Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Random lockups and long startup time for IE and Mail


  • Please log in to reply

#1
70delboy

70delboy

    Member

  • Member
  • PipPipPip
  • 147 posts

Hi

I have noticed for some time that all is not well with my computer. By this I mean that sometimes it can take up to 20 or 30 minutes to allow IE or Mail to open.  During this wait the desktop is shown normally and if I open Task Manager I can see CPU usage is stuck at 100%.

Eventually I will be able to open IE and start to use it but often it will freeze (eg 'MSN is nor responding' message) a couple of times before being useable.

Even after these events the computer still performs rather slowly on Google searches for instance.

I noticed WSHelper in Task Manager which I think means WonderShare has been loaded - not deliberately.

 

Can you help?

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 28-06-2016

Ran by Del (administrator) on DEL-PC (28-06-2016 19:07:50)
Running from C:\Users\Del\Desktop
Loaded Profiles: Del (Available Profiles: Del & Yvonne)
Platform: Microsoft Windows 7 Home Premium  Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Garmin Ltd. or its subsidiaries) C:\Program Files\Garmin\Device Interaction Service\GarminService.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Sony Corporation) C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe
(CANON INC.) C:\Program Files\Canon\Quick Menu\CNQMMAIN.EXE
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Wondershare) C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Malwarebytes) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files\Evernote\Evernote\EvernoteClipper.exe
(SourceForge.net) C:\Program Files\Password Safe\pwsafe.exe
(Malwarebytes) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(Sony Corporation) C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe
(Intuit) C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
(SupportSoft, Inc.) C:\Program Files\Common Files\SupportSoft\bin\consrcclient.exe
(SupportSoft, Inc.) C:\Program Files\O2LAS\bin\tgsrvc.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(CANON INC.) C:\Program Files\Canon\Quick Menu\CNQMUPDT.EXE
(CANON INC.) C:\Program Files\Canon\Quick Menu\CNQMSWCS.EXE
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Samsung Electronics.) C:\Program Files\Samsung\Samsung Magician\Samsung Magician.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe
(Dell Inc.) C:\Program Files\Dell Update\DellUpService.exe
(Dell Inc.) C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
(Dell Inc.) C:\Program Files\Dell Update\DellUpTray.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVault.exe
(PC-Doctor, Inc.) C:\Program Files\Dell\SupportAssist\uaclauncher.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Windows Live\Mail\wlmail.exe
(Microsoft Corporation) C:\Program Files\Windows Live\Contacts\wlcomm.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59240 2011-09-27] (Apple Inc.)
HKLM\...\Run: [PMBVolumeWatcher] => C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe [651832 2011-08-24] (Sony Corporation)
HKLM\...\Run: [CanonQuickMenu] => C:\Program Files\Canon\Quick Menu\CNQMMAIN.EXE [1285704 2014-08-08] (CANON INC.)
HKLM\...\Run: [SpeedZooka Scheduler] => C:\Program Files\SpeedZooka\SpeedZookaScheduler.exe
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [981688 2015-04-30] (Microsoft Corporation)
HKLM\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2072928 2014-10-31] (Wondershare)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7408312 2016-06-27] (AVAST Software)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [596504 2016-04-01] (Oracle Corporation)
HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox]  <==== ATTENTION
HKU\S-1-5-21-2568410734-3031030142-1223416489-1001\...\Run: [GarminExpressTrayApp] => "C:\Program Files\Garmin\Express Tray\ExpressTray.exe"
HKU\S-1-5-21-2568410734-3031030142-1223416489-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [6690008 2016-05-13] (Piriform Ltd)
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files\Garmin\Express Tray\tray.exe [1010008 2015-04-08] (Garmin Ltd. or its subsidiaries)
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [280576 2013-11-01] (Microsoft Corporation)
AppInit_DLLs: C:\PROGRA~1\Sophos\SOPHOS~1\sophos_detoured.dll => No File
AppInit_DLLs: LL => No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2016-05-09] (AVAST Software)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk [2009-11-29]
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
Startup: C:\Users\Del\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk [2015-08-24]
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
Startup: C:\Users\Del\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Password Safe.lnk [2016-06-16]
ShortcutTarget: Password Safe.lnk -> C:\Program Files\Password Safe\pwsafe.exe (SourceForge.net)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{07EB6271-F601-432E-A97D-49E29996489E}: [DhcpNameServer] 192.168.1.254
 
Internet Explorer:
==================
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2568410734-3031030142-1223416489-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2568410734-3031030142-1223416489-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.co.uk/
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001 -> 400E6695BB724B18BB5774F9B7E4317E URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
SearchScopes: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2014-07-07] (CANON INC.)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_91\bin\ssv.dll [2016-05-25] (Oracle Corporation)
BHO: Advertising Cookie Opt-out -> {8E425EB4-ADBD-4816-B1E8-49BB9DECF034} -> C:\Program Files\Google\Advertising Cookie Opt-out\opt_out.dll [2013-01-10] (Google Inc)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-05-09] (AVAST Software)
BHO: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22] (Microsoft Corporation)
BHO: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files\Evernote\Evernote\EvernoteIE.dll [2015-12-01] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-28] (Google Inc.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-05-25] (Oracle Corporation)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2014-07-07] (CANON INC.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-28] (Google Inc.)
Toolbar: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001 -> Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2014-07-07] (CANON INC.)
Toolbar: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-28] (Google Inc.)
DPF: {01113300-3E00-11D2-8470-0060089874ED} hxxp://ias.broadband.o2.co.uk/sdccommon/download/tgctlcm.cab
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {0A43D7AC-D6C1-4622-B309-BF975F427C0E} hxxps://internetbankingplus1.firstdirect.com/ibplus/frontdoorFD.cab
DPF: {4E62C4DE-627D-4604-B157-4B7D6B09F02E} hxxps://moneymanager.egg.com/Pinsafe/accounttracking.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: intu-help-qb3 - {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - C:\Program Files\Intuit\QuickBooks 2010\HelpAsyncPluggableProtocol.dll [2013-02-02] (Intuit, Inc.)
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\system32\mscoree.dll [2010-11-05] (Microsoft Corporation)
 
FireFox:
========
FF Plugin: @canon.com/EPPEX -> C:\Program Files\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll [2011-11-30] (CANON INC.)
FF Plugin: @garmin.com/GpsControl -> C:\Program Files\Garmin GPS Plugin\npGarmin.dll [2013-10-09] (GARMIN Corp.)
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-05-25] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-05-25] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2009-07-10] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-05-27] (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Users\Del\AppData\Roaming\Mozilla\Extensions\[email protected]
FF Extension: Games by 7Go - C:\Users\Del\AppData\Roaming\Mozilla\Extensions\[email protected] [2013-09-18] [not signed]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-05-09]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: Avast SafePrice - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-05-09]
FF HKU\S-1-5-21-2568410734-3031030142-1223416489-1001\...\Firefox\Extensions: [[email protected]] - C:\Users\Del\AppData\Roaming\Mozilla\Extensions\[email protected]
 
Chrome: 
=======
CHR StartupUrls: Default -> "hxxp://www.google.com/" 
CHR Profile: C:\Users\Del\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Del\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-04-14]
CHR Extension: (Google Docs) - C:\Users\Del\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-04-14]
CHR Extension: (Google Drive) - C:\Users\Del\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-04-14]
CHR Extension: (YouTube) - C:\Users\Del\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-04-14]
CHR Extension: (Google Search) - C:\Users\Del\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-04-14]
CHR Extension: (Google Sheets) - C:\Users\Del\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-04-14]
CHR Extension: (Google Wallet) - C:\Users\Del\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-04-14]
CHR Extension: (Gmail) - C:\Users\Del\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-14]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [243296 2016-05-09] (AVAST Software)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4422704 2016-05-09] (Avast Software)
R2 DellDataVault; C:\Program Files\Dell\DellDataVault\DellDataVault.exe [1958648 2016-03-11] (Dell Inc.)
R2 DellDataVaultWiz; C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe [185080 2016-03-11] (Dell Inc.)
R2 DellUpdate; C:\Program Files\Dell Update\DellUpService.exe [237272 2015-08-27] (Dell Inc.)
R2 Garmin Device Interaction Service; C:\Program Files\Garmin\Device Interaction Service\GarminService.exe [708616 2015-04-08] (Garmin Ltd. or its subsidiaries)
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2015-04-30] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [284504 2015-04-30] (Microsoft Corporation)
R2 QBCFMonitorService; c:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [45056 2013-02-02] (Intuit) [File not signed]
S3 QBFCService; c:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [61440 2009-07-23] (Intuit Inc.) [File not signed]
R2 SupportAssistAgent; C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [31928 2016-04-22] (Dell Inc.)
R2 SupportSoft Remote Control Client; C:\Program Files\Common Files\supportsoft\bin\consrcclient.exe [2080272 2012-11-06] (SupportSoft, Inc.)
R2 tgsrvc_o2las; C:\Program Files\O2LAS\bin\tgsrvc.exe [213008 2012-11-06] (SupportSoft, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
S2 Seagate Sync Service; "C:\Program Files\Seagate\Sync\SeaSyncServices.exe" [X]
S3 WsDrvInst; "C:\Program Files\Wondershare\MobileTrans\DriverInstall.exe" [X]
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [32792 2016-05-09] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [35096 2016-05-09] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [91168 2016-05-09] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [91232 2016-05-09] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [58776 2016-05-09] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [815792 2016-05-09] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [449640 2016-05-09] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [124808 2016-05-09] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [221368 2016-05-09] (AVAST Software)
R3 DDDriver; C:\Windows\System32\drivers\DDDriver32Dcsa.sys [29400 2015-09-11] (Dell Computer Corporation)
R3 DellProf; C:\Windows\System32\drivers\DellProf.sys [22192 2015-05-22] (Dell Computer Corporation)
S3 FreshIO; C:\Program Files\FreshDevices\FreshDiagnose\FreshIO.sys [2410 2004-10-26] () [File not signed]
R0 giveio; C:\Windows\System32\giveio.sys [5248 1996-04-03] () [File not signed]
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [24448 2016-03-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [170200 2016-06-28] (Malwarebytes)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [53120 2016-03-10] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [245096 2015-03-04] (Microsoft Corporation)
R0 ngvss; C:\Windows\system32\Drivers\ngvss.sys [136432 2016-05-09] (AVAST Software)
S3 PSSDK42; C:\Windows\system32\Drivers\pssdk42.sys [38976 2015-03-26] (microOLAP Technologies LTD)
S3 PSSDKLBF; C:\Windows\system32\Drivers\pssdklbf.sys [53312 2015-03-26] (microOLAP Technologies LTD)
R0 pwdrvio; C:\Windows\System32\pwdrvio.sys [15688 2013-09-30] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [10320 2013-09-30] ()
S3 RapportIaso; c:\programdata\trusteer\rapport\store\exts\rapportms\baseline\rapportiaso.sys [21520 2012-06-30] (Trusteer Ltd.)
S3 silabenm; C:\Windows\System32\DRIVERS\silabenm.sys [47176 2010-07-28] (Silicon Laboratories)
S3 silabser; C:\Windows\System32\DRIVERS\silabser.sys [58112 2010-07-28] (Silicon Laboratories)
R0 speedfan; C:\Windows\System32\speedfan.sys [25240 2011-03-18] (Almico Software)
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [262984 2016-05-09] (Avast Software)
R3 vncmirror; C:\Windows\System32\DRIVERS\vncmirror.sys [4608 2011-05-31] (RealVNC Ltd.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-06-28 19:07 - 2016-06-28 19:08 - 00020074 _____ C:\Users\Del\Desktop\FRST.txt
2016-06-28 19:07 - 2016-06-28 19:07 - 00000000 ____D C:\FRST
2016-06-28 19:06 - 2016-06-28 19:07 - 01740288 _____ (Farbar) C:\Users\Del\Desktop\FRST.exe
2016-06-28 07:34 - 2016-06-28 07:34 - 00000000 ___HD C:\OneDriveTemp
2016-06-16 19:21 - 2016-06-16 19:50 - 00000000 ____D C:\Users\Del\Documents\My Safes
2016-06-16 19:20 - 2016-06-28 07:34 - 00000000 ____D C:\Users\Del\AppData\Local\PasswordSafe
2016-06-16 19:19 - 2016-06-16 19:19 - 00000994 _____ C:\Users\Del\Desktop\Password Safe.lnk
2016-06-16 19:19 - 2016-06-16 19:19 - 00000000 ____D C:\Users\Del\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Password Safe
2016-06-16 19:19 - 2016-06-16 19:19 - 00000000 ____D C:\Program Files\Password Safe
2016-06-15 09:18 - 2016-06-28 07:35 - 00299574 _____ C:\Windows\ntbtlog.txt
2016-05-29 22:13 - 2016-05-29 22:14 - 06893688 _____ (Piriform Ltd) C:\Users\Del\Desktop\ccsetup518.exe
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-06-28 18:40 - 2011-06-20 19:29 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-06-28 18:12 - 2009-07-14 05:34 - 00015152 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-06-28 18:12 - 2009-07-14 05:34 - 00015152 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-06-28 07:40 - 2009-11-27 15:00 - 00782470 _____ C:\Windows\system32\PerfStringBackup.INI
2016-06-28 07:40 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\inf
2016-06-28 07:35 - 2015-01-25 12:07 - 00170200 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-06-28 07:34 - 2014-06-25 19:24 - 00000000 ___RD C:\Users\Del\OneDrive
2016-06-28 07:34 - 2009-07-14 05:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-06-19 18:25 - 2009-12-02 13:37 - 00007615 _____ C:\Users\Del\AppData\Local\Resmon.ResmonCfg
2016-06-15 21:40 - 2009-11-27 15:13 - 00400040 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2016-06-12 09:20 - 2011-10-17 19:20 - 00000000 ____D C:\Program Files\SpeedFan
2016-06-04 16:47 - 2015-02-05 20:13 - 00000000 ____D C:\ProgramData\CanonIJPLM
2016-06-02 18:55 - 2016-02-25 15:18 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-05-29 22:15 - 2013-09-17 20:13 - 00000971 _____ C:\Users\Public\Desktop\CCleaner.lnk
 
==================== Files in the root of some directories =======
 
2009-12-02 13:37 - 2016-06-19 18:25 - 0007615 _____ () C:\Users\Del\AppData\Local\Resmon.ResmonCfg
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-06-27 10:18
 
==================== End of FRST.txt ============================
 
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 28-06-2016
Ran by Del (2016-06-28 19:08:15)
Running from C:\Users\Del\Desktop
Microsoft Windows 7 Home Premium  Service Pack 1 (X86) (2009-11-27 13:56:13)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2568410734-3031030142-1223416489-500 - Administrator - Disabled)
Del (S-1-5-21-2568410734-3031030142-1223416489-1001 - Administrator - Enabled) => C:\Users\Del
Guest (S-1-5-21-2568410734-3031030142-1223416489-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2568410734-3031030142-1223416489-1016 - Limited - Enabled)
SophosSAUDEL-PC0 (S-1-5-21-2568410734-3031030142-1223416489-1023 - Limited - Enabled)
Yvonne (S-1-5-21-2568410734-3031030142-1223416489-1008 - Limited - Enabled) => C:\Users\Yvonne
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Microsoft Security Essentials (Disabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Microsoft Security Essentials (Disabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Acrobat Reader DC (HKLM\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.016.20045 - Adobe Systems Incorporated)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 21.0.0.198 - Adobe Systems Incorporated)
Adobe Flash Player 21 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 21.0.0.242 - Adobe Systems Incorporated)
ANT Drivers Installer x86 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Apple Application Support (HKLM\...\{A83279FD-CA4B-4206-9535-90974DE76654}) (Version: 2.1.5 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Auslogics DiskDefrag (HKLM\...\{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1) (Version: 5.4.0.0 - Auslogics Labs Pty Ltd)
Avast Free Antivirus (HKLM\...\Avast) (Version: 11.2.2262 - AVAST Software)
Blueline 1.1.1 (HKLM\...\Blueline_is1) (Version:  - )
Canon Easy-WebPrint EX (HKLM\...\Easy-WebPrint EX) (Version: 1.5.0.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM\...\Canon_IJ_Scan_Utility) (Version: 1.1.10.15 - Canon Inc.)
Canon Inkjet Printer Driver Add-On Module (HKLM\...\CANONIJINBOXADDON100) (Version:  - )
Canon MG7500 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG7500_series) (Version: 1.00 - Canon Inc.)
Canon MG7500 series On-screen Manual (HKLM\...\Canon MG7500 series On-screen Manual) (Version: 7.7.1 - Canon Inc.)
Canon MG7500 series User Registration (HKLM\...\Canon MG7500 series User Registration) (Version:  - ‭Canon Inc.)
Canon My Image Garden (HKLM\...\Canon My Image Garden) (Version: 3.1.1 - Canon Inc.)
Canon My Image Garden Design Files (HKLM\...\Canon My Image Garden Design Files) (Version: 3.1.0 - Canon Inc.)
Canon My Printer (HKLM\...\CanonMyPrinter) (Version: 3.2.1 - Canon Inc.)
Canon Quick Menu (HKLM\...\CanonQuickMenu) (Version: 2.5.0 - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.18 - Piriform)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
CPUID CPU-Z 1.72 (HKLM\...\CPUID CPU-Z_is1) (Version:  - )
Dell Data Vault (Version: 4.3.8.0 - Dell Inc.) Hidden
Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 1.2.6793.01 - Dell)
Dell SupportAssistAgent (HKLM\...\{3ED468C2-2235-4747-90AD-A7A34F0FE70A}) (Version: 1.2.2.8 - Dell)
Dell System Detect - 1  (HKU\S-1-5-21-2568410734-3031030142-1223416489-1001\...\73f463568823ebbe) (Version: 6.0.0.18 - Dell)
Dell Update (HKLM\...\{DB82968B-57A4-4397-81A5-ECAB21B5DFCD}) (Version: 1.7.1015.0 - Dell Inc.)
Digital Advertising Alliance Protect My Choices (Beta) (HKLM\...\{F0BF9C38-5639-4F0F-A818-AEA288C0A96E}) (Version: 1.2.0.0 - Digital Advertising Alliance)
Elevated Installer (Version: 4.0.15.0 - Garmin Ltd or its subsidiaries) Hidden
Epson Copy Utility 3.5 (HKLM\...\{AA72FB28-73B4-49E5-B6B4-E78F44BBD0AD}) (Version: 3.5.0.0 - )
EPSON TWAIN 5 (HKLM\...\{254BEB3E-1085-4D66-9CDC-0152C0DC2E93}) (Version: 5.71.0000 - SEIKO EPSON Corp.)
Evernote v. 5.9.6 (HKLM\...\{A542D366-9877-11E5-B101-005056951CAD}) (Version: 5.9.6.9494 - Evernote Corp.)
FreshDiagnose (HKLM\...\FreshDevices - FreshDiagnose_is1) (Version:  - )
Garmin Communicator Plugin (HKLM\...\{032A13FF-D26D-4844-9597-7EF698627985}) (Version: 4.1.0 - Garmin Ltd or its subsidiaries)
Garmin Express (HKLM\...\{50755d67-ae60-4e47-b3d6-ce44d01b5a95}) (Version: 4.0.15.0 - Garmin Ltd or its subsidiaries)
Garmin Express (Version: 4.0.15.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (Version: 4.0.15.0 - Garmin Ltd or its subsidiaries) Hidden
Google Advertising Cookie Opt-out (HKLM\...\{D1A87CF6-1DFD-470D-800A-CDC1CE5F7E54}) (Version: 1.0.1.0 - Google Inc)
Google Earth Plug-in (HKLM\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.7619.1252 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.30.3 - Google Inc.) Hidden
Hawke BRC 1.0.9 (HKLM\...\{44F2B651-A86A-4B6C-8563-07B66F00F8F8}_is1) (Version:  - Hawke Sport Optics)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1930 - Intel Corporation)
Intel® Processor Identification Utility (HKLM\...\{A92A4DB0-CD37-42D1-BE1D-603D53C24328}) (Version: 1.0.0.0 - Intel Corporation)
Intel® TV Wizard (HKLM\...\TVWiz) (Version:  - Intel Corporation)
Intel® Driver Update Utility (HKLM\...\{8409c4f7-2340-4933-a304-5d37db4fb48b}) (Version: 2.0.0.29 - Intel)
Japanese Fonts Support For Adobe Reader 9 (HKLM\...\{AC76BA86-7AD7-5760-0000-900000000003}) (Version: 9.0.0 - Adobe Systems Incorporated)
Java 8 Update 91 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218091F0}) (Version: 8.0.910.14 - Oracle Corporation)
Junk Mail filter update (Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft Office 2000 Professional (HKLM\...\{00010409-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.2720 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2568410734-3031030142-1223416489-1001\...\OneDriveSetup.exe) (Version: 17.3.6390.0509 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (HKLM\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
MiniTool Partition Wizard Free 9.0 (HKLM\...\{05D996FA-ADCB-4D23-BA3C-A7C184A8FAC6}_is1) (Version:  - MiniTool Solution Ltd.)
MotoCalc 8.07 (HKLM\...\MotoCalc 8_is1) (Version:  - Capable Computing, Inc.)
MSXML 4.0 SP2 Parser and SDK (HKLM\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
O2 BB Assisted Controls V2 (HKLM\...\{B0F51838-4AF7-4784-88DD-C86D7D8AF804}) (Version: 1 - SupportSoft)
P&O Cruises Live Ship Tracker (HKLM\...\com.pocruises.LiveShipTracker.A0C66AABAFAD54D5C6C22F9F89EA0FC11C49AF59.1) (Version: 1.3.15 - Carnival plc)
P&O Cruises Live Ship Tracker (Version: 1.3.15 - Carnival plc) Hidden
Password Safe (HKLM\...\Password Safe) (Version:  - )
PMB (HKLM\...\{B6A98E5F-D6A7-46FB-9E9D-1F7BF443491C}) (Version: 5.8.02.10270 - Sony Corporation)
QuickBooks (Version: 20.0.4017.807 - Intuit Inc.) Hidden
QuickBooks Simple Start 2010 Free Edition (HKLM\...\{0700E22B-A419-40A5-BD20-04BF618CA0F9}) (Version: 20.0.4017.807 - Intuit Inc.)
QuickTime 7 (HKLM\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
RC Plane Master (HKLM\...\RC Plane Master) (Version:  - )
Remote Keyboard Lite (HKLM\...\{7C621473-99FD-4800-B2F5-4F390AA46E0C}) (Version: 1.2.0.09270 - Sony Corporation)
Remote Keyboard Lite (Version: 1.2.0.09270 - Sony Corporation) Hidden
SafeZone Stable 1.48.2066.101 (Version: 1.48.2066.101 - Avast Software) Hidden
Samsung Data Migration (HKLM\...\{D4DE3DB4-7734-47E5-8D92-B80146311406}) (Version: 2.7 - Samsung)
Samsung Magician (HKLM\...\{29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1) (Version: 4.5.1 - Samsung Electronics)
Silicon Laboratories CP210x VCP Drivers for Windows XP/2003 Server/Vista/7 (HKLM\...\{EFC7DF4A-D0A1-4622-9104-10D8D2B5C82B}) (Version: 6.1.00 - Silicon Laboratories, Inc.)
Speccy (HKLM\...\Speccy) (Version: 1.28 - Piriform)
SpeedFan (remove only) (HKLM\...\SpeedFan) (Version:  - )
Supportsoft Mirror Driver 1.8.0 (HKLM\...\ConsMirror_is1) (Version: 1.8.0 - Consona.)
Supportsoft Printer Driver 1.7.0 (HKLM\...\ConsPrinter_is1) (Version: 1.7.0 - Consona.)
TreeSize Free V3.3.2 (HKLM\...\TreeSize Free_is1) (Version: 3.3.2 - JAM Software)
VirusTotal Uploader 2.2 (HKLM\...\VTUploader) (Version:  - )
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB  (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live Sign-in Assistant (HKLM\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Sync (HKLM\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live Upload Tool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001_Classes\CLSID\{05EC5C13-D255-4592-9CCB-98615172F0D6}\InprocServer32 -> c:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001_Classes\CLSID\{0ADF9C35-0D5E-4B75-88DD-B64868907E17}\InprocServer32 -> c:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001_Classes\CLSID\{123FAF7F-3FB1-4B8F-AD18-0047401D436A}\InprocServer32 -> c:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001_Classes\CLSID\{162C6FB5-44D3-435B-903D-E613FA093FB5}\InprocServer32 -> C:\Users\Del\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\FileCoAuthLib.dll ()
CustomCLSID: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001_Classes\CLSID\{37A2FC00-1795-4679-94A3-A153F1A8BB54}\InprocServer32 -> c:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001_Classes\CLSID\{37A2FC02-1795-4679-94A3-A153F1A8BB54}\InprocServer32 -> c:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001_Classes\CLSID\{4716D3CE-55DB-4D2A-818C-87D912895890}\InprocServer32 -> c:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001_Classes\CLSID\{4844F3F7-2161-4AC4-B219-B3B4311782AA}\InprocServer32 -> c:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001_Classes\CLSID\{4A56F19E-9F50-4F43-93C8-050E44AA83A9}\InprocServer32 -> c:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001_Classes\CLSID\{4E5E74B5-8EB5-4859-A335-837EED412620}\InprocServer32 -> c:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001_Classes\CLSID\{5428A9ED-6CD8-11D6-9C8A-0001023DCAA2}\InprocServer32 -> c:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001_Classes\CLSID\{547C8F00-5567-4AE3-8BB0-CC3CE2AB9070}\InprocServer32 -> c:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001_Classes\CLSID\{57D590F1-91EB-44CE-8088-AE4AE19D30A1}\InprocServer32 -> c:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001_Classes\CLSID\{596801D8-2C9D-4627-9C67-195CB81B655A}\InprocServer32 -> c:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001_Classes\CLSID\{5B7331FA-8910-4748-A8A4-60B445041F28}\InprocServer32 -> c:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001_Classes\CLSID\{5ED8AC89-B2DE-476D-8EEA-E170B2FCB058}\InprocServer32 -> c:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001_Classes\CLSID\{7694F1CD-A55B-4B7C-8820-A90892EB4E9E}\InprocServer32 -> c:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001_Classes\CLSID\{7DBF8260-30AD-4D1B-876A-8032B87B809F}\InprocServer32 -> c:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001_Classes\CLSID\{810CADD9-2658-4820-BA95-30199625191E}\localserver32 -> C:\Program Files\Intuit\QuickBooks 2010\qbw32.exe (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001_Classes\CLSID\{828E5386-74CF-4019-B356-C857CD028A7D}\InprocServer32 -> c:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001_Classes\CLSID\{82CC31B3-53B4-4161-A4E9-6B4F1290A6C8}\InprocServer32 -> c:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001_Classes\CLSID\{8572570D-12D9-4F2C-8BB8-EB8848178B94}\InprocServer32 -> c:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001_Classes\CLSID\{8E590317-1329-11D1-B70B-00805F29CD16}\localserver32 -> C:\Program Files\Intuit\QuickBooks 2010\qbw32.exe (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001_Classes\CLSID\{8FEDE364-AB37-4551-80C9-6D468E222AB2}\InprocServer32 -> c:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001_Classes\CLSID\{9D9B61F2-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> c:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001_Classes\CLSID\{9D9B61F3-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> c:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001_Classes\CLSID\{9D9B61F4-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> c:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001_Classes\CLSID\{9D9B61F5-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> c:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001_Classes\CLSID\{9D9B61F6-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> c:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001_Classes\CLSID\{9D9B61F7-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> c:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001_Classes\CLSID\{A63E42D0-9C63-47B5-ABF2-0C839EC20778}\InprocServer32 -> c:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001_Classes\CLSID\{A63E42D2-9C63-47B5-ABF2-0C839EC20778}\InprocServer32 -> c:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001_Classes\CLSID\{AF5E0A13-CEAB-47CE-991D-77E82CD1BF3F}\InprocServer32 -> c:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001_Classes\CLSID\{B10BFAC3-EFF1-40D9-ADA0-BEBE037C24CA}\InprocServer32 -> c:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001_Classes\CLSID\{B66F2BF1-91EB-44CE-8088-AE4AE19D30A1}\InprocServer32 -> c:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001_Classes\CLSID\{D14FD6B3-6A9F-4537-9460-07B836707127}\InprocServer32 -> c:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001_Classes\CLSID\{D4A12AAF-E15E-470B-A6B6-63032186F91F}\InprocServer32 -> c:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001_Classes\CLSID\{D9B9C060-0954-11D3-9E07-00104BD2BE34}\InprocServer32 -> c:\Program Files\Common Files\Intuit\QuickBooks\ViewSource.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001_Classes\CLSID\{D9BC6F81-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> c:\Program Files\Common Files\Intuit\QuickBooks\cominifile.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001_Classes\CLSID\{D9BC6F84-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> c:\Program Files\Common Files\Intuit\QuickBooks\cominifile.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001_Classes\CLSID\{D9BC6F87-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> c:\Program Files\Common Files\Intuit\QuickBooks\cominifile.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001_Classes\CLSID\{D9BC6FA1-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> c:\Program Files\Common Files\Intuit\QuickBooks\GraphSeriesCol.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001_Classes\CLSID\{D9BC6FA6-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> c:\Program Files\Common Files\Intuit\QuickBooks\GraphSeriesCol.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001_Classes\CLSID\{D9BC6FB2-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> c:\Program Files\Common Files\Intuit\QuickBooks\StorageClasses.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001_Classes\CLSID\{DCB2B478-EFF6-48F6-B718-13E98876854E}\InprocServer32 -> c:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001_Classes\CLSID\{DFD0AF10-B86C-4AF3-B609-1348D513E565}\InprocServer32 -> c:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001_Classes\CLSID\{E1A173E1-D957-4C3E-A098-43756A3DB454}\InprocServer32 -> c:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001_Classes\CLSID\{E1A173E3-D957-4C3E-A098-43756A3DB454}\InprocServer32 -> c:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001_Classes\CLSID\{EADA914E-5B08-4E85-8440-5A087504DF87}\InprocServer32 -> c:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001_Classes\CLSID\{EAEF733D-5B08-4E85-8440-5A087504DF87}\InprocServer32 -> c:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001_Classes\CLSID\{F2C593CC-74B2-4F71-8556-DD4D426D0409}\InprocServer32 -> c:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001_Classes\CLSID\{FAC93D42-FFC2-11d1-9DEB-0008C7A08EBA}\localserver32 -> C:\Program Files\Intuit\QuickBooks 2010\qbw32.exe (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001_Classes\CLSID\{FB17915F-06D1-4214-A902-CC5EE05186E9}\InprocServer32 -> c:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {164C059B-1EB3-47D0-A107-7E700F508F57} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\Dell\SupportAssist\uaclauncher.exe [2016-03-24] (PC-Doctor, Inc.)
Task: {2BD69B71-B84A-4531-BF0D-2B5FED4B4043} - System32\Tasks\SpeedFixToolPro_Popup => C:\Program Files\Speed Fix Tool Pro\Splash.exe
Task: {381C4D86-47CF-4802-9296-742570C447F8} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-04-22] (Adobe Systems Incorporated)
Task: {4220E91D-159A-40F3-BF52-F11C873327DD} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {6700FFF6-E4FA-4E2A-85BF-CEF4A252A8CD} - System32\Tasks\SamsungMagician => C:\Program Files\Samsung\Samsung Magician\Samsung Magician.exe [2014-09-28] (Samsung Electronics.)
Task: {7EE8B7F1-56B0-4094-A031-B182E86FCB34} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2016-06-02] (AVAST Software)
Task: {8F6481E2-81DA-4183-B2EA-B97786166D04} - System32\Tasks\SystemToolsDailyTest-Retry => uaclauncher.exe
Task: {9B62277F-FE5D-41CB-8BB5-47B3E4E768B6} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-05-09] (AVAST Software)
Task: {A0BE39EA-1F57-4271-8B9D-2DE89B277B2E} - System32\Tasks\PCDDataUploadTask => uaclauncher.exe
Task: {A919F893-4B86-4251-8158-370AFBF29525} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {C3D75BFF-B14D-4DCA-AABF-226CA81E5EE5} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\Dell\SupportAssist\sessionchecker.exe [2016-03-24] (PC-Doctor, Inc.)
Task: {D0A19339-A8A1-48F8-80BB-9DE76C86463A} - System32\Tasks\GarminUpdaterTask => C:\Program Files\Garmin\Express Self Updater\ExpressSelfUpdater.exe
Task: {E66E2604-3592-490E-BDD4-599480532A2B} - System32\Tasks\SafeZone scheduled Autoupdate 1458723209 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2016-04-15] (Avast Software)
Task: {E66F3A92-1D1D-4E42-9FAE-4AB2A6B6436C} - System32\Tasks\SpeedFixToolPro_Start => C:\Program Files\Speed Fix Tool Pro\SpeedFixToolPro.exe
Task: {EE190C43-E582-4733-80C6-79372FFD854E} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssist.exe [2016-04-22] (Dell Inc.)
Task: {FBE2BA1B-8D87-47DC-9C89-73F36FC0D02D} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-05-13] (Piriform Ltd)
Task: {FC730A38-A49E-4B31-BF8B-49D8E77E2D17} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
==================== Loaded Modules (Whitelisted) ==============
 
2016-05-09 18:18 - 2016-05-09 18:18 - 00123344 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2016-05-09 18:18 - 2016-05-09 18:18 - 00135816 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2016-06-27 20:50 - 2016-06-27 20:50 - 02948608 _____ () C:\Program Files\AVAST Software\Avast\defs\16062701\algo.dll
2016-05-09 18:18 - 2016-05-09 18:18 - 00309912 _____ () C:\Program Files\AVAST Software\Avast\browser_pass.dll
2016-05-09 18:18 - 2016-05-09 18:18 - 00479680 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2016-06-28 11:34 - 2016-06-28 11:34 - 02944512 _____ () C:\Program Files\AVAST Software\Avast\defs\16062800\algo.dll
2013-11-06 09:41 - 2012-02-01 18:09 - 00026112 _____ () C:\Windows\System32\VNCpm.dll
2016-05-23 20:42 - 2016-05-23 20:42 - 00679624 _____ () C:\Users\Del\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\ClientTelemetry.dll
2016-02-13 16:28 - 2014-10-31 17:37 - 01498112 _____ () C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\DAQExp.dll
2016-02-13 16:28 - 2014-05-19 18:19 - 00137728 _____ () C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\CBSCreateVC.dll
2016-03-14 17:33 - 2016-03-14 17:33 - 40539648 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2015-12-01 16:37 - 2015-12-01 16:37 - 00439504 _____ () C:\Program Files\Evernote\Evernote\libxml2.dll
2015-12-01 16:37 - 2015-12-01 16:37 - 00321232 _____ () C:\Program Files\Evernote\Evernote\libtidy.dll
2015-04-29 13:49 - 2014-09-28 17:59 - 00019872 _____ () C:\Program Files\Samsung\Samsung Magician\SAMSUNG_SSD.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Users\Del\Desktop\passport  Y.jpeg:3or4kl4x13tuuug3Byamue2s4b [87]
AlternateDataStreams: C:\Users\Yvonne\Desktop\specs.jpeg:3or4kl4x13tuuug3Byamue2s4b [87]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\38910314.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\38910314.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SprtListen => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SprtListenPush => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SupportSoft Remote Control Client => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001\...\dell.com -> dell.com
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 03:04 - 2013-09-26 17:00 - 00000098 ____A C:\Windows\system32\Drivers\etc\hosts
 
127.0.0.1       localhost
::1       localhost
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2568410734-3031030142-1223416489-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Del\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk => C:\Windows\pss\QuickBooks Update Agent.lnk.CommonStartup
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [WMP-In-UDP-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [WMP-Out-UDP-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [WMP-Out-TCP-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [{E926E57D-011D-4F63-BCC5-FFCFDC28D091}] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [{CE504808-152F-4073-8BB9-0F8E7C4D30C6}] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [{AB3FBA72-52C3-4476-9A38-230DBE05659B}] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [{A8616B58-176D-4754-BFDE-646050AF6178}] => (Allow) C:\Users\Del\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{2094D451-408F-42B5-B104-79CD697DE53F}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{417A793D-7470-4EE0-B25E-9EBF1F6227BE}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
 
==================== Restore Points =========================
 
01-04-2016 22:29:36 Dell Update: eDellRoot Removal
04-04-2016 11:04:39 Windows Update
05-04-2016 09:57:33 Dell Update: eDellRoot Removal
08-04-2016 11:17:41 Dell Update: eDellRoot Removal
11-04-2016 16:06:47 Windows Update
14-04-2016 17:08:23 Dell Update: eDellRoot Removal
17-04-2016 17:13:36 Dell Update: eDellRoot Removal
20-04-2016 09:00:49 Windows Update
20-04-2016 20:14:35 Dell Update: eDellRoot Removal
24-04-2016 14:43:06 Dell Update: eDellRoot Removal
27-04-2016 19:40:46 Windows Update
04-05-2016 11:39:48 Windows Update
04-05-2016 11:39:48 Dell Update: eDellRoot Removal
07-05-2016 13:59:33 Dell Update: eDellRoot Removal
10-05-2016 15:41:56 Dell Update: eDellRoot Removal
10-05-2016 15:42:48 Dell Update: eDellRoot Removal
11-05-2016 14:34:04 Windows Update
13-05-2016 15:42:43 Dell Update: eDellRoot Removal
15-05-2016 19:11:16 Windows Update
17-05-2016 11:38:11 Dell Update: eDellRoot Removal
19-05-2016 18:28:01 Windows Update
20-05-2016 12:13:52 Dell Update: eDellRoot Removal
23-05-2016 16:40:49 Dell Update: eDellRoot Removal
23-05-2016 17:06:56 Windows Update
26-05-2016 19:22:31 Dell Update: eDellRoot Removal
26-05-2016 19:32:13 Dell Update: eDellRoot Removal
26-05-2016 19:36:38 Windows Update
29-05-2016 22:12:43 Dell Update: eDellRoot Removal
30-05-2016 11:43:17 Windows Update
02-06-2016 18:45:13 Dell Update: eDellRoot Removal
04-06-2016 16:49:21 Windows Update
05-06-2016 18:45:17 Dell Update: eDellRoot Removal
10-06-2016 18:32:07 Dell Update: eDellRoot Removal
10-06-2016 19:22:11 Windows Update
13-06-2016 19:09:49 Dell Update: eDellRoot Removal
14-06-2016 18:14:42 Windows Update
16-06-2016 19:09:50 Dell Update: eDellRoot Removal
16-06-2016 19:10:11 Dell Update: eDellRoot Removal
18-06-2016 17:43:07 Windows Update
19-06-2016 22:02:55 Dell Update: eDellRoot Removal
21-06-2016 18:53:06 Windows Update
23-06-2016 11:59:01 Dell Update: eDellRoot Removal
26-06-2016 17:04:18 Dell Update: eDellRoot Removal
26-06-2016 18:59:24 Windows Update
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (06/28/2016 08:20:15 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program iexplore.exe version 11.0.9600.17937 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 1ec0
 
Start Time: 01d1d10d31a846a0
 
Termination Time: 0
 
Application Path: C:\Program Files\Internet Explorer\iexplore.exe
 
Report Id:
 
Error: (06/28/2016 07:40:44 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program iexplore.exe version 11.0.9600.17937 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 574
 
Start Time: 01d1d107dfe65aad
 
Termination Time: 87
 
Application Path: C:\Program Files\Internet Explorer\iexplore.exe
 
Report Id:
 
Error: (06/25/2016 05:44:39 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: CNQMUPDT.EXE, version: 2.5.0.0, time stamp: 0x53c4bba5
Faulting module name: CNMDWLD.DLL, version: 1.0.0.0, time stamp: 0x4f5eedc8
Exception code: 0xc0000005
Fault offset: 0x000023c6
Faulting process id: 0xf9c
Faulting application start time: 0xCNQMUPDT.EXE0
Faulting application path: CNQMUPDT.EXE1
Faulting module path: CNQMUPDT.EXE2
Report Id: CNQMUPDT.EXE3
 
Error: (06/25/2016 05:32:54 PM) (Source: ESENT) (EventID: 490) (User: )
Description: taskhost (2352) WebCacheLocal: An attempt to open the file "C:\Users\Yvonne\AppData\Local\Microsoft\Windows\WebCache\V01.chk" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ".  The open file operation will fail with error -1032 (0xfffffbf8).
 
Error: (06/22/2016 11:28:38 AM) (Source: ESENT) (EventID: 215) (User: )
Description: wlmail (6320) C:\Users\Yvonne\AppData\Local\Microsoft\Windows Live Mail\Calendars\: The backup has been stopped because it was halted by the client or the connection with the client failed.
 
Error: (06/20/2016 09:42:34 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program iexplore.exe version 11.0.9600.17937 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 1fa8
 
Start Time: 01d1cacf8d7b7853
 
Termination Time: 10
 
Application Path: C:\Program Files\Internet Explorer\iexplore.exe
 
Report Id:
 
Error: (06/18/2016 04:44:36 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 11.0.9600.17937, time stamp: 0x55a7f8da
Faulting module name: MSHTML.dll, version: 11.0.9600.17937, time stamp: 0x55a811ac
Exception code: 0xc00000fd
Fault offset: 0x000a9897
Faulting process id: 0x614
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3
 
Error: (06/18/2016 02:54:35 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program wlmail.exe version 14.0.8089.726 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 1640
 
Start Time: 01d1c968cabfee7d
 
Termination Time: 16
 
Application Path: C:\Program Files\Windows Live\Mail\wlmail.exe
 
Report Id: 2923de1c-355c-11e6-bce6-0024e811b7db
 
Error: (06/17/2016 10:23:31 PM) (Source: DellUpdate) (EventID: 0) (User: )
Description: Failed in handling the PowerEvent. The error that occurred was: System.InvalidOperationException: The ChannelDispatcher at 'net.pipe://localhost/WinSvcReceiverPipe_4e9dbae5-7d0b-4c6f-af63-2dfcae65839d/Receiver_308fb0b1-585f-404c-abb4-6bedfed90039' with contract(s) '"IDellUpdateWcfSession"' is unable to open its IChannelListener. ---> System.InvalidOperationException: A registration already exists for URI 'net.pipe://localhost/WinSvcReceiverPipe_4e9dbae5-7d0b-4c6f-af63-2dfcae65839d/Receiver_308fb0b1-585f-404c-abb4-6bedfed90039'.
   at System.ServiceModel.Channels.UriPrefixTable`1.RegisterUri(Uri uri, HostNameComparisonMode hostNameComparisonMode, TItem item)
   at System.ServiceModel.Channels.ConnectionOrientedTransportManager`1.Register(TransportChannelListener channelListener)
   at System.ServiceModel.Channels.TransportManager.Open(TransportChannelListener channelListener)
   at System.ServiceModel.Channels.TransportManagerContainer.Open(SelectTransportManagersCallback selectTransportManagerCallback)
   at System.ServiceModel.Channels.TransportChannelListener.On....
 
Error: (06/16/2016 02:48:49 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program iexplore.exe version 11.0.9600.17937 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 900
 
Start Time: 01d1c7d56af37a42
 
Termination Time: 0
 
Application Path: C:\Program Files\Internet Explorer\iexplore.exe
 
Report Id:
 
 
System errors:
=============
Error: (06/28/2016 05:14:40 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.
 
Error: (06/28/2016 09:21:31 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the MBAMService service.
 
Error: (06/28/2016 09:01:48 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the MBAMService service.
 
Error: (06/28/2016 08:17:00 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Schedule service.
 
Error: (06/28/2016 07:59:54 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Garmin Device Interaction Service service.
 
Error: (06/28/2016 07:59:54 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the EFS service.
 
Error: (06/28/2016 07:55:28 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Garmin Device Interaction Service service.
 
Error: (06/28/2016 07:55:28 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the EFS service.
 
Error: (06/26/2016 06:18:32 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.
 
Error: (06/25/2016 05:43:55 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the MBAMService service.
 
 
==================== Memory info =========================== 
 
Processor: Pentium® Dual-Core CPU E5300 @ 2.60GHz
Percentage of memory in use: 67%
Total physical RAM: 3061.16 MB
Available physical RAM: 991.4 MB
Total Virtual: 6120.63 MB
Available Virtual: 3604.43 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:232.88 GB) (Free:45.31 GB) NTFS ==>[drive with boot components (obtained from BCD)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 232.9 GB) (Disk ID: CBAB01D2)
Partition 1: (Active) - (Size=232.9 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================

Attached Files


  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,024 posts
  • MVP

Uninstall Microsoft Security Essentials.  You have Avast and two anti-viruses will fight each other.

 

Separate REPLY post for each log as you get them is easiest.

 
Download the attached fixlist.txt to the same location as FRST
 
Attached File  fixlist.txt   4.49KB   52 downloads
 
Run FRST and press Fix
A fix log will be generated please post that 
 
Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator.  Then type (with an Enter after each line).
 
sfc  /scannow
 
Copy the next two lines:
 
findstr  /c:"[SR]"  \windows\logs\cbs\cbs.log  >  \windows\logs\cbs\junk.txt 
notepad \windows\logs\cbs\junk.txt 
 
Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue.  Right click and Paste or Edit then Paste and the copied line should appear.
Hit Enter. Copy and paste the text from notepad or if it is too big, just attach the file.)
 
 
1. Please download the Event Viewer Tool by Vino Rosso
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:
 
* System
4. Under 'Select type to list', select:
* Error
* Warning
 
 
Then use the 'Number of events' as follows:
 
 
1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.
 
 
Please post the Output log in your next reply then repeat but select Application.  (Each time you run VEW it overwrites the log so copy the first one to a Reply or rename it before running it a second time.)
 
 
 
Run FRST again as before.  Make sure Addition.txt is checked and hit Scan.  Post both logs.
 
 
Get Process Explorer
 
Save it to your desktop then run it (Vista or Win7 - right click and Run As Administrator).  
 
View, Select Column, check Verified Signer, OK
Options, Verify Image Signatures
 
 
Click twice on the CPU column header  to sort things by CPU usage with the big hitters at the top.  
 
Wait a full minute then:
 
File, Save As, Save.  Note the file name.   Open the file  on your desktop and copy and paste the text to a reply.
 

 

 

 


  • 0

#3
70delboy

70delboy

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 147 posts

Hi RKinner

 

Fix log attached

 

delboy

Attached Files


  • 0

#4
70delboy

70delboy

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 147 posts

Reply #2

 

Hi RKinner

 

Junk file attached

Attached Files

  • Attached File  junk.txt   28.77KB   61 downloads

  • 0

#5
70delboy

70delboy

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 147 posts

Reply #3

 

Hi RKinner

 

Output from VUW

Attached Files

  • Attached File  VEW1.txt   2.63KB   62 downloads

  • 0

#6
70delboy

70delboy

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 147 posts

Reply #4

 

Hi RKinner

 

Second VUW  scan

 

delboy

Attached Files

  • Attached File  VEW2.txt   9.91KB   59 downloads

  • 0

#7
70delboy

70delboy

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 147 posts

Reply #5

 

Hi RKinner

 

FRST scan

 

delboy

Attached Files

  • Attached File  FRST.txt   22.93KB   59 downloads

  • 0

#8
70delboy

70delboy

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 147 posts

Reply #6

 

Hi RKinner

 

Addition scan

 

delboy

Attached Files


  • 0

#9
70delboy

70delboy

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 147 posts

Reply #7

 

Hi RKinner

 

System Idle Processes

 

delboy

 

 

 

Process CPU Private Bytes Working Set PID Description Company Name Verified Signer
svchost.exe 48.55 250,080 K 152,476 K 984 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
System Idle Process 37.64 0 K 24 K 0   
procexp.exe 3.63 24,032 K 48,700 K 1792 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation
iexplore.exe 3.24 109,420 K 152,080 K 4548 Internet Explorer Microsoft Corporation (Verified) Microsoft Corporation
dwm.exe 1.93 29,792 K 64,584 K 676 Desktop Window Manager Microsoft Corporation (Verified) Microsoft Windows
System 0.58 60 K 1,876 K 4   
Interrupts 0.41 0 K 0 K n/a Hardware Interrupts and DPCs  
mbam.exe 0.28 26,128 K 46,176 K 3200 Malwarebytes Anti-Malware Malwarebytes (Verified) Malwarebytes Corporation
GarminService.exe 0.15 32,556 K 50,604 K 1860 Garmin Service Garmin Ltd. or its subsidiaries (Verified) Garmin International
csrss.exe 0.06 10,092 K 15,152 K 488 Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows
AvastSvc.exe 0.07 94,960 K 41,028 K 1236 avast! Service AVAST Software (Verified) AVAST Software a.s.
explorer.exe 0.04 40,720 K 62,852 K 1124 Windows Explorer Microsoft Corporation (Verified) Microsoft Windows
DellDataVault.exe 0.03 5,080 K 8,904 K 1456 Dell Data Vault Service Dell Inc. (Verified) Techporch Incorporated
WmiPrvSE.exe 0.03 4,280 K 7,872 K 2504 WMI Provider Host Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 0.02 5,336 K 10,200 K 1824 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
audiodg.exe 0.02 15,688 K 14,640 K 1060 Windows Audio Device Graph Isolation  Microsoft Corporation (Verified) Microsoft Windows
CCleaner.exe 0.01 8,836 K 3,672 K 2768 CCleaner Piriform Ltd (Verified) Piriform Ltd
wmpnetwk.exe 0.01 12,604 K 10,740 K 4452 Windows Media Player Network Sharing Service Microsoft Corporation (Verified) Microsoft Windows
QBCFMonitorService.exe 0.01 11,716 K 11,504 K 3220 QuickBooks Company File Monitoring Service Intuit (No signature was present in the subject) Intuit
CNQMUPDT.EXE < 0.01 23,464 K 22,396 K 4964 Canon Quick Menu Updater CANON INC. (Verified) Canon Inc.
AvastUI.exe < 0.01 11,904 K 20,532 K 2104 avast! Antivirus AVAST Software (Verified) AVAST Software a.s.
svchost.exe < 0.01 6,832 K 13,072 K 960 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
iexplore.exe < 0.01 20,356 K 44,072 K 2948 Internet Explorer Microsoft Corporation (Verified) Microsoft Corporation
taskhost.exe < 0.01 12,780 K 14,520 K 724 Host Process for Windows Tasks Microsoft Corporation (Verified) Microsoft Windows
EvernoteClipper.exe < 0.01 1,408 K 5,392 K 2312 Evernote Clipper Evernote Corp., 305 Walnut Street, Redwood City, CA 94063 (Verified) EVERNOTE CORPORATION
lsass.exe  5,312 K 11,596 K 576 Local Security Authority Process Microsoft Corporation (Verified) Microsoft Windows
svchost.exe < 0.01 4,812 K 12,564 K 916 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
OneDrive.exe < 0.01 7,448 K 21,424 K 2200 Microsoft OneDrive Microsoft Corporation (Verified) Microsoft Corporation
DellUpService.exe < 0.01 20,524 K 35,336 K 5964 Dell Update Windows Service Dell Inc. (Verified) Dell Inc.
iexplore.exe < 0.01 124,136 K 165,784 K 5668 Internet Explorer Microsoft Corporation (Verified) Microsoft Corporation
SearchIndexer.exe < 0.01 43,340 K 22,988 K 1376 Microsoft Windows Search Indexer Microsoft Corporation (Verified) Microsoft Windows
svchost.exe < 0.01 12,828 K 12,668 K 1172 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
WmiPrvSE.exe < 0.01 18,140 K 23,340 K 4288 WMI Provider Host Microsoft Corporation (Verified) Microsoft Windows
csrss.exe  1,640 K 4,012 K 428 Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows
mbamservice.exe < 0.01 266,836 K 161,768 K 2808 Malwarebytes Anti-Malware Malwarebytes (Verified) Malwarebytes Corporation
WUDFHost.exe  1,580 K 5,236 K 872 Windows Driver Foundation - User-mode Driver Framework Host Process Microsoft Corporation (Verified) Microsoft Windows
WSHelper.exe  8,348 K 16,272 K 2076 Wondershare Studio Wondershare (Verified) Wondershare software CO.
WmiPrvSE.exe  11,200 K 19,136 K 4948 WMI Provider Host Microsoft Corporation (Verified) Microsoft Windows
winlogon.exe  2,180 K 5,888 K 564 Windows Logon Application Microsoft Corporation (Verified) Microsoft Windows
wininit.exe  896 K 3,420 K 480 Windows Start-Up Application Microsoft Corporation (Verified) Microsoft Windows
unsecapp.exe  1,124 K 4,336 K 4860 Sink to receive asynchronous callbacks for WMI client application Microsoft Corporation (Verified) Microsoft Windows
tgsrvc.exe  1,700 K 4,544 K 3644 SupportSoft Repair Service SupportSoft, Inc. (Verified) Consona Corporation
taskeng.exe  1,044 K 3,876 K 1448 Task Scheduler Engine Microsoft Corporation (Verified) Microsoft Windows
taskeng.exe  1,224 K 4,460 K 2528 Task Scheduler Engine Microsoft Corporation (Verified) Microsoft Windows
svchost.exe  3,588 K 6,824 K 796 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe  16,612 K 18,572 K 4900 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe  16,968 K 17,468 K 880 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe  37,924 K 19,220 K 3776 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe  1,368 K 4,904 K 3500 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe  8,484 K 11,912 K 1500 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe  3,152 K 7,608 K 708 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe  1,888 K 4,580 K 1084 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe  884 K 3,632 K 3472 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe  3,960 K 7,996 K 1784 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
SupportAssistAgent.exe  26,812 K 33,264 K 6056 Service Dell Inc. (Verified) Dell Inc.
spoolsv.exe  5,164 K 10,356 K 1428 Spooler SubSystem App Microsoft Corporation (Verified) Microsoft Windows
smss.exe  260 K 820 K 340 Windows Session Manager Microsoft Corporation (Verified) Microsoft Windows
services.exe  4,696 K 10,228 K 532 Services and Controller app Microsoft Corporation (Verified) Microsoft Windows
Samsung Magician.exe  19,304 K 3,576 K 4912 Samsung Magician Application Samsung Electronics. (Verified) Samsung Electronics Co.
pwsafe.exe  3,140 K 9,600 K 2324 Password Safe Application SourceForge.net (No signature was present in the subject) SourceForge.net
PMBVolumeWatcher.exe  7,168 K 2,388 K 1052 Media Check Tool Sony Corporation (Verified) Sony Corporation
PMBDeviceInfoProvider.exe  1,824 K 5,068 K 2976 Device Information Provider Sony Corporation (Verified) Sony Corporation
MsSpellCheckingFacility.exe  2,704 K 6,832 K 5728 Microsoft Spell Checking Facility Microsoft Corporation (Verified) Microsoft Windows
mbamscheduler.exe  3,788 K 8,844 K 2364 Malwarebytes Anti-Malware Malwarebytes (Verified) Malwarebytes Corporation
lsm.exe  1,316 K 3,232 K 584 Local Session Manager Service Microsoft Corporation (Verified) Microsoft Windows
jusched.exe  1,868 K 4,360 K 2148 Java Update Scheduler Oracle Corporation (Verified) Oracle America
igfxtray.exe  1,192 K 4,584 K 1252 igfxTray Module Intel Corporation (Verified) Intel Corporation
igfxsrvc.exe  1,600 K 4,848 K 2224 igfxsrvc Module Intel Corporation (Verified) Intel Corporation
igfxpers.exe  1,100 K 4,532 K 472 persistence Module Intel Corporation (Verified) Intel Corporation
hkcmd.exe  1,312 K 4,568 K 492 hkcmd Module Intel Corporation (Verified) Intel Corporation
GWX.exe  2,848 K 3,412 K 4588 GWX Microsoft Corporation (Verified) Microsoft Windows
GoogleUpdate.exe  1,620 K 2,504 K 440 Google Installer Google Inc. (Verified) Google Inc
FlashUtil32_21_0_0_242_ActiveX.exe  3,208 K 8,540 K 3296 Adobe® Flash® Player Installer/Uninstaller 21.0 r0 Adobe Systems Incorporated (Verified) Adobe Systems Incorporated
DellUpTray.exe  53,904 K 45,672 K 4852 Dell Update Dell Inc. (Verified) Dell Inc.
DellDataVaultWiz.exe  4,000 K 8,208 K 3100 Dell Data Vault Wizard Dell Inc. (Verified) Techporch Incorporated
consrcclient.exe  2,016 K 4,964 K 3544 SupportSoft® Remote Control Client SupportSoft, Inc. (Verified) Consona Corporation
CNQMSWCS.EXE  50,416 K 45,016 K 5036 Canon Quick Menu Image Display CANON INC. (Verified) Canon Inc.
CNQMMAIN.EXE  74,172 K 32,316 K 1780 Canon Quick Menu CANON INC. (Verified) Canon Inc.
armsvc.exe  832 K 3,072 K 1756 Adobe Acrobat Update Service Adobe Systems Incorporated (Verified) Adobe Systems

 


  • 0

#10
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,024 posts
  • MVP

Uninstall Dell Update.  You can look on the Dell Site and see if they have a new version but I'm not sure it's worth the effort.

 

Download the attached appid.zip file

 

Attached File  appid.zip   323bytes   42 downloads

 

and save it.  Right click on it and Extract All.  Find appid.reg and right click on it and Merge.

 

 

 
Download the attached fixlist.txt to the same location as FRST
 
Attached File  fixlist.txt   336bytes   63 downloads
 
Run FRST and press Fix
A fix log will be generated please post that 
 
Reboot.
 
 
Run FRST again as before.  Make sure Addition.txt is checked and hit Scan.  Post both logs.
 
Run Process Explorer again as before.
 

 

 

 


  • 0

Advertisements


#11
70delboy

70delboy

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 147 posts

Hi RKinner

 

FRST  fixlog file attached

 

delboy

Attached Files


  • 0

#12
70delboy

70delboy

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 147 posts

Hi RKinner

 

FRST logs

 

delboy

Attached Files


  • 0

#13
70delboy

70delboy

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 147 posts

Hi RKinner

 

Hardware Interrupts and DPCs

delboy

 

 

Process CPU Private Bytes Working Set PID Description Company Name Verified Signer
armsvc.exe  820 K 3,052 K 1772 Adobe Acrobat Update Service Adobe Systems Incorporated (Verified) Adobe Systems
audiodg.exe  15,024 K 13,888 K 5036 Windows Audio Device Graph Isolation  Microsoft Corporation (Verified) Microsoft Windows
CNQMMAIN.EXE  75,100 K 30,732 K 2584 Canon Quick Menu CANON INC. (Verified) Canon Inc.
CNQMSWCS.EXE  50,584 K 45,444 K 4968 Canon Quick Menu Image Display CANON INC. (Verified) Canon Inc.
consrcclient.exe  2,028 K 4,980 K 3616 SupportSoft® Remote Control Client SupportSoft, Inc. (Verified) Consona Corporation
DellDataVault.exe  5,088 K 8,892 K 4992 Dell Data Vault Service Dell Inc. (Verified) Techporch Incorporated
DellDataVaultWiz.exe  3,968 K 8,184 K 492 Dell Data Vault Wizard Dell Inc. (Verified) Techporch Incorporated
FlashUtil32_21_0_0_242_ActiveX.exe  3,156 K 8,296 K 2820 Adobe® Flash® Player Installer/Uninstaller 21.0 r0 Adobe Systems Incorporated (Verified) Adobe Systems Incorporated
GoogleUpdate.exe  1,628 K 2,516 K 2108 Google Installer Google Inc. (Verified) Google Inc
GWX.exe  2,868 K 3,388 K 4392 GWX Microsoft Corporation (Verified) Microsoft Windows
hkcmd.exe  1,324 K 4,572 K 2388 hkcmd Module Intel Corporation (Verified) Intel Corporation
igfxpers.exe  1,100 K 4,464 K 2400 persistence Module Intel Corporation (Verified) Intel Corporation
igfxsrvc.exe  1,596 K 4,808 K 2432 igfxsrvc Module Intel Corporation (Verified) Intel Corporation
igfxtray.exe  1,204 K 4,584 K 2380 igfxTray Module Intel Corporation (Verified) Intel Corporation
jusched.exe  1,880 K 4,392 K 2628 Java Update Scheduler Oracle Corporation (Verified) Oracle America
lsass.exe  4,052 K 10,204 K 576 Local Security Authority Process Microsoft Corporation (Verified) Microsoft Windows
lsm.exe  1,308 K 3,228 K 584 Local Session Manager Service Microsoft Corporation (Verified) Microsoft Windows
mbamscheduler.exe  3,700 K 8,776 K 2780 Malwarebytes Anti-Malware Malwarebytes (Verified) Malwarebytes Corporation
MsSpellCheckingFacility.exe  2,564 K 6,648 K 4376 Microsoft Spell Checking Facility Microsoft Corporation (Verified) Microsoft Windows
PMBDeviceInfoProvider.exe  1,820 K 5,064 K 3372 Device Information Provider Sony Corporation (Verified) Sony Corporation
PMBVolumeWatcher.exe  7,328 K 2,312 K 2564 Media Check Tool Sony Corporation (Verified) Sony Corporation
procexp.exe  14,288 K 23,412 K 6040 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation
procexp.exe  13,288 K 22,856 K 5752 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation
pwsafe.exe  3,160 K 9,572 K 2792 Password Safe Application SourceForge.net (No signature was present in the subject) SourceForge.net
Samsung Magician.exe  19,244 K 3,616 K 4900 Samsung Magician Application Samsung Electronics. (Verified) Samsung Electronics Co.
services.exe  4,208 K 9,848 K 532 Services and Controller app Microsoft Corporation (Verified) Microsoft Windows
smss.exe  264 K 820 K 340 Windows Session Manager Microsoft Corporation (Verified) Microsoft Windows
spoolsv.exe  5,160 K 10,296 K 1452 Spooler SubSystem App Microsoft Corporation (Verified) Microsoft Windows
SupportAssistAgent.exe  24,224 K 28,924 K 5596 Service Dell Inc. (Verified) Dell Inc.
svchost.exe  3,780 K 7,932 K 1816 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe  900 K 3,656 K 3520 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe  1,364 K 4,880 K 3580 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe  1,868 K 4,548 K 1088 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe  37,920 K 22,272 K 3860 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe  9,996 K 12,528 K 1520 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe  15,312 K 16,396 K 884 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe  16,696 K 18,764 K 4840 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
taskeng.exe  1,216 K 4,436 K 3028 Task Scheduler Engine Microsoft Corporation (Verified) Microsoft Windows
taskeng.exe  1,060 K 3,888 K 1472 Task Scheduler Engine Microsoft Corporation (Verified) Microsoft Windows
tgsrvc.exe  1,724 K 4,612 K 3692 SupportSoft Repair Service SupportSoft, Inc. (Verified) Consona Corporation
unsecapp.exe  1,140 K 4,324 K 5804 Sink to receive asynchronous callbacks for WMI client application Microsoft Corporation (Verified) Microsoft Windows
wininit.exe  880 K 3,396 K 480 Windows Start-Up Application Microsoft Corporation (Verified) Microsoft Windows
winlogon.exe  2,216 K 5,912 K 564 Windows Logon Application Microsoft Corporation (Verified) Microsoft Windows
WmiPrvSE.exe  4,512 K 7,936 K 5968 WMI Provider Host Microsoft Corporation (Verified) Microsoft Windows
WmiPrvSE.exe  10,352 K 18,376 K 4608 WMI Provider Host Microsoft Corporation (Verified) Microsoft Windows
WSHelper.exe  8,360 K 16,116 K 2612 Wondershare Studio Wondershare (Verified) Wondershare software CO.
WUDFHost.exe  1,604 K 5,260 K 1360 Windows Driver Foundation - User-mode Driver Framework Host Process Microsoft Corporation (Verified) Microsoft Windows
mbamservice.exe < 0.01 268,072 K 161,560 K 3156 Malwarebytes Anti-Malware Malwarebytes (Verified) Malwarebytes Corporation
csrss.exe < 0.01 1,608 K 3,992 K 428 Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows
WmiPrvSE.exe < 0.01 17,984 K 23,128 K 5648 WMI Provider Host Microsoft Corporation (Verified) Microsoft Windows
svchost.exe < 0.01 3,452 K 7,780 K 712 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe < 0.01 4,792 K 12,488 K 928 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe < 0.01 12,416 K 12,376 K 1196 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
OneDrive.exe < 0.01 7,720 K 21,568 K 2660 Microsoft OneDrive Microsoft Corporation (Verified) Microsoft Corporation
EvernoteClipper.exe < 0.01 1,420 K 5,384 K 2732 Evernote Clipper Evernote Corp., 305 Walnut Street, Redwood City, CA 94063 (Verified) EVERNOTE CORPORATION
AvastUI.exe < 0.01 11,848 K 20,536 K 2620 avast! Antivirus AVAST Software (Verified) AVAST Software a.s.
taskhost.exe < 0.01 9,752 K 12,464 K 2052 Host Process for Windows Tasks Microsoft Corporation (Verified) Microsoft Windows
svchost.exe < 0.01 20,336 K 32,272 K 996 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe < 0.01 6,720 K 12,420 K 968 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
CNQMUPDT.EXE 0.01 23,480 K 22,444 K 4948 Canon Quick Menu Updater CANON INC. (Verified) Canon Inc.
svchost.exe 0.01 3,724 K 6,948 K 800 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
wmpnetwk.exe 0.01 12,296 K 10,520 K 4400 Windows Media Player Network Sharing Service Microsoft Corporation (Verified) Microsoft Windows
CCleaner.exe 0.01 6,876 K 3,452 K 3236 CCleaner Piriform Ltd (Verified) Piriform Ltd
SearchIndexer.exe 0.02 29,436 K 13,100 K 2324 Microsoft Windows Search Indexer Microsoft Corporation (Verified) Microsoft Windows
QBCFMonitorService.exe 0.02 11,728 K 11,524 K 3404 QuickBooks Company File Monitoring Service Intuit (No signature was present in the subject) Intuit
svchost.exe 0.05 5,028 K 9,992 K 1876 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
explorer.exe 0.07 38,644 K 61,120 K 2224 Windows Explorer Microsoft Corporation (Verified) Microsoft Windows
AvastSvc.exe 0.08 70,880 K 41,284 K 1256 avast! Service AVAST Software (Verified) AVAST Software a.s.
GarminService.exe 0.15 32,732 K 50,616 K 1980 Garmin Service Garmin Ltd. or its subsidiaries (Verified) Garmin International
csrss.exe 0.16 9,860 K 15,516 K 488 Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows
iexplore.exe 0.29 15,296 K 34,392 K 4068 Internet Explorer Microsoft Corporation (Verified) Microsoft Corporation
mbam.exe 0.31 26,220 K 46,380 K 3472 Malwarebytes Anti-Malware Malwarebytes (Verified) Malwarebytes Corporation
Interrupts 0.62 0 K 0 K n/a Hardware Interrupts and DPCs  
System 0.84 60 K 1,888 K 4   
dwm.exe 1.19 29,448 K 59,820 K 2188 Desktop Window Manager Microsoft Corporation (Verified) Microsoft Windows
iexplore.exe 1.73 116,400 K 157,292 K 4060 Internet Explorer Microsoft Corporation (Verified) Microsoft Corporation
procexp.exe 3.13 24,376 K 47,548 K 2916 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation
System Idle Process 91.29 0 K 24 K 0   


  • 0

#14
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,024 posts
  • MVP

The second Process Explorer log looks pretty good.  The first one had an svchost eating up a lot of CPU but this time it looks good.  

 

How is it running now?  Any faster to  start up IE & Mail?


  • 0

#15
70delboy

70delboy

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 147 posts

Hi RKinner

 

Sorry for delay in replying.

 

It does seem a bit quicker ie the time it takes before allowing IE or Mail to be used has improved, but there is still a noticeable delay of a few minutes.

 

Is this something I must live with?

I take it that there is nothing nasty which may be causing this?

 

delboy


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP