I have used this desktop for some time and over the last few months I have noticed a gradual slowing of its operation. Programs take longer to open and even when opened they stay locked-up for 30 seconds or more before they can be used. This applies to IE, Google and most others.
I run CCleaner and MBAM regularly without much to report.
I have run FRST and the 2 files are below.
I would be very grateful for help to recover the original speed of the computer.
Delboy
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 13.03.2018
Ran by Del (13-03-2018 18:47:33)
Running from C:\Users\Del\Desktop
Microsoft Windows 7 Home Premium Service Pack 1 (X86) (2009-11-27 13:56:13)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-2568410734-3031030142-1223416489-500 - Administrator - Disabled)
Del (S-1-5-21-2568410734-3031030142-1223416489-1001 - Administrator - Enabled) => C:\Users\Del
Guest (S-1-5-21-2568410734-3031030142-1223416489-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2568410734-3031030142-1223416489-1016 - Limited - Enabled)
SophosSAUDEL-PC0 (S-1-5-21-2568410734-3031030142-1223416489-1023 - Limited - Enabled)
Yvonne (S-1-5-21-2568410734-3031030142-1223416489-1008 - Limited - Enabled) => C:\Users\Yvonne
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Acrobat Reader DC (HKLM\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.011.20038 - Adobe Systems Incorporated)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 27.0.0.124 - Adobe Systems Incorporated)
Adobe Flash Player 27 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 27.0.0.187 - Adobe Systems Incorporated)
ANT Drivers Installer x86 (HKLM\...\{9A8BD09D-8B45-4FB3-BADF-1838C2C329EA}) (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Apple Application Support (HKLM\...\{A83279FD-CA4B-4206-9535-90974DE76654}) (Version: 2.1.5 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Avast Free Antivirus (HKLM\...\Avast Antivirus) (Version: 18.2.2328 - AVAST Software)
Blueline 1.1.1 (HKLM\...\Blueline_is1) (Version: - )
Canon Easy-WebPrint EX (HKLM\...\Easy-WebPrint EX) (Version: 1.5.0.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM\...\Canon_IJ_Scan_Utility) (Version: 1.1.10.15 - Canon Inc.)
Canon Inkjet Printer Driver Add-On Module (HKLM\...\CANONIJINBOXADDON100) (Version: - )
Canon MG7500 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG7500_series) (Version: 1.00 - Canon Inc.)
Canon MG7500 series On-screen Manual (HKLM\...\Canon MG7500 series On-screen Manual) (Version: 7.7.1 - Canon Inc.)
Canon MG7500 series User Registration (HKLM\...\Canon MG7500 series User Registration) (Version: - âCanon Inc.)
Canon My Image Garden (HKLM\...\Canon My Image Garden) (Version: 3.1.1 - Canon Inc.)
Canon My Image Garden Design Files (HKLM\...\Canon My Image Garden Design Files) (Version: 3.1.0 - Canon Inc.)
Canon My Printer (HKLM\...\CanonMyPrinter) (Version: 3.2.1 - Canon Inc.)
Canon Quick Menu (HKLM\...\CanonQuickMenu) (Version: 2.5.0 - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.39 - Piriform)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
CPUID CPU-Z 1.72 (HKLM\...\CPUID CPU-Z_is1) (Version: - )
Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 2.0.6875.668 - Dell)
Dell SupportAssistAgent (HKLM\...\{8BD286A4-87C7-406B-9257-F8D8E6ACB35F}) (Version: 2.1.4.14 - Dell)
Dell System Detect - 1 (HKU\S-1-5-21-2568410734-3031030142-1223416489-1001\...\73f463568823ebbe) (Version: 6.0.0.18 - Dell)
Digital Advertising Alliance Protect My Choices (Beta) (HKLM\...\{F0BF9C38-5639-4F0F-A818-AEA288C0A96E}) (Version: 1.2.0.0 - Digital Advertising Alliance)
Elevated Installer (HKLM\...\{7E73C9A3-24D9-4D7F-B4C7-7E4AFE0ADCCB}) (Version: 4.0.15.0 - Garmin Ltd or its subsidiaries) Hidden
Epson Copy Utility 3.5 (HKLM\...\{AA72FB28-73B4-49E5-B6B4-E78F44BBD0AD}) (Version: 3.5.0.0 - )
EPSON TWAIN 5 (HKLM\...\{254BEB3E-1085-4D66-9CDC-0152C0DC2E93}) (Version: 5.71.0000 - SEIKO EPSON Corp.)
Garmin Communicator Plugin (HKLM\...\{032A13FF-D26D-4844-9597-7EF698627985}) (Version: 4.1.0 - Garmin Ltd or its subsidiaries)
Garmin Express (HKLM\...\{50755d67-ae60-4e47-b3d6-ce44d01b5a95}) (Version: 4.0.15.0 - Garmin Ltd or its subsidiaries)
Garmin Express (HKLM\...\{9FB8EC5B-03EE-463E-8F4F-84B525B986B7}) (Version: 4.0.15.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (HKLM\...\{1D91CBB5-4CB1-4757-B0FD-2122AF8AAB9E}) (Version: 4.0.15.0 - Garmin Ltd or its subsidiaries) Hidden
Google Advertising Cookie Opt-out (HKLM\...\{D1A87CF6-1DFD-470D-800A-CDC1CE5F7E54}) (Version: 1.0.1.0 - Google Inc)
Google Earth Plug-in (HKLM\...\{57BB4801-61C8-4E74-9672-2160728A461E}) (Version: 7.1.5.1557 - Google)
Google Toolbar for Internet Explorer (HKLM\...\{18455581-E099-4BA8-BC6B-F34B2F06600C}) (Version: 1.0.0 - Google Inc.) Hidden
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.8231.2252 - Google Inc.)
Google Update Helper (HKLM\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
Google Update Helper (HKLM\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1930 - Intel Corporation)
Intel® Processor Identification Utility (HKLM\...\{A92A4DB0-CD37-42D1-BE1D-603D53C24328}) (Version: 1.0.0.0 - Intel Corporation)
Intel® TV Wizard (HKLM\...\TVWiz) (Version: - Intel Corporation)
Intel® Driver Update Utility (HKLM\...\{8409c4f7-2340-4933-a304-5d37db4fb48b}) (Version: 2.0.0.29 - Intel)
Japanese Fonts Support For Adobe Reader 9 (HKLM\...\{AC76BA86-7AD7-5760-0000-900000000003}) (Version: 9.0.0 - Adobe Systems Incorporated)
Junk Mail filter update (HKLM\...\{E2DFE069-083E-4631-9B6C-43C48E991DE5}) (Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Malwarebytes version 3.3.1.2183 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.3.1.2183 - Malwarebytes)
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.8.106.0 - Microsoft Corporation)
Microsoft Office 2000 Professional (HKLM\...\{00010409-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.2720 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2568410734-3031030142-1223416489-1001\...\OneDriveSetup.exe) (Version: 17.3.7294.0108 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2568410734-3031030142-1223416489-1008\...\OneDriveSetup.exe) (Version: 17.0.4035.0328 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50906.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (HKLM\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
MiniTool Partition Wizard Free 9.0 (HKLM\...\{05D996FA-ADCB-4D23-BA3C-A7C184A8FAC6}_is1) (Version: - MiniTool Solution Ltd.)
MotoCalc 8.07 (HKLM\...\MotoCalc 8_is1) (Version: - Capable Computing, Inc.)
MSXML 4.0 SP2 Parser and SDK (HKLM\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
O2 BB Assisted Controls V2 (HKLM\...\{B0F51838-4AF7-4784-88DD-C86D7D8AF804}) (Version: 1 - SupportSoft)
Password Safe (HKLM\...\Password Safe) (Version: - )
PMB (HKLM\...\{B6A98E5F-D6A7-46FB-9E9D-1F7BF443491C}) (Version: 5.8.02.10270 - Sony Corporation)
QuickBooks (HKLM\...\{06A9E630-DBA6-4D92-9DE7-A235AA6496C7}) (Version: 20.0.4017.807 - Intuit Inc.) Hidden
QuickBooks Simple Start 2010 Free Edition (HKLM\...\{0700E22B-A419-40A5-BD20-04BF618CA0F9}) (Version: 20.0.4017.807 - Intuit Inc.)
QuickTime 7 (HKLM\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
RC Plane Master (HKLM\...\RC Plane Master) (Version: - )
Remote Keyboard Lite (HKLM\...\{26D4F3D3-4FD2-420E-959B-D673E1103EA8}) (Version: 1.2.0.09270 - Sony Corporation) Hidden
Remote Keyboard Lite (HKLM\...\{7C621473-99FD-4800-B2F5-4F390AA46E0C}) (Version: 1.2.0.09270 - Sony Corporation)
SafeZone Stable 4.58.2552.909 (HKLM\...\SafeZone 4.58.2552.909) (Version: 4.58.2552.909 - Avast Software) Hidden
Samsung Data Migration (HKLM\...\{D4DE3DB4-7734-47E5-8D92-B80146311406}) (Version: 2.7 - Samsung)
Samsung Magician (HKLM\...\{29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1) (Version: 5.1.0.1120 - Samsung Electronics)
Silicon Laboratories CP210x VCP Drivers for Windows XP/2003 Server/Vista/7 (HKLM\...\{EFC7DF4A-D0A1-4622-9104-10D8D2B5C82B}) (Version: 6.1.00 - Silicon Laboratories, Inc.)
Speccy (HKLM\...\Speccy) (Version: 1.30 - Piriform)
SpeedFan (remove only) (HKLM\...\SpeedFan) (Version: - )
Supportsoft Mirror Driver 1.8.0 (HKLM\...\ConsMirror_is1) (Version: 1.8.0 - Consona.)
Supportsoft Printer Driver 1.7.0 (HKLM\...\ConsPrinter_is1) (Version: 1.7.0 - Consona.)
TreeSize Free V3.3.2 (HKLM\...\TreeSize Free_is1) (Version: 3.3.2 - JAM Software)
VirusTotal Uploader 2.2 (HKLM\...\VTUploader) (Version: - )
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live Sign-in Assistant (HKLM\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Sync (HKLM\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live Upload Tool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001_Classes\CLSID\{05EC5C13-D255-4592-9CCB-98615172F0D6}\InprocServer32 -> c:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001_Classes\CLSID\{0ADF9C35-0D5E-4B75-88DD-B64868907E17}\InprocServer32 -> c:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001_Classes\CLSID\{123FAF7F-3FB1-4B8F-AD18-0047401D436A}\InprocServer32 -> c:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001_Classes\CLSID\{37A2FC00-1795-4679-94A3-A153F1A8BB54}\InprocServer32 -> c:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001_Classes\CLSID\{37A2FC02-1795-4679-94A3-A153F1A8BB54}\InprocServer32 -> c:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001_Classes\CLSID\{4716D3CE-55DB-4D2A-818C-87D912895890}\InprocServer32 -> c:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001_Classes\CLSID\{4844F3F7-2161-4AC4-B219-B3B4311782AA}\InprocServer32 -> c:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001_Classes\CLSID\{4A56F19E-9F50-4F43-93C8-050E44AA83A9}\InprocServer32 -> c:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001_Classes\CLSID\{4E5E74B5-8EB5-4859-A335-837EED412620}\InprocServer32 -> c:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001_Classes\CLSID\{5428A9ED-6CD8-11D6-9C8A-0001023DCAA2}\InprocServer32 -> c:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001_Classes\CLSID\{547C8F00-5567-4AE3-8BB0-CC3CE2AB9070}\InprocServer32 -> c:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001_Classes\CLSID\{57D590F1-91EB-44CE-8088-AE4AE19D30A1}\InprocServer32 -> c:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001_Classes\CLSID\{596801D8-2C9D-4627-9C67-195CB81B655A}\InprocServer32 -> c:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001_Classes\CLSID\{5B7331FA-8910-4748-A8A4-60B445041F28}\InprocServer32 -> c:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001_Classes\CLSID\{5ED8AC89-B2DE-476D-8EEA-E170B2FCB058}\InprocServer32 -> c:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001_Classes\CLSID\{7694F1CD-A55B-4B7C-8820-A90892EB4E9E}\InprocServer32 -> c:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001_Classes\CLSID\{7DBF8260-30AD-4D1B-876A-8032B87B809F}\InprocServer32 -> c:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001_Classes\CLSID\{810CADD9-2658-4820-BA95-30199625191E}\localserver32 -> C:\Program Files\Intuit\QuickBooks 2010\qbw32.exe (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001_Classes\CLSID\{828E5386-74CF-4019-B356-C857CD028A7D}\InprocServer32 -> c:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001_Classes\CLSID\{82CC31B3-53B4-4161-A4E9-6B4F1290A6C8}\InprocServer32 -> c:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001_Classes\CLSID\{8572570D-12D9-4F2C-8BB8-EB8848178B94}\InprocServer32 -> c:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001_Classes\CLSID\{8E590317-1329-11D1-B70B-00805F29CD16}\localserver32 -> C:\Program Files\Intuit\QuickBooks 2010\qbw32.exe (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001_Classes\CLSID\{8FEDE364-AB37-4551-80C9-6D468E222AB2}\InprocServer32 -> c:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001_Classes\CLSID\{9D9B61F2-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> c:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001_Classes\CLSID\{9D9B61F3-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> c:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001_Classes\CLSID\{9D9B61F4-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> c:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001_Classes\CLSID\{9D9B61F5-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> c:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001_Classes\CLSID\{9D9B61F6-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> c:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001_Classes\CLSID\{9D9B61F7-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> c:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001_Classes\CLSID\{A63E42D0-9C63-47B5-ABF2-0C839EC20778}\InprocServer32 -> c:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001_Classes\CLSID\{A63E42D2-9C63-47B5-ABF2-0C839EC20778}\InprocServer32 -> c:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001_Classes\CLSID\{AF5E0A13-CEAB-47CE-991D-77E82CD1BF3F}\InprocServer32 -> c:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001_Classes\CLSID\{B10BFAC3-EFF1-40D9-ADA0-BEBE037C24CA}\InprocServer32 -> c:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001_Classes\CLSID\{B66F2BF1-91EB-44CE-8088-AE4AE19D30A1}\InprocServer32 -> c:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001_Classes\CLSID\{D14FD6B3-6A9F-4537-9460-07B836707127}\InprocServer32 -> c:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001_Classes\CLSID\{D4A12AAF-E15E-470B-A6B6-63032186F91F}\InprocServer32 -> c:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001_Classes\CLSID\{D9B9C060-0954-11D3-9E07-00104BD2BE34}\InprocServer32 -> c:\Program Files\Common Files\Intuit\QuickBooks\ViewSource.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001_Classes\CLSID\{D9BC6F81-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> c:\Program Files\Common Files\Intuit\QuickBooks\cominifile.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001_Classes\CLSID\{D9BC6F84-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> c:\Program Files\Common Files\Intuit\QuickBooks\cominifile.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001_Classes\CLSID\{D9BC6F87-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> c:\Program Files\Common Files\Intuit\QuickBooks\cominifile.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001_Classes\CLSID\{D9BC6FA1-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> c:\Program Files\Common Files\Intuit\QuickBooks\GraphSeriesCol.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001_Classes\CLSID\{D9BC6FA6-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> c:\Program Files\Common Files\Intuit\QuickBooks\GraphSeriesCol.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001_Classes\CLSID\{D9BC6FB2-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> c:\Program Files\Common Files\Intuit\QuickBooks\StorageClasses.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001_Classes\CLSID\{DCB2B478-EFF6-48F6-B718-13E98876854E}\InprocServer32 -> c:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001_Classes\CLSID\{DFD0AF10-B86C-4AF3-B609-1348D513E565}\InprocServer32 -> c:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001_Classes\CLSID\{E1A173E1-D957-4C3E-A098-43756A3DB454}\InprocServer32 -> c:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001_Classes\CLSID\{E1A173E3-D957-4C3E-A098-43756A3DB454}\InprocServer32 -> c:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001_Classes\CLSID\{EADA914E-5B08-4E85-8440-5A087504DF87}\InprocServer32 -> c:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001_Classes\CLSID\{EAEF733D-5B08-4E85-8440-5A087504DF87}\InprocServer32 -> c:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001_Classes\CLSID\{F2C593CC-74B2-4F71-8556-DD4D426D0409}\InprocServer32 -> c:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001_Classes\CLSID\{FAC93D42-FFC2-11d1-9DEB-0008C7A08EBA}\localserver32 -> C:\Program Files\Intuit\QuickBooks 2010\qbw32.exe (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001_Classes\CLSID\{FB17915F-06D1-4214-A902-CC5EE05186E9}\InprocServer32 -> c:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2018-02-20] (AVAST Software)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2018-02-20] (AVAST Software)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2018-02-20] (AVAST Software)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2009-09-23] (Intel Corporation)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2018-02-20] (AVAST Software)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {242CEF2E-3F62-403A-887D-7A6374CDEBD0} - System32\Tasks\SafeZone scheduled Autoupdate 1474966418 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2017-08-04] (Avast Software)
Task: {251D6272-47D8-4E13-8660-98B434AFF0A1} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\Dell\SupportAssist\uaclauncher.exe [2017-09-14] (PC-Doctor, Inc.)
Task: {3F887BE3-90D7-49B6-A6D0-940917880E6C} - System32\Tasks\Dell SupportAssistAgent AnonymousRegistration => C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssist.exe [2018-02-14] (Dell Inc.)
Task: {41ED6E78-B9A1-42A3-BB2B-2F028CAE8DD5} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2016-08-15] (Microsoft Corporation)
Task: {4220E91D-159A-40F3-BF52-F11C873327DD} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {4A6AF5CB-54D0-4DEA-89BC-4959559814AF} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2017-11-23] (Adobe Systems Incorporated)
Task: {6F65FCE6-903C-4352-A9E2-38D9E1A316F0} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2018-03-13] (AVAST Software)
Task: {749AB90A-0FF4-401F-9720-6A17FFEF1C92} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\Dell\SupportAssist\sessionchecker.exe [2017-09-14] (PC-Doctor, Inc.)
Task: {7B109F44-49ED-4660-AC1C-82AA33F7A7F0} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-02-09] (Adobe Systems Incorporated)
Task: {7EE8B7F1-56B0-4094-A031-B182E86FCB34} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe
Task: {83B1C3A3-A351-4FB7-A4A1-2E7D19241C2C} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2016-08-15] (Microsoft)
Task: {9E04F179-5B16-483A-B46C-287134BF434C} - System32\Tasks\PCDDataUploadTask => uaclauncher.exe
Task: {A63C1C2E-0329-46AE-A71F-1AA32D88F6A2} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {A919F893-4B86-4251-8158-370AFBF29525} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {AFD891E1-240A-4723-946E-7301C979AB3C} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2016-08-15] (Microsoft Corporation)
Task: {BB4B176F-3D48-449D-8A2D-1E37A903048F} - System32\Tasks\SamsungMagician => C:\Program Files\Samsung\Samsung Magician\SamsungMagician.exe [2017-05-19] (Samsung Electronics Co. Ltd.)
Task: {BFA75C2D-AB73-4123-AAC2-3E5C77CA793F} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2018-01-09] (Piriform Ltd)
Task: {D0A19339-A8A1-48F8-80BB-9DE76C86463A} - System32\Tasks\GarminUpdaterTask => C:\Program Files\Garmin\Express Self Updater\ExpressSelfUpdater.exe
Task: {D2FC84A0-64A6-49A7-AC82-257A566CDC6A} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2016-08-15] (Microsoft Corporation)
Task: {E4599639-B6D6-41E1-8DCA-DE457DD18830} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2016-08-15] (Microsoft Corporation)
Task: {E99FFCCB-B16D-452A-9C1E-382AEA0CCFF3} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [2018-01-05] (AVAST Software)
Task: {F266ACF2-95AA-4AFC-90DC-BE6BC68F864A} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssist.exe [2018-02-14] (Dell Inc.)
Task: {FBE2BA1B-8D87-47DC-9C89-73F36FC0D02D} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2018-01-09] (Piriform Ltd)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2018-02-20 15:23 - 2018-02-20 15:23 - 000287960 _____ () C:\Program Files\AVAST Software\Avast\streamback.dll
2018-02-20 15:23 - 2018-02-20 15:23 - 000280280 _____ () C:\Program Files\AVAST Software\Avast\tasks_core.dll
2018-03-12 18:35 - 2018-03-12 18:35 - 005800080 _____ () C:\Program Files\AVAST Software\Avast\defs\18031202\algo.dll
2018-02-20 15:23 - 2018-02-20 15:23 - 000756952 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2018-02-20 15:22 - 2018-02-20 15:22 - 000172248 _____ () C:\Program Files\AVAST Software\Avast\hns_tools.dll
2018-02-20 15:23 - 2018-02-20 15:23 - 000963288 _____ () C:\Program Files\AVAST Software\Avast\shepherdsync.dll
2018-02-20 15:23 - 2018-02-20 15:23 - 000468696 _____ () C:\Program Files\AVAST Software\Avast\gui_cache.dll
2018-02-20 15:23 - 2018-02-20 15:23 - 000339160 _____ () C:\Program Files\AVAST Software\Avast\streamback_avast.dll
2018-03-13 09:34 - 2018-03-13 09:34 - 005800080 _____ () C:\Program Files\AVAST Software\Avast\defs\18031300\algo.dll
2018-03-13 16:27 - 2018-03-13 16:27 - 005800080 _____ () C:\Program Files\AVAST Software\Avast\defs\18031304\algo.dll
2017-10-13 21:06 - 2017-12-08 14:37 - 001934792 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2017-10-13 21:06 - 2017-12-08 14:37 - 001798608 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2017-07-12 08:16 - 2017-07-12 08:16 - 067109376 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2018-02-20 15:22 - 2018-02-20 15:22 - 000275672 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll
2018-02-20 15:22 - 2018-02-20 15:22 - 000617688 _____ () c:\Program Files\AVAST Software\Avast\vaarclient.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\Users\Del\Desktop\passport Y.jpeg:3or4kl4x13tuuug3Byamue2s4b [87]
AlternateDataStreams: C:\Users\Yvonne\Desktop\specs.jpeg:3or4kl4x13tuuug3Byamue2s4b [87]
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\38910314.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\38910314.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SprtListen => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SprtListenPush => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SupportSoft Remote Control Client => ""="Service"
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
IE trusted site: HKU\.DEFAULT\...\dell.com -> dell.com
IE trusted site: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001\...\dell.com -> dell.com
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 02:04 - 2013-09-26 16:00 - 000000098 _____ C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-2568410734-3031030142-1223416489-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Del\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-2568410734-3031030142-1223416489-1008\Control Panel\Desktop\\Wallpaper -> C:\Users\Yvonne\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: DellDataVault => 2
MSCONFIG\Services: DellDataVaultWiz => 2
MSCONFIG\Services: Garmin Device Interaction Service => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: gusvc => 3
MSCONFIG\Services: MBAMScheduler => 2
MSCONFIG\Services: MBAMService => 2
MSCONFIG\Services: PMBDeviceInfoProvider => 2
MSCONFIG\Services: QBCFMonitorService => 2
MSCONFIG\Services: QBFCService => 3
MSCONFIG\Services: SupportAssistAgent => 2
MSCONFIG\Services: SupportSoft Remote Control Client => 2
MSCONFIG\Services: tgsrvc_o2las => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk => C:\Windows\pss\QuickBooks Update Agent.lnk.CommonStartup
MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: CanonQuickMenu => C:\Program Files\Canon\Quick Menu\CNQMMAIN.EXE /logon
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: Wondershare Helper Compact.exe => C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [WMP-In-UDP-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [WMP-Out-UDP-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [WMP-Out-TCP-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [{E926E57D-011D-4F63-BCC5-FFCFDC28D091}] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [{CE504808-152F-4073-8BB9-0F8E7C4D30C6}] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [{AB3FBA72-52C3-4476-9A38-230DBE05659B}] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [{3A518E67-8F75-4EFD-9187-1F2C9F2F2168}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\4.58.2552.909\SZBrowser.exe
FirewallRules: [{2156CDBD-C558-484C-B70C-A663FD28F4B3}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\4.58.2552.909_0\SZBrowser.exe
==================== Restore Points =========================
14-08-2017 13:19:45 Scheduled Checkpoint
18-08-2017 10:18:29 Windows Update
27-08-2017 17:58:19 Scheduled Checkpoint
04-09-2017 10:46:38 Scheduled Checkpoint
14-09-2017 17:50:19 Scheduled Checkpoint
16-09-2017 07:51:43 Windows Update
07-10-2017 15:36:06 Scheduled Checkpoint
18-10-2017 10:43:17 Windows Update
27-10-2017 20:09:56 Scheduled Checkpoint
08-11-2017 16:26:27 Scheduled Checkpoint
20-11-2017 11:39:23 Windows Update
28-11-2017 19:02:17 Scheduled Checkpoint
09-12-2017 12:36:37 Scheduled Checkpoint
19-12-2017 12:49:20 Scheduled Checkpoint
30-12-2017 17:56:01 Scheduled Checkpoint
08-01-2018 16:57:14 Scheduled Checkpoint
16-01-2018 20:13:59 Scheduled Checkpoint
24-01-2018 12:48:33 Scheduled Checkpoint
31-01-2018 18:48:32 Removed Evernote v. 5.9.6
31-01-2018 18:50:13 Removed P&O Cruises Live Ship Tracker
31-01-2018 18:55:16 Removed Java 8 Update 141
31-01-2018 18:56:44 Removed Java 8 Update 151
06-02-2018 17:00:11 Windows Backup
18-02-2018 19:40:43 Scheduled Checkpoint
26-02-2018 17:44:20 Scheduled Checkpoint
07-03-2018 17:04:11 Scheduled Checkpoint
==================== Faulty Device Manager Devices =============
Name: M:\
Description: MS/MS-Pro
Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Manufacturer: Generic-
Service: WUDFRd
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver
Name: VNC Mirror Driver
Description: VNC Mirror Driver
Class Guid: {4d36e968-e325-11ce-bfc1-08002be10318}
Manufacturer: RealVNC
Service: vncmirror
Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
Resolution: A registry problem was detected.
This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.
==================== Event log errors: =========================
Application errors:
==================
Error: (03/13/2018 09:35:48 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program iexplore.exe version 11.0.9600.18838 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
Process ID: 1604
Start Time: 01d3baae819b4e2b
Termination Time: 2523
Application Path: C:\Program Files\Internet Explorer\iexplore.exe
Report Id:
Error: (03/08/2018 12:10:43 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe_StiSvc, version: 6.1.7600.16385, time stamp: 0x4a5bc100
Faulting module name: CNC_C7L.dll_unloaded, version: 0.0.0.0, time stamp: 0x52ddf466
Exception code: 0xc0000005
Fault offset: 0x00ea4de0
Faulting process id: 0x4d8
Faulting application start time: 0x01d3b6d054d452a6
Faulting application path: C:\Windows\system32\svchost.exe
Faulting module path: CNC_C7L.dll
Report Id: b90662ff-22c9-11e8-a22a-0024e811b7db
Error: (03/07/2018 06:00:27 PM) (Source: SupportAssistAgent) (EventID: 0) (User: )
Description: An exception occurred in session change of service start: Object reference not set to an instance of an object.
Error: (03/01/2018 10:00:26 PM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: The backup did not complete because of an error writing to the backup location D:\. The error is: The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006).
Error: (02/28/2018 03:36:11 PM) (Source: SupportAssistAgent) (EventID: 0) (User: )
Description: An exception occurred in session change of service start: Object reference not set to an instance of an object.
Error: (02/28/2018 03:36:08 PM) (Source: SupportAssistAgent) (EventID: 0) (User: )
Description: An exception occurred in session change of service start: Object reference not set to an instance of an object.
Error: (02/28/2018 03:36:05 PM) (Source: SupportAssistAgent) (EventID: 0) (User: )
Description: An exception occurred in session change of service start: Object reference not set to an instance of an object.
Error: (02/28/2018 03:36:04 PM) (Source: SupportAssistAgent) (EventID: 0) (User: )
Description: An exception occurred in session change of service start: Object reference not set to an instance of an object.
System errors:
=============
Error: (03/13/2018 05:42:40 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
Error: (03/13/2018 10:20:44 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
Error: (03/12/2018 07:36:54 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 20.
Error: (03/11/2018 10:27:41 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.
Error: (03/11/2018 12:06:28 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 20.
Error: (03/11/2018 11:53:46 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 20.
Error: (03/09/2018 06:47:20 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
Error: (03/08/2018 12:10:54 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Windows Image Acquisition (WIA) service terminated unexpectedly. It has done this 1 time(s).
CodeIntegrity:
===================================
Date: 2016-07-04 20:18:26.417
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system.
Date: 2016-07-04 20:18:26.370
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.
Date: 2016-07-04 20:11:13.417
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system.
Date: 2016-07-04 20:11:13.386
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.
Date: 2016-07-04 15:59:47.386
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system.
Date: 2016-07-04 15:59:47.354
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.
Date: 2016-07-04 15:47:52.386
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system.
Date: 2016-07-04 15:47:52.354
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.
==================== Memory info ===========================
Processor: Pentium® Dual-Core CPU E5300 @ 2.60GHz
Percentage of memory in use: 59%
Total physical RAM: 3061.16 MB
Available physical RAM: 1236.5 MB
Total Virtual: 6120.64 MB
Available Virtual: 4037.98 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:232.88 GB) (Free:40.05 GB) NTFS ==>[drive with boot components (obtained from BCD)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 232.9 GB) (Disk ID: CBAB01D2)
Partition 1: (Active) - (Size=232.9 GB) - (Type=07 NTFS)
==================== End of Addition.txt ============================
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13.03.2018
Ran by Del (administrator) on DEL-PC (13-03-2018 18:46:34)
Running from C:\Users\Del\Desktop
Loaded Profiles: Del & Yvonne (Available Profiles: Del & Yvonne)
Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Sony Corporation) C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\aswidsagent.exe
(Samsung Electronics Co. Ltd.) C:\Program Files\Samsung\Samsung Magician\SamsungMagician.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe
(Dell Inc.) C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Microsoft Corporation) C:\Windows\System32\PrintIsolationHost.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [PMBVolumeWatcher] => C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe [651832 2011-08-24] (Sony Corporation)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [243496 2018-02-20] (AVAST Software)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-2568410734-3031030142-1223416489-1001\...\RunOnce: [FlashPlayerUpdate] => C:\Windows\system32\Macromed\Flash\FlashUtil32_27_0_0_187_ActiveX.exe [1319424 2017-11-23] (Adobe Systems Incorporated)
HKU\S-1-5-21-2568410734-3031030142-1223416489-1008\...\Run: [msnmsgr] => "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files\Garmin\Express Tray\tray.exe [1010008 2015-04-08] (Garmin Ltd. or its subsidiaries)
HKU\S-1-5-18\...\RunOnce: [SPReview] => "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"hxxp://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk [2009-11-29]
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{07EB6271-F601-432E-A97D-49E29996489E}: [DhcpNameServer] 192.168.1.254
Internet Explorer:
==================
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2568410734-3031030142-1223416489-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2568410734-3031030142-1223416489-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.co.uk/
HKU\S-1-5-21-2568410734-3031030142-1223416489-1008\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://uk.msn.com/?ocid=iehp
HKU\S-1-5-21-2568410734-3031030142-1223416489-1008\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.google.co.uk/
SearchScopes: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001 -> 400E6695BB724B18BB5774F9B7E4317E URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
SearchScopes: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001 -> {F0BE753D-DCEE-412C-BB44-0B4275A7B6C3} URL = hxxps://duckduckgo.com/?q={searchTerms}&atb=v50-6__
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2014-07-07] (CANON INC.)
BHO: Advertising Cookie Opt-out -> {8E425EB4-ADBD-4816-B1E8-49BB9DECF034} -> C:\Program Files\Google\Advertising Cookie Opt-out\opt_out.dll [2013-01-10] (Google Inc)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2018-02-20] (AVAST Software)
BHO: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22] (Microsoft Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-28] (Google Inc.)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2014-07-07] (CANON INC.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-28] (Google Inc.)
Toolbar: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001 -> Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2014-07-07] (CANON INC.)
Toolbar: HKU\S-1-5-21-2568410734-3031030142-1223416489-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-28] (Google Inc.)
Toolbar: HKU\S-1-5-21-2568410734-3031030142-1223416489-1008 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
Toolbar: HKU\S-1-5-21-2568410734-3031030142-1223416489-1008 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-28] (Google Inc.)
DPF: {01113300-3E00-11D2-8470-0060089874ED} hxxp://ias.broadband.o2.co.uk/sdccommon/download/tgctlcm.cab
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {0A43D7AC-D6C1-4622-B309-BF975F427C0E} hxxps://internetbankingplus1.firstdirect.com/ibplus/frontdoorFD.cab
DPF: {4E62C4DE-627D-4604-B157-4B7D6B09F02E} hxxps://moneymanager.egg.com/Pinsafe/accounttracking.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: intu-help-qb3 - {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - C:\Program Files\Intuit\QuickBooks 2010\HelpAsyncPluggableProtocol.dll [2013-02-02] (Intuit, Inc.)
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\system32\mscoree.dll [2010-11-05] (Microsoft Corporation)
FireFox:
========
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Users\Del\AppData\Roaming\Mozilla\Extensions\[email protected]
FF Extension: (Games by 7Go) - C:\Users\Del\AppData\Roaming\Mozilla\Extensions\[email protected] [2013-09-18] [Legacy] [not signed]
FF Plugin: @canon.com/EPPEX -> C:\Program Files\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll [2011-11-30] (CANON INC.)
FF Plugin: @garmin.com/GpsControl -> C:\Program Files\Garmin GPS Plugin\npGarmin.dll [2013-10-09] (GARMIN Corp.)
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2015-05-20] (Google)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50906.0\npctrl.dll [2017-03-09] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2009-07-10] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-16] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-16] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-02-11] (Adobe Systems Inc.)
Chrome:
=======
CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx <not found>
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [5931184 2018-02-20] (AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [300600 2018-02-20] (AVAST Software)
R2 DDVCollectorSvcApi; C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe [171928 2017-12-14] (Dell Inc.)
R2 DDVDataCollector; C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe [2358672 2017-12-14] (Dell Inc.)
R2 DDVRulesProcessor; C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe [188816 2017-12-14] (Dell Inc.)
S4 Garmin Device Interaction Service; C:\Program Files\Garmin\Device Interaction Service\GarminService.exe [708616 2015-04-08] (Garmin Ltd. or its subsidiaries)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4563920 2017-11-01] (Malwarebytes)
S4 QBCFMonitorService; c:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [45056 2013-02-02] (Intuit) [File not signed]
S4 QBFCService; c:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [61440 2009-07-23] (Intuit Inc.) [File not signed]
R2 SupportAssistAgent; C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [41432 2018-02-14] (Dell Inc.)
S4 SupportSoft Remote Control Client; C:\Program Files\Common Files\supportsoft\bin\consrcclient.exe [2080272 2012-11-06] (SupportSoft, Inc.)
S4 tgsrvc_o2las; C:\Program Files\O2LAS\bin\tgsrvc.exe [213008 2012-11-06] (SupportSoft, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
U4 AvastVBoxSvc; "C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe" [X]
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R1 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [167040 2018-03-13] (AVAST Software)
R1 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdriverx.sys [185432 2018-03-13] (AVAST Software)
R0 aswbidsh; C:\Windows\System32\drivers\aswbidshx.sys [157368 2018-03-13] (AVAST Software)
R0 aswblog; C:\Windows\System32\drivers\aswblogx.sys [276688 2018-03-13] (AVAST Software)
R0 aswbuniv; C:\Windows\System32\drivers\aswbunivx.sys [50336 2018-03-13] (AVAST Software)
R1 aswHdsKe; C:\Windows\System32\drivers\aswHdsKe.sys [169536 2018-03-13] (AVAST Software)
S3 aswHwid; C:\Windows\System32\drivers\aswHwid.sys [42808 2018-03-13] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [39784 2017-09-13] (AVAST Software)
R2 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [124392 2018-03-13] (AVAST Software)
R1 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [100032 2018-03-13] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [70816 2018-03-13] (AVAST Software)
R1 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [783608 2018-03-13] (AVAST Software)
R1 aswSP; C:\Windows\System32\drivers\aswSP.sys [391856 2018-03-13] (AVAST Software)
R2 aswStm; C:\Windows\System32\drivers\aswStm.sys [152344 2018-03-13] (AVAST Software)
R0 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [310784 2018-03-13] (AVAST Software)
R3 DDDriver; C:\Windows\System32\drivers\DDDriver32Dcsa.sys [30912 2017-04-11] (Dell Inc.)
R3 DellProf; C:\Windows\System32\drivers\DellProf.sys [30520 2017-04-11] (Dell Computer Corporation)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae.sys [59896 2017-12-08] ()
R0 giveio; C:\Windows\System32\giveio.sys [5248 1996-04-03] () [File not signed]
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [168376 2017-12-08] (Malwarebytes)
R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [91576 2018-03-13] (Malwarebytes)
R3 MBAMProtection; C:\Windows\System32\DRIVERS\mbam.sys [40376 2018-03-13] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [221112 2018-03-13] (Malwarebytes)
R3 MBAMWebProtection; C:\Windows\System32\DRIVERS\mwac.sys [65824 2018-03-13] (Malwarebytes)
S3 PSSDK42; C:\Windows\system32\Drivers\pssdk42.sys [38976 2015-03-26] (microOLAP Technologies LTD)
S3 PSSDKLBF; C:\Windows\system32\Drivers\pssdklbf.sys [53312 2015-03-26] (microOLAP Technologies LTD)
R0 pwdrvio; C:\Windows\System32\pwdrvio.sys [15688 2013-09-30] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [10320 2013-09-30] ()
S3 RapportIaso; c:\programdata\trusteer\rapport\store\exts\rapportms\baseline\rapportiaso.sys [21520 2012-06-30] (Trusteer Ltd.)
S3 silabenm; C:\Windows\System32\DRIVERS\silabenm.sys [47176 2010-07-28] (Silicon Laboratories)
S3 silabser; C:\Windows\System32\DRIVERS\silabser.sys [58112 2010-07-28] (Silicon Laboratories)
R0 speedfan; C:\Windows\System32\speedfan.sys [25240 2011-03-18] (Almico Software)
R3 WirelessKeyboardFilter; C:\Windows\System32\DRIVERS\WirelessKeyboardFilter.sys [44776 2016-07-22] (Microsoft Corporation)
U5 AppMgmt; C:\Windows\system32\svchost.exe [20992 2009-07-14] (Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
S3 FreshIO; \??\C:\Program Files\FreshDevices\FreshDiagnose\FreshIO.sys [X]
U4 VBoxAswDrv; \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2018-03-13 18:46 - 2018-03-13 18:47 - 000015565 _____ C:\Users\Del\Desktop\FRST.txt
2018-03-13 18:41 - 2018-03-13 18:46 - 000000000 ____D C:\FRST
2018-03-13 18:40 - 2018-03-13 18:46 - 001763840 _____ (Farbar) C:\Users\Del\Desktop\FRST.exe
2018-03-13 10:24 - 2018-03-13 10:22 - 000319392 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2018-03-13 17:46 - 2017-11-20 09:04 - 001870570 _____ C:\Windows\ntbtlog.txt
2018-03-13 17:44 - 2017-11-13 22:24 - 000065824 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2018-03-13 10:32 - 2009-07-14 04:34 - 000015152 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-03-13 10:32 - 2009-07-14 04:34 - 000015152 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-03-13 10:24 - 2009-11-27 14:00 - 000782470 _____ C:\Windows\system32\PerfStringBackup.INI
2018-03-13 10:24 - 2009-07-14 02:37 - 000000000 ____D C:\Windows\inf
2018-03-13 10:23 - 2017-11-21 16:21 - 000167040 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArPot.sys
2018-03-13 10:23 - 2016-07-04 19:31 - 000391856 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2018-03-13 10:23 - 2016-07-04 19:31 - 000310784 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2018-03-13 10:23 - 2016-07-04 19:31 - 000152344 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2018-03-13 10:23 - 2016-07-04 19:31 - 000124392 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2018-03-13 10:23 - 2016-07-04 19:31 - 000100032 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2018-03-13 10:23 - 2016-07-04 19:31 - 000070816 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2018-03-13 10:23 - 2016-07-04 19:31 - 000042808 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2018-03-13 09:37 - 2016-07-04 19:31 - 000783608 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2018-03-13 09:36 - 2018-01-04 18:15 - 000169536 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHdsKe.sys
2018-03-13 09:36 - 2017-03-18 15:46 - 000276688 _____ (AVAST Software) C:\Windows\system32\Drivers\aswblogx.sys
2018-03-13 09:36 - 2017-03-18 15:46 - 000185432 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsdriverx.sys
2018-03-13 09:36 - 2017-03-18 15:46 - 000157368 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidshx.sys
2018-03-13 09:36 - 2017-03-18 15:46 - 000050336 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbunivx.sys
2018-03-13 09:34 - 2017-12-08 14:37 - 000040376 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2018-03-13 09:33 - 2018-01-06 11:44 - 000091576 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2018-03-13 09:33 - 2017-11-13 22:24 - 000221112 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2018-03-13 09:33 - 2009-07-14 04:53 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-03-12 20:04 - 2009-12-01 21:20 - 000000000 ____D C:\Users\Del\AppData\Local\ElevatedDiagnostics
2018-03-09 19:49 - 2009-07-14 02:37 - 000000000 ____D C:\Windows\system32\NDF
2018-03-09 18:58 - 2015-02-05 19:13 - 000000000 ____D C:\ProgramData\CanonIJPLM
2018-03-04 15:32 - 2017-09-03 09:09 - 000000259 _____ C:\Windows\system32\SmartFlow.txt
2018-03-04 14:41 - 2016-07-07 18:16 - 000000000 ____D C:\Users\Del\Desktop\Manuals
2018-03-02 16:03 - 2011-10-17 18:20 - 000000000 ____D C:\Program Files\SpeedFan
2018-02-26 18:46 - 2009-12-02 12:37 - 000007612 _____ C:\Users\Del\AppData\Local\Resmon.ResmonCfg
2018-02-25 16:32 - 2016-09-11 19:22 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2018-02-22 12:04 - 2009-11-30 14:01 - 000000000 ____D C:\Users\Yvonne
2018-02-20 18:15 - 2016-06-16 18:20 - 000000000 ____D C:\Users\Del\AppData\Local\PasswordSafe
2018-02-20 15:24 - 2017-11-21 16:21 - 000164928 _____ (AVAST Software) C:\Windows\system32\Drivers\asw4168dba9cbd2730f.tmp
2018-02-20 15:24 - 2016-07-04 19:31 - 000391344 _____ (AVAST Software) C:\Windows\system32\Drivers\asw 2c17808da5152e6.tmp
2018-02-20 15:24 - 2016-07-04 19:31 - 000310784 _____ (AVAST Software) C:\Windows\system32\Drivers\asw3f8257c36953c19d.tmp
2018-02-20 15:24 - 2016-07-04 19:31 - 000151832 _____ (AVAST Software) C:\Windows\system32\Drivers\aswf60da08c9cfc698a.tmp
2018-02-20 15:24 - 2016-07-04 19:31 - 000124392 _____ (AVAST Software) C:\Windows\system32\Drivers\asw1cd4df07dd3172aa.tmp
2018-02-20 15:24 - 2016-07-04 19:31 - 000100024 _____ (AVAST Software) C:\Windows\system32\Drivers\asw8a8464ec508b7b40.tmp
2018-02-20 15:24 - 2016-07-04 19:31 - 000070816 _____ (AVAST Software) C:\Windows\system32\Drivers\asw4cab26d138b8d221.tmp
2018-02-20 15:24 - 2016-07-04 19:31 - 000042808 _____ (AVAST Software) C:\Windows\system32\Drivers\asw25d32a985e7e1858.tmp
2018-02-20 15:22 - 2018-01-04 18:15 - 000150808 _____ (AVAST Software) C:\Windows\system32\Drivers\asw3defee0a794c60f5.tmp
2018-02-20 15:22 - 2016-07-04 19:31 - 000783600 _____ (AVAST Software) C:\Windows\system32\Drivers\asw b229d00a9344b04.tmp
2018-02-12 19:37 - 2009-07-14 04:52 - 000000000 ____D C:\Windows\Downloaded Program Files
2018-02-12 18:36 - 2015-04-19 14:26 - 000000000 ____D C:\ProgramData\PCDr
==================== Files in the root of some directories =======
2009-12-02 12:37 - 2018-02-26 18:46 - 000007612 _____ () C:\Users\Del\AppData\Local\Resmon.ResmonCfg
2016-12-15 19:34 - 2016-12-15 19:34 - 000000000 _____ () C:\Users\Del\AppData\Local\{7312BBF3-A2A9-4E83-A473-4343C87ED2D0}
Some files in TEMP:
====================
2018-02-07 18:07 - 2018-03-02 16:03 - 000192512 _____ () C:\Users\Del\AppData\Local\temp\sfamcc00001.dll
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2018-03-12 19:57
==================== End of FRST.txt ============================