I got an email the other day from a guy who works for a company in Canada that believes my pc has been infected with Vawtrak/Pont trojan. He emailed me a list of usernames that he found in a file on a C&C server his company recently hacked. The usernames and associated websites are legit and match.
I have CIS installed and do a weekly scan.
I've scanned my pc with Spybot S&D including a rootscan and nothing seemed to stick out, but there was a lot of files in the rootkit scan.
I've scanned with MAB as well and I didn't see any mention of Vawtrak/Pony or Zeus.
Is there anything else I can do to be sure I'm either not infected or I got rid of the infection?
Thanks. This is on a Win7 pro machine.
Tashi,
I read the post and was in the process of downloading both programs (link to FRST is broken so had to find alternate source) and running them, but I work from home on another pc and I haven't had a chance to get back to the infected pc until now.
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 02-07-2016
Ran by Antec-179 (administrator) on PROGRAMMING (06-07-2016 13:37:09)
Running from C:\Users\Antec-179\Documents
Loaded Profiles: Antec-179 (Available Profiles: Antec-179)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
() C:\Windows\System32\nvwmi64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
(Schneider Electric) C:\Program Files (x86)\APC\PowerChute Personal Edition\mainserv.exe
() C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe
() C:\Program Files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe
() C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Dassault Systemes) C:\Program Files (x86)\Dassault Systemes\B22\intel_a\code\bin\CATSysDemon.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Dassault Systemes) C:\Program Files\Dassault Systemes\DS License Server\win_b64\code\bin\DSLicSrv.exe
(Aladdin Knowledge Systems Ltd.) C:\Windows\SysWOW64\nhsrvice.exe
(SafeNet Inc.) C:\Windows\System32\hasplms.exe
(Aladdin Knowledge Systems Ltd.) C:\Windows\SysWOW64\HLS32SVC.EXE
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(3Dconnexion) C:\Program Files\3Dconnexion\3DxWare\3DxWinCore64\Mgl3DCtlrRPCService.exe
() C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Schneider Electric) C:\Program Files (x86)\APC\PowerChute Personal Edition\dataserv.exe
(WIBU-SYSTEMS AG) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
() C:\Windows\System32\nvwmi64.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
(3Dconnexion, INC) C:\Program Files\3Dconnexion\3DxWare\3DxWinCore64\3DxService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(WIBU-SYSTEMS AG) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Lavasoft) C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
(Acronis) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
(Acronis International GmbH) C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\BusinessMessaging.exe
(3Dconnexion) C:\Program Files\3Dconnexion\3DxWare\3DxWinCore64\3dxpiemenus.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cis.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\LogiAppBroker.exe
(Microsoft Corporation) C:\Windows\System32\mstsc.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(CIMCO A/S) C:\CIMCO\CIMCOEdit7\CIMCOEdit.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_22_0_0_192.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_22_0_0_192.exe
(CNC Software, Inc.) C:\Program Files\mcamX9\MCLogr.exe
(CNC Software, Inc.) C:\Program Files\mcamX9\Mastercam.exe
(CNC Software, Inc.) C:\Program Files\mcamX9\Extensions\ToolManager.exe
(VMware, Inc.) C:\Program Files (x86)\VMware\Infrastructure\Virtual Infrastructure Client\Launcher\VpxClient.exe
(VMware, Inc.) C:\Program Files (x86)\Common Files\VMware\VMware Remote Console Plug-in 5.1\Internet Explorer\vmware-vmrc.exe
(VMware, Inc.) C:\Program Files (x86)\Common Files\VMware\VMware Remote Console Plug-in 5.1\Internet Explorer\vmware-vmrc.exe
(VMware, Inc.) C:\Program Files (x86)\Common Files\VMware\VMware Remote Console Plug-in 5.1\Internet Explorer\vmware-remotemks.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe
(Farbar) C:\Users\Antec-179\Documents\Farbar Recovery Scan Tool.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3100440 2014-05-19] (Logitech, Inc.)
HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [518424 2015-01-23] (Acronis)
HKLM\...\Run: [3DxWare Service] => C:\Program Files\3Dconnexion\3DxWare\3DxWinCore64\3DxService.exe [2160512 2015-12-10] (3Dconnexion, INC)
HKLM\...\Run: [nwiz] => C:\Program Files\NVIDIA Corporation\nview\nwiz.exe [2498368 2015-07-23] ()
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11545192 2015-06-24] (Realtek Semiconductor)
HKLM\...\Run: [COMODO Internet Security] => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [1610936 2016-06-16] (COMODO)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-17] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [Display] => C:\Program Files (x86)\APC\PowerChute Personal Edition\DataCollectionLauncher.exe [284024 2012-01-24] (Schneider Electric)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2011-04-30] (Intel Corporation)
HKLM-x32\...\Run: [Ad-Aware Browsing Protection] => C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe [558672 2013-09-11] (Lavasoft)
HKLM-x32\...\Run: [TrueImageMonitor.exe] => C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [7805824 2015-01-23] (Acronis)
HKLM-x32\...\Run: [AcronisTibMounterMonitor] => C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe [1102192 2015-01-23] (Acronis International GmbH)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596504 2016-05-16] (Oracle Corporation)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2016-06-28] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [Malwarebytes Anti-Malware] => C:\Program Files (x86)\Malwarebytes Anti-Malware\BusinessMessaging.exe [3219456 2016-06-29] (Malwarebytes)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKLM\...\Policies\Explorer\Run: [HVJOGX] => C:\Windows\SysWOW64\asferror3.exe
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-3303728595-2053281234-2614305378-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8810200 2016-06-29] (Piriform Ltd)
HKU\S-1-5-21-3303728595-2053281234-2614305378-1000\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-3303728595-2053281234-2614305378-1000\...\Policies\Explorer: [NoTaskGrouping] 1
HKU\S-1-5-21-3303728595-2053281234-2614305378-1000\...\MountPoints2: {f2330861-6b98-11e5-beff-f46d049c0ec4} - L:\DTVP_Launcher.exe
AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll => No File
AppInit_DLLs-x32: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll => No File
AppInit_DLLs-x32: c:\windows\syswow64\guard32.dll => c:\windows\syswow64\guard32.dll [626288 2016-06-15] (COMODO)
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Antec-179\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Antec-179\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Antec-179\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Antec-179\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Antec-179\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Antec-179\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Antec-179\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Antec-179\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-05-17] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-05-17] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-05-17] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [AcronisSyncError] -> {934BC6C0-FEC2-4df5-A100-961DE2C8A0ED} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2013-10-01] ()
ShellIconOverlayIdentifiers: [AcronisSyncInProgress] -> {00F848DC-B1D4-4892-9C25-CAADC86A215D} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2013-10-01] ()
ShellIconOverlayIdentifiers: [AcronisSyncOk] -> {71573297-552E-46fc-BE3D-3DFAF88D47B7} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2013-10-01] ()
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Antec-179\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Antec-179\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Antec-179\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Antec-179\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Antec-179\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Antec-179\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Antec-179\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Antec-179\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Antec-179\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Antec-179\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Antec-179\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Antec-179\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Antec-179\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Antec-179\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Antec-179\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Antec-179\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-05-31] (Dropbox, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\APC UPS Status.lnk [2012-05-09]
ShortcutTarget: APC UPS Status.lnk -> C:\Program Files (x86)\APC\PowerChute Personal Edition\Display.exe (Schneider Electric)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CodeMeter Control Center.lnk [2016-02-22]
ShortcutTarget: CodeMeter Control Center.lnk -> C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe (WIBU-SYSTEMS AG)
BootExecute: autocheck autochk * sdnclean64.exe
GroupPolicyScripts: Restriction <======= ATTENTION
GroupPolicyScripts\User: Restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\..\Interfaces\{26B5BF47-054C-40BC-9B2D-12AE95F2EB2B}: [NameServer] 192.168.1.23,24.92.226.12
Tcpip\..\Interfaces\{DB7AA593-DC47-443E-8A20-0FCE582526C0}: [NameServer] 192.168.1.4
Tcpip\..\Interfaces\{DB7AA593-DC47-443E-8A20-0FCE582526C0}: [DhcpNameServer] 192.168.1.180
Internet Explorer:
==================
HKU\S-1-5-21-3303728595-2053281234-2614305378-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3303728595-2053281234-2614305378-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKU\S-1-5-21-3303728595-2053281234-2614305378-1000 -> DefaultScope {8EEAC88A-079B-4b2c-80C1-7836F79EB40A} URL = hxxp://us.search.yahoo.com/search?p={searchTerms}&fr=chr-comodo
SearchScopes: HKU\S-1-5-21-3303728595-2053281234-2614305378-1000 -> {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL =
SearchScopes: HKU\S-1-5-21-3303728595-2053281234-2614305378-1000 -> {8EEAC88A-079B-4b2c-80C1-7836F79EB40A} URL = hxxp://us.search.yahoo.com/search?p={searchTerms}&fr=chr-comodo
BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin64.dll [2015-06-17] (RealDownloader)
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2016-05-17] (Microsoft Corporation)
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll [2014-05-19] (Logitech, Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2016-04-12] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-05-17] (Microsoft Corporation)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2015-06-17] (RealDownloader)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\OCHelper.dll [2016-05-17] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll [2016-05-16] (Oracle Corporation)
BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [2010-10-27] (Atheros Commnucations)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll [2014-05-19] (Logitech, Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\URLREDIR.DLL [2016-04-12] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\GROOVEEX.DLL [2016-05-17] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-05-16] (Oracle Corporation)
Toolbar: HKU\S-1-5-21-3303728595-2053281234-2614305378-1000 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
DPF: HKLM-x32 {0D41B8C5-2599-4893-8183-00195EC8D5F9} hxxp://support.asus.com/select/asusTek_sys_ctrl3.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2016-04-19] (Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\MSOSB.DLL [2016-04-19] (Microsoft Corporation)
FireFox:
========
FF ProfilePath: C:\Users\Antec-179\AppData\Roaming\Mozilla\Firefox\Profiles\ptey35xx.default-1402568974972
FF DefaultSearchEngine: Google
FF DefaultSearchEngine.US: Google
FF Homepage: hxxp://news.yahoo.com/us/
FF NetworkProxy: "type", 4
FF Plugin: @3ds.com/3dxml -> C:\Program Files\Dassault Systemes\3D XML Player\win_b64\code\bin\NP3DXMLPlugin.dll [2012-10-30] ()
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_22_0_0_192.dll [2016-06-21] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-10-08] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [No File]
FF Plugin-x32: @3ds.com/3dxml -> C:\Program Files\Dassault Systemes\3D XML Player\win_b64\code\bin32\NP3DXMLPlugin.dll [2011-12-19] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_192.dll [2016-06-21] ()
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2016-04-15] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2016-04-15] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2016-04-15] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2016-04-15] (Foxit Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-05-16] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-05-16] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-11-03] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\NPSPWRAP.DLL [2015-10-08] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-07-22] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-07-22] (NVIDIA Corporation)
FF Plugin-x32: @real.com/nppl3260;version=18.0.1.9 -> c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll [2015-07-06] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=18.0.1.9 -> c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll [2015-07-06] (RealTimes)
FF Plugin-x32: @vmware.com/client-support,version=5.1.0.00000 -> C:\Program Files (x86)\VMware\Client Integration Plug-in 5.1\ClientSupportTools\np-vmware-client-support.dll [2015-08-08] (VMware, Inc.)
FF Plugin-x32: @vmware.com/vmrc,version=2.5.0.00000 -> C:\Program Files (x86)\Common Files\VMware\VMware VMRC Plug-in\Firefox\np-vmware-vmrc.dll [2014-06-20] (VMware, Inc.)
FF Plugin-x32: @vmware.com/vmrc,version=5.1.0.00000 -> C:\Program Files (x86)\Common Files\VMware\VMware Remote Console Plug-in 5.1\Firefox\np-vmware-vmrc.dll [2014-11-19] (VMware, Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-05-27] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3303728595-2053281234-2614305378-1000: @citrixonline.com/appdetectorplugin -> C:\Users\Antec-179\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2014-04-09] (Citrix Online)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2016-05-27] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Antec-179\AppData\Roaming\mozilla\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Users\Antec-179\AppData\Roaming\mozilla\plugins\nppdf32.dll [2013-05-11] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Antec-179\AppData\Roaming\mozilla\plugins\nppl3260.dll [2013-06-25] (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Antec-179\AppData\Roaming\mozilla\plugins\nprpplugin.dll [2013-06-25] (RealPlayer)
FF SearchPlugin: C:\Users\Antec-179\AppData\Roaming\Mozilla\Firefox\Profiles\ptey35xx.default-1402568974972\searchplugins\support-home-page-search.xml [2015-05-16]
FF Extension: NoUn Buttons - C:\Users\Antec-179\AppData\Roaming\Mozilla\Firefox\Profiles\ptey35xx.default-1402568974972\extensions\{99f30549-35d4-11d9-8a2a-396c6e707e82}.xpi [2016-04-28]
FF Extension: ShowIP - C:\Users\Antec-179\AppData\Roaming\Mozilla\Firefox\Profiles\ptey35xx.default-1402568974972\extensions\{3e9bb2a7-62ca-4efa-a4e6-f6f6168a652d}.xpi [2016-04-28]
FF Extension: FireFTP - C:\Users\Antec-179\AppData\Roaming\Mozilla\Firefox\Profiles\ptey35xx.default-1402568974972\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f} [2016-06-22]
FF Extension: IP Address and Domain Information - C:\Users\Antec-179\AppData\Roaming\Mozilla\Firefox\Profiles\ptey35xx.default-1402568974972\Extensions\jid0-jJRRRBMgoShUhb07IvnxTBAl29w@jetpack.xpi [2016-01-11]
FF Extension: Toolbar Buttons - C:\Users\Antec-179\AppData\Roaming\Mozilla\Firefox\Profiles\ptey35xx.default-1402568974972\Extensions\{03B08592-E5B4-45ff-A0BE-C1D975458688}.xpi [2016-04-27]
FF Extension: Password Exporter - C:\Users\Antec-179\AppData\Roaming\Mozilla\Firefox\Profiles\ptey35xx.default-1402568974972\Extensions\{B17C1C5A-04B1-11DB-9804-B622A1EF5492}.xpi [2016-04-05]
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext => not found
FF HKLM-x32\...\Firefox\Extensions: [ocr@babylon.com] - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\ocr@babylon.com => not found
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2014-10-01] [not signed]
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 APC Data Service; C:\Program Files (x86)\APC\PowerChute Personal Edition\dataserv.exe [21880 2012-01-24] (Schneider Electric)
R2 APC UPS Service; C:\Program Files (x86)\APC\PowerChute Personal Edition\mainserv.exe [705912 2012-01-24] (Schneider Electric)
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe [918144 2010-11-03] ()
R2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe [915584 2010-12-02] ()
R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [586880 2010-10-21] ()
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [52896 2010-10-27] (Atheros Commnucations) [File not signed]
R2 BBDemon; C:\Program Files (x86)\Dassault Systemes\B22\intel_a\code\bin\CATSysDemon.exe [38400 2011-07-29] (Dassault Systemes) [File not signed]
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [3009776 2016-06-22] (Microsoft Corporation)
R2 CmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [5817712 2016-06-16] (COMODO)
R3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2271928 2016-06-16] (COMODO)
R2 DS License Server; C:\Program Files\Dassault Systemes\DS License Server\win_b64\code\bin\DSLicSrv.exe [888320 2012-09-01] (Dassault Systemes) [File not signed]
R2 HASP Loader; C:\Windows\SysWOW64\nhsrvice.exe [249856 2015-10-05] (Aladdin Knowledge Systems Ltd.) [File not signed]
R2 hasplms; C:\Windows\system32\hasplms.exe [4665168 2015-10-13] (SafeNet Inc.)
R2 HLServer; C:\Windows\SysWOW64\HLS32SVC.EXE [327680 2015-10-13] (Aladdin Knowledge Systems Ltd.) [File not signed]
R2 Mgl3DCtlrRPCService; C:\Program Files\3Dconnexion\3DxWare\3DxWinCore64\Mgl3DCtlrRPCService.exe [57856 2015-12-10] (3Dconnexion) [File not signed]
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
R2 NVWMI; C:\Windows\system32\nvwmi64.exe [3165000 2015-07-23] ()
R2 RealPlayerUpdateSvc; C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe [31856 2015-07-06] ()
R2 RealTimes Desktop Service; c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe [1115224 2015-07-06] (RealNetworks, Inc.)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2016-06-28] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2016-06-28] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2016-06-28] (Safer-Networking Ltd.)
S4 vmware-converter-agent; C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter-a.exe [479824 2013-04-09] (VMware, Inc.)
S4 vmware-converter-server; C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter.exe [479824 2013-04-09] (VMware, Inc.)
S4 vmware-converter-worker; C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter.exe [479824 2013-04-09] (VMware, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 Sentinel RMS License Manager; "C:\Program Files\CGTech\VERICUT 7.2.3\windows64\license\lservnt.exe" [X]
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 3dxhid; C:\Windows\System32\DRIVERS\3dxhid.sys [39184 2015-08-04] (3Dconnexion SAM)
S3 AiCharger; C:\Windows\SysWow64\drivers\AiCharger.sys [14848 2012-03-22] (ASUSTek Computer Inc.)
R3 akshasp; C:\Windows\System32\DRIVERS\akshasp.sys [77912 2015-10-13] (SafeNet Inc.)
R3 akshhl; C:\Windows\System32\DRIVERS\akshhl.sys [81368 2015-10-13] (SafeNet Inc.)
R3 aksusb; C:\Windows\System32\DRIVERS\aksusb.sys [322560 2015-10-13] (SafeNet Inc.)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2010-08-25] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2010-08-03] ()
S3 bmdrvr; C:\Windows\SysWow64\drivers\bmdrvr.sys [75344 2013-02-22] (VMware, Inc.)
R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [31648 2016-06-15] (COMODO)
R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [829600 2016-06-15] (COMODO)
R1 cmdHlp; C:\Windows\System32\DRIVERS\cmdhlp.sys [56472 2016-06-15] (COMODO)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R0 FTOIIs; C:\Windows\System32\DRIVERS\FTOIIs.sys [229968 2009-11-24] (Promise Technology, Inc.)
R2 Hardlock; C:\Windows\system32\drivers\hardlock.sys [350552 2015-10-13] (SafeNet Inc.)
R1 inspect; C:\Windows\System32\DRIVERS\inspect.sys [116248 2016-06-15] (COMODO)
R3 KMJHidMini; C:\Windows\System32\DRIVERS\3dxkmj.sys [18944 2015-01-26] (3Dconnextion Inc.)
R3 KMJShim; C:\Windows\System32\DRIVERS\3dxshim.sys [7168 2015-01-26] (3Dconnextion Inc.)
R1 LUMDriver; C:\Windows\system32\drivers\LUMDriver.sys [24848 2008-01-02] (IBM)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
R0 tib; C:\Windows\System32\DRIVERS\tib.sys [1120032 2015-01-23] (Acronis International GmbH)
R0 tib_mounter; C:\Windows\System32\DRIVERS\tib_mounter.sys [198432 2015-01-23] (Acronis International GmbH)
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] ()
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2013-03-18] (Apple, Inc.) [File not signed]
R0 vidsflt; C:\Windows\System32\DRIVERS\vidsflt.sys [117024 2015-01-23] (Acronis International GmbH)
R2 vstor2-mntapi20-shared; C:\Windows\SysWow64\drivers\vstor2-mntapi20-shared.sys [33872 2013-02-22] (VMware, Inc.)
S3 lmimirr; system32\DRIVERS\lmimirr.sys [X]
S3 vdbus; system32\DRIVERS\vdbus.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-07-06 13:37 - 2016-07-06 13:37 - 00033930 _____ C:\Users\Antec-179\Documents\FRST.txt
2016-07-06 13:34 - 2016-07-06 13:37 - 00000000 ____D C:\FRST
2016-07-06 13:31 - 2016-07-06 13:31 - 05198336 _____ (AVAST Software) C:\Users\Antec-179\Downloads\aswMBR.exe
2016-07-06 13:30 - 2016-07-06 13:34 - 02390016 _____ (Farbar) C:\Users\Antec-179\Documents\Farbar Recovery Scan Tool.exe
2016-07-06 07:37 - 2016-07-06 07:37 - 00000000 ____D C:\Users\Antec-179\Documents\ProcAlyzer Dumps
2016-06-30 14:03 - 2016-06-30 14:03 - 00000000 ____D C:\Users\Antec-179\AppData\Local\MachiningCloud_GmbH
2016-06-30 14:01 - 2016-06-30 14:01 - 00002085 _____ C:\Users\Public\Desktop\Kennametal.lnk
2016-06-30 14:01 - 2016-06-30 14:01 - 00000004 ____H C:\ProgramData\cm-lock
2016-06-30 14:01 - 2016-06-30 14:01 - 00000000 ____D C:\Users\Antec-179\AppData\Roaming\MachiningCloud
2016-06-30 14:01 - 2016-06-30 14:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NOVO-Kennametal
2016-06-30 14:01 - 2016-06-30 14:01 - 00000000 ____D C:\ProgramData\MachiningCloud
2016-06-30 14:01 - 2016-06-30 14:01 - 00000000 ____D C:\Program Files (x86)\NOVO-Kennametal
2016-06-30 13:53 - 2016-06-30 14:01 - 00000000 ___HD C:\ProgramData\{297E00E8-70AA-4641-BCFE-A906A2FCFB0E}
2016-06-30 13:53 - 2016-06-30 14:00 - 00000000 ____D C:\Users\Antec-179\AppData\Local\IIIQF
2016-06-30 13:53 - 2016-06-30 13:53 - 09715712 _____ C:\Users\Antec-179\Downloads\NOVO-Kennametal_2.3.1.120_Production_Setup.msi
2016-06-29 11:58 - 2016-06-29 11:58 - 00195659 _____ C:\Users\Antec-179\Desktop\CNC Systems.pdf
2016-06-29 08:19 - 2016-06-29 08:19 - 06995720 _____ (Piriform Ltd) C:\Users\Antec-179\Downloads\ccsetup519.exe
2016-06-28 17:00 - 2016-06-28 17:00 - 00000000 ____D C:\Program Files\Common Files\AV
2016-06-28 16:57 - 2016-06-28 16:57 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2016-06-28 16:57 - 2016-06-28 16:57 - 00001395 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2016-06-28 16:57 - 2016-06-28 16:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2016-06-28 16:55 - 2016-06-28 16:57 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Antec-179\Downloads\spybot-2.4.exe
2016-06-28 16:31 - 2016-06-28 16:31 - 00015292 _____ C:\Users\Antec-179\Desktop\BBPrecise.xlsx
2016-06-28 15:59 - 2016-06-28 15:59 - 00295163 _____ C:\Users\Antec-179\Desktop\5606428.mcx-9
2016-06-28 11:33 - 2016-06-28 11:33 - 01200863 _____ C:\Users\Antec-179\Downloads\FAPT_LADDER_V06.1.rar
2016-06-27 10:29 - 2016-06-27 10:29 - 00013011 _____ C:\Users\Antec-179\Desktop\Fanuc motor.xlsx
2016-06-24 15:04 - 2016-06-27 06:12 - 149858063 _____ C:\Users\Antec-179\Documents\TEST.Z2G
2016-06-24 08:22 - 2016-06-24 08:22 - 00776583 _____ C:\Users\Antec-179\Desktop\QA-001-006-A0 Instructions for Remove & Install Spindle Motor.pdf
2016-06-21 08:46 - 2016-06-21 08:54 - 00030720 _____ C:\Users\Antec-179\Desktop\Copy of Credit Card Process Form 2015.xls
2016-06-20 16:28 - 2016-06-20 16:28 - 00098475 _____ C:\Users\Antec-179\Desktop\Blankn po for CNC Systems.pdf
2016-06-20 16:23 - 2016-06-20 16:23 - 00097260 _____ C:\Users\Antec-179\Desktop\JB order agreement.pdf
2016-06-16 06:19 - 2016-06-16 06:19 - 00373649 _____ C:\Users\Antec-179\Desktop\coach clinic.pdf
2016-06-10 09:19 - 2016-06-10 14:56 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-06-09 14:19 - 2016-06-09 14:18 - 00075582 _____ C:\Users\Antec-179\Desktop\TRI-20 B-BAR.pdf
2016-06-07 14:48 - 2016-06-07 14:48 - 00296137 _____ C:\Users\Antec-179\Desktop\Extracted pages from TRI-21.pdf
2016-06-07 06:08 - 2016-06-07 06:08 - 00000000 ____D C:\Users\Antec-179\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-06-06 10:41 - 2016-06-06 10:40 - 00651214 _____ C:\Users\Antec-179\Desktop\Extracted pages from TRI-20.pdf
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2089-02-18 15:52 - 2012-04-13 09:48 - 00131488 _____ C:\Users\Antec-179\Documents\PMC-RB.LAD
2016-07-06 13:32 - 2016-03-23 07:05 - 00077336 _____ C:\Windows\system32\Drivers\fvstore.dat
2016-07-06 13:30 - 2016-02-22 07:42 - 01474832 _____ C:\Windows\system32\Drivers\sfi.dat
2016-07-06 10:53 - 2013-08-12 08:47 - 00000000 ____D C:\Users\Antec-179\AppData\Roaming\VMware
2016-07-06 08:52 - 2014-02-12 11:44 - 00000000 ____D C:\Users\Antec-179\AppData\Roaming\Mastercam
2016-07-06 08:52 - 2013-01-30 08:00 - 00000103 _____ C:\Windows\mwMSimApp.INI
2016-07-06 08:52 - 2012-04-13 16:07 - 00000000 ____D C:\Users\Antec-179\AppData\Local\CrashDumps
2016-07-06 08:41 - 2014-07-18 10:24 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-07-05 15:05 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\inf
2016-07-05 10:51 - 2012-04-14 09:27 - 00000000 ____D C:\Users\Antec-179\Desktop\email
2016-07-05 07:03 - 2015-10-13 13:32 - 00000104 _____ C:\Windows\system32\config\netlogon.ftl
2016-07-05 06:14 - 2014-12-15 14:12 - 00000000 ____D C:\ProgramData\Ad-Aware Browsing Protection
2016-07-01 18:01 - 2009-07-14 00:45 - 00032096 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-07-01 18:01 - 2009-07-14 00:45 - 00032096 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-07-01 11:26 - 2009-07-14 01:13 - 00905800 _____ C:\Windows\system32\PerfStringBackup.INI
2016-07-01 08:23 - 2015-06-01 07:23 - 00000642 _____ C:\Windows\Tasks\G2MUploadTask-S-1-5-21-3303728595-2053281234-2614305378-1000.job
2016-07-01 08:23 - 2014-06-06 11:44 - 00000546 _____ C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-3303728595-2053281234-2614305378-1000.job
2016-06-30 14:00 - 2015-10-01 06:33 - 00000012 _____ C:\Windows\SysWOW64\haspaddr.dat
2016-06-30 14:00 - 2014-07-18 10:23 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-06-30 14:00 - 2012-05-18 09:38 - 00030374 _____ C:\Windows\SysWOW64\PCPELog.txt
2016-06-30 14:00 - 2012-04-10 15:09 - 00000000 ____D C:\ProgramData\NVIDIA
2016-06-30 14:00 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-06-30 14:00 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\schemas
2016-06-30 13:56 - 2012-04-11 15:10 - 00880828 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2016-06-29 07:27 - 2014-07-18 10:23 - 00140672 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-06-29 07:27 - 2014-07-18 10:23 - 00064896 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-06-29 07:27 - 2014-07-18 10:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-06-29 07:27 - 2013-04-12 13:34 - 00027008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-06-29 06:02 - 2009-07-13 22:34 - 00452975 ____R C:\Windows\system32\Drivers\etc\hosts.20160629-081738.backup
2016-06-29 06:00 - 2013-04-12 14:48 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2016-06-28 16:57 - 2013-04-12 14:49 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2016-06-22 08:05 - 2014-09-29 06:42 - 00000000 ____D C:\Users\Antec-179\Desktop\Programming tips
2016-06-22 06:25 - 2016-05-27 05:47 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-06-22 06:24 - 2015-10-08 16:08 - 00000000 ____D C:\Program Files\Microsoft Office 15
2016-06-21 15:27 - 2014-12-02 11:17 - 00000000 ___RD C:\Users\Antec-179\Dropbox
2016-06-21 06:07 - 2014-06-13 06:23 - 00000000 ____D C:\Users\Antec-179\AppData\Local\Adobe
2016-06-21 06:06 - 2012-04-10 15:07 - 00796352 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-06-21 06:06 - 2012-04-10 15:07 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-06-20 16:28 - 2012-04-14 09:27 - 00000000 ____D C:\Users\Antec-179\Desktop\QUOTES-PO'S
2016-06-16 16:30 - 2014-12-02 11:15 - 00000000 ____D C:\Users\Antec-179\AppData\Roaming\Dropbox
2016-06-16 16:29 - 2015-10-20 13:39 - 00000000 ____D C:\Users\Antec-179\AppData\Local\Dropbox
2016-06-15 02:12 - 2015-11-18 18:14 - 00829600 _____ (COMODO) C:\Windows\system32\Drivers\cmdguard.sys
2016-06-15 02:12 - 2015-11-18 18:14 - 00031648 _____ (COMODO) C:\Windows\system32\Drivers\cmderd.sys
2016-06-15 02:12 - 2015-08-05 01:31 - 00116248 _____ (COMODO) C:\Windows\system32\Drivers\inspect.sys
2016-06-15 02:12 - 2015-08-05 01:31 - 00056472 _____ (COMODO) C:\Windows\system32\Drivers\cmdhlp.sys
2016-06-15 02:08 - 2015-09-03 12:52 - 00793104 _____ (COMODO) C:\Windows\system32\guard64.dll
2016-06-15 02:08 - 2015-09-03 12:52 - 00626288 _____ (COMODO) C:\Windows\SysWOW64\guard32.dll
2016-06-15 02:08 - 2015-08-05 01:29 - 00051800 _____ (COMODO) C:\Windows\system32\cmdcsr.dll
2016-06-15 02:04 - 2015-08-05 01:28 - 00365752 _____ (COMODO) C:\Windows\system32\cmdvrt64.dll
2016-06-15 02:02 - 2015-08-05 01:28 - 00051896 _____ (COMODO) C:\Windows\system32\cmdkbd64.dll
2016-06-15 01:58 - 2015-08-05 01:27 - 00296120 _____ (COMODO) C:\Windows\SysWOW64\cmdvrt32.dll
2016-06-15 01:56 - 2015-08-05 01:26 - 00046776 _____ (COMODO) C:\Windows\SysWOW64\cmdkbd32.dll
2016-06-13 15:36 - 2014-06-02 16:44 - 00000000 ____D C:\new website files
2016-06-10 16:31 - 2013-07-08 09:01 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-06-09 14:19 - 2012-05-25 06:17 - 00000000 ____D C:\Users\Antec-179\AppData\Local\CutePDF Writer
2016-06-06 06:22 - 2015-07-07 16:27 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
==================== Files in the root of some directories =======
2015-02-04 11:45 - 2015-02-04 11:45 - 0000121 _____ () C:\Users\Antec-179\AppData\Roaming\default.rss
2013-10-29 09:27 - 2014-02-24 07:27 - 0000177 _____ () C:\Users\Antec-179\AppData\Roaming\WB.CFG
2014-01-28 07:27 - 2014-01-28 07:27 - 0000005 _____ () C:\Users\Antec-179\AppData\Roaming\WBPU-TTL.DAT
2014-01-20 09:55 - 2014-05-13 06:14 - 0003584 _____ () C:\Users\Antec-179\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-05-30 08:43 - 2016-03-15 06:38 - 0000600 _____ () C:\Users\Antec-179\AppData\Local\PUTTY.RND
2012-04-17 16:36 - 2015-01-06 17:25 - 0007635 _____ () C:\Users\Antec-179\AppData\Local\Resmon.ResmonCfg
2016-06-30 14:01 - 2016-06-30 14:01 - 0000004 ____H () C:\ProgramData\cm-lock
Files to move or delete:
====================
C:\Users\Antec-179\.vmrc_plugin_ovftool_settings.js
C:\Users\Antec-179\en_res.dll
C:\Users\Antec-179\es_res.dll
C:\Users\Antec-179\fr_res.dll
C:\Users\Antec-179\grm_res.dll
C:\Users\Antec-179\it_res.dll
C:\Users\Antec-179\jp_res.dll
C:\Users\Antec-179\mfc80u.dll
C:\Users\Antec-179\msvcr80.dll
C:\Users\Antec-179\PCPE Setup.exe
C:\Users\Antec-179\pt_res.dll
C:\Users\Antec-179\ResourceReader.dll
C:\Users\Antec-179\ru_res.dll
C:\Users\Antec-179\zh_res.dll
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2016-06-27 00:50
==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-07-2016
Ran by Antec-179 (2016-07-06 13:37:22)
Running from C:\Users\Antec-179\Documents
Windows 7 Professional Service Pack 1 (X64) (2012-04-10 18:50:05)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-3303728595-2053281234-2614305378-500 - Administrator - Disabled)
Antec-179 (S-1-5-21-3303728595-2053281234-2614305378-1000 - Administrator - Enabled) => C:\Users\Antec-179
Guest (S-1-5-21-3303728595-2053281234-2614305378-501 - Administrator - Enabled)
___VMware_Conv_SA___ (S-1-5-21-3303728595-2053281234-2614305378-1009 - Administrator - Enabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AV: COMODO Antivirus (Enabled - Up to date) {D0CC7563-ABD2-DEBE-138E-FDD553335AF2}
AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Comodo Defense+ (Enabled - Up to date) {6BAD9487-8DE8-D130-293E-C6A728B4104F}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
FW: COMODO Firewall (Enabled) {E8F7F446-E1BD-DFE6-38D1-54E0ADE01D89}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
3D XML Player (HKLM\...\{52FDBE6F-53FE-47C5-8D49-6366555D7056}) (Version: 12.36.12304 - Dassault Systemes)
3Dconnexion 3DxWare 10 (64-bit) (HKLM-x32\...\{BAFCA6AC-8B37-405B-B57E-C1D45DE70ACC}) (Version: 10.3.0 - 3Dconnexion)
3Dconnexion 3DxWinCore (Version: 17.3.0.12346 - 3Dconnexion) Hidden
3Dconnexion Add-In for AutoCAD (Version: 5.1.0 - 3Dconnexion) Hidden
3Dconnexion Add-In for Inventor 11 - 2016 (Version: 2.1.1 - 3Dconnexion) Hidden
3Dconnexion Add-In for Solid Edge V18 - ST8 (Version: 3.3.0 - 3Dconnexion) Hidden
3Dconnexion Add-In for SOLIDWORKS 2005 - 2016 (Version: 3.3.0 - 3Dconnexion) Hidden
3Dconnexion Add-On for XSI v5.0 - 2015 (Version: 3.0.3 - 3Dconnexion) Hidden
3Dconnexion Collage (x32 Version: 1.3.0 - 3Dconnexion) Hidden
3Dconnexion Extension for SketchUp (Version: 4.2.1 - 3Dconnexion) Hidden
3Dconnexion LCD Applets for SpacePilot Pro (Version: 1.3.3 - 3Dconnexion) Hidden
3Dconnexion Plug-In for 3ds Max 2008 - 2016 (Version: 6.1.2 - 3Dconnexion) Hidden
3Dconnexion Plug-in for Acrobat 3D (x32 Version: 1.4.0 - 3Dconnexion) Hidden
3Dconnexion Plug-In for Maya v8.5 - 2016 (Version: 5.1.1 - 3Dconnexion) Hidden
3Dconnexion Plug-In for NX v4.0 - v11.0 (Version: 3.3.0 - 3Dconnexion) Hidden
3Dconnexion Plug-In for Photoshop CS3 - CS6 and CC (Version: 2.4.0 - 3Dconnexion) Hidden
3Dconnexion Plug-In for Pro/ENGINEER Wildfire 3.0 - Creo 3.0 (Version: 2.2.4 - 3Dconnexion) Hidden
3Dconnexion Trainer (x32 Version: 3.2.3 - 3Dconnexion) Hidden
3Dconnexion Viewer and Assembly Demo (x32 Version: 0.9.0.0 - 3Dconnexion) Hidden
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Acronis True Image 2014 (HKLM-x32\...\{5858B1D6-8056-471C-8A29-6A1765BBC0BE}) (Version: 17.0.4515 - Acronis)
Ad-Aware Browsing Protection (HKLM-x32\...\Ad-Aware Browsing Protection) (Version: 1.0.1.110 - Lavasoft)
Adobe Acrobat Reader DC MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AC0F074E4100}) (Version: 15.016.20045 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.4.0.2710 - Adobe Systems Incorporated)
Adobe Flash Player 12 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 12.0.0.70 - Adobe Systems Incorporated)
Adobe Flash Player 22 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 22.0.0.192 - Adobe Systems Incorporated)
Advertising Center (x32 Version: 0.0.0.2 - Nero AG) Hidden
Aladdin DiagnostiX 1.10 (HKLM-x32\...\Aladdin DiagnostiX 1.10) (Version: - )
Aladdin Monitor 1.4.2 (HKLM-x32\...\Aladdin Monitor 1.4.2) (Version: - )
Bluetooth Win7 Suite (64) (HKLM\...\{230D1595-57DA-4933-8C4E-375797EBB7E1}) (Version: 7.2.0.40 - Atheros Communications)
BOINC (HKLM\...\{AA72DFB8-BA38-49C9-B5A4-A95FD62641F8}) (Version: 7.0.28 - Space Sciences Laboratory, U.C. Berkeley)
CCleaner (HKLM\...\CCleaner) (Version: 5.19 - Piriform)
CIMCO Edit V7 (HKLM-x32\...\CIMCO Edit V7) (Version: 7.55.07 - CIMCO A/S)
Citrix Online Launcher (HKLM-x32\...\{DB014C85-A264-4BCA-A66F-6DD1FCF8EC36}) (Version: 1.0.335 - Citrix)
cncCoder (HKLM-x32\...\cncCoder_is1) (Version: 4.1 - Axis Controls Ltd)
CodeMeter Runtime Kit v4.50c (HKLM\...\{D2ABD3EE-94BD-48BB-A6C6-E4FFDA64001E}) (Version: 4.50.906.503 - WIBU-SYSTEMS AG)
COMODO Internet Security Premium (HKLM\...\{04833277-EE61-4251-9273-0CF86C0FE710}) (Version: 8.2.0.4792 - COMODO Security Solutions Inc.)
CutePDF Writer 2.8 (HKLM\...\CutePDF Writer Installation) (Version: - )
Dassault Systemes Software Prerequisites x86-x64 (HKLM\...\{CF1EB598-B424-436A-B15F-B763846BA970}) (Version: 8.1.3 - Dassault Systemes)
Dassault Systemes Software VC10 Prerequisites x86-x64 (HKLM\...\{7C534131-6431-4ECB-9069-525CB5F75CC8}) (Version: 10.1.1 - Dassault Systemes)
Dassault Systemes Software VC9 Prerequisites x86-x64 (HKLM\...\{F2F2DEA7-36AB-4E13-907C-D8BDE775EF97}) (Version: 9.1.2 - Dassault Systemes)
Dassault Systemes Software Version 5-6 Release 2012 (B22) (HKLM\...\Dassault Systemes B22_0) (Version: - )
Dropbox (HKU\S-1-5-21-3303728595-2053281234-2614305378-1000\...\Dropbox) (Version: 4.4.29 - Dropbox, Inc.)
DS License Server (HKLM\...\{A224E59D-BEA4-43CE-98A9-A08AC73C33D3}) (Version: 6.214.02470 - Dassault Systemes)
eDrawings 2015 x64 (HKLM\...\{84177FAE-7ADD-474F-92A9-0085D6AFCBDC}) (Version: 15.3.0030 - Dassault Systèmes SolidWorks Corp)
eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
Extended Asian Language font pack for Adobe Reader XI (HKLM-x32\...\{AC76BA86-7AD7-2530-0000-A00000000004}) (Version: 11.0.0 - Adobe Systems Incorporated)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 7.3.4.311 - Foxit Software Inc.)
Garmin Communicator Plugin x64 (HKLM\...\{550331CC-C34B-494F-BCDA-37CE4EF6E924}) (Version: 4.0.3 - Garmin Ltd or its subsidiaries)
Garmin Lifetime Updater (HKLM-x32\...\{9AAD03E8-4F65-4DE2-8F6C-1B079C0C8521}) (Version: 2.1.11 - Garmin)
GoToMeeting 7.20.0.5174 (HKU\S-1-5-21-3303728595-2053281234-2614305378-1000\...\GoToMeeting) (Version: 7.20.0.5174 - CitrixOnline)
GWizardE (x32 Version: 0.4.0 - CNCCookbook, Inc.) Hidden
HASP License Manager (HKLM-x32\...\HASP License Manager) (Version: - )
HaspX (HKLM\...\{32c229e8-ea25-41bd-95bd-00650b385a5f}.sdb) (Version: - )
ImagXpress (x32 Version: 7.0.74.0 - Nero AG) Hidden
InspectionXpert GDT Font Installer (HKLM-x32\...\{C8605789-934D-47B3-9CE6-AE880CBC6033}) (Version: 1.1.0.0 - InspectionXpert)
InspectionXpert OnDemand x64 (HKU\S-1-5-21-3303728595-2053281234-2614305378-1000\...\ea66fb5ec48b6827) (Version: 5.3.2.1115 - InspectionXpert OnDemand x64)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.2.1410 - Intel Corporation)
Intel(R) Network Connections 18.7.28.0 (HKLM\...\PROSetDX) (Version: 18.7.28.0 - Intel)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.5.0.1026 - Intel Corporation)
Intel® Trusted Connect Service Client (HKLM\...\{09536BA1-E498-4CC3-B834-D884A67D7E34}) (Version: 1.23.605.1 - Intel Corporation)
Intel® Watchdog Timer Driver (Intel® WDT) (HKLM-x32\...\{3FD0C489-0F02-481a-A3E1-9754CD396761}) (Version: - Intel Corporation)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.32 - Irfan Skiljan)
Java 8 Update 91 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218091F0}) (Version: 8.0.910.14 - Oracle Corporation)
K-Lite Codec Pack 7.0.0 (Standard) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 7.0.0 - )
Logitech SetPoint 6.65 (HKLM\...\sp6) (Version: 6.65.62 - Logitech)
Logitech Unifying Software 2.50 (HKLM\...\Logitech Unifying) (Version: 2.50.25 - Logitech)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
marvell 91xx driver (HKLM-x32\...\MagniDriver) (Version: 1.0.0.1045 - Marvell)
Mastercam Licensing Installer (HKLM\...\{56D9A6A3-5D54-44F6-9C26-4956B2337387}) (Version: 18.0.11898.0 - CNC Software, Inc.)
Mastercam X7 (x32 Version: 16.0.5.5 - CNC Software, Inc.) Hidden
Mastercam X7 (x32 Version: 2.00.2000 - CNC Software, Inc.) Hidden
Mastercam X9 (Arc MultiEdit AddOn) (HKLM\...\{3BA84FAD-D8A5-45ED-BE0B-B2C772678E7D}) (Version: 18.0.5.27 - CNC Software, Inc.)
Mastercam X9 (HKLM-x32\...\Mastercam X9) (Version: 18.0.11898.0 - CNC Software, Inc.)
Mastercam X9 (LevelSetsVisibility AddOn) (HKLM\...\{8624C0D9-C433-4919-846F-421A2BABB264}) (Version: 17.0.0.1 - CNC Software, Inc.)
Mastercam X9 (Pts2Arcs AddOn) (HKLM\...\{4A205CFB-E234-444A-8E3A-EA4D87700C38}) (Version: 18.0.1.1 - CNC Software, Inc.)
Mastercam X9 (ScriptLinker AddOn) (HKLM\...\{FB60C5AB-AFE7-4776-85D4-709DACDA3D2B}) (Version: 18.0.2.5 - CNC Software, Inc.)
Mastercam X9 (SortCircles AddOn) (HKLM\...\{8C118E97-89DB-4E9A-8134-D8A495471B28}) (Version: 18.0.1.4 - CNC Software, Inc.)
Mastercam X9 (Version: 18.0.18466.0 - CNC Software, Inc.) Hidden
Mastercam X9 (vHelix AddOn) (HKLM\...\{3D897DA6-26E2-409C-AA81-88CF2A1B8519}) (Version: 18.0.1.2 - CNC Software, Inc.)
Mastercam X9 (zSpiral AddOn) (HKLM\...\{F3EBA408-ECCE-43AA-A3D2-7C148CB66859}) (Version: 18.0.1.6 - CNC Software, Inc.)
Menu Templates - Pack 1 (x32 Version: 9.6.0.0 - Nero AG) Hidden
Menu Templates - Starter Kit (x32 Version: 9.6.0.0 - Nero AG) Hidden
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Help Viewer 1.0 (HKLM\...\Microsoft Help Viewer 1.0) (Version: 1.0.30319 - Microsoft Corporation)
Microsoft Help Viewer 2.0 (HKLM-x32\...\Microsoft Help Viewer 2.0) (Version: 2.0.50727 - Microsoft Corporation)
Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 15.0.4833.1001 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft Sync Framework Runtime v1.0 SP1 (x64) (HKLM\...\{8438EC02-B8A9-462D-AC72-1B521349C001}) (Version: 1.0.3010.0 - Microsoft Corporation)
Microsoft Sync Framework SDK v1.0 SP1 (HKLM-x32\...\{0E3DFC64-CC49-4BE2-8C9C-58EF129675DB}) (Version: 1.0.3010.0 - Microsoft Corporation)
Microsoft Sync Framework Services v1.0 SP1 (x64) (HKLM\...\{034106B5-54B7-467F-B477-5B7DBB492624}) (Version: 1.0.3010.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual F# 2.0 Runtime (HKLM-x32\...\{729A3000-BC8A-3B74-BA5D-5068FE12D70C}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual J# 2.0 Redistributable Package - SE (x64) (HKLM\...\Microsoft Visual J# 2.0 Redistributable Package - SE (x64)) (Version: - Microsoft Corporation)
Movie Templates - Starter Kit (x32 Version: 9.6.0.0 - Nero AG) Hidden
Mozilla Firefox 47.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 47.0 (x86 en-US)) (Version: 47.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 47.0.0.5999 - Mozilla)
Mozilla Thunderbird 31.2.0 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 31.2.0 (x86 en-US)) (Version: 31.2.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Nero 9 Essentials (HKLM-x32\...\{0e8d6e9b-e4f1-4881-9d4b-e471e2e10310}) (Version: - Nero AG)
NOVO-Kennametal (HKLM-x32\...\NOVO-Kennametal) (Version: 2.3.1.120 - Machining Cloud GmbH)
NOVO-Kennametal (x32 Version: 2.3.1.120 - Machining Cloud GmbH) Hidden
NVIDIA 3D Vision Controller Driver 352.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 352.65 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 353.62 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 353.62 - NVIDIA Corporation)
NVIDIA Graphics Driver 353.62 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 353.62 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.3 - NVIDIA Corporation)
NVIDIA nView 146.33 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView) (Version: 146.33 - NVIDIA Corporation)
NVIDIA WMI 2.22.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVWMI) (Version: 2.22.0 - NVIDIA Corporation)
Office 15 Click-to-Run Extensibility Component (Version: 15.0.4833.1001 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4833.1001 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (Version: 15.0.4833.1001 - Microsoft Corporation) Hidden
OpenOffice 4.1.1 (HKLM-x32\...\{9395F41D-0F80-432E-9A59-B8E477E7E163}) (Version: 4.11.9775 - Apache Software Foundation)
PowerChute Personal Edition 3.0.2 (HKLM-x32\...\{8ED262EE-FC73-47A9-BB86-D92223246881}) (Version: 3.0.2 - Schneider Electric)
Prerequisites for SSDT (HKLM-x32\...\{9169C939-ED01-446A-BD0C-29873BAF4E48}) (Version: 11.0.2100.60 - Microsoft Corporation)
PuTTY release 0.64 (HKLM-x32\...\PuTTY_is1) (Version: 0.64 - Simon Tatham)
RealDownloader (x32 Version: 18.0.1.10 - RealNetworks, Inc.) Hidden
RealDownloader (x32 Version: 18.0.1.9 - RealNetworks) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden
Realtek Ethernet Controller Driver For Windows 7 (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.21.531.2010 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6235 - Realtek Semiconductor Corp.)
RealTimes (RealPlayer) (HKLM-x32\...\RealPlayer 18.0) (Version: 18.0.1 - RealNetworks)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
Recuva (HKLM\...\Recuva) (Version: 1.43 - Piriform)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.32.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.32.0 - Renesas Electronics Corporation) Hidden
SDFormatter (HKLM-x32\...\{179324FF-7B16-4BA8-9836-055CAAEE4F08}) (Version: 4.0.0 - SD Association)
Sentinel Runtime (HKLM-x32\...\{2A414CBE-CDF3-48C6-A91B-D3D4522F8EB5}) (Version: 6.60.1.36770 - SafeNet Inc.)
SolidWorks eDrawings 2013 x64 (HKLM\...\{E59710B0-0A5A-4956-8496-D7EE0532D4A9}) (Version: 13.3.111 - Dassault Systèmes SolidWorks Corp)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
TurboCAD Professional 15 (HKLM-x32\...\{2BC3CCC0-1149-424F-AF73-4D0C5C053033}) (Version: 15.1 - IMSIDesign)
Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb)
Update for (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)
UpdateService (x32 Version: 1.0.0 - RealNetworks, Inc.) Hidden
USB Disk Storage Format Tool 5.1 (HKLM\...\USB Disk Storage Format Tool_is1) (Version: - Authorsoft Corporation)
VBA (3821b) (x32 Version: 6.01.00.1234 - Microsoft Corporation) Hidden
VC_CRT_x64 (Version: 1.02.0000 - Intel Corporation) Hidden
Video Downloader (x32 Version: 1.0.0 - RealNetworks) Hidden
VMware Client Integration Plug-in 5.1.0 (HKLM-x32\...\{17B9AB5C-356D-4B28-BEB9-A15AF12C36F0}) (Version: 5.1.0.2968519 - VMware, Inc.)
VMware vCenter Converter Standalone (HKLM-x32\...\{17C3235A-A4B9-44ED-8794-54D8408F9733}) (Version: 5.1.0.1087880 - VMware, Inc.)
VMware vSphere Client 5.0 (HKLM-x32\...\{04805AB6-F757-496A-8D56-37A0FC5FF6F3}) (Version: 5.0.0.44739 - VMware, Inc.)
VMware vSphere Client 5.1 (HKLM-x32\...\{09DC364B-A77A-49A0-972B-E43F0DACC5E3}) (Version: 5.1.0.6443 - VMware, Inc.)
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
Zip Extractor Packages (HKU\S-1-5-21-3303728595-2053281234-2614305378-1000\...\Zip Extractor Packages) (Version: - ) <==== ATTENTION
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-3303728595-2053281234-2614305378-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Antec-179\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3303728595-2053281234-2614305378-1000_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Program Files (x86)\Citrix\GoToMeeting\1350\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-3303728595-2053281234-2614305378-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Antec-179\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3303728595-2053281234-2614305378-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Antec-179\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3303728595-2053281234-2614305378-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Antec-179\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3303728595-2053281234-2614305378-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Antec-179\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3303728595-2053281234-2614305378-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Antec-179\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3303728595-2053281234-2614305378-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Antec-179\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3303728595-2053281234-2614305378-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Antec-179\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3303728595-2053281234-2614305378-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Antec-179\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3303728595-2053281234-2614305378-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Antec-179\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3303728595-2053281234-2614305378-1000_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\Antec-179\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {1D1028CD-8825-41E7-A8DF-5B3219DD76BB} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => c:\Program Files\Microsoft IntelliPoint\IPoint.exe
Task: {1E4BA4DD-AE08-4AB9-91C4-76EB68716404} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-06-22] (Microsoft Corporation)
Task: {1F72E2A6-2CCA-436B-A693-525FA0AB60DC} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2016-05-27] (Microsoft Corporation)
Task: {4FAB8542-E4F9-41B0-A22D-1EAABBE85DB6} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2016-06-28] (Safer-Networking Ltd.)
Task: {52F552CB-706A-4A2D-B5BB-BB70C604A49A} - System32\Tasks\G2MUpdateTask-S-1-5-21-3303728595-2053281234-2614305378-1000 => C:\Program Files (x86)\Citrix\GoToMeeting\1440\g2mupdate.exe [2014-06-16] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {5A23D24F-0DA5-4F50-BCD8-6AC5AF078470} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2016-06-28] (Safer-Networking Ltd.)
Task: {626609C7-53BA-4187-A588-D582EF1BD0DA} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-06-22] (Microsoft Corporation)
Task: {6B1F246C-F2C0-46D1-98CF-30447B07FAA4} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2016-06-28] (Safer-Networking Ltd.)
Task: {713F67E6-E86E-4DCD-BDA2-D8EFFBD13401} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-3303728595-2053281234-2614305378-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe [2015-07-06] (RealNetworks, Inc.)
Task: {738FD452-3659-44F7-9BEE-7634A0207B66} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx64\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2016-05-27] (Microsoft Corporation)
Task: {83C72957-0E7B-494B-910B-0C4EC57E02FF} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3303728595-2053281234-2614305378-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2015-07-06] (RealNetworks, Inc.)
Task: {8E43596F-6CA7-40C6-96F5-2283BDEABCD7} - System32\Tasks\3DconnexionCreateProcess_3DxService.exe => C:\Program Files\3Dconnexion\3DxWare\3DxWinCore64\3DxService.exe [2015-12-10] (3Dconnexion, INC)
Task: {9D93756F-BADF-4D08-81DF-89EDED6027A6} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-06-29] (Piriform Ltd)
Task: {A8067182-96C8-48CB-B422-5E9CC8C51AF7} - System32\Tasks\COMODO\COMODO Scan {F140D794-60B6-4F00-9235-D6457AA25B22} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2016-06-16] (COMODO)
Task: {A933E935-7FDD-4B67-A8F5-35BD961F8874} - System32\Tasks\RealDownloader Update Check => C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe [2015-07-06] ()
Task: {ABC220CE-A0C6-449C-9EBC-3BF64DEB9CB0} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-3303728595-2053281234-2614305378-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2015-07-06] (RealNetworks, Inc.)
Task: {ACBFA9C1-38E3-4F24-A461-3B9992CAF0D4} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-05-11] (Adobe Systems Incorporated)
Task: {B9589194-DD6A-42CB-9404-159E6B0C758A} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2016-06-16] (COMODO)
Task: {D7573B29-4D2E-4CBD-AFEF-E3486BA5EE87} - System32\Tasks\COMODO\COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2016-06-16] (COMODO)
Task: {E64ECC22-6B54-4EFA-8FA3-13B3B7D36181} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2016-06-16] (COMODO)
Task: {F7ABAB27-5CA5-4FB8-99B6-6510EAE30B0F} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2016-05-27] (Microsoft Corporation)
Task: {FC0B6857-65B0-4874-9FA5-E0291486805E} - System32\Tasks\COMODO\COMODO Cache Builder {0FB77674-7905-4F34-A362-C5A9A26F8CF9} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2016-06-16] (COMODO)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3303728595-2053281234-2614305378-1000Core.job => C:\Users\Antec-179\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-3303728595-2053281234-2614305378-1000.job => C:\Program Files (x86)\Citrix\GoToMeeting\5174\g2mupdate.exe
Task: C:\Windows\Tasks\G2MUploadTask-S-1-5-21-3303728595-2053281234-2614305378-1000.job => C:\Program Files (x86)\Citrix\GoToMeeting\5174\g2mupload.exe
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2015-08-05 11:41 - 2015-07-23 00:06 - 03165000 _____ () C:\Windows\system32\nvwmi64.exe
2012-05-25 06:16 - 2012-03-11 14:56 - 00086608 _____ () C:\Windows\System32\cpwmon64.dll
2013-10-23 11:15 - 2010-11-03 17:30 - 00918144 ____N () C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe
2013-10-23 11:15 - 2010-12-02 10:15 - 00915584 _____ () C:\Program Files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe
2013-10-23 11:15 - 2010-10-21 17:52 - 00586880 _____ () C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe
2015-10-08 16:08 - 2016-04-19 19:26 - 00114888 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2015-06-17 03:25 - 2015-07-06 05:52 - 00031856 _____ () C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
2015-08-05 11:41 - 2015-07-22 21:31 - 00116368 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-01-08 23:02 - 2016-03-16 06:25 - 00073912 _____ () C:\Program Files\COMODO\COMODO Internet Security\scanners\smart.cav
2015-11-02 08:23 - 2015-09-01 12:04 - 08901184 _____ () C:\Program Files\Microsoft Office 15\root\Office15\1033\GrooveIntlResource.dll
2015-08-05 11:41 - 2015-07-23 00:06 - 02441360 _____ () C:\Program Files\NVIDIA Corporation\nview\nview64.dll
2010-07-15 00:44 - 2010-07-15 00:44 - 00020032 _____ () C:\Program Files\Unlocker\UnlockerCOM.dll
2013-10-01 11:26 - 2013-10-01 11:26 - 02810968 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll
2015-12-10 19:24 - 2015-12-10 19:24 - 00038912 _____ () C:\Windows\system32\SPWINI.dll
2015-12-11 02:46 - 2015-12-11 02:46 - 00600064 _____ () C:\Program Files\mcamX9\UICtrls.dll
2015-05-15 08:57 - 2015-05-15 08:57 - 00332800 _____ () C:\Program Files\mcamX9\glew64.dll
2015-05-15 11:18 - 2015-05-15 11:18 - 00331776 _____ () C:\Program Files\mcamX9\interfacial14.dll
2015-12-11 04:21 - 2015-12-11 04:21 - 79611392 _____ () C:\Program Files\mcamX9\CHOOKS\5AXMSURF.DLL
2015-05-15 11:18 - 2015-05-15 11:18 - 02606592 _____ () C:\Program Files\mcamX9\RESOURCES\5AXUI_RES.DLL
2015-05-15 09:02 - 2015-05-15 09:02 - 13650944 _____ () C:\Program Files\mcamX9\mwsimutil.dll
2015-05-15 09:02 - 2015-05-15 09:02 - 02975232 _____ () C:\Program Files\mcamX9\MultiXPost.dll
2015-12-11 04:21 - 2015-12-11 04:21 - 23245824 _____ () C:\Program Files\mcamX9\CHOOKS\MACHSIM.DLL
2015-12-11 04:21 - 2015-12-11 04:21 - 07638016 _____ () C:\Program Files\mcamX9\MXPUI.dll
2015-12-11 04:21 - 2015-12-11 04:21 - 32381952 _____ () C:\Program Files\mcamX9\mwMSimApp.dll
2015-12-11 04:20 - 2015-12-11 04:20 - 01330688 _____ () C:\Program Files\mcamX9\mwCustomStreamService.dll
2015-05-15 08:58 - 2015-05-15 08:58 - 02486784 _____ () C:\Program Files\mcamX9\NLib.dll
2015-05-18 17:27 - 2015-05-18 17:27 - 00087552 _____ () C:\Program Files\mcamX9\CHOOKS\SORTCIRCLES.DLL
2015-05-18 17:27 - 2015-05-18 17:27 - 00031744 _____ () C:\Program Files\mcamX9\Resources\SortCirclesRes.dll
2015-12-11 04:21 - 2015-12-11 04:21 - 02903040 _____ () C:\Program Files\mcamX9\mwUbvsProxy.dll
2015-12-11 04:20 - 2015-12-11 04:20 - 20108288 _____ () C:\Program Files\mcamX9\mwSimStreamManager.dll
2015-12-11 04:20 - 2015-12-11 04:20 - 24689152 _____ () C:\Program Files\mcamX9\mwMSimDefGUI.dll
2015-05-15 11:18 - 2015-05-15 11:18 - 00057856 _____ () C:\Program Files\mcamX9\Resources\5axmsurf_res.dll
2015-05-15 11:18 - 2015-05-15 11:18 - 05112832 _____ () C:\Program Files\mcamX9\Resources\mwMachSim_res.dll
2015-12-11 04:21 - 2015-12-11 04:21 - 13470720 _____ () C:\Program Files\mcamX9\mwVerifier.dll
2015-12-11 04:21 - 2015-12-11 04:21 - 01744896 _____ () C:\Program Files\mcamX9\mwVerifierGUI.dll
2015-05-15 11:18 - 2015-05-15 11:18 - 00015360 _____ () C:\Program Files\mcamX9\Resources\mwVerifierGUI_res.dll
2015-05-15 08:57 - 2015-05-15 08:57 - 00332800 _____ () C:\Program Files\mcamX9\EXTENSIONS\glew64.dll
2016-06-30 14:40 - 2016-06-30 14:40 - 00048640 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_64\Trackerbird.Tracker\08fce3efdb4855cfee03c4760afd744e\Trackerbird.Tracker.ni.dll
2013-10-23 11:15 - 2016-06-30 14:00 - 00023040 _____ () C:\Program Files (x86)\ASUS\AXSP\1.00.13\PEbiosinterface32.dll
2013-10-23 11:15 - 2010-06-29 10:58 - 00104448 ____N () C:\Program Files (x86)\ASUS\AXSP\1.00.13\ATKEX.dll
2015-06-17 03:24 - 2015-06-17 03:24 - 00035976 _____ () C:\Program Files (x86)\Real\UpdateService\DL2UpdatePlugin.dll
2015-06-17 03:24 - 2015-06-17 03:24 - 00039560 _____ () C:\Program Files (x86)\Real\UpdateService\RealDownloaderUpdatePlugin.dll
2015-06-17 03:24 - 2015-06-17 03:24 - 00037528 _____ () C:\Program Files (x86)\Real\UpdateService\VideoDLUpdatePlugin.dll
2016-06-28 16:57 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2016-06-28 16:57 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2016-06-28 16:57 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2016-06-28 16:57 - 2016-06-28 16:57 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2016-06-28 16:57 - 2016-06-28 16:57 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2015-06-03 10:41 - 2015-06-03 10:41 - 00172544 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\caaa0003d6df6f1e5791726812a4e66d\IsdiInterop.ni.dll
2013-10-23 11:18 - 2011-04-30 00:28 - 00059904 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2013-11-22 14:03 - 2013-11-22 14:03 - 00028024 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\thread_pool.dll
2013-11-22 14:06 - 2013-11-22 14:06 - 00420160 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\ulxmlrpcpp.dll
2015-08-05 11:41 - 2015-07-23 00:06 - 02000200 _____ () C:\Program Files\NVIDIA Corporation\nview\nview.dll
2013-11-22 14:03 - 2013-11-22 14:03 - 00036672 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\qt_icontray_ex.dll
2014-11-10 13:51 - 2014-11-10 13:51 - 03339376 _____ () C:\Program Files (x86)\Mozilla Thunderbird\mozjs.dll
2014-11-10 13:51 - 2014-11-10 13:51 - 00158832 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAP32V60.dll
2014-11-10 13:51 - 2014-11-10 13:51 - 00023152 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAPPR32V60.dll
2015-11-02 08:23 - 2015-09-01 08:25 - 08901184 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2014-12-01 14:02 - 2015-06-02 08:58 - 00082272 _____ () C:\CIMCO\CIMCOEdit7\DLL\Localization.dll
2014-12-01 14:02 - 2015-06-02 08:58 - 00987136 _____ () C:\CIMCO\CIMCOEdit7\libxml2.dll
2014-12-01 14:02 - 2015-06-02 08:58 - 00077824 _____ () C:\CIMCO\CIMCOEdit7\zlib1.dll
2014-12-01 14:02 - 2015-06-02 08:58 - 00700768 _____ () C:\CIMCO\CIMCOEdit7\DLL\CycleMacro.DLL
2014-12-01 14:02 - 2015-06-02 08:58 - 02621792 _____ () C:\CIMCO\CIMCOEdit7\DLL\InspectDll.DLL
2014-12-01 14:02 - 2015-06-02 08:58 - 00233824 _____ () C:\CIMCO\CIMCOEdit7\dll\ncfilter_fanuc.dll
2016-06-21 06:06 - 2016-06-21 06:06 - 19455168 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_192.dll
2015-09-15 05:00 - 2015-09-15 05:00 - 00032472 _____ () C:\Program Files (x86)\VMware\Infrastructure\Virtual Infrastructure Client\5.1\VpxClient.SSPI.dll
2012-07-18 13:00 - 2012-07-18 13:00 - 00022168 _____ () C:\Program Files (x86)\VMware\Infrastructure\Virtual Infrastructure Client\5.1\AxInterop.VMwareRemoteConsoleTypeLib.dll
2012-07-13 18:33 - 2012-07-13 18:33 - 01222656 ____R () C:\Program Files (x86)\Common Files\VMware\VMware Remote Console Plug-in 5.1\Internet Explorer\libxml2.dll
2012-07-13 18:33 - 2012-07-13 18:33 - 00637952 ____R () C:\Program Files (x86)\Common Files\VMware\VMware Remote Console Plug-in 5.1\Internet Explorer\glibmm-2.4.dll
2012-07-13 18:33 - 2012-07-13 18:33 - 00322560 ____R () C:\Program Files (x86)\Common Files\VMware\VMware Remote Console Plug-in 5.1\Internet Explorer\libcurl.dll
2012-07-13 18:33 - 2012-07-13 18:33 - 00310784 ____R () C:\Program Files (x86)\Common Files\VMware\VMware Remote Console Plug-in 5.1\Internet Explorer\libldap_r.dll
2012-07-13 18:33 - 2012-07-13 18:33 - 00137728 ____R () C:\Program Files (x86)\Common Files\VMware\VMware Remote Console Plug-in 5.1\Internet Explorer\liblber.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\Windows:nlsPreferences [386]
AlternateDataStreams: C:\Windows\RtlExUpd.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\Setup1.exe:$CmdTcID [130]
AlternateDataStreams: C:\Windows\ST6UNST.EXE:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\AERTAC64.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\AERTAR64.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\akshhl31.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\akshhl32.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\akshsp52.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\aksllmtp.exe:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\aksusb4.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\DTSBassEnhancementDLL64.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\DTSBoostDLL64.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\DTSGainCompensatorDLL64.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\DTSGFXAPO64.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\DTSGFXAPONS64.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\DTSLFXAPO64.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\DTSLimiterDLL64.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\DTSNeoPCDLL64.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\DTSS2HeadphoneDLL64.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\DTSS2SpeakerDLL64.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\DTSSymmetryDLL64.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\DTSVoiceClarityDLL64.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\FMAPO64.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\hasplms.exe:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\MaxxAudioAPO20.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\MaxxAudioAPO30.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\MaxxAudioEQ.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\MaxxAudioRealtek.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\MaxxVolumeSDAPO.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\MRT.exe:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\poqexec.exe:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\R4EEA64A.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\R4EED64A.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\R4EEG64A.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\R4EEL64A.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\R4EEP64A.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\RCoInst64.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\RP3DAA64.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\RP3DHT64.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\RTCOM64.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\RTEED64A.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\RTEEG64A.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\RTEEL64A.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\RTEEP64A.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\RtkApi64.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\RtkCfg64.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\RtlCPAPI64.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\RtPgEx64.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\RTSnMg64.cpl:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\sdnclean64.exe:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\SFAPO64.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\SFCOM64.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\SFNHK64.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\SFSS_APO.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\SRSHP64.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\SRSTSH64.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\SRSTSX64.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\SRSWOW64.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\WavesGUILib.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\FlashPlayerApp.exe:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\HLS32SVC.EXE:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\MBI.OCX:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\MSCOMM32.OCX:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\MSJET35.DLL:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\MSJINT35.DLL:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\MSJTER35.DLL:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\MSRD2X35.DLL:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\MSREPL35.DLL:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\nhsrvice.exe:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\poqexec.exe:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\SFCOM.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\TABCTL32.OCX:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\UNWISE.EXE:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\VB5DB.DLL:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\vcomp100.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\Drivers\3dxhid.sys:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\Drivers\3dxkmj.sys:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\Drivers\3dxshim.sys:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\Drivers\afcdp.sys:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\Drivers\aksclass.sys:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\Drivers\aksdf.sys:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\Drivers\akshasp.sys:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\Drivers\akshhl.sys:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\Drivers\aksusb.sys:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\Drivers\fltsrv.sys:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\Drivers\hardlock.sys:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\Drivers\mbam.sys:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\Drivers\mbamchameleon.sys:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\Drivers\mwac.sys:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\Drivers\RTKVHD64.sys:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\Drivers\snapman.sys:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\Drivers\tdrpman.sys:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\Drivers\tib.sys:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\Drivers\tib_mounter.sys:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\Drivers\usbser.sys:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\Drivers\vididr.sys:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\Drivers\vidsflt.sys:$CmdTcID [130]
AlternateDataStreams: C:\Users\Antec-179\Desktop\13332980_1165453150164082_4473727524324176454_n.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Antec-179\Desktop\3D printer test cube hollow_cube.stl:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\Antec-179\Desktop\AddressTransfertoMyUPS.dat:$CmdTcID [130]
AlternateDataStreams: C:\Users\Antec-179\Desktop\AddressTransfertoMyUPS.dat:$CmdZnID [26]
AlternateDataStreams: C:\Users\Antec-179\Desktop\BBPrecise.xlsx:$CmdTcID [130]
AlternateDataStreams: C:\Users\Antec-179\Desktop\dsrfix.zip:$CmdTcID [130]
AlternateDataStreams: C:\Users\Antec-179\Desktop\dsrfix.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\Antec-179\Desktop\GCode_Print_Simulator.zip:$CmdTcID [130]
AlternateDataStreams: C:\Users\Antec-179\Desktop\GCode_Print_Simulator.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\Antec-179\Desktop\gpovault.msi:$CmdZnID [26]
AlternateDataStreams: C:\Users\Antec-179\Desktop\MANUALS1.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\Antec-179\Desktop\SL-300 TEO12072 instruction manual.pdf:$CmdTcID [130]
AlternateDataStreams: C:\Users\Antec-179\Desktop\SL-300 TEO12072 instruction manual.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Antec-179\Downloads\9200.16384.WIN8_RTM.120725-1247_X64FRE_SERVER_EVAL_EN-US-HRM_SSS_X64FREE_EN-US_DV5.ISO:$CmdTcID [130]
AlternateDataStreams: C:\Users\Antec-179\Downloads\9200.16384.WIN8_RTM.120725-1247_X64FRE_SERVER_EVAL_EN-US-HRM_SSS_X64FREE_EN-US_DV5.ISO:$CmdZnID [26]
AlternateDataStreams: C:\Users\Antec-179\Downloads\acronis true image.exe:$CmdTcID [130]
AlternateDataStreams: C:\Users\Antec-179\Downloads\acronis true image.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Antec-179\Downloads\Androscoggin.zip:$CmdTcID [130]
AlternateDataStreams: C:\Users\Antec-179\Downloads\Androscoggin.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\Antec-179\Downloads\aswMBR.exe:$CmdTcID [130]
AlternateDataStreams: C:\Users\Antec-179\Downloads\aswMBR.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Antec-179\Downloads\avast_business_antivirus_setup_online.exe:$CmdTcID [130]
AlternateDataStreams: C:\Users\Antec-179\Downloads\avast_business_antivirus_setup_online.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Antec-179\Downloads\ccsetup510.exe:$CmdTcID [130]
AlternateDataStreams: C:\Users\Antec-179\Downloads\ccsetup510.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Antec-179\Downloads\ccsetup519.exe:$CmdTcID [130]
AlternateDataStreams: C:\Users\Antec-179\Downloads\ccsetup519.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Antec-179\Downloads\diagnostix.zip:$CmdTcID [130]
AlternateDataStreams: C:\Users\Antec-179\Downloads\diagnostix.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\Antec-179\Downloads\eDrawingsAllX64.exe:$CmdTcID [130]
AlternateDataStreams: C:\Users\Antec-179\Downloads\eDrawingsAllX64.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Antec-179\Downloads\fapt-ladder.zip:$CmdTcID [130]
AlternateDataStreams: C:\Users\Antec-179\Downloads\fapt-ladder.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\Antec-179\Downloads\FAPT_LADDER_V06.1.rar:$CmdTcID [130]
AlternateDataStreams: C:\Users\Antec-179\Downloads\FAPT_LADDER_V06.1.rar:$CmdZnID [26]
AlternateDataStreams: C:\Users\Antec-179\Downloads\importexporttools-3.2.4-sm+tb.xpi:$CmdTcID [130]
AlternateDataStreams: C:\Users\Antec-179\Downloads\importexporttools-3.2.4-sm+tb.xpi:$CmdZnID [26]
AlternateDataStreams: C:\Users\Antec-179\Downloads\InCDReader-5.9.4.0.exe:$CmdTcID [130]
AlternateDataStreams: C:\Users\Antec-179\Downloads\InCDReader-5.9.4.0.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Antec-179\Downloads\InplotSetup.exe:$CmdTcID [130]
AlternateDataStreams: C:\Users\Antec-179\Downloads\InplotSetup.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Antec-179\Downloads\InspectionXpert for PDF 4.0.3.20 x86 English 1404011112.man:$CmdTcID [130]
AlternateDataStreams: C:\Users\Antec-179\Downloads\IXOnDemand.application:$CmdTcID [130]
AlternateDataStreams: C:\Users\Antec-179\Downloads\IXOnDemand.application:$CmdZnID [26]
AlternateDataStreams: C:\Users\Antec-179\Downloads\jxpiinstall.exe:$CmdTcID [130]
AlternateDataStreams: C:\Users\Antec-179\Downloads\jxpiinstall.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Antec-179\Downloads\LTspiceIV.exe:$CmdTcID [130]
AlternateDataStreams: C:\Users\Antec-179\Downloads\LTspiceIV.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Antec-179\Downloads\MBRSAVER.COM:$CmdTcID [130]
AlternateDataStreams: C:\Users\Antec-179\Downloads\NCPlot_v232.exe:$CmdTcID [130]
AlternateDataStreams: C:\Users\Antec-179\Downloads\NCPlot_v232.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Antec-179\Downloads\NCPlot_v233.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Antec-179\Downloads\NOVO-Kennametal_2.3.1.120_Production_Setup.msi:$CmdTcID [130]
AlternateDataStreams: C:\Users\Antec-179\Downloads\NOVO-Kennametal_2.3.1.120_Production_Setup.msi:$CmdZnID [26]
AlternateDataStreams: C:\Users\Antec-179\Downloads\putty-0.64-installer.exe:$CmdTcID [130]
AlternateDataStreams: C:\Users\Antec-179\Downloads\putty-0.64-installer.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Antec-179\Downloads\SErase.exe:$CmdTcID [130]
AlternateDataStreams: C:\Users\Antec-179\Downloads\setup-network-utilities.exe:$CmdTcID [130]
AlternateDataStreams: C:\Users\Antec-179\Downloads\setup-network-utilities.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Antec-179\Downloads\Setup.X64.en-us_O365ProPlusRetail_1ae3c758-7f61-4e51-a64d-0839f346c18d_TX_PR_.exe:$CmdTcID [130]
AlternateDataStreams: C:\Users\Antec-179\Downloads\Setup.X64.en-us_O365ProPlusRetail_1ae3c758-7f61-4e51-a64d-0839f346c18d_TX_PR_.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Antec-179\Downloads\spybot-2.4.exe:$CmdTcID [130]
AlternateDataStreams: C:\Users\Antec-179\Downloads\spybot-2.4.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Antec-179\Downloads\tornoscnceditorsetup.exe:$CmdTcID [130]
AlternateDataStreams: C:\Users\Antec-179\Downloads\tornoscnceditorsetup.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Antec-179\Downloads\uTorrent.exe:$CmdTcID [130]
AlternateDataStreams: C:\Users\Antec-179\Downloads\uTorrent.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Antec-179\Downloads\WS17_0_21_0_ENU.exe:$CmdTcID [130]
AlternateDataStreams: C:\Users\Antec-179\Downloads\WS17_0_21_0_ENU.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Antec-179\Documents\Farbar Recovery Scan Tool.exe:$CmdTcID [130]
AlternateDataStreams: C:\Users\Antec-179\Documents\Farbar Recovery Scan Tool.exe:$CmdZnID [26]
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com
There are 7907 more sites.
IE trusted site: HKU\S-1-5-21-3303728595-2053281234-2614305378-1000\...\sharepoint.com -> hxxps://bbprecise.sharepoint.com
IE restricted site: HKU\S-1-5-21-3303728595-2053281234-2614305378-1000\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-3303728595-2053281234-2614305378-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-3303728595-2053281234-2614305378-1000\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-3303728595-2053281234-2614305378-1000\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-3303728595-2053281234-2614305378-1000\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-3303728595-2053281234-2614305378-1000\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-3303728595-2053281234-2614305378-1000\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-3303728595-2053281234-2614305378-1000\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-3303728595-2053281234-2614305378-1000\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-3303728595-2053281234-2614305378-1000\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-3303728595-2053281234-2614305378-1000\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-3303728595-2053281234-2614305378-1000\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-3303728595-2053281234-2614305378-1000\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-3303728595-2053281234-2614305378-1000\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-3303728595-2053281234-2614305378-1000\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-3303728595-2053281234-2614305378-1000\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-3303728595-2053281234-2614305378-1000\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-3303728595-2053281234-2614305378-1000\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-3303728595-2053281234-2614305378-1000\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-3303728595-2053281234-2614305378-1000\...\123simsen.com -> www.123simsen.com
There are 7907 more sites.
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-13 22:34 - 2016-06-29 08:17 - 00452975 ____R C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123moviedownload.com
127.0.0.1 www.123moviedownload.com
There are 15540 more lines.
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-3303728595-2053281234-2614305378-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Antec-179\Desktop\Personal\rsz_nashftball.jpg
DNS Servers: 192.168.1.23 - 24.92.226.12
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 0) (EnableLUA: 0)
mpsdrv => Firewall Service is not running.
MpsSvc => Firewall Service is not running.
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
MSCONFIG\Services: vmware-converter-agent => 2
MSCONFIG\Services: vmware-converter-server => 2
MSCONFIG\Services: vmware-converter-worker => 2
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: Dropbox Update => "C:\Users\Antec-179\AppData\Local\Dropbox\Update\DropboxUpdate.exe" /c
MSCONFIG\startupreg: nwiz => C:\Program Files\NVIDIA Corporation\nview\nwiz.exe /installquiet
MSCONFIG\startupreg: TkBellExe => "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{7749D332-C928-4444-8098-DE57A3BCBF9B}] => (Allow) LPort=9089
FirewallRules: [{9B033970-E1AB-422A-87E1-3C09DE6DD5A6}] => (Allow) LPort=3395
FirewallRules: [{1F0D189E-E20F-4961-A489-2C2EC78AEA92}] => (Allow) C:\CIMCO\CIMCOEdit7\CIMCOEdit.exe
FirewallRules: [{E0CBBF73-31CF-4C8B-BA9E-20E7BC1601FC}] => (Allow) C:\CIMCO\CIMCOEdit7\CIMCOEdit.exe
FirewallRules: [{CB37E634-4BD8-4A2D-8800-D459DA0666EE}] => (Allow) C:\Windows\system32\hasplms.exe
FirewallRules: [{F5C8EA35-206D-4705-A04F-5D693E417AFC}] => (Allow) C:\Windows\system32\hasplms.exe
FirewallRules: [{9B5AE0D4-5BBD-41C3-8D5A-6EA39036E3F2}] => (Allow) C:\Windows\system32\hasplms.exe
FirewallRules: [{39102ABE-D087-40B5-9D1D-7572A40A7871}] => (Allow) C:\Windows\system32\hasplms.exe
FirewallRules: [{7BFC2BC1-879C-461A-A204-C72E47D63988}] => (Allow) C:\Windows\system32\hasplms.exe
FirewallRules: [{41DB6149-AA5F-4D46-B90F-394A0DBABD92}] => (Allow) C:\Windows\system32\hasplms.exe
FirewallRules: [{F03936F6-5BA6-4A7E-83FA-49EB087D1DCA}] => (Allow) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe
FirewallRules: [{3D58D475-1B2B-4B27-B2D8-56354B1AA014}] => (Allow) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe
FirewallRules: [{7CC536DE-C8B6-4FFF-8D6D-EE1C6CC5A5A7}] => (Allow) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe
FirewallRules: [{1BB73F1C-53EA-42B3-8263-C4BA15CA52E6}] => (Allow) C:\Windows\system32\hasplms.exe
FirewallRules: [{9806D8E0-41FF-4DDC-A26A-BE203D845B2C}] => (Allow) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe
FirewallRules: [{608A024D-2001-44D7-B770-2B36BC4D6759}] => (Allow) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe
FirewallRules: [{061DAD20-E1F4-46E5-BC50-E94BA4C4C748}] => (Allow) C:\Windows\system32\hasplms.exe
FirewallRules: [{DCADD1A1-CFEE-49A3-9E22-A6F2092ECF83}] => (Allow) C:\Windows\system32\hasplms.exe
FirewallRules: [{74FDA5C9-7548-4C8A-8641-E474E9EC225E}] => (Allow) C:\Users\Antec-179\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{9EEF2EF1-59E6-4E50-9FE0-4180DD5A296E}] => (Allow) C:\Users\Antec-179\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{F859C70C-604C-4A0B-8CC7-76C159B67572}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{0133C8A3-AB4B-443D-87A0-EAFBA10B942D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{A354DF0D-E1E3-4F63-B6CA-6F4627234439}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
FirewallRules: [{CC37E4CB-5FA3-46CD-9D82-07DF67FE73F8}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
FirewallRules: [{C4C999CB-AEC9-48F9-9972-EE45A9C976ED}] => (Allow) C:\Windows\system32\hasplms.exe
FirewallRules: [{3391BB63-2133-4D21-8794-FD147B8823EA}] => (Allow) C:\Windows\system32\hasplms.exe
FirewallRules: [{C80B1F70-6D29-488E-8FCF-0F15FF704BDF}] => (Allow) C:\Windows\system32\hasplms.exe
FirewallRules: [{30BBC01A-5B3A-49B8-A577-21386ADE799E}] => (Allow) C:\Windows\system32\hasplms.exe
FirewallRules: [{1B9D2262-82AF-4CC1-987D-BE7D8E30FCF8}] => (Allow) C:\Windows\system32\hasplms.exe
FirewallRules: [{B601AC9A-40A3-4E14-88BA-9FED5361435F}] => (Allow) C:\Windows\system32\hasplms.exe
FirewallRules: [{485E424D-2516-4BD3-BA35-24CADE7E25A1}] => (Allow) C:\Windows\system32\hasplms.exe
FirewallRules: [{3996974B-2F63-4F0A-8D8E-9DF97536092D}] => (Allow) C:\Windows\system32\hasplms.exe
FirewallRules: [{BE502E6C-AF34-4A0A-AA9B-51131420BA4B}] => (Allow) C:\Windows\system32\hasplms.exe
FirewallRules: [{55AF4832-2A6B-45C4-9D9E-D2BE7030D903}] => (Allow) C:\Windows\system32\hasplms.exe
FirewallRules: [{FFE576A7-FCD7-4A6F-8F2E-CCAB4D707E26}] => (Allow) C:\Windows\system32\hasplms.exe
FirewallRules: [{62F98FA0-C506-46E0-BF20-CC0B925942DF}] => (Allow) C:\Windows\system32\hasplms.exe
FirewallRules: [{C6E3A07B-5E5E-4B66-9838-9A97AC489A6B}] => (Allow) C:\Windows\system32\hasplms.exe
FirewallRules: [{403BB92B-F965-45A1-B504-1BCBF1238BE9}] => (Allow) C:\Windows\system32\hasplms.exe
FirewallRules: [{8FE83476-0663-4F46-AE71-2BAC8CEEB241}] => (Allow) C:\Windows\system32\hasplms.exe
FirewallRules: [{6AD5D8B5-36F5-41CA-82D3-DD393F75B7B5}] => (Allow) C:\Windows\system32\hasplms.exe
FirewallRules: [{00FE78D9-DCE6-427B-9FC9-8537CA37FDB7}] => (Allow) c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe
FirewallRules: [{1ABAB4AF-0D35-4924-8385-F94A3188D00F}] => (Allow) C:\Windows\system32\hasplms.exe
FirewallRules: [{00B25920-16D3-4AF6-85EF-DD026A8613C0}] => (Allow) LPort=475
FirewallRules: [{05B3D61C-FFA9-4B3F-A942-E686C972C203}] => (Allow) LPort=475
FirewallRules: [{D8E101B1-1D1A-43D6-8D66-96C7B805C0C5}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [{476E0522-45BA-498A-95CC-49649A6B4BAD}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{A864883C-1C32-43FA-AA69-DA71C5DC2585}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{17DE9D5C-B349-4B1D-A532-8B5AB5ED3DA7}] => (Allow) C:\Windows\system32\hasplms.exe
FirewallRules: [{DB7CBC90-FC2B-4ADD-A4BC-EB1C7092AFD5}] => (Allow) C:\CIMCO\CIMCOEdit7\CIMCOEdit.exe
FirewallRules: [{C2B205E1-2822-4CC1-99B6-4A264A7384E7}] => (Allow) C:\CIMCO\CIMCOEdit7\CIMCOEdit.exe
FirewallRules: [{84D47C17-6AF5-4AA4-9807-10D7B6031CEE}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{EE00092B-00A7-40BE-86EB-6DB571E60462}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{D07FB123-3D5A-404D-8337-59833DF892D3}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{63AE9A03-66F2-4C77-9338-DB0A3F7E8CBF}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
DomainProfile\AuthorizedApplications: [C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe] => Enabled:CodeMeter Runtime Server
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe] => Enabled:CodeMeter Runtime Server
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service
==================== Restore Points =========================
18-06-2016 00:00:06 Scheduled Checkpoint
26-06-2016 00:00:06 Scheduled Checkpoint
30-06-2016 13:53:28 Installed NOVO-Kennametal
Check "winmgmt" service or repair WMI.
==================== Faulty Device Manager Devices =============
Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: Intel(R) 82579V Gigabit Network Connection
Description: Intel(R) 82579V Gigabit Network Connection
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel
Service: e1cexpress
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
Error: (07/06/2016 01:13:54 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80004005
Error: (07/06/2016 08:52:20 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mastercam.exe, version: 18.0.18466.0, time stamp: 0x566a747f
Faulting module name: Interfacial28.dll, version: 2015.1.20.0, time stamp: 0x54bf2be5
Exception code: 0xc0000005
Fault offset: 0x0000000000041b56
Faulting process id: 0x860
Faulting application start time: 0xmastercam.exe0
Faulting application path: mastercam.exe1
Faulting module path: mastercam.exe2
Report Id: mastercam.exe3
Error: (07/06/2016 08:52:19 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: mastercam.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: exception code c0000005, exception address 0000000003CC1B56
Error: (07/06/2016 08:49:05 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mastercam.exe, version: 18.0.18466.0, time stamp: 0x566a747f
Faulting module name: Interfacial28.dll, version: 2015.1.20.0, time stamp: 0x54bf2be5
Exception code: 0xc0000005
Fault offset: 0x0000000000041b56
Faulting process id: 0x2a4c
Faulting application start time: 0xmastercam.exe0
Faulting application path: mastercam.exe1
Faulting module path: mastercam.exe2
Report Id: mastercam.exe3
Error: (07/06/2016 08:49:05 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: mastercam.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: exception code c0000005, exception address 0000000003CC1B56
Error: (07/06/2016 08:48:12 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mastercam.exe, version: 18.0.18466.0, time stamp: 0x566a747f
Faulting module name: Interfacial28.dll, version: 2015.1.20.0, time stamp: 0x54bf2be5
Exception code: 0xc0000005
Fault offset: 0x0000000000041b56
Faulting process id: 0x704
Faulting application start time: 0xmastercam.exe0
Faulting application path: mastercam.exe1
Faulting module path: mastercam.exe2
Report Id: mastercam.exe3
Error: (07/06/2016 08:48:11 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: mastercam.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: exception code c0000005, exception address 0000000003CC1B56
Error: (07/06/2016 08:35:50 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mastercam.exe, version: 18.0.18466.0, time stamp: 0x566a747f
Faulting module name: Interfacial28.dll, version: 2015.1.20.0, time stamp: 0x54bf2be5
Exception code: 0xc0000005
Fault offset: 0x0000000000041b56
Faulting process id: 0x2b8c
Faulting application start time: 0xmastercam.exe0
Faulting application path: mastercam.exe1
Faulting module path: mastercam.exe2
Report Id: mastercam.exe3
Error: (07/06/2016 08:35:49 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: mastercam.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: exception code c0000005, exception address 0000000003CC1B56
Error: (07/05/2016 06:21:04 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80004005
System errors:
=============
Error: (07/06/2016 07:50:08 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Windows Connect Now - Config Registrar service terminated with service-specific error %%-2147024662 = More data is available.
.
Error: (07/05/2016 02:10:40 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.223.2916.0
Update Source: %NT AUTHORITY59
Update Stage: 4.6.0305.00
Source Path: 4.6.0305.01
Signature Type: %NT AUTHORITY602
Update Type: %NT AUTHORITY604
User: NT AUTHORITY\SYSTEM
Current Engine Version: %NT AUTHORITY605
Previous Engine Version: %NT AUTHORITY606
Error code: %NT AUTHORITY607
Error description: %NT AUTHORITY608
Error: (07/04/2016 02:10:43 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.223.2916.0
Update Source: %NT AUTHORITY59
Update Stage: 4.6.0305.00
Source Path: 4.6.0305.01
Signature Type: %NT AUTHORITY602
Update Type: %NT AUTHORITY604
User: NT AUTHORITY\SYSTEM
Current Engine Version: %NT AUTHORITY605
Previous Engine Version: %NT AUTHORITY606
Error code: %NT AUTHORITY607
Error description: %NT AUTHORITY608
Error: (07/04/2016 02:10:42 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.223.2916.0
Update Source: %NT AUTHORITY59
Update Stage: 4.6.0305.00
Source Path: 4.6.0305.01
Signature Type: %NT AUTHORITY602
Update Type: %NT AUTHORITY604
User: NT AUTHORITY\SYSTEM
Current Engine Version: %NT AUTHORITY605
Previous Engine Version: %NT AUTHORITY606
Error code: %NT AUTHORITY607
Error description: %NT AUTHORITY608
Error: (07/03/2016 02:10:47 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.223.2916.0
Update Source: %NT AUTHORITY59
Update Stage: 4.6.0305.00
Source Path: 4.6.0305.01
Signature Type: %NT AUTHORITY602
Update Type: %NT AUTHORITY604
User: NT AUTHORITY\SYSTEM
Current Engine Version: %NT AUTHORITY605
Previous Engine Version: %NT AUTHORITY606
Error code: %NT AUTHORITY607
Error description: %NT AUTHORITY608
Error: (07/03/2016 02:10:43 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.223.2916.0
Update Source: %NT AUTHORITY59
Update Stage: 4.6.0305.00
Source Path: 4.6.0305.01
Signature Type: %NT AUTHORITY602
Update Type: %NT AUTHORITY604
User: NT AUTHORITY\SYSTEM
Current Engine Version: %NT AUTHORITY605
Previous Engine Version: %NT AUTHORITY606
Error code: %NT AUTHORITY607
Error description: %NT AUTHORITY608
Error: (07/03/2016 01:52:12 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.223.2916.0
Update Source: %NT AUTHORITY59
Update Stage: 4.6.0305.00
Source Path: 4.6.0305.01
Signature Type: %NT AUTHORITY602
Update Type: %NT AUTHORITY604
User: NT AUTHORITY\SYSTEM
Current Engine Version: %NT AUTHORITY605
Previous Engine Version: %NT AUTHORITY606
Error code: %NT AUTHORITY607
Error description: %NT AUTHORITY608
Error: (07/02/2016 02:10:45 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.223.2916.0
Update Source: %NT AUTHORITY59
Update Stage: 4.6.0305.00
Source Path: 4.6.0305.01
Signature Type: %NT AUTHORITY602
Update Type: %NT AUTHORITY604
User: NT AUTHORITY\SYSTEM
Current Engine Version: %NT AUTHORITY605
Previous Engine Version: %NT AUTHORITY606
Error code: %NT AUTHORITY607
Error description: %NT AUTHORITY608
Error: (07/02/2016 02:10:44 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.223.2916.0
Update Source: %NT AUTHORITY59
Update Stage: 4.6.0305.00
Source Path: 4.6.0305.01
Signature Type: %NT AUTHORITY602
Update Type: %NT AUTHORITY604
User: NT AUTHORITY\SYSTEM
Current Engine Version: %NT AUTHORITY605
Previous Engine Version: %NT AUTHORITY606
Error code: %NT AUTHORITY607
Error description: %NT AUTHORITY608
Error: (07/01/2016 02:10:46 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.223.2916.0
Update Source: %NT AUTHORITY59
Update Stage: 4.6.0305.00
Source Path: 4.6.0305.01
Signature Type: %NT AUTHORITY602
Update Type: %NT AUTHORITY604
User: NT AUTHORITY\SYSTEM
Current Engine Version: %NT AUTHORITY605
Previous Engine Version: %NT AUTHORITY606
Error code: %NT AUTHORITY607
Error description: %NT AUTHORITY608
CodeIntegrity:
===================================
Date: 2015-09-08 08:30:07.795
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.
Date: 2014-10-01 13:55:43.831
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\LMouFilt.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2014-10-01 13:55:43.799
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\LMouFilt.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2014-10-01 13:55:39.351
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\LHidFilt.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2014-10-01 13:55:39.317
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\LHidFilt.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2014-10-01 13:55:39.274
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\LHidFilt.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2014-10-01 13:55:39.242
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\LHidFilt.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2014-10-01 13:55:37.142
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\LHidFilt.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2014-10-01 13:55:37.110
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\LHidFilt.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2014-10-01 13:55:37.069
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\LHidFilt.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i7-2700K CPU @ 3.50GHz
Percentage of memory in use: 31%
Total physical RAM: 16360.81 MB
Available physical RAM: 11145.08 MB
Total Virtual: 42088.8 MB
Available Virtual: 35220.4 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:238.37 GB) (Free:109.39 GB) NTFS
Drive d: (HS-450i) (CDROM) (Total:0.03 GB) (Free:0 GB) CDFS
Drive e: (Backup Drive) (Fixed) (Total:465.76 GB) (Free:343.5 GB) NTFS
Drive f: (Mastercam files) (Fixed) (Total:148.96 GB) (Free:109.13 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 238.5 GB) (Disk ID: CEB70E52)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=238.4 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 465.8 GB) (Disk ID: 295E5F9A)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)
========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 149 GB) (Disk ID: 41AB2316)
Partition 1: (Not Active) - (Size=55 MB) - (Type=DE)
Partition 2: (Not Active) - (Size=149 GB) - (Type=07 NTFS)
==================== End of Addition.txt ============================
aswMBR version 1.0.1.2252 Copyright(c) 2014 AVAST Software
Run date: 2016-07-06 14:15:51
-----------------------------
14:15:51.249 OS Version: Windows x64 6.1.7601 Service Pack 1
14:15:51.249 Number of processors: 8 586 0x2A07
14:15:51.249 ComputerName: PROGRAMMING UserName: Antec-179
14:15:51.762 Initialize success
14:15:51.815 VM: initialized successfully
14:15:51.816 VM: Intel CPU supported
14:16:00.813 VM: supported disk I/O iaStor.sys
14:20:51.157 AVAST engine defs: 16070601
14:22:16.611 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
14:22:16.613 Disk 0 Vendor: OCZ-OCTA 1.13 Size: 244198MB BusType: 3
14:22:16.614 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-2
14:22:16.615 Disk 1 Vendor: ST350041 JC4B Size: 476940MB BusType: 3
14:22:16.617 Disk 2 \Device\Harddisk2\DR2 -> \Device\Ide\IAAStorageDevice-3
14:22:16.619 Disk 2 Vendor: ST316081 4.AD Size: 152587MB BusType: 3
14:22:16.629 VM: Disk 0 MBR read successfully
14:22:16.631 Disk 0 MBR scan
14:22:16.652 Disk 0 Windows 7 default MBR code
14:22:16.655 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
14:22:16.658 Disk 0 default boot code
14:22:16.676 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 244096 MB offset 206848
14:22:16.718 Disk 0 scanning C:\Windows\system32\drivers
14:22:24.215 Service scanning
14:22:42.313 Modules scanning
14:22:42.319 Disk 0 trace - called modules:
14:22:42.323 ntoskrnl.exe CLASSPNP.SYS disk.sys vidsflt.sys iaStor.sys hal.dll
14:22:42.328 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800f8b7790]
14:22:42.331 3 CLASSPNP.SYS[fffff8800216e43f] -> nt!IofCallDriver -> [0xfffffa800f7b9e00]
14:22:42.336 5 vidsflt.sys[fffff88000dc35f1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800cf4b050]
14:22:42.800 AVAST engine scan C:\Windows
14:22:44.931 AVAST engine scan C:\Windows\system32
14:25:28.595 AVAST engine scan C:\Windows\system32\drivers
14:25:40.343 AVAST engine scan C:\Users\Antec-179
14:35:21.307 AVAST engine scan C:\ProgramData
14:44:20.248 Disk 0 statistics 5321785/0/18 @ 6.49 MB/s
14:44:20.251 Scan finished successfully
14:44:54.576 Disk 0 MBR has been saved successfully to "C:\Users\Antec-179\Documents\MBR.dat"
14:44:54.595 The log file has been saved successfully to "C:\Users\Antec-179\Documents\aswMBR.txt"
Thanks.
AdwCleaner
Run as administrator to run the programme.
Scan.
Logfile. A log (AdwCleaner[S1].txt) will open. Briefly check the log for anything you know to be legitimate.
Clean.
Originally Posted by Juliet
.....
