I'm Sorry here are the logs
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 24-06-2015
Ran by kr (administrator) on KR-TU on 26-06-2015 23:27:28
Running from E:\Karl
Loaded Profiles: kr (Available Profiles: kr)
Platform: Microsoft Windows 7 Professional Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 9 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv.exe
(The Within Network, LLC) C:\Windows\UnsignedThemesSvc.exe
(Emsisoft Ltd) C:\Program Files\Emsisoft Anti-Malware\a2service.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(brother Industries Ltd) C:\Windows\System32\BRSVC01A.EXE
(brother Industries Ltd) C:\Windows\System32\BRSS01A.EXE
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AEstSrv.exe
(Atheros) C:\Program Files\Bluetooth Suite\Ath_CoexAgent.exe
(Atheros Commnucations) C:\Program Files\Bluetooth Suite\AdminService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(UJI per a CATCert) C:\Program Files\TU Sofia\Clauer TU Sofia\clos-win.exe
(Fork, Ltd.) C:\Windows\Parse\wpxsvc.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(Joyent, Inc) C:\Windows\Parse\versions\1.3.9\bin\node.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe
(HP) C:\Windows\System32\HPSIsvc.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
(Fork, Ltd.) C:\Windows\Parse\versions\1.3.9\node_modules\triggers\bin\lightevt.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
(VMware, Inc.) C:\Windows\System32\vmnat.exe
(VMware, Inc.) C:\Windows\System32\vmnetdhcp.exe
(VMware, Inc.) C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe
(VMware, Inc.) C:\Program Files\VMware\VMware Player\vmware-authd.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray.exe
(Renesas Electronics Corporation) C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP HotKey Support\QLBController.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Atheros Commnucations) C:\Program Files\Bluetooth Suite\BtvStack.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Atheros Commnucations) C:\Program Files\Bluetooth Suite\AthBtTray.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\avastui.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
(Emsisoft Ltd) C:\Program Files\Emsisoft Anti-Malware\a2guard.exe
(Bernd Dietzel) C:\Program Files\RegRunner2009\RegRunner2009.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jucheck.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(Mozilla Community) C:\Program Files\Light\light.exe
(Mozilla Corporation) C:\Program Files\Light\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe
() C:\Program Files\Sublime Text 3\sublime_text.exe
() C:\Program Files\Sublime Text 3\plugin_host.exe
(OldTimer Tools) E:\Karl\OTL.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2295080 2011-09-16] (Synaptics Incorporated)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray.exe [1138783 2011-05-27] (IDT, Inc.)
HKLM\...\Run: [NUSB3MON] => C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2011-04-14] (Renesas Electronics Corporation)
HKLM\...\Run: [QLBController] => C:\Program Files\Hewlett-Packard\HP HotKey Support\QLBController.exe [323128 2011-07-06] (Hewlett-Packard Company)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2011-01-26] (Intel Corporation)
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [91648 2011-08-19] (IvoSoft)
HKLM\...\Run: [AtherosBtStack] => C:\Program Files\Bluetooth Suite\BtvStack.exe [490656 2011-01-06] (Atheros Commnucations)
HKLM\...\Run: [AthBtTray] => C:\Program Files\Bluetooth Suite\AthBtTray.exe [302240 2011-01-06] (Atheros Commnucations)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-06-08] (Avast Software s.r.o.)
HKLM\...\Run: [Bonus.SSR.FR10] => C:\Program Files\ABBYY FineReader 10\Bonus.ScreenshotReader.exe [941320 2011-06-08] (ABBYY.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [508800 2014-12-17] (Oracle Corporation)
HKLM\...\Run: [SDTray] => C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM\...\Run: [emsisoft anti-malware] => c:\program files\emsisoft anti-malware\a2guard.exe [4923832 2015-05-26] (Emsisoft Ltd)
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
HKU\S-1-5-21-2225793313-3862077144-1271436542-1000\...\MountPoints2: {25e4c922-4f77-11e3-bc0c-005056c00008} - V:\setup.exe
HKU\S-1-5-21-2225793313-3862077144-1271436542-1000\...\MountPoints2: {2e6d915b-0f11-11e3-8518-005056c00008} - V:\setup.exe
HKU\S-1-5-21-2225793313-3862077144-1271436542-1000\...\MountPoints2: {4fcdab4d-bebc-11e2-a474-6431508f4295} - G:\SISetup.exe
HKU\S-1-5-21-2225793313-3862077144-1271436542-1000\...\MountPoints2: {54ec8418-308a-11e1-a0b4-6431508f4295} - V:\autorun.exe
HKU\S-1-5-21-2225793313-3862077144-1271436542-1000\...\MountPoints2: {65a52ec1-7704-11e4-bd13-6431508f4295} - V:\setup.exe
HKU\S-1-5-21-2225793313-3862077144-1271436542-1000\...\MountPoints2: {65a52ec3-7704-11e4-bd13-6431508f4295} - V:\setup.exe
HKU\S-1-5-21-2225793313-3862077144-1271436542-1000\...\MountPoints2: {65a53173-7704-11e4-bd13-6431508f4295} - V:\setup.exe
HKU\S-1-5-21-2225793313-3862077144-1271436542-1000\...\MountPoints2: {6fe581f8-04af-11e2-a761-6431508f4295} - V:\autorun.exe
HKU\S-1-5-21-2225793313-3862077144-1271436542-1000\...\MountPoints2: {7662ae5e-1a97-11e1-8a6c-6431508f4295} - V:\setup.exe
HKU\S-1-5-21-2225793313-3862077144-1271436542-1000\...\MountPoints2: {7fe43070-c24e-11e4-baac-6431508f4295} - V:\xsetup.exe
HKU\S-1-5-21-2225793313-3862077144-1271436542-1000\...\MountPoints2: {8a8acbe0-fd38-11e2-b4d6-6431508f4295} - G:\AutoRun.exe
HKU\S-1-5-21-2225793313-3862077144-1271436542-1000\...\MountPoints2: {8a8acbef-fd38-11e2-b4d6-6431508f4295} - G:\AutoRun.exe
HKU\S-1-5-21-2225793313-3862077144-1271436542-1000\...\MountPoints2: {9137ee0f-3d28-11e2-b0ea-6431508f4295} - V:\setup.exe
HKU\S-1-5-21-2225793313-3862077144-1271436542-1000\...\MountPoints2: {91a54dc9-a0d5-11e2-a45c-6431508f4295} - V:\xsetup.exe
HKU\S-1-5-21-2225793313-3862077144-1271436542-1000\...\MountPoints2: {930304f0-e4e9-11e0-8bda-6431508f4295} - V:\SETUP.EXE
HKU\S-1-5-21-2225793313-3862077144-1271436542-1000\...\MountPoints2: {998084ee-f338-11e4-8b7b-6431508f4295} - V:\setup.exe
HKU\S-1-5-21-2225793313-3862077144-1271436542-1000\...\MountPoints2: {99808506-f338-11e4-8b7b-6431508f4295} - V:\setup.exe
HKU\S-1-5-21-2225793313-3862077144-1271436542-1000\...\MountPoints2: {a28e8d9f-d6c8-11e4-8b8a-6431508f4295} - V:\SETUP.EXE
HKU\S-1-5-21-2225793313-3862077144-1271436542-1000\...\MountPoints2: {a4197659-fa24-11e4-b9a3-6431508f4295} - V:\setup.exe
HKU\S-1-5-21-2225793313-3862077144-1271436542-1000\...\MountPoints2: {ac528ccc-f1c3-11e2-a727-6431508f4295} - D:\iLinker.exe
HKU\S-1-5-21-2225793313-3862077144-1271436542-1000\...\MountPoints2: {b440b8bb-5048-11e2-af36-6431508f4295} - V:\Setup.exe
HKU\S-1-5-21-2225793313-3862077144-1271436542-1000\...\MountPoints2: {c259561b-c376-11e2-9847-6431508f4295} - V:\setup.exe
HKU\S-1-5-21-2225793313-3862077144-1271436542-1000\...\MountPoints2: {ccd70df1-e930-11e2-b415-6431508f4295} - G:\SISetup.exe
HKU\S-1-5-21-2225793313-3862077144-1271436542-1000\...\MountPoints2: {d29c65c9-37b7-11e2-a392-6431508f4295} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL V:\setup.hta
HKU\S-1-5-21-2225793313-3862077144-1271436542-1000\...\MountPoints2: {da1c84ec-c5b5-11e4-8acb-6431508f4295} - V:\xsetup.exe
HKU\S-1-5-21-2225793313-3862077144-1271436542-1000\...\MountPoints2: {dd09288b-c636-11e4-b21c-6431508f4295} - V:\xsetup.exe
HKU\S-1-5-21-2225793313-3862077144-1271436542-1000\...\MountPoints2: {e48558bc-5042-11e2-a4d7-6431508f4295} - V:\Setup.exe
HKU\S-1-5-21-2225793313-3862077144-1271436542-1000\...\MountPoints2: {e48558d2-5042-11e2-a4d7-6431508f4295} - V:\Setup.exe
HKU\S-1-5-21-2225793313-3862077144-1271436542-1000\...\MountPoints2: {ed5ec56c-1579-11e3-b794-005056c00008} - V:\setup.exe
HKU\S-1-5-21-2225793313-3862077144-1271436542-1000\...\MountPoints2: {f187db14-f96f-11e4-ad06-6431508f4295} - V:\setup.exe
HKU\S-1-5-21-2225793313-3862077144-1271436542-1000\...\MountPoints2: {fab4b713-c652-11e3-8ee8-005056c00008} - V:\Setup.exe
HKU\S-1-5-21-2225793313-3862077144-1271436542-1000\...\MountPoints2: {fe3dd526-fb09-11e4-817e-6431508f4295} - V:\setup.exe
HKU\S-1-5-21-2225793313-3862077144-1271436542-1000\...\MountPoints2: {fe3dd5db-fb09-11e4-817e-6431508f4295} - V:\setup.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RegRunner2009.lnk [2011-09-21]
ShortcutTarget: RegRunner2009.lnk -> C:\Program Files\RegRunner2009\RegRunner2009.exe (Bernd Dietzel)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2015-04-23] (Avast Software s.r.o.)
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll [2011-08-19] (IvoSoft)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-2225793313-3862077144-1271436542-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2225793313-3862077144-1271436542-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache =
http://www.msn.com/?ocid=iehp
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2012-10-01] (Microsoft Corporation)
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2011-08-19] (IvoSoft)
BHO: Citavi Picker -> {609D670F-B735-4da7-AC6D-F3BD358E325E} -> C:\Windows\system32\mscoree.dll [2010-11-21] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll [2015-01-21] (Oracle Corporation)
BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files\Bluetooth Suite\IEPlugIn.dll [2011-01-06] (Atheros Commnucations)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-04-23] (Avast Software s.r.o.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-21] (Oracle Corporation)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2011-08-19] (IvoSoft)
Toolbar: HKU\S-1-5-21-2225793313-3862077144-1271436542-1000 -> No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C}
https://akamaicdn.webex.com/client/WBXclient-T27L10NSP32EP15-15155/event/ieatgpc1.cab
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2012-10-01] (Microsoft Corporation)
Winsock: Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 141.44.1.9 141.44.1.1
FireFox:
========
FF ProfilePath: C:\Users\kr\AppData\Roaming\Mozilla\Firefox\Profiles\nyxn901s.default
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-06-23] ()
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-21] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-21] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll [2011-10-24] (Microsoft Corporation)
FF Plugin: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2012-10-01] (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll [2012-01-11] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=1.1.11 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2011-07-14] (the VideoLAN Team)
FF Plugin: @wolfram.com/Mathematica -> C:\Program Files\Common Files\Wolfram Research\Browser\9.0.1.4055459\npmathplugin.dll [2013-01-24] (Wolfram Research, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2012-10-01] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Users\kr\AppData\Roaming\mozilla\plugins\npatgpc.dll [2013-08-14] (Cisco WebEx LLC)
FF Extension: German Dictionary (de-DE), classical spelling standards - C:\Users\kr\AppData\Roaming\Mozilla\Firefox\Profiles\nyxn901s.default\Extensions\
alterechtschreibung@googlemail.com [2015-06-22]
FF Extension: Bulgarian Dictionary - C:\Users\kr\AppData\Roaming\Mozilla\Firefox\Profiles\nyxn901s.default\Extensions\
bg-BG@dictionaries.addons.mozilla.org [2015-06-22]
FF Extension: United States English Spellchecker - C:\Users\kr\AppData\Roaming\Mozilla\Firefox\Profiles\nyxn901s.default\Extensions\
en-US@dictionaries.addons.mozilla.org [2015-06-22]
FF Extension: Element Hiding Helper for Adblock Plus - C:\Users\kr\AppData\Roaming\Mozilla\Firefox\Profiles\nyxn901s.default\Extensions\
elemhidehelper@adblockplus.org.xpi [2015-06-21]
FF Extension: Firebug - C:\Users\kr\AppData\Roaming\Mozilla\Firefox\Profiles\nyxn901s.default\Extensions\
firebug@software.joehewitt.com.xpi [2015-06-21]
FF Extension: Ghostery - C:\Users\kr\AppData\Roaming\Mozilla\Firefox\Profiles\nyxn901s.default\Extensions\
firefox@ghostery.com.xpi [2015-06-21]
FF Extension: Forecastfox (fix version) - C:\Users\kr\AppData\Roaming\Mozilla\Firefox\Profiles\nyxn901s.default\Extensions\forecastfox@s3_fix_version.xpi [2015-06-21]
FF Extension: Self-Destructing Cookies - C:\Users\kr\AppData\Roaming\Mozilla\Firefox\Profiles\nyxn901s.default\Extensions\
jid0-9XfBwUWnvPx4wWsfBWMCm4Jj69E@jetpack.xpi [2015-06-21]
FF Extension: Deutsch (DE) Language Pack - C:\Users\kr\AppData\Roaming\Mozilla\Firefox\Profiles\nyxn901s.default\Extensions\
langpack-de@firefox.mozilla.org.xpi [2015-06-22]
FF Extension: English (US) Language Pack - C:\Users\kr\AppData\Roaming\Mozilla\Firefox\Profiles\nyxn901s.default\Extensions\
langpack-en-US@firefox.mozilla.org.xpi [2015-06-22]
FF Extension: searchOnTab - C:\Users\kr\AppData\Roaming\Mozilla\Firefox\Profiles\nyxn901s.default\Extensions\
searchontab@sogame.cat.xpi [2015-06-21]
FF Extension: Flagfox - C:\Users\kr\AppData\Roaming\Mozilla\Firefox\Profiles\nyxn901s.default\Extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}.xpi [2015-06-21]
FF Extension: HttpFox - C:\Users\kr\AppData\Roaming\Mozilla\Firefox\Profiles\nyxn901s.default\Extensions\{4093c4de-454a-4329-8aff-c6b0b123c386}.xpi [2015-06-21]
FF Extension: Adblock Plus - C:\Users\kr\AppData\Roaming\Mozilla\Firefox\Profiles\nyxn901s.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-06-21]
FF Extension: BetterPrivacy - C:\Users\kr\AppData\Roaming\Mozilla\Firefox\Profiles\nyxn901s.default\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2015-06-21]
FF Extension: Greasemonkey - C:\Users\kr\AppData\Roaming\Mozilla\Firefox\Profiles\nyxn901s.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2015-06-24]
FF HKLM\...\Firefox\Extensions: [
wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2011-09-26]
FF HKLM\...\Firefox\Extensions: [{8AA36F4F-6DC7-4c06-77AF-5035170634FE}] - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox
FF Extension: Citavi Picker - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox [2014-06-26]
Chrome:
=======
CHR Profile: C:\Users\kr\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (No Name) - C:\Users\kr\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-06-16]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-04-23]
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 a2AntiMalware; C:\Program Files\Emsisoft Anti-Malware\a2service.exe [5155576 2015-05-26] (Emsisoft Ltd)
R2 Atheros Bt&Wlan Coex Agent; C:\Program Files\Bluetooth Suite\Ath_CoexAgent.exe [138400 2011-01-06] (Atheros) [File not signed]
R2 AtherosSvc; C:\Program Files\Bluetooth Suite\adminservice.exe [56480 2011-01-06] (Atheros Commnucations) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-04-23] (Avast Software s.r.o.)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [3207800 2015-04-23] (Avast Software)
R2 Brother XP spl Service; C:\Windows\system32\brsvc01a.exe [57344 2002-04-12] (brother Industries Ltd) [File not signed]
R2 CLOS; C:\Program Files\TU Sofia\Clauer TU Sofia\clos-win.exe [98304 2011-01-26] (UJI per a CATCert) [File not signed]
R2 CronService; C:\Windows\Parse\wpxsvc.exe [611854 2015-06-08] (Fork, Ltd.) [File not signed]
S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [1044816 2014-10-24] (Flexera Software, Inc.)
R2 hpHotkeyMonitor; C:\Program Files\Hewlett-Packard\HP Hotkey Support\HpHotkeyMonitor.exe [1698360 2011-07-06] (Hewlett-Packard Company)
S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [45568 2014-11-17] (Hewlett-Packard) [File not signed]
S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [55808 2014-11-17] (Hewlett-Packard) [File not signed]
R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S4 SolidWorks Licensing Service; C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe [79360 2014-10-24] (SolidWorks) [File not signed]
R2 STacSV; C:\Program Files\IDT\WDM\STacSV.exe [282709 2011-05-27] (IDT, Inc.)
R2 UnsignedThemes; C:\Windows\UnsignedThemesSvc.exe [21096 2009-07-13] (The Within Network, LLC)
R2 VMAuthdService; C:\Program Files\VMware\VMware Player\vmware-authd.exe [87120 2013-02-26] (VMware, Inc.)
R2 VMnetDHCP; C:\Windows\system32\vmnetdhcp.exe [357456 2013-02-26] (VMware, Inc.)
R2 VMUSBArbService; C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe [721048 2012-10-11] (VMware, Inc.)
R2 VMware NAT Service; C:\Windows\system32\vmnat.exe [436304 2013-02-26] (VMware, Inc.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-14] (Microsoft Corporation)
S3 CoordinatorServiceHost; "C:\Program Files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe" [X]
S3 rpcapd; "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 AlteraUSBBlaster; C:\Windows\System32\drivers\usbblstr.sys [58960 2010-06-27] (FTDI Ltd.)
S3 andnetadb; C:\Windows\System32\Drivers\lgandnetadb.sys [25856 2012-03-07] (Google Inc)
S3 AndNetDiag; C:\Windows\System32\DRIVERS\lgandnetdiag.sys [23040 2012-03-06] (LG Electronics Inc.)
S3 ANDNetModem; C:\Windows\System32\DRIVERS\lgandnetmodem.sys [27776 2012-03-06] (LG Electronics Inc.)
S3 andnetndis; C:\Windows\System32\DRIVERS\lgandnetndis.sys [73728 2012-03-06] (LG Electronics Inc.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24144 2015-04-23] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [74976 2015-04-23] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81728 2015-04-23] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49904 2015-04-23] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [787760 2015-04-23] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427992 2015-04-23] (Avast Software s.r.o.)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [106912 2015-04-23] (Avast Software s.r.o.)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [209048 2015-04-23] ()
S3 AthBTPort; C:\Windows\System32\DRIVERS\btath_flt.sys [34976 2011-01-06] (Atheros)
R3 BazisVirtualCDBus; C:\Windows\System32\DRIVERS\BazisVirtualCDBus.sys [98400 2010-10-28] (SysProgs.org)
S3 BTATH_A2DP; C:\Windows\System32\drivers\btath_a2dp.sys [258720 2011-01-06] (Atheros)
R3 BTATH_BUS; C:\Windows\System32\DRIVERS\btath_bus.sys [24736 2011-01-06] (Atheros)
S3 BTATH_HCRP; C:\Windows\System32\DRIVERS\btath_hcrp.sys [175776 2011-01-06] (Atheros)
S3 BTATH_LWFLT; C:\Windows\System32\DRIVERS\btath_lwflt.sys [49312 2011-01-06] (Atheros)
S3 BTATH_RCP; C:\Windows\System32\DRIVERS\btath_rcp.sys [141088 2011-01-06] (Atheros)
S3 Btcsrusb; C:\Windows\System32\Drivers\btcusb.sys [39184 2007-03-05] (IVT Corporation.)
S3 BtFilter; C:\Windows\System32\DRIVERS\btfilter.sys [241824 2011-01-06] (Atheros)
R0 BtHidBus; C:\Windows\System32\Drivers\BtHidBus.sys [21600 2011-12-21] (IVT Corporation.)
R3 debutfilter; C:\Windows\System32\DRIVERS\debutfilterx86.sys [43088 2013-08-15] ()
R1 epp32; C:\Windows\System32\DRIVERS\epp32.sys [111368 2015-03-24] (Emsisoft GmbH)
S3 FTDIBUS; C:\Windows\System32\drivers\ftdibus.sys [77808 2015-01-23] (FTDI Ltd.)
R2 hcmon; C:\Windows\system32\drivers\hcmon.sys [41496 2012-10-11] (VMware, Inc.)
S3 HPEWSFXBULK; C:\Windows\System32\drivers\hpfxbulk.sys [17432 2009-02-25] (Hewlett Packard)
S2 ISMPUSBFilter; C:\Windows\System32\DRIVERS\ISMPUSBFilter.sys [16384 2012-12-04] (Innostor Technology Corporation) [File not signed]
S3 IvtAudioBusSrv; C:\Windows\System32\Drivers\IvtBtBus.sys [23288 2012-12-24] (IVT Corporation.)
S3 IvtPanBusSrv; C:\Windows\System32\Drivers\btnetBus.sys [27256 2012-12-24] (IVT Corporation.)
R3 MEI; C:\Windows\System32\DRIVERS\HECI.sys [41088 2010-10-19] (Intel Corporation)
S3 MYFAULT; C:\Windows\system32\drivers\myfault.sys [10760 2012-04-07] (Sysinternals) [File not signed]
R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.)
R3 nusb3hub; C:\Windows\System32\DRIVERS\nusb3hub.sys [69504 2011-06-10] (Renesas Electronics Corporation)
R3 nusb3xhc; C:\Windows\System32\DRIVERS\nusb3xhc.sys [161664 2011-06-10] (Renesas Electronics Corporation)
S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [15688 2013-09-30] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [10320 2013-09-30] ()
S3 stdriver; C:\Windows\System32\DRIVERS\stdriver32.sys [52312 2011-11-11] (NCH Software)
S3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [35288 2013-08-22] (The OpenVPN Project)
S3 teamviewervpn; C:\Windows\System32\DRIVERS\teamviewervpn.sys [25088 2013-10-17] (TeamViewer GmbH)
R2 TVicPort; C:\Windows\system32\Drivers\TVicPort.sys [14544 2005-03-30] (EnTech Taiwan) [File not signed]
S3 USB18PRG; C:\Windows\System32\Drivers\USB18PRG.sys [46152 2009-11-17] (mikroElektronika)
R2 uxpatch; C:\Windows\system32\drivers\uxpatch.sys [25448 2009-07-13] ()
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [220752 2015-04-23] (Avast Software)
R3 vmkbd; C:\Windows\system32\drivers\VMkbd.sys [26064 2013-02-26] (VMware, Inc.)
S3 VMnetAdapter; C:\Windows\System32\DRIVERS\vmnetadapter.sys [16664 2013-02-26] (VMware, Inc.)
R2 VMnetBridge; C:\Windows\System32\DRIVERS\vmnetbridge.sys [37016 2013-02-26] (VMware, Inc.)
R2 VMnetuserif; C:\Windows\system32\drivers\vmnetuserif.sys [26192 2013-02-26] (VMware, Inc.)
S3 vmusb; C:\Windows\System32\Drivers\vmusb.sys [31280 2012-10-11] (VMware, Inc.)
R2 vmx86; C:\Windows\system32\Drivers\vmx86.sys [62416 2013-02-26] (VMware, Inc.)
R3 vpcbus; C:\Windows\System32\DRIVERS\vpchbus.sys [172416 2010-11-20] (Microsoft Corporation)
R1 vpcnfltr; C:\Windows\System32\DRIVERS\vpcnfltr.sys [48128 2010-11-20] (Microsoft Corporation)
R3 vpcusb; C:\Windows\System32\DRIVERS\vpcusb.sys [78336 2010-11-20] (Microsoft Corporation)
S3 vpcuxd; C:\Windows\System32\DRIVERS\vpcuxd.sys [12800 2010-11-20] (Microsoft Corporation)
R1 vpcvmm; C:\Windows\System32\drivers\vpcvmm.sys [296064 2010-11-20] (Microsoft Corporation)
R0 vsock; C:\Windows\System32\drivers\vsock.sys [61464 2012-10-24] (VMware, Inc.)
R3 WinDriver6; C:\Windows\System32\drivers\windrvr6.sys [195968 2011-02-04] (Jungo)
S3 XilinxFirmwareEmbeddedLpLoader; C:\Windows\System32\Drivers\xusb_emb.sys [17408 2011-02-04] (Xilinx, Inc.)
S3 XilinxFirmwarePusb2Loader; C:\Windows\System32\Drivers\xusb_xp2.sys [17920 2011-02-04] (Xilinx, Inc.)
R2 XilinxPC4Driver; C:\Windows\System32\drivers\xpc4drvr.sys [16000 2011-02-04] (Xilinx, Inc.) [File not signed]
S3 BT; system32\DRIVERS\btnetdrv.sys [X]
S3 BTCOM; system32\DRIVERS\btcomport.sys [X]
S3 ewusbmbb; system32\DRIVERS\ewusbwwan.sys [X]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
S3 IvtComBusSrv; System32\Drivers\btcombus.sys [X]
S3 pccsmcfd; system32\DRIVERS\pccsmcfd.sys [X]
S3 SMIGrabber3E; System32\Drivers\SmiUsbGrabber3E.sys [X]
U3 aswMBR; \??\C:\Users\kr\AppData\Local\Temp\aswMBR.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-06-26 20:45 - 2015-06-26 20:45 - 00010070 _____ C:\Windows\DPINST.LOG
2015-06-25 21:15 - 2015-06-25 21:15 - 00001031 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-06-25 21:15 - 2015-06-25 21:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
2015-06-25 21:14 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-06-25 21:13 - 2015-06-25 21:15 - 00000000 ____D C:\Users\kr\AppData\Roaming\Malwarebytes
2015-06-25 21:13 - 2015-06-25 21:15 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2015-06-25 20:35 - 2015-06-26 10:04 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-06-24 13:32 - 2015-06-24 13:32 - 00002254 _____ C:\EamClean.log
2015-06-24 13:29 - 2015-06-24 13:29 - 00000000 ____D C:\ProgramData\Emsisoft
2015-06-24 13:20 - 2015-06-24 13:20 - 00001013 _____ C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
2015-06-24 13:20 - 2015-06-24 13:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware
2015-06-24 13:19 - 2015-06-26 22:47 - 00000000 ____D C:\Program Files\Emsisoft Anti-Malware
2015-06-24 13:19 - 2015-03-24 00:17 - 00111368 _____ (Emsisoft GmbH) C:\Windows\system32\Drivers\epp32.sys
2015-06-24 13:11 - 2015-06-24 13:11 - 00140424 _____ C:\Users\kr\AppData\Local\GDIPFONTCACHEV1.DAT
2015-06-24 13:01 - 2015-06-24 13:04 - 00000000 ____D C:\AdwCleaner
2015-06-24 10:18 - 2015-06-26 23:27 - 00000000 ____D C:\FRST
2015-06-24 07:46 - 2015-06-26 10:03 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-06-23 22:37 - 2015-06-25 20:35 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-06-23 21:23 - 2015-06-23 21:23 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-06-23 21:23 - 2015-06-23 21:23 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-06-23 21:11 - 2015-06-23 21:12 - 00000217 _____ C:\Users\kr\AppData\Local\Citavi Picker Internet Explorer Protocol.txt
2015-06-23 15:00 - 2012-04-07 19:34 - 00010760 _____ (Sysinternals) C:\Windows\system32\Drivers\myfault.sys
2015-06-22 11:00 - 2015-06-22 11:00 - 00000000 ____D C:\Users\kr\Downloads\New folder
2015-06-21 15:55 - 2015-06-21 15:55 - 00001081 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-06-21 15:55 - 2015-06-21 15:55 - 00001069 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-06-21 15:55 - 2015-06-21 15:55 - 00000000 ____D C:\ProgramData\Mozilla
2015-06-21 15:55 - 2015-06-21 15:55 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2015-06-20 18:18 - 2009-06-11 00:39 - 00000824 _____ C:\Windows\system32\Drivers\etc\hosts.20150620-181829.backup
2015-06-20 18:08 - 2015-06-20 18:08 - 00000000 ____D C:\Users\kr\Documents\ProcAlyzer Dumps
2015-06-20 18:01 - 2015-06-20 18:01 - 00000000 ____D C:\Users\kr\AppData\Roaming\Wireshark
2015-06-20 17:52 - 2015-06-20 17:53 - 00000000 ____D C:\Program Files\Wireshark
2015-06-20 17:52 - 2015-06-20 17:52 - 00001694 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wireshark.lnk
2015-06-20 17:52 - 2015-06-20 17:52 - 00001682 _____ C:\Users\Public\Desktop\Wireshark.lnk
2015-06-20 17:52 - 2015-06-20 17:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPcap
2015-06-20 17:49 - 2015-06-21 08:01 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2015-06-20 17:49 - 2015-06-20 17:54 - 00000000 ____D C:\Program Files\Spybot - Search & Destroy 2
2015-06-20 17:49 - 2015-06-20 17:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2015-06-20 17:49 - 2015-06-20 17:49 - 00002095 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2015-06-20 17:49 - 2015-06-20 17:49 - 00002083 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2015-06-20 17:49 - 2013-09-20 10:49 - 00018968 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean.exe
2015-06-19 07:07 - 2015-06-26 10:02 - 00000728 _____ C:\Windows\setupact.log
2015-06-19 07:07 - 2015-06-19 07:07 - 00000000 _____ C:\Windows\setuperr.log
2015-06-19 07:06 - 2015-06-26 10:02 - 00004636 _____ C:\Windows\PFRO.log
2015-06-18 11:39 - 2015-06-18 11:39 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2015-06-18 09:48 - 2015-06-26 19:07 - 00000600 _____ C:\Users\kr\AppData\Local\PUTTY.RND
2015-06-17 11:42 - 2015-06-17 11:42 - 00000218 _____ C:\Users\kr\.recently-used.xbel
2015-06-16 18:44 - 2015-06-26 19:07 - 00000000 ____D C:\Users\kr\AppData\Roaming\FileZilla
2015-06-16 18:43 - 2015-06-16 18:43 - 00001910 _____ C:\Users\kr\Desktop\FileZilla Client.lnk
2015-06-16 18:43 - 2015-06-16 18:43 - 00000000 ____D C:\Users\kr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
2015-06-16 18:43 - 2015-06-16 18:43 - 00000000 ____D C:\Program Files\FileZilla FTP Client
2015-06-16 18:41 - 2015-06-16 18:40 - 06228864 _____ (Tim Kosse) C:\Users\kr\Downloads\FileZilla_3.11.0.2_win32-setup.exe
2015-06-16 13:46 - 2015-06-16 13:46 - 00000000 ____D C:\Users\kr\AppData\Local\TeamViewer
2015-06-16 13:44 - 2015-06-23 14:18 - 00000496 _____ C:\Windows\system32\TeamViewer10_Hooks.log
2015-06-16 13:44 - 2015-06-23 14:17 - 00000889 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 10.lnk
2015-06-16 13:44 - 2015-06-23 14:17 - 00000877 _____ C:\Users\Public\Desktop\TeamViewer 10.lnk
2015-06-16 10:22 - 2015-06-16 10:22 - 00000000 ____D C:\Users\kr\Tracing
2015-06-16 08:02 - 2015-06-23 21:13 - 00000000 ____D C:\Program Files\Google
2015-06-16 08:02 - 2015-06-16 08:03 - 00000000 ____D C:\Users\kr\AppData\Local\Google
2015-06-09 09:54 - 2015-06-23 18:35 - 00000000 ____D C:\Program Files\OpenVPN
2015-06-08 12:10 - 2015-06-08 12:10 - 00000000 ____D C:\Windows\Prey
2015-06-08 12:10 - 2015-06-08 12:10 - 00000000 ____D C:\Windows\Parse
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-06-26 22:54 - 2012-11-27 10:36 - 00061440 ___SH C:\Users\kr\Thumbs.db
2015-06-26 22:51 - 2014-01-12 12:29 - 00000097 _____ C:\Users\kr\.asadminpass
2015-06-26 22:39 - 2011-09-21 16:39 - 00000000 ____D C:\Users\kr
2015-06-26 22:19 - 2011-10-25 14:57 - 00000000 ____D C:\Users\kr\AppData\Roaming\Skype
2015-06-26 20:36 - 2015-03-08 18:31 - 00000000 ____D C:\Windows\pss
2015-06-26 19:59 - 2011-09-26 09:33 - 00000000 ____D C:\Users\kr\.smplayer
2015-06-26 19:36 - 2014-02-06 15:51 - 02048295 _____ C:\Windows\WindowsUpdate.log
2015-06-26 17:24 - 2011-09-22 08:48 - 00000035 _____ C:\Users\Public\Documents\AtherosServiceConfig.ini
2015-06-26 13:52 - 2011-10-25 15:06 - 00000000 ____D C:\Users\kr\AppData\Roaming\Macromedia
2015-06-26 13:28 - 2011-12-06 10:33 - 00000000 ____D C:\Users\kr\AppData\Local\CrashDumps
2015-06-26 13:10 - 2015-05-15 21:09 - 00000540 _____ C:\Windows\Tasks\MATLAB R2014a Startup Accelerator.job
2015-06-26 10:11 - 2009-07-14 07:34 - 00022208 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-06-26 10:11 - 2009-07-14 07:34 - 00022208 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-06-26 10:04 - 2013-08-16 11:03 - 00000000 ____D C:\ProgramData\VMware
2015-06-25 20:19 - 2012-05-24 12:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Altera
2015-06-25 16:31 - 2015-03-08 19:28 - 00007614 _____ C:\Users\kr\AppData\Local\Resmon.ResmonCfg
2015-06-24 11:01 - 2011-11-29 17:59 - 00000000 ____D C:\Users\kr\Documents\MATLAB
2015-06-23 15:05 - 2014-01-25 16:53 - 00000000 ____D C:\Users\kr\AppData\Roaming\TeamViewer
2015-06-23 14:18 - 2014-01-25 16:47 - 00000000 ____D C:\Program Files\TeamViewer
2015-06-22 17:10 - 2011-09-21 16:52 - 00000000 ____D C:\Users\kr\AppData\Roaming\hpqLog
2015-06-21 22:42 - 2011-09-26 09:31 - 00000000 ____D C:\Users\kr\AppData\Roaming\vlc
2015-06-21 15:55 - 2014-04-11 10:39 - 00000000 ____D C:\Program Files\Mozilla Firefox
2015-06-21 15:55 - 2012-03-23 19:49 - 00000000 ____D C:\Users\kr\AppData\Local\Mozilla
2015-06-21 11:08 - 2013-02-28 13:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Altera 12.1 Build 177
2015-06-20 17:52 - 2013-04-09 09:31 - 00000000 ____D C:\Program Files\WinPcap
2015-06-19 07:13 - 2013-10-22 11:30 - 00000000 ____D C:\Users\kr\AppData\Local\Adobe
2015-06-19 07:06 - 2009-07-14 07:33 - 00523704 _____ C:\Windows\system32\FNTCACHE.DAT
2015-06-18 17:02 - 2010-11-21 00:01 - 00784668 _____ C:\Windows\system32\PerfStringBackup.INI
2015-06-17 11:43 - 2011-09-26 13:05 - 00000000 ____D C:\Users\kr\.gconfd
2015-06-17 11:42 - 2011-09-26 13:05 - 00000000 ____D C:\Users\kr\AppData\Roaming\gedit
2015-06-17 11:42 - 2011-09-26 13:05 - 00000000 ____D C:\Users\kr\.gconf
2015-06-16 19:22 - 2011-09-22 08:33 - 00000000 ____D C:\Program Files\Pale Moon
2015-06-16 10:21 - 2014-10-24 12:31 - 00000000 ___RD C:\Program Files\Skype
2015-06-16 10:21 - 2011-10-25 14:56 - 00000000 ____D C:\ProgramData\Skype
2015-06-08 12:05 - 2013-03-18 18:02 - 00000029 _____ C:\Windows\system32\TempWmicBatchFile.bat
==================== Files in the root of some directories =======
2012-03-30 18:38 - 2007-11-20 10:26 - 0000060 ____R () C:\Program Files\BRINST.INI
2013-02-20 14:54 - 2013-02-20 14:54 - 0000039 _____ () C:\Users\kr\AppData\Roaming\Camdata.ini
2013-02-20 14:54 - 2013-02-20 14:54 - 0000408 _____ () C:\Users\kr\AppData\Roaming\CamLayout.ini
2013-02-20 14:54 - 2013-02-20 14:54 - 0000408 _____ () C:\Users\kr\AppData\Roaming\CamShapes.ini
2013-02-20 14:54 - 2013-02-20 14:54 - 0004510 _____ () C:\Users\kr\AppData\Roaming\CamStudio.cfg
2015-06-23 21:11 - 2015-06-23 21:12 - 0000217 _____ () C:\Users\kr\AppData\Local\Citavi Picker Internet Explorer Protocol.txt
2011-09-28 08:43 - 2013-07-27 13:15 - 0007680 _____ () C:\Users\kr\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-03-09 18:02 - 2014-03-09 18:02 - 0004096 ____H () C:\Users\kr\AppData\Local\keyfile3.drm
2015-06-18 09:48 - 2015-06-26 19:07 - 0000600 _____ () C:\Users\kr\AppData\Local\PUTTY.RND
2015-04-02 19:02 - 2015-04-02 19:02 - 0004998 _____ () C:\Users\kr\AppData\Local\recently-used.xbel
2015-03-08 19:28 - 2015-06-25 16:31 - 0007614 _____ () C:\Users\kr\AppData\Local\Resmon.ResmonCfg
Files to move or delete:
====================
C:\Users\kr\comcat5sa.dll
Some files in TEMP:
====================
C:\Users\kr\AppData\Local\Temp\Quarantine.exe
C:\Users\kr\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-06-23 11:52
==================== End of log ============================