\Calendars\: The backup has been stopped because it was halted by the client or the connection with the client failed.
Error: (06/20/2016 09:42:34 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program iexplore.exe version 11.0.9600.17937 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
Process ID: 1fa8
Start Time: 01d1cacf8d7b7853
Termination Time: 10
Application Path: C:\Program Files\Internet Explorer\iexplore.exe
Report Id:
Error: (06/18/2016 04:44:36 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 11.0.9600.17937, time stamp: 0x55a7f8da
Faulting module name: MSHTML.dll, version: 11.0.9600.17937, time stamp: 0x55a811ac
Exception code: 0xc00000fd
Fault offset: 0x000a9897
Faulting process id: 0x614
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3
Error: (06/18/2016 02:54:35 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program wlmail.exe version 14.0.8089.726 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
Process ID: 1640
Start Time: 01d1c968cabfee7d
Termination Time: 16
Application Path: C:\Program Files\Windows Live\Mail\wlmail.exe
Report Id: 2923de1c-355c-11e6-bce6-0024e811b7db
Error: (06/17/2016 10:23:31 PM) (Source: DellUpdate) (EventID: 0) (User: )
Description: Failed in handling the PowerEvent. The error that occurred was: System.InvalidOperationException: The ChannelDispatcher at 'net.pipe://localhost/WinSvcReceiverPipe_4e9dbae5-7d0b-4c6f-af63-2dfcae65839d/Receiver_308fb0b1-585f-404c-abb4-6bedfed90039' with contract(s) '"IDellUpdateWcfSession"' is unable to open its IChannelListener. ---> System.InvalidOperationException: A registration already exists for URI 'net.pipe://localhost/WinSvcReceiverPipe_4e9dbae5-7d0b-4c6f-af63-2dfcae65839d/Receiver_308fb0b1-585f-404c-abb4-6bedfed90039'.
at System.ServiceModel.Channels.UriPrefixTable`1.RegisterUri(Uri uri, HostNameComparisonMode hostNameComparisonMode, TItem item)
at System.ServiceModel.Channels.ConnectionOrientedTransportManager`1.Register(TransportChannelListener channelListener)
at System.ServiceModel.Channels.TransportManager.Open(TransportChannelListener channelListener)
at System.ServiceModel.Channels.TransportManagerContainer.Open(SelectTransportManagersCallback selectTransportManagerCallback)
at System.ServiceModel.Channels.TransportChannelListener.On....
Error: (06/16/2016 02:48:49 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program iexplore.exe version 11.0.9600.17937 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
Process ID: 900
Start Time: 01d1c7d56af37a42
Termination Time: 0
Application Path: C:\Program Files\Internet Explorer\iexplore.exe
Report Id:
System errors:
=============
Error: (06/28/2016 05:14:40 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.
Error: (06/28/2016 09:21:31 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the MBAMService service.
Error: (06/28/2016 09:01:48 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the MBAMService service.
Error: (06/28/2016 08:17:00 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Schedule service.
Error: (06/28/2016 07:59:54 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Garmin Device Interaction Service service.
Error: (06/28/2016 07:59:54 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the EFS service.
Error: (06/28/2016 07:55:28 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Garmin Device Interaction Service service.
Error: (06/28/2016 07:55:28 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the EFS service.
Error: (06/26/2016 06:18:32 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.
Error: (06/25/2016 05:43:55 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the MBAMService service.
==================== Memory info ===========================
Processor: Pentium® Dual-Core CPU E5300 @ 2.60GHz
Percentage of memory in use: 67%
Total physical RAM: 3061.16 MB
Available physical RAM: 991.4 MB
Total Virtual: 6120.63 MB
Available Virtual: 3604.43 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:232.88 GB) (Free:45.31 GB) NTFS ==>[drive with boot components (obtained from BCD)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 232.9 GB) (Disk ID: CBAB01D2)
Partition 1: (Active) - (Size=232.9 GB) - (Type=07 NTFS)
==================== End of Addition.txt ============================