Solved Virus Check, Acting really sluggish

[dolsen]

Here are the log files:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:05-03-2016 01
Ran by TEST1 (administrator) on DOLSENLAPTOP (27-03-2016 17:54:44)
Running from C:\Users\TEST1\Downloads
Loaded Profiles: TEST1 (Available Profiles: dolsen & dolsen2 & TEST1)
Platform: Windows 7 Professional Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Dell Inc.) C:\Program Files\Dell\DW WLAN Card\BCMWLTRY.EXE
(Broadcom Corporation) C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe
(Broadcom Corporation) C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
(Wave Systems Corp.) C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AEstSrv.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(DeviceVM, Inc.) D:\Program Files\Dell\Reader 2.1\DVMExportService.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\GoToAssist Remote Support Customer\948\g2ax_service.exe
() C:\Program Files\STMicroelectronics\AccelerometerP11\InstallFilterService.exe
(Mentor Graphics Corporation) C:\Program Files\SolidWorks Corp\SolidWorks Flow Simulation\binCFW\StandAloneSlv.exe
(Mentor Graphics Corporation) C:\Program Files\SolidWorks Corp\SolidWorks Flow Simulation (2)\binCFW\StandAloneSlv.exe
(Dell SonicWALL, Inc.) C:\Program Files\Dell SonicWALL\Global VPN Client\SWGVCSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Dell Inc.) C:\Program Files\Dell\Dell System Manager\DCPSysMgrSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(AOL Inc.) C:\Program Files\Common Files\AOL\1453259556\ee\aolsoftware.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\GoToAssist Remote Support Customer\948\g2ax_comm_customer.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\GoToAssist Remote Support Customer\948\g2ax_system_customer.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\GoToAssist Remote Support Customer\948\g2ax_user_customer.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(AOL Inc.) C:\Program Files\Common Files\AOL\acs\AOLacsd.exe
(Dell SonicWALL, Inc.) C:\Program Files\Dell SonicWALL\Global VPN Client\SWGVC.exe
(Microsoft Corporation) C:\Windows\System32\dinotify.exe
(Adobe Systems Inc.) C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
(AOL Inc.) C:\Program Files\AOL Desktop 9.8.2\waol.exe
(AOL Inc.) C:\Program Files\AOL Desktop 9.8.2\shellmon.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\setup\instup.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [DBRMTray] => C:\Dell\DBRM\Reminder\DbrmTrayIcon.exe [206336 2010-05-20] (Microsoft)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [288112 2010-05-13] (Alps Electric Co., Ltd.)
HKLM\...\Run: [LWS] => C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe [204136 2012-09-13] (Logitech Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [157456 2015-12-17] (Apple Inc.)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7139768 2016-03-27] (AVAST Software)
HKLM\...\RunOnce: [DBRMTray] => C:\Dell\DBRM\Reminder\TrayApp.exe [7168 2010-02-04] (Microsoft)
Winlogon\Notify\GoToAssist Express Customer: C:\Program Files\Citrix\GoToAssist Remote Support Customer\948\g2ax_winlogon.dll [2016-01-25] (Citrix Systems, Inc.)
HKU\S-1-5-21-3056380410-417315007-640916887-1003\...\Run: [AOL Fast Start] => C:\Program Files\AOL Desktop 9.8.2\AOL.EXE [73584 2015-12-15] (AOL Inc.)
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [280576 2013-03-20] (Microsoft Corporation)
Lsa: [Authentication Packages] msv1_0 wvauth
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2016-03-27] (AVAST Software)
ShellIconOverlayIdentifiers: [EnabledUnlockedFDEIconOverlay] -> {30D3C2AF-9709-4D05-9CF4-13335F3C1E4A} => C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll [2010-03-29] (Wave Systems Corp.)
ShellIconOverlayIdentifiers: [UninitializedFdeIconOverlay] -> {CF08DA3E-C97D-4891-A66B-E39B28DD270F} => C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll [2010-03-29] (Wave Systems Corp.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 09 C:\Program Files\Bonjour\mdnsNSP.dll [122128 2015-08-12] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{515EB4EB-0182-4754-8B99-31519D791097}: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{B74DF508-EBBE-448C-A4B9-F4DE13A86BFF}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {9AB47079-668A-43FC-944F-27BEE07483FC} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLRDF8&pc=MDDR&src=IE-SearchBox
SearchScopes: HKLM -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2786678
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-09-23] (Adobe Systems Incorporated)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-03-27] (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: Search Toolbar -> {9D425283-D487-4337-BAB6-AB8354A81457} -> C:\Program Files\Search Toolbar\SearchToolbar.dll [2010-04-08] ()
BHO: Search.com Bar -> {9f85f783-362b-4373-afb4-4999ef33aa35} -> C:\Program Files\searchcom_004\searchcom_002X.dll [2012-03-01] ()
BHO: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files\Windows Live\Companion\companioncore.dll [2010-09-23] (Microsoft Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-12-18] (Google Inc.)
BHO: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11] (Adobe Systems Incorporated)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11] (Adobe Systems Incorporated)
BHO: Hotspot Shield Class -> {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} -> C:\Program Files\Hotspot Shield\HssIE\HssIE.dll [2013-02-13] (AnchorFree Inc.)
Toolbar: HKLM - Search Toolbar - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files\Search Toolbar\SearchToolbar.dll [2010-04-08] ()
Toolbar: HKLM - Search.com Bar - {9f85f783-362b-4373-afb4-4999ef33aa35} - C:\Program Files\searchcom_004\searchcom_002X.dll [2012-03-01] ()
Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11] (Adobe Systems Incorporated)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-12-18] (Google Inc.)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_45-windows-i586.cab
DPF: {CAFEEFAC-0018-0000-0045-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_45-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_45-windows-i586.cab
DPF: {CB1A2363-BCE7-42B1-A8B2-E530C9F0B0DA} hxxps://secure.digsigtrust.com/ms/IdenTrustCertEnroll.cab
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll No File
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll No File
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_20_0_0_286.dll [2016-01-23] ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2015-10-14] ()
FF Plugin: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-06-18] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre1.8.0_45\bin\new_plugin\npjp2.dll [No File]
FF Plugin: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-06-18] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2010-09-23] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-01] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-01] (Google Inc.)
FF Plugin: @viewpoint.com/VMP -> C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll [2004-02-20] ()
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-03-27]
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\itms.js [2015-11-16]

Chrome:
=======
CHR Profile: C:\Users\TEST1\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\TEST1\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-01-19]
CHR Extension: (Google Slides) - C:\Users\TEST1\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-01-19]
CHR Extension: (Google Drive) - C:\Users\TEST1\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-01-19]
CHR Extension: (YouTube) - C:\Users\TEST1\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-01-19]
CHR Extension: (Google Search) - C:\Users\TEST1\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-01-19]
CHR Extension: (Google Slides) - C:\Users\TEST1\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-01-19]
CHR Extension: (Google Slides) - C:\Users\TEST1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-20]
CHR Extension: (Chrome Web Store Payments) - C:\Users\TEST1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-01-19]
CHR Extension: (Gmail) - C:\Users\TEST1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-01-19]
CHR HKLM\...\Chrome\Extension: [bejbohlohkkgompgecdcbbglkpjfjgdj] - C:\Users\dolsen\AppData\Local\Temp\crx744.tmp <not found>
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2016-03-27]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 AOL ACS; C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe [46184 2014-02-06] (AOL Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [237096 2016-03-27] (AVAST Software)
S3 CoordinatorServiceHost; C:\Program Files\SolidWorks Corp\SolidWorks (3)\swScheduler\DTSCoordinatorService.exe [89160 2012-03-28] (Dassault Systèmes SolidWorks Corp.)
R2 Credential Vault Host Control Service; C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe [812448 2010-03-24] (Broadcom Corporation)
R2 Credential Vault Host Storage; C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe [27040 2010-03-24] (Broadcom Corporation)
R2 dcpsysmgrsvc; c:\Program Files\Dell\Dell System Manager\DCPSysMgrSvc.exe [388464 2010-08-24] (Dell Inc.)
R2 DvmMDES; D:\Program Files\Dell\Reader 2.1\DVMExportService.exe [327680 2010-05-04] (DeviceVM, Inc.) [File not signed]
S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [1044816 2011-09-15] (Flexera Software, Inc.) [File not signed]
R2 GoToAssist Remote Support Customer; C:\Program Files\Citrix\GoToAssist Remote Support Customer\948\g2ax_service.exe [610528 2016-01-25] (Citrix Systems, Inc.)
R2 InstallFilterService; C:\Program Files\STMicroelectronics\AccelerometerP11\InstallFilterService.exe [60928 2010-01-10] () [File not signed]
S4 msvsmon80; C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [2799808 2005-09-23] (Microsoft Corporation)
R2 Remote Solver for Flow Simulation 2010; C:\Program Files\SolidWorks Corp\SolidWorks Flow Simulation\binCFW\StandAloneSlv.exe [144680 2009-09-11] (Mentor Graphics Corporation)
R2 Remote Solver for Flow Simulation 2011; C:\Program Files\SolidWorks Corp\SolidWorks Flow Simulation (2)\binCFW\StandAloneSlv.exe [89864 2011-07-11] (Mentor Graphics Corporation)
S3 Remote Solver for Flow Simulation 2012; C:\Program Files\SolidWorks Corp\SolidWorks Flow Simulation (3)\binCFW\StandAloneSlv.exe [95368 2012-02-07] (Mentor Graphics Corporation) [File not signed]
S3 RoxMediaDB12OEM; C:\Program Files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [1116656 2010-09-04] (Sonic Solutions)
S2 RoxWatch12; C:\Program Files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [219632 2010-09-04] (Sonic Solutions)
S3 SecureStorageService; C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe [1032192 2010-02-03] (Wave Systems Corp.) [File not signed]
S3 SolidWorks Licensing Service; C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe [79360 2011-01-20] (SolidWorks) [File not signed]
S2 STacSV; C:\Program Files\IDT\WDM\STacSV.exe [245842 2010-05-26] (IDT, Inc.)
R2 SWGVCSvc; C:\Program Files\Dell SonicWALL\Global VPN Client\SWGVCSvc.exe [256800 2014-03-06] (Dell SonicWALL, Inc.)
S2 tcsd_win32.exe; C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe [1273856 2008-11-12] () [File not signed]
R2 TdmService; C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe [1164648 2010-03-29] (Wave Systems Corp.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
S2 wltrysvc; C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe [4539392 2010-02-02] (Dell Inc.) [File not signed]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 Acceler; C:\Windows\System32\DRIVERS\Accelern.sys [42672 2010-01-18] (ST Microelectronics)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [32792 2016-03-27] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [91168 2016-03-27] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [91232 2016-03-27] (AVAST Software)
S0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [58776 2016-03-27] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [816304 2016-03-27] (AVAST Software)
S1 aswSP; C:\Windows\system32\drivers\aswSP.sys [447848 2016-03-27] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [127432 2016-03-27] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [221240 2016-03-27] (AVAST Software)
R3 BCM42RLY; C:\Windows\System32\drivers\BCM42RLY.sys [18424 2010-02-02] (Broadcom Corporation)
R3 cvusbdrv; C:\Windows\System32\Drivers\cvusbdrv.sys [33832 2009-10-30] (Broadcom Corporation)
R1 DNE; C:\Windows\System32\DRIVERS\dnelwf.sys [108368 2013-10-03] (Citrix Systems, Inc.)
R1 DVMIO; D:\Program Files\Dell\Reader 2.1\dvmio.sys [18320 2010-05-04] (DeviceVM, Inc.)
R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [389456 2015-07-27] (Symantec Corporation)
S3 FTDIBUS; C:\Windows\System32\drivers\ftdibus.sys [77808 2014-01-31] (FTDI Ltd.)
S2 MCUSBPM3; C:\Windows\System32\Drivers\PM3w2k.sys [12447 2004-03-22] (Microchip Technology, Inc.) [File not signed]
S3 NAL; C:\Windows\system32\Drivers\iqvw32.sys [30880 2010-02-03] (Intel Corporation )
S3 Netaapl; C:\Windows\System32\DRIVERS\netaapl.sys [18432 2011-08-02] (Apple Inc.) [File not signed]
R0 PBADRV; C:\Windows\System32\DRIVERS\PBADRV.sys [26608 2008-06-04] (Dell Inc)
R2 risdpcie; C:\Windows\System32\DRIVERS\risdpe86.sys [59904 2010-03-21] (REDC)
S3 rixdpcie; C:\Windows\system32\DRIVERS\rixdpe86.sys [38912 2010-03-21] (REDC)
S3 silabenm; C:\Windows\System32\DRIVERS\silabenm.sys [17920 2009-10-08] (Silicon Laboratories, Inc.)
S3 silabser; C:\Windows\System32\DRIVERS\silabser.sys [63872 2009-10-08] (Silicon Laboratories)
R0 stdflt; C:\Windows\System32\DRIVERS\stdfltn.sys [17072 2010-01-18] (ST Microelectronics)
R2 SWIPsec; C:\Windows\system32\Drivers\SWIPsec.sys [95120 2014-03-06] (Dell SonicWALL, Inc.)
S3 SWVNIC; C:\Windows\System32\DRIVERS\swvnic.sys [21016 2013-08-26] (SonicWALL, Inc.)
R3 wanatw; C:\Windows\System32\DRIVERS\wanatw4.sys [33588 2006-11-29] (America Online, Inc.)
R2 WavxDMgr; C:\Windows\System32\DRIVERS\WavxDMgr.sys [229888 2010-01-19] (Wave Systems Corp.) [File not signed]
U5 BTHPORT; C:\Windows\System32\Drivers\BTHPORT.sys [393728 2012-07-06] () [File not signed]
S3 EraserUtilDrv11410; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11410.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-03-27 17:57 - 2016-03-27 17:57 - 00001120 _____ C:\Users\Public\Desktop\Avast SafeZone Browser.lnk
2016-03-27 17:57 - 2016-03-27 17:57 - 00001120 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
2016-03-27 17:56 - 2016-03-27 17:56 - 00035096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2016-03-27 17:54 - 2016-03-27 17:56 - 00021426 _____ C:\Users\TEST1\Downloads\FRST.txt
2016-03-27 17:53 - 2016-03-27 17:54 - 00000000 ____D C:\FRST
2016-03-27 17:52 - 2016-03-27 17:53 - 01725440 _____ (Farbar) C:\Users\TEST1\Downloads\FRST.exe
2016-03-27 17:52 - 2016-03-27 17:52 - 00000000 ____D C:\Users\TEST1\AppData\Roaming\AVAST Software
2016-03-27 17:51 - 2016-03-27 17:51 - 00002077 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2016-03-27 17:51 - 2016-03-27 17:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2016-03-27 17:51 - 2016-03-27 17:51 - 00000000 ____D C:\Program Files\Common Files\AV
2016-03-27 17:50 - 2016-03-27 17:51 - 00816304 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2016-03-27 17:50 - 2016-03-27 17:51 - 00447848 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2016-03-27 17:50 - 2016-03-27 17:51 - 00221240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswvmm.sys.1459115483025
2016-03-27 17:50 - 2016-03-27 17:51 - 00221240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswvmm.sys
2016-03-27 17:50 - 2016-03-27 17:51 - 00091168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswmonflt.sys
2016-03-27 17:50 - 2016-03-27 17:50 - 00812720 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys.1459115489922
2016-03-27 17:50 - 2016-03-27 17:50 - 00447848 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys.1459115485568
2016-03-27 17:50 - 2016-03-27 17:50 - 00334280 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2016-03-27 17:50 - 2016-03-27 17:50 - 00221240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswvmm.sys.1459115482105
2016-03-27 17:50 - 2016-03-27 17:50 - 00127432 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2016-03-27 17:50 - 2016-03-27 17:50 - 00091232 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2016-03-27 17:50 - 2016-03-27 17:50 - 00091168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswmonflt.sys.1459115489922
2016-03-27 17:50 - 2016-03-27 17:50 - 00058776 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2016-03-27 17:50 - 2016-03-27 17:50 - 00052184 _____ (AVAST Software) C:\Windows\avastSS.scr
2016-03-27 17:50 - 2016-03-27 17:50 - 00032792 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2016-03-27 17:49 - 2016-03-27 17:49 - 00000000 ____D C:\Program Files\AVAST Software
2016-03-27 17:48 - 2016-03-27 17:56 - 00000000 ____D C:\ProgramData\AVAST Software
2016-03-27 17:48 - 2016-03-27 17:48 - 00447848 _____ (AVAST Software) C:\Windows\system32\Drivers\orohurvv.sys
2016-03-27 17:29 - 2016-03-27 17:31 - 201900432 _____ (AVAST Software) C:\Users\TEST1\Downloads\avast_free_antivirus_setup.exe
2016-03-25 18:36 - 2016-03-25 18:36 - 00261120 _____ C:\Users\TEST1\Desktop\Top End Support.SLDDRW
2016-03-25 15:45 - 2016-03-25 15:46 - 00022137 ____N C:\Users\TEST1\Desktop\Front Wall 2x4 - Sheet1.pdf
2016-03-25 15:43 - 2016-03-25 15:43 - 00008681 _____ C:\Users\TEST1\Desktop\rear wall 2x4 - Sheet1.pdf
2016-03-25 15:39 - 2016-03-25 18:37 - 00269824 _____ C:\Users\TEST1\Desktop\rear wall 2x4.SLDDRW
2016-03-25 15:37 - 2016-03-25 18:37 - 00264704 _____ C:\Users\TEST1\Desktop\Front Wall 2x4.SLDDRW
2016-03-25 14:48 - 2016-03-25 14:48 - 00104082 _____ C:\Users\TEST1\Desktop\Kansas City Hotel.pdf
2016-03-20 15:36 - 2016-03-25 18:36 - 00104960 _____ C:\Users\TEST1\Desktop\Top End Support.SLDPRT
2016-03-20 14:54 - 2016-03-25 18:36 - 00128512 _____ C:\Users\TEST1\Desktop\Front Wall.SLDPRT
2016-03-20 14:44 - 2016-03-25 18:36 - 00119296 _____ C:\Users\TEST1\Desktop\Side Cover.SLDPRT
2016-03-20 09:03 - 2016-03-20 09:16 - 00079360 _____ C:\Users\TEST1\Desktop\2x4x55.SLDPRT
2016-03-20 08:51 - 2016-03-25 18:36 - 00109056 _____ C:\Users\TEST1\Desktop\2x4x14.SLDPRT
2016-03-20 08:35 - 2016-03-25 18:36 - 00098816 _____ C:\Users\TEST1\Desktop\Floor.SLDPRT
2016-03-20 08:32 - 2016-03-25 18:36 - 00272384 _____ C:\Users\TEST1\Desktop\Chicken Coop Base.SLDASM
2016-03-20 08:28 - 2016-03-25 18:36 - 00087040 _____ C:\Users\TEST1\Desktop\4x4x24.SLDPRT
2016-03-20 08:13 - 2016-03-25 18:36 - 00102400 _____ C:\Users\TEST1\Desktop\2x4x4.SLDPRT
2016-03-20 08:13 - 2016-03-25 18:36 - 00085504 _____ C:\Users\TEST1\Desktop\2x4x5.SLDPRT
2016-03-20 08:13 - 2016-03-25 18:36 - 00083968 _____ C:\Users\TEST1\Desktop\2x4x6.SLDPRT
2016-03-20 08:12 - 2016-03-20 08:12 - 00000000 ____D C:\Users\TEST1\Desktop\Chicken Coop
2016-03-19 19:18 - 2016-03-25 15:10 - 00370688 _____ C:\Users\TEST1\Desktop\Chicken Coop.SLDPRT
2016-03-17 23:01 - 2016-03-17 23:01 - 00695182 _____ C:\Users\TEST1\Downloads\The Quick Start Guide to Fishing Cape Cod PDF.pdf
2016-03-15 23:57 - 2016-03-15 23:57 - 00077985 _____ C:\Users\TEST1\Desktop\Penn Power Handle Order.pdf
2016-03-15 12:10 - 2016-03-15 12:10 - 00070029 _____ C:\Users\TEST1\Desktop\2016 GEMS - Natick, MA - Confirmation _ Online Registration by Cvent.pdf
2016-03-08 08:47 - 2016-03-08 08:47 - 00380910 _____ C:\Users\TEST1\Desktop\Performance graph 2.pdf
2016-03-08 08:39 - 2016-03-08 08:39 - 00024841 _____ C:\Users\TEST1\Desktop\Performance Chart 1.pdf
2016-03-08 08:31 - 2016-03-08 08:31 - 01771563 _____ C:\Users\TEST1\Downloads\4723-20Jan2015.pdf
2016-03-05 08:23 - 2016-03-05 08:23 - 00390543 _____ C:\Users\TEST1\Desktop\Oil loss.pdf
2016-03-05 07:59 - 2016-03-05 07:59 - 00029045 _____ C:\Users\TEST1\Downloads\6284-01Mar2016 (2).pdf
2016-03-05 07:59 - 2016-03-05 07:58 - 00029045 _____ C:\Users\TEST1\Desktop\6284-01Mar2016 (1).pdf
2016-03-05 07:58 - 2016-03-05 07:58 - 00029045 _____ C:\Users\TEST1\Downloads\6284-01Mar2016 (1).pdf
2016-03-05 07:51 - 2016-03-05 07:51 - 00029045 _____ C:\Users\TEST1\Downloads\6284-01Mar2016.pdf
2016-03-01 07:17 - 2016-03-01 07:17 - 00071898 _____ C:\Users\TEST1\Downloads\ATT00002 (1).htm
2016-02-29 23:53 - 2016-02-29 23:53 - 00074777 _____ C:\Users\TEST1\Desktop\5100801 (Rev. 1) Twin Rotor Core.STEP
2016-02-29 23:46 - 2016-02-24 17:29 - 01779200 _____ C:\Users\TEST1\Desktop\5100803 (Rev. 2) 48v Twin Stator Assy.SLDASM
2016-02-29 23:46 - 2016-02-24 17:28 - 11808768 _____ C:\Users\TEST1\Desktop\5100803 (Rev. 2) 48v Twin Stator Assy.SLDDRW
2016-02-29 23:38 - 2015-12-16 15:41 - 00964608 _____ C:\Users\TEST1\Desktop\5100801 (Rev. 1) Twin Rotor Core.SLDDRW
2016-02-29 23:38 - 2015-12-16 15:31 - 00571904 _____ C:\Users\TEST1\Desktop\5100801 (Rev. 1) Twin Rotor Core.SLDPRT
2016-02-29 23:29 - 2016-02-29 23:29 - 00390136 _____ C:\Users\TEST1\Desktop\Rental Car Reservation.pdf
2016-02-29 22:57 - 2016-02-29 22:57 - 24246378 _____ C:\Users\TEST1\Desktop\AHRI_Project-8007_Final_Report.pdf
2016-02-29 22:53 - 2016-02-29 22:53 - 00962046 _____ C:\Users\TEST1\Downloads\Refrigerants-and-their-Responsible-Use-Position-Document-2014-pdf.pdf
2016-02-29 22:41 - 2016-02-29 22:41 - 03345502 _____ C:\Users\TEST1\Downloads\LFRT-007_Celstran_AutoPPT_AM_1013.pdf
2016-02-28 10:34 - 2013-10-16 16:38 - 00272384 _____ C:\Users\TEST1\Desktop\3100803 (Rev. A) Bottom Balance Weight, 1.9cc Low Noise.SLDPRT
2016-02-28 10:34 - 2012-12-21 12:42 - 00201216 _____ C:\Users\TEST1\Desktop\3100804 (Rev. B) Top Balance Weight, 1.9cc Low Noise.SLDPRT
2016-02-28 10:34 - 2012-11-29 18:47 - 00529408 _____ C:\Users\TEST1\Desktop\Balance Weight Screw_91771A078.SLDPRT
2016-02-28 10:33 - 2016-02-28 10:34 - 00410112 _____ C:\Users\TEST1\Desktop\1. 9 Ningbo Rotor Balance Assy With Rev. B Balance Weights 12_21_12.SLDASM
2016-02-28 10:28 - 2016-02-28 10:34 - 00641024 _____ C:\Users\TEST1\Desktop\DynamicBalanceAssyWithoutMuffler030210.SLDASM
2016-02-28 10:28 - 2016-02-28 10:34 - 00441856 _____ C:\Users\TEST1\Desktop\1.9ccShaftFinishMachine.SLDPRT
2016-02-28 10:28 - 2016-02-28 10:29 - 01931264 _____ C:\Users\TEST1\Desktop\1.9ccAssyWith NingboMotor.SLDASM
2016-02-28 10:28 - 2013-10-21 12:03 - 00425472 _____ C:\Users\TEST1\Desktop\XA00013 (Rev4Metric)1.4ccTopFlangeFinishMachineHighVolume.SLDPRT
2016-02-28 10:28 - 2013-10-21 12:03 - 00353792 _____ C:\Users\TEST1\Desktop\XX000125(RevC)TopCap.SLDPRT
2016-02-28 10:28 - 2013-10-21 12:03 - 00105984 _____ C:\Users\TEST1\Desktop\cylinderscrew.SLDPRT
2016-02-28 10:28 - 2013-10-21 12:02 - 00376832 _____ C:\Users\TEST1\Desktop\newstator.SLDPRT
2016-02-28 10:28 - 2013-10-21 12:02 - 00143872 _____ C:\Users\TEST1\Desktop\EM00008 - ROTOR.SLDPRT
2016-02-28 10:28 - 2013-04-18 11:02 - 00369664 _____ C:\Users\TEST1\Desktop\XX00074 (Rev E)CompressorCase.SLDPRT
2016-02-28 10:28 - 2013-01-15 14:09 - 00269824 _____ C:\Users\TEST1\Desktop\XA00011 (Rev3Metric)1.4ccLowerFlangeFinishMachineHighVolume.SLDPRT
2016-02-28 10:28 - 2012-11-29 17:54 - 00205312 _____ C:\Users\TEST1\Desktop\Tall1.9DynamicBalanceWeightTop.SLDPRT
2016-02-28 10:28 - 2012-11-29 17:54 - 00203776 _____ C:\Users\TEST1\Desktop\balanceweight.SLDPRT
2016-02-28 10:28 - 2012-11-28 10:20 - 00489472 _____ C:\Users\TEST1\Desktop\1.9ccCylinderFinishMachine.SLDPRT
2016-02-28 10:28 - 2012-11-28 10:20 - 00193536 _____ C:\Users\TEST1\Desktop\1.9ccRollerFinishMachine.SLDPRT
2016-02-28 10:28 - 2010-02-25 17:37 - 00649216 _____ C:\Users\TEST1\Desktop\XX00096 (Rev A)Muffler.SLDPRT
2016-02-28 10:26 - 2016-02-28 10:26 - 00113664 _____ C:\Users\TEST1\Desktop\440 Fywheel Balance.SLDASM
2016-02-28 09:56 - 2016-02-28 09:56 - 00104448 _____ C:\Users\TEST1\Desktop\Balancing Slug.SLDPRT
2016-02-27 08:35 - 2016-03-27 13:47 - 00000000 ____D C:\Users\TEST1\AppData\Local\ElevatedDiagnostics

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-03-27 17:49 - 2009-07-13 22:37 - 00000000 ____D C:\Windows\inf
2016-03-27 17:45 - 2011-09-12 09:19 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-03-27 15:52 - 2009-07-14 00:34 - 00025424 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-03-27 15:52 - 2009-07-14 00:34 - 00025424 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-03-26 19:15 - 2015-03-10 12:16 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d05b4d8adc44a1.job
2016-03-25 18:38 - 2016-01-19 23:21 - 00000000 ____D C:\Users\TEST1\AppData\Local\TempSWBackupDirectory
2016-03-25 15:46 - 2016-02-14 14:19 - 00000123 _____ C:\Windows\wpd99.drv
2016-03-25 15:46 - 2016-02-14 14:19 - 00000000 ____D C:\ProgramData\pdf995
2016-03-25 08:32 - 2011-01-13 14:27 - 00000144 _____ C:\Windows\system32\config\netlogon.ftl
2016-03-25 08:24 - 2016-01-19 23:19 - 00000000 ____D C:\Users\TEST1\AppData\Roaming\SolidWorks
2016-03-23 06:49 - 2016-01-26 13:04 - 00002028 ____H C:\Users\TEST1\Documents\Default.rdp
2016-03-20 08:50 - 2015-12-17 10:25 - 00000000 ____D C:\Users\dolsen\Desktop\Natural Gas Compressor
2016-03-14 18:28 - 2012-03-02 11:20 - 00002143 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-03-14 18:28 - 2012-03-02 11:20 - 00002131 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-03-08 19:59 - 2016-01-23 03:12 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-03-07 09:50 - 2015-09-28 12:40 - 430973952 _____ C:\Users\dolsen\Desktop\2006Receivedarchive.pst
2016-03-07 09:50 - 2011-01-19 12:44 - 1950368768 _____ C:\Users\dolsen\Desktop\OldEmail.pst
2016-03-07 09:50 - 2011-01-17 09:11 - 00000000 ____D C:\Users\dolsen\Documents\Outlook Files
2016-03-05 08:10 - 2016-01-19 15:10 - 00000000 ____D C:\Users\TEST1\AppData\Local\Adobe
2016-03-02 07:24 - 2011-01-17 08:47 - 00140472 _____ C:\Users\dolsen\AppData\Local\GDIPFONTCACHEV1.DAT
2016-02-29 23:51 - 2011-06-08 14:29 - 00000000 ____D C:\temp
2016-02-28 10:32 - 2011-01-19 08:37 - 00000000 ____D C:\ProgramData\FLEXnet
2016-02-27 08:41 - 2009-07-14 00:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-02-27 08:41 - 2009-07-14 00:33 - 00484688 _____ C:\Windows\system32\FNTCACHE.DAT
2016-02-27 08:39 - 2009-07-13 22:37 - 00000000 ____D C:\Windows\system32\NDF

==================== Files in the root of some directories =======

2015-03-10 09:19 - 2015-03-10 09:19 - 6103040 _____ () C:\Program Files\GUT195B.tmp

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-03-19 19:28

==================== End of FRST.txt ============================

 

[dolsen]

Additional scan result of Farbar Recovery Scan Tool (x86) Version:05-03-2016 01
Ran by TEST1 (2016-03-27 17:58:46)
Running from C:\Users\TEST1\Downloads
Windows 7 Professional Service Pack 1 (X86) (2011-01-13 18:24:50)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3056380410-417315007-640916887-500 - Administrator - Disabled)
dolsen (S-1-5-21-3056380410-417315007-640916887-1002 - Administrator - Enabled)
dolsen2 (S-1-5-21-3056380410-417315007-640916887-1000 - Administrator - Enabled) => C:\Users\dolsen2
dolsentest (S-1-5-21-3056380410-417315007-640916887-1001 - Administrator - Enabled)
Guest (S-1-5-21-3056380410-417315007-640916887-501 - Limited - Enabled)
TEST1 (S-1-5-21-3056380410-417315007-640916887-1003 - Administrator - Enabled) => C:\Users\TEST1

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

AccelerometerP11 (HKLM\...\{87434D51-51DB-4109-B68F-A829ECDCF380}) (Version: 2.00.00.12 - STMicroelectronics)
Adobe Acrobat 9 Standard (HKLM\...\{AC76BA86-1033-0000-BA7E-000000000004}{AC76BA86-1033-0000-BA7E-000000000004}) (Version: 9.0.0 - Adobe Systems)
Adobe Acrobat Reader DC (HKLM\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.010.20060 - Adobe Systems Incorporated)
Adobe Flash Player 20 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 20.0.0.286 - Adobe Systems Incorporated)
Adobe Flash Player 20 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 20.0.0.286 - Adobe Systems Incorporated)
Advanced Monitoring Agent GP (HKLM\...\Advanced Monitoring Agent GP) (Version: 1.0.0 - Remote Monitoring Services)
Advanced Monitoring Agent GP (Version: 1.0 - InstallAware Software Corporation) Hidden
Advanced Monitoring Agent GP (Version: 1.0.0 - Remote Monitoring Services) Hidden
Anti-phishing Domain Advisor (HKLM\...\Anti-phishing Domain Advisor) (Version: 1.0.0.0 - Visicom Media Inc. (Powered by Panda Security))
AOL Uninstaller (Choose which Products to Remove) (HKLM\...\AOL Uninstaller) (Version: - AOL Inc.)
Apple Application Support (32-bit) (HKLM\...\{7FA9ECCF-A2DE-4DA1-BFF3-81260DBDA68F}) (Version: 4.1.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{9A629DCB-415D-4A50-85B9-5C2E4F8F74A8}) (Version: 9.1.0.6 - Apple Inc.)
Apple Software Update (HKLM\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
Avast Free Antivirus (HKLM\...\Avast) (Version: 11.1.2253 - AVAST Software)
BioAPI Framework (Version: 1.0.1 - Dell Inc.) Hidden
Bonjour (HKLM\...\{D168AAD0-6686-47C1-B599-CDD4888B9D1A}) (Version: 3.1.0.1 - Apple Inc.)
CameraHelperMsi (Version: 13.51.815.0 - Logitech) Hidden
CanoScan LiDE 110 Scanner Driver (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_cnq2414) (Version: - )
Cisco EAP-FAST Module (HKLM\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
CyberLink PowerDVD 9.5 (HKLM\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.5.1.3225 - CyberLink Corp.)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Backup and Recovery Manager (HKLM\...\{4688EB75-28E2-4731-9BCB-55E624F7CD45}) (Version: 1.3 - Dell Inc.)
Dell Control Point (Version: 1.6.468.86 - Broadcom Corporation) Hidden
Dell ControlPoint Security Manager (HKLM\...\{F4487649-7368-4217-AEA3-1E04DB3E2C5C}) (Version: 1.6.468.86 - Dell Inc.)
Dell ControlVault Host Components Installer (Version: 1.7.459.360 - Broadcom Corporation) Hidden
Dell Edoc Viewer (HKLM\...\{3138EAD3-700B-4A10-B617-B3F8096EE30D}) (Version: 1.0.0 - Dell Inc)
Dell Embassy Trust Suite by Wave Systems (Version: 03.05.04.002 - Wave Systems Corp) Hidden
Dell Security Device Driver Pack (HKLM\...\{FF1DDCF4-3A28-4F7F-96D8-E3F4BD1C1702}) (Version: 1.4.055 - Dell Inc.)
Dell System Manager (HKLM\...\{C8B8C745-D288-41B4-9512-01E397F77449}) (Version: 1.5.00000 - Dell Inc.)
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.1007.101.205 - ALPS ELECTRIC CO., LTD.)
Dell Webcam Central (HKLM\...\Dell Webcam Central) (Version: 1.40.28 - Creative Technology Ltd)
DirectX 9 Runtime (Version: 1.00.0000 - Sonic Solutions) Hidden
Document Manager Lite (Version: 06.09.00.159 - Wave Systems Corp.) Hidden
DW WLAN Card Utility (HKLM\...\DW WLAN Card Utility) (Version: 5.60.48.35 - Dell Inc.)
EMBASSY Security Center (Version: 04.00.00.101 - Wave Systems Corp) Hidden
EMBASSY Security Setup (Version: 04.00.00.090 - Wave Systems Corp) Hidden
erLT (Version: 1.20.138.34 - Logitech, Inc.) Hidden
ESC Home Page Plugin (Version: 04.00.00.018 - Wave Systems Corp) Hidden
Gemalto (Version: 01.01.00.0000 - Wave Systems Corp) Hidden
Global VPN Client (HKLM\...\{8CFC9AF3-8B53-45F4-99EF-953F68432F80}) (Version: 4.9.4 - Dell SonicWALL)
Google Chrome (HKLM\...\Google Chrome) (Version: 49.0.2623.87 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.7210.1528 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.29.5 - Google Inc.) Hidden
GoToAssist Customer 2.6.0.948 (HKLM\...\GoToAssist Express Customer) (Version: 2.6.0.948 - Citrix Online)
H&R Block Deluxe + Efile + State 2015 (HKLM\...\{E7BFC29A-9459-4534-9E35-BF1D66A18BAA}) (Version: 15.05.6901 - HRB Technology, LLC.)
HyperTerminal Private Edition v7.0 (HKLM\...\HTPE3) (Version: - )
Intel(R) Graphics Media Accelerator Driver (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2182 - Intel Corporation)
Intel(R) Network Connections 15.2.89.0 (HKLM\...\PROSetDX) (Version: 15.2.89.0 - Dell)
Intel(R) Rapid Storage Technology (HKLM\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.0.1014 - Intel Corporation)
iTunes (HKLM\...\{2C741651-87E0-4479-9703-6DD0D7988B84}) (Version: 12.3.2.35 - Apple Inc.)
Java 8 Update 45 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Logitech Webcam Software (HKLM\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.51 - Logitech Inc.)
Mesh Runtime (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
MFCLOC (Version: 1.00.0000 - Dell Inc.) Hidden
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 2003 Web Components (HKLM\...\{90120000-00A4-0409-0000-0000000FF1CE}) (Version: 12.0.6213.1000 - Microsoft Corporation)
Microsoft Office Home and Business 2010 (HKLM\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Project 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-003A-0000-0000-0000000FF1CE}_PRJSTDR_{8446EB22-A746-46DC-B1BD-E0DFA1F3CDDA}) (Version: - Microsoft)
Microsoft Office Project Standard 2007 (HKLM\...\PRJSTDR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2005 Tools for Applications - ENU (HKLM\...\Microsoft Visual Studio 2005 Tools for Applications - ENU) (Version: - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 38.0.5 (x86 en-US) (HKLM\...\Mozilla Firefox 38.0.5 (x86 en-US)) (Version: 38.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 38.0.5 - Mozilla)
MPLAB Tools v8.76 (HKLM\...\InstallShield_{110ACDD7-71B0-4A09-B45C-4A4C5CFA3103}) (Version: 8.76 - Microchip Technology Inc.)
MPLAB Tools v8.76 (Version: 8.76 - Microchip Technology Inc.) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Notepad++ (HKLM\...\Notepad++) (Version: 5.9 - )
NTRU TCG Software Stack (Version: 2.1.29 - NTRU Cryptosystems) Hidden
Open Book HVAC Certifications 4.2.00 (HKLM\...\9588-9510-0199-4620) (Version: 4.2.00 - Mainstream Engineering Corporation)
Pdf995 (HKLM\...\Pdf995) (Version: 15.0s - )
PdfEdit995 (HKLM\...\PdfEdit995) (Version: - )
PhotoShowExpress (Version: 2.0.028 - Sonic Solutions) Hidden
PhotoView 360 (Version: 18.00.5035 - SolidWorks Corporation) Hidden
PL-2303 USB-to-Serial (HKLM\...\{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}) (Version: 1.6.1 - Prolific Technology INC)
Preboot Manager (Version: 03.00.00.154 - Wave Systems Corp.) Hidden
Private Information Manager (Version: 06.04.00.065 - Wave Systems Corp.) Hidden
QuickTime (HKLM\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
Reader 2.1 (HKLM\...\Reader2.1) (Version: 2.1.2.1143 - Dell Inc.)
Reader 2.1 (Version: 2.1.2.1143 - Dell Inc.) Hidden
Roxio Creator Starter (HKLM\...\{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}) (Version: 12.1.40.0 - Roxio)
SafeZone Stable 1.48.2066.44 (Version: 1.48.2066.44 - Avast Software) Hidden
Search Toolbar (HKLM\...\Search Toolbar) (Version: 1.2 - Zugo Ltd) <==== ATTENTION
Search.com Bar (HKLM\...\searchcom_004) (Version: 1.0.0.0 - Visicom Media Inc.)
Secop CapSel (HKLM\...\{C574855D-F512-4830-9F4C-9D6E4C324B38}) (Version: 1.0.0 - Secop)
Security Wizards (Version: 01.07.00.026 - Your Company Name) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Silicon Laboratories CP210x USB to UART Bridge (Driver Removal) (HKLM\...\SLABCOMM&10C4&EA60) (Version: - )
Silicon Laboratories CP210x VCP Drivers for Windows 7 (HKLM\...\{7300A70A-BB87-41CD-BAD6-C8DA5508EBE2}) (Version: 5.40.24 - Silicon Laboratories, Inc.)
Skype™ 7.0 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
SolidWorks 2010 SP0 (HKLM\...\SolidWorks Installation Manager 20100-40000-1100-200) (Version: 18.0.0.5035 - SolidWorks Corporation)
SolidWorks 2010 SP0 (Version: 18.100.5035 - SolidWorks) Hidden
SolidWorks 2011 SP05 (HKLM\...\SolidWorks Installation Manager 20110-40500-1100-200) (Version: 19.5.0.91 - SolidWorks Corporation)
SolidWorks 2011 SP05 (Version: 19.150.91 - SolidWorks) Hidden
SolidWorks 2012 SP03 (HKLM\...\SolidWorks Installation Manager 20120-40300-1100-200) (Version: 20.3.0.66 - SolidWorks Corporation)
SolidWorks 2012 SP03 (Version: 20.130.66 - SolidWorks) Hidden
SolidWorks eDrawings 2010 (Version: 10.0.727 - Dassault Systèmes SolidWorks Corp.) Hidden
SolidWorks eDrawings 2011 SP05 (Version: 11.5.111 - Dassault Systèmes SolidWorks Corp.) Hidden
SolidWorks eDrawings 2012 SP03 (Version: 12.3.113 - Dassault Systèmes SolidWorks Corp.) Hidden
SolidWorks Explorer 2010 SP0 (Version: 18.00.5035 - SolidWorks Corporation) Hidden
SolidWorks Explorer 2011 SP05 (Version: 19.50.91 - SolidWorks Corporation) Hidden
SolidWorks Explorer 2012 SP03 (Version: 20.30.66 - SolidWorks Corporation) Hidden
SolidWorks Flow Simulation 2010 SP0 (Version: 18.00.5036 - SolidWorks Corporation) Hidden
SolidWorks Flow Simulation 2011 SP05 (Version: 19.50.92 - SolidWorks Corporation) Hidden
SolidWorks Flow Simulation 2012 SP03 (Version: 20.30.67 - SolidWorks Corporation) Hidden
Sonic CinePlayer Decoder Pack (Version: 4.3.0 - Sonic Solutions) Hidden
Trusted Drive Manager (Version: 3.3.3.104 - Wave Systems Corp.) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-003A-0000-0000-0000000FF1CE}_PRJSTDR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
UPEK TouchChip Fingerprint Reader (Version: 1.2.0 - Dell Inc.) Hidden
Viewpoint Media Player (HKLM\...\ViewpointMediaPlayer) (Version: - )
Watts Up USB (HKLM\...\Watts Up USB) (Version: - )
Wave Infrastructure Installer (Version: 07.01.31.0000 - Wave Systems Corp) Hidden
Wave Support Software (Version: 05.10.00.073 - Wave Systems Corp) Hidden
Windows Driver Package - Dell Inc. PBADRV System (09/11/2009 1.0.1.6) (HKLM\...\9512AA21B791B05A54E27065C45BBC417AB282DF) (Version: 09/11/2009 1.0.1.6 - Dell Inc.)
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
WinRAR 4.00 beta 6 (32-bit) (HKLM\...\WinRAR archiver) (Version: 4.00.6 - win.rar GmbH)
Word Password Recovery Master 3.5 (HKLM\...\Word Password Recovery Master_is1) (Version: - )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {1BD1B48C-7652-4A80-96BB-0ED1C11F6154} - System32\Tasks\SafeZone scheduled Autoupdate 1459115837 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2016-02-01] (Avast Software)
Task: {227922BA-6C6E-49EC-8356-331B20FA8890} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-17] (Adobe Systems Incorporated)
Task: {3E87623D-E830-41D3-BDEA-4C7696EF79C0} - System32\Tasks\{2DC2BBC6-0F44-4CD3-870C-B78DFAA811BE} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.9.0.123/en/abandoninstall?page=tsProgressBar
Task: {85C32CCD-C4BD-4D06-A169-9A264B80AFA7} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2016-03-27] (AVAST Software)
Task: {8FD4FA99-A27D-42CF-BC94-758D2E2F8035} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {A5BA0DBD-D16F-42D2-8A14-832C2DBB37B4} - System32\Tasks\{359D53C5-8B46-43DA-BB0E-72FFDB3F6E15} => pcalua.exe -a C:\dell\Drivers\2FYHT\Vi32\Uninstap.exe -d C:\dell\Drivers\2FYHT\Vi32
Task: {AB3CA946-71A3-4DB6-9A29-D6E5A62B8C3A} - System32\Tasks\{F5698122-9EE2-4BEC-B9D7-B0371335491D} => pcalua.exe -a C:\Users\dolsen\AppData\Local\Temp\Temp1_brushless_inside_demo[1].zip\brushless_inside_demo\Setup.exe
Task: {AE62E26C-22B4-4AAD-BD7C-FE15D9E5275D} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-03-27] (AVAST Software)
Task: {DF520A73-96C7-485E-A875-A089402826A9} - System32\Tasks\{1FFD065E-A21D-4777-84FB-5D609D3A0F60} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.9.0.123/en/abandoninstall?page=tsProgressBar
Task: {E1EFFDF3-1A25-4EC2-BD95-17D4EAB7A102} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2015-08-27] (Apple Inc.)
Task: {FD16815E-D938-48B2-B46D-60511501023B} - System32\Tasks\GoogleUpdateTaskMachineCore1d05b4d8adc44a1 => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {FFCD07D5-55C5-4810-A9CF-08DFD980D692} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d05b4d8adc44a1.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2016-02-14 14:19 - 2016-02-14 14:20 - 00036864 _____ () C:\Windows\System32\pdf995mon.dll
2015-12-17 19:39 - 2015-12-17 19:39 - 00073512 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-12-17 19:39 - 2015-12-17 19:39 - 01040144 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2011-01-04 11:31 - 2010-01-10 14:01 - 00060928 _____ () C:\Program Files\STMicroelectronics\AccelerometerP11\InstallFilterService.exe
2015-03-16 14:16 - 2015-03-16 14:16 - 00172032 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\a8cc5328055703eb83b53ab064e48b73\IsdiInterop.ni.dll
2011-01-04 11:28 - 2010-03-03 22:08 - 00058880 _____ () C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2014-03-06 14:53 - 2014-03-06 14:53 - 00162304 _____ () C:\Program Files\Dell SonicWALL\Global VPN Client\ZLib.dll
2015-12-15 12:14 - 2015-12-15 12:14 - 00048640 _____ () C:\Program Files\AOL Desktop 9.8.2\zlib.dll
2015-12-15 12:14 - 2015-12-15 12:14 - 21151232 _____ () C:\Program Files\AOL Desktop 9.8.2\libcef.dll
2015-12-15 12:14 - 2015-12-15 12:14 - 00648704 _____ () C:\Program Files\AOL Desktop 9.8.2\libglesv2.dll
2015-12-15 12:14 - 2015-12-15 12:14 - 00122880 _____ () C:\Program Files\AOL Desktop 9.8.2\libegl.dll
2016-03-14 18:28 - 2016-03-07 22:48 - 01676440 _____ () C:\Program Files\Google\Chrome\Application\49.0.2623.87\libglesv2.dll
2016-03-14 18:28 - 2016-03-07 22:48 - 00086168 _____ () C:\Program Files\Google\Chrome\Application\49.0.2623.87\libegl.dll
2016-03-24 07:13 - 2016-03-21 16:17 - 17541312 _____ () C:\Users\TEST1\AppData\Local\Google\Chrome\User Data\PepperFlash\21.0.0.197\pepflashplayer.dll
2016-03-27 17:50 - 2016-03-27 17:50 - 00113496 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2016-03-27 17:50 - 2016-03-27 17:50 - 00133768 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2016-03-27 17:50 - 2016-03-27 17:50 - 02819072 _____ () C:\Program Files\AVAST Software\Avast\defs\16020200\algo.dll
2016-03-27 17:50 - 2016-03-27 17:50 - 00480760 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2016-03-27 17:50 - 2016-03-27 17:50 - 00307808 _____ () C:\Program Files\AVAST Software\Avast\browser_pass.dll
2016-03-27 17:50 - 2016-03-27 17:50 - 40539648 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antvirus => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ccEvtMgr => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ccSetMgr => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\GoToAssist Remote Support Customer => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Symantec Antivirus => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Symantec Antvirus => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:04 - 2009-06-10 17:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3056380410-417315007-640916887-1003\Control Panel\Desktop\\Wallpaper -> C:\Users\TEST1\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 1) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Dell System Manager.lnk => C:\Windows\pss\Dell System Manager.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^SolidWorks Background Downloader.lnk => C:\Windows\pss\SolidWorks Background Downloader.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^TdmNotify.lnk => C:\Windows\pss\TdmNotify.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^TEST1^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Logitech . Product Registration.lnk => C:\Windows\pss\Logitech . Product Registration.lnk.Startup
MSCONFIG\startupreg: Acrobat Assistant 8.0 => "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
MSCONFIG\startupreg: Adobe Acrobat Speed Launcher => "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Anti-phishing Domain Advisor => "C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe"
MSCONFIG\startupreg: AOL Fast Start => "C:\Program Files\AOL Desktop 9.8.2\AOL.EXE" -b
MSCONFIG\startupreg: Apoint => C:\Program Files\DellTPad\Apoint.exe
MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: Broadcom Wireless Manager UI => C:\Program Files\Dell\DW WLAN Card\WLTRAY.exe
MSCONFIG\startupreg: DBRMTray => C:\Dell\DBRM\Reminder\DbrmTrayIcon.exe
MSCONFIG\startupreg: Dell Webcam Central => "C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
MSCONFIG\startupreg: DellBtrEvent => D:\Program Files\Dell\Reader 2.1\DellBtrEvent.exe
MSCONFIG\startupreg: Desktop Disc Tool => "C:\Program Files\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
MSCONFIG\startupreg: HostManager => C:\Program Files\Common Files\AOL\1453259556\ee\AOLSoftware.exe
MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
MSCONFIG\startupreg: IAStorIcon => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
MSCONFIG\startupreg: ISUSPM => "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: PDVD9LanguageShortcut => "C:\Program Files\CyberLink\PowerDVD9\Language\Language.exe"
MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: RemoteControl9 => "C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe"
MSCONFIG\startupreg: RoxWatchTray => "C:\Program Files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
MSCONFIG\startupreg: Sidebar => C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
MSCONFIG\startupreg: Skype => "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: Spotify => "C:\Users\dolsen\AppData\Roaming\Spotify\Spotify.exe" -autostart -minimized
MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\dolsen\AppData\Roaming\Spotify\SpotifyWebHelper.exe"
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: swg => "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
MSCONFIG\startupreg: SysTrayApp => C:\Program Files\IDT\WDM\sttray.exe
MSCONFIG\startupreg: USCService => C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe
MSCONFIG\startupreg: WavXMgr => C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{8F8FB5AF-D16B-4A1C-88A0-7B0B1612C311}] => (Allow) C:\Program Files\CyberLink\PowerDVD9\PowerDVD Cinema\PowerDVDCinema.exe
FirewallRules: [{B42ACCA1-9F03-41F9-B1AE-42F768B74E43}] => (Allow) C:\Program Files\CyberLink\PowerDVD9\PowerDVD9.EXE
FirewallRules: [{D54B97C3-9352-4BB6-B25E-321F9EBF02D1}] => (Allow) C:\Program Files\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{4BCAB031-E009-46A0-B256-17D60C68881A}] => (Allow) LPort=2869
FirewallRules: [{CA27A5E5-589D-4CAB-B370-5EFC9DEBEFB7}] => (Allow) LPort=1900
FirewallRules: [{DF64CCC3-0D4F-42EE-B364-878FF45401A2}] => (Allow) C:\Program Files\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{3A5C894E-FB9F-4241-84AA-E25412810B89}] => (Allow) C:\Program Files\Windows Live\Mesh\MOE.exe
FirewallRules: [{4E1CCCC5-D20E-4C24-99DD-7AE140BBA827}] => (Allow) C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
FirewallRules: [{F20FC7ED-66BC-4BD1-A5D4-802EB551990A}] => (Allow) C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
FirewallRules: [{4FC9D28D-82E0-48A6-B926-F65535BD6ABE}] => (Allow) C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE
FirewallRules: [{E87ACB9E-A2D6-4A08-8E64-1D3F31648B84}] => (Allow) C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE
FirewallRules: [{71AA21F3-5730-4AD1-BD75-70F0E7C9D0FB}] => (Allow) C:\Program Files\Common Files\Symantec Shared\ccApp.exe
FirewallRules: [{357FEBBE-D046-496A-9D06-47218FF4A544}] => (Allow) C:\Program Files\Common Files\Symantec Shared\ccApp.exe
FirewallRules: [{6F43C2D8-705A-43BB-94E1-B71E8B361FF4}] => (Allow) C:\Program Files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe
FirewallRules: [{76A282D8-584C-46D4-8B8F-E40B8D541AA4}] => (Allow) C:\Program Files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe
FirewallRules: [{7CEE139A-B76D-49C0-AAA2-7FE20C9D3583}] => (Allow) C:\Program Files\SolidWorks Corp\SolidWorks (2)\swScheduler\DTSCoordinatorService.exe
FirewallRules: [{75500836-7495-4E10-9801-6B5EE6B3B84F}] => (Allow) C:\Program Files\SolidWorks Corp\SolidWorks (2)\swScheduler\DTSCoordinatorService.exe
FirewallRules: [{25723BF3-2DCC-4492-AF7C-7CBD4B736B84}] => (Allow) C:\Program Files\SolidWorks Corp\SolidWorks (2)\photoview\photoview360.exe
FirewallRules: [{65FA7E88-147D-4BCA-970D-4E92067FA964}] => (Allow) C:\Program Files\SolidWorks Corp\SolidWorks (2)\photoview\photoview360.exe
FirewallRules: [{88AF4E58-D8EB-4572-A920-986321956373}] => (Allow) C:\Program Files\SolidWorks Corp\SolidWorks (2)\photoview\photoview360_cl.exe
FirewallRules: [{1272222C-033E-4706-B67F-2CBA0D23E6EC}] => (Allow) C:\Program Files\SolidWorks Corp\SolidWorks (2)\photoview\photoview360_cl.exe
FirewallRules: [{363985C7-44EF-484A-86CD-15B5D91E8348}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{F7918F78-E6DD-44B5-BC4A-EC7C88B98599}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{477CD70C-1182-4D65-A2A7-0AECDC1F3843}] => (Allow) C:\Program Files\SolidWorks Corp\SolidWorks (3)\swScheduler\DTSCoordinatorService.exe
FirewallRules: [{2E755353-2DFF-42B2-96EB-E8E734EB8D06}] => (Allow) C:\Program Files\SolidWorks Corp\SolidWorks (3)\swScheduler\DTSCoordinatorService.exe
FirewallRules: [{6210EEDB-75C9-4CD4-81A3-F0A9D3FED942}] => (Allow) C:\Program Files\SolidWorks Corp\SolidWorks (3)\photoview\photoview360.exe
FirewallRules: [{EE709568-0F50-409E-9156-CF56F97CCA36}] => (Allow) C:\Program Files\SolidWorks Corp\SolidWorks (3)\photoview\photoview360.exe
FirewallRules: [{B9920DC0-0D7C-4C4C-8CBF-3158EA8B48B0}] => (Allow) C:\Program Files\SolidWorks Corp\SolidWorks (3)\photoview\photoview360_cl.exe
FirewallRules: [{63291124-9FDE-443B-A6E2-598562AE877E}] => (Allow) C:\Program Files\SolidWorks Corp\SolidWorks (3)\photoview\photoview360_cl.exe
FirewallRules: [{634926FB-1E0C-4BF2-944D-31C1051496C8}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{21B60BE3-19BA-45BF-A1BB-16AC8CBCC9CA}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [TCP Query User{A2C75996-49A3-44CF-AE54-D0DD59AE3F14}C:\users\dolsen\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\dolsen\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{2D06F0C5-9705-4170-B317-576BAB63F8BD}C:\users\dolsen\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\dolsen\appdata\roaming\spotify\spotify.exe
FirewallRules: [{2EA9901E-24A6-4C3A-BA56-AF00C2F7F9FC}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{24637F7B-2B82-402E-9DC6-DCD6244F434F}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{E43893AD-8497-4129-BC08-2F1E09BAE0DF}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe
FirewallRules: [{E4F0D89A-9F5B-49B2-9948-9F9F6F91C7D8}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe
FirewallRules: [{CDF7C83A-9EA0-487D-80F9-E3F4AEAC6750}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{45E5CDD7-DE77-4905-922D-739B5B891D2F}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe
FirewallRules: [TCP Query User{18CDD8A5-8BB3-45A2-AC0D-2EC661DDC97C}C:\program files\dell sonicwall\global vpn client\swgvc.exe] => (Allow) C:\program files\dell sonicwall\global vpn client\swgvc.exe
FirewallRules: [UDP Query User{7952365C-F331-498E-BC32-E7804DDFD730}C:\program files\dell sonicwall\global vpn client\swgvc.exe] => (Allow) C:\program files\dell sonicwall\global vpn client\swgvc.exe
FirewallRules: [{5CC89CF5-3452-4BF1-9DC4-93DE39C7DA5B}] => (Allow) C:\Program Files\Common Files\AOL\acs\AOLDial.exe
FirewallRules: [{6F321CAE-12CF-4D0E-B441-56684C0C49E9}] => (Allow) C:\Program Files\Common Files\AOL\acs\AOLDial.exe
FirewallRules: [{3B3EECB7-66DA-48EA-9D09-DD39B3F718CD}] => (Allow) C:\Program Files\Common Files\AOL\acs\AOLacsd.exe
FirewallRules: [{AFCF4777-A497-4557-8284-ACC73B2BE4FF}] => (Allow) C:\Program Files\Common Files\AOL\acs\AOLacsd.exe
FirewallRules: [{DD5B6CBF-EA49-4797-9FFB-884866E306B7}] => (Allow) C:\Program Files\Common Files\AOL\1453245988\ee\aolsoftware.exe
FirewallRules: [{EBC51E70-EE49-4B0C-8501-10A2FEBC37A3}] => (Allow) C:\Program Files\Common Files\AOL\1453245988\ee\aolsoftware.exe
FirewallRules: [{53FB975B-6CF8-4DFD-A2E4-639846A24233}] => (Allow) C:\Program Files\AOL Desktop 9.8.2\waol.exe
FirewallRules: [{0DD81DB5-75A0-4514-8EF6-C7A31B3C4DFD}] => (Allow) C:\Program Files\AOL Desktop 9.8.2\waol.exe
FirewallRules: [{7D168142-7AC5-4AB0-A8B3-4B5373D0F97C}] => (Allow) C:\Program Files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe
FirewallRules: [{866A396D-67F3-4530-A0C0-F2F85D5A9DDE}] => (Allow) C:\Program Files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe
FirewallRules: [{4C683F90-60EC-4809-9425-D3F52496594F}] => (Allow) C:\Program Files\Common Files\AOL\Loader\aolload.exe
FirewallRules: [{28552DEC-666C-4476-AB6F-0078246E5FFB}] => (Allow) C:\Program Files\Common Files\AOL\Loader\aolload.exe
FirewallRules: [{43B67350-BAF9-4BD0-B8C4-2B64BD9D2715}] => (Allow) C:\Program Files\Common Files\AOL\System Information\sinf.exe
FirewallRules: [{5AA94F2E-5F71-4322-AAC1-D8E4DEA5C7AD}] => (Allow) C:\Program Files\Common Files\AOL\System Information\sinf.exe
FirewallRules: [{BA1AFE06-9F1F-47EB-A991-9C23F08C4EBD}] => (Allow) C:\Program Files\AOL Desktop 9.8.2a\waol.exe
FirewallRules: [{9D1C5C27-6510-4998-AEC7-CF38D717F04E}] => (Allow) C:\Program Files\AOL Desktop 9.8.2a\waol.exe
FirewallRules: [{9D090083-0641-436C-878D-B7BCC3C3F11B}] => (Allow) C:\Program Files\Common Files\AOL\1453259556\ee\aolsoftware.exe
FirewallRules: [{43BBC2B3-5C5A-4B13-A480-64FC8B6B00A8}] => (Allow) C:\Program Files\Common Files\AOL\1453259556\ee\aolsoftware.exe
FirewallRules: [TCP Query User{6B3A9D2D-7615-4173-AC88-4AC05C50964D}C:\users\dolsen\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\dolsen\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{14B5AF2B-C24F-447B-94E6-D8DA937AFD7C}C:\users\dolsen\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\dolsen\appdata\roaming\spotify\spotify.exe
FirewallRules: [{8016BA54-A474-448F-9F37-E710FC3D4E02}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{CC7A152D-5173-432E-8698-52083B69D767}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{388EA10A-5304-4946-8032-D9A7500703E2}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{DD784941-BCF7-43CB-9807-06F79DA01433}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

10-03-2016 20:00:27 Windows Update
11-03-2016 20:00:50 Windows Update
12-03-2016 20:00:39 Windows Update
13-03-2016 20:00:42 Windows Update
14-03-2016 19:00:31 Windows Update
15-03-2016 19:00:38 Windows Update
17-03-2016 07:10:49 Windows Update
17-03-2016 19:00:43 Windows Update
18-03-2016 19:00:48 Windows Update
19-03-2016 19:00:29 Windows Update
19-03-2016 19:00:36 Windows Update
20-03-2016 19:00:47 Windows Update
21-03-2016 19:00:43 Windows Update
22-03-2016 19:00:33 Windows Update
23-03-2016 19:00:31 Windows Update
24-03-2016 19:00:31 Windows Update
25-03-2016 19:00:37 Windows Update
26-03-2016 19:00:38 Windows Update

==================== Faulty Device Manager Devices =============

Could not list Devices. Check "winmgmt" service or repair WMI.


==================== Event log errors: =========================

Application errors:
==================
Error: (03/27/2016 05:52:19 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./ROOT/CIMV2SELECT * FROM __InstanceCreationEvent WITHIN 5 WHERE TargetInstance ISA 'Win32_Process'0x80041010

Error: (03/27/2016 08:32:52 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1903

Error: (03/27/2016 08:32:52 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1903

Error: (03/27/2016 08:32:52 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (03/27/2016 07:56:30 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 32288463

Error: (03/27/2016 07:56:30 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 32288463

Error: (03/27/2016 07:56:30 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (03/26/2016 10:58:33 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 10905

Error: (03/26/2016 10:58:33 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 10905

Error: (03/26/2016 10:58:33 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second


System errors:
=============
Error: (03/27/2016 05:54:46 PM) (Source: NETLOGON) (EventID: 5719) (User: )
Description: This computer was not able to set up a secure session with a domain
controller in domain ASPENTHERMAL due to the following:
%%1311

This may lead to authentication problems. Make sure that this
computer is connected to the network. If the problem persists,
please contact your domain administrator.



ADDITIONAL INFO

If this computer is a domain controller for the specified domain, it
sets up the secure session to the primary domain controller emulator in the specified
domain. Otherwise, this computer sets up the secure session to any domain controller
in the specified domain.

Error: (03/26/2016 08:44:14 PM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1129) (User: NT AUTHORITY)
Description: The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator.

Error: (03/25/2016 07:29:33 PM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1129) (User: NT AUTHORITY)
Description: The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator.

Error: (03/25/2016 05:35:08 PM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1129) (User: NT AUTHORITY)
Description: The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator.

Error: (03/25/2016 03:47:00 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The FLEXnet Licensing Service service failed to start due to the following error:
%%1053

Error: (03/25/2016 03:47:00 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (120000 milliseconds) while waiting for the FLEXnet Licensing Service service to connect.

Error: (03/25/2016 03:47:00 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The FLEXnet Licensing Service service failed to start due to the following error:
%%1053

Error: (03/25/2016 03:47:00 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (120000 milliseconds) while waiting for the FLEXnet Licensing Service service to connect.

Error: (03/25/2016 03:46:59 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The FLEXnet Licensing Service service failed to start due to the following error:
%%1053

Error: (03/25/2016 03:46:59 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (120000 milliseconds) while waiting for the FLEXnet Licensing Service service to connect.


CodeIntegrity:
===================================
Date: 2015-10-23 15:40:07.057
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\sysfer.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-10-23 14:22:24.634
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\sysfer.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-10-23 13:43:30.771
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\sysfer.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-10-23 13:31:11.757
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\sysfer.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-10-23 12:22:23.562
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\sysfer.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-10-23 12:14:14.086
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\sysfer.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-10-23 11:51:44.027
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\sysfer.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-10-23 11:31:19.005
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\sysfer.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-10-22 20:46:41.074
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\sysfer.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-10-22 20:03:20.848
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\sysfer.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i3 CPU M 380 @ 2.53GHz
Percentage of memory in use: 59%
Total physical RAM: 3509.83 MB
Available physical RAM: 1426.46 MB
Total Virtual: 7017.95 MB
Available Virtual: 4174.66 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:283.8 GB) (Free:160.59 GB) NTFS
Drive d: (READER) (Fixed) (Total:2 GB) (Free:1.86 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 77E3ED41)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=12.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=283.8 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=2 GB) - (Type=OF Extended)

==================== End of Addition.txt ============================

 

[Broni]

Please, observe following rules:

• Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
• If you're stuck, or you're not sure about certain step, always ask before doing anything else.
• Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
• Never run more than one scan at a time.
• Keep updating me regarding your computer behavior, good, or bad.
• The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
• If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
• I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

================================

Download RogueKiller from one of the following links and save it to your Desktop:

Link 1
Link 2

• Close all the running programs
• Windows Vista/7/8 users: right click on RogueKiller.exe, click Run as Administrator
• Otherwise just double-click on RogueKiller.exe
• Pre-scan will start. Let it finish.
• Click on SCAN button.
• Wait until the Status box shows Scan Finished
• Click on Delete.
• Wait until the Status box shows Deleting Finished.
• Click on Report and copy/paste the content of the Notepad into your next reply.
• RKreport.txt could also be found on your desktop.
• If more than one log is produced post all logs.
• If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

Please download Malwarebytes Anti-Malware (MBAM) to your desktop.
NOTE. If you already have MBAM 2.0 installed scroll down.

• Double-click mbam-setup-2.0.0.1000.exe and follow the prompts to install the program.
  
• At the end, be sure a checkmark is placed next to the following:
  
• Launch Malwarebytes Anti-Malware
• A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  
• Click Finish.
• On the Dashboard, click the 'Update Now >>' link
• After the update completes, click the 'Scan Now >>' button.
  
• Or, on the Dashboard, click the Scan Now >> button.
• If an update is available, click the Update Now button.
  
• A Threat Scan will begin.
• When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
• In most cases, a restart will be required.
• Wait for the prompt to restart the computer to appear, then click on Yes.

If you already have MBAM 2.0 installed:

• On the Dashboard, click the 'Update Now >>' link
• After the update completes, click the 'Scan Now >>' button.
  
• Or, on the Dashboard, click the Scan Now >> button.
• If an update is available, click the Update Now button.
  
• A Threat Scan will begin.
• When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
• In most cases, a restart will be required.
• Wait for the prompt to restart the computer to appear, then click on Yes.

How to get logs:
(Export log to save as txt)

• After the restart once you are back at your desktop, open MBAM once more.
• Click on the History tab > Application Logs.
• Double click on the Scan Log which shows the Date and time of the scan just performed.
• Click 'Export'.
• Click 'Text file (*.txt)'
• In the Save File dialog box which appears, click on Desktop.
• In the File name: box type a name for your scan log.
• A message box named 'File Saved' should appear stating "Your file has been successfully exported".
• Click Ok
• Attach that saved log to your next reply.

(Copy to clipboard for pasting into forum replies or tickets)

• After the restart once you are back at your desktop, open MBAM once more.
• Click on the History tab > Application Logs.
• Double click on the Scan Log which shows the Date and time of the scan just performed.
• Click 'Copy to Clipboard'
• Paste the contents of the clipboard into your reply.

Please download AdwCleaner by Xplode onto your desktop.

• Close all open programs and internet browsers.
• Double click on adwcleaner.exe to run the tool.
• Click on Scan button.
• When the scan has finished click on Clean button.
• Your computer will be rebooted automatically. A text file will open after the restart.
• Please post the contents of that logfile with your next reply.
• You can find the logfile at C:\AdwCleaner[S1].txt as well.

Please download Junkware Removal Tool to your desktop.

• Shut down your protection software now to avoid potential conflicts.
• Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
• The tool will open and start scanning your system.
• Please be patient as this can take a while to complete depending on your system's specifications.
• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
• Post the contents of JRT.txt into your next message.

 

[dolsen]

RogueKiller V12.0.3.0 [Mar 21 2016] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/software/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User : TEST1 [Administrator]
Started from : C:\Users\TEST1\Downloads\RogueKiller.exe
Mode : Delete -- Date : 03/27/2016 23:28:12

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 10 ¤¤¤
[PUP] HKEY_LOCAL_MACHINE\Software\Conduit -> Deleted
[PUP] HKEY_LOCAL_MACHINE\Software\MetaStream -> Deleted
[PUP] HKEY_LOCAL_MACHINE\Software\Viewpoint -> Deleted
[PUP] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D425283-D487-4337-BAB6-AB8354A81457} (C:\Program Files\Search Toolbar\SearchToolbar.dll) -> Deleted
[PUP] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} (C:\Program Files\Hotspot Shield\HssIE\HssIE.dll) -> Deleted
[PUP] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar | {9D425283-D487-4337-BAB6-AB8354A81457} : Search Toolbar (C:\Program Files\Search Toolbar\SearchToolbar.dll) -> Deleted
[PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{515EB4EB-0182-4754-8B99-31519D791097} | DhcpNameServer : 172.20.10.1 ([]) -> Replaced ()
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{515EB4EB-0182-4754-8B99-31519D791097} | DhcpNameServer : 172.20.10.1 ([]) -> Replaced ()
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{515EB4EB-0182-4754-8B99-31519D791097} | DhcpNameServer : 172.20.10.1 ([]) -> Replaced ()
[PUM.StartMenu] HKEY_USERS\S-1-5-21-3056380410-417315007-640916887-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Replaced (1)

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 3 ¤¤¤
[PUP][Folder] C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521} -> Removed at reboot [91]
[PUP][Folder] C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}\x86 -> ERROR [5]
[PUP][Folder] C:\ProgramData\{7A07EBE4-B577-47A8-AEB4-B6BBE4A58212} -> Deleted
[PUP][File] C:\ProgramData\{7A07EBE4-B577-47A8-AEB4-B6BBE4A58212}\Agent.dat -> Deleted
[PUP][File] C:\ProgramData\{7A07EBE4-B577-47A8-AEB4-B6BBE4A58212}\Agent.exe -> Deleted
[PUP][File] C:\ProgramData\{7A07EBE4-B577-47A8-AEB4-B6BBE4A58212}\Agent.lnk -> Deleted
[PUP][File] C:\ProgramData\{7A07EBE4-B577-47A8-AEB4-B6BBE4A58212}\Agent.msi -> Deleted
[PUP][File] C:\ProgramData\{7A07EBE4-B577-47A8-AEB4-B6BBE4A58212}\Agent.par -> Deleted
[PUP][File] C:\ProgramData\{7A07EBE4-B577-47A8-AEB4-B6BBE4A58212}\Agent.res -> Deleted
[PUP][Folder] C:\ProgramData\{7A07EBE4-B577-47A8-AEB4-B6BBE4A58212}\data -> Deleted
[PUP][File] C:\ProgramData\{7A07EBE4-B577-47A8-AEB4-B6BBE4A58212}\instance.dat -> Deleted
[PUP][File] C:\ProgramData\{7A07EBE4-B577-47A8-AEB4-B6BBE4A58212}\mia.lib -> Deleted
[PUP][Folder] C:\ProgramData\{BABCE4AB-AD57-4904-8E84-026E11C6632A} -> Deleted
[PUP][File] C:\ProgramData\{BABCE4AB-AD57-4904-8E84-026E11C6632A}\1033.MST -> Deleted
[PUP][File] C:\ProgramData\{BABCE4AB-AD57-4904-8E84-026E11C6632A}\Reader 2.1.msi -> Deleted

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: +++++
--- User ---
[MBR] 0c11d9b30cc61519fe234ad612bcff2f
[BSP] b1a0a931b5db181832fad937ca9d6359 : Windows Vista/7/8 MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 MB
1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 81920 | Size: 12542 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 25767936 | Size: 290612 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
3 - [XXXXXX] EXTEN-LBA (0xf) [VISIBLE] Offset (sectors): 620941312 | Size: 2050 MB
User = LL1 ... OK
User = LL2 ... OK

Malwarebytes Anti-Malware
www.malwarebytes.org


Update, 3/27/2016 11:42 PM, SYSTEM, DOLSENLAPTOP, Manual, Rootkit Database, 2016.2.8.1, 2016.3.12.1,
Update, 3/27/2016 11:42 PM, SYSTEM, DOLSENLAPTOP, Manual, Remediation Database, 2016.2.12.1, 2016.3.24.1,
Update, 3/27/2016 11:42 PM, SYSTEM, DOLSENLAPTOP, Manual, Domain Database, 2016.2.16.8, 2016.3.27.2,
Update, 3/27/2016 11:42 PM, SYSTEM, DOLSENLAPTOP, Manual, Malware Database, 2016.2.16.6, 2016.3.28.2,
Update, 3/27/2016 11:42 PM, SYSTEM, DOLSENLAPTOP, Manual, IP Database, 2016.2.8.1, 2016.3.21.3,

(end)


# AdwCleaner v5.106 - Logfile created 28/03/2016 at 07:50:52
# Updated 27/03/2016 by Xplode
# Database : 2016-03-27.2 [Server]
# Operating system : Windows 7 Professional Service Pack 1 (x86)
# Username : TEST1 - DOLSENLAPTOP
# Running from : C:\Users\TEST1\Desktop\adwcleaner_5.106.exe
# Option : Clean
# Support : http://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****

[-] Folder Deleted : C:\Program Files\Driver Performer
[-] Folder Deleted : C:\Program Files\Search Toolbar
[-] Folder Deleted : C:\Program Files\Viewpoint
[-] Folder Deleted : C:\ProgramData\Anti-phishing Domain Advisor
[-] Folder Deleted : C:\ProgramData\blekko toolbars
[-] Folder Deleted : C:\ProgramData\Viewpoint
[-] Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Performer
[-] Folder Deleted : C:\Users\TEST1\AppData\Local\PackageAware

***** [ Files ] *****


***** [ DLLs ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****

[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
[-] Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP
[-] Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bejbohlohkkgompgecdcbbglkpjfjgdj
[-] Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
[-] Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
[-] Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine
[-] Key Deleted : HKLM\SOFTWARE\Classes\HssIE.HssIEApp
[-] Key Deleted : HKLM\SOFTWARE\Classes\HssIE.HssIEApp.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.Protector
[-] Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.Protector.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho
[-] Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib
[-] Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E49F0B41-3322-11D4-AEFE-00C04F61025C}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E69D4A59-73DE-4E38-9FB3-740EC4D9060D}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Anti-phishing Domain Advisor
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Shared Tools\MsConfig\StartupReg\Anti-phishing Domain Advisor

***** [ Web browsers ] *****

[-] [C:\Users\dolsen2\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : aol.com
[-] [C:\Users\dolsen2\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask.com

*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [3539 bytes] - [28/03/2016 07:50:52]
C:\AdwCleaner\AdwCleaner[S1].txt - [3386 bytes] - [28/03/2016 00:39:36]

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [3685 bytes] ##########


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.4 (03.14.2016)
Operating System: Windows 7 Professional x86
Ran by TEST1 (Administrator) on Mon 03/28/2016 at 7:58:55.60
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 11

Successfully deleted: C:\Program Files\mozilla firefox\defaults\pref\itms.js (File)
Successfully deleted: C:\Program Files\GUT195B.tmp (File)
Successfully deleted: C:\Users\TEST1\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2FPI0ZVS (Temporary Internet Files Folder)
Successfully deleted: C:\Users\TEST1\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4MP48A6H (Temporary Internet Files Folder)
Successfully deleted: C:\Users\TEST1\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8UCRHEE5 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\TEST1\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MKVZ0NWW (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\prefetch\AVAST_FREE_ANTIVIRUS_SETUP.EX-B46AF3EA.pf (File)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2FPI0ZVS (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4MP48A6H (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8UCRHEE5 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MKVZ0NWW (Temporary Internet Files Folder)



Registry: 1

Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} (Registry Key)




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 03/28/2016 at 8:07:19.79
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

[Broni]

Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

• Never rename Combofix unless instructed.
• Close any open browsers.
• Very Important! Temporarily disable your anti-virus and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
• Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
• Close any open browsers.
• WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
• Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
• If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  If the connection is not there use restore point you created prior to running Combofix.
• Double click on combofix.exe & follow the prompts.

• 
  NOTE1. If Combofix asks you to install Recovery Console, please allow it.
  NOTE 2. If Combofix asks you to update the program, always do so.

• When finished, it will produce a report for you.
• Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error Illegal operation attempted on a registery key that has been marked for deletion, restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try the following...

Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

Restart computer in safe mode

• Double-click on the Rkill desktop icon to run the tool.
• If using Windows Vista, 7 or 8 right-click on it and choose Run As Administrator.
• A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
• If not, delete the file, then download and use the one provided in Link 2.
• Do not reboot until instructed.
• If the tool does not run from any of the links provided, please let me know.

When the scan is done Notepad will open with rKill.txt log.
NOTE. rKill.txt log will also be present on your desktop.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.

 

[dolsen]

ComboFix 16-03-28.01 - TEST1 03/28/2016 20:17:04.1.4 - x86
Running from: c:\users\TEST1\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\PFRO.log
c:\windows\system32\test
.
.
((((((((((((((((((((((((( Files Created from 2016-02-28 to 2016-03-29 )))))))))))))))))))))))))))))))
.
.
2016-03-29 00:42 . 2016-03-29 00:42 -------- d-----w- c:\users\dolsen2\AppData\Local\temp
2016-03-29 00:42 . 2016-03-29 00:42 -------- d-----w- c:\users\dolsen\AppData\Local\temp
2016-03-29 00:42 . 2016-03-29 00:42 -------- d-----w- c:\users\dmorse\AppData\Local\temp
2016-03-29 00:42 . 2016-03-29 00:42 -------- d-----w- c:\users\ditolsen\AppData\Local\temp
2016-03-29 00:42 . 2016-03-29 00:42 -------- d-----w- c:\users\ditmorse\AppData\Local\temp
2016-03-29 00:42 . 2016-03-29 00:42 -------- d-----w- c:\users\Default\AppData\Local\temp
2016-03-29 00:42 . 2016-03-29 00:42 -------- d-----w- c:\users\bcallan\AppData\Local\temp
2016-03-28 12:45 . 2016-03-28 12:45 53248 ----a-r- c:\users\TEST1\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2016-03-28 12:03 . 2016-03-28 12:03 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{5B4F779C-8C82-4EA5-8802-6BF77CC2D641}\offreg.2228.dll
2016-03-28 04:39 . 2016-03-28 11:50 -------- d-----w- C:\AdwCleaner
2016-03-28 03:42 . 2016-03-28 12:14 170200 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2016-03-28 03:41 . 2016-03-28 03:41 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2016-03-28 03:41 . 2016-03-28 03:41 -------- d-----w- c:\programdata\Malwarebytes
2016-03-28 03:41 . 2016-03-10 18:09 53120 ----a-w- c:\windows\system32\drivers\mwac.sys
2016-03-28 03:41 . 2016-03-10 18:08 126336 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2016-03-28 03:41 . 2016-03-10 18:08 24448 ----a-w- c:\windows\system32\drivers\mbam.sys
2016-03-28 02:32 . 2016-03-28 02:32 24688 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2016-03-28 02:31 . 2016-03-28 02:31 -------- d-----w- c:\programdata\RogueKiller
2016-03-27 21:56 . 2016-03-27 21:56 35096 ----a-w- c:\windows\system32\drivers\aswKbd.sys
2016-03-27 21:53 . 2016-03-27 22:01 -------- d-----w- C:\FRST
2016-03-27 21:52 . 2016-03-27 21:52 -------- d-----w- c:\users\TEST1\AppData\Roaming\AVAST Software
2016-03-27 21:51 . 2016-03-27 21:51 -------- d-----w- c:\program files\Common Files\AV
2016-03-27 21:50 . 2016-03-27 21:51 91168 ----a-w- c:\windows\system32\drivers\aswmonflt.sys
2016-03-27 21:50 . 2016-03-27 21:51 816304 ----a-w- c:\windows\system32\drivers\aswsnx.sys
2016-03-27 21:50 . 2016-03-27 21:51 447848 ----a-w- c:\windows\system32\drivers\aswsp.sys
2016-03-27 21:50 . 2016-03-27 21:51 221240 ----a-w- c:\windows\system32\drivers\aswvmm.sys
2016-03-27 21:50 . 2016-03-27 21:50 91232 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2016-03-27 21:50 . 2016-03-27 21:50 58776 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2016-03-27 21:50 . 2016-03-27 21:50 32792 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2016-03-27 21:50 . 2016-03-27 21:50 127432 ----a-w- c:\windows\system32\drivers\aswStm.sys
2016-03-27 21:50 . 2016-03-27 21:50 334280 ----a-w- c:\windows\system32\aswBoot.exe
2016-03-27 21:50 . 2016-03-27 21:50 52184 ----a-w- c:\windows\avastSS.scr
2016-03-27 21:49 . 2016-03-27 21:56 -------- d-----w- c:\program files\AVAST Software
2016-03-27 21:48 . 2016-03-27 21:56 -------- d-----w- c:\programdata\AVAST Software
2016-03-25 07:22 . 2016-03-25 07:22 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{5B4F779C-8C82-4EA5-8802-6BF77CC2D641}\offreg.3916.dll
2016-03-25 07:18 . 2016-02-19 01:31 9067696 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{5B4F779C-8C82-4EA5-8802-6BF77CC2D641}\mpengine.dll
2016-03-09 01:36 . 2016-02-08 20:18 230400 ----a-w- c:\program files\Internet Explorer\DiagnosticsHub.ScriptedSandboxPlugin.dll
2016-03-09 00:50 . 2016-02-12 18:39 2956288 ----a-w- c:\windows\system32\wucltux.dll
2016-03-09 00:50 . 2016-02-12 18:07 2062848 ----a-w- c:\windows\system32\wuaueng.dll
2016-03-09 00:50 . 2016-02-12 18:39 174080 ----a-w- c:\windows\system32\wuwebv.dll
2016-03-09 00:50 . 2016-02-12 18:26 73728 ----a-w- c:\windows\system32\WinSetupUI.dll
2016-03-09 00:50 . 2016-02-12 18:06 573440 ----a-w- c:\windows\system32\wuapi.dll
2016-03-09 00:50 . 2016-02-12 18:05 93696 ----a-w- c:\windows\system32\wudriver.dll
2016-03-09 00:50 . 2016-02-12 18:05 30208 ----a-w- c:\windows\system32\wups.dll
2016-03-09 00:50 . 2016-02-12 18:05 136192 ----a-w- c:\windows\system32\wuauclt.exe
2016-03-09 00:50 . 2016-02-12 18:05 35840 ----a-w- c:\windows\system32\wups2.dll
2016-03-09 00:50 . 2016-02-12 18:05 35328 ----a-w- c:\windows\system32\wuapp.exe
2016-03-09 00:50 . 2016-02-12 18:05 11776 ----a-w- c:\windows\system32\wu.upgrade.ps.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2016-02-14 18:20 . 2016-02-14 18:19 36864 ----a-w- c:\windows\system32\pdf995mon.dll
2016-02-14 18:20 . 2016-02-14 18:19 1672704 ----a-w- c:\windows\system32\pdfmona.dll
2016-02-05 04:13 . 2016-02-05 04:13 875720 ----a-w- c:\windows\system32\msvcr120_clr0400.dll
2016-02-05 04:13 . 2016-02-05 04:13 536776 ----a-w- c:\windows\system32\msvcp120_clr0400.dll
2016-01-25 15:19 . 2016-01-25 15:19 198880 ----a-w- c:\windows\system32\g2ax_credential_provider_948.dll
2016-01-23 12:58 . 2016-01-20 01:07 796864 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2016-01-23 12:58 . 2016-01-20 01:07 142528 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2016-01-20 03:11 . 2016-01-19 23:27 58696 ----a-w- c:\windows\system32\AOLParconLink.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2016-03-27 21:50 770088 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EnabledUnlockedFDEIconOverlay]
@="{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}"
[HKEY_CLASSES_ROOT\CLSID\{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}]
2010-03-29 18:45 62832 ----a-w- c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UninitializedFdeIconOverlay]
@="{CF08DA3E-C97D-4891-A66B-E39B28DD270F}"
[HKEY_CLASSES_ROOT\CLSID\{CF08DA3E-C97D-4891-A66B-E39B28DD270F}]
2010-03-29 18:45 62832 ----a-w- c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AOL Fast Start"="c:\program files\AOL Desktop 9.8.2\AOL.EXE" [2015-12-15 73584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DBRMTray"="c:\dell\DBRM\Reminder\DbrmTrayIcon.exe" [2010-05-20 206336]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2010-05-13 288112]
"LWS"="c:\program files\Logitech\LWS\Webcam Software\LWS.exe" [2012-09-13 204136]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2015-12-18 157456]
"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2012-09-20 1425208]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2016-03-27 7139256]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"DBRMTray"="c:\dell\DBRM\Reminder\TrayApp.exe" [2010-02-04 7168]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SPReview"="c:\windows\System32\SPReview\SPReview.exe" [2013-03-20 280576]
.
c:\users\TEST1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech . Product Registration.lnk - c:\program files\Logitech\Ereg\eReg.exe /remind /language=ENU /_WFM="." [2009-11-16 517384]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist Express Customer]
2016-01-25 15:19 610528 ----a-w- c:\program files\Citrix\GoToAssist Remote Support Customer\948\g2ax_winlogon.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 wvauth
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1390067357-179605362-725345543-1126\Scripts\Logon\0\0]
"Script"=defaultLogon.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1390067357-179605362-725345543-1130\Scripts\Logon\0\0]
"Script"=defaultLogon.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1390067357-179605362-725345543-1131\Scripts\Logon\0\0]
"Script"=defaultLogon.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1390067357-179605362-725345543-1608\Scripts\Logon\0\0]
"Script"=defaultLogon.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1390067357-179605362-725345543-2192\Scripts\Logon\0\0]
"Script"=defaultLogon.vbs
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Dell System Manager.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Dell System Manager.lnk
backup=c:\windows\pss\Dell System Manager.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^SolidWorks Background Downloader.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\SolidWorks Background Downloader.lnk
backup=c:\windows\pss\SolidWorks Background Downloader.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^TdmNotify.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\TdmNotify.lnk
backup=c:\windows\pss\TdmNotify.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^TEST1^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Logitech . Product Registration.lnk]
path=c:\users\TEST1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Product Registration.lnk
backup=c:\windows\pss\Logitech . Product Registration.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
2008-06-12 02:43 640376 ----a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Acrobat Speed Launcher]
2008-06-12 06:25 37232 ----a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2015-12-17 22:27 1085656 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Fast Start]
2015-12-15 16:14 73584 ----a-w- c:\program files\AOL Desktop 9.8.2\aol.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
2010-05-13 04:33 288112 ----a-w- c:\program files\DellTPad\Apoint.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2015-12-17 23:39 60688 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Broadcom Wireless Manager UI]
2010-02-02 13:20 5249024 ----a-w- c:\program files\Dell\DW WLAN Card\WLTRAY.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DBRMTray]
2010-05-20 16:39 206336 ----a-w- c:\dell\DBRM\Reminder\DbrmTrayicon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell Webcam Central]
2010-03-12 16:42 462993 ------w- c:\program files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellBtrEvent]
2010-05-04 21:06 147456 ----a-w- d:\program files\Dell\Reader 2.1\DellBtrEvent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Desktop Disc Tool]
2010-09-03 07:28 518640 ----a-w- c:\program files\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
2010-03-08 07:27 41800 ----a-w- c:\program files\Common Files\AOL\1453259556\ee\aolsoftware.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2010-07-28 05:45 171032 ----a-w- c:\windows\System32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAStorIcon]
2010-03-04 02:16 284696 ----a-w- c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2010-07-28 05:46 136216 ----a-w- c:\windows\System32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2015-12-18 03:12 157456 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVD9LanguageShortcut]
2010-04-29 16:33 50472 ------w- c:\program files\CyberLink\PowerDVD9\Language\Language.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2010-07-28 05:46 170520 ----a-w- c:\windows\System32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2013-05-01 07:59 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl9]
2009-07-06 20:22 87336 ------w- c:\program files\CyberLink\PowerDVD9\PDVD9Serv.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
2010-09-04 07:15 240112 ----a-w- c:\program files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2010-11-20 12:17 1174016 ----a-w- c:\program files\Windows Sidebar\sidebar.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2014-12-11 16:16 30872672 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spotify]
2016-01-22 19:43 8316528 ----a-w- c:\users\dolsen\AppData\Roaming\Spotify\Spotify.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spotify Web Helper]
2016-01-22 19:43 2346096 ----a-w- c:\users\dolsen\AppData\Roaming\Spotify\SpotifyWebHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2015-04-30 17:45 334896 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2011-09-12 13:19 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SysTrayApp]
2010-05-26 11:54 495708 ----a-w- c:\program files\IDT\WDM\sttray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\USCService]
2010-06-22 17:33 34232 ----a-w- c:\program files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WavXMgr]
2010-07-21 22:01 147840 ----a-w- c:\program files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys [2016-03-27 127432]
R2 InstallFilterService;FF Install Filter Service;c:\program files\STMicroelectronics\AccelerometerP11\InstallFilterService.exe [2010-01-10 60928]
R2 MCUSBPM3;Microchip MPLAB PM3 Firmware Client Driver (PM3W2K.SYS);c:\windows\system32\Drivers\PM3w2k.sys [2004-03-22 12447]
R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-09-04 219632]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2014-12-11 315496]
R3 CoordinatorServiceHost;SW Distributed TS Coordinator Service;c:\program files\SolidWorks Corp\SolidWorks (3)\swScheduler\DTSCoordinatorService.exe [2012-03-28 89160]
R3 CtAudDrv;Provides advanced audio effects for audio devices.;c:\windows\system32\Drivers\CtAudDrv.sys [2009-05-28 134144]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2009-09-16 144576]
R3 EraserUtilDrv11410;EraserUtilDrv11410;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11410.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2014-11-06 102912]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl.sys [2011-08-02 18432]
R3 Remote Solver for Flow Simulation 2012;Remote Solver for Flow Simulation 2012;c:\program files\SolidWorks Corp\SolidWorks Flow Simulation (3)\binCFW\StandAloneSlv.exe [2012-02-08 95368]
R3 rimspci;rimspci;c:\windows\system32\DRIVERS\rimspe86.sys [2010-03-21 48640]
R3 rixdpcie;rixdpcie;c:\windows\system32\DRIVERS\rixdpe86.sys [2010-03-21 38912]
R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-09-04 1116656]
R3 silabenm;Silicon Labs CP210x USB to UART Bridge Serial Port Enumerator Driver;c:\windows\system32\DRIVERS\silabenm.sys [2009-10-08 17920]
R3 silabser;Silicon Labs CP210x USB to UART Bridge Driver;c:\windows\system32\DRIVERS\silabser.sys [2009-10-08 63872]
R3 SWVNIC;SonicWALL Virtual Miniport;c:\windows\system32\DRIVERS\swvnic.sys [2013-08-26 21016]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-08-04 1343400]
R4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [2005-09-23 2799808]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 stdflt;Disk Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdfltn.sys [2010-01-18 17072]
S1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [2016-03-27 35096]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2016-03-27 816304]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2016-03-27 447848]
S1 DVMIO;DVMIO;d:\program files\Dell\Reader 2.1\dvmio.sys [2010-05-04 18320]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\aestsrv.exe [2010-05-26 81920]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys [2016-03-27 32792]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2016-03-27 91168]
S2 Credential Vault Host Control Service;Credential Vault Host Control Service;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe [2010-03-24 812448]
S2 Credential Vault Host Storage;Credential Vault Host Storage;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe [2010-03-24 27040]
S2 dcpsysmgrsvc;Dell System Manager Service;c:\program files\Dell\Dell System Manager\DCPSysMgrSvc.exe [2010-08-24 388464]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe [2009-07-14 20992]
S2 DvmMDES;DeviceVM Meta Data Export Service;d:\program files\Dell\Reader 2.1\DVMExportService.exe [2010-05-04 327680]
S2 GoToAssist Remote Support Customer;GoToAssist Remote Support Customer;c:\program files\Citrix\GoToAssist Remote Support Customer\948\g2ax_service.exe Start=service [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-04 13336]
S2 Remote Solver for Flow Simulation 2010;Remote Solver for Flow Simulation 2010;c:\program files\SolidWorks Corp\SolidWorks Flow Simulation\binCFW\StandAloneSlv.exe [2009-09-12 144680]
S2 Remote Solver for Flow Simulation 2011;Remote Solver for Flow Simulation 2011;c:\program files\SolidWorks Corp\SolidWorks Flow Simulation (2)\binCFW\StandAloneSlv.exe [2011-07-11 89864]
S2 risdpcie;risdpcie;c:\windows\system32\DRIVERS\risdpe86.sys [2010-03-21 59904]
S2 SWGVCSvc;Dell SonicWALL Global VPN Client Service;c:\program files\Dell SonicWALL\Global VPN Client\SWGVCSvc.exe [2014-03-06 256800]
S2 SWIPsec;SonicWALL IPsec Driver;c:\windows\system32\Drivers\SWIPsec.sys [2014-03-06 95120]
S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Accelern.sys [2010-01-18 42672]
S3 cvusbdrv;Dell ControlVault;c:\windows\system32\Drivers\cvusbdrv.sys [2009-10-30 33832]
S3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k6232.sys [2010-04-06 224424]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-27 132480]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-06-21 246272]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
utcsvc REG_MULTI_SZ DiagTrack
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2016-03-14 22:26 1106072 ----a-w- c:\program files\Google\Chrome\Application\49.0.2623.87\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2015-03-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-09-12 21:41]
.
2016-03-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore1d05b4d8adc44a1.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-09-12 21:41]
.
2016-03-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-09-12 21:41]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.1
DPF: {CB1A2363-BCE7-42B1-A8B2-E530C9F0B0DA} - hxxps://secure.digsigtrust.com/ms/IdenTrustCertEnroll.cab
FF - ProfilePath -
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
SafeBoot-Wdf01000.sys
SafeBoot-ccEvtMgr
SafeBoot-ccSetMgr
SafeBoot-Symantec Antivirus
SafeBoot-Symantec Antvirus
MSConfigStartUp-ISUSPM - c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe
AddRemove-Advanced Monitoring Agent GP - c:\programdata\{7A07EBE4-B577-47A8-AEB4-B6BBE4A58212}\Agent.exe
AddRemove-Search Toolbar - c:\program files\Search Toolbar\SearchToolbarUninstall.exe
AddRemove-SLABCOMM&10C4&EA60 - c:\windows\system32\Silabs\DriverUninstaller.exe VCP CP210x Cardinal\SLABCOMM&10C4&EA60
AddRemove-{DB3C5DC4-A7A0-4890-B31C-3220B43B25EC} - c:\programdata\{7A07EBE4-B577-47A8-AEB4-B6BBE4A58212}\Agent.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(640)
c:\windows\system32\wvauth.DLL
.
Completion time: 2016-03-28 20:47:53
ComboFix-quarantined-files.txt 2016-03-29 00:47
.
Pre-Run: 172,629,504,000 bytes free
Post-Run: 172,575,293,440 bytes free
.
- - End Of File - - 30FF029B7644D95CFF5223846739031D
A36C5E4F47E84449FF07ED3517B43A31

 

[Broni]

Re-run Farbar Recovery Scan Tool (FRST/FRST64) you ran at the very beginning of this topic.

• Double click to run it.
• Make sure you checkmark Addition.txt box.
• Press Scan button.
• Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run. Please copy and paste them to your reply.

 

[dolsen]

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:05-03-2016 01
Ran by TEST1 (administrator) on DOLSENLAPTOP (28-03-2016 22:39:48)
Running from C:\Users\TEST1\Desktop
Loaded Profiles: TEST1 (Available Profiles: dolsen2 & TEST1)
Platform: Windows 7 Professional Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv.exe
(Dell Inc.) C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Dell Inc.) C:\Program Files\Dell\DW WLAN Card\BCMWLTRY.EXE
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Broadcom Corporation) C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe
(Broadcom Corporation) C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
(Wave Systems Corp.) C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AEstSrv.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(DeviceVM, Inc.) D:\Program Files\Dell\Reader 2.1\DVMExportService.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\GoToAssist Remote Support Customer\948\g2ax_service.exe
(Mentor Graphics Corporation) C:\Program Files\SolidWorks Corp\SolidWorks Flow Simulation\binCFW\StandAloneSlv.exe
(Mentor Graphics Corporation) C:\Program Files\SolidWorks Corp\SolidWorks Flow Simulation (2)\binCFW\StandAloneSlv.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\GoToAssist Remote Support Customer\948\g2ax_comm_customer.exe
(Dell SonicWALL, Inc.) C:\Program Files\Dell SonicWALL\Global VPN Client\SWGVCSvc.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\GoToAssist Remote Support Customer\948\g2ax_system_customer.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Citrix Systems, Inc.) C:\Program Files\Citrix\GoToAssist Remote Support Customer\948\g2ax_user_customer.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Dell Inc.) C:\Program Files\Dell\Dell System Manager\DCPSysMgrSvc.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Microsoft) C:\dell\DBRM\Reminder\DbrmTrayicon.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(AOL Inc.) C:\Program Files\Common Files\AOL\acs\AOLacsd.exe
(AOL Inc.) C:\Program Files\Common Files\AOL\1453259556\ee\aolsoftware.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Logitech Inc.) C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
(AOL Inc.) C:\Program Files\AOL Desktop 9.8.2\waol.exe
(AOL Inc.) C:\Program Files\AOL Desktop 9.8.2\shellmon.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [DBRMTray] => C:\Dell\DBRM\Reminder\DbrmTrayIcon.exe [206336 2010-05-20] (Microsoft)
HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [288112 2010-05-13] (Alps Electric Co., Ltd.)
HKLM\...\Run: [LWS] => C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe [204136 2012-09-13] (Logitech Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [157456 2015-12-17] (Apple Inc.)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7139256 2016-03-27] (AVAST Software)
HKLM\...\RunOnce: [DBRMTray] => C:\Dell\DBRM\Reminder\TrayApp.exe [7168 2010-02-04] (Microsoft)
Winlogon\Notify\GoToAssist Express Customer: C:\Program Files\Citrix\GoToAssist Remote Support Customer\948\g2ax_winlogon.dll [2016-01-25] (Citrix Systems, Inc.)
HKU\S-1-5-21-3056380410-417315007-640916887-1003\...\Run: [AOL Fast Start] => C:\Program Files\AOL Desktop 9.8.2\AOL.EXE [73584 2015-12-15] (AOL Inc.)
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [280576 2013-03-20] (Microsoft Corporation)
Lsa: [Authentication Packages] msv1_0 wvauth
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2016-03-27] (AVAST Software)
ShellIconOverlayIdentifiers: [EnabledUnlockedFDEIconOverlay] -> {30D3C2AF-9709-4D05-9CF4-13335F3C1E4A} => C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll [2010-03-29] (Wave Systems Corp.)
ShellIconOverlayIdentifiers: [UninitializedFdeIconOverlay] -> {CF08DA3E-C97D-4891-A66B-E39B28DD270F} => C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll [2010-03-29] (Wave Systems Corp.)
Startup: C:\Users\TEST1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Product Registration.lnk [2016-03-28]
ShortcutTarget: Logitech . Product Registration.lnk -> C:\Program Files\Logitech\Ereg\eReg.exe (Leader Technologies/Logitech)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 09 C:\Program Files\Bonjour\mdnsNSP.dll [122128 2015-08-12] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{B74DF508-EBBE-448C-A4B9-F4DE13A86BFF}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3056380410-417315007-640916887-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3056380410-417315007-640916887-1003\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM -> {9AB47079-668A-43FC-944F-27BEE07483FC} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLRDF8&pc=MDDR&src=IE-SearchBox
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-09-23] (Adobe Systems Incorporated)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-03-27] (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files\Windows Live\Companion\companioncore.dll [2010-09-23] (Microsoft Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-12-18] (Google Inc.)
BHO: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11] (Adobe Systems Incorporated)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11] (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11] (Adobe Systems Incorporated)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-12-18] (Google Inc.)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_45-windows-i586.cab
DPF: {CAFEEFAC-0018-0000-0045-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_45-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_45-windows-i586.cab
DPF: {CB1A2363-BCE7-42B1-A8B2-E530C9F0B0DA} hxxps://secure.digsigtrust.com/ms/IdenTrustCertEnroll.cab
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll No File
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll No File
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_20_0_0_286.dll [2016-01-23] ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2015-10-14] ()
FF Plugin: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-06-18] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre1.8.0_45\bin\new_plugin\npjp2.dll [No File]
FF Plugin: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-06-18] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2010-09-23] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-01] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-01] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-03-27]

Chrome:
=======
CHR Profile: C:\Users\TEST1\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\TEST1\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-01-19]
CHR Extension: (Google Slides) - C:\Users\TEST1\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-01-19]
CHR Extension: (Google Drive) - C:\Users\TEST1\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-01-19]
CHR Extension: (YouTube) - C:\Users\TEST1\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-01-19]
CHR Extension: (Google Search) - C:\Users\TEST1\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-01-19]
CHR Extension: (Google Slides) - C:\Users\TEST1\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-01-19]
CHR Extension: (Google Slides) - C:\Users\TEST1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-20]
CHR Extension: (Google Slides) - C:\Users\TEST1\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-03-27]
CHR Extension: (Chrome Web Store Payments) - C:\Users\TEST1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-01-19]
CHR Extension: (Gmail) - C:\Users\TEST1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-01-19]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2016-03-27]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 AOL ACS; C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe [46184 2014-02-06] (AOL Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [237096 2016-03-27] (AVAST Software)
S3 CoordinatorServiceHost; C:\Program Files\SolidWorks Corp\SolidWorks (3)\swScheduler\DTSCoordinatorService.exe [89160 2012-03-28] (Dassault Systèmes SolidWorks Corp.)
R2 Credential Vault Host Control Service; C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe [812448 2010-03-24] (Broadcom Corporation)
R2 Credential Vault Host Storage; C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe [27040 2010-03-24] (Broadcom Corporation)
R2 dcpsysmgrsvc; c:\Program Files\Dell\Dell System Manager\DCPSysMgrSvc.exe [388464 2010-08-24] (Dell Inc.)
R2 DvmMDES; D:\Program Files\Dell\Reader 2.1\DVMExportService.exe [327680 2010-05-04] (DeviceVM, Inc.) [File not signed]
S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [1044816 2011-09-15] (Flexera Software, Inc.) [File not signed]
R2 GoToAssist Remote Support Customer; C:\Program Files\Citrix\GoToAssist Remote Support Customer\948\g2ax_service.exe [610528 2016-01-25] (Citrix Systems, Inc.)
S2 InstallFilterService; C:\Program Files\STMicroelectronics\AccelerometerP11\InstallFilterService.exe [60928 2010-01-10] () [File not signed]
S4 msvsmon80; C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [2799808 2005-09-23] (Microsoft Corporation)
R2 Remote Solver for Flow Simulation 2010; C:\Program Files\SolidWorks Corp\SolidWorks Flow Simulation\binCFW\StandAloneSlv.exe [144680 2009-09-11] (Mentor Graphics Corporation)
R2 Remote Solver for Flow Simulation 2011; C:\Program Files\SolidWorks Corp\SolidWorks Flow Simulation (2)\binCFW\StandAloneSlv.exe [89864 2011-07-11] (Mentor Graphics Corporation)
S3 Remote Solver for Flow Simulation 2012; C:\Program Files\SolidWorks Corp\SolidWorks Flow Simulation (3)\binCFW\StandAloneSlv.exe [95368 2012-02-07] (Mentor Graphics Corporation) [File not signed]
S3 RoxMediaDB12OEM; C:\Program Files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [1116656 2010-09-04] (Sonic Solutions)
S2 RoxWatch12; C:\Program Files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [219632 2010-09-04] (Sonic Solutions)
S3 SecureStorageService; C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe [1032192 2010-02-03] (Wave Systems Corp.) [File not signed]
S3 SolidWorks Licensing Service; C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe [79360 2011-01-20] (SolidWorks) [File not signed]
R2 STacSV; C:\Program Files\IDT\WDM\STacSV.exe [245842 2010-05-26] (IDT, Inc.)
R2 SWGVCSvc; C:\Program Files\Dell SonicWALL\Global VPN Client\SWGVCSvc.exe [256800 2014-03-06] (Dell SonicWALL, Inc.)
S2 tcsd_win32.exe; C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe [1273856 2008-11-12] () [File not signed]
R2 TdmService; C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe [1164648 2010-03-29] (Wave Systems Corp.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
R2 wltrysvc; C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe [4539392 2010-02-02] (Dell Inc.) [File not signed]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 Acceler; C:\Windows\System32\DRIVERS\Accelern.sys [42672 2010-01-18] (ST Microelectronics)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [32792 2016-03-27] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [35096 2016-03-27] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [91168 2016-03-27] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [91232 2016-03-27] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [58776 2016-03-27] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [816304 2016-03-27] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [447848 2016-03-27] (AVAST Software)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [127432 2016-03-27] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [221240 2016-03-27] (AVAST Software)
R3 BCM42RLY; C:\Windows\System32\drivers\BCM42RLY.sys [18424 2010-02-02] (Broadcom Corporation)
R3 cvusbdrv; C:\Windows\System32\Drivers\cvusbdrv.sys [33832 2009-10-30] (Broadcom Corporation)
R1 DNE; C:\Windows\System32\DRIVERS\dnelwf.sys [108368 2013-10-03] (Citrix Systems, Inc.)
R1 DVMIO; D:\Program Files\Dell\Reader 2.1\dvmio.sys [18320 2010-05-04] (DeviceVM, Inc.)
R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [389456 2015-07-27] (Symantec Corporation)
S3 FTDIBUS; C:\Windows\System32\drivers\ftdibus.sys [77808 2014-01-31] (FTDI Ltd.)
S2 MCUSBPM3; C:\Windows\System32\Drivers\PM3w2k.sys [12447 2004-03-22] (Microchip Technology, Inc.) [File not signed]
S3 NAL; C:\Windows\system32\Drivers\iqvw32.sys [30880 2010-02-03] (Intel Corporation )
S3 Netaapl; C:\Windows\System32\DRIVERS\netaapl.sys [18432 2011-08-02] (Apple Inc.) [File not signed]
R0 PBADRV; C:\Windows\System32\DRIVERS\PBADRV.sys [26608 2008-06-04] (Dell Inc)
R2 risdpcie; C:\Windows\System32\DRIVERS\risdpe86.sys [59904 2010-03-21] (REDC)
S3 rixdpcie; C:\Windows\system32\DRIVERS\rixdpe86.sys [38912 2010-03-21] (REDC)
S3 silabenm; C:\Windows\System32\DRIVERS\silabenm.sys [17920 2009-10-08] (Silicon Laboratories, Inc.)
S3 silabser; C:\Windows\System32\DRIVERS\silabser.sys [63872 2009-10-08] (Silicon Laboratories)
R0 stdflt; C:\Windows\System32\DRIVERS\stdfltn.sys [17072 2010-01-18] (ST Microelectronics)
R2 SWIPsec; C:\Windows\system32\Drivers\SWIPsec.sys [95120 2014-03-06] (Dell SonicWALL, Inc.)
S3 SWVNIC; C:\Windows\System32\DRIVERS\swvnic.sys [21016 2013-08-26] (SonicWALL, Inc.)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [24688 2016-03-27] ()
R3 wanatw; C:\Windows\System32\DRIVERS\wanatw4.sys [33588 2006-11-29] (America Online, Inc.)
R2 WavxDMgr; C:\Windows\System32\DRIVERS\WavxDMgr.sys [229888 2010-01-19] (Wave Systems Corp.) [File not signed]
U5 BTHPORT; C:\Windows\System32\Drivers\BTHPORT.sys [393728 2012-07-06] () [File not signed]
U3 catchme; \??\C:\Users\TEST1\AppData\Local\Temp\catchme.sys [X]
S3 EraserUtilDrv11410; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11410.sys [X]
U3 mbr; \??\C:\ComboFix\mbr.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-03-28 22:39 - 2016-03-28 22:40 - 00021188 _____ C:\Users\TEST1\Desktop\FRST.txt
2016-03-28 20:52 - 2016-03-28 20:52 - 00024803 _____ C:\Users\TEST1\Desktop\Combofixlog.txt
2016-03-28 20:47 - 2016-03-28 20:47 - 00024803 _____ C:\ComboFix.txt
2016-03-28 20:12 - 2016-03-28 20:48 - 00000000 ____D C:\Qoobox
2016-03-28 20:12 - 2016-03-28 20:45 - 00000000 ____D C:\Windows\erdnt
2016-03-28 20:12 - 2011-06-26 02:45 - 00256000 _____ C:\Windows\PEV.exe
2016-03-28 20:12 - 2010-11-07 13:20 - 00208896 _____ C:\Windows\MBR.exe
2016-03-28 20:12 - 2009-04-20 00:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2016-03-28 20:12 - 2000-08-30 20:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2016-03-28 20:12 - 2000-08-30 20:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2016-03-28 20:12 - 2000-08-30 20:00 - 00098816 _____ C:\Windows\sed.exe
2016-03-28 20:12 - 2000-08-30 20:00 - 00080412 _____ C:\Windows\grep.exe
2016-03-28 20:12 - 2000-08-30 20:00 - 00068096 _____ C:\Windows\zip.exe
2016-03-28 20:10 - 2016-03-28 20:07 - 05659241 ____R (Swearware) C:\Users\TEST1\Desktop\ComboFix.exe
2016-03-28 20:07 - 2016-03-28 20:08 - 05659241 _____ (Swearware) C:\Users\TEST1\Downloads\ComboFix (1).exe
2016-03-28 20:07 - 2016-03-28 20:07 - 05659241 _____ (Swearware) C:\Users\TEST1\Downloads\ComboFix.exe
2016-03-28 08:39 - 2016-03-28 08:40 - 74637872 _____ (Logitech, Inc.) C:\Users\TEST1\Downloads\lws251 (1).exe
2016-03-28 08:18 - 2016-03-28 08:18 - 00000576 _____ C:\Users\TEST1\Desktop\malware bytes2.txt
2016-03-28 08:07 - 2016-03-28 08:07 - 00002246 _____ C:\Users\TEST1\Desktop\JRT.txt
2016-03-28 07:58 - 2016-03-28 07:57 - 01610352 _____ (Malwarebytes) C:\Users\TEST1\Desktop\JRT.exe
2016-03-28 07:57 - 2016-03-28 07:57 - 01610352 _____ (Malwarebytes) C:\Users\TEST1\Downloads\JRT.exe
2016-03-28 07:54 - 2016-03-28 07:54 - 00003764 _____ C:\Users\TEST1\Desktop\AdwCleaner[C1].txt
2016-03-28 07:50 - 2016-03-28 07:50 - 00003386 _____ C:\Users\TEST1\Desktop\AdwCleaner[S1].txt
2016-03-28 00:39 - 2016-03-28 07:50 - 00000000 ____D C:\AdwCleaner
2016-03-28 00:39 - 2016-03-28 00:37 - 01538560 _____ C:\Users\TEST1\Desktop\adwcleaner_5.106.exe
2016-03-28 00:38 - 2016-03-28 00:38 - 00000576 _____ C:\Users\TEST1\Desktop\malware bytes.txt
2016-03-28 00:37 - 2016-03-28 00:37 - 01538560 _____ C:\Users\TEST1\Downloads\adwcleaner_5.106.exe
2016-03-27 23:42 - 2016-03-28 08:14 - 00170200 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-03-27 23:41 - 2016-03-27 23:41 - 00001062 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-03-27 23:41 - 2016-03-27 23:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-03-27 23:41 - 2016-03-27 23:41 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-03-27 23:41 - 2016-03-27 23:41 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2016-03-27 23:41 - 2016-03-10 14:09 - 00053120 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-03-27 23:41 - 2016-03-10 14:08 - 00126336 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-03-27 23:41 - 2016-03-10 14:08 - 00024448 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-03-27 23:40 - 2016-03-27 23:40 - 22851472 _____ (Malwarebytes ) C:\Users\TEST1\Desktop\mbam-setup-2.2.1.1043.exe
2016-03-27 23:39 - 2016-03-27 23:40 - 22851472 _____ (Malwarebytes ) C:\Users\TEST1\Downloads\mbam-setup-2.2.1.1043.exe
2016-03-27 23:29 - 2016-03-27 23:29 - 00008212 _____ C:\Users\TEST1\Downloads\rogue killer.txt
2016-03-27 22:32 - 2016-03-27 22:32 - 00024688 _____ C:\Windows\system32\Drivers\TrueSight.sys
2016-03-27 22:31 - 2016-03-27 22:31 - 00000000 ____D C:\ProgramData\RogueKiller
2016-03-27 22:28 - 2016-03-27 22:29 - 19655240 _____ C:\Users\TEST1\Desktop\RogueKiller.exe
2016-03-27 17:58 - 2016-03-27 23:45 - 00000000 ____D C:\Users\TEST1\Desktop\Desktop 03_27_2016
2016-03-27 17:58 - 2016-03-27 18:02 - 00045394 _____ C:\Users\TEST1\Downloads\Addition.txt
2016-03-27 17:57 - 2016-03-27 17:57 - 00001120 _____ C:\Users\Public\Desktop\Avast SafeZone Browser.lnk
2016-03-27 17:57 - 2016-03-27 17:57 - 00001120 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
2016-03-27 17:56 - 2016-03-27 17:56 - 00035096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2016-03-27 17:54 - 2016-03-27 18:02 - 00034984 _____ C:\Users\TEST1\Downloads\FRST.txt
2016-03-27 17:53 - 2016-03-28 22:39 - 00000000 ____D C:\FRST
2016-03-27 17:52 - 2016-03-27 17:53 - 01725440 _____ (Farbar) C:\Users\TEST1\Desktop\FRST.exe
2016-03-27 17:52 - 2016-03-27 17:52 - 00000000 ____D C:\Users\TEST1\AppData\Roaming\AVAST Software
2016-03-27 17:51 - 2016-03-27 17:51 - 00002077 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2016-03-27 17:51 - 2016-03-27 17:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2016-03-27 17:51 - 2016-03-27 17:51 - 00000000 ____D C:\Program Files\Common Files\AV
2016-03-27 17:50 - 2016-03-27 17:51 - 00816304 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2016-03-27 17:50 - 2016-03-27 17:51 - 00447848 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2016-03-27 17:50 - 2016-03-27 17:51 - 00221240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswvmm.sys
2016-03-27 17:50 - 2016-03-27 17:51 - 00091168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswmonflt.sys
2016-03-27 17:50 - 2016-03-27 17:50 - 00334280 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2016-03-27 17:50 - 2016-03-27 17:50 - 00127432 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2016-03-27 17:50 - 2016-03-27 17:50 - 00091232 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2016-03-27 17:50 - 2016-03-27 17:50 - 00058776 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2016-03-27 17:50 - 2016-03-27 17:50 - 00052184 _____ (AVAST Software) C:\Windows\avastSS.scr
2016-03-27 17:50 - 2016-03-27 17:50 - 00032792 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2016-03-27 17:49 - 2016-03-27 17:56 - 00000000 ____D C:\Program Files\AVAST Software
2016-03-27 17:48 - 2016-03-27 17:56 - 00000000 ____D C:\ProgramData\AVAST Software
2016-03-27 17:29 - 2016-03-27 17:31 - 201900432 _____ (AVAST Software) C:\Users\TEST1\Downloads\avast_free_antivirus_setup.exe
2016-03-25 14:48 - 2016-03-25 14:48 - 00104082 _____ C:\Users\TEST1\Desktop\Kansas City Hotel.pdf
2016-03-20 08:12 - 2016-03-20 08:12 - 00000000 ____D C:\Users\TEST1\Desktop\Chicken Coop
2016-03-17 23:01 - 2016-03-17 23:01 - 00695182 _____ C:\Users\TEST1\Downloads\The Quick Start Guide to Fishing Cape Cod PDF.pdf
2016-03-08 20:50 - 2016-02-12 14:39 - 02956288 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2016-03-08 20:50 - 2016-02-12 14:39 - 00174080 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2016-03-08 20:50 - 2016-02-12 14:26 - 00073728 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2016-03-08 20:50 - 2016-02-12 14:07 - 02062848 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2016-03-08 20:50 - 2016-02-12 14:06 - 00573440 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2016-03-08 20:50 - 2016-02-12 14:05 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2016-03-08 20:50 - 2016-02-12 14:05 - 00093696 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2016-03-08 20:50 - 2016-02-12 14:05 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2016-03-08 20:50 - 2016-02-12 14:05 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2016-03-08 20:50 - 2016-02-12 14:05 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2016-03-08 20:50 - 2016-02-12 14:05 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2016-03-08 08:31 - 2016-03-08 08:31 - 01771563 _____ C:\Users\TEST1\Downloads\4723-20Jan2015.pdf
2016-03-05 07:59 - 2016-03-05 07:59 - 00029045 _____ C:\Users\TEST1\Downloads\6284-01Mar2016 (2).pdf
2016-03-05 07:58 - 2016-03-05 07:58 - 00029045 _____ C:\Users\TEST1\Downloads\6284-01Mar2016 (1).pdf
2016-03-05 07:51 - 2016-03-05 07:51 - 00029045 _____ C:\Users\TEST1\Downloads\6284-01Mar2016.pdf
2016-03-01 07:17 - 2016-03-01 07:17 - 00071898 _____ C:\Users\TEST1\Downloads\ATT00002 (1).htm
2016-02-29 23:29 - 2016-02-29 23:29 - 00390136 _____ C:\Users\TEST1\Desktop\Rental Car Reservation.pdf
2016-02-29 22:53 - 2016-02-29 22:53 - 00962046 _____ C:\Users\TEST1\Downloads\Refrigerants-and-their-Responsible-Use-Position-Document-2014-pdf.pdf
2016-02-29 22:41 - 2016-02-29 22:41 - 03345502 _____ C:\Users\TEST1\Downloads\LFRT-007_Celstran_AutoPPT_AM_1013.pdf
2016-02-28 10:26 - 2016-02-28 10:26 - 00113664 _____ C:\Users\TEST1\Desktop\440 Fywheel Balance.SLDASM
2016-02-27 08:35 - 2016-03-27 13:47 - 00000000 ____D C:\Users\TEST1\AppData\Local\ElevatedDiagnostics

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-03-28 22:32 - 2011-09-12 09:19 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-03-28 20:47 - 2012-04-03 15:51 - 00000000 ____D C:\Users\PENTHERMAL
2016-03-28 20:43 - 2009-07-13 22:04 - 00000215 _____ C:\Windows\system.ini
2016-03-28 20:05 - 2015-12-17 10:25 - 00000000 ____D C:\Users\dolsen\Desktop\Natural Gas Compressor
2016-03-28 19:57 - 2009-07-14 00:34 - 00025424 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-03-28 19:57 - 2009-07-14 00:34 - 00025424 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-03-28 19:00 - 2015-03-10 12:16 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d05b4d8adc44a1.job
2016-03-28 08:45 - 2016-01-23 03:56 - 00000000 ____D C:\Program Files\Common Files\logishrd
2016-03-28 08:43 - 2016-01-23 04:13 - 00001584 _____ C:\Users\Public\Desktop\Logitech Webcam Software .lnk
2016-03-28 08:43 - 2016-01-23 04:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
2016-03-28 07:52 - 2009-07-14 00:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-03-28 05:05 - 2009-07-13 22:37 - 00000000 ____D C:\Windows\rescache
2016-03-28 00:37 - 2012-04-03 15:51 - 00000000 ____D C:\Program Files\searchcom_004
2016-03-27 17:49 - 2009-07-13 22:37 - 00000000 ____D C:\Windows\inf
2016-03-25 18:38 - 2016-01-19 23:21 - 00000000 ____D C:\Users\TEST1\AppData\Local\TempSWBackupDirectory
2016-03-25 15:46 - 2016-02-14 14:19 - 00000123 _____ C:\Windows\wpd99.drv
2016-03-25 15:46 - 2016-02-14 14:19 - 00000000 ____D C:\ProgramData\pdf995
2016-03-25 08:32 - 2011-01-13 14:27 - 00000144 _____ C:\Windows\system32\config\netlogon.ftl
2016-03-25 08:24 - 2016-01-19 23:19 - 00000000 ____D C:\Users\TEST1\AppData\Roaming\SolidWorks
2016-03-23 06:49 - 2016-01-26 13:04 - 00002028 ____H C:\Users\TEST1\Documents\Default.rdp
2016-03-14 18:28 - 2012-03-02 11:20 - 00002143 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-03-14 18:28 - 2012-03-02 11:20 - 00002131 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-03-08 19:59 - 2016-01-23 03:12 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-03-07 09:50 - 2015-09-28 12:40 - 430973952 _____ C:\Users\dolsen\Desktop\2006Receivedarchive.pst
2016-03-07 09:50 - 2011-01-19 12:44 - 1950368768 _____ C:\Users\dolsen\Desktop\OldEmail.pst
2016-03-07 09:50 - 2011-01-17 09:11 - 00000000 ____D C:\Users\dolsen\Documents\Outlook Files
2016-03-05 08:10 - 2016-01-19 15:10 - 00000000 ____D C:\Users\TEST1\AppData\Local\Adobe
2016-03-02 07:24 - 2011-01-17 08:47 - 00140472 _____ C:\Users\dolsen\AppData\Local\GDIPFONTCACHEV1.DAT
2016-02-29 23:51 - 2011-06-08 14:29 - 00000000 ____D C:\temp
2016-02-28 10:32 - 2011-01-19 08:37 - 00000000 ____D C:\ProgramData\FLEXnet
2016-02-27 08:41 - 2009-07-14 00:33 - 00484688 _____ C:\Windows\system32\FNTCACHE.DAT
2016-02-27 08:39 - 2009-07-13 22:37 - 00000000 ____D C:\Windows\system32\NDF

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-03-19 19:28

==================== End of FRST.txt ============================

 

[dolsen]

Additional scan result of Farbar Recovery Scan Tool (x86) Version:05-03-2016 01
Ran by TEST1 (2016-03-28 22:41:47)
Running from C:\Users\TEST1\Desktop
Windows 7 Professional Service Pack 1 (X86) (2011-01-13 18:24:50)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3056380410-417315007-640916887-500 - Administrator - Disabled)
dolsen (S-1-5-21-3056380410-417315007-640916887-1002 - Administrator - Enabled)
dolsen2 (S-1-5-21-3056380410-417315007-640916887-1000 - Administrator - Enabled) => C:\Users\dolsen2
dolsentest (S-1-5-21-3056380410-417315007-640916887-1001 - Administrator - Enabled)
Guest (S-1-5-21-3056380410-417315007-640916887-501 - Limited - Enabled)
TEST1 (S-1-5-21-3056380410-417315007-640916887-1003 - Administrator - Enabled) => C:\Users\TEST1

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

AccelerometerP11 (HKLM\...\{87434D51-51DB-4109-B68F-A829ECDCF380}) (Version: 2.00.00.12 - STMicroelectronics)
Adobe Acrobat 9 Standard (HKLM\...\{AC76BA86-1033-0000-BA7E-000000000004}{AC76BA86-1033-0000-BA7E-000000000004}) (Version: 9.0.0 - Adobe Systems)
Adobe Acrobat Reader DC (HKLM\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.010.20060 - Adobe Systems Incorporated)
Adobe Flash Player 20 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 20.0.0.286 - Adobe Systems Incorporated)
Adobe Flash Player 20 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 20.0.0.286 - Adobe Systems Incorporated)
Advanced Monitoring Agent GP (Version: 1.0 - InstallAware Software Corporation) Hidden
AOL Uninstaller (Choose which Products to Remove) (HKLM\...\AOL Uninstaller) (Version: - AOL Inc.)
Apple Application Support (32-bit) (HKLM\...\{7FA9ECCF-A2DE-4DA1-BFF3-81260DBDA68F}) (Version: 4.1.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{9A629DCB-415D-4A50-85B9-5C2E4F8F74A8}) (Version: 9.1.0.6 - Apple Inc.)
Apple Software Update (HKLM\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
Avast Free Antivirus (HKLM\...\Avast) (Version: 11.1.2253 - AVAST Software)
BioAPI Framework (Version: 1.0.1 - Dell Inc.) Hidden
Bonjour (HKLM\...\{D168AAD0-6686-47C1-B599-CDD4888B9D1A}) (Version: 3.1.0.1 - Apple Inc.)
CameraHelperMsi (Version: 13.51.815.0 - Logitech) Hidden
CanoScan LiDE 110 Scanner Driver (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_cnq2414) (Version: - )
Cisco EAP-FAST Module (HKLM\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
CyberLink PowerDVD 9.5 (HKLM\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.5.1.3225 - CyberLink Corp.)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Backup and Recovery Manager (HKLM\...\{4688EB75-28E2-4731-9BCB-55E624F7CD45}) (Version: 1.3 - Dell Inc.)
Dell Control Point (Version: 1.6.468.86 - Broadcom Corporation) Hidden
Dell ControlPoint Security Manager (HKLM\...\{F4487649-7368-4217-AEA3-1E04DB3E2C5C}) (Version: 1.6.468.86 - Dell Inc.)
Dell ControlVault Host Components Installer (Version: 1.7.459.360 - Broadcom Corporation) Hidden
Dell Edoc Viewer (HKLM\...\{3138EAD3-700B-4A10-B617-B3F8096EE30D}) (Version: 1.0.0 - Dell Inc)
Dell Embassy Trust Suite by Wave Systems (Version: 03.05.04.002 - Wave Systems Corp) Hidden
Dell Security Device Driver Pack (HKLM\...\{FF1DDCF4-3A28-4F7F-96D8-E3F4BD1C1702}) (Version: 1.4.055 - Dell Inc.)
Dell System Manager (HKLM\...\{C8B8C745-D288-41B4-9512-01E397F77449}) (Version: 1.5.00000 - Dell Inc.)
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.1007.101.205 - ALPS ELECTRIC CO., LTD.)
Dell Webcam Central (HKLM\...\Dell Webcam Central) (Version: 1.40.28 - Creative Technology Ltd)
DirectX 9 Runtime (Version: 1.00.0000 - Sonic Solutions) Hidden
Document Manager Lite (Version: 06.09.00.159 - Wave Systems Corp.) Hidden
DW WLAN Card Utility (HKLM\...\DW WLAN Card Utility) (Version: 5.60.48.35 - Dell Inc.)
EMBASSY Security Center (Version: 04.00.00.101 - Wave Systems Corp) Hidden
EMBASSY Security Setup (Version: 04.00.00.090 - Wave Systems Corp) Hidden
erLT (Version: 1.20.138.34 - Logitech, Inc.) Hidden
ESC Home Page Plugin (Version: 04.00.00.018 - Wave Systems Corp) Hidden
Gemalto (Version: 01.01.00.0000 - Wave Systems Corp) Hidden
Global VPN Client (HKLM\...\{8CFC9AF3-8B53-45F4-99EF-953F68432F80}) (Version: 4.9.4 - Dell SonicWALL)
Google Chrome (HKLM\...\Google Chrome) (Version: 49.0.2623.87 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.7210.1528 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.29.5 - Google Inc.) Hidden
GoToAssist Customer 2.6.0.948 (HKLM\...\GoToAssist Express Customer) (Version: 2.6.0.948 - Citrix Online)
H&R Block Deluxe + Efile + State 2015 (HKLM\...\{E7BFC29A-9459-4534-9E35-BF1D66A18BAA}) (Version: 15.05.6901 - HRB Technology, LLC.)
HyperTerminal Private Edition v7.0 (HKLM\...\HTPE3) (Version: - )
Intel(R) Graphics Media Accelerator Driver (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2182 - Intel Corporation)
Intel(R) Network Connections 15.2.89.0 (HKLM\...\PROSetDX) (Version: 15.2.89.0 - Dell)
Intel(R) Rapid Storage Technology (HKLM\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.0.1014 - Intel Corporation)
iTunes (HKLM\...\{2C741651-87E0-4479-9703-6DD0D7988B84}) (Version: 12.3.2.35 - Apple Inc.)
Java 8 Update 45 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Logitech Webcam Software (HKLM\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.51 - Logitech Inc.)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Mesh Runtime (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
MFCLOC (Version: 1.00.0000 - Dell Inc.) Hidden
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 2003 Web Components (HKLM\...\{90120000-00A4-0409-0000-0000000FF1CE}) (Version: 12.0.6213.1000 - Microsoft Corporation)
Microsoft Office Home and Business 2010 (HKLM\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Project 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-003A-0000-0000-0000000FF1CE}_PRJSTDR_{8446EB22-A746-46DC-B1BD-E0DFA1F3CDDA}) (Version: - Microsoft)
Microsoft Office Project Standard 2007 (HKLM\...\PRJSTDR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2005 Tools for Applications - ENU (HKLM\...\Microsoft Visual Studio 2005 Tools for Applications - ENU) (Version: - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 38.0.5 (x86 en-US) (HKLM\...\Mozilla Firefox 38.0.5 (x86 en-US)) (Version: 38.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 38.0.5 - Mozilla)
MPLAB Tools v8.76 (HKLM\...\InstallShield_{110ACDD7-71B0-4A09-B45C-4A4C5CFA3103}) (Version: 8.76 - Microchip Technology Inc.)
MPLAB Tools v8.76 (Version: 8.76 - Microchip Technology Inc.) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Notepad++ (HKLM\...\Notepad++) (Version: 5.9 - )
NTRU TCG Software Stack (Version: 2.1.29 - NTRU Cryptosystems) Hidden
Open Book HVAC Certifications 4.2.00 (HKLM\...\9588-9510-0199-4620) (Version: 4.2.00 - Mainstream Engineering Corporation)
Pdf995 (HKLM\...\Pdf995) (Version: 15.0s - )
PdfEdit995 (HKLM\...\PdfEdit995) (Version: - )
PhotoShowExpress (Version: 2.0.028 - Sonic Solutions) Hidden
PhotoView 360 (Version: 18.00.5035 - SolidWorks Corporation) Hidden
PL-2303 USB-to-Serial (HKLM\...\{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}) (Version: 1.6.1 - Prolific Technology INC)
Preboot Manager (Version: 03.00.00.154 - Wave Systems Corp.) Hidden
Private Information Manager (Version: 06.04.00.065 - Wave Systems Corp.) Hidden
QuickTime (HKLM\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
Reader 2.1 (HKLM\...\Reader2.1) (Version: 2.1.2.1143 - Dell Inc.)
Reader 2.1 (Version: 2.1.2.1143 - Dell Inc.) Hidden
Roxio Creator Starter (HKLM\...\{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}) (Version: 12.1.40.0 - Roxio)
SafeZone Stable 1.48.2066.44 (Version: 1.48.2066.44 - Avast Software) Hidden
Search.com Bar (HKLM\...\searchcom_004) (Version: 1.0.0.0 - Visicom Media Inc.)
Secop CapSel (HKLM\...\{C574855D-F512-4830-9F4C-9D6E4C324B38}) (Version: 1.0.0 - Secop)
Security Wizards (Version: 01.07.00.026 - Your Company Name) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Silicon Laboratories CP210x VCP Drivers for Windows 7 (HKLM\...\{7300A70A-BB87-41CD-BAD6-C8DA5508EBE2}) (Version: 5.40.24 - Silicon Laboratories, Inc.)
Skype™ 7.0 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
SolidWorks 2010 SP0 (HKLM\...\SolidWorks Installation Manager 20100-40000-1100-200) (Version: 18.0.0.5035 - SolidWorks Corporation)
SolidWorks 2010 SP0 (Version: 18.100.5035 - SolidWorks) Hidden
SolidWorks 2011 SP05 (HKLM\...\SolidWorks Installation Manager 20110-40500-1100-200) (Version: 19.5.0.91 - SolidWorks Corporation)
SolidWorks 2011 SP05 (Version: 19.150.91 - SolidWorks) Hidden
SolidWorks 2012 SP03 (HKLM\...\SolidWorks Installation Manager 20120-40300-1100-200) (Version: 20.3.0.66 - SolidWorks Corporation)
SolidWorks 2012 SP03 (Version: 20.130.66 - SolidWorks) Hidden
SolidWorks eDrawings 2010 (Version: 10.0.727 - Dassault Systèmes SolidWorks Corp.) Hidden
SolidWorks eDrawings 2011 SP05 (Version: 11.5.111 - Dassault Systèmes SolidWorks Corp.) Hidden
SolidWorks eDrawings 2012 SP03 (Version: 12.3.113 - Dassault Systèmes SolidWorks Corp.) Hidden
SolidWorks Explorer 2010 SP0 (Version: 18.00.5035 - SolidWorks Corporation) Hidden
SolidWorks Explorer 2011 SP05 (Version: 19.50.91 - SolidWorks Corporation) Hidden
SolidWorks Explorer 2012 SP03 (Version: 20.30.66 - SolidWorks Corporation) Hidden
SolidWorks Flow Simulation 2010 SP0 (Version: 18.00.5036 - SolidWorks Corporation) Hidden
SolidWorks Flow Simulation 2011 SP05 (Version: 19.50.92 - SolidWorks Corporation) Hidden
SolidWorks Flow Simulation 2012 SP03 (Version: 20.30.67 - SolidWorks Corporation) Hidden
Sonic CinePlayer Decoder Pack (Version: 4.3.0 - Sonic Solutions) Hidden
Trusted Drive Manager (Version: 3.3.3.104 - Wave Systems Corp.) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-003A-0000-0000-0000000FF1CE}_PRJSTDR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
UPEK TouchChip Fingerprint Reader (Version: 1.2.0 - Dell Inc.) Hidden
Watts Up USB (HKLM\...\Watts Up USB) (Version: - )
Wave Infrastructure Installer (Version: 07.01.31.0000 - Wave Systems Corp) Hidden
Wave Support Software (Version: 05.10.00.073 - Wave Systems Corp) Hidden
Windows Driver Package - Dell Inc. PBADRV System (09/11/2009 1.0.1.6) (HKLM\...\9512AA21B791B05A54E27065C45BBC417AB282DF) (Version: 09/11/2009 1.0.1.6 - Dell Inc.)
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
WinRAR 4.00 beta 6 (32-bit) (HKLM\...\WinRAR archiver) (Version: 4.00.6 - win.rar GmbH)
Word Password Recovery Master 3.5 (HKLM\...\Word Password Recovery Master_is1) (Version: - )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {1BD1B48C-7652-4A80-96BB-0ED1C11F6154} - System32\Tasks\SafeZone scheduled Autoupdate 1459115837 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2016-02-01] (Avast Software)
Task: {227922BA-6C6E-49EC-8356-331B20FA8890} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-17] (Adobe Systems Incorporated)
Task: {3E87623D-E830-41D3-BDEA-4C7696EF79C0} - System32\Tasks\{2DC2BBC6-0F44-4CD3-870C-B78DFAA811BE} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.9.0.123/en/abandoninstall?page=tsProgressBar
Task: {85C32CCD-C4BD-4D06-A169-9A264B80AFA7} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2016-03-27] (AVAST Software)
Task: {8FD4FA99-A27D-42CF-BC94-758D2E2F8035} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {A5BA0DBD-D16F-42D2-8A14-832C2DBB37B4} - System32\Tasks\{359D53C5-8B46-43DA-BB0E-72FFDB3F6E15} => pcalua.exe -a C:\dell\Drivers\2FYHT\Vi32\Uninstap.exe -d C:\dell\Drivers\2FYHT\Vi32
Task: {AB3CA946-71A3-4DB6-9A29-D6E5A62B8C3A} - System32\Tasks\{F5698122-9EE2-4BEC-B9D7-B0371335491D} => pcalua.exe -a C:\Users\dolsen\AppData\Local\Temp\Temp1_brushless_inside_demo[1].zip\brushless_inside_demo\Setup.exe
Task: {AE62E26C-22B4-4AAD-BD7C-FE15D9E5275D} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-03-27] (AVAST Software)
Task: {DF520A73-96C7-485E-A875-A089402826A9} - System32\Tasks\{1FFD065E-A21D-4777-84FB-5D609D3A0F60} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.9.0.123/en/abandoninstall?page=tsProgressBar
Task: {E1EFFDF3-1A25-4EC2-BD95-17D4EAB7A102} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2015-08-27] (Apple Inc.)
Task: {FD16815E-D938-48B2-B46D-60511501023B} - System32\Tasks\GoogleUpdateTaskMachineCore1d05b4d8adc44a1 => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {FFCD07D5-55C5-4810-A9CF-08DFD980D692} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d05b4d8adc44a1.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2016-03-27 17:50 - 2016-03-27 17:50 - 00113496 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2016-03-27 17:50 - 2016-03-27 17:50 - 00133768 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2016-03-28 07:35 - 2016-03-28 07:35 - 02846208 _____ () C:\Program Files\AVAST Software\Avast\defs\16032800\algo.dll
2016-03-27 17:50 - 2016-03-27 17:50 - 00480760 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2016-03-28 19:00 - 2016-03-28 19:00 - 02846208 _____ () C:\Program Files\AVAST Software\Avast\defs\16032801\algo.dll
2016-02-14 14:19 - 2016-02-14 14:20 - 00036864 _____ () C:\Windows\System32\pdf995mon.dll
2015-12-17 19:39 - 2015-12-17 19:39 - 00073512 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-12-17 19:39 - 2015-12-17 19:39 - 01040144 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2016-03-27 17:50 - 2016-03-27 17:50 - 40539648 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2015-03-16 14:16 - 2015-03-16 14:16 - 00172032 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\a8cc5328055703eb83b53ab064e48b73\IsdiInterop.ni.dll
2011-01-04 11:28 - 2010-03-03 22:08 - 00058880 _____ () C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2012-09-13 01:38 - 2012-09-13 01:38 - 02144104 _____ () C:\Program Files\Logitech\LWS\Webcam Software\QtCore4.dll
2012-09-13 01:38 - 2012-09-13 01:38 - 07955304 _____ () C:\Program Files\Logitech\LWS\Webcam Software\QtGui4.dll
2012-09-13 01:38 - 2012-09-13 01:38 - 00341352 _____ () C:\Program Files\Logitech\LWS\Webcam Software\QtXml4.dll
2012-09-13 01:38 - 2012-09-13 01:38 - 00028008 _____ () C:\Program Files\Logitech\LWS\Webcam Software\imageformats\QGif4.dll
2012-09-13 01:38 - 2012-09-13 01:38 - 00127336 _____ () C:\Program Files\Logitech\LWS\Webcam Software\imageformats\QJpeg4.dll
2015-12-15 12:14 - 2015-12-15 12:14 - 00048640 _____ () C:\Program Files\AOL Desktop 9.8.2\zlib.dll
2015-12-15 12:14 - 2015-12-15 12:14 - 21151232 _____ () C:\Program Files\AOL Desktop 9.8.2\libcef.dll
2015-12-15 12:14 - 2015-12-15 12:14 - 00648704 _____ () C:\Program Files\AOL Desktop 9.8.2\libglesv2.dll
2015-12-15 12:14 - 2015-12-15 12:14 - 00122880 _____ () C:\Program Files\AOL Desktop 9.8.2\libegl.dll
2011-02-16 17:30 - 2011-02-08 16:42 - 00140288 _____ () C:\Program Files\WinRAR\rarext.dll
2016-03-14 18:28 - 2016-03-07 22:48 - 01676440 _____ () C:\Program Files\Google\Chrome\Application\49.0.2623.87\libglesv2.dll
2016-03-14 18:28 - 2016-03-07 22:48 - 00086168 _____ () C:\Program Files\Google\Chrome\Application\49.0.2623.87\libegl.dll
2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\office14\Cultures\office.odf

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\GoToAssist Remote Support Customer => ""="Service"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:04 - 2016-03-28 20:43 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3056380410-417315007-640916887-1003\Control Panel\Desktop\\Wallpaper -> C:\Users\TEST1\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 1) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Dell System Manager.lnk => C:\Windows\pss\Dell System Manager.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^SolidWorks Background Downloader.lnk => C:\Windows\pss\SolidWorks Background Downloader.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^TdmNotify.lnk => C:\Windows\pss\TdmNotify.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^TEST1^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Logitech . Product Registration.lnk => C:\Windows\pss\Logitech . Product Registration.lnk.Startup
MSCONFIG\startupreg: Acrobat Assistant 8.0 => "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
MSCONFIG\startupreg: Adobe Acrobat Speed Launcher => "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: AOL Fast Start => "C:\Program Files\AOL Desktop 9.8.2\AOL.EXE" -b
MSCONFIG\startupreg: Apoint => C:\Program Files\DellTPad\Apoint.exe
MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: Broadcom Wireless Manager UI => C:\Program Files\Dell\DW WLAN Card\WLTRAY.exe
MSCONFIG\startupreg: DBRMTray => C:\Dell\DBRM\Reminder\DbrmTrayIcon.exe
MSCONFIG\startupreg: Dell Webcam Central => "C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
MSCONFIG\startupreg: DellBtrEvent => D:\Program Files\Dell\Reader 2.1\DellBtrEvent.exe
MSCONFIG\startupreg: Desktop Disc Tool => "C:\Program Files\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
MSCONFIG\startupreg: HostManager => C:\Program Files\Common Files\AOL\1453259556\ee\AOLSoftware.exe
MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
MSCONFIG\startupreg: IAStorIcon => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: PDVD9LanguageShortcut => "C:\Program Files\CyberLink\PowerDVD9\Language\Language.exe"
MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: RemoteControl9 => "C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe"
MSCONFIG\startupreg: RoxWatchTray => "C:\Program Files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
MSCONFIG\startupreg: Sidebar => C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
MSCONFIG\startupreg: Skype => "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: Spotify => "C:\Users\dolsen\AppData\Roaming\Spotify\Spotify.exe" -autostart -minimized
MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\dolsen\AppData\Roaming\Spotify\SpotifyWebHelper.exe"
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: swg => "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
MSCONFIG\startupreg: SysTrayApp => C:\Program Files\IDT\WDM\sttray.exe
MSCONFIG\startupreg: USCService => C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe
MSCONFIG\startupreg: WavXMgr => C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{8F8FB5AF-D16B-4A1C-88A0-7B0B1612C311}] => (Allow) C:\Program Files\CyberLink\PowerDVD9\PowerDVD Cinema\PowerDVDCinema.exe
FirewallRules: [{B42ACCA1-9F03-41F9-B1AE-42F768B74E43}] => (Allow) C:\Program Files\CyberLink\PowerDVD9\PowerDVD9.EXE
FirewallRules: [{D54B97C3-9352-4BB6-B25E-321F9EBF02D1}] => (Allow) C:\Program Files\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{4BCAB031-E009-46A0-B256-17D60C68881A}] => (Allow) LPort=2869
FirewallRules: [{CA27A5E5-589D-4CAB-B370-5EFC9DEBEFB7}] => (Allow) LPort=1900
FirewallRules: [{DF64CCC3-0D4F-42EE-B364-878FF45401A2}] => (Allow) C:\Program Files\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{3A5C894E-FB9F-4241-84AA-E25412810B89}] => (Allow) C:\Program Files\Windows Live\Mesh\MOE.exe
FirewallRules: [{4E1CCCC5-D20E-4C24-99DD-7AE140BBA827}] => (Allow) C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
FirewallRules: [{F20FC7ED-66BC-4BD1-A5D4-802EB551990A}] => (Allow) C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
FirewallRules: [{4FC9D28D-82E0-48A6-B926-F65535BD6ABE}] => (Allow) C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE
FirewallRules: [{E87ACB9E-A2D6-4A08-8E64-1D3F31648B84}] => (Allow) C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE
FirewallRules: [{71AA21F3-5730-4AD1-BD75-70F0E7C9D0FB}] => (Allow) C:\Program Files\Common Files\Symantec Shared\ccApp.exe
FirewallRules: [{357FEBBE-D046-496A-9D06-47218FF4A544}] => (Allow) C:\Program Files\Common Files\Symantec Shared\ccApp.exe
FirewallRules: [{6F43C2D8-705A-43BB-94E1-B71E8B361FF4}] => (Allow) C:\Program Files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe
FirewallRules: [{76A282D8-584C-46D4-8B8F-E40B8D541AA4}] => (Allow) C:\Program Files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe
FirewallRules: [{7CEE139A-B76D-49C0-AAA2-7FE20C9D3583}] => (Allow) C:\Program Files\SolidWorks Corp\SolidWorks (2)\swScheduler\DTSCoordinatorService.exe
FirewallRules: [{75500836-7495-4E10-9801-6B5EE6B3B84F}] => (Allow) C:\Program Files\SolidWorks Corp\SolidWorks (2)\swScheduler\DTSCoordinatorService.exe
FirewallRules: [{25723BF3-2DCC-4492-AF7C-7CBD4B736B84}] => (Allow) C:\Program Files\SolidWorks Corp\SolidWorks (2)\photoview\photoview360.exe
FirewallRules: [{65FA7E88-147D-4BCA-970D-4E92067FA964}] => (Allow) C:\Program Files\SolidWorks Corp\SolidWorks (2)\photoview\photoview360.exe
FirewallRules: [{88AF4E58-D8EB-4572-A920-986321956373}] => (Allow) C:\Program Files\SolidWorks Corp\SolidWorks (2)\photoview\photoview360_cl.exe
FirewallRules: [{1272222C-033E-4706-B67F-2CBA0D23E6EC}] => (Allow) C:\Program Files\SolidWorks Corp\SolidWorks (2)\photoview\photoview360_cl.exe
FirewallRules: [{363985C7-44EF-484A-86CD-15B5D91E8348}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{F7918F78-E6DD-44B5-BC4A-EC7C88B98599}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{477CD70C-1182-4D65-A2A7-0AECDC1F3843}] => (Allow) C:\Program Files\SolidWorks Corp\SolidWorks (3)\swScheduler\DTSCoordinatorService.exe
FirewallRules: [{2E755353-2DFF-42B2-96EB-E8E734EB8D06}] => (Allow) C:\Program Files\SolidWorks Corp\SolidWorks (3)\swScheduler\DTSCoordinatorService.exe
FirewallRules: [{6210EEDB-75C9-4CD4-81A3-F0A9D3FED942}] => (Allow) C:\Program Files\SolidWorks Corp\SolidWorks (3)\photoview\photoview360.exe
FirewallRules: [{EE709568-0F50-409E-9156-CF56F97CCA36}] => (Allow) C:\Program Files\SolidWorks Corp\SolidWorks (3)\photoview\photoview360.exe
FirewallRules: [{B9920DC0-0D7C-4C4C-8CBF-3158EA8B48B0}] => (Allow) C:\Program Files\SolidWorks Corp\SolidWorks (3)\photoview\photoview360_cl.exe
FirewallRules: [{63291124-9FDE-443B-A6E2-598562AE877E}] => (Allow) C:\Program Files\SolidWorks Corp\SolidWorks (3)\photoview\photoview360_cl.exe
FirewallRules: [{634926FB-1E0C-4BF2-944D-31C1051496C8}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{21B60BE3-19BA-45BF-A1BB-16AC8CBCC9CA}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [TCP Query User{A2C75996-49A3-44CF-AE54-D0DD59AE3F14}C:\users\dolsen\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\dolsen\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{2D06F0C5-9705-4170-B317-576BAB63F8BD}C:\users\dolsen\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\dolsen\appdata\roaming\spotify\spotify.exe
FirewallRules: [{2EA9901E-24A6-4C3A-BA56-AF00C2F7F9FC}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{24637F7B-2B82-402E-9DC6-DCD6244F434F}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{E43893AD-8497-4129-BC08-2F1E09BAE0DF}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe
FirewallRules: [{E4F0D89A-9F5B-49B2-9948-9F9F6F91C7D8}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe
FirewallRules: [{CDF7C83A-9EA0-487D-80F9-E3F4AEAC6750}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{45E5CDD7-DE77-4905-922D-739B5B891D2F}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe
FirewallRules: [TCP Query User{18CDD8A5-8BB3-45A2-AC0D-2EC661DDC97C}C:\program files\dell sonicwall\global vpn client\swgvc.exe] => (Allow) C:\program files\dell sonicwall\global vpn client\swgvc.exe
FirewallRules: [UDP Query User{7952365C-F331-498E-BC32-E7804DDFD730}C:\program files\dell sonicwall\global vpn client\swgvc.exe] => (Allow) C:\program files\dell sonicwall\global vpn client\swgvc.exe
FirewallRules: [{5CC89CF5-3452-4BF1-9DC4-93DE39C7DA5B}] => (Allow) C:\Program Files\Common Files\AOL\acs\AOLDial.exe
FirewallRules: [{6F321CAE-12CF-4D0E-B441-56684C0C49E9}] => (Allow) C:\Program Files\Common Files\AOL\acs\AOLDial.exe
FirewallRules: [{3B3EECB7-66DA-48EA-9D09-DD39B3F718CD}] => (Allow) C:\Program Files\Common Files\AOL\acs\AOLacsd.exe
FirewallRules: [{AFCF4777-A497-4557-8284-ACC73B2BE4FF}] => (Allow) C:\Program Files\Common Files\AOL\acs\AOLacsd.exe
FirewallRules: [{DD5B6CBF-EA49-4797-9FFB-884866E306B7}] => (Allow) C:\Program Files\Common Files\AOL\1453245988\ee\aolsoftware.exe
FirewallRules: [{EBC51E70-EE49-4B0C-8501-10A2FEBC37A3}] => (Allow) C:\Program Files\Common Files\AOL\1453245988\ee\aolsoftware.exe
FirewallRules: [{53FB975B-6CF8-4DFD-A2E4-639846A24233}] => (Allow) C:\Program Files\AOL Desktop 9.8.2\waol.exe
FirewallRules: [{0DD81DB5-75A0-4514-8EF6-C7A31B3C4DFD}] => (Allow) C:\Program Files\AOL Desktop 9.8.2\waol.exe
FirewallRules: [{7D168142-7AC5-4AB0-A8B3-4B5373D0F97C}] => (Allow) C:\Program Files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe
FirewallRules: [{866A396D-67F3-4530-A0C0-F2F85D5A9DDE}] => (Allow) C:\Program Files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe
FirewallRules: [{4C683F90-60EC-4809-9425-D3F52496594F}] => (Allow) C:\Program Files\Common Files\AOL\Loader\aolload.exe
FirewallRules: [{28552DEC-666C-4476-AB6F-0078246E5FFB}] => (Allow) C:\Program Files\Common Files\AOL\Loader\aolload.exe
FirewallRules: [{43B67350-BAF9-4BD0-B8C4-2B64BD9D2715}] => (Allow) C:\Program Files\Common Files\AOL\System Information\sinf.exe
FirewallRules: [{5AA94F2E-5F71-4322-AAC1-D8E4DEA5C7AD}] => (Allow) C:\Program Files\Common Files\AOL\System Information\sinf.exe
FirewallRules: [{BA1AFE06-9F1F-47EB-A991-9C23F08C4EBD}] => (Allow) C:\Program Files\AOL Desktop 9.8.2a\waol.exe
FirewallRules: [{9D1C5C27-6510-4998-AEC7-CF38D717F04E}] => (Allow) C:\Program Files\AOL Desktop 9.8.2a\waol.exe
FirewallRules: [{9D090083-0641-436C-878D-B7BCC3C3F11B}] => (Allow) C:\Program Files\Common Files\AOL\1453259556\ee\aolsoftware.exe
FirewallRules: [{43BBC2B3-5C5A-4B13-A480-64FC8B6B00A8}] => (Allow) C:\Program Files\Common Files\AOL\1453259556\ee\aolsoftware.exe
FirewallRules: [TCP Query User{6B3A9D2D-7615-4173-AC88-4AC05C50964D}C:\users\dolsen\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\dolsen\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{14B5AF2B-C24F-447B-94E6-D8DA937AFD7C}C:\users\dolsen\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\dolsen\appdata\roaming\spotify\spotify.exe
FirewallRules: [{8016BA54-A474-448F-9F37-E710FC3D4E02}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{CC7A152D-5173-432E-8698-52083B69D767}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{388EA10A-5304-4946-8032-D9A7500703E2}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{DD784941-BCF7-43CB-9807-06F79DA01433}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

17-03-2016 07:10:49 Windows Update
17-03-2016 19:00:43 Windows Update
18-03-2016 19:00:48 Windows Update
19-03-2016 19:00:29 Windows Update
19-03-2016 19:00:36 Windows Update
20-03-2016 19:00:47 Windows Update
21-03-2016 19:00:43 Windows Update
22-03-2016 19:00:33 Windows Update
23-03-2016 19:00:31 Windows Update
24-03-2016 19:00:31 Windows Update
25-03-2016 19:00:37 Windows Update
26-03-2016 19:00:38 Windows Update
27-03-2016 19:00:57 Windows Update
28-03-2016 07:59:05 JRT Pre-Junkware Removal
28-03-2016 19:00:47 Windows Update

==================== Faulty Device Manager Devices =============

Could not list Devices. Check "winmgmt" service or repair WMI.


==================== Event log errors: =========================

Application errors:
==================
Error: (03/28/2016 10:32:41 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3885423

Error: (03/28/2016 10:32:41 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 3885423

Error: (03/28/2016 10:32:41 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (03/28/2016 10:32:40 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3884378

Error: (03/28/2016 10:32:40 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 3884378

Error: (03/28/2016 10:32:40 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (03/28/2016 09:27:59 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3244

Error: (03/28/2016 09:27:59 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 3244

Error: (03/28/2016 09:27:59 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (03/28/2016 09:27:58 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2074


System errors:
=============
Error: (03/28/2016 08:43:12 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (03/28/2016 08:29:56 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (03/28/2016 08:16:46 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (03/28/2016 08:16:36 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The FF Install Filter Service service terminated unexpectedly. It has done this 1 time(s).

Error: (03/28/2016 07:00:54 PM) (Source: NETLOGON) (EventID: 5719) (User: )
Description: This computer was not able to set up a secure session with a domain
controller in domain ASPENTHERMAL due to the following:
%%1311

This may lead to authentication problems. Make sure that this
computer is connected to the network. If the problem persists,
please contact your domain administrator.



ADDITIONAL INFO

If this computer is a domain controller for the specified domain, it
sets up the secure session to the primary domain controller emulator in the specified
domain. Otherwise, this computer sets up the secure session to any domain controller
in the specified domain.

Error: (03/28/2016 09:27:49 AM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1129) (User: NT AUTHORITY)
Description: The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator.

Error: (03/28/2016 07:54:06 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (03/28/2016 07:52:47 AM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1055) (User: NT AUTHORITY)
Description: The processing of Group Policy failed. Windows could not resolve the computer name. This could be caused by one of more of the following:
a) Name Resolution failure on the current domain controller.
b) Active Directory Replication Latency (an account created on another domain controller has not replicated to the current domain controller).

Error: (03/28/2016 07:52:46 AM) (Source: NETLOGON) (EventID: 5719) (User: )
Description: This computer was not able to set up a secure session with a domain
controller in domain ASPENTHERMAL due to the following:
%%1311

This may lead to authentication problems. Make sure that this
computer is connected to the network. If the problem persists,
please contact your domain administrator.



ADDITIONAL INFO

If this computer is a domain controller for the specified domain, it
sets up the secure session to the primary domain controller emulator in the specified
domain. Otherwise, this computer sets up the secure session to any domain controller
in the specified domain.

Error: (03/28/2016 07:52:43 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The NTRU TSS v1.2.1.29 TCS service depends on the TPM Base Services service which failed to start because of the following error:
%%0


CodeIntegrity:
===================================
Date: 2015-10-23 15:40:07.057
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\sysfer.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-10-23 14:22:24.634
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\sysfer.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-10-23 13:43:30.771
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\sysfer.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-10-23 13:31:11.757
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\sysfer.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-10-23 12:22:23.562
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\sysfer.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-10-23 12:14:14.086
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\sysfer.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-10-23 11:51:44.027
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\sysfer.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-10-23 11:31:19.005
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\sysfer.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-10-22 20:46:41.074
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\sysfer.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-10-22 20:03:20.848
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\sysfer.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i3 CPU M 380 @ 2.53GHz
Percentage of memory in use: 62%
Total physical RAM: 3509.83 MB
Available physical RAM: 1307.32 MB
Total Virtual: 7017.95 MB
Available Virtual: 4697.88 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:283.8 GB) (Free:160.77 GB) NTFS
Drive d: (READER) (Fixed) (Total:2 GB) (Free:1.86 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 77E3ED41)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=12.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=283.8 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=2 GB) - (Type=OF Extended)

==================== End of Addition.txt ============================

 

[Broni]

Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST(FRST64) and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

[dolsen]

Fix result of Farbar Recovery Scan Tool (x86) Version:05-03-2016 01
Ran by TEST1 (2016-03-29 07:00:56) Run:1
Running from C:\Users\TEST1\Desktop
Loaded Profiles: TEST1 (Available Profiles: bcallan & dmorse & ditmorse & dolsen & ditolsen & dolsen2 & TEST1)
Boot Mode: Normal

==============================================

fixlist content:
*****************
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3056380410-417315007-640916887-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll No File
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll No File
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre1.8.0_45\bin\new_plugin\npjp2.dll [No File]
U3 catchme; \??\C:\Users\TEST1\AppData\Local\Temp\catchme.sys [X]
S3 EraserUtilDrv11410; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11410.sys [X]
U3 mbr; \??\C:\ComboFix\mbr.sys [X]

*****************

"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully.
"HKU\S-1-5-21-3056380410-417315007-640916887-1003\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully.
"HKCR\PROTOCOLS\Handler\livecall" => key removed successfully.
"HKCR\CLSID\{828030A1-22C1-4009-854F-8E305202313F}" => key removed successfully.
"HKCR\PROTOCOLS\Handler\msnim" => key removed successfully.
HKCR\CLSID\{828030A1-22C1-4009-854F-8E305202313F} => key not found.
"HKLM\Software\MozillaPlugins\@java.com/JavaPlugin" => key removed successfully.
catchme => service removed successfully.
EraserUtilDrv11410 => service removed successfully.
mbr => service removed successfully.

==== End of Fixlog 07:00:57 ====

 

[Broni]

Last scans...

Download Security Check from here or here and save it to your Desktop.

• Double-click SecurityCheck.exe
• Follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run

Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
Make sure the following options are checked:

• Internet Services
• Windows Firewall
• System Restore
• Security Center
• Windows Update
• Windows Defender
• Other Services

Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.

Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe

• Double click on TFC.exe to run the program.
• Click on Start button to begin cleaning process.
• TFC will close all running programs, and it may ask you to restart computer.

Download Sophos Free Virus Removal Tool and save it to your desktop.

• Double click the icon and select Run
• Click Next
• Select I accept the terms in this license agreement, then click Next twice
• Click Install
• Click Finish to launch the program
• Once the virus database has been updated click Start Scanning
• If any threats are found click Details, then View log file... (bottom left hand corner)
• Copy and paste the results in your reply
• Close the Notepad document, close the Threat Details screen, then click Start cleanup
• Click Exit to close the program

 

[dolsen]

Here are the logs

No threats found with Sophos


Results of screen317's Security Check version 1.014 --- 12/23/15
Windows 7 Service Pack 1 x86 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
avast! Antivirus
Antivirus up to date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
Java 8 Update 45
Java version 32-bit out of Date!
Adobe Flash Player 20.0.0.286
Mozilla Firefox 38.0.5 Firefox out of Date!
Google Chrome (48.0.2564.116)
Google Chrome (49.0.2623.87)
````````Process Check: objlist.exe by Laurent````````
Oracle Java javapath AvastSvc.exe -?-
Oracle Java javapath avastui.exe -?-
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 1%
````````````````````End of Log``````````````````````



Farbar Service Scanner Version: 27-01-2016
Ran by TEST1 (administrator) on 29-03-2016 at 19:50:38
Running from "C:\Users\TEST1\Desktop"
Windows 7 Professional Service Pack 1 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Policy:
========================


Action Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============

Other Services:
==============


File Check:
========
C:\Windows\system32\nsisvc.dll => File is digitally signed
C:\Windows\system32\Drivers\nsiproxy.sys => File is digitally signed
C:\Windows\system32\dhcpcore.dll => File is digitally signed
C:\Windows\system32\Drivers\afd.sys => File is digitally signed
C:\Windows\system32\Drivers\tdx.sys => File is digitally signed
C:\Windows\system32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\system32\dnsrslvr.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\mpssvc.dll => File is digitally signed
C:\Windows\system32\bfe.dll => File is digitally signed
C:\Windows\system32\Drivers\mpsdrv.sys => File is digitally signed
C:\Windows\system32\SDRSVC.dll => File is digitally signed
C:\Windows\system32\vssvc.exe => File is digitally signed
C:\Windows\system32\wscsvc.dll => File is digitally signed
C:\Windows\system32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\system32\wuaueng.dll => File is digitally signed
C:\Windows\system32\qmgr.dll => File is digitally signed
C:\Windows\system32\es.dll => File is digitally signed
C:\Windows\system32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\system32\ipnathlp.dll => File is digitally signed
C:\Windows\system32\iphlpsvc.dll => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed


**** End of log ****

 

[Broni]

Update Firefox to the current version.

Update Adobe Flash Player: http://get.adobe.com/flashplayer/
Make sure you UN-check Yes, install McAfee Security Scan Plus

NOTE 1: Beginning with Adobe Flash Version 11.3, the universal installer includes the 32-bit and 64-bit versions of the Flash Player.
NOTE 2: While installing make sure you UN-check any extra garbage which wants to install alongside.

Update your Java version here: https://www.techspot.com/downloads/6463-java-se.html
Alternate download: http://www.java.com/en/download/manual.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.
Note 2: If you're running 64-bit system make sure you install BOTH, 32-bit and 64-bit Java.

==============================================

Your computer is clean

1. This step will remove all cleaning tools we used, it'll reset restore points (so you won't get reinfected by accidentally using some older restore point) and it'll make some other minor adjustments...
This is a very crucial step so make sure you don't skip it.
Download

DelFix by Xplode to your desktop. Delfix will delete all the used tools and logfiles.

Double-click Delfix.exe to start the tool.
Make sure the following items are checked:

• Activate UAC (optional; some users prefer to keep it off)
• Remove disinfection tools
• Create registry backup
• Purge System Restore
• Reset system settings

Now click "Run" and wait patiently.
Once finished a logfile will be created. You don't have to attach it to your next reply.

2. Make sure Windows Updates are current.

3. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

4. Check if your browser plugins are up to date.
Firefox - https://www.mozilla.org/en-US/plugincheck/
other browsers: https://browsercheck.qualys.com/ (click on "Scan without installing plugin" and then on "Scan now")

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC), AdwCleaner and Junkware Removal Tool (JRT) weekly (you need to redownload these tools since they were removed by DelFix).

8. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

11. Read:
How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
About those Toolbars and Add-ons - Potentially Unwanted Programs (PUPs) which change your browser settings: http://www.bleepingcomputer.com/for...curity-questions-best-practices/#entry3187642

12. Please, let me know, how your computer is doing.

 

[dolsen]

Computer is working flawlessly.

Thank you!

 

[Broni]

Yes!!

Good luck and stay safe