I got an email the other day from a guy who works for a company in Canada that believes my pc has been infected with Vawtrak/Pont trojan. He emailed me a list of usernames that he found in a file on a C&C server his company recently hacked. The usernames and associated websites are legit and match.

I have CIS installed and do a weekly scan.

I've scanned my pc with Spybot S&D including a rootscan and nothing seemed to stick out, but there was a lot of files in the rootkit scan.

I've scanned with MAB as well and I didn't see any mention of Vawtrak/Pony or Zeus.

Is there anything else I can do to be sure I'm either not infected or I got rid of the infection?

Thanks. This is on a Win7 pro machine.

Tashi,

I read the post and was in the process of downloading both programs (link to FRST is broken so had to find alternate source) and running them, but I work from home on another pc and I haven't had a chance to get back to the infected pc until now.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 02-07-2016
Ran by Antec-179 (administrator) on PROGRAMMING (06-07-2016 13:37:09)
Running from C:\Users\Antec-179\Documents
Loaded Profiles: Antec-179 (Available Profiles: Antec-179)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
() C:\Windows\System32\nvwmi64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
(Schneider Electric) C:\Program Files (x86)\APC\PowerChute Personal Edition\mainserv.exe
() C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe
() C:\Program Files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe
() C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Dassault Systemes) C:\Program Files (x86)\Dassault Systemes\B22\intel_a\code\bin\CATSysDemon.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Dassault Systemes) C:\Program Files\Dassault Systemes\DS License Server\win_b64\code\bin\DSLicSrv.exe
(Aladdin Knowledge Systems Ltd.) C:\Windows\SysWOW64\nhsrvice.exe
(SafeNet Inc.) C:\Windows\System32\hasplms.exe
(Aladdin Knowledge Systems Ltd.) C:\Windows\SysWOW64\HLS32SVC.EXE
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(3Dconnexion) C:\Program Files\3Dconnexion\3DxWare\3DxWinCore64\Mgl3DCtlrRPCService.exe
() C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Schneider Electric) C:\Program Files (x86)\APC\PowerChute Personal Edition\dataserv.exe
(WIBU-SYSTEMS AG) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
() C:\Windows\System32\nvwmi64.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
(3Dconnexion, INC) C:\Program Files\3Dconnexion\3DxWare\3DxWinCore64\3DxService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(WIBU-SYSTEMS AG) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Lavasoft) C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
(Acronis) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
(Acronis International GmbH) C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\BusinessMessaging.exe
(3Dconnexion) C:\Program Files\3Dconnexion\3DxWare\3DxWinCore64\3dxpiemenus.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cis.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\LogiAppBroker.exe
(Microsoft Corporation) C:\Windows\System32\mstsc.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(CIMCO A/S) C:\CIMCO\CIMCOEdit7\CIMCOEdit.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_22_0_0_192.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_22_0_0_192.exe
(CNC Software, Inc.) C:\Program Files\mcamX9\MCLogr.exe
(CNC Software, Inc.) C:\Program Files\mcamX9\Mastercam.exe
(CNC Software, Inc.) C:\Program Files\mcamX9\Extensions\ToolManager.exe
(VMware, Inc.) C:\Program Files (x86)\VMware\Infrastructure\Virtual Infrastructure Client\Launcher\VpxClient.exe
(VMware, Inc.) C:\Program Files (x86)\Common Files\VMware\VMware Remote Console Plug-in 5.1\Internet Explorer\vmware-vmrc.exe
(VMware, Inc.) C:\Program Files (x86)\Common Files\VMware\VMware Remote Console Plug-in 5.1\Internet Explorer\vmware-vmrc.exe
(VMware, Inc.) C:\Program Files (x86)\Common Files\VMware\VMware Remote Console Plug-in 5.1\Internet Explorer\vmware-remotemks.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe
(Farbar) C:\Users\Antec-179\Documents\Farbar Recovery Scan Tool.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3100440 2014-05-19] (Logitech, Inc.)
HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [518424 2015-01-23] (Acronis)
HKLM\...\Run: [3DxWare Service] => C:\Program Files\3Dconnexion\3DxWare\3DxWinCore64\3DxService.exe [2160512 2015-12-10] (3Dconnexion, INC)
HKLM\...\Run: [nwiz] => C:\Program Files\NVIDIA Corporation\nview\nwiz.exe [2498368 2015-07-23] ()
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11545192 2015-06-24] (Realtek Semiconductor)
HKLM\...\Run: [COMODO Internet Security] => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [1610936 2016-06-16] (COMODO)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-17] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [Display] => C:\Program Files (x86)\APC\PowerChute Personal Edition\DataCollectionLauncher.exe [284024 2012-01-24] (Schneider Electric)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2011-04-30] (Intel Corporation)
HKLM-x32\...\Run: [Ad-Aware Browsing Protection] => C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe [558672 2013-09-11] (Lavasoft)
HKLM-x32\...\Run: [TrueImageMonitor.exe] => C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [7805824 2015-01-23] (Acronis)
HKLM-x32\...\Run: [AcronisTibMounterMonitor] => C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe [1102192 2015-01-23] (Acronis International GmbH)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596504 2016-05-16] (Oracle Corporation)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2016-06-28] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [Malwarebytes Anti-Malware] => C:\Program Files (x86)\Malwarebytes Anti-Malware\BusinessMessaging.exe [3219456 2016-06-29] (Malwarebytes)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKLM\...\Policies\Explorer\Run: [HVJOGX] => C:\Windows\SysWOW64\asferror3.exe
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-3303728595-2053281234-2614305378-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8810200 2016-06-29] (Piriform Ltd)
HKU\S-1-5-21-3303728595-2053281234-2614305378-1000\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-3303728595-2053281234-2614305378-1000\...\Policies\Explorer: [NoTaskGrouping] 1
HKU\S-1-5-21-3303728595-2053281234-2614305378-1000\...\MountPoints2: {f2330861-6b98-11e5-beff-f46d049c0ec4} - L:\DTVP_Launcher.exe
AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll => No File
AppInit_DLLs-x32: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll => No File
AppInit_DLLs-x32: c:\windows\syswow64\guard32.dll => c:\windows\syswow64\guard32.dll [626288 2016-06-15] (COMODO)
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Antec-179\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Antec-179\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Antec-179\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Antec-179\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Antec-179\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Antec-179\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Antec-179\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Antec-179\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-05-17] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-05-17] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-05-17] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [AcronisSyncError] -> {934BC6C0-FEC2-4df5-A100-961DE2C8A0ED} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2013-10-01] ()
ShellIconOverlayIdentifiers: [AcronisSyncInProgress] -> {00F848DC-B1D4-4892-9C25-CAADC86A215D} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2013-10-01] ()
ShellIconOverlayIdentifiers: [AcronisSyncOk] -> {71573297-552E-46fc-BE3D-3DFAF88D47B7} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2013-10-01] ()
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Antec-179\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Antec-179\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Antec-179\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Antec-179\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Antec-179\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Antec-179\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Antec-179\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Antec-179\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Antec-179\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Antec-179\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Antec-179\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Antec-179\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Antec-179\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Antec-179\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Antec-179\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Antec-179\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-05-31] (Dropbox, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\APC UPS Status.lnk [2012-05-09]
ShortcutTarget: APC UPS Status.lnk -> C:\Program Files (x86)\APC\PowerChute Personal Edition\Display.exe (Schneider Electric)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CodeMeter Control Center.lnk [2016-02-22]
ShortcutTarget: CodeMeter Control Center.lnk -> C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe (WIBU-SYSTEMS AG)
BootExecute: autocheck autochk * sdnclean64.exe
GroupPolicyScripts: Restriction <======= ATTENTION
GroupPolicyScripts\User: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\..\Interfaces\{26B5BF47-054C-40BC-9B2D-12AE95F2EB2B}: [NameServer] 192.168.1.23,24.92.226.12
Tcpip\..\Interfaces\{DB7AA593-DC47-443E-8A20-0FCE582526C0}: [NameServer] 192.168.1.4
Tcpip\..\Interfaces\{DB7AA593-DC47-443E-8A20-0FCE582526C0}: [DhcpNameServer] 192.168.1.180

Internet Explorer:
==================
HKU\S-1-5-21-3303728595-2053281234-2614305378-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3303728595-2053281234-2614305378-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKU\S-1-5-21-3303728595-2053281234-2614305378-1000 -> DefaultScope {8EEAC88A-079B-4b2c-80C1-7836F79EB40A} URL = hxxp://us.search.yahoo.com/search?p={searchTerms}&fr=chr-comodo
SearchScopes: HKU\S-1-5-21-3303728595-2053281234-2614305378-1000 -> {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL =
SearchScopes: HKU\S-1-5-21-3303728595-2053281234-2614305378-1000 -> {8EEAC88A-079B-4b2c-80C1-7836F79EB40A} URL = hxxp://us.search.yahoo.com/search?p={searchTerms}&fr=chr-comodo
BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin64.dll [2015-06-17] (RealDownloader)
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2016-05-17] (Microsoft Corporation)
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll [2014-05-19] (Logitech, Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2016-04-12] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-05-17] (Microsoft Corporation)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2015-06-17] (RealDownloader)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\OCHelper.dll [2016-05-17] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll [2016-05-16] (Oracle Corporation)
BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [2010-10-27] (Atheros Commnucations)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll [2014-05-19] (Logitech, Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\URLREDIR.DLL [2016-04-12] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\GROOVEEX.DLL [2016-05-17] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-05-16] (Oracle Corporation)
Toolbar: HKU\S-1-5-21-3303728595-2053281234-2614305378-1000 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
DPF: HKLM-x32 {0D41B8C5-2599-4893-8183-00195EC8D5F9} hxxp://support.asus.com/select/asusTek_sys_ctrl3.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2016-04-19] (Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\MSOSB.DLL [2016-04-19] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Antec-179\AppData\Roaming\Mozilla\Firefox\Profiles\ptey35xx.default-1402568974972
FF DefaultSearchEngine: Google
FF DefaultSearchEngine.US: Google
FF Homepage: hxxp://news.yahoo.com/us/
FF NetworkProxy: "type", 4
FF Plugin: @3ds.com/3dxml -> C:\Program Files\Dassault Systemes\3D XML Player\win_b64\code\bin\NP3DXMLPlugin.dll [2012-10-30] ()
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_22_0_0_192.dll [2016-06-21] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-10-08] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [No File]
FF Plugin-x32: @3ds.com/3dxml -> C:\Program Files\Dassault Systemes\3D XML Player\win_b64\code\bin32\NP3DXMLPlugin.dll [2011-12-19] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_192.dll [2016-06-21] ()
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2016-04-15] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2016-04-15] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2016-04-15] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2016-04-15] (Foxit Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-05-16] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-05-16] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-11-03] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\NPSPWRAP.DLL [2015-10-08] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-07-22] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-07-22] (NVIDIA Corporation)
FF Plugin-x32: @real.com/nppl3260;version=18.0.1.9 -> c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll [2015-07-06] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=18.0.1.9 -> c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll [2015-07-06] (RealTimes)
FF Plugin-x32: @vmware.com/client-support,version=5.1.0.00000 -> C:\Program Files (x86)\VMware\Client Integration Plug-in 5.1\ClientSupportTools\np-vmware-client-support.dll [2015-08-08] (VMware, Inc.)
FF Plugin-x32: @vmware.com/vmrc,version=2.5.0.00000 -> C:\Program Files (x86)\Common Files\VMware\VMware VMRC Plug-in\Firefox\np-vmware-vmrc.dll [2014-06-20] (VMware, Inc.)
FF Plugin-x32: @vmware.com/vmrc,version=5.1.0.00000 -> C:\Program Files (x86)\Common Files\VMware\VMware Remote Console Plug-in 5.1\Firefox\np-vmware-vmrc.dll [2014-11-19] (VMware, Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-05-27] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3303728595-2053281234-2614305378-1000: @citrixonline.com/appdetectorplugin -> C:\Users\Antec-179\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2014-04-09] (Citrix Online)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2016-05-27] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Antec-179\AppData\Roaming\mozilla\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Users\Antec-179\AppData\Roaming\mozilla\plugins\nppdf32.dll [2013-05-11] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Antec-179\AppData\Roaming\mozilla\plugins\nppl3260.dll [2013-06-25] (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Antec-179\AppData\Roaming\mozilla\plugins\nprpplugin.dll [2013-06-25] (RealPlayer)
FF SearchPlugin: C:\Users\Antec-179\AppData\Roaming\Mozilla\Firefox\Profiles\ptey35xx.default-1402568974972\searchplugins\support-home-page-search.xml [2015-05-16]
FF Extension: NoUn Buttons - C:\Users\Antec-179\AppData\Roaming\Mozilla\Firefox\Profiles\ptey35xx.default-1402568974972\extensions\{99f30549-35d4-11d9-8a2a-396c6e707e82}.xpi [2016-04-28]
FF Extension: ShowIP - C:\Users\Antec-179\AppData\Roaming\Mozilla\Firefox\Profiles\ptey35xx.default-1402568974972\extensions\{3e9bb2a7-62ca-4efa-a4e6-f6f6168a652d}.xpi [2016-04-28]
FF Extension: FireFTP - C:\Users\Antec-179\AppData\Roaming\Mozilla\Firefox\Profiles\ptey35xx.default-1402568974972\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f} [2016-06-22]
FF Extension: IP Address and Domain Information - C:\Users\Antec-179\AppData\Roaming\Mozilla\Firefox\Profiles\ptey35xx.default-1402568974972\Extensions\jid0-jJRRRBMgoShUhb07IvnxTBAl29w@jetpack.xpi [2016-01-11]
FF Extension: Toolbar Buttons - C:\Users\Antec-179\AppData\Roaming\Mozilla\Firefox\Profiles\ptey35xx.default-1402568974972\Extensions\{03B08592-E5B4-45ff-A0BE-C1D975458688}.xpi [2016-04-27]
FF Extension: Password Exporter - C:\Users\Antec-179\AppData\Roaming\Mozilla\Firefox\Profiles\ptey35xx.default-1402568974972\Extensions\{B17C1C5A-04B1-11DB-9804-B622A1EF5492}.xpi [2016-04-05]
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext => not found
FF HKLM-x32\...\Firefox\Extensions: [ocr@babylon.com] - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\ocr@babylon.com => not found
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2014-10-01] [not signed]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 APC Data Service; C:\Program Files (x86)\APC\PowerChute Personal Edition\dataserv.exe [21880 2012-01-24] (Schneider Electric)
R2 APC UPS Service; C:\Program Files (x86)\APC\PowerChute Personal Edition\mainserv.exe [705912 2012-01-24] (Schneider Electric)
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe [918144 2010-11-03] ()
R2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe [915584 2010-12-02] ()
R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [586880 2010-10-21] ()
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [52896 2010-10-27] (Atheros Commnucations) [File not signed]
R2 BBDemon; C:\Program Files (x86)\Dassault Systemes\B22\intel_a\code\bin\CATSysDemon.exe [38400 2011-07-29] (Dassault Systemes) [File not signed]
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [3009776 2016-06-22] (Microsoft Corporation)
R2 CmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [5817712 2016-06-16] (COMODO)
R3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2271928 2016-06-16] (COMODO)
R2 DS License Server; C:\Program Files\Dassault Systemes\DS License Server\win_b64\code\bin\DSLicSrv.exe [888320 2012-09-01] (Dassault Systemes) [File not signed]
R2 HASP Loader; C:\Windows\SysWOW64\nhsrvice.exe [249856 2015-10-05] (Aladdin Knowledge Systems Ltd.) [File not signed]
R2 hasplms; C:\Windows\system32\hasplms.exe [4665168 2015-10-13] (SafeNet Inc.)
R2 HLServer; C:\Windows\SysWOW64\HLS32SVC.EXE [327680 2015-10-13] (Aladdin Knowledge Systems Ltd.) [File not signed]
R2 Mgl3DCtlrRPCService; C:\Program Files\3Dconnexion\3DxWare\3DxWinCore64\Mgl3DCtlrRPCService.exe [57856 2015-12-10] (3Dconnexion) [File not signed]
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
R2 NVWMI; C:\Windows\system32\nvwmi64.exe [3165000 2015-07-23] ()
R2 RealPlayerUpdateSvc; C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe [31856 2015-07-06] ()
R2 RealTimes Desktop Service; c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe [1115224 2015-07-06] (RealNetworks, Inc.)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2016-06-28] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2016-06-28] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2016-06-28] (Safer-Networking Ltd.)
S4 vmware-converter-agent; C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter-a.exe [479824 2013-04-09] (VMware, Inc.)
S4 vmware-converter-server; C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter.exe [479824 2013-04-09] (VMware, Inc.)
S4 vmware-converter-worker; C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter.exe [479824 2013-04-09] (VMware, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 Sentinel RMS License Manager; "C:\Program Files\CGTech\VERICUT 7.2.3\windows64\license\lservnt.exe" [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 3dxhid; C:\Windows\System32\DRIVERS\3dxhid.sys [39184 2015-08-04] (3Dconnexion SAM)
S3 AiCharger; C:\Windows\SysWow64\drivers\AiCharger.sys [14848 2012-03-22] (ASUSTek Computer Inc.)
R3 akshasp; C:\Windows\System32\DRIVERS\akshasp.sys [77912 2015-10-13] (SafeNet Inc.)
R3 akshhl; C:\Windows\System32\DRIVERS\akshhl.sys [81368 2015-10-13] (SafeNet Inc.)
R3 aksusb; C:\Windows\System32\DRIVERS\aksusb.sys [322560 2015-10-13] (SafeNet Inc.)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2010-08-25] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2010-08-03] ()
S3 bmdrvr; C:\Windows\SysWow64\drivers\bmdrvr.sys [75344 2013-02-22] (VMware, Inc.)
R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [31648 2016-06-15] (COMODO)
R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [829600 2016-06-15] (COMODO)
R1 cmdHlp; C:\Windows\System32\DRIVERS\cmdhlp.sys [56472 2016-06-15] (COMODO)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R0 FTOIIs; C:\Windows\System32\DRIVERS\FTOIIs.sys [229968 2009-11-24] (Promise Technology, Inc.)
R2 Hardlock; C:\Windows\system32\drivers\hardlock.sys [350552 2015-10-13] (SafeNet Inc.)
R1 inspect; C:\Windows\System32\DRIVERS\inspect.sys [116248 2016-06-15] (COMODO)
R3 KMJHidMini; C:\Windows\System32\DRIVERS\3dxkmj.sys [18944 2015-01-26] (3Dconnextion Inc.)
R3 KMJShim; C:\Windows\System32\DRIVERS\3dxshim.sys [7168 2015-01-26] (3Dconnextion Inc.)
R1 LUMDriver; C:\Windows\system32\drivers\LUMDriver.sys [24848 2008-01-02] (IBM)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
R0 tib; C:\Windows\System32\DRIVERS\tib.sys [1120032 2015-01-23] (Acronis International GmbH)
R0 tib_mounter; C:\Windows\System32\DRIVERS\tib_mounter.sys [198432 2015-01-23] (Acronis International GmbH)
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] ()
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2013-03-18] (Apple, Inc.) [File not signed]
R0 vidsflt; C:\Windows\System32\DRIVERS\vidsflt.sys [117024 2015-01-23] (Acronis International GmbH)
R2 vstor2-mntapi20-shared; C:\Windows\SysWow64\drivers\vstor2-mntapi20-shared.sys [33872 2013-02-22] (VMware, Inc.)
S3 lmimirr; system32\DRIVERS\lmimirr.sys [X]
S3 vdbus; system32\DRIVERS\vdbus.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-07-06 13:37 - 2016-07-06 13:37 - 00033930 _____ C:\Users\Antec-179\Documents\FRST.txt
2016-07-06 13:34 - 2016-07-06 13:37 - 00000000 ____D C:\FRST
2016-07-06 13:31 - 2016-07-06 13:31 - 05198336 _____ (AVAST Software) C:\Users\Antec-179\Downloads\aswMBR.exe
2016-07-06 13:30 - 2016-07-06 13:34 - 02390016 _____ (Farbar) C:\Users\Antec-179\Documents\Farbar Recovery Scan Tool.exe
2016-07-06 07:37 - 2016-07-06 07:37 - 00000000 ____D C:\Users\Antec-179\Documents\ProcAlyzer Dumps
2016-06-30 14:03 - 2016-06-30 14:03 - 00000000 ____D C:\Users\Antec-179\AppData\Local\MachiningCloud_GmbH
2016-06-30 14:01 - 2016-06-30 14:01 - 00002085 _____ C:\Users\Public\Desktop\Kennametal.lnk
2016-06-30 14:01 - 2016-06-30 14:01 - 00000004 ____H C:\ProgramData\cm-lock
2016-06-30 14:01 - 2016-06-30 14:01 - 00000000 ____D C:\Users\Antec-179\AppData\Roaming\MachiningCloud
2016-06-30 14:01 - 2016-06-30 14:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NOVO-Kennametal
2016-06-30 14:01 - 2016-06-30 14:01 - 00000000 ____D C:\ProgramData\MachiningCloud
2016-06-30 14:01 - 2016-06-30 14:01 - 00000000 ____D C:\Program Files (x86)\NOVO-Kennametal
2016-06-30 13:53 - 2016-06-30 14:01 - 00000000 ___HD C:\ProgramData\{297E00E8-70AA-4641-BCFE-A906A2FCFB0E}
2016-06-30 13:53 - 2016-06-30 14:00 - 00000000 ____D C:\Users\Antec-179\AppData\Local\IIIQF
2016-06-30 13:53 - 2016-06-30 13:53 - 09715712 _____ C:\Users\Antec-179\Downloads\NOVO-Kennametal_2.3.1.120_Production_Setup.msi
2016-06-29 11:58 - 2016-06-29 11:58 - 00195659 _____ C:\Users\Antec-179\Desktop\CNC Systems.pdf
2016-06-29 08:19 - 2016-06-29 08:19 - 06995720 _____ (Piriform Ltd) C:\Users\Antec-179\Downloads\ccsetup519.exe
2016-06-28 17:00 - 2016-06-28 17:00 - 00000000 ____D C:\Program Files\Common Files\AV
2016-06-28 16:57 - 2016-06-28 16:57 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2016-06-28 16:57 - 2016-06-28 16:57 - 00001395 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2016-06-28 16:57 - 2016-06-28 16:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2016-06-28 16:55 - 2016-06-28 16:57 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Antec-179\Downloads\spybot-2.4.exe
2016-06-28 16:31 - 2016-06-28 16:31 - 00015292 _____ C:\Users\Antec-179\Desktop\BBPrecise.xlsx
2016-06-28 15:59 - 2016-06-28 15:59 - 00295163 _____ C:\Users\Antec-179\Desktop\5606428.mcx-9
2016-06-28 11:33 - 2016-06-28 11:33 - 01200863 _____ C:\Users\Antec-179\Downloads\FAPT_LADDER_V06.1.rar
2016-06-27 10:29 - 2016-06-27 10:29 - 00013011 _____ C:\Users\Antec-179\Desktop\Fanuc motor.xlsx
2016-06-24 15:04 - 2016-06-27 06:12 - 149858063 _____ C:\Users\Antec-179\Documents\TEST.Z2G
2016-06-24 08:22 - 2016-06-24 08:22 - 00776583 _____ C:\Users\Antec-179\Desktop\QA-001-006-A0 Instructions for Remove & Install Spindle Motor.pdf
2016-06-21 08:46 - 2016-06-21 08:54 - 00030720 _____ C:\Users\Antec-179\Desktop\Copy of Credit Card Process Form 2015.xls
2016-06-20 16:28 - 2016-06-20 16:28 - 00098475 _____ C:\Users\Antec-179\Desktop\Blankn po for CNC Systems.pdf
2016-06-20 16:23 - 2016-06-20 16:23 - 00097260 _____ C:\Users\Antec-179\Desktop\JB order agreement.pdf
2016-06-16 06:19 - 2016-06-16 06:19 - 00373649 _____ C:\Users\Antec-179\Desktop\coach clinic.pdf
2016-06-10 09:19 - 2016-06-10 14:56 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-06-09 14:19 - 2016-06-09 14:18 - 00075582 _____ C:\Users\Antec-179\Desktop\TRI-20 B-BAR.pdf
2016-06-07 14:48 - 2016-06-07 14:48 - 00296137 _____ C:\Users\Antec-179\Desktop\Extracted pages from TRI-21.pdf
2016-06-07 06:08 - 2016-06-07 06:08 - 00000000 ____D C:\Users\Antec-179\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-06-06 10:41 - 2016-06-06 10:40 - 00651214 _____ C:\Users\Antec-179\Desktop\Extracted pages from TRI-20.pdf

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2089-02-18 15:52 - 2012-04-13 09:48 - 00131488 _____ C:\Users\Antec-179\Documents\PMC-RB.LAD
2016-07-06 13:32 - 2016-03-23 07:05 - 00077336 _____ C:\Windows\system32\Drivers\fvstore.dat
2016-07-06 13:30 - 2016-02-22 07:42 - 01474832 _____ C:\Windows\system32\Drivers\sfi.dat
2016-07-06 10:53 - 2013-08-12 08:47 - 00000000 ____D C:\Users\Antec-179\AppData\Roaming\VMware
2016-07-06 08:52 - 2014-02-12 11:44 - 00000000 ____D C:\Users\Antec-179\AppData\Roaming\Mastercam
2016-07-06 08:52 - 2013-01-30 08:00 - 00000103 _____ C:\Windows\mwMSimApp.INI
2016-07-06 08:52 - 2012-04-13 16:07 - 00000000 ____D C:\Users\Antec-179\AppData\Local\CrashDumps
2016-07-06 08:41 - 2014-07-18 10:24 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-07-05 15:05 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\inf
2016-07-05 10:51 - 2012-04-14 09:27 - 00000000 ____D C:\Users\Antec-179\Desktop\email
2016-07-05 07:03 - 2015-10-13 13:32 - 00000104 _____ C:\Windows\system32\config\netlogon.ftl
2016-07-05 06:14 - 2014-12-15 14:12 - 00000000 ____D C:\ProgramData\Ad-Aware Browsing Protection
2016-07-01 18:01 - 2009-07-14 00:45 - 00032096 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-07-01 18:01 - 2009-07-14 00:45 - 00032096 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-07-01 11:26 - 2009-07-14 01:13 - 00905800 _____ C:\Windows\system32\PerfStringBackup.INI
2016-07-01 08:23 - 2015-06-01 07:23 - 00000642 _____ C:\Windows\Tasks\G2MUploadTask-S-1-5-21-3303728595-2053281234-2614305378-1000.job
2016-07-01 08:23 - 2014-06-06 11:44 - 00000546 _____ C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-3303728595-2053281234-2614305378-1000.job
2016-06-30 14:00 - 2015-10-01 06:33 - 00000012 _____ C:\Windows\SysWOW64\haspaddr.dat
2016-06-30 14:00 - 2014-07-18 10:23 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-06-30 14:00 - 2012-05-18 09:38 - 00030374 _____ C:\Windows\SysWOW64\PCPELog.txt
2016-06-30 14:00 - 2012-04-10 15:09 - 00000000 ____D C:\ProgramData\NVIDIA
2016-06-30 14:00 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-06-30 14:00 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\schemas
2016-06-30 13:56 - 2012-04-11 15:10 - 00880828 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2016-06-29 07:27 - 2014-07-18 10:23 - 00140672 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-06-29 07:27 - 2014-07-18 10:23 - 00064896 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-06-29 07:27 - 2014-07-18 10:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-06-29 07:27 - 2013-04-12 13:34 - 00027008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-06-29 06:02 - 2009-07-13 22:34 - 00452975 ____R C:\Windows\system32\Drivers\etc\hosts.20160629-081738.backup
2016-06-29 06:00 - 2013-04-12 14:48 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2016-06-28 16:57 - 2013-04-12 14:49 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2016-06-22 08:05 - 2014-09-29 06:42 - 00000000 ____D C:\Users\Antec-179\Desktop\Programming tips
2016-06-22 06:25 - 2016-05-27 05:47 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-06-22 06:24 - 2015-10-08 16:08 - 00000000 ____D C:\Program Files\Microsoft Office 15
2016-06-21 15:27 - 2014-12-02 11:17 - 00000000 ___RD C:\Users\Antec-179\Dropbox
2016-06-21 06:07 - 2014-06-13 06:23 - 00000000 ____D C:\Users\Antec-179\AppData\Local\Adobe
2016-06-21 06:06 - 2012-04-10 15:07 - 00796352 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-06-21 06:06 - 2012-04-10 15:07 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-06-20 16:28 - 2012-04-14 09:27 - 00000000 ____D C:\Users\Antec-179\Desktop\QUOTES-PO'S
2016-06-16 16:30 - 2014-12-02 11:15 - 00000000 ____D C:\Users\Antec-179\AppData\Roaming\Dropbox
2016-06-16 16:29 - 2015-10-20 13:39 - 00000000 ____D C:\Users\Antec-179\AppData\Local\Dropbox
2016-06-15 02:12 - 2015-11-18 18:14 - 00829600 _____ (COMODO) C:\Windows\system32\Drivers\cmdguard.sys
2016-06-15 02:12 - 2015-11-18 18:14 - 00031648 _____ (COMODO) C:\Windows\system32\Drivers\cmderd.sys
2016-06-15 02:12 - 2015-08-05 01:31 - 00116248 _____ (COMODO) C:\Windows\system32\Drivers\inspect.sys
2016-06-15 02:12 - 2015-08-05 01:31 - 00056472 _____ (COMODO) C:\Windows\system32\Drivers\cmdhlp.sys
2016-06-15 02:08 - 2015-09-03 12:52 - 00793104 _____ (COMODO) C:\Windows\system32\guard64.dll
2016-06-15 02:08 - 2015-09-03 12:52 - 00626288 _____ (COMODO) C:\Windows\SysWOW64\guard32.dll
2016-06-15 02:08 - 2015-08-05 01:29 - 00051800 _____ (COMODO) C:\Windows\system32\cmdcsr.dll
2016-06-15 02:04 - 2015-08-05 01:28 - 00365752 _____ (COMODO) C:\Windows\system32\cmdvrt64.dll
2016-06-15 02:02 - 2015-08-05 01:28 - 00051896 _____ (COMODO) C:\Windows\system32\cmdkbd64.dll
2016-06-15 01:58 - 2015-08-05 01:27 - 00296120 _____ (COMODO) C:\Windows\SysWOW64\cmdvrt32.dll
2016-06-15 01:56 - 2015-08-05 01:26 - 00046776 _____ (COMODO) C:\Windows\SysWOW64\cmdkbd32.dll
2016-06-13 15:36 - 2014-06-02 16:44 - 00000000 ____D C:\new website files
2016-06-10 16:31 - 2013-07-08 09:01 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-06-09 14:19 - 2012-05-25 06:17 - 00000000 ____D C:\Users\Antec-179\AppData\Local\CutePDF Writer
2016-06-06 06:22 - 2015-07-07 16:27 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk

==================== Files in the root of some directories =======

2015-02-04 11:45 - 2015-02-04 11:45 - 0000121 _____ () C:\Users\Antec-179\AppData\Roaming\default.rss
2013-10-29 09:27 - 2014-02-24 07:27 - 0000177 _____ () C:\Users\Antec-179\AppData\Roaming\WB.CFG
2014-01-28 07:27 - 2014-01-28 07:27 - 0000005 _____ () C:\Users\Antec-179\AppData\Roaming\WBPU-TTL.DAT
2014-01-20 09:55 - 2014-05-13 06:14 - 0003584 _____ () C:\Users\Antec-179\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-05-30 08:43 - 2016-03-15 06:38 - 0000600 _____ () C:\Users\Antec-179\AppData\Local\PUTTY.RND
2012-04-17 16:36 - 2015-01-06 17:25 - 0007635 _____ () C:\Users\Antec-179\AppData\Local\Resmon.ResmonCfg
2016-06-30 14:01 - 2016-06-30 14:01 - 0000004 ____H () C:\ProgramData\cm-lock

Files to move or delete:
====================
C:\Users\Antec-179\.vmrc_plugin_ovftool_settings.js
C:\Users\Antec-179\en_res.dll
C:\Users\Antec-179\es_res.dll
C:\Users\Antec-179\fr_res.dll
C:\Users\Antec-179\grm_res.dll
C:\Users\Antec-179\it_res.dll
C:\Users\Antec-179\jp_res.dll
C:\Users\Antec-179\mfc80u.dll
C:\Users\Antec-179\msvcr80.dll
C:\Users\Antec-179\PCPE Setup.exe
C:\Users\Antec-179\pt_res.dll
C:\Users\Antec-179\ResourceReader.dll
C:\Users\Antec-179\ru_res.dll
C:\Users\Antec-179\zh_res.dll


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-06-27 00:50

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-07-2016
Ran by Antec-179 (2016-07-06 13:37:22)
Running from C:\Users\Antec-179\Documents
Windows 7 Professional Service Pack 1 (X64) (2012-04-10 18:50:05)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3303728595-2053281234-2614305378-500 - Administrator - Disabled)
Antec-179 (S-1-5-21-3303728595-2053281234-2614305378-1000 - Administrator - Enabled) => C:\Users\Antec-179
Guest (S-1-5-21-3303728595-2053281234-2614305378-501 - Administrator - Enabled)
___VMware_Conv_SA___ (S-1-5-21-3303728595-2053281234-2614305378-1009 - Administrator - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AV: COMODO Antivirus (Enabled - Up to date) {D0CC7563-ABD2-DEBE-138E-FDD553335AF2}
AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Comodo Defense+ (Enabled - Up to date) {6BAD9487-8DE8-D130-293E-C6A728B4104F}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
FW: COMODO Firewall (Enabled) {E8F7F446-E1BD-DFE6-38D1-54E0ADE01D89}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

3D XML Player (HKLM\...\{52FDBE6F-53FE-47C5-8D49-6366555D7056}) (Version: 12.36.12304 - Dassault Systemes)
3Dconnexion 3DxWare 10 (64-bit) (HKLM-x32\...\{BAFCA6AC-8B37-405B-B57E-C1D45DE70ACC}) (Version: 10.3.0 - 3Dconnexion)
3Dconnexion 3DxWinCore (Version: 17.3.0.12346 - 3Dconnexion) Hidden
3Dconnexion Add-In for AutoCAD (Version: 5.1.0 - 3Dconnexion) Hidden
3Dconnexion Add-In for Inventor 11 - 2016 (Version: 2.1.1 - 3Dconnexion) Hidden
3Dconnexion Add-In for Solid Edge V18 - ST8 (Version: 3.3.0 - 3Dconnexion) Hidden
3Dconnexion Add-In for SOLIDWORKS 2005 - 2016 (Version: 3.3.0 - 3Dconnexion) Hidden
3Dconnexion Add-On for XSI v5.0 - 2015 (Version: 3.0.3 - 3Dconnexion) Hidden
3Dconnexion Collage (x32 Version: 1.3.0 - 3Dconnexion) Hidden
3Dconnexion Extension for SketchUp (Version: 4.2.1 - 3Dconnexion) Hidden
3Dconnexion LCD Applets for SpacePilot Pro (Version: 1.3.3 - 3Dconnexion) Hidden
3Dconnexion Plug-In for 3ds Max 2008 - 2016 (Version: 6.1.2 - 3Dconnexion) Hidden
3Dconnexion Plug-in for Acrobat 3D (x32 Version: 1.4.0 - 3Dconnexion) Hidden
3Dconnexion Plug-In for Maya v8.5 - 2016 (Version: 5.1.1 - 3Dconnexion) Hidden
3Dconnexion Plug-In for NX v4.0 - v11.0 (Version: 3.3.0 - 3Dconnexion) Hidden
3Dconnexion Plug-In for Photoshop CS3 - CS6 and CC (Version: 2.4.0 - 3Dconnexion) Hidden
3Dconnexion Plug-In for Pro/ENGINEER Wildfire 3.0 - Creo 3.0 (Version: 2.2.4 - 3Dconnexion) Hidden
3Dconnexion Trainer (x32 Version: 3.2.3 - 3Dconnexion) Hidden
3Dconnexion Viewer and Assembly Demo (x32 Version: 0.9.0.0 - 3Dconnexion) Hidden
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Acronis True Image 2014 (HKLM-x32\...\{5858B1D6-8056-471C-8A29-6A1765BBC0BE}) (Version: 17.0.4515 - Acronis)
Ad-Aware Browsing Protection (HKLM-x32\...\Ad-Aware Browsing Protection) (Version: 1.0.1.110 - Lavasoft)
Adobe Acrobat Reader DC MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AC0F074E4100}) (Version: 15.016.20045 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.4.0.2710 - Adobe Systems Incorporated)
Adobe Flash Player 12 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 12.0.0.70 - Adobe Systems Incorporated)
Adobe Flash Player 22 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 22.0.0.192 - Adobe Systems Incorporated)
Advertising Center (x32 Version: 0.0.0.2 - Nero AG) Hidden
Aladdin DiagnostiX 1.10 (HKLM-x32\...\Aladdin DiagnostiX 1.10) (Version: - )
Aladdin Monitor 1.4.2 (HKLM-x32\...\Aladdin Monitor 1.4.2) (Version: - )
Bluetooth Win7 Suite (64) (HKLM\...\{230D1595-57DA-4933-8C4E-375797EBB7E1}) (Version: 7.2.0.40 - Atheros Communications)
BOINC (HKLM\...\{AA72DFB8-BA38-49C9-B5A4-A95FD62641F8}) (Version: 7.0.28 - Space Sciences Laboratory, U.C. Berkeley)
CCleaner (HKLM\...\CCleaner) (Version: 5.19 - Piriform)
CIMCO Edit V7 (HKLM-x32\...\CIMCO Edit V7) (Version: 7.55.07 - CIMCO A/S)
Citrix Online Launcher (HKLM-x32\...\{DB014C85-A264-4BCA-A66F-6DD1FCF8EC36}) (Version: 1.0.335 - Citrix)
cncCoder (HKLM-x32\...\cncCoder_is1) (Version: 4.1 - Axis Controls Ltd)
CodeMeter Runtime Kit v4.50c (HKLM\...\{D2ABD3EE-94BD-48BB-A6C6-E4FFDA64001E}) (Version: 4.50.906.503 - WIBU-SYSTEMS AG)
COMODO Internet Security Premium (HKLM\...\{04833277-EE61-4251-9273-0CF86C0FE710}) (Version: 8.2.0.4792 - COMODO Security Solutions Inc.)
CutePDF Writer 2.8 (HKLM\...\CutePDF Writer Installation) (Version: - )
Dassault Systemes Software Prerequisites x86-x64 (HKLM\...\{CF1EB598-B424-436A-B15F-B763846BA970}) (Version: 8.1.3 - Dassault Systemes)
Dassault Systemes Software VC10 Prerequisites x86-x64 (HKLM\...\{7C534131-6431-4ECB-9069-525CB5F75CC8}) (Version: 10.1.1 - Dassault Systemes)
Dassault Systemes Software VC9 Prerequisites x86-x64 (HKLM\...\{F2F2DEA7-36AB-4E13-907C-D8BDE775EF97}) (Version: 9.1.2 - Dassault Systemes)
Dassault Systemes Software Version 5-6 Release 2012 (B22) (HKLM\...\Dassault Systemes B22_0) (Version: - )
Dropbox (HKU\S-1-5-21-3303728595-2053281234-2614305378-1000\...\Dropbox) (Version: 4.4.29 - Dropbox, Inc.)
DS License Server (HKLM\...\{A224E59D-BEA4-43CE-98A9-A08AC73C33D3}) (Version: 6.214.02470 - Dassault Systemes)
eDrawings 2015 x64 (HKLM\...\{84177FAE-7ADD-474F-92A9-0085D6AFCBDC}) (Version: 15.3.0030 - Dassault Systèmes SolidWorks Corp)
eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
Extended Asian Language font pack for Adobe Reader XI (HKLM-x32\...\{AC76BA86-7AD7-2530-0000-A00000000004}) (Version: 11.0.0 - Adobe Systems Incorporated)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 7.3.4.311 - Foxit Software Inc.)
Garmin Communicator Plugin x64 (HKLM\...\{550331CC-C34B-494F-BCDA-37CE4EF6E924}) (Version: 4.0.3 - Garmin Ltd or its subsidiaries)
Garmin Lifetime Updater (HKLM-x32\...\{9AAD03E8-4F65-4DE2-8F6C-1B079C0C8521}) (Version: 2.1.11 - Garmin)
GoToMeeting 7.20.0.5174 (HKU\S-1-5-21-3303728595-2053281234-2614305378-1000\...\GoToMeeting) (Version: 7.20.0.5174 - CitrixOnline)
GWizardE (x32 Version: 0.4.0 - CNCCookbook, Inc.) Hidden
HASP License Manager (HKLM-x32\...\HASP License Manager) (Version: - )
HaspX (HKLM\...\{32c229e8-ea25-41bd-95bd-00650b385a5f}.sdb) (Version: - )
ImagXpress (x32 Version: 7.0.74.0 - Nero AG) Hidden
InspectionXpert GDT Font Installer (HKLM-x32\...\{C8605789-934D-47B3-9CE6-AE880CBC6033}) (Version: 1.1.0.0 - InspectionXpert)
InspectionXpert OnDemand x64 (HKU\S-1-5-21-3303728595-2053281234-2614305378-1000\...\ea66fb5ec48b6827) (Version: 5.3.2.1115 - InspectionXpert OnDemand x64)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.2.1410 - Intel Corporation)
Intel(R) Network Connections 18.7.28.0 (HKLM\...\PROSetDX) (Version: 18.7.28.0 - Intel)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.5.0.1026 - Intel Corporation)
Intel® Trusted Connect Service Client (HKLM\...\{09536BA1-E498-4CC3-B834-D884A67D7E34}) (Version: 1.23.605.1 - Intel Corporation)
Intel® Watchdog Timer Driver (Intel® WDT) (HKLM-x32\...\{3FD0C489-0F02-481a-A3E1-9754CD396761}) (Version: - Intel Corporation)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.32 - Irfan Skiljan)
Java 8 Update 91 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218091F0}) (Version: 8.0.910.14 - Oracle Corporation)
K-Lite Codec Pack 7.0.0 (Standard) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 7.0.0 - )
Logitech SetPoint 6.65 (HKLM\...\sp6) (Version: 6.65.62 - Logitech)
Logitech Unifying Software 2.50 (HKLM\...\Logitech Unifying) (Version: 2.50.25 - Logitech)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
marvell 91xx driver (HKLM-x32\...\MagniDriver) (Version: 1.0.0.1045 - Marvell)
Mastercam Licensing Installer (HKLM\...\{56D9A6A3-5D54-44F6-9C26-4956B2337387}) (Version: 18.0.11898.0 - CNC Software, Inc.)
Mastercam X7 (x32 Version: 16.0.5.5 - CNC Software, Inc.) Hidden
Mastercam X7 (x32 Version: 2.00.2000 - CNC Software, Inc.) Hidden
Mastercam X9 (Arc MultiEdit AddOn) (HKLM\...\{3BA84FAD-D8A5-45ED-BE0B-B2C772678E7D}) (Version: 18.0.5.27 - CNC Software, Inc.)
Mastercam X9 (HKLM-x32\...\Mastercam X9) (Version: 18.0.11898.0 - CNC Software, Inc.)
Mastercam X9 (LevelSetsVisibility AddOn) (HKLM\...\{8624C0D9-C433-4919-846F-421A2BABB264}) (Version: 17.0.0.1 - CNC Software, Inc.)
Mastercam X9 (Pts2Arcs AddOn) (HKLM\...\{4A205CFB-E234-444A-8E3A-EA4D87700C38}) (Version: 18.0.1.1 - CNC Software, Inc.)
Mastercam X9 (ScriptLinker AddOn) (HKLM\...\{FB60C5AB-AFE7-4776-85D4-709DACDA3D2B}) (Version: 18.0.2.5 - CNC Software, Inc.)
Mastercam X9 (SortCircles AddOn) (HKLM\...\{8C118E97-89DB-4E9A-8134-D8A495471B28}) (Version: 18.0.1.4 - CNC Software, Inc.)
Mastercam X9 (Version: 18.0.18466.0 - CNC Software, Inc.) Hidden
Mastercam X9 (vHelix AddOn) (HKLM\...\{3D897DA6-26E2-409C-AA81-88CF2A1B8519}) (Version: 18.0.1.2 - CNC Software, Inc.)
Mastercam X9 (zSpiral AddOn) (HKLM\...\{F3EBA408-ECCE-43AA-A3D2-7C148CB66859}) (Version: 18.0.1.6 - CNC Software, Inc.)
Menu Templates - Pack 1 (x32 Version: 9.6.0.0 - Nero AG) Hidden
Menu Templates - Starter Kit (x32 Version: 9.6.0.0 - Nero AG) Hidden
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Help Viewer 1.0 (HKLM\...\Microsoft Help Viewer 1.0) (Version: 1.0.30319 - Microsoft Corporation)
Microsoft Help Viewer 2.0 (HKLM-x32\...\Microsoft Help Viewer 2.0) (Version: 2.0.50727 - Microsoft Corporation)
Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 15.0.4833.1001 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft Sync Framework Runtime v1.0 SP1 (x64) (HKLM\...\{8438EC02-B8A9-462D-AC72-1B521349C001}) (Version: 1.0.3010.0 - Microsoft Corporation)
Microsoft Sync Framework SDK v1.0 SP1 (HKLM-x32\...\{0E3DFC64-CC49-4BE2-8C9C-58EF129675DB}) (Version: 1.0.3010.0 - Microsoft Corporation)
Microsoft Sync Framework Services v1.0 SP1 (x64) (HKLM\...\{034106B5-54B7-467F-B477-5B7DBB492624}) (Version: 1.0.3010.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual F# 2.0 Runtime (HKLM-x32\...\{729A3000-BC8A-3B74-BA5D-5068FE12D70C}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual J# 2.0 Redistributable Package - SE (x64) (HKLM\...\Microsoft Visual J# 2.0 Redistributable Package - SE (x64)) (Version: - Microsoft Corporation)
Movie Templates - Starter Kit (x32 Version: 9.6.0.0 - Nero AG) Hidden
Mozilla Firefox 47.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 47.0 (x86 en-US)) (Version: 47.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 47.0.0.5999 - Mozilla)
Mozilla Thunderbird 31.2.0 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 31.2.0 (x86 en-US)) (Version: 31.2.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Nero 9 Essentials (HKLM-x32\...\{0e8d6e9b-e4f1-4881-9d4b-e471e2e10310}) (Version: - Nero AG)
NOVO-Kennametal (HKLM-x32\...\NOVO-Kennametal) (Version: 2.3.1.120 - Machining Cloud GmbH)
NOVO-Kennametal (x32 Version: 2.3.1.120 - Machining Cloud GmbH) Hidden
NVIDIA 3D Vision Controller Driver 352.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 352.65 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 353.62 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 353.62 - NVIDIA Corporation)
NVIDIA Graphics Driver 353.62 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 353.62 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.3 - NVIDIA Corporation)
NVIDIA nView 146.33 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView) (Version: 146.33 - NVIDIA Corporation)
NVIDIA WMI 2.22.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVWMI) (Version: 2.22.0 - NVIDIA Corporation)
Office 15 Click-to-Run Extensibility Component (Version: 15.0.4833.1001 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4833.1001 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (Version: 15.0.4833.1001 - Microsoft Corporation) Hidden
OpenOffice 4.1.1 (HKLM-x32\...\{9395F41D-0F80-432E-9A59-B8E477E7E163}) (Version: 4.11.9775 - Apache Software Foundation)
PowerChute Personal Edition 3.0.2 (HKLM-x32\...\{8ED262EE-FC73-47A9-BB86-D92223246881}) (Version: 3.0.2 - Schneider Electric)
Prerequisites for SSDT (HKLM-x32\...\{9169C939-ED01-446A-BD0C-29873BAF4E48}) (Version: 11.0.2100.60 - Microsoft Corporation)
PuTTY release 0.64 (HKLM-x32\...\PuTTY_is1) (Version: 0.64 - Simon Tatham)
RealDownloader (x32 Version: 18.0.1.10 - RealNetworks, Inc.) Hidden
RealDownloader (x32 Version: 18.0.1.9 - RealNetworks) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden
Realtek Ethernet Controller Driver For Windows 7 (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.21.531.2010 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6235 - Realtek Semiconductor Corp.)
RealTimes (RealPlayer) (HKLM-x32\...\RealPlayer 18.0) (Version: 18.0.1 - RealNetworks)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
Recuva (HKLM\...\Recuva) (Version: 1.43 - Piriform)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.32.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.32.0 - Renesas Electronics Corporation) Hidden
SDFormatter (HKLM-x32\...\{179324FF-7B16-4BA8-9836-055CAAEE4F08}) (Version: 4.0.0 - SD Association)
Sentinel Runtime (HKLM-x32\...\{2A414CBE-CDF3-48C6-A91B-D3D4522F8EB5}) (Version: 6.60.1.36770 - SafeNet Inc.)
SolidWorks eDrawings 2013 x64 (HKLM\...\{E59710B0-0A5A-4956-8496-D7EE0532D4A9}) (Version: 13.3.111 - Dassault Systèmes SolidWorks Corp)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
TurboCAD Professional 15 (HKLM-x32\...\{2BC3CCC0-1149-424F-AF73-4D0C5C053033}) (Version: 15.1 - IMSIDesign)
Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb)
Update for (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)
UpdateService (x32 Version: 1.0.0 - RealNetworks, Inc.) Hidden
USB Disk Storage Format Tool 5.1 (HKLM\...\USB Disk Storage Format Tool_is1) (Version: - Authorsoft Corporation)
VBA (3821b) (x32 Version: 6.01.00.1234 - Microsoft Corporation) Hidden
VC_CRT_x64 (Version: 1.02.0000 - Intel Corporation) Hidden
Video Downloader (x32 Version: 1.0.0 - RealNetworks) Hidden
VMware Client Integration Plug-in 5.1.0 (HKLM-x32\...\{17B9AB5C-356D-4B28-BEB9-A15AF12C36F0}) (Version: 5.1.0.2968519 - VMware, Inc.)
VMware vCenter Converter Standalone (HKLM-x32\...\{17C3235A-A4B9-44ED-8794-54D8408F9733}) (Version: 5.1.0.1087880 - VMware, Inc.)
VMware vSphere Client 5.0 (HKLM-x32\...\{04805AB6-F757-496A-8D56-37A0FC5FF6F3}) (Version: 5.0.0.44739 - VMware, Inc.)
VMware vSphere Client 5.1 (HKLM-x32\...\{09DC364B-A77A-49A0-972B-E43F0DACC5E3}) (Version: 5.1.0.6443 - VMware, Inc.)
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
Zip Extractor Packages (HKU\S-1-5-21-3303728595-2053281234-2614305378-1000\...\Zip Extractor Packages) (Version: - ) <==== ATTENTION

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3303728595-2053281234-2614305378-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Antec-179\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3303728595-2053281234-2614305378-1000_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Program Files (x86)\Citrix\GoToMeeting\1350\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-3303728595-2053281234-2614305378-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Antec-179\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3303728595-2053281234-2614305378-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Antec-179\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3303728595-2053281234-2614305378-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Antec-179\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3303728595-2053281234-2614305378-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Antec-179\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3303728595-2053281234-2614305378-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Antec-179\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3303728595-2053281234-2614305378-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Antec-179\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3303728595-2053281234-2614305378-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Antec-179\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3303728595-2053281234-2614305378-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Antec-179\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3303728595-2053281234-2614305378-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Antec-179\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3303728595-2053281234-2614305378-1000_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\Antec-179\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {1D1028CD-8825-41E7-A8DF-5B3219DD76BB} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => c:\Program Files\Microsoft IntelliPoint\IPoint.exe
Task: {1E4BA4DD-AE08-4AB9-91C4-76EB68716404} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-06-22] (Microsoft Corporation)
Task: {1F72E2A6-2CCA-436B-A693-525FA0AB60DC} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2016-05-27] (Microsoft Corporation)
Task: {4FAB8542-E4F9-41B0-A22D-1EAABBE85DB6} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2016-06-28] (Safer-Networking Ltd.)
Task: {52F552CB-706A-4A2D-B5BB-BB70C604A49A} - System32\Tasks\G2MUpdateTask-S-1-5-21-3303728595-2053281234-2614305378-1000 => C:\Program Files (x86)\Citrix\GoToMeeting\1440\g2mupdate.exe [2014-06-16] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {5A23D24F-0DA5-4F50-BCD8-6AC5AF078470} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2016-06-28] (Safer-Networking Ltd.)
Task: {626609C7-53BA-4187-A588-D582EF1BD0DA} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-06-22] (Microsoft Corporation)
Task: {6B1F246C-F2C0-46D1-98CF-30447B07FAA4} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2016-06-28] (Safer-Networking Ltd.)
Task: {713F67E6-E86E-4DCD-BDA2-D8EFFBD13401} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-3303728595-2053281234-2614305378-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe [2015-07-06] (RealNetworks, Inc.)
Task: {738FD452-3659-44F7-9BEE-7634A0207B66} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx64\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2016-05-27] (Microsoft Corporation)
Task: {83C72957-0E7B-494B-910B-0C4EC57E02FF} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3303728595-2053281234-2614305378-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2015-07-06] (RealNetworks, Inc.)
Task: {8E43596F-6CA7-40C6-96F5-2283BDEABCD7} - System32\Tasks\3DconnexionCreateProcess_3DxService.exe => C:\Program Files\3Dconnexion\3DxWare\3DxWinCore64\3DxService.exe [2015-12-10] (3Dconnexion, INC)
Task: {9D93756F-BADF-4D08-81DF-89EDED6027A6} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-06-29] (Piriform Ltd)
Task: {A8067182-96C8-48CB-B422-5E9CC8C51AF7} - System32\Tasks\COMODO\COMODO Scan {F140D794-60B6-4F00-9235-D6457AA25B22} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2016-06-16] (COMODO)
Task: {A933E935-7FDD-4B67-A8F5-35BD961F8874} - System32\Tasks\RealDownloader Update Check => C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe [2015-07-06] ()
Task: {ABC220CE-A0C6-449C-9EBC-3BF64DEB9CB0} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-3303728595-2053281234-2614305378-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2015-07-06] (RealNetworks, Inc.)
Task: {ACBFA9C1-38E3-4F24-A461-3B9992CAF0D4} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-05-11] (Adobe Systems Incorporated)
Task: {B9589194-DD6A-42CB-9404-159E6B0C758A} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2016-06-16] (COMODO)
Task: {D7573B29-4D2E-4CBD-AFEF-E3486BA5EE87} - System32\Tasks\COMODO\COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2016-06-16] (COMODO)
Task: {E64ECC22-6B54-4EFA-8FA3-13B3B7D36181} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2016-06-16] (COMODO)
Task: {F7ABAB27-5CA5-4FB8-99B6-6510EAE30B0F} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2016-05-27] (Microsoft Corporation)
Task: {FC0B6857-65B0-4874-9FA5-E0291486805E} - System32\Tasks\COMODO\COMODO Cache Builder {0FB77674-7905-4F34-A362-C5A9A26F8CF9} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2016-06-16] (COMODO)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3303728595-2053281234-2614305378-1000Core.job => C:\Users\Antec-179\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-3303728595-2053281234-2614305378-1000.job => C:\Program Files (x86)\Citrix\GoToMeeting\5174\g2mupdate.exe
Task: C:\Windows\Tasks\G2MUploadTask-S-1-5-21-3303728595-2053281234-2614305378-1000.job => C:\Program Files (x86)\Citrix\GoToMeeting\5174\g2mupload.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2015-08-05 11:41 - 2015-07-23 00:06 - 03165000 _____ () C:\Windows\system32\nvwmi64.exe
2012-05-25 06:16 - 2012-03-11 14:56 - 00086608 _____ () C:\Windows\System32\cpwmon64.dll
2013-10-23 11:15 - 2010-11-03 17:30 - 00918144 ____N () C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe
2013-10-23 11:15 - 2010-12-02 10:15 - 00915584 _____ () C:\Program Files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe
2013-10-23 11:15 - 2010-10-21 17:52 - 00586880 _____ () C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe
2015-10-08 16:08 - 2016-04-19 19:26 - 00114888 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2015-06-17 03:25 - 2015-07-06 05:52 - 00031856 _____ () C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
2015-08-05 11:41 - 2015-07-22 21:31 - 00116368 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-01-08 23:02 - 2016-03-16 06:25 - 00073912 _____ () C:\Program Files\COMODO\COMODO Internet Security\scanners\smart.cav
2015-11-02 08:23 - 2015-09-01 12:04 - 08901184 _____ () C:\Program Files\Microsoft Office 15\root\Office15\1033\GrooveIntlResource.dll
2015-08-05 11:41 - 2015-07-23 00:06 - 02441360 _____ () C:\Program Files\NVIDIA Corporation\nview\nview64.dll
2010-07-15 00:44 - 2010-07-15 00:44 - 00020032 _____ () C:\Program Files\Unlocker\UnlockerCOM.dll
2013-10-01 11:26 - 2013-10-01 11:26 - 02810968 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll
2015-12-10 19:24 - 2015-12-10 19:24 - 00038912 _____ () C:\Windows\system32\SPWINI.dll
2015-12-11 02:46 - 2015-12-11 02:46 - 00600064 _____ () C:\Program Files\mcamX9\UICtrls.dll
2015-05-15 08:57 - 2015-05-15 08:57 - 00332800 _____ () C:\Program Files\mcamX9\glew64.dll
2015-05-15 11:18 - 2015-05-15 11:18 - 00331776 _____ () C:\Program Files\mcamX9\interfacial14.dll
2015-12-11 04:21 - 2015-12-11 04:21 - 79611392 _____ () C:\Program Files\mcamX9\CHOOKS\5AXMSURF.DLL
2015-05-15 11:18 - 2015-05-15 11:18 - 02606592 _____ () C:\Program Files\mcamX9\RESOURCES\5AXUI_RES.DLL
2015-05-15 09:02 - 2015-05-15 09:02 - 13650944 _____ () C:\Program Files\mcamX9\mwsimutil.dll
2015-05-15 09:02 - 2015-05-15 09:02 - 02975232 _____ () C:\Program Files\mcamX9\MultiXPost.dll
2015-12-11 04:21 - 2015-12-11 04:21 - 23245824 _____ () C:\Program Files\mcamX9\CHOOKS\MACHSIM.DLL
2015-12-11 04:21 - 2015-12-11 04:21 - 07638016 _____ () C:\Program Files\mcamX9\MXPUI.dll
2015-12-11 04:21 - 2015-12-11 04:21 - 32381952 _____ () C:\Program Files\mcamX9\mwMSimApp.dll
2015-12-11 04:20 - 2015-12-11 04:20 - 01330688 _____ () C:\Program Files\mcamX9\mwCustomStreamService.dll
2015-05-15 08:58 - 2015-05-15 08:58 - 02486784 _____ () C:\Program Files\mcamX9\NLib.dll
2015-05-18 17:27 - 2015-05-18 17:27 - 00087552 _____ () C:\Program Files\mcamX9\CHOOKS\SORTCIRCLES.DLL
2015-05-18 17:27 - 2015-05-18 17:27 - 00031744 _____ () C:\Program Files\mcamX9\Resources\SortCirclesRes.dll
2015-12-11 04:21 - 2015-12-11 04:21 - 02903040 _____ () C:\Program Files\mcamX9\mwUbvsProxy.dll
2015-12-11 04:20 - 2015-12-11 04:20 - 20108288 _____ () C:\Program Files\mcamX9\mwSimStreamManager.dll
2015-12-11 04:20 - 2015-12-11 04:20 - 24689152 _____ () C:\Program Files\mcamX9\mwMSimDefGUI.dll
2015-05-15 11:18 - 2015-05-15 11:18 - 00057856 _____ () C:\Program Files\mcamX9\Resources\5axmsurf_res.dll
2015-05-15 11:18 - 2015-05-15 11:18 - 05112832 _____ () C:\Program Files\mcamX9\Resources\mwMachSim_res.dll
2015-12-11 04:21 - 2015-12-11 04:21 - 13470720 _____ () C:\Program Files\mcamX9\mwVerifier.dll
2015-12-11 04:21 - 2015-12-11 04:21 - 01744896 _____ () C:\Program Files\mcamX9\mwVerifierGUI.dll
2015-05-15 11:18 - 2015-05-15 11:18 - 00015360 _____ () C:\Program Files\mcamX9\Resources\mwVerifierGUI_res.dll
2015-05-15 08:57 - 2015-05-15 08:57 - 00332800 _____ () C:\Program Files\mcamX9\EXTENSIONS\glew64.dll
2016-06-30 14:40 - 2016-06-30 14:40 - 00048640 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_64\Trackerbird.Tracker\08fce3efdb4855cfee03c4760afd744e\Trackerbird.Tracker.ni.dll
2013-10-23 11:15 - 2016-06-30 14:00 - 00023040 _____ () C:\Program Files (x86)\ASUS\AXSP\1.00.13\PEbiosinterface32.dll
2013-10-23 11:15 - 2010-06-29 10:58 - 00104448 ____N () C:\Program Files (x86)\ASUS\AXSP\1.00.13\ATKEX.dll
2015-06-17 03:24 - 2015-06-17 03:24 - 00035976 _____ () C:\Program Files (x86)\Real\UpdateService\DL2UpdatePlugin.dll
2015-06-17 03:24 - 2015-06-17 03:24 - 00039560 _____ () C:\Program Files (x86)\Real\UpdateService\RealDownloaderUpdatePlugin.dll
2015-06-17 03:24 - 2015-06-17 03:24 - 00037528 _____ () C:\Program Files (x86)\Real\UpdateService\VideoDLUpdatePlugin.dll
2016-06-28 16:57 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2016-06-28 16:57 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2016-06-28 16:57 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2016-06-28 16:57 - 2016-06-28 16:57 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2016-06-28 16:57 - 2016-06-28 16:57 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2015-06-03 10:41 - 2015-06-03 10:41 - 00172544 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\caaa0003d6df6f1e5791726812a4e66d\IsdiInterop.ni.dll
2013-10-23 11:18 - 2011-04-30 00:28 - 00059904 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2013-11-22 14:03 - 2013-11-22 14:03 - 00028024 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\thread_pool.dll
2013-11-22 14:06 - 2013-11-22 14:06 - 00420160 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\ulxmlrpcpp.dll
2015-08-05 11:41 - 2015-07-23 00:06 - 02000200 _____ () C:\Program Files\NVIDIA Corporation\nview\nview.dll
2013-11-22 14:03 - 2013-11-22 14:03 - 00036672 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\qt_icontray_ex.dll
2014-11-10 13:51 - 2014-11-10 13:51 - 03339376 _____ () C:\Program Files (x86)\Mozilla Thunderbird\mozjs.dll
2014-11-10 13:51 - 2014-11-10 13:51 - 00158832 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAP32V60.dll
2014-11-10 13:51 - 2014-11-10 13:51 - 00023152 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAPPR32V60.dll
2015-11-02 08:23 - 2015-09-01 08:25 - 08901184 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2014-12-01 14:02 - 2015-06-02 08:58 - 00082272 _____ () C:\CIMCO\CIMCOEdit7\DLL\Localization.dll
2014-12-01 14:02 - 2015-06-02 08:58 - 00987136 _____ () C:\CIMCO\CIMCOEdit7\libxml2.dll
2014-12-01 14:02 - 2015-06-02 08:58 - 00077824 _____ () C:\CIMCO\CIMCOEdit7\zlib1.dll
2014-12-01 14:02 - 2015-06-02 08:58 - 00700768 _____ () C:\CIMCO\CIMCOEdit7\DLL\CycleMacro.DLL
2014-12-01 14:02 - 2015-06-02 08:58 - 02621792 _____ () C:\CIMCO\CIMCOEdit7\DLL\InspectDll.DLL
2014-12-01 14:02 - 2015-06-02 08:58 - 00233824 _____ () C:\CIMCO\CIMCOEdit7\dll\ncfilter_fanuc.dll
2016-06-21 06:06 - 2016-06-21 06:06 - 19455168 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_192.dll
2015-09-15 05:00 - 2015-09-15 05:00 - 00032472 _____ () C:\Program Files (x86)\VMware\Infrastructure\Virtual Infrastructure Client\5.1\VpxClient.SSPI.dll
2012-07-18 13:00 - 2012-07-18 13:00 - 00022168 _____ () C:\Program Files (x86)\VMware\Infrastructure\Virtual Infrastructure Client\5.1\AxInterop.VMwareRemoteConsoleTypeLib.dll
2012-07-13 18:33 - 2012-07-13 18:33 - 01222656 ____R () C:\Program Files (x86)\Common Files\VMware\VMware Remote Console Plug-in 5.1\Internet Explorer\libxml2.dll
2012-07-13 18:33 - 2012-07-13 18:33 - 00637952 ____R () C:\Program Files (x86)\Common Files\VMware\VMware Remote Console Plug-in 5.1\Internet Explorer\glibmm-2.4.dll
2012-07-13 18:33 - 2012-07-13 18:33 - 00322560 ____R () C:\Program Files (x86)\Common Files\VMware\VMware Remote Console Plug-in 5.1\Internet Explorer\libcurl.dll
2012-07-13 18:33 - 2012-07-13 18:33 - 00310784 ____R () C:\Program Files (x86)\Common Files\VMware\VMware Remote Console Plug-in 5.1\Internet Explorer\libldap_r.dll
2012-07-13 18:33 - 2012-07-13 18:33 - 00137728 ____R () C:\Program Files (x86)\Common Files\VMware\VMware Remote Console Plug-in 5.1\Internet Explorer\liblber.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Windows:nlsPreferences [386]
AlternateDataStreams: C:\Windows\RtlExUpd.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\Setup1.exe:$CmdTcID [130]
AlternateDataStreams: C:\Windows\ST6UNST.EXE:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\AERTAC64.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\AERTAR64.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\akshhl31.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\akshhl32.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\akshsp52.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\aksllmtp.exe:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\aksusb4.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\DTSBassEnhancementDLL64.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\DTSBoostDLL64.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\DTSGainCompensatorDLL64.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\DTSGFXAPO64.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\DTSGFXAPONS64.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\DTSLFXAPO64.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\DTSLimiterDLL64.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\DTSNeoPCDLL64.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\DTSS2HeadphoneDLL64.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\DTSS2SpeakerDLL64.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\DTSSymmetryDLL64.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\DTSVoiceClarityDLL64.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\FMAPO64.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\hasplms.exe:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\MaxxAudioAPO20.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\MaxxAudioAPO30.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\MaxxAudioEQ.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\MaxxAudioRealtek.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\MaxxVolumeSDAPO.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\MRT.exe:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\poqexec.exe:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\R4EEA64A.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\R4EED64A.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\R4EEG64A.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\R4EEL64A.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\R4EEP64A.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\RCoInst64.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\RP3DAA64.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\RP3DHT64.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\RTCOM64.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\RTEED64A.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\RTEEG64A.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\RTEEL64A.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\RTEEP64A.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\RtkApi64.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\RtkCfg64.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\RtlCPAPI64.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\RtPgEx64.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\RTSnMg64.cpl:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\sdnclean64.exe:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\SFAPO64.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\SFCOM64.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\SFNHK64.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\SFSS_APO.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\SRSHP64.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\SRSTSH64.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\SRSTSX64.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\SRSWOW64.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\WavesGUILib.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\FlashPlayerApp.exe:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\HLS32SVC.EXE:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\MBI.OCX:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\MSCOMM32.OCX:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\MSJET35.DLL:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\MSJINT35.DLL:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\MSJTER35.DLL:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\MSRD2X35.DLL:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\MSREPL35.DLL:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\nhsrvice.exe:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\poqexec.exe:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\SFCOM.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\TABCTL32.OCX:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\UNWISE.EXE:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\VB5DB.DLL:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\vcomp100.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\Drivers\3dxhid.sys:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\Drivers\3dxkmj.sys:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\Drivers\3dxshim.sys:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\Drivers\afcdp.sys:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\Drivers\aksclass.sys:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\Drivers\aksdf.sys:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\Drivers\akshasp.sys:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\Drivers\akshhl.sys:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\Drivers\aksusb.sys:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\Drivers\fltsrv.sys:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\Drivers\hardlock.sys:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\Drivers\mbam.sys:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\Drivers\mbamchameleon.sys:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\Drivers\mwac.sys:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\Drivers\RTKVHD64.sys:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\Drivers\snapman.sys:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\Drivers\tdrpman.sys:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\Drivers\tib.sys:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\Drivers\tib_mounter.sys:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\Drivers\usbser.sys:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\Drivers\vididr.sys:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\Drivers\vidsflt.sys:$CmdTcID [130]
AlternateDataStreams: C:\Users\Antec-179\Desktop\13332980_1165453150164082_4473727524324176454_n.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Antec-179\Desktop\3D printer test cube hollow_cube.stl:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\Antec-179\Desktop\AddressTransfertoMyUPS.dat:$CmdTcID [130]
AlternateDataStreams: C:\Users\Antec-179\Desktop\AddressTransfertoMyUPS.dat:$CmdZnID [26]
AlternateDataStreams: C:\Users\Antec-179\Desktop\BBPrecise.xlsx:$CmdTcID [130]
AlternateDataStreams: C:\Users\Antec-179\Desktop\dsrfix.zip:$CmdTcID [130]
AlternateDataStreams: C:\Users\Antec-179\Desktop\dsrfix.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\Antec-179\Desktop\GCode_Print_Simulator.zip:$CmdTcID [130]
AlternateDataStreams: C:\Users\Antec-179\Desktop\GCode_Print_Simulator.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\Antec-179\Desktop\gpovault.msi:$CmdZnID [26]
AlternateDataStreams: C:\Users\Antec-179\Desktop\MANUALS1.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\Antec-179\Desktop\SL-300 TEO12072 instruction manual.pdf:$CmdTcID [130]
AlternateDataStreams: C:\Users\Antec-179\Desktop\SL-300 TEO12072 instruction manual.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Antec-179\Downloads\9200.16384.WIN8_RTM.120725-1247_X64FRE_SERVER_EVAL_EN-US-HRM_SSS_X64FREE_EN-US_DV5.ISO:$CmdTcID [130]
AlternateDataStreams: C:\Users\Antec-179\Downloads\9200.16384.WIN8_RTM.120725-1247_X64FRE_SERVER_EVAL_EN-US-HRM_SSS_X64FREE_EN-US_DV5.ISO:$CmdZnID [26]
AlternateDataStreams: C:\Users\Antec-179\Downloads\acronis true image.exe:$CmdTcID [130]
AlternateDataStreams: C:\Users\Antec-179\Downloads\acronis true image.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Antec-179\Downloads\Androscoggin.zip:$CmdTcID [130]
AlternateDataStreams: C:\Users\Antec-179\Downloads\Androscoggin.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\Antec-179\Downloads\aswMBR.exe:$CmdTcID [130]
AlternateDataStreams: C:\Users\Antec-179\Downloads\aswMBR.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Antec-179\Downloads\avast_business_antivirus_setup_online.exe:$CmdTcID [130]
AlternateDataStreams: C:\Users\Antec-179\Downloads\avast_business_antivirus_setup_online.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Antec-179\Downloads\ccsetup510.exe:$CmdTcID [130]
AlternateDataStreams: C:\Users\Antec-179\Downloads\ccsetup510.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Antec-179\Downloads\ccsetup519.exe:$CmdTcID [130]
AlternateDataStreams: C:\Users\Antec-179\Downloads\ccsetup519.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Antec-179\Downloads\diagnostix.zip:$CmdTcID [130]
AlternateDataStreams: C:\Users\Antec-179\Downloads\diagnostix.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\Antec-179\Downloads\eDrawingsAllX64.exe:$CmdTcID [130]
AlternateDataStreams: C:\Users\Antec-179\Downloads\eDrawingsAllX64.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Antec-179\Downloads\fapt-ladder.zip:$CmdTcID [130]
AlternateDataStreams: C:\Users\Antec-179\Downloads\fapt-ladder.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\Antec-179\Downloads\FAPT_LADDER_V06.1.rar:$CmdTcID [130]
AlternateDataStreams: C:\Users\Antec-179\Downloads\FAPT_LADDER_V06.1.rar:$CmdZnID [26]
AlternateDataStreams: C:\Users\Antec-179\Downloads\importexporttools-3.2.4-sm+tb.xpi:$CmdTcID [130]
AlternateDataStreams: C:\Users\Antec-179\Downloads\importexporttools-3.2.4-sm+tb.xpi:$CmdZnID [26]
AlternateDataStreams: C:\Users\Antec-179\Downloads\InCDReader-5.9.4.0.exe:$CmdTcID [130]
AlternateDataStreams: C:\Users\Antec-179\Downloads\InCDReader-5.9.4.0.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Antec-179\Downloads\InplotSetup.exe:$CmdTcID [130]
AlternateDataStreams: C:\Users\Antec-179\Downloads\InplotSetup.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Antec-179\Downloads\InspectionXpert for PDF 4.0.3.20 x86 English 1404011112.man:$CmdTcID [130]
AlternateDataStreams: C:\Users\Antec-179\Downloads\IXOnDemand.application:$CmdTcID [130]
AlternateDataStreams: C:\Users\Antec-179\Downloads\IXOnDemand.application:$CmdZnID [26]
AlternateDataStreams: C:\Users\Antec-179\Downloads\jxpiinstall.exe:$CmdTcID [130]
AlternateDataStreams: C:\Users\Antec-179\Downloads\jxpiinstall.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Antec-179\Downloads\LTspiceIV.exe:$CmdTcID [130]
AlternateDataStreams: C:\Users\Antec-179\Downloads\LTspiceIV.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Antec-179\Downloads\MBRSAVER.COM:$CmdTcID [130]
AlternateDataStreams: C:\Users\Antec-179\Downloads\NCPlot_v232.exe:$CmdTcID [130]
AlternateDataStreams: C:\Users\Antec-179\Downloads\NCPlot_v232.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Antec-179\Downloads\NCPlot_v233.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Antec-179\Downloads\NOVO-Kennametal_2.3.1.120_Production_Setup.msi:$CmdTcID [130]
AlternateDataStreams: C:\Users\Antec-179\Downloads\NOVO-Kennametal_2.3.1.120_Production_Setup.msi:$CmdZnID [26]
AlternateDataStreams: C:\Users\Antec-179\Downloads\putty-0.64-installer.exe:$CmdTcID [130]
AlternateDataStreams: C:\Users\Antec-179\Downloads\putty-0.64-installer.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Antec-179\Downloads\SErase.exe:$CmdTcID [130]
AlternateDataStreams: C:\Users\Antec-179\Downloads\setup-network-utilities.exe:$CmdTcID [130]
AlternateDataStreams: C:\Users\Antec-179\Downloads\setup-network-utilities.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Antec-179\Downloads\Setup.X64.en-us_O365ProPlusRetail_1ae3c758-7f61-4e51-a64d-0839f346c18d_TX_PR_.exe:$CmdTcID [130]
AlternateDataStreams: C:\Users\Antec-179\Downloads\Setup.X64.en-us_O365ProPlusRetail_1ae3c758-7f61-4e51-a64d-0839f346c18d_TX_PR_.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Antec-179\Downloads\spybot-2.4.exe:$CmdTcID [130]
AlternateDataStreams: C:\Users\Antec-179\Downloads\spybot-2.4.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Antec-179\Downloads\tornoscnceditorsetup.exe:$CmdTcID [130]
AlternateDataStreams: C:\Users\Antec-179\Downloads\tornoscnceditorsetup.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Antec-179\Downloads\uTorrent.exe:$CmdTcID [130]
AlternateDataStreams: C:\Users\Antec-179\Downloads\uTorrent.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Antec-179\Downloads\WS17_0_21_0_ENU.exe:$CmdTcID [130]
AlternateDataStreams: C:\Users\Antec-179\Downloads\WS17_0_21_0_ENU.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Antec-179\Documents\Farbar Recovery Scan Tool.exe:$CmdTcID [130]
AlternateDataStreams: C:\Users\Antec-179\Documents\Farbar Recovery Scan Tool.exe:$CmdZnID [26]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com (http://www.008k.com)
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com (http://www.00hq.com)
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com (http://www.0scan.com)
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com (http://www.1-2005-search.com)
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com (http://www.1-domains-registrations.com)
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com (http://www.1000gratisproben.com)
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com (http://www.1001namen.com)
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com (http://www.100sexlinks.com)
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com (http://www.10sek.com)
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info (http://www.123fporn.info)
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com (http://www.123haustiereundmehr.com)
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com (http://www.123moviedownload.com)
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com (http://www.123simsen.com)

There are 7907 more sites.

IE trusted site: HKU\S-1-5-21-3303728595-2053281234-2614305378-1000\...\sharepoint.com -> hxxps://bbprecise.sharepoint.com
IE restricted site: HKU\S-1-5-21-3303728595-2053281234-2614305378-1000\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-3303728595-2053281234-2614305378-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-3303728595-2053281234-2614305378-1000\...\008k.com -> www.008k.com (http://www.008k.com)
IE restricted site: HKU\S-1-5-21-3303728595-2053281234-2614305378-1000\...\00hq.com -> www.00hq.com (http://www.00hq.com)
IE restricted site: HKU\S-1-5-21-3303728595-2053281234-2614305378-1000\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-3303728595-2053281234-2614305378-1000\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-3303728595-2053281234-2614305378-1000\...\0scan.com -> www.0scan.com (http://www.0scan.com)
IE restricted site: HKU\S-1-5-21-3303728595-2053281234-2614305378-1000\...\1-2005-search.com -> www.1-2005-search.com (http://www.1-2005-search.com)
IE restricted site: HKU\S-1-5-21-3303728595-2053281234-2614305378-1000\...\1-domains-registrations.com -> www.1-domains-registrations.com (http://www.1-domains-registrations.com)
IE restricted site: HKU\S-1-5-21-3303728595-2053281234-2614305378-1000\...\1000gratisproben.com -> www.1000gratisproben.com (http://www.1000gratisproben.com)
IE restricted site: HKU\S-1-5-21-3303728595-2053281234-2614305378-1000\...\1001namen.com -> www.1001namen.com (http://www.1001namen.com)
IE restricted site: HKU\S-1-5-21-3303728595-2053281234-2614305378-1000\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-3303728595-2053281234-2614305378-1000\...\100sexlinks.com -> www.100sexlinks.com (http://www.100sexlinks.com)
IE restricted site: HKU\S-1-5-21-3303728595-2053281234-2614305378-1000\...\10sek.com -> www.10sek.com (http://www.10sek.com)
IE restricted site: HKU\S-1-5-21-3303728595-2053281234-2614305378-1000\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-3303728595-2053281234-2614305378-1000\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-3303728595-2053281234-2614305378-1000\...\123fporn.info -> www.123fporn.info (http://www.123fporn.info)
IE restricted site: HKU\S-1-5-21-3303728595-2053281234-2614305378-1000\...\123haustiereundmehr.com -> www.123haustiereundmehr.com (http://www.123haustiereundmehr.com)
IE restricted site: HKU\S-1-5-21-3303728595-2053281234-2614305378-1000\...\123moviedownload.com -> www.123moviedownload.com (http://www.123moviedownload.com)
IE restricted site: HKU\S-1-5-21-3303728595-2053281234-2614305378-1000\...\123simsen.com -> www.123simsen.com (http://www.123simsen.com)

There are 7907 more sites.


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:34 - 2016-06-29 08:17 - 00452975 ____R C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 www.007guard.com (http://www.007guard.com)
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com (http://www.008k.com)
127.0.0.1 008k.com
127.0.0.1 www.00hq.com (http://www.00hq.com)
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com (http://www.032439.com)
127.0.0.1 032439.com
127.0.0.1 www.0scan.com (http://www.0scan.com)
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com (http://www.1000gratisproben.com)
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com (http://www.1001namen.com)
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com (http://www.100888290cs.com)
127.0.0.1 www.100sexlinks.com (http://www.100sexlinks.com)
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com (http://www.10sek.com)
127.0.0.1 www.1-2005-search.com (http://www.1-2005-search.com)
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info (http://www.123fporn.info)
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com (http://www.123haustiereundmehr.com)
127.0.0.1 123moviedownload.com
127.0.0.1 www.123moviedownload.com (http://www.123moviedownload.com)

There are 15540 more lines.


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3303728595-2053281234-2614305378-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Antec-179\Desktop\Personal\rsz_nashftball.jpg
DNS Servers: 192.168.1.23 - 24.92.226.12
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 0) (EnableLUA: 0)
mpsdrv => Firewall Service is not running.
MpsSvc => Firewall Service is not running.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: vmware-converter-agent => 2
MSCONFIG\Services: vmware-converter-server => 2
MSCONFIG\Services: vmware-converter-worker => 2
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: Dropbox Update => "C:\Users\Antec-179\AppData\Local\Dropbox\Update\DropboxUpdate.exe" /c
MSCONFIG\startupreg: nwiz => C:\Program Files\NVIDIA Corporation\nview\nwiz.exe /installquiet
MSCONFIG\startupreg: TkBellExe => "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{7749D332-C928-4444-8098-DE57A3BCBF9B}] => (Allow) LPort=9089
FirewallRules: [{9B033970-E1AB-422A-87E1-3C09DE6DD5A6}] => (Allow) LPort=3395
FirewallRules: [{1F0D189E-E20F-4961-A489-2C2EC78AEA92}] => (Allow) C:\CIMCO\CIMCOEdit7\CIMCOEdit.exe
FirewallRules: [{E0CBBF73-31CF-4C8B-BA9E-20E7BC1601FC}] => (Allow) C:\CIMCO\CIMCOEdit7\CIMCOEdit.exe
FirewallRules: [{CB37E634-4BD8-4A2D-8800-D459DA0666EE}] => (Allow) C:\Windows\system32\hasplms.exe
FirewallRules: [{F5C8EA35-206D-4705-A04F-5D693E417AFC}] => (Allow) C:\Windows\system32\hasplms.exe
FirewallRules: [{9B5AE0D4-5BBD-41C3-8D5A-6EA39036E3F2}] => (Allow) C:\Windows\system32\hasplms.exe
FirewallRules: [{39102ABE-D087-40B5-9D1D-7572A40A7871}] => (Allow) C:\Windows\system32\hasplms.exe
FirewallRules: [{7BFC2BC1-879C-461A-A204-C72E47D63988}] => (Allow) C:\Windows\system32\hasplms.exe
FirewallRules: [{41DB6149-AA5F-4D46-B90F-394A0DBABD92}] => (Allow) C:\Windows\system32\hasplms.exe
FirewallRules: [{F03936F6-5BA6-4A7E-83FA-49EB087D1DCA}] => (Allow) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe
FirewallRules: [{3D58D475-1B2B-4B27-B2D8-56354B1AA014}] => (Allow) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe
FirewallRules: [{7CC536DE-C8B6-4FFF-8D6D-EE1C6CC5A5A7}] => (Allow) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe
FirewallRules: [{1BB73F1C-53EA-42B3-8263-C4BA15CA52E6}] => (Allow) C:\Windows\system32\hasplms.exe
FirewallRules: [{9806D8E0-41FF-4DDC-A26A-BE203D845B2C}] => (Allow) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe
FirewallRules: [{608A024D-2001-44D7-B770-2B36BC4D6759}] => (Allow) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe
FirewallRules: [{061DAD20-E1F4-46E5-BC50-E94BA4C4C748}] => (Allow) C:\Windows\system32\hasplms.exe
FirewallRules: [{DCADD1A1-CFEE-49A3-9E22-A6F2092ECF83}] => (Allow) C:\Windows\system32\hasplms.exe
FirewallRules: [{74FDA5C9-7548-4C8A-8641-E474E9EC225E}] => (Allow) C:\Users\Antec-179\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{9EEF2EF1-59E6-4E50-9FE0-4180DD5A296E}] => (Allow) C:\Users\Antec-179\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{F859C70C-604C-4A0B-8CC7-76C159B67572}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{0133C8A3-AB4B-443D-87A0-EAFBA10B942D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{A354DF0D-E1E3-4F63-B6CA-6F4627234439}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
FirewallRules: [{CC37E4CB-5FA3-46CD-9D82-07DF67FE73F8}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
FirewallRules: [{C4C999CB-AEC9-48F9-9972-EE45A9C976ED}] => (Allow) C:\Windows\system32\hasplms.exe
FirewallRules: [{3391BB63-2133-4D21-8794-FD147B8823EA}] => (Allow) C:\Windows\system32\hasplms.exe
FirewallRules: [{C80B1F70-6D29-488E-8FCF-0F15FF704BDF}] => (Allow) C:\Windows\system32\hasplms.exe
FirewallRules: [{30BBC01A-5B3A-49B8-A577-21386ADE799E}] => (Allow) C:\Windows\system32\hasplms.exe
FirewallRules: [{1B9D2262-82AF-4CC1-987D-BE7D8E30FCF8}] => (Allow) C:\Windows\system32\hasplms.exe
FirewallRules: [{B601AC9A-40A3-4E14-88BA-9FED5361435F}] => (Allow) C:\Windows\system32\hasplms.exe
FirewallRules: [{485E424D-2516-4BD3-BA35-24CADE7E25A1}] => (Allow) C:\Windows\system32\hasplms.exe
FirewallRules: [{3996974B-2F63-4F0A-8D8E-9DF97536092D}] => (Allow) C:\Windows\system32\hasplms.exe
FirewallRules: [{BE502E6C-AF34-4A0A-AA9B-51131420BA4B}] => (Allow) C:\Windows\system32\hasplms.exe
FirewallRules: [{55AF4832-2A6B-45C4-9D9E-D2BE7030D903}] => (Allow) C:\Windows\system32\hasplms.exe
FirewallRules: [{FFE576A7-FCD7-4A6F-8F2E-CCAB4D707E26}] => (Allow) C:\Windows\system32\hasplms.exe
FirewallRules: [{62F98FA0-C506-46E0-BF20-CC0B925942DF}] => (Allow) C:\Windows\system32\hasplms.exe
FirewallRules: [{C6E3A07B-5E5E-4B66-9838-9A97AC489A6B}] => (Allow) C:\Windows\system32\hasplms.exe
FirewallRules: [{403BB92B-F965-45A1-B504-1BCBF1238BE9}] => (Allow) C:\Windows\system32\hasplms.exe
FirewallRules: [{8FE83476-0663-4F46-AE71-2BAC8CEEB241}] => (Allow) C:\Windows\system32\hasplms.exe
FirewallRules: [{6AD5D8B5-36F5-41CA-82D3-DD393F75B7B5}] => (Allow) C:\Windows\system32\hasplms.exe
FirewallRules: [{00FE78D9-DCE6-427B-9FC9-8537CA37FDB7}] => (Allow) c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe
FirewallRules: [{1ABAB4AF-0D35-4924-8385-F94A3188D00F}] => (Allow) C:\Windows\system32\hasplms.exe
FirewallRules: [{00B25920-16D3-4AF6-85EF-DD026A8613C0}] => (Allow) LPort=475
FirewallRules: [{05B3D61C-FFA9-4B3F-A942-E686C972C203}] => (Allow) LPort=475
FirewallRules: [{D8E101B1-1D1A-43D6-8D66-96C7B805C0C5}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [{476E0522-45BA-498A-95CC-49649A6B4BAD}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{A864883C-1C32-43FA-AA69-DA71C5DC2585}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{17DE9D5C-B349-4B1D-A532-8B5AB5ED3DA7}] => (Allow) C:\Windows\system32\hasplms.exe
FirewallRules: [{DB7CBC90-FC2B-4ADD-A4BC-EB1C7092AFD5}] => (Allow) C:\CIMCO\CIMCOEdit7\CIMCOEdit.exe
FirewallRules: [{C2B205E1-2822-4CC1-99B6-4A264A7384E7}] => (Allow) C:\CIMCO\CIMCOEdit7\CIMCOEdit.exe
FirewallRules: [{84D47C17-6AF5-4AA4-9807-10D7B6031CEE}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{EE00092B-00A7-40BE-86EB-6DB571E60462}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{D07FB123-3D5A-404D-8337-59833DF892D3}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{63AE9A03-66F2-4C77-9338-DB0A3F7E8CBF}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
DomainProfile\AuthorizedApplications: [C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe] => Enabled:CodeMeter Runtime Server
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe] => Enabled:CodeMeter Runtime Server
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

==================== Restore Points =========================

18-06-2016 00:00:06 Scheduled Checkpoint
26-06-2016 00:00:06 Scheduled Checkpoint
30-06-2016 13:53:28 Installed NOVO-Kennametal
Check "winmgmt" service or repair WMI.


==================== Faulty Device Manager Devices =============

Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Intel(R) 82579V Gigabit Network Connection
Description: Intel(R) 82579V Gigabit Network Connection
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel
Service: e1cexpress
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (07/06/2016 01:13:54 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80004005

Error: (07/06/2016 08:52:20 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mastercam.exe, version: 18.0.18466.0, time stamp: 0x566a747f
Faulting module name: Interfacial28.dll, version: 2015.1.20.0, time stamp: 0x54bf2be5
Exception code: 0xc0000005
Fault offset: 0x0000000000041b56
Faulting process id: 0x860
Faulting application start time: 0xmastercam.exe0
Faulting application path: mastercam.exe1
Faulting module path: mastercam.exe2
Report Id: mastercam.exe3

Error: (07/06/2016 08:52:19 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: mastercam.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: exception code c0000005, exception address 0000000003CC1B56

Error: (07/06/2016 08:49:05 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mastercam.exe, version: 18.0.18466.0, time stamp: 0x566a747f
Faulting module name: Interfacial28.dll, version: 2015.1.20.0, time stamp: 0x54bf2be5
Exception code: 0xc0000005
Fault offset: 0x0000000000041b56
Faulting process id: 0x2a4c
Faulting application start time: 0xmastercam.exe0
Faulting application path: mastercam.exe1
Faulting module path: mastercam.exe2
Report Id: mastercam.exe3

Error: (07/06/2016 08:49:05 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: mastercam.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: exception code c0000005, exception address 0000000003CC1B56

Error: (07/06/2016 08:48:12 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mastercam.exe, version: 18.0.18466.0, time stamp: 0x566a747f
Faulting module name: Interfacial28.dll, version: 2015.1.20.0, time stamp: 0x54bf2be5
Exception code: 0xc0000005
Fault offset: 0x0000000000041b56
Faulting process id: 0x704
Faulting application start time: 0xmastercam.exe0
Faulting application path: mastercam.exe1
Faulting module path: mastercam.exe2
Report Id: mastercam.exe3

Error: (07/06/2016 08:48:11 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: mastercam.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: exception code c0000005, exception address 0000000003CC1B56

Error: (07/06/2016 08:35:50 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mastercam.exe, version: 18.0.18466.0, time stamp: 0x566a747f
Faulting module name: Interfacial28.dll, version: 2015.1.20.0, time stamp: 0x54bf2be5
Exception code: 0xc0000005
Fault offset: 0x0000000000041b56
Faulting process id: 0x2b8c
Faulting application start time: 0xmastercam.exe0
Faulting application path: mastercam.exe1
Faulting module path: mastercam.exe2
Report Id: mastercam.exe3

Error: (07/06/2016 08:35:49 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: mastercam.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: exception code c0000005, exception address 0000000003CC1B56

Error: (07/05/2016 06:21:04 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80004005


System errors:
=============
Error: (07/06/2016 07:50:08 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Windows Connect Now - Config Registrar service terminated with service-specific error %%-2147024662 = More data is available.
.

Error: (07/05/2016 02:10:40 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.223.2916.0

Update Source: %NT AUTHORITY59

Update Stage: 4.6.0305.00

Source Path: 4.6.0305.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\SYSTEM

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608

Error: (07/04/2016 02:10:43 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.223.2916.0

Update Source: %NT AUTHORITY59

Update Stage: 4.6.0305.00

Source Path: 4.6.0305.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\SYSTEM

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608

Error: (07/04/2016 02:10:42 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.223.2916.0

Update Source: %NT AUTHORITY59

Update Stage: 4.6.0305.00

Source Path: 4.6.0305.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\SYSTEM

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608

Error: (07/03/2016 02:10:47 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.223.2916.0

Update Source: %NT AUTHORITY59

Update Stage: 4.6.0305.00

Source Path: 4.6.0305.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\SYSTEM

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608

Error: (07/03/2016 02:10:43 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.223.2916.0

Update Source: %NT AUTHORITY59

Update Stage: 4.6.0305.00

Source Path: 4.6.0305.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\SYSTEM

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608

Error: (07/03/2016 01:52:12 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.223.2916.0

Update Source: %NT AUTHORITY59

Update Stage: 4.6.0305.00

Source Path: 4.6.0305.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\SYSTEM

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608

Error: (07/02/2016 02:10:45 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.223.2916.0

Update Source: %NT AUTHORITY59

Update Stage: 4.6.0305.00

Source Path: 4.6.0305.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\SYSTEM

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608

Error: (07/02/2016 02:10:44 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.223.2916.0

Update Source: %NT AUTHORITY59

Update Stage: 4.6.0305.00

Source Path: 4.6.0305.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\SYSTEM

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608

Error: (07/01/2016 02:10:46 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.223.2916.0

Update Source: %NT AUTHORITY59

Update Stage: 4.6.0305.00

Source Path: 4.6.0305.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\SYSTEM

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608


CodeIntegrity:
===================================
Date: 2015-09-08 08:30:07.795
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

Date: 2014-10-01 13:55:43.831
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\LMouFilt.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-10-01 13:55:43.799
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\LMouFilt.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-10-01 13:55:39.351
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\LHidFilt.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-10-01 13:55:39.317
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\LHidFilt.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-10-01 13:55:39.274
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\LHidFilt.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-10-01 13:55:39.242
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\LHidFilt.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-10-01 13:55:37.142
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\LHidFilt.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-10-01 13:55:37.110
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\LHidFilt.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-10-01 13:55:37.069
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\LHidFilt.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i7-2700K CPU @ 3.50GHz
Percentage of memory in use: 31%
Total physical RAM: 16360.81 MB
Available physical RAM: 11145.08 MB
Total Virtual: 42088.8 MB
Available Virtual: 35220.4 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:238.37 GB) (Free:109.39 GB) NTFS
Drive d: (HS-450i) (CDROM) (Total:0.03 GB) (Free:0 GB) CDFS
Drive e: (Backup Drive) (Fixed) (Total:465.76 GB) (Free:343.5 GB) NTFS
Drive f: (Mastercam files) (Fixed) (Total:148.96 GB) (Free:109.13 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 238.5 GB) (Disk ID: CEB70E52)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=238.4 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 465.8 GB) (Disk ID: 295E5F9A)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 149 GB) (Disk ID: 41AB2316)
Partition 1: (Not Active) - (Size=55 MB) - (Type=DE)
Partition 2: (Not Active) - (Size=149 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

aswMBR version 1.0.1.2252 Copyright(c) 2014 AVAST Software
Run date: 2016-07-06 14:15:51
-----------------------------
14:15:51.249 OS Version: Windows x64 6.1.7601 Service Pack 1
14:15:51.249 Number of processors: 8 586 0x2A07
14:15:51.249 ComputerName: PROGRAMMING UserName: Antec-179
14:15:51.762 Initialize success
14:15:51.815 VM: initialized successfully
14:15:51.816 VM: Intel CPU supported
14:16:00.813 VM: supported disk I/O iaStor.sys
14:20:51.157 AVAST engine defs: 16070601
14:22:16.611 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
14:22:16.613 Disk 0 Vendor: OCZ-OCTA 1.13 Size: 244198MB BusType: 3
14:22:16.614 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-2
14:22:16.615 Disk 1 Vendor: ST350041 JC4B Size: 476940MB BusType: 3
14:22:16.617 Disk 2 \Device\Harddisk2\DR2 -> \Device\Ide\IAAStorageDevice-3
14:22:16.619 Disk 2 Vendor: ST316081 4.AD Size: 152587MB BusType: 3
14:22:16.629 VM: Disk 0 MBR read successfully
14:22:16.631 Disk 0 MBR scan
14:22:16.652 Disk 0 Windows 7 default MBR code
14:22:16.655 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
14:22:16.658 Disk 0 default boot code
14:22:16.676 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 244096 MB offset 206848
14:22:16.718 Disk 0 scanning C:\Windows\system32\drivers
14:22:24.215 Service scanning
14:22:42.313 Modules scanning
14:22:42.319 Disk 0 trace - called modules:
14:22:42.323 ntoskrnl.exe CLASSPNP.SYS disk.sys vidsflt.sys iaStor.sys hal.dll
14:22:42.328 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800f8b7790]
14:22:42.331 3 CLASSPNP.SYS[fffff8800216e43f] -> nt!IofCallDriver -> [0xfffffa800f7b9e00]
14:22:42.336 5 vidsflt.sys[fffff88000dc35f1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800cf4b050]
14:22:42.800 AVAST engine scan C:\Windows
14:22:44.931 AVAST engine scan C:\Windows\system32
14:25:28.595 AVAST engine scan C:\Windows\system32\drivers
14:25:40.343 AVAST engine scan C:\Users\Antec-179
14:35:21.307 AVAST engine scan C:\ProgramData
14:44:20.248 Disk 0 statistics 5321785/0/18 @ 6.49 MB/s
14:44:20.251 Scan finished successfully
14:44:54.576 Disk 0 MBR has been saved successfully to "C:\Users\Antec-179\Documents\MBR.dat"
14:44:54.595 The log file has been saved successfully to "C:\Users\Antec-179\Documents\aswMBR.txt"

Thanks.

He emailed me a list of usernames that he found in a file on a C&C server his company recently hacked. The usernames and associated websites are legit and match.

He hacked into a Company server and found files related to info on you?.....dang.

Flash and Java exploits used to install VAWTRAK in systems
http://www.trendmicro.com/vinfo/us/threat-encyclopedia/web-attack/3141/vawtrak-plagues-users-in-japan
The above describes how it hit Japan, but applies I think to anyone who might have this particular infection.

Please go to a known clean computer and change passwords to any sensitive sites that collect information or related to banking or Credit Cards.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~`
Please remove the following program through the Control Panel:

Zip Extractor Packages

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Reset your browsers. For instructions click
http://www.howtogeek.com/171924/how-to-reset-your-web-browser-to-its-default-settings/

~~~~~~~~~~~~~~~~~~~~~~~~
It appears your using 2 antivirus together on the computer. This can cause conflicts and errors on things we might need to do and, eat your your computers resources.
AV: Microsoft Security Essentials (Enabled - Up to date)
AV: COMODO Antivirus(Enabled - Up to date)
Make a decision which to keep and please uninstall one.



Do you connect to the internet by a Proxy?

~~~~~

Running from C:\Users\Antec-179\Documents

It's best we move Farbar's to desktop.

Please go to your Documents folder, locate Farbar Recovery Scan Tool, right click and select CUT
Go to an open spot on your desktop, right click and select PASTE
You should now have Farbar Recovery Scan Tool on your desktop.


Please open Notepad *Do Not Use Wordpad!* or use any other text editor than Notepad or the script will fail. (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the quote box below:
To do this highlight the contents of the box and right click on it and select copy.
Paste this into the open notepad. save it to the Desktop as fixlist.txt
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
It needs to be saved Next to the "Farbar Recovery Scan Tool" (If asked to overwrite existing one please allow)


https://dl.dropboxusercontent.com/u/73555776/FRSTfix.JPG




start
CreateRestorePoint:
CloseProcesses:
AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll => No File
AppInit_DLLs-x32: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll => No File
GroupPolicyScripts: Restriction <======= ATTENTION
GroupPolicyScripts\User: Restriction <======= ATTENTION
HKU\S-1-5-21-3303728595-2053281234-2614305378-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3303728595-2053281234-2614305378-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKU\S-1-5-21-3303728595-2053281234-2614305378-1000 -> DefaultScope {8EEAC88A-079B-4b2c-80C1-7836F79EB40A} URL = hxxp://us.search.yahoo.com/search?p={searchTerms}&fr=chr-comodo
SearchScopes: HKU\S-1-5-21-3303728595-2053281234-2614305378-1000 -> {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL =
SearchScopes: HKU\S-1-5-21-3303728595-2053281234-2614305378-1000 -> {8EEAC88A-079B-4b2c-80C1-7836F79EB40A} URL = hxxp://us.search.yahoo.com/search?p={searchTerms}&fr=chr-comodo
Toolbar: HKU\S-1-5-21-3303728595-2053281234-2614305378-1000 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext => not found
FF HKLM-x32\...\Firefox\Extensions: [ocr@babylon.com] - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\ocr@babylon.com => not found
C:\Users\Antec-179\.vmrc_plugin_ovftool_settings.js
C:\Users\Antec-179\en_res.dll
C:\Users\Antec-179\es_res.dll
C:\Users\Antec-179\fr_res.dll
C:\Users\Antec-179\grm_res.dll
C:\Users\Antec-179\it_res.dll
C:\Users\Antec-179\jp_res.dll
C:\Users\Antec-179\mfc80u.dll
C:\Users\Antec-179\msvcr80.dll
C:\Users\Antec-179\PCPE Setup.exe
C:\Users\Antec-179\pt_res.dll
C:\Users\Antec-179\ResourceReader.dll
C:\Users\Antec-179\ru_res.dll
C:\Users\Antec-179\zh_res.dll
AlternateDataStreams: C:\Windows:nlsPreferences [386]
AlternateDataStreams: C:\Windows\RtlExUpd.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\Setup1.exe:$CmdTcID [130]
AlternateDataStreams: C:\Windows\ST6UNST.EXE:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\AERTAC64.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\AERTAR64.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\akshhl31.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\akshhl32.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\akshsp52.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\aksllmtp.exe:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\aksusb4.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\DTSBassEnhancementDLL64.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\DTSBoostDLL64.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\DTSGainCompensatorDLL64.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\DTSGFXAPO64.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\DTSGFXAPONS64.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\DTSLFXAPO64.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\DTSLimiterDLL64.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\DTSNeoPCDLL64.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\DTSS2HeadphoneDLL64.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\DTSS2SpeakerDLL64.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\DTSSymmetryDLL64.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\DTSVoiceClarityDLL64.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\FMAPO64.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\hasplms.exe:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\MaxxAudioAPO20.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\MaxxAudioAPO30.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\MaxxAudioEQ.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\MaxxAudioRealtek.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\MaxxVolumeSDAPO.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\MRT.exe:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\poqexec.exe:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\R4EEA64A.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\R4EED64A.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\R4EEG64A.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\R4EEL64A.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\R4EEP64A.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\RCoInst64.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\RP3DAA64.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\RP3DHT64.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\RTCOM64.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\RTEED64A.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\RTEEG64A.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\RTEEL64A.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\RTEEP64A.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\RtkApi64.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\RtkCfg64.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\RtlCPAPI64.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\RtPgEx64.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\RTSnMg64.cpl:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\sdnclean64.exe:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\SFAPO64.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\SFCOM64.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\SFNHK64.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\SFSS_APO.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\SRSHP64.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\SRSTSH64.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\SRSTSX64.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\SRSWOW64.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\WavesGUILib.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\FlashPlayerApp.exe:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\HLS32SVC.EXE:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\MBI.OCX:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\MSCOMM32.OCX:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\MSJET35.DLL:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\MSJINT35.DLL:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\MSJTER35.DLL:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\MSRD2X35.DLL:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\MSREPL35.DLL:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\nhsrvice.exe:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\poqexec.exe:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\SFCOM.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\TABCTL32.OCX:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\UNWISE.EXE:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\VB5DB.DLL:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\vcomp100.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\Drivers\3dxhid.sys:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\Drivers\3dxkmj.sys:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\Drivers\3dxshim.sys:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\Drivers\afcdp.sys:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\Drivers\aksclass.sys:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\Drivers\aksdf.sys:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\Drivers\akshasp.sys:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\Drivers\akshhl.sys:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\Drivers\aksusb.sys:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\Drivers\fltsrv.sys:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\Drivers\hardlock.sys:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\Drivers\mbam.sys:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\Drivers\mbamchameleon.sys:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\Drivers\mwac.sys:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\Drivers\RTKVHD64.sys:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\Drivers\snapman.sys:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\Drivers\tdrpman.sys:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\Drivers\tib.sys:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\Drivers\tib_mounter.sys:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\Drivers\usbser.sys:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\Drivers\vididr.sys:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\Drivers\vidsflt.sys:$CmdTcID [130]
AlternateDataStreams: C:\Users\Antec-179\Desktop\13332980_1165453150164082_4473727524324176454_n.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Antec-179\Desktop\3D printer test cube hollow_cube.stl:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\Antec-179\Desktop\AddressTransfertoMyUPS.dat:$CmdTcID [130]
AlternateDataStreams: C:\Users\Antec-179\Desktop\AddressTransfertoMyUPS.dat:$CmdZnID [26]
AlternateDataStreams: C:\Users\Antec-179\Desktop\BBPrecise.xlsx:$CmdTcID [130]
AlternateDataStreams: C:\Users\Antec-179\Desktop\dsrfix.zip:$CmdTcID [130]
AlternateDataStreams: C:\Users\Antec-179\Desktop\dsrfix.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\Antec-179\Desktop\GCode_Print_Simulator.zip:$CmdTcID [130]
AlternateDataStreams: C:\Users\Antec-179\Desktop\GCode_Print_Simulator.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\Antec-179\Desktop\gpovault.msi:$CmdZnID [26]
AlternateDataStreams: C:\Users\Antec-179\Desktop\MANUALS1.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\Antec-179\Desktop\SL-300 TEO12072 instruction manual.pdf:$CmdTcID [130]
AlternateDataStreams: C:\Users\Antec-179\Desktop\SL-300 TEO12072 instruction manual.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Antec-179\Downloads\9200.16384.WIN8_RTM.120725-1247_X64FRE_SERVER_EVAL_EN-US-HRM_SSS_X64FREE_EN-US_DV5.ISO:$CmdTcID [130]
AlternateDataStreams: C:\Users\Antec-179\Downloads\9200.16384.WIN8_RTM.120725-1247_X64FRE_SERVER_EVAL_EN-US-HRM_SSS_X64FREE_EN-US_DV5.ISO:$CmdZnID [26]
AlternateDataStreams: C:\Users\Antec-179\Downloads\acronis true image.exe:$CmdTcID [130]
AlternateDataStreams: C:\Users\Antec-179\Downloads\acronis true image.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Antec-179\Downloads\Androscoggin.zip:$CmdTcID [130]
AlternateDataStreams: C:\Users\Antec-179\Downloads\Androscoggin.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\Antec-179\Downloads\aswMBR.exe:$CmdTcID [130]
AlternateDataStreams: C:\Users\Antec-179\Downloads\aswMBR.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Antec-179\Downloads\avast_business_antivirus_setup_online.exe:$CmdTcID [130]
AlternateDataStreams: C:\Users\Antec-179\Downloads\avast_business_antivirus_setup_online.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Antec-179\Downloads\ccsetup510.exe:$CmdTcID [130]
AlternateDataStreams: C:\Users\Antec-179\Downloads\ccsetup510.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Antec-179\Downloads\ccsetup519.exe:$CmdTcID [130]
AlternateDataStreams: C:\Users\Antec-179\Downloads\ccsetup519.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Antec-179\Downloads\diagnostix.zip:$CmdTcID [130]
AlternateDataStreams: C:\Users\Antec-179\Downloads\diagnostix.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\Antec-179\Downloads\eDrawingsAllX64.exe:$CmdTcID [130]
AlternateDataStreams: C:\Users\Antec-179\Downloads\eDrawingsAllX64.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Antec-179\Downloads\fapt-ladder.zip:$CmdTcID [130]
AlternateDataStreams: C:\Users\Antec-179\Downloads\fapt-ladder.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\Antec-179\Downloads\FAPT_LADDER_V06.1.rar:$CmdTcID [130]
AlternateDataStreams: C:\Users\Antec-179\Downloads\FAPT_LADDER_V06.1.rar:$CmdZnID [26]
AlternateDataStreams: C:\Users\Antec-179\Downloads\importexporttools-3.2.4-sm+tb.xpi:$CmdTcID [130]
AlternateDataStreams: C:\Users\Antec-179\Downloads\importexporttools-3.2.4-sm+tb.xpi:$CmdZnID [26]
AlternateDataStreams: C:\Users\Antec-179\Downloads\InCDReader-5.9.4.0.exe:$CmdTcID [130]
AlternateDataStreams: C:\Users\Antec-179\Downloads\InCDReader-5.9.4.0.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Antec-179\Downloads\InplotSetup.exe:$CmdTcID [130]
AlternateDataStreams: C:\Users\Antec-179\Downloads\InplotSetup.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Antec-179\Downloads\InspectionXpert for PDF 4.0.3.20 x86 English 1404011112.man:$CmdTcID [130]
AlternateDataStreams: C:\Users\Antec-179\Downloads\IXOnDemand.application:$CmdTcID [130]
AlternateDataStreams: C:\Users\Antec-179\Downloads\IXOnDemand.application:$CmdZnID [26]
AlternateDataStreams: C:\Users\Antec-179\Downloads\jxpiinstall.exe:$CmdTcID [130]
AlternateDataStreams: C:\Users\Antec-179\Downloads\jxpiinstall.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Antec-179\Downloads\LTspiceIV.exe:$CmdTcID [130]
AlternateDataStreams: C:\Users\Antec-179\Downloads\LTspiceIV.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Antec-179\Downloads\MBRSAVER.COM:$CmdTcID [130]
AlternateDataStreams: C:\Users\Antec-179\Downloads\NCPlot_v232.exe:$CmdTcID [130]
AlternateDataStreams: C:\Users\Antec-179\Downloads\NCPlot_v232.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Antec-179\Downloads\NCPlot_v233.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Antec-179\Downloads\NOVO-Kennametal_2.3.1.120_Production_Setup.msi:$CmdTcID [130]
AlternateDataStreams: C:\Users\Antec-179\Downloads\NOVO-Kennametal_2.3.1.120_Production_Setup.msi:$CmdZnID [26]
AlternateDataStreams: C:\Users\Antec-179\Downloads\putty-0.64-installer.exe:$CmdTcID [130]
AlternateDataStreams: C:\Users\Antec-179\Downloads\putty-0.64-installer.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Antec-179\Downloads\SErase.exe:$CmdTcID [130]
AlternateDataStreams: C:\Users\Antec-179\Downloads\setup-network-utilities.exe:$CmdTcID [130]
AlternateDataStreams: C:\Users\Antec-179\Downloads\setup-network-utilities.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Antec-179\Downloads\Setup.X64.en-us_O365ProPlusRetail_1ae3c758-7f61-4e51-a64d-0839f346c18d_TX_PR_.exe:$CmdTcID [130]
AlternateDataStreams: C:\Users\Antec-179\Downloads\Setup.X64.en-us_O365ProPlusRetail_1ae3c758-7f61-4e51-a64d-0839f346c18d_TX_PR_.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Antec-179\Downloads\spybot-2.4.exe:$CmdTcID [130]
AlternateDataStreams: C:\Users\Antec-179\Downloads\spybot-2.4.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Antec-179\Downloads\tornoscnceditorsetup.exe:$CmdTcID [130]
AlternateDataStreams: C:\Users\Antec-179\Downloads\tornoscnceditorsetup.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Antec-179\Downloads\uTorrent.exe:$CmdTcID [130]
AlternateDataStreams: C:\Users\Antec-179\Downloads\uTorrent.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Antec-179\Downloads\WS17_0_21_0_ENU.exe:$CmdTcID [130]
AlternateDataStreams: C:\Users\Antec-179\Downloads\WS17_0_21_0_ENU.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Antec-179\Documents\Farbar Recovery Scan Tool.exe:$CmdTcID [130]
AlternateDataStreams: C:\Users\Antec-179\Documents\Farbar Recovery Scan Tool.exe:$CmdZnID [26]
CMD: ipconfig /flushdns
CMD: netsh winsock reset all
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
CMD: bitsadmin /reset /allusers
EmptyTemp:
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
End


Open FRST/FRST64 and press the > Fix < button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.
~~~~~~~~~~~~~~~~~~~~~~~~~`

http://i.imgur.com/BY4dvz9.png AdwCleaner

Please download AdwCleaner (http://www.bleepingcomputer.com/download/adwcleaner/dl/125/) and save the file to your Desktop.
Right-click AdwCleaner.exe and select http://i.imgur.com/AVOiBNU.jpg Run as administrator to run the programme.
Follow the prompts.
Click http://i.imgur.com/A49sxPr.png Scan.
Upon completion, click http://i.imgur.com/6cyn5v5.png Logfile. A log (AdwCleaner[S1].txt) will open. Briefly check the log for anything you know to be legitimate.
Return to AdwCleaner. Ensure anything you know to be legitimate does not have a checkmark under the corresponding tab.
Click http://i.imgur.com/MqHawIb.png Clean.
Follow the prompts and allow your computer to reboot.
After the reboot, a log (AdwCleaner[C1].txt) will open. Copy the contents of the log and paste in your next reply.

-- File and folder backups are made for items removed using this programme. Should a legitimate file or folder be removed (otherwise known as a 'false-positive'), simple steps can be taken to restore the item. Please do not overly concern yourself with the contents of AdwCleaner[C1].txt.




======================================================



Please download Junkware Removal Tool (http://www.bleepingcomputer.com/download/junkware-removal-tool/)
or from here http://downloads.malwarebytes.org/file/jrt
to your desktop.

Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.


~~~~
please post
Fixlog.txt
AdwCleaner[C1].txt
JRT.txt

Good morning Juliet,

Apparently this is one of the things he does for a company called Computershare.

Already in the process of changing the passwords (started the process as soon as I got the email just in case it was true). Fortunately I don't access any bank/credit card accounts with this pc, but I do access the back end of my employers website from time to time.

I know better than to have to AV programs running and I had disabled the MSSE, but I was having a problem with getting a program installed a while back and a few recommendations were to install MSSE so I did and must have forgotten to remove it after. Removing it now.

I do not connect to a Proxy.

Browser has been reset.

Windows said ZIP Extractor wasn't installed so removed it from list.

As for the rest I'll get right on it, though it might take me a bit to complete everything.

Thanks for the help so far.

Here are current log files as requested with exception to JRT.

Fix result of Farbar Recovery Scan Tool (x64) Version: 02-07-2016
Ran by Antec-179 (2016-07-07 07:08:17) Run:1
Running from C:\Users\Antec-179\Desktop
Loaded Profiles: Antec-179 (Available Profiles: Antec-179)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start
CreateRestorePoint:
CloseProcesses:
AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll => No File
AppInit_DLLs-x32: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll => No File
GroupPolicyScripts: Restriction <======= ATTENTION
GroupPolicyScripts\User: Restriction <======= ATTENTION
HKU\S-1-5-21-3303728595-2053281234-2614305378-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3303728595-2053281234-2614305378-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKU\S-1-5-21-3303728595-2053281234-2614305378-1000 -> DefaultScope {8EEAC88A-079B-4b2c-80C1-7836F79EB40A} URL = hxxp://us.search.yahoo.com/search?p={searchTerms}&fr=chr-comodo
SearchScopes: HKU\S-1-5-21-3303728595-2053281234-2614305378-1000 -> {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL =
SearchScopes: HKU\S-1-5-21-3303728595-2053281234-2614305378-1000 -> {8EEAC88A-079B-4b2c-80C1-7836F79EB40A} URL = hxxp://us.search.yahoo.com/search?p={searchTerms}&fr=chr-comodo
Toolbar: HKU\S-1-5-21-3303728595-2053281234-2614305378-1000 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext => not found
FF HKLM-x32\...\Firefox\Extensions: [ocr@babylon.com] - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\ocr@babylon.com => not found
C:\Users\Antec-179\.vmrc_plugin_ovftool_settings.js
C:\Users\Antec-179\en_res.dll
C:\Users\Antec-179\es_res.dll
C:\Users\Antec-179\fr_res.dll
C:\Users\Antec-179\grm_res.dll
C:\Users\Antec-179\it_res.dll
C:\Users\Antec-179\jp_res.dll
C:\Users\Antec-179\mfc80u.dll
C:\Users\Antec-179\msvcr80.dll
C:\Users\Antec-179\PCPE Setup.exe
C:\Users\Antec-179\pt_res.dll
C:\Users\Antec-179\ResourceReader.dll
C:\Users\Antec-179\ru_res.dll
C:\Users\Antec-179\zh_res.dll
AlternateDataStreams: C:\Windows:nlsPreferences [386]
AlternateDataStreams: C:\Windows\RtlExUpd.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\Setup1.exe:$CmdTcID [130]
AlternateDataStreams: C:\Windows\ST6UNST.EXE:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\AERTAC64.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\AERTAR64.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\akshhl31.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\akshhl32.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\akshsp52.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\aksllmtp.exe:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\aksusb4.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\DTSBassEnhancementDLL64.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\DTSBoostDLL64.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\DTSGainCompensatorDLL64.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\DTSGFXAPO64.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\DTSGFXAPONS64.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\DTSLFXAPO64.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\DTSLimiterDLL64.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\DTSNeoPCDLL64.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\DTSS2HeadphoneDLL64.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\DTSS2SpeakerDLL64.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\DTSSymmetryDLL64.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\DTSVoiceClarityDLL64.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\FMAPO64.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\hasplms.exe:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\MaxxAudioAPO20.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\MaxxAudioAPO30.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\MaxxAudioEQ.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\MaxxAudioRealtek.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\MaxxVolumeSDAPO.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\MRT.exe:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\poqexec.exe:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\R4EEA64A.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\R4EED64A.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\R4EEG64A.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\R4EEL64A.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\R4EEP64A.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\RCoInst64.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\RP3DAA64.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\RP3DHT64.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\RTCOM64.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\RTEED64A.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\RTEEG64A.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\RTEEL64A.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\RTEEP64A.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\RtkApi64.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\RtkCfg64.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\RtlCPAPI64.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\RtPgEx64.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\RTSnMg64.cpl:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\sdnclean64.exe:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\SFAPO64.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\SFCOM64.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\SFNHK64.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\SFSS_APO.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\SRSHP64.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\SRSTSH64.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\SRSTSX64.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\SRSWOW64.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\WavesGUILib.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\FlashPlayerApp.exe:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\HLS32SVC.EXE:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\MBI.OCX:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\MSCOMM32.OCX:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\MSJET35.DLL:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\MSJINT35.DLL:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\MSJTER35.DLL:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\MSRD2X35.DLL:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\MSREPL35.DLL:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\nhsrvice.exe:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\poqexec.exe:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\SFCOM.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\TABCTL32.OCX:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\UNWISE.EXE:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\VB5DB.DLL:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\vcomp100.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\Drivers\3dxhid.sys:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\Drivers\3dxkmj.sys:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\Drivers\3dxshim.sys:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\Drivers\afcdp.sys:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\Drivers\aksclass.sys:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\Drivers\aksdf.sys:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\Drivers\akshasp.sys:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\Drivers\akshhl.sys:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\Drivers\aksusb.sys:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\Drivers\fltsrv.sys:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\Drivers\hardlock.sys:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\Drivers\mbam.sys:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\Drivers\mbamchameleon.sys:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\Drivers\mwac.sys:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\Drivers\RTKVHD64.sys:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\Drivers\snapman.sys:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\Drivers\tdrpman.sys:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\Drivers\tib.sys:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\Drivers\tib_mounter.sys:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\Drivers\usbser.sys:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\Drivers\vididr.sys:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\Drivers\vidsflt.sys:$CmdTcID [130]
AlternateDataStreams: C:\Users\Antec-179\Desktop\13332980_1165453150164082_4473727524324176454_n.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Antec-179\Desktop\3D printer test cube hollow_cube.stl:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\Antec-179\Desktop\AddressTransfertoMyUPS.dat:$CmdTcID [130]
AlternateDataStreams: C:\Users\Antec-179\Desktop\AddressTransfertoMyUPS.dat:$CmdZnID [26]
AlternateDataStreams: C:\Users\Antec-179\Desktop\BBPrecise.xlsx:$CmdTcID [130]
AlternateDataStreams: C:\Users\Antec-179\Desktop\dsrfix.zip:$CmdTcID [130]
AlternateDataStreams: C:\Users\Antec-179\Desktop\dsrfix.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\Antec-179\Desktop\GCode_Print_Simulator.zip:$CmdTcID [130]
AlternateDataStreams: C:\Users\Antec-179\Desktop\GCode_Print_Simulator.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\Antec-179\Desktop\gpovault.msi:$CmdZnID [26]
AlternateDataStreams: C:\Users\Antec-179\Desktop\MANUALS1.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\Antec-179\Desktop\SL-300 TEO12072 instruction manual.pdf:$CmdTcID [130]
AlternateDataStreams: C:\Users\Antec-179\Desktop\SL-300 TEO12072 instruction manual.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Antec-179\Downloads\9200.16384.WIN8_RTM.120725-1247_X64FRE_SERVER_EVAL_EN-US-HRM_SSS_X64FREE_EN-US_DV5.ISO:$CmdTcID [130]
AlternateDataStreams: C:\Users\Antec-179\Downloads\9200.16384.WIN8_RTM.120725-1247_X64FRE_SERVER_EVAL_EN-US-HRM_SSS_X64FREE_EN-US_DV5.ISO:$CmdZnID [26]
AlternateDataStreams: C:\Users\Antec-179\Downloads\acronis true image.exe:$CmdTcID [130]
AlternateDataStreams: C:\Users\Antec-179\Downloads\acronis true image.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Antec-179\Downloads\Androscoggin.zip:$CmdTcID [130]
AlternateDataStreams: C:\Users\Antec-179\Downloads\Androscoggin.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\Antec-179\Downloads\aswMBR.exe:$CmdTcID [130]
AlternateDataStreams: C:\Users\Antec-179\Downloads\aswMBR.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Antec-179\Downloads\avast_business_antivirus_setup_online.exe:$CmdTcID [130]
AlternateDataStreams: C:\Users\Antec-179\Downloads\avast_business_antivirus_setup_online.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Antec-179\Downloads\ccsetup510.exe:$CmdTcID [130]
AlternateDataStreams: C:\Users\Antec-179\Downloads\ccsetup510.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Antec-179\Downloads\ccsetup519.exe:$CmdTcID [130]
AlternateDataStreams: C:\Users\Antec-179\Downloads\ccsetup519.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Antec-179\Downloads\diagnostix.zip:$CmdTcID [130]
AlternateDataStreams: C:\Users\Antec-179\Downloads\diagnostix.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\Antec-179\Downloads\eDrawingsAllX64.exe:$CmdTcID [130]
AlternateDataStreams: C:\Users\Antec-179\Downloads\eDrawingsAllX64.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Antec-179\Downloads\fapt-ladder.zip:$CmdTcID [130]
AlternateDataStreams: C:\Users\Antec-179\Downloads\fapt-ladder.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\Antec-179\Downloads\FAPT_LADDER_V06.1.rar:$CmdTcID [130]
AlternateDataStreams: C:\Users\Antec-179\Downloads\FAPT_LADDER_V06.1.rar:$CmdZnID [26]
AlternateDataStreams: C:\Users\Antec-179\Downloads\importexporttools-3.2.4-sm+tb.xpi:$CmdTcID [130]
AlternateDataStreams: C:\Users\Antec-179\Downloads\importexporttools-3.2.4-sm+tb.xpi:$CmdZnID [26]
AlternateDataStreams: C:\Users\Antec-179\Downloads\InCDReader-5.9.4.0.exe:$CmdTcID [130]
AlternateDataStreams: C:\Users\Antec-179\Downloads\InCDReader-5.9.4.0.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Antec-179\Downloads\InplotSetup.exe:$CmdTcID [130]
AlternateDataStreams: C:\Users\Antec-179\Downloads\InplotSetup.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Antec-179\Downloads\InspectionXpert for PDF 4.0.3.20 x86 English 1404011112.man:$CmdTcID [130]
AlternateDataStreams: C:\Users\Antec-179\Downloads\IXOnDemand.application:$CmdTcID [130]
AlternateDataStreams: C:\Users\Antec-179\Downloads\IXOnDemand.application:$CmdZnID [26]
AlternateDataStreams: C:\Users\Antec-179\Downloads\jxpiinstall.exe:$CmdTcID [130]
AlternateDataStreams: C:\Users\Antec-179\Downloads\jxpiinstall.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Antec-179\Downloads\LTspiceIV.exe:$CmdTcID [130]
AlternateDataStreams: C:\Users\Antec-179\Downloads\LTspiceIV.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Antec-179\Downloads\MBRSAVER.COM:$CmdTcID [130]
AlternateDataStreams: C:\Users\Antec-179\Downloads\NCPlot_v232.exe:$CmdTcID [130]
AlternateDataStreams: C:\Users\Antec-179\Downloads\NCPlot_v232.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Antec-179\Downloads\NCPlot_v233.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Antec-179\Downloads\NOVO-Kennametal_2.3.1.120_Production_Setup.msi:$CmdTcID [130]
AlternateDataStreams: C:\Users\Antec-179\Downloads\NOVO-Kennametal_2.3.1.120_Production_Setup.msi:$CmdZnID [26]
AlternateDataStreams: C:\Users\Antec-179\Downloads\putty-0.64-installer.exe:$CmdTcID [130]
AlternateDataStreams: C:\Users\Antec-179\Downloads\putty-0.64-installer.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Antec-179\Downloads\SErase.exe:$CmdTcID [130]
AlternateDataStreams: C:\Users\Antec-179\Downloads\setup-network-utilities.exe:$CmdTcID [130]
AlternateDataStreams: C:\Users\Antec-179\Downloads\setup-network-utilities.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Antec-179\Downloads\Setup.X64.en-us_O365ProPlusRetail_1ae3c758-7f61-4e51-a64d-0839f346c18d_TX_PR_.exe:$CmdTcID [130]
AlternateDataStreams: C:\Users\Antec-179\Downloads\Setup.X64.en-us_O365ProPlusRetail_1ae3c758-7f61-4e51-a64d-0839f346c18d_TX_PR_.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Antec-179\Downloads\spybot-2.4.exe:$CmdTcID [130]
AlternateDataStreams: C:\Users\Antec-179\Downloads\spybot-2.4.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Antec-179\Downloads\tornoscnceditorsetup.exe:$CmdTcID [130]
AlternateDataStreams: C:\Users\Antec-179\Downloads\tornoscnceditorsetup.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Antec-179\Downloads\uTorrent.exe:$CmdTcID [130]
AlternateDataStreams: C:\Users\Antec-179\Downloads\uTorrent.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Antec-179\Downloads\WS17_0_21_0_ENU.exe:$CmdTcID [130]
AlternateDataStreams: C:\Users\Antec-179\Downloads\WS17_0_21_0_ENU.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Antec-179\Documents\Farbar Recovery Scan Tool.exe:$CmdTcID [130]
AlternateDataStreams: C:\Users\Antec-179\Documents\Farbar Recovery Scan Tool.exe:$CmdZnID [26]
CMD: ipconfig /flushdns
CMD: netsh winsock reset all
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
CMD: bitsadmin /reset /allusers
EmptyTemp:
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
End
*****************

Restore point was successfully created.
Processes closed successfully.
"C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll" => Value data removed successfully.
"C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll" => Value data removed successfully.
C:\Windows\system32\GroupPolicy\Machine => moved successfully
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
C:\Windows\system32\GroupPolicy\User => moved successfully
"HKU\S-1-5-21-3303728595-2053281234-2614305378-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
HKU\S-1-5-21-3303728595-2053281234-2614305378-1000\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKU\S-1-5-21-3303728595-2053281234-2614305378-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
"HKU\S-1-5-21-3303728595-2053281234-2614305378-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{483830EE-A4CD-4b71-B0A3-3D82E62A6909}" => key removed successfully
HKCR\CLSID\{483830EE-A4CD-4b71-B0A3-3D82E62A6909} => key not found.
"HKU\S-1-5-21-3303728595-2053281234-2614305378-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{8EEAC88A-079B-4b2c-80C1-7836F79EB40A}" => key removed successfully
HKCR\CLSID\{8EEAC88A-079B-4b2c-80C1-7836F79EB40A} => key not found.
HKU\S-1-5-21-3303728595-2053281234-2614305378-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => value removed successfully
HKCR\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => key not found.
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758} => value removed successfully
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\ocr@babylon.com => value removed successfully
C:\Users\Antec-179\.vmrc_plugin_ovftool_settings.js => moved successfully
C:\Users\Antec-179\en_res.dll => moved successfully
C:\Users\Antec-179\es_res.dll => moved successfully
C:\Users\Antec-179\fr_res.dll => moved successfully
C:\Users\Antec-179\grm_res.dll => moved successfully
C:\Users\Antec-179\it_res.dll => moved successfully
C:\Users\Antec-179\jp_res.dll => moved successfully
C:\Users\Antec-179\mfc80u.dll => moved successfully
C:\Users\Antec-179\msvcr80.dll => moved successfully
C:\Users\Antec-179\PCPE Setup.exe => moved successfully
C:\Users\Antec-179\pt_res.dll => moved successfully
C:\Users\Antec-179\ResourceReader.dll => moved successfully
C:\Users\Antec-179\ru_res.dll => moved successfully
C:\Users\Antec-179\zh_res.dll => moved successfully
C:\Windows => ":nlsPreferences" ADS removed successfully.
"C:\Windows\RtlExUpd.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\Setup1.exe" => ":$CmdTcID" ADS not found.
"C:\Windows\ST6UNST.EXE" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\AERTAC64.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\AERTAR64.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\akshhl31.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\akshhl32.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\akshsp52.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\aksllmtp.exe" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\aksusb4.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\DTSBassEnhancementDLL64.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\DTSBoostDLL64.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\DTSGainCompensatorDLL64.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\DTSGFXAPO64.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\DTSGFXAPONS64.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\DTSLFXAPO64.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\DTSLimiterDLL64.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\DTSNeoPCDLL64.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\DTSS2HeadphoneDLL64.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\DTSS2SpeakerDLL64.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\DTSSymmetryDLL64.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\DTSVoiceClarityDLL64.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\FMAPO64.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\hasplms.exe" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\MaxxAudioAPO20.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\MaxxAudioAPO30.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\MaxxAudioEQ.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\MaxxAudioRealtek.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\MaxxVolumeSDAPO.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\MRT.exe" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\poqexec.exe" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\R4EEA64A.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\R4EED64A.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\R4EEG64A.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\R4EEL64A.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\R4EEP64A.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\RCoInst64.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\RP3DAA64.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\RP3DHT64.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\RTCOM64.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\RTEED64A.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\RTEEG64A.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\RTEEL64A.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\RTEEP64A.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\RtkApi64.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\RtkCfg64.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\RtlCPAPI64.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\RtPgEx64.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\RTSnMg64.cpl" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\sdnclean64.exe" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\SFAPO64.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\SFCOM64.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\SFNHK64.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\SFSS_APO.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\SRSHP64.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\SRSTSH64.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\SRSTSX64.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\SRSWOW64.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\WavesGUILib.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\FlashPlayerApp.exe" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\HLS32SVC.EXE" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\MBI.OCX" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\MSCOMM32.OCX" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\MSJET35.DLL" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\MSJINT35.DLL" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\MSJTER35.DLL" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\MSRD2X35.DLL" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\MSREPL35.DLL" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\nhsrvice.exe" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\poqexec.exe" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\SFCOM.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\TABCTL32.OCX" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\UNWISE.EXE" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\VB5DB.DLL" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\vcomp100.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\Drivers\3dxhid.sys" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\Drivers\3dxkmj.sys" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\Drivers\3dxshim.sys" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\Drivers\afcdp.sys" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\Drivers\aksclass.sys" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\Drivers\aksdf.sys" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\Drivers\akshasp.sys" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\Drivers\akshhl.sys" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\Drivers\aksusb.sys" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\Drivers\fltsrv.sys" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\Drivers\hardlock.sys" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\Drivers\mbam.sys" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\Drivers\mbamchameleon.sys" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\Drivers\mwac.sys" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\Drivers\RTKVHD64.sys" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\Drivers\snapman.sys" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\Drivers\tdrpman.sys" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\Drivers\tib.sys" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\Drivers\tib_mounter.sys" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\Drivers\usbser.sys" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\Drivers\vididr.sys" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\Drivers\vidsflt.sys" => ":$CmdTcID" ADS not found.
C:\Users\Antec-179\Desktop\13332980_1165453150164082_4473727524324176454_n.jpg => ":$CmdZnID" ADS removed successfully.
C:\Users\Antec-179\Desktop\3D printer test cube hollow_cube.stl => ":com.dropbox.attributes" ADS removed successfully.
"C:\Users\Antec-179\Desktop\AddressTransfertoMyUPS.dat" => ":$CmdTcID" ADS not found.
C:\Users\Antec-179\Desktop\AddressTransfertoMyUPS.dat => ":$CmdZnID" ADS removed successfully.
"C:\Users\Antec-179\Desktop\BBPrecise.xlsx" => ":$CmdTcID" ADS not found.
"C:\Users\Antec-179\Desktop\dsrfix.zip" => ":$CmdTcID" ADS not found.
C:\Users\Antec-179\Desktop\dsrfix.zip => ":$CmdZnID" ADS removed successfully.
"C:\Users\Antec-179\Desktop\GCode_Print_Simulator.zip" => ":$CmdTcID" ADS not found.
C:\Users\Antec-179\Desktop\GCode_Print_Simulator.zip => ":$CmdZnID" ADS removed successfully.
C:\Users\Antec-179\Desktop\gpovault.msi => ":$CmdZnID" ADS removed successfully.
C:\Users\Antec-179\Desktop\MANUALS1.zip => ":$CmdZnID" ADS removed successfully.
"C:\Users\Antec-179\Desktop\SL-300 TEO12072 instruction manual.pdf" => ":$CmdTcID" ADS not found.
C:\Users\Antec-179\Desktop\SL-300 TEO12072 instruction manual.pdf => ":$CmdZnID" ADS removed successfully.
"C:\Users\Antec-179\Downloads\9200.16384.WIN8_RTM.120725-1247_X64FRE_SERVER_EVAL_EN-US-HRM_SSS_X64FREE_EN-US_DV5.ISO" => ":$CmdTcID" ADS not found.
C:\Users\Antec-179\Downloads\9200.16384.WIN8_RTM.120725-1247_X64FRE_SERVER_EVAL_EN-US-HRM_SSS_X64FREE_EN-US_DV5.ISO => ":$CmdZnID" ADS removed successfully.
"C:\Users\Antec-179\Downloads\acronis true image.exe" => ":$CmdTcID" ADS not found.
C:\Users\Antec-179\Downloads\acronis true image.exe => ":$CmdZnID" ADS removed successfully.
"C:\Users\Antec-179\Downloads\Androscoggin.zip" => ":$CmdTcID" ADS not found.
C:\Users\Antec-179\Downloads\Androscoggin.zip => ":$CmdZnID" ADS removed successfully.
"C:\Users\Antec-179\Downloads\aswMBR.exe" => ":$CmdTcID" ADS not found.
C:\Users\Antec-179\Downloads\aswMBR.exe => ":$CmdZnID" ADS removed successfully.
"C:\Users\Antec-179\Downloads\avast_business_antivirus_setup_online.exe" => ":$CmdTcID" ADS not found.
C:\Users\Antec-179\Downloads\avast_business_antivirus_setup_online.exe => ":$CmdZnID" ADS removed successfully.
"C:\Users\Antec-179\Downloads\ccsetup510.exe" => ":$CmdTcID" ADS not found.
C:\Users\Antec-179\Downloads\ccsetup510.exe => ":$CmdZnID" ADS removed successfully.
"C:\Users\Antec-179\Downloads\ccsetup519.exe" => ":$CmdTcID" ADS not found.
C:\Users\Antec-179\Downloads\ccsetup519.exe => ":$CmdZnID" ADS removed successfully.
"C:\Users\Antec-179\Downloads\diagnostix.zip" => ":$CmdTcID" ADS not found.
C:\Users\Antec-179\Downloads\diagnostix.zip => ":$CmdZnID" ADS removed successfully.
"C:\Users\Antec-179\Downloads\eDrawingsAllX64.exe" => ":$CmdTcID" ADS not found.
C:\Users\Antec-179\Downloads\eDrawingsAllX64.exe => ":$CmdZnID" ADS removed successfully.
"C:\Users\Antec-179\Downloads\fapt-ladder.zip" => ":$CmdTcID" ADS not found.
C:\Users\Antec-179\Downloads\fapt-ladder.zip => ":$CmdZnID" ADS removed successfully.
"C:\Users\Antec-179\Downloads\FAPT_LADDER_V06.1.rar" => ":$CmdTcID" ADS not found.
C:\Users\Antec-179\Downloads\FAPT_LADDER_V06.1.rar => ":$CmdZnID" ADS removed successfully.
"C:\Users\Antec-179\Downloads\importexporttools-3.2.4-sm+tb.xpi" => ":$CmdTcID" ADS not found.
C:\Users\Antec-179\Downloads\importexporttools-3.2.4-sm+tb.xpi => ":$CmdZnID" ADS removed successfully.
"C:\Users\Antec-179\Downloads\InCDReader-5.9.4.0.exe" => ":$CmdTcID" ADS not found.
C:\Users\Antec-179\Downloads\InCDReader-5.9.4.0.exe => ":$CmdZnID" ADS removed successfully.
"C:\Users\Antec-179\Downloads\InplotSetup.exe" => ":$CmdTcID" ADS not found.
C:\Users\Antec-179\Downloads\InplotSetup.exe => ":$CmdZnID" ADS removed successfully.
"C:\Users\Antec-179\Downloads\InspectionXpert for PDF 4.0.3.20 x86 English 1404011112.man" => ":$CmdTcID" ADS not found.
"C:\Users\Antec-179\Downloads\IXOnDemand.application" => ":$CmdTcID" ADS not found.
C:\Users\Antec-179\Downloads\IXOnDemand.application => ":$CmdZnID" ADS removed successfully.
"C:\Users\Antec-179\Downloads\jxpiinstall.exe" => ":$CmdTcID" ADS not found.
C:\Users\Antec-179\Downloads\jxpiinstall.exe => ":$CmdZnID" ADS removed successfully.
"C:\Users\Antec-179\Downloads\LTspiceIV.exe" => ":$CmdTcID" ADS not found.
C:\Users\Antec-179\Downloads\LTspiceIV.exe => ":$CmdZnID" ADS removed successfully.
"C:\Users\Antec-179\Downloads\MBRSAVER.COM" => ":$CmdTcID" ADS not found.
"C:\Users\Antec-179\Downloads\NCPlot_v232.exe" => ":$CmdTcID" ADS not found.
C:\Users\Antec-179\Downloads\NCPlot_v232.exe => ":$CmdZnID" ADS removed successfully.
C:\Users\Antec-179\Downloads\NCPlot_v233.exe => ":$CmdZnID" ADS removed successfully.
"C:\Users\Antec-179\Downloads\NOVO-Kennametal_2.3.1.120_Production_Setup.msi" => ":$CmdTcID" ADS not found.
C:\Users\Antec-179\Downloads\NOVO-Kennametal_2.3.1.120_Production_Setup.msi => ":$CmdZnID" ADS removed successfully.
"C:\Users\Antec-179\Downloads\putty-0.64-installer.exe" => ":$CmdTcID" ADS not found.
C:\Users\Antec-179\Downloads\putty-0.64-installer.exe => ":$CmdZnID" ADS removed successfully.
"C:\Users\Antec-179\Downloads\SErase.exe" => ":$CmdTcID" ADS not found.
"C:\Users\Antec-179\Downloads\setup-network-utilities.exe" => ":$CmdTcID" ADS not found.
C:\Users\Antec-179\Downloads\setup-network-utilities.exe => ":$CmdZnID" ADS removed successfully.
"C:\Users\Antec-179\Downloads\Setup.X64.en-us_O365ProPlusRetail_1ae3c758-7f61-4e51-a64d-0839f346c18d_TX_PR_.exe" => ":$CmdTcID" ADS not found.
C:\Users\Antec-179\Downloads\Setup.X64.en-us_O365ProPlusRetail_1ae3c758-7f61-4e51-a64d-0839f346c18d_TX_PR_.exe => ":$CmdZnID" ADS removed successfully.
"C:\Users\Antec-179\Downloads\spybot-2.4.exe" => ":$CmdTcID" ADS not found.
C:\Users\Antec-179\Downloads\spybot-2.4.exe => ":$CmdZnID" ADS removed successfully.
"C:\Users\Antec-179\Downloads\tornoscnceditorsetup.exe" => ":$CmdTcID" ADS not found.
C:\Users\Antec-179\Downloads\tornoscnceditorsetup.exe => ":$CmdZnID" ADS removed successfully.
"C:\Users\Antec-179\Downloads\uTorrent.exe" => ":$CmdTcID" ADS not found.
C:\Users\Antec-179\Downloads\uTorrent.exe => ":$CmdZnID" ADS removed successfully.
"C:\Users\Antec-179\Downloads\WS17_0_21_0_ENU.exe" => ":$CmdTcID" ADS not found.
C:\Users\Antec-179\Downloads\WS17_0_21_0_ENU.exe => ":$CmdZnID" ADS removed successfully.
"C:\Users\Antec-179\Documents\Farbar Recovery Scan Tool.exe" => ":$CmdTcID" ADS not found.
"C:\Users\Antec-179\Documents\Farbar Recovery Scan Tool.exe" => ":$CmdZnID" ADS not found.

========= ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========


========= netsh winsock reset all =========


Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.


========= End of CMD: =========


========= netsh int ipv4 reset =========

Reseting Global, OK!
Reseting Interface, OK!
Reseting Unicast Address, OK!
Reseting Route, OK!
Restart the computer to complete this action.


========= End of CMD: =========


========= netsh int ipv6 reset =========

Reseting Interface, OK!
Restart the computer to complete this action.


========= End of CMD: =========


========= bitsadmin /reset /allusers =========


BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
(C) Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

0 out of 0 jobs canceled.

========= End of CMD: =========


========= reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========

The operation completed successfully.



========= End of Reg: =========


========= reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========

The operation completed successfully.



========= End of Reg: =========


=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 10060351 B
Java, Flash, Steam htmlcache => 1674 B
Windows/system/drivers => 557168 B
Edge => 0 B
Chrome => 0 B
Firefox => 34389546 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 36071914 B
systemprofile32 => 138926473 B
LocalService => 16384 B
NetworkService => 5600 B
Antec-179 => 460147734 B

RecycleBin => 1163660331 B
EmptyTemp: => 1.7 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 07:08:31 ====

# AdwCleaner v5.201 - Logfile created 07/07/2016 at 07:15:53
# Updated 30/06/2016 by ToolsLib
# Database : 2016-07-06.1 [Server]
# Operating system : Windows 7 Professional Service Pack 1 (X64)
# Username : Antec-179 - PROGRAMMING
# Running from : C:\Users\Antec-179\Desktop\AdwCleaner.exe
# Option : Clean
# Support : https://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****

[-] Folder Deleted : C:\ProgramData\{2b9a4416-c6e2-c61f-2b9a-a4416c6e105b}
[-] Folder Deleted : C:\ProgramData\{e693b2a5-2638-073a-e693-3b2a5263ca94}
[#] Folder Deleted : C:\ProgramData\Application Data\{2b9a4416-c6e2-c61f-2b9a-a4416c6e105b}
[#] Folder Deleted : C:\ProgramData\Application Data\{e693b2a5-2638-073a-e693-3b2a5263ca94}
[-] Folder Deleted : C:\Users\Antec-179\AppData\Local\AdTrustMedia
[-] Folder Deleted : C:\Users\Antec-179\AppData\LocalLow\adawaretb
[-] Folder Deleted : C:\Users\Antec-179\AppData\Roaming\digitalsite
[-] Folder Deleted : C:\Users\Antec-179\AppData\Roaming\DigitalSites
[-] Folder Deleted : C:\Users\Antec-179\AppData\Roaming\download Manager
[-] Folder Deleted : C:\Users\Antec-179\AppData\Roaming\goforfiles
[-] Folder Deleted : C:\Users\Antec-179\AppData\Roaming\0d0s1l2z1p1b
[#] Folder Deleted : C:\Users\Antec-179\AppData\Roaming\GoforFiles
[#] Folder Deleted : C:\Users\Antec-179\AppData\Roaming\digitalsites
[-] Folder Deleted : C:\Windows\SysNative\Unknown

***** [ Files ] *****


***** [ DLLs ] *****


***** [ WMI ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****

[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\BabylonHelper.EXE
[-] Key Deleted : HKCU\Software\5868cdfe23eb941
[-] Key Deleted : HKLM\SOFTWARE\5868cdfe23eb941
[-] Key Deleted : HKLM\SOFTWARE\Classes\FTDownloader
[-] Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{6536801B-F50C-449B-9476-093DFD3789E3}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3CCC052E-BDEE-408A-BEA7-90914EF2964B}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{61F47056-E400-43D3-AF1E-AB7DFFD4C4AD}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E2B98EEA-EE55-4E9B-A8C1-6E5288DF785A}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{94952EC4-DB66-3F32-BE4C-F0BB875EA98E}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{58124A0B-DC32-4180-9BFF-E0E21AE34026}]
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{977AE9CC-AF83-45E8-9E03-E2798216E2D5}]
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}]
[-] Key Deleted : HKCU\Software\GoforFiles
[-] Key Deleted : HKCU\Software\WEBAPP
[-] Key Deleted : HKCU\Software\AppDataLow\Software\adawarebp
[-] Key Deleted : HKLM\SOFTWARE\adawaretb
[-] Key Deleted : HKLM\SOFTWARE\GoforFiles
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Toolbar Cleaner
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\43C098337DB065A49B665D4EA7F16D1C
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A71991503412AEB42838B02C5ED9F9CD
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F7652513C62FF63448CFF05163719DB7
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\18C9E3869A16248439FE3FF9EB02207A
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5D8011310B2622942868A458964FFDC5
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6C63F7979DCC2154CB9591969A5CB89D
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6DD31E6C1A73B334383DF186676F4D20
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AB3204F747B20694B8D49EF92D8DC94B
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C81E33A400B6F814E90C7A3354E2A3A5
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EDBF68C5F16790341B7C6FD7C7F8E4FC
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FFA531D0F3A71504DA7AC6A11CE33739

***** [ Web browsers ] *****


*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [9650 bytes] - [07/07/2016 07:15:53]
C:\AdwCleaner\AdwCleaner[S1].txt - [9444 bytes] - [07/07/2016 07:13:57]

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [9796 bytes] ##########

JRT log.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.6 (04.25.2016)
Operating System: Windows 7 Professional x64
Ran by Antec-179 (Administrator) on Thu 07/07/2016 at 7:24:42.08
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 13

Successfully deleted: C:\ProgramData\ad-aware browsing protection (Folder)
Successfully deleted: C:\Users\Antec-179\AppData\Local\adawarebp (Folder)
Successfully deleted: C:\Users\Antec-179\AppData\Local\crashrpt (Folder)
Successfully deleted: C:\Users\Antec-179\AppData\Roaming\getrighttogo (Folder)
Successfully deleted: C:\Windows\wininit.ini (File)
Successfully deleted: C:\Users\Antec-179\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A4ILVMVG (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Antec-179\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ALIYSLNC (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Antec-179\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IRMJ1XQ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Antec-179\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YWDO5G5F (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A4ILVMVG (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ALIYSLNC (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IRMJ1XQ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YWDO5G5F (Temporary Internet Files Folder)



Registry: 1

Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\\Ad-Aware Browsing Protection (Registry Value)




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 07/07/2016 at 7:26:55.26
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

We got a bunch of junk removed didn't we!

Since you already have MalwareBytes installed, let's update the data base and run a scan.


Open MalwareBytes

On the Dashboard click on Update Now

Go to the Setting Tab

Under Setting go to Detection and Protection

Under PUP and PUM make sure both are set to show Treat Detections as Malware

Go to Advanced setting and make sure Automatically Quarantine Detected Items is checked

Then on the Dashboard click on Scan

Make sure to select THREAT SCAN

Then click on Scan

Note: You may see the following message, "Could not load DDA driver". Click Yes, allow your PC to reboot and continue afterwards.
If threats are detected, click Remove Selected. If you are prompted to reboot, click Yes.
Upon completion of the scan (or after the reboot), click the History tab.
Click Application Logs, followed by the first Scan Log.
Click Export, followed by Copy to Clipboard. Paste the log in your next reply.


~~~~~~~

What we can do now is run an online scan with Eset, a good trusted scanner, reliable and thorough.
The settings I suggest will also show us items located in quarantine folders so don't be alarmed with this, also, in case of a false positive I ask that you not allow it to delete what it does find.
This scanner can take quite a bit of time to run, depending of course how full your computer is.

Ensure your external and/or USB drives are inserted during the scan.


Please run this Free Online Virus Scanner from ESET (http://www.eset.com/onlinescan/)




Please be patient.
Turn off the real-time scanner of any existing antivirus program before performing the online scan. Here's how (http://www.techsupportforum.com/forums/f50/how-to-disable-your-security-applications-490111.html)

You want the Online One-Time Scan

Note: It will run using Internet Explorer, Firefox or Chome.

Tick the box next to YES, I accept the Terms of Use.

When/if prompted by UAC, 'Do you want to allow this app to make changes to your PC?', please choose Yes

Click Start

When asked, allow the activex control to install

Click Start

Make sure that the option Remove found threats is NOT TICKED, and the option Scan unwanted applications is checked

Click Scan

Wait for the scan to finish

Use notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt

Copy and paste that log as a reply to this topic

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~`

Was looking around at another security forum, I'm also a member, and found this update, not sure if it applies to your machine or your version of VMware but do look it over.
https://forums.whatthetech.com/index.php?showtopic=89142&page=10
VMware updates

Please post the 2 logs when finished and give me an update on how your computer is at the moment.

MAB log:

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 7/7/2016
Scan Time: 8:36 AM
Logfile:
Administrator: Yes

Version: 2.2.1.1043
Malware Database: v2016.07.07.02
Rootkit Database: v2016.05.27.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Antec-179

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 311683
Time Elapsed: 9 min, 35 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

So far so good, waiting for the Eset log.

Running right now.

And yes, definitely removed a lot of junk!


So far so good, waiting for the Eset log.

Thanks.

:bigthumb:.....

Eset is still scanning. I keep checking task manager for the not responding message, and it's still going. Gonna let it run till morning and see what happens.

Thanks for the help so far Juliet.

Thanks for the help so far Juliet
Your welcome

Depending on how full your computer is, it can take quite a while but it is a very thorough and dependable scanner.

still need help?

Juliet, not sure what I should do. I cannot get the progress box to come to the front so I can see the activity so I can't tell if it's done. I let it run the whole weekend so it's been 4 days since it started. Task manager still shows the process as running and I see the cpu% vary 1-2% so I think it's still running. My primary drive has 125GB of data, my 1st internal has 121GB and my 2nd has 40GB of data. Does eset scan all drives? Maybe that's the reason it's taking so long?

Thanks.

Thats a crazy amount of time for the scanner to run. Yes, it does scan all drives but if something else is running in the background it could cause it to go much slower but, if that was the case the opening task manager would show high CPU usage.

Can you see the inner face of Eset to see if it says find infections?

No.

The cpu is a 4 core with HT and eset usually sits at 12-13% which is 1 cpu pegged.

When I click on the taskbar to bring it up all I get is the outline of the progress box. I do know that after about 15 min from when I 1st started the scan on the 7th it said there 7 or so infections but the scanner was still running so I let it be. Should I end the process and restart the scan then stop it after it finds a few infections?

Thanks.

at that time it saying it had found infections doesn't bother me, files already deleted should be in quarantine folders.

I think we're going to stop this scanner, right after it started something interfered with it.

Right click on the exe in task manager, select end task.

Go to add/remove programs list and see if Eset is found there and if it is remove it.(May not be but we're going to check)
I want you to reboot your machine to clear this out.

We'll try a different approach.


http://i.imgur.com/7D2ig3K.png Emsisoft Emergency Kit (Portable)

Please download Emsisoft Emergency Kit (http://www.emsisoft.com/en/software/eek/download) and save the file to a your Desktop.
Double-click EmsisoftEmergencyKit.exe.
Click Extract.
Upon completion, double-click the Emsisoft Emergency Kit shortcut on your Desktop to start the programme.
Click Yes to update the programme definitions.
Click Yes to detect Potentially Unwanted Programs (PUP's).
Click Scan now.
Select Full Scan and click Scan.
Close any High Risk notification screen that may appear.
When the scan is finished click Quarantine selected objects if malicious objects were found.
Click View Report, and open the most recent log.
Copy the contents of the log and paste in your next reply.

It didn't show in list.

Downloading Emsisoft right now and will run it when done.

Thanks.

I didn't do a custom scan just a Malware scan so it didn't scan my internal drives. I selected quarantine, but it wouldn't allow me to with the last entry and it said all entries are no risk.

Emsisoft Emergency Kit - Version 11.0
Last update: 7/11/2016 8:39:57 AM
User account: PROGRAMMING\Antec-179

Scan settings:

Scan type: Malware Scan
Objects: Rootkits, Memory, Traces, Files

Detect PUPs: On
Scan archives: Off
ADS Scan: On
File extension filter: Off
Advanced caching: On
Direct disk access: Off

Scan start: 7/11/2016 8:40:32 AM
Key: HKEY_USERS\S-1-5-21-3303728595-2053281234-2614305378-1000\SOFTWARE\INTELORE\EXCEL PASSWORD RECOVERY detected: Application.Win32.PassRecover (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INTERFACE\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7} detected: Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INTERFACE\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6} detected: Application.AdReg (A)
C:\Users\Antec-179\Desktop\Personal\cbsidlm-cbsi188-Gears_Simulator-SEO-75739203.exe detected: Application.Win32.AppInstall (A)

Scanned 80278
Found 4

Scan end: 7/11/2016 8:42:51 AM
Scan time: 0:02:19

EXCEL PASSWORD RECOVERY
This is something you downloaded either to get a password or a cracked copy....can't tell.
If it's a cracked copy I have to tell you it should be uninstalled, leave that up to you since it is against forum policy to have illegal programs on your computer.

Is AdwCleaner still on desktop?
If it is, open the tool and look for the Uninstall button.
Let it uninstall then we'll download a fresh updated version.

http://i.imgur.com/BY4dvz9.png AdwCleaner

Please download AdwCleaner (http://www.bleepingcomputer.com/download/adwcleaner/dl/125/) and save the file to your Desktop.
Right-click AdwCleaner.exe and select http://i.imgur.com/AVOiBNU.jpg Run as administrator to run the programme.
Follow the prompts.
Click http://i.imgur.com/A49sxPr.png Scan.
Upon completion, click http://i.imgur.com/6cyn5v5.png Logfile. A log (AdwCleaner[S1].txt) will open. Briefly check the log for anything you know to be legitimate.
Return to AdwCleaner. Ensure anything you know to be legitimate does not have a checkmark under the corresponding tab.
Click http://i.imgur.com/MqHawIb.png Clean.
Follow the prompts and allow your computer to reboot.
After the reboot, a log (AdwCleaner[C1].txt) will open. Copy the contents of the log and paste in your next reply.

-- File and folder backups are made for items removed using this programme. Should a legitimate file or folder be removed (otherwise known as a 'false-positive'), simple steps can be taken to restore the item. Please do not overly concern yourself with the contents of AdwCleaner[C1].txt.

EXCEL PASSWORD RECOVERY
This is something you downloaded either to get a password or a cracked copy....can't tell.
If it's a cracked copy I have to tell you it should be uninstalled, leave that up to you since it is against forum policy to have illegal programs on your computer.

This was to recover a password on an old excel file I had done several years ago, nothing to do with a cracked copy of Excel. Once I got the password I removed the program but apparently not all of the registry keys were removed.

I'll download ADWCleaner and run it again.

Here is latest logfile

# AdwCleaner v5.201 - Logfile created 11/07/2016 at 12:32:54
# Updated 30/06/2016 by ToolsLib
# Database : 2016-07-10.3 [Server]
# Operating system : Windows 7 Professional Service Pack 1 (X64)
# Username : Antec-179 - PROGRAMMING
# Running from : C:\Users\Antec-179\Desktop\AdwCleaner.exe
# Option : Clean
# Support : https://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****


***** [ Files ] *****


***** [ DLLs ] *****


***** [ WMI ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****

[-] Key Deleted : HKCU\Software\AppDataLow\Software\adawarebp

***** [ Web browsers ] *****


*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [804 bytes] - [11/07/2016 12:32:54]
C:\AdwCleaner\AdwCleaner[S1].txt - [962 bytes] - [11/07/2016 09:56:01]

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [948 bytes] ##########

gotcha!

Tell me how the computer is now.

PC seems fine, then again it did before, it was just the email that had me concerned. I don't know how I would tell if that trojan was still installed and sending out usernames and p/w's so I guess I'll just wait and see.

Thanks for the help.

I think anything that was malware has been removed.

What you can do is
From a known clean computer:
change passwords to all sites used with sensitive information.

You can call your bank and have an alert placed on your accounts for a while...I really didn't see anything that made me think you had any kind of a backdoor trojan but, it's still a precaution you can take.

Let's remove tools used with the quarantine folders.

DelFix


Please download DelFix (http://general-changelog-team.fr/en/downloads/finish/20-outils-de-xplode/9-delfix) or from Here (http://www.bleepingcomputer.com/download/delfix/) and save the file to your Desktop.
Double-click DelFix.exe to run the programme.
Place a checkmark next to the following items:
Activate UAC
Remove disinfection tools
Click the Run button.
-- This will remove the specialized tools we used to disinfect your system.
Any leftover logs, files, folders or tools remaining on your Desktop which were not removed can be deleted manually (right-click the file + delete).

Done.

Thanks for the help Juliet.

Glad we could help. :)http://i204.photobucket.com/albums/bb106/Juliet702/sparkle.gif

Since this issue appears resolved ... this Topic is closed.