Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Random lockups and long startup time for IE and Mail

Started by 70delboy , Jun 28 2016 12:38 PM

Please log in to reply

#1
70delboy

Posted 28 June 2016 - 12:38 PM

Member

Member
165 posts

I have noticed for some time that all is not well with my computer. By this I mean that sometimes it can take up to 20 or 30 minutes to allow IE or Mail to open. During this wait the desktop is shown normally and if I open Task Manager I can see CPU usage is stuck at 100%.

Eventually I will be able to open IE and start to use it but often it will freeze (eg 'MSN is nor responding' message) a couple of times before being useable.

Even after these events the computer still performs rather slowly on Google searches for instance.

I noticed WSHelper in Task Manager which I think means WonderShare has been loaded - not deliberately.

Can you help?

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 28-06-2016

Ran by Del (administrator) on DEL-PC (28-06-2016 19:07:50)

Running from C:\Users\Del\Desktop

Loaded Profiles: Del (Available Profiles: Del & Yvonne)

Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X86) Language: English (United States)

Internet Explorer Version 11 (Default browser: IE)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe

(Garmin Ltd. or its subsidiaries) C:\Program Files\Garmin\Device Interaction Service\GarminService.exe

(Intel Corporation) C:\Windows\System32\igfxtray.exe

(Intel Corporation) C:\Windows\System32\hkcmd.exe

(Intel Corporation) C:\Windows\System32\igfxpers.exe

(Sony Corporation) C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe

(CANON INC.) C:\Program Files\Canon\Quick Menu\CNQMMAIN.EXE

(Intel Corporation) C:\Windows\System32\igfxsrvc.exe

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe

(Wondershare) C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe

(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe

(Malwarebytes) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe

(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe

(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files\Evernote\Evernote\EvernoteClipper.exe

(SourceForge.net) C:\Program Files\Password Safe\pwsafe.exe

(Malwarebytes) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe

(Malwarebytes) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe

(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe

(Sony Corporation) C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe

(Intuit) C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe

(SupportSoft, Inc.) C:\Program Files\Common Files\SupportSoft\bin\consrcclient.exe

(SupportSoft, Inc.) C:\Program Files\O2LAS\bin\tgsrvc.exe

(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe

(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe

(CANON INC.) C:\Program Files\Canon\Quick Menu\CNQMUPDT.EXE

(CANON INC.) C:\Program Files\Canon\Quick Menu\CNQMSWCS.EXE

(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe

(Samsung Electronics.) C:\Program Files\Samsung\Samsung Magician\Samsung Magician.exe

(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe

(Dell Inc.) C:\Program Files\Dell Update\DellUpService.exe

(Dell Inc.) C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe

(Dell Inc.) C:\Program Files\Dell Update\DellUpTray.exe

(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVault.exe

(PC-Doctor, Inc.) C:\Program Files\Dell\SupportAssist\uaclauncher.exe

(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

(Microsoft Corporation) C:\Program Files\Windows Live\Mail\wlmail.exe

(Microsoft Corporation) C:\Program Files\Windows Live\Contacts\wlcomm.exe

(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59240 2011-09-27] (Apple Inc.)

HKLM\...\Run: [PMBVolumeWatcher] => C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe [651832 2011-08-24] (Sony Corporation)

HKLM\...\Run: [CanonQuickMenu] => C:\Program Files\Canon\Quick Menu\CNQMMAIN.EXE [1285704 2014-08-08] (CANON INC.)

HKLM\...\Run: [SpeedZooka Scheduler] => C:\Program Files\SpeedZooka\SpeedZookaScheduler.exe

HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [981688 2015-04-30] (Microsoft Corporation)

HKLM\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2072928 2014-10-31] (Wondershare)

HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7408312 2016-06-27] (AVAST Software)

HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [596504 2016-04-01] (Oracle Corporation)

HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] <==== ATTENTION

HKU\S-1-5-21-2568410734-3031030142-1223416489-1001\...\Run: [GarminExpressTrayApp] => "C:\Program Files\Garmin\Express Tray\ExpressTray.exe"

HKU\S-1-5-21-2568410734-3031030142-1223416489-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [6690008 2016-05-13] (Piriform Ltd)

HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files\Garmin\Express Tray\tray.exe [1010008 2015-04-08] (Garmin Ltd. or its subsidiaries)

HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [280576 2013-11-01] (Microsoft Corporation)

AppInit_DLLs: C:\PROGRA~1\Sophos\SOPHOS~1\sophos_detoured.dll => No File

AppInit_DLLs: LL => No File

ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2016-05-09] (AVAST Software)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk [2009-11-29]

ShortcutTarget: Microsoft Office.lnk -> C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)

Startup: C:\Users\Del\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk [2015-08-24]

ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)

Startup: C:\Users\Del\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Password Safe.lnk [2016-06-16]

ShortcutTarget: Password Safe.lnk -> C:\Program Files\Password Safe\pwsafe.exe (SourceForge.net)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

Tcpip\..\Interfaces\{07EB6271-F601-432E-A97D-49E29996489E}: [DhcpNameServer] 192.168.1.254

Internet Explorer:

==================

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome

HKU\S-1-5-21-2568410734-3031030142-1223416489-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKU\S-1-5-21-2568410734-3031030142-1223416489-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.co.uk/

SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001 -> 400E6695BB724B18BB5774F9B7E4317E URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}

SearchScopes: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2014-07-07] (CANON INC.)

BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_91\bin\ssv.dll [2016-05-25] (Oracle Corporation)

BHO: Advertising Cookie Opt-out -> {8E425EB4-ADBD-4816-B1E8-49BB9DECF034} -> C:\Program Files\Google\Advertising Cookie Opt-out\opt_out.dll [2013-01-10] (Google Inc)

BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-05-09] (AVAST Software)

BHO: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22] (Microsoft Corporation)

BHO: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files\Evernote\Evernote\EvernoteIE.dll [2015-12-01] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)

BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-28] (Google Inc.)

BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-05-25] (Oracle Corporation)

Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2014-07-07] (CANON INC.)

Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-28] (Google Inc.)

Toolbar: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001 -> Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2014-07-07] (CANON INC.)

Toolbar: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-28] (Google Inc.)

DPF: {01113300-3E00-11D2-8470-0060089874ED} hxxp://ias.broadband.o2.co.uk/sdccommon/download/tgctlcm.cab

DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab

DPF: {0A43D7AC-D6C1-4622-B309-BF975F427C0E} hxxps://internetbankingplus1.firstdirect.com/ibplus/frontdoorFD.cab

DPF: {4E62C4DE-627D-4604-B157-4B7D6B09F02E} hxxps://moneymanager.egg.com/Pinsafe/accounttracking.cab

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

Handler: intu-help-qb3 - {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - C:\Program Files\Intuit\QuickBooks 2010\HelpAsyncPluggableProtocol.dll [2013-02-02] (Intuit, Inc.)

Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\system32\mscoree.dll [2010-11-05] (Microsoft Corporation)

FireFox:

========

FF Plugin: @canon.com/EPPEX -> C:\Program Files\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll [2011-11-30] (CANON INC.)

FF Plugin: @garmin.com/GpsControl -> C:\Program Files\Garmin GPS Plugin\npGarmin.dll [2013-10-09] (GARMIN Corp.)

FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)

FF Plugin: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-05-25] (Oracle Corporation)

FF Plugin: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-05-25] (Oracle Corporation)

FF Plugin: @microsoft.com/GENUINE -> disabled [No File]

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)

FF Plugin: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2009-07-10] (Microsoft Corporation)

FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)

FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)

FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-05-27] (Adobe Systems Inc.)

FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Users\Del\AppData\Roaming\Mozilla\Extensions\[email protected]

FF Extension: Games by 7Go - C:\Users\Del\AppData\Roaming\Mozilla\Extensions\[email protected] [2013-09-18] [not signed]

FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF

FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-05-09]

FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\SafePrice\FF

FF Extension: Avast SafePrice - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-05-09]

FF HKU\S-1-5-21-2568410734-3031030142-1223416489-1001\...\Firefox\Extensions: [[email protected]] - C:\Users\Del\AppData\Roaming\Mozilla\Extensions\[email protected]

Chrome:

=======

CHR StartupUrls: Default -> "hxxp://www.google.com/"

CHR Profile: C:\Users\Del\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (Google Slides) - C:\Users\Del\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-04-14]

CHR Extension: (Google Docs) - C:\Users\Del\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-04-14]

CHR Extension: (Google Drive) - C:\Users\Del\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-04-14]

CHR Extension: (YouTube) - C:\Users\Del\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-04-14]

CHR Extension: (Google Search) - C:\Users\Del\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-04-14]

CHR Extension: (Google Sheets) - C:\Users\Del\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-04-14]

CHR Extension: (Google Wallet) - C:\Users\Del\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-04-14]

CHR Extension: (Gmail) - C:\Users\Del\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-14]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [243296 2016-05-09] (AVAST Software)

R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4422704 2016-05-09] (Avast Software)

R2 DellDataVault; C:\Program Files\Dell\DellDataVault\DellDataVault.exe [1958648 2016-03-11] (Dell Inc.)

R2 DellDataVaultWiz; C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe [185080 2016-03-11] (Dell Inc.)

R2 DellUpdate; C:\Program Files\Dell Update\DellUpService.exe [237272 2015-08-27] (Dell Inc.)

R2 Garmin Device Interaction Service; C:\Program Files\Garmin\Device Interaction Service\GarminService.exe [708616 2015-04-08] (Garmin Ltd. or its subsidiaries)

R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)

R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)

R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2015-04-30] (Microsoft Corporation)

S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [284504 2015-04-30] (Microsoft Corporation)

R2 QBCFMonitorService; c:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [45056 2013-02-02] (Intuit) [File not signed]

S3 QBFCService; c:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [61440 2009-07-23] (Intuit Inc.) [File not signed]

R2 SupportAssistAgent; C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [31928 2016-04-22] (Dell Inc.)

R2 SupportSoft Remote Control Client; C:\Program Files\Common Files\supportsoft\bin\consrcclient.exe [2080272 2012-11-06] (SupportSoft, Inc.)

R2 tgsrvc_o2las; C:\Program Files\O2LAS\bin\tgsrvc.exe [213008 2012-11-06] (SupportSoft, Inc.)

S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)

S2 Seagate Sync Service; "C:\Program Files\Seagate\Sync\SeaSyncServices.exe" [X]

S3 WsDrvInst; "C:\Program Files\Wondershare\MobileTrans\DriverInstall.exe" [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [32792 2016-05-09] (AVAST Software)

R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [35096 2016-05-09] (AVAST Software)

R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [91168 2016-05-09] (AVAST Software)

R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [91232 2016-05-09] (AVAST Software)

R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [58776 2016-05-09] (AVAST Software)

R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [815792 2016-05-09] (AVAST Software)

R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [449640 2016-05-09] (AVAST Software)

R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [124808 2016-05-09] (AVAST Software)

R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [221368 2016-05-09] (AVAST Software)

R3 DDDriver; C:\Windows\System32\drivers\DDDriver32Dcsa.sys [29400 2015-09-11] (Dell Computer Corporation)

R3 DellProf; C:\Windows\System32\drivers\DellProf.sys [22192 2015-05-22] (Dell Computer Corporation)

S3 FreshIO; C:\Program Files\FreshDevices\FreshDiagnose\FreshIO.sys [2410 2004-10-26] () [File not signed]

R0 giveio; C:\Windows\System32\giveio.sys [5248 1996-04-03] () [File not signed]

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [24448 2016-03-10] (Malwarebytes)

R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [170200 2016-06-28] (Malwarebytes)

R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [53120 2016-03-10] (Malwarebytes Corporation)

R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [245096 2015-03-04] (Microsoft Corporation)

R0 ngvss; C:\Windows\system32\Drivers\ngvss.sys [136432 2016-05-09] (AVAST Software)

S3 PSSDK42; C:\Windows\system32\Drivers\pssdk42.sys [38976 2015-03-26] (microOLAP Technologies LTD)

S3 PSSDKLBF; C:\Windows\system32\Drivers\pssdklbf.sys [53312 2015-03-26] (microOLAP Technologies LTD)

R0 pwdrvio; C:\Windows\System32\pwdrvio.sys [15688 2013-09-30] ()

S3 pwdspio; C:\Windows\system32\pwdspio.sys [10320 2013-09-30] ()

S3 RapportIaso; c:\programdata\trusteer\rapport\store\exts\rapportms\baseline\rapportiaso.sys [21520 2012-06-30] (Trusteer Ltd.)

S3 silabenm; C:\Windows\System32\DRIVERS\silabenm.sys [47176 2010-07-28] (Silicon Laboratories)

S3 silabser; C:\Windows\System32\DRIVERS\silabser.sys [58112 2010-07-28] (Silicon Laboratories)

R0 speedfan; C:\Windows\System32\speedfan.sys [25240 2011-03-18] (Almico Software)

R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [262984 2016-05-09] (Avast Software)

R3 vncmirror; C:\Windows\System32\DRIVERS\vncmirror.sys [4608 2011-05-31] (RealVNC Ltd.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [20992 2009-07-14] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-06-28 19:07 - 2016-06-28 19:08 - 00020074 _____ C:\Users\Del\Desktop\FRST.txt

2016-06-28 19:07 - 2016-06-28 19:07 - 00000000 ____D C:\FRST

2016-06-28 19:06 - 2016-06-28 19:07 - 01740288 _____ (Farbar) C:\Users\Del\Desktop\FRST.exe

2016-06-28 07:34 - 2016-06-28 07:34 - 00000000 ___HD C:\OneDriveTemp

2016-06-16 19:21 - 2016-06-16 19:50 - 00000000 ____D C:\Users\Del\Documents\My Safes

2016-06-16 19:20 - 2016-06-28 07:34 - 00000000 ____D C:\Users\Del\AppData\Local\PasswordSafe

2016-06-16 19:19 - 2016-06-16 19:19 - 00000994 _____ C:\Users\Del\Desktop\Password Safe.lnk

2016-06-16 19:19 - 2016-06-16 19:19 - 00000000 ____D C:\Users\Del\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Password Safe

2016-06-16 19:19 - 2016-06-16 19:19 - 00000000 ____D C:\Program Files\Password Safe

2016-06-15 09:18 - 2016-06-28 07:35 - 00299574 _____ C:\Windows\ntbtlog.txt

2016-05-29 22:13 - 2016-05-29 22:14 - 06893688 _____ (Piriform Ltd) C:\Users\Del\Desktop\ccsetup518.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-06-28 18:40 - 2011-06-20 19:29 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2016-06-28 18:12 - 2009-07-14 05:34 - 00015152 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2016-06-28 18:12 - 2009-07-14 05:34 - 00015152 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2016-06-28 07:40 - 2009-11-27 15:00 - 00782470 _____ C:\Windows\system32\PerfStringBackup.INI

2016-06-28 07:40 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\inf

2016-06-28 07:35 - 2015-01-25 12:07 - 00170200 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2016-06-28 07:34 - 2014-06-25 19:24 - 00000000 ___RD C:\Users\Del\OneDrive

2016-06-28 07:34 - 2009-07-14 05:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT

2016-06-19 18:25 - 2009-12-02 13:37 - 00007615 _____ C:\Users\Del\AppData\Local\Resmon.ResmonCfg

2016-06-15 21:40 - 2009-11-27 15:13 - 00400040 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

2016-06-12 09:20 - 2011-10-17 19:20 - 00000000 ____D C:\Program Files\SpeedFan

2016-06-04 16:47 - 2015-02-05 20:13 - 00000000 ____D C:\ProgramData\CanonIJPLM

2016-06-02 18:55 - 2016-02-25 15:18 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk

2016-05-29 22:15 - 2013-09-17 20:13 - 00000971 _____ C:\Users\Public\Desktop\CCleaner.lnk

==================== Files in the root of some directories =======

2009-12-02 13:37 - 2016-06-19 18:25 - 0007615 _____ () C:\Users\Del\AppData\Local\Resmon.ResmonCfg

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\system32\winlogon.exe => File is digitally signed

C:\Windows\system32\wininit.exe => File is digitally signed

C:\Windows\system32\svchost.exe => File is digitally signed

C:\Windows\system32\services.exe => File is digitally signed

C:\Windows\system32\User32.dll => File is digitally signed

C:\Windows\system32\userinit.exe => File is digitally signed

C:\Windows\system32\rpcss.dll => File is digitally signed

C:\Windows\system32\dnsapi.dll => File is digitally signed

C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-06-27 10:18

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 28-06-2016

Ran by Del (2016-06-28 19:08:15)

Running from C:\Users\Del\Desktop

Microsoft Windows 7 Home Premium Service Pack 1 (X86) (2009-11-27 13:56:13)

Boot Mode: Normal

==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-2568410734-3031030142-1223416489-500 - Administrator - Disabled)

Del (S-1-5-21-2568410734-3031030142-1223416489-1001 - Administrator - Enabled) => C:\Users\Del

Guest (S-1-5-21-2568410734-3031030142-1223416489-501 - Limited - Disabled)

HomeGroupUser$ (S-1-5-21-2568410734-3031030142-1223416489-1016 - Limited - Enabled)

SophosSAUDEL-PC0 (S-1-5-21-2568410734-3031030142-1223416489-1023 - Limited - Enabled)

Yvonne (S-1-5-21-2568410734-3031030142-1223416489-1008 - Limited - Enabled) => C:\Users\Yvonne

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Disabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}

AS: Microsoft Security Essentials (Disabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC (HKLM\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.016.20045 - Adobe Systems Incorporated)

Adobe AIR (HKLM\...\Adobe AIR) (Version: 21.0.0.198 - Adobe Systems Incorporated)

Adobe Flash Player 21 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 21.0.0.242 - Adobe Systems Incorporated)

ANT Drivers Installer x86 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden

Apple Application Support (HKLM\...\{A83279FD-CA4B-4206-9535-90974DE76654}) (Version: 2.1.5 - Apple Inc.)

Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)

Auslogics DiskDefrag (HKLM\...\{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1) (Version: 5.4.0.0 - Auslogics Labs Pty Ltd)

Avast Free Antivirus (HKLM\...\Avast) (Version: 11.2.2262 - AVAST Software)

Blueline 1.1.1 (HKLM\...\Blueline_is1) (Version: - )

Canon Easy-WebPrint EX (HKLM\...\Easy-WebPrint EX) (Version: 1.5.0.0 - Canon Inc.)

Canon IJ Scan Utility (HKLM\...\Canon_IJ_Scan_Utility) (Version: 1.1.10.15 - Canon Inc.)

Canon Inkjet Printer Driver Add-On Module (HKLM\...\CANONIJINBOXADDON100) (Version: - )

Canon MG7500 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG7500_series) (Version: 1.00 - Canon Inc.)

Canon MG7500 series On-screen Manual (HKLM\...\Canon MG7500 series On-screen Manual) (Version: 7.7.1 - Canon Inc.)

Canon MG7500 series User Registration (HKLM\...\Canon MG7500 series User Registration) (Version: - ‭Canon Inc.)

Canon My Image Garden (HKLM\...\Canon My Image Garden) (Version: 3.1.1 - Canon Inc.)

Canon My Image Garden Design Files (HKLM\...\Canon My Image Garden Design Files) (Version: 3.1.0 - Canon Inc.)

Canon My Printer (HKLM\...\CanonMyPrinter) (Version: 3.2.1 - Canon Inc.)

Canon Quick Menu (HKLM\...\CanonQuickMenu) (Version: 2.5.0 - Canon Inc.)

CCleaner (HKLM\...\CCleaner) (Version: 5.18 - Piriform)

Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)

CPUID CPU-Z 1.72 (HKLM\...\CPUID CPU-Z_is1) (Version: - )

Dell Data Vault (Version: 4.3.8.0 - Dell Inc.) Hidden

Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 1.2.6793.01 - Dell)

Dell SupportAssistAgent (HKLM\...\{3ED468C2-2235-4747-90AD-A7A34F0FE70A}) (Version: 1.2.2.8 - Dell)

Dell System Detect - 1 (HKU\S-1-5-21-2568410734-3031030142-1223416489-1001\...\73f463568823ebbe) (Version: 6.0.0.18 - Dell)

Dell Update (HKLM\...\{DB82968B-57A4-4397-81A5-ECAB21B5DFCD}) (Version: 1.7.1015.0 - Dell Inc.)

Digital Advertising Alliance Protect My Choices (Beta) (HKLM\...\{F0BF9C38-5639-4F0F-A818-AEA288C0A96E}) (Version: 1.2.0.0 - Digital Advertising Alliance)

Elevated Installer (Version: 4.0.15.0 - Garmin Ltd or its subsidiaries) Hidden

Epson Copy Utility 3.5 (HKLM\...\{AA72FB28-73B4-49E5-B6B4-E78F44BBD0AD}) (Version: 3.5.0.0 - )

EPSON TWAIN 5 (HKLM\...\{254BEB3E-1085-4D66-9CDC-0152C0DC2E93}) (Version: 5.71.0000 - SEIKO EPSON Corp.)

Evernote v. 5.9.6 (HKLM\...\{A542D366-9877-11E5-B101-005056951CAD}) (Version: 5.9.6.9494 - Evernote Corp.)

FreshDiagnose (HKLM\...\FreshDevices - FreshDiagnose_is1) (Version: - )

Garmin Communicator Plugin (HKLM\...\{032A13FF-D26D-4844-9597-7EF698627985}) (Version: 4.1.0 - Garmin Ltd or its subsidiaries)

Garmin Express (HKLM\...\{50755d67-ae60-4e47-b3d6-ce44d01b5a95}) (Version: 4.0.15.0 - Garmin Ltd or its subsidiaries)

Garmin Express (Version: 4.0.15.0 - Garmin Ltd or its subsidiaries) Hidden

Garmin Express Tray (Version: 4.0.15.0 - Garmin Ltd or its subsidiaries) Hidden

Google Advertising Cookie Opt-out (HKLM\...\{D1A87CF6-1DFD-470D-800A-CDC1CE5F7E54}) (Version: 1.0.1.0 - Google Inc)

Google Earth Plug-in (HKLM\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)

Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.7619.1252 - Google Inc.)

Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden

Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden

Google Update Helper (Version: 1.3.30.3 - Google Inc.) Hidden

Hawke BRC 1.0.9 (HKLM\...\{44F2B651-A86A-4B6C-8563-07B66F00F8F8}_is1) (Version: - Hawke Sport Optics)

Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1930 - Intel Corporation)

Intel® Processor Identification Utility (HKLM\...\{A92A4DB0-CD37-42D1-BE1D-603D53C24328}) (Version: 1.0.0.0 - Intel Corporation)

Intel® TV Wizard (HKLM\...\TVWiz) (Version: - Intel Corporation)

Intel® Driver Update Utility (HKLM\...\{8409c4f7-2340-4933-a304-5d37db4fb48b}) (Version: 2.0.0.29 - Intel)

Japanese Fonts Support For Adobe Reader 9 (HKLM\...\{AC76BA86-7AD7-5760-0000-900000000003}) (Version: 9.0.0 - Adobe Systems Incorporated)

Java 8 Update 91 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218091F0}) (Version: 8.0.910.14 - Oracle Corporation)

Junk Mail filter update (Version: 14.0.8089.726 - Microsoft Corporation) Hidden

Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)

Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)

Microsoft Office 2000 Professional (HKLM\...\{00010409-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.2720 - Microsoft Corporation)

Microsoft OneDrive (HKU\S-1-5-21-2568410734-3031030142-1223416489-1001\...\OneDriveSetup.exe) (Version: 17.3.6390.0509 - Microsoft Corporation)

Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation)

Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)

Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)

Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)

Microsoft Sync Framework Services Native v1.0 (x86) (HKLM\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)

MiniTool Partition Wizard Free 9.0 (HKLM\...\{05D996FA-ADCB-4D23-BA3C-A7C184A8FAC6}_is1) (Version: - MiniTool Solution Ltd.)

MotoCalc 8.07 (HKLM\...\MotoCalc 8_is1) (Version: - Capable Computing, Inc.)

MSXML 4.0 SP2 Parser and SDK (HKLM\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)

MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)

MSXML 4.0 SP3 Parser (KB2721691) (HKLM\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)

MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)

MSXML 4.0 SP3 Parser (KB973685) (HKLM\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)

O2 BB Assisted Controls V2 (HKLM\...\{B0F51838-4AF7-4784-88DD-C86D7D8AF804}) (Version: 1 - SupportSoft)

P&O Cruises Live Ship Tracker (HKLM\...\com.pocruises.LiveShipTracker.A0C66AABAFAD54D5C6C22F9F89EA0FC11C49AF59.1) (Version: 1.3.15 - Carnival plc)

P&O Cruises Live Ship Tracker (Version: 1.3.15 - Carnival plc) Hidden

Password Safe (HKLM\...\Password Safe) (Version: - )

PMB (HKLM\...\{B6A98E5F-D6A7-46FB-9E9D-1F7BF443491C}) (Version: 5.8.02.10270 - Sony Corporation)

QuickBooks (Version: 20.0.4017.807 - Intuit Inc.) Hidden

QuickBooks Simple Start 2010 Free Edition (HKLM\...\{0700E22B-A419-40A5-BD20-04BF618CA0F9}) (Version: 20.0.4017.807 - Intuit Inc.)

QuickTime 7 (HKLM\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)

RC Plane Master (HKLM\...\RC Plane Master) (Version: - )

Remote Keyboard Lite (HKLM\...\{7C621473-99FD-4800-B2F5-4F390AA46E0C}) (Version: 1.2.0.09270 - Sony Corporation)

Remote Keyboard Lite (Version: 1.2.0.09270 - Sony Corporation) Hidden

SafeZone Stable 1.48.2066.101 (Version: 1.48.2066.101 - Avast Software) Hidden

Samsung Data Migration (HKLM\...\{D4DE3DB4-7734-47E5-8D92-B80146311406}) (Version: 2.7 - Samsung)

Samsung Magician (HKLM\...\{29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1) (Version: 4.5.1 - Samsung Electronics)

Silicon Laboratories CP210x VCP Drivers for Windows XP/2003 Server/Vista/7 (HKLM\...\{EFC7DF4A-D0A1-4622-9104-10D8D2B5C82B}) (Version: 6.1.00 - Silicon Laboratories, Inc.)

Speccy (HKLM\...\Speccy) (Version: 1.28 - Piriform)

SpeedFan (remove only) (HKLM\...\SpeedFan) (Version: - )

Supportsoft Mirror Driver 1.8.0 (HKLM\...\ConsMirror_is1) (Version: 1.8.0 - Consona.)

Supportsoft Printer Driver 1.7.0 (HKLM\...\ConsPrinter_is1) (Version: 1.7.0 - Consona.)

TreeSize Free V3.3.2 (HKLM\...\TreeSize Free_is1) (Version: 3.3.2 - JAM Software)

VirusTotal Uploader 2.2 (HKLM\...\VTUploader) (Version: - )

Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)

Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)

Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)

Windows Live Sign-in Assistant (HKLM\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation)

Windows Live Sync (HKLM\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)

Windows Live Upload Tool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001_Classes\CLSID\{05EC5C13-D255-4592-9CCB-98615172F0D6}\InprocServer32 -> c:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)

CustomCLSID: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001_Classes\CLSID\{0ADF9C35-0D5E-4B75-88DD-B64868907E17}\InprocServer32 -> c:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)

CustomCLSID: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001_Classes\CLSID\{123FAF7F-3FB1-4B8F-AD18-0047401D436A}\InprocServer32 -> c:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)

CustomCLSID: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001_Classes\CLSID\{162C6FB5-44D3-435B-903D-E613FA093FB5}\InprocServer32 -> C:\Users\Del\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\FileCoAuthLib.dll ()

CustomCLSID: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001_Classes\CLSID\{37A2FC00-1795-4679-94A3-A153F1A8BB54}\InprocServer32 -> c:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)

CustomCLSID: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001_Classes\CLSID\{37A2FC02-1795-4679-94A3-A153F1A8BB54}\InprocServer32 -> c:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)

CustomCLSID: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001_Classes\CLSID\{4716D3CE-55DB-4D2A-818C-87D912895890}\InprocServer32 -> c:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)

CustomCLSID: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001_Classes\CLSID\{4844F3F7-2161-4AC4-B219-B3B4311782AA}\InprocServer32 -> c:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)

CustomCLSID: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001_Classes\CLSID\{4A56F19E-9F50-4F43-93C8-050E44AA83A9}\InprocServer32 -> c:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)

CustomCLSID: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001_Classes\CLSID\{4E5E74B5-8EB5-4859-A335-837EED412620}\InprocServer32 -> c:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)

CustomCLSID: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001_Classes\CLSID\{5428A9ED-6CD8-11D6-9C8A-0001023DCAA2}\InprocServer32 -> c:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)

CustomCLSID: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001_Classes\CLSID\{547C8F00-5567-4AE3-8BB0-CC3CE2AB9070}\InprocServer32 -> c:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)

CustomCLSID: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001_Classes\CLSID\{57D590F1-91EB-44CE-8088-AE4AE19D30A1}\InprocServer32 -> c:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)

CustomCLSID: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001_Classes\CLSID\{596801D8-2C9D-4627-9C67-195CB81B655A}\InprocServer32 -> c:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)

CustomCLSID: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001_Classes\CLSID\{5B7331FA-8910-4748-A8A4-60B445041F28}\InprocServer32 -> c:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)

CustomCLSID: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001_Classes\CLSID\{5ED8AC89-B2DE-476D-8EEA-E170B2FCB058}\InprocServer32 -> c:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)

CustomCLSID: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001_Classes\CLSID\{7694F1CD-A55B-4B7C-8820-A90892EB4E9E}\InprocServer32 -> c:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)

CustomCLSID: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001_Classes\CLSID\{7DBF8260-30AD-4D1B-876A-8032B87B809F}\InprocServer32 -> c:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)

CustomCLSID: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001_Classes\CLSID\{810CADD9-2658-4820-BA95-30199625191E}\localserver32 -> C:\Program Files\Intuit\QuickBooks 2010\qbw32.exe (Intuit Inc.)

CustomCLSID: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001_Classes\CLSID\{828E5386-74CF-4019-B356-C857CD028A7D}\InprocServer32 -> c:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)

CustomCLSID: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001_Classes\CLSID\{82CC31B3-53B4-4161-A4E9-6B4F1290A6C8}\InprocServer32 -> c:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)

CustomCLSID: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001_Classes\CLSID\{8572570D-12D9-4F2C-8BB8-EB8848178B94}\InprocServer32 -> c:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)

CustomCLSID: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001_Classes\CLSID\{8E590317-1329-11D1-B70B-00805F29CD16}\localserver32 -> C:\Program Files\Intuit\QuickBooks 2010\qbw32.exe (Intuit Inc.)

CustomCLSID: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001_Classes\CLSID\{8FEDE364-AB37-4551-80C9-6D468E222AB2}\InprocServer32 -> c:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)

CustomCLSID: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001_Classes\CLSID\{9D9B61F2-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> c:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)

CustomCLSID: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001_Classes\CLSID\{9D9B61F3-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> c:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)

CustomCLSID: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001_Classes\CLSID\{9D9B61F4-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> c:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)

CustomCLSID: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001_Classes\CLSID\{9D9B61F5-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> c:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)

CustomCLSID: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001_Classes\CLSID\{9D9B61F6-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> c:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)

CustomCLSID: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001_Classes\CLSID\{9D9B61F7-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> c:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)

CustomCLSID: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001_Classes\CLSID\{A63E42D0-9C63-47B5-ABF2-0C839EC20778}\InprocServer32 -> c:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)

CustomCLSID: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001_Classes\CLSID\{A63E42D2-9C63-47B5-ABF2-0C839EC20778}\InprocServer32 -> c:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)

CustomCLSID: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001_Classes\CLSID\{AF5E0A13-CEAB-47CE-991D-77E82CD1BF3F}\InprocServer32 -> c:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)

CustomCLSID: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001_Classes\CLSID\{B10BFAC3-EFF1-40D9-ADA0-BEBE037C24CA}\InprocServer32 -> c:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)

CustomCLSID: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001_Classes\CLSID\{B66F2BF1-91EB-44CE-8088-AE4AE19D30A1}\InprocServer32 -> c:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)

CustomCLSID: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001_Classes\CLSID\{D14FD6B3-6A9F-4537-9460-07B836707127}\InprocServer32 -> c:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)

CustomCLSID: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001_Classes\CLSID\{D4A12AAF-E15E-470B-A6B6-63032186F91F}\InprocServer32 -> c:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)

CustomCLSID: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001_Classes\CLSID\{D9B9C060-0954-11D3-9E07-00104BD2BE34}\InprocServer32 -> c:\Program Files\Common Files\Intuit\QuickBooks\ViewSource.dll (Intuit, Inc.)

CustomCLSID: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001_Classes\CLSID\{D9BC6F81-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> c:\Program Files\Common Files\Intuit\QuickBooks\cominifile.dll (Intuit, Inc.)

CustomCLSID: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001_Classes\CLSID\{D9BC6F84-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> c:\Program Files\Common Files\Intuit\QuickBooks\cominifile.dll (Intuit, Inc.)

CustomCLSID: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001_Classes\CLSID\{D9BC6F87-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> c:\Program Files\Common Files\Intuit\QuickBooks\cominifile.dll (Intuit, Inc.)

CustomCLSID: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001_Classes\CLSID\{D9BC6FA1-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> c:\Program Files\Common Files\Intuit\QuickBooks\GraphSeriesCol.dll (Intuit, Inc.)

CustomCLSID: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001_Classes\CLSID\{D9BC6FA6-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> c:\Program Files\Common Files\Intuit\QuickBooks\GraphSeriesCol.dll (Intuit, Inc.)

CustomCLSID: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001_Classes\CLSID\{D9BC6FB2-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> c:\Program Files\Common Files\Intuit\QuickBooks\StorageClasses.dll (Intuit, Inc.)

CustomCLSID: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001_Classes\CLSID\{DCB2B478-EFF6-48F6-B718-13E98876854E}\InprocServer32 -> c:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)

CustomCLSID: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001_Classes\CLSID\{DFD0AF10-B86C-4AF3-B609-1348D513E565}\InprocServer32 -> c:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)

CustomCLSID: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001_Classes\CLSID\{E1A173E1-D957-4C3E-A098-43756A3DB454}\InprocServer32 -> c:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)

CustomCLSID: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001_Classes\CLSID\{E1A173E3-D957-4C3E-A098-43756A3DB454}\InprocServer32 -> c:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)

CustomCLSID: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001_Classes\CLSID\{EADA914E-5B08-4E85-8440-5A087504DF87}\InprocServer32 -> c:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)

CustomCLSID: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001_Classes\CLSID\{EAEF733D-5B08-4E85-8440-5A087504DF87}\InprocServer32 -> c:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)

CustomCLSID: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001_Classes\CLSID\{F2C593CC-74B2-4F71-8556-DD4D426D0409}\InprocServer32 -> c:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)

CustomCLSID: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001_Classes\CLSID\{FAC93D42-FFC2-11d1-9DEB-0008C7A08EBA}\localserver32 -> C:\Program Files\Intuit\QuickBooks 2010\qbw32.exe (Intuit Inc.)

CustomCLSID: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001_Classes\CLSID\{FB17915F-06D1-4214-A902-CC5EE05186E9}\InprocServer32 -> c:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {164C059B-1EB3-47D0-A107-7E700F508F57} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\Dell\SupportAssist\uaclauncher.exe [2016-03-24] (PC-Doctor, Inc.)

Task: {2BD69B71-B84A-4531-BF0D-2B5FED4B4043} - System32\Tasks\SpeedFixToolPro_Popup => C:\Program Files\Speed Fix Tool Pro\Splash.exe

Task: {381C4D86-47CF-4802-9296-742570C447F8} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-04-22] (Adobe Systems Incorporated)

Task: {4220E91D-159A-40F3-BF52-F11C873327DD} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)

Task: {6700FFF6-E4FA-4E2A-85BF-CEF4A252A8CD} - System32\Tasks\SamsungMagician => C:\Program Files\Samsung\Samsung Magician\Samsung Magician.exe [2014-09-28] (Samsung Electronics.)

Task: {7EE8B7F1-56B0-4094-A031-B182E86FCB34} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2016-06-02] (AVAST Software)

Task: {8F6481E2-81DA-4183-B2EA-B97786166D04} - System32\Tasks\SystemToolsDailyTest-Retry => uaclauncher.exe

Task: {9B62277F-FE5D-41CB-8BB5-47B3E4E768B6} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-05-09] (AVAST Software)

Task: {A0BE39EA-1F57-4271-8B9D-2DE89B277B2E} - System32\Tasks\PCDDataUploadTask => uaclauncher.exe

Task: {A919F893-4B86-4251-8158-370AFBF29525} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)

Task: {C3D75BFF-B14D-4DCA-AABF-226CA81E5EE5} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\Dell\SupportAssist\sessionchecker.exe [2016-03-24] (PC-Doctor, Inc.)

Task: {D0A19339-A8A1-48F8-80BB-9DE76C86463A} - System32\Tasks\GarminUpdaterTask => C:\Program Files\Garmin\Express Self Updater\ExpressSelfUpdater.exe

Task: {E66E2604-3592-490E-BDD4-599480532A2B} - System32\Tasks\SafeZone scheduled Autoupdate 1458723209 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2016-04-15] (Avast Software)

Task: {E66F3A92-1D1D-4E42-9FAE-4AB2A6B6436C} - System32\Tasks\SpeedFixToolPro_Start => C:\Program Files\Speed Fix Tool Pro\SpeedFixToolPro.exe

Task: {EE190C43-E582-4733-80C6-79372FFD854E} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssist.exe [2016-04-22] (Dell Inc.)

Task: {FBE2BA1B-8D87-47DC-9C89-73F36FC0D02D} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-05-13] (Piriform Ltd)

Task: {FC730A38-A49E-4B31-BF8B-49D8E77E2D17} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2016-05-09 18:18 - 2016-05-09 18:18 - 00123344 _____ () C:\Program Files\AVAST Software\Avast\log.dll

2016-05-09 18:18 - 2016-05-09 18:18 - 00135816 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll

2016-06-27 20:50 - 2016-06-27 20:50 - 02948608 _____ () C:\Program Files\AVAST Software\Avast\defs\16062701\algo.dll

2016-05-09 18:18 - 2016-05-09 18:18 - 00309912 _____ () C:\Program Files\AVAST Software\Avast\browser_pass.dll

2016-05-09 18:18 - 2016-05-09 18:18 - 00479680 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll

2016-06-28 11:34 - 2016-06-28 11:34 - 02944512 _____ () C:\Program Files\AVAST Software\Avast\defs\16062800\algo.dll

2013-11-06 09:41 - 2012-02-01 18:09 - 00026112 _____ () C:\Windows\System32\VNCpm.dll

2016-05-23 20:42 - 2016-05-23 20:42 - 00679624 _____ () C:\Users\Del\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\ClientTelemetry.dll

2016-02-13 16:28 - 2014-10-31 17:37 - 01498112 _____ () C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\DAQExp.dll

2016-02-13 16:28 - 2014-05-19 18:19 - 00137728 _____ () C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\CBSCreateVC.dll

2016-03-14 17:33 - 2016-03-14 17:33 - 40539648 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll

2015-12-01 16:37 - 2015-12-01 16:37 - 00439504 _____ () C:\Program Files\Evernote\Evernote\libxml2.dll

2015-12-01 16:37 - 2015-12-01 16:37 - 00321232 _____ () C:\Program Files\Evernote\Evernote\libtidy.dll

2015-04-29 13:49 - 2014-09-28 17:59 - 00019872 _____ () C:\Program Files\Samsung\Samsung Magician\SAMSUNG_SSD.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\Del\Desktop\passport Y.jpeg:3or4kl4x13tuuug3Byamue2s4b [87]

AlternateDataStreams: C:\Users\Yvonne\Desktop\specs.jpeg:3or4kl4x13tuuug3Byamue2s4b [87]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\38910314.sys => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\38910314.sys => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SprtListen => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SprtListenPush => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SupportSoft Remote Control Client => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001\...\dell.com -> dell.com

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:04 - 2013-09-26 17:00 - 00000098 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 localhost

::1 localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2568410734-3031030142-1223416489-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Del\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg

DNS Servers: 192.168.1.254

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)

Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk => C:\Windows\pss\QuickBooks Update Agent.lnk.CommonStartup

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [WMP-In-UDP-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe

FirewallRules: [WMP-Out-UDP-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe

FirewallRules: [WMP-Out-TCP-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe

FirewallRules: [{E926E57D-011D-4F63-BCC5-FFCFDC28D091}] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe

FirewallRules: [{CE504808-152F-4073-8BB9-0F8E7C4D30C6}] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe

FirewallRules: [{AB3FBA72-52C3-4476-9A38-230DBE05659B}] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe

FirewallRules: [{A8616B58-176D-4754-BFDE-646050AF6178}] => (Allow) C:\Users\Del\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe

FirewallRules: [{2094D451-408F-42B5-B104-79CD697DE53F}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe

FirewallRules: [{417A793D-7470-4EE0-B25E-9EBF1F6227BE}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe

==================== Restore Points =========================

01-04-2016 22:29:36 Dell Update: eDellRoot Removal

04-04-2016 11:04:39 Windows Update

05-04-2016 09:57:33 Dell Update: eDellRoot Removal

08-04-2016 11:17:41 Dell Update: eDellRoot Removal

11-04-2016 16:06:47 Windows Update

14-04-2016 17:08:23 Dell Update: eDellRoot Removal

17-04-2016 17:13:36 Dell Update: eDellRoot Removal

20-04-2016 09:00:49 Windows Update

20-04-2016 20:14:35 Dell Update: eDellRoot Removal

24-04-2016 14:43:06 Dell Update: eDellRoot Removal

27-04-2016 19:40:46 Windows Update

04-05-2016 11:39:48 Windows Update

04-05-2016 11:39:48 Dell Update: eDellRoot Removal

07-05-2016 13:59:33 Dell Update: eDellRoot Removal

10-05-2016 15:41:56 Dell Update: eDellRoot Removal

10-05-2016 15:42:48 Dell Update: eDellRoot Removal

11-05-2016 14:34:04 Windows Update

13-05-2016 15:42:43 Dell Update: eDellRoot Removal

15-05-2016 19:11:16 Windows Update

17-05-2016 11:38:11 Dell Update: eDellRoot Removal

19-05-2016 18:28:01 Windows Update

20-05-2016 12:13:52 Dell Update: eDellRoot Removal

23-05-2016 16:40:49 Dell Update: eDellRoot Removal

23-05-2016 17:06:56 Windows Update

26-05-2016 19:22:31 Dell Update: eDellRoot Removal

26-05-2016 19:32:13 Dell Update: eDellRoot Removal

26-05-2016 19:36:38 Windows Update

29-05-2016 22:12:43 Dell Update: eDellRoot Removal

30-05-2016 11:43:17 Windows Update

02-06-2016 18:45:13 Dell Update: eDellRoot Removal

04-06-2016 16:49:21 Windows Update

05-06-2016 18:45:17 Dell Update: eDellRoot Removal

10-06-2016 18:32:07 Dell Update: eDellRoot Removal

10-06-2016 19:22:11 Windows Update

13-06-2016 19:09:49 Dell Update: eDellRoot Removal

14-06-2016 18:14:42 Windows Update

16-06-2016 19:09:50 Dell Update: eDellRoot Removal

16-06-2016 19:10:11 Dell Update: eDellRoot Removal

18-06-2016 17:43:07 Windows Update

19-06-2016 22:02:55 Dell Update: eDellRoot Removal

21-06-2016 18:53:06 Windows Update

23-06-2016 11:59:01 Dell Update: eDellRoot Removal

26-06-2016 17:04:18 Dell Update: eDellRoot Removal

26-06-2016 18:59:24 Windows Update

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:

==================

Error: (06/28/2016 08:20:15 AM) (Source: Application Hang) (EventID: 1002) (User: )

Description: The program iexplore.exe version 11.0.9600.17937 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1ec0

Start Time: 01d1d10d31a846a0

Termination Time: 0

Application Path: C:\Program Files\Internet Explorer\iexplore.exe

Report Id:

Error: (06/28/2016 07:40:44 AM) (Source: Application Hang) (EventID: 1002) (User: )

Process ID: 574

Start Time: 01d1d107dfe65aad

Termination Time: 87

Application Path: C:\Program Files\Internet Explorer\iexplore.exe

Report Id:

Error: (06/25/2016 05:44:39 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: CNQMUPDT.EXE, version: 2.5.0.0, time stamp: 0x53c4bba5

Faulting module name: CNMDWLD.DLL, version: 1.0.0.0, time stamp: 0x4f5eedc8

Exception code: 0xc0000005

Fault offset: 0x000023c6

Faulting process id: 0xf9c

Faulting application start time: 0xCNQMUPDT.EXE0

Faulting application path: CNQMUPDT.EXE1

Faulting module path: CNQMUPDT.EXE2

Report Id: CNQMUPDT.EXE3

Error: (06/25/2016 05:32:54 PM) (Source: ESENT) (EventID: 490) (User: )

Description: taskhost (2352) WebCacheLocal: An attempt to open the file "C:\Users\Yvonne\AppData\Local\Microsoft\Windows\WebCache\V01.chk" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8).

Error: (06/22/2016 11:28:38 AM) (Source: ESENT) (EventID: 215) (User: )

Description: wlmail (6320) C:\Users\Yvonne\AppData\Local\Microsoft\Windows Live Mail\Calendars\: The backup has been stopped because it was halted by the client or the connection with the client failed.

Error: (06/20/2016 09:42:34 AM) (Source: Application Hang) (EventID: 1002) (User: )

Process ID: 1fa8

Start Time: 01d1cacf8d7b7853

Termination Time: 10

Application Path: C:\Program Files\Internet Explorer\iexplore.exe

Report Id:

Error: (06/18/2016 04:44:36 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: iexplore.exe, version: 11.0.9600.17937, time stamp: 0x55a7f8da

Faulting module name: MSHTML.dll, version: 11.0.9600.17937, time stamp: 0x55a811ac

Exception code: 0xc00000fd

Fault offset: 0x000a9897

Faulting process id: 0x614

Faulting application start time: 0xiexplore.exe0

Faulting application path: iexplore.exe1

Faulting module path: iexplore.exe2

Report Id: iexplore.exe3

Error: (06/18/2016 02:54:35 PM) (Source: Application Hang) (EventID: 1002) (User: )

Description: The program wlmail.exe version 14.0.8089.726 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1640

Start Time: 01d1c968cabfee7d

Termination Time: 16

Application Path: C:\Program Files\Windows Live\Mail\wlmail.exe

Report Id: 2923de1c-355c-11e6-bce6-0024e811b7db

Error: (06/17/2016 10:23:31 PM) (Source: DellUpdate) (EventID: 0) (User: )

Description: Failed in handling the PowerEvent. The error that occurred was: System.InvalidOperationException: The ChannelDispatcher at 'net.pipe://localhost/WinSvcReceiverPipe_4e9dbae5-7d0b-4c6f-af63-2dfcae65839d/Receiver_308fb0b1-585f-404c-abb4-6bedfed90039' with contract(s) '"IDellUpdateWcfSession"' is unable to open its IChannelListener. ---> System.InvalidOperationException: A registration already exists for URI 'net.pipe://localhost/WinSvcReceiverPipe_4e9dbae5-7d0b-4c6f-af63-2dfcae65839d/Receiver_308fb0b1-585f-404c-abb4-6bedfed90039'.

at System.ServiceModel.Channels.UriPrefixTable`1.RegisterUri(Uri uri, HostNameComparisonMode hostNameComparisonMode, TItem item)

at System.ServiceModel.Channels.ConnectionOrientedTransportManager`1.Register(TransportChannelListener channelListener)

at System.ServiceModel.Channels.TransportManager.Open(TransportChannelListener channelListener)

at System.ServiceModel.Channels.TransportManagerContainer.Open(SelectTransportManagersCallback selectTransportManagerCallback)

at System.ServiceModel.Channels.TransportChannelListener.On....

Error: (06/16/2016 02:48:49 PM) (Source: Application Hang) (EventID: 1002) (User: )

Process ID: 900

Start Time: 01d1c7d56af37a42

Termination Time: 0

Application Path: C:\Program Files\Internet Explorer\iexplore.exe

Report Id:

System errors:

=============

Error: (06/28/2016 05:14:40 PM) (Source: Service Control Manager) (EventID: 7011) (User: )

Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.

Error: (06/28/2016 09:21:31 AM) (Source: Service Control Manager) (EventID: 7011) (User: )

Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the MBAMService service.

Error: (06/28/2016 09:01:48 AM) (Source: Service Control Manager) (EventID: 7011) (User: )

Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the MBAMService service.

Error: (06/28/2016 08:17:00 AM) (Source: Service Control Manager) (EventID: 7011) (User: )

Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Schedule service.

Error: (06/28/2016 07:59:54 AM) (Source: Service Control Manager) (EventID: 7011) (User: )

Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Garmin Device Interaction Service service.

Error: (06/28/2016 07:59:54 AM) (Source: Service Control Manager) (EventID: 7011) (User: )

Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the EFS service.

Error: (06/28/2016 07:55:28 AM) (Source: Service Control Manager) (EventID: 7011) (User: )

Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Garmin Device Interaction Service service.

Error: (06/28/2016 07:55:28 AM) (Source: Service Control Manager) (EventID: 7011) (User: )

Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the EFS service.

Error: (06/26/2016 06:18:32 PM) (Source: Service Control Manager) (EventID: 7011) (User: )

Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.

Error: (06/25/2016 05:43:55 PM) (Source: Service Control Manager) (EventID: 7011) (User: )

Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the MBAMService service.

==================== Memory info ===========================

Processor: Pentium® Dual-Core CPU E5300 @ 2.60GHz

Percentage of memory in use: 67%

Total physical RAM: 3061.16 MB

Available physical RAM: 991.4 MB

Total Virtual: 6120.63 MB

Available Virtual: 3604.43 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:232.88 GB) (Free:45.31 GB) NTFS ==>[drive with boot components (obtained from BCD)]

==================== MBR & Partition Table ==================

========================================================

Disk: 0 (Size: 232.9 GB) (Disk ID: CBAB01D2)

Partition 1: (Active) - (Size=232.9 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

Attached Files

FRST.txt 23.24KB 183 downloads
Addition.txt 41.73KB 193 downloads

#2
RKinner

Posted 30 June 2016 - 01:14 PM

Malware Expert

Expert
24,625 posts

Uninstall Microsoft Security Essentials. You have Avast and two anti-viruses will fight each other.

Separate REPLY post for each log as you get them is easiest.

Download the attached fixlist.txt to the same location as FRST

Run FRST and press Fix

A fix log will be generated please post that

Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator. Then type (with an Enter after each line).

sfc  /scannow

Copy the next two lines:

findstr  /c:"[SR]"  \windows\logs\cbs\cbs.log  >  \windows\logs\cbs\junk.txt 
notepad \windows\logs\cbs\junk.txt

Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue. Right click and Paste or Edit then Paste and the copied line should appear.

Hit Enter. Copy and paste the text from notepad or if it is too big, just attach the file.)

1. Please download the Event Viewer Tool by Vino Rosso

http://images.malwar...om/vino/VEW.exe

and save it to your Desktop:

2. Right-click VEW.exe and Run AS Administrator

3. Under 'Select log to query', select:

* System

4. Under 'Select type to list', select:

* Error

* Warning

Then use the 'Number of events' as follows:

1. Click the radio button for 'Number of events'

Type 20 in the 1 to 20 box

Then click the Run button.

Notepad will open with the output log.

Please post the Output log in your next reply then repeat but select Application. (Each time you run VEW it overwrites the log so copy the first one to a Reply or rename it before running it a second time.)

Run FRST again as before. Make sure Addition.txt is checked and hit Scan. Post both logs.

Get Process Explorer

http://live.sysinter...com/procexp.exe

Save it to your desktop then run it (Vista or Win7 - right click and Run As Administrator).

View, Select Column, check Verified Signer, OK

Options, Verify Image Signatures

Click twice on the CPU column header to sort things by CPU usage with the big hitters at the top.

Wait a full minute then:

File, Save As, Save. Note the file name. Open the file on your desktop and copy and paste the text to a reply.

#3
70delboy

Posted 01 July 2016 - 09:08 AM

Member

Topic Starter
Member
165 posts

Hi RKinner

Fix log attached

delboy

Attached Files

Fixlog.txt 6.11KB 194 downloads

#4
70delboy

Posted 01 July 2016 - 09:36 AM

Member

Topic Starter
Member
165 posts

Reply #2

Hi RKinner

Junk file attached

Attached Files

junk.txt 28.77KB 186 downloads

#5
70delboy

Posted 01 July 2016 - 09:43 AM

Member

Topic Starter
Member
165 posts

Reply #3

Hi RKinner

Output from VUW

Attached Files

VEW1.txt 2.63KB 199 downloads

#6
70delboy

Posted 01 July 2016 - 09:49 AM

Member

Topic Starter
Member
165 posts

Reply #4

Hi RKinner

Second VUW scan

delboy

Attached Files

VEW2.txt 9.91KB 179 downloads

#7
70delboy

Posted 01 July 2016 - 09:54 AM

Member

Topic Starter
Member
165 posts

Reply #5

Hi RKinner

FRST scan

delboy

Attached Files

FRST.txt 22.93KB 176 downloads

#8
70delboy

Posted 01 July 2016 - 09:56 AM

Member

Topic Starter
Member
165 posts

Reply #6

Hi RKinner

Addition scan

delboy

Attached Files

Addition.txt 35.75KB 200 downloads

#9
70delboy

Posted 01 July 2016 - 10:03 AM

Member

Topic Starter
Member
165 posts

Reply #7

Hi RKinner

System Idle Processes

delboy

Process CPU Private Bytes Working Set PID Description Company Name Verified Signer
svchost.exe 48.55 250,080 K 152,476 K 984 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
System Idle Process 37.64 0 K 24 K 0
procexp.exe 3.63 24,032 K 48,700 K 1792 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation
iexplore.exe 3.24 109,420 K 152,080 K 4548 Internet Explorer Microsoft Corporation (Verified) Microsoft Corporation
dwm.exe 1.93 29,792 K 64,584 K 676 Desktop Window Manager Microsoft Corporation (Verified) Microsoft Windows
System 0.58 60 K 1,876 K 4
Interrupts 0.41 0 K 0 K n/a Hardware Interrupts and DPCs
mbam.exe 0.28 26,128 K 46,176 K 3200 Malwarebytes Anti-Malware Malwarebytes (Verified) Malwarebytes Corporation
GarminService.exe 0.15 32,556 K 50,604 K 1860 Garmin Service Garmin Ltd. or its subsidiaries (Verified) Garmin International
csrss.exe 0.06 10,092 K 15,152 K 488 Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows
AvastSvc.exe 0.07 94,960 K 41,028 K 1236 avast! Service AVAST Software (Verified) AVAST Software a.s.
explorer.exe 0.04 40,720 K 62,852 K 1124 Windows Explorer Microsoft Corporation (Verified) Microsoft Windows
DellDataVault.exe 0.03 5,080 K 8,904 K 1456 Dell Data Vault Service Dell Inc. (Verified) Techporch Incorporated
WmiPrvSE.exe 0.03 4,280 K 7,872 K 2504 WMI Provider Host Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 0.02 5,336 K 10,200 K 1824 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
audiodg.exe 0.02 15,688 K 14,640 K 1060 Windows Audio Device Graph Isolation Microsoft Corporation (Verified) Microsoft Windows
CCleaner.exe 0.01 8,836 K 3,672 K 2768 CCleaner Piriform Ltd (Verified) Piriform Ltd
wmpnetwk.exe 0.01 12,604 K 10,740 K 4452 Windows Media Player Network Sharing Service Microsoft Corporation (Verified) Microsoft Windows
QBCFMonitorService.exe 0.01 11,716 K 11,504 K 3220 QuickBooks Company File Monitoring Service Intuit (No signature was present in the subject) Intuit
CNQMUPDT.EXE < 0.01 23,464 K 22,396 K 4964 Canon Quick Menu Updater CANON INC. (Verified) Canon Inc.
AvastUI.exe < 0.01 11,904 K 20,532 K 2104 avast! Antivirus AVAST Software (Verified) AVAST Software a.s.
svchost.exe < 0.01 6,832 K 13,072 K 960 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
iexplore.exe < 0.01 20,356 K 44,072 K 2948 Internet Explorer Microsoft Corporation (Verified) Microsoft Corporation
taskhost.exe < 0.01 12,780 K 14,520 K 724 Host Process for Windows Tasks Microsoft Corporation (Verified) Microsoft Windows
EvernoteClipper.exe < 0.01 1,408 K 5,392 K 2312 Evernote Clipper Evernote Corp., 305 Walnut Street, Redwood City, CA 94063 (Verified) EVERNOTE CORPORATION
lsass.exe  5,312 K 11,596 K 576 Local Security Authority Process Microsoft Corporation (Verified) Microsoft Windows
svchost.exe < 0.01 4,812 K 12,564 K 916 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
OneDrive.exe < 0.01 7,448 K 21,424 K 2200 Microsoft OneDrive Microsoft Corporation (Verified) Microsoft Corporation
DellUpService.exe < 0.01 20,524 K 35,336 K 5964 Dell Update Windows Service Dell Inc. (Verified) Dell Inc.
iexplore.exe < 0.01 124,136 K 165,784 K 5668 Internet Explorer Microsoft Corporation (Verified) Microsoft Corporation
SearchIndexer.exe < 0.01 43,340 K 22,988 K 1376 Microsoft Windows Search Indexer Microsoft Corporation (Verified) Microsoft Windows
svchost.exe < 0.01 12,828 K 12,668 K 1172 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
WmiPrvSE.exe < 0.01 18,140 K 23,340 K 4288 WMI Provider Host Microsoft Corporation (Verified) Microsoft Windows
csrss.exe  1,640 K 4,012 K 428 Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows
mbamservice.exe < 0.01 266,836 K 161,768 K 2808 Malwarebytes Anti-Malware Malwarebytes (Verified) Malwarebytes Corporation
WUDFHost.exe  1,580 K 5,236 K 872 Windows Driver Foundation - User-mode Driver Framework Host Process Microsoft Corporation (Verified) Microsoft Windows
WSHelper.exe  8,348 K 16,272 K 2076 Wondershare Studio Wondershare (Verified) Wondershare software CO.
WmiPrvSE.exe  11,200 K 19,136 K 4948 WMI Provider Host Microsoft Corporation (Verified) Microsoft Windows
winlogon.exe  2,180 K 5,888 K 564 Windows Logon Application Microsoft Corporation (Verified) Microsoft Windows
wininit.exe  896 K 3,420 K 480 Windows Start-Up Application Microsoft Corporation (Verified) Microsoft Windows
unsecapp.exe  1,124 K 4,336 K 4860 Sink to receive asynchronous callbacks for WMI client application Microsoft Corporation (Verified) Microsoft Windows
tgsrvc.exe  1,700 K 4,544 K 3644 SupportSoft Repair Service SupportSoft, Inc. (Verified) Consona Corporation
taskeng.exe  1,044 K 3,876 K 1448 Task Scheduler Engine Microsoft Corporation (Verified) Microsoft Windows
taskeng.exe  1,224 K 4,460 K 2528 Task Scheduler Engine Microsoft Corporation (Verified) Microsoft Windows
svchost.exe  3,588 K 6,824 K 796 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe  16,612 K 18,572 K 4900 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe  16,968 K 17,468 K 880 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe  37,924 K 19,220 K 3776 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe  1,368 K 4,904 K 3500 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe  8,484 K 11,912 K 1500 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe  3,152 K 7,608 K 708 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe  1,888 K 4,580 K 1084 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe  884 K 3,632 K 3472 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe  3,960 K 7,996 K 1784 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
SupportAssistAgent.exe  26,812 K 33,264 K 6056 Service Dell Inc. (Verified) Dell Inc.
spoolsv.exe  5,164 K 10,356 K 1428 Spooler SubSystem App Microsoft Corporation (Verified) Microsoft Windows
smss.exe  260 K 820 K 340 Windows Session Manager Microsoft Corporation (Verified) Microsoft Windows
services.exe  4,696 K 10,228 K 532 Services and Controller app Microsoft Corporation (Verified) Microsoft Windows
Samsung Magician.exe  19,304 K 3,576 K 4912 Samsung Magician Application Samsung Electronics. (Verified) Samsung Electronics Co.
pwsafe.exe  3,140 K 9,600 K 2324 Password Safe Application SourceForge.net (No signature was present in the subject) SourceForge.net
PMBVolumeWatcher.exe  7,168 K 2,388 K 1052 Media Check Tool Sony Corporation (Verified) Sony Corporation
PMBDeviceInfoProvider.exe  1,824 K 5,068 K 2976 Device Information Provider Sony Corporation (Verified) Sony Corporation
MsSpellCheckingFacility.exe  2,704 K 6,832 K 5728 Microsoft Spell Checking Facility Microsoft Corporation (Verified) Microsoft Windows
mbamscheduler.exe  3,788 K 8,844 K 2364 Malwarebytes Anti-Malware Malwarebytes (Verified) Malwarebytes Corporation
lsm.exe  1,316 K 3,232 K 584 Local Session Manager Service Microsoft Corporation (Verified) Microsoft Windows
jusched.exe  1,868 K 4,360 K 2148 Java Update Scheduler Oracle Corporation (Verified) Oracle America
igfxtray.exe  1,192 K 4,584 K 1252 igfxTray Module Intel Corporation (Verified) Intel Corporation
igfxsrvc.exe  1,600 K 4,848 K 2224 igfxsrvc Module Intel Corporation (Verified) Intel Corporation
igfxpers.exe  1,100 K 4,532 K 472 persistence Module Intel Corporation (Verified) Intel Corporation
hkcmd.exe  1,312 K 4,568 K 492 hkcmd Module Intel Corporation (Verified) Intel Corporation
GWX.exe  2,848 K 3,412 K 4588 GWX Microsoft Corporation (Verified) Microsoft Windows
GoogleUpdate.exe  1,620 K 2,504 K 440 Google Installer Google Inc. (Verified) Google Inc
FlashUtil32_21_0_0_242_ActiveX.exe  3,208 K 8,540 K 3296 Adobe® Flash® Player Installer/Uninstaller 21.0 r0 Adobe Systems Incorporated (Verified) Adobe Systems Incorporated
DellUpTray.exe  53,904 K 45,672 K 4852 Dell Update Dell Inc. (Verified) Dell Inc.
DellDataVaultWiz.exe  4,000 K 8,208 K 3100 Dell Data Vault Wizard Dell Inc. (Verified) Techporch Incorporated
consrcclient.exe  2,016 K 4,964 K 3544 SupportSoft® Remote Control Client SupportSoft, Inc. (Verified) Consona Corporation
CNQMSWCS.EXE  50,416 K 45,016 K 5036 Canon Quick Menu Image Display CANON INC. (Verified) Canon Inc.
CNQMMAIN.EXE  74,172 K 32,316 K 1780 Canon Quick Menu CANON INC. (Verified) Canon Inc.
armsvc.exe  832 K 3,072 K 1756 Adobe Acrobat Update Service Adobe Systems Incorporated (Verified) Adobe Systems

#10
RKinner

Posted 01 July 2016 - 10:55 AM

Malware Expert

Expert
24,625 posts

Uninstall Dell Update. You can look on the Dell Site and see if they have a new version but I'm not sure it's worth the effort.

Download the attached appid.zip file

and save it. Right click on it and Extract All. Find appid.reg and right click on it and Merge.

Download the attached fixlist.txt to the same location as FRST

Run FRST and press Fix

A fix log will be generated please post that

Reboot.

Run FRST again as before. Make sure Addition.txt is checked and hit Scan. Post both logs.

Run Process Explorer again as before.

#11
70delboy

Posted 01 July 2016 - 12:23 PM

Member

Topic Starter
Member
165 posts

Hi RKinner

FRST fixlog file attached

delboy

Attached Files

Fixlog.txt 9.71KB 195 downloads

#12
70delboy

Posted 01 July 2016 - 12:47 PM

Member

Topic Starter
Member
165 posts

Hi RKinner

FRST logs

delboy

Attached Files

FRST.txt 23.09KB 164 downloads
Addition.txt 34.6KB 181 downloads

#13
70delboy

Posted 01 July 2016 - 12:57 PM

Member

Topic Starter
Member
165 posts

Hi RKinner

Hardware Interrupts and DPCs

delboy

Process CPU Private Bytes Working Set PID Description Company Name Verified Signer
armsvc.exe  820 K 3,052 K 1772 Adobe Acrobat Update Service Adobe Systems Incorporated (Verified) Adobe Systems
audiodg.exe  15,024 K 13,888 K 5036 Windows Audio Device Graph Isolation Microsoft Corporation (Verified) Microsoft Windows
CNQMMAIN.EXE  75,100 K 30,732 K 2584 Canon Quick Menu CANON INC. (Verified) Canon Inc.
CNQMSWCS.EXE  50,584 K 45,444 K 4968 Canon Quick Menu Image Display CANON INC. (Verified) Canon Inc.
consrcclient.exe  2,028 K 4,980 K 3616 SupportSoft® Remote Control Client SupportSoft, Inc. (Verified) Consona Corporation
DellDataVault.exe  5,088 K 8,892 K 4992 Dell Data Vault Service Dell Inc. (Verified) Techporch Incorporated
DellDataVaultWiz.exe  3,968 K 8,184 K 492 Dell Data Vault Wizard Dell Inc. (Verified) Techporch Incorporated
FlashUtil32_21_0_0_242_ActiveX.exe  3,156 K 8,296 K 2820 Adobe® Flash® Player Installer/Uninstaller 21.0 r0 Adobe Systems Incorporated (Verified) Adobe Systems Incorporated
GoogleUpdate.exe  1,628 K 2,516 K 2108 Google Installer Google Inc. (Verified) Google Inc
GWX.exe  2,868 K 3,388 K 4392 GWX Microsoft Corporation (Verified) Microsoft Windows
hkcmd.exe  1,324 K 4,572 K 2388 hkcmd Module Intel Corporation (Verified) Intel Corporation
igfxpers.exe  1,100 K 4,464 K 2400 persistence Module Intel Corporation (Verified) Intel Corporation
igfxsrvc.exe  1,596 K 4,808 K 2432 igfxsrvc Module Intel Corporation (Verified) Intel Corporation
igfxtray.exe  1,204 K 4,584 K 2380 igfxTray Module Intel Corporation (Verified) Intel Corporation
jusched.exe  1,880 K 4,392 K 2628 Java Update Scheduler Oracle Corporation (Verified) Oracle America
lsass.exe  4,052 K 10,204 K 576 Local Security Authority Process Microsoft Corporation (Verified) Microsoft Windows
lsm.exe  1,308 K 3,228 K 584 Local Session Manager Service Microsoft Corporation (Verified) Microsoft Windows
mbamscheduler.exe  3,700 K 8,776 K 2780 Malwarebytes Anti-Malware Malwarebytes (Verified) Malwarebytes Corporation
MsSpellCheckingFacility.exe  2,564 K 6,648 K 4376 Microsoft Spell Checking Facility Microsoft Corporation (Verified) Microsoft Windows
PMBDeviceInfoProvider.exe  1,820 K 5,064 K 3372 Device Information Provider Sony Corporation (Verified) Sony Corporation
PMBVolumeWatcher.exe  7,328 K 2,312 K 2564 Media Check Tool Sony Corporation (Verified) Sony Corporation
procexp.exe  14,288 K 23,412 K 6040 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation
procexp.exe  13,288 K 22,856 K 5752 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation
pwsafe.exe  3,160 K 9,572 K 2792 Password Safe Application SourceForge.net (No signature was present in the subject) SourceForge.net
Samsung Magician.exe  19,244 K 3,616 K 4900 Samsung Magician Application Samsung Electronics. (Verified) Samsung Electronics Co.
services.exe  4,208 K 9,848 K 532 Services and Controller app Microsoft Corporation (Verified) Microsoft Windows
smss.exe  264 K 820 K 340 Windows Session Manager Microsoft Corporation (Verified) Microsoft Windows
spoolsv.exe  5,160 K 10,296 K 1452 Spooler SubSystem App Microsoft Corporation (Verified) Microsoft Windows
SupportAssistAgent.exe  24,224 K 28,924 K 5596 Service Dell Inc. (Verified) Dell Inc.
svchost.exe  3,780 K 7,932 K 1816 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe  900 K 3,656 K 3520 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe  1,364 K 4,880 K 3580 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe  1,868 K 4,548 K 1088 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe  37,920 K 22,272 K 3860 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe  9,996 K 12,528 K 1520 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe  15,312 K 16,396 K 884 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe  16,696 K 18,764 K 4840 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
taskeng.exe  1,216 K 4,436 K 3028 Task Scheduler Engine Microsoft Corporation (Verified) Microsoft Windows
taskeng.exe  1,060 K 3,888 K 1472 Task Scheduler Engine Microsoft Corporation (Verified) Microsoft Windows
tgsrvc.exe  1,724 K 4,612 K 3692 SupportSoft Repair Service SupportSoft, Inc. (Verified) Consona Corporation
unsecapp.exe  1,140 K 4,324 K 5804 Sink to receive asynchronous callbacks for WMI client application Microsoft Corporation (Verified) Microsoft Windows
wininit.exe  880 K 3,396 K 480 Windows Start-Up Application Microsoft Corporation (Verified) Microsoft Windows
winlogon.exe  2,216 K 5,912 K 564 Windows Logon Application Microsoft Corporation (Verified) Microsoft Windows
WmiPrvSE.exe  4,512 K 7,936 K 5968 WMI Provider Host Microsoft Corporation (Verified) Microsoft Windows
WmiPrvSE.exe  10,352 K 18,376 K 4608 WMI Provider Host Microsoft Corporation (Verified) Microsoft Windows
WSHelper.exe  8,360 K 16,116 K 2612 Wondershare Studio Wondershare (Verified) Wondershare software CO.
WUDFHost.exe  1,604 K 5,260 K 1360 Windows Driver Foundation - User-mode Driver Framework Host Process Microsoft Corporation (Verified) Microsoft Windows
mbamservice.exe < 0.01 268,072 K 161,560 K 3156 Malwarebytes Anti-Malware Malwarebytes (Verified) Malwarebytes Corporation
csrss.exe < 0.01 1,608 K 3,992 K 428 Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows
WmiPrvSE.exe < 0.01 17,984 K 23,128 K 5648 WMI Provider Host Microsoft Corporation (Verified) Microsoft Windows
svchost.exe < 0.01 3,452 K 7,780 K 712 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe < 0.01 4,792 K 12,488 K 928 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe < 0.01 12,416 K 12,376 K 1196 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
OneDrive.exe < 0.01 7,720 K 21,568 K 2660 Microsoft OneDrive Microsoft Corporation (Verified) Microsoft Corporation
EvernoteClipper.exe < 0.01 1,420 K 5,384 K 2732 Evernote Clipper Evernote Corp., 305 Walnut Street, Redwood City, CA 94063 (Verified) EVERNOTE CORPORATION
AvastUI.exe < 0.01 11,848 K 20,536 K 2620 avast! Antivirus AVAST Software (Verified) AVAST Software a.s.
taskhost.exe < 0.01 9,752 K 12,464 K 2052 Host Process for Windows Tasks Microsoft Corporation (Verified) Microsoft Windows
svchost.exe < 0.01 20,336 K 32,272 K 996 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe < 0.01 6,720 K 12,420 K 968 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
CNQMUPDT.EXE 0.01 23,480 K 22,444 K 4948 Canon Quick Menu Updater CANON INC. (Verified) Canon Inc.
svchost.exe 0.01 3,724 K 6,948 K 800 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
wmpnetwk.exe 0.01 12,296 K 10,520 K 4400 Windows Media Player Network Sharing Service Microsoft Corporation (Verified) Microsoft Windows
CCleaner.exe 0.01 6,876 K 3,452 K 3236 CCleaner Piriform Ltd (Verified) Piriform Ltd
SearchIndexer.exe 0.02 29,436 K 13,100 K 2324 Microsoft Windows Search Indexer Microsoft Corporation (Verified) Microsoft Windows
QBCFMonitorService.exe 0.02 11,728 K 11,524 K 3404 QuickBooks Company File Monitoring Service Intuit (No signature was present in the subject) Intuit
svchost.exe 0.05 5,028 K 9,992 K 1876 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
explorer.exe 0.07 38,644 K 61,120 K 2224 Windows Explorer Microsoft Corporation (Verified) Microsoft Windows
AvastSvc.exe 0.08 70,880 K 41,284 K 1256 avast! Service AVAST Software (Verified) AVAST Software a.s.
GarminService.exe 0.15 32,732 K 50,616 K 1980 Garmin Service Garmin Ltd. or its subsidiaries (Verified) Garmin International
csrss.exe 0.16 9,860 K 15,516 K 488 Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows
iexplore.exe 0.29 15,296 K 34,392 K 4068 Internet Explorer Microsoft Corporation (Verified) Microsoft Corporation
mbam.exe 0.31 26,220 K 46,380 K 3472 Malwarebytes Anti-Malware Malwarebytes (Verified) Malwarebytes Corporation
Interrupts 0.62 0 K 0 K n/a Hardware Interrupts and DPCs
System 0.84 60 K 1,888 K 4
dwm.exe 1.19 29,448 K 59,820 K 2188 Desktop Window Manager Microsoft Corporation (Verified) Microsoft Windows
iexplore.exe 1.73 116,400 K 157,292 K 4060 Internet Explorer Microsoft Corporation (Verified) Microsoft Corporation
procexp.exe 3.13 24,376 K 47,548 K 2916 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation
System Idle Process 91.29 0 K 24 K 0

#14
RKinner

Posted 01 July 2016 - 01:23 PM

Malware Expert

Expert
24,625 posts

The second Process Explorer log looks pretty good. The first one had an svchost eating up a lot of CPU but this time it looks good.

How is it running now? Any faster to start up IE & Mail?

#15
70delboy

Posted 03 July 2016 - 08:01 AM

Member

Topic Starter
Member
165 posts

Hi RKinner

Sorry for delay in replying.

It does seem a bit quicker ie the time it takes before allowing IE or Mail to be used has improved, but there is still a noticeable delay of a few minutes.

Is this something I must live with?

I take it that there is nothing nasty which may be causing this?

delboy